[fuzzer] Add struct.get operation to fuzzed module

We add support for struct.get operation to the fuzzed module. struct_get alternative is added to Generators (i32, i64, f32, f64). Bug: v8:11954 Change-Id: I85c03bb6ba896bff399eb1382fa42b0795ef65ed Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3081613 Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Rakhim Khismet <khismet@google.com> Cr-Commit-Position: refs/heads/master@{#76191}
2021-08-10 08:48:39 +00:00 · 2021-08-10 08:48:39 +00:00 · fcaf0a3eda
commit fcaf0a3eda
parent 8b87e36e43
1 changed files with 39 additions and 4 deletions
--- a/test/fuzzer/wasm-compile.cc
+++ b/test/fuzzer/wasm-compile.cc
@ -794,6 +794,33 @@ class WasmGenerator {
    ref_null(type, data);
  }

+  template <ValueKind wanted_kind>
+  void struct_get(DataRange* data) {
+    WasmModuleBuilder* builder = builder_->builder();
+    int num_types = builder->NumTypes();
+    ZoneVector<uint32_t> field_index(builder->zone());
+    ZoneVector<uint32_t> struct_index(builder->zone());
+    for (int i = 0; i < num_types; i++) {
+      if (builder->IsStructType(i)) {
+        int field_count = builder->GetStructType(i)->field_count();
+        for (int index = 0; index < field_count; index++) {
+          if (builder->GetStructType(i)->field(index).kind() == wanted_kind) {
+            field_index.push_back(index);
+            struct_index.push_back(i);
+          }
+        }
+      }
+    }
+    if (field_index.empty()) {
+      Generate<wanted_kind>(data);
+      return;
+    }
+    int index = data->get<uint8_t>() % static_cast<int>(field_index.size());
+    GenerateOptRef(HeapType(struct_index[index]), data);
+    builder_->EmitWithPrefix(kExprStructGet);
+    builder_->EmitU32V(struct_index[index]);
+    builder_->EmitU32V(field_index[index]);
+  }
  using GenerateFn = void (WasmGenerator::*const)(DataRange*);
  using GenerateFnWithHeap = void (WasmGenerator::*const)(HeapType, DataRange*);

@ -1101,7 +1128,9 @@ void WasmGenerator::Generate<kI32>(DataRange* data) {

      &WasmGenerator::call<kI32>,
      &WasmGenerator::call_indirect<kI32>,
-      &WasmGenerator::try_block<kI32>};
+      &WasmGenerator::try_block<kI32>,
+
+      &WasmGenerator::struct_get<kI32>};

  GenerateOneOf(alternatives, data);
 }
@ -1215,7 +1244,9 @@ void WasmGenerator::Generate<kI64>(DataRange* data) {

      &WasmGenerator::call<kI64>,
      &WasmGenerator::call_indirect<kI64>,
-      &WasmGenerator::try_block<kI64>};
+      &WasmGenerator::try_block<kI64>,
+
+      &WasmGenerator::struct_get<kI64>};

  GenerateOneOf(alternatives, data);
 }
@ -1272,7 +1303,9 @@ void WasmGenerator::Generate<kF32>(DataRange* data) {

      &WasmGenerator::call<kF32>,
      &WasmGenerator::call_indirect<kF32>,
-      &WasmGenerator::try_block<kF32>};
+      &WasmGenerator::try_block<kF32>,
+
+      &WasmGenerator::struct_get<kF32>};

  GenerateOneOf(alternatives, data);
 }
@ -1329,7 +1362,9 @@ void WasmGenerator::Generate<kF64>(DataRange* data) {

      &WasmGenerator::call<kF64>,
      &WasmGenerator::call_indirect<kF64>,
-      &WasmGenerator::try_block<kF64>};
+      &WasmGenerator::try_block<kF64>,
+
+      &WasmGenerator::struct_get<kF64>};

  GenerateOneOf(alternatives, data);
 }