AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
master
v8/test/fuzzer/wasm-code.cc
Clemens Backes 5a50750651 [wasm] Switch wasm-async fuzzer to Liftoff for reference 
The fuzzers based on {WasmExecutionFuzzer} (wasm-code, wasm-compile)
were already switched over in https://crrev.com/c/4042288.
The wasm-async and wasm fuzzers were still testing against the
interpreter, even though WasmGC opcodes are enabled, which leads to
crashes due to incomplete interpreter support.

This CL now switches those remaining fuzzers to "liftoff as reference"
mode, and removes support for testing against the interpreter.

As Liftoff code runs a lot faster than the interpreter, we bump the
limit for the number of executed instructions from 16k to 1M.

R=jkummerow@chromium.org

Bug: chromium:1387316, chromium:1393379, v8:13496
Change-Id: Id3e6177cc89b49e69d03515f10eedaf0872bde82
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4078983
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84644}
2022-12-05 12:53:03 +00:00

39 lines
1.2 KiB
C++
Raw Permalink Blame History

// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <stddef.h>
#include <stdint.h>
#include "src/execution/isolate.h"
#include "src/wasm/wasm-module-builder.h"
#include "test/common/wasm/test-signatures.h"
#include "test/fuzzer/wasm-fuzzer-common.h"
namespace v8::internal::wasm::fuzzer {
class WasmCodeFuzzer : public WasmExecutionFuzzer {
bool GenerateModule(Isolate* isolate, Zone* zone,
base::Vector<const uint8_t> data,
ZoneBuffer* buffer) override {
TestSignatures sigs;
WasmModuleBuilder builder(zone);
WasmFunctionBuilder* f = builder.AddFunction(sigs.i_iii());
f->EmitCode(data.begin(), static_cast<uint32_t>(data.size()));
uint8_t end_opcode = kExprEnd;
f->EmitCode(&end_opcode, 1);
builder.AddExport(base::CStrVector("main"), f);
builder.SetMaxMemorySize(32);
builder.WriteTo(buffer);
return true;
}
};
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
WasmCodeFuzzer().FuzzWasmModule({data, size});
return 0;
}
} // namespace v8::internal::wasm::fuzzer
Reference in New Issue View Git Blame Copy Permalink