[fuzzer] Add struct type and array type to fuzzed module

We add a struct type and array type to the fuzzed module. Since the interpreter does not support wasm-gc, we only do so if liftoff is used as a reference implementation. Also, adding liftoff parameter to all GenerateModule definitions. Bug: v8:11954 Change-Id: Ia8d2d7a8e1e12d375605f15d1393dd64f426607d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024160Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Rakhim Khismet <khismet@google.com> Cr-Commit-Position: refs/heads/master@{#75782}

[fuzzer] Add struct type and array type to fuzzed module
We add a struct type and array type to the fuzzed module. Since the interpreter does not support wasm-gc, we only do so if liftoff is used as a reference implementation. Also, adding liftoff parameter to all GenerateModule definitions. Bug: v8:11954 Change-Id: Ia8d2d7a8e1e12d375605f15d1393dd64f426607d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3024160Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Rakhim Khismet <khismet@google.com> Cr-Commit-Position: refs/heads/master@{#75782}
26d10556 · Rakhim Khismet · V8 LUCI CQ · abf45258 · 26d10556 · 26d10556
Commit 26d10556 authored Jul 16, 2021 by Rakhim Khismet Committed by V8 LUCI CQ Jul 19, 2021
4 changed files
--- a/test/fuzzer/wasm-code.cc
+++ b/test/fuzzer/wasm-code.cc
@@ -19,8 +19,8 @@ namespace fuzzer {
 class WasmCodeFuzzer : public WasmExecutionFuzzer {
  bool GenerateModule(Isolate* isolate, Zone* zone,
-                      base::Vector<const uint8_t> data,
+                      base::Vector<const uint8_t> data, ZoneBuffer* buffer,
-                      ZoneBuffer* buffer) override {
+                      bool liftoff_as_reference) override {
    TestSignatures sigs;
    WasmModuleBuilder builder(zone);
    WasmFunctionBuilder* f = builder.AddFunction(sigs.i_iii());

--- a/test/fuzzer/wasm-compile.cc
+++ b/test/fuzzer/wasm-compile.cc
@@ -1632,8 +1632,8 @@ FunctionSig* GenerateSig(Zone* zone, DataRange* data, SigKind sig_kind) {
 class WasmCompileFuzzer : public WasmExecutionFuzzer {
  bool GenerateModule(Isolate* isolate, Zone* zone,
-                      base::Vector<const uint8_t> data,
+                      base::Vector<const uint8_t> data, ZoneBuffer* buffer,
-                      ZoneBuffer* buffer) override {
+                      bool liftoff_as_reference) override {
    TestSignatures sigs;
    WasmModuleBuilder builder(zone);
@@ -1693,12 +1693,28 @@ class WasmCompileFuzzer : public WasmExecutionFuzzer {
    for (int i = 0; i < num_functions; ++i) {
      builder.SetIndirectFunction(i, i);
    }
+    if (liftoff_as_reference) {
+      uint32_t count = 4;
+      StructType::Builder struct_builder(zone, count);
+      struct_builder.AddField(kWasmI32, false);
+      struct_builder.AddField(kWasmI64, false);
+      struct_builder.AddField(kWasmF32, false);
+      struct_builder.AddField(kWasmF64, false);
+      StructType* struct_fuz = struct_builder.Build();
+      builder.AddStructType(struct_fuz);
+      ArrayType* array_fuzI32 = zone->New<ArrayType>(kWasmI32, true);
+      ArrayType* array_fuzI64 = zone->New<ArrayType>(kWasmI64, true);
+      ArrayType* array_fuzF32 = zone->New<ArrayType>(kWasmF32, true);
+      ArrayType* array_fuzF64 = zone->New<ArrayType>(kWasmF64, true);
+      builder.AddArrayType(array_fuzI32);
+      builder.AddArrayType(array_fuzI64);
+      builder.AddArrayType(array_fuzF32);
+      builder.AddArrayType(array_fuzF64);
+    }
    builder.SetMaxMemorySize(32);
    // We enable shared memory to be able to test atomics.
    builder.SetHasSharedMemory();
    builder.WriteTo(buffer);
    return true;
  }
 };

--- a/test/fuzzer/wasm-fuzzer-common.cc
+++ b/test/fuzzer/wasm-fuzzer-common.cc
@@ -521,7 +521,7 @@ void WasmExecutionFuzzer::FuzzWasmModule(base::Vector<const uint8_t> data,
  bool liftoff_as_reference = false;
 #endif
  if (!data.empty()) data += 1;
-  if (!GenerateModule(i_isolate, &zone, data, &buffer)) {
+  if (!GenerateModule(i_isolate, &zone, data, &buffer, liftoff_as_reference)) {
    return;
  }

--- a/test/fuzzer/wasm-fuzzer-common.h
+++ b/test/fuzzer/wasm-fuzzer-common.h
@@ -48,7 +48,8 @@ class WasmExecutionFuzzer {
 protected:
  virtual bool GenerateModule(Isolate* isolate, Zone* zone,
                              base::Vector<const uint8_t> data,
-                              ZoneBuffer* buffer) = 0;
+                              ZoneBuffer* buffer,
+                              bool liftoff_as_reference) = 0;
 };
 }  // namespace fuzzer