Commit 273b2d26 authored by Maria Tîmbur's avatar Maria Tîmbur Committed by V8 LUCI CQ

[fuzzer] Add i31ref operations

We add support for i31.new, i31.get_u and i31.get_s to the fuzzed module.

Bug: v8:11954
Change-Id: Ic6cdb5ced1b56507083d91e5c0c7f21d59a18acf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3218980Reviewed-by: 's avatarThibaud Michaud <thibaudm@chromium.org>
Reviewed-by: 's avatarManos Koukoutos <manoskouk@chromium.org>
Commit-Queue: Maria Tîmbur <mtimbur@google.com>
Cr-Commit-Position: refs/heads/main@{#77354}
parent 55e523a4
......@@ -106,14 +106,21 @@ bool DataRange::get() {
ValueType GetValueType(DataRange* data, bool liftoff_as_reference,
uint32_t num_types, bool include_packed_types = false) {
constexpr ValueType types[] = {
kWasmI8, kWasmI16,
kWasmI32, kWasmI64,
kWasmF32, kWasmF64,
kWasmS128, kWasmExternRef,
kWasmFuncRef, kWasmEqRef,
kWasmAnyRef, ValueType::Ref(HeapType(HeapType::kData), kNullable)};
constexpr int kLiftoffOnlyTypeCount = 3; // at the end of {types}.
kWasmI8,
kWasmI16,
kWasmI32,
kWasmI64,
kWasmF32,
kWasmF64,
kWasmS128,
kWasmExternRef,
kWasmFuncRef,
kWasmEqRef,
ValueType::Ref(HeapType(HeapType::kI31), kNullable),
kWasmAnyRef,
ValueType::Ref(HeapType(HeapType::kData), kNullable)};
constexpr int kLiftoffOnlyTypeCount = 4; // at the end of {types}.
constexpr int kPackedOnlyTypeCount = 2; // at the begining of {types}.
if (liftoff_as_reference) {
......@@ -1000,6 +1007,20 @@ class WasmGenerator {
}
}
void i31_get(DataRange* data) {
if (!liftoff_as_reference_) {
Generate(kWasmI32, data);
return;
}
GenerateOptRef(HeapType(HeapType::kI31), data);
builder_->Emit(kExprRefAsNonNull);
if (data->get<bool>()) {
builder_->EmitWithPrefix(kExprI31GetS);
} else {
builder_->EmitWithPrefix(kExprI31GetU);
}
}
void array_len(DataRange* data) {
if (num_arrays_ > 1) {
int array_index = (data->get<uint8_t>() % num_arrays_) + num_structs_;
......@@ -1451,6 +1472,8 @@ void WasmGenerator::Generate<kI32>(DataRange* data) {
&WasmGenerator::call_ref<kI32>,
&WasmGenerator::try_block<kI32>,
&WasmGenerator::i31_get,
&WasmGenerator::struct_get<kI32>,
&WasmGenerator::array_get<kI32>,
&WasmGenerator::array_len,
......@@ -1991,9 +2014,8 @@ void WasmGenerator::GenerateOptRef(HeapType type, DataRange* data) {
// default case.
case HeapType::kAny: {
// Weighed according to the types in the module.
// TODO(11954): Generate i31ref.
uint32_t num_types = builder_->builder()->NumTypes();
uint8_t random = data->get<uint8_t>() % (num_types + 2);
uint8_t random = data->get<uint8_t>() % (num_types + 3);
if (random < num_structs_ + num_arrays_) {
GenerateOptRef(HeapType(HeapType::kData), data);
return;
......@@ -2003,6 +2025,9 @@ void WasmGenerator::GenerateOptRef(HeapType type, DataRange* data) {
} else if (random == num_types) {
GenerateOptRef(HeapType(HeapType::kExtern), data);
return;
} else if (random == num_types + 1) {
GenerateOptRef(HeapType(HeapType::kI31), data);
return;
}
// Else fall back to the default case outside the switch.
break;
......@@ -2028,7 +2053,15 @@ void WasmGenerator::GenerateOptRef(HeapType type, DataRange* data) {
// Else fall back to the default case outside the switch.
break;
}
// TODO(11954): Add i31ref case.
case HeapType::kI31: {
if (data->get<bool>()) {
Generate(kWasmI32, data);
builder_->EmitWithPrefix(kExprI31New);
return;
}
// Else fall back to the default case outside the switch.
break;
}
default:
break;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment