[wasm][fuzzer] Fix BigInt parameters

The fuzzers were calling the compiled function without passing explicit arguments. Thus all arguments were converted from the "undefined" value, which typically results in a zero value, as expected. For BigInt though, it's not allowed to pass "undefined". We have to pass a proper BigInt. This CL implements this by passing explicit parameter values for all parameters. This effectively unlocks testing BigInt parameters in all fuzzers, thus may increase coverage and find new bugs. R=ahaas@chromium.org Bug: chromium:1120355 Change-Id: I4e451d2418eb73d460fa937d1cf95a1ab6c99cf5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377945 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69570}

[wasm][fuzzer] Fix BigInt parameters
The fuzzers were calling the compiled function without passing explicit arguments. Thus all arguments were converted from the "undefined" value, which typically results in a zero value, as expected. For BigInt though, it's not allowed to pass "undefined". We have to pass a proper BigInt. This CL implements this by passing explicit parameter values for all parameters. This effectively unlocks testing BigInt parameters in all fuzzers, thus may increase coverage and find new bugs. R=ahaas@chromium.org Bug: chromium:1120355 Change-Id: I4e451d2418eb73d460fa937d1cf95a1ab6c99cf5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2377945 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#69570}
2d78b3a7 · Clemens Backes · Commit Bot · 1ffb6008 · 2d78b3a7 · 2d78b3a7
Commit 2d78b3a7 authored Aug 26, 2020 by Clemens Backes Committed by Commit Bot Aug 26, 2020
4 changed files
--- a/src/objects/bigint.h
+++ b/src/objects/bigint.h
@@ -203,7 +203,8 @@ class BigInt : public BigIntBase {
  static MaybeHandle<BigInt> AsUintN(Isolate* isolate, uint64_t n,
                                     Handle<BigInt> x);

-  static Handle<BigInt> FromInt64(Isolate* isolate, int64_t n);
+  V8_EXPORT_PRIVATE static Handle<BigInt> FromInt64(Isolate* isolate,
+                                                    int64_t n);
  static Handle<BigInt> FromUint64(Isolate* isolate, uint64_t n);
  static MaybeHandle<BigInt> FromWords64(Isolate* isolate, int sign_bit,
                                         int words64_count,

--- a/test/common/wasm/wasm-module-runner.cc
+++ b/test/common/wasm/wasm-module-runner.cc
@@ -41,12 +41,11 @@ MaybeHandle<WasmInstanceObject> CompileAndInstantiateForTesting(
      isolate, thrower, module.ToHandleChecked(), {}, {});
 }

-std::unique_ptr<WasmValue[]> MakeDefaultArguments(Isolate* isolate,
-                                                  const FunctionSig* sig) {
+OwnedVector<WasmValue> MakeDefaultInterpreterArguments(Isolate* isolate,
+                                                       const FunctionSig* sig) {
  size_t param_count = sig->parameter_count();
-  auto arguments = std::make_unique<WasmValue[]>(param_count);
+  auto arguments = OwnedVector<WasmValue>::New(param_count);

-  // Fill the parameters up with default values.
  for (size_t i = 0; i < param_count; ++i) {
    switch (sig->GetParam(i).kind()) {
      case ValueType::kI32:
@@ -79,6 +78,38 @@ std::unique_ptr<WasmValue[]> MakeDefaultArguments(Isolate* isolate,
  return arguments;
 }

+OwnedVector<Handle<Object>> MakeDefaultArguments(Isolate* isolate,
+                                                 const FunctionSig* sig) {
+  size_t param_count = sig->parameter_count();
+  auto arguments = OwnedVector<Handle<Object>>::New(param_count);
+
+  for (size_t i = 0; i < param_count; ++i) {
+    switch (sig->GetParam(i).kind()) {
+      case ValueType::kI32:
+      case ValueType::kF32:
+      case ValueType::kF64:
+        arguments[i] = handle(Smi::zero(), isolate);
+        break;
+      case ValueType::kI64:
+        arguments[i] = BigInt::FromInt64(isolate, 0);
+        break;
+      case ValueType::kOptRef:
+        arguments[i] = isolate->factory()->null_value();
+        break;
+      case ValueType::kRef:
+      case ValueType::kRtt:
+      case ValueType::kI8:
+      case ValueType::kI16:
+      case ValueType::kStmt:
+      case ValueType::kBottom:
+      case ValueType::kS128:
+        UNREACHABLE();
+    }
+  }
+
+  return arguments;
+}
+
 int32_t CompileAndRunWasmModule(Isolate* isolate, const byte* module_start,
                                const byte* module_end) {
  HandleScope scope(isolate);

--- a/test/common/wasm/wasm-module-runner.h
+++ b/test/common/wasm/wasm-module-runner.h
@@ -99,9 +99,17 @@ WasmInterpretationResult InterpretWasmModule(
    Isolate* isolate, Handle<WasmInstanceObject> instance,
    int32_t function_index, WasmValue* args);

-// Generate an array of default arguments for the given signature.
-std::unique_ptr<WasmValue[]> MakeDefaultArguments(Isolate* isolate,
-                                                  const FunctionSig* sig);
+// Generate an array of default arguments for the given signature, to be used in
+// the interpreter.
+OwnedVector<WasmValue> MakeDefaultInterpreterArguments(Isolate* isolate,
+                                                       const FunctionSig* sig);
+
+// Generate an array of default arguments for the given signature, to be used
+// when calling compiled code. Make sure that the arguments match the ones
+// returned by {MakeDefaultInterpreterArguments}, otherwise fuzzers will report
+// differences between interpreter and compiled code.
+OwnedVector<Handle<Object>> MakeDefaultArguments(Isolate* isolate,
+                                                 const FunctionSig* sig);

 // Install function map, module symbol for testing
 void SetupIsolateForWasmModule(Isolate* isolate);

--- a/test/fuzzer/wasm-fuzzer-common.cc
+++ b/test/fuzzer/wasm-fuzzer-common.cc
@@ -55,13 +55,14 @@ void InterpretAndExecuteModule(i::Isolate* isolate,
    return;
  }

-  std::unique_ptr<WasmValue[]> arguments =
-      testing::MakeDefaultArguments(isolate, main_function->sig());
+  OwnedVector<WasmValue> arguments =
+      testing::MakeDefaultInterpreterArguments(isolate, main_function->sig());

  // Now interpret.
  testing::WasmInterpretationResult interpreter_result =
-      testing::InterpretWasmModule(
-          isolate, instance, main_function->function_index(), arguments.get());
+      testing::InterpretWasmModule(isolate, instance,
+                                   main_function->function_index(),
+                                   arguments.begin());
  if (interpreter_result.failed()) return;

  // The WebAssembly spec allows the sign bit of NaN to be non-deterministic.
@@ -82,9 +83,13 @@ void InterpretAndExecuteModule(i::Isolate* isolate,
              .ToHandle(&instance));
  }

+  OwnedVector<Handle<Object>> compiled_args =
+      testing::MakeDefaultArguments(isolate, main_function->sig());
+
  bool exception = false;
  int32_t result_compiled = testing::CallWasmFunctionForTesting(
-      isolate, instance, "main", 0, nullptr, &exception);
+      isolate, instance, "main", static_cast<int>(compiled_args.size()),
+      compiled_args.begin(), &exception);
  if (interpreter_result.trapped() != exception) {
    const char* exception_text[] = {"no exception", "exception"};
    FATAL("interpreter: %s; compiled: %s",