[wasm] Remove non-const reference args from fuzzers

R=ahaas@chromium.org Bug: v8:9429, v8:9396 Change-Id: Ie6119ff58fdf48612d81fe0616986a4da95135d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690836Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62569}

[wasm] Remove non-const reference args from fuzzers
R=ahaas@chromium.org Bug: v8:9429, v8:9396 Change-Id: Ie6119ff58fdf48612d81fe0616986a4da95135d2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690836Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#62569}
4c9d52e1 · Clemens Hammacher · Commit Bot · edd383fb · 4c9d52e1 · 4c9d52e1
Commit 4c9d52e1 authored Jul 08, 2019 by Clemens Hammacher Committed by Commit Bot Jul 08, 2019
5 changed files
--- a/test/fuzzer/multi-return.cc
+++ b/test/fuzzer/multi-return.cc
@@ -85,33 +85,31 @@ MachineType RandomType(InputProvider* input) {

 int index(MachineType type) { return static_cast<int>(type.representation()); }

-Node* Constant(RawMachineAssembler& m,  // NOLINT(runtime/references)
-               MachineType type, int value) {
+Node* Constant(RawMachineAssembler* m, MachineType type, int value) {
  switch (type.representation()) {
    case MachineRepresentation::kWord32:
-      return m.Int32Constant(static_cast<int32_t>(value));
+      return m->Int32Constant(static_cast<int32_t>(value));
    case MachineRepresentation::kWord64:
-      return m.Int64Constant(static_cast<int64_t>(value));
+      return m->Int64Constant(static_cast<int64_t>(value));
    case MachineRepresentation::kFloat32:
-      return m.Float32Constant(static_cast<float>(value));
+      return m->Float32Constant(static_cast<float>(value));
    case MachineRepresentation::kFloat64:
-      return m.Float64Constant(static_cast<double>(value));
+      return m->Float64Constant(static_cast<double>(value));
    default:
      UNREACHABLE();
  }
 }

-Node* ToInt32(RawMachineAssembler& m,  // NOLINT(runtime/references)
-              MachineType type, Node* a) {
+Node* ToInt32(RawMachineAssembler* m, MachineType type, Node* a) {
  switch (type.representation()) {
    case MachineRepresentation::kWord32:
      return a;
    case MachineRepresentation::kWord64:
-      return m.TruncateInt64ToInt32(a);
+      return m->TruncateInt64ToInt32(a);
    case MachineRepresentation::kFloat32:
-      return m.TruncateFloat32ToInt32(a);
+      return m->TruncateFloat32ToInt32(a);
    case MachineRepresentation::kFloat64:
-      return m.RoundFloat64ToInt32(a);
+      return m->RoundFloat64ToInt32(a);
    default:
      UNREACHABLE();
  }
@@ -224,7 +222,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
    MachineType type = desc->GetReturnType(i);
    // Find a random same-type parameter to return. Use a constant if none.
    if (counts[index(type)] == 0) {
-      returns[i] = Constant(callee, type, 42);
+      returns[i] = Constant(&callee, type, 42);
      outputs[i] = 42;
    } else {
      int n = input.NextInt32(counts[index(type)]);
@@ -266,18 +264,18 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  // WasmContext dummy.
  params[1] = caller.PointerConstant(nullptr);
  for (size_t i = 0; i < param_count; ++i) {
-    params[i + 2] = Constant(caller, desc->GetParameterType(i + 1), inputs[i]);
+    params[i + 2] = Constant(&caller, desc->GetParameterType(i + 1), inputs[i]);
  }
  Node* call = caller.AddNode(caller.common()->Call(desc),
                              static_cast<int>(param_count + 2), params.get());
-  Node* ret = Constant(caller, MachineType::Int32(), 0);
+  Node* ret = Constant(&caller, MachineType::Int32(), 0);
  for (size_t i = 0; i < desc->ReturnCount(); ++i) {
    // Skip roughly one third of the outputs.
    if (input.NextInt8(3) == 0) continue;
    Node* ret_i = (desc->ReturnCount() == 1)
                      ? call
                      : caller.AddNode(caller.common()->Projection(i), call);
-    ret = caller.Int32Add(ret, ToInt32(caller, desc->GetReturnType(i), ret_i));
+    ret = caller.Int32Add(ret, ToInt32(&caller, desc->GetReturnType(i), ret_i));
    expect += outputs[i];
  }
  caller.Return(ret);

--- a/test/fuzzer/wasm-code.cc
+++ b/test/fuzzer/wasm-code.cc
@@ -21,9 +21,9 @@ namespace fuzzer {
 class WasmCodeFuzzer : public WasmExecutionFuzzer {
  bool GenerateModule(
      Isolate* isolate, Zone* zone, Vector<const uint8_t> data,
-      ZoneBuffer& buffer, int32_t& num_args,
-      std::unique_ptr<WasmValue[]>& interpreter_args,
-      std::unique_ptr<Handle<Object>[]>& compiler_args) override {
+      ZoneBuffer* buffer, int32_t* num_args,
+      std::unique_ptr<WasmValue[]>* interpreter_args,
+      std::unique_ptr<Handle<Object>[]>* compiler_args) override {
    TestSignatures sigs;
    WasmModuleBuilder builder(zone);
    WasmFunctionBuilder* f = builder.AddFunction(sigs.i_iii());
@@ -33,14 +33,15 @@ class WasmCodeFuzzer : public WasmExecutionFuzzer {
    builder.AddExport(CStrVector("main"), f);

    builder.SetMaxMemorySize(32);
-    builder.WriteTo(&buffer);
-    num_args = 3;
-    interpreter_args.reset(
+    builder.WriteTo(buffer);
+    *num_args = 3;
+    interpreter_args->reset(
        new WasmValue[3]{WasmValue(1), WasmValue(2), WasmValue(3)});

-    compiler_args.reset(new Handle<Object>[3]{
-        handle(Smi::FromInt(1), isolate), handle(Smi::FromInt(2), isolate),
-        handle(Smi::FromInt(3), isolate)});
+    compiler_args->reset(new Handle<Object>[3] {
+      handle(Smi::FromInt(1), isolate), handle(Smi::FromInt(2), isolate),
+          handle(Smi::FromInt(3), isolate)
+    });
    return true;
  }
 };

--- a/test/fuzzer/wasm-compile.cc
+++ b/test/fuzzer/wasm-compile.cc
--- a/test/fuzzer/wasm-fuzzer-common.cc
+++ b/test/fuzzer/wasm-fuzzer-common.cc
@@ -278,8 +278,8 @@ void WasmExecutionFuzzer::FuzzWasmModule(Vector<const uint8_t> data,
  // compiled with Turbofan and which one with Liftoff.
  uint8_t tier_mask = data.empty() ? 0 : data[0];
  if (!data.empty()) data += 1;
-  if (!GenerateModule(i_isolate, &zone, data, buffer, num_args,
-                      interpreter_args, compiler_args)) {
+  if (!GenerateModule(i_isolate, &zone, data, &buffer, &num_args,
+                      &interpreter_args, &compiler_args)) {
    return;
  }


--- a/test/fuzzer/wasm-fuzzer-common.h
+++ b/test/fuzzer/wasm-fuzzer-common.h
@@ -37,12 +37,9 @@ class WasmExecutionFuzzer {
 protected:
  virtual bool GenerateModule(
      Isolate* isolate, Zone* zone, Vector<const uint8_t> data,
-      ZoneBuffer& buffer,  // NOLINT(runtime/references)
-      int32_t& num_args,   // NOLINT(runtime/references)
-      std::unique_ptr<WasmValue[]>&
-          interpreter_args,  // NOLINT(runtime/references)
-      std::unique_ptr<Handle<Object>[]>&
-          compiler_args) = 0;  // NOLINT(runtime/references)
+      ZoneBuffer* buffer, int32_t* num_args,
+      std::unique_ptr<WasmValue[]>* interpreter_args,
+      std::unique_ptr<Handle<Object>[]>* compiler_args) = 0;
 };

 }  // namespace fuzzer