[foozzie] Always include all typed-array mocks

Due to https://crbug.com/1195263, large typed arrays can have an
observable difference on the same architecture, depending on
optimization behavior.

For differential fuzzing comparisons, we previously used a proxy
for typed arrays that capped the maximum size only when comparing
different architectures - there an observable difference is WAI.

We move the capping code and make it arch-independent for now until
the bug above gets fixed, since it caused too many duplicates, which
degrade fuzzing performance.

Bug: chromium:1195263
Change-Id: Ic81c383e547413378cbe037de3c38eb900a9e5dc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3866173
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82860}

test/mjsunit/tools/foozzie_archs.js → test/mjsunit/tools/foozzie_typed_arrays.js

@@ -4,9 +4,8 @@
 
 // Flags: --allow-natives-syntax
 // Files: tools/clusterfuzz/foozzie/v8_mock.js
-// Files: tools/clusterfuzz/foozzie/v8_mock_archs.js
 
-// Test foozzie architecture-specific mocks for differential fuzzing.
+// Test foozzie typed-array-specific mocks for differential fuzzing.
 
 // Max typed array length is mocked and restricted to 1MiB buffer.
 const maxBytes = 1048576;

tools/clusterfuzz/foozzie/v8_mock.js

@@ -167,6 +167,86 @@ Object.defineProperty(
   };
 })();
 
+// Mock maximum typed-array buffer and limit to 1MiB. Otherwise we might
+// get range errors. We ignore those by crashing, but that reduces coverage,
+// hence, let's reduce the range-error rate.
+(function() {
+  // Math.min might be manipulated in test cases.
+  const min = Math.min;
+  const maxBytes = 1048576;
+  const mock = function(type) {
+    const maxLength = maxBytes / (type.BYTES_PER_ELEMENT || 1);
+    const handler = {
+      construct: function(target, args) {
+        if (args[0] && typeof args[0] != "object") {
+          // Length used as first argument.
+          args[0] = min(maxLength, Number(args[0]));
+        } else if (args[0] instanceof ArrayBuffer && args.length > 1) {
+          // Buffer used as first argument.
+          const buffer = args[0];
+          args[1] = Number(args[1]);
+          // Ensure offset is multiple of bytes per element.
+          args[1] = args[1] - (args[1] % type.BYTES_PER_ELEMENT);
+          // Limit offset to length of buffer.
+          args[1] = min(args[1], buffer.byteLength || 0);
+          if (args.length > 2) {
+            // If also length is given, limit it to the maximum that's possible
+            // given buffer and offset.
+            const maxBytesLeft = buffer.byteLength - args[1];
+            const maxLengthLeft = maxBytesLeft / type.BYTES_PER_ELEMENT;
+            args[2] = min(Number(args[2]), maxLengthLeft);
+          }
+        }
+        return new (Function.prototype.bind.apply(type, [null].concat(args)));
+      },
+    };
+    return new Proxy(type, handler);
+  }
+
+  ArrayBuffer = mock(ArrayBuffer);
+  SharedArrayBuffer = mock(SharedArrayBuffer);
+  Int8Array = mock(Int8Array);
+  Uint8Array = mock(Uint8Array);
+  Uint8ClampedArray = mock(Uint8ClampedArray);
+  Int16Array = mock(Int16Array);
+  Uint16Array = mock(Uint16Array);
+  Int32Array = mock(Int32Array);
+  Uint32Array = mock(Uint32Array);
+  BigInt64Array = mock(BigInt64Array);
+  BigUint64Array = mock(BigUint64Array);
+  Float32Array = mock(Float32Array);
+  Float64Array = mock(Float64Array);
+})();
+
+// Mock typed array set function and cap offset to not throw a range error.
+(function() {
+  // Math.min might be manipulated in test cases.
+  const min = Math.min;
+  const types = [
+    Int8Array,
+    Uint8Array,
+    Uint8ClampedArray,
+    Int16Array,
+    Uint16Array,
+    Int32Array,
+    Uint32Array,
+    BigInt64Array,
+    BigUint64Array,
+    Float32Array,
+    Float64Array,
+  ];
+  for (const type of types) {
+    const set = type.prototype.set;
+    type.prototype.set = function(array, offset) {
+      if (Array.isArray(array)) {
+        offset = Number(offset);
+        offset = min(offset, this.length - array.length);
+      }
+      set.call(this, array, offset);
+    };
+  }
+})();
+
 // Mock Worker.
 (function() {
   let index = 0;

tools/clusterfuzz/foozzie/v8_mock_archs.js

@@ -9,83 +9,3 @@
 // for the general case.
 // This file is loaded before each correctness test cases and won't get
 // minimized.
-
-// Mock maximum typed-array buffer and limit to 1MiB. Otherwise we might
-// get range errors. We ignore those by crashing, but that reduces coverage,
-// hence, let's reduce the range-error rate.
-(function() {
-  // Math.min might be manipulated in test cases.
-  const min = Math.min;
-  const maxBytes = 1048576;
-  const mock = function(type) {
-    const maxLength = maxBytes / (type.BYTES_PER_ELEMENT || 1);
-    const handler = {
-      construct: function(target, args) {
-        if (args[0] && typeof args[0] != "object") {
-          // Length used as first argument.
-          args[0] = min(maxLength, Number(args[0]));
-        } else if (args[0] instanceof ArrayBuffer && args.length > 1) {
-          // Buffer used as first argument.
-          const buffer = args[0];
-          args[1] = Number(args[1]);
-          // Ensure offset is multiple of bytes per element.
-          args[1] = args[1] - (args[1] % type.BYTES_PER_ELEMENT);
-          // Limit offset to length of buffer.
-          args[1] = min(args[1], buffer.byteLength || 0);
-          if (args.length > 2) {
-            // If also length is given, limit it to the maximum that's possible
-            // given buffer and offset.
-            const maxBytesLeft = buffer.byteLength - args[1];
-            const maxLengthLeft = maxBytesLeft / type.BYTES_PER_ELEMENT;
-            args[2] = min(Number(args[2]), maxLengthLeft);
-          }
-        }
-        return new (Function.prototype.bind.apply(type, [null].concat(args)));
-      },
-    };
-    return new Proxy(type, handler);
-  }
-
-  ArrayBuffer = mock(ArrayBuffer);
-  SharedArrayBuffer = mock(SharedArrayBuffer);
-  Int8Array = mock(Int8Array);
-  Uint8Array = mock(Uint8Array);
-  Uint8ClampedArray = mock(Uint8ClampedArray);
-  Int16Array = mock(Int16Array);
-  Uint16Array = mock(Uint16Array);
-  Int32Array = mock(Int32Array);
-  Uint32Array = mock(Uint32Array);
-  BigInt64Array = mock(BigInt64Array);
-  BigUint64Array = mock(BigUint64Array);
-  Float32Array = mock(Float32Array);
-  Float64Array = mock(Float64Array);
-})();
-
-// Mock typed array set function and cap offset to not throw a range error.
-(function() {
-  // Math.min might be manipulated in test cases.
-  const min = Math.min;
-  const types = [
-    Int8Array,
-    Uint8Array,
-    Uint8ClampedArray,
-    Int16Array,
-    Uint16Array,
-    Int32Array,
-    Uint32Array,
-    BigInt64Array,
-    BigUint64Array,
-    Float32Array,
-    Float64Array,
-  ];
-  for (const type of types) {
-    const set = type.prototype.set;
-    type.prototype.set = function(array, offset) {
-      if (Array.isArray(array)) {
-        offset = Number(offset);
-        offset = min(offset, this.length - array.length);
-      }
-      set.call(this, array, offset);
-    };
-  }
-})();