[wasm] wasm-fuzzer: Add ability to generate test case

Other fuzzers already have this ability. This CL adds it to the fuzzer. The input has to be valid bytes, otherwise we cannot generate the text representation. R=titzer@chromium.org CC=gdeepti@chromium.org Change-Id: If1ba8accc707bee3b042e93f4201949f0233c90e Reviewed-on: https://chromium-review.googlesource.com/1109794 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#53926}

[wasm] wasm-fuzzer: Add ability to generate test case
Other fuzzers already have this ability. This CL adds it to the fuzzer. The input has to be valid bytes, otherwise we cannot generate the text representation. R=titzer@chromium.org CC=gdeepti@chromium.org Change-Id: If1ba8accc707bee3b042e93f4201949f0233c90e Reviewed-on: https://chromium-review.googlesource.com/1109794 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#53926}
77e4b2de · Clemens Hammacher · Commit Bot · ea2f33c6 · 77e4b2de · 77e4b2de
Commit 77e4b2de authored Jun 21, 2018 by Clemens Hammacher Committed by Commit Bot Jun 21, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 5 deletions

wasm-fuzzer-common.cc test/fuzzer/wasm-fuzzer-common.cc +1 -1

wasm-fuzzer-common.h test/fuzzer/wasm-fuzzer-common.h +3 -0

wasm.cc test/fuzzer/wasm.cc +10 -4

No files found.
--- a/test/fuzzer/wasm-fuzzer-common.cc
+++ b/test/fuzzer/wasm-fuzzer-common.cc
@@ -144,6 +144,7 @@ struct PrintName {
 std::ostream& operator<<(std::ostream& os, const PrintName& name) {
  return os.write(name.name.start(), name.name.size());
 }
+}  // namespace

 void GenerateTestCase(Isolate* isolate, ModuleWireBytes wire_bytes,
                      bool compiles) {
@@ -236,7 +237,6 @@ void GenerateTestCase(Isolate* isolate, ModuleWireBytes wire_bytes,
  }
  os << "})();\n";
 }
-}  // namespace

 int WasmExecutionFuzzer::FuzzWasmModule(const uint8_t* data, size_t size,
                                        bool require_valid) {

--- a/test/fuzzer/wasm-fuzzer-common.h
+++ b/test/fuzzer/wasm-fuzzer-common.h
@@ -26,6 +26,9 @@ int FuzzWasmSection(SectionCode section, const uint8_t* data, size_t size);
 void InterpretAndExecuteModule(Isolate* isolate,
                               Handle<WasmModuleObject> module_object);

+void GenerateTestCase(Isolate* isolate, ModuleWireBytes wire_bytes,
+                      bool compiles);
+
 class WasmExecutionFuzzer {
 public:
  virtual ~WasmExecutionFuzzer() {}

--- a/test/fuzzer/wasm.cc
+++ b/test/fuzzer/wasm.cc
@@ -37,14 +37,20 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  v8::Context::Scope context_scope(support->GetContext());
  v8::TryCatch try_catch(isolate);
  i::wasm::testing::SetupIsolateForWasmModule(i_isolate);
+  i::wasm::ModuleWireBytes wire_bytes(data, data + size);

  i::HandleScope scope(i_isolate);
  i::wasm::ErrorThrower thrower(i_isolate, "wasm fuzzer");
-  i::MaybeHandle<i::WasmModuleObject> maybe_object =
-      i_isolate->wasm_engine()->SyncCompile(
-          i_isolate, &thrower, i::wasm::ModuleWireBytes(data, data + size));
  i::Handle<i::WasmModuleObject> module_object;
-  if (maybe_object.ToHandle(&module_object)) {
+  bool compiles = i_isolate->wasm_engine()
+                      ->SyncCompile(i_isolate, &thrower, wire_bytes)
+                      .ToHandle(&module_object);
+
+  if (i::FLAG_wasm_fuzzer_gen_test) {
+    i::wasm::fuzzer::GenerateTestCase(i_isolate, wire_bytes, compiles);
+  }
+
+  if (compiles) {
    i::wasm::fuzzer::InterpretAndExecuteModule(i_isolate, module_object);
  }
  return 0;