[fuzzer] Add call_ref and return_call_ref to fuzzer

We add call_ref and return_call_ref to the fuzzed module. We alter call function to generate call_ref in it. Bug: v8:11954 Change-Id: I972b8e053d7eab758ac343d48f0c4631ef24b22b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3148011Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Rakhim Khismet <khismet@google.com> Cr-Commit-Position: refs/heads/main@{#76748}

[fuzzer] Add call_ref and return_call_ref to fuzzer
We add call_ref and return_call_ref to the fuzzed module. We alter call function to generate call_ref in it. Bug: v8:11954 Change-Id: I972b8e053d7eab758ac343d48f0c4631ef24b22b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3148011Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Commit-Queue: Rakhim Khismet <khismet@google.com> Cr-Commit-Position: refs/heads/main@{#76748}
7ad60c27 · Rakhim Khismet · V8 LUCI CQ · 06de35ed · 7ad60c27
Commit 7ad60c27 authored Sep 08, 2021 by Rakhim Khismet Committed by V8 LUCI CQ Sep 09, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 6 deletions

wasm-compile.cc test/fuzzer/wasm-compile.cc +26 -6

No files found.
--- a/test/fuzzer/wasm-compile.cc
+++ b/test/fuzzer/wasm-compile.cc
@@ -529,7 +529,7 @@ class WasmGenerator {
    builder_->Emit(kExprDrop);
  }
-  enum CallDirect : bool { kCallDirect = true, kCallIndirect = false };
+  enum CallKind { kCallDirect, kCallIndirect, kCallRef };
  template <ValueKind wanted_kind>
  void call(DataRange* data) {
@@ -541,6 +541,15 @@ class WasmGenerator {
    call(data, ValueType::Primitive(wanted_kind), kCallIndirect);
  }
+  template <ValueKind wanted_kind>
+  void call_ref(DataRange* data) {
+    if (liftoff_as_reference_) {
+      call(data, ValueType::Primitive(wanted_kind), kCallRef);
+    } else {
+      Generate<wanted_kind>(data);
+    }
+  }
  void Convert(ValueType src, ValueType dst) {
    auto idx = [](ValueType t) -> int {
      switch (t.kind()) {
@@ -569,7 +578,7 @@ class WasmGenerator {
    builder_->Emit(kConvertOpcodes[arr_idx]);
  }
-  void call(DataRange* data, ValueType wanted_kind, CallDirect call_direct) {
+  void call(DataRange* data, ValueType wanted_kind, CallKind call_kind) {
    uint8_t random_byte = data->get<uint8_t>();
    int func_index = random_byte % functions_.size();
    uint32_t sig_index = functions_[func_index];
@@ -586,27 +595,33 @@ class WasmGenerator {
        std::equal(sig->returns().begin(), sig->returns().end(),
                   builder_->signature()->returns().begin(),
                   builder_->signature()->returns().end())) {
-      if (call_direct) {
+      if (call_kind == kCallDirect) {
        builder_->EmitWithU32V(kExprReturnCall, func_index);
-      } else {
+      } else if (call_kind == kCallIndirect) {
        // This will not trap because table[func_index] always contains function
        // func_index.
        builder_->EmitI32Const(func_index);
        builder_->EmitWithU32V(kExprReturnCallIndirect, sig_index);
        // TODO(11954): Use other table indices too.
        builder_->EmitByte(0);  // Table index.
+      } else {
+        GenerateOptRef(HeapType(sig_index), data);
+        builder_->Emit(kExprReturnCallRef);
      }
      return;
    } else {
-      if (call_direct) {
+      if (call_kind == kCallDirect) {
        builder_->EmitWithU32V(kExprCallFunction, func_index);
-      } else {
+      } else if (call_kind == kCallIndirect) {
        // This will not trap because table[func_index] always contains function
        // func_index.
        builder_->EmitI32Const(func_index);
        builder_->EmitWithU32V(kExprCallIndirect, sig_index);
        // TODO(11954): Use other table indices too.
        builder_->EmitByte(0);  // Table index.
+      } else {
+        GenerateOptRef(HeapType(sig_index), data);
+        builder_->Emit(kExprCallRef);
      }
    }
    if (sig->return_count() == 0 && wanted_kind != kWasmVoid) {
@@ -1111,6 +1126,7 @@ void WasmGenerator::Generate<kVoid>(DataRange* data) {
      &WasmGenerator::call<kVoid>,
      &WasmGenerator::call_indirect<kVoid>,
+      &WasmGenerator::call_ref<kVoid>,
      &WasmGenerator::set_local,
      &WasmGenerator::set_global,
@@ -1269,6 +1285,7 @@ void WasmGenerator::Generate<kI32>(DataRange* data) {
      &WasmGenerator::call<kI32>,
      &WasmGenerator::call_indirect<kI32>,
+      &WasmGenerator::call_ref<kI32>,
      &WasmGenerator::try_block<kI32>,
      &WasmGenerator::struct_get<kI32>,
@@ -1392,6 +1409,7 @@ void WasmGenerator::Generate<kI64>(DataRange* data) {
      &WasmGenerator::call<kI64>,
      &WasmGenerator::call_indirect<kI64>,
+      &WasmGenerator::call_ref<kI64>,
      &WasmGenerator::try_block<kI64>,
      &WasmGenerator::struct_get<kI64>};
@@ -1452,6 +1470,7 @@ void WasmGenerator::Generate<kF32>(DataRange* data) {
      &WasmGenerator::call<kF32>,
      &WasmGenerator::call_indirect<kF32>,
+      &WasmGenerator::call_ref<kF32>,
      &WasmGenerator::try_block<kF32>,
      &WasmGenerator::struct_get<kF32>};
@@ -1512,6 +1531,7 @@ void WasmGenerator::Generate<kF64>(DataRange* data) {
      &WasmGenerator::call<kF64>,
      &WasmGenerator::call_indirect<kF64>,
+      &WasmGenerator::call_ref<kF64>,
      &WasmGenerator::try_block<kF64>,
      &WasmGenerator::struct_get<kF64>};