[wasm] Fix enabling staged wasm features in libfuzzer fuzzers

In https://crrev.com/c/1768581 I only enabled the --wasm-staging flag, but that is useless without the implications defined in flag-definitions.h. With this CL I now just set each flag one by one. R=clemensh@chromium.org Bug: v8:9601 Change-Id: Ie0e16f9516aa32b8c958cf58c8c9d4d6cb6f3b22 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781060Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#63516}

[wasm] Fix enabling staged wasm features in libfuzzer fuzzers
In https://crrev.com/c/1768581 I only enabled the --wasm-staging flag, but that is useless without the implications defined in flag-definitions.h. With this CL I now just set each flag one by one. R=clemensh@chromium.org Bug: v8:9601 Change-Id: Ie0e16f9516aa32b8c958cf58c8c9d4d6cb6f3b22 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1781060Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#63516}
8e91bf31 · Andreas Haas · Commit Bot · ab089c78 · 8e91bf31 · 8e91bf31
Commit 8e91bf31 authored Sep 03, 2019 by Andreas Haas Committed by Commit Bot Sep 03, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 3 deletions

wasm-fuzzer-common.cc test/fuzzer/wasm-fuzzer-common.cc +6 -2

wasm.cc test/fuzzer/wasm.cc +5 -1

No files found.
--- a/test/fuzzer/wasm-fuzzer-common.cc
+++ b/test/fuzzer/wasm-fuzzer-common.cc
@@ -8,9 +8,10 @@

 #include "include/v8.h"
 #include "src/execution/isolate.h"
-#include "src/utils/ostreams.h"
 #include "src/objects/objects-inl.h"
+#include "src/utils/ostreams.h"
 #include "src/wasm/wasm-engine.h"
+#include "src/wasm/wasm-feature-flags.h"
 #include "src/wasm/wasm-module-builder.h"
 #include "src/wasm/wasm-module.h"
 #include "src/wasm/wasm-objects-inl.h"
@@ -254,7 +255,10 @@ void WasmExecutionFuzzer::FuzzWasmModule(Vector<const uint8_t> data,
  // We explicitly enable staged WebAssembly features here to increase fuzzer
  // coverage. For libfuzzer fuzzers it is not possible that the fuzzer enables
  // the flag by itself.
-  FlagScope<bool> enable_staged_features(&FLAG_wasm_staging, true);
+#define ENABLE_STAGED_FEATURES(feat, desc, val) \
+  FlagScope<bool> enable_##feat(&FLAG_experimental_wasm_##feat, true);
+  FOREACH_WASM_STAGING_FEATURE_FLAG(ENABLE_STAGED_FEATURES)
+#undef ENABLE_STAGED_FEATURES

  // Strictly enforce the input size limit. Note that setting "max_len" on the
  // fuzzer target is not enough, since different fuzzers are used and not all

--- a/test/fuzzer/wasm.cc
+++ b/test/fuzzer/wasm.cc
@@ -11,6 +11,7 @@
 #include "src/heap/factory.h"
 #include "src/objects/objects-inl.h"
 #include "src/wasm/wasm-engine.h"
+#include "src/wasm/wasm-feature-flags.h"
 #include "src/wasm/wasm-module.h"
 #include "test/common/wasm/flag-utils.h"
 #include "test/common/wasm/wasm-module-runner.h"
@@ -23,7 +24,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  // We explicitly enable staged WebAssembly features here to increase fuzzer
  // coverage. For libfuzzer fuzzers it is not possible that the fuzzer enables
  // the flag by itself.
-  i::FlagScope<bool> enable_staged_features(&i::FLAG_wasm_staging, true);
+#define ENABLE_STAGED_FEATURES(feat, desc, val) \
+  i::FlagScope<bool> enable_##feat(&i::FLAG_experimental_wasm_##feat, true);
+  FOREACH_WASM_STAGING_FEATURE_FLAG(ENABLE_STAGED_FEATURES)
+#undef ENABLE_STAGED_FEATURES

  // We reduce the maximum memory size and table size of WebAssembly instances
  // to avoid OOMs in the fuzzer.