[fuzzer] Add generated tables to fuzzed module

We add multiple tables to the fuzzed module. We only can use externref or function references for tables. Bug: v8:11954 Change-Id: Ibb7b34203169a3ca97514b87273fa4ea0f6ca99a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093145 Commit-Queue: Rakhim Khismet <khismet@google.com> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#76288}

[fuzzer] Add generated tables to fuzzed module
We add multiple tables to the fuzzed module. We only can use externref or function references for tables. Bug: v8:11954 Change-Id: Ibb7b34203169a3ca97514b87273fa4ea0f6ca99a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3093145 Commit-Queue: Rakhim Khismet <khismet@google.com> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/master@{#76288}
b342d555 · Rakhim Khismet · V8 LUCI CQ · 8798c238 · b342d555 · b342d555
Commit b342d555 authored Aug 13, 2021 by Rakhim Khismet Committed by V8 LUCI CQ Aug 13, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 6 deletions

wasm-compile.cc test/fuzzer/wasm-compile.cc +21 -3

wasm-fuzzer-common.cc test/fuzzer/wasm-fuzzer-common.cc +0 -3

No files found.
--- a/test/fuzzer/wasm-compile.cc
+++ b/test/fuzzer/wasm-compile.cc
@@ -35,6 +35,8 @@ constexpr int kMaxGlobals = 64;
 constexpr int kMaxParameters = 15;
 constexpr int kMaxReturns = 15;
 constexpr int kMaxExceptions = 4;
+constexpr int kMaxTableSize = 32;
+constexpr int kMaxTables = 4;

 class DataRange {
  base::Vector<const uint8_t> data_;
@@ -1823,9 +1825,7 @@ class WasmCompileFuzzer : public WasmExecutionFuzzer {
    }

    for (int i = 0; i < num_functions; ++i) {
-      DataRange function_range =
-          i == num_functions - 1 ? std::move(range) : range.split();
-
+      DataRange function_range = range.split();
      FunctionSig* sig = builder.GetSignature(function_signatures[i]);
      WasmFunctionBuilder* f = builder.AddFunction(sig);

@@ -1844,6 +1844,24 @@ class WasmCompileFuzzer : public WasmExecutionFuzzer {
    for (int i = 0; i < num_functions; ++i) {
      builder.SetIndirectFunction(i, i);
    }
+
+    int num_tables = range.get<uint8_t>() % (kMaxTables + 1);
+
+    for (int i = 0; i < num_tables; i++) {
+      uint32_t min_size = range.get<uint8_t>() % kMaxTableSize;
+      uint32_t max_size =
+          range.get<uint8_t>() % (kMaxTableSize - min_size) + min_size;
+      int which_ref = range.get<uint8_t>() % 3;
+      ValueType type =
+          which_ref == 0
+              ? kWasmExternRef
+              : which_ref == 1
+                    ? kWasmFuncRef
+                    : ValueType::Ref(function_signatures[range.get<uint8_t>() %
+                                                         num_functions],
+                                     kNullable);
+      builder.AddTable(type, min_size, max_size);
+    }
    builder.SetMaxMemorySize(32);
    // We enable shared memory to be able to test atomics.
    builder.SetHasSharedMemory();

--- a/test/fuzzer/wasm-fuzzer-common.cc
+++ b/test/fuzzer/wasm-fuzzer-common.cc
@@ -443,10 +443,7 @@ void GenerateTestCase(Isolate* isolate, ModuleWireBytes wire_bytes,

  Zone tmp_zone(isolate->allocator(), ZONE_NAME);

-  // There currently cannot be more than one table.
-  // TODO(manoskouk): Add support for more tables.
  // TODO(9495): Add support for talbes with explicit initializers.
-  DCHECK_GE(1, module->tables.size());
  for (const WasmTable& table : module->tables) {
    os << "builder.setTableBounds(" << table.initial_size << ", ";
    if (table.has_maximum_size) {