[fuzzer] Add array operations to the fuzzed module

We add support for array.get, array.set and array.len operation to the fuzzed module. Bug: v8:11954 Change-Id: Ic8fd89ec7f7f31e70a40bad831567e50ae49f668 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168624Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Maria Tîmbur <mtimbur@google.com> Cr-Commit-Position: refs/heads/main@{#76931}

[fuzzer] Add array operations to the fuzzed module
We add support for array.get, array.set and array.len operation to the fuzzed module. Bug: v8:11954 Change-Id: Ic8fd89ec7f7f31e70a40bad831567e50ae49f668 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3168624Reviewed-by: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by: Manos Koukoutos <manoskouk@chromium.org> Commit-Queue: Maria Tîmbur <mtimbur@google.com> Cr-Commit-Position: refs/heads/main@{#76931}
f5eee56f · Maria Tîmbur · V8 LUCI CQ · 81c19070 · f5eee56f
Commit f5eee56f authored Sep 20, 2021 by Maria Tîmbur Committed by V8 LUCI CQ Sep 20, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 65 additions and 3 deletions

wasm-compile.cc test/fuzzer/wasm-compile.cc +65 -3

No files found.
--- a/test/fuzzer/wasm-compile.cc
+++ b/test/fuzzer/wasm-compile.cc
@@ -907,6 +907,61 @@ class WasmGenerator {
    table_op<kVoid>({kWasmI32, kWasmFuncRef, kWasmI32}, data, kExprTableFill);
  }

+  template <ValueKind wanted_kind>
+  void array_get(DataRange* data) {
+    WasmModuleBuilder* builder = builder_->builder();
+    ZoneVector<uint32_t> array_indices(builder->zone());
+    for (uint32_t i = num_structs_; i < num_arrays_ + num_structs_; i++) {
+      DCHECK(builder->IsArrayType(i));
+      if (builder->GetArrayType(i)->element_type().kind() == wanted_kind) {
+        array_indices.push_back(i);
+      }
+    }
+    if (array_indices.empty()) {
+      Generate<wanted_kind>(data);
+      return;
+    }
+    int index = data->get<uint8_t>() % static_cast<int>(array_indices.size());
+    GenerateOptRef(HeapType(array_indices[index]), data);
+    Generate(kWasmI32, data);
+    builder_->EmitWithPrefix(kExprArrayGet);
+    builder_->EmitU32V(array_indices[index]);
+  }
+
+  void array_len(DataRange* data) {
+    if (num_arrays_ > 1) {
+      int array_index = (data->get<uint8_t>() % num_arrays_) + num_structs_;
+      DCHECK(builder_->builder()->IsArrayType(array_index));
+      GenerateOptRef(HeapType(array_index), data);
+      builder_->EmitWithPrefix(kExprArrayLen);
+      builder_->EmitU32V(array_index);
+    } else {
+      Generate(kWasmI32, data);
+    }
+  }
+
+  void array_set(DataRange* data) {
+    WasmModuleBuilder* builder = builder_->builder();
+    ZoneVector<uint32_t> array_indices(builder->zone());
+    for (uint32_t i = num_structs_; i < num_arrays_ + num_structs_; i++) {
+      DCHECK(builder->IsArrayType(i));
+      if (builder->GetArrayType(i)->mutability()) {
+        array_indices.push_back(i);
+      }
+    }
+
+    if (array_indices.empty()) {
+      return;
+    }
+
+    int index = data->get<uint8_t>() % static_cast<int>(array_indices.size());
+    GenerateOptRef(HeapType(array_indices[index]), data);
+    Generate(kWasmI32, data);
+    Generate(builder->GetArrayType(array_indices[index])->element_type(), data);
+    builder_->EmitWithPrefix(kExprArraySet);
+    builder_->EmitU32V(array_indices[index]);
+  }
+
  template <ValueKind wanted_kind>
  void struct_get(DataRange* data) {
    WasmModuleBuilder* builder = builder_->builder();
@@ -1134,6 +1189,7 @@ void WasmGenerator::Generate<kVoid>(DataRange* data) {
      &WasmGenerator::try_block<kVoid>,

      &WasmGenerator::struct_set,
+      &WasmGenerator::array_set,

      &WasmGenerator::table_set,
      &WasmGenerator::table_fill};
@@ -1289,6 +1345,8 @@ void WasmGenerator::Generate<kI32>(DataRange* data) {
      &WasmGenerator::try_block<kI32>,

      &WasmGenerator::struct_get<kI32>,
+      &WasmGenerator::array_get<kI32>,
+      &WasmGenerator::array_len,

      &WasmGenerator::ref_is_null<kI32>,
      &WasmGenerator::ref_eq,
@@ -1412,7 +1470,9 @@ void WasmGenerator::Generate<kI64>(DataRange* data) {
      &WasmGenerator::call_ref<kI64>,
      &WasmGenerator::try_block<kI64>,

-      &WasmGenerator::struct_get<kI64>};
+      &WasmGenerator::struct_get<kI64>,
+
+      &WasmGenerator::array_get<kI64>};

  GenerateOneOf(alternatives, data);
 }
@@ -1473,7 +1533,8 @@ void WasmGenerator::Generate<kF32>(DataRange* data) {
      &WasmGenerator::call_ref<kF32>,
      &WasmGenerator::try_block<kF32>,

-      &WasmGenerator::struct_get<kF32>};
+      &WasmGenerator::struct_get<kF32>,
+      &WasmGenerator::array_get<kF32>};

  GenerateOneOf(alternatives, data);
 }
@@ -1534,7 +1595,8 @@ void WasmGenerator::Generate<kF64>(DataRange* data) {
      &WasmGenerator::call_ref<kF64>,
      &WasmGenerator::try_block<kF64>,

-      &WasmGenerator::struct_get<kF64>};
+      &WasmGenerator::struct_get<kF64>,
+      &WasmGenerator::array_get<kF64>};

  GenerateOneOf(alternatives, data);
 }