- 03 Jun, 2020 1 commit
-
-
Peter Ralbovsky authored
Fuzzilli is open source fuzzer by Samuel Groß (saelo@google.com) that can be used to find bugs in v8 javascript engine. As we want to automate fuzzing for current versions of v8, we want to merge fuzzilli toolkit into v8 code, so that fuzzer can automatically update to the newest version. So far Fuzzilli has been maintained at https://github.com/googleprojectzero/fuzzilli . Bug tracker Id: https://bugs.chromium.org/p/v8/issues/detail?id=10571 Change-Id: I83ddc7e8bb31664c19e4044395bb9044a1c12031 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2201760Reviewed-by: Tamer Tas <tmrts@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Reviewed-by: Michael Stanton <mvstanton@chromium.org> Reviewed-by: Tobias Tebbi <tebbi@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#68132}
-
- 06 Feb, 2019 1 commit
-
-
Tamer Tas authored
This is a reland of 81eec150 Original change's description: > Reland "[test] refactor testsuite configuration" > > This is a reland of 7f92ad0a > > Original change's description: > > [test] refactor testsuite configuration > > > > Every testsuite configuration consist of at least 30% code duplication. > > > > The code age ranges from 10 years old to 5 years old. Implementing anything that > > touches the testsuite code becomes a technical fight to the death. > > > > This CL removes all the duplication by refactoring the common functionality. > > > > This CL contains structural changes without any logical changes % small bug > > fixes. > > > > R=machenbach@chromium.org > > CC=yangguo@chromium.org,sergiyb@chromium.org > > > > Bug: v8:8174, v8:8769 > > Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2 > > Reviewed-on: https://chromium-review.googlesource.com/c/1445881 > > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org> > > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#59361} > > Bug: v8:8174, v8:8769 > Change-Id: I8e7078cfb875ceb3777e57084e6f8dfac09693e7 > Reviewed-on: https://chromium-review.googlesource.com/c/1454485 > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Commit-Queue: Tamer Tas <tmrts@chromium.org> > Cr-Commit-Position: refs/heads/master@{#59369} Bug: v8:8174, v8:8790 Change-Id: I38ab9d37bca76057441a970f26e2102e4387a857 Reviewed-on: https://chromium-review.googlesource.com/c/1454724 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#59387}
-
- 05 Feb, 2019 4 commits
-
-
Tamer Tas authored
This reverts commit 81eec150. Reason for revert: windows mozilla test failures Original change's description: > Reland "[test] refactor testsuite configuration" > > This is a reland of 7f92ad0a > > Original change's description: > > [test] refactor testsuite configuration > > > > Every testsuite configuration consist of at least 30% code duplication. > > > > The code age ranges from 10 years old to 5 years old. Implementing anything that > > touches the testsuite code becomes a technical fight to the death. > > > > This CL removes all the duplication by refactoring the common functionality. > > > > This CL contains structural changes without any logical changes % small bug > > fixes. > > > > R=machenbach@chromium.org > > CC=yangguo@chromium.org,sergiyb@chromium.org > > > > Bug: v8:8174, v8:8769 > > Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2 > > Reviewed-on: https://chromium-review.googlesource.com/c/1445881 > > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org> > > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#59361} > > Bug: v8:8174, v8:8769 > Change-Id: I8e7078cfb875ceb3777e57084e6f8dfac09693e7 > Reviewed-on: https://chromium-review.googlesource.com/c/1454485 > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Commit-Queue: Tamer Tas <tmrts@chromium.org> > Cr-Commit-Position: refs/heads/master@{#59369} TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org Change-Id: I8f5650b5f46be299c004e2fa8b708fa2c17a4dc2 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8174, v8:8769 Reviewed-on: https://chromium-review.googlesource.com/c/1454607Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Tamer Tas <tmrts@chromium.org> Cr-Commit-Position: refs/heads/master@{#59370}
-
Tamer Tas authored
This is a reland of 7f92ad0a Original change's description: > [test] refactor testsuite configuration > > Every testsuite configuration consist of at least 30% code duplication. > > The code age ranges from 10 years old to 5 years old. Implementing anything that > touches the testsuite code becomes a technical fight to the death. > > This CL removes all the duplication by refactoring the common functionality. > > This CL contains structural changes without any logical changes % small bug > fixes. > > R=machenbach@chromium.org > CC=yangguo@chromium.org,sergiyb@chromium.org > > Bug: v8:8174, v8:8769 > Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2 > Reviewed-on: https://chromium-review.googlesource.com/c/1445881 > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#59361} Bug: v8:8174, v8:8769 Change-Id: I8e7078cfb875ceb3777e57084e6f8dfac09693e7 Reviewed-on: https://chromium-review.googlesource.com/c/1454485Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Tamer Tas <tmrts@chromium.org> Cr-Commit-Position: refs/heads/master@{#59369}
-
Tamer Tas authored
This reverts commit 7f92ad0a. Reason for revert: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win32/19148 Original change's description: > [test] refactor testsuite configuration > > Every testsuite configuration consist of at least 30% code duplication. > > The code age ranges from 10 years old to 5 years old. Implementing anything that > touches the testsuite code becomes a technical fight to the death. > > This CL removes all the duplication by refactoring the common functionality. > > This CL contains structural changes without any logical changes % small bug > fixes. > > R=machenbach@chromium.org > CC=yangguo@chromium.org,sergiyb@chromium.org > > Bug: v8:8174, v8:8769 > Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2 > Reviewed-on: https://chromium-review.googlesource.com/c/1445881 > Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#59361} TBR=machenbach@chromium.org,sergiyb@chromium.org,tmrts@chromium.org,v8-reviews@chromium.org Change-Id: I473f0d4c6b9c0239923b8c03699dbc38b7f85030 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:8174, v8:8769 Reviewed-on: https://chromium-review.googlesource.com/c/1454599 Commit-Queue: Tamer Tas <tmrts@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#59362}
-
Tamer Tas authored
Every testsuite configuration consist of at least 30% code duplication. The code age ranges from 10 years old to 5 years old. Implementing anything that touches the testsuite code becomes a technical fight to the death. This CL removes all the duplication by refactoring the common functionality. This CL contains structural changes without any logical changes % small bug fixes. R=machenbach@chromium.org CC=yangguo@chromium.org,sergiyb@chromium.org Bug: v8:8174, v8:8769 Change-Id: Iee299569caa7abdc0307ecf606136669034a28a2 Reviewed-on: https://chromium-review.googlesource.com/c/1445881 Commit-Queue: Sergiy Belozorov <sergiyb@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#59361}
-
- 11 Jan, 2019 1 commit
-
-
Andreas Haas authored
The fuzzers were already removed on the chrome side and therefore inactive, see https://crrev.com/c/1194228. R=machenbach@chromium.org Bug: v8:8562 Change-Id: I0cf5ec6d07e07452c5168ea952f45028bcea1c85 Reviewed-on: https://chromium-review.googlesource.com/c/1406678 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#58750}
-
- 01 Feb, 2018 3 commits
-
-
Clemens Hammacher authored
The wasm call fuzzer is superseded by the wasm compile fuzzer, thus remove it. The chromium side will land in https://crrev.com/c/895531. R=ahaas@chromium.org Change-Id: I211d9f8ad2ca5432dbbc6ecce0b6e13760f1af60 Reviewed-on: https://chromium-review.googlesource.com/895534Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#51034}
-
Michal Majewski authored
Bug: v8:6917 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I6bfea537347fb236d41b31f0c6c64c108928bf28 Reviewed-on: https://chromium-review.googlesource.com/897784Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michał Majewski <majeski@google.com> Cr-Commit-Position: refs/heads/master@{#51033}
-
Michal Majewski authored
Bug: v8:6917 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Id5a7b41502dfd4be43496b1edb958522a8eb0c31 Reviewed-on: https://chromium-review.googlesource.com/895588 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#51023}
-
- 31 Jan, 2018 2 commits
-
-
Michal Majewski authored
Bug: v8:6917 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I254d2e545709029346f585b02a9edf91d3f27893 Reviewed-on: https://chromium-review.googlesource.com/893321Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michał Majewski <majeski@google.com> Cr-Commit-Position: refs/heads/master@{#50996}
-
Michal Majewski authored
This is a reland of 0db74d49. Original change's description: > [test] Random seed processor > > 1. --total-timeout-sec now available for ./run-tests.py. It can be > useful with infinite seed stressing > 2. random seed dropped from the context. Now JSON progress indicator > gets it from the list of command args. > > Bug: v8:6917 > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng > Change-Id: I73e535bc8face9b913c696b8d5e3a246fa231004 > Reviewed-on: https://chromium-review.googlesource.com/888524 > Commit-Queue: Michał Majewski <majeski@google.com> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50964} Bug: v8:6917 Change-Id: I1ea376a4abffce5ab65f4834ea7e6d6011765ffa Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Reviewed-on: https://chromium-review.googlesource.com/894204Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michał Majewski <majeski@google.com> Cr-Commit-Position: refs/heads/master@{#50978}
-
- 30 Jan, 2018 2 commits
-
-
Michael Achenbach authored
This reverts commit 0db74d49. Reason for revert: https://chromium-swarm.appspot.com/task?id=3b609f9976bac610&refresh=10&show_raw=1 Original change's description: > [test] Random seed processor > > 1. --total-timeout-sec now available for ./run-tests.py. It can be > useful with infinite seed stressing > 2. random seed dropped from the context. Now JSON progress indicator > gets it from the list of command args. > > Bug: v8:6917 > Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng > Change-Id: I73e535bc8face9b913c696b8d5e3a246fa231004 > Reviewed-on: https://chromium-review.googlesource.com/888524 > Commit-Queue: Michał Majewski <majeski@google.com> > Reviewed-by: Michael Achenbach <machenbach@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50964} TBR=machenbach@chromium.org,sergiyb@chromium.org,majeski@google.com Change-Id: I2d96ea328cda2d09b01ff455e47c77d567fafe00 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:6917 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Reviewed-on: https://chromium-review.googlesource.com/894522Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50970}
-
Michal Majewski authored
1. --total-timeout-sec now available for ./run-tests.py. It can be useful with infinite seed stressing 2. random seed dropped from the context. Now JSON progress indicator gets it from the list of command args. Bug: v8:6917 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I73e535bc8face9b913c696b8d5e3a246fa231004 Reviewed-on: https://chromium-review.googlesource.com/888524 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50964}
-
- 18 Jan, 2018 1 commit
-
-
jgruber authored
This fuzzer randomly generates calls to regexp builtins, runs each on the slow and fast path, and verifies that their result is the same. Change-Id: Ia91b0c8afcdaf64835a9bb7b9a470610fbb75fc8 Reviewed-on: https://chromium-review.googlesource.com/833922 Commit-Queue: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Yang Guo <yangguo@chromium.org> Cr-Commit-Position: refs/heads/master@{#50670}
-
- 15 Jan, 2018 1 commit
-
-
Michael Achenbach authored
Bug: v8:7264 Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: I0c07c92955c0b6c145c7b72e5014f828eaf59c9a Reviewed-on: https://chromium-review.googlesource.com/865903Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50582}
-
- 12 Jan, 2018 2 commits
-
-
Andreas Haas authored
This CL makes a fuzzer out of the cctest test-multiple-return/ReturnMultipleRandom. The fuzzer creates a CallDescriptor with input parameters and returns, and a function which maps input parameters to returns. The fuzzer then calls this function with a wrapper which checks that the correct mapping happened. R=clemensh@chromium.org Change-Id: Ib89c4063638baae69540a44486d7b2e9d13f8c1f Reviewed-on: https://chromium-review.googlesource.com/859768Reviewed-by: Ben Titzer <titzer@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#50532}
-
Michal Majewski authored
Bug: v8:6917 Cq-Include-Trybots: luci.v8.try:v8_linux64_fyi_rel_ng;luci.v8.try:v8_linux_noi18n_rel_ng Change-Id: Ib5bfdf4d6fee6102f62c7334a1b22146f1a1fc5b Reviewed-on: https://chromium-review.googlesource.com/857376 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50525}
-
- 19 Dec, 2017 1 commit
-
-
Michal Majewski authored
Pass shell name instead of an absolute path. Bug: v8:796166 Change-Id: Ia9472e893fd2cb3fde2a94997f3e9daf30da06ea Reviewed-on: https://chromium-review.googlesource.com/833917 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50207}
-
- 13 Dec, 2017 2 commits
-
-
Michal Majewski authored
- All testcase/testsuite/variant generator subclasses renamed to just TestCase/TestSuite/VariantGenerator since they're private implementation. - All `testcase` variables renamed to `test` to not conflict with a module name. - No more two statements in the same line. - Removed some unused testsuite methods. Bug: v8:6917 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I7710f3419f738a5f9ddca73765dd2cad2e35b952 Reviewed-on: https://chromium-review.googlesource.com/823964Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michał Majewski <majeski@google.com> Cr-Commit-Position: refs/heads/master@{#50076}
-
Michal Majewski authored
- create testcase subclass for each test - move get_command, get_source from suite to test - promises-aplus tests are broken - moving expected outcomes etc. is still in progress Bug: v8:6917 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I006e64ecf51dda95c41dff88c68b24f17a638566 Reviewed-on: https://chromium-review.googlesource.com/798331 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#50065}
-
- 16 Nov, 2017 2 commits
-
-
Michal Majewski authored
Bug: v8:6917 Change-Id: Ic50ed8aca2ef6b6e60eae194cf46c2264a416657 Reviewed-on: https://chromium-review.googlesource.com/774265 Commit-Queue: Michał Majewski <majeski@google.com> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#49417}
-
Michal Majewski authored
Bug: v8:6917 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I09fb05ac6d4b9b1223118494ce2c89e3ab5de109 Reviewed-on: https://chromium-review.googlesource.com/771870Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michał Majewski <majeski@google.com> Cr-Commit-Position: refs/heads/master@{#49415}
-
- 27 Oct, 2017 1 commit
-
-
Michael Achenbach authored
The status-file flags and the flags from the test case's source code must always overwrite extra flags set by bots. Bug: v8:6924 Cq-Include-Trybots: master.tryserver.v8:v8_linux_noi18n_rel_ng Change-Id: I0e2aabb69da7cfb8ba6c1c79bd3851462071a6ac Reviewed-on: https://chromium-review.googlesource.com/732656 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#49001}
-
- 21 Jun, 2017 1 commit
-
-
Andreas Haas authored
The fuzzer has already been removed from chromium. In addition I removed code which was only used by this fuzzer. BUG=chromium:734550 R=clemensh@chromium.org CC=mstarzinger@chromium.org Change-Id: I2ff4614e4d64131412ead759318e5c38e38f5d3d Reviewed-on: https://chromium-review.googlesource.com/542816 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#46078}
-
- 13 Jun, 2017 1 commit
-
-
Andreas Haas authored
The new fuzzer takes the fuzzer input as module bytes and compiles them with WebAssembly asynchronous compilation. R=mtrofin@chromium.org Change-Id: I9740edec68e26c04d011d85c68521e340be13c4c Reviewed-on: https://chromium-review.googlesource.com/506156 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#45912}
-
- 31 May, 2017 1 commit
-
-
Andreas Haas authored
In https://chromium-review.googlesource.com/c/505614/ I added code to the test runner which deletes the old corpus of the wasm fuzzer. It's time now to remove this code again. R=machenbach@chromium.org Change-Id: Ic3b8f7a1f6d725f0bf070b404a75ac37551a07c0 Reviewed-on: https://chromium-review.googlesource.com/519405Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#45641}
-
- 19 May, 2017 1 commit
-
-
Andreas Haas authored
In a recent CL I moved the corpus of the wasm fuzzer and of the wasm-asmjs fuzzer to a different directory (wasm_corpus and wasm_asmjs_corpus) so that the corpus is not executed on the try-bots. With this CL I remove the old corpus from the .gitignore file. In addition I removed the hooks for wasm_corpus and wasm_asmjs_corpus from the V8 DEPS file, because in a V8 checkout they are not used anyway. I also added code to the test runner to delete all *.wasm files from the directories test/fuzzer/wasm and test/fuzzer/wasm_asmjs. This code should be removed in a week, but it will help my coworkers to cleanup their V8 checkout. R=bradnelson@chromium.org CC=machenbach@chromium.org Change-Id: I9fdf9d77b71b133f84f7e744763d65fdf127d624 Reviewed-on: https://chromium-review.googlesource.com/505614 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#45417}
-
- 17 Feb, 2017 1 commit
-
-
eholk authored
This is the beginning of a new fuzzer that generates correct-by-construction Wasm modules. This should allow us to better exercise the compiler and correctness aspects of fuzzing. It is based off of ahaas' original Wasm fuzzer. At the moment, it can generate expressions made up of most binops, and also nested blocks with unconditional breaks. Future CLs will add additional constructs, such as br_if, loops, memory access, etc. The way the fuzzer works is that it starts with an array of arbitrary data provided by libfuzzer. It uses the data to generate an expression. Care is taken to make use of the entire string. Basically, the generator has a bunch of grammar-like rules for how to construct an expression of a given type. For example, an i32 can be made by adding two other i32s, or by wrapping an i64. The process then continues recursively until all the data is consumed. We generate an expression from a slice of data as follows: * If the slice is less than or equal to the size of the type (e.g. 4 bytes for i32), then it will emit the entire slice as a constant. * Otherwise, it will consume the first 4 bytes of the slice and use this to select which rule to apply. Each rule then consumes the remainder of the slice in an appropriate way. For example: * Unary ops use the remainder of the slice to generate the argument. * Binary ops consume another four bytes and mod this with the length of the remaining slice to split the slice into two parts. Each of these subslices are then used to generate one of the arguments to the binop. * Blocks are basically like a unary op, but a stack of block types is maintained to facilitate branches. For blocks that end in a break, the first four bytes of a slice are used to select the break depth and the stack determines what type of expression to generate. The goal is that once this generator is complete, it will provide a one to one mapping between binary strings and valid Wasm modules. Review-Url: https://codereview.chromium.org/2658723006 Cr-Commit-Position: refs/heads/master@{#43289}
-
- 24 Oct, 2016 1 commit
-
-
ahaas authored
Depending on the inputs the fuzzer creates multiple functions. These functions can have signatures with an int32 return value and up to three parameters of type int32, int64, float32, or float64. R=titzer@chromium.org, clemensh@chromium.org Review-Url: https://codereview.chromium.org/2447643002 Cr-Commit-Position: refs/heads/master@{#40530}
-
- 14 Sep, 2016 1 commit
-
-
ahaas authored
This CL adds fuzzers for the wasm module sections 'types', 'names', 'globals', 'imports', 'function signatures', 'memory', and 'data', one fuzzer per section. No fuzzers are added for the other sections because either there already exists a fuzzer (e.g. wasm-code), or there exist inter-section dependencies. To avoid introducing a bunch executables which would make compilation with make slow, I introduce a single executable 'v8_simple_wasm_section_fuzzer' which calls the fuzzers mentioned above. This executable is run by the trybots and ensures that the fuzzers actually compile. For debugging I introduce commandline parameters which allow to execute the specific fuzzers from 'v8_simple_wasm_section_fuzzer'. R=titzer@chromium.org, jochen@chromium.org, mstarzinger@chromium.org Review-Url: https://codereview.chromium.org/2336603002 Cr-Commit-Position: refs/heads/master@{#39413}
-
- 29 Aug, 2016 1 commit
-
-
ahaas authored
The new fuzzer constructs a dummy module header and uses the fuzzer data only as function code. R=titzer@chromium.org, jochen@chromium.org Review-Url: https://codereview.chromium.org/2280623002 Cr-Commit-Position: refs/heads/master@{#38983}
-
- 03 Jun, 2016 1 commit
-
-
machenbach authored
This adds the v8-side fuzzer executables for smoke testing. This also renames the old gyp targets to stay consistent with chromium. Naming convention for type X after the rename: library: X_fuzzer (gn), X_fuzzer_lib (gyp) executable v8: v8_simple_X_fuzzer executable chromium: v8_X_fuzzer BUG=chromium:474921 Review-Url: https://codereview.chromium.org/2032363002 Cr-Commit-Position: refs/heads/master@{#36713}
-
- 02 Mar, 2016 1 commit
-
-
bradnelson authored
Fixing a memory leak in CompileAndRunModule. BUG= https://code.google.com/p/v8/issues/detail?id=4203 TEST=wasm-fuzzer R=jochen@chromium.org,jarin@chromium.org,kcc@chromium.org,machenbach@chromium.org,titzer@chromium.org LOG=N Review URL: https://codereview.chromium.org/1738943004 Cr-Commit-Position: refs/heads/master@{#34415}
-
- 02 Feb, 2016 2 commits
-
-
jochen authored
BUG=chromium:577261 R=machenbach@chromium.org,yangguo@chromium.org LOG=n Review URL: https://codereview.chromium.org/1652963002 Cr-Commit-Position: refs/heads/master@{#33673}
-
yangguo authored
R=jochen@chromium.org, machenbach@chromium.org BUG=chromium:577261 LOG=N Review URL: https://codereview.chromium.org/1660463002 Cr-Commit-Position: refs/heads/master@{#33661}
-
- 01 Feb, 2016 1 commit
-
-
yangguo authored
R=jochen@chromium.org BUG=chromium:577261 LOG=N Review URL: https://codereview.chromium.org/1655853002 Cr-Commit-Position: refs/heads/master@{#33640}
-
- 26 Jan, 2016 1 commit
-
-
jochen authored
BUG=chromium:577261 R=machenbach@chromium.org,jarin@chromium.org LOG=n Review URL: https://codereview.chromium.org/1604203002 Cr-Commit-Position: refs/heads/master@{#33508}
-