- 11 Jan, 2019 1 commit
-
-
Andreas Haas authored
The fuzzers were already removed on the chrome side and therefore inactive, see https://crrev.com/c/1194228. R=machenbach@chromium.org Bug: v8:8562 Change-Id: I0cf5ec6d07e07452c5168ea952f45028bcea1c85 Reviewed-on: https://chromium-review.googlesource.com/c/1406678 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#58750}
-
- 20 Nov, 2018 1 commit
-
-
Clemens Hammacher authored
R=ahaas@chromium.org Bug: v8:8238 Change-Id: I7a7de894aa7bf074cbe732f40e16b10060fa37dd Reviewed-on: https://chromium-review.googlesource.com/c/1344149 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#57660}
-
- 25 Oct, 2018 1 commit
-
-
Clemens Hammacher authored
The "max_len" argument for fuzzer targets is deprecated. We need to enforce the limit internally. R=ahaas@chromium.org Bug: chromium:894939 Change-Id: I2206bc63d5e39f1aa189e11042a6a0bbcca31b0d Reviewed-on: https://chromium-review.googlesource.com/c/1299020Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#56998}
-
- 14 Sep, 2018 1 commit
-
-
Florian Sattler authored
Fixing clang-tidy warning. Bug: v8:8015 Change-Id: I4236a2cf85a414f9d7d1fbdaaaaf1c72a84f02e3 Reviewed-on: https://chromium-review.googlesource.com/1224093Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Florian Sattler <sattlerf@google.com> Cr-Commit-Position: refs/heads/master@{#55912}
-
- 12 Jul, 2018 1 commit
-
-
Clemens Hammacher authored
Instead of passing {uint8_t*, size_t} pairs as arguments, pass {Vector<uint8_t>}. This is less error prone and {Vector} provides some helpful methods. R=ahaas@chromium.org Bug: v8:7754 Change-Id: I7469054774618e0bd5c9d38501759b1b2c51d104 Reviewed-on: https://chromium-review.googlesource.com/1134773Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#54406}
-
- 21 Jun, 2018 1 commit
-
-
Clemens Hammacher authored
Other fuzzers already have this ability. This CL adds it to the fuzzer. The input has to be valid bytes, otherwise we cannot generate the text representation. R=titzer@chromium.org CC=gdeepti@chromium.org Change-Id: If1ba8accc707bee3b042e93f4201949f0233c90e Reviewed-on: https://chromium-review.googlesource.com/1109794 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Ben Titzer <titzer@chromium.org> Cr-Commit-Position: refs/heads/master@{#53926}
-
- 08 Nov, 2017 1 commit
-
-
Eric Holk authored
The Wasm AST-based fuzzer is supposed to create valid modules by construction. This change adds a CHECK to enforce this property. Additionally, this change exposed several cases where we were not generating valid modules before: * Block types did not match up correctly * Memory operations could have invalid alignments * Storing an i64 could generate an i32 argument incorrectly. This CL includes fixes for these issues as well. Bug: Change-Id: I1aef5532bc880367ec46dc6e79b2d4dbacf2f84b Reviewed-on: https://chromium-review.googlesource.com/757129 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#49241}
-
- 06 Nov, 2017 1 commit
-
-
Clemens Hammacher authored
Each valid memory module generated by one of the wasm fuzzers will now also be executed in Liftoff, and the result of the execution will be compared against the interpreted result. R=ahaas@chromium.org Bug: v8:6600 Change-Id: I6a437faae4230ce4dfc7924dd1418da20ea92356 Reviewed-on: https://chromium-review.googlesource.com/753328Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49154}
-
- 07 Sep, 2017 1 commit
-
-
Andreas Haas authored
The wasm-async fuzzer uses the bytes provided by the fuzzer engine directly as wasm module bytes, compiles them with async compilation, and then tries to execute the "main" function of the module. This "main" can have an infinite loop which causes a timeout in the fuzzer. With this CL the "main" function is first executed with the interpreter. If the execution in the interpreter finishes within 16k steps, which means that there is no infinite loop, also the compiled code is executed. I added the raw fuzzer input as a test case because in this case I really want to test the fuzzer and not V8. R=clemensh@chromium.org Bug: chromium:761784 Change-Id: Id1fe5da0da8670ec821ab9979fdb9454dbde1162 Reviewed-on: https://chromium-review.googlesource.com/651046 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47874}
-
- 18 Jul, 2017 1 commit
-
-
Clemens Hammacher authored
This allows to reuse the class e.g. in the baseline compiler. R=titzer@chromium.org Change-Id: I7251af16e8c74f267834a9cefb676edf3c9f3a07 Reviewed-on: https://chromium-review.googlesource.com/570020Reviewed-by: Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#46735}
-
- 08 May, 2017 1 commit
-
-
Andreas Haas authored
With this CL we share code among the wasm fuzzers which construct a module and run it in the interpreter and as compiled code.The fuzzers themselves only contain the code now which creates the module and the parameters. BUG=v8:6325 R=eholk@chromium.org Change-Id: I1c2d8b013531c86cb27837f1b8ec89d2688c536b Reviewed-on: https://chromium-review.googlesource.com/490048 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#45156}
-