- 08 Nov, 2017 1 commit
-
-
Eric Holk authored
The Wasm AST-based fuzzer is supposed to create valid modules by construction. This change adds a CHECK to enforce this property. Additionally, this change exposed several cases where we were not generating valid modules before: * Block types did not match up correctly * Memory operations could have invalid alignments * Storing an i64 could generate an i32 argument incorrectly. This CL includes fixes for these issues as well. Bug: Change-Id: I1aef5532bc880367ec46dc6e79b2d4dbacf2f84b Reviewed-on: https://chromium-review.googlesource.com/757129 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#49241}
-
- 06 Nov, 2017 1 commit
-
-
Clemens Hammacher authored
Each valid memory module generated by one of the wasm fuzzers will now also be executed in Liftoff, and the result of the execution will be compared against the interpreted result. R=ahaas@chromium.org Bug: v8:6600 Change-Id: I6a437faae4230ce4dfc7924dd1418da20ea92356 Reviewed-on: https://chromium-review.googlesource.com/753328Reviewed-by:
Andreas Haas <ahaas@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#49154}
-
- 07 Sep, 2017 1 commit
-
-
Andreas Haas authored
The wasm-async fuzzer uses the bytes provided by the fuzzer engine directly as wasm module bytes, compiles them with async compilation, and then tries to execute the "main" function of the module. This "main" can have an infinite loop which causes a timeout in the fuzzer. With this CL the "main" function is first executed with the interpreter. If the execution in the interpreter finishes within 16k steps, which means that there is no infinite loop, also the compiled code is executed. I added the raw fuzzer input as a test case because in this case I really want to test the fuzzer and not V8. R=clemensh@chromium.org Bug: chromium:761784 Change-Id: Id1fe5da0da8670ec821ab9979fdb9454dbde1162 Reviewed-on: https://chromium-review.googlesource.com/651046 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#47874}
-
- 18 Jul, 2017 1 commit
-
-
Clemens Hammacher authored
This allows to reuse the class e.g. in the baseline compiler. R=titzer@chromium.org Change-Id: I7251af16e8c74f267834a9cefb676edf3c9f3a07 Reviewed-on: https://chromium-review.googlesource.com/570020Reviewed-by:
Ben Titzer <titzer@chromium.org> Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#46735}
-
- 08 May, 2017 1 commit
-
-
Andreas Haas authored
With this CL we share code among the wasm fuzzers which construct a module and run it in the interpreter and as compiled code.The fuzzers themselves only contain the code now which creates the module and the parameters. BUG=v8:6325 R=eholk@chromium.org Change-Id: I1c2d8b013531c86cb27837f1b8ec89d2688c536b Reviewed-on: https://chromium-review.googlesource.com/490048 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by:
Brad Nelson <bradnelson@chromium.org> Cr-Commit-Position: refs/heads/master@{#45156}
-