Skip to content

V
V8
Switch branch/tag
  1. 29 Nov, 2017 1 commit
  3. 17 Nov, 2017 1 commit
  5. 16 Nov, 2017 2 commits
  7. 15 Nov, 2017 1 commit
  9. 14 Nov, 2017 1 commit
  11. 09 Nov, 2017 2 commits
  13. 08 Nov, 2017 3 commits
    • Eric Holk's avatar
      [wasm fuzzer] Require AST fuzzer modules to validate · ea08828b
      Eric Holk authored 
      The Wasm AST-based fuzzer is supposed to create valid modules by
construction. This change adds a CHECK to enforce this property.

Additionally, this change exposed several cases where we were not generating
valid modules before:
  * Block types did not match up correctly
  * Memory operations could have invalid alignments
  * Storing an i64 could generate an i32 argument incorrectly.
This CL includes fixes for these issues as well.

Bug: 
Change-Id: I1aef5532bc880367ec46dc6e79b2d4dbacf2f84b
Reviewed-on: https://chromium-review.googlesource.com/757129
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49241}
      ea08828b
    • Clemens Hammacher's avatar
      [wasm] [fuzzer] Omit input hash in error message · d1652012
      Clemens Hammacher authored 
      For each single bug, the fuzzer might find many very similar inputs
which trigger this bug. All of them are reported as individual bugs
currently, which means lots of noise in bug reports and increased
workload for the clusterfuzz sheriffs.
After this change, all bugs of the same category ("compiles !=
validates", "interpreter != liftoff", ...) will be grouped together.
This requires us to fix them soon after reporting, as they will hide
all other bugs of the same category.

R=ahaas@chromium.org
CC=mmoroz@chromium.org

Change-Id: Ie203eed0c7681e3450df977b10c0d9dbbc402d34
Reviewed-on: https://chromium-review.googlesource.com/758438Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49231}
      d1652012
    • Clemens Hammacher's avatar
      [wasm] [fuzzer] [cleanup] Reuse helper method · 54d68665
      Clemens Hammacher authored 
      We already have a helper method for generating a sequence of values.
Reuse this instead of reimplementing the same thing two more times.

R=ahaas@chromium.org
CC=eholk@chromium.org

Change-Id: Ifbbe1324173951156c1ec9bba84fd1aa4bcb2adb
Reviewed-on: https://chromium-review.googlesource.com/758365Reviewed-by: 's avatarAndreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49216}
      54d68665
  15. 07 Nov, 2017 1 commit
  17. 06 Nov, 2017 4 commits
  19. 27 Oct, 2017 1 commit
  21. 05 Oct, 2017 1 commit
  23. 28 Sep, 2017 1 commit
  25. 11 Sep, 2017 2 commits
  27. 07 Sep, 2017 1 commit
    • Andreas Haas's avatar
      [wasm] Avoid executing infinite loops in the wasm fuzzers · 7b53a0e0
      Andreas Haas authored 
      The wasm-async fuzzer uses the bytes provided by the fuzzer engine
directly as wasm module bytes, compiles them with async compilation, and
then tries to execute the "main" function of the module. This "main"
can have an infinite loop which causes a timeout in the fuzzer. With
this CL the "main" function is first executed with the interpreter. If
the execution in the interpreter finishes within 16k steps, which means
that there is no infinite loop, also the compiled code is executed.

I added the raw fuzzer input as a test case because in this case I
really want to test the fuzzer and not V8.

R=clemensh@chromium.org

Bug: chromium:761784
Change-Id: Id1fe5da0da8670ec821ab9979fdb9454dbde1162
Reviewed-on: https://chromium-review.googlesource.com/651046
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47874}
      7b53a0e0
  29. 04 Sep, 2017 1 commit
  31. 01 Sep, 2017 1 commit
  33. 29 Aug, 2017 2 commits
  35. 28 Aug, 2017 1 commit
  37. 25 Aug, 2017 1 commit
  39. 09 Aug, 2017 1 commit
  41. 03 Aug, 2017 1 commit
  43. 18 Jul, 2017 1 commit
  45. 11 Jul, 2017 1 commit
  47. 22 Jun, 2017 1 commit
    • Andreas Haas's avatar
      [wasm][fuzzer] Handle Interpreter step limit exhaustion. · d1f566c6
      Andreas Haas authored 
      If the fuzzer input cannot be executed in the interpreter within a step
limit, then the interpreter does not calculate the result but instead
finishes with a RangeError. The problem with the input of the bug report
was that the interpreter finished with that RangeError, but the
execution of the compiled code still returned a result, which was
naturally not a RangeError and therefore caused the result check to fail.
With this CL the compiled code is not even executed when there is a
RangeError after the execution in the interpreter. Thereby we also
avoid executing an infinite loop.

BUG=chromium:734435
R=clemensh@chromium.org

Change-Id: If9d0fb9e14e84f06d6f11d22f882363d56c1c20b
Reviewed-on: https://chromium-review.googlesource.com/544838
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: 's avatarClemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46140}
      d1f566c6
  49. 21 Jun, 2017 1 commit
  51. 13 Jun, 2017 1 commit
  53. 12 Jun, 2017 3 commits
  55. 09 Jun, 2017 1 commit
  57. 31 May, 2017 1 commit