-
Andreas Haas authored
The WebAssembly spec is not fully deterministic: the sign bit of NaN can be arbitrary. This sign bit can be observed by several WebAssembly opcodes. In the testcase the sign bit of NaN makes the difference between terminating code and an infinite loop. In the libfuzzer fuzzer we have to prevent infinite loops ourselves. At the moment we do this by only execute generated code of WebAssembly modules for which the interpretation of the code ends in a limited number of steps. With the non-determinism described above we cannot guarantee the absence of infinite loops with this method. Therefore we stop now to execute generated code of WebAssembly modules for which we observe possible non-determinism in the interpreter. R=clemensh@chromium.org Bug: chromium:863829 Change-Id: I461d67df87d672bed25d6c915ba7ea5134cb5890 Reviewed-on: https://chromium-review.googlesource.com/1141945Reviewed-by:
Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#54541}
8f07a87d
