// Copyright 2024 the V8 project authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "src/wasm/fuzzing/random-module-generation.h" #include <algorithm> #include <array> #include <optional> #include "src/base/small-vector.h" #include "src/base/utils/random-number-generator.h" #include "src/wasm/function-body-decoder.h" #include "src/wasm/wasm-module-builder.h" #include "src/wasm/wasm-module.h" #include "src/wasm/wasm-opcodes-inl.h" // This whole compilation unit should only be included in non-official builds to // reduce binary size (it's a testing-only implementation which lives in src/ so // that the GenerateRandomWasmModule runtime function can use it). #ifdef OFFICIAL_BUILD #error Exclude this compilation unit in official builds. #endif namespace v8::internal::wasm::fuzzing { namespace { constexpr int kMaxArrays = …; constexpr int kMaxStructs = …; constexpr int kMaxStructFields = …; constexpr int kMaxFunctions = …; constexpr int kMaxGlobals = …; constexpr uint32_t kMaxLocals = …; constexpr int kMaxParameters = …; constexpr int kMaxReturns = …; constexpr int kMaxExceptions = …; constexpr int kMaxTableSize = …; constexpr int kMaxTables = …; constexpr int kMaxMemories = …; constexpr int kMaxMemorySize = …; constexpr int kMaxArraySize = …; constexpr int kMaxPassiveDataSegments = …; constexpr uint32_t kMaxRecursionDepth = …; constexpr int kMaxCatchCases = …; struct StringImports { … }; // Creates an array out of the arguments without hardcoding the exact number of // arguments. template <typename... T> constexpr auto CreateArray(T... elements) { … } // Concatenate arrays into one array in compile-time. template <typename T, size_t... N> constexpr auto ConcatArrays(std::array<T, N>... array) { … } template <bool predicate, typename T, size_t kSize1, size_t kSize2> constexpr auto AppendArrayIf(std::array<T, kSize1> array1, std::array<T, kSize2> array2) { … } class DataRange { … }; // Explicit specialization must be defined outside of class body. template <> bool DataRange::get() { … } enum IncludeNumericTypes { … }; enum IncludePackedTypes { … }; enum IncludeAllGenerics { … }; enum IncludeS128 { … }; // Chooses one `ValueType` randomly based on `options` and the enums specified // above. template <WasmModuleGenerationOptions options> ValueType GetValueTypeHelper(DataRange* data, uint32_t num_nullable_types, uint32_t num_non_nullable_types, IncludeNumericTypes include_numeric_types, IncludePackedTypes include_packed_types, IncludeAllGenerics include_all_generics, IncludeS128 include_s128 = kIncludeS128) { … } template <WasmModuleGenerationOptions options> ValueType GetValueType(DataRange* data, uint32_t num_types) { … } void GeneratePassiveDataSegment(DataRange* range, WasmModuleBuilder* builder) { … } uint32_t GenerateRefTypeElementSegment(DataRange* range, WasmModuleBuilder* builder, ValueType element_type) { … } template <WasmModuleGenerationOptions options> std::vector<ValueType> GenerateTypes(DataRange* data, uint32_t num_ref_types) { … } FunctionSig* CreateSignature(Zone* zone, base::Vector<const ValueType> param_types, base::Vector<const ValueType> return_types) { … } template <WasmModuleGenerationOptions options> class BodyGen { … }; WasmInitExpr GenerateInitExpr(Zone* zone, DataRange& range, WasmModuleBuilder* builder, ValueType type, const std::vector<uint32_t>& structs, const std::vector<uint32_t>& arrays, uint32_t recursion_depth); template <WasmModuleGenerationOptions options> class ModuleGen { … }; WasmInitExpr GenerateStructNewInitExpr(Zone* zone, DataRange& range, WasmModuleBuilder* builder, uint32_t index, const std::vector<uint32_t>& structs, const std::vector<uint32_t>& arrays, uint32_t recursion_depth) { … } WasmInitExpr GenerateArrayInitExpr(Zone* zone, DataRange& range, WasmModuleBuilder* builder, uint32_t index, const std::vector<uint32_t>& structs, const std::vector<uint32_t>& arrays, uint32_t recursion_depth) { … } WasmInitExpr GenerateInitExpr(Zone* zone, DataRange& range, WasmModuleBuilder* builder, ValueType type, const std::vector<uint32_t>& structs, const std::vector<uint32_t>& arrays, uint32_t recursion_depth) { … } } // namespace template <WasmModuleGenerationOptions options> base::Vector<uint8_t> GenerateRandomWasmModule( Zone* zone, base::Vector<const uint8_t> data) { … } // Used by the initializer expression fuzzer. base::Vector<uint8_t> GenerateWasmModuleForInitExpressions( Zone* zone, base::Vector<const uint8_t> data, size_t* count) { … } namespace { bool HasSameReturns(const FunctionSig* a, const FunctionSig* b) { … } template <WasmModuleGenerationOptions options> void EmitDeoptAndReturnValues(BodyGen<options> gen_body, WasmFunctionBuilder* f, const FunctionSig* target_sig, uint32_t target_sig_index, uint32_t global_index, uint32_t table_index, DataRange* data) { … } template <WasmModuleGenerationOptions options> void EmitCallAndReturnValues(BodyGen<options> gen_body, WasmFunctionBuilder* f, WasmFunctionBuilder* callee, uint32_t table_index, DataRange* data) { … } } // anonymous namespace base::Vector<uint8_t> GenerateWasmModuleForDeopt( Zone* zone, base::Vector<const uint8_t> data, std::vector<std::string>& callees, std::vector<std::string>& inlinees) { … } // Explicit template instantiation for kMVP. template EXPORT_TEMPLATE_DEFINE(…) base::Vector<uint8_t> GenerateRandomWasmModule< WasmModuleGenerationOptions::kMVP>(Zone*, base::Vector<const uint8_t> data); // Explicit template instantiation for kGenerateSIMD. template EXPORT_TEMPLATE_DEFINE(…) base::Vector<uint8_t> GenerateRandomWasmModule< WasmModuleGenerationOptions::kGenerateSIMD>( Zone*, base::Vector<const uint8_t> data); // Explicit template instantiation for kGenerateWasmGC. template EXPORT_TEMPLATE_DEFINE(…) base::Vector<uint8_t> GenerateRandomWasmModule< WasmModuleGenerationOptions::kGenerateWasmGC>( Zone*, base::Vector<const uint8_t> data); // Explicit template instantiation for kGenerateAll. template EXPORT_TEMPLATE_DEFINE(…) base::Vector<uint8_t> GenerateRandomWasmModule< WasmModuleGenerationOptions::kGenerateAll>( Zone*, base::Vector<const uint8_t> data); } // namespace v8::internal::wasm::fuzzing
Codebase Browser
chromium