diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 759061da88f..1dfe6884274 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -82,24 +82,26 @@ TranslateToFuzzReader::TranslateToFuzzReader(Module& wasm, // the process creation overhead of all the things we run from python), and // the defaults are tuned to that. This corresponds to INPUT_SIZE_MEAN in // scripts/fuzz_opt.py - const double MEAN_SIZE = 40 * 1024; + const uint64_t MEAN_SIZE = 40 * 1024; // As we have not read anything from the input, the remaining size is its // size. - double size = random.remaining(); - auto ratio = size / MEAN_SIZE; + uint64_t size = random.remaining(); auto bits = random.get(); if (bits & 1) { - fuzzParams->MAX_NEW_GC_TYPES *= ratio; + fuzzParams->MAX_NEW_GC_TYPES = + (uint64_t(fuzzParams->MAX_NEW_GC_TYPES) * size) / MEAN_SIZE; } if (bits & 2) { - fuzzParams->MAX_GLOBALS *= ratio; + fuzzParams->MAX_GLOBALS = + (uint64_t(fuzzParams->MAX_GLOBALS) * size) / MEAN_SIZE; } if (bits & 4) { // Only adjust the limit if there is one. if (fuzzParams->HANG_LIMIT) { - fuzzParams->HANG_LIMIT *= ratio; + fuzzParams->HANG_LIMIT = + (uint64_t(fuzzParams->HANG_LIMIT) * size) / MEAN_SIZE; // There is a limit, so keep it non-zero to actually prevent hangs. fuzzParams->HANG_LIMIT = std::max(fuzzParams->HANG_LIMIT, 1); } @@ -107,12 +109,13 @@ TranslateToFuzzReader::TranslateToFuzzReader(Module& wasm, if (bits & 8) { // Only increase the number of tries. Trying fewer times does not help // find more interesting patterns. - if (ratio > 1) { - fuzzParams->TRIES *= ratio; + if (size > MEAN_SIZE) { + fuzzParams->TRIES = (uint64_t(fuzzParams->TRIES) * size) / MEAN_SIZE; } } if (bits & 16) { - fuzzParams->MAX_ARRAY_SIZE *= ratio; + fuzzParams->MAX_ARRAY_SIZE = + (uint64_t(fuzzParams->MAX_ARRAY_SIZE) * size) / MEAN_SIZE; } } @@ -1972,10 +1975,9 @@ void TranslateToFuzzReader::mutate(Function* func) { // \integral_0^1 t^9 dx = 0.1 * t^10 |_0^1 = 0.1 // As a result, we get a value in the range of 0-100%. (Note that 100% is ok // since we can't replace everything anyhow, see below.) - double t = r; - t = t / 100; - t = pow(t, 9); - Index percentChance = t * 100; + uint64_t r3 = uint64_t(r) * r * r; + uint64_t r9 = r3 * r3 * r3; + Index percentChance = r9 / 10000000000000000ULL; // Adjust almost-zero frequencies to at least a few %, just so we have some // reasonable chance of making some changes. percentChance = std::max(percentChance, Index(3)); @@ -2419,7 +2421,7 @@ void TranslateToFuzzReader::mutateJSBoundary() { std::vector callImports; }; - using NameInfoMap = std::unordered_map; + using NameInfoMap = std::map; struct FunctionInfoScanner : public WalkerPass> { @@ -2535,9 +2537,9 @@ void TranslateToFuzzReader::mutateJSBoundary() { // First, refine params sent to imports. Gather the LUB sent to each import, // and then refine. - std::unordered_map paramLUBs; - for (auto& [_, info] : map) { - for (auto* call : info.callImports) { + std::map paramLUBs; + for (const auto& [_, info] : map) { + for (const auto* call : info.callImports) { auto declaredParams = wasm.getFunction(call->target)->getParams(); std::vector sent; for (Index i = 0; i < call->operands.size(); i++) { diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt index 961f8e1e8bc..27f462305ab 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt @@ -1,55 +1,77 @@ Metrics total - [exports] : 10 - [funcs] : 5 - [globals] : 2 + [exports] : 63 + [funcs] : 93 + [globals] : 1 [imports] : 13 [memories] : 1 [memory-data] : 16 - [table-data] : 2 + [table-data] : 44 [tables] : 2 - [tags] : 3 - [total] : 704 - [vars] : 26 - ArrayNewFixed : 6 - AtomicFence : 3 - Binary : 30 - Block : 130 - BrOn : 6 - Break : 23 - Call : 30 - CallRef : 2 - Const : 103 - Drop : 10 - GlobalGet : 44 - GlobalSet : 42 - I31Get : 3 - If : 39 - Load : 6 - LocalGet : 25 - LocalSet : 27 - Loop : 16 - MemoryInit : 1 - Nop : 7 - Pop : 6 - RefEq : 1 - RefFunc : 11 - RefI31 : 10 - RefNull : 10 - RefTest : 7 - Return : 3 - Select : 1 - Store : 2 - StringConst : 7 - StringEq : 1 - StringMeasure : 2 - StringWTF16Get : 2 - StructNew : 8 - TableSet : 2 - Throw : 2 - Try : 6 - TryTable : 6 - TupleExtract : 3 - TupleMake : 5 - Unary : 35 - Unreachable : 21 + [tags] : 2 + [total] : 5682 + [vars] : 449 + ArrayCmpxchg : 1 + ArrayFill : 4 + ArrayGet : 2 + ArrayLen : 13 + ArrayNew : 62 + ArrayNewFixed : 21 + ArraySet : 9 + AtomicCmpxchg : 3 + AtomicFence : 8 + AtomicNotify : 3 + AtomicRMW : 7 + Binary : 357 + Block : 873 + BrOn : 26 + Break : 97 + Call : 192 + CallIndirect : 27 + CallRef : 12 + Const : 950 + Drop : 83 + GlobalGet : 342 + GlobalSet : 340 + I31Get : 9 + If : 266 + Load : 43 + LocalGet : 213 + LocalSet : 190 + Loop : 77 + MemoryCopy : 2 + MemoryInit : 3 + Nop : 67 + Pop : 16 + RefAs : 78 + RefCast : 12 + RefEq : 23 + RefFunc : 142 + RefI31 : 27 + RefIsNull : 13 + RefNull : 145 + RefTest : 4 + Return : 48 + SIMDExtract : 14 + Select : 29 + Store : 13 + StringConst : 49 + StringEncode : 4 + StringEq : 8 + StringMeasure : 9 + StringWTF16Get : 5 + StructCmpxchg : 5 + StructGet : 15 + StructNew : 128 + StructRMW : 4 + StructSet : 5 + Switch : 4 + TableSet : 3 + Throw : 11 + ThrowRef : 4 + Try : 19 + TryTable : 45 + TupleExtract : 26 + TupleMake : 24 + Unary : 276 + Unreachable : 172 diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast index 3eae51db6aa..cf08954b5db 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast @@ -95,6 +95,924 @@ one [chants|chance] out between two worlds fire, walk with me +(&!*^@$*&@!^*&@#^$*&@#$*&@#$^*&@^#$)(&)(!&$(*&^@&#*$ + +) # this isn't really needed either + +bleh +(module # fake module here, for test harness, but it is really not needed +.. +any +3INPUT +h e r e +*will* +d0 +0.753538467597066 +2.2339337309978227 +3.14159 +................. +lorem ipsum whatever + +through the darkness of future past +the magician longs to see +one [chants|chance] out between two worlds +fire, walk with me + + +h e r e +*will* +d0 +0.753538467597066 +2.2339337309978227 +................. +lorem ipsum whatever + +through the darkness of future past +the magician longs to see +one [chants|chance] out between two worlds +fire, walk with me + + +(&!*^@$*&@!^*&@#^$*&@#$*&@#$^*&@^#$)(&)(!&$(*&^@&#*$ + +MOAR testing09237861235980723894570389yfskdjhgfm13jo847rtnjcsjjdhfgnc12o387456vb1p98364vlaisutfvlKUYASDOV*&Q@$%VOUAYFROVLUKSYDFP(*A^*&%DFASF________ +<>?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS