base fuzzili update #52
Open
Dudcom wants to merge 326 commits into
Open
Conversation
Bug: 445356784 Change-Id: I5d827c480f633e4efe565ac139f91c4fb5e04e79 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926698 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: Ia1a6b4606ba85e5c6f0093cc8c43cc4726a7b907 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926699 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: If6049b20eb2a77ce27c04412f571af7626b4216b Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926700 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: Ia9ced154e6f1ce465c257e0e17c53782ec13f442 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926836 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: Idbe0b038ecd47b371639219edababaf7e33d1054 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8929536 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
One of them should be enough. :) Bug: 445356784 Change-Id: Ib0f215bcd41c2801d2b5d43c6255b17a5d979dd2 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8944236 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 442444727 Change-Id: I4639df028436c02f59a26e12e3930bee209ab506 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8949196 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bug: 442444727 Change-Id: I77dc4619f6eba65bf7417fbb36609eb42993121c Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8952396 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Main functionality was merged into codebase by now. Bug: 441467877 Change-Id: Ibcd2c7873188e52cf0db0dcdfacf8150ee694107 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8947917 Commit-Queue: Dominik Klemba <tacet@google.com> Reviewed-by: Dominik Klemba <tacet@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com>
Change-Id: I947059c23b71448a97b58a3f36f79f8fef0b8ff7 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8956180 Commit-Queue: Danylo Mocherniuk <mdanylo@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Danylo Mocherniuk <mdanylo@google.com>
This fixes #545 (by just doing the same for the other kinds of disposable variables that we already do for `loadDisposableVariable`) Change-Id: I11ddb6323124deb7f99dbf110fee214be62b33a9 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8956877 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com>
Bug: 450237486 Change-Id: I30de85f87ca170a998fc17a72e15c4579db37774 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8901996 Auto-Submit: Olivier Flückiger <olivf@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
This fixes #546 Change-Id: I8331dd909c05a51bfe73749e8677b18501e261bd Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8956179 Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
Add the `--maglev-assert-types` flag to the list of possible flags, with a 10% probability. This flag is enabled only when sandbox-fuzzing is disabled. Change-Id: Ic710d8b6c185af79979b50bb991672e6e1563dd3 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8963977 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Dominik Klemba <tacet@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Reviewed-by: Marja Hölttä <marja@chromium.org>
Had some logs about them, but removed them for review. Now it is time to add proper reporting. Bug:441467877 Change-Id: I03bf6a6ae447caa4bc3eae202709fb2976a017c0 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8969557 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com>
Before we were printing 0 always. Bug: 441467877 Change-Id: Icacd9310f8cd845695d2a83e5eb297ce2e60882b Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8977177 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com>
Bug: 441467877 Change-Id: Id3793d3065384bfb2e190c626ed014782d9ebb63 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8977176 Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com>
Adds builtins from the following stage 4 proposals: - https://github.com/tc39/proposal-array-from-async - https://github.com/tc39/proposal-float16array - https://github.com/tc39/proposal-math-sum - https://github.com/tc39/proposal-promise-try - https://github.com/tc39/proposal-regex-escaping
Change-Id: I00ec85b51048e0bc9dc90f96610c293c5d7f3089 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8977237 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com>
Interpreter dumping produces 1 frame at a single offset, for optimized compilers we might dump the same frame many times on a single offset, because there might be many deopt points on a single offset. Bug: 441467877 Change-Id: Iaff7dd987d9352d0b95c1c53ffd54ef0ae7e8f1d Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8986716 Commit-Queue: Dominik Klemba <tacet@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com> Reviewed-by: Dominik Klemba <tacet@google.com>
New generator is able to create two patterns (with 50/50 probability):
1) if(boolean_variable){throw random_variable;}
2) if(!boolean_variable){throw random_variable;}
Bug: 455512155, 455513417
Change-Id: Ief3ddeef21653cdda3fd1fdd154c0d248dc77631
Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8991196
Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Auto-Submit: Dominik Klemba <tacet@google.com>
NOTE: `undefined` is lifted to holes in that case (which is unintuitive). Adds HoleyArrayGenerator to create arrays with holes. Adds testHoleyArrayLifting to verify intended lifting of holey arrays. Generated hole types (can be in dictionary mode): - Holey Smi - Holey Double - Holey Elements Adds ArrayIntegrityLevelGenerator to freeze/seal/preventExtensions objects. There is a chance of transitioning the hole type with ArrayIntegrityLevelGenerator to: - HOLEY_SEALED_ELEMENTS - HOLEY_FROZEN_ELEMENTS - HOLEY_NONEXTENSIBLE_ELEMENTS Bug: 476158042, 455513417 Change-Id: Id396b72183f70ce98d0c97b4c202efffc1c31cbe Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8956876 Reviewed-by: Michael Achenbach <machenbach@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Dominik Klemba <tacet@google.com>
This change fixes a bug in DiffOracle where register and argument values were lost when transitioning between frame types with different register counts. In original-original code (in Dumpling GitHub), DiffOracle relied on prevFrame to reconstruct the state. We removed prevFrame, erroneously thinking that it is not needed. Now if a frame reports fewer registers than the preceding frame, the parser would shrink the register array to match. This causes data loss for the higher-index registers. When execution later has a higher count of register and was expecting them to still exist, they are erroneously reported as missing or reset, causing false positive mismatches. Thus we go back to have runningRegs/Args (same stuff as prevFrame in original-original code but still more refactored and simplified). Bug: 441467877 Change-Id: Ic85d7d8b9ef19d359ca9cc7e4af8bb6c36468c2b Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8995239 Commit-Queue: Danylo Mocherniuk <mdanylo@google.com> Reviewed-by: Dominik Klemba <tacet@google.com>
My eyes hurt. Bug: 441467877 Change-Id: Ib8522847f46e1c0dd72bef19904a4fcd7d744f93 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9012356 Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com>
wasmRefTest operation was added which can work with either concrete or abstract wasm types. Since concrete types need a type definition there are two code generators; one where we need such a type definition to already exist and a more generic one that tests against abstract types. Bug: 474940922 Change-Id: I148c1bc44c8649fcdb92d0afc52efa3af8d34b33 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8952838 Commit-Queue: Doga Yüksel <dyuksel@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
With 0.5 probability, adds guard try/catch blocks around calls in ForceTurboFanCompilationGenerator, ForceMaglevCompilationGenerator, LazyDeoptFuzzer, and FastApiCallFuzzer. Bug: 483578451 Change-Id: Iecaededb94c0dfbf6e49f20c6b69ddf38e500cb0 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9012916 Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Dominik Klemba <tacet@google.com>
Bug: 481610393 Change-Id: I815e16a598e7c0d3eafc39608fea1e41f96096d9 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9012919 Commit-Queue: Michael Achenbach <machenbach@google.com> Auto-Submit: Michael Achenbach <machenbach@google.com> Reviewed-by: Leszek Swirski <leszeks@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com> Reviewed-by: Danylo Mocherniuk <mdanylo@google.com> Commit-Queue: Leszek Swirski <leszeks@google.com>
Quoting Leszek: "--predictable basically disables any concurrency so that everything is scheduled on the main thread. --verify-predictable additionally adds a synthetic clock so that things like timestamps have a fixed value, for being able to verify predictability by hashing" Additionally --verify-predictable implies --predictable. Bug: 441467877 Change-Id: I7c47d00b8de8242f4b029e60fe79816713756a2f Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9012917 Reviewed-by: Dominik Klemba <tacet@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com>
There are a few more steps to actually report a thing as differential but I don't want to miss anything, so I will print it here too. Bug: 441467877 Change-Id: I009ed1792ae486e55cbd65bf63c0863077a6a375 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9012880 Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com>
This reverts commit 597241f. Reason for revert: it didn't help with all timestamps, adding code prefix to mock date looks more promising. Additionally this flag does a bunch of other stuff and requires a build flag to work properly, so let's ditch it. Original change's description: > [dumpling] Disable timestamp non-determinism. > > Quoting Leszek: "--predictable basically disables any concurrency so > that everything is scheduled on the main thread. --verify-predictable > additionally adds a synthetic clock so that things like timestamps have > a fixed value, for being able to verify predictability by hashing" > > Additionally --verify-predictable implies --predictable. > > Bug: 441467877 > Change-Id: I7c47d00b8de8242f4b029e60fe79816713756a2f > Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9012917 > Reviewed-by: Dominik Klemba <tacet@google.com> > Commit-Queue: Danylo Mocherniuk <mdanylo@google.com> Bug: 441467877 No-Presubmit: true No-Tree-Checks: true No-Try: true Change-Id: I8ed49d648aa34a7c75f1ebb220d52a16ee396259 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9014817 Commit-Queue: Danylo Mocherniuk <mdanylo@google.com> Reviewed-by: Danylo Mocherniuk <mdanylo@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bug: 445356784 Change-Id: I3a07fe4d292dd5b988c655936e0abd889338cbe8 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9310720 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Leon Bettscheider <bettscheider@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
This CL adds the `selectionMode` property to the `OptionsBag` struct to configure how `OptionsBag` selects the properties for the object literal it generates. The default behavior is preserved with the `anySubset` case. The new `exactlyOne` case configures `OptionsBag` to select exactly one property for the object literal. This CL also makes `OptionsBag` easily usable in profiles by adding an `additionalOptionsBag` property to the `Profile` struct and by removing the strict assert on the supported `OptionsBag` properties array. Bug: 512875834 Change-Id: I6b6348f515cc736ee281af9c9e384ac93eaf762c Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9311541 Commit-Queue: Tigran Bantikyan <bantikyan@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Bug: 514576448 Change-Id: I7d2b1580b49211e1ec184f78798588eb7b4ea6ca Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9313600 Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Raphaël Hérouart <rherouart@google.com> Reviewed-by: Marja Hölttä <marja@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Bug: 514906333 Change-Id: Ib94a058c73bab07f1b9292e102439af847593006 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9310083 Reviewed-by: Leon Bettscheider <bettscheider@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
…tions TAG=agy CONV=0a8bad59-c896-4fbd-925a-620838620623 Change-Id: I82d1eafe22df70aa455b98d0de8795820398a08c Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9320640 Reviewed-by: Raphaël Hérouart <rherouart@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Marja Hölttä <marja@google.com>
BUG=515494290 TAG=agy CONV=3987abe0-de45-4002-95ae-4f62b5e0cf10 Change-Id: I0324d4ef618f2bae310eb392ddff5aa3b71b9c0d Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9320641 Commit-Queue: Marja Hölttä <marja@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com>
Bug: 515363087 Change-Id: I06060612d8eee9bf783a849352435c5b4bf9c893 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9317280 Auto-Submit: Raphaël Hérouart <rherouart@google.com> Reviewed-by: Marja Hölttä <marja@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Raphaël Hérouart <rherouart@google.com>
1) Hide variables outside the worker function so that the function doesn't use them. 2) Make the main thread wait for the worker to finish. Fixed: 497549860 Change-Id: If3b22fae7e61cca33b1c55fbfab3fcf9f5f6abaf Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9282445 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Marja Hölttä <marja@google.com>
Previously, randomWasmTypeDef() would only return type definitions of non-ad-hoc signatures. With this fix, it should also return array and struct type definitions. Bug: 445356784 Change-Id: I6b131c42e61c17771fa211c213d64456b964bdb5 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9320520 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Leon Bettscheider <bettscheider@google.com>
This CL adds support for the br_on_cast instruction. Bug: 474940922 Change-Id: Iadb552b42b1c721d0b5c462afda75aff91bb4791 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9300280 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Leon Bettscheider <bettscheider@google.com>
Support for "import * as ns" import syntax, including the deferred import variant. Other imports (named, default, etc.) are future work. https://github.com/tc39/proposal-defer-import-eval Bug: 398218423 Change-Id: If0e691054f0668cd4eed2bbdc9532b0c520fec4a Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9313400 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Olivier Flückiger <olivf@google.com>
This CL adds support for the br_on_cast_fail instruction. Bug: 474940922 Change-Id: Icacbd109fff843179f69806769437322f14326c8 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9299601 Commit-Queue: Leon Bettscheider <bettscheider@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Bug: 515363087 Change-Id: I41e4b487ee08dbf7da22959c6c1d08e4099a6ad4 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9317282 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Raphaël Hérouart <rherouart@google.com> Auto-Submit: Raphaël Hérouart <rherouart@google.com>
This was staged for V8 in https://crrev.com/c/7845195. Bug: 465715798 Change-Id: I1b01eea17c3c1049d66251de6a025747aef43bb7 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9333500 Reviewed-by: Olivier Flückiger <olivf@google.com> Commit-Queue: Olivier Flückiger <olivf@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
Node.js v26 branched, the new nightly version is v27. we need to stay up-to-date to be able to test new V8 features. Change-Id: I4eea87f24cfff0e2cb48cb21904d6c0c5bb97421 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9317781 Commit-Queue: Marja Hölttä <marja@google.com> Reviewed-by: Marja Hölttä <marja@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
This CL adapts WasmReturnCallDirectGenerator and WasmReturnCallIndirectGenerator to use `subsumes()` instead of equality to find functions with compatible output types. Bug: 445356784 Change-Id: I7c3113c54b7752809320e9d58fbbb11eaca10d4f Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9318221 Commit-Queue: Leon Bettscheider <bettscheider@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
This CL adds support for the ref.func instruction. Bug: 474940922 Change-Id: I885b966598a9d72c161d2ef7bee910032576a53d Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9296864 Commit-Queue: Leon Bettscheider <bettscheider@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
The table type can be easily inferred by the input table, so the table.get doesn't need a type immediate. For fuzzilli however, the input table can also come from JS (created by CreateWasmTable). Later on, the fuzzer can replace that table input with an arbitrary other input. This means that we need to encode the element type in the table.get operation, so that the JSTyper always knows the correct result type. I removed this in commit 7e5724c (among other things that are indeed unnecessary). Bug: 430171132 Change-Id: Icffc95fadb79979d7125a33d797868c5a6ad50e5 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9337021 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Leon Bettscheider <bettscheider@google.com>
This allows fuzzilli to use the same handler object in different proxy objects. Helps testing upcoming proxy ICs. Bug: 516717223 Change-Id: Ia5c47196a9233e3696b81d0b31c63a728c57fa50 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9336380 Commit-Queue: Olivier Flückiger <olivf@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Olivier Flückiger <olivf@google.com>
- Add support for i31ref in JavaScriptLifter for CreateWasmTable. - Update WasmDefineTableGenerator to randomly use funcref, externref, and i31ref. - Add missing WasmTableGenerator to generate JS-side WebAssembly.Table objects. Bug: 430171132 Change-Id: I4a435276d6e7a2d602738ae0b1b3f4c45788e0a7 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9333760 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Leon Bettscheider <bettscheider@google.com>
Bug: 430171132 Change-Id: I4697952c9cef237c2cb9339343d6fec127d2c347 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9333860 Reviewed-by: Leon Bettscheider <bettscheider@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
The test is executed only when generating bundles, since it requires passing --bundles to d8 to run. TAG=agy CONV=5588ce4d-a98f-415f-b04b-5c6a9c3508b7 Change-Id: I7eb330ea3ce547f96fc55892c961a49515721546 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9336701 Commit-Queue: Marja Hölttä <marja@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Change-Id: Id0b6a94c906b48cbe6a194e77e47016868dd0e8a Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9340380 Reviewed-by: Marja Hölttä <marja@google.com> Commit-Queue: Marja Hölttä <marja@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
These should now be in sync with what v8 supports. (V8 does not allow null types like noexternref and also disallows exnref.) The spec as written is much more restrictive. Until WebAssembly/spec#1980 gets resolved, we'll simply test what V8 supports and ignore these discrepancy issues for fuzzing. Bug: 430171132 Change-Id: Id1462e3b978305539e5adeda7beb86fa6719feba Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9336702 Reviewed-by: Leon Bettscheider <bettscheider@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 515363087 Change-Id: I8b5f3189ad34b3a6e117e3cf066e6afe62c20aba Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9336920 Commit-Queue: Raphaël Hérouart <rherouart@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
This CL registers Iterator.prototype.includes for fuzzing, which was added to V8 with https://crrev.com/c/7867647. Bug: 504886973 Change-Id: I27af5809e4ab47eff7cb4db545f06940762db3c3 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9334922 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Nikos Papaspyrou <nikolaos@google.com>
Bug: 474940922 Change-Id: I20f142ba41d3efa88872ae0dfa308170a8c0ff11 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8956716 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Leon Bettscheider <bettscheider@google.com>
Change-Id: I6a7de94f7a30f30ab30ed17f1760fddaaa7b9758 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9347700 Reviewed-by: Leon Bettscheider <bettscheider@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Leon Bettscheider <bettscheider@google.com>
This CL adds support for the call_ref instruction. Bug: 474940922 Change-Id: If708e70dc9fcdd2f53f218f85e93c3d807a5ab9a Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9330021 Commit-Queue: Leon Bettscheider <bettscheider@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
This reverts unreviewed changes that were accidentally added to commit 8fbbfdc. Original change's description: > [wasm] Implement ref.as_non_null > > Bug: 474940922 > Change-Id: I20f142ba41d3efa88872ae0dfa308170a8c0ff11 > Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8956716 > Commit-Queue: Matthias Liedtke <mliedtke@google.com> > Auto-Submit: Matthias Liedtke <mliedtke@google.com> > Reviewed-by: Leon Bettscheider <bettscheider@google.com> Bug: 474940922 Change-Id: I5a8d7cc465384c304908502d0447cc3b6c9be6ef Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9347522 Reviewed-by: Leon Bettscheider <bettscheider@google.com> Commit-Queue: Leon Bettscheider <bettscheider@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
updating with head