base fuzzili update #52
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
V8 side change: https://crrev.com/c/7137442 Bug: 457866804 Change-Id: Id01597d3194e4c88d38623f646c1671330e63b43 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8753396 Reviewed-by: Michael Achenbach <machenbach@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com>
This replaces the separate logic for lastFunctionVariable with the generic runtimeData approach. This doesn't change behavior. Change-Id: I9cc988879638b423dabc99d4598028caacb6a3de Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8714836 Commit-Queue: Michael Achenbach <machenbach@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Similarly to objects as disposable variables, this enables generating instances of classes as disposable variables, used with both: `using` and `await using`. The generators have the new style and provide a class with a computed method with Symbol.dispose or Symbol.asyncDispose. As a fly-by, this also makes use of `b.runtimeData` to store the symbol of the existing generator for disposable objects. Bug: 446632644 Change-Id: I433ce357e4649230b803361e6fba15ca2cb954e2 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8715016 Reviewed-by: Danylo Mocherniuk <mdanylo@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
V8-side change: https://crrev.com/c/7137292 Bug: 455552707 Change-Id: Ifd5f44b69ef62f18ecfa03525e988bd2f43253cc Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8756377 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Victor Gomes <victorgomes@google.com>
Many (all?) JS engines have optimizations for string concatenations. To make it more likely having such concatenated strings (ConsString in V8), add a code generator for string concatenation. Fixed: 455552707 Change-Id: I0a9bf66a5f721d38f34327f7acd8c5344086cf10 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8756756 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Dominik Klemba <tacet@google.com> Reviewed-by: Victor Gomes <victorgomes@google.com>
So far this will only fuzz the definition of these signatures as there aren't any operations registered which would make use of these definitions, yet. Bug: 445356784 Change-Id: I1c6b99e863bf359e4c505605d2d7f64533553f19 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8753596 Reviewed-by: Pawel Krawczyk <pawkra@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Change-Id: Ib70851f9cd9d11f39501815280d6ea641c6df40e Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8764020 Reviewed-by: Carl Smith <cffsmith@google.com> Commit-Queue: Carl Smith <cffsmith@google.com> Auto-Submit: Pawel Krawczyk <pawkra@google.com>
Bug: 458429784 Change-Id: If21b4e7bd0670939f0413c11e8d6c8ef1b5e5823 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8783156 Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com> Auto-Submit: Darius Mercadier <dmercadier@google.com>
type for input requirements and output guarantees. Bug: 445356784 Change-Id: Ib1319c8e42e33688c7c0921b166e46e50b031748 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8760696 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Carl Smith <cffsmith@google.com>
Bug: 429332174 Change-Id: Ic644ce211f96e1bd2c3044bc14fa12ee4410fa24 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8783696 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Dominik Klemba <tacet@google.com>
V8-side-change: https://crrev.com/c/7178541 Right now this probably doesn't change much as the ProgramTemplate from commit 9e2e2a3 uses multiple assignments and other instructions will never emit the correct bytecode due to how expression inlining is implemented for assignments right now. Still, it doesn't hurt to add this flag to Fuzzilli as well. Bug: 429332174 Change-Id: I7a4318ba434d701c530fef72a31bce1497f51529 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8792496 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Raphaël Hérouart <rherouart@google.com> Reviewed-by: Raphaël Hérouart <rherouart@google.com>
Change-Id: Ib196ad69f5a3a09620b82da5e60694777a024aef Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8783856 Reviewed-by: Dominik Klemba <tacet@google.com> Commit-Queue: Pawel Krawczyk <pawkra@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Pawel Krawczyk <pawkra@google.com>
This way the new code generation logic can resolve dependencies when it requires a Wasm struct, array, or signature type. In theory, these could all be registered as separate code generators, however it seems simpler having one that just generates all 3 types. We need the separate generator and can't rely on the "inner" generators like the "ArrayTypeGenerator" as these can only run inside the `.wasmTypeGroup` context. Bug: 445356784 Change-Id: I5c2b9e37aeb9b3ab50f05a37e49147efff4acaa7 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8767377 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Pawel Krawczyk <pawkra@google.com>
Change-Id: I9f502e7d70fcccbb335f424391bebfdb6561f3e0 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8764022 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Pawel Krawczyk <pawkra@google.com>
V8-side-change: https://crrev.com/c/7198340 Change-Id: I423361da98643dcde469b8a13c6b7df44114d8c6 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8793536 Reviewed-by: Dominik Klemba <tacet@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Dominik Klemba <tacet@google.com>
…function To allow defining a block with a wasm-gc signature while already being in the .wasmFunction context, this change adds a new operation WasmDefineAdHocSignature. This way statements requiring a signature type input can directly embed this signature definition inside the function. Bug: 445356784 Change-Id: I56754224551ea82883c71410f4aca957b7bf24d4 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8787096 Reviewed-by: Pawel Krawczyk <pawkra@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
To ensure that this function is correctly detected as a crash in both regular fuzzing and sandbox fuzzing configurations Change-Id: I22eae385d08d343926624d5e6f33b7e6dbf72993 Bug: 461681036 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8796176 Commit-Queue: Samuel Groß <saelo@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
This change increases the probability of accessing the length of rest parameters and rest elements to improve fuzzing coverage of V8's optimizations for RestLength (rest.length). With a 20% probability, FuzzIL variable is created for the "length" property of a newly created rest parameter or element. This affects all function types and array destructuring generators. For function generators and 'ForOfWithDestructLoopGenerator', we do not need to check if outputs are empty: 'hasRestParameter' implies the existence of parameters, and loop generation logic guarantees non-empty indices. For 'DestructArrayGenerator' and 'DestructArrayAndReassignGenerator', we now ensure that 'lastIsRest' is only true when the variable list is non-empty. Assertions were also added to the DestructArray instructions to enforce this invariant. Bug: 456162872 Change-Id: I37b78cc892aac5bb5e5164864863dc51dba40f51 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8741996 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Dominik Klemba <tacet@google.com>
Change-Id: I02ac85b1f90e3a21a6310157457d2e0c0ec364d3 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8796658 Auto-Submit: Pawel Krawczyk <pawkra@google.com> Commit-Queue: Dominik Klemba <tacet@google.com> Reviewed-by: Dominik Klemba <tacet@google.com>
Bug: 455512155,455513417 Change-Id: I52dc1b9d27d02ee1e5d905eca3705d9a9c4a6661 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8796096 Commit-Queue: Pawel Krawczyk <pawkra@google.com> Reviewed-by: Dominik Klemba <tacet@google.com>
This adds a stand-alone python script that with the following properties: * Mimic various test configs from V8 (for now test262 without staging) * List all supported tests from a config * Transpile all tests in parallel (i.e. compile to FuzzIL and lift back to JS) * Print statistics and return relevant results as a json file * The results contain stats that we can track as a metric, e.g. the percentage of properly transpiled tests. The script is tested with a Python unit tests that runs the script E2E, also hooked up through a presubmit script so that it's tested on updates. Bug: 442444727 Change-Id: I29c89cede59aef885e45a0ae0821d3388bc51e8f Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8787097 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com>
This makes the executor look for Node.js in the CWD, which makes it easy to bundle both together when porting the FuzzILTool to another machine. Bug: 442444727 Change-Id: I80adcde79fb6d773f3f47817da24188bbbe5431e Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8796659 Reviewed-by: Pawel Krawczyk <pawkra@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Generating shared ref variables to be done in following CLs. See https://github.com/WebAssembly/shared-everything-threads/blob/main/proposals/shared-everything-threads/Overview.md. Bug: 448349112 Change-Id: I3358ce9cdd528147b66f1954ef1a008b048e06df Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8734256 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Dominik Klemba <tacet@google.com> Commit-Queue: Pawel Krawczyk <pawkra@google.com>
This reverts commit e35cbb5. Reason for revert: Crashes and not reviewed yet. Original change's description: > Add support for shared references. > > Generating shared ref variables to be done in following CLs. > > See https://github.com/WebAssembly/shared-everything-threads/blob/main/proposals/shared-everything-threads/Overview.md. > > Bug: 448349112 > Change-Id: I3358ce9cdd528147b66f1954ef1a008b048e06df > Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8734256 > Commit-Queue: Matthias Liedtke <mliedtke@google.com> > Reviewed-by: Dominik Klemba <tacet@google.com> > Commit-Queue: Pawel Krawczyk <pawkra@google.com> Bug: 448349112 No-Presubmit: true No-Tree-Checks: true No-Try: true Change-Id: I8bc73bef53d053078db9318de6408d4dbf2f4cda Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8810396 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
This change allows the JavaScriptLifter to inline arrow functions (e.g., 'foo(() => 42)') by treating them as expressions.
- Adds ArrowFunctionExpression to JSExpressions.
- Updates JavaScriptLifter to detect recursive arrow functions and block boundaries.
- Non-recursive arrow functions are buffered and assigned as expressions.
- Recursive arrow functions retain the original variable declaration strategy.
- Implements concise body syntax ('() => expr') for single-line returns without comments.
- Updates JavaScriptWriter to use emitBlock for multi-line inlined expressions.
Bug: 464228572, 456164925
Change-Id: Ic4618c2ba92ad96d95303e83f8551c13beef508c
Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8808456
Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Commit-Queue: Dominik Klemba <tacet@google.com>
Auto-Submit: Dominik Klemba <tacet@google.com>
This is a mini-fuzzer for the new BytecodeVerifier in V8. It uses %GetBytecode to obtain a JS representation of the BytecodeArray of an existing function, mutates it, then installs it back on the function using %InstallBytecode and finally executes the function. As the verifier only ensures that the bytecode does not cause a sandbox breakout (not general memory corruption), the mini-fuzzer is also specific to the V8Sandbox fuzzing profile. Bug: 461681036 Change-Id: Iac64f3c9532f47455c57cf4251197771b0663612 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8814316 Commit-Queue: Samuel Groß <saelo@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
This enables calling the script with the arguments --num-shards and --shard-index. The former defines on how many shards (bots) the overall task gets distributed, the latter the index n to deterministically determined the sub-task for the n'th shard. The test order is deterministic and we assume that this script is called from different shards with the same test archive. The sub task is then evenly divided with a simple modulo algorithm. Bug: 442444727 Change-Id: I32803d2bae14f9387e445b627363f4de7ac7efe4 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8817538 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com>
…bility)." This reverts commit 8a542af. Reason for revert: V8/d8 is not seeded, therefore crashes are not reproducible (and the code is unstable). Original change's description: > Throw exception in TryCatchFinally blocks (with certain probability). > > Bug: 455512155,455513417 > Change-Id: I52dc1b9d27d02ee1e5d905eca3705d9a9c4a6661 > Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8796096 > Commit-Queue: Pawel Krawczyk <pawkra@google.com> > Reviewed-by: Dominik Klemba <tacet@google.com> Bug: 455512155,455513417 Change-Id: I17514fcc50b60232faccd0a7b418fad0b187174d Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8821316 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Dominik Klemba <tacet@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Auto-Submit: Dominik Klemba <tacet@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com>
This makes it possible to call the script from some nested work dir. Bug: 442444727 Change-Id: I5f6f4313b652cb09e4d168785e78a2334495ccd9 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8821322 Auto-Submit: Michael Achenbach <machenbach@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
This allows using parameter types which are indexed types (things like `(ref null 1)`). Implementation: - Each WasmLoop instruction now takes its signature as the first input. - The static signature types are removed from the begin and endLoop. - The loop code generator emits an "ad hoc" signature in order to emit signatures for which we already have corresponding inputs available. Bug: 445356784 Change-Id: Ic58ab7d6a092a39de77c974142dd7f976786e8e1 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8792956 Reviewed-by: Pawel Krawczyk <pawkra@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Change-Id: I63cb4c1f7aef06240729a3879eb20ab3ef452549 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8911776 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Pawel Krawczyk <pawkra@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 434977727 Change-Id: I24617b4353f7205c8654ce9f555ed043fb5e4b8c Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8902197 Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Olivier Flückiger <olivf@google.com>
Bug: 442444727 Change-Id: Ia254954f25df8284a58d43cce0c27383027e01db Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926738 Commit-Queue: Michael Achenbach <machenbach@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
There is an ever-growing list of properties that exist on a receiver which don't exist on the corresponding prototype object of the constructor or are not usable on it. So far, there are two cases for it: 1) They simply do not come from the prototype, e.g. iterator instances have properties that are part of the Iterator protocol, like `next`, while Iterator.prototype.next does not exist. 2) The property does exist on the prototype object, however it is not usable on it. There are a few properties that aren't actually regular properties but get accessors. These get accessors cannot be used on the prototype object as they will throw on access, e.g. `Intl.Collator.prototype.compare`. For nicer documentation, move these excluded properties to the call that registers the prototype object on the environment. Change-Id: I6e6163e0424a3e1f7e213ea2700d2dc8c883cd31 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926737 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com>
Similar to commit 3b241b0 this change makes wasm's if-else control flow blocks use wasm-gc signatures as inputs instead of having the signature stored as a property inside the operation. This allows using wasm-gc index types inside these signatures. Bug: 445356784 Change-Id: I8315f64be536a1882ab9d4d39a3b7b72eb690456 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8914456 Reviewed-by: Pawel Krawczyk <pawkra@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: Ic309942aac909ffa6397fc889fd4cd8fe86e6b4e Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8914596 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Pawel Krawczyk <pawkra@google.com>
Change-Id: Id1322a5847527125d3282da5d80e861422bd7f45 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8914597 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Pawel Krawczyk <pawkra@google.com>
Change-Id: Ia6616629177ee5f941377471a998d59e1ab31d06 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8922297 Reviewed-by: Pawel Krawczyk <pawkra@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Adds support for wasm struct.new operation to be able to generate structs with initial non-default values. Bug: 474940922 Change-Id: Ic8f1cc8d7f9dc24dc73b342fb3d55c35e1a33446 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8921896 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Dominik Klemba <tacet@google.com> Commit-Queue: Doga Yüksel <dyuksel@google.com>
Change-Id: Id6f1609bf09df512aced5db86f979e3709647446 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926736 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 475996631 Change-Id: I2fed02882da99abdaaca11d5bed21ebd0f0ff833 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8932836 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com>
So far we didn't try to resolve input requirements for JS types by scheduling code generators that produce these inputs. This change fixes that and also fixes the test case and the compile warning it produces for the unused Swift variable due to commented out code. Change-Id: I7c090fc164b00df5ef31353447ae4f993538c437 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8929438 Reviewed-by: Dominik Klemba <tacet@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
in cases where it doesn't have a wasmReferenceType WasmTypeExtension. The better printing in commit f418a5e doesn't do anything if we don't ever reach it because we already crash earlier. This change adapts generateRandomWasmVar to return nil if it receives an index reference type without the expected type extension. If this still causes crashes, we'd then get the better error message from above. Bug: 475996631 Change-Id: I86f89855724f09de3875770e2380257c07d54062 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8932837 Commit-Queue: Michael Achenbach <machenbach@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
Bug: 475996631 Change-Id: If8b92877f88b5852184d69477bc508d6c039c294 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8932857 Reviewed-by: Michael Achenbach <machenbach@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
While the WasmTypeGroupReducer shall remove all inputs which are not used from the WasmEndTypeGroup (so that these types can be removed in a following iteration), it should still expose all types which are used inside the type group, so that the JSTyper still continues to handle them correctly. This will hopefully fix the current crashes we are observing for types missing the linkage from a wasm index reference type to the corresponding type definition variable in the JSTyper. Bug: 475996631 Change-Id: I571a44fabee3f302c8f53fad14d6f62263d0a8ca Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8935617 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Michael Achenbach <machenbach@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
Bug: 442444727 Change-Id: I2b829da00393a63f40ac2791091ff73bd288aa24 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8935636 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Michael Achenbach <machenbach@google.com>
Adds support for ref.eq instruction to be generated Bug: 474940922 Change-Id: I7b88ceffed5252878132406da30a570be01f13ad Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8933276 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Doga Yüksel <dyuksel@google.com>
Seems like the previous change didn't do that because configuration objects never got this boolean. Bug: 422361840 Change-Id: I9a4fd2af616b7dd5dd27126fe10004374a41992a Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8940976 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Bug: 441467877 Change-Id: I7278380605e40ca79b4dc889cb8b6734aa7c4327 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8908076 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com>
By removing the types from the WasmThrow, this prepares Fuzzilli to adapt the tags as a next step to use wasm-gc signatures instead of static parameter types (there might be more dependencies for that). Bug: 445356784 Change-Id: I852a84efd928ed593bbb84105a95ab7a09cde9a7 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926696 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Doga Yüksel <dyuksel@google.com>
Bug: 445356784 Change-Id: I960d64621c3faac93083b44935382a05dee93d84 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926697 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Doga Yüksel <dyuksel@google.com>
Bug: 445356784 Change-Id: I5d827c480f633e4efe565ac139f91c4fb5e04e79 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926698 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: Ia1a6b4606ba85e5c6f0093cc8c43cc4726a7b907 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926699 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: If6049b20eb2a77ce27c04412f571af7626b4216b Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926700 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: Ia9ced154e6f1ce465c257e0e17c53782ec13f442 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8926836 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 445356784 Change-Id: Idbe0b038ecd47b371639219edababaf7e33d1054 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8929536 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
One of them should be enough. :) Bug: 445356784 Change-Id: Ib0f215bcd41c2801d2b5d43c6255b17a5d979dd2 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8944236 Auto-Submit: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Bug: 442444727 Change-Id: I4639df028436c02f59a26e12e3930bee209ab506 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8949196 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Bug: 442444727 Change-Id: I77dc4619f6eba65bf7417fbb36609eb42993121c Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8952396 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Main functionality was merged into codebase by now. Bug: 441467877 Change-Id: Ibcd2c7873188e52cf0db0dcdfacf8150ee694107 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8947917 Commit-Queue: Dominik Klemba <tacet@google.com> Reviewed-by: Dominik Klemba <tacet@google.com> Commit-Queue: Danylo Mocherniuk <mdanylo@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
updating with head