[EH] Fuzz throws from JS #7027
[EH] Fuzz throws from JS #7027
Conversation
…ng-support, and logging funcs must start with 'log-'
| // Throw something. We use a (hopefully) private name here. | ||
| auto payload = std::make_shared<ExnData>("__private", Literals{}); | ||
| throwException(WasmException{Literal(payload)}); | ||
| } |
There was a problem hiding this comment.
Can we add an else { WASM_UNREACHABLE(... after this to catch problems earlier if we add a new import that does not follow any of these schemes?
src/tools/fuzzing/fuzzing.cpp
Outdated
| // something not exported if out of bounds. First we must also export | ||
| // tags sometimes. | ||
| throwImportName = Names::getValidFunctionName(wasm, "throw"); | ||
| auto* func = new Function; |
There was a problem hiding this comment.
Let's use a std::unique_ptr here.
|
Thanks, feedback should be addressed. I also realized we can test this directly, and added that. |
|
New testcase found an issue with hardcoded logging import names. They need to be flexible, like the throwing import one already was. Fixed. |
|
Also we must compute those names before we use them, a slight reordering in how we modify functions. |
|
Why would the logging function name changes be related to the throwing capability? And in which way are we changing the logging names (other than storing them in a map)? |
|
@aheejin Before this PR, By itself that shouldn't change much, but the fuzzer started to error on these tests because it was seeing initial content that already used a name like |
|
And I think the fuzzer started to fail because it ran into those files a lot more because they have been recently updated in this PR. The problem existed before AFAICT. |
Continues the work from #7027 which added throwing from JS, this adds table get/set operations from JS, to further increase our coverage of Wasm/JS interactions (the table can be used from both sides).
3 participants
We already generated
(throw ..)instructions in wasm, but it makes sense to modelthrows from outside as well, as they cross the module boundary. This adds a new fuzzer
import to the generated modules,
"throw", that just does a throw from JS etc.Diff without whitespace is smaller.