[vm/fuzzer] Fix bug where FFI caused dart crash

Rationals: Default return values for FFI functions can not be negative. Change-Id: I054522f473a601c239a262884ba9b779dc648772 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/116049 Reviewed-by: Aart Bik <ajcbik@google.com> Commit-Queue: Felicitas Hetzelt <felih@google.com>
aam · Sep 6, 2019 · 254d077 · 254d077
1 parent f5c0e2e
commit 254d077
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/runtime/tools/dartfuzz/dartfuzz.dart b/runtime/tools/dartfuzz/dartfuzz.dart
@@ -14,7 +14,7 @@ import 'dartfuzz_ffiapi.dart';
 // Version of DartFuzz. Increase this each time changes are made
 // to preserve the property that a given version of DartFuzz yields
 // the same fuzzed program for a deterministic random seed.
-const String version = '1.38';
+const String version = '1.39';
 
 // Restriction on statements and expressions.
 const int stmtLength = 2;
@@ -163,7 +163,7 @@ class DartFuzz {
     }
     emit(') ${dartFuncName} = ' +
         'ffi.Pointer.fromFunction<${typeName}>(${ffiFuncName}, ');
-    emitLiteral(0, pars[0]);
+    emitLiteral(0, pars[0], smallPositiveValue: true);
     emitLn(').cast<ffi.NativeFunction<${typeName}>>().asFunction();');
   }
 
@@ -831,11 +831,15 @@ class DartFuzz {
     emit(tp == DartType.INT_LIST ? ' ]' : ' }');
   }
 
-  void emitLiteral(int depth, DartType tp) {
+  void emitLiteral(int depth, DartType tp, {bool smallPositiveValue = false}) {
     if (tp == DartType.BOOL) {
       emitBool();
     } else if (tp == DartType.INT) {
-      emitInt();
+      if (smallPositiveValue) {
+        emitSmallPositiveInt();
+      } else {
+        emitInt();
+      }
     } else if (tp == DartType.DOUBLE) {
       emitDouble();
     } else if (tp == DartType.STRING) {