implemented insert and replace mutations for fuzzer

Summary: This adds two new mutations to the fuzzer. The insert mutation will insert randomly generated instructions into existing sequences, rebalancing the stack as it goes. The replace mutations will replace existing instructions with randomly generated others with the same stack signature. This way the stack stays balanced as part of the mutation. Just in testing, these mutations uncovered two bugs in HHVM: T19829202 and T19825390. The large lists of generators in random_utils.ml are good candidates for autogeneration from the bytecode spec if/when that project ever gets off the ground. Code was also cleaned up or simplified in various places, mostly removing unnecessary parentheses or eta-reducing a couple of functions. Reviewed By: nbenton Differential Revision: D5359683 fbshipit-source-id: f43729d0fc058b857f22560e23f03729c4acdf10
facebook · Jul 6, 2017 · 7720a18 · 7720a18
1 parent a34ac73
commit 7720a18
Show file tree

Hide file tree

Showing 6 changed files with 500 additions and 125 deletions.
diff --git a/hphp/hack/src/hhbc/hhbc_ast.ml b/hphp/hack/src/hhbc/hhbc_ast.ml
@@ -499,7 +499,7 @@ type gen_creation_execution =
   | YieldK
   | ContCheck of check_started
   | ContValid
-  | ConStarted
+  | ContStarted
   | ContKey
   | ContGetReturn
 

diff --git a/hphp/hack/src/hhbc/hhbc_id.mli b/hphp/hack/src/hhbc/hhbc_id.mli
@@ -31,6 +31,8 @@ end
 
 module Function : sig
   type t
+  (* See hphp/compiler/parser.cpp *)
+  val builtins_in_hh : string list
   (* For use only in assembler. Quotes have been removed already *)
   val from_raw_string : string -> t
   (* For use only at final stage of emitting assembler *)