Skip to content

Handle extended const segment offsets in the fuzzer#6382

Merged
tlively merged 3 commits intomainfrom
fuzzer-fix-segment-offsets
Mar 7, 2024
Merged

Handle extended const segment offsets in the fuzzer#6382
tlively merged 3 commits intomainfrom
fuzzer-fix-segment-offsets

Conversation

@tlively
Copy link
Member

@tlively tlively commented Mar 7, 2024

The fuzzer already had logic to remove all references to non-imported globals
from global initializers and data segment offsets, but it was missing for
element segment offsets. Add it, and also add a missing check line for the new
test that uncovered this bug as initial fuzzer input.

@tlively tlively requested a review from kripken March 7, 2024 02:35
@tlively
Copy link
Member Author

tlively commented Mar 7, 2024
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @tlively and the rest of your teammates on Graphite Graphite

@tlively tlively mentioned this pull request Mar 7, 2024
Merged
kripken
kripken reviewed Mar 7, 2024
View reviewed changes
src/tools/fuzzing/fuzzing.cpp
// If the offset is a global that was imported (which is ok) but no
// longer is (not ok) we need to change that.
if (auto* offset = segment->offset->dynCast<GlobalGet>()) {
if (!wasm.getGlobal(offset->name)->imported()) {
Copy link
Member

@kripken kripken Mar 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did the check for ->imported() go away? I think we only need to zero it out of there is a global.get that is not imported.

Copy link
Member Author

@tlively tlively Mar 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I see that finalizeMemory does do this check, but with a note that imported globals are never encountered. Indeed, setupGlobals removes all imports. I guess I can follow finalizeMemory's lead here.

This was referenced Mar 7, 2024
Merged
Merged
Merged
@tlively tlively requested a review from kripken March 7, 2024 03:01
kripken
kripken approved these changes Mar 7, 2024
View reviewed changes
Copy link
Member

@kripken kripken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another option might be to assert on not seeing an import there - lgtm either way.

@tlively
Copy link
Member Author

tlively commented Mar 7, 2024

Oh yes, assertions make much more sense. Will change both cases.

Base automatically changed from eh-fuzzer-fix to main March 7, 2024 16:20
tlively added 3 commits March 7, 2024 08:23
@tlively
Handle extended const segment offsets in the fuzzer
1ed0d77 
The fuzzer already had logic to remove all references to non-imported globals
from global initializers and data segment offsets, but it was missing for
element segment offsets. Add it, and also add a missing check line for the new
test that uncovered this bug as initial fuzzer input.
@tlively
check for import
8c02b22
@tlively
assertions
979b615
@tlively tlively force-pushed the fuzzer-fix-segment-offsets branch from ad7c8d3 to 979b615 Compare March 7, 2024 16:23
@tlively tlively merged commit adca3a1 into main Mar 7, 2024
@tlively tlively deleted the fuzzer-fix-segment-offsets branch March 7, 2024 16:57
@tlively
Copy link
Member Author

tlively commented Mar 7, 2024

Merge activity

@gkdn gkdn mentioned this pull request Aug 31, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kripken kripken kripken approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tlively @kripken