cranelift-fuzzgen: Consume all trailing fuzz input

But don't keep going once we've consumed it all.
bytecodealliance · Sep 7, 2022 · c22b75e · c22b75e
1 parent 6593064
commit c22b75e
Showing 1 changed file with 16 additions and 4 deletions.
diff --git a/cranelift/fuzzgen/src/lib.rs b/cranelift/fuzzgen/src/lib.rs
@@ -137,18 +137,30 @@ where
         })
     }
 
-    fn generate_test_inputs(&mut self, signature: &Signature) -> Result<Vec<TestCaseInput>> {
-        let num_tests = self.u.int_in_range(self.config.test_case_inputs.clone())?;
-        let mut inputs = Vec::with_capacity(num_tests);
+    fn generate_test_inputs(mut self, signature: &Signature) -> Result<Vec<TestCaseInput>> {
+        let mut inputs = Vec::new();
+
+        loop {
+            let last_len = self.u.len();
 
-        for _ in 0..num_tests {
             let test_args = signature
                 .params
                 .iter()
                 .map(|p| self.generate_datavalue(p.value_type))
                 .collect::<Result<TestCaseInput>>()?;
 
             inputs.push(test_args);
+
+            // Continue generating input as long as we just consumed some of self.u. Otherwise
+            // we'll generate the same test input again and again, forever. Note that once self.u
+            // becomes empty we obviously can't consume any more of it, so this check is more
+            // general. Also note that we need to generate at least one input or the fuzz target
+            // won't actually test anything, so checking at the end of the loop is good, even if
+            // self.u is empty from the start and we end up with all zeros in test_args.
+            assert!(self.u.len() <= last_len);
+            if self.u.len() == last_len {
+                break;
+            }
         }
 
         Ok(inputs)