-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fuzzgen: Generate stack load/store instructions #4438
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great except I have one question about a seemingly-unrelated change. Otherwise I'm looking forward to merging this! I think it'll be great to have more coverage in this fuzz target.
let imm64 = match ty { | ||
I8 => self.u.arbitrary::<i8>()? as i64, | ||
I16 => self.u.arbitrary::<i16>()? as i64, | ||
I32 => self.u.arbitrary::<i32>()? as i64, | ||
I64 => self.u.arbitrary::<i64>()?, | ||
ty if ty == I8 => self.u.arbitrary::<i8>()? as i64, | ||
ty if ty == I16 => self.u.arbitrary::<i16>()? as i64, | ||
ty if ty == I32 => self.u.arbitrary::<i32>()? as i64, | ||
ty if ty == I64 => self.u.arbitrary::<i64>()?, | ||
_ => unreachable!(), | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change is unnecessary, right? I'd like to keep the simpler syntax unless there's some reason it needs to change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My editor was complaining that we were always matching on I8 as a variable name and that the others were unused.
But looking at it again it probably would also generate a compile warning, so i think it might be a bug in CLion.
Ill revert this change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! I'll let this auto-merge assuming CI passes, which I expect it will.
👋 Hey,
This PR adds stack slots and stack loads and stores to the functions generated by fuzzgen. We use only the specialized instructions
stack_store
/stack_load
and not the more general combo ofstack_addr
+store
/load
.This also generates random stack slots, that are zero initialized on the first block of the function to prevent reading uninitialized memory.
This has run overnight on a (not very fast) x86 server, and so far hasn't found any issues.
cc: @cfallin @jameysharp