fuzzgen: Generate multiple functions per testcase

[afonso360]

👋 Hey,

This PR is a follow up to #5764, so we probably should merge that first before reviewing this. (Or just review the last 2 commits).

This changes fuzzgen to generate multiple functions in a testcase 🥳

Functions are only allowed to call previously generated functions, so we never generate loops or recursive calls. Though that is probably something we should reconsider at some point.

We always pass all allowed functions into FunctionGenerator and so the function headers are somewhat poluted with definitions, maybe this is something we want to improve.

Example Testcase:

Output of `std::fmt::Debug`:

;; Fuzzgen test case

test interpret
test run
set opt_level=speed
set regalloc_checker=true
set enable_alias_analysis=false
set enable_simd=true
set enable_llvm_abi_extensions=true
set unwind_info=false
set machine_code_cfg_info=true
set enable_jump_tables=false
set enable_heap_access_spectre_mitigation=false
set enable_table_access_spectre_mitigation=false
target x86_64

function u1:1(i16 sext, i8 sext, i8 sext, i8 sext, i16 uext, i64 uext, i16 uext, i8 sext, i8 sext, i8 sext, i8, i128) -> i64 sext, i8 sext, i8 sext, i8 sext, i8 sext system_v {
    sig0 = (f32) -> f32 system_v
    sig1 = (f64) -> f64 system_v
    sig2 = (f32) -> f32 system_v
    sig3 = (f64) -> f64 system_v
    sig4 = (f32) -> f32 system_v
    sig5 = (f64) -> f64 system_v
    fn0 = colocated %CeilF32 sig0
    fn1 = %CeilF64 sig1
    fn2 = %FloorF32 sig2
    fn3 = %FloorF64 sig3
    fn4 = %TruncF32 sig4
    fn5 = %TruncF64 sig5

block0(v0: i16, v1: i8, v2: i8, v3: i8, v4: i16, v5: i64, v6: i16, v7: i8, v8: i8, v9: i8, v10: i8, v11: i128):
    v12 = iconst.i8 0
    v13 = iconst.i16 0
    v14 = iconst.i32 0
    v15 = iconst.i64 0
    v16 = uextend.i128 v15  ; v15 = 0
    return v5, v1, v9, v1, v3
}

function u1:0(f32, f32, i8 sext, i8 sext) -> i8 sext, i8 sext, i8 sext, i8 sext system_v {
    sig0 = (i16 sext, i8 sext, i8 sext, i8 sext, i16 uext, i64 uext, i16 uext, i8 sext, i8 sext, i8 sext, i8, i128) -> i64 sext, i8 sext, i8 sext, i8 sext, i8 sext system_v
    sig1 = (f32) -> f32 system_v
    sig2 = (f64) -> f64 system_v
    sig3 = (f32) -> f32 system_v
    sig4 = (f64) -> f64 system_v
    sig5 = (f32) -> f32 system_v
    sig6 = (f64) -> f64 system_v
    fn0 = u1:1 sig0
    fn1 = %CeilF32 sig1
    fn2 = %CeilF64 sig2
    fn3 = %FloorF32 sig3
    fn4 = %FloorF64 sig4
    fn5 = %TruncF32 sig5
    fn6 = %TruncF64 sig6

block0(v0: f32, v1: f32, v2: i8, v3: i8):
    v4 = iconst.i64 0x8000_1212_1212
    v5 = iconst.i64 0x1212_1212_1212_1212
    v6 = iconcat v5, v4  ; v5 = 0x1212_1212_1212_1212, v4 = 0x8000_1212_1212
    v7 = iconst.i8 0
    v8 = iconst.i16 0
    v9 = iconst.i32 0
    v10 = iconst.i64 0
    v11 = uextend.i128 v10  ; v10 = 0
    return v2, v2, v2, v2
}


; Note: the results in the below test cases are simply a placeholder and probably will be wrong

; run: u1:0(0x1.420400p17, -NaN:0x3f0000, -1, -1) == [0, 0, 0, 0]
; run: u1:0(0x0.4ffffep-126, 0.0, 0, 0) == [0, 0, 0, 0]
; run: u1:0(0.0, 0.0, 0, 0) == [0, 0, 0, 0]

Ran this on AArch64 and x86 for a while and it didn't complain.

[github-actions]

Subscribe to Label Action

cc @fitzgen

This issue or pull request has been labeled: "cranelift", "fuzzing"

Thus the following users have been cc'd because of the following labels:

• fitzgen: fuzzing

To subscribe or unsubscribe from this label, edit the .github/subscribe-to-label.json configuration file.

Learn more.

[jameysharp]

I'm very excited to merge this, but I'm holding off on reviewing it until we merge #5764.

[jameysharp]

This looks great and I'm so excited to start actually fuzzing function calls. After rebasing this (and fixing the one typo I noticed) please run both fuzzers for a bit, but then feel free to merge!

[afonso360]

Well, this has been running for the past 8 hours successfully on x64 and AArch64 without crashing. icache also hasn't found anything either. It ran into #5832 on RISC-V.

I'm going to try to fix that one, otherwise if it ends up being complicated we can disable the colocated flag for RISC-V.

[afonso360]

Rebased this on top of main, and given the amount of fuzzgen changes since this was first posted I'm going to give this a few hours of fuzzing again before merging.

---

Edit: Nothing so far that's related to calls. I'm going to call that good enough.