-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fuzzgen: Add stack map variables #8941
Conversation
Thanks Afonso!! I'll take a look a little later today. |
I have a fix, PR incoming. |
This fixes a fuzz bug found in the development of bytecodealliance#8941
This fixes a fuzz bug found in the development of bytecodealliance#8941
|
I've been running |
* Refactor the internals of `FunctionBuilder::insert_safepoint_spills` into a few smaller methods * Initialize a logger for the `cranelift-fuzzgen` fuzz target * Resolve aliases before inserting values into the live set This fixes a fuzz bug found in the development of #8941
Running it locally seems to have run into another crash, this one quite a bit larger. It also doesn't seem to minimize well. base64
Panic
Clif
|
45db6cb
to
635ea57
Compare
Taking a look, thanks! |
@afonso360 huh, that input doesn't fail on |
That is super weird 🤔 Can you run Otherwise, I have no idea why this wouldn't reproduce. |
I'm indeed getting a different md5 sum, even when I re-create the file from the base64 again. Mind uploading the full input as an attachment? |
Github doesn't seem to like files without extensions. Here's the original fuzz input |
After cherry picking #8978 onto this branch, the fuzz input no longer fails. Running a bit longer locally to see if anything else turns up. |
Found another bug with this fuzzer overnight, fix over in #9000 Continuing to run the fuzzer now. |
Thought I was in the clear after running the fuzzer all day yesterday without issue, but I woke up to a new fuzz bug. |
Turns out this was actually unrelated to safepoints/stack maps, but generating them in fuzzgen made it more likely to produce the specific shape of code required to trigger a pre-existing bug. Fix in #9003 |
At this point, I think we can go ahead and merge this PR and deal with any remaining issues as OSS-Fuzz finds them. |
I'll enqueue this to merge after #9003 merges. |
👋 Hey,
This PR adds the new variable stack map apis (added in #8937) to cranelift fuzzgen.
I've tried to fuzz this for a bit, but it seems to generate invalid functions that don't pass the validator. I don't know enough about how stackmaps work to debug this. (cc @fitzgen)
I also don't know if this feature is ready for fuzzing yet, so if it isn't let me know!
Here's one of the fuzz bugs:
Panic
base64
CLIF