Add "interposition" to the fuzzer's mutate() method #6427
Conversation
| @@ -929,16 +930,15 @@ void TranslateToFuzzReader::mutate(Function* func) { | |||
| percentChance = std::max(percentChance, Index(3)); | |||
|
|
|||
| struct Modder : public PostWalker<Modder, UnifiedExpressionVisitor<Modder>> { | |||
| Module& wasm; | |||
|
Good ideas. I added the art and also to replace new children with old content. |
| // Only drop the child if we can't replace it as one of NEW's | ||
| // children. This does a linear scan of |rep| which is the reason | ||
| // for the above limit on the number of children. | ||
| if (!replaceChildWith(rep, child)) { |
There was a problem hiding this comment.
Right now this will always replace the first child of rep with compatible type. For example, if rep is an i32.add and the children are i32 expressions, the LHS of rep will always end up being the last original child and the RHS will never be replaced. Should we have replaceChildWith collect and randomly pick from all of the possible child locations to increase the number of possible outcomes?
There was a problem hiding this comment.
That makes sense, but we do have recombine() which will mix around things that way. Though we could perhaps add more logic there to reorder the children of an expression, which seems useful. How about leaving that as a TODO?
Before this PR we only mutated by replacing an expression with another, which
replaced all the children. With this PR we also do these two patterns:
Even better would be to reuse the children by the new (
(NEW)) expression,but that would take significantly more work.