-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fuzzgen: Fuzz Switch API #4502
fuzzgen: Fuzz Switch API #4502
Conversation
As author of this api, I'm curious if it will be able to find any issues. |
4b9d54f
to
e23388e
Compare
We got a crash!
Fails with:
This is probably because the imm field is too large for an Edit: Switch Entries are:
I'll submit a PR tomorrow to fix this. Related Issue: #3059 |
In bytecodealliance#4502 we discovered a bug in the switch api where it would emit `icmp_imm`'s with types that were not able to fully represent the destination index. The fix for this is to extend the input type to a type suitable for representing the largest index possible.
In bytecodealliance#4502 we discovered a bug in the switch api where it would emit `icmp_imm`'s with types that were not able to fully represent the destination index. We now reject these inputs. The index val must always have a type that is capable of addressing the entire range of inputs.
In bytecodealliance#4502 we discovered a bug in the switch api where it would emit `icmp_imm`'s with types that were not able to fully represent the destination index. We now reject these inputs. The index val must always have a type that is capable of addressing the entire range of inputs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR has been great, finding bugs in obscure corners before it's even merged. Well done!
With #4510 merged the Switch API should now work for all widths, right? Are there any remaining bugs you know about? I figure I'll wait until Monday to merge this and see if oss-fuzz starts yelling.
Yes.
We still need to fix this so that it doesn't emit the switch entries larger than the index type (the case that we made illegal with #4507). But otherwise no. Ill push those changes and leave this fuzzing over the weekend to see if anything else comes up. |
Turns out this is an interface that the frontend provides. We should fuzz it.
e23388e
to
be0edc6
Compare
Fuzzer found nothing new over the weekend with these new changes. Should be ready to merge! Lets see if oss-fuzz finds something else. |
Hey,
Turns out this is an interface that the frontend provides.
We should fuzz it.
cc: @jameysharp