Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fuzzing #28

Merged
merged 67 commits into from
Jul 27, 2023
Merged

Fuzzing #28

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
541d444
Fuzzer in progress (design experiments)
epatrizio Apr 25, 2023
d385794
design a basic fuzzer
zapashcanon May 16, 2023
421bffa
Fuzzer in progress (design leo, first evols)
epatrizio May 19, 2023
2a6dba0
Fuzzer in progress (add itestop, irelop)
epatrizio May 19, 2023
9ba41ba
Fuzzer in progress (fix add_local)
epatrizio May 22, 2023
3bbc012
Fuzzer in progress (add 'extend' and more 'ibinop' instructions)
epatrizio May 22, 2023
4606426
Fuzzer in progress (init float support)
epatrizio May 22, 2023
4136919
Fuzzer in progress (float support)
epatrizio May 23, 2023
9fd9a30
specialise let+ to single element, add and+
zapashcanon May 23, 2023
c530521
tmp
epatrizio May 23, 2023
50e0e53
Fuzzer in progress (if_else instruction in progress)
epatrizio May 23, 2023
f260a11
remove global environment in fuzzer
zapashcanon May 24, 2023
c27cdbc
Fuzzer in progress (global_get instruction in progress)
epatrizio May 25, 2023
b2b9261
Fuzzer in progress (global_get instruction and interprets interface)
epatrizio May 29, 2023
15780c6
Fuzzer in progress (global_set, local_set tee)
epatrizio May 29, 2023
27beae2
Fuzzer in progress (Issue #32 : fix global_type pp)
epatrizio May 30, 2023
70c1572
Fuzzer in progress (init memory support)
epatrizio May 31, 2023
e1ce3c0
Fuzzer in progress (Issue #34 : fix data pp)
epatrizio Jun 1, 2023
37b47ff
Fuzzer in progress (init data support)
epatrizio Jun 1, 2023
3af4c8d
Fuzzer in progress (memory refacto in progress)
epatrizio Jun 2, 2023
07d7af8
Fuzzer in progress (memory data)
epatrizio Jun 6, 2023
fdb26b6
Fuzzer in progress (memory data - reviews)
epatrizio Jun 6, 2023
ab652ce
Fuzzer in progress (refacto draft)
epatrizio Jun 12, 2023
a590c80
Fuzzer in progress (bug fix memarg align Issue #42)
epatrizio Jun 13, 2023
a285f36
Fuzzer in progress (bug fix call func instr)
epatrizio Jun 14, 2023
2d0b747
Fuzzer in progress (bug fix memarg align Issue #42)
epatrizio Jun 14, 2023
6584033
Fuzzer in progress (bug fix optimize module Issue #43)
epatrizio Jun 16, 2023
64137c6
Fuzzer in progress (refactoring)
epatrizio Jun 16, 2023
d619c3a
Fuzzer in progress (if_then block instr in progress)
epatrizio Jun 16, 2023
958db3b
Fuzzer in progress (syntax removed, integrated into crowbar lib)
epatrizio Jun 19, 2023
c4b6ec8
Fuzzer in progress (bug fix optimize module Issue #43 - add tests)
epatrizio Jun 19, 2023
1282a6b
Fuzzer in progress
epatrizio Jun 19, 2023
f27c5b3
promote test
epatrizio Jun 19, 2023
9b10b8b
Fuzzer in progress (format)
epatrizio Jun 20, 2023
0f177a2
start blocks
epatrizio Jun 20, 2023
efd8895
update to latest refactor
epatrizio Jun 20, 2023
7a4ab9b
fix data pp again
epatrizio Jun 20, 2023
edac2bc
promote tests
epatrizio Jun 20, 2023
6020430
fix data mode pp again
epatrizio Jun 20, 2023
0b5645f
Fuzzer in progress
epatrizio Jun 20, 2023
f5cba98
fix block/if type gen
epatrizio Jun 20, 2023
d88de30
Fuzzer in progress (unreachable block_br instr)
epatrizio Jun 21, 2023
fb25bca
Fuzzer in progress (function calls improvement)
epatrizio Jun 22, 2023
5f2ba28
Fuzzer in progress (fix function calls improvement)
epatrizio Jun 22, 2023
73d9622
Fuzzer in progress (br_if instr)
epatrizio Jun 22, 2023
b40678d
Fuzzer in progress (br_if instr fix)
epatrizio Jun 22, 2023
79c099a
Fuzzer in progress (loops and timeout)
epatrizio Jun 23, 2023
5db3376
Fuzzer in progress (loops and timeout reviews)
epatrizio Jun 27, 2023
107db56
Fuzzer in progress (tmp)
epatrizio Jun 27, 2023
8f2e102
fix expr_br and expr_br_if
zapashcanon Jun 28, 2023
4800f04
Merge pull request #6 from OCamlPro/tmpfuzzing
epatrizio Jun 28, 2023
0b919a5
Fuzzer in progress (more reviews)
epatrizio Jun 28, 2023
b52f029
Fuzzer in progress (mini fix)
epatrizio Jun 29, 2023
bfffb12
improve fuzzer.ml output, factorize interprets
zapashcanon Jun 29, 2023
ecb1458
fix typecheck bug
zapashcanon Jun 30, 2023
84b77a2
Merge pull request #8 from OCamlPro/tmpfuzzing
epatrizio Jun 30, 2023
44769ad
fix parser+typecheck bug
zapashcanon Jul 1, 2023
41fd0c2
Merge pull request #9 from OCamlPro/tmpfuzzing
epatrizio Jul 3, 2023
dcd0d9a
improve interprets and timeout handling
zapashcanon Jul 1, 2023
e96ca9a
Merge pull request #10 from OCamlPro/tmpfuzzing
epatrizio Jul 4, 2023
4f71995
Fuzzer in progress (table type elem init)
epatrizio Jul 4, 2023
69f5014
Fuzzer in progress (table type elem in progress)
epatrizio Jul 6, 2023
a16afe7
Fuzzer in progress (table elem instr)
epatrizio Jul 6, 2023
1184cf5
Fuzzer in progress (table elem fix / reviews)
epatrizio Jul 10, 2023
c22f23b
Fuzzer in progress (add active elem_mode)
epatrizio Jul 11, 2023
4b296e6
Fuzzer in progress (refacto table_init table_copy)
epatrizio Jul 24, 2023
6fd966b
Add TODOs
epatrizio Jul 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 14 additions & 7 deletions test/fuzz/basic.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -462,7 +462,7 @@ let data_drop (env : Env.t) =
(fun name -> pair (const (Data_drop (Symbolic name))) (const [ S.Nothing ]))
env.datas

let block_kind = choose [ const Env.Block; const Env.Loop (*; const Env.Func*) ]
let block_kind = choose [ const Env.Block; const Env.Loop; const Env.Func ]

let expr_call (env : Env.t) (stack : val_type list) =
let stack_pt = List.map (fun _ -> S.Pop) in
Expand Down Expand Up @@ -490,11 +490,16 @@ let expr_br_if (env : Env.t) (stack : val_type list) =
| Arg.Bt_raw (_, (pt, rt)) ->
let is_stack_compatible =
match bk with
| Env.Block -> S.is_stack_compatible tl (List.rev rt)
| Env.Block | Env.Func -> S.is_stack_compatible tl (List.rev rt)
| Env.Loop -> S.is_stack_compatible_param tl (List.rev pt)
in
if not is_stack_compatible then None
else Some (pair (const (Br (Symbolic name))) (const [ S.Pop ]))
else
let i = match bk with
| Env.Block | Env.Loop -> const @@ Br_if (Symbolic name)
| Env.Func -> const @@ Br_if (Raw ((List.length blocs) - 1))
in
Some ( pair i (const [ S.Pop ]) )
| _ -> None )
blocs

Expand All @@ -512,14 +517,16 @@ let expr_br (env : Env.t) (stack : val_type list) =
| Arg.Bt_raw (_, (pt, rt)) ->
let is_stack_compatible =
match bk with
| Env.Block -> S.is_stack_compatible stack (List.rev rt)
| Env.Block | Env.Func -> S.is_stack_compatible stack (List.rev rt)
| Env.Loop -> S.is_stack_compatible_param stack (List.rev pt)
in
if not is_stack_compatible then None
else
Some
(let i = const @@ Br (Symbolic name) in
pair i random_stack )
let i = match bk with
| Env.Block | Env.Loop -> const @@ Br (Symbolic name)
| Env.Func -> const @@ Br (Raw ((List.length blocs) - 1))
in
Some ( pair i random_stack )
| _ -> None )
blocs

Expand Down
2 changes: 1 addition & 1 deletion test/fuzz/env.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
open Owi.Symbolic
open Crowbar

type block_kind =
| Block
| Loop
zapashcanon marked this conversation as resolved.
Show resolved Hide resolved
| Func

type t =
{ mutable next_data : int
Expand Down
27 changes: 18 additions & 9 deletions test/fuzz/fuzzer.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,21 +36,26 @@ let check_optimized m =
| Some Error msg1, Some Error msg2 when msg1 = msg2 -> true
| Some Error msg1, Some Error msg2 ->
Format.ksprintf failwith
"unoptimized module and optimized module interpretations throw \
"[Owi unoptimized and optimized comparaison] \
unoptimized module and optimized module interpretations throw \
different errors: %s / opti: %s"
msg1 msg2
| Some Error msg, Some Ok () ->
Format.ksprintf failwith
"only unoptimized module interpretation throws an error: %s" msg
"[Owi unoptimized and optimized comparaison] \
only unoptimized module interpretation throws an error: %s" msg
| Some Ok (), Some Error msg ->
Format.ksprintf failwith
"only optimized module interpretation throws an error: %s" msg
"[Owi unoptimized and optimized comparaison] \
only optimized module interpretation throws an error: %s" msg
| None, Some _ ->
Format.ksprintf failwith
"only unoptimized module interpretation throws a timeout error"
"[Owi unoptimized and optimized comparaison] \
only unoptimized module interpretation throws a timeout error"
| Some _, None ->
Format.ksprintf failwith
"only optimized module interpretation throws a timeout error"
"[Owi unoptimized and optimized comparaison] \
only optimized module interpretation throws a timeout error"
in
let result2 =
(not Param.reference_fuzzing)
Expand All @@ -63,16 +68,20 @@ let check_optimized m =
true
| Some Error msg, Some Ok () ->
Format.ksprintf failwith
"only unoptimized module interpretation throws an error: %s" msg
"[Reference and Owi interpreters comparaison] \
only unoptimized module interpretation throws an error: %s" msg
| Some Ok (), Some Error msg ->
Format.ksprintf failwith
"only reference module interpretation throws an error: %s" msg
"[Reference and Owi interpreters comparaison] \
only reference module interpretation throws an error: %s" msg
| None, Some _ ->
Format.ksprintf failwith
"only unoptimized module interpretation throws a timeout error"
"[Reference and Owi interpreters comparaison] \
only unoptimized module interpretation throws a timeout error"
| Some _, None ->
Format.ksprintf failwith
"only optimized module interpretation throws a timeout error"
"[Reference and Owi interpreters comparaison] \
only optimized module interpretation throws a timeout error"
in
result1 && result2

Expand Down
16 changes: 9 additions & 7 deletions test/fuzz/gen.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,23 +133,22 @@ let expr_available_2_f64 =
(* let expr_available_3_f64 = [] *)

let if_else expr ~locals ~stack env =
zapashcanon marked this conversation as resolved.
Show resolved Hide resolved
(* TODO: finish > bug typechecking + List.rev *)
match stack with
| Num_type I32 :: _stack -> begin
let* rt = list B.val_type in
(* let* pt = B.stack_prefix stack in *)
let* pt = const [] in
let* pt = B.stack_prefix (List.tl stack) in
let typ =
Arg.Bt_raw (None, (List.rev_map (fun t -> (None, t)) pt, List.rev rt))
in
let id = Env.add_block env typ Env.Block in (* same behavior as block *)
let old_fuel = env.Env.fuel in
env.fuel <- old_fuel / 2;
let* expr_then = expr ~block_type:typ ~stack:pt ~locals env in
env.fuel <- old_fuel / 2;
let* expr_else = expr ~block_type:typ ~stack:pt ~locals env in
env.fuel <- old_fuel / 2;

let+ instr = const @@ If_else (None, Some typ, expr_then, expr_else)
Env.remove_block env;
let+ instr = const @@ If_else (Some id, Some typ, expr_then, expr_else)
and+ pt_descr = const @@ (S.Pop :: List.map (fun _ -> S.Pop) pt)
and+ rt_descr = const @@ List.rev_map (fun t -> S.Push t) rt in
(instr, pt_descr @ rt_descr)
Expand All @@ -169,8 +168,9 @@ let block block_kind expr ~locals ~stack env =
const
@@
match block_kind with
| Block -> Block (Some id, Some typ, expr)
| Loop -> Loop (Some id, Some typ, expr)
| Env.Block -> Block (Some id, Some typ, expr)
| Env.Loop -> Loop (Some id, Some typ, expr)
| Env.Func -> assert false
and+ pt_descr = const @@ List.map (fun _ -> S.Pop) pt
and+ rt_descr = const @@ List.rev_map (fun t -> S.Push t) rt in
(instr, pt_descr @ rt_descr)
Expand Down Expand Up @@ -267,7 +267,9 @@ let func env =
Env.refill_fuel env;
let* locals = list (local env) in
let* type_f = B.block_type env in
let _ = Env.add_block env type_f Env.Func in
zapashcanon marked this conversation as resolved.
Show resolved Hide resolved
let+ body = expr ~block_type:type_f ~stack:[] ~locals env in
Env.remove_block env;
let id = Some (Env.add_func env type_f) in
MFunc { type_f; locals; body; id }

Expand Down