[NFC] Make fuzzing params mutable (#7257)

This only makes them mutable, but does not actually mutate them in any way. Specifically they are now stored in an RAII context, currently a single global one, but that later changes will be able to modify.
WebAssembly · Feb 4, 2025 · e25eb7f · e25eb7f
1 parent b4c6cb9
commit e25eb7f
Show file tree

Hide file tree

Showing 6 changed files with 190 additions and 132 deletions.
diff --git a/src/tools/CMakeLists.txt b/src/tools/CMakeLists.txt
@@ -3,6 +3,7 @@ FILE(GLOB fuzzing_HEADERS fuzzing/*h)
 set(fuzzing_SOURCES
   fuzzing/fuzzing.cpp
   fuzzing/heap-types.cpp
+  fuzzing/parameters.cpp
   fuzzing/random.cpp
   ${fuzzing_HEADERS}
 )

diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h
@@ -19,12 +19,6 @@
 // This is helpful for fuzzing.
 //
 
-/*
-high chance for set at start of loop
-  high chance of get of a set local in the scope of that scope
-    high chance of a tee in that case => loop var
-*/
-
 #include "ir/branch-utils.h"
 #include "ir/struct-utils.h"
 #include "support/insert_ordered.h"
@@ -61,9 +55,68 @@ struct BinaryArgs {
   Expression* c;
 };
 
+// params
+
+struct FuzzParams {
+  // The maximum amount of params to each function.
+  int MAX_PARAMS;
+
+  // The maximum amount of vars in each function.
+  int MAX_VARS;
+
+  // The maximum number of globals in a module.
+  int MAX_GLOBALS;
+
+  // The maximum number of tuple elements.
+  int MAX_TUPLE_SIZE;
+
+  // The maximum number of struct fields.
+  int MAX_STRUCT_SIZE;
+
+  // The maximum number of elements in an array.
+  int MAX_ARRAY_SIZE;
+
+  // The number of nontrivial heap types to generate.
+  int MIN_HEAPTYPES;
+  int MAX_HEAPTYPES;
+
+  // some things require luck, try them a few times
+  int TRIES;
+
+  // beyond a nesting limit, greatly decrease the chance to continue to nest
+  int NESTING_LIMIT;
+
+  // the maximum size of a block
+  int BLOCK_FACTOR;
+
+  // the memory that we use, a small portion so that we have a good chance of
+  // looking at writes (we also look outside of this region with small
+  // probability) this should be a power of 2
+  Address USABLE_MEMORY;
+
+  // the number of runtime iterations (function calls, loop backbranches) we
+  // allow before we stop execution with a trap, to prevent hangs. 0 means
+  // no hang protection.
+  int HANG_LIMIT;
+
+  // the maximum amount of new GC types (structs, etc.) to create
+  int MAX_NEW_GC_TYPES;
+
+  // the maximum amount of catches in each try (not including a catch-all, if
+  // present).
+  int MAX_TRY_CATCHES;
+
+  FuzzParams() { setDefaults(); }
+
+  void setDefaults();
+};
+
 // main reader
 
 class TranslateToFuzzReader {
+  static constexpr size_t VeryImportant = 4;
+  static constexpr size_t Important = 2;
+
 public:
   TranslateToFuzzReader(Module& wasm,
                         std::vector<char>&& input,
@@ -179,6 +232,27 @@ class TranslateToFuzzReader {
 
   FunctionCreationContext* funcContext = nullptr;
 
+  // The fuzzing parameters we use. This may change from function to function or
+  // even in a more refined manner, so we use an RAII context to manage it.
+  struct FuzzParamsContext : public FuzzParams {
+    TranslateToFuzzReader& parent;
+
+    FuzzParamsContext* old;
+
+    FuzzParamsContext(TranslateToFuzzReader& parent)
+      : parent(parent), old(parent.fuzzParams) {
+      parent.fuzzParams = this;
+    }
+
+    ~FuzzParamsContext() { parent.fuzzParams = old; }
+  };
+
+  FuzzParamsContext* fuzzParams = nullptr;
+
+  // The default global context we use throughout the process (unless it is
+  // overridden using another context in an RAII manner).
+  std::unique_ptr<FuzzParamsContext> globalParams;
+
 public:
   int nesting = 0;