-
Notifications
You must be signed in to change notification settings - Fork 756
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fuzzer: Log locals and values referred to from locals #6913
base: main
Are you sure you want to change the base?
Conversation
return makeLoggingCall(builder.makeLocalGet(index, type)); | ||
} | ||
|
||
if (type.isRef()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about inverting this condition to save a level of nesting on most of the following code?
auto& fields = heapType.getStruct().fields; | ||
if (!fields.empty()) { | ||
auto fieldIndex = upTo(fields.size()); | ||
auto fieldType = fields[fieldIndex].type; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think it's worth linearly searching from this random starting index looking for the first loggable field? We could also do a breadth-first search on the type graph looking for a loggable type.
// If the ref is null, log a random integer. The randomness is to | ||
// avoid the risk of colliding with the value logged in the other | ||
// arm. | ||
auto* whenNull = makeLoggingCall(makeConst(Type::i32)); | ||
return builder.makeIf(isNullCheck, whenNull, whenNonNull); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could also unconditionally log the result of the null check, followed by a conditional log of the field without an else arm in the if.
Logging values is important in the fuzzer as the loggings are observable
effects that we can then compare to other VMs and after optimizations.
Previously we logged random things, which had some chance to pick
useful data, but it makes sense to focus on sensitive values such as locals.
By logging locals, we get a higher chance to notice when a bad change to a
local happens.
If the local is a reference then we can't log its value, but we can log if it is
null at least. We can also try to find a field that is loggable, if it is a reference
to a struct.