peterhuene opened PR #3780 from fuzz-pooling-allocator
to main
:
This PR adds support for generating configs with arbitrary instance
allocation strategies.With this, the pooling allocator will be fuzzed as part of the existing fuzz
targets.
peterhuene requested alexcrichton for a review on PR #3780.
fitzgen submitted PR review.
cfallin submitted PR review.
cfallin submitted PR review.
cfallin created PR review comment:
MAX_TABLES here?
In general it seems maybe there should be a
MAX_*
constant for each kind of entity (functions, tables, memories, globals) and then imported_[entity] and [entity] both lie in that range -- or otherwise, maybe a comment why some limits have specific bounds and others are genericMAXIMUM
?
peterhuene submitted PR review.
peterhuene created PR review comment:
I'll make this more consistent.
peterhuene updated PR #3780 from fuzz-pooling-allocator
to main
.
peterhuene submitted PR review.
peterhuene created PR review comment:
I've added constants for each type to make it clearer.
Note that for limits like
functions
, it denotes the _defined_ function limit and not the total function limit, thusimported_functions
isn't bound in the range(0..=MAX_FUNCTIONS)
, for example.
peterhuene updated PR #3780 from fuzz-pooling-allocator
to main
.
peterhuene updated PR #3780 from fuzz-pooling-allocator
to main
.
peterhuene updated PR #3780 from fuzz-pooling-allocator
to main
.
peterhuene requested fitzgen for a review on PR #3780.
peterhuene requested cfallin for a review on PR #3780.
peterhuene edited PR #3780 from fuzz-pooling-allocator
to main
:
This PR adds support for generating configs with arbitrary instance
allocation strategies.With this, the pooling allocator will be fuzzed as part of the existing fuzz
targets and also with the newpooling
fuzz target.
alexcrichton submitted PR review.
alexcrichton submitted PR review.
alexcrichton created PR review comment:
Was this necessary to split out the memory configuration like this? I figured we'd just ignore irrelevant settings with the pooling allocator but I wouldn't be surprised if sanity checks prevented some of this
alexcrichton created PR review comment:
I think that we should be able to relatively easily control the limits on the wasm-smith-generated-module, could one of the methods on
Config
automatically apply the configuration of the pooling allocator to the wasm-smith module limits perhaps?(that'd avoid the need to duplicate this error handling below as well)
alexcrichton created PR review comment:
I would naively expect that fuzzing here with the on-demand allocator would be fine, so could this be removed to naturally fuzz with both given the config generated above?
peterhuene submitted PR review.
peterhuene created PR review comment:
The pooling allocator does check if
memory_pages
in the configured module limit exceeds the static memory bound and will fail the creation of the engine when that is the case.I can make this less verbose, at least, by only setting
static_memory_maximum_size
in either branch based on the strategy being on-demand.
alexcrichton submitted PR review.
alexcrichton created PR review comment:
Would it be possible to massage the configuration settings to be correct for cases like that? Such as tweaking the instantiation limit bounds or these arguments to be the minimum of each one or something like that.
peterhuene submitted PR review.
peterhuene created PR review comment:
So we can't completely avoid this check as currently there's no way to constrain table type minimums in
wasm-smith
like we can with memory types. The pooling instance allocator may place limits on the maximum elements in a table and will error if a table type has a minimum that exceeds the allocator's limit.I have some changes that makes hitting this error much less likely where we constraint the generated module based on the arbitrary pooling limits (if arbitrarily configured to use pooling), but we'll need to update
wasm-smith
to fully remove these two checks, I believe.
peterhuene edited PR review comment.
peterhuene edited PR review comment.
peterhuene created PR review comment:
This will be removed and we'll fuzz on any arbitrary strategy (the target has subsequently been renamed to
instantiate-many
).
peterhuene submitted PR review.
peterhuene edited PR #3780 from fuzz-pooling-allocator
to main
:
This PR adds support for generating configs with arbitrary instance
allocation strategies.With this, the pooling allocator will be fuzzed as part of the existing fuzz
targets and also with the newinstantiate-many
fuzz target.
peterhuene updated PR #3780 from fuzz-pooling-allocator
to main
.
peterhuene requested alexcrichton for a review on PR #3780.
cfallin submitted PR review.
peterhuene updated PR #3780 from fuzz-pooling-allocator
to main
.
alexcrichton submitted PR review.
alexcrichton created PR review comment:
I'm a little worried about this change in that above there's a
.min(0x1000..)
to I think make the cap still the same but randomly choosing a 64-bit number seems like it'll almost always use the 0x1000.. limit instead of something smaller? Overall I'm wondering if this 64-bit space heavily weights the fuzzing to always choose the same result and whether that has an affect.
alexcrichton submitted PR review.
peterhuene submitted PR review.
peterhuene created PR review comment:
That's an excellent point. Let me fix that.
peterhuene updated PR #3780 from fuzz-pooling-allocator
to main
.
peterhuene submitted PR review.
peterhuene created PR review comment:
Fixed with latest push.
peterhuene updated PR #3780 from fuzz-pooling-allocator
to main
.
peterhuene merged PR #3780.
Last updated: Dec 23 2024 at 12:05 UTC