afonso360 opened issue #5816:
:wave: Hey,
Feature
Our cranelift-fuzzgen library should allow generating random ISA flags for each target.
Benefit
This allows us to test multiple implementations of the same cranelift instruction, if some ISA extension is available. For example fuzzgen currently never covers the new instructions added in #5795 since we never turn on AVX. We always stick to the defaults.
Implementation
We currently have two fuzz targets using the
cranelift-fuzzgen
library. (icache
andfuzzgen
).
icache
cross compiles a function into a given target architecture but never executes it. For this target we should allow all existing extensions to be enabled.fuzzgen
compiles and executes the code, thus we need to usecranelift-native
to query which extensions are available in the current fuzzing host, and only allow those to be enabled.Additionally we can't start from an empty set of ISA flags, we must start from the default ISA flags for that architecture. This is due to
the x64 backend requiringsse3
/sse4.1
andsse4.2
to lower some instructions and we don't have fallback lowerings so those would panic if we start from the empty set and not turn those on.We should largely be able to query existing extensions from the ISA and turn on random ISA flags. However there are some flags that we must specially handle such as
aarch64
'ssign_return_address_with_bkey
, this is platform specific, and we can't just randomly enable that on fuzzgen. That is the only flag that I'm aware that could cause issues.Alternatives
Wasmtime's fuzzers already covers some of this, but can't reach all of the instructions that fuzzgen generates so there would still be value there.
afonso360 labeled issue #5816:
:wave: Hey,
Feature
Our cranelift-fuzzgen library should allow generating random ISA flags for each target.
Benefit
This allows us to test multiple implementations of the same cranelift instruction, if some ISA extension is available. For example fuzzgen currently never covers the new instructions added in #5795 since we never turn on AVX. We always stick to the defaults.
Implementation
We currently have two fuzz targets using the
cranelift-fuzzgen
library. (icache
andfuzzgen
).
icache
cross compiles a function into a given target architecture but never executes it. For this target we should allow all existing extensions to be enabled.fuzzgen
compiles and executes the code, thus we need to usecranelift-native
to query which extensions are available in the current fuzzing host, and only allow those to be enabled.Additionally we can't start from an empty set of ISA flags, we must start from the default ISA flags for that architecture. This is due to
the x64 backend requiringsse3
/sse4.1
andsse4.2
to lower some instructions and we don't have fallback lowerings so those would panic if we start from the empty set and not turn those on.We should largely be able to query existing extensions from the ISA and turn on random ISA flags. However there are some flags that we must specially handle such as
aarch64
'ssign_return_address_with_bkey
, this is platform specific, and we can't just randomly enable that on fuzzgen. That is the only flag that I'm aware that could cause issues.Alternatives
Wasmtime's fuzzers already covers some of this, but can't reach all of the instructions that fuzzgen generates so there would still be value there.
afonso360 edited issue #5816:
:wave: Hey,
Feature
Our cranelift-fuzzgen library should allow generating random ISA flags for each target.
Benefit
This allows us to test multiple implementations of the same cranelift instruction, if some ISA extension is available. For example fuzzgen currently never covers the new instructions added in #5795 since we never turn on AVX. We always stick to the defaults.
Implementation
We currently have two fuzz targets using the
cranelift-fuzzgen
library. (icache
andfuzzgen
).
icache
cross compiles a function into a given target architecture but never executes it. For this target we should allow all existing extensions to be enabled.fuzzgen
compiles and executes the code, thus we need to usecranelift-native
to query which extensions are available in the current fuzzing host, and only allow those to be enabled.Additionally we can't start from an empty set of ISA flags, we must start from the default ISA flags for that architecture. This is due to the x64 backend requiring
sse3
/sse4.1
andsse4.2
to lower some instructions and we don't have fallback lowerings so those would panic if we start from the empty set and not turn those on.We should largely be able to query existing extensions from the ISA and turn on random ISA flags. However there are some flags that we must specially handle such as
aarch64
'ssign_return_address_with_bkey
, this is platform specific, and we can't just randomly enable that on fuzzgen. That is the only flag that I'm aware that could cause issues.Alternatives
Wasmtime's fuzzers already covers some of this, but can't reach all of the instructions that fuzzgen generates so there would still be value there.
alexcrichton commented on issue #5816:
While not exactly applicable to cranelift-fuzzgen this is Wasmtime's implementation of selection here. Wasmtime's goal is to run the code so it ends up duplicating the logic in
cranelift-native
for mapping between Rust-standard-library feature names and Cranelift feature names.
afonso360 closed issue #5816:
:wave: Hey,
Feature
Our cranelift-fuzzgen library should allow generating random ISA flags for each target.
Benefit
This allows us to test multiple implementations of the same cranelift instruction, if some ISA extension is available. For example fuzzgen currently never covers the new instructions added in #5795 since we never turn on AVX. We always stick to the defaults.
Implementation
We currently have two fuzz targets using the
cranelift-fuzzgen
library. (icache
andfuzzgen
).
icache
cross compiles a function into a given target architecture but never executes it. For this target we should allow all existing extensions to be enabled.fuzzgen
compiles and executes the code, thus we need to usecranelift-native
to query which extensions are available in the current fuzzing host, and only allow those to be enabled.Additionally we can't start from an empty set of ISA flags, we must start from the default ISA flags for that architecture. This is due to the x64 backend requiring
sse3
/sse4.1
andsse4.2
to lower some instructions and we don't have fallback lowerings so those would panic if we start from the empty set and not turn those on.We should largely be able to query existing extensions from the ISA and turn on random ISA flags. However there are some flags that we must specially handle such as
aarch64
'ssign_return_address_with_bkey
, this is platform specific, and we can't just randomly enable that on fuzzgen. That is the only flag that I'm aware that could cause issues.Alternatives
Wasmtime's fuzzers already covers some of this, but can't reach all of the instructions that fuzzgen generates so there would still be value there.
Last updated: Dec 23 2024 at 12:05 UTC