Skip to content

[Stack Switching] Improve cont.bind fuzzing#8500

Open
kripken wants to merge 18 commits intoWebAssembly:mainfrom
kripken:cont.bind.fuzz
Open

[Stack Switching] Improve cont.bind fuzzing#8500
kripken wants to merge 18 commits intoWebAssembly:mainfrom
kripken:cont.bind.fuzz

Conversation

@kripken
Copy link
Member

@kripken kripken commented Mar 19, 2026

  • Pick a signature from the known interesting types.
  • Pick a continuation type using that signature.

@kripken kripken requested a review from tlively March 19, 2026 23:52
@kripken kripken requested a review from a team as a code owner March 19, 2026 23:52
tlively
tlively reviewed Mar 20, 2026
View reviewed changes
src/tools/fuzzing/fuzzing.cpp Outdated
auto newCont = Continuation(newSig);
auto newType = Type(newCont, NonNullable, Exact);
std::vector<Expression*> newArgs{make(newParam)};
auto numOldParams = sig.params.size();
Copy link
Member

@tlively tlively Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be numNewParams, since it's the number of parameters of the new continuation cont.bind creates? Maybe "input" and "output" would be clearer than "new" and "old."

Copy link
Member Author

@kripken kripken Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good, renamed to input/output.

src/tools/fuzzing/fuzzing.cpp Outdated
Comment on lines +5474 to +5477
if (pickedSig.results != sig.results) {
// Results must match.
continue;
}
Copy link
Member

@tlively tlively Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WDYT about filtering out impossible signatures before picking? We could memoize the results to avoid pathological repeated work.

Copy link
Member Author

@kripken kripken Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea, and probably fast enough without memoizing. Done.

src/tools/fuzzing/fuzzing.cpp Outdated
auto numAddedParams = numNewParams - numOldParams;
bool bad = false;
for (Index i = 0; i < numOldParams; i++) {
if (pickedSig.params[numAddedParams + i] != sig.params[i]) {
Copy link
Member

@tlively tlively Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should allow for subtyping in one direction or the other. The params of the output signature should be subtypes of the corresponding params of the input signature.

Copy link
Member Author

@kripken kripken Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

tlively
tlively reviewed Mar 20, 2026
View reviewed changes
src/tools/fuzzing/fuzzing.cpp Outdated
Comment on lines +5488 to +5501
if (numinputParams < numOutputParams) {
// Too short.
continue;
}
// Ignoring the input params at the start, compare the tails.
auto numAddedParams = numinputParams - numOutputParams;
bool bad = false;
for (Index i = 0; i < numOutputParams; i++) {
if (!Type::isSubType(outputSig.params[i],
pickedSig.params[numAddedParams + i])) {
bad = true;
break;
}
}
Copy link
Member

@tlively tlively Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This filtering can be moved up, too. Then we won't need to try to find an appropriate signature multiple times at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tlively tlively tlively left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kripken @tlively