T0b1/regalloc2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fuzzing function generator: bound the debug-labels size. (#73)

Browse Source 
Currently there is a loop that takes a variable step toward an end point
with an integer from `Arbitrary`; if this integer is always zero (for
example due to end-of-input?) then we add debug labels to a particular
input SSA value forever. This eventually causes an OOM crash.  This PR
bounds the loop at a reasonable count (10) instead.
This commit is contained in:
Chris Fallin
2022-08-31 10:10:38 -07:00
committed by GitHub
parent ad39c66fe7
commit be47ac39e8
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/fuzzing/func.rs
View File

@@ -388,7 +388,10 @@ impl Func {
if bool::arbitrary(u)? { if bool::arbitrary(u)? {
let assumed_end_inst = 10 * num_blocks; let assumed_end_inst = 10 * num_blocks;
let mut start = u.int_in_range::<usize>(0..=assumed_end_inst)?; let mut start = u.int_in_range::<usize>(0..=assumed_end_inst)?;
while start < assumed_end_inst { for _ in 0..10 {
if start >= assumed_end_inst {
break;
}
let end = u.int_in_range::<usize>(start..=assumed_end_inst)?; let end = u.int_in_range::<usize>(start..=assumed_end_inst)?;
let label = u.int_in_range::<u32>(0..=100)?; let label = u.int_in_range::<u32>(0..=100)?;
builder.f.debug_value_labels.push(( builder.f.debug_value_labels.push((