Add array generation to wiggle-generate crate (#9)
* Add array generation to wiggle-generate crate This commit: * adds array generation to `wiggle-generate` crate which implies that we can now generate arrays from `witx` files * introduces two test interface functions `foo::reduce_excuses` and `foo::populate_excuses`, and adds matching prop-tests * adds an out-of-boundary check to `HostMemory::mem_area_strat` since now, given we're generating arrays for testing with an arbitrary but bounded number of elements, it is possible to violate the boundary * refactors `Region::extend` to a new signature `extend(times: u32)` which multiplies the current pointer `len` by `times` * fixes bug in `GuestArray::as_ref` and `GuestArrayMut::as_ref_mut` methods where we were not validating the first element (we always started the validation from the second element) * Fix generation of arrays in witx This commit fixes how `arrays` are auto-generated from `witx` files. In particular, the changes include: * Since by design every `array` in `witx` represents an immutable slab of memory, we will only ever operate on `GuestArray` in which case I've gone ahead and removed `GuestArrayMut` so as to unclutter the code somewhat. If we find ourselves in need for it in the future, I reckon it will be better to write it from scratch (since the codebase will inevitably evolve by then considerably) rather than maintaining an unused implementation. * I've rewritten `GuestArrayRef<T>` to be a wrapper for `Vec<GuestRef<T>>`. Also, `GuestArray::as_ref` now borrows each underlying "element" of the array one-by-one rather than borrowing the entire chunk of memory at once. This change is motivated by the inability to coerce type parameter `T` in `GuestArray<T>` in more complicated cases such as arrays of guest pointers `GuestPtr<T>` to `*const T` for reuse in `std::slice::from_raw_parts` call. (In general, the size of Wasm32 pointer is 4 bytes, while ``` std::mem::size_of::<T>() == std::mem::size_of::<GuestPtr<S>>() == 16 ``` which is problematic; i.e., I can't see how I could properly extract guest pointers from slices of 4 bytes and at the same time not allocate.) * I've augmented fuzz tests by (re-)defining two `array` types: ``` (typename $const_excuse_array (array (@witx const_pointer $excuse))) (typename $excuse_array (array (@witx pointer $excuse))) ``` This should hopefully emulate and test the `iovec` and `ciovec` arrays present in WASI spec.
This commit is contained in:
Jakub Konka
249
tests/main.rs
249
tests/main.rs
@@ -92,6 +92,39 @@ impl foo::Foo for WasiCtx {
|
||||
.expect("dereferncing GuestPtr should succeed");
|
||||
Ok(first as i64 + second as i64)
|
||||
}
|
||||
|
||||
fn reduce_excuses(
|
||||
&mut self,
|
||||
excuses: &types::ConstExcuseArray,
|
||||
) -> Result<types::Excuse, types::Errno> {
|
||||
let excuses = &*excuses
|
||||
.as_ref()
|
||||
.expect("dereferencing GuestArray should succeed");
|
||||
let last = excuses
|
||||
.last()
|
||||
.expect("input array is non-empty")
|
||||
.as_ptr()
|
||||
.read_ptr_from_guest()
|
||||
.expect("valid ptr to some Excuse value");
|
||||
Ok(*last.as_ref().expect("dereferencing ptr should succeed"))
|
||||
}
|
||||
|
||||
fn populate_excuses(&mut self, excuses: &types::ExcuseArray) -> Result<(), types::Errno> {
|
||||
let excuses = &*excuses
|
||||
.as_ref()
|
||||
.expect("dereferencing GuestArray should succeed");
|
||||
for excuse in excuses {
|
||||
let ptr_to_ptr = excuse
|
||||
.as_ptr()
|
||||
.read_ptr_from_guest()
|
||||
.expect("valid ptr to some Excuse value");
|
||||
let mut ptr = ptr_to_ptr
|
||||
.as_ref_mut()
|
||||
.expect("dereferencing mut ptr should succeed");
|
||||
*ptr = types::Excuse::Sleeping;
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
// Errno is used as a first return value in the functions above, therefore
|
||||
// it must implement GuestErrorType with type Context = WasiCtx.
|
||||
@@ -125,10 +158,14 @@ impl HostMemory {
|
||||
}
|
||||
pub fn mem_area_strat(align: u32) -> BoxedStrategy<MemArea> {
|
||||
prop::num::u32::ANY
|
||||
.prop_map(move |p| {
|
||||
.prop_filter_map("needs to fit in memory", move |p| {
|
||||
let p_aligned = p - (p % align); // Align according to argument
|
||||
let ptr = p_aligned % 4096; // Put inside memory
|
||||
MemArea { ptr, len: align }
|
||||
if ptr + align < 4096 {
|
||||
Some(MemArea { ptr, len: align })
|
||||
} else {
|
||||
None
|
||||
}
|
||||
})
|
||||
.boxed()
|
||||
}
|
||||
@@ -148,12 +185,12 @@ fn overlapping(a: &MemArea, b: &MemArea) -> bool {
|
||||
// a_range is all elems in A
|
||||
let a_range = std::ops::Range {
|
||||
start: a.ptr,
|
||||
end: a.ptr + a.len - 1,
|
||||
end: a.ptr + a.len, // std::ops::Range is open from the right
|
||||
};
|
||||
// b_range is all elems in B
|
||||
let b_range = std::ops::Range {
|
||||
start: b.ptr,
|
||||
end: b.ptr + b.len - 1,
|
||||
end: b.ptr + b.len,
|
||||
};
|
||||
// No element in B is contained in A:
|
||||
for b_elem in b_range.clone() {
|
||||
@@ -542,3 +579,207 @@ proptest! {
|
||||
e.test()
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
struct ReduceExcusesExcercise {
|
||||
excuse_values: Vec<types::Excuse>,
|
||||
excuse_ptr_locs: Vec<MemArea>,
|
||||
array_ptr_loc: MemArea,
|
||||
array_len_loc: MemArea,
|
||||
return_ptr_loc: MemArea,
|
||||
}
|
||||
|
||||
impl ReduceExcusesExcercise {
|
||||
pub fn strat() -> BoxedStrategy<Self> {
|
||||
(1..256u32)
|
||||
.prop_flat_map(|len| {
|
||||
let len_usize = len as usize;
|
||||
(
|
||||
proptest::collection::vec(excuse_strat(), len_usize..=len_usize),
|
||||
proptest::collection::vec(HostMemory::mem_area_strat(4), len_usize..=len_usize),
|
||||
HostMemory::mem_area_strat(4 * len),
|
||||
HostMemory::mem_area_strat(4),
|
||||
HostMemory::mem_area_strat(4),
|
||||
)
|
||||
})
|
||||
.prop_map(
|
||||
|(excuse_values, excuse_ptr_locs, array_ptr_loc, array_len_loc, return_ptr_loc)| {
|
||||
Self {
|
||||
excuse_values,
|
||||
excuse_ptr_locs,
|
||||
array_ptr_loc,
|
||||
array_len_loc,
|
||||
return_ptr_loc,
|
||||
}
|
||||
},
|
||||
)
|
||||
.prop_filter("non-overlapping pointers", |e| {
|
||||
let mut all = vec![&e.array_ptr_loc, &e.array_len_loc, &e.return_ptr_loc];
|
||||
all.extend(e.excuse_ptr_locs.iter());
|
||||
non_overlapping_set(&all)
|
||||
})
|
||||
.boxed()
|
||||
}
|
||||
|
||||
pub fn test(&self) {
|
||||
let mut ctx = WasiCtx::new();
|
||||
let mut host_memory = HostMemory::new();
|
||||
let mut guest_memory = GuestMemory::new(host_memory.as_mut_ptr(), host_memory.len() as u32);
|
||||
|
||||
// Populate memory with pointers to generated Excuse values
|
||||
for (&excuse, ptr) in self.excuse_values.iter().zip(self.excuse_ptr_locs.iter()) {
|
||||
*guest_memory
|
||||
.ptr_mut(ptr.ptr)
|
||||
.expect("ptr mut to Excuse value")
|
||||
.as_ref_mut()
|
||||
.expect("deref ptr mut to Excuse value") = excuse;
|
||||
}
|
||||
|
||||
// Populate array length info
|
||||
*guest_memory
|
||||
.ptr_mut(self.array_len_loc.ptr)
|
||||
.expect("ptr to array len")
|
||||
.as_ref_mut()
|
||||
.expect("deref ptr mut to array len") = self.excuse_ptr_locs.len() as u32;
|
||||
|
||||
// Populate the array with pointers to generated Excuse values
|
||||
{
|
||||
let mut next: GuestPtrMut<'_, GuestPtr<types::Excuse>> = guest_memory
|
||||
.ptr_mut(self.array_ptr_loc.ptr)
|
||||
.expect("ptr to array mut");
|
||||
for ptr in &self.excuse_ptr_locs {
|
||||
next.write_ptr_to_guest(
|
||||
&guest_memory
|
||||
.ptr::<types::Excuse>(ptr.ptr)
|
||||
.expect("ptr to Excuse value"),
|
||||
);
|
||||
next = next.elem(1).expect("increment ptr by 1");
|
||||
}
|
||||
}
|
||||
|
||||
let res = foo::reduce_excuses(
|
||||
&mut ctx,
|
||||
&mut guest_memory,
|
||||
self.array_ptr_loc.ptr as i32,
|
||||
self.array_len_loc.ptr as i32,
|
||||
self.return_ptr_loc.ptr as i32,
|
||||
);
|
||||
|
||||
assert_eq!(res, types::Errno::Ok.into(), "reduce excuses errno");
|
||||
|
||||
let expected = *self
|
||||
.excuse_values
|
||||
.last()
|
||||
.expect("generated vec of excuses should be non-empty");
|
||||
let given: types::Excuse = *guest_memory
|
||||
.ptr(self.return_ptr_loc.ptr)
|
||||
.expect("ptr to returned value")
|
||||
.as_ref()
|
||||
.expect("deref ptr to returned value");
|
||||
assert_eq!(expected, given, "reduce excuses return val");
|
||||
}
|
||||
}
|
||||
proptest! {
|
||||
#[test]
|
||||
fn reduce_excuses(e in ReduceExcusesExcercise::strat()) {
|
||||
e.test()
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
struct PopulateExcusesExcercise {
|
||||
array_ptr_loc: MemArea,
|
||||
array_len_loc: MemArea,
|
||||
elements: Vec<MemArea>,
|
||||
}
|
||||
|
||||
impl PopulateExcusesExcercise {
|
||||
pub fn strat() -> BoxedStrategy<Self> {
|
||||
(1..256u32)
|
||||
.prop_flat_map(|len| {
|
||||
let len_usize = len as usize;
|
||||
(
|
||||
HostMemory::mem_area_strat(4 * len),
|
||||
HostMemory::mem_area_strat(4),
|
||||
proptest::collection::vec(HostMemory::mem_area_strat(4), len_usize..=len_usize),
|
||||
)
|
||||
})
|
||||
.prop_map(|(array_ptr_loc, array_len_loc, elements)| Self {
|
||||
array_ptr_loc,
|
||||
array_len_loc,
|
||||
elements,
|
||||
})
|
||||
.prop_filter("non-overlapping pointers", |e| {
|
||||
let mut all = vec![&e.array_ptr_loc, &e.array_len_loc];
|
||||
all.extend(e.elements.iter());
|
||||
non_overlapping_set(&all)
|
||||
})
|
||||
.boxed()
|
||||
}
|
||||
|
||||
pub fn test(&self) {
|
||||
let mut ctx = WasiCtx::new();
|
||||
let mut host_memory = HostMemory::new();
|
||||
let mut guest_memory = GuestMemory::new(host_memory.as_mut_ptr(), host_memory.len() as u32);
|
||||
|
||||
// Populate array length info
|
||||
*guest_memory
|
||||
.ptr_mut(self.array_len_loc.ptr)
|
||||
.expect("ptr mut to array len")
|
||||
.as_ref_mut()
|
||||
.expect("deref ptr mut to array len") = self.elements.len() as u32;
|
||||
|
||||
// Populate array with valid pointers to Excuse type in memory
|
||||
{
|
||||
let mut next: GuestPtrMut<'_, GuestPtrMut<types::Excuse>> = guest_memory
|
||||
.ptr_mut(self.array_ptr_loc.ptr)
|
||||
.expect("ptr mut to the first element of array");
|
||||
for ptr in &self.elements {
|
||||
next.write_ptr_to_guest(
|
||||
&guest_memory
|
||||
.ptr_mut::<types::Excuse>(ptr.ptr)
|
||||
.expect("ptr mut to Excuse value"),
|
||||
);
|
||||
next = next.elem(1).expect("increment ptr by 1");
|
||||
}
|
||||
}
|
||||
|
||||
let res = foo::populate_excuses(
|
||||
&mut ctx,
|
||||
&mut guest_memory,
|
||||
self.array_ptr_loc.ptr as i32,
|
||||
self.array_len_loc.ptr as i32,
|
||||
);
|
||||
assert_eq!(res, types::Errno::Ok.into(), "populate excuses errno");
|
||||
|
||||
let arr = {
|
||||
let ptr: GuestPtr<'_, GuestPtr<'_, types::Excuse>> = guest_memory
|
||||
.ptr(self.array_ptr_loc.ptr)
|
||||
.expect("ptr to the first element of array");
|
||||
&*ptr
|
||||
.array(self.elements.len() as u32)
|
||||
.expect("as array")
|
||||
.as_ref()
|
||||
.expect("deref to &[]")
|
||||
};
|
||||
for el in arr {
|
||||
let ptr_to_ptr = el
|
||||
.as_ptr()
|
||||
.read_ptr_from_guest()
|
||||
.expect("valid ptr to some Excuse value");
|
||||
assert_eq!(
|
||||
*ptr_to_ptr
|
||||
.as_ref()
|
||||
.expect("dereferencing ptr to some Excuse value"),
|
||||
types::Excuse::Sleeping,
|
||||
"element should equal Excuse::Sleeping"
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
proptest! {
|
||||
#[test]
|
||||
fn populate_excuses(e in PopulateExcusesExcercise::strat()) {
|
||||
e.test()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,6 +25,9 @@
|
||||
(typename $named_ptr (@witx pointer f32))
|
||||
(typename $named_ptr_to_ptr (@witx pointer (@witx pointer f64)))
|
||||
|
||||
(typename $const_excuse_array (array (@witx const_pointer $excuse)))
|
||||
(typename $excuse_array (array (@witx pointer $excuse)))
|
||||
|
||||
(module $foo
|
||||
(@interface func (export "bar")
|
||||
(param $an_int u32)
|
||||
@@ -48,4 +51,13 @@
|
||||
(param $an_pair $pair_int_ptrs)
|
||||
(result $error $errno)
|
||||
(result $doubled s64))
|
||||
(@interface func (export "reduce_excuses")
|
||||
(param $excuses $const_excuse_array)
|
||||
(result $error $errno)
|
||||
(result $reduced $excuse)
|
||||
)
|
||||
(@interface func (export "populate_excuses")
|
||||
(param $excuses $excuse_array)
|
||||
(result $error $errno)
|
||||
)
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user