cranelift-fuzzgen: Consume all trailing fuzz input (#4862)

But don't keep going once we've consumed it all.
2022-09-07 08:46:39 -07:00
parent 3d6d49daba
commit b8b2fadea8
1 changed files with 16 additions and 4 deletions
--- a/cranelift/fuzzgen/src/lib.rs
+++ b/cranelift/fuzzgen/src/lib.rs
@@ -137,11 +137,12 @@ where
        })
    }

-    fn generate_test_inputs(&mut self, signature: &Signature) -> Result<Vec<TestCaseInput>> {
-        let num_tests = self.u.int_in_range(self.config.test_case_inputs.clone())?;
-        let mut inputs = Vec::with_capacity(num_tests);
+    fn generate_test_inputs(mut self, signature: &Signature) -> Result<Vec<TestCaseInput>> {
+        let mut inputs = Vec::new();
+
+        loop {
+            let last_len = self.u.len();

-        for _ in 0..num_tests {
            let test_args = signature
                .params
                .iter()
@@ -149,6 +150,17 @@ where
                .collect::<Result<TestCaseInput>>()?;

            inputs.push(test_args);
+
+            // Continue generating input as long as we just consumed some of self.u. Otherwise
+            // we'll generate the same test input again and again, forever. Note that once self.u
+            // becomes empty we obviously can't consume any more of it, so this check is more
+            // general. Also note that we need to generate at least one input or the fuzz target
+            // won't actually test anything, so checking at the end of the loop is good, even if
+            // self.u is empty from the start and we end up with all zeros in test_args.
+            assert!(self.u.len() <= last_len);
+            if self.u.len() == last_len {
+                break;
+            }
        }

        Ok(inputs)