[JSC] Add dump feature for RandomizingFuzzerAgent
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Apr 2019 01:28:49 +0000 (01:28 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Apr 2019 01:28:49 +0000 (01:28 +0000)
https://bugs.webkit.org/show_bug.cgi?id=196586

Reviewed by Saam Barati.

Towards deterministic tests for the results from randomizing fuzzer agent, this patch adds Options::dumpRandomizingFuzzerAgentPredictions, which dumps the generated types.
The results is like this.

    getPrediction name:(#C2q9xD),bytecodeIndex:(22),original:(Array),generated:(OtherObj|Array|Float64Array|BigInt|NonIntAsDouble)
    getPrediction name:(makeUnwriteableUnconfigurableObject#AiEJv1),bytecodeIndex:(14),original:(OtherObj),generated:(Final|Uint8Array|Float64Array|SetObject|WeakSetObject|BigInt|NonIntAsDouble)

* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
* runtime/Options.h:
* runtime/RandomizingFuzzerAgent.cpp:
(JSC::RandomizingFuzzerAgent::getPrediction):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243843 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/Options.cpp
Source/JavaScriptCore/runtime/Options.h
Source/JavaScriptCore/runtime/RandomizingFuzzerAgent.cpp

index 2d24864..7dfe278 100644 (file)
@@ -1,3 +1,22 @@
+2019-04-03  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Add dump feature for RandomizingFuzzerAgent
+        https://bugs.webkit.org/show_bug.cgi?id=196586
+
+        Reviewed by Saam Barati.
+
+        Towards deterministic tests for the results from randomizing fuzzer agent, this patch adds Options::dumpRandomizingFuzzerAgentPredictions, which dumps the generated types.
+        The results is like this.
+
+            getPrediction name:(#C2q9xD),bytecodeIndex:(22),original:(Array),generated:(OtherObj|Array|Float64Array|BigInt|NonIntAsDouble)
+            getPrediction name:(makeUnwriteableUnconfigurableObject#AiEJv1),bytecodeIndex:(14),original:(OtherObj),generated:(Final|Uint8Array|Float64Array|SetObject|WeakSetObject|BigInt|NonIntAsDouble)
+
+        * runtime/Options.cpp:
+        (JSC::recomputeDependentOptions):
+        * runtime/Options.h:
+        * runtime/RandomizingFuzzerAgent.cpp:
+        (JSC::RandomizingFuzzerAgent::getPrediction):
+
 2019-04-03  Myles C. Maxfield  <mmaxfield@apple.com>
 
         -apple-trailing-word is needed for browser detection
index ea8b90a..8e8d3ae 100644 (file)
@@ -451,7 +451,8 @@ static void recomputeDependentOptions()
         || Options::logPhaseTimes()
         || Options::verboseCFA()
         || Options::verboseDFGFailure()
-        || Options::verboseFTLFailure())
+        || Options::verboseFTLFailure()
+        || Options::dumpRandomizingFuzzerAgentPredictions())
         Options::alwaysComputeHash() = true;
     
     if (!Options::useConcurrentGC())
index 9837989..24206e4 100644 (file)
@@ -436,6 +436,7 @@ constexpr bool enableWebAssemblyStreamingApi = false;
     \
     v(bool, useRandomizingFuzzerAgent, false, Normal, nullptr) \
     v(unsigned, seedOfRandomizingFuzzerAgent, 1, Normal, nullptr) \
+    v(bool, dumpRandomizingFuzzerAgentPredictions, false, Normal, nullptr) \
     \
     v(bool, logPhaseTimes, false, Normal, nullptr) \
     v(double, rareBlockPenalty, 0.001, Normal, nullptr) \
index 747ad6a..83e5c50 100644 (file)
@@ -33,13 +33,15 @@ RandomizingFuzzerAgent::RandomizingFuzzerAgent(VM&)
 {
 }
 
-SpeculatedType RandomizingFuzzerAgent::getPrediction(CodeBlock*, int, SpeculatedType)
+SpeculatedType RandomizingFuzzerAgent::getPrediction(CodeBlock* codeBlock, int bytecodeIndex, SpeculatedType original)
 {
     auto locker = holdLock(m_lock);
     uint32_t high = m_random.getUint32();
     uint32_t low = m_random.getUint32();
-    uint64_t result = (static_cast<uint64_t>(high) << 32) | low;
-    return static_cast<SpeculatedType>(result) & SpecFullTop;
+    SpeculatedType generated = static_cast<SpeculatedType>((static_cast<uint64_t>(high) << 32) | low) & SpecFullTop;
+    if (Options::dumpRandomizingFuzzerAgentPredictions())
+        dataLogLn("getPrediction name:(", codeBlock->inferredName(), "#", codeBlock->hashAsStringIfPossible(), "),bytecodeIndex:(", bytecodeIndex, "),original:(", SpeculationDump(original), "),generated:(", SpeculationDump(generated), ")");
+    return generated;
 }
 
 } // namespace JSC