wasm-smith: Generate "interesting" constants (#1454)

* wasm-smith: Generate "interesting" constants

* review

Author: fitzgen

crates/wasm-smith/src/core.rs

@@ -146,6 +146,11 @@ pub struct Module {
 
     /// What the maximum type index that can be referenced is.
     max_type_limit: MaxTypeLimit,
+
+    /// Some known-interesting values, such as powers of two, values just before
+    /// or just after a memory size, etc...
+    interesting_values32: Vec<u32>,
+    interesting_values64: Vec<u64>,
 }
 
 impl<'a> Arbitrary<'a> for Module {
@@ -232,6 +237,8 @@ impl Module {
             export_names: HashSet::new(),
             const_expr_choices: Vec::new(),
             max_type_limit: MaxTypeLimit::ModuleTypes,
+            interesting_values32: Vec::new(),
+            interesting_values64: Vec::new(),
         }
     }
 }
@@ -2039,6 +2046,8 @@ impl Module {
     }
 
     fn arbitrary_code(&mut self, u: &mut Unstructured) -> Result<()> {
+        self.compute_interesting_values();
+
         self.code.reserve(self.num_defined_funcs);
         let mut allocs = CodeBuilderAllocations::new(self, self.config.exports.is_some());
         for (_, ty) in self.funcs[self.funcs.len() - self.num_defined_funcs..].iter() {
@@ -2224,6 +2233,170 @@ impl Module {
                 }
             })
     }
+
+    fn compute_interesting_values(&mut self) {
+        debug_assert!(self.interesting_values32.is_empty());
+        debug_assert!(self.interesting_values64.is_empty());
+
+        let mut interesting_values32 = HashSet::new();
+        let mut interesting_values64 = HashSet::new();
+
+        let mut interesting = |val: u64| {
+            interesting_values32.insert(val as u32);
+            interesting_values64.insert(val);
+        };
+
+        // Zero is always interesting.
+        interesting(0);
+
+        // Max values are always interesting.
+        interesting(u8::MAX as _);
+        interesting(u16::MAX as _);
+        interesting(u32::MAX as _);
+        interesting(u64::MAX);
+
+        // Min values are always interesting.
+        interesting(i8::MIN as _);
+        interesting(i16::MIN as _);
+        interesting(i32::MIN as _);
+        interesting(i64::MIN as _);
+
+        for i in 0..64 {
+            // Powers of two.
+            interesting(1 << i);
+
+            // Inverted powers of two.
+            interesting(!(1 << i));
+
+            // Powers of two minus one, AKA high bits unset and low bits set.
+            interesting((1 << i) - 1);
+
+            // Negative powers of two, AKA high bits set and low bits unset.
+            interesting(((1_i64 << 63) >> i) as _);
+        }
+
+        // Some repeating bit patterns.
+        for pattern in [0b01010101, 0b00010001, 0b00010001, 0b00000001] {
+            for b in [pattern, !pattern] {
+                interesting(u64::from_ne_bytes([b, b, b, b, b, b, b, b]));
+            }
+        }
+
+        // Interesting float values.
+        let mut interesting_f64 = |x: f64| interesting(x.to_bits());
+        interesting_f64(0.0);
+        interesting_f64(-0.0);
+        interesting_f64(f64::INFINITY);
+        interesting_f64(f64::NEG_INFINITY);
+        interesting_f64(f64::EPSILON);
+        interesting_f64(-f64::EPSILON);
+        interesting_f64(f64::MIN);
+        interesting_f64(f64::MIN_POSITIVE);
+        interesting_f64(f64::MAX);
+        interesting_f64(f64::NAN);
+        let mut interesting_f32 = |x: f32| interesting(x.to_bits() as _);
+        interesting_f32(0.0);
+        interesting_f32(-0.0);
+        interesting_f32(f32::INFINITY);
+        interesting_f32(f32::NEG_INFINITY);
+        interesting_f32(f32::EPSILON);
+        interesting_f32(-f32::EPSILON);
+        interesting_f32(f32::MIN);
+        interesting_f32(f32::MIN_POSITIVE);
+        interesting_f32(f32::MAX);
+        interesting_f32(f32::NAN);
+
+        // Interesting values related to table bounds.
+        for t in self.tables.iter() {
+            interesting(t.minimum as _);
+            if let Some(x) = t.minimum.checked_add(1) {
+                interesting(x as _);
+            }
+
+            if let Some(x) = t.maximum {
+                interesting(x as _);
+                if let Some(y) = x.checked_add(1) {
+                    interesting(y as _);
+                }
+            }
+        }
+
+        // Interesting values related to memory bounds.
+        for m in self.memories.iter() {
+            let min = m.minimum.saturating_mul(crate::WASM_PAGE_SIZE);
+            interesting(min);
+            for i in 0..5 {
+                if let Some(x) = min.checked_add(1 << i) {
+                    interesting(x);
+                }
+                if let Some(x) = min.checked_sub(1 << i) {
+                    interesting(x);
+                }
+            }
+
+            if let Some(max) = m.maximum {
+                let max = max.saturating_mul(crate::WASM_PAGE_SIZE);
+                interesting(max);
+                for i in 0..5 {
+                    if let Some(x) = max.checked_add(1 << i) {
+                        interesting(x);
+                    }
+                    if let Some(x) = max.checked_sub(1 << i) {
+                        interesting(x);
+                    }
+                }
+            }
+        }
+
+        self.interesting_values32.extend(interesting_values32);
+        self.interesting_values64.extend(interesting_values64);
+
+        // Sort for determinism.
+        self.interesting_values32.sort();
+        self.interesting_values64.sort();
+    }
+
+    fn arbitrary_const_instruction(
+        &self,
+        ty: ValType,
+        u: &mut Unstructured<'_>,
+    ) -> Result<Instruction> {
+        debug_assert!(self.interesting_values32.len() > 0);
+        debug_assert!(self.interesting_values64.len() > 0);
+        match ty {
+            ValType::I32 => Ok(Instruction::I32Const(if u.arbitrary()? {
+                *u.choose(&self.interesting_values32)? as i32
+            } else {
+                u.arbitrary()?
+            })),
+            ValType::I64 => Ok(Instruction::I64Const(if u.arbitrary()? {
+                *u.choose(&self.interesting_values64)? as i64
+            } else {
+                u.arbitrary()?
+            })),
+            ValType::F32 => Ok(Instruction::F32Const(if u.arbitrary()? {
+                f32::from_bits(*u.choose(&self.interesting_values32)?)
+            } else {
+                u.arbitrary()?
+            })),
+            ValType::F64 => Ok(Instruction::F64Const(if u.arbitrary()? {
+                f64::from_bits(*u.choose(&self.interesting_values64)?)
+            } else {
+                u.arbitrary()?
+            })),
+            ValType::V128 => Ok(Instruction::V128Const(if u.arbitrary()? {
+                let upper = (*u.choose(&self.interesting_values64)? as i128) << 64;
+                let lower = *u.choose(&self.interesting_values64)? as i128;
+                upper | lower
+            } else {
+                u.arbitrary()?
+            })),
+            ValType::Ref(ty) => {
+                assert!(ty.nullable);
+                Ok(Instruction::RefNull(ty.heap_type))
+            }
+        }
+    }
 }
 
 pub(crate) fn arbitrary_limits32(

crates/wasm-smith/src/core/code_builder.rs

@@ -1435,7 +1435,7 @@ impl CodeBuilder<'_> {
                 }
                 operands = &[];
             }
-            instructions.push(arbitrary_val(*expected, u));
+            instructions.push(module.arbitrary_const_instruction(*expected, u)?);
         }
         Ok(())
     }
@@ -1544,20 +1544,6 @@ impl CodeBuilder<'_> {
     }
 }
 
-fn arbitrary_val(ty: ValType, u: &mut Unstructured<'_>) -> Instruction {
-    match ty {
-        ValType::I32 => Instruction::I32Const(u.arbitrary().unwrap_or(0)),
-        ValType::I64 => Instruction::I64Const(u.arbitrary().unwrap_or(0)),
-        ValType::F32 => Instruction::F32Const(u.arbitrary().unwrap_or(0.0)),
-        ValType::F64 => Instruction::F64Const(u.arbitrary().unwrap_or(0.0)),
-        ValType::V128 => Instruction::V128Const(u.arbitrary().unwrap_or(0)),
-        ValType::Ref(ty) => {
-            assert!(ty.nullable);
-            Instruction::RefNull(ty.heap_type)
-        }
-    }
-}
-
 #[inline]
 fn unreachable_valid(module: &Module, _: &mut CodeBuilder) -> bool {
     !module.config.disallow_traps
@@ -3419,49 +3405,45 @@ fn data_drop(
 
 fn i32_const(
     u: &mut Unstructured,
-    _module: &Module,
+    module: &Module,
     builder: &mut CodeBuilder,
     instructions: &mut Vec<Instruction>,
 ) -> Result<()> {
-    let x = u.arbitrary()?;
     builder.push_operands(&[ValType::I32]);
-    instructions.push(Instruction::I32Const(x));
+    instructions.push(module.arbitrary_const_instruction(ValType::I32, u)?);
     Ok(())
 }
 
 fn i64_const(
     u: &mut Unstructured,
-    _module: &Module,
+    module: &Module,
     builder: &mut CodeBuilder,
     instructions: &mut Vec<Instruction>,
 ) -> Result<()> {
-    let x = u.arbitrary()?;
     builder.push_operands(&[ValType::I64]);
-    instructions.push(Instruction::I64Const(x));
+    instructions.push(module.arbitrary_const_instruction(ValType::I64, u)?);
     Ok(())
 }
 
 fn f32_const(
     u: &mut Unstructured,
-    _module: &Module,
+    module: &Module,
     builder: &mut CodeBuilder,
     instructions: &mut Vec<Instruction>,
 ) -> Result<()> {
-    let x = u.arbitrary()?;
     builder.push_operands(&[ValType::F32]);
-    instructions.push(Instruction::F32Const(x));
+    instructions.push(module.arbitrary_const_instruction(ValType::F32, u)?);
     Ok(())
 }
 
 fn f64_const(
     u: &mut Unstructured,
-    _module: &Module,
+    module: &Module,
     builder: &mut CodeBuilder,
     instructions: &mut Vec<Instruction>,
 ) -> Result<()> {
-    let x = u.arbitrary()?;
     builder.push_operands(&[ValType::F64]);
-    instructions.push(Instruction::F64Const(x));
+    instructions.push(module.arbitrary_const_instruction(ValType::F64, u)?);
     Ok(())
 }
 
@@ -5220,10 +5202,10 @@ fn memory_offset(u: &mut Unstructured, module: &Module, memory_index: u32) -> Re
     assert!(a + b + c != 0);
 
     let memory_type = &module.memories[memory_index as usize];
-    let min = memory_type.minimum.saturating_mul(65536);
+    let min = memory_type.minimum.saturating_mul(crate::WASM_PAGE_SIZE);
     let max = memory_type
         .maximum
-        .map(|max| max.saturating_mul(65536))
+        .map(|max| max.saturating_mul(crate::WASM_PAGE_SIZE))
         .unwrap_or(u64::MAX);
 
     let (min, max, true_max) = match (memory_type.memory64, module.config.disallow_traps) {

crates/wasm-smith/src/lib.rs

@@ -67,6 +67,8 @@ use std::{collections::HashSet, fmt::Write, str};
 #[cfg(feature = "_internal_cli")]
 pub use config::InternalOptionalConfig;
 
+const WASM_PAGE_SIZE: u64 = 65_536;
+
 /// Do something an arbitrary number of times.
 ///
 /// The callback can return `false` to exit the loop early.