Upgrade V8 to 5.1.281.57 DO NOT MERGE
FPIIM-449
Change-Id: Id981b686b4d587ac31697662eb98bb34be42ad90
(cherry picked from commit 3b9bc31999c9787eb726ecdbfd5796bfdec32a18)
diff --git a/test/fuzzer/fuzzer.gyp b/test/fuzzer/fuzzer.gyp
index 5fc338c..6e15a90 100644
--- a/test/fuzzer/fuzzer.gyp
+++ b/test/fuzzer/fuzzer.gyp
@@ -87,6 +87,58 @@
],
},
{
+ 'target_name': 'wasm_fuzzer',
+ 'type': 'executable',
+ 'dependencies': [
+ 'wasm_fuzzer_lib',
+ ],
+ 'include_dirs': [
+ '../..',
+ ],
+ 'sources': [
+ 'fuzzer.cc',
+ ],
+ },
+ {
+ 'target_name': 'wasm_fuzzer_lib',
+ 'type': 'static_library',
+ 'dependencies': [
+ 'fuzzer_support',
+ ],
+ 'include_dirs': [
+ '../..',
+ ],
+ 'sources': [ ### gcmole(all) ###
+ 'wasm.cc',
+ ],
+ },
+ {
+ 'target_name': 'wasm_asmjs_fuzzer',
+ 'type': 'executable',
+ 'dependencies': [
+ 'wasm_asmjs_fuzzer_lib',
+ ],
+ 'include_dirs': [
+ '../..',
+ ],
+ 'sources': [
+ 'fuzzer.cc',
+ ],
+ },
+ {
+ 'target_name': 'wasm_asmjs_fuzzer_lib',
+ 'type': 'static_library',
+ 'dependencies': [
+ 'fuzzer_support',
+ ],
+ 'include_dirs': [
+ '../..',
+ ],
+ 'sources': [ ### gcmole(all) ###
+ 'wasm-asmjs.cc',
+ ],
+ },
+ {
'target_name': 'fuzzer_support',
'type': 'static_library',
'dependencies': [
diff --git a/test/fuzzer/fuzzer.isolate b/test/fuzzer/fuzzer.isolate
index 286be2f..4e98edd 100644
--- a/test/fuzzer/fuzzer.isolate
+++ b/test/fuzzer/fuzzer.isolate
@@ -8,11 +8,15 @@
'<(PRODUCT_DIR)/json_fuzzer<(EXECUTABLE_SUFFIX)',
'<(PRODUCT_DIR)/parser_fuzzer<(EXECUTABLE_SUFFIX)',
'<(PRODUCT_DIR)/regexp_fuzzer<(EXECUTABLE_SUFFIX)',
+ '<(PRODUCT_DIR)/wasm_fuzzer<(EXECUTABLE_SUFFIX)',
+ '<(PRODUCT_DIR)/wasm_asmjs_fuzzer<(EXECUTABLE_SUFFIX)',
'./fuzzer.status',
'./testcfg.py',
'./json/',
'./parser/',
'./regexp/',
+ './wasm/',
+ './wasm_asmjs/',
],
},
'includes': [
diff --git a/test/fuzzer/parser.cc b/test/fuzzer/parser.cc
index aee4c0d..be70b43 100644
--- a/test/fuzzer/parser.cc
+++ b/test/fuzzer/parser.cc
@@ -33,7 +33,7 @@
v8::internal::Handle<v8::internal::Script> script =
factory->NewScript(source.ToHandleChecked());
- v8::internal::Zone zone;
+ v8::internal::Zone zone(i_isolate->allocator());
v8::internal::ParseInfo info(&zone, script);
info.set_global();
v8::internal::Parser parser(&info);
diff --git a/test/fuzzer/testcfg.py b/test/fuzzer/testcfg.py
index 976325a..35a5abb 100644
--- a/test/fuzzer/testcfg.py
+++ b/test/fuzzer/testcfg.py
@@ -18,7 +18,7 @@
class FuzzerTestSuite(testsuite.TestSuite):
- SUB_TESTS = ( 'json', 'parser', 'regexp', )
+ SUB_TESTS = ( 'json', 'parser', 'regexp', 'wasm', 'wasm_asmjs', )
def __init__(self, name, root):
super(FuzzerTestSuite, self).__init__(name, root)
diff --git a/test/fuzzer/wasm-asmjs.cc b/test/fuzzer/wasm-asmjs.cc
new file mode 100644
index 0000000..3f7477b
--- /dev/null
+++ b/test/fuzzer/wasm-asmjs.cc
@@ -0,0 +1,39 @@
+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "include/v8.h"
+#include "src/factory.h"
+#include "src/isolate-inl.h"
+#include "src/isolate.h"
+#include "src/objects-inl.h"
+#include "src/objects.h"
+#include "src/wasm/wasm-js.h"
+#include "src/wasm/wasm-module.h"
+#include "test/fuzzer/fuzzer-support.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ v8_fuzzer::FuzzerSupport* support = v8_fuzzer::FuzzerSupport::Get();
+ v8::Isolate* isolate = support->GetIsolate();
+ v8::internal::Isolate* i_isolate =
+ reinterpret_cast<v8::internal::Isolate*>(isolate);
+
+ // Clear any pending exceptions from a prior run.
+ if (i_isolate->has_pending_exception()) {
+ i_isolate->clear_pending_exception();
+ }
+
+ v8::Isolate::Scope isolate_scope(isolate);
+ v8::HandleScope handle_scope(isolate);
+ v8::Context::Scope context_scope(support->GetContext());
+ v8::TryCatch try_catch(isolate);
+ v8::internal::WasmJs::InstallWasmFunctionMap(i_isolate,
+ i_isolate->native_context());
+ v8::internal::wasm::CompileAndRunWasmModule(i_isolate, data, data + size,
+ true);
+ return 0;
+}
diff --git a/test/fuzzer/wasm.cc b/test/fuzzer/wasm.cc
new file mode 100644
index 0000000..8750cbf
--- /dev/null
+++ b/test/fuzzer/wasm.cc
@@ -0,0 +1,39 @@
+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include "include/v8.h"
+#include "src/factory.h"
+#include "src/isolate-inl.h"
+#include "src/isolate.h"
+#include "src/objects-inl.h"
+#include "src/objects.h"
+#include "src/wasm/wasm-js.h"
+#include "src/wasm/wasm-module.h"
+#include "test/fuzzer/fuzzer-support.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ v8_fuzzer::FuzzerSupport* support = v8_fuzzer::FuzzerSupport::Get();
+ v8::Isolate* isolate = support->GetIsolate();
+ v8::internal::Isolate* i_isolate =
+ reinterpret_cast<v8::internal::Isolate*>(isolate);
+
+ // Clear any pending exceptions from a prior run.
+ if (i_isolate->has_pending_exception()) {
+ i_isolate->clear_pending_exception();
+ }
+
+ v8::Isolate::Scope isolate_scope(isolate);
+ v8::HandleScope handle_scope(isolate);
+ v8::Context::Scope context_scope(support->GetContext());
+ v8::TryCatch try_catch(isolate);
+ v8::internal::WasmJs::InstallWasmFunctionMap(i_isolate,
+ i_isolate->native_context());
+ v8::internal::wasm::CompileAndRunWasmModule(i_isolate, data, data + size,
+ false);
+ return 0;
+}
diff --git a/test/fuzzer/wasm/foo.wasm b/test/fuzzer/wasm/foo.wasm
new file mode 100644
index 0000000..79cd64b
--- /dev/null
+++ b/test/fuzzer/wasm/foo.wasm
Binary files differ
diff --git a/test/fuzzer/wasm_asmjs/foo.wasm b/test/fuzzer/wasm_asmjs/foo.wasm
new file mode 100644
index 0000000..79cd64b
--- /dev/null
+++ b/test/fuzzer/wasm_asmjs/foo.wasm
Binary files differ