Deprecate libFuzzer_v8_wasm_asmjs_fuzzer |
||||||
Issue descriptionThis is a tracking bug for the removal of the "libFuzzer_v8_wasm_asmjs_fuzzer" (implemented by test/fuzzer/wasm-asmjs.cc in V8). The following is the reasoning for its removal: This fuzzer generates random WebAssembly bytecode and then compiles it pretending to be originating from asm.js source. While this enables additional WebAssembly opcodes to be used, it represents a pipeline that is not accessible in production. In particular the intermediate WebAssembly bytecode generated during asm.js validation is not directly user-controllable and hence doesn't represent a direct attack surface. Furthermore it violates internal invariants (e.g. missing source position mapping) that lead to many false reports by this fuzzer. Making those violations fail gracefully (instead of having [D]CHECKs firing) would go contrary to stabilizing the code under test. Any comments, concerns, objections?
,
Jun 19 2017
,
Jun 19 2017
,
Jun 20 2017
,
Jun 20 2017
,
Jun 21 2017
The following revision refers to this bug: https://chromium.googlesource.com/v8/v8.git/+/6828887b85fc9e0e9cfc2d5839c6c4f40281787b commit 6828887b85fc9e0e9cfc2d5839c6c4f40281787b Author: Andreas Haas <ahaas@chromium.org> Date: Wed Jun 21 10:59:35 2017 [wasm] Remove the wasm-asmjs fuzzer The fuzzer has already been removed from chromium. In addition I removed code which was only used by this fuzzer. BUG= chromium:734550 R=clemensh@chromium.org CC=mstarzinger@chromium.org Change-Id: I2ff4614e4d64131412ead759318e5c38e38f5d3d Reviewed-on: https://chromium-review.googlesource.com/542816 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Cr-Commit-Position: refs/heads/master@{#46078} [modify] https://crrev.com/6828887b85fc9e0e9cfc2d5839c6c4f40281787b/.gitignore [modify] https://crrev.com/6828887b85fc9e0e9cfc2d5839c6c4f40281787b/BUILD.gn [modify] https://crrev.com/6828887b85fc9e0e9cfc2d5839c6c4f40281787b/test/BUILD.gn [modify] https://crrev.com/6828887b85fc9e0e9cfc2d5839c6c4f40281787b/test/cctest/wasm/test-run-wasm-module.cc [modify] https://crrev.com/6828887b85fc9e0e9cfc2d5839c6c4f40281787b/test/common/wasm/wasm-module-runner.cc [modify] https://crrev.com/6828887b85fc9e0e9cfc2d5839c6c4f40281787b/test/common/wasm/wasm-module-runner.h [modify] https://crrev.com/6828887b85fc9e0e9cfc2d5839c6c4f40281787b/test/fuzzer/fuzzer.gyp [modify] https://crrev.com/6828887b85fc9e0e9cfc2d5839c6c4f40281787b/test/fuzzer/fuzzer.isolate [modify] https://crrev.com/6828887b85fc9e0e9cfc2d5839c6c4f40281787b/test/fuzzer/testcfg.py [delete] https://crrev.com/811643b49b569af21774c4957b4778813cd2dcfd/test/fuzzer/wasm-asmjs.cc [modify] https://crrev.com/6828887b85fc9e0e9cfc2d5839c6c4f40281787b/test/fuzzer/wasm-async.cc [modify] https://crrev.com/6828887b85fc9e0e9cfc2d5839c6c4f40281787b/test/fuzzer/wasm-fuzzer-common.cc [delete] https://crrev.com/811643b49b569af21774c4957b4778813cd2dcfd/test/fuzzer/wasm_asmjs/foo [delete] https://crrev.com/811643b49b569af21774c4957b4778813cd2dcfd/test/fuzzer/wasm_asmjs_corpus.tar.gz.sha1 [modify] https://crrev.com/6828887b85fc9e0e9cfc2d5839c6c4f40281787b/tools/wasm/update-wasm-fuzzers.sh
,
Jun 21 2017
,
Jun 21 2017
Awesome! Thanks! |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by mstarzinger@chromium.org
, Jun 19 2017