[dart/vm] Add 'small string' parameter specifier

feli-citas · commit-bot@chromium.org · commit c9c0f56f48c3 · 2019-07-23T00:19:48.000Z
Rationale: Forces the fuzzer to generate a string literal as the parameter of selected string functions (i.e. padLeft/Right) in order to avoid recursion of the form x = "".padLeft/Right(x). #37573 Change-Id: Icd9f5da07ccdd44e81c88a450c3d2cdd7c8e8f95 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/109893 Commit-Queue: Felicitas Hetzelt <felih@google.com> Reviewed-by: Aart Bik <ajcbik@google.com>
diff --git a/runtime/tools/dartfuzz/dartfuzz.dart b/runtime/tools/dartfuzz/dartfuzz.dart
@@ -13,7 +13,7 @@ import 'dartfuzz_api_table.dart';
 // Version of DartFuzz. Increase this each time changes are made
 // to preserve the property that a given version of DartFuzz yields
 // the same fuzzed program for a deterministic random seed.
-const String version = '1.14';
+const String version = '1.15';
 
 // Restriction on statements and expressions.
 const int stmtLength = 2;
@@ -533,9 +533,9 @@ class DartFuzz {
     }
   }
 
-  void emitString() {
+  void emitString({int length = 8}) {
     emit("'");
-    for (int i = 0, n = rand.nextInt(8); i < n; i++) {
+    for (int i = 0, n = rand.nextInt(length); i < n; i++) {
       emitChar();
     }
     emit("'");
@@ -1013,6 +1013,14 @@ class DartFuzz {
       case 'S':
         emitExpr(depth, DartType.STRING);
         break;
+      case 's':
+        // Emit string literal of 2 characters maximum length
+        // for 'small string' parameters to avoid recursively constructed
+        // strings which might lead to exponentially growing data structures
+        // e.g. loop { var = 'x'.padLeft(8, var); }
+        // TODO (felih): detect recursion to eliminate such cases specifically
+        emitString(length: 2);
+        break;
       case 'L':
         emitExpr(depth, DartType.INT_LIST);
         break;
diff --git a/runtime/tools/dartfuzz/dartfuzz_api_table.dart b/runtime/tools/dartfuzz/dartfuzz_api_table.dart
@@ -20,6 +20,7 @@
 ///   i int (small)
 ///   D double
 ///   S String
+///   s String (small)
 ///   L List<int>
 ///   X Set<int>
 ///   M Map<int, String>
@@ -773,8 +774,8 @@ class DartLib {
     DartLib('trim', 'SV'),
     DartLib('trimLeft', 'SV'),
     DartLib('trimRight', 'SV'),
-    DartLib('padLeft', 'SiS'),
-    DartLib('padRight', 'SiS'),
+    DartLib('padLeft', 'Sis'),
+    DartLib('padRight', 'Sis'),
     DartLib('replaceRange', 'SIIS'),
     DartLib('toLowerCase', 'SV'),
     DartLib('toUpperCase', 'SV'),
diff --git a/runtime/tools/dartfuzz/gen_api_table.dart b/runtime/tools/dartfuzz/gen_api_table.dart
@@ -263,7 +263,7 @@ void addToTable(String ret, String name, String proto) {
   // for example, to avoid excessive runtime or memory
   // allocation in the generated fuzzing program.
   if (name == 'padLeft' || name == 'padRight') {
-    proto = proto.replaceAll('I', 'i');
+    proto = proto.replaceFirst('IS', 'is');
   } else if (name == 'List.filled') {
     proto = proto.replaceFirst('I', 'i');
   }
@@ -295,6 +295,7 @@ void dumpHeader() {
 ///   i int (small)
 ///   D double
 ///   S String
+///   s String (small)
 ///   L List<int>
 ///   X Set<int>
 ///   M Map<int, String>
