2021-10-29 21:25:12 +01:00
|
|
|
// This file is part of the Luau programming language and is licensed under MIT License; see LICENSE.txt for details
|
|
|
|
#include "src/libfuzzer/libfuzzer_macro.h"
|
|
|
|
#include "luau.pb.h"
|
|
|
|
|
|
|
|
#include "Luau/BuiltinDefinitions.h"
|
|
|
|
#include "Luau/BytecodeBuilder.h"
|
Sync to upstream/release/562 (#828)
* Fixed rare use-after-free in analysis during table unification
A lot of work these past months went into two new Luau components:
* A near full rewrite of the typechecker using a new deferred constraint
resolution system
* Native code generation for AoT/JiT compilation of VM bytecode into x64
(avx)/arm64 instructions
Both of these components are far from finished and we don't provide
documentation on building and using them at this point.
However, curious community members expressed interest in learning about
changes that go into these components each week, so we are now listing
them here in the 'sync' pull request descriptions.
---
New typechecker can be enabled by setting
DebugLuauDeferredConstraintResolution flag to 'true'.
It is considered unstable right now, so try it at your own risk.
Even though it already provides better type inference than the current
one in some cases, our main goal right now is to reach feature parity
with current typechecker.
Features which improve over the capabilities of the current typechecker
are marked as '(NEW)'.
Changes to new typechecker:
* Regular for loop index and parameters are now typechecked
* Invalid type annotations on local variables are ignored to improve
autocomplete
* Fixed missing autocomplete type suggestions for function arguments
* Type reduction is now performed to produce simpler types to be
presented to the user (error messages, custom LSPs)
* Internally, complex types like '((number | string) & ~(false?)) |
string' can be produced, which is just 'string | number' when simplified
* Fixed spots where support for unknown and never types was missing
* (NEW) Length operator '#' is now valid to use on top table type, this
type comes up when doing typeof(x) == "table" guards and isn't available
in current typechecker
---
Changes to native code generation:
* Additional math library fast calls are now lowered to x64: math.ldexp,
math.round, math.frexp, math.modf, math.sign and math.clamp
2023-02-03 19:26:13 +00:00
|
|
|
#include "Luau/CodeGen.h"
|
2021-10-29 21:25:12 +01:00
|
|
|
#include "Luau/Common.h"
|
2022-02-24 23:53:37 +00:00
|
|
|
#include "Luau/Compiler.h"
|
2023-08-25 18:23:55 +01:00
|
|
|
#include "Luau/Config.h"
|
2022-02-24 23:53:37 +00:00
|
|
|
#include "Luau/Frontend.h"
|
|
|
|
#include "Luau/Linter.h"
|
|
|
|
#include "Luau/ModuleResolver.h"
|
|
|
|
#include "Luau/Parser.h"
|
2021-10-29 21:25:12 +01:00
|
|
|
#include "Luau/ToString.h"
|
2021-11-12 14:27:34 +00:00
|
|
|
#include "Luau/Transpiler.h"
|
2022-02-24 23:53:37 +00:00
|
|
|
#include "Luau/TypeInfer.h"
|
2021-10-29 21:25:12 +01:00
|
|
|
|
|
|
|
#include "lua.h"
|
|
|
|
#include "lualib.h"
|
|
|
|
|
|
|
|
#include <chrono>
|
2023-11-10 21:10:07 +00:00
|
|
|
#include <cstring>
|
|
|
|
|
|
|
|
static bool getEnvParam(const char* name, bool def)
|
|
|
|
{
|
|
|
|
char* val = getenv(name);
|
|
|
|
if (val == nullptr)
|
|
|
|
return def;
|
|
|
|
else
|
|
|
|
return strcmp(val, "0") != 0;
|
|
|
|
}
|
2021-10-29 21:25:12 +01:00
|
|
|
|
|
|
|
// Select components to fuzz
|
2023-11-10 21:10:07 +00:00
|
|
|
const bool kFuzzCompiler = getEnvParam("LUAU_FUZZ_COMPILER", true);
|
|
|
|
const bool kFuzzLinter = getEnvParam("LUAU_FUZZ_LINTER", true);
|
|
|
|
const bool kFuzzTypeck = getEnvParam("LUAU_FUZZ_TYPE_CHECK", true);
|
|
|
|
const bool kFuzzVM = getEnvParam("LUAU_FUZZ_VM", true);
|
|
|
|
const bool kFuzzTranspile = getEnvParam("LUAU_FUZZ_TRANSPILE", true);
|
|
|
|
const bool kFuzzCodegenVM = getEnvParam("LUAU_FUZZ_CODEGEN_VM", true);
|
|
|
|
const bool kFuzzCodegenAssembly = getEnvParam("LUAU_FUZZ_CODEGEN_ASM", true);
|
|
|
|
const bool kFuzzUseNewSolver = getEnvParam("LUAU_FUZZ_NEW_SOLVER", false);
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2021-12-03 06:41:04 +00:00
|
|
|
// Should we generate type annotations?
|
2023-11-10 21:10:07 +00:00
|
|
|
const bool kFuzzTypes = getEnvParam("LUAU_FUZZ_GEN_TYPES", true);
|
2021-12-03 06:41:04 +00:00
|
|
|
|
2023-07-07 21:10:48 +01:00
|
|
|
const Luau::CodeGen::AssemblyOptions::Target kFuzzCodegenTarget = Luau::CodeGen::AssemblyOptions::A64;
|
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
std::vector<std::string> protoprint(const luau::ModuleSet& stat, bool types);
|
2021-10-29 21:25:12 +01:00
|
|
|
|
|
|
|
LUAU_FASTINT(LuauTypeInferRecursionLimit)
|
|
|
|
LUAU_FASTINT(LuauTypeInferTypePackLoopLimit)
|
|
|
|
LUAU_FASTINT(LuauCheckRecursionLimit)
|
|
|
|
LUAU_FASTINT(LuauTableTypeMaximumStringifierLength)
|
|
|
|
LUAU_FASTINT(LuauTypeInferIterationLimit)
|
|
|
|
LUAU_FASTINT(LuauTarjanChildLimit)
|
2022-02-24 23:53:37 +00:00
|
|
|
LUAU_FASTFLAG(DebugLuauFreezeArena)
|
2023-07-14 19:08:53 +01:00
|
|
|
LUAU_FASTFLAG(DebugLuauAbortingChecks)
|
2023-11-10 21:10:07 +00:00
|
|
|
LUAU_FASTFLAG(DebugLuauDeferredConstraintResolution)
|
2021-10-29 21:25:12 +01:00
|
|
|
|
|
|
|
std::chrono::milliseconds kInterruptTimeout(10);
|
|
|
|
std::chrono::time_point<std::chrono::system_clock> interruptDeadline;
|
|
|
|
|
|
|
|
size_t kHeapLimit = 512 * 1024 * 1024;
|
|
|
|
size_t heapSize = 0;
|
|
|
|
|
|
|
|
void interrupt(lua_State* L, int gc)
|
|
|
|
{
|
|
|
|
if (gc >= 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (std::chrono::system_clock::now() > interruptDeadline)
|
|
|
|
{
|
|
|
|
lua_checkstack(L, 1);
|
|
|
|
luaL_error(L, "execution timed out");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-04 16:36:33 +00:00
|
|
|
void* allocate(void* ud, void* ptr, size_t osize, size_t nsize)
|
2021-10-29 21:25:12 +01:00
|
|
|
{
|
|
|
|
if (nsize == 0)
|
|
|
|
{
|
|
|
|
heapSize -= osize;
|
|
|
|
free(ptr);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
if (heapSize - osize + nsize > kHeapLimit)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
heapSize -= osize;
|
|
|
|
heapSize += nsize;
|
|
|
|
|
|
|
|
return realloc(ptr, nsize);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
lua_State* createGlobalState()
|
|
|
|
{
|
|
|
|
lua_State* L = lua_newstate(allocate, NULL);
|
|
|
|
|
2023-07-14 19:08:53 +01:00
|
|
|
if (kFuzzCodegenVM && Luau::CodeGen::isSupported())
|
Sync to upstream/release/562 (#828)
* Fixed rare use-after-free in analysis during table unification
A lot of work these past months went into two new Luau components:
* A near full rewrite of the typechecker using a new deferred constraint
resolution system
* Native code generation for AoT/JiT compilation of VM bytecode into x64
(avx)/arm64 instructions
Both of these components are far from finished and we don't provide
documentation on building and using them at this point.
However, curious community members expressed interest in learning about
changes that go into these components each week, so we are now listing
them here in the 'sync' pull request descriptions.
---
New typechecker can be enabled by setting
DebugLuauDeferredConstraintResolution flag to 'true'.
It is considered unstable right now, so try it at your own risk.
Even though it already provides better type inference than the current
one in some cases, our main goal right now is to reach feature parity
with current typechecker.
Features which improve over the capabilities of the current typechecker
are marked as '(NEW)'.
Changes to new typechecker:
* Regular for loop index and parameters are now typechecked
* Invalid type annotations on local variables are ignored to improve
autocomplete
* Fixed missing autocomplete type suggestions for function arguments
* Type reduction is now performed to produce simpler types to be
presented to the user (error messages, custom LSPs)
* Internally, complex types like '((number | string) & ~(false?)) |
string' can be produced, which is just 'string | number' when simplified
* Fixed spots where support for unknown and never types was missing
* (NEW) Length operator '#' is now valid to use on top table type, this
type comes up when doing typeof(x) == "table" guards and isn't available
in current typechecker
---
Changes to native code generation:
* Additional math library fast calls are now lowered to x64: math.ldexp,
math.round, math.frexp, math.modf, math.sign and math.clamp
2023-02-03 19:26:13 +00:00
|
|
|
Luau::CodeGen::create(L);
|
|
|
|
|
2021-10-29 21:25:12 +01:00
|
|
|
lua_callbacks(L)->interrupt = interrupt;
|
|
|
|
|
|
|
|
luaL_openlibs(L);
|
|
|
|
luaL_sandbox(L);
|
|
|
|
|
|
|
|
return L;
|
|
|
|
}
|
|
|
|
|
2023-04-14 19:06:22 +01:00
|
|
|
int registerTypes(Luau::Frontend& frontend, Luau::GlobalTypes& globals, bool forAutocomplete)
|
2021-10-29 21:25:12 +01:00
|
|
|
{
|
|
|
|
using namespace Luau;
|
|
|
|
using std::nullopt;
|
|
|
|
|
2023-04-14 19:06:22 +01:00
|
|
|
Luau::registerBuiltinGlobals(frontend, globals, forAutocomplete);
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2023-03-10 20:21:07 +00:00
|
|
|
TypeArena& arena = globals.globalTypes;
|
|
|
|
BuiltinTypes& builtinTypes = *globals.builtinTypes;
|
2021-10-29 21:25:12 +01:00
|
|
|
|
|
|
|
// Vector3 stub
|
2023-01-04 20:53:17 +00:00
|
|
|
TypeId vector3MetaType = arena.addType(TableType{});
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2024-07-17 15:43:31 +01:00
|
|
|
TypeId vector3InstanceType = arena.addType(ClassType{"Vector3", {}, nullopt, vector3MetaType, {}, {}, "Test", {}});
|
2023-01-04 20:53:17 +00:00
|
|
|
getMutable<ClassType>(vector3InstanceType)->props = {
|
2023-03-10 20:21:07 +00:00
|
|
|
{"X", {builtinTypes.numberType}},
|
|
|
|
{"Y", {builtinTypes.numberType}},
|
|
|
|
{"Z", {builtinTypes.numberType}},
|
2021-10-29 21:25:12 +01:00
|
|
|
};
|
|
|
|
|
2023-01-04 20:53:17 +00:00
|
|
|
getMutable<TableType>(vector3MetaType)->props = {
|
2021-10-29 21:25:12 +01:00
|
|
|
{"__add", {makeFunction(arena, nullopt, {vector3InstanceType, vector3InstanceType}, {vector3InstanceType})}},
|
|
|
|
};
|
|
|
|
|
2023-03-10 20:21:07 +00:00
|
|
|
globals.globalScope->exportedTypeBindings["Vector3"] = TypeFun{{}, vector3InstanceType};
|
2021-10-29 21:25:12 +01:00
|
|
|
|
|
|
|
// Instance stub
|
2024-07-17 15:43:31 +01:00
|
|
|
TypeId instanceType = arena.addType(ClassType{"Instance", {}, nullopt, nullopt, {}, {}, "Test", {}});
|
2023-01-04 20:53:17 +00:00
|
|
|
getMutable<ClassType>(instanceType)->props = {
|
2023-03-10 20:21:07 +00:00
|
|
|
{"Name", {builtinTypes.stringType}},
|
2021-10-29 21:25:12 +01:00
|
|
|
};
|
|
|
|
|
2023-03-10 20:21:07 +00:00
|
|
|
globals.globalScope->exportedTypeBindings["Instance"] = TypeFun{{}, instanceType};
|
2021-10-29 21:25:12 +01:00
|
|
|
|
|
|
|
// Part stub
|
2024-07-17 15:43:31 +01:00
|
|
|
TypeId partType = arena.addType(ClassType{"Part", {}, instanceType, nullopt, {}, {}, "Test", {}});
|
2023-01-04 20:53:17 +00:00
|
|
|
getMutable<ClassType>(partType)->props = {
|
2021-10-29 21:25:12 +01:00
|
|
|
{"Position", {vector3InstanceType}},
|
|
|
|
};
|
|
|
|
|
2023-03-10 20:21:07 +00:00
|
|
|
globals.globalScope->exportedTypeBindings["Part"] = TypeFun{{}, partType};
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2023-03-10 20:21:07 +00:00
|
|
|
for (const auto& [_, fun] : globals.globalScope->exportedTypeBindings)
|
2021-10-29 21:25:12 +01:00
|
|
|
persist(fun.type);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2022-04-29 02:24:24 +01:00
|
|
|
|
|
|
|
static void setupFrontend(Luau::Frontend& frontend)
|
|
|
|
{
|
2023-04-14 19:06:22 +01:00
|
|
|
registerTypes(frontend, frontend.globals, false);
|
2023-03-10 20:21:07 +00:00
|
|
|
Luau::freeze(frontend.globals.globalTypes);
|
2022-04-29 02:24:24 +01:00
|
|
|
|
2023-04-14 19:06:22 +01:00
|
|
|
registerTypes(frontend, frontend.globalsForAutocomplete, true);
|
2023-03-10 20:21:07 +00:00
|
|
|
Luau::freeze(frontend.globalsForAutocomplete.globalTypes);
|
2022-04-29 02:24:24 +01:00
|
|
|
|
|
|
|
frontend.iceHandler.onInternalError = [](const char* error) {
|
|
|
|
printf("ICE: %s\n", error);
|
|
|
|
LUAU_ASSERT(!"ICE");
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
struct FuzzFileResolver : Luau::FileResolver
|
|
|
|
{
|
|
|
|
std::optional<Luau::SourceCode> readSource(const Luau::ModuleName& name) override
|
|
|
|
{
|
|
|
|
auto it = source.find(name);
|
|
|
|
if (it == source.end())
|
|
|
|
return std::nullopt;
|
|
|
|
|
|
|
|
return Luau::SourceCode{it->second, Luau::SourceCode::Module};
|
|
|
|
}
|
|
|
|
|
|
|
|
std::optional<Luau::ModuleInfo> resolveModule(const Luau::ModuleInfo* context, Luau::AstExpr* expr) override
|
|
|
|
{
|
|
|
|
if (Luau::AstExprGlobal* g = expr->as<Luau::AstExprGlobal>())
|
|
|
|
return Luau::ModuleInfo{g->name.value};
|
|
|
|
|
|
|
|
return std::nullopt;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string getHumanReadableModuleName(const Luau::ModuleName& name) const override
|
|
|
|
{
|
|
|
|
return name;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::optional<std::string> getEnvironmentForModule(const Luau::ModuleName& name) const override
|
|
|
|
{
|
|
|
|
return std::nullopt;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::unordered_map<Luau::ModuleName, std::string> source;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct FuzzConfigResolver : Luau::ConfigResolver
|
|
|
|
{
|
|
|
|
FuzzConfigResolver()
|
|
|
|
{
|
2022-04-21 22:44:27 +01:00
|
|
|
defaultConfig.mode = Luau::Mode::Nonstrict;
|
2022-02-24 23:53:37 +00:00
|
|
|
defaultConfig.enabledLint.warningMask = ~0ull;
|
|
|
|
defaultConfig.parseOptions.captureComments = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
virtual const Luau::Config& getConfig(const Luau::ModuleName& name) const override
|
|
|
|
{
|
|
|
|
return defaultConfig;
|
|
|
|
}
|
|
|
|
|
|
|
|
Luau::Config defaultConfig;
|
|
|
|
};
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
static std::vector<std::string> debugsources;
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
DEFINE_PROTO_FUZZER(const luau::ModuleSet& message)
|
2021-10-29 21:25:12 +01:00
|
|
|
{
|
2023-11-10 21:10:07 +00:00
|
|
|
if (!kFuzzCompiler && (kFuzzCodegenAssembly || kFuzzCodegenVM || kFuzzVM))
|
|
|
|
{
|
|
|
|
printf("Compiler is required in order to fuzz codegen or the VM\n");
|
|
|
|
LUAU_ASSERT(false);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-10-29 21:25:12 +01:00
|
|
|
FInt::LuauTypeInferRecursionLimit.value = 100;
|
|
|
|
FInt::LuauTypeInferTypePackLoopLimit.value = 100;
|
|
|
|
FInt::LuauCheckRecursionLimit.value = 100;
|
|
|
|
FInt::LuauTypeInferIterationLimit.value = 1000;
|
|
|
|
FInt::LuauTarjanChildLimit.value = 1000;
|
|
|
|
FInt::LuauTableTypeMaximumStringifierLength.value = 100;
|
|
|
|
|
|
|
|
for (Luau::FValue<bool>* flag = Luau::FValue<bool>::list; flag; flag = flag->next)
|
|
|
|
if (strncmp(flag->name, "Luau", 4) == 0)
|
|
|
|
flag->value = true;
|
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
FFlag::DebugLuauFreezeArena.value = true;
|
2023-07-14 19:08:53 +01:00
|
|
|
FFlag::DebugLuauAbortingChecks.value = true;
|
2023-11-10 21:10:07 +00:00
|
|
|
FFlag::DebugLuauDeferredConstraintResolution.value = kFuzzUseNewSolver;
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
std::vector<std::string> sources = protoprint(message, kFuzzTypes);
|
2021-10-29 21:25:12 +01:00
|
|
|
|
|
|
|
// stash source in a global for easier crash dump debugging
|
2022-02-24 23:53:37 +00:00
|
|
|
debugsources = sources;
|
2021-10-29 21:25:12 +01:00
|
|
|
|
|
|
|
static bool debug = getenv("LUAU_DEBUG") != 0;
|
|
|
|
|
|
|
|
if (debug)
|
|
|
|
{
|
2022-02-24 23:53:37 +00:00
|
|
|
for (std::string& source : sources)
|
|
|
|
fprintf(stdout, "--\n%s\n", source.c_str());
|
2021-10-29 21:25:12 +01:00
|
|
|
fflush(stdout);
|
|
|
|
}
|
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
// parse all sources
|
|
|
|
std::vector<std::unique_ptr<Luau::Allocator>> parseAllocators;
|
|
|
|
std::vector<std::unique_ptr<Luau::AstNameTable>> parseNameTables;
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
Luau::ParseOptions parseOptions;
|
|
|
|
parseOptions.captureComments = true;
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
std::vector<Luau::ParseResult> parseResults;
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
for (std::string& source : sources)
|
2021-10-29 21:25:12 +01:00
|
|
|
{
|
2022-02-24 23:53:37 +00:00
|
|
|
parseAllocators.push_back(std::make_unique<Luau::Allocator>());
|
|
|
|
parseNameTables.push_back(std::make_unique<Luau::AstNameTable>(*parseAllocators.back()));
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
parseResults.push_back(Luau::Parser::parse(source.c_str(), source.size(), *parseNameTables.back(), *parseAllocators.back(), parseOptions));
|
|
|
|
}
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
// typecheck all sources
|
|
|
|
if (kFuzzTypeck)
|
|
|
|
{
|
|
|
|
static FuzzFileResolver fileResolver;
|
2022-04-29 02:24:24 +01:00
|
|
|
static FuzzConfigResolver configResolver;
|
2023-03-31 19:42:49 +01:00
|
|
|
static Luau::FrontendOptions defaultOptions{/*retainFullTypeGraphs*/ true, /*forAutocomplete*/ false, /*runLintChecks*/ kFuzzLinter};
|
|
|
|
static Luau::Frontend frontend(&fileResolver, &configResolver, defaultOptions);
|
2022-02-24 23:53:37 +00:00
|
|
|
|
2022-04-29 02:24:24 +01:00
|
|
|
static int once = (setupFrontend(frontend), 0);
|
2023-03-10 20:21:07 +00:00
|
|
|
(void)once;
|
2022-02-24 23:53:37 +00:00
|
|
|
|
|
|
|
// restart
|
|
|
|
frontend.clear();
|
|
|
|
fileResolver.source.clear();
|
|
|
|
|
|
|
|
// load sources
|
|
|
|
for (size_t i = 0; i < sources.size(); i++)
|
2021-10-29 21:25:12 +01:00
|
|
|
{
|
2022-02-24 23:53:37 +00:00
|
|
|
std::string name = "module" + std::to_string(i);
|
|
|
|
fileResolver.source[name] = sources[i];
|
2021-10-29 21:25:12 +01:00
|
|
|
}
|
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
// check sources
|
|
|
|
for (size_t i = 0; i < sources.size(); i++)
|
2021-10-29 21:25:12 +01:00
|
|
|
{
|
2022-02-24 23:53:37 +00:00
|
|
|
std::string name = "module" + std::to_string(i);
|
|
|
|
|
|
|
|
try
|
|
|
|
{
|
2023-03-31 19:42:49 +01:00
|
|
|
frontend.check(name);
|
2022-04-21 22:44:27 +01:00
|
|
|
|
|
|
|
// Second pass in strict mode (forced by auto-complete)
|
2023-03-31 19:42:49 +01:00
|
|
|
Luau::FrontendOptions options = defaultOptions;
|
|
|
|
options.forAutocomplete = true;
|
|
|
|
frontend.check(name, options);
|
2022-02-24 23:53:37 +00:00
|
|
|
}
|
|
|
|
catch (std::exception&)
|
|
|
|
{
|
|
|
|
// This catches internal errors that the type checker currently (unfortunately) throws in some cases
|
|
|
|
}
|
2021-10-29 21:25:12 +01:00
|
|
|
}
|
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
// validate sharedEnv post-typecheck; valuable for debugging some typeck crashes but slows fuzzing down
|
|
|
|
// note: it's important for typeck to be destroyed at this point!
|
2023-03-10 20:21:07 +00:00
|
|
|
for (auto& p : frontend.globals.globalScope->bindings)
|
2021-10-29 21:25:12 +01:00
|
|
|
{
|
|
|
|
Luau::ToStringOptions opts;
|
|
|
|
opts.exhaustive = true;
|
|
|
|
opts.maxTableLength = 0;
|
|
|
|
opts.maxTypeLength = 0;
|
|
|
|
|
|
|
|
toString(p.second.typeId, opts); // toString walks the entire type, making sure ASAN catches access to destroyed type arenas
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
if (kFuzzTranspile)
|
2021-11-12 14:27:34 +00:00
|
|
|
{
|
2022-02-24 23:53:37 +00:00
|
|
|
for (Luau::ParseResult& parseResult : parseResults)
|
|
|
|
{
|
|
|
|
if (parseResult.root)
|
|
|
|
transpileWithTypes(*parseResult.root);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
std::string bytecode;
|
|
|
|
|
|
|
|
// compile
|
|
|
|
if (kFuzzCompiler)
|
|
|
|
{
|
|
|
|
for (size_t i = 0; i < parseResults.size(); i++)
|
|
|
|
{
|
|
|
|
Luau::ParseResult& parseResult = parseResults[i];
|
|
|
|
Luau::AstNameTable& parseNameTable = *parseNameTables[i];
|
|
|
|
|
|
|
|
if (parseResult.errors.empty())
|
|
|
|
{
|
|
|
|
Luau::CompileOptions compileOptions;
|
|
|
|
|
|
|
|
try
|
|
|
|
{
|
|
|
|
Luau::BytecodeBuilder bcb;
|
2022-07-21 22:16:54 +01:00
|
|
|
Luau::compileOrThrow(bcb, parseResult, parseNameTable, compileOptions);
|
2022-02-24 23:53:37 +00:00
|
|
|
bytecode = bcb.getBytecode();
|
|
|
|
}
|
|
|
|
catch (const Luau::CompileError&)
|
|
|
|
{
|
|
|
|
// not all valid ASTs can be compiled due to limits on number of registers
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2021-11-12 14:27:34 +00:00
|
|
|
}
|
|
|
|
|
2023-07-07 21:10:48 +01:00
|
|
|
// run codegen on resulting bytecode (in separate state)
|
|
|
|
if (kFuzzCodegenAssembly && bytecode.size())
|
|
|
|
{
|
|
|
|
static lua_State* globalState = luaL_newstate();
|
|
|
|
|
|
|
|
if (luau_load(globalState, "=fuzz", bytecode.data(), bytecode.size(), 0) == 0)
|
|
|
|
{
|
|
|
|
Luau::CodeGen::AssemblyOptions options;
|
2024-05-17 00:02:03 +01:00
|
|
|
options.compilationOptions.flags = Luau::CodeGen::CodeGen_ColdFunctions;
|
2023-07-07 21:10:48 +01:00
|
|
|
options.outputBinary = true;
|
|
|
|
options.target = kFuzzCodegenTarget;
|
|
|
|
Luau::CodeGen::getAssembly(globalState, -1, options);
|
|
|
|
}
|
|
|
|
|
|
|
|
lua_pop(globalState, 1);
|
|
|
|
lua_gc(globalState, LUA_GCCOLLECT, 0);
|
|
|
|
}
|
|
|
|
|
2022-02-24 23:53:37 +00:00
|
|
|
// run resulting bytecode (from last successfully compiler module)
|
2023-07-14 19:08:53 +01:00
|
|
|
if ((kFuzzVM || kFuzzCodegenVM) && bytecode.size())
|
2021-10-29 21:25:12 +01:00
|
|
|
{
|
|
|
|
static lua_State* globalState = createGlobalState();
|
|
|
|
|
Sync to upstream/release/562 (#828)
* Fixed rare use-after-free in analysis during table unification
A lot of work these past months went into two new Luau components:
* A near full rewrite of the typechecker using a new deferred constraint
resolution system
* Native code generation for AoT/JiT compilation of VM bytecode into x64
(avx)/arm64 instructions
Both of these components are far from finished and we don't provide
documentation on building and using them at this point.
However, curious community members expressed interest in learning about
changes that go into these components each week, so we are now listing
them here in the 'sync' pull request descriptions.
---
New typechecker can be enabled by setting
DebugLuauDeferredConstraintResolution flag to 'true'.
It is considered unstable right now, so try it at your own risk.
Even though it already provides better type inference than the current
one in some cases, our main goal right now is to reach feature parity
with current typechecker.
Features which improve over the capabilities of the current typechecker
are marked as '(NEW)'.
Changes to new typechecker:
* Regular for loop index and parameters are now typechecked
* Invalid type annotations on local variables are ignored to improve
autocomplete
* Fixed missing autocomplete type suggestions for function arguments
* Type reduction is now performed to produce simpler types to be
presented to the user (error messages, custom LSPs)
* Internally, complex types like '((number | string) & ~(false?)) |
string' can be produced, which is just 'string | number' when simplified
* Fixed spots where support for unknown and never types was missing
* (NEW) Length operator '#' is now valid to use on top table type, this
type comes up when doing typeof(x) == "table" guards and isn't available
in current typechecker
---
Changes to native code generation:
* Additional math library fast calls are now lowered to x64: math.ldexp,
math.round, math.frexp, math.modf, math.sign and math.clamp
2023-02-03 19:26:13 +00:00
|
|
|
auto runCode = [](const std::string& bytecode, bool useCodegen) {
|
|
|
|
lua_State* L = lua_newthread(globalState);
|
|
|
|
luaL_sandboxthread(L);
|
2021-10-29 21:25:12 +01:00
|
|
|
|
Sync to upstream/release/562 (#828)
* Fixed rare use-after-free in analysis during table unification
A lot of work these past months went into two new Luau components:
* A near full rewrite of the typechecker using a new deferred constraint
resolution system
* Native code generation for AoT/JiT compilation of VM bytecode into x64
(avx)/arm64 instructions
Both of these components are far from finished and we don't provide
documentation on building and using them at this point.
However, curious community members expressed interest in learning about
changes that go into these components each week, so we are now listing
them here in the 'sync' pull request descriptions.
---
New typechecker can be enabled by setting
DebugLuauDeferredConstraintResolution flag to 'true'.
It is considered unstable right now, so try it at your own risk.
Even though it already provides better type inference than the current
one in some cases, our main goal right now is to reach feature parity
with current typechecker.
Features which improve over the capabilities of the current typechecker
are marked as '(NEW)'.
Changes to new typechecker:
* Regular for loop index and parameters are now typechecked
* Invalid type annotations on local variables are ignored to improve
autocomplete
* Fixed missing autocomplete type suggestions for function arguments
* Type reduction is now performed to produce simpler types to be
presented to the user (error messages, custom LSPs)
* Internally, complex types like '((number | string) & ~(false?)) |
string' can be produced, which is just 'string | number' when simplified
* Fixed spots where support for unknown and never types was missing
* (NEW) Length operator '#' is now valid to use on top table type, this
type comes up when doing typeof(x) == "table" guards and isn't available
in current typechecker
---
Changes to native code generation:
* Additional math library fast calls are now lowered to x64: math.ldexp,
math.round, math.frexp, math.modf, math.sign and math.clamp
2023-02-03 19:26:13 +00:00
|
|
|
if (luau_load(L, "=fuzz", bytecode.data(), bytecode.size(), 0) == 0)
|
|
|
|
{
|
|
|
|
if (useCodegen)
|
2023-10-21 02:10:30 +01:00
|
|
|
Luau::CodeGen::compile(L, -1, Luau::CodeGen::CodeGen_ColdFunctions);
|
2021-10-29 21:25:12 +01:00
|
|
|
|
Sync to upstream/release/562 (#828)
* Fixed rare use-after-free in analysis during table unification
A lot of work these past months went into two new Luau components:
* A near full rewrite of the typechecker using a new deferred constraint
resolution system
* Native code generation for AoT/JiT compilation of VM bytecode into x64
(avx)/arm64 instructions
Both of these components are far from finished and we don't provide
documentation on building and using them at this point.
However, curious community members expressed interest in learning about
changes that go into these components each week, so we are now listing
them here in the 'sync' pull request descriptions.
---
New typechecker can be enabled by setting
DebugLuauDeferredConstraintResolution flag to 'true'.
It is considered unstable right now, so try it at your own risk.
Even though it already provides better type inference than the current
one in some cases, our main goal right now is to reach feature parity
with current typechecker.
Features which improve over the capabilities of the current typechecker
are marked as '(NEW)'.
Changes to new typechecker:
* Regular for loop index and parameters are now typechecked
* Invalid type annotations on local variables are ignored to improve
autocomplete
* Fixed missing autocomplete type suggestions for function arguments
* Type reduction is now performed to produce simpler types to be
presented to the user (error messages, custom LSPs)
* Internally, complex types like '((number | string) & ~(false?)) |
string' can be produced, which is just 'string | number' when simplified
* Fixed spots where support for unknown and never types was missing
* (NEW) Length operator '#' is now valid to use on top table type, this
type comes up when doing typeof(x) == "table" guards and isn't available
in current typechecker
---
Changes to native code generation:
* Additional math library fast calls are now lowered to x64: math.ldexp,
math.round, math.frexp, math.modf, math.sign and math.clamp
2023-02-03 19:26:13 +00:00
|
|
|
interruptDeadline = std::chrono::system_clock::now() + kInterruptTimeout;
|
|
|
|
|
|
|
|
lua_resume(L, NULL, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
lua_pop(globalState, 1);
|
|
|
|
|
|
|
|
// we'd expect full GC to reclaim all memory allocated by the script
|
|
|
|
lua_gc(globalState, LUA_GCCOLLECT, 0);
|
|
|
|
LUAU_ASSERT(heapSize < 256 * 1024);
|
|
|
|
};
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2023-07-14 19:08:53 +01:00
|
|
|
if (kFuzzVM)
|
|
|
|
runCode(bytecode, false);
|
2021-10-29 21:25:12 +01:00
|
|
|
|
2023-07-14 19:08:53 +01:00
|
|
|
if (kFuzzCodegenVM && Luau::CodeGen::isSupported())
|
Sync to upstream/release/562 (#828)
* Fixed rare use-after-free in analysis during table unification
A lot of work these past months went into two new Luau components:
* A near full rewrite of the typechecker using a new deferred constraint
resolution system
* Native code generation for AoT/JiT compilation of VM bytecode into x64
(avx)/arm64 instructions
Both of these components are far from finished and we don't provide
documentation on building and using them at this point.
However, curious community members expressed interest in learning about
changes that go into these components each week, so we are now listing
them here in the 'sync' pull request descriptions.
---
New typechecker can be enabled by setting
DebugLuauDeferredConstraintResolution flag to 'true'.
It is considered unstable right now, so try it at your own risk.
Even though it already provides better type inference than the current
one in some cases, our main goal right now is to reach feature parity
with current typechecker.
Features which improve over the capabilities of the current typechecker
are marked as '(NEW)'.
Changes to new typechecker:
* Regular for loop index and parameters are now typechecked
* Invalid type annotations on local variables are ignored to improve
autocomplete
* Fixed missing autocomplete type suggestions for function arguments
* Type reduction is now performed to produce simpler types to be
presented to the user (error messages, custom LSPs)
* Internally, complex types like '((number | string) & ~(false?)) |
string' can be produced, which is just 'string | number' when simplified
* Fixed spots where support for unknown and never types was missing
* (NEW) Length operator '#' is now valid to use on top table type, this
type comes up when doing typeof(x) == "table" guards and isn't available
in current typechecker
---
Changes to native code generation:
* Additional math library fast calls are now lowered to x64: math.ldexp,
math.round, math.frexp, math.modf, math.sign and math.clamp
2023-02-03 19:26:13 +00:00
|
|
|
runCode(bytecode, true);
|
2021-10-29 21:25:12 +01:00
|
|
|
}
|
|
|
|
}
|