[js] Also generate empty strings

Liedtke · V8-internal LUCI CQ · commit 43fa1745355b · 2026-03-25T07:09:05.000-07:00
Bug: 495679730 Change-Id: I45c1af939f3e1a81fc1c3a2649652e25c644cc82 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9137477 Reviewed-by: Darius Mercadier <dmercadier@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
diff --git a/Sources/Fuzzilli/Base/ProgramBuilder.swift b/Sources/Fuzzilli/Base/ProgramBuilder.swift
@@ -377,7 +377,10 @@ public class ProgramBuilder {
         }, {
             String(self.randomInt())
         }, {
-            String.random(ofLength: Int.random(in: 1...5))
+            // Prefer smaller strings both for readability as well as for small string optimizations
+            // (e.g. optimizations for single character strings) but also generate larger strings
+            // to hit cons string ("rope" / concatenated string) cases.
+            String.random(ofLength: Int.random(in: Bool.random() ? 0...5 : 0...33))
         })
     }
 
diff --git a/Sources/Fuzzilli/Environment/JavaScriptEnvironment.swift b/Sources/Fuzzilli/Environment/JavaScriptEnvironment.swift
@@ -59,7 +59,7 @@ public class JavaScriptEnvironment: ComponentBase {
     public let interestingFloats = [-Double.infinity, -Double.greatestFiniteMagnitude, -1e-15, -1e12, -1e9, -1e6, -1e3, -5.0, -4.0, -3.0, -2.0, -1.0, -Double.ulpOfOne, -Double.leastNormalMagnitude, -0.0, 0.0, Double.leastNormalMagnitude, Double.ulpOfOne, 1.0, 2.0, 3.0, 4.0, 5.0, 1e3, 1e6, 1e9, 1e12, 1e-15, Double.greatestFiniteMagnitude, Double.infinity, Double.nan]
 
     // TODO more?
-    public let interestingStrings = jsTypeNames
+    public let interestingStrings = jsTypeNames + [""]
 
     // Copied from
     // https://cs.chromium.org/chromium/src/testing/libfuzzer/fuzzers/dicts/regexp.dict
