Add default parameters to generated functions

This CL adds support for default parameters in generated functions.

Methods with default parameters, and JS to FuzzIL compilation
code will be added later.

Change-Id: I5b3583a8656c72a4068c497677bd6f18c98badb8
Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9176497
Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Commit-Queue: Leon Bettscheider <bettscheider@google.com>

Author: Leon Bettscheider

Sources/Fuzzilli/Base/ProgramBuilder.swift

@@ -3324,11 +3324,46 @@ public class ProgramBuilder {
             return parameters.count
         }
 
-        public static func parameters(n: Int, hasRestParameter: Bool = false)
-            -> SubroutineDescriptor
-        {
+        public static func parameters(
+            n: Int, hasRestParameter: Bool = false, defaultParameterIndices: [Int] = []
+        ) -> SubroutineDescriptor {
             return SubroutineDescriptor(
-                withParameters: Parameters(count: n, hasRestParameter: hasRestParameter))
+                withParameters: Parameters(
+                    count: n, hasRestParameter: hasRestParameter,
+                    defaultParameterIndices: defaultParameterIndices))
+        }
+
+        /// Returns a copy of this SubroutineDescriptor but with some parameters turned into default parameters.
+        public func withRandomDefaultParameters(
+            probability chance: Double, randomVariable: () -> Variable
+        )
+            -> (SubroutineDescriptor, [Variable])
+        {
+            var defaultParameterIndices = [Int]()
+            var defaultValues = [Variable]()
+            if self.parameters.count > 0 {
+                for i in 0..<self.parameters.count {
+                    if self.parameters.hasRestParameter && i == self.parameters.count - 1 {
+                        continue
+                    }
+                    if probability(chance) {
+                        defaultParameterIndices.append(i)
+                        defaultValues.append(randomVariable())
+                    }
+                }
+            }
+
+            if defaultParameterIndices.isEmpty {
+                return (self, [])
+            }
+            let newParameters = Parameters(
+                count: self.parameters.count,
+                hasRestParameter: self.parameters.hasRestParameter,
+                defaultParameterIndices: defaultParameterIndices)
+            return (
+                SubroutineDescriptor(
+                    withParameters: newParameters, ofTypes: self.parameterTypes), defaultValues
+            )
         }
 
         public static func parameters(_ params: Parameter...) -> SubroutineDescriptor {
@@ -3364,22 +3399,27 @@ public class ProgramBuilder {
     @discardableResult
     public func buildPlainFunction(
         with descriptor: SubroutineDescriptor, named functionName: String? = nil,
-        _ body: ([Variable]) -> Void
+        defaultValues: [Variable] = [], _ body: ([Variable]) -> Void
     ) -> Variable {
+        assert(descriptor.parameters.numDefaultParameters == defaultValues.count)
         setParameterTypesForNextSubroutine(descriptor.parameterTypes)
         let instr = emit(
-            BeginPlainFunction(parameters: descriptor.parameters, functionName: functionName))
+            BeginPlainFunction(parameters: descriptor.parameters, functionName: functionName),
+            withInputs: defaultValues)
         bodyWithRecursionGuard(instr.output) { body(Array(instr.innerOutputs)) }
         emit(EndPlainFunction())
         return instr.output
     }
 
     @discardableResult
     public func buildArrowFunction(
-        with descriptor: SubroutineDescriptor, _ body: ([Variable]) -> Void
+        with descriptor: SubroutineDescriptor, defaultValues: [Variable] = [],
+        _ body: ([Variable]) -> Void
     ) -> Variable {
+        assert(descriptor.parameters.numDefaultParameters == defaultValues.count)
         setParameterTypesForNextSubroutine(descriptor.parameterTypes)
-        let instr = emit(BeginArrowFunction(parameters: descriptor.parameters))
+        let instr = emit(
+            BeginArrowFunction(parameters: descriptor.parameters), withInputs: defaultValues)
         bodyWithRecursionGuard(instr.output) { body(Array(instr.innerOutputs)) }
         emit(EndArrowFunction())
         return instr.output
@@ -3388,11 +3428,13 @@ public class ProgramBuilder {
     @discardableResult
     public func buildGeneratorFunction(
         with descriptor: SubroutineDescriptor, named functionName: String? = nil,
-        _ body: ([Variable]) -> Void
+        defaultValues: [Variable] = [], _ body: ([Variable]) -> Void
     ) -> Variable {
+        assert(descriptor.parameters.numDefaultParameters == defaultValues.count)
         setParameterTypesForNextSubroutine(descriptor.parameterTypes)
         let instr = emit(
-            BeginGeneratorFunction(parameters: descriptor.parameters, functionName: functionName))
+            BeginGeneratorFunction(parameters: descriptor.parameters, functionName: functionName),
+            withInputs: defaultValues)
         bodyWithRecursionGuard(instr.output) { body(Array(instr.innerOutputs)) }
         emit(EndGeneratorFunction())
         return instr.output
@@ -3401,22 +3443,27 @@ public class ProgramBuilder {
     @discardableResult
     public func buildAsyncFunction(
         with descriptor: SubroutineDescriptor, named functionName: String? = nil,
-        _ body: ([Variable]) -> Void
+        defaultValues: [Variable] = [], _ body: ([Variable]) -> Void
     ) -> Variable {
+        assert(descriptor.parameters.numDefaultParameters == defaultValues.count)
         setParameterTypesForNextSubroutine(descriptor.parameterTypes)
         let instr = emit(
-            BeginAsyncFunction(parameters: descriptor.parameters, functionName: functionName))
+            BeginAsyncFunction(parameters: descriptor.parameters, functionName: functionName),
+            withInputs: defaultValues)
         bodyWithRecursionGuard(instr.output) { body(Array(instr.innerOutputs)) }
         emit(EndAsyncFunction())
         return instr.output
     }
 
     @discardableResult
     public func buildAsyncArrowFunction(
-        with descriptor: SubroutineDescriptor, _ body: ([Variable]) -> Void
+        with descriptor: SubroutineDescriptor, defaultValues: [Variable] = [],
+        _ body: ([Variable]) -> Void
     ) -> Variable {
+        assert(descriptor.parameters.numDefaultParameters == defaultValues.count)
         setParameterTypesForNextSubroutine(descriptor.parameterTypes)
-        let instr = emit(BeginAsyncArrowFunction(parameters: descriptor.parameters))
+        let instr = emit(
+            BeginAsyncArrowFunction(parameters: descriptor.parameters), withInputs: defaultValues)
         bodyWithRecursionGuard(instr.output) { body(Array(instr.innerOutputs)) }
         emit(EndAsyncArrowFunction())
         return instr.output
@@ -3425,12 +3472,14 @@ public class ProgramBuilder {
     @discardableResult
     public func buildAsyncGeneratorFunction(
         with descriptor: SubroutineDescriptor, named functionName: String? = nil,
-        _ body: ([Variable]) -> Void
+        defaultValues: [Variable] = [], _ body: ([Variable]) -> Void
     ) -> Variable {
+        assert(descriptor.parameters.numDefaultParameters == defaultValues.count)
         setParameterTypesForNextSubroutine(descriptor.parameterTypes)
         let instr = emit(
             BeginAsyncGeneratorFunction(
-                parameters: descriptor.parameters, functionName: functionName))
+                parameters: descriptor.parameters, functionName: functionName),
+            withInputs: defaultValues)
         bodyWithRecursionGuard(instr.output) { body(Array(instr.innerOutputs)) }
         emit(EndAsyncGeneratorFunction())
         return instr.output

Sources/Fuzzilli/CodeGen/CodeGenerators.swift

@@ -1504,11 +1504,15 @@ public let CodeGenerators: [CodeGenerator] = [
         [
             GeneratorStub("PlainFunctionBeginGenerator", provides: [.javascript, .subroutine]) {
                 b in
-                let randomParameters = b.randomParameters()
+                let (randomParameters, defaultValues) = b.randomParameters()
+                    .withRandomDefaultParameters(
+                        probability: 0.1,
+                        randomVariable: { b.randomJsVariable() })
                 b.setParameterTypesForNextSubroutine(
                     randomParameters.parameterTypes)
                 let instr = b.emit(
-                    BeginPlainFunction(parameters: randomParameters.parameters, functionName: nil))
+                    BeginPlainFunction(parameters: randomParameters.parameters, functionName: nil),
+                    withInputs: defaultValues)
                 if randomParameters.parameters.hasRestParameter && probability(0.2) {
                     b.getProperty("length", of: instr.innerOutputs.last!)
                 }
@@ -1532,11 +1536,15 @@ public let CodeGenerators: [CodeGenerator] = [
             { b in
                 // We could consider having a standalone DirectiveGenerator, but probably most of the time it won't do anything meaningful.
                 // We could also consider keeping a list of known directives in the JavaScriptEnvironment, but currently we only use 'use strict'.
-                let randomParameters = b.randomParameters()
+                let (randomParameters, defaultValues) = b.randomParameters()
+                    .withRandomDefaultParameters(
+                        probability: 0.1,
+                        randomVariable: { b.randomJsVariable() })
                 b.setParameterTypesForNextSubroutine(
                     randomParameters.parameterTypes)
                 let instr = b.emit(
-                    BeginPlainFunction(parameters: randomParameters.parameters, functionName: nil))
+                    BeginPlainFunction(parameters: randomParameters.parameters, functionName: nil),
+                    withInputs: defaultValues)
                 if randomParameters.parameters.hasRestParameter && probability(0.2) {
                     b.getProperty("length", of: instr.innerOutputs.last!)
                 }
@@ -1561,11 +1569,15 @@ public let CodeGenerators: [CodeGenerator] = [
                 "ArrowFunctionBeginGenerator",
                 provides: [.subroutine, .javascript]
             ) { b in
-                let randomParameters = b.randomParameters()
+                let (randomParameters, defaultValues) = b.randomParameters()
+                    .withRandomDefaultParameters(
+                        probability: 0.1,
+                        randomVariable: { b.randomJsVariable() })
                 b.setParameterTypesForNextSubroutine(
                     randomParameters.parameterTypes)
                 let instr = b.emit(
-                    BeginArrowFunction(parameters: randomParameters.parameters))
+                    BeginArrowFunction(parameters: randomParameters.parameters),
+                    withInputs: defaultValues)
                 if randomParameters.parameters.hasRestParameter && probability(0.2) {
                     b.getProperty("length", of: instr.innerOutputs.last!)
                 }
@@ -1586,12 +1598,16 @@ public let CodeGenerators: [CodeGenerator] = [
                 "GeneratorFunctionBeginGenerator",
                 provides: [.generatorFunction, .subroutine, .javascript]
             ) { b in
-                let randomParameters = b.randomParameters()
+                let (randomParameters, defaultValues) = b.randomParameters()
+                    .withRandomDefaultParameters(
+                        probability: 0.1,
+                        randomVariable: { b.randomJsVariable() })
                 b.setParameterTypesForNextSubroutine(
                     randomParameters.parameterTypes)
                 let instr = b.emit(
                     BeginGeneratorFunction(
-                        parameters: randomParameters.parameters, functionName: nil))
+                        parameters: randomParameters.parameters, functionName: nil),
+                    withInputs: defaultValues)
                 if randomParameters.parameters.hasRestParameter && probability(0.2) {
                     b.getProperty("length", of: instr.innerOutputs.last!)
                 }
@@ -1623,11 +1639,15 @@ public let CodeGenerators: [CodeGenerator] = [
             GeneratorStub(
                 "AsyncFunctionBeginGenerator", provides: [.javascript, .subroutine, .asyncFunction]
             ) { b in
-                let randomParameters = b.randomParameters()
+                let (randomParameters, defaultValues) = b.randomParameters()
+                    .withRandomDefaultParameters(
+                        probability: 0.1,
+                        randomVariable: { b.randomJsVariable() })
                 b.setParameterTypesForNextSubroutine(
                     randomParameters.parameterTypes)
                 let instr = b.emit(
-                    BeginAsyncFunction(parameters: randomParameters.parameters, functionName: nil))
+                    BeginAsyncFunction(parameters: randomParameters.parameters, functionName: nil),
+                    withInputs: defaultValues)
                 if randomParameters.parameters.hasRestParameter && probability(0.2) {
                     b.getProperty("length", of: instr.innerOutputs.last!)
                 }
@@ -1653,12 +1673,15 @@ public let CodeGenerators: [CodeGenerator] = [
                 "AsyncArrowFunctionBeginGenerator",
                 provides: [.javascript, .asyncFunction]
             ) { b in
-                let randomParameters = b.randomParameters()
+                let (randomParameters, defaultValues) = b.randomParameters()
+                    .withRandomDefaultParameters(
+                        probability: 0.1,
+                        randomVariable: { b.randomJsVariable() })
                 b.setParameterTypesForNextSubroutine(
                     randomParameters.parameterTypes)
                 let instr = b.emit(
                     BeginAsyncArrowFunction(
-                        parameters: randomParameters.parameters))
+                        parameters: randomParameters.parameters), withInputs: defaultValues)
                 if randomParameters.parameters.hasRestParameter && probability(0.2) {
                     b.getProperty("length", of: instr.innerOutputs.last!)
                 }
@@ -1689,12 +1712,16 @@ public let CodeGenerators: [CodeGenerator] = [
                 "AsyncGeneratorFunctionBeginGenerator",
                 provides: [.javascript, .subroutine, .asyncFunction, .generatorFunction]
             ) { b in
-                let randomParameters = b.randomParameters()
+                let (randomParameters, defaultValues) = b.randomParameters()
+                    .withRandomDefaultParameters(
+                        probability: 0.1,
+                        randomVariable: { b.randomJsVariable() })
                 b.setParameterTypesForNextSubroutine(
                     randomParameters.parameterTypes)
                 let instr = b.emit(
                     BeginAsyncGeneratorFunction(
-                        parameters: randomParameters.parameters, functionName: nil))
+                        parameters: randomParameters.parameters, functionName: nil),
+                    withInputs: defaultValues)
                 if randomParameters.parameters.hasRestParameter && probability(0.2) {
                     b.getProperty("length", of: instr.innerOutputs.last!)
                 }

Sources/Fuzzilli/FuzzIL/Instruction.swift

@@ -329,6 +329,7 @@ extension Instruction: ProtobufConvertible {
             return Fuzzilli_Protobuf_Parameters.with {
                 $0.count = UInt32(parameters.count)
                 $0.hasRest_p = parameters.hasRestParameter
+                $0.defaultParameterIndices = parameters.defaultParameterIndices.map(UInt32.init)
             }
         }
 
@@ -1754,7 +1755,9 @@ extension Instruction: ProtobufConvertible {
         }
 
         func convertParameters(_ parameters: Fuzzilli_Protobuf_Parameters) -> Parameters {
-            return Parameters(count: Int(parameters.count), hasRestParameter: parameters.hasRest_p)
+            return Parameters(
+                count: Int(parameters.count), hasRestParameter: parameters.hasRest_p,
+                defaultParameterIndices: parameters.defaultParameterIndices.map(Int.init))
         }
 
         // Converts to the Wasm world global type

Sources/Fuzzilli/FuzzIL/JsOperations.swift

@@ -1320,15 +1320,32 @@ public struct Parameters {
     private let numParameters: UInt32
     /// Whether the last parameter is a rest parameter.
     let hasRestParameter: Bool
+    /// Indices of parameters that have a default value.
+    /// The n-th default parameter will be the n-th input to the BeginAnySubroutine instruction.
+    let defaultParameterIndices: [Int]
 
     /// The total number of parameters. This is equivalent to the number of inner outputs produced from the parameters.
     var count: Int {
         return Int(numParameters)
     }
 
-    init(count: Int, hasRestParameter: Bool = false) {
+    var numDefaultParameters: Int {
+        return defaultParameterIndices.count
+    }
+
+    init(count: Int, hasRestParameter: Bool = false, defaultParameterIndices: [Int] = []) {
+        assert(
+            !hasRestParameter || !defaultParameterIndices.contains(count - 1),
+            "Rest parameter cannot have a default value")
+        assert(
+            defaultParameterIndices.allSatisfy({ $0 >= 0 && $0 < count }),
+            "Invalid default parameter index")
+        assert(
+            defaultParameterIndices == defaultParameterIndices.sorted(),
+            "Default parameter indices must be sorted")
         self.numParameters = UInt32(count)
         self.hasRestParameter = hasRestParameter
+        self.defaultParameterIndices = defaultParameterIndices
     }
 }
 
@@ -1339,16 +1356,17 @@ class BeginAnySubroutine: JsOperation {
     let parameters: Parameters
 
     init(
-        parameters: Parameters, numInputs: Int = 0, numOutputs: Int = 0, numInnerOutputs: Int = 0,
-        attributes: Operation.Attributes = .isBlockStart, requiredContext: Context = .javascript,
-        contextOpened: Context
+        parameters: Parameters, numInputs: Int? = nil, numOutputs: Int = 0,
+        numInnerOutputs: Int = 0, attributes: Operation.Attributes = .isBlockStart,
+        requiredContext: Context = .javascript, contextOpened: Context
     ) {
         assert(contextOpened.contains(.subroutine))
         assert(attributes.contains(.isBlockStart))
         self.parameters = parameters
         super.init(
-            numInputs: numInputs, numOutputs: numOutputs, numInnerOutputs: numInnerOutputs,
-            attributes: attributes, requiredContext: requiredContext, contextOpened: contextOpened)
+            numInputs: numInputs ?? parameters.numDefaultParameters, numOutputs: numOutputs,
+            numInnerOutputs: numInnerOutputs, attributes: attributes,
+            requiredContext: requiredContext, contextOpened: contextOpened)
     }
 }
 
@@ -1365,7 +1383,7 @@ class BeginAnyFunction: BeginAnySubroutine {
     init(parameters: Parameters, contextOpened: Context = [.javascript, .subroutine]) {
         super.init(
             parameters: parameters,
-            numInputs: 0,
+            numInputs: parameters.numDefaultParameters,
             numOutputs: 1,
             numInnerOutputs: parameters.count,
             contextOpened: contextOpened)

Sources/Fuzzilli/Lifting/FuzzILLifter.swift

@@ -408,7 +408,14 @@ public class FuzzILLifter: Lifter {
             .beginAsyncArrowFunction(let op as BeginAnyFunction),
             .beginAsyncGeneratorFunction(let op as BeginAnyFunction):
             let params = instr.innerOutputs.map(lift).joined(separator: ", ")
-            w.emit("\(output()) <- \(op.name) -> \(params)")
+            let inputs =
+                instr.inputs.isEmpty
+                ? ""
+                : " ["
+                    + zip(op.parameters.defaultParameterIndices, instr.inputs).map {
+                        "\($0): \(lift($1))"
+                    }.joined(separator: ", ") + "]"
+            w.emit("\(output()) <- \(op.name)\(inputs) -> \(params)")
             w.increaseIndentionLevel()
 
         case .endPlainFunction(let op as EndAnyFunction),