Fuzzer: Allow using initial content with V8 (WebAssembly#6327)

One problem was that spec testcases had exports with names that are not valid to write as JS exports.name. For example an export with a - in the name would end up as exports.foo-bar etc. Since WebAssembly#6310 that is fixed as we do not emit such JS (we use the generic fuzz_shell.js script which iterates over the keys in exports with exports[name]). Also fix a few trivial fuzzer issues that initial content uncovered: - Ignore a wat file with invalid utf-8. - Print string literals in the same way from JS as from C++. - Enable the stringref flag in V8. - Remove tag imports (the same as we do for global and function and other imports).
dotnet · Jul 12, 2024 · 97d2ffd · 97d2ffd
1 parent d272c1f
commit 97d2ffd
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 5 deletions.
diff --git a/scripts/fuzz_opt.py b/scripts/fuzz_opt.py
@@ -311,6 +311,8 @@ def is_git_repo():
     'exception-handling.wast',
     'translate-eh-old-to-new.wast',
     'rse-eh.wast',
+    # Non-UTF8 strings trap in V8
+    'string-lowering.wast',
 ]
 
 
@@ -756,10 +758,7 @@ def run(self, wasm, extra_d8_flags=[]):
                 return run_vm([shared.V8, FUZZ_SHELL_JS] + shared.V8_OPTS + extra_d8_flags + ['--', wasm])
 
             def can_run(self, wasm):
-                # INITIAL_CONTENT is disallowed because some initial spec testcases
-                # have names that require mangling, see
-                # https://github.com/WebAssembly/binaryen/pull/3216
-                return not INITIAL_CONTENTS
+                return True
 
             def can_compare_to_self(self):
                 # With nans, VM differences can confuse us, so only very simple VMs

diff --git a/scripts/fuzz_shell.js b/scripts/fuzz_shell.js
@@ -47,7 +47,10 @@ function printed(x, y) {
     // JS has just one null. Print that out rather than typeof null which is
     // 'object', below.
     return 'null';
-  } else if (typeof x !== 'number' && typeof x !== 'string') {
+  } else if (typeof x === 'string') {
+    // Emit a string in the same format as the binaryen interpreter.
+    return 'string("' + x + '")';
+  } else if (typeof x !== 'number') {
     // Something that is not a number or string, like a reference. We can't
     // print a reference because it could look different after opts - imagine
     // that a function gets renamed internally (that is, the problem is that

diff --git a/scripts/test/shared.py b/scripts/test/shared.py
@@ -260,6 +260,7 @@ def has_shell_timeout():
     '--experimental-wasm-typed-funcref',
     '--experimental-wasm-memory64',
     '--experimental-wasm-extended-const',
+    '--experimental-wasm-stringref',
     '--wasm-final-types',
 ]
 

diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp
@@ -433,6 +433,15 @@ void TranslateToFuzzReader::setupGlobals() {
 }
 
 void TranslateToFuzzReader::setupTags() {
+  // As in modifyInitialFunctions(), we can't allow tag imports as it would trap
+  // when the fuzzing infrastructure doesn't know what to provide.
+  for (auto& tag : wasm.tags) {
+    if (tag->imported()) {
+      tag->module = tag->base = Name();
+    }
+  }
+
+  // Add some random tags.
   Index num = upTo(3);
   for (size_t i = 0; i < num; i++) {
     addTag();