From c0a9e8f9a6ba3e2e9e2524b627fbfd78096878a3 Mon Sep 17 00:00:00 2001 From: stevenfontanella Date: Wed, 29 Apr 2026 21:42:58 +0000 Subject: [PATCH 1/2] Fuzzer --- src/tools/fuzzing.h | 2 + src/tools/fuzzing/fuzzing.cpp | 33 +- ...e-to-fuzz_all-features_metrics_noprint.txt | 118 ++- ...-to-fuzz_all-features_metrics_noprint.wast | 918 ++++++++++++++++++ 4 files changed, 1022 insertions(+), 49 deletions(-) diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h index 803e13d5d0b..22394b1e989 100644 --- a/src/tools/fuzzing.h +++ b/src/tools/fuzzing.h @@ -477,6 +477,8 @@ class TranslateToFuzzReader { Expression* makeGlobalGet(Type type); Expression* makeGlobalSet(Type type); Expression* makeTupleMake(Type type); + Expression* makeWideIntAddSub(Type type); + Expression* makeWideIntMul(Type type); Expression* makeTupleExtract(Type type); Expression* makePointer(); Expression* makeNonAtomicLoad(Type type); diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 759061da88f..e9a731a8389 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -2814,6 +2814,11 @@ Expression* TranslateToFuzzReader::_makeConcrete(Type type) { } if (type.isTuple()) { options.add(FeatureSet::Multivalue, &Self::makeTupleMake); + if (type == Types::getI64Pair()) { + options.add(FeatureSet::WideArithmetic, + WeightedOption{&Self::makeWideIntAddSub, VeryImportant}, + WeightedOption{&Self::makeWideIntMul, VeryImportant}); + } } if (type.isRef()) { auto heapType = type.getHeapType(); @@ -3496,6 +3501,26 @@ Expression* TranslateToFuzzReader::makeTupleMake(Type type) { return builder.makeTupleMake(std::move(elements)); } +Expression* TranslateToFuzzReader::makeWideIntAddSub(Type type) { + assert(wasm.features.hasWideArithmetic()); + assert(type == Types::getI64Pair()); + auto op = oneIn(2) ? AddInt128 : SubInt128; + auto* leftLow = make(Type::i64); + auto* leftHigh = make(Type::i64); + auto* rightLow = make(Type::i64); + auto* rightHigh = make(Type::i64); + return builder.makeWideIntAddSub(op, leftLow, leftHigh, rightLow, rightHigh); +} + +Expression* TranslateToFuzzReader::makeWideIntMul(Type type) { + assert(wasm.features.hasWideArithmetic()); + assert(type == Types::getI64Pair()); + auto op = oneIn(2) ? MulWideSInt64 : MulWideUInt64; + auto* left = make(Type::i64); + auto* right = make(Type::i64); + return builder.makeWideIntMul(op, left, right); +} + Expression* TranslateToFuzzReader::makeTupleExtract(Type type) { // Tuples can require locals in binary format conversions. if (!type.isDefaultable()) { @@ -6426,9 +6451,13 @@ Type TranslateToFuzzReader::getMVPType() { } Type TranslateToFuzzReader::getTupleType() { + if (wasm.features.hasWideArithmetic() && oneIn(2)) { + return Types::getI64Pair(); + } + std::vector elements; - size_t maxElements = 2 + upTo(fuzzParams->MAX_TUPLE_SIZE - 1); - for (size_t i = 0; i < maxElements; ++i) { + size_t numElements = 2 + upTo(fuzzParams->MAX_TUPLE_SIZE - 2); + for (size_t i = 0; i < numElements; ++i) { auto type = getSingleConcreteType(); // Don't add a non-defaultable type into a tuple, as currently we can't // spill them into locals (that would require a "let"). diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt index 961f8e1e8bc..94f554794f5 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt @@ -1,55 +1,79 @@ Metrics total - [exports] : 10 - [funcs] : 5 - [globals] : 2 + [exports] : 63 + [funcs] : 99 + [globals] : 1 [imports] : 13 [memories] : 1 [memory-data] : 16 - [table-data] : 2 + [table-data] : 33 [tables] : 2 - [tags] : 3 - [total] : 704 - [vars] : 26 - ArrayNewFixed : 6 - AtomicFence : 3 - Binary : 30 - Block : 130 - BrOn : 6 - Break : 23 - Call : 30 - CallRef : 2 - Const : 103 - Drop : 10 - GlobalGet : 44 - GlobalSet : 42 + [tags] : 2 + [total] : 5316 + [vars] : 567 + ArrayCopy : 2 + ArrayFill : 1 + ArrayLen : 16 + ArrayNew : 64 + ArrayNewFixed : 18 + ArraySet : 12 + AtomicCmpxchg : 6 + AtomicFence : 11 + AtomicNotify : 2 + Binary : 337 + Block : 856 + BrOn : 24 + Break : 89 + Call : 167 + CallIndirect : 9 + CallRef : 12 + Const : 858 + DataDrop : 4 + Drop : 69 + GlobalGet : 330 + GlobalSet : 328 I31Get : 3 - If : 39 - Load : 6 - LocalGet : 25 - LocalSet : 27 - Loop : 16 + If : 246 + Load : 32 + LocalGet : 254 + LocalSet : 254 + Loop : 65 + MemoryFill : 1 MemoryInit : 1 - Nop : 7 - Pop : 6 - RefEq : 1 - RefFunc : 11 - RefI31 : 10 - RefNull : 10 - RefTest : 7 - Return : 3 - Select : 1 - Store : 2 - StringConst : 7 - StringEq : 1 - StringMeasure : 2 - StringWTF16Get : 2 - StructNew : 8 - TableSet : 2 - Throw : 2 - Try : 6 - TryTable : 6 - TupleExtract : 3 - TupleMake : 5 - Unary : 35 - Unreachable : 21 + Nop : 73 + Pop : 37 + RefAs : 58 + RefCast : 7 + RefEq : 26 + RefFunc : 111 + RefI31 : 14 + RefIsNull : 6 + RefNull : 93 + RefTest : 4 + Return : 39 + SIMDExtract : 14 + Select : 27 + Store : 14 + StringConst : 26 + StringEncode : 2 + StringEq : 5 + StringMeasure : 5 + StringWTF16Get : 3 + StructCmpxchg : 1 + StructGet : 15 + StructNew : 95 + StructRMW : 5 + StructSet : 6 + Switch : 1 + TableGet : 1 + TableSet : 5 + Throw : 6 + ThrowRef : 2 + Try : 48 + TryTable : 26 + TupleExtract : 20 + TupleMake : 37 + Unary : 241 + Unreachable : 169 + WideIntAddSub : 1 + WideIntMul : 2 diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast index 3eae51db6aa..cf08954b5db 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast @@ -95,6 +95,924 @@ one [chants|chance] out between two worlds fire, walk with me +(&!*^@$*&@!^*&@#^$*&@#$*&@#$^*&@^#$)(&)(!&$(*&^@&#*$ + +) # this isn't really needed either + +bleh +(module # fake module here, for test harness, but it is really not needed +.. +any +3INPUT +h e r e +*will* +d0 +0.753538467597066 +2.2339337309978227 +3.14159 +................. +lorem ipsum whatever + +through the darkness of future past +the magician longs to see +one [chants|chance] out between two worlds +fire, walk with me + + +h e r e +*will* +d0 +0.753538467597066 +2.2339337309978227 +................. +lorem ipsum whatever + +through the darkness of future past +the magician longs to see +one [chants|chance] out between two worlds +fire, walk with me + + +(&!*^@$*&@!^*&@#^$*&@#$*&@#$^*&@^#$)(&)(!&$(*&^@&#*$ + +MOAR testing09237861235980723894570389yfskdjhgfm13jo847rtnjcsjjdhfgnc12o387456vb1p98364vlaisutfvlKUYASDOV*&Q@$%VOUAYFROVLUKSYDFP(*A^*&%DFASF________ +<>?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS Date: Sat, 23 May 2026 17:19:03 +0000 Subject: [PATCH 2/2] Try reducing seed file size --- ...e-to-fuzz_all-features_metrics_noprint.txt | 116 +-- ...-to-fuzz_all-features_metrics_noprint.wast | 918 ------------------ 2 files changed, 45 insertions(+), 989 deletions(-) diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt index 94f554794f5..f9172a85b20 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt @@ -1,79 +1,53 @@ Metrics total - [exports] : 63 - [funcs] : 99 - [globals] : 1 + [exports] : 12 + [funcs] : 14 + [globals] : 2 [imports] : 13 [memories] : 1 [memory-data] : 16 - [table-data] : 33 + [table-data] : 4 [tables] : 2 [tags] : 2 - [total] : 5316 - [vars] : 567 - ArrayCopy : 2 - ArrayFill : 1 - ArrayLen : 16 - ArrayNew : 64 - ArrayNewFixed : 18 - ArraySet : 12 - AtomicCmpxchg : 6 - AtomicFence : 11 - AtomicNotify : 2 - Binary : 337 - Block : 856 - BrOn : 24 - Break : 89 - Call : 167 - CallIndirect : 9 - CallRef : 12 - Const : 858 - DataDrop : 4 - Drop : 69 - GlobalGet : 330 - GlobalSet : 328 - I31Get : 3 - If : 246 - Load : 32 - LocalGet : 254 - LocalSet : 254 - Loop : 65 - MemoryFill : 1 - MemoryInit : 1 - Nop : 73 - Pop : 37 - RefAs : 58 - RefCast : 7 - RefEq : 26 - RefFunc : 111 + [total] : 598 + [vars] : 54 + ArrayNewFixed : 7 + AtomicCmpxchg : 1 + AtomicFence : 3 + AtomicNotify : 1 + Binary : 36 + Block : 109 + BrOn : 4 + Break : 12 + Call : 29 + CallIndirect : 1 + CallRef : 1 + Const : 97 + Drop : 13 + GlobalGet : 41 + GlobalSet : 40 + If : 26 + Load : 9 + LocalGet : 12 + LocalSet : 16 + Loop : 6 + Nop : 14 + Pop : 4 + RefCast : 2 + RefEq : 2 + RefFunc : 6 RefI31 : 14 - RefIsNull : 6 - RefNull : 93 - RefTest : 4 - Return : 39 - SIMDExtract : 14 - Select : 27 - Store : 14 - StringConst : 26 - StringEncode : 2 - StringEq : 5 - StringMeasure : 5 - StringWTF16Get : 3 - StructCmpxchg : 1 - StructGet : 15 - StructNew : 95 - StructRMW : 5 - StructSet : 6 - Switch : 1 - TableGet : 1 - TableSet : 5 - Throw : 6 - ThrowRef : 2 - Try : 48 - TryTable : 26 - TupleExtract : 20 - TupleMake : 37 - Unary : 241 - Unreachable : 169 - WideIntAddSub : 1 - WideIntMul : 2 + RefIsNull : 2 + RefNull : 1 + Return : 6 + SIMDExtract : 4 + Select : 4 + StringConst : 4 + StringEq : 2 + StringWTF16Get : 1 + StructNew : 7 + Try : 5 + TryTable : 5 + TupleExtract : 1 + Unary : 30 + Unreachable : 20 diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast index cf08954b5db..3eae51db6aa 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast @@ -95,924 +95,6 @@ one [chants|chance] out between two worlds fire, walk with me -(&!*^@$*&@!^*&@#^$*&@#$*&@#$^*&@^#$)(&)(!&$(*&^@&#*$ - -) # this isn't really needed either - -bleh -(module # fake module here, for test harness, but it is really not needed -.. -any -3INPUT -h e r e -*will* -d0 -0.753538467597066 -2.2339337309978227 -3.14159 -................. -lorem ipsum whatever - -through the darkness of future past -the magician longs to see -one [chants|chance] out between two worlds -fire, walk with me - - -h e r e -*will* -d0 -0.753538467597066 -2.2339337309978227 -................. -lorem ipsum whatever - -through the darkness of future past -the magician longs to see -one [chants|chance] out between two worlds -fire, walk with me - - -(&!*^@$*&@!^*&@#^$*&@#$*&@#$^*&@^#$)(&)(!&$(*&^@&#*$ - -MOAR testing09237861235980723894570389yfskdjhgfm13jo847rtnjcsjjdhfgnc12o387456vb1p98364vlaisutfvlKUYASDOV*&Q@$%VOUAYFROVLUKSYDFP(*A^*&%DFASF________ -<>?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS