From ab7f200ddc8b872a14e3cebe5a54230462f62a96 Mon Sep 17 00:00:00 2001 From: stevenfontanella Date: Wed, 29 Apr 2026 21:42:58 +0000 Subject: [PATCH] Fuzzer --- src/tools/fuzzing.h | 2 + src/tools/fuzzing/fuzzing.cpp | 33 +- ...e-to-fuzz_all-features_metrics_noprint.txt | 118 ++- ...-to-fuzz_all-features_metrics_noprint.wast | 918 ++++++++++++++++++ 4 files changed, 1022 insertions(+), 49 deletions(-) diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h index 803e13d5d0b..22394b1e989 100644 --- a/src/tools/fuzzing.h +++ b/src/tools/fuzzing.h @@ -477,6 +477,8 @@ class TranslateToFuzzReader { Expression* makeGlobalGet(Type type); Expression* makeGlobalSet(Type type); Expression* makeTupleMake(Type type); + Expression* makeWideIntAddSub(Type type); + Expression* makeWideIntMul(Type type); Expression* makeTupleExtract(Type type); Expression* makePointer(); Expression* makeNonAtomicLoad(Type type); diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 759061da88f..e9a731a8389 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -2814,6 +2814,11 @@ Expression* TranslateToFuzzReader::_makeConcrete(Type type) { } if (type.isTuple()) { options.add(FeatureSet::Multivalue, &Self::makeTupleMake); + if (type == Types::getI64Pair()) { + options.add(FeatureSet::WideArithmetic, + WeightedOption{&Self::makeWideIntAddSub, VeryImportant}, + WeightedOption{&Self::makeWideIntMul, VeryImportant}); + } } if (type.isRef()) { auto heapType = type.getHeapType(); @@ -3496,6 +3501,26 @@ Expression* TranslateToFuzzReader::makeTupleMake(Type type) { return builder.makeTupleMake(std::move(elements)); } +Expression* TranslateToFuzzReader::makeWideIntAddSub(Type type) { + assert(wasm.features.hasWideArithmetic()); + assert(type == Types::getI64Pair()); + auto op = oneIn(2) ? AddInt128 : SubInt128; + auto* leftLow = make(Type::i64); + auto* leftHigh = make(Type::i64); + auto* rightLow = make(Type::i64); + auto* rightHigh = make(Type::i64); + return builder.makeWideIntAddSub(op, leftLow, leftHigh, rightLow, rightHigh); +} + +Expression* TranslateToFuzzReader::makeWideIntMul(Type type) { + assert(wasm.features.hasWideArithmetic()); + assert(type == Types::getI64Pair()); + auto op = oneIn(2) ? MulWideSInt64 : MulWideUInt64; + auto* left = make(Type::i64); + auto* right = make(Type::i64); + return builder.makeWideIntMul(op, left, right); +} + Expression* TranslateToFuzzReader::makeTupleExtract(Type type) { // Tuples can require locals in binary format conversions. if (!type.isDefaultable()) { @@ -6426,9 +6451,13 @@ Type TranslateToFuzzReader::getMVPType() { } Type TranslateToFuzzReader::getTupleType() { + if (wasm.features.hasWideArithmetic() && oneIn(2)) { + return Types::getI64Pair(); + } + std::vector elements; - size_t maxElements = 2 + upTo(fuzzParams->MAX_TUPLE_SIZE - 1); - for (size_t i = 0; i < maxElements; ++i) { + size_t numElements = 2 + upTo(fuzzParams->MAX_TUPLE_SIZE - 2); + for (size_t i = 0; i < numElements; ++i) { auto type = getSingleConcreteType(); // Don't add a non-defaultable type into a tuple, as currently we can't // spill them into locals (that would require a "let"). diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt index 961f8e1e8bc..b2d072d574a 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt @@ -1,55 +1,79 @@ Metrics total - [exports] : 10 - [funcs] : 5 - [globals] : 2 + [exports] : 64 + [funcs] : 99 + [globals] : 1 [imports] : 13 [memories] : 1 [memory-data] : 16 - [table-data] : 2 + [table-data] : 33 [tables] : 2 - [tags] : 3 - [total] : 704 - [vars] : 26 - ArrayNewFixed : 6 - AtomicFence : 3 - Binary : 30 - Block : 130 - BrOn : 6 - Break : 23 - Call : 30 - CallRef : 2 - Const : 103 - Drop : 10 - GlobalGet : 44 - GlobalSet : 42 + [tags] : 2 + [total] : 5312 + [vars] : 562 + ArrayCopy : 2 + ArrayFill : 1 + ArrayLen : 15 + ArrayNew : 63 + ArrayNewFixed : 19 + ArraySet : 11 + AtomicCmpxchg : 6 + AtomicFence : 11 + AtomicNotify : 3 + Binary : 338 + Block : 856 + BrOn : 24 + Break : 90 + Call : 168 + CallIndirect : 9 + CallRef : 12 + Const : 860 + DataDrop : 4 + Drop : 69 + GlobalGet : 330 + GlobalSet : 328 I31Get : 3 - If : 39 - Load : 6 - LocalGet : 25 - LocalSet : 27 - Loop : 16 + If : 245 + Load : 33 + LocalGet : 252 + LocalSet : 249 + Loop : 65 + MemoryFill : 1 MemoryInit : 1 - Nop : 7 - Pop : 6 - RefEq : 1 - RefFunc : 11 - RefI31 : 10 - RefNull : 10 - RefTest : 7 - Return : 3 - Select : 1 - Store : 2 - StringConst : 7 - StringEq : 1 - StringMeasure : 2 - StringWTF16Get : 2 - StructNew : 8 - TableSet : 2 - Throw : 2 - Try : 6 - TryTable : 6 - TupleExtract : 3 - TupleMake : 5 - Unary : 35 - Unreachable : 21 + Nop : 73 + Pop : 37 + RefAs : 57 + RefCast : 7 + RefEq : 26 + RefFunc : 111 + RefI31 : 12 + RefIsNull : 6 + RefNull : 93 + RefTest : 4 + Return : 39 + SIMDExtract : 14 + Select : 27 + Store : 14 + StringConst : 26 + StringEncode : 2 + StringEq : 5 + StringMeasure : 5 + StringWTF16Get : 3 + StructCmpxchg : 1 + StructGet : 14 + StructNew : 95 + StructRMW : 5 + StructSet : 6 + Switch : 1 + TableGet : 1 + TableSet : 5 + Throw : 6 + ThrowRef : 2 + Try : 48 + TryTable : 26 + TupleExtract : 21 + TupleMake : 38 + Unary : 242 + Unreachable : 169 + WideIntAddSub : 1 + WideIntMul : 2 diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast index 3eae51db6aa..cf08954b5db 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast @@ -95,6 +95,924 @@ one [chants|chance] out between two worlds fire, walk with me +(&!*^@$*&@!^*&@#^$*&@#$*&@#$^*&@^#$)(&)(!&$(*&^@&#*$ + +) # this isn't really needed either + +bleh +(module # fake module here, for test harness, but it is really not needed +.. +any +3INPUT +h e r e +*will* +d0 +0.753538467597066 +2.2339337309978227 +3.14159 +................. +lorem ipsum whatever + +through the darkness of future past +the magician longs to see +one [chants|chance] out between two worlds +fire, walk with me + + +h e r e +*will* +d0 +0.753538467597066 +2.2339337309978227 +................. +lorem ipsum whatever + +through the darkness of future past +the magician longs to see +one [chants|chance] out between two worlds +fire, walk with me + + +(&!*^@$*&@!^*&@#^$*&@#$*&@#$^*&@^#$)(&)(!&$(*&^@&#*$ + +MOAR testing09237861235980723894570389yfskdjhgfm13jo847rtnjcsjjdhfgnc12o387456vb1p98364vlaisutfvlKUYASDOV*&Q@$%VOUAYFROVLUKSYDFP(*A^*&%DFASF________ +<>?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS