From c0a9e8f9a6ba3e2e9e2524b627fbfd78096878a3 Mon Sep 17 00:00:00 2001 From: stevenfontanella Date: Wed, 29 Apr 2026 21:42:58 +0000 Subject: [PATCH 1/8] Fuzzer --- src/tools/fuzzing.h | 2 + src/tools/fuzzing/fuzzing.cpp | 33 +- ...e-to-fuzz_all-features_metrics_noprint.txt | 118 ++- ...-to-fuzz_all-features_metrics_noprint.wast | 918 ++++++++++++++++++ 4 files changed, 1022 insertions(+), 49 deletions(-) diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h index 803e13d5d0b..22394b1e989 100644 --- a/src/tools/fuzzing.h +++ b/src/tools/fuzzing.h @@ -477,6 +477,8 @@ class TranslateToFuzzReader { Expression* makeGlobalGet(Type type); Expression* makeGlobalSet(Type type); Expression* makeTupleMake(Type type); + Expression* makeWideIntAddSub(Type type); + Expression* makeWideIntMul(Type type); Expression* makeTupleExtract(Type type); Expression* makePointer(); Expression* makeNonAtomicLoad(Type type); diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 759061da88f..e9a731a8389 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -2814,6 +2814,11 @@ Expression* TranslateToFuzzReader::_makeConcrete(Type type) { } if (type.isTuple()) { options.add(FeatureSet::Multivalue, &Self::makeTupleMake); + if (type == Types::getI64Pair()) { + options.add(FeatureSet::WideArithmetic, + WeightedOption{&Self::makeWideIntAddSub, VeryImportant}, + WeightedOption{&Self::makeWideIntMul, VeryImportant}); + } } if (type.isRef()) { auto heapType = type.getHeapType(); @@ -3496,6 +3501,26 @@ Expression* TranslateToFuzzReader::makeTupleMake(Type type) { return builder.makeTupleMake(std::move(elements)); } +Expression* TranslateToFuzzReader::makeWideIntAddSub(Type type) { + assert(wasm.features.hasWideArithmetic()); + assert(type == Types::getI64Pair()); + auto op = oneIn(2) ? AddInt128 : SubInt128; + auto* leftLow = make(Type::i64); + auto* leftHigh = make(Type::i64); + auto* rightLow = make(Type::i64); + auto* rightHigh = make(Type::i64); + return builder.makeWideIntAddSub(op, leftLow, leftHigh, rightLow, rightHigh); +} + +Expression* TranslateToFuzzReader::makeWideIntMul(Type type) { + assert(wasm.features.hasWideArithmetic()); + assert(type == Types::getI64Pair()); + auto op = oneIn(2) ? MulWideSInt64 : MulWideUInt64; + auto* left = make(Type::i64); + auto* right = make(Type::i64); + return builder.makeWideIntMul(op, left, right); +} + Expression* TranslateToFuzzReader::makeTupleExtract(Type type) { // Tuples can require locals in binary format conversions. if (!type.isDefaultable()) { @@ -6426,9 +6451,13 @@ Type TranslateToFuzzReader::getMVPType() { } Type TranslateToFuzzReader::getTupleType() { + if (wasm.features.hasWideArithmetic() && oneIn(2)) { + return Types::getI64Pair(); + } + std::vector elements; - size_t maxElements = 2 + upTo(fuzzParams->MAX_TUPLE_SIZE - 1); - for (size_t i = 0; i < maxElements; ++i) { + size_t numElements = 2 + upTo(fuzzParams->MAX_TUPLE_SIZE - 2); + for (size_t i = 0; i < numElements; ++i) { auto type = getSingleConcreteType(); // Don't add a non-defaultable type into a tuple, as currently we can't // spill them into locals (that would require a "let"). diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt index 961f8e1e8bc..94f554794f5 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt @@ -1,55 +1,79 @@ Metrics total - [exports] : 10 - [funcs] : 5 - [globals] : 2 + [exports] : 63 + [funcs] : 99 + [globals] : 1 [imports] : 13 [memories] : 1 [memory-data] : 16 - [table-data] : 2 + [table-data] : 33 [tables] : 2 - [tags] : 3 - [total] : 704 - [vars] : 26 - ArrayNewFixed : 6 - AtomicFence : 3 - Binary : 30 - Block : 130 - BrOn : 6 - Break : 23 - Call : 30 - CallRef : 2 - Const : 103 - Drop : 10 - GlobalGet : 44 - GlobalSet : 42 + [tags] : 2 + [total] : 5316 + [vars] : 567 + ArrayCopy : 2 + ArrayFill : 1 + ArrayLen : 16 + ArrayNew : 64 + ArrayNewFixed : 18 + ArraySet : 12 + AtomicCmpxchg : 6 + AtomicFence : 11 + AtomicNotify : 2 + Binary : 337 + Block : 856 + BrOn : 24 + Break : 89 + Call : 167 + CallIndirect : 9 + CallRef : 12 + Const : 858 + DataDrop : 4 + Drop : 69 + GlobalGet : 330 + GlobalSet : 328 I31Get : 3 - If : 39 - Load : 6 - LocalGet : 25 - LocalSet : 27 - Loop : 16 + If : 246 + Load : 32 + LocalGet : 254 + LocalSet : 254 + Loop : 65 + MemoryFill : 1 MemoryInit : 1 - Nop : 7 - Pop : 6 - RefEq : 1 - RefFunc : 11 - RefI31 : 10 - RefNull : 10 - RefTest : 7 - Return : 3 - Select : 1 - Store : 2 - StringConst : 7 - StringEq : 1 - StringMeasure : 2 - StringWTF16Get : 2 - StructNew : 8 - TableSet : 2 - Throw : 2 - Try : 6 - TryTable : 6 - TupleExtract : 3 - TupleMake : 5 - Unary : 35 - Unreachable : 21 + Nop : 73 + Pop : 37 + RefAs : 58 + RefCast : 7 + RefEq : 26 + RefFunc : 111 + RefI31 : 14 + RefIsNull : 6 + RefNull : 93 + RefTest : 4 + Return : 39 + SIMDExtract : 14 + Select : 27 + Store : 14 + StringConst : 26 + StringEncode : 2 + StringEq : 5 + StringMeasure : 5 + StringWTF16Get : 3 + StructCmpxchg : 1 + StructGet : 15 + StructNew : 95 + StructRMW : 5 + StructSet : 6 + Switch : 1 + TableGet : 1 + TableSet : 5 + Throw : 6 + ThrowRef : 2 + Try : 48 + TryTable : 26 + TupleExtract : 20 + TupleMake : 37 + Unary : 241 + Unreachable : 169 + WideIntAddSub : 1 + WideIntMul : 2 diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast index 3eae51db6aa..cf08954b5db 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast @@ -95,6 +95,924 @@ one [chants|chance] out between two worlds fire, walk with me +(&!*^@$*&@!^*&@#^$*&@#$*&@#$^*&@^#$)(&)(!&$(*&^@&#*$ + +) # this isn't really needed either + +bleh +(module # fake module here, for test harness, but it is really not needed +.. +any +3INPUT +h e r e +*will* +d0 +0.753538467597066 +2.2339337309978227 +3.14159 +................. +lorem ipsum whatever + +through the darkness of future past +the magician longs to see +one [chants|chance] out between two worlds +fire, walk with me + + +h e r e +*will* +d0 +0.753538467597066 +2.2339337309978227 +................. +lorem ipsum whatever + +through the darkness of future past +the magician longs to see +one [chants|chance] out between two worlds +fire, walk with me + + +(&!*^@$*&@!^*&@#^$*&@#$*&@#$^*&@^#$)(&)(!&$(*&^@&#*$ + +MOAR testing09237861235980723894570389yfskdjhgfm13jo847rtnjcsjjdhfgnc12o387456vb1p98364vlaisutfvlKUYASDOV*&Q@$%VOUAYFROVLUKSYDFP(*A^*&%DFASF________ +<>?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS Date: Sat, 23 May 2026 17:19:03 +0000 Subject: [PATCH 2/8] Try reducing seed file size --- ...e-to-fuzz_all-features_metrics_noprint.txt | 116 +-- ...-to-fuzz_all-features_metrics_noprint.wast | 918 ------------------ 2 files changed, 45 insertions(+), 989 deletions(-) diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt index 94f554794f5..f9172a85b20 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt @@ -1,79 +1,53 @@ Metrics total - [exports] : 63 - [funcs] : 99 - [globals] : 1 + [exports] : 12 + [funcs] : 14 + [globals] : 2 [imports] : 13 [memories] : 1 [memory-data] : 16 - [table-data] : 33 + [table-data] : 4 [tables] : 2 [tags] : 2 - [total] : 5316 - [vars] : 567 - ArrayCopy : 2 - ArrayFill : 1 - ArrayLen : 16 - ArrayNew : 64 - ArrayNewFixed : 18 - ArraySet : 12 - AtomicCmpxchg : 6 - AtomicFence : 11 - AtomicNotify : 2 - Binary : 337 - Block : 856 - BrOn : 24 - Break : 89 - Call : 167 - CallIndirect : 9 - CallRef : 12 - Const : 858 - DataDrop : 4 - Drop : 69 - GlobalGet : 330 - GlobalSet : 328 - I31Get : 3 - If : 246 - Load : 32 - LocalGet : 254 - LocalSet : 254 - Loop : 65 - MemoryFill : 1 - MemoryInit : 1 - Nop : 73 - Pop : 37 - RefAs : 58 - RefCast : 7 - RefEq : 26 - RefFunc : 111 + [total] : 598 + [vars] : 54 + ArrayNewFixed : 7 + AtomicCmpxchg : 1 + AtomicFence : 3 + AtomicNotify : 1 + Binary : 36 + Block : 109 + BrOn : 4 + Break : 12 + Call : 29 + CallIndirect : 1 + CallRef : 1 + Const : 97 + Drop : 13 + GlobalGet : 41 + GlobalSet : 40 + If : 26 + Load : 9 + LocalGet : 12 + LocalSet : 16 + Loop : 6 + Nop : 14 + Pop : 4 + RefCast : 2 + RefEq : 2 + RefFunc : 6 RefI31 : 14 - RefIsNull : 6 - RefNull : 93 - RefTest : 4 - Return : 39 - SIMDExtract : 14 - Select : 27 - Store : 14 - StringConst : 26 - StringEncode : 2 - StringEq : 5 - StringMeasure : 5 - StringWTF16Get : 3 - StructCmpxchg : 1 - StructGet : 15 - StructNew : 95 - StructRMW : 5 - StructSet : 6 - Switch : 1 - TableGet : 1 - TableSet : 5 - Throw : 6 - ThrowRef : 2 - Try : 48 - TryTable : 26 - TupleExtract : 20 - TupleMake : 37 - Unary : 241 - Unreachable : 169 - WideIntAddSub : 1 - WideIntMul : 2 + RefIsNull : 2 + RefNull : 1 + Return : 6 + SIMDExtract : 4 + Select : 4 + StringConst : 4 + StringEq : 2 + StringWTF16Get : 1 + StructNew : 7 + Try : 5 + TryTable : 5 + TupleExtract : 1 + Unary : 30 + Unreachable : 20 diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast index cf08954b5db..3eae51db6aa 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast @@ -95,924 +95,6 @@ one [chants|chance] out between two worlds fire, walk with me -(&!*^@$*&@!^*&@#^$*&@#$*&@#$^*&@^#$)(&)(!&$(*&^@&#*$ - -) # this isn't really needed either - -bleh -(module # fake module here, for test harness, but it is really not needed -.. -any -3INPUT -h e r e -*will* -d0 -0.753538467597066 -2.2339337309978227 -3.14159 -................. -lorem ipsum whatever - -through the darkness of future past -the magician longs to see -one [chants|chance] out between two worlds -fire, walk with me - - -h e r e -*will* -d0 -0.753538467597066 -2.2339337309978227 -................. -lorem ipsum whatever - -through the darkness of future past -the magician longs to see -one [chants|chance] out between two worlds -fire, walk with me - - -(&!*^@$*&@!^*&@#^$*&@#$*&@#$^*&@^#$)(&)(!&$(*&^@&#*$ - -MOAR testing09237861235980723894570389yfskdjhgfm13jo847rtnjcsjjdhfgnc12o387456vb1p98364vlaisutfvlKUYASDOV*&Q@$%VOUAYFROVLUKSYDFP(*A^*&%DFASF________ -<>?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS?><>?>>?<>??>DS Date: Tue, 26 May 2026 17:45:44 +0000 Subject: [PATCH 3/8] WIP --- src/tools/fuzzing.h | 14 +++- src/tools/fuzzing/fuzzing.cpp | 32 +++++--- src/tools/fuzzing/heap-types.cpp | 2 +- src/tools/fuzzing/parameters.cpp | 2 +- ...e-to-fuzz_all-features_metrics_noprint.txt | 80 +++++++++---------- 5 files changed, 74 insertions(+), 56 deletions(-) diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h index 22394b1e989..8336ee51e70 100644 --- a/src/tools/fuzzing.h +++ b/src/tools/fuzzing.h @@ -479,6 +479,7 @@ class TranslateToFuzzReader { Expression* makeTupleMake(Type type); Expression* makeWideIntAddSub(Type type); Expression* makeWideIntMul(Type type); + Expression* makeWideIntExpression(Type type); Expression* makeTupleExtract(Type type); Expression* makePointer(); Expression* makeNonAtomicLoad(Type type); @@ -495,7 +496,18 @@ class TranslateToFuzzReader { // able to emit a literal Const, like say if the type is a function reference // then we may emit a RefFunc, but also we may have other requirements, like // we may add a GC cast to fixup the type. - Expression* makeConst(Type type); + Expression* makeConst(Type type, bool isGlobalInitializer = false); + + // Emit a constant expression for a given type, as best we can. We may not be + // able to emit a literal Const, like say if the type is a function reference + // then we may emit a RefFunc, but also we may have other requirements, like + // we may add a GC cast to fixup the type. + // + // This variant of `makeConst` is here so we can reference it as a pointer to + // a class method in _makeConcrete. + Expression* makeConstForNonGlobal(Type type) { + return makeConst(type, false); + } // Generate reference values. One function handles basic types, and the other // compound ones. diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index e9a731a8389..00db0107049 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -722,7 +722,7 @@ void TranslateToFuzzReader::setupGlobals() { // Remove import info from imported globals, and give them a simple // initializer. global->module = global->base = Name(); - global->init = makeConst(global->type); + global->init = makeConst(global->type, /*isGlobalInitializer=*/true); } } else { // If the initialization used an imported global that we made @@ -733,7 +733,8 @@ void TranslateToFuzzReader::setupGlobals() { auto gets = FindAll(global->init); for (auto& get : gets.list) { if (!wasm.getGlobal(get->name)->imported()) { - global->init = makeConst(global->type); + global->init = + makeConst(global->type, /*isGlobalInitializer=*/true); break; } } @@ -780,7 +781,7 @@ void TranslateToFuzzReader::setupGlobals() { // For now we disallow anything but tuple.make at the top level of tuple // globals (see details in wasm-binary.cpp). In the future we may allow // global.get or other things here. - global->init = makeConst(global->type); + global->init = makeConst(global->type, /*isGlobalInitializer=*/true); assert(global->init->is()); } if (!FindAll(global->init).list.empty() || @@ -794,7 +795,7 @@ void TranslateToFuzzReader::setupGlobals() { // Likewise, if we see cont.new, we must switch as well. That can happen // if a nested struct we create has a continuation field, for example. global->type = getMVPType(); - global->init = makeConst(global->type); + global->init = makeConst(global->type, /*isGlobalInitializer=*/true); } } @@ -2761,7 +2762,7 @@ Expression* TranslateToFuzzReader::_makeConcrete(Type type) { WeightedOption{&Self::makeLocalGet, VeryImportant}, WeightedOption{&Self::makeLocalSet, VeryImportant}, WeightedOption{&Self::makeGlobalGet, Important}, - WeightedOption{&Self::makeConst, Important}); + WeightedOption{&Self::makeConstForNonGlobal, Important}); if (canMakeControlFlow) { options .add(FeatureSet::MVP, @@ -2813,11 +2814,10 @@ Expression* TranslateToFuzzReader::_makeConcrete(Type type) { &Self::makeStringGet); } if (type.isTuple()) { - options.add(FeatureSet::Multivalue, &Self::makeTupleMake); - if (type == Types::getI64Pair()) { - options.add(FeatureSet::WideArithmetic, - WeightedOption{&Self::makeWideIntAddSub, VeryImportant}, - WeightedOption{&Self::makeWideIntMul, VeryImportant}); + if (type == Types::getI64Pair() && oneIn(2)) { + options.add(FeatureSet::WideArithmetic, &Self::makeWideIntExpression); + } else { + options.add(FeatureSet::Multivalue, &Self::makeTupleMake); } } if (type.isRef()) { @@ -3521,6 +3521,10 @@ Expression* TranslateToFuzzReader::makeWideIntMul(Type type) { return builder.makeWideIntMul(op, left, right); } +Expression* TranslateToFuzzReader::makeWideIntExpression(Type type) { + return oneIn(2) ? makeWideIntAddSub(type) : makeWideIntMul(type); +} + Expression* TranslateToFuzzReader::makeTupleExtract(Type type) { // Tuples can require locals in binary format conversions. if (!type.isDefaultable()) { @@ -4100,7 +4104,8 @@ Expression* TranslateToFuzzReader::makeRefFuncConst(Type type) { return builder.makeRefFunc(func->name); } -Expression* TranslateToFuzzReader::makeConst(Type type) { +Expression* TranslateToFuzzReader::makeConst(Type type, + bool isGlobalInitializer) { if (type.isRef()) { assert(wasm.features.hasReferenceTypes()); // With a low chance, just emit a null if that is valid. @@ -4115,10 +4120,13 @@ Expression* TranslateToFuzzReader::makeConst(Type type) { } else { return makeCompoundRef(type); } + } else if (type == Types::getI64Pair() && oneIn(2) && !isGlobalInitializer && + wasm.features.hasWideArithmetic()) { + return makeWideIntExpression(type); } else if (type.isTuple()) { std::vector operands; for (const auto& t : type) { - operands.push_back(makeConst(t)); + operands.push_back(makeConst(t, isGlobalInitializer)); } return builder.makeTupleMake(std::move(operands)); } else { diff --git a/src/tools/fuzzing/heap-types.cpp b/src/tools/fuzzing/heap-types.cpp index e2b6b552623..41d3a1cf084 100644 --- a/src/tools/fuzzing/heap-types.cpp +++ b/src/tools/fuzzing/heap-types.cpp @@ -422,7 +422,7 @@ struct HeapTypeGeneratorImpl { } Type generateTupleType(Shareability share) { - std::vector types(2 + rand.upTo(params.MAX_TUPLE_SIZE - 1)); + std::vector types(2 + rand.upTo(params.MAX_TUPLE_SIZE - 2)); for (auto& type : types) { type = generateSingleType(share); } diff --git a/src/tools/fuzzing/parameters.cpp b/src/tools/fuzzing/parameters.cpp index 3220f9625d3..423cad941d5 100644 --- a/src/tools/fuzzing/parameters.cpp +++ b/src/tools/fuzzing/parameters.cpp @@ -26,7 +26,7 @@ void FuzzParams::setDefaults() { MAX_GLOBALS = 30; - MAX_TUPLE_SIZE = 6; + MAX_TUPLE_SIZE = 7; MAX_STRUCT_SIZE = 6; diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt index f9172a85b20..dd4382c4477 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt @@ -1,53 +1,51 @@ Metrics total - [exports] : 12 - [funcs] : 14 + [exports] : 11 + [funcs] : 13 [globals] : 2 - [imports] : 13 + [imports] : 12 [memories] : 1 [memory-data] : 16 [table-data] : 4 [tables] : 2 [tags] : 2 - [total] : 598 - [vars] : 54 - ArrayNewFixed : 7 + [total] : 610 + [vars] : 49 + ArrayNewFixed : 3 AtomicCmpxchg : 1 - AtomicFence : 3 - AtomicNotify : 1 - Binary : 36 - Block : 109 - BrOn : 4 - Break : 12 - Call : 29 - CallIndirect : 1 - CallRef : 1 - Const : 97 - Drop : 13 - GlobalGet : 41 - GlobalSet : 40 - If : 26 - Load : 9 - LocalGet : 12 - LocalSet : 16 - Loop : 6 - Nop : 14 + AtomicFence : 1 + Binary : 38 + Block : 111 + BrOn : 1 + Break : 10 + Call : 18 + CallIndirect : 3 + CallRef : 2 + Const : 106 + Drop : 9 + GlobalGet : 49 + GlobalSet : 48 + If : 33 + Load : 6 + LocalGet : 21 + LocalSet : 18 + Loop : 11 + Nop : 12 Pop : 4 - RefCast : 2 RefEq : 2 - RefFunc : 6 - RefI31 : 14 - RefIsNull : 2 - RefNull : 1 - Return : 6 - SIMDExtract : 4 - Select : 4 - StringConst : 4 - StringEq : 2 + RefFunc : 7 + RefI31 : 8 + RefNull : 2 + Return : 3 + SIMDExtract : 3 + Select : 3 + Store : 3 + StringConst : 3 + StringMeasure : 2 StringWTF16Get : 1 - StructNew : 7 - Try : 5 - TryTable : 5 - TupleExtract : 1 - Unary : 30 - Unreachable : 20 + StructNew : 5 + TableSet : 1 + Try : 4 + TryTable : 2 + Unary : 32 + Unreachable : 24 From 64be00f43b22c64ad5586cf4805dbbb50b372cb2 Mon Sep 17 00:00:00 2001 From: stevenfontanella Date: Wed, 27 May 2026 00:01:14 +0000 Subject: [PATCH 4/8] Revert some unneeded changes --- src/tools/fuzzing.h | 13 +------------ src/tools/fuzzing/fuzzing.cpp | 21 ++++++++------------- 2 files changed, 9 insertions(+), 25 deletions(-) diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h index 8336ee51e70..abc21c60a1a 100644 --- a/src/tools/fuzzing.h +++ b/src/tools/fuzzing.h @@ -496,18 +496,7 @@ class TranslateToFuzzReader { // able to emit a literal Const, like say if the type is a function reference // then we may emit a RefFunc, but also we may have other requirements, like // we may add a GC cast to fixup the type. - Expression* makeConst(Type type, bool isGlobalInitializer = false); - - // Emit a constant expression for a given type, as best we can. We may not be - // able to emit a literal Const, like say if the type is a function reference - // then we may emit a RefFunc, but also we may have other requirements, like - // we may add a GC cast to fixup the type. - // - // This variant of `makeConst` is here so we can reference it as a pointer to - // a class method in _makeConcrete. - Expression* makeConstForNonGlobal(Type type) { - return makeConst(type, false); - } + Expression* makeConst(Type type); // Generate reference values. One function handles basic types, and the other // compound ones. diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 00db0107049..2bd6dd79109 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -722,7 +722,7 @@ void TranslateToFuzzReader::setupGlobals() { // Remove import info from imported globals, and give them a simple // initializer. global->module = global->base = Name(); - global->init = makeConst(global->type, /*isGlobalInitializer=*/true); + global->init = makeConst(global->type); } } else { // If the initialization used an imported global that we made @@ -733,8 +733,7 @@ void TranslateToFuzzReader::setupGlobals() { auto gets = FindAll(global->init); for (auto& get : gets.list) { if (!wasm.getGlobal(get->name)->imported()) { - global->init = - makeConst(global->type, /*isGlobalInitializer=*/true); + global->init = makeConst(global->type); break; } } @@ -781,7 +780,7 @@ void TranslateToFuzzReader::setupGlobals() { // For now we disallow anything but tuple.make at the top level of tuple // globals (see details in wasm-binary.cpp). In the future we may allow // global.get or other things here. - global->init = makeConst(global->type, /*isGlobalInitializer=*/true); + global->init = makeConst(global->type); assert(global->init->is()); } if (!FindAll(global->init).list.empty() || @@ -795,7 +794,7 @@ void TranslateToFuzzReader::setupGlobals() { // Likewise, if we see cont.new, we must switch as well. That can happen // if a nested struct we create has a continuation field, for example. global->type = getMVPType(); - global->init = makeConst(global->type, /*isGlobalInitializer=*/true); + global->init = makeConst(global->type); } } @@ -2762,7 +2761,7 @@ Expression* TranslateToFuzzReader::_makeConcrete(Type type) { WeightedOption{&Self::makeLocalGet, VeryImportant}, WeightedOption{&Self::makeLocalSet, VeryImportant}, WeightedOption{&Self::makeGlobalGet, Important}, - WeightedOption{&Self::makeConstForNonGlobal, Important}); + WeightedOption{&Self::makeConst, Important}); if (canMakeControlFlow) { options .add(FeatureSet::MVP, @@ -4104,8 +4103,7 @@ Expression* TranslateToFuzzReader::makeRefFuncConst(Type type) { return builder.makeRefFunc(func->name); } -Expression* TranslateToFuzzReader::makeConst(Type type, - bool isGlobalInitializer) { +Expression* TranslateToFuzzReader::makeConst(Type type) { if (type.isRef()) { assert(wasm.features.hasReferenceTypes()); // With a low chance, just emit a null if that is valid. @@ -4120,13 +4118,10 @@ Expression* TranslateToFuzzReader::makeConst(Type type, } else { return makeCompoundRef(type); } - } else if (type == Types::getI64Pair() && oneIn(2) && !isGlobalInitializer && - wasm.features.hasWideArithmetic()) { - return makeWideIntExpression(type); } else if (type.isTuple()) { std::vector operands; for (const auto& t : type) { - operands.push_back(makeConst(t, isGlobalInitializer)); + operands.push_back(makeConst(t)); } return builder.makeTupleMake(std::move(operands)); } else { @@ -6480,7 +6475,7 @@ Type TranslateToFuzzReader::getTupleType() { } Type TranslateToFuzzReader::getConcreteType() { - if (wasm.features.hasMultivalue() && oneIn(5)) { + if (wasm.features.hasMultivalue() && oneIn(2)) { return getTupleType(); } else { return getSingleConcreteType(); From e63a6d5590493317c74759e6629776d31b4e96bc Mon Sep 17 00:00:00 2001 From: stevenfontanella Date: Wed, 27 May 2026 00:13:32 +0000 Subject: [PATCH 5/8] Update test --- ...e-to-fuzz_all-features_metrics_noprint.txt | 88 ++++++++++--------- 1 file changed, 48 insertions(+), 40 deletions(-) diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt index dd4382c4477..1af95448afd 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt @@ -1,51 +1,59 @@ Metrics total - [exports] : 11 - [funcs] : 13 + [exports] : 16 + [funcs] : 21 [globals] : 2 - [imports] : 12 + [imports] : 14 [memories] : 1 [memory-data] : 16 - [table-data] : 4 + [table-data] : 3 [tables] : 2 [tags] : 2 - [total] : 610 - [vars] : 49 - ArrayNewFixed : 3 - AtomicCmpxchg : 1 + [total] : 694 + [vars] : 70 + ArrayNewFixed : 4 AtomicFence : 1 - Binary : 38 - Block : 111 + AtomicNotify : 3 + Binary : 34 + Block : 122 BrOn : 1 - Break : 10 - Call : 18 - CallIndirect : 3 - CallRef : 2 - Const : 106 - Drop : 9 - GlobalGet : 49 - GlobalSet : 48 - If : 33 - Load : 6 - LocalGet : 21 - LocalSet : 18 - Loop : 11 - Nop : 12 - Pop : 4 - RefEq : 2 - RefFunc : 7 - RefI31 : 8 - RefNull : 2 - Return : 3 - SIMDExtract : 3 - Select : 3 - Store : 3 - StringConst : 3 - StringMeasure : 2 - StringWTF16Get : 1 - StructNew : 5 + Break : 9 + Call : 32 + CallIndirect : 2 + Const : 144 + Drop : 18 + GlobalGet : 54 + GlobalSet : 54 + I31Get : 1 + If : 38 + Load : 2 + LocalGet : 12 + LocalSet : 8 + Loop : 6 + MemoryInit : 1 + Nop : 10 + Pop : 3 + RefAs : 2 + RefEq : 3 + RefFunc : 5 + RefI31 : 12 + RefIsNull : 1 + RefNull : 1 + RefTest : 1 + Return : 4 + SIMDExtract : 2 + Select : 1 + Store : 2 + StringConst : 8 + StringMeasure : 1 + StructNew : 3 + Switch : 1 TableSet : 1 + Throw : 3 + ThrowRef : 1 Try : 4 - TryTable : 2 - Unary : 32 - Unreachable : 24 + TryTable : 5 + TupleExtract : 3 + TupleMake : 6 + Unary : 37 + Unreachable : 28 From 7245fc03d37742aeeb909433b0098cf8b3fd2e6f Mon Sep 17 00:00:00 2001 From: stevenfontanella Date: Wed, 27 May 2026 00:38:00 +0000 Subject: [PATCH 6/8] Generate a new seed for fuzz import test --- test/lit/fuzz-import.wast.dat | Bin 4023 -> 4096 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/test/lit/fuzz-import.wast.dat b/test/lit/fuzz-import.wast.dat index 922d620d004e4070ddff5e69b942e5153ab4a22e..172f50c7db9d70c54e517469f8f9221435690b68 100644 GIT binary patch literal 4096 zcmV+b5dZJ%nC7)wvU*7rC0jLP#w8Kwdb{JA{k|&yf*O#ZoNOBQ0HaOq~7pxRQd!a29 zGGSMl$6qK@PQa)vZ50fGUoLPx(&d!Rlj&kSBKQ*$a1A%rmcj{%h!>nPCK#=tX7i$I zaK3qe&J|xhsV2Kl9T*eO5eP8#Ad6^!M&zG982b@4JANQ+{UJlHn>d#xEzbRVq4vZT z3l=6VnSqL->ts^@}kcb7N4l_Ou&OejOailcU~J26Dy*|)O<=RI_qhM)g_pTwHcoCnLZ8EI%* zOJ{&Dw)(R9r&;XxS%hU*e#sXE@z)ULid$axkR4qoz)}|BOY#^E3IJLsIr&`P3flU zAg;#dypUxMy$kxt#Qbj9F|)t&XZNHBSmSLvv>vY@U*=D?M)T15*B`S{&V zYdqG32n8(a4|V{Qg}!a4OOL#A>~!ih5+QRFG@Y_KrGFNfHAt_bPd%gF=}C`z^^4N* zNOhNNYDh{D4wXs`?vNWRIR!1MgAx^6;8>9hu>tpP#HqXBJo)&#B;QD(j0Us_FM_OG zT@%&Zcc^A)7p(fAIH>n>?{%ybK-2;%aECFjoK6iYA7YW1sD&Ta(9?s-kAXwj=|73H zDV*FN*$-wr4;1WWyrr};ih&7syr+8Zyr+-H{A0hWHTis@-+Ja53;;!q7D}FoC+5O+v(CZ zKsWVLopQ|kj>;{Vp6}qgM}k(P^Ea_oOfjyy_Z6TfY{%3c3-T${JM=f-Owzpz&#?pe z1ngzZR3oeFp}7#OtQWI*MRH4fBRV7dJ|w8A@BDG`!O2YU<1V%VSeFt(?KFO+-;WX6 zyxX|jYnX?}0*Z2Z+!&y(kjthc%-H4{&_BVUghM-e7a)^ASU%p_pD9#GBW3yKTor{$ zSQmaiZsG2w#rk<=k% zb)^H^RdFnNzvytOvs|p!uwnk<5ta-)wAx-oKk_!j9Gg3-&5+Kbua7bFJb}SF?8#Wb zG2i}PqKExJripE~v%A)H-jL|ikp-`4^zuiWSBI5SCHXZMKkpI&=>vF$O!|$*+Q?!o zu%0d=FYT%QoHpc%CW2R~d<%u3n(gy&JSM)mH{`he^1bbKLw@f`17fwTu5t;p?dD(7 z_?dyFKc;vaXxyx2i_^to)SziOoiViknpM3XBN%Uk5b8juSLA;{81)2K+E_rt%}<(aaI3_f3@1%TU+&CNOCCtnf*jqD0ZTkIK$1$T8oG_aMNA6Y~OuoWUgeD z0483r0K@a!m{t$(MHk8Hj;=cs$Zi!?`9T9W(Pz{Y&XW!raYST5dNl(ecZi@~M#Ik9dueD=nSRhc%Ep|Z_j1L?a!?Ldc@B=Nvd_R9OHp4Iv zvyejeLSsJS{pKyE>Tc}b)-aBCl$m%F^KLsG6%m26s)M$8Ki=d1_=nr@g5XB zWs0ptjz=eLqoFrS1%W2=GX#%+>t4+Fvt_GliMd>ylOu&+Fe zLJ&a>xoie8*Ql8s3B7xM(S+gxy{t6$>LJ5~ztfwdqA(Hzm}qevdD-w5w#hH46Z0By ziq|_tK=LPI!3gcI)=IZ1BuEias5msqO#ZPTKH(u3YpIN)S>}u?3rADH#n>+`h z)xK$T2zRnkNG3b%8hqU%;s_lrljZ+WU#uGQ)V5oQP^%-YL5x2Li&QeLzj}(FWp2ff zWdx(>kHFC(zF;EBo#v<$d?R*pIw*Mya>93?bP;BbT$P_FyW1gh$y{knJWwepEoz#S zI32D?Au3}@Y>BjBUf|ttkt|L!zpKzZ$mUo>DHcsII=QX^9a<#?!NOiZa4(1)fIKl6 zh^aVuXE9sg=~L=Gwsd@SSR~3bJ49eJaiF_nS89;v9)}p;21%A*B9!QMZjY7+=Ew{G zook{`DU8rJV0xzNDUT5OJ?X6mHOtYuV#5k;O&A~+e;KJJxvv@-+hO{1hsxJLXV(vn zNXQaw%A!=vd9igo3S-?5zu3@ZduZUCI48<|pdMdq_OBWG^b!SQKxI|dJYMJoc=op~ z>>~^d3<*_s>R;y8Mfc2~CV7&>DP$FK<*`o#9-hGO@hbj1m#7ZhH52U(P)goFjgVuS zHl0BYeixw>#(2=3n8DCld^p$}mVzg2x=9|dC7j#ya|0d*ITrCUeF2G?&|&JKDh+TV z!go4uKNBMBN?fd^VIlOzz`D&c`iSlq%&Q@%=SS|Y_r)loZ&n@TwKk7c0k|2F zi@g6|qd+KhJF$)llC9kmDK@8q)j@FBgXy3|xK9w(^wA_5dmc8*Je4#oYJr7BlvSYk z(CKSEO=NrYAVjyl$6gtqQRORrxwfsUVmnee>;1d+1@=mb12U^YX4ue8W~K3ISj;Zo zgYY&(#Yg%GQmL7`am}j9u2xbWv^Ah7T6$ zjv*nI)-B2Jf9EG?K=Z77>AFf7B|bBv*&Q3DmWD6I!^@~LSHs-HyBrbipPK=dP}`bd z$)+>q0DzHND^*!&H@gtihiA1@5{VlgTbBMx3t#c_h$p(Z&L;`qs_jW@XgLB@J zXbWSeCd&3@Y5Zj#(Y>+LptAr)^_9t9_af0^`OqGFY~x zI1$V?b#FW zA0ohi+P%U%8h1TD3$p(0nq7*gzHJX&t-!|r_?pee;FOF#7y{tnB)bODlafW;{))Il zA!RCo5yYv-rZ4=3=Mpwt)8Oewjs_)~%78R1?&z)!KR7zp#?u&vG0#@vn&=C$YoD#0 zRDXYJlTgBg2j;{z3rT*bqp5I%va#mxHdDi!30}th2s*f$wy16Uk|ms!M`EyvMbvEJ z1k>~SL@auw9_ydt7 zAQU3#^c15mUvACjmmMWQ_yR^M@S^I^TEPvU_!Ta|3G--_COx8)Gijem33%whBVj@v ze{PkGI%&wNGRV)~yUDP{naELutMQ>$onTzUs^>4Q27Km0_F&n_#UNfsU~oO(2{+|C zKIwVh&0}Q6NF!Z=Gi_QUJ*#?Ivn=2alYIrO_3GpK7rBjD*o~{Rhfh#*^~X=_2HsCg z_v3QFVw9=0+-)1uUXZrza6@!4L;q5PVu5P;60eG3Clo(}e+Dk9 z*)KLp>zY&*nTz$zDm#SfI9JOo8lUHvdC7=}o=Mm6e zaYumdyQVarD&x3 z@y>_X%+6adFq%rqz)J6oIB@N(6P5j%F^RxjxGPL74dinG8ae?&Cj=TMYiAbv7aU`1Xn#)37G{~MB}dAf_2N|mHifTD(*IvsPZceGZU3xym$ z)e=wZf8gXki!YsnENp!*1NU`pSBGQ|gvSx2cGb_yB)v}9u80-mb%FnRe`|kBe;3Qq zurja2r=o82iM7NOgRMPYwMx#qU0tEf(Kj7{_1}!i7hISX$u!C*b$GX1#w(}Ls_IqM zeh?4VS;q9xAI~z%hmMqG(VaUl^zOKVhA65QZ$GiUT9D!?Zi>>L=pA9zpIHSmDG}Q{ z#r>`MC#@hF^%M3hj%px5rrdo=dtJSjd9LP<8qM}d(D>BA!-fRk!2`!T6De&4m7 zBbWX{UB9ASB&6kk$mwjU!Eb(SfGIcHMFFeKM5$Cp@m#zR=X`@Lr2{VejE&S{yCc0& zr1`7BDO6zhl}Z?6p+aVD$2tMpKO$=aqtPH~^DIxD-^_`^6I71w%ml6;WstVimD-*V zI$&*;uf6zX)9qhb{`T=odI`Z*#)&_xN4wYP^jaEhqj^!8%bDdQ0Cu%K5_DWS+)i|n zka-@I#`bNB@;LY^7J!AfcF6!&EM;EwzpA2AZpmM;e`Ag3I@q=m1N+uue1R{<(;7Ie z5+hot#@7!g?&ns(9fvB;npu({f;i#r1rTYqtoSg>CO|;UzNdYq+JGCAd26xosDB&5 yB;?9Pi>T{0Hyv>vXrQ$~TEA32jQ3--yuoE?cK+0$kp8 literal 4023 zcmV;o4@mI6@*xKBgm+@_^UFQg-h><@a_V+EYBGOF?mfF-j78k*(j(8HD11C2SWzdy|PZh18xJJRi>%}yR+{W{w6u=;3m*!-fa#c{TDo4Ky@#2>H4Q_aafy1TU*0h^q^fe@Rw%4* z=8AJY5n-WSj;<@PLf4gw?XlIA*3lBvPi6x2-f@-jTNS_S!WP^czW$-t*6RsujSOk2I^KQ~CJ*O_1H_MciKHeATJGl+`B z8$}iMihi}K&gCPt{y9yGGdVe4VAaS$O3PzcTW5g1mJj35#G#)4nfDK20XKL1SnFkD zY!c%+kxoVLEg22CcPIY|t)-~2L@5y{uW2A=-*Nb%HxU!h@*>!3`kM>w>doL> z=@Wyyz2&*hasg|Ey-Dk1QELlV&Q=abI9B5OULFh1<)Y9K8hXwY%lr*+doaiHVN|L+ zu|FD=jP9BGe~1sPu%a&=-Yo$&4=xE;680Nlsb=)9^|KMfoXISfUeh|qtIk=)w_dr_ z;C18nu!&a2`4vuA3-2#6qj?+{=I*M!03>6~HLagG<|%7?7*0tAIdzk2aMq(>?^-Ao zISeyqf-5)f%yKvQvCiZ;mE*!`I|J>RC$6z#_$0d6B5i-OAFFuW;46S{rBrEe?bf_u z(f82s5tRvEF%C_ZAMq4pYK{Bd6R_`OlSwq=nbPAYX-@f(z`j!4pY8H-xRa6(?Z3B} zd<6$XObS#P0BG*Dxe@wadIpW%tr{@qpN4+_)`hJW58D$|enr!)M2`qo7YO(s>+jUP zSC(BRM>Np1BMH2TbWg&h-X3@9no7l2T(rFzl<;K z;igJ&rRl$-x3I2~n2KFLajt)m-iYTy^s8Fp8Y9)&l^%J+#B3(JZ5;eO+{d{FnZCWu z;J!8eN~LfBy&wQbDQl$OkYo=IpyRr2;jKNvbMr@?l3_epE8GsV!vp$W@{C8vXx*6K zk})bE;-n!2ruEn`sn&C)XUHuY4SFkFcJRuPu<3MXn6E^-wV`O_9^Ic~{BB+~={?JA zpLu$T*7Pn_SQEw&q+mlQ?tWtzVEGR}W11iYr;)YrQBaqZr0}!mI zxil7R#s%Z2a^dHB0t5%uMVZ0 z_Js0-X}2+k_1E-gtQ~q7&3naMqcU6Pg51}x!Q2$O$-2mka7J`w57RZx^z^~qX7b7% zQVU}-M#?)rHEotb*xpJ|ZrJ{z;tqlducF0mK9FTAX~%qVs&y}_n{H~$0GN78jwFDv zXp~Q|Ze}~^+JGF&hm&UJXrHnzHrLFsd4NAY3|OPER&u8pI-(-btCR});^0>I06kZ| z^^U`3>%j84y9KEA{pSVoC7fS(I#^kSpeVTlajFL!!c;crviJn+-YGXOD`z#2Dyj}^ z8Q~K@ZKva#qz7ULZ{9(&|d!m)BuveG9C0@mw>CfD5GqVG_;T-CK z{rh5=EG78j%2a2DM1}xcW_jp5l)Pdy0H)!Z`WB;>TkHOx^RIg#XA-(4u>)HZ@=&KR zSGs!h9|d)zNRofDvcOE}+s_^C&I>7s)||RO1Y9uC7RuOvC*Bo@yk6U~(+YRCcf`H5 zlTmcK0DVyShGRzZ;#ALq!^kgb!8U8TwuGC(-cGP4lBAAfV#{rAcfW?^empn{(-5DZ zwm?IJSn|b%dQ$Z&W3>kP9@pJF$f44jwaq8(V1EGOJs94X0=u< zR?6uMHKl69)NwZ#Eh3v_UE^LXvnBXWNO^Pkj?W)v=uTQgethK=08F#X5M_R4pg+4_SGos_^TTCpWhr3b&yWB3pz#4Uq5y*TflsuTQjS zBBYtZPsf8QZTc?9oFt)sV{ystlu1qjdsyhc)XU(S&%&E1p*ASR*oEzwF?Q(pQ#Zo> zY~Yv*la(b#U=SE3aC!b1y>ho9&b`%OPSl zC3}FOXINJ_Ph_v9c_vuQ1$~d67{2Jes++9gGOc5U_jBZ&WxF=>JN{j*Oc|;li~)F? zy@gxjK}?~#Zl0vsDb;sBf;UD8`QU`4kZO|5CkQ;+ElN`7dyA;s9m#qHz>JWBP_zkg zC|E#lCe;Mu(eipPr-ZQ$YEmkA}|Gcq~9`h$yYG4%G6{0jtNdfB_=O`(&&WL1X%(k>)i$EI`2 z6BLAe7pgZVk*sX-Ht>okW)x9w%Oo@p#o!H$^KweL;-~41ywJ!R%;_<_K?{jzTr7u2 z_k4*zR*_f=micGN3h`xx=qKmEm#+J7zB_a(Eg@;$GH!ZXR-YzYkef{ByciThemKUn{@ zz2D-(yRKCe!SS2MCRXJdCRdhmNR>*QUy-=BA*fZ_p^g#o*Xx%yTNBe$`OlU-aXxje zD9F@;Ok)+4|2O)C9dJk~+Ypq5kVm2mb47ps-yTi0>n+?c=zn*LY%m2>wj=?g;4xZE zeVj?ak!M6?A2-u`A^lBv=0h`^-WLoE7ks}DgabVN;W~ZK8C%UQ@flx%h)>$~Nc4w;UVh~2L%=40grFxRkjf&+?e(hQ>LhBI-4k_+^rcHEH<@a>);%HLNT=}h(dtsP;eJ-c1le+qzQdWO-sI|F(N%Y0K5ZByKN z-l8V}I&+SFAVMG7Wp}pM8~`GF5+?slj6T%;54I@sFE^qCq&TocYm}O5*Ql(e@qRo{ z&?#)a5M65(dy79oShv(Z!{o%Kl_u_iwgpVyA~rmO#H#&oB^e7_50+0V*(03M;s2o( z<(gFt6EKn1T3ouXmQbqOwLbbttOK+8ZIst`=vFY3??67s7)j7R>m&dur(hkJvcTKd zF*p=s&5}gkl}I6dsahWmVFgix$#tf#KD3Tp5BAK#{2-ppr6)r29F_~roxih<*CzLc zjei22ph1{rM!+6}1n#Q9jlR#;)aR|yb2G(W;C4lBO#M7A`@sN@bn{EvjH6J3ND7RG zJ9ea!yYqM$V8@K0I7jvQCBn$_dP`=talWWY7N3k=P#6S`rLS^uCZeLi+LS^vx)TVU zng!v@m%DJ#ddzlkg5aITD{iU>^|G;lc9I;sA@Z$exj{2?>w26a#k}q4cd`qUStxX^ zVtN6>W-$qcZ7Apx1we+MP{Xw>pqgoBVDZ?{&2}M5;t$D9^tD7XaMC?uqZg}FbOk7c z`K86}+V`8bd0;T#NAK;4)hU>YHeicZ_OGA;a857BI!zzG27_}HotR%{(h~QwdeS(- zCZC3Js;ml2FtRA`;#;Kml|?^T20NsvU!&92eIKatO%TdW1LC&N4S(S2d@CmgV^pi3 zbdS5f+FFNm3)&1N322sZaJMf02pk5YMXXPCy+KVykAaZ|V~Sj;l>uxvLfPux5!h?D z3QU^No122J|CuTxMx<=G8PIZ7M=+Xoqn4?3WCaMa!!F)!G9H3i-2(nLtPMv6#~jaT zeD_86?H2TDE5=UTq1qpUuxiH;tqfc1!o`)Ah@LGb(ecqOy~9G&%f)L4%p=G;?WL1o z8T%s6_?He*{c!1Jm~~P9zj2Ym#RH{5%~J;H+8=Y*Ff*uyIn8uUp&z`qJF0yO+ Date: Wed, 27 May 2026 18:50:34 +0000 Subject: [PATCH 7/8] PR updates --- src/tools/fuzzing/fuzzing.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index 2bd6dd79109..e94ddcbfc44 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -6454,7 +6454,8 @@ Type TranslateToFuzzReader::getMVPType() { } Type TranslateToFuzzReader::getTupleType() { - if (wasm.features.hasWideArithmetic() && oneIn(2)) { + // Give a significant chance to an i64 pair, for wide arithmetic. + if (wasm.features.hasWideArithmetic() && oneIn(5)) { return Types::getI64Pair(); } @@ -6475,7 +6476,7 @@ Type TranslateToFuzzReader::getTupleType() { } Type TranslateToFuzzReader::getConcreteType() { - if (wasm.features.hasMultivalue() && oneIn(2)) { + if (wasm.features.hasMultivalue() && oneIn(5)) { return getTupleType(); } else { return getSingleConcreteType(); From 87fe848f2c56c57941633f7d6fbb12ccb2c4657a Mon Sep 17 00:00:00 2001 From: stevenfontanella Date: Wed, 27 May 2026 19:53:39 +0000 Subject: [PATCH 8/8] Update metrics test --- ...e-to-fuzz_all-features_metrics_noprint.txt | 89 +++++++++---------- 1 file changed, 43 insertions(+), 46 deletions(-) diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt index 1af95448afd..7e417cb72b4 100644 --- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt +++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt @@ -1,59 +1,56 @@ Metrics total - [exports] : 16 - [funcs] : 21 + [exports] : 9 + [funcs] : 5 [globals] : 2 - [imports] : 14 + [imports] : 12 [memories] : 1 [memory-data] : 16 [table-data] : 3 [tables] : 2 [tags] : 2 - [total] : 694 - [vars] : 70 - ArrayNewFixed : 4 - AtomicFence : 1 - AtomicNotify : 3 - Binary : 34 - Block : 122 - BrOn : 1 - Break : 9 - Call : 32 - CallIndirect : 2 - Const : 144 - Drop : 18 - GlobalGet : 54 - GlobalSet : 54 + [total] : 717 + [vars] : 24 + ArrayNew : 4 + ArrayNewFixed : 9 + AtomicFence : 2 + AtomicNotify : 2 + Binary : 40 + Block : 114 + BrOn : 3 + Break : 24 + Call : 15 + CallRef : 3 + Const : 122 + Drop : 8 + GlobalGet : 40 + GlobalSet : 36 I31Get : 1 - If : 38 - Load : 2 - LocalGet : 12 - LocalSet : 8 - Loop : 6 - MemoryInit : 1 - Nop : 10 - Pop : 3 - RefAs : 2 + If : 34 + Load : 7 + LocalGet : 27 + LocalSet : 36 + Loop : 13 + Nop : 19 + Pop : 6 + RefAs : 3 RefEq : 3 - RefFunc : 5 - RefI31 : 12 + RefFunc : 10 + RefI31 : 5 RefIsNull : 1 - RefNull : 1 - RefTest : 1 - Return : 4 - SIMDExtract : 2 - Select : 1 - Store : 2 - StringConst : 8 + RefNull : 3 + Return : 2 + SIMDExtract : 5 + Select : 3 + Store : 4 + StringConst : 15 + StringEncode : 5 + StringEq : 2 StringMeasure : 1 - StructNew : 3 - Switch : 1 - TableSet : 1 - Throw : 3 - ThrowRef : 1 - Try : 4 - TryTable : 5 + StructNew : 8 + Try : 7 + TryTable : 6 TupleExtract : 3 - TupleMake : 6 - Unary : 37 - Unreachable : 28 + TupleMake : 7 + Unary : 40 + Unreachable : 19