Fix some fuzz issues from updating wasm-tools

This commit fixes some fuzz-related issues from the update of the
`wasm-tools` family of crates in bytecodealliance#9336:

* Fuzzing with wasmi disables the GC proposal
* The exceptions proposal is always disabled for Wasmtime
* Wasmtime conditionally enables the GC/reference-types proposal
* Fully disable the GC proposal for now in Wasmtime as its
  implementation is not complete and fuzzing needs more support.
* Log wasm module config before generating to help debug issues like
  bytecodealliance/wasm-tools#1834

crates/fuzzing/src/generators/config.rs

@@ -168,6 +168,8 @@ impl Config {
  .wasm_tail_call(self.module_config.config.tail_call_enabled)
  .wasm_custom_page_sizes(self.module_config.config.custom_page_sizes_enabled)
  .wasm_threads(self.module_config.config.threads_enabled)
+ .wasm_function_references(self.module_config.config.gc_enabled)
+ .wasm_gc(self.module_config.config.gc_enabled)
  .native_unwind_info(cfg!(target_os = "windows") || self.wasmtime.native_unwind_info)
  .cranelift_nan_canonicalization(self.wasmtime.canonicalize_nans)
  .cranelift_opt_level(self.wasmtime.opt_level.to_wasmtime())
@@ -466,6 +468,12 @@ impl WasmtimeConfig {
  config: &mut wasm_smith::Config,
  u: &mut Unstructured<'_>,
  ) -> arbitrary::Result<()> {
+ // Not implemented in Wasmtime
+ config.exceptions_enabled = false;
+
+ // Not fully implemented in Wasmtime and fuzzing.
+ config.gc_enabled = false;
+
  // Winch doesn't support the same set of wasm proposal as Cranelift at
  // this time, so if winch is selected be sure to disable wasm proposals
  // in `Config` to ensure that Winch can compile the module that
@@ -476,7 +484,6 @@ impl WasmtimeConfig {
  config.gc_enabled = false;
  config.threads_enabled = false;
  config.tail_call_enabled = false;
- config.exceptions_enabled = false;
  config.reference_types_enabled = false;
 
  // Winch requires host trap handlers to be enabled at this time.

crates/fuzzing/src/oracles/diff_wasmi.rs

@@ -19,6 +19,7 @@ impl WasmiEngine {
  config.memory64_enabled = false;
  config.threads_enabled = false;
  config.exceptions_enabled = false;
+ config.gc_enabled = false;
  config.max_memories = config.max_memories.min(1);
  config.min_memories = config.min_memories.min(1);
 

fuzz/Cargo.toml

@@ -31,6 +31,7 @@ wasmtime = { workspace = true, features = ["winch"] }
 wasmtime-fuzzing = { workspace = true }
 component-test-util = { workspace = true }
 component-fuzz-util = { workspace = true }
+log = { workspace = true }
 
 [build-dependencies]
 anyhow = { workspace = true }

fuzz/fuzz_targets/differential.rs

@@ -57,6 +57,7 @@ fuzz_target!(|data: &[u8]| {
 });
 
 fn execute_one(data: &[u8]) -> Result<()> {
+ wasmtime_fuzzing::init_fuzzing();
  STATS.bump_attempts();
 
  let mut u = Unstructured::new(data);
@@ -83,11 +84,13 @@ fn execute_one(data: &[u8]) -> Result<()> {
  // this is specified by either the ALLOWED_MODULES environment variable or a
  // random selection between wasm-smith and single-inst.
  let build_wasm_smith_module = |u: &mut Unstructured, config: &Config| -> Result<_> {
+ log::debug!("build wasm-smith with {config:?}");
  STATS.wasm_smith_modules.fetch_add(1, SeqCst);
  let module = config.generate(u, Some(1000))?;
  Ok(module.to_bytes())
  };
  let build_single_inst_module = |u: &mut Unstructured, config: &Config| -> Result<_> {
+ log::debug!("build single-inst with {config:?}");
  STATS.single_instruction_modules.fetch_add(1, SeqCst);
  let module = SingleInstModule::new(u, &config.module_config)?;
  Ok(module.to_bytes())
@@ -104,6 +107,7 @@ fn execute_one(data: &[u8]) -> Result<()> {
  log_wasm(&wasm);
 
  // Instantiate the generated wasm file in the chosen differential engine.
+ log::debug!("lhs engine: {}", lhs.name());
  let lhs_instance = lhs.instantiate(&wasm);
  STATS.bump_engine(lhs.name());