Update some fuzzing defaults and infrastructure

crates/fuzz-stats/src/bin/failed-instantiations.rs

@@ -99,6 +99,9 @@ impl State {
  let mut config = wasm_smith::Config::arbitrary(&mut u)?;
  config.allow_start_export = false;
 
+ config.exceptions_enabled = false; // Not implemented by Wasmtime
+ config.threads_enabled = false; // not enabled by default in Wasmtime
+
  // NB: just added "table64" support to this and wasmtime doesn't
  // implement that yet
  config.memory64_enabled = false;

crates/wasm-mutate/src/info.rs

@@ -1,6 +1,6 @@
 use crate::{
  module::{PrimitiveTypeInfo, TypeInfo},
- Result,
+ Error, Result,
 };
 use std::collections::HashSet;
 use std::ops::Range;
@@ -92,7 +92,7 @@ impl<'a> ModuleInfo<'a> {
 
  // Save function types
  for ty in reader.into_iter_err_on_gc_types() {
- info.types_map.push(ty?.into());
+ info.types_map.push(ty?.try_into()?);
  }
  }
  Payload::ImportSection(reader) => {
@@ -107,7 +107,7 @@ impl<'a> ModuleInfo<'a> {
  info.imported_functions_count += 1;
  }
  wasmparser::TypeRef::Global(ty) => {
- let ty = PrimitiveTypeInfo::try_from(ty.content_type).unwrap();
+ let ty = PrimitiveTypeInfo::try_from(ty.content_type)?;
  info.global_types.push(ty);
  info.imported_globals_count += 1;
  }
@@ -162,7 +162,7 @@ impl<'a> ModuleInfo<'a> {
  for ty in reader {
  let ty = ty?;
  // We only need the type of the global, not necessarily if is mutable or not
- let ty = PrimitiveTypeInfo::try_from(ty.ty.content_type).unwrap();
+ let ty = PrimitiveTypeInfo::try_from(ty.ty.content_type)?;
  info.global_types.push(ty);
  }
  }
@@ -209,7 +209,7 @@ impl<'a> ModuleInfo<'a> {
  Payload::End(_) => {
  break;
  }
- _ => todo!("{:?} not implemented", payload),
+ _ => return Err(Error::unsupported(format!("section: {payload:?}"))),
  }
  wasm = &wasm[consumed..];
  }

crates/wasm-mutate/src/module.rs

@@ -1,4 +1,4 @@
-use crate::Result;
+use crate::{Error, Result};
 use wasm_encoder::{BlockType, HeapType, RefType, ValType};
 
 #[derive(Debug, Copy, Clone, PartialEq)]
@@ -25,43 +25,49 @@ pub enum TypeInfo {
  // TODO: module linking support will require instance and module types.
 }
 
-impl From<wasmparser::ValType> for PrimitiveTypeInfo {
- fn from(value: wasmparser::ValType) -> Self {
- match value {
+impl TryFrom<wasmparser::ValType> for PrimitiveTypeInfo {
+ type Error = Error;
+
+ fn try_from(value: wasmparser::ValType) -> Result<Self> {
+ Ok(match value {
  wasmparser::ValType::I32 => PrimitiveTypeInfo::I32,
  wasmparser::ValType::I64 => PrimitiveTypeInfo::I64,
  wasmparser::ValType::F32 => PrimitiveTypeInfo::F32,
  wasmparser::ValType::F64 => PrimitiveTypeInfo::F64,
  wasmparser::ValType::V128 => PrimitiveTypeInfo::V128,
- wasmparser::ValType::Ref(t) => t.into(),
- }
+ wasmparser::ValType::Ref(t) => t.try_into()?,
+ })
  }
 }
 
-impl From<wasmparser::RefType> for PrimitiveTypeInfo {
- fn from(value: wasmparser::RefType) -> Self {
- match value {
+impl TryFrom<wasmparser::RefType> for PrimitiveTypeInfo {
+ type Error = Error;
+
+ fn try_from(value: wasmparser::RefType) -> Result<Self> {
+ Ok(match value {
  wasmparser::RefType::FUNCREF => PrimitiveTypeInfo::FuncRef,
  wasmparser::RefType::EXTERNREF => PrimitiveTypeInfo::ExternRef,
- _ => unimplemented!(),
- }
+ other => return Err(Error::unsupported(format!("type {other:?}"))),
+ })
  }
 }
 
-impl From<wasmparser::FuncType> for TypeInfo {
- fn from(ft: wasmparser::FuncType) -> Self {
- TypeInfo::Func(FuncInfo {
+impl TryFrom<wasmparser::FuncType> for TypeInfo {
+ type Error = Error;
+
+ fn try_from(ft: wasmparser::FuncType) -> Result<Self> {
+ Ok(TypeInfo::Func(FuncInfo {
  params: ft
  .params()
  .iter()
- .map(|&t| PrimitiveTypeInfo::from(t))
- .collect(),
+ .map(|&t| PrimitiveTypeInfo::try_from(t))
+ .collect::<Result<_>>()?,
  returns: ft
  .results()
  .iter()
- .map(|&t| PrimitiveTypeInfo::from(t))
- .collect(),
- })
+ .map(|&t| PrimitiveTypeInfo::try_from(t))
+ .collect::<Result<_>>()?,
+ }))
  }
 }
 

crates/wasm-mutate/src/mutators/peephole.rs

@@ -89,7 +89,7 @@ impl PeepholeMutator {
  }
  for _ in 0..localsreader.get_count() {
  let (count, ty) = localsreader.read()?;
- let tymapped = PrimitiveTypeInfo::from(ty);
+ let tymapped = PrimitiveTypeInfo::try_from(ty)?;
  for _ in 0..count {
  all_locals.push(tymapped);
  }

crates/wasm-mutate/src/mutators/peephole/eggsy/analysis.rs

@@ -290,7 +290,7 @@ impl PeepholeMutationAnalysis {
  Lang::TableSet(..) => Ok(PrimitiveTypeInfo::Empty),
  Lang::TableGet(idx, _) => {
  let ty = self.table_types[*idx as usize];
- Ok(ty.element_type.into())
+ ty.element_type.try_into()
  }
  Lang::I32UseGlobal(_) => Ok(PrimitiveTypeInfo::I32),
  Lang::I64UseGlobal(_) => Ok(PrimitiveTypeInfo::I64),

crates/wasm-smith/src/config.rs

@@ -299,8 +299,8 @@ define_config! {
  /// Determines whether the exception-handling proposal is enabled for
  /// generating instructions.
  ///
- /// Defaults to `false`.
- pub exceptions_enabled: bool = false,
+ /// Defaults to `true`.
+ pub exceptions_enabled: bool = true,
 
  /// Export all WebAssembly objects in the module. Defaults to false.
  ///
@@ -310,8 +310,8 @@ define_config! {
  /// Determines whether the GC proposal is enabled when generating a Wasm
  /// module.
  ///
- /// Defaults to `false`.
- pub gc_enabled: bool = false,
+ /// Defaults to `true`.
+ pub gc_enabled: bool = true,
 
  /// Determines whether the custom-page-sizes proposal is enabled when
  /// generating a Wasm module.
@@ -532,14 +532,14 @@ define_config! {
  /// Determines whether the reference types proposal is enabled for
  /// generating instructions.
  ///
- /// Defaults to `false`.
- pub reference_types_enabled: bool = false,
+ /// Defaults to `true`.
+ pub reference_types_enabled: bool = true,
 
  /// Determines whether the Relaxed SIMD proposal is enabled for
  /// generating instructions.
  ///
- /// Defaults to `false`.
- pub relaxed_simd_enabled: bool = false,
+ /// Defaults to `true`.
+ pub relaxed_simd_enabled: bool = true,
 
  /// Determines whether the nontrapping-float-to-int-conversions propsal
  /// is enabled.
@@ -555,14 +555,14 @@ define_config! {
  /// Determines whether the SIMD proposal is enabled for generating
  /// instructions.
  ///
- /// Defaults to `false`.
- pub simd_enabled: bool = false,
+ /// Defaults to `true`.
+ pub simd_enabled: bool = true,
 
  /// Determines whether the tail calls proposal is enabled for generating
  /// instructions.
  ///
- /// Defaults to `false`.
- pub tail_call_enabled: bool = false,
+ /// Defaults to `true`.
+ pub tail_call_enabled: bool = true,
 
  /// Whether every Wasm table must have a maximum size
  /// specified. Defaults to `false`.
@@ -575,8 +575,8 @@ define_config! {
  ///
  /// [threads proposal]: https://github.com/WebAssembly/threads/blob/master/proposals/threads/Overview.md
  ///
- /// Defaults to `false`.
- pub threads_enabled: bool = false,
+ /// Defaults to `true`.
+ pub threads_enabled: bool = true,
 
  /// Indicates whether wasm-smith is allowed to generate invalid function
  /// bodies.
@@ -654,6 +654,7 @@ impl<'a> Arbitrary<'a> for Config {
 
  let reference_types_enabled: bool = u.arbitrary()?;
  let max_tables = if reference_types_enabled { 100 } else { 1 };
+ let simd_enabled: bool = u.arbitrary()?;
 
  Ok(Config {
  max_types: u.int_in_range(0..=MAX_MAXIMUM)?,
@@ -679,6 +680,11 @@ impl<'a> Arbitrary<'a> for Config {
  max_nesting_depth: u.int_in_range(0..=10)?,
  saturating_float_to_int_enabled: u.arbitrary()?,
  sign_extension_ops_enabled: u.arbitrary()?,
+ relaxed_simd_enabled: simd_enabled && u.arbitrary()?,
+ exceptions_enabled: u.arbitrary()?,
+ threads_enabled: u.arbitrary()?,
+ tail_call_enabled: u.arbitrary()?,
+ gc_enabled: reference_types_enabled && u.arbitrary()?,
  allowed_instructions: {
  use flagset::Flags;
  let mut allowed = Vec::new();
@@ -714,20 +720,17 @@ impl<'a> Arbitrary<'a> for Config {
  max_values: 0,
  memory_offset_choices: MemoryOffsetChoices::default(),
  allow_start_export: true,
- relaxed_simd_enabled: false,
- exceptions_enabled: false,
- memory64_enabled: false,
  max_type_size: 1000,
  canonicalize_nans: false,
  available_imports: None,
  exports: None,
- threads_enabled: false,
  export_everything: false,
- tail_call_enabled: false,
- gc_enabled: false,
- custom_page_sizes_enabled: false,
  generate_custom_sections: false,
  allow_invalid_funcs: false,
+
+ // Proposals that are not stage4+ are disabled by default.
+ memory64_enabled: false,
+ custom_page_sizes_enabled: false,
  })
  }
 }

crates/wasm-smith/tests/common/mod.rs

@@ -25,6 +25,7 @@ pub fn parser_features_from_config(config: &Config) -> WasmFeatures {
  features.set(WasmFeatures::TAIL_CALL, config.tail_call_enabled);
  features.set(WasmFeatures::FUNCTION_REFERENCES, config.gc_enabled);
  features.set(WasmFeatures::GC, config.gc_enabled);
+ features.set(WasmFeatures::THREADS, config.threads_enabled);
  features.set(
  WasmFeatures::CUSTOM_PAGE_SIZES,
  config.custom_page_sizes_enabled,

crates/wasm-smith/tests/core.rs

@@ -93,6 +93,8 @@ fn smoke_can_smith_valid_webassembly_one_point_oh() {
  cfg.relaxed_simd_enabled = false;
  cfg.exceptions_enabled = false;
  cfg.memory64_enabled = false;
+ cfg.reference_types_enabled = false;
+ cfg.gc_enabled = false;
  cfg.max_memories = 1;
  cfg.max_tables = 1;
  let features = parser_features_from_config(&cfg);

fuzz/src/lib.rs

@@ -23,18 +23,10 @@ pub fn generate_valid_module(
 
  // These are disabled in the swarm config by default, but we want to test
  // them. Use the input data to determine whether these features are enabled.
- config.simd_enabled = u.arbitrary()?;
- config.relaxed_simd_enabled = config.simd_enabled && u.arbitrary()?;
  config.memory64_enabled = u.arbitrary()?;
- config.threads_enabled = u.arbitrary()?;
- config.exceptions_enabled = u.arbitrary()?;
  config.canonicalize_nans = u.arbitrary()?;
- config.tail_call_enabled = u.arbitrary()?;
  config.custom_page_sizes_enabled = u.arbitrary()?;
 
- config.gc_enabled = u.arbitrary()?;
- config.reference_types_enabled = config.reference_types_enabled || config.gc_enabled;
-
  configure(&mut config, u)?;
 
  // Use wasm-smith to generate an arbitrary module and convert it to wasm
@@ -81,7 +73,21 @@ pub fn generate_valid_component(
 }
 
 pub fn validator_for_config(config: &Config) -> wasmparser::Validator {
- let mut features = WasmFeatures::default();
+ // Start with the bare-bones set of features that wasm started with. Then
+ // wasm-smith doesn't have knobs to enable/disable mutable globals so
+ // unconditionally enable that as well.
+ let mut features = WasmFeatures::WASM1 | WasmFeatures::MUTABLE_GLOBAL;
+
+ // Next conditionally enable/disable features based on `config`.
+ features.set(
+ WasmFeatures::SIGN_EXTENSION,
+ config.sign_extension_ops_enabled,
+ );
+ features.set(WasmFeatures::TAIL_CALL, config.tail_call_enabled);
+ features.set(
+ WasmFeatures::SATURATING_FLOAT_TO_INT,
+ config.saturating_float_to_int_enabled,
+ );
  features.set(WasmFeatures::MULTI_VALUE, config.multi_value_enabled);
  features.set(WasmFeatures::MULTI_MEMORY, config.max_memories > 1);
  features.set(WasmFeatures::BULK_MEMORY, config.bulk_memory_enabled);

fuzz/src/mutate.rs

@@ -11,9 +11,10 @@ pub fn run(u: &mut Unstructured<'_>) -> Result<()> {
 
  let mut seed = 0;
  let mut preserve_semantics = false;
- let (wasm, _config) = crate::generate_valid_module(u, |config, u| {
- config.exceptions_enabled = false;
- config.gc_enabled = false;
+ let (wasm, _config) = crate::generate_valid_module(u, |_config, u| {
+ // NB: wasm-mutate is a general-purpose tool so unsupported proposals by
+ // wasm-mutate are not disabled here. Those must be rejected with a
+ // first-class error in wasm-mutate instead of panicking.
  seed = u.arbitrary()?;
  preserve_semantics = u.arbitrary()?;
  Ok(())