Stream: git-wasmtime

Topic: wasmtime / PR #11290 Add fuzzer integration for gc/mutatis

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 16:56):

khagankhan opened PR #11290 from khagankhan:integrate-gc-fuzzer to bytecodealliance:main:

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 16:56):

khagankhan requested fitzgen for a review on PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 16:56):

khagankhan requested wasmtime-fuzz-reviewers for a review on PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 16:56):

khagankhan requested wasmtime-default-reviewers for a review on PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 18:56):

fitzgen created PR review comment:

Nitpicks:

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 18:56):

fitzgen created PR review comment:

postcard here too:

postcard = { workspace = true }

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 18:56):

fitzgen submitted PR review:

Looks good, but there are a handful of small things to address before we merge this. Thanks!

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 18:56):

fitzgen created PR review comment:

We already have an oracle for fuzzing table ops, which is what this function is ultimately calling. This is really just a small adapter for when we need to use Arbitrary to generate a config, and it feels out of place here. The only place we need to actually do that is in the fuzz target itself, so lets just inline it into the fuzz_target! invocation in fuzz/fuzz_targets/table_ops.rs.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 18:56):

fitzgen created PR review comment:

We should use postcard instead of bincode here, because we already depend on it in the workspace and don't need to worry about auditing or anything.

postcard = { workspace = true }

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 18:56):

fitzgen created PR review comment:

Slight simplification:

        bincode::decode_from_slice::<(u64, TableOps), _>(data, bincode::config::standard())
            .ok()
            .unwrap_or_default();

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 19:08):

khagan-karimov submitted PR review.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 19:08):

khagan-karimov created PR review comment:

Yea makes sense! I guess I just updated the previous function which was in this file

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 19:09):

khagan-karimov submitted PR review.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 19:09):

khagan-karimov created PR review comment:

This is nice!

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 19:09):

khagan-karimov submitted PR review.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 19:09):

khagan-karimov created PR review comment:

I just wanted it to pass the clippy haha. Thanks!

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 19:10):

khagan-karimov commented on PR #11290:

Thanks! Working on them!

view this post on Zulip Wasmtime GitHub notifications bot (Jul 21 2025 at 21:46):

github-actions[bot] commented on PR #11290:

Subscribe to Label Action

cc @fitzgen

<details>
This issue or pull request has been labeled: "fuzzing"

Thus the following users have been cc'd because of the following labels:

To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.

Learn more.
</details>

view this post on Zulip Wasmtime GitHub notifications bot (Jul 24 2025 at 21:33):

khagankhan updated PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 25 2025 at 01:54):

khagankhan updated PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 25 2025 at 02:00):

khagankhan updated PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 25 2025 at 02:24):

khagankhan updated PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 25 2025 at 20:24):

fitzgen submitted PR review:

Very close!

We should also remove table_ops from the misc fuzz target as part of this PR, as it will be redundant.

With the comment below addressed, this should be good to merge.

Thanks!

view this post on Zulip Wasmtime GitHub notifications bot (Jul 25 2025 at 20:24):

fitzgen created PR review comment:

We don't want the fuzz target to take structured types directly, as those get generated via Arbitrary, and we want to do our serialization- and mutation-based thing here.

Instead we should do something like this:

fuzz_target!(|data: &[u8]| {
    let Ok((seed, ops)) = postcard::from_bytes::<(u64, TableOps)>(data) else {
        return;
    }

    // As before: Make an RNG from the seed, fill the buf with random
    // data, make an `Unstructured`, call `Config::arbitrary_take_rest`,
    // and finally invoke `oracles::table_ops(config, ops)`.
});

Aside: once this PR lands, we should probably remove the Arbitrary implementation for TableOps as we won't be using it anymore and removing it will make usage footguns like this one disappear.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 27 2025 at 22:34):

khagankhan updated PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 28 2025 at 18:49):

khagankhan updated PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 28 2025 at 19:18):

khagankhan updated PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 28 2025 at 19:22):

khagankhan updated PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 28 2025 at 20:48):

fitzgen commented on PR #11290:

@khagankhan it looks like the Cargo.lock is still updating all dependencies. Do you have a tool that is doing that locally?

view this post on Zulip Wasmtime GitHub notifications bot (Jul 28 2025 at 20:50):

khagankhan updated PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 28 2025 at 20:51):

khagankhan commented on PR #11290:

I ran them locally and passed. Let us see!!

view this post on Zulip Wasmtime GitHub notifications bot (Jul 28 2025 at 21:04):

khagankhan commented on PR #11290:

@fitzgen Done :check:

view this post on Zulip Wasmtime GitHub notifications bot (Jul 28 2025 at 21:05):

fitzgen submitted PR review:

Thanks!

view this post on Zulip Wasmtime GitHub notifications bot (Jul 28 2025 at 21:31):

fitzgen merged PR #11290.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 30 2025 at 15:01):

alexcrichton commented on PR #11290:

Would it be possible to re-integrate the table_ops fuzzer back into the main "misc" fuzzer?

view this post on Zulip Wasmtime GitHub notifications bot (Jul 30 2025 at 15:28):

fitzgen commented on PR #11290:

Unfortunately, we can't because it is using mutation-based fuzzing via mutatis now, not generative-based fuzzing via arbitrary. I think that's fine though because it is going to be gaining more GC-specific features and will start exploring new code paths now, rather than just the same paths it has been executing for a long time.

view this post on Zulip Wasmtime GitHub notifications bot (Jul 30 2025 at 15:56):

alexcrichton commented on PR #11290:

Sounds good to me :+1:

Last updated: Dec 06 2025 at 07:03 UTC