Wasmtime GitHub notifications bot (Apr 03 2026 at 00:34): Wasmtime GitHub notifications bot (Apr 03 2026 at 00:34):khagankhan requested fitzgen for a review on PR #12946.
Wasmtime GitHub notifications bot (Apr 03 2026 at 00:34):khagankhan opened PR #12946 from khagankhan:cast-prep to bytecodealliance:main:
Small updates before cast support
types.rs:
Added subtype-aware matching inStackType::fixupfor typed struct operands. A stack value of subtypeScan now satisfy a required supertypeTby walking the existing supertype chain inTypes, instead of requiring exact type-index equality withactual <: wanted
mutator.rs:
add_structnow creates a rec group first when none exist, instead of failing to add a struct. This increases the chance of mutating toward struct/rec-group state rather than toward simpler table-only ops.
tests.rs:
New tests for new function andStackType::fixup(...)+cc @fitzgen @eeide
Wasmtime GitHub notifications bot (Apr 03 2026 at 00:34):khagankhan requested wasmtime-fuzz-reviewers for a review on PR #12946.
Wasmtime GitHub notifications bot (Apr 03 2026 at 04:33):github-actions[bot] added the label fuzzing on PR #12946.
Wasmtime GitHub notifications bot (Apr 03 2026 at 04:34):github-actions[bot] commented on PR #12946:
Subscribe to Label Action
cc @fitzgen
<details>
This issue or pull request has been labeled: "fuzzing"Thus the following users have been cc'd because of the following labels:
- fitzgen: fuzzing
To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.
Learn more.
</details>
Wasmtime GitHub notifications bot (Apr 03 2026 at 18:26):fitzgen submitted PR review:
Nice
Wasmtime GitHub notifications bot (Apr 03 2026 at 18:26):fitzgen added PR #12946 gc_fuzz: Subtype values satisfy required supertypes. to the merge queue
Wasmtime GitHub notifications bot (Apr 03 2026 at 18:55):github-merge-queue[bot] removed PR #12946 gc_fuzz: Subtype values satisfy required supertypes. from the merge queue
Wasmtime GitHub notifications bot (Apr 03 2026 at 20:00):khagankhan commented on PR #12946:
I am looking at the failure...
Wasmtime GitHub notifications bot (Apr 04 2026 at 20:06):khagankhan updated PR #12946.
Wasmtime GitHub notifications bot (Apr 04 2026 at 20:19):khagankhan commented on PR #12946:
The bug was in
is_subtype_index, it mapped dense type indices (0, 1, 2, ...) toTypeIds withself.type_defs.keys().nth(i), which followsBTreeMapkey order. But I forgot that we sort them before encoding to wasm module (subtypes).The new test
is_subtype_index_encoding_order_differs_from_key_ordercovers exactly this case.The fix is to handle this in
Types::fixup()by computing and passing correct encoding order there, instead of relying onStackType::fixup()to reconstruct it. I think this is better for two reasons:
- This is fundamentally a fixup-time correctness issue, not something that should live in
to_wasm_binary().- It avoids recomputing the encoding order multiple times. Previously, we would effectively derive the same ordering once during binary emission and again during stack fixup. Now it is computed once during fixup and reused where needed.
As part of this change, the tests were updated accordingly.
This also allowed
FB type_to_group_map(...)to be computed once and passed through the fixup path, instead of calling it twice in breaking cycles and calling.
Wasmtime GitHub notifications bot (Apr 05 2026 at 05:35):khagankhan edited a comment on PR #12946:
The bug was in
is_subtype_index, it mapped dense type indices (0, 1, 2, ...) toTypeIds withself.type_defs.keys().nth(i), which followsBTreeMapkey order. But I forgot that we sort them before encoding to wasm module (subtypes).The new test
is_subtype_index_encoding_order_differs_from_key_ordercovers exactly this case.The fix is to handle this in
Types::fixup()by computing and passing correct encoding order there, instead of relying onStackType::fixup()to reconstruct it. I think this is better for two reasons:
- This is fundamentally a fixup-time correctness issue, not something that should live in
to_wasm_binary().- It avoids recomputing the encoding order multiple times. Previously, we would effectively derive the same ordering once during binary emission and again during stack fixup. Now it is computed once during fixup and reused where needed.
As part of this change, the tests were updated accordingly.
This also allowed
fn type_to_group_map(...)to be computed once and passed through the fixup path, instead of calling it twice in breaking cycles and calling.
Wasmtime GitHub notifications bot (Apr 05 2026 at 05:35):khagankhan edited a comment on PR #12946:
The bug was in
is_subtype_index, it mapped dense type indices (0, 1, 2, ...) toTypeIds withself.type_defs.keys().nth(i), which followsBTreeMapkey order. But I forgot that we sort them before encoding to wasm module (subtypes).The new test
is_subtype_index_encoding_order_differs_from_key_ordercovers exactly this case.The fix is to handle this in
Types::fixup()by computing and passing correct encoding order there, instead of relying onStackType::fixup()to reconstruct it. I think this is better for two reasons:
- This is fundamentally a fixup-time correctness issue, not something that should live in
to_wasm_binary().- It avoids recomputing the encoding order multiple times. Previously, we would effectively derive the same ordering once during binary emission and again during stack fixup. Now it is computed once during fixup and reused where needed.
As part of this change, the tests were updated accordingly.
This also allowed
fn type_to_group_map(...)to be computed once and passed through the fixup path, instead of calling it twice in breaking cycles and sorting.
Wasmtime GitHub notifications bot (Apr 06 2026 at 21:55):fitzgen submitted PR review.
Wasmtime GitHub notifications bot (Apr 06 2026 at 21:55):fitzgen added PR #12946 gc_fuzz: Subtype values satisfy required supertypes. to the merge queue
Wasmtime GitHub notifications bot (Apr 06 2026 at 22:21):fitzgen merged PR #12946.
Wasmtime GitHub notifications bot (Apr 06 2026 at 22:21):fitzgen removed PR #12946 gc_fuzz: Subtype values satisfy required supertypes. from the merge queue
Last updated: Apr 12 2026 at 23:10 UTC