Wasmtime GitHub notifications bot (May 31 2026 at 16:59): Wasmtime GitHub notifications bot (May 31 2026 at 16:59):alexcrichton opened issue #13521:
I've reduced this timeout to more-or-less this input:
(module (type $a (array (mut funcref))) (type $s (struct (field anyref))) (table 1 structref (ref.null struct)) (elem structref (item (struct.new $s (array.new $a (ref.func $f) (i32.const 171472957))))) (func $f) )Locally with a release build of
wasmtimefrom main this takes ~2s to instantiate. I've confirmed that with all the recent refactorings this is indeed respecting-Wtimeout=...(epochs kick in) and-Wfuel=...(fuel is checked). Despite this though there's two major issues happening here which are compounding together to surface this during fuzzing:
- Primarily the fuel mechanism for wasm-smith is not kicking in. Notably there's no tracking for fuel in constant expressions, especially constant expressions that consume a dynamic amount of fuel (e.g.
array.new). With differential fuzzing we rely on wasm-smith's fuel to both guarantee similar behavior across engines but additionally prevent infinite loops and resource consumption. We'd need to change wasm-smith's generation strategy for wasm const exprs to handle this case differently, for example. (e.g. back to questions about the top-down approach instead of bottom-up).- Independently of the wasm-smith issue this module taking 2s to instantiate seems a bit excessive. The slowdown is from re-interning
ref.func $fon each iteration of the loop, but naturally it's going to get the same intern'd value from each iteration of the loop. We should probably implement an optimization such that when filling an array with aref.functhe interning only happens once instead of once-per-element-filled. I suspect that would also resolve this fuzz bug, but the fuzz bug might resurface with a slightly different shape due to the inherent wasm-smith limitations.cc @fitzgen do you have thoughts on this? I'm tempted to see how (2) fares on oss-fuzz and see if that basically resolves this
Wasmtime GitHub notifications bot (May 31 2026 at 16:59):alexcrichton added the fuzz-bug label to Issue #13521.
Wasmtime GitHub notifications bot (May 31 2026 at 16:59):alexcrichton added the wasm-proposal:gc label to Issue #13521.
Last updated: Jun 01 2026 at 09:49 UTC