Update wasm-smith to 0.218.0 (#1231)

* Update wasm-smith to 0.218.0

* Fix clippy warnings

* Make function calls for exec/translate modules more consistent.

---------

Co-authored-by: Scott Guest <[email protected]>

Author: gtrepta

Cargo.lock

@@ -12,11 +12,11 @@ cargo-fuzz = true
 
 [dependencies]
 libfuzzer-sys = "0.4.7"
-wasm-smith = "=0.13.1"
-arbitrary = { version = "=1.3.2", features = ["derive"] }
 wasmi-stack = { package = "wasmi", version = "0.31.2" }
 wasmtime = "21.0.1"
 wasmi = { workspace = true, features = ["std"] }
+wasm-smith = "0.218.0"
+arbitrary = "1.3.2"
 
 [[bin]]
 name = "translate"

fuzz/Cargo.toml

@@ -4,8 +4,7 @@ mod utils;
 
 use libfuzzer_sys::fuzz_target;
 use std::{collections::hash_map::RandomState, mem};
-use utils::{ty_to_val, ExecConfig};
-use wasm_smith::ConfiguredModule;
+use utils::{arbitrary_exec_module, ty_to_val};
 use wasmi as wasmi_reg;
 use wasmi_reg::core::{F32, F64};
 
@@ -614,11 +613,15 @@ impl FuzzContext {
     }
 }
 
-fuzz_target!(|cfg_module: ConfiguredModule<ExecConfig>| {
-    let mut smith_module = cfg_module.module;
+fuzz_target!(|data: &[u8]| {
+    let Ok(mut smith_module) = arbitrary_exec_module(data) else {
+        return;
+    };
     // Note: We cannot use built-in fuel metering of the different engines since that
     //       would introduce unwanted non-determinism with respect to fuzz testing.
-    smith_module.ensure_termination(1_000 /* fuel */);
+    let Ok(_) = smith_module.ensure_termination(1_000 /* fuel */) else {
+        return;
+    };
     let wasm = smith_module.to_bytes();
     let Some(wasmi_register) = <WasmiRegister as DifferentialTarget>::setup(&wasm[..]) else {
         return;

fuzz/fuzz_targets/differential.rs

@@ -3,17 +3,21 @@
 mod utils;
 
 use libfuzzer_sys::fuzz_target;
-use utils::{ty_to_val, ExecConfig};
-use wasm_smith::ConfiguredModule;
+use utils::{arbitrary_exec_module, ty_to_val};
 use wasmi::{Engine, Linker, Module, Store, StoreLimitsBuilder};
 
-fuzz_target!(|cfg_module: ConfiguredModule<ExecConfig>| {
-    let mut smith_module = cfg_module.module;
+fuzz_target!(|data: &[u8]| {
+    let Ok(mut smith_module) = arbitrary_exec_module(data) else {
+        return;
+    };
+
     // TODO: We could use Wasmi's built-in fuel metering instead.
     //       This would improve test coverage and may be more efficient
     //       given that `wasm-smith`'s fuel metering uses global variables
     //       to communicate used fuel.
-    smith_module.ensure_termination(1000 /* fuel */);
+    let Ok(_) = smith_module.ensure_termination(1000 /* fuel */) else {
+        return;
+    };
     let wasm = smith_module.to_bytes();
     let engine = Engine::default();
     let linker = Linker::new(&engine);

fuzz/fuzz_targets/execute.rs

@@ -1,9 +1,16 @@
 #![no_main]
+
+mod utils;
+
 use libfuzzer_sys::fuzz_target;
+use utils::arbitrary_translate_module;
 use wasmi::{Engine, Module};
 
-fuzz_target!(|data: wasm_smith::Module| {
-    let wasm = data.to_bytes();
+fuzz_target!(|seed: &[u8]| {
+    let Ok(smith_module) = arbitrary_translate_module(seed) else {
+        return;
+    };
+    let wasm = smith_module.to_bytes();
     let engine = Engine::default();
     Module::new(&engine, &wasm[..]).unwrap();
 });

fuzz/fuzz_targets/translate.rs

@@ -1,9 +1,16 @@
 #![no_main]
+
+mod utils;
+
 use libfuzzer_sys::fuzz_target;
+use utils::arbitrary_translate_module;
 use wasmi::{Config, Engine, Module};
 
-fuzz_target!(|data: wasm_smith::Module| {
-    let wasm = data.to_bytes();
+fuzz_target!(|seed: &[u8]| {
+    let Ok(smith_module) = arbitrary_translate_module(seed) else {
+        return;
+    };
+    let wasm = smith_module.to_bytes();
     let mut config = Config::default();
     config.consume_fuel(true);
     let engine = Engine::new(&config);

fuzz/fuzz_targets/translate_metered.rs

@@ -1,64 +1,56 @@
-use arbitrary::Arbitrary;
-use wasmi::{core::ValType, Val};
+#![allow(dead_code)]
 
-/// The configuration used to produce Wasmi compatible fuzzing Wasm modules.
-#[derive(Debug, Arbitrary)]
-pub struct ExecConfig;
+use arbitrary::{Arbitrary, Unstructured};
+use wasmi::{core::ValType, Val};
 
-impl wasm_smith::Config for ExecConfig {
-    fn export_everything(&self) -> bool {
-        true
-    }
-    fn allow_start_export(&self) -> bool {
-        false
-    }
-    fn reference_types_enabled(&self) -> bool {
-        false
-    }
-    fn max_imports(&self) -> usize {
-        0
-    }
-    fn max_memory_pages(&self, is_64: bool) -> u64 {
-        match is_64 {
-            true => {
-                // Note: wasmi does not support 64-bit memory, yet.
-                0
-            }
-            false => 1_000,
-        }
-    }
-    fn max_data_segments(&self) -> usize {
-        10_000
-    }
-    fn max_element_segments(&self) -> usize {
-        10_000
-    }
-    fn max_exports(&self) -> usize {
-        10_000
-    }
-    fn max_elements(&self) -> usize {
-        10_000
-    }
-    fn min_funcs(&self) -> usize {
-        1
-    }
-    fn max_funcs(&self) -> usize {
-        10_000
-    }
-    fn max_globals(&self) -> usize {
-        10_000
-    }
-    fn max_table_elements(&self) -> u32 {
-        10_000
-    }
-    fn max_values(&self) -> usize {
-        10_000
-    }
-    fn max_instructions(&self) -> usize {
-        100_000
+pub fn exec_config() -> wasm_smith::Config {
+    wasm_smith::Config {
+        export_everything: true,
+        allow_start_export: false,
+        reference_types_enabled: false,
+        max_imports: 0,
+        max_memory32_bytes: (1 << 16) * 1_000,
+        // Note: wasmi does not support 64-bit memory, yet.
+        memory64_enabled: false,
+        max_data_segments: 10_000,
+        max_element_segments: 10_000,
+        max_exports: 10_000,
+        max_elements: 10_000,
+        min_funcs: 1,
+        max_funcs: 10_000,
+        max_globals: 10_000,
+        max_table_elements: 10_000,
+        max_values: 10_000,
+        max_instructions: 100_000,
+        exceptions_enabled: false,
+        simd_enabled: false,
+        threads_enabled: false,
+        gc_enabled: false,
+        tail_call_enabled: false,
+        ..Default::default()
     }
 }
 
+pub fn arbitrary_exec_module(seed: &[u8]) -> arbitrary::Result<wasm_smith::Module> {
+    let mut unstructured = Unstructured::new(seed);
+    wasm_smith::Module::new(exec_config(), &mut unstructured)
+}
+
+pub fn arbitrary_translate_module(seed: &[u8]) -> arbitrary::Result<wasm_smith::Module> {
+    let mut unstructured = Unstructured::new(seed);
+
+    let config = wasm_smith::Config::arbitrary(&mut unstructured);
+
+    config.map(|mut config| {
+        config.gc_enabled = false;
+        config.exceptions_enabled = false;
+        config.simd_enabled = false;
+        config.threads_enabled = false;
+
+        wasm_smith::Module::new(config, &mut unstructured)
+    })?
+}
+
 /// Converts a [`ValType`] into a [`Val`] with default initialization of 1.
 ///
 /// # ToDo