Fuzzer: Allow using initial content with V8 (#6327)

One problem was that spec testcases had exports with names that are not
valid to write as JS exports.name. For example an export with a - in the
name would end up as exports.foo-bar etc. Since #6310 that is fixed as
we do not emit such JS (we use the generic fuzz_shell.js script which iterates
over the keys in exports with exports[name]).

Also fix a few trivial fuzzer issues that initial content uncovered:

- Ignore a wat file with invalid utf-8.
- Print string literals in the same way from JS as from C++.
- Enable the stringref flag in V8.
- Remove tag imports (the same as we do for global and function and other imports).

4 files changed, 17 insertions, 5 deletions

diff --git a/scripts/fuzz_opt.py b/scripts/fuzz_opt.py
index d0705693f..653ae9dfc 100755
--- a/scripts/fuzz_opt.py
+++ b/scripts/fuzz_opt.py
@@ -311,6 +311,8 @@ INITIAL_CONTENTS_IGNORE = [
     'exception-handling.wast',
     'translate-eh-old-to-new.wast',
     'rse-eh.wast',
+    # Non-UTF8 strings trap in V8
+    'string-lowering.wast',
 ]
 
 
@@ -756,10 +758,7 @@ class CompareVMs(TestCaseHandler):
                 return run_vm([shared.V8, FUZZ_SHELL_JS] + shared.V8_OPTS + extra_d8_flags + ['--', wasm])
 
             def can_run(self, wasm):
-                # INITIAL_CONTENT is disallowed because some initial spec testcases
-                # have names that require mangling, see
-                # https://github.com/WebAssembly/binaryen/pull/3216
-                return not INITIAL_CONTENTS
+                return True
 
             def can_compare_to_self(self):
                 # With nans, VM differences can confuse us, so only very simple VMs
diff --git a/scripts/fuzz_shell.js b/scripts/fuzz_shell.js
index 736110751..106c877aa 100644
--- a/scripts/fuzz_shell.js
+++ b/scripts/fuzz_shell.js
@@ -47,7 +47,10 @@ function printed(x, y) {
     // JS has just one null. Print that out rather than typeof null which is
     // 'object', below.
     return 'null';
-  } else if (typeof x !== 'number' && typeof x !== 'string') {
+  } else if (typeof x === 'string') {
+    // Emit a string in the same format as the binaryen interpreter.
+    return 'string("' + x + '")';
+  } else if (typeof x !== 'number') {
     // Something that is not a number or string, like a reference. We can't
     // print a reference because it could look different after opts - imagine
     // that a function gets renamed internally (that is, the problem is that
diff --git a/scripts/test/shared.py b/scripts/test/shared.py
index 75dece375..15c837b1d 100644
--- a/scripts/test/shared.py
+++ b/scripts/test/shared.py
@@ -260,6 +260,7 @@ V8_OPTS = [
     '--experimental-wasm-typed-funcref',
     '--experimental-wasm-memory64',
     '--experimental-wasm-extended-const',
+    '--experimental-wasm-stringref',
     '--wasm-final-types',
 ]
 
diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp
index 2b776144d..c1625d726 100644
--- a/src/tools/fuzzing/fuzzing.cpp
+++ b/src/tools/fuzzing/fuzzing.cpp
@@ -433,6 +433,15 @@ void TranslateToFuzzReader::setupGlobals() {
 }
 
 void TranslateToFuzzReader::setupTags() {
+  // As in modifyInitialFunctions(), we can't allow tag imports as it would trap
+  // when the fuzzing infrastructure doesn't know what to provide.
+  for (auto& tag : wasm.tags) {
+    if (tag->imported()) {
+      tag->module = tag->base = Name();
+    }
+  }
+
+  // Add some random tags.
   Index num = upTo(3);
   for (size_t i = 0; i < num; i++) {
     addTag();