Fuzz the Table from JS (#7042)

Continues the work from #7027 which added throwing from JS, this adds
table get/set operations from JS, to further increase our coverage of
Wasm/JS interactions (the table can be used from both sides).

2 files changed, 37 insertions, 12 deletions

diff --git a/scripts/fuzz_opt.py b/scripts/fuzz_opt.py
index 838ed54cc..3d4663501 100755
--- a/scripts/fuzz_opt.py
+++ b/scripts/fuzz_opt.py
@@ -1178,11 +1178,36 @@ class Wasm2JS(TestCaseHandler):
         return all_disallowed(['exception-handling', 'simd', 'threads', 'bulk-memory', 'nontrapping-float-to-int', 'tail-call', 'sign-ext', 'reference-types', 'multivalue', 'gc', 'multimemory'])
 
 
+# given a wasm, find all the exports of particular kinds (for example, kinds
+# can be ['func', 'table'] and then we would find exported functions and
+# tables).
+def get_exports(wasm, kinds):
+    wat = run([in_bin('wasm-dis'), wasm] + FEATURE_OPTS)
+    p = re.compile(r'^ [(]export "(.*[^\\]?)" [(](?:' + '|'.join(kinds) + ')')
+    exports = []
+    for line in wat.splitlines():
+        m = p.match(line)
+        if m:
+            export = m[1]
+            exports.append(export)
+    return exports
+
+
 # given a wasm and a list of exports we want to keep, remove all other exports.
 def filter_exports(wasm, output, keep):
     # based on
     # https://github.com/WebAssembly/binaryen/wiki/Pruning-unneeded-code-in-wasm-files-with-wasm-metadce#example-pruning-exports
 
+    # we append to keep; avoid modifying the object that was sent in.
+    keep = keep[:]
+
+    # some exports must always be preserved, if they exist, like the table
+    # (which can be called from JS imports for table operations).
+    existing_exports = set(get_exports(wasm, ['func', 'table']))
+    for export in ['table']:
+        if export in existing_exports:
+            keep.append(export)
+
     # build json to represent the exports we want.
     graph = [{
         'name': 'outside',
@@ -1304,18 +1329,10 @@ class CtorEval(TestCaseHandler):
         # get the expected execution results.
         wasm_exec = run_bynterp(wasm, ['--fuzz-exec-before'])
 
-        # get the list of exports, so we can tell ctor-eval what to eval.
-        wat = run([in_bin('wasm-dis'), wasm] + FEATURE_OPTS)
-        p = re.compile(r'^ [(]export "(.*[^\\]?)" [(]func')
-        exports = []
-        for line in wat.splitlines():
-            m = p.match(line)
-            if m:
-                export = m[1]
-                exports.append(export)
-        if not exports:
+        # get the list of func exports, so we can tell ctor-eval what to eval.
+        ctors = ','.join(get_exports(wasm, ['func']))
+        if not ctors:
             return
-        ctors = ','.join(exports)
 
         # eval the wasm.
         # we can use --ignore-external-input because the fuzzer passes in 0 to
diff --git a/scripts/fuzz_shell.js b/scripts/fuzz_shell.js
index 4cf3ba358..c4c0056f0 100644
--- a/scripts/fuzz_shell.js
+++ b/scripts/fuzz_shell.js
@@ -152,7 +152,15 @@ var imports = {
     // Throw an exception from JS.
     'throw': () => {
       throw 'some JS error';
-    }
+    },
+
+    // Table operations.
+    'table-get': (index) => {
+      return exports.table.get(index >>> 0);
+    },
+    'table-set': (index, value) => {
+      exports.table.set(index >>> 0, value);
+    },
   },
   // Emscripten support.
   'env': {