Add a fuzzer option to not emit code with OOB loads/indirect calls (#2113)

This is useful for wasm2js, as we don't emit traps for OOB loads etc. like wasm (like we don't trap on bad float-to-int, as it's too hard in JS, and it's undefined behavior in C anyhow). It may also help general fuzzing, as those traps may make other interesting patterns less likely.

Also add more wasm2js support in the fuzzer, which includes using this no-OOB option.

1 files changed, 7 insertions, 0 deletions

diff --git a/src/tools/wasm-opt.cpp b/src/tools/wasm-opt.cpp
index f7e8b5918..6d78a209b 100644
--- a/src/tools/wasm-opt.cpp
+++ b/src/tools/wasm-opt.cpp
@@ -73,6 +73,7 @@ int main(int argc, const char* argv[]) {
   bool fuzzPasses = false;
   bool fuzzNaNs = true;
   bool fuzzMemory = true;
+  bool fuzzOOB = true;
   std::string emitJSWrapper;
   std::string emitSpecWrapper;
   std::string inputSourceMapFilename;
@@ -157,6 +158,11 @@ int main(int argc, const char* argv[]) {
          "don't emit memory ops when fuzzing",
          Options::Arguments::Zero,
          [&](Options* o, const std::string& arguments) { fuzzMemory = false; })
+    .add("--no-fuzz-oob",
+         "",
+         "don't emit out-of-bounds loads/stores/indirect calls when fuzzing",
+         Options::Arguments::Zero,
+         [&](Options* o, const std::string& arguments) { fuzzOOB = false; })
     .add("--emit-js-wrapper",
          "-ejw",
          "Emit a JavaScript wrapper file that can run the wasm with some test "
@@ -242,6 +248,7 @@ int main(int argc, const char* argv[]) {
     }
     reader.setAllowNaNs(fuzzNaNs);
     reader.setAllowMemory(fuzzMemory);
+    reader.setAllowOOB(fuzzOOB);
     reader.build();
     if (options.passOptions.validate) {
       if (!WasmValidator().validate(wasm)) {