Compare binaryen fuzz-exec to JS VMs (#1856)

The main fuzz_opt.py script compares JS VMs, and separately runs binaryen's fuzz-exec that compares the binaryen interpreter to itself (before and after opts). This PR lets us directly compare binaryen's interpreter output to JS VMs. This found a bunch of minor things we can do better on both sides, giving more fuzz coverage.

To enable this, a bunch of tiny fixes were needed:

*    Add --fuzz-exec-before which is like --fuzz-exec but just runs the code before opts are run, instead of before and after.
*    Normalize double printing (so JS and C++ print comparable things). This includes negative zero in JS, which we never printed properly til now.
*    Various improvements to how we print fuzz-exec logging - remove unuseful things, and normalize the others across JS and C++.
*    Properly legalize the wasm when --emit-js-wrapper (i.e., we will run the code from JS), and use that in the JS wrapper code.

1 files changed, 16 insertions, 5 deletions

diff --git a/src/tools/wasm-opt.cpp b/src/tools/wasm-opt.cpp
index 3e04fc644..5238caf7a 100644
--- a/src/tools/wasm-opt.cpp
+++ b/src/tools/wasm-opt.cpp
@@ -65,7 +65,8 @@ int main(int argc, const char* argv[]) {
   bool emitBinary = true;
   bool debugInfo = false;
   bool converge = false;
-  bool fuzzExec = false;
+  bool fuzzExecBefore = false;
+  bool fuzzExecAfter = false;
   bool fuzzBinary = false;
   std::string extraFuzzCommand;
   bool translateToFuzz = false;
@@ -93,9 +94,12 @@ int main(int argc, const char* argv[]) {
       .add("--converge", "-c", "Run passes to convergence, continuing while binary size decreases",
            Options::Arguments::Zero,
            [&](Options *o, const std::string& arguments) { converge = true; })
+      .add("--fuzz-exec-before", "-feh", "Execute functions before optimization, helping fuzzing find bugs",
+           Options::Arguments::Zero,
+           [&](Options *o, const std::string& arguments) { fuzzExecBefore = true; })
       .add("--fuzz-exec", "-fe", "Execute functions before and after optimization, helping fuzzing find bugs",
            Options::Arguments::Zero,
-           [&](Options *o, const std::string& arguments) { fuzzExec = true; })
+           [&](Options *o, const std::string& arguments) { fuzzExecBefore = fuzzExecAfter = true; })
       .add("--fuzz-binary", "-fb", "Convert to binary and back after optimizations and before fuzz-exec, helping fuzzing find binary format bugs",
            Options::Arguments::Zero,
            [&](Options *o, const std::string& arguments) { fuzzBinary = true; })
@@ -172,8 +176,15 @@ int main(int argc, const char* argv[]) {
     }
   }
 
+  if (emitJSWrapper.size() > 0) {
+    // As the code will run in JS, we must legalize it.
+    PassRunner runner(&wasm);
+    runner.add("legalize-js-interface");
+    runner.run();
+  }
+
   ExecutionResults results;
-  if (fuzzExec) {
+  if (fuzzExecBefore) {
     results.get(wasm);
   }
 
@@ -207,7 +218,7 @@ int main(int argc, const char* argv[]) {
   Module* curr = &wasm;
   Module other;
 
-  if (fuzzExec && fuzzBinary) {
+  if (fuzzExecAfter && fuzzBinary) {
     BufferWithRandomAccess buffer(false);
     // write the binary
     WasmBinaryWriter writer(&wasm, buffer, false);
@@ -259,7 +270,7 @@ int main(int argc, const char* argv[]) {
     }
   }
 
-  if (fuzzExec) {
+  if (fuzzExecAfter) {
     results.check(*curr);
   }