Skip to content

gc_fuzz: Subtype values satisfy required supertypes.#12946

Open
khagankhan wants to merge 2 commits intobytecodealliance:mainfrom
khagankhan:cast-prep
Open

gc_fuzz: Subtype values satisfy required supertypes.#12946
khagankhan wants to merge 2 commits intobytecodealliance:mainfrom
khagankhan:cast-prep

Conversation

@khagankhan
Copy link
Copy Markdown
Contributor

@khagankhan khagankhan commented Apr 3, 2026

Small updates before cast support

types.rs:
Added subtype-aware matching in StackType::fixup for typed struct operands. A stack value of subtype S can now satisfy a required supertype T by walking the existing supertype chain in Types, instead of requiring exact type-index equality with actual <: wanted

mutator.rs:
add_struct now creates a rec group first when none exist, instead of failing to add a struct. This increases the chance of mutating toward struct/rec-group state rather than toward simpler table-only ops.

tests.rs:
New tests for new function and StackType::fixup(...)

+cc @fitzgen @eeide

@khagankhan khagankhan requested a review from a team as a code owner April 3, 2026 00:34
@khagankhan khagankhan requested review from fitzgen and removed request for a team April 3, 2026 00:34
@github-actions github-actions bot added the fuzzing Issues related to our fuzzing infrastructure label Apr 3, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 3, 2026

Subscribe to Label Action

cc @fitzgen

Details This issue or pull request has been labeled: "fuzzing"

Thus the following users have been cc'd because of the following labels:

  • fitzgen: fuzzing

To subscribe or unsubscribe from this label, edit the .github/subscribe-to-label.json configuration file.

Learn more.

fitzgen
fitzgen approved these changes Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@fitzgen fitzgen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice

@fitzgen fitzgen added this pull request to the merge queue Apr 3, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Apr 3, 2026
@khagankhan
Copy link
Copy Markdown
Contributor Author

khagankhan commented Apr 3, 2026

I am looking at the failure...

@khagankhan
Copy link
Copy Markdown
Contributor Author

khagankhan commented Apr 4, 2026
edited
Loading

The bug was in is_subtype_index, it mapped dense type indices (0, 1, 2, ...) to TypeIds with self.type_defs.keys().nth(i), which follows BTreeMap key order. But I forgot that we sort them before encoding to wasm module (subtypes).

The new test is_subtype_index_encoding_order_differs_from_key_order covers exactly this case.

The fix is to handle this in Types::fixup() by computing and passing correct encoding order there, instead of relying on StackType::fixup() to reconstruct it. I think this is better for two reasons:

  1. This is fundamentally a fixup-time correctness issue, not something that should live in to_wasm_binary().
  2. It avoids recomputing the encoding order multiple times. Previously, we would effectively derive the same ordering once during binary emission and again during stack fixup. Now it is computed once during fixup and reused where needed.

As part of this change, the tests were updated accordingly.

This also allowed fn type_to_group_map(...) to be computed once and passed through the fixup path, instead of calling it twice in breaking cycles and sorting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fitzgen fitzgen fitzgen approved these changes

Assignees

No one assigned

Labels

fuzzing Issues related to our fuzzing infrastructure

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@khagankhan @fitzgen