Fix JS tag fuzzing: throw the same in JS and the binaryen interpreter #7286

kripken · 2025-02-10T22:04:27Z

We do not compare exceptions in binaryen (not in the optimizer, where we
assume we can reorder traps, and not in the fuzzer, where we assume VMs
may have different text for them). But, since we have try-catch in wasm,
we can actually end up comparing them, by catching the exception and
logging the output. For that reason, we need to throw exactly the same
JS exception in #7283, which this fixes.

(I fuzzed #7283 for a few hours, and it found this error right after I landed the PR 😄 )

aheejin

Where do we compare and check whether those values are the same?

kripken · 2025-02-10T23:37:43Z

The fuzzer may end up comparing them when it compares the output of VMs. It can run in d8 and binaryen, get the logs, and diff those. And if we return the caught exceptions, their contents are in those logs (like any return value).

work

be665df

kripken requested a review from aheejin February 10, 2025 22:04

aheejin approved these changes Feb 10, 2025

View reviewed changes

kripken merged commit 7198f0e into WebAssembly:main Feb 10, 2025
14 checks passed

kripken deleted the fix.jstag.fuzz branch February 10, 2025 23:38

aheejin mentioned this pull request Feb 12, 2025

[EH] Fuzz catch+rethrow on the JS side #7287

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix JS tag fuzzing: throw the same in JS and the binaryen interpreter #7286

Fix JS tag fuzzing: throw the same in JS and the binaryen interpreter #7286

kripken commented Feb 10, 2025

aheejin left a comment

kripken commented Feb 10, 2025

Fix JS tag fuzzing: throw the same in JS and the binaryen interpreter #7286

Fix JS tag fuzzing: throw the same in JS and the binaryen interpreter #7286

Conversation

kripken commented Feb 10, 2025

aheejin left a comment

Choose a reason for hiding this comment

kripken commented Feb 10, 2025