[wasm] Remove parameter and return types from WasmCallDirect

Liedtke · V8-internal LUCI CQ · commit 226938a27cb4 · 2026-01-19T08:30:52.000-08:00
Bug: 445356784 Change-Id: Idbe0b038ecd47b371639219edababaf7e33d1054 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8929536 Reviewed-by: Doga Yüksel <dyuksel@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
diff --git a/Sources/Fuzzilli/Base/ProgramBuilder.swift b/Sources/Fuzzilli/Base/ProgramBuilder.swift
@@ -3766,7 +3766,7 @@ public class ProgramBuilder {
 
         @discardableResult
         public func wasmCallDirect(signature: WasmSignature, function: Variable, functionArgs: [Variable]) -> [Variable] {
-            return Array(b.emit(WasmCallDirect(signature: signature),
+            return Array(b.emit(WasmCallDirect(parameterCount: signature.parameterTypes.count, outputCount: signature.outputTypes.count),
                 withInputs: [function] + functionArgs,
                 types: [.wasmFunctionDef(signature)] + signature.parameterTypes
             ).outputs)
diff --git a/Sources/Fuzzilli/FuzzIL/Instruction.swift b/Sources/Fuzzilli/FuzzIL/Instruction.swift
@@ -1313,8 +1313,8 @@ extension Instruction: ProtobufConvertible {
                 }
             case .wasmCallDirect(let op):
                 $0.wasmCallDirect = Fuzzilli_Protobuf_WasmCallDirect.with {
-                    $0.parameterTypes = op.signature.parameterTypes.map(ILTypeToWasmTypeEnum)
-                    $0.outputTypes = op.signature.outputTypes.map(ILTypeToWasmTypeEnum)
+                    $0.parameterCount = Int32(op.parameterCount)
+                    $0.outputCount = Int32(op.numOutputs)
                 }
             case .wasmReturnCallDirect(let op):
                 $0.wasmReturnCallDirect = Fuzzilli_Protobuf_WasmReturnCallDirect.with {
@@ -2408,9 +2408,7 @@ extension Instruction: ProtobufConvertible {
             let outputs = p.outputTypes.map(WasmTypeEnumToILType)
             op = WasmCallIndirect(signature: parameters => outputs)
         case .wasmCallDirect(let p):
-            let parameters = p.parameterTypes.map(WasmTypeEnumToILType)
-            let outputs = p.outputTypes.map(WasmTypeEnumToILType)
-            op = WasmCallDirect(signature: parameters => outputs)
+            op = WasmCallDirect(parameterCount: Int(p.parameterCount), outputCount: Int(p.outputCount))
         case .wasmReturnCallDirect(let p):
             let parameters = p.parameterTypes.map(WasmTypeEnumToILType)
             let outputs = p.outputTypes.map(WasmTypeEnumToILType)
diff --git a/Sources/Fuzzilli/FuzzIL/JSTyper.swift b/Sources/Fuzzilli/FuzzIL/JSTyper.swift
@@ -878,8 +878,9 @@ public struct JSTyper: Analyzer {
                 wasmTypeBeginBlock(instr, op.signature)
             case .wasmEndTryDelegate(let op):
                 wasmTypeEndBlock(instr, op.outputTypes)
-            case .wasmCallDirect(let op):
-                for (output, outputType) in zip(instr.outputs, op.signature.outputTypes) {
+            case .wasmCallDirect(_):
+                let signature = type(of: instr.input(0)).wasmFunctionDefSignature!
+                for (output, outputType) in zip(instr.outputs, signature.outputTypes) {
                     setType(of: output, to: outputType)
                 }
                 // We don't need to update the DynamicObjectGroupManager, as all functions that can be called here are .wasmFunctionDef types, this means we have already added them when we saw the EndWasmFunction instruction.
diff --git a/Sources/Fuzzilli/FuzzIL/WasmOperations.swift b/Sources/Fuzzilli/FuzzIL/WasmOperations.swift
@@ -963,12 +963,12 @@ final class WasmCallIndirect: WasmOperation {
 
 final class WasmCallDirect: WasmOperation {
     override var opcode: Opcode { .wasmCallDirect(self) }
-    let signature: WasmSignature
 
-    init(signature: WasmSignature) {
-        self.signature = signature
-        super.init(numInputs: 1 + signature.parameterTypes.count, numOutputs: signature.outputTypes.count, requiredContext: [.wasmFunction])
+    init(parameterCount: Int, outputCount: Int) {
+        super.init(numInputs: 1 + parameterCount, numOutputs: outputCount, requiredContext: [.wasmFunction])
     }
+
+    var parameterCount: Int {numInputs - 1}
 }
 
 final class WasmReturnCallDirect: WasmOperation {
diff --git a/Sources/Fuzzilli/Lifting/FuzzILLifter.swift b/Sources/Fuzzilli/Lifting/FuzzILLifter.swift
@@ -1064,13 +1064,13 @@ public class FuzzILLifter: Lifter {
                 w.emit("\(outputs) <- WasmCallIndirect(\(op.signature)) \(inputs)")
             }
 
-        case .wasmCallDirect(let op):
+        case .wasmCallDirect(_):
             let inputs = instr.inputs.map(lift).joined(separator: ", ")
-            if op.signature.outputTypes.isEmpty {
-                w.emit("WasmCallDirect(\(op.signature)) \(inputs)")
+            if instr.outputs.isEmpty {
+                w.emit("WasmCallDirect \(inputs)")
             } else {
                 let outputs = instr.outputs.map(lift).joined(separator: ", ")
-                w.emit("\(outputs) <- WasmCallDirect(\(op.signature)) \(inputs)")
+                w.emit("\(outputs) <- WasmCallDirect \(inputs)")
             }
 
         case .wasmReturnCallDirect(let op):
diff --git a/Sources/Fuzzilli/Protobuf/operations.pb.swift b/Sources/Fuzzilli/Protobuf/operations.pb.swift
@@ -5045,9 +5045,9 @@ public struct Fuzzilli_Protobuf_WasmCallDirect: Sendable {
   // `Message` and `Message+*Additions` files in the SwiftProtobuf library for
   // methods supported on all messages.
 
-  public var parameterTypes: [Fuzzilli_Protobuf_WasmILType] = []
+  public var parameterCount: Int32 = 0
 
-  public var outputTypes: [Fuzzilli_Protobuf_WasmILType] = []
+  public var outputCount: Int32 = 0
 
   public var unknownFields = SwiftProtobuf.UnknownStorage()
 
@@ -13405,34 +13405,34 @@ extension Fuzzilli_Protobuf_WasmCallIndirect: SwiftProtobuf.Message, SwiftProtob
 
 extension Fuzzilli_Protobuf_WasmCallDirect: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding {
   public static let protoMessageName: String = _protobuf_package + ".WasmCallDirect"
-  public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}parameterTypes\0\u{1}outputTypes\0")
+  public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}parameterCount\0\u{1}outputCount\0")
 
   public mutating func decodeMessage<D: SwiftProtobuf.Decoder>(decoder: inout D) throws {
     while let fieldNumber = try decoder.nextFieldNumber() {
       // The use of inline closures is to circumvent an issue where the compiler
       // allocates stack space for every case branch when no optimizations are
       // enabled. https://github.com/apple/swift-protobuf/issues/1034
       switch fieldNumber {
-      case 1: try { try decoder.decodeRepeatedMessageField(value: &self.parameterTypes) }()
-      case 2: try { try decoder.decodeRepeatedMessageField(value: &self.outputTypes) }()
+      case 1: try { try decoder.decodeSingularInt32Field(value: &self.parameterCount) }()
+      case 2: try { try decoder.decodeSingularInt32Field(value: &self.outputCount) }()
       default: break
       }
     }
   }
 
   public func traverse<V: SwiftProtobuf.Visitor>(visitor: inout V) throws {
-    if !self.parameterTypes.isEmpty {
-      try visitor.visitRepeatedMessageField(value: self.parameterTypes, fieldNumber: 1)
+    if self.parameterCount != 0 {
+      try visitor.visitSingularInt32Field(value: self.parameterCount, fieldNumber: 1)
     }
-    if !self.outputTypes.isEmpty {
-      try visitor.visitRepeatedMessageField(value: self.outputTypes, fieldNumber: 2)
+    if self.outputCount != 0 {
+      try visitor.visitSingularInt32Field(value: self.outputCount, fieldNumber: 2)
     }
     try unknownFields.traverse(visitor: &visitor)
   }
 
   public static func ==(lhs: Fuzzilli_Protobuf_WasmCallDirect, rhs: Fuzzilli_Protobuf_WasmCallDirect) -> Bool {
-    if lhs.parameterTypes != rhs.parameterTypes {return false}
-    if lhs.outputTypes != rhs.outputTypes {return false}
+    if lhs.parameterCount != rhs.parameterCount {return false}
+    if lhs.outputCount != rhs.outputCount {return false}
     if lhs.unknownFields != rhs.unknownFields {return false}
     return true
   }
diff --git a/Sources/Fuzzilli/Protobuf/operations.proto b/Sources/Fuzzilli/Protobuf/operations.proto
@@ -1173,8 +1173,8 @@ message WasmCallIndirect {
 }
 
 message WasmCallDirect {
-  repeated WasmILType parameterTypes = 1;
-  repeated WasmILType outputTypes = 2;
+  int32 parameterCount = 1;
+  int32 outputCount = 2;
 }
 
 message WasmReturnCallDirect {

Original file line number	Diff line number	Diff line change
`@@ -963,12 +963,12 @@ final class WasmCallIndirect: WasmOperation {`
`963`	`963`
`964`	`964`	`final class WasmCallDirect: WasmOperation {`
`965`	`965`	`override var opcode: Opcode { .wasmCallDirect(self) }`
`966`		`- let signature: WasmSignature`
`967`	`966`
`968`		`- init(signature: WasmSignature) {`
`969`		`- self.signature = signature`
`970`		`- super.init(numInputs: 1 + signature.parameterTypes.count, numOutputs: signature.outputTypes.count, requiredContext: [.wasmFunction])`
	`967`	`+ init(parameterCount: Int, outputCount: Int) {`
	`968`	`+ super.init(numInputs: 1 + parameterCount, numOutputs: outputCount, requiredContext: [.wasmFunction])`
`971`	`969`	`}`
	`970`	`+`
	`971`	`+ var parameterCount: Int {numInputs - 1}`
`972`	`972`	`}`
`973`	`973`
`974`	`974`	`final class WasmReturnCallDirect: WasmOperation {`
Original file line number	Diff line number	Diff line change
`@@ -1173,8 +1173,8 @@ message WasmCallIndirect {`
`1173`	`1173`	`}`
`1174`	`1174`
`1175`	`1175`	`message WasmCallDirect {`
`1176`		`- repeated WasmILType parameterTypes = 1;`
`1177`		`- repeated WasmILType outputTypes = 2;`
	`1176`	`+ int32 parameterCount = 1;`
	`1177`	`+ int32 outputCount = 2;`
`1178`	`1178`	`}`
`1179`	`1179`
`1180`	`1180`	`message WasmReturnCallDirect {`