[wasm] Don't emit empty module sections

Liedtke · V8-internal LUCI CQ · commit 2ae06c9a1917 · 2026-03-23T01:20:03.000-07:00
Change-Id: I99bc88a3cefdd5d4cbaf645b10e1cdcd66138a52 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9123977 Commit-Queue: Manos Koukoutos <manoskouk@google.com> Reviewed-by: Manos Koukoutos <manoskouk@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com>
diff --git a/Sources/Fuzzilli/Lifting/WasmLifter.swift b/Sources/Fuzzilli/Lifting/WasmLifter.swift
@@ -622,10 +622,6 @@ public class WasmLifter {
     }
 
     private func buildTypeSection() throws {
-        self.bytecode += [WasmSection.type.rawValue]
-
-        var temp = Data()
-
         // Collect all signatures of imported functions, suspendable objects or tags.
         // See importAnalysis for more details.
         for signature in self.exports.compactMap({ $0.getImport()?.signature }) {
@@ -638,7 +634,12 @@ public class WasmLifter {
         }
 
         let typeCount = self.signatures.count + typeGroups.count
-        temp += Leb128.unsignedEncode(typeCount)
+        if typeCount == 0 {
+            return
+        }
+
+        self.bytecode += [WasmSection.type.rawValue]
+        var temp = Leb128.unsignedEncode(typeCount)
 
         // TODO(mliedtke): Integrate this with the whole signature mechanism as
         // these signatures could contain wasm-gc types.
@@ -791,11 +792,16 @@ public class WasmLifter {
     }
 
     private func buildFunctionSection() throws {
+        let functionCount = self.exports.count { $0.isFunction }
+        if functionCount == 0 {
+            return
+        }
+
         self.bytecode += [WasmSection.function.rawValue]
 
         // The number of functions we have, as this is a vector of type idxs.
         // TODO(cffsmith): functions can share type indices. This could be an optimization later on.
-        var temp = Leb128.unsignedEncode(self.exports.count { $0.isFunction })
+        var temp = Leb128.unsignedEncode(functionCount)
 
         for case let .function(functionInfo) in self.exports {
             temp.append(Leb128.unsignedEncode(try getSignatureIndex(functionInfo!.signature)))
@@ -814,9 +820,14 @@ public class WasmLifter {
     }
 
     private func buildTableSection() throws {
+        let tableCount = self.exports.count { $0.isTable }
+        if tableCount == 0 {
+            return
+        }
+
         self.bytecode += [WasmSection.table.rawValue]
 
-        var temp = Leb128.unsignedEncode(self.exports.count { $0.isTable })
+        var temp = Leb128.unsignedEncode(tableCount)
 
         for case let .table(instruction) in self.exports {
             let op = instruction!.op as! WasmDefineTable
@@ -922,9 +933,13 @@ public class WasmLifter {
     }
 
     private func buildCodeSection(_ instructions: Code) throws {
+        let functionCount = self.exports.count { $0.isFunction }
+        if functionCount == 0 {
+            return
+        }
+
         // Build the contents of the section
-        var temp = Data()
-        temp += Leb128.unsignedEncode(self.exports.count { $0.isFunction })
+        var temp = Leb128.unsignedEncode(functionCount)
 
         var functionBranchHints = [Data]()
 
@@ -1006,6 +1021,10 @@ public class WasmLifter {
     }
 
     private func buildDataSection() throws {
+        if self.dataSegments.isEmpty {
+            return
+        }
+
         self.bytecode += [WasmSection.data.rawValue]
 
         var temp = Data()
@@ -1030,11 +1049,12 @@ public class WasmLifter {
     }
 
     private func buildDataCountSection() throws {
-        self.bytecode += [WasmSection.datacount.rawValue]
-
-        var temp = Data()
-        temp += Leb128.unsignedEncode(self.dataSegments.count)
+        if self.dataSegments.isEmpty {
+            return
+        }
 
+        self.bytecode += [WasmSection.datacount.rawValue]
+        let temp = Leb128.unsignedEncode(self.dataSegments.count)
         self.bytecode.append(Leb128.unsignedEncode(temp.count))
         self.bytecode.append(temp)
 
@@ -1047,11 +1067,13 @@ public class WasmLifter {
     }
 
     private func buildGlobalSection() throws {
-        self.bytecode += [WasmSection.global.rawValue]
-
-        var temp = Data()
+        let globalCount = self.exports.count { $0.isGlobal }
+        if globalCount == 0 {
+            return
+        }
 
-        temp += Leb128.unsignedEncode(self.exports.count { $0.isGlobal })
+        self.bytecode += [WasmSection.global.rawValue]
+        var temp = Leb128.unsignedEncode(globalCount)
 
         // TODO: in the future this should maybe be a context that allows instructions? Such that we can fuzz this expression as well?
         for case let .global(instruction) in self.exports {
@@ -1102,13 +1124,13 @@ public class WasmLifter {
     }
 
     private func buildMemorySection() {
-        self.bytecode += [WasmSection.memory.rawValue]
-
-        var temp = Data()
+        let memoryCount = self.exports.count { $0.isMemory }
+        if memoryCount == 0 {
+            return
+        }
 
-        // The amount of memories we have, per standard this can currently only be one, either defined or imported
-        // https://webassembly.github.io/spec/core/syntax/modules.html#memories
-        temp += Leb128.unsignedEncode(self.exports.count { $0.isMemory })
+        self.bytecode += [WasmSection.memory.rawValue]
+        var temp = Leb128.unsignedEncode(memoryCount)
 
         for case let .memory(instruction) in self.exports {
             let type = typer.type(of: instruction!.output)
@@ -1164,6 +1186,10 @@ public class WasmLifter {
 
     // Export all imports and defined things by default.
     private func buildExportedSection() throws {
+        if self.exports.isEmpty {
+            return
+        }
+
         self.bytecode += [WasmSection.export.rawValue]
 
         var temp = Data()
diff --git a/Tests/FuzzilliTests/LifterTest.swift b/Tests/FuzzilliTests/LifterTest.swift
@@ -3897,4 +3897,22 @@ class LifterTests: XCTestCase {
 
         XCTAssertEqual(actual, expected)
     }
+
+    func testEmptyWasmModule() {
+        let fuzzer = makeMockFuzzer()
+        let b = fuzzer.makeBuilder()
+        b.buildWasmModule {_ in}
+        let program = b.finalize()
+        let actual = fuzzer.lifter.lift(program)
+
+        // An empty Wasm module should only contain the needed prefix but no empty sections.
+        let expected = """
+        const v0 = new WebAssembly.Instance(new WebAssembly.Module(new Uint8Array([
+            0x00, 0x61, 0x73, 0x6D, 0x01, 0x00, 0x00, 0x00,
+        ])));
+
+        """
+
+        XCTAssertEqual(actual, expected)
+    }
 }
