[wasm] Add Webassembly.Global builtin

Liedtke · V8-internal LUCI CQ · commit 75af0dc7f82b · 2025-09-01T06:48:47.000-07:00
Bug: 440226707 Change-Id: I93819d544e41a3f2dece0f3f3beb6f2d2bab9f78 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8536417 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Manos Koukoutos <manoskouk@google.com>
diff --git a/Sources/Fuzzilli/Environment/JavaScriptEnvironment.swift b/Sources/Fuzzilli/Environment/JavaScriptEnvironment.swift
@@ -353,6 +353,7 @@ public class JavaScriptEnvironment: ComponentBase {
         }
         registerObjectGroup(.jsWebAssemblyCompileOptions)
         registerObjectGroup(.jsWebAssemblyModuleConstructor)
+        registerObjectGroup(.jsWebAssemblyGlobalConstructor)
         registerObjectGroup(.jsWebAssemblyModule)
         registerObjectGroup(.jsWebAssembly)
         registerObjectGroup(.jsWasmGlobal)
@@ -919,6 +920,13 @@ public extension ILType {
         + .object(ofGroup: "WebAssemblyModuleConstructor", withProperties: [],
             withMethods: ["customSections", "imports", "exports"])
 
+    static let jsWasmGlobal = ILType.object(ofGroup: "WasmGlobal", withProperties: ["value"],
+        withMethods: ["valueOf"])
+
+    static let jsWebAssemblyGlobalConstructor =
+        ILType.constructor([.plain(.object()), .jsAnything] => .jsWasmGlobal)
+        + .object(ofGroup: "WebAssemblyGlobalConstructor", withProperties: [], withMethods: [])
+
     // The JavaScript WebAssembly.Table object of the given variant, i.e. FuncRef or ExternRef
     static let wasmTable = ILType.object(ofGroup: "WasmTable", withProperties: ["length"], withMethods: ["get", "grow", "set"])
 
@@ -1730,13 +1738,21 @@ public extension ObjectGroup {
         ]
     )
 
+    static let jsWebAssemblyGlobalConstructor = ObjectGroup(
+        name: "WebAssemblyGlobalConstructor",
+        instanceType: .jsWebAssemblyGlobalConstructor,
+        properties: [:],
+        methods: [:]
+    )
+
     static let jsWebAssembly = ObjectGroup(
         name: "WebAssembly",
         instanceType: nil,
         properties: [
             // TODO(mliedtke): Add properties like Global, Memory, ...
             "JSTag": .object(ofGroup: "WasmTag", withWasmType: WasmTagType([.wasmExternRef], isJSTag: true)),
             "Module": .jsWebAssemblyModuleConstructor,
+            "Global": .jsWebAssemblyGlobalConstructor,
         ],
         overloads: [
             "compile": wasmBufferTypes.map {
@@ -1760,12 +1776,12 @@ public extension ObjectGroup {
     /// ObjectGroup modelling JavaScript WebAssembly Global objects.
     static let jsWasmGlobal = ObjectGroup(
         name: "WasmGlobal",
-        instanceType: .object(ofGroup: "WasmGlobal", withProperties: ["value"]),
+        instanceType: .jsWasmGlobal,
         properties: [
             // TODO: Try using precise JS types based on the global's underlying valuetype (e.g. float for f32 and f64).
             "value" : .jsAnything
         ],
-        methods: [:]
+        methods: ["valueOf": [] => .jsAnything]
     )
 
     /// ObjectGroup modelling JavaScript WebAssembly Memory objects.
