[js, modules] implement namespaced imports and import defer

o- · v8-internal-scoped@luci-project-accounts.iam.gserviceaccount.com · commit 4e859135e5e3 · 2026-05-27T01:11:00.000-07:00
Support for "import * as ns" import syntax, including the deferred import variant. Other imports (named, default, etc.) are future work. https://github.com/tc39/proposal-defer-import-eval Bug: 398218423 Change-Id: If0e691054f0668cd4eed2bbdc9532b0c520fec4a Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9313400 Reviewed-by: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Olivier Flückiger <olivf@google.com>
diff --git a/Sources/Fuzzilli/Base/ProgramBuilder.swift b/Sources/Fuzzilli/Base/ProgramBuilder.swift
@@ -4336,6 +4336,12 @@ public class ProgramBuilder {
         }
     }
 
+    public func generateNamespaceImport() {
+        if let module = randomVariable(ofType: .jsModule()) {
+            importNamespace(module: module, isDeferred: probability(0.5))
+        }
+    }
+
     public func exportVariables(variables: [Variable], exportNames: [String]) {
         assert(variables.count == exportNames.count)
         emit(ExportVariables(exportNames: exportNames), withInputs: variables)
@@ -4345,6 +4351,11 @@ public class ProgramBuilder {
         return emit(ImportVariables(importNames: importNames), withInputs: [module])
     }
 
+    @discardableResult
+    public func importNamespace(module: Variable, isDeferred: Bool) -> Instruction {
+        return emit(ImportNamespace(isDeferred: isDeferred), withInputs: [module])
+    }
+
     public func blockBreak(_ label: Variable) {
         emit(BlockBreak(), withInputs: [label], types: [.jsBlockLabel])
     }
diff --git a/Sources/Fuzzilli/CodeGen/CodeGenerator.swift b/Sources/Fuzzilli/CodeGen/CodeGenerator.swift
@@ -283,6 +283,15 @@ public class GeneratorStub: Contributor {
                 }
             }
         }
+
+        public func contains(_ context: Context) -> Bool {
+            switch self {
+            case .single(let ctx):
+                return ctx.contains(context)
+            case .either(let ctxs):
+                return ctxs.contains(where: { $0.contains(context) })
+            }
+        }
     }
 
     /// The contexts in which this code generator can run.
diff --git a/Sources/Fuzzilli/CodeGen/CodeGeneratorWeights.swift b/Sources/Fuzzilli/CodeGen/CodeGeneratorWeights.swift
@@ -248,6 +248,7 @@ public let codeGeneratorWeights = [
     "BundleModuleGenerator":                    5,
     "BundleModuleEntryPointGenerator":          5,
     "ModuleImportGenerator":                    20,
+    "ModuleNamespaceImportGenerator":           10,
     "ModuleExportGenerator":                    20,
 
     //
diff --git a/Sources/Fuzzilli/CodeGen/CodeGenerators.swift b/Sources/Fuzzilli/CodeGen/CodeGenerators.swift
@@ -3615,11 +3615,14 @@ public let CodeGenerators: [CodeGenerator] = [
         // TODO(marja): Add more complex imports:
         // - Importing the default export
         // - Non-named exports (import {v1})
-        // - Importing and creating a Module object
         // - Dynamic imports (also in scripts)
         b.generateImport()
     },
 
+    CodeGenerator("ModuleNamespaceImportGenerator", inContext: .single(.moduleTopLevel)) { b in
+        b.generateNamespaceImport()
+    },
+
     CodeGenerator("ModuleExportGenerator", inContext: .single(.moduleTopLevel)) { b in
         // TODO(marja): Add more complex exports:
         // - Default exports
diff --git a/Sources/Fuzzilli/FuzzIL/Instruction.swift b/Sources/Fuzzilli/FuzzIL/Instruction.swift
@@ -1254,6 +1254,10 @@ extension Instruction: ProtobufConvertible {
                 $0.importVariables = Fuzzilli_Protobuf_ImportVariables.with {
                     $0.importNames = op.importNames
                 }
+            case .importNamespace(let op):
+                $0.importNamespace = Fuzzilli_Protobuf_ImportNamespace.with {
+                    $0.isDeferred = op.isDeferred
+                }
             case .print(_):
                 fatalError("Print operations should not be serialized")
             case .createMap(let op):
@@ -2521,6 +2525,8 @@ extension Instruction: ProtobufConvertible {
             op = ExportVariables(exportNames: p.exportNames)
         case .importVariables(let p):
             op = ImportVariables(importNames: p.importNames)
+        case .importNamespace(let p):
+            op = ImportNamespace(isDeferred: p.isDeferred)
         case .loadNewTarget:
             op = LoadNewTarget()
         case .nop:
diff --git a/Sources/Fuzzilli/FuzzIL/JSTyper.swift b/Sources/Fuzzilli/FuzzIL/JSTyper.swift
@@ -2129,6 +2129,15 @@ public struct JSTyper: Analyzer {
                 set(output, exportedType)
             }
 
+        case .importNamespace(_):
+            let moduleType = type(ofInput: 0)
+            let groupName = "_fuzz_Namespace\(instr.index)"
+            let objectGroup = ObjectGroup(
+                name: groupName, instanceType: nil, properties: moduleType.exports, overloads: [:]
+            )
+            dynamicObjectGroupManager.finalizedObjectGroups.append(objectGroup)
+            set(instr.output, objectGroup.instanceType)
+
         case .ternaryOperation:
             let outputType = type(ofInput: 1) | type(ofInput: 2)
             set(instr.output, outputType)
diff --git a/Sources/Fuzzilli/FuzzIL/JsOperations.swift b/Sources/Fuzzilli/FuzzIL/JsOperations.swift
@@ -3133,6 +3133,18 @@ final class ImportVariables: JsOperation {
     }
 }
 
+final class ImportNamespace: JsOperation {
+    override var opcode: Opcode { .importNamespace(self) }
+    let isDeferred: Bool
+
+    init(isDeferred: Bool) {
+        self.isDeferred = isDeferred
+        super.init(
+            numInputs: 1, numOutputs: 1, attributes: [.isNotInputMutable],
+            requiredContext: .moduleTopLevel)
+    }
+}
+
 final class BeginBundleModuleEntryPoint: JsOperation {
     override var opcode: Opcode { .beginBundleModuleEntryPoint(self) }
 
diff --git a/Sources/Fuzzilli/FuzzIL/Opcodes.swift b/Sources/Fuzzilli/FuzzIL/Opcodes.swift
@@ -385,4 +385,5 @@ enum Opcode {
     case beginWorkerFunction(BeginWorkerFunction)
     case endWorkerFunction(EndWorkerFunction)
     case wasmBranchOnCast(WasmBranchOnCast)
+    case importNamespace(ImportNamespace)
 }
diff --git a/Sources/Fuzzilli/FuzzIL/TypeSystem.swift b/Sources/Fuzzilli/FuzzIL/TypeSystem.swift
@@ -106,6 +106,7 @@ public struct ILType: Hashable {
     public static let dynamicObjectGroupPrefixes = [
         "_fuzz_Object", "_fuzz_WasmModule", "_fuzz_WasmExports", "_fuzz_Class",
         "_fuzz_Constructor", "_fuzz_RawWasmExports", "_fuzz_RawWasmModule",
+        "_fuzz_Namespace",
     ]
 
     //
diff --git a/Sources/Fuzzilli/Lifting/FuzzILLifter.swift b/Sources/Fuzzilli/Lifting/FuzzILLifter.swift
@@ -893,6 +893,10 @@ public class FuzzILLifter: Lifter {
             let names = op.importNames.joined(separator: ", ")
             w.emit("\(outputs) <- ImportVariables \(input(0)), [\(names)]")
 
+        case .importNamespace(let op):
+            let deferKeyword = op.isDeferred ? "defer " : ""
+            w.emit("\(output()) <- ImportNamespace \(deferKeyword)\(input(0))")
+
         case .loadNewTarget:
             w.emit("\(output()) <- LoadNewTarget")
 
diff --git a/Sources/Fuzzilli/Lifting/JavaScriptLifter.swift b/Sources/Fuzzilli/Lifting/JavaScriptLifter.swift
@@ -1676,6 +1676,12 @@ public class JavaScriptLifter: Lifter {
                 let moduleName = moduleNames[instr.input(0)]!
                 w.emit("import { \(specsStr) } from \"\(moduleName)\";")
 
+            case .importNamespace(let op):
+                let output = w.declare(instr.output)
+                let moduleName = moduleNames[instr.input(0)]!
+                let deferKeyword = op.isDeferred ? "defer " : ""
+                w.emit("import \(deferKeyword)* as \(output) from \"\(moduleName)\";")
+
             case .loadNewTarget:
                 w.assign(Identifier.new("new.target"), to: instr.output)
 
diff --git a/Sources/Fuzzilli/Mutators/OperationMutator.swift b/Sources/Fuzzilli/Mutators/OperationMutator.swift
@@ -639,6 +639,8 @@ public class OperationMutator: BaseInstructionMutator {
             names.append(exports.randomElement()!)
             newOp = ImportVariables(importNames: names)
             inouts.append(b.nextVariable())
+        case .importNamespace(let op):
+            newOp = ImportNamespace(isDeferred: !op.isDeferred)
         // Unexpected operations to make the switch fully exhaustive.
         case .nop(_),
             .loadUndefined(_),
diff --git a/Sources/Fuzzilli/Protobuf/operations.pb.swift b/Sources/Fuzzilli/Protobuf/operations.pb.swift
@@ -6403,6 +6403,18 @@ public struct Fuzzilli_Protobuf_ImportVariables: Sendable {
   public init() {}
 }
 
+public struct Fuzzilli_Protobuf_ImportNamespace: Sendable {
+  // SwiftProtobuf.Message conformance is added in an extension below. See the
+  // `Message` and `Message+*Additions` files in the SwiftProtobuf library for
+  // methods supported on all messages.
+
+  public var isDeferred: Bool = false
+
+  public var unknownFields = SwiftProtobuf.UnknownStorage()
+
+  public init() {}
+}
+
 public struct Fuzzilli_Protobuf_BeginBundleModuleEntryPoint: Sendable {
   // SwiftProtobuf.Message conformance is added in an extension below. See the
   // `Message` and `Message+*Additions` files in the SwiftProtobuf library for
@@ -16573,6 +16585,36 @@ extension Fuzzilli_Protobuf_ImportVariables: SwiftProtobuf.Message, SwiftProtobu
   }
 }
 
+extension Fuzzilli_Protobuf_ImportNamespace: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding {
+  public static let protoMessageName: String = _protobuf_package + ".ImportNamespace"
+  public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}isDeferred\0")
+
+  public mutating func decodeMessage<D: SwiftProtobuf.Decoder>(decoder: inout D) throws {
+    while let fieldNumber = try decoder.nextFieldNumber() {
+      // The use of inline closures is to circumvent an issue where the compiler
+      // allocates stack space for every case branch when no optimizations are
+      // enabled. https://github.com/apple/swift-protobuf/issues/1034
+      switch fieldNumber {
+      case 1: try { try decoder.decodeSingularBoolField(value: &self.isDeferred) }()
+      default: break
+      }
+    }
+  }
+
+  public func traverse<V: SwiftProtobuf.Visitor>(visitor: inout V) throws {
+    if self.isDeferred != false {
+      try visitor.visitSingularBoolField(value: self.isDeferred, fieldNumber: 1)
+    }
+    try unknownFields.traverse(visitor: &visitor)
+  }
+
+  public static func ==(lhs: Fuzzilli_Protobuf_ImportNamespace, rhs: Fuzzilli_Protobuf_ImportNamespace) -> Bool {
+    if lhs.isDeferred != rhs.isDeferred {return false}
+    if lhs.unknownFields != rhs.unknownFields {return false}
+    return true
+  }
+}
+
 extension Fuzzilli_Protobuf_BeginBundleModuleEntryPoint: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding {
   public static let protoMessageName: String = _protobuf_package + ".BeginBundleModuleEntryPoint"
   public static let _protobuf_nameMap = SwiftProtobuf._NameMap()
diff --git a/Sources/Fuzzilli/Protobuf/operations.proto b/Sources/Fuzzilli/Protobuf/operations.proto
@@ -1768,6 +1768,10 @@ message ImportVariables {
     repeated string importNames = 1;
 }
 
+message ImportNamespace {
+    bool isDeferred = 1;
+}
+
 message BeginBundleModuleEntryPoint {
 }
 
diff --git a/Sources/Fuzzilli/Protobuf/program.pb.swift b/Sources/Fuzzilli/Protobuf/program.pb.swift
diff --git a/Sources/Fuzzilli/Protobuf/program.proto b/Sources/Fuzzilli/Protobuf/program.proto
@@ -381,6 +381,7 @@ message Instruction {
         BeginWorkerFunction beginWorkerFunction = 355;
         EndWorkerFunction endWorkerFunction = 356;
         WasmBranchOnCast wasmBranchOnCast = 357;
+        ImportNamespace importNamespace = 358;
     }
 }
 
diff --git a/Tests/FuzzilliTests/JSTyperTests.swift b/Tests/FuzzilliTests/JSTyperTests.swift
@@ -2425,4 +2425,29 @@ class JSTyperTests: XCTestCase {
         let module = b.endBundleModule()
         XCTAssertEqual(b.type(of: module), .jsModule(exports: ["foo": .integer]))
     }
+
+    func testImportNamespaceTyping() {
+        let config = Configuration(logLevel: .error, generateBundle: true)
+        let fuzzer = makeMockFuzzer(config: config)
+        let b = fuzzer.makeBuilder()
+
+        b.beginBundleModule(name: "myModule")
+        let v1 = b.loadInt(42)
+        let v2 = b.loadString("abc")
+        b.exportVariables(variables: [v1, v2], exportNames: ["foo", "bar"])
+        let module = b.endBundleModule()
+
+        b.beginBundleModuleEntryPoint()
+        let ns = b.importNamespace(module: module, isDeferred: true).output
+        XCTAssertEqual(
+            b.type(of: ns),
+            .object(ofGroup: "_fuzz_Namespace6", withProperties: ["foo", "bar"]))
+
+        let retrievedFoo = b.getProperty("foo", of: ns)
+        XCTAssertEqual(b.type(of: retrievedFoo), .integer)
+
+        let retrievedBar = b.getProperty("bar", of: ns)
+        XCTAssertEqual(b.type(of: retrievedBar), .jsString)
+        b.endBundleModuleEntryPoint()
+    }
 }
diff --git a/Tests/FuzzilliTests/LifterTest.swift b/Tests/FuzzilliTests/LifterTest.swift
@@ -4871,4 +4871,35 @@ class LifterTests: XCTestCase {
 
         XCTAssertEqual(actual, expected)
     }
+
+    func testImportNamespaceLifting() {
+        let config = Configuration(generateBundle: true)
+        let fuzzer = makeMockFuzzer(config: config)
+        let b = fuzzer.makeBuilder()
+
+        b.beginBundleModule(name: "deferMod.mjs")
+        let v1 = b.loadInt(1337)
+        b.exportVariables(variables: [v1], exportNames: ["value"])
+        let moduleVariable = b.endBundleModule()
+
+        b.beginBundleModuleEntryPoint()
+        let ns = b.importNamespace(module: moduleVariable, isDeferred: true).output
+        b.getProperty("value", of: ns)
+        b.endBundleModuleEntryPoint()
+
+        let program = b.finalize()
+        let actual = fuzzer.lifter.lift(program)
+
+        let expected = """
+            // JS_BUNDLE_MODULE:deferMod.mjs
+            const v0 = 1337;
+            export { v0 as value };
+            // JS_BUNDLE_MODULE_ENTRYPOINT
+            import defer * as v2 from "deferMod.mjs";
+            v2.value;
+
+            """
+
+        XCTAssertEqual(actual, expected)
+    }
 }
diff --git a/Tests/FuzzilliTests/ProgramBuilderTest.swift b/Tests/FuzzilliTests/ProgramBuilderTest.swift
@@ -3346,11 +3346,8 @@ class ProgramBuilderTests: XCTestCase {
             let b = fuzzer.makeBuilder()
             b.buildPrefix()
 
-            if generator.name == "BundleScriptGenerator"
-                || generator.name == "BundleModuleGenerator"
-                || generator.name == "BundleModuleEntryPointGenerator"
-                || generator.name == "ModuleImportGenerator"
-                || generator.name == "ModuleExportGenerator"
+            if generator.requiredContext.contains(.bundle)
+                || generator.requiredContext.contains(.moduleTopLevel)
             {
                 // Only buildable in the "bundle" configuration.
                 continue

Original file line number	Diff line number	Diff line change
`@@ -4336,6 +4336,12 @@ public class ProgramBuilder {`
`4336`	`4336`	`}`
`4337`	`4337`	`}`
`4338`	`4338`
	`4339`	`+ public func generateNamespaceImport() {`
	`4340`	`+ if let module = randomVariable(ofType: .jsModule()) {`
	`4341`	`+ importNamespace(module: module, isDeferred: probability(0.5))`
	`4342`	`+ }`
	`4343`	`+ }`
	`4344`	`+`
`4339`	`4345`	`public func exportVariables(variables: [Variable], exportNames: [String]) {`
`4340`	`4346`	`assert(variables.count == exportNames.count)`
`4341`	`4347`	`emit(ExportVariables(exportNames: exportNames), withInputs: variables)`
`@@ -4345,6 +4351,11 @@ public class ProgramBuilder {`
`4345`	`4351`	`return emit(ImportVariables(importNames: importNames), withInputs: [module])`
`4346`	`4352`	`}`
`4347`	`4353`
	`4354`	`+ @discardableResult`
	`4355`	`+ public func importNamespace(module: Variable, isDeferred: Bool) -> Instruction {`
	`4356`	`+ return emit(ImportNamespace(isDeferred: isDeferred), withInputs: [module])`
	`4357`	`+ }`
	`4358`	`+`
`4348`	`4359`	`public func blockBreak(_ label: Variable) {`
`4349`	`4360`	`emit(BlockBreak(), withInputs: [label], types: [.jsBlockLabel])`
`4350`	`4361`	`}`
Original file line number	Diff line number	Diff line change
`@@ -283,6 +283,15 @@ public class GeneratorStub: Contributor {`
`283`	`283`	`}`
`284`	`284`	`}`
`285`	`285`	`}`
	`286`	`+`
	`287`	`+ public func contains(_ context: Context) -> Bool {`
	`288`	`+ switch self {`
	`289`	`+ case .single(let ctx):`
	`290`	`+ return ctx.contains(context)`
	`291`	`+ case .either(let ctxs):`
	`292`	`+ return ctxs.contains(where: { $0.contains(context) })`
	`293`	`+ }`
	`294`	`+ }`
`286`	`295`	`}`
`287`	`296`
`288`	`297`	`/// The contexts in which this code generator can run.`
Original file line number	Diff line number	Diff line change
`@@ -385,4 +385,5 @@ enum Opcode {`
`385`	`385`	`case beginWorkerFunction(BeginWorkerFunction)`
`386`	`386`	`case endWorkerFunction(EndWorkerFunction)`
`387`	`387`	`case wasmBranchOnCast(WasmBranchOnCast)`
	`388`	`+ case importNamespace(ImportNamespace)`
`388`	`389`	`}`
Original file line number	Diff line number	Diff line change
`@@ -106,6 +106,7 @@ public struct ILType: Hashable {`
`106`	`106`	`public static let dynamicObjectGroupPrefixes = [`
`107`	`107`	`"_fuzz_Object", "_fuzz_WasmModule", "_fuzz_WasmExports", "_fuzz_Class",`
`108`	`108`	`"_fuzz_Constructor", "_fuzz_RawWasmExports", "_fuzz_RawWasmModule",`
	`109`	`+ "_fuzz_Namespace",`
`109`	`110`	`]`
`110`	`111`
`111`	`112`	`//`