Sync upstream/main (60 commits)

[alii]

Merges googleprojectzero/fuzzilli main (60 commits).

Main relevant change: profiles moved from Sources/FuzzilliCli/Profiles/ into Sources/Fuzzilli/Profiles/ (now part of the library). BunProfile.swift moved and import Fuzzilli dropped accordingly.

Other upstream highlights:

• New FuzzilliDetectMissingBuiltins tool
• Many new builtin registrations (Intl.DisplayNames, Intl.DurationFormat, Iterator.zip, WebAssembly errors, Error.stackTraceLimit, etc.)
• V8/wasm code generator improvements
• Smi-range magic numbers in integer generator

.github/workflows/swift.yml is reverted to our version (OAuth lacks workflow scope; upstream changes were just -v flags and apt update — trivial).

Includes the FFI fix from #6 as a parent commit — if #6 merges first this diff will only show the sync.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: ac641550-0bc4-44c7-9ed5-c724f5181de8

📥 Commits

Reviewing files that changed from the base of the PR and between 358c3b5 and a61ae38.

📒 Files selected for processing (4)

• Sources/Fuzzilli/Compiler/Compiler.swift
• Sources/Fuzzilli/Compiler/Parser/parser.js
• Sources/Fuzzilli/Profiles/BunProfile.swift
• Sources/Fuzzilli/Profiles/Profile.swift

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

---

Walkthrough

Adds WebAssembly GC reference-cast support, updates protobuf schemas for Wasm calls, broadens JavaScript environment and profiling API visibility, introduces a post-processor rejection path, improves lifter/compiler/generator support for non-identifier method keys and Intl.DisplayNames, adds tooling to detect missing builtins, and includes many tests and utilities updates.

Changes

Cohort / File(s)	Summary
WebAssembly Reference Casting Operations Sources/Fuzzilli/FuzzIL/WasmOperations.swift, Sources/Fuzzilli/FuzzIL/Opcodes.swift, Sources/Fuzzilli/CodeGen/WasmCodeGenerators.swift, Sources/Fuzzilli/CodeGen/CodeGeneratorWeights.swift	Added WasmRefCast Wasm operation and opcode case; added two code generators (WasmRefCastGenerator, WasmRefCastAbstractGenerator) and weights; updated array/struct element type generation to include abstract ref kinds.
Wasm Protobuf Schema Refactoring Sources/Fuzzilli/Protobuf/operations.proto, Sources/Fuzzilli/Protobuf/operations.pb.swift, Sources/Fuzzilli/Protobuf/program.proto, Sources/Fuzzilli/Protobuf/program.pb.swift	Changed WasmJsCall/WasmReturnCallDirect serialization to use parameterCount/outputCount ints instead of repeated type arrays; added WasmRefCast message and integrated it into Instruction oneof.
Wasm Typing, Lifting, and Instruction Handling Sources/Fuzzilli/FuzzIL/JSTyper.swift, Sources/Fuzzilli/FuzzIL/Instruction.swift, Sources/Fuzzilli/Lifting/FuzzILLifter.swift, Sources/Fuzzilli/Lifting/WasmLifter.swift	Adjusted typing/deserialization to new count-based call fields; added .wasmRefCast typing and lifting cases; updated wasm-js-call/ref-test/ref-cast encoding and import/signature lookup positions.
Program Builder Wasm and Intl Support Sources/Fuzzilli/Base/ProgramBuilder.swift	Added randomCustomPrivateMethodName(), wasmRefCast(...), Intl.DisplayNames helpers and fuzzIntlDisplayNamesOf(), expanded wasm struct/field generation, and changed createOptionsBag to accept predefined values.
Code Generators and Intl Sources/Fuzzilli/CodeGen/CodeGenerators.swift	Imported Foundation; extended BuiltinIntl selection to include Intl.DisplayNames constructors/fuzzers; fixed generators to call randomCustomPrivateMethodName for private methods.
Compiler and Parser Method Key Support Sources/Fuzzilli/Compiler/Compiler.swift, Sources/Fuzzilli/Compiler/Parser/parser.js	Supported numeric/string literal method keys in compiler emission (.index case) and parser (Identifier, NumericLiteral, StringLiteral keys) instead of asserting only Identifier.
JavaScript Lifter Member Access & Quoting Sources/Fuzzilli/Lifting/JavaScriptLifter.swift	Made environment non-optional; added quoteMethodDefinitionIfNeeded() and liftMemberAccess(); updated method definitions/calls/bind/super emissions to quote or bracket-index names when needed.
Logging and Error Types Sources/Fuzzilli/Base/Logging.swift, Sources/Fuzzilli/Util/Error.swift	Added Logger.defaultLogLevelWithoutFuzzer to gate stdout logging without an active fuzzer; introduced InternalError.postProcessRejection(String).
Post-Processor Mechanism & Engine Sources/Fuzzilli/Engines/FuzzingPostProcessor.swift, Sources/Fuzzilli/Engines/FuzzEngine.swift	Changed FuzzingPostProcessor.process to throws; updated FuzzEngine.execute to call post-processor with try/catch and to return failed(1) on InternalError.postProcessRejection.
Profiles: API Visibility & Cleanup Sources/Fuzzilli/Profiles/Profile.swift, Sources/Fuzzilli/Profiles/...	Made Profile and its members public and exported profiles; removed unused import Fuzzilli statements from many profile files.
V8 Profile Enhancements Sources/Fuzzilli/Profiles/V8CommonProfile.swift, Sources/Fuzzilli/Profiles/V8Profile.swift, Sources/Fuzzilli/Profiles/V8HoleFuzzingProfile.swift	Added Worker IL types/object groups, new generators (ForceOsrGenerator, HeapNumberGenerator) and program template (TurbofanTierUpNonInlinedCallFuzzer); updated V8 flag randomization and exported v8Profile; added ForceOsrGenerator to some profiles.
Dumpling & Sandbox Post-Processors Sources/Fuzzilli/Profiles/V8DumplingProfile.swift, Sources/Fuzzilli/Profiles/V8SandboxProfile.swift	Added DumplingFuzzingPostProcessor that rejects programs referencing "arguments"; refactored SandboxFuzzingPostProcessor to throws and to use traversal-based corruption helpers and new exported corruption functions.
JavaScript Environment Expansion Sources/Fuzzilli/Environment/JavaScriptEnvironment.swift	Major expansion of builtins/object-groups/enums and IL typing: added DisposableStack/AsyncDisposableStack/Atomics/Intl.DisplayNames/DurationFormat, re-enabled global URI functions, added custom private method names, identifier validation helpers, many prototype/constructor registrations, corrected many method return types and iterator/iterable modeling.
Executor & Output Handling Sources/Fuzzilli/Util/JavaScriptExecutor.swift	Added thread-safe OutputBuffer and readability handler to handle large stdout; made JavaScriptExecutor.Result properties and Outcome enum public.
Execution Failure Logging Sources/Fuzzilli/Execution/REPRL.swift	Improved failure logging to capture and append child process stderr/stdout when retries are exhausted.
Fuzzer/Internal Fixes Sources/Fuzzilli/Fuzzer.swift, Sources/Fuzzilli/Minimization/InstructionSimplifier.swift, Sources/Fuzzilli/Mutators/OperationMutator.swift	Fixed misspelled internal variable iterationOfLastInteratingSample → iterationOfLastInterestingSample; corrected destructuring rest-element index comparison; added .wasmRefCast to unhandled-op enumeration in mutator.
Protobuf Generated Changes Sources/Fuzzilli/Protobuf/operations.pb.swift, Sources/Fuzzilli/Protobuf/program.pb.swift	Updated generated Swift protobuf types for WasmJsCall/WasmReturnCallDirect to use counts; added Fuzzilli_Protobuf_WasmRefCast and integrated wasmRefCast into instruction oneof and runtime handlers.
FuzzIL Instruction Serialization Sources/Fuzzilli/FuzzIL/Instruction.swift, Sources/Fuzzilli/FuzzIL/JSTyper.swift	Updated protobuf conversion for wasmJsCall/wasmReturnCallDirect to use counts; added serialization/deserialization support for wasmRefCast and typing integration.
Lifter & Wasm Lifter Adjustments Sources/Fuzzilli/Lifting/FuzzILLifter.swift, Sources/Fuzzilli/Lifting/WasmLifter.swift	Adapted wasm js-call and return-call lifting to count-based forms; added encoding helper for reference-type immediates and added .wasmRefCast lowering with unified immediate encoding.
New Executable Tool Sources/FuzzilliDetectMissingBuiltins/main.swift, Package.swift	Added new executable FuzzilliDetectMissingBuiltins and target in Package manifest; new tool traverses engine globalThis to detect builtins missing from the environment model and reports missing/potentially broken entries.
Tests — Compiler / Lifter / Wasm / Minimizer / Executor Tests/FuzzilliTests/...	Numerous test updates: added lifter tests for weird member names, wasm ref.cast tests and splice adjustments, destructuring simplification test, Dumpling post-processor tests, JavaScriptExecutor large-output test, adjusted live/wasm test runner args and thresholds, removed legacy environment builtin enumeration test, and small expected-type updates in JSTyper tests.
Profiles — minor edits Sources/Fuzzilli/Profiles/BunProfile.swift	Added Bun.FFI = undefined; to Bun profile code prefix.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Sync upstream/main (60 commits)' accurately summarizes the PR's main objective of syncing with upstream.
Description check	✅ Passed	The description comprehensively details the PR's changes, including profile relocation, new tooling, builtin registrations, and upstream highlights.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}