[Strings] Add the string heaptype to core fuzzer places (#6527)

With this we emit strings spontaneously (as opposed to just getting them from
initial contents).

The relevant -ttf test has been tweaked slightly to show the impact of this
change: now there are some string.new/const in the output.

4 files changed, 67 insertions, 62 deletions

diff --git a/scripts/fuzz_opt.py b/scripts/fuzz_opt.py
index 5a690d949..069db3dea 100755
--- a/scripts/fuzz_opt.py
+++ b/scripts/fuzz_opt.py
@@ -1680,7 +1680,8 @@ print('FEATURE_DISABLE_FLAGS:', FEATURE_DISABLE_FLAGS)
 # some features depend on other features, so if a required feature is
 # disabled, its dependent features need to be disabled as well.
 IMPLIED_FEATURE_OPTS = {
-    '--disable-reference-types': ['--disable-gc'],
+    '--disable-reference-types': ['--disable-gc', '--disable-strings'],
+    '--disable-gc': ['--disable-strings'],
 }
 
 print('''
diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp
index 9698c06eb..5760a26f1 100644
--- a/src/tools/fuzzing/fuzzing.cpp
+++ b/src/tools/fuzzing/fuzzing.cpp
@@ -2537,18 +2537,12 @@ Expression* TranslateToFuzzReader::makeBasicRef(Type type) {
       // Choose a subtype we can materialize a constant for. We cannot
       // materialize non-nullable refs to func or i31 in global contexts.
       Nullability nullability = getSubType(type.getNullability());
-      HeapType subtype;
-      switch (upTo(3)) {
-        case 0:
-          subtype = HeapType::i31;
-          break;
-        case 1:
-          subtype = HeapType::struct_;
-          break;
-        case 2:
-          subtype = HeapType::array;
-          break;
-      }
+      auto subtype = pick(FeatureOptions<HeapType>()
+                            .add(FeatureSet::ReferenceTypes | FeatureSet::GC,
+                                 HeapType::i31,
+                                 HeapType::struct_,
+                                 HeapType::array)
+                            .add(FeatureSet::Strings, HeapType::string));
       return makeConst(Type(subtype, nullability));
     }
     case HeapType::eq: {
@@ -3994,7 +3988,10 @@ Type TranslateToFuzzReader::getSingleConcreteType() {
                      Type(HeapType::struct_, Nullable),
                      Type(HeapType::struct_, NonNullable),
                      Type(HeapType::array, Nullable),
-                     Type(HeapType::array, NonNullable)));
+                     Type(HeapType::array, NonNullable))
+                .add(FeatureSet::Strings,
+                     Type(HeapType::string, Nullable),
+                     Type(HeapType::string, NonNullable)));
 }
 
 Type TranslateToFuzzReader::getReferenceType() {
@@ -4017,7 +4014,10 @@ Type TranslateToFuzzReader::getReferenceType() {
                      Type(HeapType::struct_, Nullable),
                      Type(HeapType::struct_, NonNullable),
                      Type(HeapType::array, Nullable),
-                     Type(HeapType::array, NonNullable)));
+                     Type(HeapType::array, NonNullable))
+                .add(FeatureSet::Strings,
+                     Type(HeapType::string, Nullable),
+                     Type(HeapType::string, NonNullable)));
 }
 
 Type TranslateToFuzzReader::getEqReferenceType() {
@@ -4137,12 +4137,15 @@ HeapType TranslateToFuzzReader::getSubType(HeapType type) {
       case HeapType::any:
         assert(wasm.features.hasReferenceTypes());
         assert(wasm.features.hasGC());
-        return pick(HeapType::any,
-                    HeapType::eq,
-                    HeapType::i31,
-                    HeapType::struct_,
-                    HeapType::array,
-                    HeapType::none);
+        return pick(FeatureOptions<HeapType>()
+                      .add(FeatureSet::GC,
+                           HeapType::any,
+                           HeapType::eq,
+                           HeapType::i31,
+                           HeapType::struct_,
+                           HeapType::array,
+                           HeapType::none)
+                      .add(FeatureSet::Strings, HeapType::string));
       case HeapType::eq:
         assert(wasm.features.hasReferenceTypes());
         assert(wasm.features.hasGC());
diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt
index 10194ca51..4b66206d6 100644
--- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt
+++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt
@@ -1,54 +1,54 @@
 total
- [exports]      : 5       
- [funcs]        : 8       
- [globals]      : 1       
+ [exports]      : 4       
+ [funcs]        : 5       
+ [globals]      : 14      
  [imports]      : 5       
  [memories]     : 1       
  [memory-data]  : 20      
  [table-data]   : 1       
  [tables]       : 1       
- [tags]         : 2       
- [total]        : 674     
- [vars]         : 41      
- ArrayCopy      : 1       
- ArrayGet       : 3       
- ArrayLen       : 4       
- ArrayNew       : 5       
+ [tags]         : 1       
+ [total]        : 710     
+ [vars]         : 35      
+ ArrayGet       : 1       
+ ArrayLen       : 1       
+ ArrayNew       : 16      
  ArrayNewFixed  : 1       
- ArraySet       : 1       
- AtomicFence    : 1       
- AtomicNotify   : 3       
  AtomicRMW      : 1       
- Binary         : 84      
- Block          : 75      
- Break          : 12      
- Call           : 21      
- Const          : 133     
- Drop           : 6       
- GlobalGet      : 24      
- GlobalSet      : 24      
- I31Get         : 3       
- If             : 21      
+ Binary         : 77      
+ Block          : 57      
+ Break          : 8       
+ Call           : 33      
+ Const          : 159     
+ Drop           : 7       
+ GlobalGet      : 17      
+ GlobalSet      : 14      
+ I31Get         : 2       
+ If             : 19      
  Load           : 22      
- LocalGet       : 65      
- LocalSet       : 50      
- Loop           : 6       
- Nop            : 4       
- Pop            : 7       
- RefAs          : 7       
+ LocalGet       : 66      
+ LocalSet       : 37      
+ Loop           : 3       
+ MemoryFill     : 1       
+ Nop            : 7       
+ Pop            : 4       
+ RefAs          : 14      
  RefCast        : 3       
- RefFunc        : 2       
- RefI31         : 7       
- RefIsNull      : 2       
- RefNull        : 11      
+ RefEq          : 1       
+ RefFunc        : 4       
+ RefI31         : 9       
+ RefIsNull      : 3       
+ RefNull        : 26      
  RefTest        : 2       
- Return         : 8       
- Select         : 3       
+ Return         : 9       
+ SIMDExtract    : 3       
+ StringConst    : 2       
+ StringNew      : 1       
  StructGet      : 1       
- StructNew      : 3       
- StructSet      : 2       
+ StructNew      : 27      
+ Throw          : 1       
  Try            : 5       
- TupleExtract   : 3       
- TupleMake      : 4       
- Unary          : 21      
- Unreachable    : 13      
+ TupleExtract   : 15      
+ TupleMake      : 9       
+ Unary          : 15      
+ Unreachable    : 7       
diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast
index ae1761899..3eae51db6 100644
--- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast
+++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.wast
@@ -7,6 +7,7 @@ h e r e
 d0
 0.753538467597066
 2.2339337309978227
+3.14159
 .................
 lorem ipsum whatever