Fix fuzzer's choosing of reference types (#4642)

*    Don't emit "i31" or "data" if GC is not enabled, as only the GC feature adds those.
*    Don't emit "any" without GC either. While it is allowed, fuzzer limitations prevent
     this atm (see details in comment - it's fixable).

2 files changed, 55 insertions, 39 deletions

diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp
index 8721753a1..36dc5dcb1 100644
--- a/src/tools/fuzzing/fuzzing.cpp
+++ b/src/tools/fuzzing/fuzzing.cpp
@@ -1919,7 +1919,12 @@ Expression* TranslateToFuzzReader::makeConst(Type type) {
           Nullability nullability = getSubType(type.getNullability());
           HeapType subtype;
           if (funcContext || nullability == Nullable) {
-            subtype = pick(HeapType::func, HeapType::i31, HeapType::data);
+            subtype = pick(FeatureOptions<HeapType>()
+                             .add(FeatureSet::ReferenceTypes, HeapType::func)
+                             .add(FeatureSet::ReferenceTypes | FeatureSet::GC,
+                                  HeapType::func,
+                                  HeapType::i31,
+                                  HeapType::data));
           } else {
             subtype = HeapType::data;
           }
@@ -2914,7 +2919,9 @@ Type TranslateToFuzzReader::getSingleConcreteType() {
 
 Type TranslateToFuzzReader::getReferenceType() {
   return pick(FeatureOptions<Type>()
-                .add(FeatureSet::ReferenceTypes, Type::funcref, Type::anyref)
+                // Avoid Type::anyref without GC enabled, see
+                // TranslateToFuzzReader::getSingleConcreteType.
+                .add(FeatureSet::ReferenceTypes, Type::funcref)
                 .add(FeatureSet::ReferenceTypes | FeatureSet::GC,
                      Type(HeapType::func, NonNullable),
                      Type(HeapType::any, NonNullable),
@@ -3001,11 +3008,15 @@ HeapType TranslateToFuzzReader::getSubType(HeapType type) {
         return HeapType::func;
       case HeapType::any:
         // TODO: nontrivial types as well.
-        return pick(HeapType::func,
-                    HeapType::any,
-                    HeapType::eq,
-                    HeapType::i31,
-                    HeapType::data);
+        return pick(
+          FeatureOptions<HeapType>()
+            .add(FeatureSet::ReferenceTypes, HeapType::func, HeapType::any)
+            .add(FeatureSet::ReferenceTypes | FeatureSet::GC,
+                 HeapType::func,
+                 HeapType::any,
+                 HeapType::eq,
+                 HeapType::i31,
+                 HeapType::data));
       case HeapType::eq:
         // TODO: nontrivial types as well.
         return pick(HeapType::eq, HeapType::i31, HeapType::data);
diff --git a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt
index f264b4e63..15f0a9ac4 100644
--- a/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt
+++ b/test/passes/translate-to-fuzz_all-features_metrics_noprint.txt
@@ -1,43 +1,48 @@
 total
- [exports]      : 3       
- [funcs]        : 3       
+ [exports]      : 4       
+ [funcs]        : 5       
  [globals]      : 6       
  [imports]      : 5       
  [memory-data]  : 22      
  [table-data]   : 0       
  [tables]       : 1       
  [tags]         : 1       
- [total]        : 813     
- [vars]         : 2       
- ArrayInit      : 1       
+ [total]        : 810     
+ [vars]         : 9       
+ ArrayInit      : 6       
+ AtomicCmpxchg  : 2       
  AtomicFence    : 2       
- Binary         : 96      
- Block          : 104     
- Break          : 25      
- Call           : 25      
- CallRef        : 4       
- Const          : 173     
- Drop           : 1       
- GlobalGet      : 54      
- GlobalSet      : 28      
- I31New         : 4       
- If             : 38      
- Load           : 23      
- LocalGet       : 56      
- LocalSet       : 39      
- Loop           : 24      
+ AtomicNotify   : 4       
+ AtomicRMW      : 1       
+ Binary         : 94      
+ Block          : 93      
+ Break          : 29      
+ Call           : 34      
+ CallRef        : 2       
+ Const          : 143     
+ DataDrop       : 1       
+ Drop           : 4       
+ GlobalGet      : 49      
+ GlobalSet      : 25      
+ I31Get         : 1       
+ I31New         : 15      
+ If             : 30      
+ Load           : 24      
+ LocalGet       : 69      
+ LocalSet       : 36      
+ Loop           : 19      
  MemoryFill     : 1       
- MemoryInit     : 1       
- Nop            : 8       
- RefEq          : 1       
- RefFunc        : 6       
- RefIs          : 3       
- RefNull        : 2       
- Return         : 26      
+ Nop            : 10      
+ RefEq          : 2       
+ RefFunc        : 7       
+ RefIs          : 7       
+ RefNull        : 4       
+ Return         : 27      
  SIMDExtract    : 6       
- Select         : 2       
- Store          : 5       
- StructNew      : 2       
- TupleExtract   : 5       
- TupleMake      : 5       
+ SIMDShuffle    : 1       
+ Select         : 3       
+ Store          : 1       
+ StructNew      : 4       
+ TupleExtract   : 4       
+ TupleMake      : 7       
  Unary          : 43