Fuzzer: Emit fewer uninhabitable types in getSubType (#5563)

Only rarely return an uninhabitable subtype of an inhabitable one. This
avoids a major source of uninhabitability and immediate traps.

1 files changed, 9 insertions, 0 deletions

diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp
index 7d663641e..37f596b54 100644
--- a/src/tools/fuzzing/fuzzing.cpp
+++ b/src/tools/fuzzing/fuzzing.cpp
@@ -3333,6 +3333,15 @@ Type TranslateToFuzzReader::getSubType(Type type) {
   } else if (type.isRef()) {
     auto heapType = getSubType(type.getHeapType());
     auto nullability = getSubType(type.getNullability());
+    // We don't want to emit lots of uninhabitable types like (ref none), so
+    // avoid them with high probability. Specifically, if the original type was
+    // inhabitable then return that; avoid adding more uninhabitability.
+    auto uninhabitable = nullability == NonNullable && heapType.isBottom();
+    auto originalUninhabitable =
+      type.isNonNullable() && type.getHeapType().isBottom();
+    if (uninhabitable && !originalUninhabitable && !oneIn(20)) {
+      return type;
+    }
     return Type(heapType, nullability);
   } else {
     // This is an MVP type without subtypes.