[TypedFunctionReferences] Enable call_ref in fuzzer, and fix minor misc fuzz bugs (#3401)

* Count signatures in tuple locals.
* Count nested signature types (confirming @aheejin was right, that was missing).
* Inlining was using the wrong type.
* OptimizeInstructions should return -1 for unhandled types, not error.
* The fuzzer should check for ref types as well, not just typed function references,
  similar to what GC does.
* The fuzzer now creates a function if it has no other option for creating a constant
  expression of a function type, then does a ref.func of that.
* Handle unreachability in call_ref binary reading.
* S-expression parsing fixes in more places, and add a tiny fuzzer for it.
* Switch fuzzer test to just have the metrics, and not print all the fuzz output which
  changes a lot. Also fix noprint handling which only worked on binaries before.
* Fix Properties::getLiteral() to use the specific function type properly, and make
  Literal's function constructor require that, to prevent future bugs.
* Turn all input types into nullable types, for now.

1 files changed, 3 insertions, 0 deletions

diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h
index 37719d4d9..93c409797 100644
--- a/src/wasm-interpreter.h
+++ b/src/wasm-interpreter.h
@@ -2110,6 +2110,9 @@ private:
       if (target.breaking()) {
         return target;
       }
+      if (target.getSingleValue().isNull()) {
+        trap("null target in call_ref");
+      }
       Name funcName = target.getSingleValue().getFunc();
       auto* func = instance.wasm.getFunction(funcName);
       Flow ret;