From 271312d06760eb3b1d8de1206cc6d00e2cf30d42 Mon Sep 17 00:00:00 2001
From: Alon Zakai <azakai@google.com>
Date: Fri, 10 Mar 2023 13:02:10 -0800
Subject: Fuzzer: Emit fewer uninhabitable types in getSubType (#5563)

Only rarely return an uninhabitable subtype of an inhabitable one. This
avoids a major source of uninhabitability and immediate traps.
---
 src/tools/fuzzing/fuzzing.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/tools/fuzzing/fuzzing.cpp')

diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp
index 7d663641e..37f596b54 100644
--- a/src/tools/fuzzing/fuzzing.cpp
+++ b/src/tools/fuzzing/fuzzing.cpp
@@ -3333,6 +3333,15 @@ Type TranslateToFuzzReader::getSubType(Type type) {
   } else if (type.isRef()) {
     auto heapType = getSubType(type.getHeapType());
     auto nullability = getSubType(type.getNullability());
+    // We don't want to emit lots of uninhabitable types like (ref none), so
+    // avoid them with high probability. Specifically, if the original type was
+    // inhabitable then return that; avoid adding more uninhabitability.
+    auto uninhabitable = nullability == NonNullable && heapType.isBottom();
+    auto originalUninhabitable =
+      type.isNonNullable() && type.getHeapType().isBottom();
+    if (uninhabitable && !originalUninhabitable && !oneIn(20)) {
+      return type;
+    }
     return Type(heapType, nullability);
   } else {
     // This is an MVP type without subtypes.
-- 
cgit v1.2.3