[threads] Fix encoding of shared types

src/tools/fuzzing/fuzzing.cpp

@@ -2468,26 +2468,15 @@ Literal TranslateToFuzzReader::makeLiteral(Type type) {
 
 Expression* TranslateToFuzzReader::makeRefFuncConst(Type type) {
  auto heapType = type.getHeapType();
- if (heapType == HeapType::func) {
- // First set to target to the last created function, and try to select
- // among other existing function if possible.
- Function* target = funcContext ? funcContext->func : nullptr;
- // If there is no last function, and we have others, pick between them. Also
- // pick between them with some random probability even if there is a last
- // function.
- if (!wasm.functions.empty() && (!target || !oneIn(wasm.functions.size()))) {
- target = pick(wasm.functions).get();
- }
- if (target) {
+ if (heapType.isBasic()) {
+ assert(heapType.getBasic(Unshared) == HeapType::func);
+ // With high probability, use the last created function if possible.
+ // Otherwise, continue on to select some other function.
+ if (funcContext && !oneIn(4)) {
+ auto* target = funcContext->func;
  return builder.makeRefFunc(target->name, target->type);
  }
  }
- if (heapType == HeapType::func) {
- // From here on we need a specific signature type, as we want to create a
- // RefFunc or even a Function out of it. Pick an arbitrary one if we only
- // had generic 'func' here.
- heapType = Signature(Type::none, Type::none);
- }
  // Look for a proper function starting from a random location, and loop from
  // there, wrapping around to 0.
  if (!wasm.functions.empty()) {
@@ -2519,6 +2508,11 @@ Expression* TranslateToFuzzReader::makeRefFuncConst(Type type) {
  // here (we might end up recursing). Note that a trap in the function lets us
  // execute more code then the ref.as_non_null path just before us, which traps
  // even if we never call the function.
+ if (heapType.isBasic()) {
+ // We need a specific signature type to create a function. Pick an arbitrary
+ // signature if we only had generic 'func' here.
+ heapType = Signature(Type::none, Type::none);
+ }
  auto* body = heapType.getSignature().results == Type::none
  ? (Expression*)builder.makeNop()
  : (Expression*)builder.makeUnreachable();

src/wasm-binary.h

@@ -382,7 +382,7 @@ enum EncodedType {
  Array = -0x22, // 0x5e
  Sub = -0x30, // 0x50
  SubFinal = -0x31, // 0x4f
- Shared = -0x24, // 0x65
+ Shared = -0x1b, // 0x65
  // isorecursive recursion groups
  Rec = -0x32, // 0x4e
  // block_type

test/passes/translate-to-fuzz_all-features_metrics_noprint.txt

@@ -8,52 +8,54 @@ total
  [table-data] : 3 
  [tables] : 1 
  [tags] : 1 
- [total] : 750 
- [vars] : 30 
+ [total] : 846 
+ [vars] : 38 
  ArrayCopy : 1 
- ArrayGet : 2 
+ ArrayGet : 3 
  ArrayLen : 5 
  ArrayNew : 24 
  ArrayNewFixed : 1 
  ArraySet : 1 
  AtomicCmpxchg : 1 
  AtomicFence : 1 
+ AtomicNotify : 1 
  AtomicRMW : 1 
- Binary : 84 
- Block : 58 
- Break : 12 
+ Binary : 91 
+ Block : 75 
+ Break : 17 
  Call : 13 
- Const : 175 
- Drop : 2 
- GlobalGet : 45 
- GlobalSet : 20 
+ Const : 177 
+ Drop : 3 
+ GlobalGet : 50 
+ GlobalSet : 26 
  I31Get : 2 
- If : 21 
- Load : 20 
- LocalGet : 70 
- LocalSet : 46 
- Loop : 7  
+ If : 26 
+ Load : 23 
+ LocalGet : 79 
+ LocalSet : 56 
+ Loop : 10 
  MemoryCopy : 1 
- Nop : 11 
- Pop : 3 
- RefAs : 7  
+ Nop : 13 
+ Pop : 4 
+ RefAs : 16 
  RefEq : 1 
  RefFunc : 5 
- RefI31 : 7 
- RefIsNull : 3 
- RefNull : 19 
+ RefI31 : 5 
+ RefIsNull : 2 
+ RefNull : 23 
  RefTest : 3 
  Return : 2 
  SIMDTernary : 1 
- Select : 3 
- Store : 1 
- StringConst : 8 
+ Select : 4 
+ Store : 2 
+ StringConst : 6 
  StringEncode : 1 
  StringMeasure : 1 
  StringWTF16Get : 1 
  StructGet : 1 
- StructNew : 21 
- Try : 3 
+ StructNew : 14 
+ StructSet : 1 
+ Try : 4 
  TupleMake : 6 
- Unary : 19 
- Unreachable : 10 
+ Unary : 29 
+ Unreachable : 13