threads: fuzz shared-everything-threads (bytecodealliance#1756)

* threads: fuzz `shared-everything-threads`

This adds initial support for fuzzing the WebAssembly side of the
shared-everything-threads [proposal]. Eventual addition of the CM
builtins will require extensions to this.

[proposal]: https://github.com/WebAssembly/shared-everything-threads

* Propagate shared function type into the code builder

* Avoid shared function bodies for now

Since it may take a while to implement all the "reverse validation" in
wasm-smith's instruction generator, this effectively cordons off that
bit of the fuzzer so that we can at least generate shared types in
modules. Later, once the instruction generator is smarter,  we will
remove this filter and start generating shared function bodies.

* Avoid shared const expressions for now

Like shared function bodies, this can be cordoned off until later.

* Allow `CodeBuilder::shared` to be unused for now

* Check sharedness in `arbitrary_super_type_of_heap_type`

* Actually filter `ref.func` const expressions

In 2a2ddd5, I tried to avoid `ref.func` expressions entirely for
shared types but unfortunately the other side could still occur: a
`ref.func` on an unshared table that generates a shared funcref. This
filters out the available types to match sharedness.

* review: move feature-flipping to `Config::sanitize`

* review: fuzz shared-everything at the same ratio as threads

* fix: disable shared-everything if reference types is disabled

* fix: disable shared-everything entirely for mutate fuzz target

* review: invisibly propagate sharedness

As @alexcrichton suggested, this holds a `must_share` flag on `Module`
and carefully sets it and unsets it using `propagate_shared`.

* fix: formatting

* review: revert `arbitrary_ref_type` changes

* review: add TODO to remove extra check

* review: use `arbitrary_shared` more

Author: abrown

crates/wasm-encoder/src/core/types.rs

@@ -293,6 +293,14 @@ impl RefType {
         },
     };
 
+    /// Create a new abstract reference type.
+    pub fn new_abstract(ty: AbstractHeapType, nullable: bool, shared: bool) -> Self {
+        Self {
+            nullable,
+            heap_type: HeapType::Abstract { shared, ty },
+        }
+    }
+
     /// Set the nullability of this reference type.
     pub fn nullable(mut self, nullable: bool) -> Self {
         self.nullable = nullable;

crates/wasm-smith/src/config.rs

@@ -551,17 +551,30 @@ define_config! {
         /// Defaults to `true`.
         pub relaxed_simd_enabled: bool = true,
 
-        /// Determines whether the nontrapping-float-to-int-conversions propsal
-        /// is enabled.
+        /// Determines whether the non-trapping float-to-int conversions
+        /// proposal is enabled.
         ///
         /// Defaults to `true`.
         pub saturating_float_to_int_enabled: bool = true,
 
-        /// Determines whether the sign-extension-ops propsal is enabled.
+        /// Determines whether the sign-extension-ops proposal is enabled.
         ///
         /// Defaults to `true`.
         pub sign_extension_ops_enabled: bool = true,
 
+        /// Determines whether the shared-everything-threads proposal is
+        /// enabled.
+        ///
+        /// The [shared-everything-threads] proposal, among other things,
+        /// extends `shared` attributes to all WebAssembly objects; it builds on
+        /// the [threads] proposal.
+        ///
+        /// [shared-everything-threads]: https://github.com/WebAssembly/shared-everything-threads
+        /// [threads]: https://github.com/WebAssembly/threads
+        ///
+        /// Defaults to `false`.
+        pub shared_everything_threads_enabled: bool = false,
+
         /// Determines whether the SIMD proposal is enabled for generating
         /// instructions.
         ///
@@ -754,6 +767,7 @@ impl<'a> Arbitrary<'a> for Config {
             memory64_enabled: false,
             custom_page_sizes_enabled: false,
             wide_arithmetic_enabled: false,
+            shared_everything_threads_enabled: false,
         };
         config.sanitize();
         Ok(config)
@@ -779,13 +793,20 @@ impl Config {
         if !self.reference_types_enabled {
             self.max_tables = self.max_tables.min(1);
             self.gc_enabled = false;
+            self.shared_everything_threads_enabled = false;
         }
 
         // If simd is disabled then disable all relaxed simd instructions as
         // well.
         if !self.simd_enabled {
             self.relaxed_simd_enabled = false;
         }
+
+        // It is impossible to use the shared-everything-threads proposal
+        // without threads, which it is built on.
+        if !self.threads_enabled {
+            self.shared_everything_threads_enabled = false;
+        }
     }
 
     /// Returns the set of features that are necessary for validating against
@@ -821,6 +842,10 @@ impl Config {
         features.set(WasmFeatures::FUNCTION_REFERENCES, self.gc_enabled);
         features.set(WasmFeatures::GC, self.gc_enabled);
         features.set(WasmFeatures::THREADS, self.threads_enabled);
+        features.set(
+            WasmFeatures::SHARED_EVERYTHING_THREADS,
+            self.shared_everything_threads_enabled,
+        );
         features.set(
             WasmFeatures::CUSTOM_PAGE_SIZES,
             self.custom_page_sizes_enabled,