Audit fuzzing of wasm GC and support that wasm-smith might generate

[alexcrichton]

I wanted to file a tracking issue for support of fuzzing wasm-gc with wasm-smith. Currently this is enabled on OSS-Fuzz but I believe that wasm-smith is still lacking some somewhat major features for fuzzing the GC proposal. The purpose of this issue is to track various items we know we need to fuzz but haven't implemented yet.

• One thing I've just noticed when reading over wasm-smith is the support for constant expressions. Currently only a pretty small set of opcodes are generated and this additionally doesn't include opcodes such as any.convert_extern or extern.convert_any (a recent addition to the spec to clarify these are intended happened recently)
• I don't believe that wasm-smith has much support for non-nullable types given that they don't have a great default, but that also means that non-nullable types I don't think are fuzzed too much with wasm-smith.

[fitzgen]

Currently only a pretty small set of opcodes are generated and this additionally doesn't include opcodes such as any.convert_extern or extern.convert_any (a recent addition to the spec to clarify these are intended happened recently)

This should be pretty easy to address.

I don't believe that wasm-smith has much support for non-nullable types given that they don't have a great default, but that also means that non-nullable types I don't think are fuzzed too much with wasm-smith.

This is correct, but is a bit trickier to fix. We could potentially keep track of, for each type, whether a type is part of a non-nullable cycle or not, and avoid generating globals and what not of that type. And also add a code path to recursively create instances of a particular type in a top-down style. This is a bit of a heavy hammer, but I can't think of a better alternative off the top of my head.