[EH] Fuzzer: Fix infinite loop with nested exnrefs (#7294)

When we need an exnref value we may create a try-catch with a throw (so
when we catch it, we get an exnref). But if the exception tag contains an
exnref, then we will try to create another exnref in the throw, leading to
recursion (possibly infinite). To avoid this, just create a trivial tag with no
values when we just want a trivial value.

Author: kripken

src/tools/fuzzing.h

@@ -200,6 +200,9 @@ class TranslateToFuzzReader {
 
   Index numAddedFunctions = 0;
 
+  // The name of an empty tag.
+  Name trivialTag;
+
   // RAII helper for managing the state used to create a single function.
   struct FunctionCreationContext {
     TranslateToFuzzReader& parent;

src/tools/fuzzing/fuzzing.cpp

@@ -4830,10 +4830,28 @@ Expression* TranslateToFuzzReader::makeI31Get(Type type) {
 
 Expression* TranslateToFuzzReader::makeThrow(Type type) {
   assert(type == Type::unreachable);
-  if (wasm.tags.empty()) {
-    addTag();
+  Tag* tag;
+  if (trivialNesting) {
+    // We are nested under a makeTrivial call, so only emit something trivial.
+    // Get (or create) a trivial tag, so we have no operands (and will not call
+    // make(), below). Otherwise, we might recurse very deeply if we threw a
+    // tag that contains an exnref (for which we may end up creating yet another
+    // throw in a try).
+    if (!trivialTag) {
+      auto newTag = builder.makeTag(Names::getValidTagName(wasm, "tag$"),
+                                    Signature(Type::none, Type::none));
+      tag = wasm.addTag(std::move(newTag));
+      trivialTag = tag->name;
+    } else {
+      tag = wasm.getTag(trivialTag);
+    }
+  } else {
+    // Get a random tag, adding a random one if necessary.
+    if (wasm.tags.empty()) {
+      addTag();
+    }
+    tag = pick(wasm.tags).get();
   }
-  auto* tag = pick(wasm.tags).get();
   auto tagType = tag->params();
   std::vector<Expression*> operands;
   for (auto t : tagType) {