fuzzgen: Add scalar float support

[afonso360]

👋 Hey,

This PR adds support for generating floats in fuzzgen and adds a bunch of instructions.

I think we have all the float ops, except bit ops that operate on floats.

So far this has found #4446 and #4460. We can merge this before #4460 but it will probably start crashing in oss-fuzz.

cc: @jameysharp

[jameysharp]

I think this looks great and I'm excited to get more fuzzing for Cranelift!

I saw one copy-paste bug and sort of expect I might have missed some, because having a separate function for each arity leaves a lot of opportunities for this kind of bug. I don't mind merging this with just the one bug fixed, but if you're willing to take a little time to see if you can refactor that, that would be cool.

I'm trying to decide whether to wait on #4460 before merging this. I don't know how long that will take to get reviewed. If you're currently only seeing bugs in the Fma opcode, how would you feel about commenting out that opcode in this patch? Then there's no question, I'm happy to merge it immediately.

[afonso360]

If you're currently only seeing bugs in the Fma opcode, how would you feel about commenting out that opcode in this patch? Then there's no question, I'm happy to merge it immediately.

Sure, sounds good. I've commented it out and left a link on it.

[jameysharp]

This looks great, thank you!

[jameysharp]

Fantastic! We're hitting CI hard today so this probably won't get a chance for the CI checks to run for a while, but I'm setting it to auto-merge once that passes. Thanks for your efforts on this!

I think I understand why fuzzing didn't catch the misuse of ListPool: since you created a new pool, all the values in your ValueLists had small indexes (0..3) into the pool, and it's not so surprising that those were valid indexes into the DFG's pool as well. Or something like that.

[alexcrichton]

Apologies for the CI breakage, but things should be fixed with a rebase.