[wasm][fuzzer] Emit the correct function index

Since we do not yet have canonicalization for types, when emitting
ref.func in the fuzzer, it is not enough to pick a function whose
signature is equivalent with the requested type; we have to pick a
function that is declared exactly with the requested signature index.

Bug: chromium:1296936
Change-Id: Ie307a9a370bb9ba2c8c334ddf05268ed9c7077d6
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3460411Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#79081}

test/fuzzer/wasm-compile.cc

@@ -907,19 +907,14 @@ class WasmGenerator {
         builder_->EmitU32V(index);
       }
     } else {
-      DCHECK(builder_->builder()->IsSignature(index));
-      int func_size = builder_->builder()->NumFunctions();
-      for (int i = 0; i < func_size; i++) {
-        WasmFunctionBuilder* func = builder_->builder()->GetFunction(i);
-        // TODO(11954): Choose a random function from among those matching the
-        // signature (consider function subtyping?).
-        if (*(func->signature()) ==
-            *(builder_->builder()->GetSignature(index))) {
-          builder_->EmitWithU32V(kExprRefFunc, func->func_index());
-          return true;
-        }
-      }
-      UNREACHABLE();
+      // Map the type index to a function index.
+      // TODO(11954. 7748): Once we have type canonicalization, choose a random
+      // function from among those matching the signature (consider function
+      // subtyping?).
+      uint32_t func_index = index - (num_arrays_ + num_structs_);
+      DCHECK_EQ(builder_->builder()->GetSignature(index),
+                builder_->builder()->GetFunction(func_index)->signature());
+      builder_->EmitWithU32V(kExprRefFunc, func_index);
     }
 
     return true;