Add ManyArgumentsCall CodeGenerator

Calling apply() with an array like this generator does will create a
function call with as many arguments as the size of the array.
It is meant to cover the discrepencies in max argument counts between
turboshaft and maglev.

Bug: b/455503442
Change-Id: Ia605368687970369e168796273486d75de4cc811
Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8839116
Reviewed-by: Matthias Liedtke <mliedtke@google.com>
Commit-Queue: Hendrik Wüthrich <whendrik@google.com>

Author: whendrik-cmd

Sources/Fuzzilli/CodeGen/CodeGeneratorWeights.swift

@@ -129,6 +129,7 @@ public let codeGeneratorWeights = [
     "ComputedPropertyConfigurationGenerator":   10,
     "FunctionCallGenerator":                    30,
     "FunctionCallWithSpreadGenerator":          3,
+    "ManyArgumentsCall":                        3,
     "ConstructorCallGenerator":                 20,
     "ConstructorCallWithSpreadGenerator":       3,
     "MethodCallGenerator":                      30,

Sources/Fuzzilli/CodeGen/CodeGenerators.swift

@@ -1846,6 +1846,25 @@ public let CodeGenerators: [CodeGenerator] = [
             f, withArgs: arguments, spreading: spreads, guard: needGuard)
     },
 
+
+    CodeGenerator("ManyArgumentsCall", inputs: .preferred(.function())) { b, f in
+        // These sizes are around the max arguments for maglev (2^16 - 10)
+        // and turboshaft (2^16).
+        let sizes: [Int64] = [65524, 65525, 65526, 65534, 65535, 65536]
+        let size = b.loadInt(chooseUniform(from: sizes))
+        let constructor = b.createNamedVariable(forBuiltin: "Array")
+        let largeArray = b.construct(constructor, withArgs: [size])
+
+        let needGuard = b.type(of: f).MayNotBe(.function())
+
+        if probability(0.5) {
+            let receiver = probability(0.5) ? b.loadNull() : b.randomVariable(forUseAs: .object())
+            b.callMethod("apply", on: f, withArgs: [receiver, largeArray], guard: needGuard)
+        } else {
+            b.callFunction(f, withArgs: [largeArray], spreading: [true], guard: needGuard)
+        }
+    },
+
     CodeGenerator(
         "ConstructorCallWithSpreadGenerator", inputs: .preferred(.constructor())
     ) { b, c in