[Wasm GC] externref/funcref validation errors on newer V8

[kripken]

The attached file can be run using the binaryen script, and it runs ok in V8 from 3 weeks ago (87b54ebabb18f944b3aae132e67edc32c59a8878) but fails on latest V8.

Old V8:

$ d8 scripts/fuzz_shell.js -- main-a.wasm 
scripts/fuzz_shell.js:178: CompileError: WebAssembly.Module(): type error in constant expression[0] (expected externref, got funcref) 

$ d8 --experimental-wasm-typed-funcref scripts/fuzz_shell.js -- main-a.wasm 
[fuzz-exec] calling func
[.. other execution results ..]

Note how the typed function refs flag is needed for us to validate. Here is new V8:

$ d8 scripts/fuzz_shell.js -- main-a.wasm
scripts/fuzz_shell.js:178: CompileError: WebAssembly.Module(): type error in constant expression[0] (expected externref, got funcref) 

$ d8 --experimental-wasm-typed-funcref scripts/fuzz_shell.js -- main-a.wasm
scripts/fuzz_shell.js:178: CompileError: WebAssembly.Module(): type error in constant expression[0] (expected externref, got (ref 2)) 

Even with the flag we no longer validate, but the error becomes more precise.

I'd open a V8 issue but I am guessing that this is a spec change that V8 did which Binaryen needs to do..? I recall some discussion of funcref typing changes on the spec repo, is this that perhaps? cc @tlively @jakobkummerow

Noticed by @ashleynh during fuzzing (until we resolve this, looks like we can only fuzz using older V8).

main-a.wasm.gz

[tlively]

I assume V8 was updated so that funcref <: externref is no longer true. I'll prioritize making that change in Binaryen, too.

[jakobkummerow]

I can confirm that we recently landed patches that abolished both funcref <: externref and anyref == externref.