[jsfunfuzz] Make testMathyFunction call itself or turn it recursive

[nth10sd]

testMathyFunction:

• Present in lots of unreduced fuzzing testcases
  • Esp. if they involve Math.* functions
• Is also effective at finding range boundary or other JIT issues

Potential improvement:

• Make testMathyFunction call itself, or turn it recursive.
  • This could be in makeMathyFunAndTest or otherwise

Sidenote:

• gen-math.js is more of its own thing. It creates its own function with lots of Math in them and returns the result, operates on 2 arguments, and there are 2 or 3 ways to call the function.
• Generally used by compareJIT, a list of interesting inputs is generated, the results are hashed and then compared. gen-grammar.js also gets to call gen-math.js .

[twahlfeld]

I have made testMathyFunction recursive. While profiling we noticed that for each average case loop went from 10s to a range of 10-100 (our timeout). However within minutes we find bugs related to 1357149. Is it worth the dramatic increase and variation in each test case?

[nth10sd]

Hmmm, I don't think so, especially since unhandlable ooms like bug 1357149 might be intended. (Let's wait for Jon Coppeard to comment there first). This was an idea, not sure how practical it is. Might you create a PR and we'll see what happens next?