This fuzzer creates random, possibly invalid, JavaScript function bodies.  It tests compilation, execution, and decompilation.

It does this using recursion, thinking loosely in terms of "statements", "expressions", "lvalues", "literals", etc.

It's almost a context-free grammar fuzzer... |cat| and |totallyRandom| especially make it seem like one.


Once it creates a function body, it does the following things with it:
* Splits it in half and tries to compile each half, mostly to find bugs in the compiler's error-handling.
* Compiles it
* Decompiles it (using both toString and uneval)
* Checks two things about each decompilation: 
  * Does it compile? 
  * The "round-trip" test: when passed through the compiler and decomiler a second time, 
    is the decompilation exactly the same? see below**
* Executes it
* If executing returned a generator, loops through the generator.


**This "round-trip change test" is intended to find bugs where the first
decompilation was incorrect.  It is effective at finding bugs, but it also hits
false positives -- situations where a round-trip changes the decompilation, even
though the first decompilation was not really incorrect, just not fully
optimized or not canonical.  Brendan has been nice about fixing these
"round-trip change" bugs even when they're not really bugs, since he sees value
in this type of fuzzing.