[fuzzing] Use --fuzzing flag for allowed runtime functions
This subsumes the old behavior of --allow-natives-for-fuzzing under --fuzzing as well. Both flags are used in a redundant way in fuzz configs. Only --allow-natives-for-fuzzing wasn't specified as a required argument, leading to the bug below. We still need the flag --allow-natives-for-differential-fuzzing to allow different functions when using differential fuzzing. Bug: chromium:1094866 Change-Id: I398791779e58ed4d80e896c1cfea343848159212 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2246568 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#68401}
This commit is contained in:
parent
365f46d05b
commit
3864e1f2da
@ -1270,15 +1270,11 @@ DEFINE_IMPLICATION(trace_maps, log_code)
|
||||
|
||||
// parser.cc
|
||||
DEFINE_BOOL(allow_natives_syntax, false, "allow natives syntax")
|
||||
DEFINE_BOOL(allow_natives_for_fuzzing, false,
|
||||
"allow only natives explicitly whitelisted for fuzzers")
|
||||
DEFINE_BOOL(allow_natives_for_differential_fuzzing, false,
|
||||
"allow only natives explicitly whitelisted for differential "
|
||||
"fuzzers")
|
||||
DEFINE_IMPLICATION(allow_natives_for_differential_fuzzing, allow_natives_syntax)
|
||||
DEFINE_IMPLICATION(allow_natives_for_fuzzing, allow_natives_syntax)
|
||||
DEFINE_IMPLICATION(allow_natives_for_differential_fuzzing,
|
||||
allow_natives_for_fuzzing)
|
||||
DEFINE_IMPLICATION(allow_natives_for_differential_fuzzing, fuzzing)
|
||||
DEFINE_BOOL(parse_only, false, "only parse the sources")
|
||||
|
||||
// simulator-arm.cc, simulator-arm64.cc and simulator-mips.cc
|
||||
|
@ -357,8 +357,8 @@ Expression* Parser::NewV8Intrinsic(const AstRawString* name,
|
||||
const Runtime::Function* function =
|
||||
Runtime::FunctionForName(name->raw_data(), name->length());
|
||||
|
||||
// Be more premissive when fuzzing. Intrinsics are not supported.
|
||||
if (FLAG_allow_natives_for_fuzzing) {
|
||||
// Be more permissive when fuzzing. Intrinsics are not supported.
|
||||
if (FLAG_fuzzing) {
|
||||
return NewV8RuntimeFunctionForFuzzing(function, args, pos);
|
||||
}
|
||||
|
||||
@ -392,7 +392,7 @@ Expression* Parser::NewV8Intrinsic(const AstRawString* name,
|
||||
Expression* Parser::NewV8RuntimeFunctionForFuzzing(
|
||||
const Runtime::Function* function, const ScopedPtrList<Expression>& args,
|
||||
int pos) {
|
||||
CHECK(FLAG_allow_natives_for_fuzzing);
|
||||
CHECK(FLAG_fuzzing);
|
||||
|
||||
// Intrinsics are not supported for fuzzing. Only allow whitelisted runtime
|
||||
// functions. Also prevent later errors due to too few arguments and just
|
||||
|
@ -193,7 +193,7 @@ bool Runtime::MayAllocate(FunctionId id) {
|
||||
}
|
||||
|
||||
bool Runtime::IsWhitelistedForFuzzing(FunctionId id) {
|
||||
CHECK(FLAG_allow_natives_for_fuzzing);
|
||||
CHECK(FLAG_fuzzing);
|
||||
switch (id) {
|
||||
// Runtime functions whitelisted for all fuzzers. Only add functions that
|
||||
// help increase coverage.
|
||||
|
@ -2,7 +2,7 @@
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
// Flags: --allow-natives-for-fuzzing --fuzzing
|
||||
// Flags: --allow-natives-syntax --fuzzing
|
||||
|
||||
// Test whitelisted/blacklisted intrinsics in the context of fuzzing.
|
||||
|
||||
|
@ -9,7 +9,7 @@
|
||||
%NeverOptimizeFunction(true);
|
||||
%NeverOptimizeFunction(1);
|
||||
%NeverOptimizeFunction({});
|
||||
assertThrows("%NeverOptimizeFunction()", SyntaxError);
|
||||
%NeverOptimizeFunction();
|
||||
|
||||
%PrepareFunctionForOptimization(print);
|
||||
%OptimizeFunctionOnNextCall(print);
|
||||
|
Loading…
Reference in New Issue
Block a user