AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[fuzzing] Be more robust in PrepareFunctionForOptimization

Browse Source 
This changes PrepareFunctionForOptimization to have the same checks
as OptimizeFunctionOnNextCall, as otherwise fuzzing runs into
the DCHECK with a bad number of arguments.

Bug: chromium:1094866
Change-Id: Ief7d428a12139c47a74607d39792276a2eae4ebf
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250255
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#68410}
This commit is contained in:
Michael Achenbach 2020-06-18 12:53:19 +02:00 committed by Commit Bot
parent 34d74cad23
commit 50b131f639
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/runtime/runtime-test.cc
View File

@ -369,8 +369,9 @@ RUNTIME_FUNCTION(Runtime_EnsureFeedbackVectorForFunction) {
RUNTIME_FUNCTION(Runtime_PrepareFunctionForOptimization) {
HandleScope scope(isolate);
DCHECK(args.length() == 1 || args.length() == 2);
if (!args[0].IsJSFunction()) return CrashUnlessFuzzing(isolate);
if ((args.length() != 1 && args.length() != 2) || !args[0].IsJSFunction()) {
return CrashUnlessFuzzing(isolate);
}
CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0);
bool allow_heuristic_optimization = false;