From a6843b13705fb95f2d29fc5392ae8dbc8eb5c5e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Inf=C3=BChr?= <dinfuehr@chromium.org>
Date: Mon, 7 Feb 2022 13:55:30 +0100
Subject: [PATCH] [heap] Turn on fuzzing for map space compaction
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Turn on fuzzing to get additional test coverage.

Bug: v8:12578
Change-Id: Ia614fb9e4ba519163024f3b7b40f22ad6ebb3297
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3442677
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78977}
---
 .../clusterfuzz_trials_config.json            |  1 +
 tools/clusterfuzz/v8_fuzz_flags.json          |  3 +-
 tools/testrunner/testproc/fuzzer.py           | 77 ++++++++++---------
 3 files changed, 42 insertions(+), 39 deletions(-)

diff --git a/tools/clusterfuzz/clusterfuzz_trials_config.json b/tools/clusterfuzz/clusterfuzz_trials_config.json
index 9a01f2a503..1608d765cf 100644
--- a/tools/clusterfuzz/clusterfuzz_trials_config.json
+++ b/tools/clusterfuzz/clusterfuzz_trials_config.json
@@ -1,6 +1,7 @@
 [
     {"app_args": "--assert-types", "app_name": "d8", "probability": 0.25},
     {"app_args": "--budget_for_feedback_vector_allocation=0", "app_name": "d8", "probability": 0.05},
+    {"app_args": "--compact-map-space", "app_name": "d8", "probability": 0.25},
     {"app_args": "--force-slow-path", "app_name": "d8", "probability": 0.05},
     {"app_args": "--future", "app_name": "d8", "probability": 0.25},
     {"app_args": "--interrupt-budget=1000", "app_name": "d8", "probability": 0.25},
diff --git a/tools/clusterfuzz/v8_fuzz_flags.json b/tools/clusterfuzz/v8_fuzz_flags.json
index 7aefe69267..c1a8c269a1 100644
--- a/tools/clusterfuzz/v8_fuzz_flags.json
+++ b/tools/clusterfuzz/v8_fuzz_flags.json
@@ -30,5 +30,6 @@
   [0.05, "--budget-for-feedback-vector-allocation=0"],
   [0.1, "--no-wasm-generic-wrapper"],
   [0.1, "--turbo-force-mid-tier-regalloc"],
-  [0.0001, "--simulate-errors"]
+  [0.0001, "--simulate-errors"],
+  [0.25, "--compact-map-space"]
 ]
diff --git a/tools/testrunner/testproc/fuzzer.py b/tools/testrunner/testproc/fuzzer.py
index b5b87d8bfb..af333223e3 100644
--- a/tools/testrunner/testproc/fuzzer.py
+++ b/tools/testrunner/testproc/fuzzer.py
@@ -11,44 +11,45 @@ from . import base
 # Extra flags randomly added to all fuzz tests with numfuzz. List of tuples
 # (probability, flag).
 EXTRA_FLAGS = [
-  (0.1, '--always-opt'),
-  (0.1, '--assert-types'),
-  (0.1, '--budget-for-feedback-vector-allocation=0'),
-  (0.1, '--cache=code'),
-  (0.1, '--force-slow-path'),
-  (0.2, '--future'),
-  (0.1, '--interrupt-budget=100'),
-  (0.1, '--liftoff'),
-  (0.2, '--no-analyze-environment-liveness'),
-  # TODO(machenbach): Enable when it doesn't collide with crashing on missing
-  # simd features.
-  #(0.1, '--no-enable-sse3'),
-  #(0.1, '--no-enable-ssse3'),
-  #(0.1, '--no-enable-sse4_1'),
-  (0.1, '--no-enable-sse4_2'),
-  (0.1, '--no-enable-sahf'),
-  (0.1, '--no-enable-avx'),
-  (0.1, '--no-enable-fma3'),
-  (0.1, '--no-enable-bmi1'),
-  (0.1, '--no-enable-bmi2'),
-  (0.1, '--no-enable-lzcnt'),
-  (0.1, '--no-enable-popcnt'),
-  (0.3, '--no-lazy-feedback-allocation'),
-  (0.1, '--no-liftoff'),
-  (0.1, '--no-opt'),
-  (0.2, '--no-regexp-tier-up'),
-  (0.1, '--no-wasm-tier-up'),
-  (0.1, '--regexp-interpret-all'),
-  (0.1, '--regexp-tier-up-ticks=10'),
-  (0.1, '--regexp-tier-up-ticks=100'),
-  (0.1, '--stress-background-compile'),
-  (0.1, '--stress-concurrent-inlining'),
-  (0.1, '--stress-flush-code'),
-  (0.1, '--stress-lazy-source-positions'),
-  (0.1, '--stress-wasm-code-gc'),
-  (0.1, '--turbo-instruction-scheduling'),
-  (0.1, '--turbo-stress-instruction-scheduling'),
-  (0.1, '--turbo-force-mid-tier-regalloc'),
+    (0.1, '--always-opt'),
+    (0.1, '--assert-types'),
+    (0.1, '--budget-for-feedback-vector-allocation=0'),
+    (0.1, '--cache=code'),
+    (0.25, '--compact-map-space'),
+    (0.1, '--force-slow-path'),
+    (0.2, '--future'),
+    (0.1, '--interrupt-budget=100'),
+    (0.1, '--liftoff'),
+    (0.2, '--no-analyze-environment-liveness'),
+    # TODO(machenbach): Enable when it doesn't collide with crashing on missing
+    # simd features.
+    #(0.1, '--no-enable-sse3'),
+    #(0.1, '--no-enable-ssse3'),
+    #(0.1, '--no-enable-sse4_1'),
+    (0.1, '--no-enable-sse4_2'),
+    (0.1, '--no-enable-sahf'),
+    (0.1, '--no-enable-avx'),
+    (0.1, '--no-enable-fma3'),
+    (0.1, '--no-enable-bmi1'),
+    (0.1, '--no-enable-bmi2'),
+    (0.1, '--no-enable-lzcnt'),
+    (0.1, '--no-enable-popcnt'),
+    (0.3, '--no-lazy-feedback-allocation'),
+    (0.1, '--no-liftoff'),
+    (0.1, '--no-opt'),
+    (0.2, '--no-regexp-tier-up'),
+    (0.1, '--no-wasm-tier-up'),
+    (0.1, '--regexp-interpret-all'),
+    (0.1, '--regexp-tier-up-ticks=10'),
+    (0.1, '--regexp-tier-up-ticks=100'),
+    (0.1, '--stress-background-compile'),
+    (0.1, '--stress-concurrent-inlining'),
+    (0.1, '--stress-flush-code'),
+    (0.1, '--stress-lazy-source-positions'),
+    (0.1, '--stress-wasm-code-gc'),
+    (0.1, '--turbo-instruction-scheduling'),
+    (0.1, '--turbo-stress-instruction-scheduling'),
+    (0.1, '--turbo-force-mid-tier-regalloc'),
 ]
 
 def random_extra_flags(rng):