[foozzie] Suppress .caller access with correctness fuzzing

Bug: chromium:1042556, chromium:1186279 Change-Id: I77e9967891efad4ce151e231f7f6461be2922ba7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2802291 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Auto-Submit: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#73798}
2021-04-02 11:05:59 +02:00 · 2021-04-02 11:05:59 +02:00 · b19385f555
commit b19385f555
parent 1f5da7a7af
2 changed files with 11 additions and 1 deletions
--- a/src/builtins/accessors.cc
+++ b/src/builtins/accessors.cc
@ -701,7 +701,8 @@ void Accessors::FunctionCallerGetter(
  MaybeHandle<JSFunction> maybe_caller;
  maybe_caller = FindCaller(isolate, function);
  Handle<JSFunction> caller;
-  if (maybe_caller.ToHandle(&caller)) {
+  // We don't support caller access with correctness fuzzing.
+  if (!FLAG_correctness_fuzzer_suppressions && maybe_caller.ToHandle(&caller)) {
    result = caller;
  } else {
    result = isolate->factory()->null_value();
--- a/test/mjsunit/tools/foozzie.js
+++ b/test/mjsunit/tools/foozzie.js
@ -119,3 +119,12 @@ assertEquals(unoptimized, callPow(6996));
 let then_called = false;
 Atomics.waitAsync().value.then(() => {then_called = true;});
 assertEquals(true, then_called);
+
+// Test .caller access is neutered.
+function callee() {
+  assertEquals(null, callee.caller);
+}
+function caller() {
+  callee();
+}
+caller();