[runtime] More permissive %NeverOptimizeFunction for fuzzing

SFI::DisableOptimization can only be called on certain function kinds.
Update %NeverOptimizeFunction to crash/do nothing if these conditions
are not fulfilled in normal/fuzzing configurations.

Bug: chromium:1074689
Change-Id: I371dd539e27447ede48c69d0480a3d224071b304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169926
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67429}
This commit is contained in:
Jakob Gruber 2020-04-28 08:22:37 +02:00 committed by Commit Bot
parent f6960c0a6b
commit f8615f67be

View File

@ -477,7 +477,12 @@ RUNTIME_FUNCTION(Runtime_NeverOptimizeFunction) {
CONVERT_ARG_HANDLE_CHECKED(Object, function_object, 0);
if (!function_object->IsJSFunction()) return CrashUnlessFuzzing(isolate);
Handle<JSFunction> function = Handle<JSFunction>::cast(function_object);
function->shared().DisableOptimization(BailoutReason::kNeverOptimize);
SharedFunctionInfo sfi = function->shared();
if (sfi.abstract_code().kind() != AbstractCode::INTERPRETED_FUNCTION &&
sfi.abstract_code().kind() != AbstractCode::BUILTIN) {
return CrashUnlessFuzzing(isolate);
}
sfi.DisableOptimization(BailoutReason::kNeverOptimize);
return ReadOnlyRoots(isolate).undefined_value();
}