AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[runtime] More permissive %NeverOptimizeFunction for fuzzing

Browse Source 
SFI::DisableOptimization can only be called on certain function kinds.
Update %NeverOptimizeFunction to crash/do nothing if these conditions
are not fulfilled in normal/fuzzing configurations.

Bug: chromium:1074689
Change-Id: I371dd539e27447ede48c69d0480a3d224071b304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169926
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67429}
This commit is contained in:
Jakob Gruber 2020-04-28 08:22:37 +02:00 committed by Commit Bot
parent f6960c0a6b
commit f8615f67be
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/runtime/runtime-test.cc
View File

@ -477,7 +477,12 @@ RUNTIME_FUNCTION(Runtime_NeverOptimizeFunction) {
CONVERT_ARG_HANDLE_CHECKED(Object, function_object, 0);
if (!function_object->IsJSFunction()) return CrashUnlessFuzzing(isolate);
Handle<JSFunction> function = Handle<JSFunction>::cast(function_object);
function->shared().DisableOptimization(BailoutReason::kNeverOptimize);
SharedFunctionInfo sfi = function->shared();
if (sfi.abstract_code().kind() != AbstractCode::INTERPRETED_FUNCTION &&
sfi.abstract_code().kind() != AbstractCode::BUILTIN) {
return CrashUnlessFuzzing(isolate);
}
sfi.DisableOptimization(BailoutReason::kNeverOptimize);
return ReadOnlyRoots(isolate).undefined_value();
}