cf05e4ca79
This makes creating whitelisted runtime functions more permissive on fuzzers (when --allow-natives-for-fuzzing is passed). - Runtime functions with too few arguments are replaced with undefined. - Superfluous arguments are ignored. This reduces syntax-error rate on fuzzers. Also prevents dcheck errors when fuzzing debug builds and fuzzers use too many arguments for runtime functions. Bug: chromium:1044942 Change-Id: I23b45398421c50bc82d1e8bfdf019f565253db96 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2039352 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#66202}
27 lines
939 B
JavaScript
27 lines
939 B
JavaScript
// Copyright 2020 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Flags: --allow-natives-for-fuzzing
|
|
|
|
// Test whitelisted/blacklisted intrinsics in the context of fuzzing.
|
|
|
|
// Blacklisted intrinsics are replaced with undefined.
|
|
assertEquals(undefined, %GetOptimizationStatus(function (){}));
|
|
|
|
// Blacklisted intrinsics can have wrong arguments.
|
|
assertEquals(undefined, %GetOptimizationStatus(1, 2, 3, 4));
|
|
|
|
// We don't care if an intrinsic actually exists.
|
|
assertEquals(undefined, %FooBar());
|
|
|
|
// Check whitelisted intrinsic.
|
|
assertNotEquals(undefined, %IsBeingInterpreted());
|
|
|
|
// Whitelisted runtime functions with too few args are ignored.
|
|
assertEquals(undefined, %DeoptimizeFunction());
|
|
|
|
// Superfluous arguments are ignored.
|
|
%DeoptimizeFunction(function() {}, undefined);
|
|
assertNotEquals(undefined, %IsBeingInterpreted(1, 2, 3));
|