65f1501634
This will allow bugs such as crbug.com/1394403 to be found much easier by fuzzers as it will cause d8 to compile every function twice and to verify that the resulting bytecode is the same. In order to not lose fuzzer coverage of e.g. lazy compilation, this CL also adds --lazy and --no-stress-lazy-source-positions to the fuzzer configurations to be chosen with a small probability. Bug: chromium:1394403 Change-Id: I172ac483b45978a669c9787e5f851daa985fd1f5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4096480 Reviewed-by: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#84811} |
||
|---|---|---|
| .. | ||
| BUILD.gn | ||
| clusterfuzz_trials_config.json | ||
| PRESUBMIT.py | ||
| README.md | ||
It is possible to add trials from the source code side by adding the below line
to clusterfuzz_trials_config.json:
{
"app_args": "FLAG_NAME",
"app_name": "APP_NAME",
"probability": PROBABILITY,
"contradicts": ["FLAG1", "FLAG2", ...]
}
app_args: the name of the flag we want to add.app_name: the name of the app we are adding the flag for, this must bed8onV8.probability: the probability of this flag to be selected.contradicts(optional): the flags that contradict the flag referred to inapp_args. This will stop flags that contradict each other from being added in the same trial.