call-intrinsic-fuzzing.js 930 Bytes
Newer Older
1 2 3 4
// Copyright 2020 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

5
// Flags: --allow-natives-syntax --fuzzing
6

Dan Elphick's avatar
Dan Elphick committed
7
// Test allow/block-listed intrinsics in the context of fuzzing.
8

Dan Elphick's avatar
Dan Elphick committed
9
// Blocklisted intrinsics are replaced with undefined.
10
assertEquals(undefined, %ConstructConsString("a", "b"));
11

Dan Elphick's avatar
Dan Elphick committed
12
// Blocklisted intrinsics can have wrong arguments.
13
assertEquals(undefined, %ConstructConsString(1, 2, 3, 4));
14 15 16 17

// We don't care if an intrinsic actually exists.
assertEquals(undefined, %FooBar());

Dan Elphick's avatar
Dan Elphick committed
18
// Check allowlisted intrinsic.
19
assertNotEquals(undefined, %IsBeingInterpreted());
20

Dan Elphick's avatar
Dan Elphick committed
21
// Allowlisted runtime functions with too few args are ignored.
22 23 24 25 26
assertEquals(undefined, %DeoptimizeFunction());

// Superfluous arguments are ignored.
%DeoptimizeFunction(function() {}, undefined);
assertNotEquals(undefined, %IsBeingInterpreted(1, 2, 3));