Commit 060c2cb1 authored by Camillo Bruni's avatar Camillo Bruni Committed by V8 LUCI CQ

[d8] Disable d8.promise.setHooks with correctness fuzzing

Setting promise hooks after running some promise-related code has hard
to control side-effects that make correctness fuzzing difficult.

Certain Promise functions are optimized and avoid creating intermediate
Promises. Dynamically enabled Promise hooks combined with --force-slow-path,
which would cause us to always create those intermediate Promises, will
get us very differet callbacks if the hooks are enabled half-way.

The exepected usage pattern is to only use setHooks if there are no
pending promises, something that cannot be guaranteed for fuzzing.

Bug: chromium:1202465
Change-Id: Ifa96f2db9c441b6f5da696b88a1c087160ec8eeb
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013355Reviewed-by: 's avatarMarja Hölttä <marja@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75637}
parent 90a24303
...@@ -2082,11 +2082,14 @@ void Shell::AsyncHooksTriggerAsyncId( ...@@ -2082,11 +2082,14 @@ void Shell::AsyncHooksTriggerAsyncId(
void Shell::SetPromiseHooks(const v8::FunctionCallbackInfo<v8::Value>& args) { void Shell::SetPromiseHooks(const v8::FunctionCallbackInfo<v8::Value>& args) {
Isolate* isolate = args.GetIsolate(); Isolate* isolate = args.GetIsolate();
if (i::FLAG_correctness_fuzzer_suppressions) { if (i::FLAG_correctness_fuzzer_suppressions) {
// Make sure we have no pending promises if correctness fuzzing is active. // Setting promise hoooks dynamically has unexpected timing side-effects
// Due to fast-paths we might have not created all intermediate promises // with certain promise optimizations. We might not get all callbacks for
// that aren't spec visible. However, the promise hook might expose them // previously scheduled Promises or optimized code-paths that skip Promise
// and cause different output. // creation.
isolate->PerformMicrotaskCheckpoint(); isolate->ThrowError(
"d8.promise.setHooks is disabled with "
"--correctness-fuzzer-suppressions");
return;
} }
Local<Context> context = isolate->GetCurrentContext(); Local<Context> context = isolate->GetCurrentContext();
HandleScope handle_scope(isolate); HandleScope handle_scope(isolate);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment