Skip to content

V
V8
Commit 06b233c9 authored by mstarzinger's avatar mstarzinger Committed by Commit bot
Browse files
Options

[runtime] Make %GetOptimizationStatus fuzzable. 

This runtime function in question can indirectly be fuzzed by the two
assertion methods "assertOptimized" and "assertUnoptimized" that our
test harness provides for the "mjsunit" test suite.

R=ishell@chromium.org
BUG=chromium:627841

Review-Url: https://codereview.chromium.org/2145993002
Cr-Commit-Position: refs/heads/master@{#37722}
parent 62c21128
Show whitespace changes
Inline Side-by-side
Showing with 13 additions and 4 deletions
src/runtime/runtime-test.cc
View file @ 06b233c9
...@@ -30,7 +30,6 @@ RUNTIME_FUNCTION(Runtime_DeoptimizeFunction) { ...@@ -30,7 +30,6 @@ RUNTIME_FUNCTION(Runtime_DeoptimizeFunction) {
// This function is used by fuzzers to get coverage in compiler. // This function is used by fuzzers to get coverage in compiler.
// Ignore calls on non-function objects to avoid runtime errors. // Ignore calls on non-function objects to avoid runtime errors.
CONVERT_ARG_HANDLE_CHECKED(Object, function_object, 0); CONVERT_ARG_HANDLE_CHECKED(Object, function_object, 0);
// If it is not a JSFunction, just return.
if (!function_object->IsJSFunction()) { if (!function_object->IsJSFunction()) {
return isolate->heap()->undefined_value(); return isolate->heap()->undefined_value();
} }
...@@ -111,7 +110,6 @@ RUNTIME_FUNCTION(Runtime_OptimizeFunctionOnNextCall) { ...@@ -111,7 +110,6 @@ RUNTIME_FUNCTION(Runtime_OptimizeFunctionOnNextCall) {
// This function is used by fuzzers to get coverage for optimizations // This function is used by fuzzers to get coverage for optimizations
// in compiler. Ignore calls on non-function objects to avoid runtime errors. // in compiler. Ignore calls on non-function objects to avoid runtime errors.
CONVERT_ARG_HANDLE_CHECKED(Object, function_object, 0); CONVERT_ARG_HANDLE_CHECKED(Object, function_object, 0);
// If it is not a JSFunction, just return.
if (!function_object->IsJSFunction()) { if (!function_object->IsJSFunction()) {
return isolate->heap()->undefined_value(); return isolate->heap()->undefined_value();
} }
...@@ -212,14 +210,25 @@ RUNTIME_FUNCTION(Runtime_GetOptimizationStatus) { ...@@ -212,14 +210,25 @@ RUNTIME_FUNCTION(Runtime_GetOptimizationStatus) {
if (!isolate->use_crankshaft()) { if (!isolate->use_crankshaft()) {
return Smi::FromInt(4); // 4 == "never". return Smi::FromInt(4); // 4 == "never".
} }
// This function is used by fuzzers to get coverage for optimizations
// in compiler. Ignore calls on non-function objects to avoid runtime errors.
CONVERT_ARG_HANDLE_CHECKED(Object, function_object, 0);
if (!function_object->IsJSFunction()) {
return isolate->heap()->undefined_value();
}
Handle<JSFunction> function = Handle<JSFunction>::cast(function_object);
bool sync_with_compiler_thread = true; bool sync_with_compiler_thread = true;
if (args.length() == 2) { if (args.length() == 2) {
CONVERT_ARG_HANDLE_CHECKED(String, sync, 1); CONVERT_ARG_HANDLE_CHECKED(Object, sync_object, 1);
if (!sync_object->IsString()) return isolate->heap()->undefined_value();
Handle<String> sync = Handle<String>::cast(sync_object);
if (sync->IsOneByteEqualTo(STATIC_CHAR_VECTOR("no sync"))) { if (sync->IsOneByteEqualTo(STATIC_CHAR_VECTOR("no sync"))) {
sync_with_compiler_thread = false; sync_with_compiler_thread = false;
} }
} }
CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0);
if (isolate->concurrent_recompilation_enabled() && if (isolate->concurrent_recompilation_enabled() &&
sync_with_compiler_thread) { sync_with_compiler_thread) {
while (function->IsInOptimizationQueue()) { while (function->IsInOptimizationQueue()) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment