[fuzzing] Be more robust in PrepareFunctionForOptimization

This changes PrepareFunctionForOptimization to have the same checks as OptimizeFunctionOnNextCall, as otherwise fuzzing runs into the DCHECK with a bad number of arguments. Bug: chromium:1094866 Change-Id: Ief7d428a12139c47a74607d39792276a2eae4ebf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250255Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68410}

[fuzzing] Be more robust in PrepareFunctionForOptimization
This changes PrepareFunctionForOptimization to have the same checks as OptimizeFunctionOnNextCall, as otherwise fuzzing runs into the DCHECK with a bad number of arguments. Bug: chromium:1094866 Change-Id: Ief7d428a12139c47a74607d39792276a2eae4ebf Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2250255Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Georg Neis <neis@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/master@{#68410}
50b131f6 · Michael Achenbach · Commit Bot · 34d74cad · 50b131f6
Commit 50b131f6 authored Jun 18, 2020 by Michael Achenbach Committed by Commit Bot Jun 18, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

runtime-test.cc src/runtime/runtime-test.cc +3 -2

No files found.
--- a/src/runtime/runtime-test.cc
+++ b/src/runtime/runtime-test.cc
@@ -369,8 +369,9 @@ RUNTIME_FUNCTION(Runtime_EnsureFeedbackVectorForFunction) {

 RUNTIME_FUNCTION(Runtime_PrepareFunctionForOptimization) {
  HandleScope scope(isolate);
-  DCHECK(args.length() == 1 || args.length() == 2);
-  if (!args[0].IsJSFunction()) return CrashUnlessFuzzing(isolate);
+  if ((args.length() != 1 && args.length() != 2) || !args[0].IsJSFunction()) {
+    return CrashUnlessFuzzing(isolate);
+  }
  CONVERT_ARG_HANDLE_CHECKED(JSFunction, function, 0);

  bool allow_heuristic_optimization = false;