Skip to content

V
V8
Commit 51dadbb3 authored by Michael Achenbach's avatar Michael Achenbach Committed by Commit Bot
Browse files
Options

[foozzie] Abort on all range errors in correctness fuzzing 

This uses the most common bottleneck for intercepting range-error
creation in correctness fuzzing. Previous abort conditions didn't
cover all cases, e.g. they didn't cover the generic NewError called
by wasm-results.

This also moves code for error-message suppression to the same
location for readability.

In a follow up we'll remove the other redundant abort conditions that
are scattered through the code.

Bug: chromium:1044942, chromium:1047197
Change-Id: I1b898247a304fd35112facd4048de3a02d512c96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2030728Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66053}
parent acdd2cb2
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 10 deletions
src/execution/messages.cc
View file @ 51dadbb3
......@@ -994,9 +994,20 @@ MaybeHandle<JSObject> ErrorUtils::Construct(
Isolate* isolate, Handle<JSFunction> target, Handle<Object> new_target,
Handle<Object> message, FrameSkipMode mode, Handle<Object> caller,
StackTraceCollection stack_trace_collection) {
if (FLAG_correctness_fuzzer_suppressions) {
// Abort range errors in correctness fuzzing, as their causes differ
// accross correctness-fuzzing scenarios.
if (target.is_identical_to(isolate->range_error_function())) {
FATAL("Aborting on range error");
}
// Ignore error messages in correctness fuzzing, because the spec leaves
// room for undefined behavior.
message = isolate->factory()->InternalizeUtf8String(
"Message suppressed for fuzzers (--correctness-fuzzer-suppressions)");
}
// 1. If NewTarget is undefined, let newTarget be the active function object,
// else let newTarget be NewTarget.
Handle<JSReceiver> new_target_recv =
new_target->IsJSReceiver() ? Handle<JSReceiver>::cast(new_target)
: Handle<JSReceiver>::cast(target);
......@@ -1154,15 +1165,7 @@ Handle<JSObject> ErrorUtils::MakeGenericError(
// pending exceptions would be cleared. Preserve this behavior.
isolate->clear_pending_exception();
}
Handle<String> msg;
if (FLAG_correctness_fuzzer_suppressions) {
// Ignore error messages in correctness fuzzing, because the spec leaves
// room for undefined behavior.
msg = isolate->factory()->InternalizeUtf8String(
"Message suppressed for fuzzers (--correctness-fuzzer-suppressions)");
} else {
msg = DoFormatMessage(isolate, index, arg0, arg1, arg2);
}
Handle<String> msg = DoFormatMessage(isolate, index, arg0, arg1, arg2);
DCHECK(mode != SKIP_UNTIL_SEEN);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment