[foozzie] Suppress .caller access with correctness fuzzing

Bug: chromium:1042556, chromium:1186279 Change-Id: I77e9967891efad4ce151e231f7f6461be2922ba7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2802291 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Auto-Submit: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#73798}

[foozzie] Suppress .caller access with correctness fuzzing
Bug: chromium:1042556, chromium:1186279 Change-Id: I77e9967891efad4ce151e231f7f6461be2922ba7 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2802291 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Mythri Alle <mythria@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Auto-Submit: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Mythri Alle <mythria@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#73798}
b19385f5 · Michael Achenbach · Commit Bot · 1f5da7a7 · b19385f5 · b19385f5
Commit b19385f5 authored Apr 02, 2021 by Michael Achenbach Committed by Commit Bot Apr 06, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 1 deletion

accessors.cc src/builtins/accessors.cc +2 -1

foozzie.js test/mjsunit/tools/foozzie.js +9 -0

No files found.
--- a/src/builtins/accessors.cc
+++ b/src/builtins/accessors.cc
@@ -701,7 +701,8 @@ void Accessors::FunctionCallerGetter(
  MaybeHandle<JSFunction> maybe_caller;
  maybe_caller = FindCaller(isolate, function);
  Handle<JSFunction> caller;
-  if (maybe_caller.ToHandle(&caller)) {
+  // We don't support caller access with correctness fuzzing.
+  if (!FLAG_correctness_fuzzer_suppressions && maybe_caller.ToHandle(&caller)) {
    result = caller;
  } else {
    result = isolate->factory()->null_value();

--- a/test/mjsunit/tools/foozzie.js
+++ b/test/mjsunit/tools/foozzie.js
@@ -119,3 +119,12 @@ assertEquals(unoptimized, callPow(6996));
 let then_called = false;
 Atomics.waitAsync().value.then(() => {then_called = true;});
 assertEquals(true, then_called);
+
+// Test .caller access is neutered.
+function callee() {
+  assertEquals(null, callee.caller);
+}
+function caller() {
+  callee();
+}
+caller();