Commit f8615f67 authored by Jakob Gruber's avatar Jakob Gruber Committed by Commit Bot

[runtime] More permissive %NeverOptimizeFunction for fuzzing

SFI::DisableOptimization can only be called on certain function kinds.
Update %NeverOptimizeFunction to crash/do nothing if these conditions
are not fulfilled in normal/fuzzing configurations.

Bug: chromium:1074689
Change-Id: I371dd539e27447ede48c69d0480a3d224071b304
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2169926Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67429}
parent f6960c0a
......@@ -477,7 +477,12 @@ RUNTIME_FUNCTION(Runtime_NeverOptimizeFunction) {
CONVERT_ARG_HANDLE_CHECKED(Object, function_object, 0);
if (!function_object->IsJSFunction()) return CrashUnlessFuzzing(isolate);
Handle<JSFunction> function = Handle<JSFunction>::cast(function_object);
function->shared().DisableOptimization(BailoutReason::kNeverOptimize);
SharedFunctionInfo sfi = function->shared();
if (sfi.abstract_code().kind() != AbstractCode::INTERPRETED_FUNCTION &&
sfi.abstract_code().kind() != AbstractCode::BUILTIN) {
return CrashUnlessFuzzing(isolate);
}
sfi.DisableOptimization(BailoutReason::kNeverOptimize);
return ReadOnlyRoots(isolate).undefined_value();
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment