[JSC] Pass CodeOrigin to FuzzerAgent
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Apr 2019 18:53:08 +0000 (18:53 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Apr 2019 18:53:08 +0000 (18:53 +0000)
commit896feec29739bfd540b8bb1190cc32d721560e6e
tree0da23b68a0e845e82206bbc3fe66fd1fd8bf2f8c
parent36b5dedf31648b337405a7cb9529215f7be16977
[JSC] Pass CodeOrigin to FuzzerAgent
https://bugs.webkit.org/show_bug.cgi?id=196590

Reviewed by Saam Barati.

Pass CodeOrigin instead of bytecodeIndex. CodeOrigin includes richer information (InlineCallFrame*).
We also mask prediction with SpecBytecodeTop in DFGByteCodeParser. The fuzzer can produce any SpeculatedTypes,
but DFGByteCodeParser should only see predictions that can be actually produced from the bytecode execution.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
* runtime/FuzzerAgent.cpp:
(JSC::FuzzerAgent::getPrediction):
* runtime/FuzzerAgent.h:
* runtime/RandomizingFuzzerAgent.cpp:
(JSC::RandomizingFuzzerAgent::getPrediction):
* runtime/RandomizingFuzzerAgent.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243885 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/runtime/FuzzerAgent.cpp
Source/JavaScriptCore/runtime/FuzzerAgent.h
Source/JavaScriptCore/runtime/RandomizingFuzzerAgent.cpp
Source/JavaScriptCore/runtime/RandomizingFuzzerAgent.h