[JSC] Add FuzzerAgent, which has a hooks to get feedback & inject fuzz data into JSC
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 3 Apr 2019 22:24:47 +0000 (22:24 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 3 Apr 2019 22:24:47 +0000 (22:24 +0000)
commitcea1e9a6d3797d679859c8103a5474e30e66a473
tree036442c33d6ba198dbe1b37fe091f3cf7522b81f
parent27b2e2a4f321f6176d6cd4801b6203cce1ee3536
[JSC] Add FuzzerAgent, which has a hooks to get feedback & inject fuzz data into JSC
https://bugs.webkit.org/show_bug.cgi?id=196530

Reviewed by Saam Barati.

This patch adds FuzzerAgent interface and simple RandomizingFuzzerAgent to JSC.
This RandomizingFuzzerAgent returns random SpeculatedType for value profiling to find
the issues in JSC. The seed for randomization can be specified by seedOfRandomizingFuzzerAgent.

I ran this with seedOfRandomizingFuzzerAgent=1 last night and it finds 3 failures in the current JSC tests,
they should be fixed in subsequent patches.

* CMakeLists.txt:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
* runtime/FuzzerAgent.cpp: Added.
(JSC::FuzzerAgent::~FuzzerAgent):
(JSC::FuzzerAgent::getPrediction):
* runtime/FuzzerAgent.h: Added.
* runtime/JSGlobalObjectFunctions.cpp:
* runtime/Options.h:
* runtime/RandomizingFuzzerAgent.cpp: Added.
(JSC::RandomizingFuzzerAgent::RandomizingFuzzerAgent):
(JSC::RandomizingFuzzerAgent::getPrediction):
* runtime/RandomizingFuzzerAgent.h: Added.
* runtime/RegExpCachedResult.h:
* runtime/RegExpGlobalData.cpp:
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
(JSC::VM::fuzzerAgent const):
(JSC::VM::setFuzzerAgent):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243832 268f45cc-cd09-0410-ab3c-d52691b4dbfc
15 files changed:
Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/Sources.txt
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/runtime/FuzzerAgent.cpp [new file with mode: 0644]
Source/JavaScriptCore/runtime/FuzzerAgent.h [new file with mode: 0644]
Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
Source/JavaScriptCore/runtime/Options.h
Source/JavaScriptCore/runtime/RandomizingFuzzerAgent.cpp [new file with mode: 0644]
Source/JavaScriptCore/runtime/RandomizingFuzzerAgent.h [new file with mode: 0644]
Source/JavaScriptCore/runtime/RegExpCachedResult.h
Source/JavaScriptCore/runtime/RegExpGlobalData.cpp
Source/JavaScriptCore/runtime/VM.cpp
Source/JavaScriptCore/runtime/VM.h