Add new fuzzing flags for V8

Dominik Klemba · V8-internal LUCI CQ · commit 794c0f008048 · 2025-11-04T05:38:57.000-08:00
This change introduces the following flags to the V8 fuzzing profile: - --maglev-as-top-tier - --maglev-non-eager-inlining - --max_maglev_inlined_bytecode_size_small=0 - --max_inlined_bytecode_size_small=0 These flags are expected to increase fuzzing coverage for edge cases in the V8 engine. While the probabilities in the code may seem high, they are conditional and depend on other flags being set. Bug: 456452258, 456451490, 456142887, 455592879 Change-Id: I486170bc27798f31ee905f2ff8e6c881a44b9265 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8736336 Commit-Queue: Dominik Klemba <tacet@google.com> Reviewed-by: Matthias Liedtke <mliedtke@google.com> Auto-Submit: Dominik Klemba <tacet@google.com> Reviewed-by: Victor Gomes <victorgomes@google.com> Reviewed-by: Darius Mercadier <dmercadier@google.com>
diff --git a/Sources/FuzzilliCli/Profiles/V8Profile.swift b/Sources/FuzzilliCli/Profiles/V8Profile.swift
@@ -41,6 +41,9 @@ let v8Profile = Profile(
         //
         if probability(0.1) {
             args.append("--no-turbofan")
+            if probability(0.5) {
+                args.append("--maglev-as-top-tier")
+            }
         }
 
         if probability(0.1) {
@@ -91,6 +94,13 @@ let v8Profile = Profile(
             args.append("--maglev-future")
         }
 
+        if probability(0.2) && !args.contains("--no-maglev") {
+            args.append("--maglev-non-eager-inlining")
+            if probability(0.4) { // TODO: @tacet decrease this probability to max 0.2
+                args.append("--max_maglev_inlined_bytecode_size_small=0")
+            }
+        }
+
         if probability(0.1) {
             args.append("--turboshaft-typed-optimizations")
         }
@@ -99,6 +109,9 @@ let v8Profile = Profile(
             args.append("--turbolev")
             if probability(0.82) {
                 args.append("--turbolev-future")
+                if probability(0.3) { // TODO: @tacet change to 0.15
+                    args.append("--max_inlined_bytecode_size_small=0")
+                }
             }
         }
 

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,9 @@ let v8Profile = Profile(`
`41`	`41`	`//`
`42`	`42`	`if probability(0.1) {`
`43`	`43`	`args.append("--no-turbofan")`
	`44`	`+ if probability(0.5) {`
	`45`	`+ args.append("--maglev-as-top-tier")`
	`46`	`+ }`
`44`	`47`	`}`
`45`	`48`
`46`	`49`	`if probability(0.1) {`
`@@ -91,6 +94,13 @@ let v8Profile = Profile(`
`91`	`94`	`args.append("--maglev-future")`
`92`	`95`	`}`
`93`	`96`
	`97`	`+ if probability(0.2) && !args.contains("--no-maglev") {`
	`98`	`+ args.append("--maglev-non-eager-inlining")`
	`99`	`+ if probability(0.4) { // TODO: @tacet decrease this probability to max 0.2`
	`100`	`+ args.append("--max_maglev_inlined_bytecode_size_small=0")`
	`101`	`+ }`
	`102`	`+ }`
	`103`	`+`
`94`	`104`	`if probability(0.1) {`
`95`	`105`	`args.append("--turboshaft-typed-optimizations")`
`96`	`106`	`}`
`@@ -99,6 +109,9 @@ let v8Profile = Profile(`
`99`	`109`	`args.append("--turbolev")`
`100`	`110`	`if probability(0.82) {`
`101`	`111`	`args.append("--turbolev-future")`
	`112`	`+ if probability(0.3) { // TODO: @tacet change to 0.15`
	`113`	`+ args.append("--max_inlined_bytecode_size_small=0")`
	`114`	`+ }`
`102`	`115`	`}`
`103`	`116`	`}`
`104`	`117`