@@ -650,3 +650,262 @@ public let FastApiCallFuzzer = ProgramTemplate("FastApiCallFuzzer") { b in
650650
651651 b. build ( n: 10 )
652652}
653+
654+ public func v8ProcessArgs( randomize: Bool ) -> [ String ] {
655+ var args = [
656+ " --expose-gc " ,
657+ " --expose-externalize-string " ,
658+ " --omit-quit " ,
659+ " --allow-natives-syntax " ,
660+ " --fuzzing " ,
661+ " --jit-fuzzing " ,
662+ " --future " ,
663+ " --harmony " ,
664+ " --experimental-fuzzing " ,
665+ " --js-staging " ,
666+ " --wasm-staging " ,
667+ " --wasm-fast-api " ,
668+ " --expose-fast-api " ,
669+ " --experimental-wasm-rab-integration " ,
670+ " --wasm-test-streaming " , // WebAssembly.compileStreaming & WebAssembly.instantiateStreaming()
671+ ]
672+
673+ guard randomize else { return args }
674+
675+ //
676+ // Existing features that should sometimes be disabled.
677+ //
678+ if probability ( 0.1 ) {
679+ args. append ( " --no-turbofan " )
680+ if probability ( 0.5 ) {
681+ args. append ( " --maglev-as-top-tier " )
682+ }
683+ }
684+
685+ if probability ( 0.1 ) {
686+ args. append ( " --no-maglev " )
687+ }
688+
689+ if probability ( 0.1 ) {
690+ args. append ( " --no-sparkplug " )
691+ }
692+
693+ if probability ( 0.1 ) {
694+ args. append ( " --no-short-builtin-calls " )
695+ }
696+
697+ // Disabling Liftoff enables "direct" coverage for the optimizing compiler, though some
698+ // features (like speculative inlining) require a combination of Liftoff and Turbofan.
699+ // Note that this flag only affects WebAssembly.
700+ if probability ( 0.5 ) {
701+ args. append ( " --no-liftoff " )
702+ if probability ( 0.3 ) {
703+ args. append ( " --wasm-assert-types " )
704+ }
705+ }
706+
707+ // This greatly helps the fuzzer to decide inlining wasm functions into each other when
708+ // %WasmTierUpFunction() is used as in most cases the call counts will be way too low to
709+ // align with V8's current inlining heuristics (which uses absolute call counts as a
710+ // deciding factor).
711+ if probability ( 0.5 ) {
712+ args. append ( " --wasm-inlining-ignore-call-counts " )
713+ }
714+
715+ //
716+ // Future features that should sometimes be enabled.
717+ //
718+ if probability ( 0.1 ) {
719+ args. append ( " --minor-ms " )
720+ }
721+
722+ // Enable the shared heap.
723+ if probability ( 0.25 ) {
724+ // Either use the shared-string-table (needed for JS shared structs) or only allow
725+ // shared strings (needed for shared Wasm objects).
726+ args. append ( Bool . random ( ) ? " --shared-string-table " : " --shared-strings " )
727+ }
728+
729+ if probability ( 0.25 ) && !args. contains ( " --no-maglev " ) {
730+ args. append ( " --maglev-future " )
731+ }
732+
733+ if probability ( 0.2 ) && !args. contains ( " --no-maglev " ) {
734+ args. append ( " --maglev-non-eager-inlining " )
735+ if probability ( 0.4 ) { // TODO: @tacet decrease this probability to max 0.2
736+ args. append ( " --max_maglev_inlined_bytecode_size_small=0 " )
737+ }
738+ }
739+
740+ if probability ( 0.1 ) {
741+ args. append ( " --turboshaft-typed-optimizations " )
742+ }
743+
744+ if probability ( 0.5 ) {
745+ args. append ( " --turbolev " )
746+ if probability ( 0.82 ) {
747+ args. append ( " --turbolev-future " )
748+ if probability ( 0.3 ) { // TODO: @tacet change to 0.15
749+ args. append ( " --max_inlined_bytecode_size_small=0 " )
750+ }
751+ }
752+ }
753+
754+ if probability ( 0.1 ) {
755+ args. append ( " --turboshaft-wasm-in-js-inlining " )
756+ }
757+
758+ if probability ( 0.1 ) {
759+ args. append ( " --harmony-struct " )
760+ }
761+
762+ if probability ( 0.1 ) {
763+ args. append ( " --efficiency-mode " )
764+ }
765+
766+ if probability ( 0.1 ) {
767+ args. append ( " --battery-saver-mode " )
768+ }
769+
770+ if probability ( 0.1 ) {
771+ args. append ( " --stress-scavenger-conservative-object-pinning-random " )
772+ }
773+
774+ if probability ( 0.1 ) {
775+ args. append ( " --precise-object-pinning " )
776+ }
777+
778+ if probability ( 0.1 ) {
779+ args. append ( " --scavenger-chaos-mode " )
780+ let threshold = Int . random ( in: 0 ... 100 )
781+ args. append ( " --scavenger-chaos-mode-threshold= \( threshold) " )
782+ }
783+
784+ if probability ( 0.1 ) {
785+ let stackSize = Int . random ( in: 54 ... 863 )
786+ args. append ( " --stack-size= \( stackSize) " )
787+ }
788+
789+ // Temporarily enable the three flags below with high probability to
790+ // stress-test JSPI.
791+ // Lower the probabilities once we have enough coverage.
792+ if ( probability ( 0.5 ) ) {
793+ let stackSwitchingSize = Int . random ( in: 1 ... 300 )
794+ args. append ( " --wasm-stack-switching-stack-size= \( stackSwitchingSize) " )
795+ }
796+ if ( probability ( 0.5 ) ) {
797+ args. append ( " --experimental-wasm-growable-stacks " )
798+ }
799+ if ( probability ( 0.5 ) ) {
800+ args. append ( " --stress-wasm-stack-switching " )
801+ }
802+
803+ if probability ( 0.5 ) {
804+ args. append ( " --proto-assign-seq-opt " )
805+ }
806+
807+ //
808+ // Sometimes enable additional verification/stressing logic (which may be fairly expensive).
809+ //
810+ if probability ( 0.1 ) {
811+ args. append ( " --verify-heap " )
812+ }
813+ if probability ( 0.1 ) {
814+ args. append ( " --turbo-verify " )
815+ }
816+ if probability ( 0.1 ) {
817+ args. append ( " --turbo-verify-allocation " )
818+ }
819+ if probability ( 0.1 ) {
820+ args. append ( " --assert-types " )
821+ }
822+ if probability ( 0.1 ) {
823+ args. append ( " --turboshaft-assert-types " )
824+ }
825+ if probability ( 0.1 ) {
826+ args. append ( " --deopt-every-n-times= \( chooseUniform ( from: [ 100 , 250 , 500 , 1000 , 2500 , 5000 , 10000 ] ) ) " )
827+ }
828+ if probability ( 0.1 ) {
829+ args. append ( " --stress-ic " )
830+ }
831+ if probability ( 0.1 ) {
832+ args. append ( " --optimize-on-next-call-optimizes-to-maglev " )
833+ }
834+ if probability ( 0.2 ) {
835+ args. append ( " --turboshaft-verify-load-elimination " )
836+ }
837+
838+ //
839+ // A gc-stress session with some fairly expensive flags.
840+ //
841+ if probability ( 0.1 ) {
842+ if probability ( 0.4 ) {
843+ args. append ( " --stress-marking= \( Int . random ( in: 1 ... 100 ) ) " )
844+ }
845+ if probability ( 0.4 ) {
846+ args. append ( " --stress-scavenge= \( Int . random ( in: 1 ... 100 ) ) " )
847+ }
848+ if probability ( 0.5 ) {
849+ args. append ( " --stress-flush-code " )
850+ args. append ( " --flush-bytecode " )
851+ }
852+ if probability ( 0.5 ) {
853+ args. append ( " --wasm-code-gc " )
854+ args. append ( " --stress-wasm-code-gc " )
855+ }
856+ if probability ( 0.4 ) {
857+ args. append ( chooseUniform (
858+ from: [ " --gc-interval= \( Int . random ( in: 100 ... 10000 ) ) " ,
859+ " --random-gc-interval= \( Int . random ( in: 1000 ... 10000 ) ) " ] ) )
860+ }
861+ if probability ( 0.4 ) {
862+ args. append ( " --concurrent-recompilation-queue-length= \( Int . random ( in: 4 ... 64 ) ) " )
863+ args. append ( " --concurrent-recompilation-delay= \( Int . random ( in: 1 ... 500 ) ) " )
864+ }
865+ if probability ( 0.6 ) {
866+ args. append ( chooseUniform (
867+ from: [ " --stress-compaction " , " --stress-compaction-random " ] ) )
868+ }
869+ }
870+
871+ //
872+ // More exotic configuration changes.
873+ //
874+ if probability ( 0.05 ) {
875+ if probability ( 0.5 ) { args. append ( " --stress-gc-during-compilation " ) }
876+ if probability ( 0.5 ) { args. append ( " --lazy-new-space-shrinking " ) }
877+ if probability ( 0.5 ) { args. append ( " --stress-wasm-memory-moving " ) }
878+ if probability ( 0.5 ) { args. append ( " --stress-background-compile " ) }
879+ if probability ( 0.5 ) { args. append ( " --parallel-compile-tasks-for-lazy " ) }
880+ if probability ( 0.5 ) { args. append ( " --parallel-compile-tasks-for-eager-toplevel " ) }
881+
882+ args. append ( probability ( 0.5 ) ? " --always-sparkplug " : " --no-always-sparkplug " )
883+ args. append ( probability ( 0.5 ) ? " --always-osr " : " --no-always-osr " )
884+ args. append ( probability ( 0.5 ) ? " --concurrent-osr " : " --no-concurrent-osr " )
885+ args. append ( probability ( 0.5 ) ? " --force-slow-path " : " --no-force-slow-path " )
886+
887+ // Maglev related flags
888+ args. append ( probability ( 0.5 ) ? " --maglev-inline-api-calls " : " --no-maglev-inline-api-calls " )
889+
890+ // Compiler related flags
891+ args. append ( probability ( 0.5 ) ? " --turbo-move-optimization " : " --no-turbo-move-optimization " )
892+ args. append ( probability ( 0.5 ) ? " --turbo-jt " : " --no-turbo-jt " )
893+ args. append ( probability ( 0.5 ) ? " --turbo-loop-peeling " : " --no-turbo-loop-peeling " )
894+ args. append ( probability ( 0.5 ) ? " --turbo-loop-variable " : " --no-turbo-loop-variable " )
895+ args. append ( probability ( 0.5 ) ? " --turbo-loop-rotation " : " --no-turbo-loop-rotation " )
896+ args. append ( probability ( 0.5 ) ? " --turbo-cf-optimization " : " --no-turbo-cf-optimization " )
897+ args. append ( probability ( 0.5 ) ? " --turbo-escape " : " --no-turbo-escape " )
898+ args. append ( probability ( 0.5 ) ? " --turbo-allocation-folding " : " --no-turbo-allocation-folding " )
899+ args. append ( probability ( 0.5 ) ? " --turbo-instruction-scheduling " : " --no-turbo-instruction-scheduling " )
900+ args. append ( probability ( 0.5 ) ? " --turbo-stress-instruction-scheduling " : " --no-turbo-stress-instruction-scheduling " )
901+ args. append ( probability ( 0.5 ) ? " --turbo-store-elimination " : " --no-turbo-store-elimination " )
902+ args. append ( probability ( 0.5 ) ? " --turbo-rewrite-far-jumps " : " --no-turbo-rewrite-far-jumps " )
903+ args. append ( probability ( 0.5 ) ? " --turbo-optimize-apply " : " --no-turbo-optimize-apply " )
904+ args. append ( chooseUniform ( from: [ " --no-enable-sse3 " , " --no-enable-ssse3 " , " --no-enable-sse4-1 " , " --no-enable-sse4-2 " , " --no-enable-avx " , " --no-enable-avx2 " ] ) )
905+ args. append ( probability ( 0.5 ) ? " --turbo-load-elimination " : " --no-turbo-load-elimination " )
906+ args. append ( probability ( 0.5 ) ? " --turbo-inlining " : " --no-turbo-inlining " )
907+ args. append ( probability ( 0.5 ) ? " --turbo-splitting " : " --no-turbo-splitting " )
908+ }
909+
910+ return args
911+ }
0 commit comments