[v8] Randomize --jit-fuzzing which implies --no-lazy

Also sometimes explicitly enable or disable lazy compilation.

Bug: 475707969
Change-Id: Ic13b6843ae0d478f0d9e6ce77a0d7318d1f47e03
Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8999276
Commit-Queue: Matthias Liedtke <mliedtke@google.com>
Reviewed-by: Leszek Swirski <leszeks@google.com>
Auto-Submit: Matthias Liedtke <mliedtke@google.com>

Author: Liedtke

Sources/FuzzilliCli/Profiles/V8CommonProfile.swift

@@ -773,7 +773,6 @@ public func v8ProcessArgs(randomize: Bool, forSandbox: Bool) -> [String] {
         "--omit-quit",
         "--allow-natives-syntax",
         "--fuzzing",
-        "--jit-fuzzing",
         "--future",
         "--harmony",
         "--experimental-fuzzing",
@@ -813,6 +812,10 @@ public func v8ProcessArgs(randomize: Bool, forSandbox: Bool) -> [String] {
         args.append("--no-short-builtin-calls")
     }
 
+    if probability(0.8) {
+        args.append("--jit-fuzzing")
+    }
+
     // Disabling Liftoff enables "direct" coverage for the optimizing compiler, though some
     // features (like speculative inlining) require a combination of Liftoff and Turbofan.
     // Note that this flag only affects WebAssembly.
@@ -1033,6 +1036,8 @@ public func v8ProcessArgs(randomize: Bool, forSandbox: Bool) -> [String] {
         chooseBooleanFlag("always-osr")
         chooseBooleanFlag("concurrent-osr")
         chooseBooleanFlag("force-slow-path")
+        chooseBooleanFlag("lazy")
+        chooseBooleanFlag("lazy-eval")
 
         // Maglev related flags
         chooseBooleanFlag("maglev-inline-api-calls")