[flags] Don't imply --no-flush-bytecode from --jit-fuzzing [v8/v8 : main]
Maksim Ivanov (Gerrit)
Maksim Ivanov added 1 comment![]( "Open in Gerrit")
olivf@: PTAL since I believe you worked on the bytecode flushing in the past (?).
machenbach@: For the fuzzing aspects (my understanding is that all relevant fuzzers in the V8 code base already randomize this flag).
Thanks!
Related details
- Michael Achenbach
- Olivier Flückiger
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Michael Achenbach (Gerrit)
Michael Achenbach voted and added 1 comment![]( "Open in Gerrit")
Votes added by Michael Achenbach
| Code-Review | +1 |
1 comment
Do you also add more --no-flush-bytecode to the various trial configs? Or is there already?
Related details
- Maksim Ivanov
- Olivier Flückiger
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Maksim Ivanov (Gerrit)
Maksim Ivanov added 1 comment![]( "Open in Gerrit")
Do you also add more --no-flush-bytecode to the various trial configs? Or is there already?
It's already in:
- clusterfuzz_trials_config.json (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/trials/clusterfuzz_trials_config.json;l=33;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
- fozzie (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/foozzie/v8_fuzz_flags.json;l=31;drc=5aa904449d6cfc3437e2b1fd789757701701483e)
- numfuzz (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/testrunner/testproc/fuzzer.py;l=46;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
Please let me know if there's anything I missed. (Fuzzilli will be addressed in https://chrome-internal-review.git.corp.google.com/c/v8/fuzzilli/+/9278461).
Related details
- Olivier Flückiger
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Michael Achenbach (Gerrit)
Michael Achenbach added 1 comment![]( "Open in Gerrit")
Maksim IvanovDo you also add more --no-flush-bytecode to the various trial configs? Or is there already?
It's already in:
- clusterfuzz_trials_config.json (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/trials/clusterfuzz_trials_config.json;l=33;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
- fozzie (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/foozzie/v8_fuzz_flags.json;l=31;drc=5aa904449d6cfc3437e2b1fd789757701701483e)
- numfuzz (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/testrunner/testproc/fuzzer.py;l=46;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
Please let me know if there's anything I missed. (Fuzzilli will be addressed in https://chrome-internal-review.git.corp.google.com/c/v8/fuzzilli/+/9278461).
Yes, but are the probabilities high enough? The --jit-fuzzing probs that implied it so far are much higher. So maybe also this negative flag should now get higher probs?
Related details
- Maksim Ivanov
- Olivier Flückiger
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Maksim Ivanov (Gerrit)
Maksim Ivanov added 1 comment![]( "Open in Gerrit")
Maksim IvanovDo you also add more --no-flush-bytecode to the various trial configs? Or is there already?
Michael AchenbachIt's already in:
- clusterfuzz_trials_config.json (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/trials/clusterfuzz_trials_config.json;l=33;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
- fozzie (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/foozzie/v8_fuzz_flags.json;l=31;drc=5aa904449d6cfc3437e2b1fd789757701701483e)
- numfuzz (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/testrunner/testproc/fuzzer.py;l=46;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
Please let me know if there's anything I missed. (Fuzzilli will be addressed in https://chrome-internal-review.git.corp.google.com/c/v8/fuzzilli/+/9278461).
Yes, but are the probabilities high enough? The --jit-fuzzing probs that implied it so far are much higher. So maybe also this negative flag should now get higher probs?
That's a good question! I'll need some guidance on that from people who are better familiar with the bytecode flushing than me.
@olivf, could you help with that one or maybe have an idea whom to ask? Thanks!
Related details
- Michael Achenbach
- Olivier Flückiger
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Maksim Ivanov (Gerrit)
Maksim Ivanov added 2 comments![]( "Open in Gerrit")
Adding leszek@ as you reviewed some CLs for --no-flush-bytecode in tests. Any help with this is appreciated - thanks in advance!
Maksim IvanovDo you also add more --no-flush-bytecode to the various trial configs? Or is there already?
Michael AchenbachIt's already in:
- clusterfuzz_trials_config.json (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/trials/clusterfuzz_trials_config.json;l=33;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
- fozzie (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/foozzie/v8_fuzz_flags.json;l=31;drc=5aa904449d6cfc3437e2b1fd789757701701483e)
- numfuzz (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/testrunner/testproc/fuzzer.py;l=46;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
Please let me know if there's anything I missed. (Fuzzilli will be addressed in https://chrome-internal-review.git.corp.google.com/c/v8/fuzzilli/+/9278461).
Maksim IvanovYes, but are the probabilities high enough? The --jit-fuzzing probs that implied it so far are much higher. So maybe also this negative flag should now get higher probs?
That's a good question! I'll need some guidance on that from people who are better familiar with the bytecode flushing than me.
@olivf, could you help with that one or maybe have an idea whom to ask? Thanks!
- Leszek Swirski
- Michael Achenbach
- Olivier Flückiger
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Leszek Swirski (Gerrit)
Leszek Swirski added 1 comment![]( "Open in Gerrit")
Maksim IvanovDo you also add more --no-flush-bytecode to the various trial configs? Or is there already?
Michael AchenbachIt's already in:
- clusterfuzz_trials_config.json (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/trials/clusterfuzz_trials_config.json;l=33;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
- fozzie (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/foozzie/v8_fuzz_flags.json;l=31;drc=5aa904449d6cfc3437e2b1fd789757701701483e)
- numfuzz (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/testrunner/testproc/fuzzer.py;l=46;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
Please let me know if there's anything I missed. (Fuzzilli will be addressed in https://chrome-internal-review.git.corp.google.com/c/v8/fuzzilli/+/9278461).
Maksim IvanovYes, but are the probabilities high enough? The --jit-fuzzing probs that implied it so far are much higher. So maybe also this negative flag should now get higher probs?
Maksim IvanovThat's a good question! I'll need some guidance on that from people who are better familiar with the bytecode flushing than me.
@olivf, could you help with that one or maybe have an idea whom to ask? Thanks!
@leszek - any thoughts on this?
disabling flushing for jit-fuzzing sgtm, JIT code anyway keeps bytecode alive so it shouldn't be a huge behavioural change.
Related details
- Maksim Ivanov
- Michael Achenbach
- Olivier Flückiger
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Maksim Ivanov (Gerrit)
Maksim Ivanov added 1 comment![]( "Open in Gerrit")
Maksim IvanovDo you also add more --no-flush-bytecode to the various trial configs? Or is there already?
Michael AchenbachIt's already in:
- clusterfuzz_trials_config.json (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/trials/clusterfuzz_trials_config.json;l=33;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
- fozzie (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/foozzie/v8_fuzz_flags.json;l=31;drc=5aa904449d6cfc3437e2b1fd789757701701483e)
- numfuzz (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/testrunner/testproc/fuzzer.py;l=46;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
Please let me know if there's anything I missed. (Fuzzilli will be addressed in https://chrome-internal-review.git.corp.google.com/c/v8/fuzzilli/+/9278461).
Maksim IvanovYes, but are the probabilities high enough? The --jit-fuzzing probs that implied it so far are much higher. So maybe also this negative flag should now get higher probs?
Maksim IvanovThat's a good question! I'll need some guidance on that from people who are better familiar with the bytecode flushing than me.
@olivf, could you help with that one or maybe have an idea whom to ask? Thanks!
Leszek Swirski@leszek - any thoughts on this?
disabling flushing for jit-fuzzing sgtm, JIT code anyway keeps bytecode alive so it shouldn't be a huge behavioural change.
Do you mean the CL isn't needed because the `NEG_IMPLICATION(jit_fuzzing, flush_bytecode)` is OK? (double-checking I read your reply correctly)
Related details
- Leszek Swirski
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Leszek Swirski (Gerrit)
Leszek Swirski added 1 comment![]( "Open in Gerrit")
Maksim IvanovDo you also add more --no-flush-bytecode to the various trial configs? Or is there already?
Michael AchenbachIt's already in:
- clusterfuzz_trials_config.json (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/trials/clusterfuzz_trials_config.json;l=33;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
- fozzie (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/foozzie/v8_fuzz_flags.json;l=31;drc=5aa904449d6cfc3437e2b1fd789757701701483e)
- numfuzz (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/testrunner/testproc/fuzzer.py;l=46;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
Please let me know if there's anything I missed. (Fuzzilli will be addressed in https://chrome-internal-review.git.corp.google.com/c/v8/fuzzilli/+/9278461).
Maksim IvanovYes, but are the probabilities high enough? The --jit-fuzzing probs that implied it so far are much higher. So maybe also this negative flag should now get higher probs?
Maksim IvanovThat's a good question! I'll need some guidance on that from people who are better familiar with the bytecode flushing than me.
@olivf, could you help with that one or maybe have an idea whom to ask? Thanks!
Leszek Swirski@leszek - any thoughts on this?
Maksim Ivanovdisabling flushing for jit-fuzzing sgtm, JIT code anyway keeps bytecode alive so it shouldn't be a huge behavioural change.
Do you mean the CL isn't needed because the `NEG_IMPLICATION(jit_fuzzing, flush_bytecode)` is OK? (double-checking I read your reply correctly)
Oh whoops, I misunderstood your question (and didn't read the actual CL). Bytecode flushing should be disabled at a low probability in general, and I think it's not needed for jit fuzzing since all the tier-up stuff is separate from bytecode liveness.
Related details
- Maksim Ivanov
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Maksim Ivanov (Gerrit)
Maksim Ivanov added 1 comment![]( "Open in Gerrit")
Maksim IvanovDo you also add more --no-flush-bytecode to the various trial configs? Or is there already?
Michael AchenbachIt's already in:
- clusterfuzz_trials_config.json (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/trials/clusterfuzz_trials_config.json;l=33;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
- fozzie (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/foozzie/v8_fuzz_flags.json;l=31;drc=5aa904449d6cfc3437e2b1fd789757701701483e)
- numfuzz (https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/testrunner/testproc/fuzzer.py;l=46;drc=e3570c5f02fc917688f2c5ed2cf04e862615aaed)
Please let me know if there's anything I missed. (Fuzzilli will be addressed in https://chrome-internal-review.git.corp.google.com/c/v8/fuzzilli/+/9278461).
Maksim IvanovYes, but are the probabilities high enough? The --jit-fuzzing probs that implied it so far are much higher. So maybe also this negative flag should now get higher probs?
Maksim IvanovThat's a good question! I'll need some guidance on that from people who are better familiar with the bytecode flushing than me.
@olivf, could you help with that one or maybe have an idea whom to ask? Thanks!
Leszek Swirski@leszek - any thoughts on this?
Maksim Ivanovdisabling flushing for jit-fuzzing sgtm, JIT code anyway keeps bytecode alive so it shouldn't be a huge behavioural change.
Leszek SwirskiDo you mean the CL isn't needed because the `NEG_IMPLICATION(jit_fuzzing, flush_bytecode)` is OK? (double-checking I read your reply correctly)
Oh whoops, I misunderstood your question (and didn't read the actual CL). Bytecode flushing should be disabled at a low probability in general, and I think it's not needed for jit fuzzing since all the tier-up stuff is separate from bytecode liveness.
Thanks! Then the fuzzing configs in the V8 repository seem fine. Only Fuzzilli needs to be updated (I already have https://chrome-internal-review.git.corp.google.com/c/v8/fuzzilli/+/9278461).
Related details
- Leszek Swirski
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Maksim Ivanov (Gerrit)
Maksim Ivanov voted and added 1 comment![]( "Open in Gerrit")
Votes added by Maksim Ivanov
| Commit-Queue | +2 |
1 comment
thanks!
Maksim Ivanov (Gerrit)
Maksim Ivanov voted and added 1 comment![]( "Open in Gerrit")
Votes added by Maksim Ivanov
| Commit-Queue | +2 |
1 comment
olivf@: PTAL since I believe you worked on the bytecode flushing in the past (?).
machenbach@: For the fuzzing aspects (my understanding is that all relevant fuzzers in the V8 code base already randomize this flag).
Thanks!
resolving
Related details
- Leszek Swirski
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
v8-scoped@luci-project-accounts.iam.gserviceaccount.com (Gerrit)
v8-s...@luci-project-accounts.iam.gserviceaccount.com submitted the change![]( "Open in Gerrit")
Change information
[flags] Don't imply --no-flush-bytecode from --jit-fuzzing
Instead of the hard implication, let the randomization mechanisms in
fuzzers explore both "true" and "false" values of this flag.
This allows fuzzers explore scenarios with the code flushing better,
especially given that flushing is enabled in production by default.
- M src/flags/flag-definitions.h
- M tools/testrunner/local/variants.py
Code-Review: +1 by Michael Achenbach
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |