[Fuzzing] Simplify V8 fuzzing flags: use --fuzzing over specific EH flag (#7509)

kripken · web-flow · commit 0db418ad8304 · 2025-04-16T13:11:32.000-07:00
ClusterFuzz already applies this flag, and it implies the EH flag, so we might
as well do it the way V8 does it. This is simpler, though it does mean we are
testing something even more different than production - but in the way V8
believes is best for fuzzing, at least.
diff --git a/scripts/clusterfuzz/run.py b/scripts/clusterfuzz/run.py
@@ -33,9 +33,7 @@
 
 # The V8 flags we put in the "fuzzer flags" files, which tell ClusterFuzz how to
 # run V8. By default we apply all staging flags.
-#
-# We also allow mixed EH, see the comment on the same flag in fuzz_opt.py
-FUZZER_FLAGS_FILE_CONTENTS = '--wasm-staging --wasm-allow-mixed-eh-for-testing'
+FUZZER_FLAGS_FILE_CONTENTS = '--wasm-staging'
 
 # Maximum size of the random data that we feed into wasm-opt -ttf. This is
 # smaller than fuzz_opt.py's INPUT_SIZE_MAX because that script is tuned for
diff --git a/scripts/fuzz_opt.py b/scripts/fuzz_opt.py
@@ -670,15 +670,10 @@ def run_bynterp(wasm, args):
 # Enable even more things than V8_OPTS. V8_OPTS are the flags we want to use
 # when testing, on our fixed test suite, but when fuzzing we may want more.
 def get_v8_extra_flags():
-    # Due to https://github.com/WebAssembly/exception-handling/issues/344 , VMs
-    # do not allow mixed old and new wasm EH. Our fuzzer will very frequently
-    # mix those instructions in a module, so we must use the flag to allow that.
-    # FIXME This is not great, as the majority of the wasm files we test on are
-    #       not actually valid in VMs. But we get coverage this way for runtime
-    #       linking of old and new EH (which VMs allow), that is, our compile-
-    #       time combination of old and new simulates runtime linking to some
-    #       extent.
-    flags = ['--wasm-allow-mixed-eh-for-testing']
+    # It is important to use the --fuzzing flag because it does things like
+    # enable mixed old and new EH (which is an issue since
+    # https://github.com/WebAssembly/exception-handling/issues/344 )
+    flags = ['--fuzzing']
 
     # Sometimes add --future, which may enable new JITs and such, which is good
     # to fuzz for V8's sake.
@@ -1663,6 +1658,10 @@ def handle(self, wasm):
         with open(flags_file, 'r') as f:
             flags = f.read()
         cmd += flags.split(' ')
+        # Get V8's extra fuzzing flags, the same as the ClusterFuzz runner does
+        # (as can be seen from the testcases having --fuzzing and a lot of other
+        # flags as well).
+        cmd += get_v8_extra_flags()
         # Run the fuzz file, which contains a modified fuzz_shell.js - we do
         # *not* run fuzz_shell.js normally.
         cmd.append(os.path.abspath(fuzz_file))
diff --git a/test/unit/test_cluster_fuzz.py b/test/unit/test_cluster_fuzz.py
@@ -186,7 +186,7 @@ def test_file_contents(self):
 
             # The flags file must contain --wasm-staging
             with open(flags_file) as f:
-                self.assertEqual(f.read(), '--wasm-staging --wasm-allow-mixed-eh-for-testing')
+                self.assertEqual(f.read(), '--wasm-staging')
 
             # Extract the wasm file(s) from the JS. Make sure to not notice
             # stale files.
