[v8] Enable fuzzing of Turbofan's instruction scheduling

Liedtke · V8-internal LUCI CQ · commit 3a8d55941c0c · 2026-02-19T07:03:57.000-08:00
While this feature is disabled by default, it is a non-experimental feature and other fuzzers already create exposure of this feature (see https://source.chromium.org/chromium/chromium/src/+/main:v8/tools/clusterfuzz/trials/clusterfuzz_trials_config.json;l=60;drc=84a1682b877e88c8912cebf44a8513c7d84206ed) Bug: 485657212 Change-Id: I899357c64d4e2dfd9385d3da5f445f0edc447765 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9035976 Reviewed-by: Darius Mercadier <dmercadier@google.com> Auto-Submit: Matthias Liedtke <mliedtke@google.com> Commit-Queue: Matthias Liedtke <mliedtke@google.com>
diff --git a/Sources/FuzzilliCli/Profiles/V8CommonProfile.swift b/Sources/FuzzilliCli/Profiles/V8CommonProfile.swift
@@ -795,6 +795,10 @@ public func v8ProcessArgs(randomize: Bool, forSandbox: Bool) -> [String] {
         if probability(0.5) {
             args.append("--maglev-as-top-tier")
         }
+    } else if probability(0.1) {
+        args.append(probability(0.5)
+            ? "--turbo-instruction-scheduling"
+            : "--turbo-stress-instruction-scheduling")
     }
 
     if probability(0.1) {

Original file line number	Diff line number	Diff line change
`@@ -795,6 +795,10 @@ public func v8ProcessArgs(randomize: Bool, forSandbox: Bool) -> [String] {`
`795`	`795`	`if probability(0.5) {`
`796`	`796`	`args.append("--maglev-as-top-tier")`
`797`	`797`	`}`
	`798`	`+ } else if probability(0.1) {`
	`799`	`+ args.append(probability(0.5)`
	`800`	`+ ? "--turbo-instruction-scheduling"`
	`801`	`+ : "--turbo-stress-instruction-scheduling")`
`798`	`802`	`}`
`799`	`803`
`800`	`804`	`if probability(0.1) {`