DetectMissingBuiltins: Skip type coercion functions valueOf and toString

Bug: 487347678
Change-Id: I2157fdb4904c8cd5886c8cf9c3f230cab85fdd76
Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9078877
Auto-Submit: Matthias Liedtke <mliedtke@google.com>
Commit-Queue: Michael Achenbach <machenbach@google.com>
Reviewed-by: Michael Achenbach <machenbach@google.com>

Author: Liedtke

Sources/FuzzilliDetectMissingBuiltins/main.swift

@@ -168,9 +168,14 @@ func checkNode(_ nodeId: Int, path: [String]) {
         }
     }
 
-    // Each function has a name and a length property. We don't really care about them, so filter
-    // them out.
-    let propertyData = node.properties.filter {($0.key != "name" && $0.key != "length") || node.type != "function"}
+    let propertyData = node.properties.filter {
+      // Each function has a name and a length property. We don't really care about them, so filter
+      // them out.
+      (($0.key != "name" && $0.key != "length") || node.type != "function")
+      // These conversion functions exist on a large amount of objects. The interesting part is
+      // calling them during type coercion which will happen automatically.
+      && $0.key != "valueOf" && $0.key != "toString"
+    }
     for (prop, propertyRef) in propertyData {
         let (childId, isGetter) = (propertyRef.id, propertyRef.isGetter)