We should add a simple target to
js/src/fuzz-tests that takes the libFuzzer-provided input and feeds it directly to
JS::Evaluate. This will probably not find many runtime bugs, but it will stress the parser a lot, in particular error paths in the parser that our normal JS fuzzers try to avoid. Especially with some new syntax being added to JS (BigInts, Nullish Coalescing, etc), this target should be able to provide additional value whenever we make parser changes. Historically, we have found such bugs before (mostly by accident through LangFuzz because the grammar is not perfect). Implementation should be trivial, I'll make a patch.
Marking this s-s because we need to do some testing first before landing this code to m-c to ensure we don't 0-day ourselves.