Bug 13638
| Summary: | (meta) Bugs found by jsfunfuzz | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Jesse Ruderman <jruderman> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | ap, barraclough, gavin.sharp, jwalden+bwo, oliver, webkit, zwarich |
| Priority: | P2 | ||
| Version: | 523.x (Safari 3) | ||
| Hardware: | Mac | ||
| OS: | OS X 10.4 | ||
| URL: | https://bugzilla.mozilla.org/show_bug.cgi?id=349611 | ||
| Bug Depends on: | 6985, 10878, 10880, 13620, 13621, 13622, 13623, 14891, 14892, 14897, 17012, 17013, 17018, 17020, 17027, 17924, 17925, 17927, 17929, 17931, 17932, 17936, 17939, 17940, 23049, 23054, 23062, 23063, 23078, 23085, 23089, 52493, 52501, 52505, 52514, 52515, 52516, 52643, 52672, 52690 | ||
| Bug Blocks: | |||
Jesse Ruderman
https://bugzilla.mozilla.org/show_bug.cgi?id=349611 contains a fuzz-testing script that generates random JavaScript functions (some with syntax errors). It tests compilation, decompilation, interpretation, and lots more :)
It's sorta designed for testing Spidermonkey (Mozilla's JavaScript engine), but it seems to work against WebKit with a few small tweaks. So far, it has found six decompilation bugs in JavaScriptCore (see dependencies).
It hangs fairly often due to bug 6985 (cyclic __proto__). I haven't run it long enough to be confident that it doesn't find crashes.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Eric Seidel (no email)
adding bug 6985 since it blocks using jsfunfuzz.
Cameron Zwarich (cpst)
I will happily close this bug now, but if new issues come up from jsfunfuzz it should be reopened.
Oliver Hunt
Lets keep this live for tracking purposes
Gavin Barraclough
Only one tracked bug left, so this isn't particularly useful for tracking porpoises any more.
*** This bug has been marked as a duplicate of bug 23089 ***