Bug 13638

Summary: (meta) Bugs found by jsfunfuzz
Product: WebKit Reporter: Jesse Ruderman <jruderman>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: ap, barraclough, gavin.sharp, jwalden+bwo, oliver, webkit, zwarich
Priority: P2    
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.4   
URL: https://bugzilla.mozilla.org/show_bug.cgi?id=349611
Bug Depends on: 6985, 10878, 10880, 13620, 13621, 13622, 13623, 14891, 14892, 14897, 17012, 17013, 17018, 17020, 17027, 17924, 17925, 17927, 17929, 17931, 17932, 17936, 17939, 17940, 23049, 23054, 23062, 23063, 23078, 23085, 23089, 52493, 52501, 52505, 52514, 52515, 52516, 52643, 52672, 52690    
Bug Blocks:    

Description Jesse Ruderman 2007-05-09 02:34:52 PDT 
https://bugzilla.mozilla.org/show_bug.cgi?id=349611 contains a fuzz-testing script that generates random JavaScript functions (some with syntax errors).  It tests compilation, decompilation, interpretation, and lots more :)

It's sorta designed for testing Spidermonkey (Mozilla's JavaScript engine), but it seems to work against WebKit with a few small tweaks.  So far, it has found six decompilation bugs in JavaScriptCore (see dependencies).

It hangs fairly often due to bug 6985 (cyclic __proto__).  I haven't run it long enough to be confident that it doesn't find crashes.
Comment 1 Eric Seidel (no email) 2007-05-09 03:58:32 PDT 
adding bug 6985 since it blocks using jsfunfuzz.
Comment 2 Cameron Zwarich (cpst) 2008-09-02 19:48:18 PDT 
I will happily close this bug now, but if new issues come up from jsfunfuzz it should be reopened.
Comment 3 Oliver Hunt 2011-01-14 17:35:32 PST 
Lets keep this live for tracking purposes
Comment 4 Gavin Barraclough 2012-09-06 16:49:38 PDT 
Only one tracked bug left, so this isn't particularly useful for tracking porpoises any more.

*** This bug has been marked as a duplicate of bug 23089 ***