Bug 138544

Summary: Exception fuzz helper generates incorrect target range
Product: WebKit Reporter: Akos Kiss <akiss>
Component: Tools / TestsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: buildbot, commit-queue, darin, fpizlo, rniwa
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Proposed patch.
darin: commit-queue-
Updated patch none

Description Akos Kiss 2014-11-09 09:32:20 PST 
Currently, the jsc-stress-test-helpers/js-exception-fuzz script generates targets in the range of 0..($checkCount-1). However, target 0 is never hit, while target 1 is always outside of the outermost try block of the tests, which therefore prints unexpected output and results in false failures when fired at. Additionally, target $checkCount is never generated.

An example failure report for target 1:

exceptionFuzz.yaml/exceptionFuzz/3d-cube.js.exception-fuzz: iteration(62) target(1): Exception: Error: Exception Fuzz
exceptionFuzz.yaml/exceptionFuzz/3d-cube.js.exception-fuzz: iteration(62) target(1): global code@3d-cube.js:7:18
exceptionFuzz.yaml/exceptionFuzz/3d-cube.js.exception-fuzz: Failure for command ../../../.vm/JavaScriptCore.framework/Resources/jsc 3d-cube.js with seed 1415502219, repeat 100: Unexpected state thrown at end for target 1 at ../../../.helpers/js-exception-fuzz line 67, <$testInput> line 4.
exceptionFuzz.yaml/exceptionFuzz/3d-cube.js.exception-fuzz: ERROR: Unexpected exit code: 255

The above output is for 3d-cube.js, but all 3 tests in tests/exceptionFuzz can fail like this. Target 1 can be manually triggered by the command:
WebKitBuild/Debug/bin/jsc --enableExceptionFuzz=true --fireExceptionFuzzAt=1 Source/JavaScriptCore/tests/exceptionFuzz/3d-cube.js
Comment 1 Akos Kiss 2014-11-09 09:33:58 PST 
Created attachment 241254 [details]
Proposed patch.
Comment 2 WebKit Commit Bot 2014-11-09 09:35:46 PST 
Attachment 241254 [details] did not pass style-queue:


ERROR: Tools/ChangeLog:1:  ChangeLog entry has no bug number  [changelog/bugnumber] [5]
Total errors found: 1 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 Darin Adler 2014-11-09 09:56:34 PST 
Comment on attachment 241254 [details]
Proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=241254&action=review

> Tools/ChangeLog:4
> +        Need the bug URL (OOPS!).

I don’t think we can land this with the commit queue with this line like this.

> Tools/ChangeLog:12
> +        Currently, the script generates exception fuzz targets in the range of
> +        0..($checkCount-1). However, target 0 is never hit, while target 1 is
> +        always outside of the outermost try block of the tests, which therefore
> +        prints unexpected output and results in false failures when fired at.
> +        Additionally, target $checkCount is never generated.

This looks right to me, but I am not sufficiently familiar with the exception system to check if this paragraph is correct or not. The code does correctly implement what this paragraph describes.
Comment 4 Akos Kiss 2014-11-09 11:01:49 PST 
Created attachment 241256 [details]
Updated patch

Fixed the ChangeLog. My bad. Sorry.
Comment 5 WebKit Commit Bot 2014-11-09 23:59:30 PST 
Comment on attachment 241256 [details]
Updated patch

Clearing flags on attachment: 241256

Committed r175801: <http://trac.webkit.org/changeset/175801>
Comment 6 WebKit Commit Bot 2014-11-09 23:59:33 PST 
All reviewed patches have been landed.  Closing bug.