Bug 138544 - Exception fuzz helper generates incorrect target range
Summary: Exception fuzz helper generates incorrect target range
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tools / Tests (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-11-09 09:32 PST by Akos Kiss
Modified: 2014-11-09 23:59 PST (History)
5 users (show)

See Also:

Attachments
Proposed patch. (1.57 KB, patch)
2014-11-09 09:33 PST, Akos Kiss 		darin: commit-queue-
Details | Formatted Diff | Diff
Updated patch (1.59 KB, patch)
2014-11-09 11:01 PST, Akos Kiss 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Akos Kiss 2014-11-09 09:32:20 PST 
Currently, the jsc-stress-test-helpers/js-exception-fuzz script generates targets in the range of 0..($checkCount-1). However, target 0 is never hit, while target 1 is always outside of the outermost try block of the tests, which therefore prints unexpected output and results in false failures when fired at. Additionally, target $checkCount is never generated.

An example failure report for target 1:

exceptionFuzz.yaml/exceptionFuzz/3d-cube.js.exception-fuzz: iteration(62) target(1): Exception: Error: Exception Fuzz
exceptionFuzz.yaml/exceptionFuzz/3d-cube.js.exception-fuzz: iteration(62) target(1): global code@3d-cube.js:7:18
exceptionFuzz.yaml/exceptionFuzz/3d-cube.js.exception-fuzz: Failure for command ../../../.vm/JavaScriptCore.framework/Resources/jsc 3d-cube.js with seed 1415502219, repeat 100: Unexpected state thrown at end for target 1 at ../../../.helpers/js-exception-fuzz line 67, <$testInput> line 4.
exceptionFuzz.yaml/exceptionFuzz/3d-cube.js.exception-fuzz: ERROR: Unexpected exit code: 255

The above output is for 3d-cube.js, but all 3 tests in tests/exceptionFuzz can fail like this. Target 1 can be manually triggered by the command:
WebKitBuild/Debug/bin/jsc --enableExceptionFuzz=true --fireExceptionFuzzAt=1 Source/JavaScriptCore/tests/exceptionFuzz/3d-cube.js
Comment 1 Akos Kiss 2014-11-09 09:33:58 PST 
Created attachment 241254 [details]
Proposed patch.
Comment 2 WebKit Commit Bot 2014-11-09 09:35:46 PST 
Attachment 241254 [details] did not pass style-queue:


ERROR: Tools/ChangeLog:1:  ChangeLog entry has no bug number  [changelog/bugnumber] [5]
Total errors found: 1 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 Darin Adler 2014-11-09 09:56:34 PST 
Comment on attachment 241254 [details]
Proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=241254&action=review

> Tools/ChangeLog:4
> +        Need the bug URL (OOPS!).

I don’t think we can land this with the commit queue with this line like this.

> Tools/ChangeLog:12
> +        Currently, the script generates exception fuzz targets in the range of
> +        0..($checkCount-1). However, target 0 is never hit, while target 1 is
> +        always outside of the outermost try block of the tests, which therefore
> +        prints unexpected output and results in false failures when fired at.
> +        Additionally, target $checkCount is never generated.

This looks right to me, but I am not sufficiently familiar with the exception system to check if this paragraph is correct or not. The code does correctly implement what this paragraph describes.
Comment 4 Akos Kiss 2014-11-09 11:01:49 PST 
Created attachment 241256 [details]
Updated patch

Fixed the ChangeLog. My bad. Sorry.
Comment 5 WebKit Commit Bot 2014-11-09 23:59:30 PST 
Comment on attachment 241256 [details]
Updated patch

Clearing flags on attachment: 241256

Committed r175801: <http://trac.webkit.org/changeset/175801>
Comment 6 WebKit Commit Bot 2014-11-09 23:59:33 PST 
All reviewed patches have been landed.  Closing bug.