Closed
Bug 1243031
Opened 8 years ago
Closed 8 years ago
Implement dummy wasm functions in deterministic mode
Categories
(Core :: JavaScript Engine: JIT, defect)
Core
JavaScript Engine: JIT
Tracking
()
RESOLVED
FIXED
mozilla47
| Tracking | Status | |
|---|---|---|
| firefox47 | --- | fixed |
People
(Reporter: bbouvier, Assigned: bbouvier)
Details
Attachments
(1 file, 1 obsolete file)
|
3.00 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
Gary showed me a piece of code on IRC that unevals the global object and prints out the result. On x86 without fpu, the two wasm functions aren't there, which causes a differential testing issue. This patch implements dummy wasm functions to prevent this, but that's not enough: if wasm functions are dummy implementations, differential testing fuzzing will get crazy when comparing dummy vs real. So I made the dummy implementations write "WebAssembly is not supported" on stderr, thus fuzzers can pattern match this string and abort fuzzing, as they do for some error messages in asm.js https://github.com/MozillaSecurity/funfuzz/blob/master/js/compareJIT.py#L120 .
Attachment #8712235 -
Flags: review?(luke)
> as they do for some error messages in asm.js > https://github.com/MozillaSecurity/funfuzz/blob/master/js/compareJIT.py#L120 Here's a better (more permanent) URL: https://github.com/MozillaSecurity/funfuzz/blob/3273653443dd5faf8b67584cc305d42668e569d8/js/compareJIT.py#L120
|
||
Comment 2•8 years ago
|
||
Could we instead have wasmEval/wasmTextToString *always* be defined but if !SupportsWasm, they throw an error and, #ifdef MORE_DETERMINISTIC, also fprintf a message that can tell the fuzzers to ignore this test case?
|
Assignee | |
Comment 3•8 years ago
|
||
Attachment #8712235 -
Attachment is obsolete: true
Attachment #8712235 -
Flags: review?(luke)
Attachment #8712609 -
Flags: review?(luke)
|
|
||
Comment 4•8 years ago
|
||
Comment on attachment 8712609 [details] [diff] [review] deterministic.patch Review of attachment 8712609 [details] [diff] [review]: ----------------------------------------------------------------- Thanks! ::: js/src/asmjs/Wasm.cpp @@ +575,5 @@ > + if (!SupportsWasm(cx)) { > +#ifdef JS_MORE_DETERMINISTIC > + fprintf(stderr, "WebAssembly is not supported.\n"); > +#endif // JS_MORE_DETERMINISTIC > + JS_ReportError(cx, "WebAssembly is not supported."); Can you say "on the current device"? @@ +653,5 @@ > static bool > WasmTextToBinary(JSContext* cx, unsigned argc, Value* vp) > { > + if (!CheckWasmSupport(cx)) > + return false; I think this check isn't necessary.
Attachment #8712609 -
Flags: review?(luke) → review+
|
|
Assignee | |
Updated•8 years ago
|
Flags: needinfo?(bbouvier)
|
|
Assignee | |
Comment 7•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=e430ac6c314c
Flags: needinfo?(bbouvier)
|
||
Comment 9•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/0ae79cfe1fdf
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox47:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
I've turned on --no-fpu testing again, this time ignoring the phrase "WebAssembly is not supported on the current device". https://github.com/MozillaSecurity/funfuzz/commit/7cb9b3be4f26379f6fca96163456f85febf26f6e
You need to log in
before you can comment on or make changes to this bug.
Description
•