1223846 - Fuzz ES6 modules

Status: NEW

(Core :: JavaScript Engine, defect)

Description

[Jon Coppeard (:jonco)]

This bug is to request fuzzing of ES6 modules, which are now available (minus a full module loader) in the shell.

To run a script as a module, use the -m/--module option rather than -f/--file option, passing the script filename.

It would be useful to test that executing standard JS code as a module doesn't cause anything to blow up.

Even better would be to exercise imports/exports between modules, but that would be more difficult and require some awareness in the fuzzers to create a coherent (or incoherent) set of modules to test.

Comment 1

[Christian Holler (:decoder)]

Can this be tested somehow from within the JS shell, rather than using -m? LangFuzz does not load files using -f but using load() inside a driver that is loaded with -f instead. Can we somehow load/evaluate as a module? Support in evaluate() would be sufficient and actually more useful than loading a file directly (since it helps reduction to be able to inline the code).

Comment 2

[Jon Coppeard (:jonco)]

Yes, the shell function parseModule() parses source text as a module and returns a module object.

Comment 3

[Jon Coppeard (:jonco)]

(In reply to Jon Coppeard (:jonco) from comment #2)
Actually there is a bit more to it that.  To get the full effect of loading a module you will need to call declarationInstantation() and then evaluation() on the module object returned from parseModule(), e.g. like in this test code:

https://dxr.mozilla.org/mozilla-central/source/js/src/jit-test/tests/modules/import-namespace.js#15

Comment 4

[Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)]

Jesse would be a better person to move this forward, but we are likely packed with stuff till at least the end of the quarter.