Closed Bug 1620550 Opened 5 years ago Closed 5 years ago

Allow to limit shell timeout function to current evaluate call

Categories

(Core :: JavaScript Engine, enhancement)

Product:
Core
Component:
JavaScript Engine
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: decoder, Unassigned)

Details

For fuzzing purposes, it would be really nice to run code inside the JS shell with a timeout in such a way that you can recover from the timeout inside the shell.

Right now, we have the timeout function which allows us to call an interrupt handler when the given timeout is exceeded. However, inside the interrupt handler, we can either decide to continue the script execution or abort execution completely (including the top-level fuzzing driver running in the shell).

Instead, it would be nice if we could run "untrusted" code in e.g. evaluate() and only abort that evaluate call if the timeout occurs, so we can recover from the situation and take the next input for processing.

If this is easily possible, it could be a performance gain for JS fuzzing because right now, a timeout means restarting the shell. However, if this gets too complicated, please don't feel compelled to implement this.

Flags: needinfo?(jdemooij)

Doesn't evaluate("...", {catchTermination: true}) do what you want? It works when I do something like this:

for (var i = 0; i < 3; i++) {
    print(i);
    print(evaluate("timeout(1); while (true) {}", {catchTermination: true}));
}

0
Script terminated by interrupt handler.
terminated
1
terminated
2
terminated

The "Script terminated by interrupt handler" is only printed once because we don't reset sc->exitCode when evaluate returns "terminated"...

Flags: needinfo?(jdemooij) → needinfo?(choller)

Indeed this does the trick, thanks Jan!

Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(choller)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.