Tracking crashes on Jesse's fuzzer (bug 349611) following crashes occured TB22573674K, TB22568653M, TB22567158Q, TB22554559Z, TB22621523M, TB22621197X, TB22613961W, TB22611978H, TB22611521E, TB22608334K, TB22608085G, TB22606070Q Jesse, Please add a textarea to show all prev error msg. It will be easy to cut and paste from textarea than alert box. Thanks in Advance
The fuzzer outputs the function strings it's about to compile/decompile/run using dump(). That's important if you hope to file bugs on crashes :) It also outputs all alert()ed text using dump(). On Windows, I think you need to run with -console to get dump() to do anything in opt builds. See http://developer.mozilla.org/en/docs/DOM:window.dump.
set MOZ_NO_REMOTE=1 firefox.exe -P > log.out 2> log.err
> Can you test again with a newer build and a newer version of the fuzzer? After 2 days I got TB23525754 which is a MSVCR80.dll sadly at that time console output was not on. can we assume testOne() in the new jsparsefuzz.js will do the dump generated statement on console before evaluation/compile it. Again I assume crash is occuring because of the compile/eval/uneval of the code.
> can we assume testOne() in the new jsparsefuzz.js will do the dump generated > statement on console before evaluation/compile it. Yes -- you can verify that by looking at testOne. Just don't redirect ./js's output to a file or to "tee" without adding fflush in js.c. > Again I assume crash is > occuring because of the compile/eval/uneval of the code. I don't think I've seen any crashes with this fuzzer that happened as a result of attempting to generate the next random function. Bug 352604 was sort of an exception, but it wasn't too hard to track down. Sometimes, you need to execute multiple generated functions in order to crash, e.g. because one function sets x to a certain object and another function uses x in a way that crashes with that object. If this happens, grep for tryItOut and paste 1000 to 5000 lines back into the fuzzer.
I got TB23596087Z I dont know it is related or not. I was running fuzzer, along with reading yahoo mail and other web surfing. then I closed fuzzer continued on yahoo mail clicked back button few time and got this crash. (Again I dont have consol opend at this time)
I think this metabug-that-doesn't-depend-on-anything isn't useful any more. Biju, if you find crashes while running jsfunfuzz in the shell or in the browser, just file bugs blocking bug 349611 (preferably with reduced testcases). I can hook you up with a new version of the fuzzer if you're interested.
(In reply to comment #7) > I can hook you up with a new version of the fuzzer if you're interested. Thanks, that will be nice, how do I run new fuzzer. Also, is there a mechanism where I can open a web page, may be with a logon. And latest version of the fuzzer run from that page. When an error or crush occurs it should log to the web server. Later I (or somebody authorized) should be able to go thru all errors and crashes.
That would be kinda neat, to allow more people to volunteer computing power to run jsfunfuzz. But I think that getting it to work well, with crash reporting, on multiple platforms, would take quite a bit of work.
(In reply to comment #9) > on multiple platforms, would take quite a bit of work. it dont have be fancy. and if it is a JSON based one, we can have it as an option while surfing http://www.mozillazine.org/ http://forums.mozillazine.org/ http://www.spreadfirefox.com/