Closed
Bug 449529
Opened 16 years ago
Closed 15 years ago
TM: Fuzzer that exercises tracer implementation
Categories
(Core :: JavaScript Engine, enhancement)
Tracking
()
RESOLVED
FIXED
People
(Reporter: sayrer, Assigned: jruderman)
References
Details
(Keywords: meta, Whiteboard: [sg:nse meta])
Attachments
(1 file, 1 obsolete file)
83.41 KB,
text/javascript
|
Details |
We need a fuzzer that really makes life hard for the tracer.
Reporter | ||
Updated•16 years ago
|
Assignee: general → jruderman
Assignee | ||
Comment 1•16 years ago
|
||
If you don't have access to the fuzzer repository, you should be able to use this file along with the other files in the .zip in bug 349611.
Last week I added some extra looping, both around the content of the entire function and at random. (Search for "randomRepeater"). This is enough to at least exercise some tracing code, right? Does it find bugs?
I'm at Black Hat and DEF CON this week, but next week I can work with you guys to test tracing harder.
Comment 2•16 years ago
|
||
What is the tracer?
Comment 3•16 years ago
|
||
The tracer is the part of the Spidermonkey JIT that records instructions as the interpreter executes them. This recorded sequence of instructions results in a trace that is then compiled to native machine code.
Comment 4•16 years ago
|
||
I started using the fuzzer and it kills us pretty early on (in the fuzzer code, not the fuzzed code). I suggest to put some gdb warrior on this. Looks easy to fix.
Depends on: 450830
Assignee | ||
Comment 5•16 years ago
|
||
I also have a known_assertions.txt and a known_crashes.txt and stuff.
Attachment #332705 -
Attachment is obsolete: true
Updated•16 years ago
|
Whiteboard: [sg:nse meta]
Assignee | ||
Comment 6•15 years ago
|
||
jsfunfuzz (bug 349611) and comparison fuzzers (bug 465479) both exercise the tracer now.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•