706433 - Add JS shell compile flag for more determinism (differential testing/fuzzing)

Status: RESOLVED FIXED

(Core :: JavaScript Engine, enhancement)

Description

[Christian Holler (:decoder)]

Attachment: Patch

In differential testing we usually compare the output of two shells running with different options (e.g. TI vs. Interp) and there are quite a few functions that behave differently under those options or even completely non-deterministic. While we can remove or wrap most of those functions at runtime, some obstacles remain.

The attached patch does two things: It makes gc() return an empty string (Jesse mentioned on IRC that wrapping gc() could cause problems) and it makes js_ReportOverRecursed print out a notice on stderr when it is called. The reason for that notice is to recognize when a test hits the recursion limit so we can ignore it, as the recursion limits across different options is not consistent.

Both modifications are not enabled unless the --enable-more-deterministic flag is passed at compile time.

Comment 1

[Jason Orendorff [:jorendorff]]

Comment on attachment 577920 [details] [diff] [review]
Patch

Review of attachment 577920 [details] [diff] [review]:
-----------------------------------------------------------------

r=me with the nit below.

::: js/src/shell/js.cpp
@@ +1212,5 @@
>  
>      char buf[256];
> +#ifdef JS_MORE_DETERMINISTIC
> +    JS_snprintf(buf, sizeof(buf), "");
> +#else

Just buf[0] = '\0'; here please.

Comment 2

[Christian Holler (:decoder)]

Attachment: Updated patch

Updated patch to fix the nit. Jason, can you check this in?

Comment 3

[Christian Holler (:decoder)]

Comment on attachment 578429 [details] [diff] [review]
Updated patch

r+ taken from first patch.

Comment 4

[Gary Kwong [:gkw] [:nth10sd] (NOT official MoCo now)]

Landed on m-i:

http://hg.mozilla.org/integration/mozilla-inbound/rev/f0159088a7c3

Comment 5

[Marco Bonardo [:mak]]

https://hg.mozilla.org/mozilla-central/rev/f0159088a7c3