Open Bug 842258 (BaselineFuzz) Opened 11 years ago Updated 2 years ago

[meta] Baseline compiler fuzz bugs

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect

Tracking

()

People

(Reporter: jandem, Unassigned)

References

Details

(Keywords: meta) 

The baseline compiler is ready for fuzzing.

The source is here: http://hg.mozilla.org/projects/ionmonkey

You don't need any build flags or shell flags to enable the compiler. The most interesting shell flags to test are either (1) no flags or (2) --ion-eager.

Baseline still compiles scripts eagerly. When this changes there will be a --baseline-eager flag to get the current behavior, comparable to -a for JM or --ion-eager for Ion. We will update this bug and let the fuzz people know when this happens.

Other interesting flags are --no-ti and -d, but note that even though the baseline compiler works with these flags, they disable IonMonkey, so the fuzzers should not use them all the time.

--no-baseline disables the baseline compiler. We should probably test with this flag too at some point.
I'm on it, testing with either no flags or --ion-eager right now on x86/x86_64. Does this have any ARM specific code or other implications for ARM?
(In reply to Christian Holler (:decoder) from comment #1)
> I'm on it, testing with either no flags or --ion-eager right now on
> x86/x86_64. Does this have any ARM specific code or other implications for
> ARM?

Great! Although almost all code is shared across platforms, there's some ARM specific code, so it would be good to have fuzz testing on ARM. Maybe when x86/x64 are more stable?
Depends on: 842313
Depends on: 842316
Depends on: 842317
Depends on: 842319
Depends on: 842326
(In reply to Jan de Mooij [:jandem] from comment #2)

> Great! Although almost all code is shared across platforms, there's some ARM
> specific code, so it would be good to have fuzz testing on ARM. Maybe when
> x86/x64 are more stable?

Exactly. Since everything (esp. crash processing) on ARM is slower, I'll wait with the ARM fuzzing until we are somewhat stable on x86 :) Thanks.
Depends on: 842429
Depends on: 842430
Depends on: 842431
Depends on: 842432
Depends on: 842988
I'm on this too. (just got back from PTO recently)
Depends on: 843854
Depends on: 843856
Depends on: 844464
Depends on: 844467
Depends on: 844469
Depends on: 844470
Depends on: 844828
(In reply to Jan de Mooij [:jandem] from comment #0)
> Baseline still compiles scripts eagerly. When this changes there will be a
> --baseline-eager flag to get the current behavior, comparable to -a for JM
> or --ion-eager for Ion. We will update this bug and let the fuzz people know
> when this happens.

This is done, there's now a --baseline-eager flag (and --ion-eager implies --baseline-eager).
Depends on: 845331
Depends on: 846072
Depends on: 846080
Depends on: 846288
Depends on: 846295
Depends on: 847410
Depends on: 847425
Depends on: 847446
Depends on: 847484
Depends on: 848743
Depends on: 848906
Depends on: 850099
No longer depends on: 848906
Depends on: 852798
Depends on: 852801
No longer depends on: 852798
No longer depends on: 854021
Depends on: 855083
Depends on: 855088
No longer depends on: 855088
No longer depends on: 855083
Depends on: 857576
Depends on: 857579
Depends on: 857580
Depends on: 857591
Depends on: 857838
Depends on: 858085
Depends on: 858097
Depends on: 858940
Depends on: 862343
No longer depends on: 862343
Assignee: general → nobody
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.