def createReproFile(fuzzerJS, extraPrefs, lines, logPrefix):
contentTypes = linesStartingWith(lines, "FRCX Content type: ")
contentType = afterColon(
contentTypes[0]) if len(contentTypes) > 0 else "text/html"
extDict = {
'text/html': 'html',
'application/xhtml+xml': 'xhtml',
'image/svg+xml': 'svg',
'application/vnd.mozilla.xul+xml': 'xul',
# 'text/xml' is tricky. We'd want to know the xmlns of the root, and steal its contents but use .xml.
# But treating it as xhtml is better than doing nothing, for now.
'text/xml': 'xhtml'
}
if contentType in extDict:
extension = extDict[contentType]
else:
print "loopdomfuzz is not sure what to do with content type " + repr(
contentType) + " :("
extension = "xhtml"
[wbefore, wafter] = fuzzDice(os.path.join(emptiesDir, "a." + extension))
possibleDoctype = []
if contentType == "text/html":
docTypes = linesStartingWith(lines, "FRCX Doctype: ")
if len(docTypes) > 0:
possibleDoctype = [afterColon(docTypes[0]) + "\n"]
[jbefore, jafter] = fuzzSplice(fuzzerJS)
fuzzlines = [
line[12:] for line in linesStartingWith(lines, " /*FRCA1*/ ")
]
if len(fuzzlines) < 3:
fuzzlines = [
"// Startup crash?\n", "var fuzzSettings = [42,0,42,42,3000,0];\n",
"var fuzzCommands = [];\n", "// DDBEGIN\n"
]
quittage = [
extraPrefs,
"// DDEND\n",
'fuzzCommands.push({ note: "done", rest: true, timeout: 3000});\n',
'fuzzCommands.push({ note: "quit", fun: function() { fuzzPriv.quitApplication(); } });\n',
"\n",
"function user_pref() { /* Allow randomPrefs.py to parse user_pref lines from this file */ }\n",
]
linesToWrite = possibleDoctype + wbefore + jbefore + fuzzlines + quittage + jafter + wafter
oFN = logPrefix + "-splice-orig." + extension
rFN = logPrefix + "-splice-reduced." + extension
writeLinesToFile(linesToWrite, oFN)
writeLinesToFile(linesToWrite, rFN)
subprocess.call(["gzip", oFN])
return rFN
def createReproFile(fuzzerJS, extraPrefs, lines, logPrefix):
contentTypes = linesStartingWith(lines, "FRCX Content type: ")
contentType = afterColon(contentTypes[0]) if len(contentTypes) > 0 else "text/html"
extDict = {
"text/html": "html",
"application/xhtml+xml": "xhtml",
"image/svg+xml": "svg",
"application/vnd.mozilla.xul+xml": "xul",
# 'text/xml' is tricky. We'd want to know the xmlns of the root, and steal its contents but use .xml.
# But treating it as xhtml is better than doing nothing, for now.
"text/xml": "xhtml",
}
if contentType in extDict:
extension = extDict[contentType]
else:
print "loopdomfuzz is not sure what to do with content type " + repr(contentType) + " :("
extension = "xhtml"
[wbefore, wafter] = fuzzDice(os.path.join(emptiesDir, "a." + extension))
possibleDoctype = []
if contentType == "text/html":
docTypes = linesStartingWith(lines, "FRCX Doctype: ")
if len(docTypes) > 0:
possibleDoctype = [afterColon(docTypes[0]) + "\n"]
[jbefore, jafter] = fuzzSplice(fuzzerJS)
fuzzlines = [line[12:] for line in linesStartingWith(lines, " /*FRCA1*/ ")]
if len(fuzzlines) < 3:
fuzzlines = [
"// Startup crash?\n",
"var fuzzSettings = [42,0,42,42,3000,0];\n",
"var fuzzCommands = [];\n",
"// DDBEGIN\n",
]
quittage = [
extraPrefs,
"// DDEND\n",
'fuzzCommands.push({ note: "done", rest: true, timeout: 3000});\n',
'fuzzCommands.push({ note: "quit", fun: function() { fuzzPriv.quitApplication(); } });\n',
"\n",
"function user_pref() { /* Allow randomPrefs.py to parse user_pref lines from this file */ }\n",
]
linesToWrite = possibleDoctype + wbefore + jbefore + fuzzlines + quittage + jafter + wafter
oFN = logPrefix + "-splice-orig." + extension
rFN = logPrefix + "-splice-reduced." + extension
writeLinesToFile(linesToWrite, oFN)
writeLinesToFile(linesToWrite, rFN)
subprocess.call(["gzip", oFN])
return rFN
def many_timed_runs(targetTime, wtmpDir, args, collector):
options = parseOpts(args)
engineFlags = options.engineFlags # engineFlags is overwritten later if --random-flags is set.
startTime = time.time()
if os.path.isdir(sps.normExpUserPath(options.repo)):
regressionTestListFile = sps.normExpUserPath(os.path.join(wtmpDir, "regression-tests.list"))
with open(regressionTestListFile, "wb") as f:
for fn in inTreeRegressionTests(options.repo):
f.write(fn + "\n")
regressionTestPrologue = makeRegressionTestPrologue(options.repo, regressionTestListFile)
else:
regressionTestPrologue = ""
fuzzjs = sps.normExpUserPath(os.path.join(wtmpDir, "jsfunfuzz.js"))
linkFuzzer(fuzzjs, options.repo, regressionTestPrologue)
iteration = 0
while True:
if targetTime and time.time() > startTime + targetTime:
print "Out of time!"
os.remove(fuzzjs)
if len(os.listdir(wtmpDir)) == 0:
os.rmdir(wtmpDir)
break
# Construct command needed to loop jsfunfuzz fuzzing.
jsInterestingArgs = []
jsInterestingArgs.append('--timeout=' + str(options.timeout))
if options.valgrind:
jsInterestingArgs.append('--valgrind')
jsInterestingArgs.append(options.knownPath)
jsInterestingArgs.append(options.jsEngine)
if options.randomFlags:
engineFlags = shellFlags.randomFlagSet(options.jsEngine)
jsInterestingArgs.extend(engineFlags)
jsInterestingArgs.extend(['-e', 'maxRunTime=' + str(options.timeout*(1000/2))])
jsInterestingArgs.extend(['-f', fuzzjs])
jsInterestingOptions = jsInteresting.parseOptions(jsInterestingArgs)
iteration += 1
logPrefix = sps.normExpUserPath(os.path.join(wtmpDir, "w" + str(iteration)))
res = jsInteresting.ShellResult(jsInterestingOptions, jsInterestingOptions.jsengineWithArgs, logPrefix, False)
if res.lev != jsInteresting.JS_FINE:
showtail(logPrefix + "-out.txt")
showtail(logPrefix + "-err.txt")
# splice jsfunfuzz.js with `grep FRC wN-out`
filenameToReduce = logPrefix + "-reduced.js"
[before, after] = fileManipulation.fuzzSplice(fuzzjs)
with open(logPrefix + '-out.txt', 'rb') as f:
newfileLines = before + [l.replace('/*FRC*/', '') for l in fileManipulation.linesStartingWith(f, "/*FRC*/")] + after
fileManipulation.writeLinesToFile(newfileLines, logPrefix + "-orig.js")
fileManipulation.writeLinesToFile(newfileLines, filenameToReduce)
# Run Lithium and autobisect (make a reduced testcase and find a regression window)
itest = [interestingpy]
if options.valgrind:
itest.append("--valgrind")
itest.append("--minlevel=" + str(res.lev))
itest.append("--timeout=" + str(options.timeout))
itest.append(options.knownPath)
(lithResult, lithDetails, autoBisectLog) = pinpoint.pinpoint(itest, logPrefix, options.jsEngine, engineFlags, filenameToReduce,
options.repo, options.buildOptionsStr, targetTime, res.lev)
# Upload with final output
if lithResult == lithOps.LITH_FINISHED:
fargs = jsInterestingOptions.jsengineWithArgs[:-1] + [filenameToReduce]
retestResult = jsInteresting.ShellResult(jsInterestingOptions, fargs, logPrefix + "-final", False)
if retestResult.lev > jsInteresting.JS_FINE:
res = retestResult
quality = 0
else:
quality = 6
else:
quality = 10
# ddsize = lithOps.ddsize(filenameToReduce)
print "Submitting " + filenameToReduce + " (quality=" + str(quality) + ") at " + sps.dateStr()
metadata = {}
if autoBisectLog:
metadata = {"autoBisectLog": ''.join(autoBisectLog)}
collector.submit(res.crashInfo, filenameToReduce, quality, metaData=metadata)
print "Submitted " + filenameToReduce
else:
flagsAreDeterministic = "--dump-bytecode" not in engineFlags and '-D' not in engineFlags
if options.useCompareJIT and res.lev == jsInteresting.JS_FINE and \
jsInterestingOptions.shellIsDeterministic and flagsAreDeterministic:
linesToCompare = jitCompareLines(logPrefix + '-out.txt', "/*FCM*/")
jitcomparefilename = logPrefix + "-cj-in.js"
fileManipulation.writeLinesToFile(linesToCompare, jitcomparefilename)
anyBug = compareJIT.compareJIT(options.jsEngine, engineFlags, jitcomparefilename,
logPrefix + "-cj", options.repo,
options.buildOptionsStr, targetTime, jsInterestingOptions)
if not anyBug:
os.remove(jitcomparefilename)
jsInteresting.deleteLogs(logPrefix)
def many_timed_runs(targetTime, wtmpDir, args):
options = parseOpts(args)
engineFlags = options.engineFlags # engineFlags is overwritten later if --random-flags is set.
startTime = time.time()
if os.path.isdir(sps.normExpUserPath(options.repo)):
regressionTestListFile = sps.normExpUserPath(
os.path.join(wtmpDir, "regression-tests.list"))
with open(regressionTestListFile, "wb") as f:
for fn in inTreeRegressionTests(options.repo):
f.write(fn + "\n")
regressionTestPrologue = makeRegressionTestPrologue(
options.repo, regressionTestListFile)
else:
regressionTestPrologue = ""
fuzzjs = sps.normExpUserPath(os.path.join(wtmpDir, "jsfunfuzz.js"))
linkFuzzer(fuzzjs, options.repo, regressionTestPrologue)
iteration = 0
while True:
if targetTime and time.time() > startTime + targetTime:
print "Out of time!"
os.remove(fuzzjs)
if len(os.listdir(wtmpDir)) == 0:
os.rmdir(wtmpDir)
return (lithOps.HAPPY, None)
# Construct command needed to loop jsfunfuzz fuzzing.
jsInterestingArgs = []
jsInterestingArgs.append('--timeout=' + str(options.timeout))
if options.valgrind:
jsInterestingArgs.append('--valgrind')
jsInterestingArgs.append(options.knownPath)
jsInterestingArgs.append(options.jsEngine)
if options.randomFlags:
engineFlags = shellFlags.randomFlagSet(options.jsEngine)
jsInterestingArgs.extend(engineFlags)
jsInterestingArgs.extend(
['-e', 'maxRunTime=' + str(options.timeout * (1000 / 2))])
jsInterestingArgs.extend(['-f', fuzzjs])
jsunhappyOptions = jsInteresting.parseOptions(jsInterestingArgs)
iteration += 1
logPrefix = sps.normExpUserPath(
os.path.join(wtmpDir, "w" + str(iteration)))
level = jsInteresting.jsfunfuzzLevel(jsunhappyOptions, logPrefix)
if level != jsInteresting.JS_FINE:
showtail(logPrefix + "-out.txt")
showtail(logPrefix + "-err.txt")
# splice jsfunfuzz.js with `grep FRC wN-out`
filenameToReduce = logPrefix + "-reduced.js"
[before, after] = fileManipulation.fuzzSplice(fuzzjs)
with open(logPrefix + '-out.txt', 'rb') as f:
newfileLines = before + [
l.replace('/*FRC*/', '')
for l in fileManipulation.linesStartingWith(f, "/*FRC*/")
] + after
fileManipulation.writeLinesToFile(newfileLines,
logPrefix + "-orig.js")
fileManipulation.writeLinesToFile(newfileLines, filenameToReduce)
# Run Lithium and autobisect (make a reduced testcase and find a regression window)
itest = [interestingpy]
if options.valgrind:
itest.append("--valgrind")
itest.append("--minlevel=" + str(level))
itest.append("--timeout=" + str(options.timeout))
itest.append(options.knownPath)
(lithResult, lithDetails) = pinpoint.pinpoint(
itest, logPrefix, options.jsEngine, engineFlags,
filenameToReduce, options.repo, options.buildOptionsStr,
targetTime, level)
if targetTime:
return (lithResult, lithDetails)
else:
shellIsDeterministic = inspectShell.queryBuildConfiguration(
options.jsEngine, 'more-deterministic')
flagsAreDeterministic = "--dump-bytecode" not in engineFlags and '-D' not in engineFlags
if options.useCompareJIT and level == jsInteresting.JS_FINE and \
shellIsDeterministic and flagsAreDeterministic:
linesToCompare = jitCompareLines(logPrefix + '-out.txt',
"/*FCM*/")
jitcomparefilename = logPrefix + "-cj-in.js"
fileManipulation.writeLinesToFile(linesToCompare,
jitcomparefilename)
(lithResult, lithDetails) = compareJIT.compareJIT(
options.jsEngine, engineFlags, jitcomparefilename,
logPrefix + "-cj", options.knownPath, options.repo,
options.buildOptionsStr, options.timeout, targetTime)
if lithResult == lithOps.HAPPY:
os.remove(jitcomparefilename)
if targetTime and lithResult != lithOps.HAPPY:
jsInteresting.deleteLogs(logPrefix)
return (lithResult, lithDetails)
jsInteresting.deleteLogs(logPrefix)
def many_timed_runs(targetTime, wtmpDir, args):
options = parseOpts(args)
engineFlags = options.engineFlags # engineFlags is overwritten later if --random-flags is set.
startTime = time.time()
if os.path.isdir(sps.normExpUserPath(options.repo)):
regressionTestListFile = sps.normExpUserPath(os.path.join(wtmpDir, "regression-tests.list"))
with open(regressionTestListFile, "wb") as f:
for fn in inTreeRegressionTests(options.repo):
f.write(fn + "\n")
regressionTestPrologue = makeRegressionTestPrologue(options.repo, regressionTestListFile)
else:
regressionTestPrologue = ""
fuzzjs = sps.normExpUserPath(os.path.join(wtmpDir, "jsfunfuzz.js"))
linkFuzzer(fuzzjs, options.repo, regressionTestPrologue)
iteration = 0
while True:
if targetTime and time.time() > startTime + targetTime:
print "Out of time!"
os.remove(fuzzjs)
if len(os.listdir(wtmpDir)) == 0:
os.rmdir(wtmpDir)
return (lithOps.HAPPY, None)
# Construct command needed to loop jsfunfuzz fuzzing.
jsInterestingArgs = []
jsInterestingArgs.append('--timeout=' + str(options.timeout))
if options.valgrind:
jsInterestingArgs.append('--valgrind')
jsInterestingArgs.append(options.knownPath)
jsInterestingArgs.append(options.jsEngine)
if options.randomFlags:
engineFlags = shellFlags.randomFlagSet(options.jsEngine)
jsInterestingArgs.extend(engineFlags)
jsInterestingArgs.extend(['-e', 'maxRunTime=' + str(options.timeout*(1000/2))])
jsInterestingArgs.extend(['-f', fuzzjs])
jsunhappyOptions = jsInteresting.parseOptions(jsInterestingArgs)
iteration += 1
logPrefix = sps.normExpUserPath(os.path.join(wtmpDir, "w" + str(iteration)))
level = jsInteresting.jsfunfuzzLevel(jsunhappyOptions, logPrefix)
if level != jsInteresting.JS_FINE:
showtail(logPrefix + "-out.txt")
showtail(logPrefix + "-err.txt")
# splice jsfunfuzz.js with `grep FRC wN-out`
filenameToReduce = logPrefix + "-reduced.js"
[before, after] = fileManipulation.fuzzSplice(fuzzjs)
with open(logPrefix + '-out.txt', 'rb') as f:
newfileLines = before + [l.replace('/*FRC*/', '') for l in fileManipulation.linesStartingWith(f, "/*FRC*/")] + after
fileManipulation.writeLinesToFile(newfileLines, logPrefix + "-orig.js")
fileManipulation.writeLinesToFile(newfileLines, filenameToReduce)
# Run Lithium and autobisect (make a reduced testcase and find a regression window)
itest = [interestingpy]
if options.valgrind:
itest.append("--valgrind")
itest.append("--minlevel=" + str(level))
itest.append("--timeout=" + str(options.timeout))
itest.append(options.knownPath)
(lithResult, lithDetails) = pinpoint.pinpoint(itest, logPrefix, options.jsEngine, engineFlags, filenameToReduce,
options.repo, options.buildOptionsStr, targetTime, level)
if targetTime:
return (lithResult, lithDetails)
else:
shellIsDeterministic = inspectShell.queryBuildConfiguration(options.jsEngine, 'more-deterministic')
flagsAreDeterministic = "--dump-bytecode" not in engineFlags and '-D' not in engineFlags
if options.useCompareJIT and level == jsInteresting.JS_FINE and \
shellIsDeterministic and flagsAreDeterministic:
linesToCompare = jitCompareLines(logPrefix + '-out.txt', "/*FCM*/")
jitcomparefilename = logPrefix + "-cj-in.js"
fileManipulation.writeLinesToFile(linesToCompare, jitcomparefilename)
(lithResult, lithDetails) = compareJIT.compareJIT(options.jsEngine, engineFlags, jitcomparefilename,
logPrefix + "-cj", options.knownPath, options.repo,
options.buildOptionsStr, options.timeout, targetTime)
if lithResult == lithOps.HAPPY:
os.remove(jitcomparefilename)
if targetTime and lithResult != lithOps.HAPPY:
jsInteresting.deleteLogs(logPrefix)
return (lithResult, lithDetails)
jsInteresting.deleteLogs(logPrefix)