def start_runs(): collector = createCollector.createCollector("DOMFuzz") try: refreshSignatures(collector) except Exception: pass many_timed_runs(None, sps.createWtmpDir(os.getcwdu()), sys.argv[1:], collector, quiet=False)
def mightUseDivision(code): # Work around MSVC division inconsistencies (bug 948321) # by leaving division out of *-cj-in.js files on Windows. # (Unfortunately, this will also match regexps and a bunch # of other things.) i = 0 while i < len(code): if code[i] == '/': if i + 1 < len(code) and (code[i + 1] == '/' or code[i + 1] == '*'): # An open-comment like "//" or "/*" is okay. Skip the next character. i += 1 elif i > 0 and code[i - 1] == '*': # A close-comment like "*/" is okay too. pass else: # Plain "/" could be division (or regexp or something else) return True i += 1 return False assert not mightUseDivision("//") assert not mightUseDivision("// a") assert not mightUseDivision("/*FOO*/") assert mightUseDivision("a / b") assert mightUseDivision("eval('/**/'); a / b;") assert mightUseDivision("eval('//x'); a / b;") if __name__ == "__main__": many_timed_runs(None, sps.createWtmpDir(os.getcwdu()), sys.argv[1:], createCollector.createCollector("jsfunfuzz"))
# metaMax controls how many [generated js functions] each browser instance will run # (but fuzz-finish-auto also enforces a time limit) # # Want it small: # Deterministic repro from seed (because of time limit) (but how often do we actually repro-from-seed? and this is fixable) # Limit on how much work Lithium has (but how much time do we spend in Lithium, compared to fuzzing?) # Waste less time in huge GCs (especially with fuzzMultiDoc) # Small variations on initial reftests are often the most interesting # Less chance for the fuzzer to tie itself in exponential knots, and hang unexpectedly (e.g. repeated cloneNode) # # Want it large: # Depth is more important as we scale # Depth is important to fuzzerRandomJS # Waste less time in startup, shutdown # Waste less time parsing breakpad symbol files (!) # Waste less time waiting for hanging testcases (?) metaMax = 30000 return "#fuzz=" + str(metaSeed) + ",0," + str(metaPer) + "," + str(metaInterval) + "," + str(metaMax) + ",0" def afterColon(s): tail = s.partition(": ")[2] return tail.strip() if __name__ == "__main__": many_timed_runs(None, sps.createWtmpDir(os.getcwdu()), sys.argv[1:], createCollector.createCollector("DOMFuzz"), quiet=False)
# Work around MSVC division inconsistencies (bug 948321) # by leaving division out of *-cj-in.js files on Windows. # (Unfortunately, this will also match regexps and a bunch # of other things.) i = 0 while i < len(code): if code[i] == '/': if i + 1 < len(code) and (code[i + 1] == '/' or code[i + 1] == '*'): # An open-comment like "//" or "/*" is okay. Skip the next character. i += 1 elif i > 0 and code[i - 1] == '*': # A close-comment like "*/" is okay too. pass else: # Plain "/" could be division (or regexp or something else) return True i += 1 return False assert not mightUseDivision("//") assert not mightUseDivision("// a") assert not mightUseDivision("/*FOO*/") assert mightUseDivision("a / b") assert mightUseDivision("eval('/**/'); a / b;") assert mightUseDivision("eval('//x'); a / b;") if __name__ == "__main__": many_timed_runs(None, sps.createWtmpDir(os.getcwdu()), sys.argv[1:])
# metaMax controls how many [generated js functions] each browser instance will run # (but fuzz-finish-auto also enforces a time limit) # # Want it small: # Deterministic repro from seed (because of time limit) (but how often do we actually repro-from-seed? and this is fixable) # Limit on how much work Lithium has (but how much time do we spend in Lithium, compared to fuzzing?) # Waste less time in huge GCs (especially with fuzzMultiDoc) # Small variations on initial reftests are often the most interesting # Less chance for the fuzzer to tie itself in exponential knots, and hang unexpectedly (e.g. repeated cloneNode) # # Want it large: # Depth is more important as we scale # Depth is important to fuzzerRandomJS # Waste less time in startup, shutdown # Waste less time parsing breakpad symbol files (!) # Waste less time waiting for hanging testcases (?) metaMax = 30000 return "#fuzz=" + str(metaSeed) + ",0," + str(metaPer) + "," + str(metaInterval) + "," + str(metaMax) + ",0" def afterColon(s): tail = s.partition(": ")[2] return tail.strip() if __name__ == "__main__": many_timed_runs(None, sps.createWtmpDir(os.getcwdu()), sys.argv[1:], quiet=False)
# Want it small: # Deterministic repro from seed (because of time limit) (but how often do we actually repro-from-seed? and this is fixable) # Limit on how much work Lithium has (but how much time do we spend in Lithium, compared to fuzzing?) # Waste less time in huge GCs (especially with fuzzMultiDoc) # Small variations on initial reftests are often the most interesting # Less chance for the fuzzer to tie itself in exponential knots, and hang unexpectedly (e.g. repeated cloneNode) # # Want it large: # Depth is more important as we scale # Depth is important to fuzzerRandomJS # Waste less time in startup, shutdown # Waste less time parsing breakpad symbol files (!) # Waste less time waiting for hanging testcases (?) metaMax = 30000 return "#fuzz=" + str(metaSeed) + ",0," + str(metaPer) + "," + str( metaInterval) + "," + str(metaMax) + ",0" def afterColon(s): tail = s.partition(": ")[2] return tail.strip() if __name__ == "__main__": many_timed_runs(None, sps.createWtmpDir(os.getcwdu()), sys.argv[1:], quiet=False)