[Webkit-unassigned] [Bug 203898] Add FuzzerAgent that reads predictions from a file

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 7 21:57:14 PST 2019


https://bugs.webkit.org/show_bug.cgi?id=203898

--- Comment #4 from Tuomas Karkkainen <tuomas.webkit at apple.com> ---
(In reply to Saam Barati from comment #3)
> Comment on attachment 382922 [details]
> proposed patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=382922&action=review
> > Source/JavaScriptCore/runtime/FuzzerPredictions.cpp:61
> > +        RELEASE_ASSERT((predicted & SpecFullTop) != SpecNone);
> 
> why can't we sometimes produce SpecNone?

I had some issues with the fuzzer producing a predictions file that was parsed wrong which resulted in a predictions of SpecNone when I hadn't intended it. And currently the fuzzer never produces SpecNone. I should rework this. And if I keep this check I should move it to where the file is read in.

> > Source/JavaScriptCore/runtime/FuzzerPredictions.h:32
> > +#define NO_PREDICTION_FOUND 1ull << 55
> 
> Why does this work? This seems slightly wrong.

I just picked something larger than SpecDataViewObject (1<<42) and I made it a lot larger in case there are other speculated types added later on. I would like to detect the case of no prediction being found.

What would be a good way to let the FuzzerAgent know that no prediction was found?

> Maybe we should just fall back to random fuzzer when we don't have the key?

I want to detect when I have a missing key for sanity checking purposes, and if we were to fall back to random predictions in this case I would to it in the FuzzerAgent rather than in FuzzerPredictions.

One idea behind reading predictions from a file is to make the predictions stabler, that's why it's returning the original prediction when none is found rather than a random one.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191108/2a8e1e92/attachment-0001.htm>


More information about the webkit-unassigned mailing list