[Webkit-unassigned] [Bug 203898] Add FuzzerAgent that reads predictions from a file

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 8 06:00:30 PST 2019


https://bugs.webkit.org/show_bug.cgi?id=203898

--- Comment #5 from Tuomas Karkkainen <tuomas.webkit at apple.com> ---
(In reply to Saam Barati from comment #3)
> Comment on attachment 382922 [details]
> proposed patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=382922&action=review
> 
> > Source/JavaScriptCore/ChangeLog:7
> > +
> 
> you should describe the details of what this patch is doing here.

I'll add a description for this. 

> > Source/JavaScriptCore/runtime/FuzzerPredictions.cpp:50
> > +    while ((line = fgets(buffer, sizeof(buffer), f))) {
> > +        SpeculatedType prediction;
> > +        char lookupKey[BUFSIZ];
> > +        int numberOfItemsFound = sscanf(line, "%[^:]:%llx\n", lookupKey, &prediction);
> > +        RELEASE_ASSERT(numberOfItemsFound == 2);
> > +        const String& functionNameString = String(lookupKey, strlen(lookupKey));
> > +        m_predictions.set(functionNameString, prediction);
> > +    }
> 
> can you comment on the format of this file?
> 
> Also, how do you produce this file?

I'll add a comment describing the format.

The file is produced by the fuzzer, which is not part of the WebKit repo.

> > Source/JavaScriptCore/runtime/FileBasedFuzzerAgent.cpp:167
> > +String FileBasedFuzzerAgent::createLookupKey(const String& sourceFilename, OpcodeID opcodeId, int startLocation, int endLocation)
> > +{
> > +    StringBuilder lookupKey;
> > +    lookupKey.append(sourceFilename);
> > +    lookupKey.append("|");
> > +    lookupKey.append(toString(opcodeAliasForLookupKey(opcodeId)));
> > +    lookupKey.append("|");
> > +    lookupKey.append(startLocation);
> > +    lookupKey.append("|");
> > +    lookupKey.append(endLocation);
> > +    return lookupKey.toString();
> > +}
> 
> nit: This is slightly hokey. We tend to define a struct for hash map keys,
> and use a custom hash and equality function. Turning it into a String is
> convenient, but slightly weird. I guess since we don't care about perf,
> maybe this is ok.

I figured since this is only for fuzzing I wouldn't spend too much effort on parsing the config file. The string here matches the format of the file containing the predictions, which I will document.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191108/88ae6c7e/attachment-0001.htm>


More information about the webkit-unassigned mailing list