[inspector][fuzzer] Add watchdog to avoid timeouts

The inspector fuzzer is running into timeouts most of the time currently, because the test explicitly needs to quit execution. Make fuzzing more efficient by adding a watchdog thread which stop execution after 2 seconds. This will still result in valid test cases, i.e. everything that was executed within those two seconds will count as covered code. Drive-by: Slightly simplify the storage of task runners. No need to clear the vector after termination. R=szuend@chromium.org Bug: chromium:1142437, chromium:1145285 Change-Id: I7b5fe7ddcbce731fbc3d74ee8c43f7249f34b918 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520906 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#71002}

[inspector][fuzzer] Add watchdog to avoid timeouts
The inspector fuzzer is running into timeouts most of the time currently, because the test explicitly needs to quit execution. Make fuzzing more efficient by adding a watchdog thread which stop execution after 2 seconds. This will still result in valid test cases, i.e. everything that was executed within those two seconds will count as covered code. Drive-by: Slightly simplify the storage of task runners. No need to clear the vector after termination. R=szuend@chromium.org Bug: chromium:1142437, chromium:1145285 Change-Id: I7b5fe7ddcbce731fbc3d74ee8c43f7249f34b918 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2520906 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#71002}
5ab0bded · Clemens Backes · Commit Bot · 38e3b9a4 · 5ab0bded · 5ab0bded
Commit 5ab0bded authored Nov 05, 2020 by Clemens Backes Committed by Commit Bot Nov 06, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 12 deletions

inspector-fuzzer.cc test/fuzzer/inspector-fuzzer.cc +28 -4

inspector-test.cc test/inspector/inspector-test.cc +6 -8

No files found.
--- a/test/fuzzer/inspector-fuzzer.cc
+++ b/test/fuzzer/inspector-fuzzer.cc
@@ -14,6 +14,8 @@
 #include "include/libplatform/libplatform.h"
 #include "include/v8.h"
 #include "src/base/platform/platform.h"
+#include "src/base/platform/time.h"
+#include "src/base/small-vector.h"
 #include "src/flags/flags.h"
 #include "src/heap/read-only-heap.h"
 #include "src/libplatform/default-platform.h"
@@ -28,14 +30,13 @@ namespace v8 {
 namespace internal {
 namespace {

-std::vector<TaskRunner*> task_runners;
+base::SmallVector<TaskRunner*, 2> task_runners;

 void Terminate() {
  for (TaskRunner* r : task_runners) {
    r->Terminate();
    r->Join();
  }
-  task_runners.clear();
 }

 class UtilsExtension : public IsolateData::SetupGlobalTask {
@@ -546,6 +547,25 @@ class InspectorExtension : public IsolateData::SetupGlobalTask {

 using CharVector = v8::internal::Vector<const char>;

+constexpr auto kMaxExecutionSeconds = v8::base::TimeDelta::FromSeconds(2);
+
+class Watchdog final : public base::Thread {
+ public:
+  explicit Watchdog(base::Semaphore* semaphore)
+      : base::Thread(base::Thread::Options("InspectorFuzzerWatchdog")),
+        semaphore_(semaphore) {
+    CHECK(Start());
+  }
+
+ private:
+  void Run() override {
+    if (semaphore_->WaitFor(kMaxExecutionSeconds)) return;
+    Terminate();
+  }
+
+  base::Semaphore* const semaphore_;
+};
+
 void FuzzInspector(const uint8_t* data, size_t size) {
  base::Semaphore ready_semaphore(0);

@@ -569,8 +589,9 @@ void FuzzInspector(const uint8_t* data, size_t size) {
  ready_semaphore.Wait();
  UtilsExtension::set_backend_task_runner(&backend_runner);

-  task_runners.push_back(&frontend_runner);
-  task_runners.push_back(&backend_runner);
+  task_runners = {&frontend_runner, &backend_runner};
+
+  Watchdog watchdog(&ready_semaphore);

  frontend_runner.Append(new ExecuteStringTask(
      std::string{reinterpret_cast<const char*>(data), size},
@@ -579,6 +600,9 @@ void FuzzInspector(const uint8_t* data, size_t size) {
  frontend_runner.Join();
  backend_runner.Join();

+  ready_semaphore.Signal();
+  watchdog.Join();
+
  UtilsExtension::ClearAllSessions();

  // TaskRunners go out of scope here, which causes Isolate teardown and all

--- a/test/inspector/inspector-test.cc
+++ b/test/inspector/inspector-test.cc
@@ -14,6 +14,7 @@
 #include "include/libplatform/libplatform.h"
 #include "include/v8.h"
 #include "src/base/platform/platform.h"
+#include "src/base/small-vector.h"
 #include "src/flags/flags.h"
 #include "src/heap/read-only-heap.h"
 #include "src/utils/utils.h"
@@ -38,15 +39,13 @@ extern v8::StartupData WarmUpSnapshotDataBlobInternal(

 namespace {

-std::vector<TaskRunner*> task_runners;
+base::SmallVector<TaskRunner*, 2> task_runners;

 void Terminate() {
-  for (size_t i = 0; i < task_runners.size(); ++i) {
-    task_runners[i]->Terminate();
-    task_runners[i]->Join();
+  for (TaskRunner* task_runner : task_runners) {
+    task_runner->Terminate();
+    task_runner->Join();
  }
-  std::vector<TaskRunner*> empty;
-  task_runners.swap(empty);
 }

 class UtilsExtension : public IsolateData::SetupGlobalTask {
@@ -778,8 +777,7 @@ int InspectorTestMain(int argc, char* argv[]) {
    ready_semaphore.Wait();
    UtilsExtension::set_backend_task_runner(&backend_runner);

-    task_runners.push_back(&frontend_runner);
-    task_runners.push_back(&backend_runner);
+    task_runners = {&frontend_runner, &backend_runner};

    for (int i = 1; i < argc; ++i) {
      // Ignore unknown flags.