1. 18 Aug, 2021 1 commit
  2. 16 Aug, 2021 1 commit
  3. 12 Aug, 2021 1 commit
  4. 01 Jun, 2021 1 commit
  5. 17 May, 2021 1 commit
    • Michael Achenbach's avatar
      [foozzie] Prioritize reporting differences with x64 if present · 8590942c
      Michael Achenbach authored
      tldr: This adds an on-demand comparison with x64 when a difference to
      a non-x64 build is detected.
      
      Normally foozzie compares the baseline build (just ignition), with
      two secondary builds. One, the default, always uses the shipping
      configuration, the second passes additional flags. Both can use a
      different architecture than the baseline build as well.
      
      Differences between ignition and turbofan are then often detected
      independent of the architectures used, but reported several times
      (for each compared architecture).
      
      This makes the reporting more specific, by running another build on
      demand that uses the baseline architecture, but otherwise the same
      configuration that showed a difference. If it shows the difference as
      well, the baseline architecture is used for the report.
      
      As a result only pure architecture differences will be reported with
      an architecture other than x64.
      
      This also adds some minor refactorings to reduce the code complexity
      when looping over comparisons.
      
      For testing this, the fake-d8s are extended with different behavior
      for different flags passed. We add two test cases for testing:
      x64 vs. ia32 with difference in x64 and ia32
      x64 vs. ia32 with difference only in ia32
      
      Bug: chromium:1196633
      No-Try: true
      Test: tools/clusterfuzz/v8_foozzie_test.py
      Change-Id: Ic470ae8f0b37fb1628b32e4fafc0c39377e16f8c
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2897099Reviewed-by: 's avatarLiviu Rau <liviurau@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#74612}
      8590942c
  6. 12 Apr, 2021 1 commit
  7. 22 Mar, 2021 1 commit
  8. 19 Mar, 2021 1 commit
  9. 10 Mar, 2021 1 commit
  10. 12 Feb, 2021 1 commit
  11. 01 Dec, 2020 2 commits
    • Michael Achenbach's avatar
      Reland "Enable simulating errors to test fuzzer reliability" · 886d7cfe
      Michael Achenbach authored
      This is a reland of 4ad08c82
      
      The reland organizes the different error types in separate functions
      for separate call stacks. Error simulation is also guarded by
      a minimum file size to prevent Clusterfuzz from getting stuck with
      its bad-build check.
      
      Original change's description:
      > Enable simulating errors to test fuzzer reliability
      >
      > This adds a d8 flag --simulate-errors, which on shutdown will cause
      > certain errors. This enables testing the reliability of sanitizers.
      >
      > This will cause a fatal error, a dcheck (if available) or a
      > violation that can be detected with one of the following sanitizers:
      > ASAN, UBSAN, MSAN, CFI.
      >
      > The same flag used in differential fuzzing will cause an error
      > subsumed with the error state "fake_difference".
      >
      > Bug: chromium:1152412
      > Change-Id: I4b36c6fe716797004d634263617d22ca67b05600
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554999
      > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#71430}
      
      Bug: chromium:1152412
      Change-Id: I604258b4c1ebd215c26b1de6b2822663f857bf64
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565125
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71538}
      886d7cfe
    • Michael Achenbach's avatar
      [foozzie] Make harness more robust to unknown flags · 1f36c542
      Michael Achenbach authored
      When one comparison run crashes, we cap the outputs to compare to the
      shorter one. If one of those, however, contains ignored lines, the
      comparison get's skewed.
      
      This makes the main source of ignored lines more robust (the line
      printed for unknown flags), by not printing it in the first place in
      the context of differential fuzzing.
      
      Bug: chromium:1153871
      Change-Id: If2e534959779be14a686be5e43630cbf66e215a0
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2567692
      Auto-Submit: Michael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Commit-Queue: Clemens Backes <clemensb@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71522}
      1f36c542
  12. 30 Nov, 2020 1 commit
    • Michael Achenbach's avatar
      Revert "Enable simulating errors to test fuzzer reliability" · c0b46d97
      Michael Achenbach authored
      This reverts commit 4ad08c82.
      
      Reason for revert: Need to retry with bugs in separate stack
      frames.
      
      Original change's description:
      > Enable simulating errors to test fuzzer reliability
      >
      > This adds a d8 flag --simulate-errors, which on shutdown will cause
      > certain errors. This enables testing the reliability of sanitizers.
      >
      > This will cause a fatal error, a dcheck (if available) or a
      > violation that can be detected with one of the following sanitizers:
      > ASAN, UBSAN, MSAN, CFI.
      >
      > The same flag used in differential fuzzing will cause an error
      > subsumed with the error state "fake_difference".
      >
      > Bug: chromium:1152412
      > Change-Id: I4b36c6fe716797004d634263617d22ca67b05600
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2554999
      > Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#71430}
      
      TBR=machenbach@chromium.org,clemensb@chromium.org
      
      # Not skipping CQ checks because original CL landed > 1 day ago.
      
      Bug: chromium:1152412
      Change-Id: If20cdef372b0e7e92e7080687f446539a587a815
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2565120Reviewed-by: 's avatarMichael Achenbach <machenbach@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#71475}
      c0b46d97
  13. 27 Nov, 2020 2 commits
  14. 26 Nov, 2020 2 commits
  15. 23 Nov, 2020 1 commit
  16. 19 Nov, 2020 1 commit
  17. 17 Nov, 2020 1 commit
  18. 16 Nov, 2020 1 commit
  19. 20 Oct, 2020 1 commit
  20. 22 Sep, 2020 1 commit
  21. 31 Jul, 2020 1 commit
    • Michael Achenbach's avatar
      Open source js-fuzzer · 320d9870
      Michael Achenbach authored
      This is a JavaScript fuzzer originally authored by Oliver Chang. It
      is a mutation based fuzzer using Babel code transformations. For more
      information see the included README.md.
      
      The original code was altered:
      - Add new V8 copyright headers.
      - Make the test expectation generator aware of the headers.
      - Fix file endings for presubmit checks.
      - Fix `npm test` on fresh checkout with a new fake DB.
      - Make test skipping work with new v8/tools location.
      - OWNERS file.
      - New title section in README.md.
      
      No-Try: true
      Bug: chromium:1109770
      Change-Id: Ie71752c0a37491a50500c49060a3c526716ef933
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2320330
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#69164}
      320d9870
  22. 27 Jul, 2020 1 commit
  23. 22 Jul, 2020 1 commit
  24. 03 Jul, 2020 1 commit
  25. 30 Jun, 2020 2 commits
    • Michael Achenbach's avatar
      [foozzie] Reduce probability of some extra flags · 9dd7a303
      Michael Achenbach authored
      Mostly gc-related flags didn't flush out any bugs yet, but often reduce
      test performance and lead to timeouts.
      
      No-Try: true
      Bug: chromium:1044942
      Change-Id: I2a7b55f78bfa3d597de1a5674658829e0812d01a
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2273861Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#68608}
      9dd7a303
    • Michael Achenbach's avatar
      [foozzie] Compare baseline/default in every run · cca29094
      Michael Achenbach authored
      Previously we ran baseline (e.g. ignition) and one random secondary
      comparison configuration (e.g. turbofan) from the list of experiments.
      But Clusterfuzz imposes limitations on the total amount of fuzz tests.
      Therefore this change enables more throughput by always running the
      default configuration (ignition_turbofan like V8 is shipped)
      additionally to the baseline and the secondary configuration.
      
      This, hence, doubles the number of comparisons we run, with less than
      50% additional runtime, since the slow baseline configuration is only
      run once.
      
      The experiments table is updated accordingly. Explicit entries running
      ignition_turbofan are removed (as it always runs now), instead some
      of the other configurations are increased in their relative
      percentage. We also get a few new configurations that didn't run
      before (e.g. forcing the slow path on x86).
      
      No-Try: true
      Bug: chromium:1100114
      Change-Id: I69b2a41d78c06e556b309743a2aace1053c22f91
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2270307Reviewed-by: 's avatarLiviu Rau <liviurau@chromium.org>
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#68607}
      cca29094
  26. 29 Jun, 2020 5 commits
  27. 24 Jun, 2020 1 commit
  28. 22 Jun, 2020 1 commit
  29. 19 Jun, 2020 1 commit
  30. 17 Jun, 2020 1 commit
  31. 28 May, 2020 1 commit
    • Michael Achenbach's avatar
      [foozzie] Defeat the CrashTests loop · 9036662f
      Michael Achenbach authored
      This prepares using ochang_js_fuzzer with foozzie. The fuzzer uses
      tests from CrashTests in the corpus. This leads to a loop when
      used with differential fuzzing, as foozzie dedupes failures based
      on the original file path. Foozzie finds a new failure for the
      existing failure in CrashTests, for which clusterfuzz creates a new
      crash test and so on.
      
      This subsumes all failures from CrashTests under the same key.
      Once such a failure is reported, a developer can add it to a
      mapping in foozzie.py, after which the global key can be used
      again by clusterfuzz to report another failure.
      
      No-Try: true
      Bug: chromium:1044942
      Change-Id: I801a23faeb0c672d6ad64b4100c463f53e36cbc2
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2214837
      Commit-Queue: Michael Achenbach <machenbach@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarMaya Lekova <mslekova@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#68053}
      9036662f
  32. 06 May, 2020 1 commit