Implement a JavaScript correctness fuzzer harness |
||||||||||||||||||||
Issue descriptionOur current JavaScript fuzzers try to create crashers by fuzzing JavaScript test cases. Unfortunately this does not really help for finding correctness issues like 1+1=3. This should help decreasing the probability that we "break the web" by not correctly executing JavaScript code. ⛆ |
|
|
,
Oct 6 2016
machenbach@ is currently working on a prototype.
,
Oct 27 2016
,
Oct 28 2016
,
Nov 2 2016
,
Nov 2 2016
,
Nov 2 2016
,
Nov 2 2016
,
Nov 2 2016
,
Nov 2 2016
,
Nov 2 2016
Adjusting the goal a little. This is about creating a harness that utilizes an existing fuzzer/generator. ATM I experiment with mbarbella_js_mutation as fuzzer, wrapped by the new harness. WIP CL: https://chromereviews.googleplex.com/521487017/ Currently I iterate over: 1. Create test cases with slightly adjusted fuzzer. 2. Run harness+d8 and minimizer using experimental workbench.py. 3. Look at the outcome and readjust fuzzer/harness and/or file bugs.
,
Nov 4 2016
,
Nov 8 2016
,
Nov 9 2016
,
Nov 10 2016
,
Nov 24 2016
,
Dec 12 2016
Internal design doc: https://docs.google.com/document/d/1hSExVAWPb9fqK9XQF88jbDL-IGnwN0c4_mqdWmmBMVY
,
Dec 12 2016
|
|||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||||||
Comment 1 by hablich@chromium.org
, Sep 26 2016