A collection of fuzzers in a harness for testing the SpiderMonkey JavaScript engine.
0.6.x supports Python 3.6+ only.
Features:
newGlobal({newCompartment: true})
, Object.values
, Object.[get|set]PrototypeOf
and enableShapeConsistencyChecks()
Object.getOwnPropertyNames
, dumpScopeChain
, addMarkObservers
, clearMarkObservers
and getMarks
wasm-opt
from tripping over itself--disable-cranelift
only if on m-c rev 6fcf54117a3b or later, till current m-c tip--more-compartments
in most places--enable-streams
has been deprecated in favour of --no-streams
Bugfixes:
file_contains_str
is run after move to Python 3.6+ (#220)__init__.py
since we are now on Python 3.6+ to fix RuntimeWarning (#208)--ion-loop-unrolling=on/off
as per bug 1520998
--no-wasm
from compare_jit testing, replacing with new ones, e.g. --wasm-compiler=[none|baseline|ion|baseline+ion]
Testing-related:
pytest
throughout, old unittest
-related code has been removed--stream
when running hg clone, on Travisshellcheck
and bashate
now run on Travis for bash scripts*.pyc
, *.pyo
files and __pycache__
dirs, run flake8, fast pytests and pylint0.5.x is the final version series with stable dual Python 2/3 support, and the branch will then be put on maintenance mode. Going forward, funfuzz will be on Python 3.6+
Features:
crashesat
interestingness test has been refactored to use argparse, logging and pathlib (#199)flake8-commas
, flake8-quotes
extensions to flake8
linting were addedget_hg_repo.sh
script in the util directory to clone mozilla-central
or mozilla-beta
using aria2 insteadshellify
(#184)--no-streams
and --enable-wasm-gc
are now tested--ion-shared-stubs=[on|off]
, --non-writable-jitcode
, --ion-aa=flow-sensitive
and --ion-aa=flow-insensitive
since they are no longer part of SpiderMonkeyobjectEmulatingUndefined
became createIsHTMLDDA
, see bug 1410194
keepFailing:true
option for oomTestrecomputeWrappers
evaluate
accepts saveIncrementalBytecode
as a parameter, see bug 1427860
newGlobal
accepts sameCompartmentAs
as a parameter, see bug 1487238
newGlobal
accepts invisibleToDebugger
as a parameter__count__
and __parent__
propertiesBugfixes:
--no-native-regexp
and --no-wasm
were removed from basic_flag_setsShellResult
in js_interesting
would fail due to the absence of options.jsengine
.busted
log files when configuration fails, but append the info to them if they already existjsFilesIn
function fixedsps
to os_ops
in loop.py (#205)Bugfixes:
.gitignore
was backported from masterwrong-import-order
pylint error messagesThis is the last point release on 0.1.x and marks the end-of-life of the 0.1 legacy branch.
Bugfixes:
Commandline argument -t "js" in bot.py is not recognized. But it is mentioned in the readme.md.
Notes:
Bugfixes:
grabCrashLog
by dealing with str
/unicode
types betterrepos_update
not update funfuzz anymore, since pip 10 no longer comes with a main
method and we should not rely on the internals of pipboto
import codesubprocesses
Notes:
Big release!
Features:
async
, for-await-of support
thanks to @arai-aE4X for-each
, toSource
, StopIteration
, getPropertyDescriptor
, Iterator
/__iterator__
, validategc
etc.)tooltool
removed, along with lots of other unused functions now that DOMFuzz
is gonedownload_build
autobisect
project will be added laterFixes
autobisectjs
since there is now the separate autobisect project
whichcraft
instead of in-house functions without testsshell_flags
got rewritten
--spectre-mitigations=on
subprocess32
PyPI library
captureStdout
functionPlatform support
Notes
Features:
compile_shell
for nowcodecov.io
support - Now with code coverage!evalInCooperativeThread
and oomTest
are now ignored when running differential testing.Bugfixes:
version
function from being used in jsfunfuzzNotes:
Bugfixes:
0.1.1 primarily got released for Windows. Due to #139, Windows machines stayed on the legacy 0.1.x branch, whereas other OS'es moved on to the newer releases. This point release is needed to unbreak jsfunfuzz due to #148.
Bugfixes:
~/funfuzz
, can be installed via pip: pip install --upgrade ~/funfuzz