Find file History
Permalink
..
Failed to load latest commit information.
README.md Update names in a few more places Jul 27, 2015
WebIDL.js Prevent false positives where HTMLDocument.open results in script errors Aug 4, 2015
accessibility.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
call-testing-functions.js Fix a comparePixels false positive Mar 23, 2016
canvas.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
canvas2d.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
change-root.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
clone-node.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
compare-pixels.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
document-fragments.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
editor.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
event-loop.js Rename fuzzExpectSanity to fuzzInternalErrorsAreBugs. Jul 7, 2015
generate-nodes-html.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
generate-nodes-mathml.js Improve fuzzing of MathML lengths. (#52) Jul 6, 2016
generate-nodes-svg.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
generate-nodes.js Fix jshint warnings May 30, 2014
innerhtml.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
keyboard-events.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
misc-privileged.js Call new functions for toggling the Bookmarks Toolbar. Jan 25, 2016
modify-attributes.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
range-and-selection.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
repeat.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
script-nodes.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
set-image-element.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
slurp-frame.js Refactor serialize-dom-as-script.js (simplify and flatten) Jul 22, 2015
stir-attributes.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
stir-dom.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
style-objects.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
style-properties.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
style-sheet-objects.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
style-sheets.js Split 'randomDeclarationBlock' out of 'randomRule'. Jun 6, 2016
tables.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
test-iteration.js Rename fuzzExpectSanity to fuzzInternalErrorsAreBugs. Jul 7, 2015
textboxes.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
undo-manager.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
unicode-characters.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015
url-objects.js archive.mozilla.org is probably a 1:1 replacement for ftp.mozilla.org… Mar 21, 2016
weak-maps.js DOMFuzz: Move weights into modules, so we don't need a single list of… Jun 18, 2015

README.md

When DOMFuzz starts on a page, main.js will choose a subset of modules to enable. The enabled modules will have their makeCommand functions called many times.

makeCommand functions

makeCommand should return a snippet of JavaScript to be used as the body of a function. It can also return a small array of related snippets (e.g. statements) that Lithium might be able to whittle down.

makeCommand should be free of side-effects on the DOM. (Side-effects on the fuzzer's own data structures are ok, and side-effects on the random number generator are expected.) This helps ensure that the recorded sequence of actions will match the initial sequence.

The effect of the generated commands (on the DOM) must not depend on the state of the random number generator. The random number generator will be in a different state during playback of a recorded fuzzCommands array, because makeCommand isn't called then. (Again, side-effects on fuzzer data structures and on the random number generator are ok.)

Weight

A module's weight should be chosen based on:

  • The quantity and severity of bugs you expect it to find
  • How frustrating it is to reduce bugs it finds
  • Speed