On Thu, Apr 21, 2016 at 12:16 PM, Jan de Mooij <[email protected]> wrote:
> OOM fuzzing has been quite effective, but it feels like a game of > whack-a-mole. It also doesn't help us find and fix similar bugs outside > SpiderMonkey. > Agreed. Dealing with OOM everywhere is complicated enough, but I think the > exception part makes it even more difficult to get right. > I don't think it makes it appreciably harder. It does mean that bugs cause > Is our only option doubling down on these fuzz bugs and adding more > assertions, or can we do better with static analysis, the type system, > annotations, something? > I've been meaning to do this forever. I went so far as to write a flow-sensitive type-like analysis for GCC. I never upgraded it to the rootAnalysis stuff, but it wouldn't be hard. Let me confer with sfink and see if I can get this going again. -j _______________________________________________ dev-tech-js-engine-internals mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-internals
