Type: User Story
Priority: P2: Important
Affects Version/s: None
Fix Version/s: None
After all those years that the QML engine has been in place we still keep finding really "stupid" bugs, like for example
QTBUG-71501. That is, bugs that crash the QML engine, with only a trivial piece of QML/JS, not registering any user-provided C++ components. Obviously, our core language runtime should be more robust than this.
The way to gain more confidence in the robustness of the system would be to systematically run a fuzzer over various QML projects and fix all the crashes that fall out of this. I imagine a test case that takes a tarball of QML documents as input (seeded by, say, some of our examples), untars the code into a special directory and calls the equivalent of qmlscene on main.qml. The fuzzer would then fuzz on the tarballs of QML code. (tar may not be the best format for fuzzing. That needs to be investigated)
The results of this need to be formulated as autotests, and it would be great if the fuzzing could periodically be run in an automated fashion and automatically create bug reports for its findings.
|For Gerrit Dashboard: QTBUG-71580|
|298598,4||Fuzzing: Add fuzz target for QQmlComponent::create()||dev||qt/qtdeclarative||Status: MERGED||+2||0|
|300883,2||fuzzing: Add qml testcases||master||qt/qtqa||Status: MERGED||+2||0|
|301136,2||Fuzzing: Add fuzz target for QQmlComponent::create()||5.15||qt/qtdeclarative||Status: MERGED||+2||0|