Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-71580

The QML engine needs systematic fuzz testing

    XMLWordPrintable

Details

    Description

      After all those years that the QML engine has been in place we still keep finding really "stupid" bugs, like for example QTBUG-71501. That is, bugs that crash the QML engine, with only a trivial piece of QML/JS, not registering any user-provided C++ components. Obviously, our core language runtime should be more robust than this.

      The way to gain more confidence in the robustness of the system would be to systematically run a fuzzer over various QML projects and fix all the crashes that fall out of this. I imagine a test case that takes a tarball of QML documents as input (seeded by, say, some of our examples), untars the code into a special directory and calls the equivalent of qmlscene on main.qml. The fuzzer would then fuzz on the tarballs of QML code. (tar may not be the best format for fuzzing. That needs to be investigated)

      The results of this need to be formulated as autotests, and it would be great if the fuzzing could periodically be run in an automated fashion and automatically create bug reports for its findings.

      Attachments

        Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-72734 [REG Qt 5.11.3 -> Qt 5.12.0] Crash in QJSEngine::evaluate

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-73985 Crash in QJSEngine::evaluate

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed

          Suggestion - Public suggestions QTBUG-49080 QJSEngine has no abort function

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              rlohning Robert Löhning
              ulherman Ulf Hermann
              Maurice Kalinowski Maurice Kalinowski
              Alex Blasche Alex Blasche
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes