Firefox Bug Hunting

Contributing to a massive C++ codebase like Mozilla Firefox (Gecko) is the ultimate test of low-level skills. Here is a draft plan for getting started with browser engine internals.

Step 1: The Build Environment

You can't hunt bugs if you can't compile the code.

• Bootstrap: Use ./mach bootstrap to setup the toolchain (Rust, Clang, Python, Mercurial).
• Debug Build: Configure mozconfig with ac_add_options --enable-debug and --disable-optimize. This ensures symbols are present and assertions are active.
• Artifact Builds: For UI work, use Artifact builds to avoid recompiling C++. For engine work, a full compile matches your CPU core count (expect 30-60 mins).

Step 2: Understanding The Beast

Don't read all the code. Focus on subsystems:

• SpiderMonkey (js/): The JavaScript engine. Good for JIT compiler and Garbage Collection bugs.
• Layout (layout/): How CSS becomes geometry. Heavy on frame trees and reflow logic.
• WebRender (gfx/): Rust-based GPU rendering. Great for concurrency and graphics bugs.

Step 3: The Hunter's Toolkit

Standard tools aren't enough for browser complexity.

• RR (Record and Replay): Time-travel debugging. Record a crash once, then replay it deterministically, stepping backwards to find the root cause. Indispensable for intermittent failures.
• Sanitizers: Compile with AddressSanitizer (ASan) to catch use-after-free, or ThreadSanitizer (TSan) for data races.
• Fuzzing: Use Grizzly or Domato to generate massive amounts of random HTML/JS to crash the engine.

Step 4: The Workflow

1. Pick a "Good First Bug" from Bugzilla.
2. Pull latest mozilla-central.
3. Create a test case (HTML file) that reproduces the bug.
4. Run under RR: rr record ./mach run --debug test.html
5. Analyze: rr replay -> continue -> crash -> reverse-step.
6. Fix & Submit via Phabricator.