1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "arraylist_fuzzer.h"
17
18 #include "ecmascript/containers/containers_arraylist.h"
19 #include "ecmascript/js_api/js_api_arraylist.h"
20 #include "ecmascript/ecma_vm.h"
21 #include "ecmascript/global_env.h"
22 #include "ecmascript/containers/containers_private.h"
23 #include "ecmascript/js_handle.h"
24 #include "ecmascript/object_factory.h"
25 #include "ecmascript/napi/include/jsnapi.h"
26 #include "ecmascript/napi/jsnapi_helper.h"
27
28
29 using namespace panda;
30 using namespace panda::ecmascript;
31 using namespace panda::ecmascript::containers;
32
33 #define MAXBYTELEN sizeof(uint32_t)
34 namespace OHOS {
35
JSObjectCreate(JSThread *thread)36 JSFunction *JSObjectCreate(JSThread *thread)
37 {
38 JSHandle<GlobalEnv> globalEnv = thread->GetEcmaVM()->GetGlobalEnv();
39 return globalEnv->GetObjectFunction().GetObject<JSFunction>();
40 }
41
CreateEcmaRuntimeCallInfo(JSThread *thread, uint32_t numArgs)42 EcmaRuntimeCallInfo *CreateEcmaRuntimeCallInfo(JSThread *thread, uint32_t numArgs)
43 {
44 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
45 JSHandle<JSTaggedValue> hclass(thread, JSObjectCreate(thread));
46 JSHandle<JSTaggedValue> callee(factory->NewJSObjectByConstructor(JSHandle<JSFunction>::Cast(hclass), hclass));
47 JSHandle<JSTaggedValue> undefined = thread->GlobalConstants()->GetHandledUndefined();
48 EcmaRuntimeCallInfo *objCallInfo =
49 EcmaInterpreter::NewRuntimeCallInfo(thread, undefined, callee, undefined, numArgs);
50 return objCallInfo;
51 }
52
InitializeArrayListConstructor(JSThread *thread)53 JSTaggedValue InitializeArrayListConstructor(JSThread *thread)
54 {
55 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
56 JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv();
57 JSHandle<JSTaggedValue> globalObject = env->GetJSGlobalObject();
58 JSHandle<JSTaggedValue> key(factory->NewFromASCII("ArkPrivate"));
59 JSHandle<JSTaggedValue> value =
60 JSObject::GetProperty(thread, JSHandle<JSTaggedValue>(globalObject), key).GetValue();
61
62 auto objCallInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length
63 objCallInfo->SetFunction(JSTaggedValue::Undefined());
64 objCallInfo->SetThis(value.GetTaggedValue());
65 objCallInfo->SetCallArg(0, JSTaggedValue(static_cast<int>(ContainerTag::ArrayList)));
66 JSTaggedValue result = ContainersPrivate::Load(objCallInfo);
67 return result;
68 }
69
CreateJSAPIArrayList(JSThread *thread)70 JSHandle<JSAPIArrayList> CreateJSAPIArrayList(JSThread *thread)
71 {
72 JSHandle<JSFunction> newTarget(thread, InitializeArrayListConstructor(thread));
73 auto objCallInfo = CreateEcmaRuntimeCallInfo(thread, 4);
74 objCallInfo->SetFunction(newTarget.GetTaggedValue());
75 objCallInfo->SetNewTarget(newTarget.GetTaggedValue());
76 objCallInfo->SetThis(JSTaggedValue::Undefined());
77 JSTaggedValue result = ContainersArrayList::ArrayListConstructor(objCallInfo);
78 JSHandle<JSAPIArrayList> arrayList(thread, result);
79 return arrayList;
80 }
81
ArrayListAdd(JSThread* thread, JSHandle<JSAPIArrayList> arrayList, JSTaggedValue value)82 void ArrayListAdd(JSThread* thread, JSHandle<JSAPIArrayList> arrayList, JSTaggedValue value)
83 {
84 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
85 callInfo->SetFunction(JSTaggedValue::Undefined());
86 callInfo->SetThis(arrayList.GetTaggedValue());
87 callInfo->SetCallArg(0, value);
88
89 ContainersArrayList::Add(callInfo);
90 }
91
TestForEachFunc(EcmaRuntimeCallInfo *argv)92 static JSTaggedValue TestForEachFunc(EcmaRuntimeCallInfo *argv)
93 {
94 JSHandle<JSTaggedValue> value = argv->GetCallArg(0);
95 JSHandle<JSTaggedValue> key = argv->GetCallArg(1);
96 JSHandle<JSTaggedValue> arrayList = argv->GetCallArg(2); // 2 means the secode arg
97 if (!arrayList->IsUndefined()) {
98 if (value->IsNumber()) {
99 TaggedArray *elements = TaggedArray::Cast(JSAPIArrayList::Cast(arrayList.GetTaggedValue().
100 GetTaggedObject())->GetElements().GetTaggedObject());
101 [[maybe_unused]] JSTaggedValue result = elements->Get(key->GetInt());
102 }
103 }
104 return JSTaggedValue::Undefined();
105 }
106
TestReplaceAllElementsFunc(EcmaRuntimeCallInfo *argv)107 static JSTaggedValue TestReplaceAllElementsFunc(EcmaRuntimeCallInfo *argv)
108 {
109 JSThread *thread = argv->GetThread();
110 JSHandle<JSTaggedValue> value = argv->GetCallArg(0);
111 JSHandle<JSTaggedValue> index = argv->GetCallArg(1);
112 JSHandle<JSTaggedValue> arrayList = argv->GetCallArg(2); // 2 means the secode arg
113 if (!arrayList->IsUndefined()) {
114 if (value->IsNumber()) {
115 JSHandle<JSTaggedValue> newValue(thread, JSTaggedValue(value->GetInt() * 2)); // 2 means mul by 2
116 JSHandle<JSAPIArrayList>::Cast(arrayList)->Set(thread, index->GetNumber(), newValue.GetTaggedValue());
117 return newValue.GetTaggedValue();
118 }
119 }
120 return JSTaggedValue::Undefined();
121 }
122
ArrayListForEachFuzzTest(const uint8_t* data, size_t size)123 void ArrayListForEachFuzzTest(const uint8_t* data, size_t size)
124 {
125 if (data == nullptr || size <= 0) {
126 std::cout << "illegal input!";
127 return;
128 }
129 RuntimeOption option;
130 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
131 EcmaVM *vm = JSNApi::CreateJSVM(option);
132 {
133 JsiFastNativeScope scope(vm);
134 auto thread = vm->GetAssociatedJSThread();
135 ObjectFactory *factory = vm->GetFactory();
136 JSHandle<GlobalEnv> env = vm->GetGlobalEnv();
137
138 uint32_t inputNum = 0;
139 if (size > MAXBYTELEN) {
140 size = MAXBYTELEN;
141 }
142 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
143 std::cout << "memcpy_s failed!";
144 UNREACHABLE();
145 }
146 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
147 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
148 info->SetFunction(JSTaggedValue::Undefined());
149 info->SetThis(arrayList.GetTaggedValue());
150 info->SetCallArg(0, JSTaggedValue(inputNum));
151 ContainersArrayList::Add(info);
152
153 JSHandle<JSAPIArrayList> arrList = CreateJSAPIArrayList(thread);
154 JSHandle<JSFunction> func = factory->NewJSFunction(env, reinterpret_cast<void *>(TestForEachFunc));
155 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 8);
156 callInfo->SetFunction(JSTaggedValue::Undefined());
157 callInfo->SetThis(arrayList.GetTaggedValue());
158 callInfo->SetCallArg(0, func.GetTaggedValue());
159 callInfo->SetCallArg(1, arrList.GetTaggedValue());
160 ContainersArrayList::ForEach(callInfo);
161 }
162 JSNApi::DestroyJSVM(vm);
163 }
164
ArrayListAddFuzzTest(const uint8_t* data, size_t size)165 void ArrayListAddFuzzTest(const uint8_t* data, size_t size)
166 {
167 RuntimeOption option;
168 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
169 EcmaVM *vm = JSNApi::CreateJSVM(option);
170 {
171 JsiFastNativeScope scope(vm);
172 auto thread = vm->GetAssociatedJSThread();
173
174 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
175 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
176 callInfo->SetFunction(JSTaggedValue::Undefined());
177 callInfo->SetThis(arrayList.GetTaggedValue());
178
179 unsigned int inputNum = 0;
180 if (size <= 0) {
181 return;
182 }
183 if (size > MAXBYTELEN) {
184 size = MAXBYTELEN;
185 }
186 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
187 std::cout << "memcpy_s failed!";
188 UNREACHABLE();
189 }
190 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
191 ContainersArrayList::Add(callInfo);
192 }
193 JSNApi::DestroyJSVM(vm);
194 }
195
ArrayListClearFuzzTest(const uint8_t* data, size_t size)196 void ArrayListClearFuzzTest(const uint8_t* data, size_t size)
197 {
198 if (data == nullptr || size <= 0) {
199 std::cout << "illegal input!";
200 return;
201 }
202 RuntimeOption option;
203 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
204 EcmaVM *vm = JSNApi::CreateJSVM(option);
205 {
206 JsiFastNativeScope scope(vm);
207 auto thread = vm->GetAssociatedJSThread();
208
209 uint32_t inputNum = 0;
210 if (size > MAXBYTELEN) {
211 size = MAXBYTELEN;
212 }
213 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
214 std::cout << "memcpy_s failed!";
215 UNREACHABLE();
216 }
217 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
218 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
219 info->SetFunction(JSTaggedValue::Undefined());
220 info->SetThis(arrayList.GetTaggedValue());
221 info->SetCallArg(0, JSTaggedValue(inputNum));
222 ContainersArrayList::Add(info);
223
224 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
225 callInfo->SetFunction(JSTaggedValue::Undefined());
226 callInfo->SetThis(arrayList.GetTaggedValue());
227 ContainersArrayList::Clear(callInfo);
228 }
229 JSNApi::DestroyJSVM(vm);
230 }
231
ArrayListCloneFuzzTest(const uint8_t* data, size_t size)232 void ArrayListCloneFuzzTest(const uint8_t* data, size_t size)
233 {
234 if (data == nullptr || size <= 0) {
235 std::cout << "illegal input!";
236 return;
237 }
238 RuntimeOption option;
239 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
240 EcmaVM *vm = JSNApi::CreateJSVM(option);
241 {
242 JsiFastNativeScope scope(vm);
243 auto thread = vm->GetAssociatedJSThread();
244
245 uint32_t inputNum = 0;
246 if (size > MAXBYTELEN) {
247 size = MAXBYTELEN;
248 }
249 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
250 std::cout << "memcpy_s failed!";
251 UNREACHABLE();
252 }
253 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
254 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
255 info->SetFunction(JSTaggedValue::Undefined());
256 info->SetThis(arrayList.GetTaggedValue());
257 info->SetCallArg(0, JSTaggedValue(inputNum));
258 ContainersArrayList::Add(info);
259
260 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
261 callInfo->SetFunction(JSTaggedValue::Undefined());
262 callInfo->SetThis(arrayList.GetTaggedValue());
263 ContainersArrayList::Clone(callInfo);
264 }
265 JSNApi::DestroyJSVM(vm);
266 }
267
ArrayListConvertToArrayFuzzTest(const uint8_t* data, size_t size)268 void ArrayListConvertToArrayFuzzTest(const uint8_t* data, size_t size)
269 {
270 if (data == nullptr || size <= 0) {
271 std::cout << "illegal input!";
272 return;
273 }
274 RuntimeOption option;
275 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
276 EcmaVM *vm = JSNApi::CreateJSVM(option);
277 {
278 JsiFastNativeScope scope(vm);
279 auto thread = vm->GetAssociatedJSThread();
280
281 uint32_t inputNum = 0;
282 if (size > MAXBYTELEN) {
283 size = MAXBYTELEN;
284 }
285 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
286 std::cout << "memcpy_s failed!";
287 UNREACHABLE();
288 }
289 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
290 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
291 info->SetFunction(JSTaggedValue::Undefined());
292 info->SetThis(arrayList.GetTaggedValue());
293 info->SetCallArg(0, JSTaggedValue(inputNum));
294 ContainersArrayList::Add(info);
295
296 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
297 callInfo->SetFunction(JSTaggedValue::Undefined());
298 callInfo->SetThis(arrayList.GetTaggedValue());
299 ContainersArrayList::ConvertToArray(callInfo);
300 }
301 JSNApi::DestroyJSVM(vm);
302 }
303
ArrayListGetFuzzTest(const uint8_t* data, size_t size)304 void ArrayListGetFuzzTest(const uint8_t* data, size_t size)
305 {
306 if (data == nullptr || size <= 0) {
307 std::cout << "illegal input!";
308 return;
309 }
310 RuntimeOption option;
311 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
312 EcmaVM *vm = JSNApi::CreateJSVM(option);
313 {
314 JsiFastNativeScope scope(vm);
315 auto thread = vm->GetAssociatedJSThread();
316
317 uint32_t inputNum = 0;
318 if (size > MAXBYTELEN) {
319 size = MAXBYTELEN;
320 }
321 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
322 std::cout << "memcpy_s failed!";
323 UNREACHABLE();
324 }
325 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
326 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
327 info->SetFunction(JSTaggedValue::Undefined());
328 info->SetThis(arrayList.GetTaggedValue());
329 info->SetCallArg(0, JSTaggedValue(inputNum));
330 ContainersArrayList::Add(info);
331
332 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
333 callInfo->SetFunction(JSTaggedValue::Undefined());
334 callInfo->SetThis(arrayList.GetTaggedValue());
335 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
336 ContainersArrayList::Get(callInfo);
337 }
338 JSNApi::DestroyJSVM(vm);
339 }
340
ArrayListGetCapacityFuzzTest(const uint8_t* data, size_t size)341 void ArrayListGetCapacityFuzzTest(const uint8_t* data, size_t size)
342 {
343 if (data == nullptr || size <= 0) {
344 std::cout << "illegal input!";
345 return;
346 }
347 RuntimeOption option;
348 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
349 EcmaVM *vm = JSNApi::CreateJSVM(option);
350 {
351 JsiFastNativeScope scope(vm);
352 auto thread = vm->GetAssociatedJSThread();
353
354 uint32_t inputNum = 0;
355 if (size > MAXBYTELEN) {
356 size = MAXBYTELEN;
357 }
358 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
359 std::cout << "memcpy_s failed!";
360 UNREACHABLE();
361 }
362 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
363 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
364 info->SetFunction(JSTaggedValue::Undefined());
365 info->SetThis(arrayList.GetTaggedValue());
366 info->SetCallArg(0, JSTaggedValue(inputNum));
367 ContainersArrayList::Add(info);
368
369 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
370 callInfo->SetFunction(JSTaggedValue::Undefined());
371 callInfo->SetThis(arrayList.GetTaggedValue());
372 ContainersArrayList::GetCapacity(callInfo);
373 }
374 JSNApi::DestroyJSVM(vm);
375 }
376
ArrayListGetIndexOfFuzzTest(const uint8_t* data, size_t size)377 void ArrayListGetIndexOfFuzzTest(const uint8_t* data, size_t size)
378 {
379 if (data == nullptr || size <= 0) {
380 std::cout << "illegal input!";
381 return;
382 }
383 RuntimeOption option;
384 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
385 EcmaVM *vm = JSNApi::CreateJSVM(option);
386 {
387 JsiFastNativeScope scope(vm);
388 auto thread = vm->GetAssociatedJSThread();
389
390 uint32_t inputNum = 0;
391 if (size > MAXBYTELEN) {
392 size = MAXBYTELEN;
393 }
394 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
395 std::cout << "memcpy_s failed!";
396 UNREACHABLE();
397 }
398 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
399 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
400 info->SetFunction(JSTaggedValue::Undefined());
401 info->SetThis(arrayList.GetTaggedValue());
402 info->SetCallArg(0, JSTaggedValue(inputNum));
403 ContainersArrayList::Add(info);
404
405 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
406 callInfo->SetFunction(JSTaggedValue::Undefined());
407 callInfo->SetThis(arrayList.GetTaggedValue());
408 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
409 ContainersArrayList::GetIndexOf(callInfo);
410 }
411 JSNApi::DestroyJSVM(vm);
412 }
413
ArrayListGetIteratorObjFuzzTest(const uint8_t* data, size_t size)414 void ArrayListGetIteratorObjFuzzTest(const uint8_t* data, size_t size)
415 {
416 if (data == nullptr || size <= 0) {
417 std::cout << "illegal input!";
418 return;
419 }
420 RuntimeOption option;
421 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
422 EcmaVM *vm = JSNApi::CreateJSVM(option);
423 {
424 JsiFastNativeScope scope(vm);
425 auto thread = vm->GetAssociatedJSThread();
426
427 uint32_t inputNum = 0;
428 if (size > MAXBYTELEN) {
429 size = MAXBYTELEN;
430 }
431 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
432 std::cout << "memcpy_s failed!";
433 UNREACHABLE();
434 }
435 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
436 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
437 info->SetFunction(JSTaggedValue::Undefined());
438 info->SetThis(arrayList.GetTaggedValue());
439 info->SetCallArg(0, JSTaggedValue(inputNum));
440 ContainersArrayList::Add(info);
441
442 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
443 callInfo->SetFunction(JSTaggedValue::Undefined());
444 callInfo->SetThis(arrayList.GetTaggedValue());
445 ContainersArrayList::GetIteratorObj(callInfo);
446 }
447 JSNApi::DestroyJSVM(vm);
448 }
449
ArrayListGetLastIndexOfFuzzTest(const uint8_t* data, size_t size)450 void ArrayListGetLastIndexOfFuzzTest(const uint8_t* data, size_t size)
451 {
452 if (data == nullptr || size <= 0) {
453 std::cout << "illegal input!";
454 return;
455 }
456 RuntimeOption option;
457 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
458 EcmaVM *vm = JSNApi::CreateJSVM(option);
459 {
460 JsiFastNativeScope scope(vm);
461 auto thread = vm->GetAssociatedJSThread();
462
463 uint32_t inputNum = 0;
464 if (size > MAXBYTELEN) {
465 size = MAXBYTELEN;
466 }
467 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
468 std::cout << "memcpy_s failed!";
469 UNREACHABLE();
470 }
471 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
472 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
473 info->SetFunction(JSTaggedValue::Undefined());
474 info->SetThis(arrayList.GetTaggedValue());
475 info->SetCallArg(0, JSTaggedValue(inputNum));
476 ContainersArrayList::Add(info);
477
478 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
479 callInfo->SetFunction(JSTaggedValue::Undefined());
480 callInfo->SetThis(arrayList.GetTaggedValue());
481 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
482 ContainersArrayList::GetLastIndexOf(callInfo);
483 }
484 JSNApi::DestroyJSVM(vm);
485 }
486
ArrayListGetSizeFuzzTest(const uint8_t* data, size_t size)487 void ArrayListGetSizeFuzzTest(const uint8_t* data, size_t size)
488 {
489 if (data == nullptr || size <= 0) {
490 std::cout << "illegal input!";
491 return;
492 }
493 RuntimeOption option;
494 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
495 EcmaVM *vm = JSNApi::CreateJSVM(option);
496 {
497 JsiFastNativeScope scope(vm);
498 auto thread = vm->GetAssociatedJSThread();
499
500 uint32_t inputNum = 0;
501 if (size > MAXBYTELEN) {
502 size = MAXBYTELEN;
503 }
504 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
505 std::cout << "memcpy_s failed!";
506 UNREACHABLE();
507 }
508 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
509 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
510 info->SetFunction(JSTaggedValue::Undefined());
511 info->SetThis(arrayList.GetTaggedValue());
512 info->SetCallArg(0, JSTaggedValue(inputNum));
513 ContainersArrayList::Add(info);
514
515 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
516 callInfo->SetFunction(JSTaggedValue::Undefined());
517 callInfo->SetThis(arrayList.GetTaggedValue());
518 ContainersArrayList::GetSize(callInfo);
519 }
520 JSNApi::DestroyJSVM(vm);
521 }
522
ArrayListHasFuzzTest(const uint8_t* data, size_t size)523 void ArrayListHasFuzzTest(const uint8_t* data, size_t size)
524 {
525 if (data == nullptr || size <= 0) {
526 std::cout << "illegal input!";
527 return;
528 }
529 RuntimeOption option;
530 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
531 EcmaVM *vm = JSNApi::CreateJSVM(option);
532 {
533 JsiFastNativeScope scope(vm);
534 auto thread = vm->GetAssociatedJSThread();
535
536 uint32_t inputNum = 0;
537 if (size > MAXBYTELEN) {
538 size = MAXBYTELEN;
539 }
540 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
541 std::cout << "memcpy_s failed!";
542 UNREACHABLE();
543 }
544 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
545 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
546 info->SetFunction(JSTaggedValue::Undefined());
547 info->SetThis(arrayList.GetTaggedValue());
548 info->SetCallArg(0, JSTaggedValue(inputNum));
549 ContainersArrayList::Add(info);
550
551 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
552 callInfo->SetFunction(JSTaggedValue::Undefined());
553 callInfo->SetThis(arrayList.GetTaggedValue());
554 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
555 ContainersArrayList::Has(callInfo);
556 }
557 JSNApi::DestroyJSVM(vm);
558 }
559
ArrayListIncreaseCapacityToFuzzTest(const uint8_t* data, size_t size)560 void ArrayListIncreaseCapacityToFuzzTest(const uint8_t* data, size_t size)
561 {
562 if (data == nullptr || size <= 0) {
563 std::cout << "illegal input!";
564 return;
565 }
566 RuntimeOption option;
567 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
568 EcmaVM *vm = JSNApi::CreateJSVM(option);
569 {
570 JsiFastNativeScope scope(vm);
571 auto thread = vm->GetAssociatedJSThread();
572
573 uint32_t inputNum = 0;
574 const uint32_t maxByteLen = 1;
575 if (size > maxByteLen) {
576 size = maxByteLen;
577 }
578 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
579 std::cout << "memcpy_s failed!";
580 UNREACHABLE();
581 }
582 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
583 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
584 info->SetFunction(JSTaggedValue::Undefined());
585 info->SetThis(arrayList.GetTaggedValue());
586 info->SetCallArg(0, JSTaggedValue(inputNum));
587 ContainersArrayList::Add(info);
588
589 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
590 callInfo->SetFunction(JSTaggedValue::Undefined());
591 callInfo->SetThis(arrayList.GetTaggedValue());
592 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
593 ContainersArrayList::IncreaseCapacityTo(callInfo);
594 }
595 JSNApi::DestroyJSVM(vm);
596 }
597
ArrayListInsertFuzzTest(const uint8_t* data, size_t size)598 void ArrayListInsertFuzzTest(const uint8_t* data, size_t size)
599 {
600 if (data == nullptr || size <= 0) {
601 std::cout << "illegal input!";
602 return;
603 }
604 RuntimeOption option;
605 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
606 EcmaVM *vm = JSNApi::CreateJSVM(option);
607 {
608 JsiFastNativeScope scope(vm);
609 auto thread = vm->GetAssociatedJSThread();
610
611 uint32_t inputNum = 0;
612 if (size > MAXBYTELEN) {
613 size = MAXBYTELEN;
614 }
615 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
616 std::cout << "memcpy_s failed!";
617 UNREACHABLE();
618 }
619 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
620 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
621 info->SetFunction(JSTaggedValue::Undefined());
622 info->SetThis(arrayList.GetTaggedValue());
623 info->SetCallArg(0, JSTaggedValue(inputNum));
624 ContainersArrayList::Add(info);
625
626 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 8);
627 callInfo->SetFunction(JSTaggedValue::Undefined());
628 callInfo->SetThis(arrayList.GetTaggedValue());
629 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
630 callInfo->SetCallArg(1, JSTaggedValue(inputNum));
631 ContainersArrayList::Insert(callInfo);
632 }
633 JSNApi::DestroyJSVM(vm);
634 }
635
ArrayListIsEmptyFuzzTest(const uint8_t* data, size_t size)636 void ArrayListIsEmptyFuzzTest(const uint8_t* data, size_t size)
637 {
638 if (data == nullptr || size <= 0) {
639 std::cout << "illegal input!";
640 return;
641 }
642 RuntimeOption option;
643 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
644 EcmaVM *vm = JSNApi::CreateJSVM(option);
645 {
646 JsiFastNativeScope scope(vm);
647 auto thread = vm->GetAssociatedJSThread();
648
649 uint32_t inputNum = 0;
650 if (size > MAXBYTELEN) {
651 size = MAXBYTELEN;
652 }
653 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
654 std::cout << "memcpy_s failed!";
655 UNREACHABLE();
656 }
657 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
658 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
659 info->SetFunction(JSTaggedValue::Undefined());
660 info->SetThis(arrayList.GetTaggedValue());
661 info->SetCallArg(0, JSTaggedValue(inputNum));
662 ContainersArrayList::Add(info);
663
664 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
665 callInfo->SetFunction(JSTaggedValue::Undefined());
666 callInfo->SetThis(arrayList.GetTaggedValue());
667 ContainersArrayList::IsEmpty(callInfo);
668 }
669 JSNApi::DestroyJSVM(vm);
670 }
671
ArrayListRemoveByIndexFuzzTest(const uint8_t* data, size_t size)672 void ArrayListRemoveByIndexFuzzTest(const uint8_t* data, size_t size)
673 {
674 if (data == nullptr || size <= 0) {
675 std::cout << "illegal input!";
676 return;
677 }
678 RuntimeOption option;
679 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
680 EcmaVM *vm = JSNApi::CreateJSVM(option);
681 {
682 JsiFastNativeScope scope(vm);
683 auto thread = vm->GetAssociatedJSThread();
684
685 uint32_t inputNum = 0;
686 if (size > MAXBYTELEN) {
687 size = MAXBYTELEN;
688 }
689 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
690 std::cout << "memcpy_s failed!";
691 UNREACHABLE();
692 }
693 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
694 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
695 info->SetFunction(JSTaggedValue::Undefined());
696 info->SetThis(arrayList.GetTaggedValue());
697 info->SetCallArg(0, JSTaggedValue(inputNum));
698 ContainersArrayList::Add(info);
699
700 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
701 callInfo->SetFunction(JSTaggedValue::Undefined());
702 callInfo->SetThis(arrayList.GetTaggedValue());
703 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
704 ContainersArrayList::Remove(callInfo);
705 }
706 JSNApi::DestroyJSVM(vm);
707 }
708
ArrayListRemoveByRangeFuzzTest(const uint8_t* data, size_t size)709 void ArrayListRemoveByRangeFuzzTest(const uint8_t* data, size_t size)
710 {
711 if (data == nullptr || size <= 0) {
712 std::cout << "illegal input!";
713 return;
714 }
715 RuntimeOption option;
716 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
717 EcmaVM *vm = JSNApi::CreateJSVM(option);
718 {
719 JsiFastNativeScope scope(vm);
720 auto thread = vm->GetAssociatedJSThread();
721
722 uint32_t inputNum = 0;
723 const uint32_t maxByteLen = 1;
724 if (size > maxByteLen) {
725 size = maxByteLen;
726 }
727 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
728 std::cout << "memcpy_s failed!";
729 UNREACHABLE();
730 }
731 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
732 for (uint32_t i = 0; i <= inputNum; i++) {
733 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
734 info->SetFunction(JSTaggedValue::Undefined());
735 info->SetThis(arrayList.GetTaggedValue());
736 info->SetCallArg(0, JSTaggedValue(inputNum));
737 ContainersArrayList::Add(info);
738 }
739
740 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
741 callInfo->SetFunction(JSTaggedValue::Undefined());
742 callInfo->SetThis(arrayList.GetTaggedValue());
743 callInfo->SetCallArg(0, JSTaggedValue(0));
744 callInfo->SetCallArg(1, JSTaggedValue(inputNum));
745 ContainersArrayList::RemoveByRange(callInfo);
746 }
747 JSNApi::DestroyJSVM(vm);
748 }
749
ArrayListReplaceAllElementsFuzzTest(const uint8_t* data, size_t size)750 void ArrayListReplaceAllElementsFuzzTest(const uint8_t* data, size_t size)
751 {
752 if (data == nullptr || size <= 0) {
753 std::cout << "illegal input!";
754 return;
755 }
756 RuntimeOption option;
757 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
758 EcmaVM *vm = JSNApi::CreateJSVM(option);
759 {
760 JsiFastNativeScope scope(vm);
761 auto thread = vm->GetAssociatedJSThread();
762 ObjectFactory *factory = vm->GetFactory();
763 JSHandle<GlobalEnv> env = vm->GetGlobalEnv();
764
765 uint32_t inputNum = 0;
766 if (size > MAXBYTELEN) {
767 size = MAXBYTELEN;
768 }
769 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
770 std::cout << "memcpy_s failed!";
771 UNREACHABLE();
772 }
773 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
774 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
775 info->SetFunction(JSTaggedValue::Undefined());
776 info->SetThis(arrayList.GetTaggedValue());
777 info->SetCallArg(0, JSTaggedValue(inputNum));
778 ContainersArrayList::Add(info);
779
780 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
781 JSHandle<JSFunction> func =
782 factory->NewJSFunction(env, reinterpret_cast<void *>(TestReplaceAllElementsFunc));
783 callInfo->SetFunction(JSTaggedValue::Undefined());
784 callInfo->SetThis(arrayList.GetTaggedValue());
785 callInfo->SetCallArg(0, func.GetTaggedValue());
786 ContainersArrayList::ReplaceAllElements(callInfo);
787 }
788 JSNApi::DestroyJSVM(vm);
789 }
790
ArrayListSetFuzzTest(const uint8_t* data, size_t size)791 void ArrayListSetFuzzTest(const uint8_t* data, size_t size)
792 {
793 if (data == nullptr || size <= 0) {
794 std::cout << "illegal input!";
795 return;
796 }
797 RuntimeOption option;
798 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
799 EcmaVM *vm = JSNApi::CreateJSVM(option);
800 {
801 JsiFastNativeScope scope(vm);
802 auto thread = vm->GetAssociatedJSThread();
803
804 uint32_t inputNum = 0;
805 const uint32_t maxByteLen = 1;
806 if (size > maxByteLen) {
807 size = maxByteLen;
808 }
809 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
810 std::cout << "memcpy_s failed!";
811 UNREACHABLE();
812 }
813 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
814 for (uint32_t i = 0; i <= inputNum; i++) {
815 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
816 info->SetFunction(JSTaggedValue::Undefined());
817 info->SetThis(arrayList.GetTaggedValue());
818 info->SetCallArg(0, JSTaggedValue(inputNum));
819 ContainersArrayList::Add(info);
820 }
821
822 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
823 callInfo->SetFunction(JSTaggedValue::Undefined());
824 callInfo->SetThis(arrayList.GetTaggedValue());
825 callInfo->SetCallArg(0, JSTaggedValue(inputNum / 2)); // 2 : half
826 callInfo->SetCallArg(1, JSTaggedValue(inputNum));
827 ContainersArrayList::Set(callInfo);
828 }
829 JSNApi::DestroyJSVM(vm);
830 }
831
ArrayListSortFuzzTest(const uint8_t* data, size_t size)832 void ArrayListSortFuzzTest(const uint8_t* data, size_t size)
833 {
834 if (data == nullptr || size <= 0) {
835 std::cout << "illegal input!";
836 return;
837 }
838 RuntimeOption option;
839 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
840 EcmaVM *vm = JSNApi::CreateJSVM(option);
841 {
842 JsiFastNativeScope scope(vm);
843 auto thread = vm->GetAssociatedJSThread();
844
845 uint32_t inputNum = 0;
846 const uint32_t maxByteLen = 1;
847 if (size > maxByteLen) {
848 size = maxByteLen;
849 }
850 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
851 std::cout << "memcpy_s failed!";
852 UNREACHABLE();
853 }
854 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
855 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
856 info->SetFunction(JSTaggedValue::Undefined());
857 info->SetThis(arrayList.GetTaggedValue());
858 info->SetCallArg(0, JSTaggedValue(inputNum));
859 ContainersArrayList::Add(info);
860
861 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
862 callInfo->SetFunction(JSTaggedValue::Undefined());
863 callInfo->SetThis(arrayList.GetTaggedValue());
864 callInfo->SetCallArg(0, JSTaggedValue::Undefined());
865 ContainersArrayList::Sort(callInfo);
866 }
867 JSNApi::DestroyJSVM(vm);
868 }
869
ArrayListSubArrayListFuzzTest(const uint8_t* data, size_t size)870 void ArrayListSubArrayListFuzzTest(const uint8_t* data, size_t size)
871 {
872 if (data == nullptr || size <= 0) {
873 std::cout << "illegal input!";
874 return;
875 }
876 RuntimeOption option;
877 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
878 EcmaVM *vm = JSNApi::CreateJSVM(option);
879 {
880 JsiFastNativeScope scope(vm);
881 auto thread = vm->GetAssociatedJSThread();
882
883 uint32_t inputNum = 0;
884 const uint32_t maxByteLen = 1;
885 if (size > maxByteLen) {
886 size = maxByteLen;
887 }
888 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
889 std::cout << "memcpy_s failed!";
890 UNREACHABLE();
891 }
892 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
893 for (uint32_t i = 0; i <= inputNum; i++) {
894 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
895 info->SetFunction(JSTaggedValue::Undefined());
896 info->SetThis(arrayList.GetTaggedValue());
897 info->SetCallArg(0, JSTaggedValue(inputNum));
898 ContainersArrayList::Add(info);
899 }
900
901 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
902 callInfo->SetFunction(JSTaggedValue::Undefined());
903 callInfo->SetThis(arrayList.GetTaggedValue());
904 callInfo->SetCallArg(0, JSTaggedValue(0)); // start
905 callInfo->SetCallArg(1, JSTaggedValue(inputNum / 2)); // end 2 : half
906 ContainersArrayList::SubArrayList(callInfo);
907 }
908 JSNApi::DestroyJSVM(vm);
909 }
910
ArrayListTrimToCurrentLengthFuzzTest(const uint8_t* data, size_t size)911 void ArrayListTrimToCurrentLengthFuzzTest(const uint8_t* data, size_t size)
912 {
913 if (data == nullptr || size <= 0) {
914 std::cout << "illegal input!";
915 return;
916 }
917 RuntimeOption option;
918 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
919 EcmaVM *vm = JSNApi::CreateJSVM(option);
920 {
921 JsiFastNativeScope scope(vm);
922 auto thread = vm->GetAssociatedJSThread();
923
924 uint32_t inputNum = 0;
925 const uint32_t maxByteLen = 1;
926 if (size > maxByteLen) {
927 size = maxByteLen;
928 }
929 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
930 std::cout << "memcpy_s failed!";
931 UNREACHABLE();
932 }
933 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
934 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
935 info->SetFunction(JSTaggedValue::Undefined());
936 info->SetThis(arrayList.GetTaggedValue());
937 info->SetCallArg(0, JSTaggedValue(inputNum));
938 ContainersArrayList::Add(info);
939
940 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
941 callInfo->SetFunction(JSTaggedValue::Undefined());
942 callInfo->SetThis(arrayList.GetTaggedValue());
943 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
944 ContainersArrayList::TrimToCurrentLength(callInfo);
945 }
946 JSNApi::DestroyJSVM(vm);
947 }
948
JSValueRefInstanceOfValueFuzzTest([[maybe_unused]] const uint8_t *data, [[maybe_unused]] size_t size)949 void JSValueRefInstanceOfValueFuzzTest([[maybe_unused]] const uint8_t *data, [[maybe_unused]] size_t size)
950 {
951 RuntimeOption option;
952 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
953 EcmaVM *vm = JSNApi::CreateJSVM(option);
954 {
955 JsiFastNativeScope scope(vm);
956 Local<ObjectRef> origin = ObjectRef::New(vm);
957 JSHandle<GlobalEnv> globalEnv = vm->GetGlobalEnv();
958 JSHandle<JSFunction> constructor(globalEnv->GetObjectFunction());
959 JSHandle<JSTaggedValue> arryListTag = JSHandle<JSTaggedValue>::Cast(constructor);
960 Local<JSValueRef> value = JSNApiHelper::ToLocal<JSValueRef>(arryListTag);
961 (void)origin->InstanceOf(vm, value);
962 }
963 JSNApi::DestroyJSVM(vm);
964 }
965 }
966
967 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)968 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
969 {
970 // Run your code on data.
971 OHOS::ArrayListAddFuzzTest(data, size);
972 OHOS::ArrayListForEachFuzzTest(data, size);
973 OHOS::ArrayListIsEmptyFuzzTest(data, size);
974 OHOS::ArrayListInsertFuzzTest(data, size);
975 OHOS::ArrayListIncreaseCapacityToFuzzTest(data, size);
976 OHOS::ArrayListHasFuzzTest(data, size);
977 OHOS::ArrayListGetSizeFuzzTest(data, size);
978 OHOS::ArrayListGetLastIndexOfFuzzTest(data, size);
979 OHOS::ArrayListGetIteratorObjFuzzTest(data, size);
980 OHOS::ArrayListGetIndexOfFuzzTest(data, size);
981 OHOS::ArrayListGetCapacityFuzzTest(data, size);
982 OHOS::ArrayListGetFuzzTest(data, size);
983 OHOS::ArrayListConvertToArrayFuzzTest(data, size);
984 OHOS::ArrayListCloneFuzzTest(data, size);
985 OHOS::ArrayListClearFuzzTest(data, size);
986 OHOS::ArrayListRemoveByIndexFuzzTest(data, size);
987 OHOS::ArrayListRemoveByRangeFuzzTest(data, size);
988 OHOS::ArrayListReplaceAllElementsFuzzTest(data, size);
989 OHOS::ArrayListSetFuzzTest(data, size);
990 OHOS::ArrayListSortFuzzTest(data, size);
991 OHOS::ArrayListSubArrayListFuzzTest(data, size);
992 OHOS::ArrayListTrimToCurrentLengthFuzzTest(data, size);
993 OHOS::JSValueRefInstanceOfValueFuzzTest(data, size);
994 return 0;
995 }