1/*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "containerstreesetgetlowervalue_fuzzer.h"
17
18#include "ecmascript/containers/containers_private.h"
19#include "ecmascript/containers/containers_treeset.h"
20#include "ecmascript/ecma_string-inl.h"
21#include "ecmascript/ecma_vm.h"
22#include "ecmascript/global_env.h"
23#include "ecmascript/js_handle.h"
24#include "ecmascript/napi/include/jsnapi.h"
25
26using namespace panda;
27using namespace panda::ecmascript;
28using namespace panda::ecmascript::containers;
29
30namespace OHOS {
31
32    JSFunction *JSObjectCreate(JSThread *thread)
33    {
34        EcmaVM *ecmaVM = thread->GetEcmaVM();
35        JSHandle<GlobalEnv> globalEnv = ecmaVM->GetGlobalEnv();
36        return globalEnv->GetObjectFunction().GetObject<JSFunction>();
37    }
38
39    EcmaRuntimeCallInfo *CreateEcmaRuntimeCallInfo(JSThread *thread, uint32_t numArgs)
40    {
41        auto factory = thread->GetEcmaVM()->GetFactory();
42        JSHandle<JSTaggedValue> hclass(thread, JSObjectCreate(thread));
43        JSHandle<JSTaggedValue> callee(factory->NewJSObjectByConstructor(JSHandle<JSFunction>::Cast(hclass), hclass));
44        JSHandle<JSTaggedValue> undefined = thread->GlobalConstants()->GetHandledUndefined();
45        EcmaRuntimeCallInfo *objCallInfo =
46            EcmaInterpreter::NewRuntimeCallInfo(thread, undefined, callee, undefined, numArgs);
47        return objCallInfo;
48    }
49
50    JSTaggedValue InitializeTreeSetConstructor(JSThread *thread)
51    {
52        ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
53        JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv();
54
55        JSHandle<JSTaggedValue> globalObject = env->GetJSGlobalObject();
56        JSHandle<JSTaggedValue> key(factory->NewFromASCII("ArkPrivate"));
57        JSHandle<JSTaggedValue> value =
58            JSObject::GetProperty(thread, JSHandle<JSTaggedValue>(globalObject), key).GetValue();
59
60        auto objCallInfo = CreateEcmaRuntimeCallInfo(thread, 6);
61        objCallInfo->SetFunction(JSTaggedValue::Undefined());
62        objCallInfo->SetThis(value.GetTaggedValue());
63        objCallInfo->SetCallArg(0, JSTaggedValue(static_cast<int>(ContainerTag::TreeSet)));
64        JSTaggedValue result = ContainersPrivate::Load(objCallInfo);
65        return result;
66    }
67
68    JSHandle<JSAPITreeSet> CreateJSAPITreeSet(JSThread *thread)
69    {
70        JSHandle<JSFunction> newTarget(thread, InitializeTreeSetConstructor(thread));
71        auto objCallInfo = CreateEcmaRuntimeCallInfo(thread, 6);
72        objCallInfo->SetFunction(newTarget.GetTaggedValue());
73        objCallInfo->SetNewTarget(newTarget.GetTaggedValue());
74        objCallInfo->SetThis(JSTaggedValue::Undefined());
75
76        JSTaggedValue result = ContainersTreeSet::TreeSetConstructor(objCallInfo);
77        JSHandle<JSAPITreeSet> set(thread, result);
78        return set;
79    }
80
81    void ContainersTreeSetGetLowerValueFuzzTest(const uint8_t* data, size_t size)
82    {
83        RuntimeOption option;
84        option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
85        EcmaVM *vm = JSNApi::CreateJSVM(option);
86        {
87            JsiFastNativeScope scope(vm);
88            JSThread *thread = vm->GetJSThread();
89            if (size <= 0) {
90                return;
91            }
92            int32_t key = 0;
93            size_t maxByteLen = 4;
94            if (size > maxByteLen) {
95                size = maxByteLen;
96            }
97            if (memcpy_s(&key, maxByteLen, data, size) != EOK) {
98                std::cout << "memcpy_s failed!";
99                UNREACHABLE();
100            }
101
102            JSHandle<JSAPITreeSet> tset = CreateJSAPITreeSet(thread);
103            auto callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
104            callInfo->SetFunction(JSTaggedValue::Undefined());
105            callInfo->SetThis(tset.GetTaggedValue());
106            callInfo->SetCallArg(0, JSTaggedValue(key));
107            ContainersTreeSet::Add(callInfo);
108
109            auto objCallInfo = CreateEcmaRuntimeCallInfo(thread, 6);
110            objCallInfo->SetFunction(JSTaggedValue::Undefined());
111            objCallInfo->SetThis(tset.GetTaggedValue());
112            objCallInfo->SetCallArg(0, JSTaggedValue(key));
113            ContainersTreeSet::GetLowerValue(objCallInfo);
114        }
115        JSNApi::DestroyJSVM(vm);
116    }
117}
118
119// Fuzzer entry point.
120extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
121{
122    // Run your code on data.
123    OHOS::ContainersTreeSetGetLowerValueFuzzTest(data, size);
124    return 0;
125}