1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "jsvaluerefiscontainer_fuzzer.h"
17 #include "ecmascript/base/utf_helper.h"
18 #include "ecmascript/ecma_string-inl.h"
19 #include "ecmascript/global_env.h"
20 #include "ecmascript/js_api/js_api_tree_map.h"
21 #include "ecmascript/js_api/js_api_vector.h"
22 #include "ecmascript/js_api/js_api_tree_set.h"
23 #include "ecmascript/js_regexp.h"
24 #include "ecmascript/js_set.h"
25 #include "ecmascript/js_typed_array.h"
26 #include "ecmascript/linked_hash_table.h"
27 #include "ecmascript/napi/include/jsnapi.h"
28 #include "ecmascript/napi/jsnapi_helper.h"
29 #include "ecmascript/tagged_tree.h"
30
31 using namespace panda;
32 using namespace panda::ecmascript;
33 using namespace panda::ecmascript::base::utf_helper;
34
35 namespace OHOS {
JSValueRefIsVectorFuzzTest([[maybe_unused]]const uint8_t *data, size_t size)36 void JSValueRefIsVectorFuzzTest([[maybe_unused]]const uint8_t *data, size_t size)
37 {
38 RuntimeOption option;
39 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
40 EcmaVM *vm = JSNApi::CreateJSVM(option);
41 {
42 JsiFastNativeScope scope(vm);
43 if (size <= 0) {
44 return;
45 }
46 JSThread *thread = vm->GetJSThread();
47 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
48 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv();
49 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype();
50 JSHandle<JSHClass> vectorClass = factory->NewEcmaHClass(JSAPIVector::SIZE, JSType::JS_API_VECTOR, proto);
51 JSHandle<JSAPIVector> jsVector = JSHandle<JSAPIVector>::Cast(factory->NewJSObjectWithInit(vectorClass));
52 jsVector->SetLength(0);
53 JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(jsVector);
54 Local<JSValueRef> isVector = JSNApiHelper::ToLocal<JSAPIVector>(argumentTag);
55 isVector->IsVector(vm);
56 }
57 JSNApi::DestroyJSVM(vm);
58 return;
59 }
60
JSValueRefIsMapFuzzTest([[maybe_unused]]const uint8_t *data, size_t size)61 void JSValueRefIsMapFuzzTest([[maybe_unused]]const uint8_t *data, size_t size)
62 {
63 RuntimeOption option;
64 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
65 EcmaVM *vm = JSNApi::CreateJSVM(option);
66 if (size <= 0) {
67 return;
68 }
69 Local<MapRef> map = MapRef::New(vm);
70 map->IsMap(vm);
71 JSNApi::DestroyJSVM(vm);
72 return;
73 }
74
JSValueRefIsRegExpFuzzTest([[maybe_unused]]const uint8_t *data, size_t size)75 void JSValueRefIsRegExpFuzzTest([[maybe_unused]]const uint8_t *data, size_t size)
76 {
77 RuntimeOption option;
78 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
79 EcmaVM *vm = JSNApi::CreateJSVM(option);
80 {
81 JsiFastNativeScope scope(vm);
82 if (size <= 0) {
83 return;
84 }
85 JSThread *thread = vm->GetJSThread();
86 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
87 JSHandle<GlobalEnv> globalEnv = thread->GetEcmaVM()->GetGlobalEnv();
88 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype();
89 JSHandle<JSHClass> jSRegExpClass = factory->NewEcmaHClass(JSRegExp::SIZE, JSType::JS_REG_EXP, proto);
90 JSHandle<JSRegExp> jSRegExp = JSHandle<JSRegExp>::Cast(factory->NewJSObject(jSRegExpClass));
91 jSRegExp->SetByteCodeBuffer(thread, JSTaggedValue::Undefined());
92 jSRegExp->SetOriginalSource(thread, JSTaggedValue::Undefined());
93 jSRegExp->SetGroupName(thread, JSTaggedValue::Undefined());
94 jSRegExp->SetOriginalFlags(thread, JSTaggedValue(0));
95 jSRegExp->SetLength(0);
96 JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(jSRegExp);
97 Local<JSValueRef> regexp = JSNApiHelper::ToLocal<JSRegExp>(argumentTag);
98 regexp->IsRegExp(vm);
99 }
100 JSNApi::DestroyJSVM(vm);
101 return;
102 }
103
JSValueRefIsSetFuzzTest([[maybe_unused]]const uint8_t *data, size_t size)104 void JSValueRefIsSetFuzzTest([[maybe_unused]]const uint8_t *data, size_t size)
105 {
106 RuntimeOption option;
107 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
108 EcmaVM *vm = JSNApi::CreateJSVM(option);
109 {
110 JsiFastNativeScope scope(vm);
111 if (size <= 0) {
112 return;
113 }
114 JSThread *thread = vm->GetJSThread();
115 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
116 JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv();
117 JSHandle<JSTaggedValue> constructor = env->GetBuiltinsSetFunction();
118 JSHandle<JSSet> set =
119 JSHandle<JSSet>::Cast(factory->NewJSObjectByConstructor(JSHandle<JSFunction>(constructor), constructor));
120 JSHandle<LinkedHashSet> hashSet = LinkedHashSet::Create(thread);
121 set->SetLinkedSet(thread, hashSet);
122 JSHandle<JSTaggedValue> setTag = JSHandle<JSTaggedValue>::Cast(set);
123 Local<SetRef> isSet = JSNApiHelper::ToLocal<SetRef>(setTag);
124 isSet->IsSet(vm);
125 }
126 JSNApi::DestroyJSVM(vm);
127 return;
128 }
129
JSValueRefIsTreeMapFuzzTest([[maybe_unused]]const uint8_t *data, size_t size)130 void JSValueRefIsTreeMapFuzzTest([[maybe_unused]]const uint8_t *data, size_t size)
131 {
132 RuntimeOption option;
133 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
134 EcmaVM *vm = JSNApi::CreateJSVM(option);
135 {
136 JsiFastNativeScope scope(vm);
137 if (size <= 0) {
138 return;
139 }
140 JSThread *thread = vm->GetJSThread();
141 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
142 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv();
143 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype();
144 JSHandle<JSHClass> mapClass = factory->NewEcmaHClass(JSAPITreeMap::SIZE, JSType::JS_API_TREE_MAP, proto);
145 JSHandle<JSAPITreeMap> jsTreeMap = JSHandle<JSAPITreeMap>::Cast(factory->NewJSObjectWithInit(mapClass));
146 JSHandle<TaggedTreeMap> treeMap(thread, TaggedTreeMap::Create(thread));
147 jsTreeMap->SetTreeMap(thread, treeMap);
148 JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(jsTreeMap);
149 Local<JSValueRef> isTreeMap = JSNApiHelper::ToLocal<JSAPITreeMap>(argumentTag);
150 isTreeMap->IsTreeMap(vm);
151 }
152 JSNApi::DestroyJSVM(vm);
153 }
154
JSValueRefIsTreeSetFuzzTest([[maybe_unused]]const uint8_t *data, size_t size)155 void JSValueRefIsTreeSetFuzzTest([[maybe_unused]]const uint8_t *data, size_t size)
156 {
157 RuntimeOption option;
158 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
159 EcmaVM *vm = JSNApi::CreateJSVM(option);
160 {
161 JsiFastNativeScope scope(vm);
162 if (size <= 0) {
163 return;
164 }
165 JSThread *thread = vm->GetJSThread();
166 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
167 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv();
168 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype();
169 JSHandle<JSHClass> setClass = factory->NewEcmaHClass(JSAPITreeSet::SIZE, JSType::JS_API_TREE_SET, proto);
170 JSHandle<JSAPITreeSet> jsTreeSet = JSHandle<JSAPITreeSet>::Cast(factory->NewJSObjectWithInit(setClass));
171 JSHandle<TaggedTreeSet> treeSet(thread, TaggedTreeSet::Create(thread));
172 jsTreeSet->SetTreeSet(thread, treeSet);
173 JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(jsTreeSet);
174 Local<JSValueRef> isTreeSet = JSNApiHelper::ToLocal<JSAPITreeSet>(argumentTag);
175 isTreeSet->IsTreeSet(vm);
176 }
177 JSNApi::DestroyJSVM(vm);
178 }
179 }
180
181 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)182 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
183 {
184 // Run your code on data.
185 OHOS::JSValueRefIsVectorFuzzTest(data, size);
186 OHOS::JSValueRefIsMapFuzzTest(data, size);
187 OHOS::JSValueRefIsRegExpFuzzTest(data, size);
188 OHOS::JSValueRefIsSetFuzzTest(data, size);
189 OHOS::JSValueRefIsTreeMapFuzzTest(data, size);
190 OHOS::JSValueRefIsTreeSetFuzzTest(data, size);
191 return 0;
192 }