14514f5e3Sopenharmony_ci/* 24514f5e3Sopenharmony_ci * Copyright (c) 2023 Huawei Device Co., Ltd. 34514f5e3Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 44514f5e3Sopenharmony_ci * you may not use this file except in compliance with the License. 54514f5e3Sopenharmony_ci * You may obtain a copy of the License at 64514f5e3Sopenharmony_ci * 74514f5e3Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 84514f5e3Sopenharmony_ci * 94514f5e3Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 104514f5e3Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 114514f5e3Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 124514f5e3Sopenharmony_ci * See the License for the specific language governing permissions and 134514f5e3Sopenharmony_ci * limitations under the License. 144514f5e3Sopenharmony_ci */ 154514f5e3Sopenharmony_ci 164514f5e3Sopenharmony_ci#include "jsvaluerefiscontainer_fuzzer.h" 174514f5e3Sopenharmony_ci#include "ecmascript/base/utf_helper.h" 184514f5e3Sopenharmony_ci#include "ecmascript/ecma_string-inl.h" 194514f5e3Sopenharmony_ci#include "ecmascript/global_env.h" 204514f5e3Sopenharmony_ci#include "ecmascript/js_api/js_api_tree_map.h" 214514f5e3Sopenharmony_ci#include "ecmascript/js_api/js_api_vector.h" 224514f5e3Sopenharmony_ci#include "ecmascript/js_api/js_api_tree_set.h" 234514f5e3Sopenharmony_ci#include "ecmascript/js_regexp.h" 244514f5e3Sopenharmony_ci#include "ecmascript/js_set.h" 254514f5e3Sopenharmony_ci#include "ecmascript/js_typed_array.h" 264514f5e3Sopenharmony_ci#include "ecmascript/linked_hash_table.h" 274514f5e3Sopenharmony_ci#include "ecmascript/napi/include/jsnapi.h" 284514f5e3Sopenharmony_ci#include "ecmascript/napi/jsnapi_helper.h" 294514f5e3Sopenharmony_ci#include "ecmascript/tagged_tree.h" 304514f5e3Sopenharmony_ci 314514f5e3Sopenharmony_ciusing namespace panda; 324514f5e3Sopenharmony_ciusing namespace panda::ecmascript; 334514f5e3Sopenharmony_ciusing namespace panda::ecmascript::base::utf_helper; 344514f5e3Sopenharmony_ci 354514f5e3Sopenharmony_cinamespace OHOS { 364514f5e3Sopenharmony_civoid JSValueRefIsVectorFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 374514f5e3Sopenharmony_ci{ 384514f5e3Sopenharmony_ci RuntimeOption option; 394514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 404514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 414514f5e3Sopenharmony_ci { 424514f5e3Sopenharmony_ci JsiFastNativeScope scope(vm); 434514f5e3Sopenharmony_ci if (size <= 0) { 444514f5e3Sopenharmony_ci return; 454514f5e3Sopenharmony_ci } 464514f5e3Sopenharmony_ci JSThread *thread = vm->GetJSThread(); 474514f5e3Sopenharmony_ci ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 484514f5e3Sopenharmony_ci auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 494514f5e3Sopenharmony_ci JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 504514f5e3Sopenharmony_ci JSHandle<JSHClass> vectorClass = factory->NewEcmaHClass(JSAPIVector::SIZE, JSType::JS_API_VECTOR, proto); 514514f5e3Sopenharmony_ci JSHandle<JSAPIVector> jsVector = JSHandle<JSAPIVector>::Cast(factory->NewJSObjectWithInit(vectorClass)); 524514f5e3Sopenharmony_ci jsVector->SetLength(0); 534514f5e3Sopenharmony_ci JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(jsVector); 544514f5e3Sopenharmony_ci Local<JSValueRef> isVector = JSNApiHelper::ToLocal<JSAPIVector>(argumentTag); 554514f5e3Sopenharmony_ci isVector->IsVector(vm); 564514f5e3Sopenharmony_ci } 574514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 584514f5e3Sopenharmony_ci return; 594514f5e3Sopenharmony_ci} 604514f5e3Sopenharmony_ci 614514f5e3Sopenharmony_civoid JSValueRefIsMapFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 624514f5e3Sopenharmony_ci{ 634514f5e3Sopenharmony_ci RuntimeOption option; 644514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 654514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 664514f5e3Sopenharmony_ci if (size <= 0) { 674514f5e3Sopenharmony_ci return; 684514f5e3Sopenharmony_ci } 694514f5e3Sopenharmony_ci Local<MapRef> map = MapRef::New(vm); 704514f5e3Sopenharmony_ci map->IsMap(vm); 714514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 724514f5e3Sopenharmony_ci return; 734514f5e3Sopenharmony_ci} 744514f5e3Sopenharmony_ci 754514f5e3Sopenharmony_civoid JSValueRefIsRegExpFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 764514f5e3Sopenharmony_ci{ 774514f5e3Sopenharmony_ci RuntimeOption option; 784514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 794514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 804514f5e3Sopenharmony_ci { 814514f5e3Sopenharmony_ci JsiFastNativeScope scope(vm); 824514f5e3Sopenharmony_ci if (size <= 0) { 834514f5e3Sopenharmony_ci return; 844514f5e3Sopenharmony_ci } 854514f5e3Sopenharmony_ci JSThread *thread = vm->GetJSThread(); 864514f5e3Sopenharmony_ci ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 874514f5e3Sopenharmony_ci JSHandle<GlobalEnv> globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 884514f5e3Sopenharmony_ci JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 894514f5e3Sopenharmony_ci JSHandle<JSHClass> jSRegExpClass = factory->NewEcmaHClass(JSRegExp::SIZE, JSType::JS_REG_EXP, proto); 904514f5e3Sopenharmony_ci JSHandle<JSRegExp> jSRegExp = JSHandle<JSRegExp>::Cast(factory->NewJSObject(jSRegExpClass)); 914514f5e3Sopenharmony_ci jSRegExp->SetByteCodeBuffer(thread, JSTaggedValue::Undefined()); 924514f5e3Sopenharmony_ci jSRegExp->SetOriginalSource(thread, JSTaggedValue::Undefined()); 934514f5e3Sopenharmony_ci jSRegExp->SetGroupName(thread, JSTaggedValue::Undefined()); 944514f5e3Sopenharmony_ci jSRegExp->SetOriginalFlags(thread, JSTaggedValue(0)); 954514f5e3Sopenharmony_ci jSRegExp->SetLength(0); 964514f5e3Sopenharmony_ci JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(jSRegExp); 974514f5e3Sopenharmony_ci Local<JSValueRef> regexp = JSNApiHelper::ToLocal<JSRegExp>(argumentTag); 984514f5e3Sopenharmony_ci regexp->IsRegExp(vm); 994514f5e3Sopenharmony_ci } 1004514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 1014514f5e3Sopenharmony_ci return; 1024514f5e3Sopenharmony_ci} 1034514f5e3Sopenharmony_ci 1044514f5e3Sopenharmony_civoid JSValueRefIsSetFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 1054514f5e3Sopenharmony_ci{ 1064514f5e3Sopenharmony_ci RuntimeOption option; 1074514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 1084514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 1094514f5e3Sopenharmony_ci { 1104514f5e3Sopenharmony_ci JsiFastNativeScope scope(vm); 1114514f5e3Sopenharmony_ci if (size <= 0) { 1124514f5e3Sopenharmony_ci return; 1134514f5e3Sopenharmony_ci } 1144514f5e3Sopenharmony_ci JSThread *thread = vm->GetJSThread(); 1154514f5e3Sopenharmony_ci ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 1164514f5e3Sopenharmony_ci JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv(); 1174514f5e3Sopenharmony_ci JSHandle<JSTaggedValue> constructor = env->GetBuiltinsSetFunction(); 1184514f5e3Sopenharmony_ci JSHandle<JSSet> set = 1194514f5e3Sopenharmony_ci JSHandle<JSSet>::Cast(factory->NewJSObjectByConstructor(JSHandle<JSFunction>(constructor), constructor)); 1204514f5e3Sopenharmony_ci JSHandle<LinkedHashSet> hashSet = LinkedHashSet::Create(thread); 1214514f5e3Sopenharmony_ci set->SetLinkedSet(thread, hashSet); 1224514f5e3Sopenharmony_ci JSHandle<JSTaggedValue> setTag = JSHandle<JSTaggedValue>::Cast(set); 1234514f5e3Sopenharmony_ci Local<SetRef> isSet = JSNApiHelper::ToLocal<SetRef>(setTag); 1244514f5e3Sopenharmony_ci isSet->IsSet(vm); 1254514f5e3Sopenharmony_ci } 1264514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 1274514f5e3Sopenharmony_ci return; 1284514f5e3Sopenharmony_ci} 1294514f5e3Sopenharmony_ci 1304514f5e3Sopenharmony_civoid JSValueRefIsTreeMapFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 1314514f5e3Sopenharmony_ci{ 1324514f5e3Sopenharmony_ci RuntimeOption option; 1334514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 1344514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 1354514f5e3Sopenharmony_ci { 1364514f5e3Sopenharmony_ci JsiFastNativeScope scope(vm); 1374514f5e3Sopenharmony_ci if (size <= 0) { 1384514f5e3Sopenharmony_ci return; 1394514f5e3Sopenharmony_ci } 1404514f5e3Sopenharmony_ci JSThread *thread = vm->GetJSThread(); 1414514f5e3Sopenharmony_ci ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 1424514f5e3Sopenharmony_ci auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 1434514f5e3Sopenharmony_ci JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 1444514f5e3Sopenharmony_ci JSHandle<JSHClass> mapClass = factory->NewEcmaHClass(JSAPITreeMap::SIZE, JSType::JS_API_TREE_MAP, proto); 1454514f5e3Sopenharmony_ci JSHandle<JSAPITreeMap> jsTreeMap = JSHandle<JSAPITreeMap>::Cast(factory->NewJSObjectWithInit(mapClass)); 1464514f5e3Sopenharmony_ci JSHandle<TaggedTreeMap> treeMap(thread, TaggedTreeMap::Create(thread)); 1474514f5e3Sopenharmony_ci jsTreeMap->SetTreeMap(thread, treeMap); 1484514f5e3Sopenharmony_ci JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(jsTreeMap); 1494514f5e3Sopenharmony_ci Local<JSValueRef> isTreeMap = JSNApiHelper::ToLocal<JSAPITreeMap>(argumentTag); 1504514f5e3Sopenharmony_ci isTreeMap->IsTreeMap(vm); 1514514f5e3Sopenharmony_ci } 1524514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 1534514f5e3Sopenharmony_ci} 1544514f5e3Sopenharmony_ci 1554514f5e3Sopenharmony_civoid JSValueRefIsTreeSetFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 1564514f5e3Sopenharmony_ci{ 1574514f5e3Sopenharmony_ci RuntimeOption option; 1584514f5e3Sopenharmony_ci option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 1594514f5e3Sopenharmony_ci EcmaVM *vm = JSNApi::CreateJSVM(option); 1604514f5e3Sopenharmony_ci { 1614514f5e3Sopenharmony_ci JsiFastNativeScope scope(vm); 1624514f5e3Sopenharmony_ci if (size <= 0) { 1634514f5e3Sopenharmony_ci return; 1644514f5e3Sopenharmony_ci } 1654514f5e3Sopenharmony_ci JSThread *thread = vm->GetJSThread(); 1664514f5e3Sopenharmony_ci ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 1674514f5e3Sopenharmony_ci auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 1684514f5e3Sopenharmony_ci JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 1694514f5e3Sopenharmony_ci JSHandle<JSHClass> setClass = factory->NewEcmaHClass(JSAPITreeSet::SIZE, JSType::JS_API_TREE_SET, proto); 1704514f5e3Sopenharmony_ci JSHandle<JSAPITreeSet> jsTreeSet = JSHandle<JSAPITreeSet>::Cast(factory->NewJSObjectWithInit(setClass)); 1714514f5e3Sopenharmony_ci JSHandle<TaggedTreeSet> treeSet(thread, TaggedTreeSet::Create(thread)); 1724514f5e3Sopenharmony_ci jsTreeSet->SetTreeSet(thread, treeSet); 1734514f5e3Sopenharmony_ci JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(jsTreeSet); 1744514f5e3Sopenharmony_ci Local<JSValueRef> isTreeSet = JSNApiHelper::ToLocal<JSAPITreeSet>(argumentTag); 1754514f5e3Sopenharmony_ci isTreeSet->IsTreeSet(vm); 1764514f5e3Sopenharmony_ci } 1774514f5e3Sopenharmony_ci JSNApi::DestroyJSVM(vm); 1784514f5e3Sopenharmony_ci} 1794514f5e3Sopenharmony_ci} 1804514f5e3Sopenharmony_ci 1814514f5e3Sopenharmony_ci// Fuzzer entry point. 1824514f5e3Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 1834514f5e3Sopenharmony_ci{ 1844514f5e3Sopenharmony_ci // Run your code on data. 1854514f5e3Sopenharmony_ci OHOS::JSValueRefIsVectorFuzzTest(data, size); 1864514f5e3Sopenharmony_ci OHOS::JSValueRefIsMapFuzzTest(data, size); 1874514f5e3Sopenharmony_ci OHOS::JSValueRefIsRegExpFuzzTest(data, size); 1884514f5e3Sopenharmony_ci OHOS::JSValueRefIsSetFuzzTest(data, size); 1894514f5e3Sopenharmony_ci OHOS::JSValueRefIsTreeMapFuzzTest(data, size); 1904514f5e3Sopenharmony_ci OHOS::JSValueRefIsTreeSetFuzzTest(data, size); 1914514f5e3Sopenharmony_ci return 0; 1924514f5e3Sopenharmony_ci}