1/* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#include "jsvaluerefiscontainer_fuzzer.h" 17#include "ecmascript/base/utf_helper.h" 18#include "ecmascript/ecma_string-inl.h" 19#include "ecmascript/global_env.h" 20#include "ecmascript/js_api/js_api_tree_map.h" 21#include "ecmascript/js_api/js_api_vector.h" 22#include "ecmascript/js_api/js_api_tree_set.h" 23#include "ecmascript/js_regexp.h" 24#include "ecmascript/js_set.h" 25#include "ecmascript/js_typed_array.h" 26#include "ecmascript/linked_hash_table.h" 27#include "ecmascript/napi/include/jsnapi.h" 28#include "ecmascript/napi/jsnapi_helper.h" 29#include "ecmascript/tagged_tree.h" 30 31using namespace panda; 32using namespace panda::ecmascript; 33using namespace panda::ecmascript::base::utf_helper; 34 35namespace OHOS { 36void JSValueRefIsVectorFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 37{ 38 RuntimeOption option; 39 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 40 EcmaVM *vm = JSNApi::CreateJSVM(option); 41 { 42 JsiFastNativeScope scope(vm); 43 if (size <= 0) { 44 return; 45 } 46 JSThread *thread = vm->GetJSThread(); 47 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 48 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 49 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 50 JSHandle<JSHClass> vectorClass = factory->NewEcmaHClass(JSAPIVector::SIZE, JSType::JS_API_VECTOR, proto); 51 JSHandle<JSAPIVector> jsVector = JSHandle<JSAPIVector>::Cast(factory->NewJSObjectWithInit(vectorClass)); 52 jsVector->SetLength(0); 53 JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(jsVector); 54 Local<JSValueRef> isVector = JSNApiHelper::ToLocal<JSAPIVector>(argumentTag); 55 isVector->IsVector(vm); 56 } 57 JSNApi::DestroyJSVM(vm); 58 return; 59} 60 61void JSValueRefIsMapFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 62{ 63 RuntimeOption option; 64 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 65 EcmaVM *vm = JSNApi::CreateJSVM(option); 66 if (size <= 0) { 67 return; 68 } 69 Local<MapRef> map = MapRef::New(vm); 70 map->IsMap(vm); 71 JSNApi::DestroyJSVM(vm); 72 return; 73} 74 75void JSValueRefIsRegExpFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 76{ 77 RuntimeOption option; 78 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 79 EcmaVM *vm = JSNApi::CreateJSVM(option); 80 { 81 JsiFastNativeScope scope(vm); 82 if (size <= 0) { 83 return; 84 } 85 JSThread *thread = vm->GetJSThread(); 86 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 87 JSHandle<GlobalEnv> globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 88 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 89 JSHandle<JSHClass> jSRegExpClass = factory->NewEcmaHClass(JSRegExp::SIZE, JSType::JS_REG_EXP, proto); 90 JSHandle<JSRegExp> jSRegExp = JSHandle<JSRegExp>::Cast(factory->NewJSObject(jSRegExpClass)); 91 jSRegExp->SetByteCodeBuffer(thread, JSTaggedValue::Undefined()); 92 jSRegExp->SetOriginalSource(thread, JSTaggedValue::Undefined()); 93 jSRegExp->SetGroupName(thread, JSTaggedValue::Undefined()); 94 jSRegExp->SetOriginalFlags(thread, JSTaggedValue(0)); 95 jSRegExp->SetLength(0); 96 JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(jSRegExp); 97 Local<JSValueRef> regexp = JSNApiHelper::ToLocal<JSRegExp>(argumentTag); 98 regexp->IsRegExp(vm); 99 } 100 JSNApi::DestroyJSVM(vm); 101 return; 102} 103 104void JSValueRefIsSetFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 105{ 106 RuntimeOption option; 107 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 108 EcmaVM *vm = JSNApi::CreateJSVM(option); 109 { 110 JsiFastNativeScope scope(vm); 111 if (size <= 0) { 112 return; 113 } 114 JSThread *thread = vm->GetJSThread(); 115 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 116 JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv(); 117 JSHandle<JSTaggedValue> constructor = env->GetBuiltinsSetFunction(); 118 JSHandle<JSSet> set = 119 JSHandle<JSSet>::Cast(factory->NewJSObjectByConstructor(JSHandle<JSFunction>(constructor), constructor)); 120 JSHandle<LinkedHashSet> hashSet = LinkedHashSet::Create(thread); 121 set->SetLinkedSet(thread, hashSet); 122 JSHandle<JSTaggedValue> setTag = JSHandle<JSTaggedValue>::Cast(set); 123 Local<SetRef> isSet = JSNApiHelper::ToLocal<SetRef>(setTag); 124 isSet->IsSet(vm); 125 } 126 JSNApi::DestroyJSVM(vm); 127 return; 128} 129 130void JSValueRefIsTreeMapFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 131{ 132 RuntimeOption option; 133 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 134 EcmaVM *vm = JSNApi::CreateJSVM(option); 135 { 136 JsiFastNativeScope scope(vm); 137 if (size <= 0) { 138 return; 139 } 140 JSThread *thread = vm->GetJSThread(); 141 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 142 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 143 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 144 JSHandle<JSHClass> mapClass = factory->NewEcmaHClass(JSAPITreeMap::SIZE, JSType::JS_API_TREE_MAP, proto); 145 JSHandle<JSAPITreeMap> jsTreeMap = JSHandle<JSAPITreeMap>::Cast(factory->NewJSObjectWithInit(mapClass)); 146 JSHandle<TaggedTreeMap> treeMap(thread, TaggedTreeMap::Create(thread)); 147 jsTreeMap->SetTreeMap(thread, treeMap); 148 JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(jsTreeMap); 149 Local<JSValueRef> isTreeMap = JSNApiHelper::ToLocal<JSAPITreeMap>(argumentTag); 150 isTreeMap->IsTreeMap(vm); 151 } 152 JSNApi::DestroyJSVM(vm); 153} 154 155void JSValueRefIsTreeSetFuzzTest([[maybe_unused]]const uint8_t *data, size_t size) 156{ 157 RuntimeOption option; 158 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR); 159 EcmaVM *vm = JSNApi::CreateJSVM(option); 160 { 161 JsiFastNativeScope scope(vm); 162 if (size <= 0) { 163 return; 164 } 165 JSThread *thread = vm->GetJSThread(); 166 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory(); 167 auto globalEnv = thread->GetEcmaVM()->GetGlobalEnv(); 168 JSHandle<JSTaggedValue> proto = globalEnv->GetObjectFunctionPrototype(); 169 JSHandle<JSHClass> setClass = factory->NewEcmaHClass(JSAPITreeSet::SIZE, JSType::JS_API_TREE_SET, proto); 170 JSHandle<JSAPITreeSet> jsTreeSet = JSHandle<JSAPITreeSet>::Cast(factory->NewJSObjectWithInit(setClass)); 171 JSHandle<TaggedTreeSet> treeSet(thread, TaggedTreeSet::Create(thread)); 172 jsTreeSet->SetTreeSet(thread, treeSet); 173 JSHandle<JSTaggedValue> argumentTag = JSHandle<JSTaggedValue>::Cast(jsTreeSet); 174 Local<JSValueRef> isTreeSet = JSNApiHelper::ToLocal<JSAPITreeSet>(argumentTag); 175 isTreeSet->IsTreeSet(vm); 176 } 177 JSNApi::DestroyJSVM(vm); 178} 179} 180 181// Fuzzer entry point. 182extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 183{ 184 // Run your code on data. 185 OHOS::JSValueRefIsVectorFuzzTest(data, size); 186 OHOS::JSValueRefIsMapFuzzTest(data, size); 187 OHOS::JSValueRefIsRegExpFuzzTest(data, size); 188 OHOS::JSValueRefIsSetFuzzTest(data, size); 189 OHOS::JSValueRefIsTreeMapFuzzTest(data, size); 190 OHOS::JSValueRefIsTreeSetFuzzTest(data, size); 191 return 0; 192}