1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "arraylist_fuzzer.h"
17
18 #include "ecmascript/containers/containers_arraylist.h"
19 #include "ecmascript/js_api/js_api_arraylist.h"
20 #include "ecmascript/ecma_vm.h"
21 #include "ecmascript/global_env.h"
22 #include "ecmascript/containers/containers_private.h"
23 #include "ecmascript/js_handle.h"
24 #include "ecmascript/object_factory.h"
25 #include "ecmascript/napi/include/jsnapi.h"
26
27
28 using namespace panda;
29 using namespace panda::ecmascript;
30 using namespace panda::ecmascript::containers;
31
32 #define MAXBYTELEN sizeof(uint32_t)
33 namespace OHOS {
34
JSObjectCreate(JSThread * thread)35 JSFunction *JSObjectCreate(JSThread *thread)
36 {
37 JSHandle<GlobalEnv> globalEnv = thread->GetEcmaVM()->GetGlobalEnv();
38 return globalEnv->GetObjectFunction().GetObject<JSFunction>();
39 }
40
CreateEcmaRuntimeCallInfo(JSThread * thread,uint32_t numArgs)41 EcmaRuntimeCallInfo *CreateEcmaRuntimeCallInfo(JSThread *thread, uint32_t numArgs)
42 {
43 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
44 JSHandle<JSTaggedValue> hclass(thread, JSObjectCreate(thread));
45 JSHandle<JSTaggedValue> callee(factory->NewJSObjectByConstructor(JSHandle<JSFunction>::Cast(hclass), hclass));
46 JSHandle<JSTaggedValue> undefined = thread->GlobalConstants()->GetHandledUndefined();
47 EcmaRuntimeCallInfo *objCallInfo =
48 EcmaInterpreter::NewRuntimeCallInfo(thread, undefined, callee, undefined, numArgs);
49 return objCallInfo;
50 }
51
InitializeArrayListConstructor(JSThread * thread)52 JSTaggedValue InitializeArrayListConstructor(JSThread *thread)
53 {
54 ObjectFactory *factory = thread->GetEcmaVM()->GetFactory();
55 JSHandle<GlobalEnv> env = thread->GetEcmaVM()->GetGlobalEnv();
56 JSHandle<JSTaggedValue> globalObject = env->GetJSGlobalObject();
57 JSHandle<JSTaggedValue> key(factory->NewFromASCII("ArkPrivate"));
58 JSHandle<JSTaggedValue> value =
59 JSObject::GetProperty(thread, JSHandle<JSTaggedValue>(globalObject), key).GetValue();
60
61 auto objCallInfo = CreateEcmaRuntimeCallInfo(thread, 6); // 6 : means the argv length
62 objCallInfo->SetFunction(JSTaggedValue::Undefined());
63 objCallInfo->SetThis(value.GetTaggedValue());
64 objCallInfo->SetCallArg(0, JSTaggedValue(static_cast<int>(ContainerTag::ArrayList)));
65 JSTaggedValue result = ContainersPrivate::Load(objCallInfo);
66 return result;
67 }
68
CreateJSAPIArrayList(JSThread * thread)69 JSHandle<JSAPIArrayList> CreateJSAPIArrayList(JSThread *thread)
70 {
71 JSHandle<JSFunction> newTarget(thread, InitializeArrayListConstructor(thread));
72 auto objCallInfo = CreateEcmaRuntimeCallInfo(thread, 4);
73 objCallInfo->SetFunction(newTarget.GetTaggedValue());
74 objCallInfo->SetNewTarget(newTarget.GetTaggedValue());
75 objCallInfo->SetThis(JSTaggedValue::Undefined());
76 JSTaggedValue result = ContainersArrayList::ArrayListConstructor(objCallInfo);
77 JSHandle<JSAPIArrayList> arrayList(thread, result);
78 return arrayList;
79 }
80
ArrayListAdd(JSThread * thread,JSHandle<JSAPIArrayList> arrayList,JSTaggedValue value)81 void ArrayListAdd(JSThread* thread, JSHandle<JSAPIArrayList> arrayList, JSTaggedValue value)
82 {
83 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
84 callInfo->SetFunction(JSTaggedValue::Undefined());
85 callInfo->SetThis(arrayList.GetTaggedValue());
86 callInfo->SetCallArg(0, value);
87
88 ContainersArrayList::Add(callInfo);
89 }
90
TestForEachFunc(EcmaRuntimeCallInfo * argv)91 static JSTaggedValue TestForEachFunc(EcmaRuntimeCallInfo *argv)
92 {
93 JSHandle<JSTaggedValue> value = argv->GetCallArg(0);
94 JSHandle<JSTaggedValue> key = argv->GetCallArg(1);
95 JSHandle<JSTaggedValue> arrayList = argv->GetCallArg(2); // 2 means the secode arg
96 if (!arrayList->IsUndefined()) {
97 if (value->IsNumber()) {
98 TaggedArray *elements = TaggedArray::Cast(JSAPIArrayList::Cast(arrayList.GetTaggedValue().
99 GetTaggedObject())->GetElements().GetTaggedObject());
100 [[maybe_unused]]JSTaggedValue result = elements->Get(key->GetInt());
101 }
102 }
103 return JSTaggedValue::Undefined();
104 }
105
TestReplaceAllElementsFunc(EcmaRuntimeCallInfo * argv)106 static JSTaggedValue TestReplaceAllElementsFunc(EcmaRuntimeCallInfo *argv)
107 {
108 JSThread *thread = argv->GetThread();
109 JSHandle<JSTaggedValue> value = argv->GetCallArg(0);
110 JSHandle<JSTaggedValue> index = argv->GetCallArg(1);
111 JSHandle<JSTaggedValue> arrayList = argv->GetCallArg(2); // 2 means the secode arg
112 if (!arrayList->IsUndefined()) {
113 if (value->IsNumber()) {
114 JSHandle<JSTaggedValue> newValue(thread, JSTaggedValue(value->GetInt() * 2)); // 2 means mul by 2
115 JSHandle<JSAPIArrayList>::Cast(arrayList)->Set(thread, index->GetNumber(), newValue.GetTaggedValue());
116 return newValue.GetTaggedValue();
117 }
118 }
119 return JSTaggedValue::Undefined();
120 }
121
ArrayListForEachFuzzTest(const uint8_t * data,size_t size)122 void ArrayListForEachFuzzTest(const uint8_t* data, size_t size)
123 {
124 if (data == nullptr || size <= 0) {
125 std::cout << "illegal input!";
126 return;
127 }
128 RuntimeOption option;
129 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
130 EcmaVM *vm = JSNApi::CreateJSVM(option);
131 auto thread = vm->GetAssociatedJSThread();
132 ObjectFactory *factory = vm->GetFactory();
133 JSHandle<GlobalEnv> env = vm->GetGlobalEnv();
134
135 uint32_t inputNum = 0;
136 if (size > MAXBYTELEN) {
137 size = MAXBYTELEN;
138 }
139 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
140 std::cout << "memcpy_s failed!";
141 UNREACHABLE();
142 }
143 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
144 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
145 info->SetFunction(JSTaggedValue::Undefined());
146 info->SetThis(arrayList.GetTaggedValue());
147 info->SetCallArg(0, JSTaggedValue(inputNum));
148 ContainersArrayList::Add(info);
149
150 JSHandle<JSAPIArrayList> arrList = CreateJSAPIArrayList(thread);
151 JSHandle<JSFunction> func = factory->NewJSFunction(env, reinterpret_cast<void *>(TestForEachFunc));
152 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 8);
153 callInfo->SetFunction(JSTaggedValue::Undefined());
154 callInfo->SetThis(arrayList.GetTaggedValue());
155 callInfo->SetCallArg(0, func.GetTaggedValue());
156 callInfo->SetCallArg(1, arrList.GetTaggedValue());
157 ContainersArrayList::ForEach(callInfo);
158 JSNApi::DestroyJSVM(vm);
159 }
160
ArrayListAddFuzzTest(const uint8_t * data,size_t size)161 void ArrayListAddFuzzTest(const uint8_t* data, size_t size)
162 {
163 RuntimeOption option;
164 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
165 EcmaVM *vm = JSNApi::CreateJSVM(option);
166 auto thread = vm->GetAssociatedJSThread();
167
168 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
169 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
170 callInfo->SetFunction(JSTaggedValue::Undefined());
171 callInfo->SetThis(arrayList.GetTaggedValue());
172
173 unsigned int inputNum = 0;
174 if (size <= 0) {
175 return;
176 }
177 if (size > MAXBYTELEN) {
178 size = MAXBYTELEN;
179 }
180 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
181 std::cout << "memcpy_s failed!";
182 UNREACHABLE();
183 }
184 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
185 ContainersArrayList::Add(callInfo);
186 JSNApi::DestroyJSVM(vm);
187 }
188
ArrayListClearFuzzTest(const uint8_t * data,size_t size)189 void ArrayListClearFuzzTest(const uint8_t* data, size_t size)
190 {
191 if (data == nullptr || size <= 0) {
192 std::cout << "illegal input!";
193 return;
194 }
195 RuntimeOption option;
196 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
197 EcmaVM *vm = JSNApi::CreateJSVM(option);
198 auto thread = vm->GetAssociatedJSThread();
199
200 uint32_t inputNum = 0;
201 if (size > MAXBYTELEN) {
202 size = MAXBYTELEN;
203 }
204 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
205 std::cout << "memcpy_s failed!";
206 UNREACHABLE();
207 }
208 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
209 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
210 info->SetFunction(JSTaggedValue::Undefined());
211 info->SetThis(arrayList.GetTaggedValue());
212 info->SetCallArg(0, JSTaggedValue(inputNum));
213 ContainersArrayList::Add(info);
214
215 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
216 callInfo->SetFunction(JSTaggedValue::Undefined());
217 callInfo->SetThis(arrayList.GetTaggedValue());
218 ContainersArrayList::Clear(callInfo);
219 JSNApi::DestroyJSVM(vm);
220 }
221
ArrayListCloneFuzzTest(const uint8_t * data,size_t size)222 void ArrayListCloneFuzzTest(const uint8_t* data, size_t size)
223 {
224 if (data == nullptr || size <= 0) {
225 std::cout << "illegal input!";
226 return;
227 }
228 RuntimeOption option;
229 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
230 EcmaVM *vm = JSNApi::CreateJSVM(option);
231 auto thread = vm->GetAssociatedJSThread();
232
233 uint32_t inputNum = 0;
234 if (size > MAXBYTELEN) {
235 size = MAXBYTELEN;
236 }
237 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
238 std::cout << "memcpy_s failed!";
239 UNREACHABLE();
240 }
241 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
242 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
243 info->SetFunction(JSTaggedValue::Undefined());
244 info->SetThis(arrayList.GetTaggedValue());
245 info->SetCallArg(0, JSTaggedValue(inputNum));
246 ContainersArrayList::Add(info);
247
248 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
249 callInfo->SetFunction(JSTaggedValue::Undefined());
250 callInfo->SetThis(arrayList.GetTaggedValue());
251 ContainersArrayList::Clone(callInfo);
252 JSNApi::DestroyJSVM(vm);
253 }
254
ArrayListConvertToArrayFuzzTest(const uint8_t * data,size_t size)255 void ArrayListConvertToArrayFuzzTest(const uint8_t* data, size_t size)
256 {
257 if (data == nullptr || size <= 0) {
258 std::cout << "illegal input!";
259 return;
260 }
261 RuntimeOption option;
262 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
263 EcmaVM *vm = JSNApi::CreateJSVM(option);
264 auto thread = vm->GetAssociatedJSThread();
265
266 uint32_t inputNum = 0;
267 if (size > MAXBYTELEN) {
268 size = MAXBYTELEN;
269 }
270 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
271 std::cout << "memcpy_s failed!";
272 UNREACHABLE();
273 }
274 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
275 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
276 info->SetFunction(JSTaggedValue::Undefined());
277 info->SetThis(arrayList.GetTaggedValue());
278 info->SetCallArg(0, JSTaggedValue(inputNum));
279 ContainersArrayList::Add(info);
280
281 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
282 callInfo->SetFunction(JSTaggedValue::Undefined());
283 callInfo->SetThis(arrayList.GetTaggedValue());
284 ContainersArrayList::ConvertToArray(callInfo);
285 JSNApi::DestroyJSVM(vm);
286 }
287
ArrayListGetFuzzTest(const uint8_t * data,size_t size)288 void ArrayListGetFuzzTest(const uint8_t* data, size_t size)
289 {
290 if (data == nullptr || size <= 0) {
291 std::cout << "illegal input!";
292 return;
293 }
294 RuntimeOption option;
295 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
296 EcmaVM *vm = JSNApi::CreateJSVM(option);
297 auto thread = vm->GetAssociatedJSThread();
298
299 uint32_t inputNum = 0;
300 if (size > MAXBYTELEN) {
301 size = MAXBYTELEN;
302 }
303 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
304 std::cout << "memcpy_s failed!";
305 UNREACHABLE();
306 }
307 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
308 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
309 info->SetFunction(JSTaggedValue::Undefined());
310 info->SetThis(arrayList.GetTaggedValue());
311 info->SetCallArg(0, JSTaggedValue(inputNum));
312 ContainersArrayList::Add(info);
313
314 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
315 callInfo->SetFunction(JSTaggedValue::Undefined());
316 callInfo->SetThis(arrayList.GetTaggedValue());
317 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
318 ContainersArrayList::Get(callInfo);
319 JSNApi::DestroyJSVM(vm);
320 }
321
ArrayListGetCapacityFuzzTest(const uint8_t * data,size_t size)322 void ArrayListGetCapacityFuzzTest(const uint8_t* data, size_t size)
323 {
324 if (data == nullptr || size <= 0) {
325 std::cout << "illegal input!";
326 return;
327 }
328 RuntimeOption option;
329 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
330 EcmaVM *vm = JSNApi::CreateJSVM(option);
331 auto thread = vm->GetAssociatedJSThread();
332
333 uint32_t inputNum = 0;
334 if (size > MAXBYTELEN) {
335 size = MAXBYTELEN;
336 }
337 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
338 std::cout << "memcpy_s failed!";
339 UNREACHABLE();
340 }
341 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
342 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
343 info->SetFunction(JSTaggedValue::Undefined());
344 info->SetThis(arrayList.GetTaggedValue());
345 info->SetCallArg(0, JSTaggedValue(inputNum));
346 ContainersArrayList::Add(info);
347
348 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
349 callInfo->SetFunction(JSTaggedValue::Undefined());
350 callInfo->SetThis(arrayList.GetTaggedValue());
351 ContainersArrayList::GetCapacity(callInfo);
352 JSNApi::DestroyJSVM(vm);
353 }
354
ArrayListGetIndexOfFuzzTest(const uint8_t * data,size_t size)355 void ArrayListGetIndexOfFuzzTest(const uint8_t* data, size_t size)
356 {
357 if (data == nullptr || size <= 0) {
358 std::cout << "illegal input!";
359 return;
360 }
361 RuntimeOption option;
362 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
363 EcmaVM *vm = JSNApi::CreateJSVM(option);
364 auto thread = vm->GetAssociatedJSThread();
365
366 uint32_t inputNum = 0;
367 if (size > MAXBYTELEN) {
368 size = MAXBYTELEN;
369 }
370 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
371 std::cout << "memcpy_s failed!";
372 UNREACHABLE();
373 }
374 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
375 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
376 info->SetFunction(JSTaggedValue::Undefined());
377 info->SetThis(arrayList.GetTaggedValue());
378 info->SetCallArg(0, JSTaggedValue(inputNum));
379 ContainersArrayList::Add(info);
380
381 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
382 callInfo->SetFunction(JSTaggedValue::Undefined());
383 callInfo->SetThis(arrayList.GetTaggedValue());
384 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
385 ContainersArrayList::GetIndexOf(callInfo);
386 JSNApi::DestroyJSVM(vm);
387 }
388
ArrayListGetIteratorObjFuzzTest(const uint8_t * data,size_t size)389 void ArrayListGetIteratorObjFuzzTest(const uint8_t* data, size_t size)
390 {
391 if (data == nullptr || size <= 0) {
392 std::cout << "illegal input!";
393 return;
394 }
395 RuntimeOption option;
396 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
397 EcmaVM *vm = JSNApi::CreateJSVM(option);
398 auto thread = vm->GetAssociatedJSThread();
399
400 uint32_t inputNum = 0;
401 if (size > MAXBYTELEN) {
402 size = MAXBYTELEN;
403 }
404 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
405 std::cout << "memcpy_s failed!";
406 UNREACHABLE();
407 }
408 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
409 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
410 info->SetFunction(JSTaggedValue::Undefined());
411 info->SetThis(arrayList.GetTaggedValue());
412 info->SetCallArg(0, JSTaggedValue(inputNum));
413 ContainersArrayList::Add(info);
414
415 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
416 callInfo->SetFunction(JSTaggedValue::Undefined());
417 callInfo->SetThis(arrayList.GetTaggedValue());
418 ContainersArrayList::GetIteratorObj(callInfo);
419 JSNApi::DestroyJSVM(vm);
420 }
421
ArrayListGetLastIndexOfFuzzTest(const uint8_t * data,size_t size)422 void ArrayListGetLastIndexOfFuzzTest(const uint8_t* data, size_t size)
423 {
424 if (data == nullptr || size <= 0) {
425 std::cout << "illegal input!";
426 return;
427 }
428 RuntimeOption option;
429 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
430 EcmaVM *vm = JSNApi::CreateJSVM(option);
431 auto thread = vm->GetAssociatedJSThread();
432
433 uint32_t inputNum = 0;
434 if (size > MAXBYTELEN) {
435 size = MAXBYTELEN;
436 }
437 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
438 std::cout << "memcpy_s failed!";
439 UNREACHABLE();
440 }
441 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
442 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
443 info->SetFunction(JSTaggedValue::Undefined());
444 info->SetThis(arrayList.GetTaggedValue());
445 info->SetCallArg(0, JSTaggedValue(inputNum));
446 ContainersArrayList::Add(info);
447
448 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
449 callInfo->SetFunction(JSTaggedValue::Undefined());
450 callInfo->SetThis(arrayList.GetTaggedValue());
451 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
452 ContainersArrayList::GetLastIndexOf(callInfo);
453 JSNApi::DestroyJSVM(vm);
454 }
455
ArrayListGetSizeFuzzTest(const uint8_t * data,size_t size)456 void ArrayListGetSizeFuzzTest(const uint8_t* data, size_t size)
457 {
458 if (data == nullptr || size <= 0) {
459 std::cout << "illegal input!";
460 return;
461 }
462 RuntimeOption option;
463 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
464 EcmaVM *vm = JSNApi::CreateJSVM(option);
465 auto thread = vm->GetAssociatedJSThread();
466
467 uint32_t inputNum = 0;
468 if (size > MAXBYTELEN) {
469 size = MAXBYTELEN;
470 }
471 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
472 std::cout << "memcpy_s failed!";
473 UNREACHABLE();
474 }
475 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
476 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
477 info->SetFunction(JSTaggedValue::Undefined());
478 info->SetThis(arrayList.GetTaggedValue());
479 info->SetCallArg(0, JSTaggedValue(inputNum));
480 ContainersArrayList::Add(info);
481
482 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
483 callInfo->SetFunction(JSTaggedValue::Undefined());
484 callInfo->SetThis(arrayList.GetTaggedValue());
485 ContainersArrayList::GetSize(callInfo);
486 JSNApi::DestroyJSVM(vm);
487 }
488
ArrayListHasFuzzTest(const uint8_t * data,size_t size)489 void ArrayListHasFuzzTest(const uint8_t* data, size_t size)
490 {
491 if (data == nullptr || size <= 0) {
492 std::cout << "illegal input!";
493 return;
494 }
495 RuntimeOption option;
496 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
497 EcmaVM *vm = JSNApi::CreateJSVM(option);
498 auto thread = vm->GetAssociatedJSThread();
499
500 uint32_t inputNum = 0;
501 if (size > MAXBYTELEN) {
502 size = MAXBYTELEN;
503 }
504 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
505 std::cout << "memcpy_s failed!";
506 UNREACHABLE();
507 }
508 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
509 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
510 info->SetFunction(JSTaggedValue::Undefined());
511 info->SetThis(arrayList.GetTaggedValue());
512 info->SetCallArg(0, JSTaggedValue(inputNum));
513 ContainersArrayList::Add(info);
514
515 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
516 callInfo->SetFunction(JSTaggedValue::Undefined());
517 callInfo->SetThis(arrayList.GetTaggedValue());
518 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
519 ContainersArrayList::Has(callInfo);
520 JSNApi::DestroyJSVM(vm);
521 }
522
ArrayListIncreaseCapacityToFuzzTest(const uint8_t * data,size_t size)523 void ArrayListIncreaseCapacityToFuzzTest(const uint8_t* data, size_t size)
524 {
525 if (data == nullptr || size <= 0) {
526 std::cout << "illegal input!";
527 return;
528 }
529 RuntimeOption option;
530 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
531 EcmaVM *vm = JSNApi::CreateJSVM(option);
532 auto thread = vm->GetAssociatedJSThread();
533
534 uint32_t inputNum = 0;
535 const uint32_t maxByteLen = 1;
536 if (size > maxByteLen) {
537 size = maxByteLen;
538 }
539 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
540 std::cout << "memcpy_s failed!";
541 UNREACHABLE();
542 }
543 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
544 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
545 info->SetFunction(JSTaggedValue::Undefined());
546 info->SetThis(arrayList.GetTaggedValue());
547 info->SetCallArg(0, JSTaggedValue(inputNum));
548 ContainersArrayList::Add(info);
549
550 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
551 callInfo->SetFunction(JSTaggedValue::Undefined());
552 callInfo->SetThis(arrayList.GetTaggedValue());
553 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
554 ContainersArrayList::IncreaseCapacityTo(callInfo);
555 JSNApi::DestroyJSVM(vm);
556 }
557
ArrayListInsertFuzzTest(const uint8_t * data,size_t size)558 void ArrayListInsertFuzzTest(const uint8_t* data, size_t size)
559 {
560 if (data == nullptr || size <= 0) {
561 std::cout << "illegal input!";
562 return;
563 }
564 RuntimeOption option;
565 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
566 EcmaVM *vm = JSNApi::CreateJSVM(option);
567 auto thread = vm->GetAssociatedJSThread();
568
569 uint32_t inputNum = 0;
570 if (size > MAXBYTELEN) {
571 size = MAXBYTELEN;
572 }
573 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
574 std::cout << "memcpy_s failed!";
575 UNREACHABLE();
576 }
577 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
578 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
579 info->SetFunction(JSTaggedValue::Undefined());
580 info->SetThis(arrayList.GetTaggedValue());
581 info->SetCallArg(0, JSTaggedValue(inputNum));
582 ContainersArrayList::Add(info);
583
584 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 8);
585 callInfo->SetFunction(JSTaggedValue::Undefined());
586 callInfo->SetThis(arrayList.GetTaggedValue());
587 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
588 callInfo->SetCallArg(1, JSTaggedValue(inputNum));
589 ContainersArrayList::Insert(callInfo);
590 JSNApi::DestroyJSVM(vm);
591 }
592
ArrayListIsEmptyFuzzTest(const uint8_t * data,size_t size)593 void ArrayListIsEmptyFuzzTest(const uint8_t* data, size_t size)
594 {
595 if (data == nullptr || size <= 0) {
596 std::cout << "illegal input!";
597 return;
598 }
599 RuntimeOption option;
600 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
601 EcmaVM *vm = JSNApi::CreateJSVM(option);
602 auto thread = vm->GetAssociatedJSThread();
603
604 uint32_t inputNum = 0;
605 if (size > MAXBYTELEN) {
606 size = MAXBYTELEN;
607 }
608 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
609 std::cout << "memcpy_s failed!";
610 UNREACHABLE();
611 }
612 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
613 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
614 info->SetFunction(JSTaggedValue::Undefined());
615 info->SetThis(arrayList.GetTaggedValue());
616 info->SetCallArg(0, JSTaggedValue(inputNum));
617 ContainersArrayList::Add(info);
618
619 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
620 callInfo->SetFunction(JSTaggedValue::Undefined());
621 callInfo->SetThis(arrayList.GetTaggedValue());
622 ContainersArrayList::IsEmpty(callInfo);
623 JSNApi::DestroyJSVM(vm);
624 }
625
ArrayListRemoveByIndexFuzzTest(const uint8_t * data,size_t size)626 void ArrayListRemoveByIndexFuzzTest(const uint8_t* data, size_t size)
627 {
628 if (data == nullptr || size <= 0) {
629 std::cout << "illegal input!";
630 return;
631 }
632 RuntimeOption option;
633 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
634 EcmaVM *vm = JSNApi::CreateJSVM(option);
635 auto thread = vm->GetAssociatedJSThread();
636
637 uint32_t inputNum = 0;
638 if (size > MAXBYTELEN) {
639 size = MAXBYTELEN;
640 }
641 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
642 std::cout << "memcpy_s failed!";
643 UNREACHABLE();
644 }
645 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
646 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
647 info->SetFunction(JSTaggedValue::Undefined());
648 info->SetThis(arrayList.GetTaggedValue());
649 info->SetCallArg(0, JSTaggedValue(inputNum));
650 ContainersArrayList::Add(info);
651
652 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
653 callInfo->SetFunction(JSTaggedValue::Undefined());
654 callInfo->SetThis(arrayList.GetTaggedValue());
655 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
656 ContainersArrayList::Remove(callInfo);
657 JSNApi::DestroyJSVM(vm);
658 }
659
ArrayListRemoveByRangeFuzzTest(const uint8_t * data,size_t size)660 void ArrayListRemoveByRangeFuzzTest(const uint8_t* data, size_t size)
661 {
662 if (data == nullptr || size <= 0) {
663 std::cout << "illegal input!";
664 return;
665 }
666 RuntimeOption option;
667 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
668 EcmaVM *vm = JSNApi::CreateJSVM(option);
669 auto thread = vm->GetAssociatedJSThread();
670
671 uint32_t inputNum = 0;
672 const uint32_t maxByteLen = 1;
673 if (size > maxByteLen) {
674 size = maxByteLen;
675 }
676 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
677 std::cout << "memcpy_s failed!";
678 UNREACHABLE();
679 }
680 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
681 for (uint32_t i = 0; i <= inputNum; i++) {
682 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
683 info->SetFunction(JSTaggedValue::Undefined());
684 info->SetThis(arrayList.GetTaggedValue());
685 info->SetCallArg(0, JSTaggedValue(inputNum));
686 ContainersArrayList::Add(info);
687 }
688
689 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
690 callInfo->SetFunction(JSTaggedValue::Undefined());
691 callInfo->SetThis(arrayList.GetTaggedValue());
692 callInfo->SetCallArg(0, JSTaggedValue(0));
693 callInfo->SetCallArg(1, JSTaggedValue(inputNum));
694 ContainersArrayList::RemoveByRange(callInfo);
695 JSNApi::DestroyJSVM(vm);
696 }
697
ArrayListReplaceAllElementsFuzzTest(const uint8_t * data,size_t size)698 void ArrayListReplaceAllElementsFuzzTest(const uint8_t* data, size_t size)
699 {
700 if (data == nullptr || size <= 0) {
701 std::cout << "illegal input!";
702 return;
703 }
704 RuntimeOption option;
705 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
706 EcmaVM *vm = JSNApi::CreateJSVM(option);
707 auto thread = vm->GetAssociatedJSThread();
708 ObjectFactory *factory = vm->GetFactory();
709 JSHandle<GlobalEnv> env = vm->GetGlobalEnv();
710
711 uint32_t inputNum = 0;
712 if (size > MAXBYTELEN) {
713 size = MAXBYTELEN;
714 }
715 if (memcpy_s(&inputNum, MAXBYTELEN, data, size) != 0) {
716 std::cout << "memcpy_s failed!";
717 UNREACHABLE();
718 }
719 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
720 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
721 info->SetFunction(JSTaggedValue::Undefined());
722 info->SetThis(arrayList.GetTaggedValue());
723 info->SetCallArg(0, JSTaggedValue(inputNum));
724 ContainersArrayList::Add(info);
725
726 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
727 JSHandle<JSFunction> func =
728 factory->NewJSFunction(env, reinterpret_cast<void *>(TestReplaceAllElementsFunc));
729 callInfo->SetFunction(JSTaggedValue::Undefined());
730 callInfo->SetThis(arrayList.GetTaggedValue());
731 callInfo->SetCallArg(0, func.GetTaggedValue());
732 ContainersArrayList::ReplaceAllElements(callInfo);
733 JSNApi::DestroyJSVM(vm);
734 }
735
ArrayListSetFuzzTest(const uint8_t * data,size_t size)736 void ArrayListSetFuzzTest(const uint8_t* data, size_t size)
737 {
738 if (data == nullptr || size <= 0) {
739 std::cout << "illegal input!";
740 return;
741 }
742 RuntimeOption option;
743 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
744 EcmaVM *vm = JSNApi::CreateJSVM(option);
745 auto thread = vm->GetAssociatedJSThread();
746
747 uint32_t inputNum = 0;
748 const uint32_t maxByteLen = 1;
749 if (size > maxByteLen) {
750 size = maxByteLen;
751 }
752 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
753 std::cout << "memcpy_s failed!";
754 UNREACHABLE();
755 }
756 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
757 for (uint32_t i = 0; i <= inputNum; i++) {
758 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
759 info->SetFunction(JSTaggedValue::Undefined());
760 info->SetThis(arrayList.GetTaggedValue());
761 info->SetCallArg(0, JSTaggedValue(inputNum));
762 ContainersArrayList::Add(info);
763 }
764
765 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
766 callInfo->SetFunction(JSTaggedValue::Undefined());
767 callInfo->SetThis(arrayList.GetTaggedValue());
768 callInfo->SetCallArg(0, JSTaggedValue(inputNum / 2)); // 2 : half
769 callInfo->SetCallArg(1, JSTaggedValue(inputNum));
770 ContainersArrayList::Set(callInfo);
771 JSNApi::DestroyJSVM(vm);
772 }
773
ArrayListSortFuzzTest(const uint8_t * data,size_t size)774 void ArrayListSortFuzzTest(const uint8_t* data, size_t size)
775 {
776 if (data == nullptr || size <= 0) {
777 std::cout << "illegal input!";
778 return;
779 }
780 RuntimeOption option;
781 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
782 EcmaVM *vm = JSNApi::CreateJSVM(option);
783 auto thread = vm->GetAssociatedJSThread();
784
785 uint32_t inputNum = 0;
786 const uint32_t maxByteLen = 1;
787 if (size > maxByteLen) {
788 size = maxByteLen;
789 }
790 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
791 std::cout << "memcpy_s failed!";
792 UNREACHABLE();
793 }
794 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
795 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
796 info->SetFunction(JSTaggedValue::Undefined());
797 info->SetThis(arrayList.GetTaggedValue());
798 info->SetCallArg(0, JSTaggedValue(inputNum));
799 ContainersArrayList::Add(info);
800
801 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
802 callInfo->SetFunction(JSTaggedValue::Undefined());
803 callInfo->SetThis(arrayList.GetTaggedValue());
804 callInfo->SetCallArg(0, JSTaggedValue::Undefined());
805 ContainersArrayList::Sort(callInfo);
806 JSNApi::DestroyJSVM(vm);
807 }
808
ArrayListSubArrayListFuzzTest(const uint8_t * data,size_t size)809 void ArrayListSubArrayListFuzzTest(const uint8_t* data, size_t size)
810 {
811 if (data == nullptr || size <= 0) {
812 std::cout << "illegal input!";
813 return;
814 }
815 RuntimeOption option;
816 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
817 EcmaVM *vm = JSNApi::CreateJSVM(option);
818 auto thread = vm->GetAssociatedJSThread();
819
820 uint32_t inputNum = 0;
821 const uint32_t maxByteLen = 1;
822 if (size > maxByteLen) {
823 size = maxByteLen;
824 }
825 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
826 std::cout << "memcpy_s failed!";
827 UNREACHABLE();
828 }
829 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
830 for (uint32_t i = 0; i <= inputNum; i++) {
831 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
832 info->SetFunction(JSTaggedValue::Undefined());
833 info->SetThis(arrayList.GetTaggedValue());
834 info->SetCallArg(0, JSTaggedValue(inputNum));
835 ContainersArrayList::Add(info);
836 }
837
838 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
839 callInfo->SetFunction(JSTaggedValue::Undefined());
840 callInfo->SetThis(arrayList.GetTaggedValue());
841 callInfo->SetCallArg(0, JSTaggedValue(0)); // start
842 callInfo->SetCallArg(1, JSTaggedValue(inputNum / 2)); // end 2 : half
843 ContainersArrayList::SubArrayList(callInfo);
844 JSNApi::DestroyJSVM(vm);
845 }
846
ArrayListTrimToCurrentLengthFuzzTest(const uint8_t * data,size_t size)847 void ArrayListTrimToCurrentLengthFuzzTest(const uint8_t* data, size_t size)
848 {
849 if (data == nullptr || size <= 0) {
850 std::cout << "illegal input!";
851 return;
852 }
853 RuntimeOption option;
854 option.SetLogLevel(RuntimeOption::LOG_LEVEL::ERROR);
855 EcmaVM *vm = JSNApi::CreateJSVM(option);
856 auto thread = vm->GetAssociatedJSThread();
857
858 uint32_t inputNum = 0;
859 const uint32_t maxByteLen = 1;
860 if (size > maxByteLen) {
861 size = maxByteLen;
862 }
863 if (memcpy_s(&inputNum, maxByteLen, data, size) != 0) {
864 std::cout << "memcpy_s failed!";
865 UNREACHABLE();
866 }
867 JSHandle<JSAPIArrayList> arrayList = CreateJSAPIArrayList(thread);
868 EcmaRuntimeCallInfo *info = CreateEcmaRuntimeCallInfo(thread, 6);
869 info->SetFunction(JSTaggedValue::Undefined());
870 info->SetThis(arrayList.GetTaggedValue());
871 info->SetCallArg(0, JSTaggedValue(inputNum));
872 ContainersArrayList::Add(info);
873
874 EcmaRuntimeCallInfo *callInfo = CreateEcmaRuntimeCallInfo(thread, 6);
875 callInfo->SetFunction(JSTaggedValue::Undefined());
876 callInfo->SetThis(arrayList.GetTaggedValue());
877 callInfo->SetCallArg(0, JSTaggedValue(inputNum));
878 ContainersArrayList::TrimToCurrentLength(callInfo);
879 JSNApi::DestroyJSVM(vm);
880 }
881 }
882
883 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)884 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
885 {
886 // Run your code on data.
887 OHOS::ArrayListAddFuzzTest(data, size);
888 OHOS::ArrayListForEachFuzzTest(data, size);
889 OHOS::ArrayListIsEmptyFuzzTest(data, size);
890 OHOS::ArrayListInsertFuzzTest(data, size);
891 OHOS::ArrayListIncreaseCapacityToFuzzTest(data, size);
892 OHOS::ArrayListHasFuzzTest(data, size);
893 OHOS::ArrayListGetSizeFuzzTest(data, size);
894 OHOS::ArrayListGetLastIndexOfFuzzTest(data, size);
895 OHOS::ArrayListGetIteratorObjFuzzTest(data, size);
896 OHOS::ArrayListGetIndexOfFuzzTest(data, size);
897 OHOS::ArrayListGetCapacityFuzzTest(data, size);
898 OHOS::ArrayListGetFuzzTest(data, size);
899 OHOS::ArrayListConvertToArrayFuzzTest(data, size);
900 OHOS::ArrayListCloneFuzzTest(data, size);
901 OHOS::ArrayListClearFuzzTest(data, size);
902 OHOS::ArrayListRemoveByIndexFuzzTest(data, size);
903 OHOS::ArrayListRemoveByRangeFuzzTest(data, size);
904 OHOS::ArrayListReplaceAllElementsFuzzTest(data, size);
905 OHOS::ArrayListSetFuzzTest(data, size);
906 OHOS::ArrayListSortFuzzTest(data, size);
907 OHOS::ArrayListSubArrayListFuzzTest(data, size);
908 OHOS::ArrayListTrimToCurrentLengthFuzzTest(data, size);
909 return 0;
910 }