ladybird/Meta/Lagom/Fuzzers/FuzzJs.cpp

/*
 * Copyright (c) 2020, the SerenityOS developers.
 * Copyright (c) 2022, Luke Wilde <lukew@serenityos.org>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */

#include <AK/StringView.h>
#include <LibJS/Bytecode/Interpreter.h>
#include <LibJS/Runtime/GlobalObject.h>
#include <LibJS/Script.h>
#include <stddef.h>
#include <stdint.h>

extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size)
{
    auto js = StringView(static_cast<unsigned char const*>(data), size);
    // FIXME: https://github.com/SerenityOS/serenity/issues/17899
    if (!Utf8View(js).validate())
        return 0;
    auto vm = MUST(JS::VM::create());
    auto root_execution_context = JS::create_simple_execution_context<JS::GlobalObject>(*vm);
    auto& realm = *root_execution_context->realm;
    auto parse_result = JS::Script::parse(js, realm);
    if (!parse_result.is_error())
        (void)vm->bytecode_interpreter().run(parse_result.value());

    return 0;
}
Lagom: Add missing copyright header to FuzzJS.cpp 2020-05-09 15:23:26 +03:00			`/*`
			`* Copyright (c) 2020, the SerenityOS developers.`
LibJS: Refactor interpreter to use Script and Source Text Modules This also refactors interpreter creation to follow InitializeHostDefinedRealm, but I couldn't fit it in the title :^) This allows us to follow the spec much more closely rather than being completely ad-hoc with just the parse node instead of having all the surrounding data such as the realm of the parse node. The interpreter creation refactor creates the global execution context once and doesn't take it off the stack. This allows LibWeb to take the global execution context and manually handle it, following the HTML spec. The HTML spec calls this the "realm execution context" of the environment settings object. It also allows us to specify the globalThis type, as it can be different from the global object type. For example, on the web, Window global objects use a WindowProxy global this value to enforce the same origin policy on operations like [[GetOwnProperty]]. Finally, it allows us to directly call Program::execute in perform_eval and perform_shadow_realm_eval as this moves global_declaration_instantiation into Interpreter::run (ScriptEvaluation) as per the spec. Note that this doesn't evalulate Source Text Modules yet or refactor the bytecode interpreter, that's work for future us :^) This patch was originally build by Luke for the environment settings object change but was also needed for modules. So I (davidot) have modified it with the new completion changes and setup for that. Co-authored-by: davidot <davidot@serenityos.org> 2022-01-16 15:16:04 +03:00			`* Copyright (c) 2022, Luke Wilde <lukew@serenityos.org>`
Lagom: Add missing copyright header to FuzzJS.cpp 2020-05-09 15:23:26 +03:00			`*`
Everything: Move to SPDX license identifiers in all files. SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt * 2021-04-22 11:24:48 +03:00			`* SPDX-License-Identifier: BSD-2-Clause`
Lagom: Add missing copyright header to FuzzJS.cpp 2020-05-09 15:23:26 +03:00			`*/`

Lagom: Add fuzz testing for LibJS using libFuzzer (#1692) Note: clang only (see https://llvm.org/docs/LibFuzzer.html) - add FuzzJs which will run the LibJS parser on random javascript inputs - added a basic dictionary of javascript tokens To use fuzzer: CC=/usr/bin/clang CXX=/usr/bin/clang++ cmake -DENABLE_FUZZER_SANITIZER=1 .. Fuzzers/FuzzJs -dict=../Fuzzers/FuzzJs.dict 2020-04-08 11:40:02 +03:00			`#include <AK/StringView.h>`
Fuzzers: Use the LibJS bytecode VM 2023-08-08 08:10:39 +03:00			`#include <LibJS/Bytecode/Interpreter.h>`
FuzzJs: If the program successfully parsed, try running it This should help us get a lot more coverage in LibJS. 2021-01-03 18:01:36 +03:00			`#include <LibJS/Runtime/GlobalObject.h>`
LibJS: Refactor interpreter to use Script and Source Text Modules This also refactors interpreter creation to follow InitializeHostDefinedRealm, but I couldn't fit it in the title :^) This allows us to follow the spec much more closely rather than being completely ad-hoc with just the parse node instead of having all the surrounding data such as the realm of the parse node. The interpreter creation refactor creates the global execution context once and doesn't take it off the stack. This allows LibWeb to take the global execution context and manually handle it, following the HTML spec. The HTML spec calls this the "realm execution context" of the environment settings object. It also allows us to specify the globalThis type, as it can be different from the global object type. For example, on the web, Window global objects use a WindowProxy global this value to enforce the same origin policy on operations like [[GetOwnProperty]]. Finally, it allows us to directly call Program::execute in perform_eval and perform_shadow_realm_eval as this moves global_declaration_instantiation into Interpreter::run (ScriptEvaluation) as per the spec. Note that this doesn't evalulate Source Text Modules yet or refactor the bytecode interpreter, that's work for future us :^) This patch was originally build by Luke for the environment settings object change but was also needed for modules. So I (davidot) have modified it with the new completion changes and setup for that. Co-authored-by: davidot <davidot@serenityos.org> 2022-01-16 15:16:04 +03:00			`#include <LibJS/Script.h>`
Lagom: Add fuzz testing for LibJS using libFuzzer (#1692) Note: clang only (see https://llvm.org/docs/LibFuzzer.html) - add FuzzJs which will run the LibJS parser on random javascript inputs - added a basic dictionary of javascript tokens To use fuzzer: CC=/usr/bin/clang CXX=/usr/bin/clang++ cmake -DENABLE_FUZZER_SANITIZER=1 .. Fuzzers/FuzzJs -dict=../Fuzzers/FuzzJs.dict 2020-04-08 11:40:02 +03:00			`#include <stddef.h>`
			`#include <stdint.h>`

Everywhere: Run clang-format 2022-04-01 20:58:27 +03:00			`extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size)`
Lagom: Add fuzz testing for LibJS using libFuzzer (#1692) Note: clang only (see https://llvm.org/docs/LibFuzzer.html) - add FuzzJs which will run the LibJS parser on random javascript inputs - added a basic dictionary of javascript tokens To use fuzzer: CC=/usr/bin/clang CXX=/usr/bin/clang++ cmake -DENABLE_FUZZER_SANITIZER=1 .. Fuzzers/FuzzJs -dict=../Fuzzers/FuzzJs.dict 2020-04-08 11:40:02 +03:00			`{`
Everywhere: Run clang-format 2022-04-01 20:58:27 +03:00			`auto js = StringView(static_cast<unsigned char const*>(data), size);`
Fuzzers: Skip trying to parse invalid UTF-8 in LibJS Fuzzers Invalid UTF-8 crashes JS::Script::Parse. 2023-03-17 21:59:56 +03:00			`// FIXME: https://github.com/SerenityOS/serenity/issues/17899`
			`if (!Utf8View(js).validate())`
			`return 0;`
LibJS: Propagate errors from VM creation 2023-03-17 17:44:47 +03:00			`auto vm = MUST(JS::VM::create());`
Fuzzers: Use the LibJS bytecode VM 2023-08-08 08:10:39 +03:00			`auto root_execution_context = JS::create_simple_execution_context<JS::GlobalObject>(*vm);`
			`auto& realm = *root_execution_context->realm;`
			`auto parse_result = JS::Script::parse(js, realm);`
LibJS: Refactor interpreter to use Script and Source Text Modules This also refactors interpreter creation to follow InitializeHostDefinedRealm, but I couldn't fit it in the title :^) This allows us to follow the spec much more closely rather than being completely ad-hoc with just the parse node instead of having all the surrounding data such as the realm of the parse node. The interpreter creation refactor creates the global execution context once and doesn't take it off the stack. This allows LibWeb to take the global execution context and manually handle it, following the HTML spec. The HTML spec calls this the "realm execution context" of the environment settings object. It also allows us to specify the globalThis type, as it can be different from the global object type. For example, on the web, Window global objects use a WindowProxy global this value to enforce the same origin policy on operations like [[GetOwnProperty]]. Finally, it allows us to directly call Program::execute in perform_eval and perform_shadow_realm_eval as this moves global_declaration_instantiation into Interpreter::run (ScriptEvaluation) as per the spec. Note that this doesn't evalulate Source Text Modules yet or refactor the bytecode interpreter, that's work for future us :^) This patch was originally build by Luke for the environment settings object change but was also needed for modules. So I (davidot) have modified it with the new completion changes and setup for that. Co-authored-by: davidot <davidot@serenityos.org> 2022-01-16 15:16:04 +03:00			`if (!parse_result.is_error())`
Fuzzers: Use the LibJS bytecode VM 2023-08-08 08:10:39 +03:00			`(void)vm->bytecode_interpreter().run(parse_result.value());`
LibJS: Refactor interpreter to use Script and Source Text Modules This also refactors interpreter creation to follow InitializeHostDefinedRealm, but I couldn't fit it in the title :^) This allows us to follow the spec much more closely rather than being completely ad-hoc with just the parse node instead of having all the surrounding data such as the realm of the parse node. The interpreter creation refactor creates the global execution context once and doesn't take it off the stack. This allows LibWeb to take the global execution context and manually handle it, following the HTML spec. The HTML spec calls this the "realm execution context" of the environment settings object. It also allows us to specify the globalThis type, as it can be different from the global object type. For example, on the web, Window global objects use a WindowProxy global this value to enforce the same origin policy on operations like [[GetOwnProperty]]. Finally, it allows us to directly call Program::execute in perform_eval and perform_shadow_realm_eval as this moves global_declaration_instantiation into Interpreter::run (ScriptEvaluation) as per the spec. Note that this doesn't evalulate Source Text Modules yet or refactor the bytecode interpreter, that's work for future us :^) This patch was originally build by Luke for the environment settings object change but was also needed for modules. So I (davidot) have modified it with the new completion changes and setup for that. Co-authored-by: davidot <davidot@serenityos.org> 2022-01-16 15:16:04 +03:00
Lagom: Add fuzz testing for LibJS using libFuzzer (#1692) Note: clang only (see https://llvm.org/docs/LibFuzzer.html) - add FuzzJs which will run the LibJS parser on random javascript inputs - added a basic dictionary of javascript tokens To use fuzzer: CC=/usr/bin/clang CXX=/usr/bin/clang++ cmake -DENABLE_FUZZER_SANITIZER=1 .. Fuzzers/FuzzJs -dict=../Fuzzers/FuzzJs.dict 2020-04-08 11:40:02 +03:00			`return 0;`
			`}`