* Move fuzz target sources from the oss-fuzz repository here
* Add support to build libFuzzer targets
* Simplify the fuzz_eval and fuzz_compile targets
The use of JS_NewContext instead of JS_NewContextRaw spares to call
JS_AddIntrinsic<XYZ> functions from the fuzz target, since the public
JS_NewContext API does exactly the same.
* Simplify the fuzz_regexp target
fuzz_regexp doesn't need to be dependant on libquickjs since the
runtime and the context - that were provided by libquickjs - were
only created to call two simple functions implemented in libquickjs
which could be mimicked by the fuzzer.
The removal of runtime and context objects implicated further
simplifications, like the omission of their one-time creation.
Finally, writing the result of the regexp operations into a file
is also superfluous, since it's not used by anybody.
* Recreate and destroy JS runtime and context in fuzz_eval and fuzz_compile targets
Before this patch, the test executions were not independent,
since all the executed tests used the same JavaScript runtime and
context, causing irreproducible failure reports.
* Enable bignumber support in eval and compile targets
Big numbers are used by the input corpus, but the targets were not
able to interpret them since they were not compiled into them.
This change improved the inital coverage of the fuzz_eval target with
21% and the coverage of the fuzz_compile target with 25% when using
the official corpus.
* Ensure std and os modules are available in the fuzz_eval and fuzz_compile targets
* Add fuzzer dictionary with builtin and variable names. Furthermore, added a JS script that collects all the builtin
names from the executing engine.
* Move common fuzzer code into one place
* Enable to define the LIB_FUZZING_ENGINE variable to ease the oss-fuzz integration
* Add README to fuzzers
- detect and report invalid duplicate parameter names
- throw RangeError for too many function arguments
- throw RangeError for invalid string length
- prevent `-Wcast-function-type` warnings
- add `minimum_length` to enforce array length validation
- add `JS_NewDate()` API
- add `[Symbol.toStringTag]` property in the global object
- simplify `string_get_milliseconds`
- support more timezone abbrevs using `string_get_tzabbr` and array
This switches the exec test to `SIGTERM` rather than `SIGQUIT` since the
latter didn’t seem to work in QEMU, and the distinction doesn’t really
matter for this test.
This also makes the `isatty()` check smarter by checking whether `STDIN`
is, in fact, a terminal.
Added qemu-alpine targets i386, arm32v6, arm32v7, arm64v8, s390x
Co-authored-by: Felipe Gasper <felipe@felipegasper.com>
- add `memcpy_no_ub` that accepts null pointers for 0 count
- prevent 0 length allocation in `js_worker_postMessage`
- use safer test for `int` value in `JS_NewFloat64`,
`JS_ToArrayLengthFree` and `js_typed_array_indexOf`
- accept many more alternative date/time formats
- add test cases in tests/test_builtin.js
- match month and timezone names case insensitively
- accept AM and PM markers
- recognize US timezone names
- skip parenthesized stuff
- fix almost all v8 test cases
- fix the conversions for integers and exact fractions
- approximate approach for other cases.
- bypass floating point conversions for JS_TAG_INT values
- avoid divisions for base 10 integer conversions
- ensure handler behavior does not depend on n argument
- load and save reference file in node.js
- add -s filename option to name the output reference file
- add targets in Makefile for tests and bencharks using node.js
- fix incorrect timings when not using high resolution timer
- use performance timer in node.js
- output performance factor instead of percentage
- use smaller threshold by default
- add benchmarks for:
date_parse(), prop_update(), prop_clone(), array_slice()
global_func_call(),
- rewrite Date.parse() with separate parsers
- return `NaN` for out of bounds field values as specified
- accept up to 9 decimals for millisecond fraction but truncate at 3
- accept many more alternative date/time formats
- add test cases in tests/test_builtin.js
- use `double` arithmetic where necessary to match the spec
- use `volatile` to ensure correct order of evaluation
and prevent FMA code generation
- reject some border cases.
- avoid undefined behavior in `double` -> `int64_t` conversions
- improved tests/test_builtin.js `assert` function to compare
values more reliably.
- added some tests in `test_date()`
- disable some of these tests on win32 and cygwin targets
If you want to extend a built-in class you need it's class ID and there
is no robust way to get that without this accessor.
* add JS_INVALID_CLASS_ID constant for invalid class ID.
Signed-off-by: Tyler Rockwood <rockwood@redpanda.com>
- add inline function to test and convert surrogates
is_surrogate(c), is_hi_surrogate(c), is_lo_surrogate(c),
get_hi_surrogate(c), get_lo_surrogate(c), from_surrogate(hi, lo)
- use names for BC header offsets and lengths in libregexp.c
- remove strict aliasing violations in `lre_exec_backtrack()`
- pass all context variables to XXX_CHAR macros in `lre_exec_backtrack()`
- add -t to show timings
- add -C to select compact progress meter
- default to compact progress meter if not attached to console
- set agent stack size to 2MB
- compute module filename relative to current path
- ignore `testdir` for -d and -f options
- return non zero status on errors changes
Big endian serialization was broken because:
- it partially relied on `WORDS_ENDIAN` (unconditionally undef'd in cutils.h)
- endianness was not handled at all in the bc reader.
Modifications:
- remove `WORDS_ENDIAN`
- use `bc_put_u32()` / `bc_put_u64()` in `JS_WriteBigInt()`
- use `bc_get_u32()` / `bc_get_u64()` in `JS_ReadBigInt()`
- handle host endianness in `bc_get_u16()`, `bc_get_u32()`, `bc_get_u64()` and
`JS_ReadFunctionBytecode()`
- handle optional littleEndian argument as specified in
`js_dataview_getValue()` and `js_dataview_setValue()`
- split test_bigfloat.js from test_bignum.js
- make test_date() compatible with node
- document Date constructor string argument format:
should add test cases for invalid strings
- test_argument_scope(): only test this syntax error in strict mode:
`var f = function(a = eval("var arguments")) {};`
- Use uint32_t arithmetics and Standard conformant conversion to
avoid UB in js_math_imul.
- add builtin tests
- use specific object directories for SAN targets
ssize_t is not always available and the cast it was used in wasn't
necessary in the first place, the value already has the right type.
Note that the field malloc_limit is an int64_t in JSMemoryUsage whereas it
is a size_t in JSMallocState.
- add more cases of in place string concatenation
this temporary hack improves the microbench timing by 30% but
has little impact on the test262 timings.
- remove temporary fix for MemorySanitizer:
setting p->u.array.count to 0 silenced a warning in JS_GetPropertyValue on a
hacky test agains the length of fast_array object.
This hack was removed by commit c3635861f6.
- force evaluation order in `set_date_fields`
- fix evaluation error in test262/test/built-ins/Date/UTC/fp-evaluation-order.js:19:
unexpected error: Test262Error: precision in MakeDate Expected SameValue(«34448384», «34447360») to be true
MemorySanitizer complained about uninitialized reads in
the indexed property code path in JS_GetPropertyValue()
with JS_CLASS_MAPPED_ARGUMENTS objects.