js/src/fuzz-tests/tests.cpp

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
   2  * vim: set ts=8 sts=2 et sw=2 tw=80:
   3  * This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #include "fuzz-tests/tests.h"
   8
   9 #include <stdio.h>
  10
  11 #include "js/AllocPolicy.h"
  12 #include "js/GlobalObject.h"
  13 #include "js/Initialization.h"
  14 #include "js/RootingAPI.h"
  15 #include "js/Stack.h"
  16 #include "vm/JSContext.h"
  17
  18 #ifdef LIBFUZZER
  19 #  include "FuzzerDefs.h"
  20 #endif
  21
  22 using namespace mozilla;
  23
  24 JS::PersistentRootedObject gGlobal;
  25 JSContext* gCx = nullptr;
  26
  27 static const JSClass* getGlobalClass() {
  28   static const JSClass c = {"global", JSCLASS_GLOBAL_FLAGS,
  29                             &JS::DefaultGlobalClassOps};
  30   return &c;
  31 }
  32
  33 static JSObject* jsfuzz_createGlobal(JSContext* cx, JSPrincipals* principals) {
  34   /* Create the global object. */
  35   JS::RealmOptions options;
  36   options.creationOptions()
  37       .setWeakRefsEnabled(JS::WeakRefSpecifier::EnabledWithCleanupSome)
  38       .setSharedMemoryAndAtomicsEnabled(true);
  39   return JS_NewGlobalObject(cx, getGlobalClass(), principals,
  40                             JS::FireOnNewGlobalHook, options);
  41 }
  42
  43 static bool jsfuzz_init(JSContext** cx, JS::PersistentRootedObject* global) {
  44   *cx = JS_NewContext(8L * 1024 * 1024);
  45   if (!*cx) {
  46     return false;
  47   }
  48
  49   const size_t MAX_STACK_SIZE = 500000;
  50
  51   JS_SetNativeStackQuota(*cx, MAX_STACK_SIZE);
  52
  53   js::UseInternalJobQueues(*cx);
  54   if (!JS::InitSelfHostedCode(*cx)) {
  55     return false;
  56   }
  57   global->init(*cx);
  58   *global = jsfuzz_createGlobal(*cx, nullptr);
  59   if (!*global) {
  60     return false;
  61   }
  62   JS::EnterRealm(*cx, *global);
  63   return true;
  64 }
  65
  66 static void jsfuzz_uninit(JSContext* cx) {
  67   if (cx) {
  68     JS::LeaveRealm(cx, nullptr);
  69     JS_DestroyContext(cx);
  70     cx = nullptr;
  71   }
  72 }
  73
  74 int main(int argc, char* argv[]) {
  75   if (!JS_Init()) {
  76     fprintf(stderr, "Error: Call to jsfuzz_init() failed\n");
  77     return 1;
  78   }
  79
  80   if (!jsfuzz_init(&gCx, &gGlobal)) {
  81     fprintf(stderr, "Error: Call to jsfuzz_init() failed\n");
  82     return 1;
  83   }
  84
  85   const char* fuzzerEnv = getenv("FUZZER");
  86   if (!fuzzerEnv) {
  87     fprintf(stderr,
  88             "Must specify fuzzing target in FUZZER environment variable\n");
  89     return 1;
  90   }
  91
  92   std::string moduleNameStr(getenv("FUZZER"));
  93
  94   FuzzerFunctions funcs =
  95       FuzzerRegistry::getInstance().getModuleFunctions(moduleNameStr);
  96   FuzzerInitFunc initFunc = funcs.first;
  97   FuzzerTestingFunc testingFunc = funcs.second;
  98   if (initFunc) {
  99     int ret = initFunc(&argc, &argv);
 100     if (ret) {
 101       fprintf(stderr, "Fuzzing Interface: Error: Initialize callback failed\n");
 102       return ret;
 103     }
 104   }
 105
 106   if (!testingFunc) {
 107     fprintf(stderr, "Fuzzing Interface: Error: No testing callback found\n");
 108     return 1;
 109   }
 110
 111 #ifdef LIBFUZZER
 112   fuzzer::FuzzerDriver(&argc, &argv, testingFunc);
 113 #elif AFLFUZZ
 114   testingFunc(nullptr, 0);
 115 #endif
 116
 117   jsfuzz_uninit(gCx);
 118
 119   JS_ShutDown();
 120
 121   return 0;
 122 }