fuzz-natives.js revision 0d5e116f6aee03185f237311a943491bb079a768 
1// Copyright 2008 the V8 project authors. All rights reserved.
2// Redistribution and use in source and binary forms, with or without
3// modification, are permitted provided that the following conditions are
4// met:
5//
6//     * Redistributions of source code must retain the above copyright
7//       notice, this list of conditions and the following disclaimer.
8//     * Redistributions in binary form must reproduce the above
9//       copyright notice, this list of conditions and the following
10//       disclaimer in the documentation and/or other materials provided
11//       with the distribution.
12//     * Neither the name of Google Inc. nor the names of its
13//       contributors may be used to endorse or promote products derived
14//       from this software without specific prior written permission.
15//
16// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
28// Flags: --allow-natives-syntax
29
30var RUN_WITH_ALL_ARGUMENT_ENTRIES = false;
31var kOnManyArgumentsRemove = 5;
32
33function makeArguments() {
34  var result = [ ];
35  result.push(17);
36  result.push(-31);
37  result.push(new Array(100));
38  result.push(new Array(100003));
39  result.push(Number.MIN_VALUE);
40  result.push("whoops");
41  result.push("x");
42  result.push({"x": 1, "y": 2});
43  var slowCaseObj = {"a": 3, "b": 4, "c": 5};
44  delete slowCaseObj.c;
45  result.push(slowCaseObj);
46  result.push(function () { return 8; });
47  return result;
48}
49
50var kArgObjects = makeArguments().length;
51
52function makeFunction(name, argc) {
53  var args = [];
54  for (var i = 0; i < argc; i++)
55    args.push("x" + i);
56  var argsStr = args.join(", ");
57  return new Function(args.join(", "), "return %" + name + "(" + argsStr + ");");
58}
59
60function testArgumentCount(name, argc) {
61  for (var i = 0; i < 10; i++) {
62    var func = null;
63    try {
64      func = makeFunction(name, i);
65    } catch (e) {
66      if (e != "SyntaxError: Illegal access") throw e;
67    }
68    if (func === null && i == argc) {
69      throw "unexpected exception";
70    }
71    var args = [ ];
72    for (var j = 0; j < i; j++)
73      args.push(0);
74    try {
75      func.apply(void 0, args);
76    } catch (e) {
77      // we don't care what happens as long as we don't crash
78    }
79  }
80}
81
82function testArgumentTypes(name, argc) {
83  var type = 0;
84  var hasMore = true;
85  var func = makeFunction(name, argc);
86  while (hasMore) {
87    var argPool = makeArguments();
88    // When we have 5 or more arguments we lower the amount of tests cases
89    // by randomly removing kOnManyArgumentsRemove entries
90    var numArguments = RUN_WITH_ALL_ARGUMENT_ENTRIES ?
91      kArgObjects : kArgObjects-kOnManyArgumentsRemove;
92    if (argc >= 5 && !RUN_WITH_ALL_ARGUMENT_ENTRIES) {
93      for (var i = 0; i < kOnManyArgumentsRemove; i++) {
94        var rand = Math.floor(Math.random() * (kArgObjects - i));
95        argPool.splice(rand,1);
96      }
97    }
98    var current = type;
99    var hasMore = false;
100    var argList = [ ];
101    for (var i = 0; i < argc; i++) {
102      var index = current % numArguments;
103      current = (current / numArguments) << 0;
104      if (index != (numArguments - 1))
105        hasMore = true;
106      argList.push(argPool[index]);
107    }
108    try {
109      func.apply(void 0, argList);
110    } catch (e) {
111      // we don't care what happens as long as we don't crash
112    }
113    type++;
114  }
115}
116
117var knownProblems = {
118  "Abort": true,
119
120  // Avoid calling the concat operation, because weird lengths
121  // may lead to out-of-memory.
122  "StringBuilderConcat": true,
123
124  // These functions use pseudo-stack-pointers and are not robust
125  // to unexpected integer values.
126  "DebugEvaluate": true,
127
128  // These functions do nontrivial error checking in recursive calls,
129  // which means that we have to propagate errors back.
130  "SetFunctionBreakPoint": true,
131  "SetScriptBreakPoint": true,
132  "PrepareStep": true,
133
134  // Too slow.
135  "DebugReferencedBy": true,
136
137  // Calling disable/enable access checks may interfere with the
138  // the rest of the tests.
139  "DisableAccessChecks": true,
140  "EnableAccessChecks": true,
141
142  // These functions should not be callable as runtime functions.
143  "NewContext": true,
144  "NewArgumentsFast": true,
145  "PushContext": true,
146  "LazyCompile": true,
147  "CreateObjectLiteralBoilerplate": true,
148  "CloneLiteralBoilerplate": true,
149  "CloneShallowLiteralBoilerplate": true,
150  "CreateArrayLiteralBoilerplate": true,
151  "IS_VAR": true,
152  "ResolvePossiblyDirectEval": true,
153  "Log": true,
154  "DeclareGlobals": true,
155
156  "PromoteScheduledException": true,
157  "DeleteHandleScopeExtensions": true,
158
159  // That can only be invoked on Array.prototype.
160  "FinishArrayPrototypeSetup": true,
161
162  "_SwapElements": true,
163
164  // Performance critical function which cannot afford type checks.
165  "_CallFunction": true,
166
167  // Tries to allocate based on argument, and (correctly) throws
168  // out-of-memory if the request is too large. In practice, the
169  // size will be the number of captures of a RegExp.
170  "RegExpConstructResult": true,
171  "_RegExpConstructResult": true,
172
173  // This function performs some checks compile time (it requires its first
174  // argument to be a compile time smi).
175  "_GetFromCache": true,
176
177  // This function expects its first argument to be a non-smi.
178  "_IsStringWrapperSafeForDefaultValueOf" : true,
179
180  // Only applicable to strings.
181  "_HasCachedArrayIndex": true,
182  "_GetCachedArrayIndex": true
183};
184
185var currentlyUncallable = {
186  // We need to find a way to test this without breaking the system.
187  "SystemBreak": true
188};
189
190function testNatives() {
191  var allNatives = %ListNatives();
192  for (var i = 0; i < allNatives.length; i++) {
193    var nativeInfo = allNatives[i];
194    var name = nativeInfo[0];
195    if (name in knownProblems || name in currentlyUncallable)
196      continue;
197    print(name);
198    var argc = nativeInfo[1];
199    testArgumentCount(name, argc);
200    testArgumentTypes(name, argc);
201  }
202}
203
204testNatives();
205