fuzz-natives.js revision ac95265630a4e0c317a7a7201d17a57df7d9bcce
1// Copyright 2008 the V8 project authors. All rights reserved.
2// Redistribution and use in source and binary forms, with or without
3// modification, are permitted provided that the following conditions are
4// met:
5//
6//     * Redistributions of source code must retain the above copyright
7//       notice, this list of conditions and the following disclaimer.
8//     * Redistributions in binary form must reproduce the above
9//       copyright notice, this list of conditions and the following
10//       disclaimer in the documentation and/or other materials provided
11//       with the distribution.
12//     * Neither the name of Google Inc. nor the names of its
13//       contributors may be used to endorse or promote products derived
14//       from this software without specific prior written permission.
15//
16// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
28// Flags: --allow-natives-syntax
29
30var RUN_WITH_ALL_ARGUMENT_ENTRIES = false;
31var kOnManyArgumentsRemove = 5;
32
33function makeArguments() {
34  var result = [ ];
35  result.push(17);
36  result.push(-31);
37  result.push(new Array(100));
38  result.push(new Array(100003));
39  result.push(Number.MIN_VALUE);
40  result.push("whoops");
41  result.push("x");
42  result.push({"x": 1, "y": 2});
43  var slowCaseObj = {"a": 3, "b": 4, "c": 5};
44  delete slowCaseObj.c;
45  result.push(slowCaseObj);
46  result.push(function () { return 8; });
47  return result;
48}
49
50var kArgObjects = makeArguments().length;
51
52function makeFunction(name, argc) {
53  var args = [];
54  for (var i = 0; i < argc; i++)
55    args.push("x" + i);
56  var argsStr = args.join(", ");
57  return new Function(args.join(", "), "return %" + name + "(" + argsStr + ");");
58}
59
60function testArgumentCount(name, argc) {
61  for (var i = 0; i < 10; i++) {
62    var func = null;
63    try {
64      func = makeFunction(name, i);
65    } catch (e) {
66      if (e != "SyntaxError: Illegal access") throw e;
67    }
68    if (func === null && i == argc) {
69      throw "unexpected exception";
70    }
71    var args = [ ];
72    for (var j = 0; j < i; j++)
73      args.push(0);
74    try {
75      func.apply(void 0, args);
76    } catch (e) {
77      // we don't care what happens as long as we don't crash
78    }
79  }
80}
81
82function testArgumentTypes(name, argc) {
83  var type = 0;
84  var hasMore = true;
85  var func = makeFunction(name, argc);
86  while (hasMore) {
87    var argPool = makeArguments();
88    // When we have 5 or more arguments we lower the amount of tests cases
89    // by randomly removing kOnManyArgumentsRemove entries
90    var numArguments = RUN_WITH_ALL_ARGUMENT_ENTRIES ?
91      kArgObjects : kArgObjects-kOnManyArgumentsRemove;
92    if (argc >= 5 && !RUN_WITH_ALL_ARGUMENT_ENTRIES) {
93      for (var i = 0; i < kOnManyArgumentsRemove; i++) {
94        var rand = Math.floor(Math.random() * (kArgObjects - i));
95        argPool.splice(rand,1);
96      }
97    }
98    var current = type;
99    var hasMore = false;
100    var argList = [ ];
101    for (var i = 0; i < argc; i++) {
102      var index = current % numArguments;
103      current = (current / numArguments) << 0;
104      if (index != (numArguments - 1))
105        hasMore = true;
106      argList.push(argPool[index]);
107    }
108    try {
109      func.apply(void 0, argList);
110    } catch (e) {
111      // we don't care what happens as long as we don't crash
112    }
113    type++;
114  }
115}
116
117var knownProblems = {
118  "Abort": true,
119
120  // Avoid calling the concat operation, because weird lengths
121  // may lead to out-of-memory.
122  "StringBuilderConcat": true,
123
124  // These functions use pseudo-stack-pointers and are not robust
125  // to unexpected integer values.
126  "DebugEvaluate": true,
127
128  // These functions do nontrivial error checking in recursive calls,
129  // which means that we have to propagate errors back.
130  "SetFunctionBreakPoint": true,
131  "SetScriptBreakPoint": true,
132  "ChangeBreakOnException": true,
133  "PrepareStep": true,
134
135  // Too slow.
136  "DebugReferencedBy": true,
137
138  // Calling disable/enable access checks may interfere with the
139  // the rest of the tests.
140  "DisableAccessChecks": true,
141  "EnableAccessChecks": true,
142
143  // These functions should not be callable as runtime functions.
144  "NewContext": true,
145  "NewArgumentsFast": true,
146  "PushContext": true,
147  "LazyCompile": true,
148  "CreateObjectLiteralBoilerplate": true,
149  "CloneLiteralBoilerplate": true,
150  "CloneShallowLiteralBoilerplate": true,
151  "CreateArrayLiteralBoilerplate": true,
152  "IS_VAR": true,
153  "ResolvePossiblyDirectEval": true,
154  "Log": true,
155  "DeclareGlobals": true,
156
157  "PromoteScheduledException": true,
158  "DeleteHandleScopeExtensions": true,
159
160  // That can only be invoked on Array.prototype.
161  "FinishArrayPrototypeSetup": true,
162
163  "_SwapElements": true,
164
165  // Performance critical function which cannot afford type checks.
166  "_CallFunction": true,
167
168  // Tries to allocate based on argument, and (correctly) throws
169  // out-of-memory if the request is too large. In practice, the
170  // size will be the number of captures of a RegExp.
171  "RegExpConstructResult": true,
172  "_RegExpConstructResult": true,
173
174  // This function performs some checks compile time (it requires its first
175  // argument to be a compile time smi).
176  "_GetFromCache": true,
177};
178
179var currentlyUncallable = {
180  // We need to find a way to test this without breaking the system.
181  "SystemBreak": true
182};
183
184function testNatives() {
185  var allNatives = %ListNatives();
186  for (var i = 0; i < allNatives.length; i++) {
187    var nativeInfo = allNatives[i];
188    var name = nativeInfo[0];
189    if (name in knownProblems || name in currentlyUncallable)
190      continue;
191    print(name);
192    var argc = nativeInfo[1];
193    testArgumentCount(name, argc);
194    testArgumentTypes(name, argc);
195  }
196}
197
198testNatives();
199