fuzz-natives.js revision 3ce2e2076e8e3e60cf1810eec160ea2d8557e9e7 
1// Copyright 2008 the V8 project authors. All rights reserved.
2// Redistribution and use in source and binary forms, with or without
3// modification, are permitted provided that the following conditions are
4// met:
5//
6//     * Redistributions of source code must retain the above copyright
7//       notice, this list of conditions and the following disclaimer.
8//     * Redistributions in binary form must reproduce the above
9//       copyright notice, this list of conditions and the following
10//       disclaimer in the documentation and/or other materials provided
11//       with the distribution.
12//     * Neither the name of Google Inc. nor the names of its
13//       contributors may be used to endorse or promote products derived
14//       from this software without specific prior written permission.
15//
16// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
18// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
19// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
20// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
28// Flags: --allow-natives-syntax
29
30function makeArguments() {
31  var result = [ ];
32  result.push(17);
33  result.push(-31);
34  result.push(new Array(100));
35  result.push(new Array(100003));
36  result.push(Number.MIN_VALUE);
37  result.push("whoops");
38  result.push("x");
39  result.push({"x": 1, "y": 2});
40  var slowCaseObj = {"a": 3, "b": 4, "c": 5};
41  delete slowCaseObj.c;
42  result.push(slowCaseObj);
43  result.push(function () { return 8; });
44  return result;
45}
46
47var kArgObjects = makeArguments().length;
48
49function makeFunction(name, argc) {
50  var args = [];
51  for (var i = 0; i < argc; i++)
52    args.push("x" + i);
53  var argsStr = args.join(", ");
54  return new Function(args.join(", "), "return %" + name + "(" + argsStr + ");");
55}
56
57function testArgumentCount(name) {
58  for (var i = 0; i < 10; i++) {
59    var func = makeFunction(name, i);
60    var args = [ ];
61    for (var j = 0; j < i; j++)
62      args.push(0);
63    try {
64      func.apply(void 0, args);
65    } catch (e) {
66      // we don't care what happens as long as we don't crash
67    }
68  }
69}
70
71function testArgumentTypes(name, argc) {
72  var type = 0;
73  var hasMore = true;
74  var func = makeFunction(name, argc);
75  while (hasMore) {
76    var argPool = makeArguments();
77    var current = type;
78    var hasMore = false;
79    var argList = [ ];
80    for (var i = 0; i < argc; i++) {
81      var index = current % kArgObjects;
82      current = (current / kArgObjects) << 0;
83      if (index != (kArgObjects - 1))
84        hasMore = true;
85      argList.push(argPool[index]);
86    }
87    try {
88      func.apply(void 0, argList);
89    } catch (e) {
90      // we don't care what happens as long as we don't crash
91    }
92    type++;
93  }
94}
95
96var knownProblems = {
97  "Abort": true,
98
99  // These functions use pseudo-stack-pointers and are not robust
100  // to unexpected integer values.
101  "DebugEvaluate": true,
102
103  // These functions do nontrivial error checking in recursive calls,
104  // which means that we have to propagate errors back.
105  "SetFunctionBreakPoint": true,
106  "SetScriptBreakPoint": true,
107  "ChangeBreakOnException": true,
108  "PrepareStep": true,
109
110  // Too slow.
111  "DebugReferencedBy": true,
112
113  // Calling disable/enable access checks may interfere with the
114  // the rest of the tests.
115  "DisableAccessChecks": true,
116  "EnableAccessChecks": true,
117
118  // These functions should not be callable as runtime functions.
119  "NewContext": true,
120  "NewArgumentsFast": true,
121  "PushContext": true,
122  "LazyCompile": true,
123  "CreateObjectLiteralBoilerplate": true,
124  "CloneLiteralBoilerplate": true,
125  "CloneShallowLiteralBoilerplate": true,
126  "CreateArrayLiteralBoilerplate": true,
127  "IS_VAR": true,
128  "ResolvePossiblyDirectEval": true,
129  "Log": true,
130  "DeclareGlobals": true,
131
132  "CollectStackTrace": true
133};
134
135var currentlyUncallable = {
136  // We need to find a way to test this without breaking the system.
137  "SystemBreak": true
138};
139
140function testNatives() {
141  var allNatives = %ListNatives();
142  for (var i = 0; i < allNatives.length; i++) {
143    var nativeInfo = allNatives[i];
144    var name = nativeInfo[0];
145    if (name in knownProblems || name in currentlyUncallable)
146      continue;
147    print(name);
148    var argc = nativeInfo[1];
149    testArgumentCount(name);
150    testArgumentTypes(name, argc);
151  }
152}
153
154testNatives();
155