FileBasedFuzzerAgentBase.cpp
1 /* 2 * Copyright (C) 2019 Apple Inc. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY 14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR 17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26 #include "config.h" 27 #include "FileBasedFuzzerAgentBase.h" 28 29 #include "CodeBlock.h" 30 #include <wtf/text/StringBuilder.h> 31 32 #ifdef DARLING 33 #include "JSCellInlines.h" 34 #include "HeapCellInlines.h" 35 #endif 36 37 namespace JSC { 38 39 FileBasedFuzzerAgentBase::FileBasedFuzzerAgentBase(VM&) 40 { 41 } 42 43 String FileBasedFuzzerAgentBase::createLookupKey(const String& sourceFilename, OpcodeID opcodeId, int startLocation, int endLocation) 44 { 45 StringBuilder lookupKey; 46 lookupKey.append(sourceFilename); 47 lookupKey.append("|"); 48 lookupKey.append(opcodeNames[opcodeAliasForLookupKey(opcodeId)]); 49 lookupKey.append("|"); 50 lookupKey.append(startLocation); 51 lookupKey.append("|"); 52 lookupKey.append(endLocation); 53 return lookupKey.toString(); 54 } 55 56 OpcodeID FileBasedFuzzerAgentBase::opcodeAliasForLookupKey(const OpcodeID& opcodeId) 57 { 58 if (opcodeId == op_call_varargs || opcodeId == op_call_eval || opcodeId == op_tail_call || opcodeId == op_tail_call_varargs) 59 return op_call; 60 if (opcodeId == op_get_direct_pname || opcodeId == op_get_by_val_with_this) 61 return op_get_by_val; 62 if (opcodeId == op_construct_varargs) 63 return op_construct; 64 return opcodeId; 65 } 66 67 SpeculatedType FileBasedFuzzerAgentBase::getPrediction(CodeBlock* codeBlock, const CodeOrigin& codeOrigin, SpeculatedType original) 68 { 69 auto locker = holdLock(m_lock); 70 71 ScriptExecutable* ownerExecutable = codeBlock->ownerExecutable(); 72 const auto& sourceURL = ownerExecutable->sourceURL(); 73 if (sourceURL.isEmpty()) 74 return original; 75 76 PredictionTarget predictionTarget; 77 BytecodeIndex bytecodeIndex = codeOrigin.bytecodeIndex(); 78 codeBlock->expressionRangeForBytecodeIndex(bytecodeIndex, predictionTarget.divot, predictionTarget.startOffset, predictionTarget.endOffset, predictionTarget.line, predictionTarget.column); 79 80 Vector<String> urlParts = sourceURL.split('/'); 81 predictionTarget.sourceFilename = urlParts.isEmpty() ? sourceURL : urlParts.last(); 82 83 const InstructionStream& instructions = codeBlock->instructions(); 84 const Instruction* anInstruction = instructions.at(bytecodeIndex).ptr(); 85 predictionTarget.opcodeId = anInstruction->opcodeID(); 86 87 int startLocation = predictionTarget.divot - predictionTarget.startOffset; 88 int endLocation = predictionTarget.divot + predictionTarget.endOffset; 89 predictionTarget.lookupKey = createLookupKey(predictionTarget.sourceFilename, predictionTarget.opcodeId, startLocation, endLocation); 90 return getPredictionInternal(codeBlock, predictionTarget, original); 91 } 92 93 } // namespace JSC