Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.cpp

/*
 * Copyright (C) 2019 Apple Inc. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "config.h"
#include "FileBasedFuzzerAgentBase.h"

#include "CodeBlock.h"
#include <wtf/text/StringBuilder.h>

namespace JSC {

FileBasedFuzzerAgentBase::FileBasedFuzzerAgentBase(VM&)
{
}

String FileBasedFuzzerAgentBase::createLookupKey(const String& sourceFilename, OpcodeID opcodeId, int startLocation, int endLocation)
{
    StringBuilder lookupKey;
    lookupKey.append(sourceFilename);
    lookupKey.append("|");
    lookupKey.append(opcodeNames[opcodeAliasForLookupKey(opcodeId)]);
    lookupKey.append("|");
    lookupKey.append(startLocation);
    lookupKey.append("|");
    lookupKey.append(endLocation);
    return lookupKey.toString();
}

OpcodeID FileBasedFuzzerAgentBase::opcodeAliasForLookupKey(const OpcodeID& opcodeId)
{
    if (opcodeId == op_call_varargs || opcodeId == op_call_eval || opcodeId == op_tail_call || opcodeId == op_tail_call_varargs)
        return op_call;
    if (opcodeId == op_get_direct_pname || opcodeId == op_get_by_val_with_this)
        return op_get_by_val;
    if (opcodeId == op_construct_varargs)
        return op_construct;
    return opcodeId;
}

SpeculatedType FileBasedFuzzerAgentBase::getPrediction(CodeBlock* codeBlock, const CodeOrigin& codeOrigin, SpeculatedType original)
{
    auto locker = holdLock(m_lock);

    ScriptExecutable* ownerExecutable = codeBlock->ownerExecutable();
    const auto& sourceURL = ownerExecutable->sourceURL();
    if (sourceURL.isEmpty())
        return original;

    PredictionTarget predictionTarget;
    BytecodeIndex bytecodeIndex = codeOrigin.bytecodeIndex();
    codeBlock->expressionRangeForBytecodeIndex(bytecodeIndex, predictionTarget.divot, predictionTarget.startOffset, predictionTarget.endOffset, predictionTarget.line, predictionTarget.column);

    Vector<String> urlParts = sourceURL.split('/');
    predictionTarget.sourceFilename = urlParts.isEmpty() ? sourceURL : urlParts.last();

    const InstructionStream& instructions = codeBlock->instructions();
    const Instruction* anInstruction = instructions.at(bytecodeIndex).ptr();
    predictionTarget.opcodeId = anInstruction->opcodeID();

    int startLocation = predictionTarget.divot - predictionTarget.startOffset;
    int endLocation = predictionTarget.divot + predictionTarget.endOffset;
    predictionTarget.lookupKey = createLookupKey(predictionTarget.sourceFilename, predictionTarget.opcodeId, startLocation, endLocation);
    return getPredictionInternal(codeBlock, predictionTarget, original);
}

} // namespace JSC