fuzz-natives-part4.js 7.52 KB
Newer Older
1
// Copyright 2011 the V8 project authors. All rights reserved.
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
//     * Redistributions of source code must retain the above copyright
//       notice, this list of conditions and the following disclaimer.
//     * Redistributions in binary form must reproduce the above
//       copyright notice, this list of conditions and the following
//       disclaimer in the documentation and/or other materials provided
//       with the distribution.
//     * Neither the name of Google Inc. nor the names of its
//       contributors may be used to endorse or promote products derived
//       from this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

28
// Flags: --allow-natives-syntax
29

30 31 32
var RUN_WITH_ALL_ARGUMENT_ENTRIES = false;
var kOnManyArgumentsRemove = 5;

33 34 35 36
function makeArguments() {
  var result = [ ];
  result.push(17);
  result.push(-31);
37 38
  result.push(new Array(100));
  result.push(new Array(100003));
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
  result.push(Number.MIN_VALUE);
  result.push("whoops");
  result.push("x");
  result.push({"x": 1, "y": 2});
  var slowCaseObj = {"a": 3, "b": 4, "c": 5};
  delete slowCaseObj.c;
  result.push(slowCaseObj);
  result.push(function () { return 8; });
  return result;
}

var kArgObjects = makeArguments().length;

function makeFunction(name, argc) {
  var args = [];
  for (var i = 0; i < argc; i++)
    args.push("x" + i);
  var argsStr = args.join(", ");
  return new Function(args.join(", "), "return %" + name + "(" + argsStr + ");");
}

60
function testArgumentCount(name, argc) {
61
  for (var i = 0; i < 10; i++) {
62 63 64 65
    var func = null;
    try {
      func = makeFunction(name, i);
    } catch (e) {
66
      if (e != "SyntaxError: Illegal access") throw e;
67 68 69 70
    }
    if (func === null && i == argc) {
      throw "unexpected exception";
    }
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87
    var args = [ ];
    for (var j = 0; j < i; j++)
      args.push(0);
    try {
      func.apply(void 0, args);
    } catch (e) {
      // we don't care what happens as long as we don't crash
    }
  }
}

function testArgumentTypes(name, argc) {
  var type = 0;
  var hasMore = true;
  var func = makeFunction(name, argc);
  while (hasMore) {
    var argPool = makeArguments();
88 89 90 91 92 93 94 95 96 97
    // When we have 5 or more arguments we lower the amount of tests cases
    // by randomly removing kOnManyArgumentsRemove entries
    var numArguments = RUN_WITH_ALL_ARGUMENT_ENTRIES ?
      kArgObjects : kArgObjects-kOnManyArgumentsRemove;
    if (argc >= 5 && !RUN_WITH_ALL_ARGUMENT_ENTRIES) {
      for (var i = 0; i < kOnManyArgumentsRemove; i++) {
        var rand = Math.floor(Math.random() * (kArgObjects - i));
        argPool.splice(rand,1);
      }
    }
98 99 100 101
    var current = type;
    var hasMore = false;
    var argList = [ ];
    for (var i = 0; i < argc; i++) {
102 103 104
      var index = current % numArguments;
      current = (current / numArguments) << 0;
      if (index != (numArguments - 1))
105 106 107 108 109 110 111 112 113 114 115 116 117 118
        hasMore = true;
      argList.push(argPool[index]);
    }
    try {
      func.apply(void 0, argList);
    } catch (e) {
      // we don't care what happens as long as we don't crash
    }
    type++;
  }
}

var knownProblems = {
  "Abort": true,
119
  "ThrowMessage": true,
120 121

  // Avoid calling the concat operation, because weird lengths
122
  // may lead to out-of-memory.  Ditto for StringBuilderJoin.
123
  "StringBuilderConcat": true,
124
  "StringBuilderJoin": true,
125

126 127 128 129 130 131 132 133 134
  // These functions use pseudo-stack-pointers and are not robust
  // to unexpected integer values.
  "DebugEvaluate": true,

  // These functions do nontrivial error checking in recursive calls,
  // which means that we have to propagate errors back.
  "SetFunctionBreakPoint": true,
  "SetScriptBreakPoint": true,
  "PrepareStep": true,
135

136 137 138
  // Too slow.
  "DebugReferencedBy": true,

139 140 141 142
  // Calling disable/enable access checks may interfere with the
  // the rest of the tests.
  "DisableAccessChecks": true,
  "EnableAccessChecks": true,
143

144
  // These functions should not be callable as runtime functions.
145
  "NewFunctionContext": true,
146
  "NewArgumentsFast": true,
147
  "NewStrictArgumentsFast": true,
148 149
  "PushWithContext": true,
  "PushCatchContext": true,
150
  "PushBlockContext": true,
151
  "PushModuleContext": true,
152
  "LazyCompile": true,
153
  "LazyRecompile": true,
154
  "ConcurrentRecompile": true,
155
  "NotifyDeoptimized": true,
156
  "NotifyStubFailure": true,
157
  "NotifyOSR": true,
158
  "CreateObjectLiteralBoilerplate": true,
159 160 161
  "CloneLiteralBoilerplate": true,
  "CloneShallowLiteralBoilerplate": true,
  "CreateArrayLiteralBoilerplate": true,
162
  "IS_VAR": true,
163
  "ResolvePossiblyDirectEval": true,
164
  "Log": true,
165
  "DeclareGlobals": true,
166 167
  "ArrayConstructor": true,
  "InternalArrayConstructor": true,
168

169
  "PromoteScheduledException": true,
170 171
  "DeleteHandleScopeExtensions": true,

172 173 174
  // Vararg with minimum number > 0.
  "Call": true,

175 176 177
  // Requires integer arguments to be non-negative.
  "Apply": true,

178
  // That can only be invoked on Array.prototype.
179 180
  "FinishArrayPrototypeSetup": true,

181 182
  "_SwapElements": true,

183 184
  // Performance critical functions which cannot afford type checks.
  "_IsNativeOrStrictMode": true,
185 186
  "_CallFunction": true,

187 188 189 190 191 192
  // Tries to allocate based on argument, and (correctly) throws
  // out-of-memory if the request is too large. In practice, the
  // size will be the number of captures of a RegExp.
  "RegExpConstructResult": true,
  "_RegExpConstructResult": true,

193 194 195
  // This functions perform some checks compile time (they require one of their
  // arguments to be a compile time smi).
  "_DateField": true,
196
  "_GetFromCache": true,
197 198

  // This function expects its first argument to be a non-smi.
199 200 201 202
  "_IsStringWrapperSafeForDefaultValueOf" : true,

  // Only applicable to strings.
  "_HasCachedArrayIndex": true,
203 204 205
  "_GetCachedArrayIndex": true,
  "_OneByteSeqStringSetChar": true,
  "_TwoByteSeqStringSetChar": true,
206

207 208 209
  // Only applicable to TypedArrays.
  "TypedArrayInitialize": true,

210
  // Only applicable to generators.
211
  "_GeneratorNext": true,
212
  "_GeneratorThrow": true,
213 214

  // Only applicable to DataViews.
215
  "DataViewInitialize": true,
216 217 218
  "DataViewGetBuffer": true,
  "DataViewGetByteLength": true,
  "DataViewGetByteOffset": true
219 220 221 222
};

var currentlyUncallable = {
  // We need to find a way to test this without breaking the system.
223 224 225
  "SystemBreak": true,
  // Inserts an int3/stop instruction when run with --always-opt.
  "_DebugBreakInOptimizedCode": true
226 227 228 229
};

function testNatives() {
  var allNatives = %ListNatives();
230 231 232
  var start = (allNatives.length >> 2)*3;
  var stop = allNatives.length;
  for (var i = start; i < stop; i++) {
233 234 235 236 237 238
    var nativeInfo = allNatives[i];
    var name = nativeInfo[0];
    if (name in knownProblems || name in currentlyUncallable)
      continue;
    print(name);
    var argc = nativeInfo[1];
239
    testArgumentCount(name, argc);
240 241 242 243 244
    testArgumentTypes(name, argc);
  }
}

testNatives();