forked from MozillaSecurity/funfuzz
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdriver.js
More file actions
101 lines (81 loc) · 2.63 KB
/
driver.js
File metadata and controls
101 lines (81 loc) · 2.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
function start(glob)
{
var fuzzSeed = Math.floor(Math.random() * Math.pow(2,28));
dumpln("fuzzSeed: " + fuzzSeed);
Random.init(fuzzSeed);
// Split this string across two source strings to ensure that if a
// generated function manages to output the entire jsfunfuzz source,
// that output won't match the grep command.
var cookie = "/*F";
cookie += "RC*/";
// Can be set to true if makeStatement has side effects, such as crashing, so you have to reduce "the hard way".
var dumpEachSeed = false;
if (dumpEachSeed) {
dumpln(cookie + "Random.init(0);");
}
mathInitFCM();
count = 0;
if (jsshell) {
// If another script specified a "maxRunTime" argument, use it; otherwise, run forever
var MAX_TOTAL_TIME = (glob.maxRunTime) || (Infinity);
var startTime = new Date();
var lastTime;
do {
testOne();
var elapsed1 = new Date() - lastTime;
if (elapsed1 > 1000) {
print("That took " + elapsed1 + "ms!");
}
lastTime = new Date();
} while(lastTime - startTime < MAX_TOTAL_TIME);
} else {
setTimeout(testStuffForAWhile, 200);
}
function testStuffForAWhile()
{
for (var j = 0; j < 100; ++j)
testOne();
if (count % 10000 < 100)
printImportant("Iterations: " + count);
setTimeout(testStuffForAWhile, 30);
}
function testOne()
{
++count;
// Sometimes it makes sense to start with simpler functions:
//var depth = ((count / 1000) | 0) & 16;
var depth = 14;
if (dumpEachSeed) {
// More complicated, but results in a much shorter script, making SpiderMonkey happier.
var MTA = uneval(Random.twister.export_mta());
var MTI = Random.twister.export_mti();
if (MTA != Random.lastDumpedMTA) {
dumpln(cookie + "Random.twister.import_mta(" + MTA + ");");
Random.lastDumpedMTA = MTA;
}
dumpln(cookie + "Random.twister.import_mti(" + MTI + "); void (makeScript(" + depth + "));");
}
var code = makeScript(depth);
if (count == 1 && engine == ENGINE_SPIDERMONKEY_TRUNK && rnd(5)) {
code = "tryRunning = useSpidermonkeyShellSandbox(" + rnd(4) + ");";
//print("Sane mode!")
}
// if (rnd(10) === 1) {
// var dp = "/*infloop-deParen*/" + Random.index(deParen(code));
// if (dp)
// code = dp;
// }
dumpln(cookie + "count=" + count + "; tryItOut(" + uneval(code) + ");");
tryItOut(code);
}
}
function failsToCompileInTry(code) {
// Why would this happen? One way is "let x, x"
try {
var codeInTry = "try { " + code + " } catch(e) { }";
void new Function(codeInTry);
return false;
} catch(e) {
return true;
}
}