AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
8b87e36e43
v8/test/fuzzer/fuzzer-support.cc
Andreas Haas bbeff193df [fuzzer] Disallow atomic.wait in fuzzers 
It is very unlikely that atomic.wait does anything useful in the fuzzer,
and will most likely just timeout the fuzzer. That's why it's better to
just disallow atomic.wait on the fuzzer.

R=thibaudm@chromium.org

Bug: chromium:1229074
Change-Id: I57aaff013964fa4c0e6ab411789e53a9013cabd2
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053584
Reviewed-by: Thibaud Michaud <thibaudm@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75920}
2021-07-26 13:47:45 +00:00

110 lines
3.2 KiB
C++
Raw Blame History

// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "test/fuzzer/fuzzer-support.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "include/libplatform/libplatform.h"
#include "src/flags/flags.h"
#include "src/trap-handler/trap-handler.h"
namespace v8_fuzzer {
FuzzerSupport::FuzzerSupport(int* argc, char*** argv) {
v8::internal::FLAG_expose_gc = true;
v8::V8::SetFlagsFromCommandLine(argc, *argv, true);
v8::V8::InitializeICUDefaultLocation((*argv)[0]);
v8::V8::InitializeExternalStartupData((*argv)[0]);
platform_ = v8::platform::NewDefaultPlatform();
v8::V8::InitializePlatform(platform_.get());
v8::V8::Initialize();
allocator_ = v8::ArrayBuffer::Allocator::NewDefaultAllocator();
v8::Isolate::CreateParams create_params;
create_params.array_buffer_allocator = allocator_;
create_params.allow_atomics_wait = false;
isolate_ = v8::Isolate::New(create_params);
{
v8::Isolate::Scope isolate_scope(isolate_);
v8::HandleScope handle_scope(isolate_);
context_.Reset(isolate_, v8::Context::New(isolate_));
}
}
FuzzerSupport::~FuzzerSupport() {
{
v8::Isolate::Scope isolate_scope(isolate_);
while (PumpMessageLoop()) {
// empty
}
v8::HandleScope handle_scope(isolate_);
context_.Reset();
}
isolate_->LowMemoryNotification();
isolate_->Dispose();
isolate_ = nullptr;
delete allocator_;
allocator_ = nullptr;
v8::V8::Dispose();
v8::V8::ShutdownPlatform();
}
std::unique_ptr<FuzzerSupport> FuzzerSupport::fuzzer_support_;
// static
void FuzzerSupport::InitializeFuzzerSupport(int* argc, char*** argv) {
#if V8_ENABLE_WEBASSEMBLY
if (V8_TRAP_HANDLER_SUPPORTED) {
constexpr bool kUseDefaultTrapHandler = true;
if (!v8::V8::EnableWebAssemblyTrapHandler(kUseDefaultTrapHandler)) {
FATAL("Could not register trap handler");
}
}
#endif // V8_ENABLE_WEBASSEMBLY
DCHECK_NULL(FuzzerSupport::fuzzer_support_);
FuzzerSupport::fuzzer_support_ =
std::make_unique<v8_fuzzer::FuzzerSupport>(argc, argv);
}
// static
FuzzerSupport* FuzzerSupport::Get() {
DCHECK_NOT_NULL(FuzzerSupport::fuzzer_support_);
return FuzzerSupport::fuzzer_support_.get();
}
v8::Local<v8::Context> FuzzerSupport::GetContext() {
v8::Isolate::Scope isolate_scope(isolate_);
v8::EscapableHandleScope handle_scope(isolate_);
v8::Local<v8::Context> context =
v8::Local<v8::Context>::New(isolate_, context_);
return handle_scope.Escape(context);
}
bool FuzzerSupport::PumpMessageLoop(
v8::platform::MessageLoopBehavior behavior) {
return v8::platform::PumpMessageLoop(platform_.get(), isolate_, behavior);
}
} // namespace v8_fuzzer
// Explicitly specify some attributes to avoid issues with the linker dead-
// stripping the following function on macOS, as it is not called directly
// by fuzz target. LibFuzzer runtime uses dlsym() to resolve that function.
#if V8_OS_MACOSX
__attribute__((used)) __attribute__((visibility("default")))
#endif // V8_OS_MACOSX
extern "C" int
LLVMFuzzerInitialize(int* argc, char*** argv) {
v8_fuzzer::FuzzerSupport::InitializeFuzzerSupport(argc, argv);
return 0;
}
Reference in New Issue View Git Blame Copy Permalink