From 2380faf0fc2d941aa30dfaaaeaaa6629ffd60b47 Mon Sep 17 00:00:00 2001 From: Yi2255 Date: Thu, 14 Nov 2024 11:42:14 +0000 Subject: [PATCH] feature/support more prototype features --- .../CodeGen/CodeGeneratorWeights.swift | 10 +++++ Sources/Fuzzilli/CodeGen/CodeGenerators.swift | 44 +++++++++++++++++++ 2 files changed, 54 insertions(+) diff --git a/Sources/Fuzzilli/CodeGen/CodeGeneratorWeights.swift b/Sources/Fuzzilli/CodeGen/CodeGeneratorWeights.swift index 9ce5be34a..47495aa13 100644 --- a/Sources/Fuzzilli/CodeGen/CodeGeneratorWeights.swift +++ b/Sources/Fuzzilli/CodeGen/CodeGeneratorWeights.swift @@ -173,6 +173,16 @@ public let codeGeneratorWeights = [ "WellKnownPropertyStoreGenerator": 5, "PrototypeAccessGenerator": 10, "PrototypeOverwriteGenerator": 10, + "PrototypeDeleteGenerator": 10, + "PrototypeFieldAccessGenerator": 10, + "PrototypeFieldOverwriteGenerator": 5, + "PrototypeFieldDeleteGenerator": 10, + "PrototypeClassAccessGenerator": 10, + "PrototypeClassSetGenerator": 10, + "PrototypeClassDeleteGenerator": 10, + "PrototypeFieldClassAccessGenerator": 10, + "PrototypeFieldClassSetGenerator": 5, + "PrototypeFieldClassDeleteGenerator": 10, "CallbackPropertyGenerator": 10, "MethodCallWithDifferentThisGenerator": 5, "WeirdClassGenerator": 10, diff --git a/Sources/Fuzzilli/CodeGen/CodeGenerators.swift b/Sources/Fuzzilli/CodeGen/CodeGenerators.swift index f8a9cd5f7..1278d458e 100644 --- a/Sources/Fuzzilli/CodeGen/CodeGenerators.swift +++ b/Sources/Fuzzilli/CodeGen/CodeGenerators.swift @@ -1470,6 +1470,50 @@ public let CodeGenerators: [CodeGenerator] = [ b.setProperty("__proto__", of: obj, to: proto) }, + CodeGenerator("PrototypeDeleteGenerator", inputs: .preferred(.object())) { b, obj in + b.deleteProperty("__proto__", of: obj) + }, + + + CodeGenerator("PrototypeFieldAccessGenerator", inputs: .preferred(.object(), .string)) { b, obj, k in + b.getProperty("__proto__." + k.description, of: obj) + }, + + CodeGenerator("PrototypeFieldOverwriteGenerator", inputs: .preferred(.object(), .string, .object())) { b, obj, k, v in + b.setProperty("__proto__." + k.description, of: obj, to: v) + }, + + CodeGenerator("PrototypeFieldDeleteGenerator", inputs: .preferred(.object(), .string)) { b, obj, k in + b.deleteProperty("__proto__." + k.description, of: obj) + }, + + + CodeGenerator("PrototypeClassAccessGenerator", inputs: .preferred(.object())) { b, obj in + b.getProperty("prototype", of: obj) + }, + + CodeGenerator("PrototypeClassSetGenerator", inputs: .preferred(.object(), .object())) { b, obj, v in + b.setProperty("prototype", of: obj, to: v) + }, + + CodeGenerator("PrototypeClassDeleteGenerator", inputs: .preferred(.object())) { b, obj in + b.deleteProperty("prototype", of: obj) + }, + + + CodeGenerator("PrototypeFieldClassAccessGenerator", inputs: .required(.object() + .constructor(), .string)) { b, obj, k in + b.getProperty("prototype." + k.description, of: obj) + }, + + CodeGenerator("PrototypeFieldClassSetGenerator", inputs: .required(.object() + .constructor(), .string, .anything)) { b, obj, k, v in + b.setProperty("prototype." + k.description, of: obj, to: v) + }, + + CodeGenerator("PrototypeFieldClassDeleteGenerator", inputs: .required(.object() + .constructor(), .string)) { b, obj, k in + b.deleteProperty("prototype." + k.description, of: obj) + }, + + CodeGenerator("CallbackPropertyGenerator", inputs: .preferred(.object(), .function())) { b, obj, callback in // TODO add new callbacks like Symbol.toPrimitive? let propertyName = chooseUniform(from: ["valueOf", "toString"])