diff --git a/Sources/FuzzilliCli/Profiles/ArkProfile.swift b/Sources/FuzzilliCli/Profiles/ArkProfile.swift index 10a4c81fb1297d41e0b9189c6fba4a148459d49d..651d6f16ad34c5a02ba7e8e8aad2dbefe7bef008 100644 --- a/Sources/FuzzilliCli/Profiles/ArkProfile.swift +++ b/Sources/FuzzilliCli/Profiles/ArkProfile.swift @@ -61,6 +61,13 @@ fileprivate let ArkTsCollectionsTypedArrayValueGenerator = ValueGenerator("ArkTs } } +/// ArkTS Utils Generators +fileprivate let ArkTsUtilsCodeGenerator = ValueGenerator("ArkTsUtilsCodeGenerator") { b, n in + let builtin = chooseUniform(from: ["ASON"]) + let constructor = b.loadBuiltin(builtin) + b.construct(constructor) +} + /// Type of a ArkTS Stack object. fileprivate let arkTSStack = ILType.iterable + ILType.object(ofGroup: "Stack", withProperties: ["length"], withMethods: ["push", "pop", "peek", "locate", "forEach", "isEmpty"]) /// Type of a ArkTS HashMap object. @@ -137,6 +144,8 @@ fileprivate func collectionsTypedArrayConstructor(_ variant: String) -> ILType { // TODO Also allow SendableArrayBuffers for first argument return .constructor([.opt(.object(ofGroup: "SendableArrayBuffer")), .opt(.integer), .opt(.integer)] => collectionsTypedArray(variant)) } +/// Type of the ArkTSUtils.ASON object builtin. +fileprivate let arkTSASONObject = ILType.object(ofGroup: "ASON", withMethods: ["parse", "stringify"]) /// ObjectGroup modelling ArkTS Stack objects fileprivate let arkTSStacks = ObjectGroup( @@ -563,6 +572,17 @@ fileprivate let arkTSQueues = ObjectGroup( ] ) +/// ObjectGroup modelling the arkTS ASON builtin +fileprivate let arkTSASONObjects = ObjectGroup( + name: "ASON", + instanceType: arkTSASONObject, + properties: [:], + methods: [ + "parse" : [.string] => .anything, + "stringify" : [.anything] => .jsString, + ] +) + let arkProfile = Profile( processArgs: { randomize in var args = [ @@ -592,7 +612,10 @@ let arkProfile = Profile( var LightWeightSet = arkPrivate.Load(arkPrivate.LightWeightSet); var Deque = arkPrivate.Load(arkPrivate.Deque); var Queue = arkPrivate.Load(arkPrivate.Queue); - + var ASON = { + parse : JSON.parseSendable, + stringify : JSON.stringify + } function bgc() { for(let i=0; i<0x10000; i+=1) {new String();} let a = new Array(0x10000); @@ -617,6 +640,7 @@ let arkProfile = Profile( (ArkTSObjectInstanceGenerator, 20), (ArkTSCollectionsObjectInstanceGenerator, 20), (ArkTsCollectionsTypedArrayValueGenerator, 10), + (ArkTsUtilsCodeGenerator, 5), ], additionalProgramTemplates: WeightedList([]), @@ -649,6 +673,7 @@ let arkProfile = Profile( "SharedInt32Array" : collectionsTypedArrayConstructor("SharedInt32Array"), "SharedUint32Array" : collectionsTypedArrayConstructor("SharedUint32Array"), "SharedUint8ClampedArray" : collectionsTypedArrayConstructor("SharedUint8ClampedArray"), + "ASON" : arkTSASONObject, "HashSet" : arkTSHashSetConstructor, "LinkedList" : arkTSLinkedListConstructor, "List" : arkTSListConstructor, @@ -675,6 +700,7 @@ let arkProfile = Profile( collectionsTypedArrays("SharedUint16Array"), collectionsTypedArrays("SharedUint32Array"), collectionsTypedArrays("SharedUint8ClampedArray"), + arkTSASONObjects, arkTSHashSets, arkTSLinkedLists, arkTSLists,