From 80d27622bfb01191d33d17231f7ccf93a7bc7fe0 Mon Sep 17 00:00:00 2001 From: xingshunxiang Date: Tue, 10 Jun 2025 14:36:32 +0800 Subject: [PATCH] Fix several bugs in fuzzing case Issue: https://gitee.com/openharmony/arkcompiler_ets_frontend/issues/ICEB8F?from=project-issue Description: 1. several sigsegV, see fuzzingtest0 - funzzingtest2; 2. a memory leak while handle unterminated string, see fuzzingtest3 Reason: 1. several sigsegV, see fuzzingtest0 - funzzingtest2; 2. a memory leak while handle unterminated string, see fuzzingtest3 Tests: ninja tests passed tests/tests-u-runner/runner.sh --ets-cts --show-progress --build-dir x64.release --processes=all passed tests/tests-u-runner/runner.sh --ets-func-tests --show-progress --build-dir x64.release --processes=all passed tests/tests-u-runner/runner.sh --astchecker --show-progress --build-dir x64.release --processes=all passed tests/tests-u-runner/runner.sh --ets-runtime --show-progress --build-dir x64.release --processes=all passed tests/tests-u-runner/runner.sh --parser --no-js --show-progress --build-dir x64.release --processes=all passed Signed-off-by: xingshunxiang --- ets2panda/checker/ets/arithmetic.cpp | 4 +++ ets2panda/lexer/lexer.h | 7 +++-- ets2panda/parser/TypedParser.cpp | 3 ++ ets2panda/parser/statementParser.cpp | 4 +++ .../test/ast/compiler/ets/fuzzingtest0.ets | 25 +++++++++++++++++ .../test/ast/compiler/ets/fuzzingtest1.ets | 22 +++++++++++++++ .../test/ast/compiler/ets/fuzzingtest2.ets | 20 +++++++++++++ .../test/ast/compiler/ets/fuzzingtest3.ets | 24 ++++++++++++++++ .../ast/parser/ets/unexpected_token_56.ets | 28 +++++++++---------- 9 files changed, 120 insertions(+), 17 deletions(-) create mode 100644 ets2panda/test/ast/compiler/ets/fuzzingtest0.ets create mode 100644 ets2panda/test/ast/compiler/ets/fuzzingtest1.ets create mode 100644 ets2panda/test/ast/compiler/ets/fuzzingtest2.ets create mode 100644 ets2panda/test/ast/compiler/ets/fuzzingtest3.ets diff --git a/ets2panda/checker/ets/arithmetic.cpp b/ets2panda/checker/ets/arithmetic.cpp index b0b3e32efd..7f9007daec 100644 --- a/ets2panda/checker/ets/arithmetic.cpp +++ b/ets2panda/checker/ets/arithmetic.cpp @@ -836,6 +836,10 @@ Type *ETSChecker::CheckBinaryOperatorNullishCoalescing(ir::Expression *left, ir: return leftType; } leftType = GetNonNullishType(leftType); + if (leftType->IsTypeError()) { + ES2PANDA_ASSERT(IsAnyError()); + return GlobalTypeError(); + } auto *rightType = MaybeBoxExpression(right); if (IsTypeIdenticalTo(leftType, rightType)) { diff --git a/ets2panda/lexer/lexer.h b/ets2panda/lexer/lexer.h index 16c74fbdf2..1afba2af6d 100644 --- a/ets2panda/lexer/lexer.h +++ b/ets2panda/lexer/lexer.h @@ -422,13 +422,14 @@ void Lexer::ScanString() PrepareStringTokenHelper(); const auto startPos = Iterator().Index(); auto escapeEnd = startPos; - bool validEscape = true; + bool isFinalizedStr = true; do { const char32_t cp = Iterator().Peek(); switch (cp) { case util::StringView::Iterator::INVALID_CP: { LogError(diagnostic::UNTERMINATED_STRING); + isFinalizedStr = false; break; } case LEX_CHAR_CR: @@ -441,7 +442,7 @@ void Lexer::ScanString() continue; } case LEX_CHAR_BACKSLASH: { - validEscape &= HandleBackslashHelper(&str, &escapeEnd); + isFinalizedStr &= HandleBackslashHelper(&str, &escapeEnd); continue; } case LEX_CHAR_BACK_TICK: @@ -464,7 +465,7 @@ void Lexer::ScanString() } } - FinalizeTokenHelper(&str, startPos, escapeEnd, validEscape); + FinalizeTokenHelper(&str, startPos, escapeEnd, isFinalizedStr); break; } while (true); diff --git a/ets2panda/parser/TypedParser.cpp b/ets2panda/parser/TypedParser.cpp index f826f53499..8e8d168f73 100644 --- a/ets2panda/parser/TypedParser.cpp +++ b/ets2panda/parser/TypedParser.cpp @@ -1249,6 +1249,9 @@ ir::Expression *TypedParser::ParseQualifiedReference(ir::Expression *typeName, E propName = AllocNode(Lexer()->GetToken().Ident(), Allocator()); } + if (propName == nullptr) { + return AllocBrokenExpression(Lexer()->GetToken().Loc()); + } propName->SetRange(Lexer()->GetToken().Loc()); typeName = AllocNode(typeName, propName, Allocator()); diff --git a/ets2panda/parser/statementParser.cpp b/ets2panda/parser/statementParser.cpp index ff4089f8bd..9039a1b441 100644 --- a/ets2panda/parser/statementParser.cpp +++ b/ets2panda/parser/statementParser.cpp @@ -851,12 +851,16 @@ std::tuple if (condExpr->Alternate()->IsBinaryExpression() && condExpr->Alternate()->AsBinaryExpression()->OperatorType() == lexer::TokenType::KEYW_IN) { LogError(diagnostic::INVALID_LEFT_FOR_IN); + rightNode = AllocBrokenExpression(Lexer()->GetToken().Loc()); + updateNode = AllocBrokenExpression(Lexer()->GetToken().Loc()); // CC-OFFNXT(G.FMT.03-CPP) project code style return {ForStatementKind::IN, initNode, rightNode, updateNode}; } } if (lexer_->GetToken().Type() == lexer::TokenType::PUNCTUATOR_RIGHT_PARENTHESIS) { + rightNode = AllocBrokenExpression(Lexer()->GetToken().Loc()); + updateNode = AllocBrokenExpression(Lexer()->GetToken().Loc()); LogError(diagnostic::INVALID_LEFT_FOR_IN_OF); return {ForStatementKind::UPDATE, initNode, rightNode, updateNode}; } diff --git a/ets2panda/test/ast/compiler/ets/fuzzingtest0.ets b/ets2panda/test/ast/compiler/ets/fuzzingtest0.ets new file mode 100644 index 0000000000..63fb0322b1 --- /dev/null +++ b/ets2panda/test/ast/compiler/ets/fuzzingtest0.ets @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// the test case is from fuzzer. +let callback = () => {for /* @@ label1 */aa !== /* @@ label2 */arr[idx]/* @@ label3 */) + +/* @@@ label1 Error SyntaxError: Expected '(', got 'identification literal'. */ +/* @@@ label1 Error TypeError: Unresolved reference aa */ +/* @@@ label2 Error TypeError: Unresolved reference arr */ +/* @@@ label2 Error TypeError: Indexed access is not supported for such expression type. */ +/* @@@ label3 Error SyntaxError: Invalid left-hand side in 'For[In/Of]Statement'. */ +/* @@? 26:1 Error SyntaxError: Unexpected token 'end of stream'. */ +/* @@? 26:1 Error SyntaxError: Expected '}', got 'end of stream'. */ diff --git a/ets2panda/test/ast/compiler/ets/fuzzingtest1.ets b/ets2panda/test/ast/compiler/ets/fuzzingtest1.ets new file mode 100644 index 0000000000..32a58853e9 --- /dev/null +++ b/ets2panda/test/ast/compiler/ets/fuzzingtest1.ets @@ -0,0 +1,22 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// the test case is from fuzzer. +/* @@ label */fuzzz./* @@ label2 */@@/* @@ label3 */@@ + +/* @@@ label Error TypeError: Unresolved reference fuzzz */ +/* @@@ label2 Error SyntaxError: There is no any node to insert at the placeholder position. */ +/* @@@ label2 Error SyntaxError: Identifier expected, got '@@'. */ +/* @@@ label3 Error SyntaxError: Unexpected token '@@'. */ \ No newline at end of file diff --git a/ets2panda/test/ast/compiler/ets/fuzzingtest2.ets b/ets2panda/test/ast/compiler/ets/fuzzingtest2.ets new file mode 100644 index 0000000000..eff6fa17ba --- /dev/null +++ b/ets2panda/test/ast/compiler/ets/fuzzingtest2.ets @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// the test case is from fuzzer. +/* @@ label */i ??/* @@ label2 */@@ + +/* @@@ label Error TypeError: Unresolved reference i */ +/* @@@ label2 Error SyntaxError: Unexpected token '@@'. */ diff --git a/ets2panda/test/ast/compiler/ets/fuzzingtest3.ets b/ets2panda/test/ast/compiler/ets/fuzzingtest3.ets new file mode 100644 index 0000000000..f3b80f5acc --- /dev/null +++ b/ets2panda/test/ast/compiler/ets/fuzzingtest3.ets @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// the test case is from fuzzer. +/* @@? 24:1 Error TypeError: Unresolved reference abcdefghijklmnopqrstuvwxyzABC */ +/* @@? 24:30 Error SyntaxError: Unexpected token '`'. */ +/* @@? 24:30 Error SyntaxError: Unexpected token, expected '`'. */ +/* @@? 24:31 Error SyntaxError: Unterminated string. */ +/* @@? 24:31 Error SyntaxError: Unexpected token, expected '${' or '`' */ +/* @@? 24:31 Error SyntaxError: Unexpected token, expected '`'. */ + +abcdefghijklmnopqrstuvwxyzABC`DEF\n� \ No newline at end of file diff --git a/ets2panda/test/ast/parser/ets/unexpected_token_56.ets b/ets2panda/test/ast/parser/ets/unexpected_token_56.ets index a5017ce1b8..68f8b04937 100644 --- a/ets2panda/test/ast/parser/ets/unexpected_token_56.ets +++ b/ets2panda/test/ast/parser/ets/unexpected_token_56.ets @@ -13,21 +13,21 @@ * limitations under the License. */ -for await (/* @@ label1 */;/* @@ label2 */;i < count/* @@ label3 */; ++i/* @@ label */) { - result = result + p[i]!.awaitResolution() * a[i]; +for await (/* @@ label1 */;/* @@ label2 */;/* @@ label3 */i < /* @@ label4 */count/* @@ label5 */; ++i/* @@ label6 */) /* @@ label7 */{ + /* @@ label8 */result = result + /* @@ label9 */p[i]!.awaitResolution() * /* @@ label10 */a[i]; } -for (let i? : Number = 1;;) { break; } +for (let i?: Number = 1;;) { break; } /* @@@ label1 Error SyntaxError: Unexpected token ';'. */ /* @@@ label2 Error SyntaxError: Unexpected token ';'. */ -/* @@? 16:44 Error TypeError: Unresolved reference i */ -/* @@? 16:44 Error TypeError: Bad operand type, the types of the operands must be numeric, same enumeration, or boolean type. */ -/* @@? 16:48 Error TypeError: Function name 'count' used in the wrong context */ -/* @@@ label3 Error SyntaxError: Expected ')', got ';'. */ -/* @@@ label Error SyntaxError: Unexpected token ')'. */ -/* @@? 16:89 Error SyntaxError: Unexpected token '{'. */ -/* @@? 17:5 Error TypeError: Unresolved reference result */ -/* @@? 17:23 Error TypeError: Unresolved reference p */ -/* @@? 17:23 Error TypeError: Indexed access is not supported for such expression type. */ -/* @@? 17:49 Error TypeError: Unresolved reference a */ -/* @@? 17:49 Error TypeError: Indexed access is not supported for such expression type. */ +/* @@@ label3 Error TypeError: Unresolved reference i */ +/* @@@ label3 Error TypeError: Bad operand type, the types of the operands must be numeric, same enumeration, or boolean type. */ +/* @@@ label4 Error TypeError: Function name 'count' used in the wrong context */ +/* @@@ label5 Error SyntaxError: Expected ')', got ';'. */ +/* @@@ label6 Error SyntaxError: Unexpected token ')'. */ +/* @@@ label7 Error SyntaxError: Unexpected token '{'. */ +/* @@@ label8 Error TypeError: Unresolved reference result */ +/* @@@ label9 Error TypeError: Unresolved reference p */ +/* @@@ label9 Error TypeError: Indexed access is not supported for such expression type. */ +/* @@@ label10 Error TypeError: Unresolved reference a */ +/* @@@ label10 Error TypeError: Indexed access is not supported for such expression type. */ -- Gitee