SunnyMirror
/
ChakraCore
mirror da https://github.com/microsoft/ChakraCore.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327
							//-------------------------------------------------------------------------------------------------------
// Copyright (C) Microsoft. All rights reserved.
// Copyright (c) 2021 ChakraCore Project Contributors. All rights reserved.
// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
//-------------------------------------------------------------------------------------------------------

WScript.LoadScriptFile("..\\UnitTestFramework\\UnitTestFramework.js");

var tests = [
  {
    name: "calling Symbol.toPrimitive on Date prototype should not AV",
    body: function () {
         Date.prototype[Symbol.toPrimitive].call({},'strin' + 'g');
    }
  },
  {
    name: "updated stackTraceLimit should not fire re-entrancy assert",
    body: function () {
        Error.__defineGetter__('stackTraceLimit', function () { return 1;});
        assert.throws(()=> Array.prototype.map.call([]));
    }
  },
  {
    name: "Array.prototype.slice should not fire re-entrancy error when the species returns proxy",
    body: function () {
        let arr = [1, 2];
        arr.__proto__ = {
          constructor: {
            [Symbol.species]: function () {
              return new Proxy({}, {
                defineProperty(...args) {
                  return Reflect.defineProperty(...args);
                }
              });
            }
          }
        }
        Array.prototype.slice.call(arr);
    }
  },
  {
    name: "rest param under eval with arguments usage in the body should not fail assert",
    body: function () {
        f();
        function f() {
            eval("function bar(...x){arguments;}")
        }
    }
  },
  {
    name: "Token left after parsing lambda result to the syntax error",
    body: function () {
        assert.throws(()=> { eval('function foo ([ [] = () => { } = {a2:z2}]) { };'); });
    }
  },
  {
    name: "Token left after parsing lambda in ternary operator should not throw",
    body: function () {
        assert.doesNotThrow(()=> { eval('function foo () {  true ? e => {} : 1};'); });
    }
  },
  {
    name: "ArrayBuffer.slice with proxy constructor should not fail fast",
    body: function () {
      let arr = new ArrayBuffer(10);
      arr.constructor = new Proxy(ArrayBuffer, {});
      
      arr.slice(1,2);
    }
  },
  {
    name: "Large proxy chain should not cause IsConstructor to crash on stack overflow",
    body: function () {
      let p = new Proxy(Object, {});
      for (let  i=0; i<20000; ++i)
      {
          p = new Proxy(p, {});
      }
      try
      {
          let a = new p();
      }
      catch(e)
      {
      }
    }
  },
  {
    name: "splice an array which has getter/setter at 4294967295 should not fail due to re-entrancy error",
    body: function () {
        var base = 4294967290;
        var arr = [];
        for (var i = 0; i < 10; i++) {
            arr[base + i] = 100 + i;
        }
        Object.defineProperty(arr, 4294967295, {
          get: function () { }, set : function(b) {  }
            }
        );

        assert.throws(()=> {arr.splice(4294967290, 0, 200, 201, 202, 203, 204, 205, 206);});
    }
  },
  {
    name: "Passing args count near 2**16 should not fire assert (OS# 17406027)",
    body: function () {
      try {
        eval.call(...(new Array(2**16)));
      } catch (e) { }
      
      try {
        eval.call(...(new Array(2**16+1)));
      } catch (e) { }
      
      try {
        var sc1 = WScript.LoadScript(`function foo() {}`, "samethread");
        sc1.foo(...(new Array(2**16)));
      } catch(e) { }
      
      try {
        var sc2 = WScript.LoadScript(`function foo() {}`, "samethread");
        sc2.foo(...(new Array(2**16+1)));
      } catch(e) { }

      try {
        function foo() {}
        Reflect.construct(foo, new Array(2**16-3));
      } catch(e) { }

      try {
        function foo() {}
        Reflect.construct(foo, new Array(2**16-2));
      } catch(e) { }

      try {
        function foo() {}
        var bar = foo.bind({}, 1);
        new bar(...(new Array(2**16+1)))
      } catch(e) { }
    }
  },
  {
    name: "Using RegExp as newTarget should not assert",
    body: function() {
      var v0 = function() { this.a; };
      var v1 = class extends v0 { constructor() { super(); } };
      Reflect.construct(v1, [], RegExp);
    }
  },
  {
    name: "getPrototypeOf Should not be called when set as prototype",
    body: function () {
      var p = new Proxy({}, { getPrototypeOf: function() {
          assert.fail("this should not be called")
          return {};
        }});

        var obj = {};
        obj.__proto__ = p; // This should not call the getPrototypeOf

        var obj1 = {};
        Object.setPrototypeOf(obj1, p); // This should not call the getPrototypeOf

        var obj2 = {__proto__ : p}; // This should not call the getPrototypeOf
    }
  },
  {
    name: "Cross-site activation object",
    body: function () {
        var tests = [0, 0];  
        tests.forEach(function() {
            var eval = WScript.LoadScript(0, "samethread").eval;
            eval(0);
        });
    }
  },
  {
    name: "Destructuring declaration should return undefined",
    body: function () {
        assert.areEqual(undefined, eval("var {x} = {};"));
        assert.areEqual(undefined, eval("let {x,y} = {};"));
        assert.areEqual(undefined, eval("const [z] = [];"));
        assert.areEqual(undefined, eval("let {x} = {}, y = 1, {z} = {};"));
        assert.areEqual([1], eval("let {x} = {}; [x] = [1]"));
    }
  },
  {
    name: "Strict Mode : throw type error when the handler returns falsy value",
    body: function () {
        assert.throws(() => {"use strict"; let p1 = new Proxy({}, { set() {}}); p1.foo = 1;}, TypeError, "returning undefined on set handler is return false which will throw type error",  "Proxy set handler returned false");
        assert.throws(() => {"use strict"; let p1 = new Proxy({}, { deleteProperty() {}}); delete p1.foo;}, TypeError, "returning undefined on deleteProperty handler is return false which will throw type error",  "Proxy deleteProperty handler returned false");
        assert.throws(() => {"use strict"; let p1 = new Proxy({}, { set() {return false;}}); p1.foo = 1;}, TypeError, "set handler is returning false which will throw type error",  "Proxy set handler returned false");
        assert.throws(() => {"use strict"; let p1 = new Proxy({}, { deleteProperty() {return false;}}); delete p1.foo;}, TypeError, "deleteProperty handler is returning false which will throw type error",  "Proxy deleteProperty handler returned false");
      }
  },
  {
    name: "Generator : testing recursion",
    body: function () {
        // This will throw out of stack error
        assert.throws(() => {
            function foo() {
                function *f() {
                    yield foo();
                }
                f().next();
            }
            foo();
        });
      }
  },
  {
    name: "destructuring : testing recursion",
    body: function () {
      try {
        eval(`
            var ${'['.repeat(6631)}
          `);
          assert.fail();
        }
        catch (e) {
        }
        
        try {
            eval(`
               var {${'a:{'.repeat(6631)}
            `);
            assert.fail();
        }
        catch (e) {
        }
      }
  },
  {
    name: "CrossSite issue while array concat OS: 18874745",
    body: function () {
          function test0() {
            var IntArr0 = Array();
            var sc0Code = `
              Object.defineProperty(Array, Symbol.species, { value : function() {
                      return IntArr0;
                      }
                  }
              );
            test = function(a, list) {
                return [a].concat(list);
            }
            function out() {
              test({}, [1]);
            }
            `;
            var sc0 = WScript.LoadScript(sc0Code, 'samethread');
            sc0.IntArr0 = IntArr0;
            sc0.out();
          }
         test0();
      }
  },
  {
    name: "Init box javascript array : OS : 20517662",
    body: function () {
      var obj = {};
      obj[0] = 11;
      obj[1] = {};
      obj[17] = 222;
      obj[35] = 333; // This is will increase the size past the inline segment
      
      Object.assign({}, obj); // The InitBoxedInlineSegments will be called due to this call.
    }
  },
  {
    name: "calling promise's function as constructor should not be allowed",
    body: function () {
        var var_0 = new Promise(function () {});                                           
        var var_1 = function () {};                                                        
                                                                                          
        var_0.then = function (a, b) {                                                     
          var_2 = b;                                                                       
        };                                                                                 
        var_3 = Promise.prototype.finally.call(var_0, var_1);                              
        assert.throws(() => { new var_2([]).var_3(); },TypeError);
      }
  },
  {
    name: "issue : 6174 : calling ToNumber for the fill value for typedarray.prototype.fill",
    body: function () {
        let arr1 = new Uint32Array(5);
        let valueOfCalled = false;
        let p1 = new Proxy([], {
            get: function(oTarget, sKey) {
                if (sKey.toString() == 'valueOf') {
                    valueOfCalled = true;
                }
                return Reflect.get(oTarget, sKey);
            }
        });
        Uint32Array.prototype.fill.call(arr1, p1, 5, 1);
        assert.isTrue(valueOfCalled);
    }
  },
  {
    name: "class name should not change if calling multiple times",
    body: function () {
        function getClass() {
          class A {
            constructor() {

            }
          };
          return A;
        }
        let f1 = getClass();
        let f2 = getClass();
        let f3 = getClass();
        assert.areEqual("A", f1.name);
        assert.areEqual("A", f2.name);
        assert.areEqual("A", f3.name);
      }
  },
  {
    name: "should throw syntax error when expression within if is comma-terminated",
    body: function () {
        assert.throws(()=> { eval('var f = function () { var f = 0; if (f === 0,) print("run_here"); }; f();'); }, SyntaxError);
      }
  }
];

testRunner.runTests(tests, { verbose: WScript.Arguments[0] != "summary" });