fuzzilli icon indicating copy to clipboard operation
fuzzilli copied to clipboard
verified publisher icon googleprojectzero

Implements compilation of new parameter types

Open TobiasWienand opened this issue 1 year ago • 1 comments

This initial commit enables compilation of shallow objectPattern and arrayPattern parameters. Shallow means that all elements of the objectPattern and arrayPattern are identifierParameters and particularly not nested object- or arrayPatterns

TODO

  1. Property renaming in object pattern parameters (e.g. {a: b, c: d})
  2. Nested objected/array patterns (e.g. {a: {b, c}, d: [e, f]}) This also means we need to redesign the Parameters struct again because at the moment the enum can only represent if a parameter opens/closes an array/object, not how many.
  3. Default values for parameters (e.g. function f(a = 42) { ... })
  4. Run Fuzzilli with seeds that are now compilable

Questions

  1. This commit changes the Parameters struct. If I understand correctly, this is performance-critical code. So my concern is if the impact on performance is negligible in this case?
  2. Compilation works with these changes but I realize the changes to the core of Fuzzilli may also necessitate changes to other parts of Fuzzilli that still assume that the Parameters struct has the old form. Which parts of Fuzzilli might be impacted by this change?

TobiasWienand avatar Oct 09 '24 16:10 TobiasWienand

Can you also support such code:

  1. const [a0, a1] = f0(t);
  2. const { prop1 } = obj.f();

brookate avatar Oct 18 '24 02:10 brookate

Ah, another place that needs updating now: https://github.com/googleprojectzero/fuzzilli/blob/f6b1917fd6ed87ccb44c714483b6384b12e4eb11/Sources/Fuzzilli/Protobuf/operations.proto#L18 and https://github.com/googleprojectzero/fuzzilli/blob/f6b1917fd6ed87ccb44c714483b6384b12e4eb11/Sources/Fuzzilli/FuzzIL/Instruction.swift#L326 and https://github.com/googleprojectzero/fuzzilli/blob/f6b1917fd6ed87ccb44c714483b6384b12e4eb11/Sources/Fuzzilli/FuzzIL/Instruction.swift#L864 (i.e. the logic for converting between the prototuf-based serialized FuzzIL format to the in-memory one). I think this currently doesn't fail any tests because there is no CodeGenerator for the new parameters yet (and so they are not used in the respective tests), but you can probably observe the issue if you import a .js file with the new parameter types and then look at the .fuzzil file on disk (e.g. via swift run FuzzILTool --liftToJS path/to/file.fuzzil).

saelo avatar Nov 11 '24 12:11 saelo