github/boa - boa - 帆软第三方插件仓库

3079 Commits

22 Branches

24 Tags

686 MiB

Tree: f80c53229a

Commit Graph

Author	SHA1	Message	Date
José Julián Espina	47351efa53	Reestructure repo and CI improvements (#3505 ) * Reestructure repo * cargo update & fmt * Fix CI * Add newline * Fix playground CI * Fix CI * Fix CI (for real this time) * Fix CI (fr fr)	11 months ago
Addison Crump	6b595e7999	Update fuzzers and add building them to CI (#2983 ) * update fuzzers for latest changes * build fuzzers in CI workflow * move fuzz builds before examples, oops * use explicit versioning	1 year ago
Addison Crump	c1b5f38d11	VM Fuzzer (#2401 ) This Pull Request offers a basic VM fuzzer which relies on implied oracles (namely, "does it crash or timeout?"). It changes the following: - Adds an insns_remaining field to Context, denoting the number of instructions remaining to execute (only available when fuzzing) - Adds a JsNativeError variant, denoting when the number of instructions has been exceeded (only available when fuzzing) - Adds a VM fuzzer which looks for cases where Boa may crash on an input This offers no guarantees about correctness, only assertion violations. Depends on #2400. Any issues I raise in association with this fuzzer will link back to this fuzzer. You may run the fuzzer using the following commands: ```bash $ cd boa_engine $ cargo +nightly fuzz run -s none vm-implied ``` Co-authored-by: Addison Crump <addison.crump@cispa.de>	2 years ago

Author

SHA1

Message

Date

José Julián Espina

47351efa53

Reestructure repo and CI improvements (#3505 )

* Reestructure repo

* cargo update & fmt

* Fix CI

* Add newline

* Fix playground CI

* Fix CI

* Fix CI (for real this time)

* Fix CI (fr fr)

11 months ago

Addison Crump

6b595e7999

Update fuzzers and add building them to CI (#2983 )

* update fuzzers for latest changes

* build fuzzers in CI workflow

* move fuzz builds before examples, oops

* use explicit versioning

1 year ago

Addison Crump

c1b5f38d11

VM Fuzzer (#2401 )

This Pull Request offers a basic VM fuzzer which relies on implied oracles (namely, "does it crash or timeout?").

It changes the following:

- Adds an insns_remaining field to Context, denoting the number of instructions remaining to execute (only available when fuzzing)
- Adds a JsNativeError variant, denoting when the number of instructions has been exceeded (only available when fuzzing)
- Adds a VM fuzzer which looks for cases where Boa may crash on an input

This offers no guarantees about correctness, only assertion violations. Depends on #2400.

Any issues I raise in association with this fuzzer will link back to this fuzzer.

You may run the fuzzer using the following commands:
```bash
$ cd boa_engine
$ cargo +nightly fuzz run -s none vm-implied
```

Co-authored-by: Addison Crump <addison.crump@cispa.de>

2 years ago

1 Commits (f80c53229a7f4364a96797e25e65ab66d2ff7717)