Move base64 code generators from XSProfile to generic list

Liedtke · V8-internal LUCI CQ · commit 615b4d6802eb · 2025-09-11T02:05:49.000-07:00
These were added to the XSProfile in commit fdaaa1f. As V8 now supports base64, we should run these code generators by default. Bug: 443906260 Change-Id: I469f25a9d7044f0a4dc6f303a7f33a18728e65c3 Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/8578339 Commit-Queue: Matthias Liedtke <mliedtke@google.com> Reviewed-by: Samuel Groß <saelo@google.com>
diff --git a/Sources/Fuzzilli/CodeGen/CodeGeneratorWeights.swift b/Sources/Fuzzilli/CodeGen/CodeGeneratorWeights.swift
@@ -47,6 +47,8 @@ public let codeGeneratorWeights = [
     "LoadNewTargetGenerator":                   3,
     "DisposableVariableGenerator":              5,
     "AsyncDisposableVariableGenerator":         5,
+    "HexGenerator":                             2,
+    "Base64Generator":                          2,
 
     "ObjectLiteralGenerator":                   10,
     // The following generators determine how frequently different
diff --git a/Sources/Fuzzilli/CodeGen/CodeGenerators.swift b/Sources/Fuzzilli/CodeGen/CodeGenerators.swift
@@ -143,6 +143,7 @@ public let CodeGenerators: [CodeGenerator] = [
                              b.constructTemporalTime, b.constructTemporalYearMonth, b.constructTemporalMonthDay,
                              b.constructTemporalDate, b.constructTemporalDateTime, b.constructTemporalZonedDateTime])()
     },
+
     ValueGenerator("TypedArrayGenerator") { b, n in
         for _ in 0..<n {
             let size = b.loadInt(b.randomSize(upTo: 0x1000))
@@ -155,6 +156,99 @@ public let CodeGenerators: [CodeGenerator] = [
         }
     },
 
+    CodeGenerator("HexGenerator") { b in
+        let hexValues = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "A", "B", "C", "D", "E", "F"]
+
+        let Uint8Array = b.createNamedVariable(forBuiltin: "Uint8Array")
+
+        withEqualProbability({
+                var s = ""
+                for _ in 0..<Int.random(in: 1...10) {
+                    s += chooseUniform(from: hexValues)
+                    s += chooseUniform(from: hexValues)
+                }
+                let hex = b.loadString(s)
+
+                if probability(0.5) {
+                    b.callMethod("fromHex", on: Uint8Array, withArgs: [hex])
+                } else {
+                    let target = b.construct(Uint8Array, withArgs: [b.loadInt(Int64.random(in: 0...0x100))])
+                    b.callMethod("setFromHex", on: target, withArgs: [hex])
+                }
+            }, {
+                var values = [Variable]()
+                for _ in 0..<Int.random(in: 1...20) {
+                    values.append(b.loadInt(Int64.random(in: 0...0xFF)))
+                }
+
+                let bytes = b.callMethod("of", on: Uint8Array, withArgs: values)
+                b.callMethod("toHex", on: bytes, withArgs: [])
+            }
+        )
+    },
+
+    CodeGenerator("Base64Generator") { b in
+        let base64Alphabet = ["A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "+", "/"]
+        let base64URLAlphabet = ["A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "-", "_"]
+
+        let Uint8Array = b.createNamedVariable(forBuiltin: "Uint8Array")
+
+        withEqualProbability({
+                var options = [String: Variable]()
+                var alphabet = chooseUniform(from: [base64Alphabet, base64URLAlphabet])
+
+                options["alphabet"] = b.loadString((alphabet == base64Alphabet) ? "base64" : "base64url")
+                options["lastChunkHandling"] = b.loadString(
+                    chooseUniform(
+                        from: ["loose", "strict", "stop-before-partial"]
+                    )
+                )
+
+                var s = ""
+                for _ in 0..<Int.random(in: 1...32) * 4 {
+                    s += chooseUniform(from: alphabet)
+                }
+
+                // extend by 0, 1, or 2 bytes
+                switch (Int.random(in: 0...3)) {
+                    case 1:
+                        s += base64Alphabet[Int.random(in: 0...63)]
+                        s += base64Alphabet[Int.random(in: 0...63) & 0x30]
+                        s += "=="
+                        break
+
+                    case 2:
+                        s += base64Alphabet[Int.random(in: 0...63)]
+                        s += base64Alphabet[Int.random(in: 0...63)]
+                        s += base64Alphabet[Int.random(in: 0...63) & 0x3C]
+                        s += "="
+                        break
+
+                    default:
+                        break
+                }
+
+                let base64 = b.loadString(s)
+
+                let optionsObject = b.createObject(with: options)
+                if probability(0.5) {
+                    b.callMethod("fromBase64", on: Uint8Array, withArgs: [base64, optionsObject])
+                } else {
+                    let target = b.construct(Uint8Array, withArgs: [b.loadInt(Int64.random(in: 0...0x100))])
+                    b.callMethod("setFromBase64", on: target, withArgs: [base64, optionsObject])
+                }
+            }, {
+                var values = [Variable]()
+                for _ in 0..<Int.random(in: 1...64) {
+                    values.append(b.loadInt(Int64.random(in: 0...0xFF)))
+                }
+
+                let bytes = b.callMethod("of", on: Uint8Array, withArgs: values)
+                b.callMethod("toBase64", on: bytes, withArgs: [])
+            }
+        )
+    },
+
     ValueGenerator("RegExpGenerator") { b, n in
         // TODO: this could be a ValueGenerator but currently has a fairly high failure rate.
         for _ in 0..<n {
diff --git a/Sources/FuzzilliCli/Profiles/XSProfile.swift b/Sources/FuzzilliCli/Profiles/XSProfile.swift
@@ -129,99 +129,6 @@ fileprivate let UnicodeStringGenerator = CodeGenerator("UnicodeStringGenerator")
     b.loadString(s)
 }
 
-fileprivate let HexGenerator = CodeGenerator("HexGenerator") { b in
-    let hexValues = ["0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "A", "B", "C", "D", "E", "F"]
-
-    let Uint8Array = b.createNamedVariable(forBuiltin: "Uint8Array")
-
-    withEqualProbability({
-            var s = ""
-            for _ in 0..<Int.random(in: 1...10) {
-                s += chooseUniform(from: hexValues)
-                s += chooseUniform(from: hexValues)
-            }
-            let hex = b.loadString(s)
-
-            if probability(0.5) {
-                b.callMethod("fromHex", on: Uint8Array, withArgs: [hex])
-            } else {
-                let target = b.construct(Uint8Array, withArgs: [b.loadInt(Int64.random(in: 0...0x100))])
-                b.callMethod("setFromHex", on: target, withArgs: [hex])
-            }
-        }, {
-            var values = [Variable]()
-            for _ in 0..<Int.random(in: 1...20) {
-                values.append(b.loadInt(Int64.random(in: 0...0xFF)))
-            }
-
-            let bytes = b.callMethod("of", on: Uint8Array, withArgs: values)
-            b.callMethod("toHex", on: bytes, withArgs: [])
-        }
-    )
-}
-
-fileprivate let Base64Generator = CodeGenerator("Base64Generator") { b in
-    let base64Alphabet = ["A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "+", "/"]
-    let base64URLAlphabet = ["A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "-", "_"]
-
-    let Uint8Array = b.createNamedVariable(forBuiltin: "Uint8Array")
-
-    withEqualProbability({
-            var options = [String: Variable]()
-            var alphabet = chooseUniform(from: [base64Alphabet, base64URLAlphabet])
-
-            options["alphabet"] = b.loadString((alphabet == base64Alphabet) ? "base64" : "base64url")
-            options["lastChunkHandling"] = b.loadString(
-                chooseUniform(
-                    from: ["loose", "strict", "stop-before-partial"]
-                )
-            )
-
-            var s = ""
-            for _ in 0..<Int.random(in: 1...32) * 4 {
-                s += chooseUniform(from: alphabet)
-            }
-
-            // extend by 0, 1, or 2 bytes
-            switch (Int.random(in: 0...3)) {
-                case 1:
-                    s += base64Alphabet[Int.random(in: 0...63)]
-                    s += base64Alphabet[Int.random(in: 0...63) & 0x30]
-                    s += "=="
-                    break
-
-                case 2:
-                    s += base64Alphabet[Int.random(in: 0...63)]
-                    s += base64Alphabet[Int.random(in: 0...63)]
-                    s += base64Alphabet[Int.random(in: 0...63) & 0x3C]
-                    s += "="
-                    break
-
-                default:
-                    break
-            }
-
-            let base64 = b.loadString(s)
-
-            let optionsObject = b.createObject(with: options)
-            if probability(0.5) {
-                b.callMethod("fromBase64", on: Uint8Array, withArgs: [base64, optionsObject])
-            } else {
-                let target = b.construct(Uint8Array, withArgs: [b.loadInt(Int64.random(in: 0...0x100))])
-                b.callMethod("setFromBase64", on: target, withArgs: [base64, optionsObject])
-            }
-        }, {
-            var values = [Variable]()
-            for _ in 0..<Int.random(in: 1...64) {
-                values.append(b.loadInt(Int64.random(in: 0...0xFF)))
-            }
-
-            let bytes = b.callMethod("of", on: Uint8Array, withArgs: values)
-            b.callMethod("toBase64", on: bytes, withArgs: [])
-        }
-    )
-}
-
 fileprivate let CompartmentEvaluateGenerator = CodeGenerator("CompartmentEvaluateGenerator", inputs: .required(.object(ofGroup: "Compartment"))) { b, target in
     let code = b.buildCodeString() {
         b.buildRecursive()
@@ -419,8 +326,6 @@ let xsProfile = Profile(
         (CompartmentEvaluateGenerator,  5),
         (UnicodeStringGenerator,        2),
         (ModuleSourceGenerator,         3),
-        (HexGenerator,                  2),
-        (Base64Generator,               2),
     ],
 
     additionalProgramTemplates: WeightedList<ProgramTemplate>([
