Closed Bug 1499335 Opened 2 years ago Closed 2 years ago

Make it easier to fuzz dynamic module import in the shell

Categories

(Core :: JavaScript Engine, enhancement, P3)

61 Branch
enhancement

Tracking

()

RESOLVED FIXED
mozilla65
Tracking Status
firefox65 --- fixed

People

(Reporter: jonco, Assigned: jonco)

References

Details

Attachments

(1 file, 1 obsolete file)

Dynamic import is difficult to fuzz because it requires access to external files.  Decoder requested a function that would take source code as an argument and then import that as a module.
Priority: -- → P3
Attached patch bug1499335-inline-module-import (obsolete) — Splinter Review
Would something like this work (see use of import in the test code)?

This adds the ability to import from 'inline:' URLs that embed JS source in the URL.  (It's like data: URLs but without the MIME type).
Assignee: nobody → jcoppeard
Attachment #9018237 - Flags: feedback?(choller)
Comment on attachment 9018237 [details] [diff] [review]
bug1499335-inline-module-import

Yes, that looks like it might be possible to integrate into the fuzzing driver.
Attachment #9018237 - Flags: feedback?(choller) → feedback+
Attachment #9018337 - Flags: review?(evilpies)
Attachment #9018237 - Attachment is obsolete: true
Comment on attachment 9018337 [details] [diff] [review]
bug1499335-inline-module-import v2

Review of attachment 9018337 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/jit-test/tests/modules/inline-data.js
@@ +1,1 @@
> +// |jit-test| module

Could change the name of the test, but inline-data still kind of fits anyway.

::: js/src/shell/ModuleLoader.js
@@ +8,5 @@
>  /* global setModuleDynamicImportHook finishDynamicModuleImport abortDynamicModuleImport */
>  
>  // A basic synchronous module loader for testing the shell.
> +//
> +// Supports loading files and 'inline:' URLs that embed JS source text.

javascript:

@@ +30,5 @@
>          this.registry = new Map();
>          this.loadPath = getModuleLoadPath();
>      }
>  
> +    isInlineURL(name) {

isJavascriptURL

@@ +163,5 @@
>  
>      fetch(path) {
> +        if (this.isInlineURL(path)) {
> +            let i = ReflectApply(StringPrototypeIndexOf, path, [":"]);
> +            return ReflectApply(StringPrototypeSubstring, path, [i + 1]);

return ReflectApply(StringPrototypeSubstring, path, ["javascript:".length]);

Maybe add a top-level constant like const JS_SCHEME = "javascript:".
Attachment #9018337 - Flags: review?(evilpies) → review+
Pushed by jcoppeard@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/80235331ce5f
Support module specifiers containing inline data in the shell r=evilpie
https://hg.mozilla.org/mozilla-central/rev/80235331ce5f
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
You need to log in before you can comment on or make changes to this bug.