blob: 41255aa4d97c19ba319e2719571348422f34aeb3 [file] [log] [blame] [edit]
// Copyright 2020 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
* @fileoverview Blacklists for fuzzer.
'use strict';
const fs = require('fs');
const path = require('path');
const random = require('./random.js');
const {generatedSloppy, generatedSoftSkipped, generatedSkipped} = require(
// Disabled for unexpected test behavior, specific to d8 shell.
// Passes JS flags.
// Slow tests or tests that are too large to be used as input.
// Unsupported modules.
// Unsupported property escapes.
// Bad testcases that just loads a script that always throws errors.
// Just recursively loads itself.
// Slow tests or tests that are too large to be used as input.
// Causes lots of failures.
// Unavailable debug.Debug.
// Unsupported modules.
// Contains tests expected to error out on parsing.
// Needs specific dependencies for load of various tests.
// Unsupported e4x standard.
// Bails out fast without ReadableStream support.
// Files used with a lower probability.
// Tests with large binary content.
// Tests slow to parse.
// CrashTests:
// Spidermonkey:
// V8:
// Flags that lead to false positives or that are already passed by default.
// Disallowed because features prefixed with "experimental" are not
// stabilized yet and would cause too much noise when enabled.
// Disallowed due to noise. We explicitly add --es-staging to job
// definitions, and all of these features are staged before launch.
// Disallowed because they are passed explicitly on the command line.
// Disallowed due to false positives.
'natives', // Used in conjuction with --expose-natives-as.
// Flags only used with 25% probability.
const LOW_PROB_FLAGS_PROB = 0.25;
const LOW_PROB_FLAGS = [
// Flags that lead to slow test performance.
// Flags printing data, leading to false positives in differential fuzzing.
// List of allowed runtime functions. Others will be replaced with no-ops.
const MAX_FILE_SIZE_BYTES = 128 * 1024; // 128KB
const MEDIUM_FILE_SIZE_BYTES = 32 * 1024; // 32KB
function _findMatch(iterable, candidate) {
for (const entry of iterable) {
if (typeof entry === 'string') {
if (entry === candidate) {
return true;
} else {
if (entry.test(candidate)) {
return true;
return false;
function _doesntMatch(iterable, candidate) {
return !_findMatch(iterable, candidate);
// Convert Windows path separators.
function normalize(testPath) {
return path.normalize(testPath).replace(/\\/g, '/');
function isTestSkippedAbs(absPath) {
const basename = path.basename(absPath);
if (_findMatch(SKIPPED_FILES, basename)) {
return true;
const normalizedTestPath = normalize(absPath);
for (const entry of SKIPPED_DIRECTORIES) {
if (normalizedTestPath.includes(entry)) {
return true;
// Avoid OOM/hangs through huge inputs.
const stat = fs.statSync(absPath);
return (stat && stat.size >= MAX_FILE_SIZE_BYTES);
function isTestSkippedRel(relPath) {
return generatedSkipped.has(normalize(relPath));
// For testing.
function getSoftSkipped() {
// For testing.
function getGeneratedSoftSkipped() {
return generatedSoftSkipped;
// For testing.
function getGeneratedSloppy() {
return generatedSloppy;
function isTestSoftSkippedAbs(absPath) {
const basename = path.basename(absPath);
if (_findMatch(this.getSoftSkipped(), basename)) {
return true;
// Graylist medium size files.
const stat = fs.statSync(absPath);
return (stat && stat.size >= MEDIUM_FILE_SIZE_BYTES);
function isTestSoftSkippedRel(relPath) {
return this.getGeneratedSoftSkipped().has(normalize(relPath));
function isTestSloppyRel(relPath) {
return this.getGeneratedSloppy().has(normalize(relPath));
function filterFlags(flags) {
return flags.filter(flag => {
return (
_doesntMatch(DISALLOWED_FLAGS, flag) &&
(_doesntMatch(LOW_PROB_FLAGS, flag) ||
function filterDifferentialFuzzFlags(flags) {
return flags.filter(
flag => _doesntMatch(DISALLOWED_DIFFERENTIAL_FUZZ_FLAGS, flag));
function isAllowedRuntimeFunction(name) {
if (process.env.APP_NAME != 'd8') {
return false;
module.exports = {
filterDifferentialFuzzFlags: filterDifferentialFuzzFlags,
filterFlags: filterFlags,
getGeneratedSoftSkipped: getGeneratedSoftSkipped,
getGeneratedSloppy: getGeneratedSloppy,
getSoftSkipped: getSoftSkipped,
isAllowedRuntimeFunction: isAllowedRuntimeFunction,
isTestSkippedAbs: isTestSkippedAbs,
isTestSkippedRel: isTestSkippedRel,
isTestSoftSkippedAbs: isTestSoftSkippedAbs,
isTestSoftSkippedRel: isTestSoftSkippedRel,
isTestSloppyRel: isTestSloppyRel,