Although JS_MAX_LOCAL_VARS is set to 65536, Array(65537), for example, can be used to bypass the constraints (fd->arg_count >= JS_MAX_LOCAL_VARS) and create an invalid function.
Calling the function may cause a crash.

ASAN:DEADLYSIGNAL
=================================================================
==24999==ERROR: AddressSanitizer: SEGV on unknown address 0x100080017948 (pc 0x555555671d64 bp 0x7fffffffca00 sp 0x7fffffffc250 T0)
==24999==The signal is caused by a READ memory access.
    #0 0x555555671d63 in JS_CallInternal.lto_priv.161 /home/ptr/Downloads/quickjs/quickjs.c:16930
    #1 0x55555566f0b5 in JS_CallInternal.lto_priv.161 /home/ptr/Downloads/quickjs/quickjs.c:16547
    #2 0x5555556994d5 in JS_CallFree.lto_priv.407 /home/ptr/Downloads/quickjs/quickjs.c:18628
    #3 0x5555556d9ae9 in JS_EvalFunctionInternal.lto_priv.507 /home/ptr/Downloads/quickjs/quickjs.c:33427
    #4 0x5555556f14d8 in __JS_EvalInternal.lto_priv.248 /home/ptr/Downloads/quickjs/quickjs.c:33581
    #5 0x5555556d915d in JS_EvalInternal /home/ptr/Downloads/quickjs/quickjs.c:33599
    #6 0x5555556d915d in JS_EvalThis /home/ptr/Downloads/quickjs/quickjs.c:33630
    #7 0x5555556d91ed in JS_Eval /home/ptr/Downloads/quickjs/quickjs.c:33638
    #8 0x5555555b24b0 in eval_buf /home/ptr/Downloads/quickjs/qjs.c:68
    #9 0x5555555b2684 in eval_file /home/ptr/Downloads/quickjs/qjs.c:100
    #10 0x555555588ee4 in main /home/ptr/Downloads/quickjs/qjs.c:516
    #11 0x7ffff6a48bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #12 0x555555589539 in _start (/home/ptr/Downloads/quickjs/qjs+0x35539)

The PoC script should throwInternalError (either stack overflow or too many arguments)

Build Environment

Ubuntu 18.04
Tested on gcc 7.5.0
Command: ./qjs poc.js

PoC

Reflect.apply(Function, undefined, Array(65537))();

Description

The poc overflows the JavaScript stack.

Build environment

Ubuntu 18.04
gcc version 6.5.0 (GCC)
QuickJS version 2020-09-06

POC

function main() {
let v2 = 0;
var prGt = JSON;
while (v2 < 10) {
function v3(v4, v5, v6, v7, ...v8) {
const v11 = Math.asinh(Int32Array);
var MZCC = v11.constructor();
}
for (let v24 = 0; v24 < 10; v24++) {
const v25 = v3();
var sDYb = Date;
var HpBB = Symbol;
}
const v26 = v2 + 1;
var CfQP = v2.toFixed(v26);
var akHP = new Object();
var sWJC = escape('fw]/$pc]=#T]MM11'); var aZec = main(); var xwhW = JSON.parse('l<u0I9');
CfQP.length = v26;
var BeHt = DataView;
var zeij = JSON.stringify('CG&wE5qa41v)g?Wo3SCFw');
}
}
main();

Debug Information

InternalError: stack overflow
at asinh (native)
at v3 (poc:6)
at main (poc:10)
at main (poc:18)
... ...
at (poc:25)

Hello.

Please support the work under Windows. Using native WinAPI. Through compilation conditional keys or something like that.

There are some projects that depend on yours (for example, javascript support for the Rust language). But the lack of proper Windows support is a big problem.

PS: MinGW does not fly

Build environment:

Ubuntu 16.04
gcc 5.4.0
qjs version: 7c312df
test command: ./qjs poc

POC

qjs-000397.txt

Description

Below is the ASAN outputs.

In CCF we've been using a patch from user Geequlim to access modules exports, specifically functions, from native code:

https://www.freelists.org/post/quickjs-devel/Patch-Add-some-informations-to-get-more-informations-from-compiled-modules

Is there a chance to make this part of quickjs? I'm not sure if the patch requires further tweaks to work more generally. I think it doesn't work as-is when a function/entry is re-exported from another module.

We're happy to help if it's useful.

os module is not exporting realpath function, even though docs claim that.
I was using quickjs-win-x86_64-2020-11-08.zip

That breaks https://github.com/IvanGaravito/quickjs-require/blob/master/require.js, among other things.

In JS_ReadFunctionTag() if goto fail; happens after b->cpool_count is set to a >0 value but before b->cpool is allocated, then JS_FreeValue() will try to iterate over a NULL b->cpool and segfault.

Build environment:

Ubuntu 16.04
gcc 5.4.0
qjs version: af1420f(git hash)
test command: ./qjs poc

POC

qjs-c02.txt

Description

Below is the ASAN outputs.

Description

Basically, the parameter named 'x' and var declaration for 'x' create two distinct variables, with the declaration in the body not being visible to expressions in the parameter lists; the variable in the body is initialized with the value of the parameter after execution of the parameter list ends, but should not reflect subsequent changes to it.

Build environment

Ubuntu 18.04
gcc version 6.5.0 (GCC)
QuickJS version 2020-09-06

POC

function func(x = 0, read = () => x) {
var x = 1;
print('param x =', read());
print('body x =', x);
}
func();

Debug Information

$ qjs poc
param x = 1
body x = 1

V8####

param x = 0
body x = 1

[again, needs CONFIG_ASAN=y in Makefile]
Repro:
./qjs JS_GetPropertyInternal.js.TXT

POC fix:
diff --git a/quickjs.c b/quickjs.c
index a39ff8f..6a2d259 100644
--- a/quickjs.c
+++ b/quickjs.c
@@ -39079,6 +39079,7 @@ static int64_t JS_FlattenIntoArray(JSContext *ctx, JSValueConst target,

• if (js_check_stack_overflow(ctx->rt, 0)) return -1;

Attached file:
JS_GetPropertyInternal.js.TXT

Copy of oss-fuzz issue 21397
(again, build with CONFIGURE_ASAN=y in Makefile)
Repro:
./qjs e21397.js.TXT
e21397.js.TXT

And a side-note: I'm happy to move all the public bugs from OSS-Fuzz/quickjs if it helps: i originally thought it makes more sense to comment there because it's access-controlled prior to disclosure.

typedef uint32_t JSClassID;
but store as uint16_t in the JSObject.
Invoke JS_NewClass use a class_id biger than maximum of uint16_t will success.
Invoke JS_NewObjectProtoClass use that class_id sueccss too, but the object created store a wrong class_id.
It may cause a wrong finalizer calling in the gc.

Description

The JS_IteratorNext2 function will be called recursively, causing the stack frame move to the bottom

Build environment

Ubuntu 16.04
gcc version 6.5.0 20181026

debug information:

 →   0x48164a <JS_IteratorNext2.lto_priv.35+202> call   QWORD PTR [rax+0x38]
     0x48164d <JS_IteratorNext2.lto_priv.35+205> pop    rcx
     0x48164e <JS_IteratorNext2.lto_priv.35+206> pop    rsi
     0x48164f <JS_IteratorNext2.lto_priv.35+207> jmp    0x481601 
gef➤  vmmap stack
[ Legend:  Code | Heap | Stack ]
Start              End                Offset             Perm Path
0x00007fffff7ff000 0x00007ffffffff000 0x0000000000000000 rw- [stack]
gef➤  p $rsp
$1 = (void *) 0x7fffff7ff000

The PoC

var nullChars = new Array();
var badIter = {};
iter = 3 / iter;
badIter[Symbol.iterator] = function () {
    return {
        next: function () {
            return 8;
        }
    };
};
var PSXh = Error;
function* g() {
    try {
        yield* badIter;
        var NFhf = new Uint8Array([
            1.3,
            -9007199254740991,
            1200,
            0,
            0,
            1,
            1e+81,
            4294967295,
            9007199254740991
        ]);
    } catch (err) {
        caught = err;
    }
}
var iter = g();
var result, caught;
badIter = g();
result = iter.next();

There seems to be a memory leak problem around getOwnPropertyDescriptor of a Proxy.
The proof-of-concept script pasted below is causing an assertion error in JS_FreeRuntime.

qjs: quickjs.c:1979: JS_FreeRuntime: Assertion `list_empty(&rt->gc_obj_list)' failed.

Dump with DUMP_LEAKS:

Object leaks:
       ADDRESS REFS SHRF          PROTO      CLASS PROPS
0x6070000044d0    1   0* 0x607000000090     Object {  }

Build Environment

Ubuntu 18.04
Tested on gcc 7.5.0 and clang 6.0
Command: ./qjs poc.js

PoC

let o = {};
let p = new Proxy(o, {
    getOwnPropertyDescriptor: function (target, name) {
        abc;
    }
});
p.x = {};
console.log("OK");

Build environment:

Ubuntu 16.04
gcc 5.4.0
qjs version: af1420f(git hash)
test command: ./qjs poc

POC

qjs-000039.txt

Description

Below is the ASAN outputs. Heap use-after-free at QuickJS/quickjs.h:661

Build environment:

Ubuntu 16.04
gcc 5.4.0
qjs version: 7c312df
test command: ./qjs poc

POC

qjs-000297.txt

Description

Below is the ASAN outputs.

I know the mailing list is the official place for discussion, but I thought I should post this here for visibility.

JS_NewRuntime sets stack_top as the address of the current frame when the runtime is created. There is no relationship whatsoever between the stack frame JS_NewRuntime is called in and the frame JS_Eval is called in.

This appears to have been pointed out back in 2019: https://www.freelists.org/post/quickjs-devel/stackoverflow,3
But it doesn't appear to me that any progress has been made on this issue.

As pointed out on the mailing list, simply calling JS_NewRuntime in a deeper stack frame than JS_Eval leads to false positives in the single-threaded case, and there is no way to turn this off without editing the source. This is a very confusing default.

This is just off the top of my head, but perhaps it would make sense to use something like a thread local that is set every time JS_Eval is called, and set back to NULL when JS_Eval isn't running. That way recursive invocations could be detected.

Anyway, thanks again for a very useful project!

Build environment:

Ubuntu 16.04
gcc 5.4.0
qjs version: af1420f(git hash)
test command: ./qjs poc

POC

qjs-000008.txt

Description

Below is the ASAN outputs.

os.exec() function seems to be not available on qjs windows build.
When inspecting the code, it seems to be on purpose (#if !defined(_WIN32))
Is os.exec() something that could be supported. Or a comparable function to launch another program from within qjs ?

Description

An overloaded function 'func1' is not standard when declared in 'func2'. gfs reports an error in this situation although other js-compilers treats it as a warning. However, the SyntaxError is not clear enough on what is wrong in the code.

Build environment

Ubuntu 18.04
gcc version 6.5.0 (GCC)
QuickJS version 2020-09-06

POC

function func1(n) {
var obj = 'func1(){}';
var i;
for (i = 0; i < n; i++) {
print(JSON.stringify(obj));
}
}
function func2(n) {
for (var a = 0; a < 10; ++a)
//func1 = function (n,n) { //right
function func1(n,n) {
var obj = 'overload func1(){}';
var i;
for (i = 0; i < n; i++) {
print(JSON.stringify(obj));
}
}
}
try {
func2(10);
} catch (e) {
print(e.name, e);
}

Debug Information

$ qjs poc
SyntaxError: function declarations can't appear in single-statement context
at poc:11

At the moment JS_RunModule() function allows multiple evaluations of already loaded (and evaluated) module.

I propose to add simple check to prevent that (see /* check if it is already evaluated */):

JSModuleDef *JS_RunModule(JSContext *ctx, const char *basename,
                          const char *filename)
{
    JSModuleDef *m;
    JSValue ret, func_obj;
    
    m = js_host_resolve_imported_module(ctx, basename, filename);
    if (!m)
        return NULL;

    if (js_resolve_module(ctx, m) < 0) {
        js_free_modules(ctx, JS_FREE_MODULE_NOT_RESOLVED);
        return NULL;
    }
    /* check if it is already evaluated */
    if (m->evaluated)   
      return m; /* already evaluated, done */
   
    /* Evaluate the module code */
    func_obj = JS_DupValue(ctx, JS_MKPTR(JS_TAG_MODULE, m));
    ret = JS_EvalFunction(ctx, func_obj);
    if (JS_IsException(ret))
        return NULL;
    JS_FreeValue(ctx, ret);
    return m;
}

Build environment:

Ubuntu 16.04
gcc 5.4.0
qjs version: 7c312df
test command: ./qjs poc

POC

qjs-000294.txt

Description

Below is the ASAN outputs.

'top-level-await' is a killer feature. I suggest quickjs to support it.

I try to find buildin function for stdin like cin or scanf but I can't. Not include in std or global yet
For example, in d8 shell, google use readline() to input when typing in console

Build environment:

Ubuntu 16.04
gcc 5.4.0
qjs version: af1420f(git hash)
test command: ./qjs poc

POC

qjs-000000.txt

Description

Below is the ASAN outputs. Heap use-after-free at QuickJS/quickjs.c:8115

Description

Maybe there is some point in the code when increasing the stack TOP without doing the CHECKSTACK(n) which should have something to do with unbalanced number of parameters in function definition and function call.

Build environment

Ubuntu 18.04
gcc version 6.5.0 (GCC)
QuickJS version 2020-09-06
command:
qjs poc
qjsc -o out poc && ./out

POC

function f() {f(1,2)}
f(1)

Debug Information

InternalError: stack overflow
at f (poc)
at f (poc)
... ...
at (poc:2)

Hello,

I have a C program that is meant to wrap Babel in quickjs. I compiled the attached JS code into a binary using qjsc -o babel-bundle.c -e babel-bundle.js. In my C code I then load that into the Context as such:

js_std_eval_binary(ctx, babel_bundle, strlen(babel_bundle), 0);

I then call Babel using this:

const char* cScript = "Babel.transform('class Polygon { constructor(...sides) { this.sides = sides; } *getSides() { for(const side of this.sides){ yield side; } } get sides() { return sides; } set sides(sides) { this.sides = sides; } }', { presets: ['env'], sourceMaps: true, sourceType: 'script' })";

JSValue ret = JS_Eval(ctx, cScript, strlen(cScript), "<eval>", JS_EVAL_TYPE_GLOBAL);

if (JS_IsException(ret)) {
    JSValue exception_value = JS_GetException(ctx);
    const char* response = JS_ToCString(ctx, exception_value);
    printf("%s", response);
}

And it's producing the following error: "InternalError: unknown: stack overflow"

If I pass other scripts to Babel.transform(... it doesn't fail. It seems to be a hit and miss for this. For example, the same code without the javascript generator function works fine:

const char* cScript = "Babel.transform('class Polygon { constructor(...sides) { this.sides = sides; } get sides() { return sides; } set sides(sides) { this.sides = sides; } }', { presets: ['env'], sourceMaps: true, sourceType: 'script' })";

Below are the few examples of the DateAPI where parse method is returning incorrect values.

console.log(Date.parse('04 Dec 1995 00:12:00 GMT')); returns -56797387680000 rather than 818035920000
console.log(Date.parse('2020-04-20T18:30:0000:0000'));' returns 1587432600000rather thanNaN`
There are a few other cases/formats where parse method returns unexpected values. Also, similar issue happens with Date constructor.

How to reproduce:

file "module.js":

class Parent {}

export class Child extends Parent {
  childInstanceVar = 42;
  constructor() {}
} 

file "test.js"

import {Child} from "./module.js";

var child = new Child(); // <<< internal error here

console.log(child);

Running qjs -m test.js

Getting error:

ReferenceError: lexical variable is not initialized
    at Child (module.js)
    at <anonymous> (test.js:4)

QJS clearly fails to create instances of extended classes that reside in modules. But it works for classes that are a) either not extended or b) not in modules.

My code:
var a = new Array(10**9); a=a.fill(0);
So I suggest:

Add memory limit e.g 2GB RAM
Add optimization for such arrays (like PHP Immutable arrays)

$a=array(); for($i=0;$i<1000000;$i++) $a[$i]=array("hello") memory_get_usage(true) //about 34mb

Hello and thank you very much for QuickJS!

I have a question. Your documentation says:

-D module_name. 
    Compile a dynamically loaded module and its dependencies. This option is needed 
    when your code uses the import keyword or the os.Worker constructor because the compiler 
    cannot statically find the name of the dynamically loaded modules.

I have a script which starts a worker from another script file. When I use qjsc to build it, I pass -D parameter and path to worker script.
The result C file contains byte data of worker script:

But when I try to run the executable in another directory, I get this message:

ReferenceError: could not load module filename 'src/worker/worker_script.js'

I should change something to get it work? Or I should manually modify C file for writing this script?

Thank you

Build environment:

Ubuntu 16.04
gcc 5.4.0
qjs version: af1420f(git hash)
test command: ./qjs poc

POC

qjs-c02-1.txt

Description

Below is the ASAN outputs.

ASAN:SIGSEGV
==107042==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd4f3befb8 (pc 0x00000087b714 bp 0x7ffd4f3bf0c0 sp 0x7ffd4f3befb8 T0)
#0 0x87b713 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31754
#1 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#2 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#3 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#4 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#5 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#6 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#7 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#8 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#9 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#10 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#11 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#12 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#13 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#14 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#15 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#16 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#17 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#18 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#19 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#20 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#21 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#22 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#23 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#24 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#25 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#26 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#27 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#28 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#29 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#30 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#31 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#32 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#33 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#34 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#35 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#36 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#37 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#38 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#39 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#40 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#41 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#42 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#43 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#44 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#45 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#46 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#47 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#48 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#49 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#50 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#51 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#52 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#53 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#54 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#55 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#56 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#57 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#58 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#59 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#60 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#61 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#62 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#63 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#64 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#65 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#66 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#67 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#68 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#69 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#70 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#71 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#72 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#73 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#74 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#75 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#76 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#77 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#78 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#79 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#80 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#81 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#82 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#83 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#84 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#85 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#86 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#87 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#88 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#89 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#90 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#91 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#92 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#93 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#94 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#95 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#96 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#97 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#98 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#99 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#100 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#101 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#102 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#103 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#104 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#105 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#106 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#107 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#108 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#109 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#110 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#111 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#112 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#113 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#114 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#115 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#116 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#117 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#118 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#119 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#120 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#121 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#122 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#123 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#124 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#125 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#126 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#127 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#128 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#129 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#130 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#131 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#132 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#133 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#134 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#135 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#136 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#137 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#138 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#139 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#140 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#141 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#142 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#143 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#144 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#145 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#146 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#147 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#148 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#149 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#150 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#151 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#152 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#153 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#154 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#155 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#156 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#157 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#158 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#159 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#160 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#161 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#162 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#163 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#164 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#165 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#166 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#167 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#168 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#169 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#170 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#171 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#172 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#173 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#174 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#175 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#176 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#177 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#178 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#179 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#180 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#181 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#182 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#183 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#184 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#185 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#186 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#187 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#188 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#189 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#190 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#191 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#192 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#193 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#194 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#195 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#196 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#197 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#198 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#199 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#200 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#201 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#202 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#203 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#204 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#205 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#206 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#207 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#208 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#209 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#210 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#211 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#212 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#213 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#214 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#215 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#216 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#217 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#218 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#219 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#220 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#221 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#222 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#223 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#224 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#225 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#226 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#227 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#228 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#229 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#230 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#231 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#232 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#233 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#234 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#235 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#236 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#237 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#238 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#239 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#240 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#241 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#242 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#243 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#244 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#245 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#246 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#247 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#248 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#249 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#250 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835
#251 0x87bd24 in compute_stack_size_rec /home/keven/Fuzzing/QuickJS/quickjs.c:31835

SUMMARY: AddressSanitizer: stack-overflow /home/keven/Fuzzing/QuickJS/quickjs.c:31754 compute_stack_size_rec
==107042==ABORTING

I am getting more and more into vlang and I am thinking of writing a direct wrapper for QuickJS. But I would love to keep this as small as possible but also provide the full feature set.

So my question is:

• What files do I actually need to compile on Linux, Windows and macOS?
• Is it save to concatenate all the C files into a single one - or should I keep everything as a separate entity?

The latter one is especially important as I am working with other single-file (amalgamated) libraries such as mongoose, in which it is actually save to include the C file, because it in turn includes the header file.

In V, it is possible to define what headers to include in a wrapper - so I would probably just include the entirity of QuickJS alongside the wrapper to expose just a single module, so the user doesn't have to mess with finding the right source/header files. Is this a safe practice with this library?

Thanks!

Now, quickjs is packaged in buildroot,
see details on https://git.busybox.net/buildroot/tree/package/quickjs.
The cross compilation support (with CROSS_PREFIX) works well.

Buildroot allows to build against various libc :

• glibc
• musl which doesn't support stdatomic
• uClibc-ng which doesn't support fenv

At this time, it seems that quickjs requires a glibc.

Have you plan to support others libc
or just to add the glibc dependency in the documentation ?

Build environment:

Ubuntu 16.04
gcc 5.4.0
qjs version: af1420f(git hash)
test command: ./qjs poc

POC

qjs-000196.txt

Description

Below is the ASAN outputs.

I tried many times ,but it always failed.I have studied the source code for a long time.There are too many GCC futures used in this project.Please help me.Thanks

According to https://bellard.org/quickjs/, this repository is just a mirror and there’s no proper commits history, just releases. Thus I’d like to ask, where can we find the project’s main (upstream) repository used for development?

Description

When calling Array.prototype.unshift, the execution speed of quickjs is much slower than other JavaScript engines. What caused this problem? Does this problem need to be optimized?

Version

quickjs-2020-11-08

Testcase

var foo = function(v) {
    for(var t = [], r = 0; r < 10000; r++) {
        t.unshift(1);
    }
}
var res = foo();

Execution time

quickjs: 1188ms
JerryScript: 29ms
XS: 79ms

CPU

Intel(R) Core(TM) i9-9940X CPU @ 3.30GHz

Description

Can't get opaque pointer on derived js obj

    static JSClassID base_class_id = 0;

    JSValue base_method_a(JSContext* ctx, JSValueConst this_val, int argc, JSValueConst* argv) {
         JS_GetOpaque(this_val, base_class_id); // would return NULL if deriverd object call methodA
    }

    static JSCFunctionListEntry base_class_funcs[] = {
        JS_CFUNC_DEF("methodA", 2, base_method_a),
    };

    void init() {
        /**
         * define base class
         */
        JSValue proto = JS_NewObject(ctx);
        JS_NewClassID(&base_class_id);
        JS_NewClass(JS_GetRuntime(ctx), base_class_id, &base_class_def);
        JS_SetClassProto(ctx, base_class_id, proto);
        JS_SetPropertyFunctionList(ctx, proto, base_class_funcs, countof(base_class_funcs));
    
        /**
         * define derived class
         */
        JSValue baseObj = JS_NewObjectClass(ctx, base_class_id);
        JS_NewClassID(&derived_class_id);
        JS_NewClass(JS_GetRuntime(ctx), derived_class_id, &derived_class_def);
        JS_SetClassProto(ctx, derived_class_id, baseObj);
    }

Build environment

Ubuntu 18.04
gcc version 9.3.0
QuickJS version 2021-03-27

Could you ship a license file in your official tarball so that downstream packagers can use it (for example in buildroot)?

Except for the log function, other functions do not seem to be supported. Moreover, log currently does not support styled output

QuickJS - Type "\h" for help
qjs > console.error("aaa")
TypeError: not a function
    at <eval> (<evalScript>)
qjs > console.log("%caaa","color:red;")
%caaa color:red;
undefined

Is there a possibility of support? Or only limited support, in a way similar to \033[41;37m?

Problem: given this JS input:

function main() {
const v2 = [1337,NaN,1337];
const v6 = new Int32Array(212559.11688867002);
const v7 = v6.join(v2);
const v8 = eval(v7);
}
main();

the thing crashes with "./qjs a.js"

Suggested fix:

diff --git a/quickjs.c b/quickjs.c
index efc1d54..670f758 100644
--- a/quickjs.c
+++ b/quickjs.c
@@ -31982,6 +31982,8 @@ static __exception int compute_stack_size_rec(JSContext *ctx,
     const JSOpCode *oi;
     const uint8_t *bc_buf;
 
+    if (js_check_stack_overflow(ctx->rt, 0))
+      goto stack_overflow;

None of the download links for binary releases of Linux at https://bellard.org/quickjs/ contain qjsc executable. The downloaded zip only contains qjs,run-test262 binaries.
Is any particular reason behind not including the qjsc binary in the zip? Currently, the only official way to get qjsc is by building them from source.

Anyone did the porting? Especially on Cortex-M0.

quickjs.c
line:6243

fprintf(fp, "\n" "JSObject classes\n");
            if (obj_classes[0])
                fprintf(fp, "  %5d  %2.0d %s\n", obj_classes[0], 0, "none");
            for (class_id = 1; class_id < JS_CLASS_INIT_COUNT; class_id++) {
                if (obj_classes[class_id]) {
                    char buf[ATOM_GET_STR_BUF_SIZE];
                    fprintf(fp, "  %5d  %2.0d %s\n", obj_classes[class_id], class_id,
                            JS_AtomGetStrRT(rt, buf, sizeof(buf), js_std_class_def[class_id - 1].class_name));
                }
            }

crash here JS_AtomGetStrRT(rt, buf, sizeof(buf), js_std_class_def[class_id - 1].class_name));
because of js_std_class_def's length < JS_CLASS_INIT_COUNT memory access error . trap 6

promise define in another array
>static JSClassShortDef const js_async_class_def[] = {
    { JS_ATOM_Promise, js_promise_finalizer, js_promise_mark },                      /* JS_CLASS_PROMISE */
    { JS_ATOM_PromiseResolveFunction, js_promise_resolve_function_finalizer, js_promise_resolve_function_mark }, /* JS_CLASS_PROMISE_RESOLVE_FUNCTION */
    { JS_ATOM_PromiseRejectFunction, js_promise_resolve_function_finalizer, js_promise_resolve_function_mark }, /* JS_CLASS_PROMISE_REJECT_FUNCTION */
    { JS_ATOM_AsyncFunction, js_bytecode_function_finalizer, js_bytecode_function_mark },  /* JS_CLASS_ASYNC_FUNCTION */
    { JS_ATOM_AsyncFunctionResolve, js_async_function_resolve_finalizer, js_async_function_resolve_mark }, /* JS_CLASS_ASYNC_FUNCTION_RESOLVE */
    { JS_ATOM_AsyncFunctionReject, js_async_function_resolve_finalizer, js_async_function_resolve_mark }, /* JS_CLASS_ASYNC_FUNCTION_REJECT */
    { JS_ATOM_empty_string, js_async_from_sync_iterator_finalizer, js_async_from_sync_iterator_mark }, /* JS_CLASS_ASYNC_FROM_SYNC_ITERATOR */
    { JS_ATOM_AsyncGeneratorFunction, js_bytecode_function_finalizer, js_bytecode_function_mark },  /* JS_CLASS_ASYNC_GENERATOR_FUNCTION */
    { JS_ATOM_AsyncGenerator, js_async_generator_finalizer, js_async_generator_mark },  /* JS_CLASS_ASYNC_GENERATOR */
};

fixit

                if (obj_classes[class_id] && class_id < countof(js_std_class_def)) {

Build environment:

Ubuntu 16.04
gcc 5.4.0
qjs version: af1420f(git hash)
test command: ./qjs poc

POC

qjs-000105.txt

Description

Below is the ASAN outputs.

[this is a clone of https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21422 which is now open to everyone]
Using the attached file one can try (N.B. the build must have CONFIG_ASAN=y in the Makefile for this to show)

./qjs e26867.js.TXT

==32654==ERROR: AddressSanitizer: stack-overflow on address 0x7ffee78a8d80 (pc 0x000107da7d7a bp 0x7ffee78a93b0 sp 0x7ffee78a8d80 T0)
#0 0x107da7d7a in re_parse_term+0x8a (qjs:x86_64+0x100250d7a)
#1 0x107da7444 in re_parse_disjunction+0x184 (qjs:x86_64+0x100250444)
#2 0x107da92c2 in re_parse_term+0x15d2 (qjs:x86_64+0x1002522c2)
#3 0x107da7444 in re_parse_disjunction+0x184 (qjs:x86_64+0x100250444)
#4 0x107da92c2 in re_parse_term+0x15d2 (qjs:x86_64+0x1002522c2)
#5 0x107da7444 in re_parse_disjunction+0x184 (qjs:x86_64+0x100250444)
#6 0x107da92c2 in re_parse_term+0x15d2 (qjs:x86_64+0x1002522c2)
...

e26867.js.TXT

Clang-Cl does not yet have total 128-bit arithmetic support available for MSVC backend. You are likely going to see one of these linker error if you tried to compile libbf:

E:\Git\github.com\stevefan1999-personal\quickjspp\out\build\x64-RelWithDebInfo\lld-link : error : undefined symbol: __udivti3
  >>> referenced by E:\Git\github.com\stevefan1999-personal\quickjspp\quickjs\libbf.c:1292
  >>>               lto.tmp:(mp_divnorm)
  >>> referenced by E:\Git\github.com\stevefan1999-personal\quickjspp\quickjs\libbf.c:1318
  >>>               lto.tmp:(mp_divnorm)
  >>> referenced by E:\Git\github.com\stevefan1999-personal\quickjspp\quickjs\libbf.c:1252
  >>>               lto.tmp:(mp_div1norm)
  >>> referenced by E:\Git\github.com\stevefan1999-personal\quickjspp\quickjs\libbf.c:1260
  >>>               lto.tmp:(mp_div1norm)
  >>> referenced by E:\Git\github.com\stevefan1999-personal\quickjspp\quickjs\libbf.c:1955
  >>>               lto.tmp:(mp_sqrtrem2)
  >>> referenced by E:\Git\github.com\stevefan1999-personal\quickjspp\quickjs\libbf.c:3393
  >>>               lto.tmp:(bf_integer_to_radix_rec)
  >>> referenced by E:\Git\github.com\stevefan1999-personal\quickjspp\quickjs\libbf.c:3396
  >>>               lto.tmp:(bf_integer_to_radix_rec)
  >>> referenced by E:\Git\github.com\stevefan1999-personal\quickjspp\quickjs\libbf.c:8267
  >>>               lto.tmp:(ntt_static_init)
  >>> referenced by E:\Git\github.com\stevefan1999-personal\quickjspp\quickjs\libbf.c:8277
  >>>               lto.tmp:(ntt_static_init)
  >>> referenced by E:\Git\github.com\stevefan1999-personal\quickjspp\quickjs\libbf.c:8285
  >>>               lto.tmp:(ntt_static_init)
  >>> referenced 1 more times

The bug has not been resolved for 5 years now.

To workaround the problem, you can simply patch the file to use 64-bit double limb rather than 128-bit or even not use BigNum at all.

index 6749b35..5a502ff 100644
--- a/libbf.h
+++ b/libbf.h
@@ -27,7 +27,7 @@
 #include <stddef.h>
 #include <stdint.h>

-#if defined(__x86_64__)
+#if defined(__x86_64__) && !defined(_WIN32)
 #define LIMB_LOG2_BITS 6
 #else
 #define LIMB_LOG2_BITS 5

Using 64-bit double limb is fine even on 64-bit platform, but it will probably suffer some performance loss of up to 2x due to lack of AVX/vectorization. I didn't really benchmarked it but as an educated guess I think🤷‍♂️.