fuzz-js

[bakkot]

async is, alas, a legal identifier in JS, which means all of the following are valid programs:

async(...null)

null?async():null

switch(null){case async():}

But they're all rejected by the parser (or at least the version of it on Cargo).

I found these with a fuzzer; if you'd like me not to file bugs found by a fuzzer, let me know.

[Boshen]

Thank you for fuzzing oxc! I did a basic triage and found the parser cannot distinguish whether these are async functions or not. I'll try and get a fix soon.

[Boshen]

@bakkot I published the latest fixes

oxc_ast = "0.0.4"
oxc_parser = "0.0.4"

[Boshen]

I couldn't try fuzz-js due to unpublished version of shift-shrink@2.0.0

[bakkot]

That does seem to have fixed the async issues! Now the fuzzer gets further and has encountered another class of failures:

for(var[l=null in null]in null);

for(new null(null in null);;);

for(`${null in null}`;;);

for(new null(null in null)._ in null);

I couldn't try fuzz-js due to unpublished version of shift-shrink@2.0.0

Lol, whoops, I'll get that published later today.

[Boshen]

@bakkot I published the latest fixes

oxc_ast = "0.0.5"
oxc_parser = "0.0.5"

Still waiting for shift-shrink@2.0.0 😁

[bakkot]

Sorry for the delay; there's some stuff blocking. I'll ping you when I get it actually released.

[bakkot]

Well, that took an embarrassingly long time, but shift-shrink 2.0.0 is now published.

[Boshen]

@bakkot Thank you, it's running locally.

[Boshen]

I got it working https://github.com/Boshen/oxc-fuzz-parser