Updated JSC and Spidermonkey patches and buildfiles

googleprojectzero · Jul 20, 2020 · 8f5916f · 8f5916f
1 parent 1ff8d38
commit 8f5916f
Show file tree

Hide file tree

Showing 8 changed files with 27 additions and 34 deletions.
diff --git a/Cloud/Docker/JSCBuilder/Dockerfile b/Cloud/Docker/JSCBuilder/Dockerfile
@@ -4,7 +4,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 ENV SHELL=bash
 
 RUN apt-get -y update && apt-get -y upgrade
-RUN apt-get install -y git cmake clang ruby libicu-dev
+RUN apt-get install -y git cmake clang-10 ruby libicu-dev
 
 RUN useradd -m builder
 

diff --git a/Cloud/Docker/SpidermonkeyBuilder/Dockerfile b/Cloud/Docker/SpidermonkeyBuilder/Dockerfile
@@ -4,7 +4,7 @@ ENV DEBIAN_FRONTEND=noninteractive
 ENV SHELL=bash
 
 RUN apt-get -y update && apt-get -y upgrade
-RUN apt-get install -y git python3 python3-virtualenv clang
+RUN apt-get install -y git python3 python3-virtualenv clang-10
 
 RUN useradd -m builder
 

diff --git a/Targets/JavaScriptCore/Patches/webkit.patch b/Targets/JavaScriptCore/Patches/webkit.patch
@@ -1,5 +1,5 @@
 diff --git a/Source/JavaScriptCore/jsc.cpp b/Source/JavaScriptCore/jsc.cpp
-index 4eb5f412e2ea..cb4596aa521e 100644
+index 2e0d0a30df5f..36cc3b7457f9 100644
 --- a/Source/JavaScriptCore/jsc.cpp
 +++ b/Source/JavaScriptCore/jsc.cpp
 @@ -150,7 +150,96 @@ struct MemoryFootprint {
@@ -134,7 +134,7 @@ index 4eb5f412e2ea..cb4596aa521e 100644
          addFunction(vm, "setUnhandledRejectionCallback", functionSetUnhandledRejectionCallback, 1);
 
          addFunction(vm, "asDoubleNumber", functionAsDoubleNumber, 1);
-@@ -1248,6 +1342,54 @@ fail:
+@@ -1195,6 +1289,54 @@ fail:
 
  EncodedJSValue JSC_HOST_CALL functionPrintStdOut(JSGlobalObject* globalObject, CallFrame* callFrame) { return printInternal(globalObject, callFrame, stdout); }
  EncodedJSValue JSC_HOST_CALL functionPrintStdErr(JSGlobalObject* globalObject, CallFrame* callFrame) { return printInternal(globalObject, callFrame, stderr); }
@@ -189,7 +189,7 @@ index 4eb5f412e2ea..cb4596aa521e 100644
 
  EncodedJSValue JSC_HOST_CALL functionDebug(JSGlobalObject* globalObject, CallFrame* callFrame)
  {
-@@ -2786,7 +2928,15 @@ static void runWithOptions(GlobalObject* globalObject, CommandLine& options, boo
+@@ -2758,7 +2900,15 @@ static void runWithOptions(GlobalObject* globalObject, CommandLine& options, boo
      for (size_t i = 0; i < scripts.size(); i++) {
          JSInternalPromise* promise = nullptr;
          bool isModule = options.m_module || scripts[i].scriptType == Script::ScriptType::Module;
@@ -206,15 +206,15 @@ index 4eb5f412e2ea..cb4596aa521e 100644
              fileName = scripts[i].argument;
              if (scripts[i].strictMode == Script::StrictMode::Strict)
                  scriptBuffer.append("\"use strict\";\n", strlen("\"use strict\";\n"));
-@@ -2935,6 +3085,7 @@ static NO_RETURN void printUsageStatement(bool help = false)
+@@ -2910,6 +3060,7 @@ static NO_RETURN void printUsageStatement(bool help = false)
      fprintf(stderr, "  -f         Specifies a source file (deprecated)\n");
      fprintf(stderr, "  -h|--help  Prints this help message\n");
      fprintf(stderr, "  -i         Enables interactive mode (default if no files are specified)\n");
 +    fprintf(stderr, "  --reprl    Enables REPRL mode (used by the Fuzzilli fuzzer)\n");
      fprintf(stderr, "  -m         Execute as a module\n");
  #if OS(UNIX)
      fprintf(stderr, "  -s         Installs signal handlers that exit on a crash (Unix platforms only, lldb will not work with this option) \n");
-@@ -3013,6 +3164,11 @@ void CommandLine::parseArguments(int argc, char** argv)
+@@ -2988,6 +3139,11 @@ void CommandLine::parseArguments(int argc, char** argv)
              m_interactive = true;
              continue;
          }
@@ -226,7 +226,7 @@ index 4eb5f412e2ea..cb4596aa521e 100644
          if (!strcmp(arg, "-d")) {
              m_dump = true;
              continue;
-@@ -3187,7 +3343,37 @@ int runJSC(const CommandLine& options, bool isWorker, const Func& func)
+@@ -3162,7 +3318,37 @@ int runJSC(const CommandLine& options, bool isWorker, const Func& func)
  #endif
 
      int result;
@@ -265,7 +265,7 @@ index 4eb5f412e2ea..cb4596aa521e 100644
      GlobalObject* globalObject = nullptr;
      {
          JSLockHolder locker(vm);
-@@ -3204,68 +3390,27 @@ int runJSC(const CommandLine& options, bool isWorker, const Func& func)
+@@ -3179,68 +3365,27 @@ int runJSC(const CommandLine& options, bool isWorker, const Func& func)
      vm.promiseTimer->runRunLoop();
      {
          JSLockHolder locker(vm);

diff --git a/Targets/JavaScriptCore/REVISION b/Targets/JavaScriptCore/REVISION
@@ -1 +1 @@
-899e17cffc860913dde04063bfadc3cbc1fbc535
+0bd996a2c1f84c40a4d8b07d396f9d90ef7f8cbd
diff --git a/Targets/JavaScriptCore/fuzzbuild.sh b/Targets/JavaScriptCore/fuzzbuild.sh
@@ -19,8 +19,7 @@ export WEBKIT_OUTPUTDIR=FuzzBuild
 if [ "$(uname)" == "Darwin" ]; then
     ./Tools/Scripts/build-jsc --jsc-only --debug --cmakeargs="-DENABLE_STATIC_JSC=ON -DCMAKE_CXX_FLAGS='-fsanitize-coverage=trace-pc-guard -O3'"
 elif [ "$(uname)" == "Linux" ]; then
-    # Note: requires clang >= 4.0!
-    ./Tools/Scripts/build-jsc --jsc-only --debug --cmakeargs="-DENABLE_STATIC_JSC=ON -DCMAKE_C_COMPILER='/usr/bin/clang' -DCMAKE_CXX_COMPILER='/usr/bin/clang++' -DCMAKE_CXX_FLAGS='-fsanitize-coverage=trace-pc-guard -O3 -lrt'"
+    ./Tools/Scripts/build-jsc --jsc-only --debug --cmakeargs="-DENABLE_STATIC_JSC=ON -DCMAKE_C_COMPILER='/usr/bin/clang-10' -DCMAKE_CXX_COMPILER='/usr/bin/clang++-10' -DCMAKE_CXX_FLAGS='-fsanitize-coverage=trace-pc-guard -O3 -lrt'"
 else
     echo "Unsupported operating system"
 fi
diff --git a/Targets/Spidermonkey/Patches/firefox.patch b/Targets/Spidermonkey/Patches/firefox.patch
@@ -1,8 +1,8 @@
 diff --git a/js/src/shell/js.cpp b/js/src/shell/js.cpp
-index ce0509b313ab..cc8388155285 100644
+index 24b2d7c44886..0594197a17bd 100644
 --- a/js/src/shell/js.cpp
 +++ b/js/src/shell/js.cpp
-@@ -185,6 +185,89 @@ using mozilla::TimeStamp;
+@@ -184,6 +184,89 @@ using mozilla::TimeStamp;
  using mozilla::Utf8Unit;
  using mozilla::Variant;
 
@@ -92,7 +92,7 @@ index ce0509b313ab..cc8388155285 100644
  enum JSShellExitCode {
    EXITCODE_RUNTIME_ERROR = 3,
    EXITCODE_FILE_NOT_FOUND = 4,
-@@ -3727,6 +3810,64 @@ static bool Intern(JSContext* cx, unsigned argc, Value* vp) {
+@@ -3685,6 +3768,64 @@ static bool Intern(JSContext* cx, unsigned argc, Value* vp) {
    return true;
  }
 
@@ -157,7 +157,7 @@ index ce0509b313ab..cc8388155285 100644
  static bool Crash(JSContext* cx, unsigned argc, Value* vp) {
    CallArgs args = CallArgsFromVp(argc, vp);
    if (args.length() == 0) {
-@@ -9360,6 +9501,10 @@ JS_FN_HELP("parseBin", BinParse, 1, 0,
+@@ -8952,6 +9093,10 @@ JS_FN_HELP("rateMyCacheIR", RateMyCacheIR, 0, 0,
  " Returns the approximate processor time used by the process since an arbitrary epoch, in seconds.\n"
  " Only the difference between two calls to `cpuNow()` is meaningful."),
 
@@ -168,9 +168,9 @@ index ce0509b313ab..cc8388155285 100644
      JS_FS_HELP_END
  };
  // clang-format on
-@@ -10336,6 +10481,57 @@ static MOZ_MUST_USE bool ProcessArgs(JSContext* cx, OptionParser* op) {
-   }
- #endif  // JS_BUILD_BINAST
+@@ -9914,6 +10059,57 @@ static MOZ_MUST_USE bool ProcessArgs(JSContext* cx, OptionParser* op) {
+   MultiStringRange codeChunks = op->getMultiStringOption('e');
+   MultiStringRange modulePaths = op->getMultiStringOption('m');
 
 +  // Check for REPRL file source
 +  if (op->getBoolOption("reprl")) {
@@ -224,9 +224,9 @@ index ce0509b313ab..cc8388155285 100644
 +  }
 +
    if (filePaths.empty() && utf16FilePaths.empty() && codeChunks.empty() &&
-       modulePaths.empty() && binASTPaths.empty() &&
-       !op->getStringArg("script")) {
-@@ -11090,6 +11286,27 @@ static int Shell(JSContext* cx, OptionParser* op, char** envp) {
+       modulePaths.empty() && !op->getStringArg("script")) {
+     // Always use the interactive shell when -i is used. Without -i we let
+@@ -10653,6 +10849,27 @@ static int Shell(JSContext* cx, OptionParser* op, char** envp) {
      defaultToSameCompartment = false;
    }
 
@@ -254,7 +254,7 @@ index ce0509b313ab..cc8388155285 100644
    JS::RealmOptions options;
    SetStandardRealmOptions(options);
    RootedObject glob(
-@@ -11107,7 +11324,8 @@ static int Shell(JSContext* cx, OptionParser* op, char** envp) {
+@@ -10670,7 +10887,8 @@ static int Shell(JSContext* cx, OptionParser* op, char** envp) {
  #endif
 
    ShellContext* sc = GetShellContext(cx);
@@ -264,7 +264,7 @@ index ce0509b313ab..cc8388155285 100644
    {
      AutoReportException are(cx);
      if (!ProcessArgs(cx, op) && !sc->quitting) {
-@@ -11135,6 +11353,18 @@ static int Shell(JSContext* cx, OptionParser* op, char** envp) {
+@@ -10698,6 +10916,18 @@ static int Shell(JSContext* cx, OptionParser* op, char** envp) {
      result = sc->exitCode;
    }
 
@@ -283,7 +283,7 @@ index ce0509b313ab..cc8388155285 100644
    if (enableDisassemblyDumps) {
      AutoReportException are(cx);
      if (!js::DumpRealmPCCounts(cx)) {
-@@ -11579,7 +11809,9 @@ int main(int argc, char** argv, char** envp) {
+@@ -11150,7 +11380,9 @@ int main(int argc, char** argv, char** envp) {
  #endif
        !op.addBoolOption('\0', "wasm-compile-and-serialize",
                          "Compile the wasm bytecode from stdin and serialize "

diff --git a/Targets/Spidermonkey/REVISION b/Targets/Spidermonkey/REVISION
@@ -1 +1 @@
-9c0f970552f0053daa211a4a04cb2104e5ed39f1
+b0b9a514d92a9550966273df8fb487db922e7ae3
diff --git a/Targets/Spidermonkey/fuzzbuild.sh b/Targets/Spidermonkey/fuzzbuild.sh
@@ -18,15 +18,9 @@ autoconf2.13
 
 FLAGS="-fsanitize-coverage=trace-pc-guard -g -DJS_MORE_DETERMINISTIC"
 
-export CFLAGS=$FLAGS
 export CXXFLAGS=$FLAGS
-export LDFLAGS=$FLAGS
-export MOZ_CARGO_WRAP_LDFLAGS=$FLAGS
-
-export CC=clang
-export CXX=clang++
-
-export MOZ_LLVM_HACKS=1
+export CC=clang-10
+export CXX=clang++-10
 
 mkdir -p fuzzbuild_OPT.OBJ
 cd fuzzbuild_OPT.OBJ