[webkit-changes] [WebKit/WebKit] 59ee70: [JSC] Add Fuzzilli support to jsc

[junghoon4a]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 59ee7065d4c9870d8ad953a0b2d34a68f2c25e4e
      https://github.com/WebKit/WebKit/commit/59ee7065d4c9870d8ad953a0b2d34a68f2c25e4e
  Author: Junghoon Lee <jlee77 at apple.com>
  Date:   2023-11-17 (Fri, 17 Nov 2023)

  Changed paths:
    M Configurations/CommonBase.xcconfig
    M Configurations/Sanitizers.xcconfig
    M Source/JavaScriptCore/CMakeLists.txt
    M Source/JavaScriptCore/Configurations/JSC.xcconfig
    M Source/JavaScriptCore/Configurations/JavaScriptCore.xcconfig
    M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
    A Source/JavaScriptCore/fuzzilli/Fuzzilli.cpp
    A Source/JavaScriptCore/fuzzilli/Fuzzilli.h
    M Source/JavaScriptCore/jsc.cpp
    M Tools/Scripts/set-webkit-configuration
    M Tools/Scripts/webkitdirs.pm

  Log Message:
  -----------
  [JSC] Add Fuzzilli support to jsc
https://bugs.webkit.org/show_bug.cgi?id=264983
<rdar://118531102>

Reviewed by Yusuke Suzuki.

Based on a patch by Samuel Groß and Carl Smith:
<https://github.com/googleprojectzero/fuzzilli/blob/main/Targets/JavaScriptCore/Patches/webkit.patch>

* Configurations/CommonBase.xcconfig:
- Move support for adding -DENABLE_LIBFUZZER=1 to OTHER_CFLAGS from here
  to Sanitizers.xcconfig since LIBFUZZER support is there now.
* Configurations/Sanitizers.xcconfig:
- Add -DENABLE_LIBFUZZER=1 to OTHER_CFLAGS when ENABLE_LIBFUZZER=YES.
- Add -fsanitize-coverage=trace-pc-guard -DENABLE_FUZZILLI=1 to
  OTHER_CFLAGS when ENABLE_FUZZILLI=YES.
- Add -fsanitize-coverage=trace-pc-guard to OTHER_LDFLAGS when when
  ENABLE_FUZZILLI=YES.

* Source/JavaScriptCore/CMakeLists.txt:
- Add fuzzilli to the header search path for CMake builds.
* Source/JavaScriptCore/Configurations/JSC.xcconfig:
(JSC_USE_STATIC_LINKING):
- Set to YES only when ENABLE_FUZZILLI=YES as this is the only
  configuration where it is currently required.
* Source/JavaScriptCore/Configurations/JavaScriptCore.xcconfig:
- Disable static initializer check at link time when
  ENABLE_FUZZILLI=YES or when WK_ANY_SANITIZER_ENABLED=YES.
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
- Add fuzzilli/Fuzzilli.{cpp,h} to the jsc target in the Xcode project.

* Source/JavaScriptCore/jsc.cpp:
(GlobalObject::promiseRejectionTracker):
(JSC_DEFINE_HOST_FUNCTION):
(runWithOptions):
(printUsageStatement):
(CommandLine::parseArguments):
(runJSC):
- Make changes to support Fuzzilli.  CommandLine::m_repl is always
  defined, but only set to true when Fuzzilli support is enabled.
  This simplifies some logic that would otherwise need to use the
  ENABLE(FUZZILLI) macro.

* Source/JavaScriptCore/fuzzilli/Fuzzilli.cpp: Add.
(Fuzzilli::resetCoverageEdges):
(Fuzzilli::logFile):
(Fuzzilli::waitForCommand):
(Fuzzilli::initializeCoverage):
(Fuzzilli::readInput):
(Fuzzilli::flushReprl):
(Fuzzilli::initializeReprl):
(__sanitizer_cov_trace_pc_guard_init):
(__sanitizer_cov_trace_pc_guard):
* Source/JavaScriptCore/fuzzilli/Fuzzilli.h: Add.
- Move core Fuzzilli code to its own header and source files.

* Tools/Scripts/set-webkit-configuration:
(printCurrentSettings):
- Add support for --[no-]fuzzilli command-line switches.
- Enabling Fuzzilli support also disables libFuzzer support.
* Tools/Scripts/webkitdirs.pm:
(determineFuzzilliIsEnabled):
(fuzzilliIsEnabled):
(XcodeOptions):
- Add support for the --[no-]fuzzilli command-line switches in
  set-webkit-configuration.

Canonical link: https://commits.webkit.org/270923@main