Bug 1829050 - Enable STL wrapping (and thus infallible new) for wasm-sandboxed code. r=firefox-build-system-reviewers,shravanrn,andi

Differential Revision: https://phabricator.services.mozilla.com/D175981

config/external/rlbox_wasm2c_sandbox/rlbox_wasm2c_thread_locals.cpp

@@ -8,6 +8,8 @@
 // For MOZ_CRASH_UNSAFE_PRINTF
 #  include "mozilla/Assertions.h"
 
+#  include "mozilla/mozalloc_oom.h"
+
 // Load general firefox configuration of RLBox
 #  include "mozilla/rlbox/rlbox_config.h"
 #  include "mozilla/rlbox/rlbox_wasm2c_tls.hpp"
@@ -34,6 +36,13 @@ void moz_wasm2c_memgrow_failed() {
   CrashReporter::AnnotateCrashReport(
       CrashReporter::Annotation::WasmLibrarySandboxMallocFailed, true);
 }
+
+// This function is called when mozalloc_handle_oom is called from within
+// the sandbox. We redirect to that function, ignoring the ctx argument, which
+// is the sandbox itself.
+void w2c_env_mozalloc_handle_oom(void* ctx, uint32_t size) {
+  mozalloc_handle_oom(size);
+}
 }
 
 #endif

memory/mozalloc/mozalloc.cpp

@@ -103,11 +103,12 @@ void* moz_xmemdup(const void* ptr, size_t size) {
   return newPtr;
 }
 
-#ifndef HAVE_MEMALIGN
+#ifndef __wasm__
+#  ifndef HAVE_MEMALIGN
 // We always have a definition of memalign, but system headers don't
 // necessarily come with a declaration.
 extern "C" void* memalign(size_t, size_t);
-#endif
+#  endif
 
 void* moz_xmemalign(size_t boundary, size_t size) {
   void* ptr = memalign_impl(boundary, size);
@@ -118,6 +119,7 @@ void* moz_xmemalign(size_t boundary, size_t size) {
   // non-NULL ptr or errno == EINVAL
   return ptr;
 }
+#endif
 
 size_t moz_malloc_usable_size(void* ptr) {
   if (!ptr) return 0;

memory/mozalloc/mozalloc_oom.h

@@ -14,7 +14,12 @@
  * Called when memory is critically low.  Returns iff it was able to
  * remedy the critical memory situation; if not, it will abort().
  */
-MFBT_API void mozalloc_handle_oom(size_t requestedSize);
+#ifdef __wasm__
+__attribute__((import_module("env")))
+__attribute__((import_name("mozalloc_handle_oom")))
+#endif
+MFBT_API void
+mozalloc_handle_oom(size_t requestedSize);
 
 extern MFBT_DATA size_t gOOMAllocationSize;
 

memory/mozalloc/throw_gcc.h

@@ -8,39 +8,41 @@
 #ifndef mozilla_throw_gcc_h
 #define mozilla_throw_gcc_h
 
-#include "mozilla/Attributes.h"
+#ifndef __wasm__
 
-#include <stdio.h>   // snprintf
+#  include "mozilla/Attributes.h"
-#include <string.h>  // strerror
+
+#  include <stdio.h>   // snprintf
+#  include <string.h>  // strerror
 
 // For gcc, we define these inline to abort so that we're absolutely
 // certain that (i) no exceptions are thrown from Gecko; (ii) these
 // errors are always terminal and caught by breakpad.
 
-#include "mozilla/mozalloc_abort.h"
+#  include "mozilla/mozalloc_abort.h"
 
 // libc++ 4.0.0 and higher use C++11 [[noreturn]] attributes for the functions
 // below, and since clang does not allow mixing __attribute__((noreturn)) and
 // [[noreturn]], we have to explicitly use the latter here.  See bug 1329520.
-#if defined(__clang__)
+#  if defined(__clang__)
-#  if __has_feature(cxx_attributes) && defined(_LIBCPP_VERSION) && \
+#    if __has_feature(cxx_attributes) && defined(_LIBCPP_VERSION) && \
-      _LIBCPP_VERSION >= 4000
+        _LIBCPP_VERSION >= 4000
-#    define MOZ_THROW_NORETURN [[noreturn]]
+#      define MOZ_THROW_NORETURN [[noreturn]]
+#    endif
+#  endif
+#  ifndef MOZ_THROW_NORETURN
+#    define MOZ_THROW_NORETURN MOZ_NORETURN
 #  endif
-#endif
-#ifndef MOZ_THROW_NORETURN
-#  define MOZ_THROW_NORETURN MOZ_NORETURN
-#endif
 
 // MinGW doesn't appropriately inline these functions in debug builds,
 // so we need to do some extra coercion for it to do so. Bug 1332747
-#ifdef __MINGW32__
+#  ifdef __MINGW32__
-#  define MOZ_THROW_INLINE MOZ_ALWAYS_INLINE_EVEN_DEBUG
+#    define MOZ_THROW_INLINE MOZ_ALWAYS_INLINE_EVEN_DEBUG
-#  define MOZ_THROW_EXPORT
+#    define MOZ_THROW_EXPORT
-#else
+#  else
-#  define MOZ_THROW_INLINE MOZ_ALWAYS_INLINE
+#    define MOZ_THROW_INLINE MOZ_ALWAYS_INLINE
-#  define MOZ_THROW_EXPORT MOZ_EXPORT
+#    define MOZ_THROW_EXPORT MOZ_EXPORT
-#endif
+#  endif
 
 namespace std {
 
@@ -142,7 +144,9 @@ MOZ_THROW_NORETURN MOZ_EXPORT MOZ_ALWAYS_INLINE void __throw_regex_error(
 
 }  // namespace std
 
-#undef MOZ_THROW_NORETURN
+#  undef MOZ_THROW_NORETURN
-#undef MOZ_THROW_INLINE
+#  undef MOZ_THROW_INLINE
+
+#endif
 
 #endif  // mozilla_throw_gcc_h

python/mozbuild/mozbuild/frontend/context.py

@@ -767,6 +767,7 @@ class WasmFlags(TargetCompileFlags):
                 context.config.substs.get("MOZ_FILE_PREFIX_MAP_FLAGS"),
                 ("WASM_CFLAGS", "WASM_CXXFLAGS"),
             ),
+            ("STL", context.config.substs.get("STL_FLAGS"), ("WASM_CXXFLAGS",)),
         )
 
         TargetCompileFlags.__init__(self, context)

security/rlbox/moz.build

@@ -5,6 +5,7 @@
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 WASM_SOURCES += [
+    "/memory/mozalloc/mozalloc.cpp",
     "/third_party/rlbox_wasm2c_sandbox/c_src/wasm2c_sandbox_wrapper.c",
 ]
 
@@ -47,6 +48,8 @@ AllowCompilerWarnings()
 WASM_DEFINES["MOZILLA_CLIENT"] = True
 WASM_DEFINES["_WASI_EMULATED_PROCESS_CLOCKS"] = True
 WASM_DEFINES["MOZ_IN_WASM_SANDBOX"] = True
+if CONFIG["ENABLE_CLANG_PLUGIN"]:
+    WASM_DEFINES["MOZ_CLANG_PLUGIN"] = True
 
 SANDBOXED_WASM_LIBRARY_NAME = "rlbox.wasm"