From f2a0de9c7cffb13cdd0e34c6619d9d1830be11a9 Mon Sep 17 00:00:00 2001
From: Sandor Molnar <smolnar@mozilla.com>
Date: Mon, 27 Nov 2023 20:31:27 +0200
Subject: [PATCH] Backed out 5 changesets (bug 1866429, bug 1866421, bug
 1865046, bug 1866462, bug 1866465) for causing build bustage at
 tools/fuzzing/ipc/IPCFuzzController.cpp CLOSED TREE

Backed out changeset a021bb2b97e1 (bug 1866465)
Backed out changeset cd89e550b68e (bug 1866462)
Backed out changeset acbaa77e7a0e (bug 1866429)
Backed out changeset 9c015650767e (bug 1866421)
Backed out changeset 1dc2d02c0432 (bug 1865046)
---
 tools/fuzzing/ipc/IPCFuzzController.cpp | 87 ++++++++-------------------------
 tools/fuzzing/nyx/Nyx.cpp               |  9 ++--
 2 files changed, 23 insertions(+), 73 deletions(-)

diff --git a/tools/fuzzing/ipc/IPCFuzzController.cpp b/tools/fuzzing/ipc/IPCFuzzController.cpp
index 155a3427ebe0..3ec51280500e 100644
--- a/tools/fuzzing/ipc/IPCFuzzController.cpp
+++ b/tools/fuzzing/ipc/IPCFuzzController.cpp
@@ -298,7 +298,7 @@ bool IPCFuzzController::ObserveIPCMessage(mozilla::ipc::NodeChannel* channel,
       channel->mBlockSendRecv = true;
     }
     return true;
-  } else if (aMessage.type() == mIPCTriggerMsg && !Nyx::instance().started()) {
+  } else if (aMessage.type() == mIPCTriggerMsg) {
     MOZ_FUZZING_NYX_PRINT("DEBUG: Ready message detected.\n");
 
     if (!haveTargetNodeName && !!getenv("MOZ_FUZZ_PROTOID_FILTER")) {
@@ -332,19 +332,22 @@ bool IPCFuzzController::ObserveIPCMessage(mozilla::ipc::NodeChannel* channel,
 
     // The ready message indicates the right node name for us to work with
     // and we should only ever receive it once.
-    if (!haveTargetNodeName) {
-      targetNodeName = channel->GetName();
-      haveTargetNodeName = true;
-
-      // We can also use this message as the base template for other messages
-      if (!this->sampleHeader.initLengthUninitialized(
-              sizeof(IPC::Message::Header))) {
-        MOZ_FUZZING_NYX_ABORT("sampleHeader.initLengthUninitialized failed\n");
-      }
+    if (haveTargetNodeName) {
+      MOZ_FUZZING_NYX_PRINT("ERROR: Received ready signal twice?!\n");
+      return false;
+    }
 
-      memcpy(sampleHeader.begin(), aMessage.header(),
-             sizeof(IPC::Message::Header));
+    targetNodeName = channel->GetName();
+    haveTargetNodeName = true;
+
+    // We can also use this message as the base template for other messages
+    if (!this->sampleHeader.initLengthUninitialized(
+            sizeof(IPC::Message::Header))) {
+      MOZ_FUZZING_NYX_ABORT("sampleHeader.initLengthUninitialized failed\n");
     }
+
+    memcpy(sampleHeader.begin(), aMessage.header(),
+           sizeof(IPC::Message::Header));
   } else if (haveTargetNodeName && targetNodeName != channel->GetName()) {
     // Not our node, no need to observe
     return true;
@@ -584,12 +587,7 @@ bool IPCFuzzController::MakeTargetDecision(
   } else if (isPreserveHeader) {
     // In preserveHeaderMode, we need to find an actor that matches the
     // requested message type instead of any random actor.
-    uint16_t maybeProtocolId = *type >> 16;
-    if (maybeProtocolId >= IPCMessageStart::LastMsgIndex) {
-      // Not a valid protocol.
-      return false;
-    }
-    ProtocolId wantedProtocolId = static_cast<ProtocolId>(maybeProtocolId);
+    ProtocolId wantedProtocolId = static_cast<ProtocolId>(*type >> 16);
     std::vector<uint32_t> allowedIndices;
     for (uint32_t i = 0; i < actors.size(); ++i) {
       if (actors[i].second == wantedProtocolId) {
@@ -1001,48 +999,7 @@ NS_IMETHODIMP IPCFuzzController::IPCFuzzLoop::Run() {
         [msg = std::move(msg),
          nodeChannel =
              RefPtr{IPCFuzzController::instance().nodeChannel}]() mutable {
-          int32_t msgType = msg->header()->type;
-
-          // By default, we sync on the target thread of the receiving actor.
-          bool syncOnIOThread = false;
-
-          switch (msgType) {
-            case DATA_PIPE_CLOSED_MESSAGE_TYPE:
-            case DATA_PIPE_BYTES_CONSUMED_MESSAGE_TYPE:
-            case ACCEPT_INVITE_MESSAGE_TYPE:
-            case REQUEST_INTRODUCTION_MESSAGE_TYPE:
-            case INTRODUCE_MESSAGE_TYPE:
-            case BROADCAST_MESSAGE_TYPE:
-              // This set of special messages will not be routed to actors and
-              // therefore we won't see these as stopped messages later. These
-              // messages are either used by NodeChannel, DataPipe or
-              // MessageChannel without creating MessageTasks. As such, the best
-              // we can do is synchronize on this thread. We do this by
-              // emulating the MessageTaskStart/Stop behavior that normal event
-              // messages have.
-              syncOnIOThread = true;
-            default:
-              // Synchronization will happen in MessageChannel. Note that this
-              // also applies to certain special message types, as long as they
-              // are received by actors and not intercepted earlier.
-              break;
-          }
-
-          if (syncOnIOThread) {
-            mozilla::fuzzing::IPCFuzzController::instance()
-                .OnMessageTaskStart();
-          }
-
           nodeChannel->OnMessageReceived(std::move(msg));
-
-          if (syncOnIOThread) {
-            mozilla::fuzzing::IPCFuzzController::instance().OnMessageTaskStop();
-
-            // Don't continue for now after sending such a special message.
-            // It can cause ports to go away and further messages can time out.
-            Nyx::instance().release(
-                IPCFuzzController::instance().getMessageStopCount());
-          }
         }));
 #endif
 
@@ -1126,10 +1083,6 @@ void IPCFuzzController::SynchronizeOnMessageExecution(
 
 static void dumpIPCMessageToFile(const UniquePtr<IPC::Message>& aMsg,
                                  uint32_t aDumpCount, bool aUseNyx = false) {
-  if (Nyx::instance().is_replay()) {
-    return;
-  }
-
   std::stringstream dumpFilename;
   std::string msgName(IPC::StringFromIPCMessageType(aMsg->type()));
   std::replace(msgName.begin(), msgName.end(), ':', '_');
@@ -1234,6 +1187,10 @@ UniquePtr<IPC::Message> IPCFuzzController::replaceIPCMessage(
 
   char* ipcMsgData = buffer.begin();
 
+  // Copy the header of the original message
+  memcpy(ipcMsgData, aMsg->header(), sizeof(IPC::Message::Header));
+  IPC::Message::Header* ipchdr = (IPC::Message::Header*)ipcMsgData;
+
   //                        //
   // *** Snapshot Point *** //
   //                        //
@@ -1269,10 +1226,6 @@ UniquePtr<IPC::Message> IPCFuzzController::replaceIPCMessage(
 
   buffer.shrinkTo(bufsize);
 
-  // Copy the header of the original message
-  memcpy(ipcMsgData, aMsg->header(), sizeof(IPC::Message::Header));
-  IPC::Message::Header* ipchdr = (IPC::Message::Header*)ipcMsgData;
-
   size_t ipcMsgLen = buffer.length();
   ipchdr->payload_size = ipcMsgLen - sizeof(IPC::Message::Header);
 
diff --git a/tools/fuzzing/nyx/Nyx.cpp b/tools/fuzzing/nyx/Nyx.cpp
index 3fbb520b11eb..5ef48301e00b 100644
--- a/tools/fuzzing/nyx/Nyx.cpp
+++ b/tools/fuzzing/nyx/Nyx.cpp
@@ -19,12 +19,7 @@
 namespace mozilla {
 namespace fuzzing {
 
-Nyx::Nyx() {
-  char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE");
-  if (testFilePtr) {
-    mReplayMode = true;
-  }
-}
+Nyx::Nyx() {}
 
 // static
 Nyx& Nyx::instance() {
@@ -68,6 +63,8 @@ void Nyx::start(void) {
   // Check if we are in replay mode.
   char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE");
   if (testFilePtr) {
+    mReplayMode = true;
+
     MOZ_FUZZING_NYX_PRINT("[Replay Mode] Reading data file...\n");
 
     std::string testFile(testFilePtr);
-- 
2.11.4.GIT