DetectMissingBuiltins: Filter out inaccessible builtins

There is a large amount of properties on prototype objects that can only
be called on a proper instance, e.g. trying to access
> DisposableStack.prototype.disposed
will throw an error as DisposableStack.prototype is not the expected
receiver type (unlike new DisposableStack().disposed).
While the property exists on the prototype, it should not be registered
as the fuzzer can't really do anything useful with something that always
throws.

Bug: 487347678
Change-Id: Ie8b2e5d30caa819f512d6791afb1a22d11761c7f
Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9058839
Reviewed-by: Danylo Mocherniuk <mdanylo@google.com>
Commit-Queue: Matthias Liedtke <mliedtke@google.com>

Author: Liedtke

Sources/FuzzilliDetectMissingBuiltins/main.swift

@@ -149,6 +149,7 @@ do {
 
 var visited = Set<Int>()
 var missingBuiltins = [String]()
+var potentiallyBroken = [String]()
 
 func checkNode(_ nodeId: Int, path: [String]) {
     if visited.contains(nodeId) { return }
@@ -195,8 +196,15 @@ func checkNode(_ nodeId: Int, path: [String]) {
             isRegistered = jsEnvironment.hasBuiltin(prop)
         }
 
-        if !isRegistered {
+        // Some properties exist but aren't "accessible", e.g. a lot of getters exist on the
+        // prototype but they can only be called on a receiver, e.g.
+        // DisposableStack.prototype.disposed.
+        let isAccessible = graph[childId]?.type != "error"
+
+        if !isRegistered && isAccessible {
             missingBuiltins.append(pathString)
+        } else if isRegistered && !isAccessible {
+            potentiallyBroken.append(pathString)
         }
 
         checkNode(childId, path: newPath)
@@ -205,3 +213,7 @@ func checkNode(_ nodeId: Int, path: [String]) {
 
 checkNode(0, path: [])
 print(missingBuiltins.sorted().joined(separator: "\n"))
+if !potentiallyBroken.isEmpty {
+    print("\nPotentially inaccessible but registered builtins: ")
+    print(potentiallyBroken.sorted().joined(separator: "\n"))
+}