[v8] Add functions from --expose-externalize-string to environment

and skip their prototypes in FuzzilliDetectMissingBuiltins.

Bug: 487347678
Change-Id: Ib74c990924c2b194f486c14c8578148240b9a1f5
Reviewed-on: https://chrome-internal-review.googlesource.com/c/v8/fuzzilli/+/9064302
Auto-Submit: Matthias Liedtke <mliedtke@google.com>
Reviewed-by: Michael Achenbach <machenbach@google.com>
Commit-Queue: Michael Achenbach <machenbach@google.com>

Author: Liedtke

Sources/Fuzzilli/Profiles/V8Profile.swift

@@ -98,6 +98,11 @@ public let v8Profile = Profile(
         "gc"    : .function([.opt(gcOptions.instanceType)] => (.undefined | .jsPromise)),
         "d8"    : .jsD8,
         "Worker": .constructor([.jsAnything, .object()] => .object(withMethods: ["postMessage","getMessage"])),
+        // via --expose-externalize-string:
+        "externalizeString": .function([.plain(.jsString)] => .jsString),
+        "isOneByteString": .function([.plain(.jsString)] => .boolean),
+        "createExternalizableString": .function([.plain(.jsString)] => .jsString),
+        "createExternalizableTwoByteString": .function([.plain(.jsString)] => .jsString),
     ],
 
     additionalObjectGroups: [jsD8, jsD8Test, jsD8FastCAPI, gcOptions],

Sources/FuzzilliDetectMissingBuiltins/main.swift

@@ -20,6 +20,10 @@ let exclusionList : [String: [String]] = [
     // TODO(mliedtke): https://crbug.com/488072252.
     "Realm",
   ]
+  // These functions are exposed via --expose-externalize-string for testing purposes. The functions
+  // should be registered but their prototype objects do not matter.
+  + ["externalizeString", "isOneByteString", "createExternalizableString",
+     "createExternalizableTwoByteString"].map {"\($0).prototype"}
 ]
 
 // Disable most logging. The JavaScriptEnvironment prints warning when trying to fetch types for