[js-fuzzer] Remove logic to block runtime functions in fuzzer

The runtime-function blocking is implemented in V8 behind the
--fuzzing flag since a while now. The legacy blocklist on the fuzzer
side can be removed since some time now - it already diverted.

No-Try: true
Bug: chromium:1044942
Change-Id: I55f92419beb4d4462cbe03918dbf84d9c979862d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3124810
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#76556}

tools/clusterfuzz/js_fuzzer/exceptions.js

@@ -144,24 +144,6 @@ const DISALLOWED_DIFFERENTIAL_FUZZ_FLAGS = [
     '--validate-asm',
 ];
 
-const ALLOWED_RUNTIME_FUNCTIONS = new Set([
-    // List of allowed runtime functions. Others will be replaced with no-ops.
-    'ArrayBufferDetach',
-    'CompileBaseline',
-    'DeoptimizeFunction',
-    'DeoptimizeNow',
-    'EnableCodeLoggingForTesting',
-    'GetUndetectable',
-    'HeapObjectVerify',
-    'IsBeingInterpreted',
-    'NeverOptimizeFunction',
-    'OptimizeFunctionOnNextCall',
-    'OptimizeOsr',
-    'PrepareFunctionForOptimization',
-    'SetAllocationTimeout',
-    'SimulateNewspaceFull',
-]);
-
 const MAX_FILE_SIZE_BYTES = 128 * 1024;  // 128KB
 const MEDIUM_FILE_SIZE_BYTES = 32 * 1024;  // 32KB
 
@@ -260,13 +242,6 @@ function filterDifferentialFuzzFlags(flags) {
       flag => _doesntMatch(DISALLOWED_DIFFERENTIAL_FUZZ_FLAGS, flag));
 }
 
-function isAllowedRuntimeFunction(name) {
-  if (process.env.APP_NAME != 'd8') {
-    return false;
-  }
-
-  return ALLOWED_RUNTIME_FUNCTIONS.has(name);
-}
 
 module.exports = {
   filterDifferentialFuzzFlags: filterDifferentialFuzzFlags,
@@ -274,7 +249,6 @@ module.exports = {
   getGeneratedSoftSkipped: getGeneratedSoftSkipped,
   getGeneratedSloppy: getGeneratedSloppy,
   getSoftSkipped: getSoftSkipped,
-  isAllowedRuntimeFunction: isAllowedRuntimeFunction,
   isTestSkippedAbs: isTestSkippedAbs,
   isTestSkippedRel: isTestSkippedRel,
   isTestSoftSkippedAbs: isTestSoftSkippedAbs,

tools/clusterfuzz/js_fuzzer/source_helpers.js

@@ -323,7 +323,6 @@ function loadSource(baseDir, relPath, parseStrict=false) {
 
   removeComments(ast);
   cleanAsserts(ast);
-  neuterDisallowedV8Natives(ast);
   annotateWithOriginalPath(ast, relPath);
 
   const flags = loadFlags(data);
@@ -372,28 +371,6 @@ function cleanAsserts(ast) {
   });
 }
 
-/**
- * Filter out disallowed V8 runtime functions.
- */
-function neuterDisallowedV8Natives(ast) {
-  babelTraverse(ast, {
-    CallExpression(path) {
-      if (!babelTypes.isIdentifier(path.node.callee) ||
-          !path.node.callee.name.startsWith(V8_BUILTIN_PREFIX)) {
-        return;
-      }
-
-      const functionName = path.node.callee.name.substr(
-          V8_BUILTIN_PREFIX.length);
-
-      if (!exceptions.isAllowedRuntimeFunction(functionName)) {
-        path.replaceWith(babelTypes.callExpression(
-            babelTypes.identifier('nop'), []));
-      }
-    }
-  });
-}
-
 /**
  * Annotate code with original file path.
  */