Adds sys.Walltime and sys.Nanotime for security and determinism (#616)

This adds two clock interfaces: sys.Walltime and sys.Nanotime to allow implementations to override readings for purposes of security or determinism. The default values of both are a fake timestamp, to avoid the sandbox break we formerly had by returning the real time. This is similar to how we don't inherit OS Env values.
2022-06-04 15:14:31 +08:00
parent 94d1d31733
commit 507ce79080
43 changed files with 1102 additions and 428 deletions
--- a/sys/error_test.go
+++ b/sys/error_test.go
@@ -0,0 +1,63 @@
+package sys
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/tetratelabs/wazero/internal/testing/require"
+)
+
+type notExitError struct {
+	moduleName string
+	exitCode   uint32
+}
+
+func (e *notExitError) Error() string {
+	return "not exit error"
+}
+
+func TestIs(t *testing.T) {
+	err := NewExitError("some module", 2)
+	tests := []struct {
+		name    string
+		target  error
+		matches bool
+	}{
+		{
+			name:    "same object",
+			target:  err,
+			matches: true,
+		},
+		{
+			name:    "same content",
+			target:  NewExitError("some module", 2),
+			matches: true,
+		},
+		{
+			name:    "different module name",
+			target:  NewExitError("not some module", 2),
+			matches: false,
+		},
+		{
+			name:    "different exit code",
+			target:  NewExitError("some module", 0),
+			matches: false,
+		},
+		{
+			name: "different type",
+			target: &notExitError{
+				moduleName: "some module",
+				exitCode:   2,
+			},
+			matches: false,
+		},
+	}
+
+	for _, tt := range tests {
+		tc := tt
+		t.Run(tc.name, func(t *testing.T) {
+			matches := errors.Is(err, tc.target)
+			require.Equal(t, tc.matches, matches)
+		})
+	}
+}