Bug 1603658, Bug 1604123 - Update rlbox_lucet_sandbox to version which supports disabling static inline thread_locals and specifies explicit dependencies r=froydnj

The first bug is needed to work around mingw32's broken support of static inline thread_locals. Differential Revision: https://phabricator.services.mozilla.com/D57273
2019-12-17 18:11:47 +00:00
parent 66dd94af3f
commit d2aa57c708
10 changed files with 100 additions and 45 deletions
--- a/.cargo/config.in
+++ b/.cargo/config.in
@@ -50,12 +50,12 @@ replace-with = "vendored-sources"
 [source."https://github.com/PLSysSec/rlbox_lucet_sandbox/"]
 git = "https://github.com/PLSysSec/rlbox_lucet_sandbox/"
 replace-with = "vendored-sources"
-rev = "997c648eb0eaeaaa7a00a9eee20431f750b4e190"
+rev = "9068928a00f54db2a060704e972007b0b5247ca9"

 [source."https://github.com/PLSysSec/lucet_sandbox_compiler"]
-branch = "master"
 git = "https://github.com/PLSysSec/lucet_sandbox_compiler"
 replace-with = "vendored-sources"
+rev = "36f0e4deb5b080dfee73042fec655d3723c7a12b"

 [source."https://github.com/NikVolf/tokio-named-pipes"]
 branch = "stable"
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -689,7 +689,7 @@ source = "git+https://github.com/bytecodealliance/cranelift?rev=ec787eb281bb2e18
 [[package]]
 name = "cranelift-entity"
 version = "0.41.0"
-source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler#36f0e4deb5b080dfee73042fec655d3723c7a12b"
+source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b#36f0e4deb5b080dfee73042fec655d3723c7a12b"

 [[package]]
 name = "cranelift-entity"
@@ -1498,7 +1498,7 @@ dependencies = [
 "prefs_parser 0.0.1",
 "profiler_helper 0.1.0",
 "remote 0.1.0",
- "rlbox_lucet_sandbox 0.1.0 (git+https://github.com/PLSysSec/rlbox_lucet_sandbox/?rev=997c648eb0eaeaaa7a00a9eee20431f750b4e190)",
+ "rlbox_lucet_sandbox 0.1.0 (git+https://github.com/PLSysSec/rlbox_lucet_sandbox/?rev=9068928a00f54db2a060704e972007b0b5247ca9)",
 "rsdparsa_capi 0.1.0",
 "rustc_version 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)",
 "shift_or_euc_c 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1958,11 +1958,11 @@ dependencies = [
 [[package]]
 name = "lucet-module"
 version = "0.1.1"
-source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler#36f0e4deb5b080dfee73042fec655d3723c7a12b"
+source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b#36f0e4deb5b080dfee73042fec655d3723c7a12b"
 dependencies = [
 "bincode 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "byteorder 1.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
- "cranelift-entity 0.41.0 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)",
+ "cranelift-entity 0.41.0 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)",
 "failure 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
 "num-derive 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "num-traits 0.2.10 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1974,12 +1974,12 @@ dependencies = [
 [[package]]
 name = "lucet-runtime"
 version = "0.1.1"
-source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler#36f0e4deb5b080dfee73042fec655d3723c7a12b"
+source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b#36f0e4deb5b080dfee73042fec655d3723c7a12b"
 dependencies = [
 "cc 1.0.47 (registry+https://github.com/rust-lang/crates.io-index)",
 "libc 0.2.59 (registry+https://github.com/rust-lang/crates.io-index)",
- "lucet-module 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)",
- "lucet-runtime-internals 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)",
+ "lucet-module 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)",
+ "lucet-runtime-internals 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)",
 "num-derive 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "num-traits 0.2.10 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
@@ -1987,7 +1987,7 @@ dependencies = [
 [[package]]
 name = "lucet-runtime-internals"
 version = "0.1.1"
-source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler#36f0e4deb5b080dfee73042fec655d3723c7a12b"
+source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b#36f0e4deb5b080dfee73042fec655d3723c7a12b"
 dependencies = [
 "bincode 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "bitflags 1.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1998,7 +1998,7 @@ dependencies = [
 "lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
 "libc 0.2.59 (registry+https://github.com/rust-lang/crates.io-index)",
 "libloading 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "lucet-module 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)",
+ "lucet-module 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)",
 "memoffset 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "nix 0.13.1 (git+https://github.com/shravanrn/nix/?branch=r0.13.1)",
 "num-derive 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -2009,14 +2009,14 @@ dependencies = [
 [[package]]
 name = "lucet-wasi"
 version = "0.1.1"
-source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler#36f0e4deb5b080dfee73042fec655d3723c7a12b"
+source = "git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b#36f0e4deb5b080dfee73042fec655d3723c7a12b"
 dependencies = [
 "cast 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "failure 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
 "libc 0.2.59 (registry+https://github.com/rust-lang/crates.io-index)",
- "lucet-module 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)",
- "lucet-runtime 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)",
- "lucet-runtime-internals 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)",
+ "lucet-module 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)",
+ "lucet-runtime 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)",
+ "lucet-runtime-internals 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)",
 "nix 0.13.1 (git+https://github.com/shravanrn/nix/?branch=r0.13.1)",
 "rand 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
@@ -3273,14 +3273,14 @@ dependencies = [
 [[package]]
 name = "rlbox_lucet_sandbox"
 version = "0.1.0"
-source = "git+https://github.com/PLSysSec/rlbox_lucet_sandbox/?rev=997c648eb0eaeaaa7a00a9eee20431f750b4e190#997c648eb0eaeaaa7a00a9eee20431f750b4e190"
+source = "git+https://github.com/PLSysSec/rlbox_lucet_sandbox/?rev=9068928a00f54db2a060704e972007b0b5247ca9#9068928a00f54db2a060704e972007b0b5247ca9"
 dependencies = [
 "failure 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)",
 "goblin 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
- "lucet-module 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)",
- "lucet-runtime 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)",
- "lucet-runtime-internals 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)",
- "lucet-wasi 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)",
+ "lucet-module 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)",
+ "lucet-runtime 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)",
+ "lucet-runtime-internals 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)",
+ "lucet-wasi 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)",
 ]

 [[package]]
@@ -4704,7 +4704,7 @@ dependencies = [
 "checksum cranelift-codegen 0.51.0 (git+https://github.com/bytecodealliance/cranelift?rev=ec787eb281bb2e18e191508c17abe694e91f0677)" = "<none>"
 "checksum cranelift-codegen-meta 0.51.0 (git+https://github.com/bytecodealliance/cranelift?rev=ec787eb281bb2e18e191508c17abe694e91f0677)" = "<none>"
 "checksum cranelift-codegen-shared 0.51.0 (git+https://github.com/bytecodealliance/cranelift?rev=ec787eb281bb2e18e191508c17abe694e91f0677)" = "<none>"
-"checksum cranelift-entity 0.41.0 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)" = "<none>"
+"checksum cranelift-entity 0.41.0 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)" = "<none>"
 "checksum cranelift-entity 0.51.0 (git+https://github.com/bytecodealliance/cranelift?rev=ec787eb281bb2e18e191508c17abe694e91f0677)" = "<none>"
 "checksum cranelift-frontend 0.51.0 (git+https://github.com/bytecodealliance/cranelift?rev=ec787eb281bb2e18e191508c17abe694e91f0677)" = "<none>"
 "checksum cranelift-wasm 0.51.0 (git+https://github.com/bytecodealliance/cranelift?rev=ec787eb281bb2e18e191508c17abe694e91f0677)" = "<none>"
@@ -4811,10 +4811,10 @@ dependencies = [
 "checksum lmdb-rkv-sys 0.9.5 (registry+https://github.com/rust-lang/crates.io-index)" = "a1e4b19a1fdf5b74bc802cc9aa7c0c86a775e8b872ba9d5a4e606ffc5d076953"
 "checksum lock_api 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "f8912e782533a93a167888781b836336a6ca5da6175c05944c86cf28c31104dc"
 "checksum log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)" = "c84ec4b527950aa83a329754b01dbe3f58361d1c5efacd1f6d68c494d08a17c6"
-"checksum lucet-module 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)" = "<none>"
-"checksum lucet-runtime 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)" = "<none>"
-"checksum lucet-runtime-internals 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)" = "<none>"
-"checksum lucet-wasi 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler)" = "<none>"
+"checksum lucet-module 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)" = "<none>"
+"checksum lucet-runtime 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)" = "<none>"
+"checksum lucet-runtime-internals 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)" = "<none>"
+"checksum lucet-wasi 0.1.1 (git+https://github.com/PLSysSec/lucet_sandbox_compiler?rev=36f0e4deb5b080dfee73042fec655d3723c7a12b)" = "<none>"
 "checksum lzw 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "7d947cbb889ed21c2a84be6ffbaebf5b4e0f4340638cba0444907e38b56be084"
 "checksum mach 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "b823e83b2affd8f40a9ee8c29dbc56404c1e34cd2710921f2801e2cf29527afa"
 "checksum malloc_buf 0.0.6 (registry+https://github.com/rust-lang/crates.io-index)" = "62bb907fe88d54d8d9ce32a3cceab4218ed2f6b7d35617cafe9adf84e43919cb"
@@ -4925,7 +4925,7 @@ dependencies = [
 "checksum ringbuf 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "588456c74d5ff0a5806bc084818e043e767533f743c11ee6f3ccf298599c6847"
 "checksum rkv 0.10.2 (registry+https://github.com/rust-lang/crates.io-index)" = "9aab7c645d32e977e186448b0a5c2c3139a91a7f630cfd8a8c314d1d145e78bf"
 "checksum rkv 0.11.0 (git+https://github.com/mozilla/rkv?rev=6a866fdad2ca880df9b87fcbc9921abac1e91914)" = "<none>"
-"checksum rlbox_lucet_sandbox 0.1.0 (git+https://github.com/PLSysSec/rlbox_lucet_sandbox/?rev=997c648eb0eaeaaa7a00a9eee20431f750b4e190)" = "<none>"
+"checksum rlbox_lucet_sandbox 0.1.0 (git+https://github.com/PLSysSec/rlbox_lucet_sandbox/?rev=9068928a00f54db2a060704e972007b0b5247ca9)" = "<none>"
 "checksum ron 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "da06feaa07f69125ab9ddc769b11de29090122170b402547f64b86fe16ebc399"
 "checksum runloop 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "5d79b4b604167921892e84afbbaad9d5ad74e091bf6c511d9dbfb0593f09fabd"
 "checksum rust-argon2 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4ca4eaef519b494d1f2848fc602d18816fed808a981aedf4f1f00ceb7c9d32cf"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -62,7 +62,7 @@ codegen-units = 1
 [patch.crates-io]
 libudev-sys = { path = "dom/webauthn/libudev-sys" }
 packed_simd = { git = "https://github.com/hsivonen/packed_simd", branch = "rust_1_32" }
-rlbox_lucet_sandbox = { git = "https://github.com/PLSysSec/rlbox_lucet_sandbox/", rev="997c648eb0eaeaaa7a00a9eee20431f750b4e190" }
+rlbox_lucet_sandbox = { git = "https://github.com/PLSysSec/rlbox_lucet_sandbox/", rev="9068928a00f54db2a060704e972007b0b5247ca9" }
 nix = { git = "https://github.com/shravanrn/nix/", branch = "r0.13.1", rev="4af6c367603869a30fddb5ffb0aba2b9477ba92e" }
 spirv_cross = { git = "https://github.com/kvark/spirv_cross", branch = "wgpu" }

--- a/third_party/rust/rlbox_lucet_sandbox/.cargo-checksum.json
+++ b/third_party/rust/rlbox_lucet_sandbox/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{".clang-format":"ff4e345608f7674dd1ee1f37b24d4030b260d82516a747093af141b3076a4164",".clang-tidy":"18717338729c418a6837e3aee4ad9cdb0f6a923ee997bcbc3f00b7d9d3989be3","CMakeLists.txt":"1d84e5f8dee55d273436009c1c5a86833631d15debe4b8a5b0f93046dc15123e","Cargo.toml":"5f5f76144391a86a871986751a27cff459153b36818e6e68aa746521b8474635","LICENSE":"891d419ba95ab39090775820f4178421dbdcd241c080003aa44f62445a48615a","README.md":"733dec66ba51d79ebd751007aee4b747ada7ff007b650e90eb7962a2deed7f9d","c_src/CMakeLists.txt":"3c952b1259806481418ad6cf2590e2e28c15f99445ca0d2f7c16e3006eafebaa","c_src/lucet_sandbox_wrapper.c":"08b2ab265127aca42b02c8a36e5450284d6794d86867a5808f854588183ab9d9","include/lucet_sandbox.h":"29fedf64a0bf3de37e9976c0c0f3b1602ccc611117e4bb8fee6256943e16f4bb","include/rlbox_lucet_sandbox.hpp":"ab9463dc2cf0ba750c1482bcbf36238e62f3d538e52cf88d6e3cb2a71aa255ec","src/callback.rs":"c40f92e017bc8f2f3136304c1f2d3ca683fe80a1bb505c0fa750cc372305020d","src/create.rs":"f9136bfa08b9f6298304de1ba611b245550fc4490ee64e992384cf6bfc91d186","src/invoke.rs":"d47b167c6048a3221f5e66a4acb5154bc5306bd1053acee56bfb87bb66c78879","src/lib.rs":"677f45b275101c116ea7acf2dafa77f9f1c5e3f379d4da3a9512c71a71878595","src/memory.rs":"8b27396ec4ddba18ac760052e9d11564fdc8c4e68271b817dfd13cefc97cf1a3","src/types.rs":"85907840c233aae0e234bcb5c1e107e76231b6518cc70a1c18be73edc2720742","test/test_lucet_sandbox_glue.cpp":"ea4eb3ace8e9a87550db44f61d065b45f31f1f5b774b4a3e0383e62962c0abf2","test/test_lucet_sandbox_glue_main.cpp":"fde2081cd8b0df3fd73fee1e36dfa5eccfb5bc825072c55a57fcf3048858dbd9","test/test_lucet_sandbox_glue_preload.cpp":"7793583e7264a0f43dcd384f7d18adc4a32560fc59ea49e2df18d80043a66173"},"package":null}
+{"files":{".clang-format":"ff4e345608f7674dd1ee1f37b24d4030b260d82516a747093af141b3076a4164",".clang-tidy":"861bc5b367dc85f5fa103f2de9460e158de97f48c59c51a26784b7c2c481e3b7","CMakeLists.txt":"0904cedee623294ea7c1dc033a875680a291eb377d8fd4c05ff25b367ff5337d","Cargo.toml":"a1ecd332edfe54d9868f0cbc82bf3868259a8dd3ac5c8c38c572de22c5ec0f29","LICENSE":"891d419ba95ab39090775820f4178421dbdcd241c080003aa44f62445a48615a","README.md":"91403ec6fce457ca476547238bbb17dca19bf9f5a8e834e589f73a183e60e8fd","c_src/CMakeLists.txt":"3c952b1259806481418ad6cf2590e2e28c15f99445ca0d2f7c16e3006eafebaa","c_src/lucet_sandbox_wrapper.c":"08b2ab265127aca42b02c8a36e5450284d6794d86867a5808f854588183ab9d9","include/lucet_sandbox.h":"29fedf64a0bf3de37e9976c0c0f3b1602ccc611117e4bb8fee6256943e16f4bb","include/rlbox_lucet_sandbox.hpp":"eee3a5d7abd38824c1b222a90d2d175c15b0bedb0a1c23d83b9471a80f73ed27","src/callback.rs":"c40f92e017bc8f2f3136304c1f2d3ca683fe80a1bb505c0fa750cc372305020d","src/create.rs":"f9136bfa08b9f6298304de1ba611b245550fc4490ee64e992384cf6bfc91d186","src/invoke.rs":"d47b167c6048a3221f5e66a4acb5154bc5306bd1053acee56bfb87bb66c78879","src/lib.rs":"677f45b275101c116ea7acf2dafa77f9f1c5e3f379d4da3a9512c71a71878595","src/memory.rs":"8b27396ec4ddba18ac760052e9d11564fdc8c4e68271b817dfd13cefc97cf1a3","src/types.rs":"85907840c233aae0e234bcb5c1e107e76231b6518cc70a1c18be73edc2720742","test/test_lucet_sandbox_glue.cpp":"ea4eb3ace8e9a87550db44f61d065b45f31f1f5b774b4a3e0383e62962c0abf2","test/test_lucet_sandbox_glue_embedder_vars.cpp":"be6abfae367719b12edc5fd8f1de840abed9bb4a2efdebb19ed59e8796fb47b8","test/test_lucet_sandbox_glue_main.cpp":"fde2081cd8b0df3fd73fee1e36dfa5eccfb5bc825072c55a57fcf3048858dbd9","test/test_lucet_sandbox_glue_preload.cpp":"7793583e7264a0f43dcd384f7d18adc4a32560fc59ea49e2df18d80043a66173"},"package":null}
--- a/third_party/rust/rlbox_lucet_sandbox/.clang-tidy
+++ b/third_party/rust/rlbox_lucet_sandbox/.clang-tidy
@@ -1,3 +1,3 @@
-Checks: '*'
+Checks: '*,-modernize-use-trailing-return-type'
 HeaderFilterRegex: '*'
 WarningsAsErrors: '*'
--- a/third_party/rust/rlbox_lucet_sandbox/CMakeLists.txt
+++ b/third_party/rust/rlbox_lucet_sandbox/CMakeLists.txt
@@ -211,7 +211,8 @@ add_custom_target(glue_lib_wasm ALL DEPENDS ${GLUE_LIB_WASM} ${GLUE_LIB_SO})

 add_executable(test_rlbox_glue test/test_lucet_sandbox_glue_main.cpp
                               test/test_lucet_sandbox_glue.cpp
-                               test/test_lucet_sandbox_glue_preload.cpp)
+                               test/test_lucet_sandbox_glue_preload.cpp
+                               test/test_lucet_sandbox_glue_embedder_vars.cpp)
 target_include_directories(test_rlbox_glue PUBLIC include)
 target_include_directories(test_rlbox_glue
                           PUBLIC ${rlbox_SOURCE_DIR}/code/include)
--- a/third_party/rust/rlbox_lucet_sandbox/Cargo.toml
+++ b/third_party/rust/rlbox_lucet_sandbox/Cargo.toml
@@ -8,10 +8,10 @@ license = "MIT"
 [dependencies]
 failure = ">=0.1.3"                    # Experimental error handling abstraction.
 goblin = ">=0.0.17"                    # An impish, cross-platform, ELF, Mach-o, and PE binary parsing and loading crate
-lucet-wasi = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler" }
-lucet-runtime = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler" }
-lucet-runtime-internals = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler" }
-lucet-module = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler" }
+lucet-wasi = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler", rev="36f0e4deb5b080dfee73042fec655d3723c7a12b" }
+lucet-runtime = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler", rev="36f0e4deb5b080dfee73042fec655d3723c7a12b" }
+lucet-runtime-internals = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler", rev="36f0e4deb5b080dfee73042fec655d3723c7a12b" }
+lucet-module = { git = "https://github.com/PLSysSec/lucet_sandbox_compiler", rev="36f0e4deb5b080dfee73042fec655d3723c7a12b" }
 # lucet-wasi = { path = "../lucet_sandbox_compiler/lucet-wasi" }
 # lucet-runtime = { path = "../lucet_sandbox_compiler/lucet-runtime" }
 # lucet-runtime-internals = { path = "../lucet_sandbox_compiler/lucet-runtime/lucet-runtime-internals" }
--- a/third_party/rust/rlbox_lucet_sandbox/README.md
+++ b/third_party/rust/rlbox_lucet_sandbox/README.md
@@ -23,6 +23,7 @@ First, build the rlbox_lucet_sandbox repo with
 cmake -S . -B ./build
 cmake --build ./build --target all
 ```
+(Note: The parallel build is currently broken for first build. Incremental parallel build works fine.)

 This lucet/wasm integration with RLBox depends on 3 external tools/libraries that are pulled in **automatically** to run the tests included in this repo.

--- a/third_party/rust/rlbox_lucet_sandbox/include/rlbox_lucet_sandbox.hpp
+++ b/third_party/rust/rlbox_lucet_sandbox/include/rlbox_lucet_sandbox.hpp
@@ -201,6 +201,30 @@ namespace lucet_detail {

 } // namespace lucet_detail

+class rlbox_lucet_sandbox;
+
+struct rlbox_lucet_sandbox_thread_data
+{
+  rlbox_lucet_sandbox* sandbox;
+  uint32_t last_callback_invoked;
+};
+
+#ifdef RLBOX_EMBEDDER_PROVIDES_TLS_STATIC_VARIABLES
+
+rlbox_lucet_sandbox_thread_data* get_rlbox_lucet_sandbox_thread_data();
+#  define RLBOX_LUCET_SANDBOX_STATIC_VARIABLES()                               \
+    thread_local rlbox::rlbox_lucet_sandbox_thread_data                        \
+      rlbox_lucet_sandbox_thread_info{ 0, 0 };                                 \
+    namespace rlbox {                                                          \
+      rlbox_lucet_sandbox_thread_data* get_rlbox_lucet_sandbox_thread_data()   \
+      {                                                                        \
+        return &rlbox_lucet_sandbox_thread_info;                               \
+      }                                                                        \
+    }                                                                          \
+    static_assert(true, "Enforce semi-colon")
+
+#endif
+
 class rlbox_lucet_sandbox
 {
 public:
@@ -250,14 +274,10 @@ private:
  inline static std::vector<std::shared_ptr<FunctionTable>>
    saved_callback_slot_info;

-  struct rlbox_lucet_sandbox_thread_local
-  {
-    rlbox_lucet_sandbox* sandbox;
-    uint32_t last_callback_invoked;
-  };
-
-  thread_local static inline rlbox_lucet_sandbox_thread_local thread_data{ 0,
-                                                                           0 };
+#ifndef RLBOX_EMBEDDER_PROVIDES_TLS_STATIC_VARIABLES
+  thread_local static inline rlbox_lucet_sandbox_thread_data thread_data{ 0,
+                                                                          0 };
+#endif

  template<typename T_FormalRet, typename T_ActualRet>
  inline auto serialize_to_sandbox(T_ActualRet arg)
@@ -320,6 +340,9 @@ private:
    void* /* vmContext */,
    typename lucet_detail::convert_type_to_wasm_type<T_Args>::type... params)
  {
+#ifdef RLBOX_EMBEDDER_PROVIDES_TLS_STATIC_VARIABLES
+    auto& thread_data = *get_rlbox_lucet_sandbox_thread_data();
+#endif
    thread_data.last_callback_invoked = N;
    using T_Func = T_Ret (*)(T_Args...);
    T_Func func;
@@ -339,6 +362,9 @@ private:
    typename lucet_detail::convert_type_to_wasm_type<T_Ret>::type ret,
    typename lucet_detail::convert_type_to_wasm_type<T_Args>::type... params)
  {
+#ifdef RLBOX_EMBEDDER_PROVIDES_TLS_STATIC_VARIABLES
+    auto& thread_data = *get_rlbox_lucet_sandbox_thread_data();
+#endif
    thread_data.last_callback_invoked = N;
    using T_Func = T_Ret (*)(T_Args...);
    T_Func func;
@@ -590,6 +616,9 @@ protected:
  template<typename T, typename T_Converted, typename... T_Args>
  auto impl_invoke_with_func_ptr(T_Converted* func_ptr, T_Args&&... params)
  {
+#ifdef RLBOX_EMBEDDER_PROVIDES_TLS_STATIC_VARIABLES
+    auto& thread_data = *get_rlbox_lucet_sandbox_thread_data();
+#endif
    thread_data.sandbox = this;
    lucet_set_curr_instance(sandbox);

@@ -610,7 +639,8 @@ protected:
    if constexpr (std::is_class_v<T_Ret>) {
      using T_Conv1 = lucet_detail::change_return_type<T_Converted, void>;
      using T_Conv2 = lucet_detail::prepend_arg_type<T_Conv1, T_PointerType>;
-      auto func_ptr_conv = reinterpret_cast<T_Conv2*>(reinterpret_cast<uintptr_t>(func_ptr));
+      auto func_ptr_conv =
+        reinterpret_cast<T_Conv2*>(reinterpret_cast<uintptr_t>(func_ptr));
      ensure_return_slot_size(sizeof(T_Ret));
      impl_invoke_with_func_ptr<T>(func_ptr_conv, return_slot, params...);

@@ -630,7 +660,7 @@ protected:
    }();

    // 0 arg functions create 0 length arrays which is not allowed
-    T_PointerType allocations_buff[alloc_length == 0? 1 : alloc_length];
+    T_PointerType allocations_buff[alloc_length == 0 ? 1 : alloc_length];
    T_PointerType* allocations = allocations_buff;

    auto serialize_class_arg =
@@ -661,7 +691,8 @@ protected:
    using T_ConvHeap = lucet_detail::prepend_arg_type<T_ConvNoClass, uint64_t>;

    // Function invocation
-    auto func_ptr_conv = reinterpret_cast<T_ConvHeap*>(reinterpret_cast<uintptr_t>(func_ptr));
+    auto func_ptr_conv =
+      reinterpret_cast<T_ConvHeap*>(reinterpret_cast<uintptr_t>(func_ptr));

    using T_NoVoidRet =
      std::conditional_t<std::is_void_v<T_Ret>, uint32_t, T_Ret>;
@@ -766,6 +797,9 @@ protected:
  static inline std::pair<rlbox_lucet_sandbox*, void*>
  impl_get_executed_callback_sandbox_and_key()
  {
+#ifdef RLBOX_EMBEDDER_PROVIDES_TLS_STATIC_VARIABLES
+    auto& thread_data = *get_rlbox_lucet_sandbox_thread_data();
+#endif
    auto sandbox = thread_data.sandbox;
    auto callback_num = thread_data.last_callback_invoked;
    void* key = sandbox->callback_unique_keys[callback_num];
--- a/third_party/rust/rlbox_lucet_sandbox/test/test_lucet_sandbox_glue_embedder_vars.cpp
+++ b/third_party/rust/rlbox_lucet_sandbox/test/test_lucet_sandbox_glue_embedder_vars.cpp
@@ -0,0 +1,19 @@
+#define RLBOX_USE_EXCEPTIONS
+#define RLBOX_ENABLE_DEBUG_ASSERTIONS
+#define RLBOX_SINGLE_THREADED_INVOCATIONS
+#define RLBOX_EMBEDDER_PROVIDES_TLS_STATIC_VARIABLES
+#include "rlbox_lucet_sandbox.hpp"
+RLBOX_LUCET_SANDBOX_STATIC_VARIABLES();
+
+// NOLINTNEXTLINE
+#define TestName "rlbox_lucet_sandbox embedder"
+// NOLINTNEXTLINE
+#define TestType rlbox::rlbox_lucet_sandbox
+
+#ifndef GLUE_LIB_LUCET_PATH
+#  error "Missing definition for GLUE_LIB_LUCET_PATH"
+#endif
+
+// NOLINTNEXTLINE
+#define CreateSandbox(sandbox) sandbox.create_sandbox(GLUE_LIB_LUCET_PATH)
+#include "test_sandbox_glue.inc.cpp"