Commit 40d66d8b authored by Michael Achenbach's avatar Michael Achenbach Committed by Commit Bot

[build] Make separate snapshot for trusted variant

This enables side-by-side snapshots with and without untrusted-code
mitigations. It'll be the default in all V8 stand-alone builds
with external startup data. Internal snapshots are not supported.

The files snapshot_blob.bin and snapshot_blob_trusted.bin will be
bundled with V8 on swarming and the correct file is loaded dependent
on the --untrusted-code-mitigations runtime flag.

Likewise we embed two snapshots for builtins.

Side-by-side snapshots won't be supported in Chromium.

Bug: v8:7441
Change-Id: I2949ddfd5773649946b1c8e74751d48ad1d9c524
Reviewed-on: https://chromium-review.googlesource.com/960004
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52028}
parent 38525dd2
......@@ -9,6 +9,7 @@ import("//build/config/host_byteorder.gni")
import("//build/config/jumbo.gni")
import("//build/config/mips.gni")
import("//build/config/sanitizers/sanitizers.gni")
import("//build_overrides/build.gni")
if (is_android) {
import("//build/config/android/rules.gni")
......@@ -326,6 +327,9 @@ config("features") {
if (v8_enable_embedded_builtins) {
defines += [ "V8_EMBEDDED_BUILTINS" ]
}
if (v8_use_multi_snapshots) {
defines += [ "V8_MULTI_SNAPSHOTS" ]
}
}
config("toolchain") {
......@@ -718,6 +722,8 @@ action("d8_js2c") {
if (is_android && enable_java_templates) {
android_assets("v8_external_startup_data_assets") {
if (v8_use_external_startup_data) {
# We don't support side-by-side snapshots on Android within Chromium.
assert(!v8_use_multi_snapshots)
deps = [
"//v8",
]
......@@ -805,8 +811,24 @@ action("postmortem-metadata") {
rebase_path(sources, root_build_dir)
}
if (v8_use_snapshot) {
action("run_mksnapshot") {
# Template to generate different V8 snapshots based on different runtime flags.
# Can be invoked with run_mksnapshot(<name>). The target will resolve to
# run_mksnapshot_<name>. If <name> is "default", no file suffixes will be used.
# Otherwise files are suffixed, e.g. embedded_<name>.cc and
# snapshot_blob_<name>.bin.
#
# The template exposes the variables:
# args: additional flags for mksnapshots
# embedded_suffix: a camel case suffix for method names in the embedded
# snapshot.
template("run_mksnapshot") {
name = target_name
if (name == "default") {
suffix = ""
} else {
suffix = "_$name"
}
action("run_mksnapshot_" + name) {
visibility = [ ":*" ] # Only targets in this file can depend on this.
deps = [
......@@ -826,13 +848,21 @@ if (v8_use_snapshot) {
"--turbo_instruction_scheduling",
]
args += invoker.args
if (v8_enable_embedded_builtins) {
outputs += [ "$target_gen_dir/embedded.cc" ]
outputs += [ "$target_gen_dir/embedded${suffix}.cc" ]
args += [
"--embedded_src",
rebase_path("$target_gen_dir/embedded.cc", root_build_dir),
rebase_path("$target_gen_dir/embedded${suffix}.cc", root_build_dir),
]
if (invoker.embedded_suffix != "") {
args += [
"--embedded_suffix",
invoker.embedded_suffix,
]
}
}
if (v8_random_seed != "0") {
args += [
......@@ -853,16 +883,16 @@ if (v8_use_snapshot) {
}
if (v8_use_external_startup_data) {
outputs += [ "$root_out_dir/snapshot_blob.bin" ]
outputs += [ "$root_out_dir/snapshot_blob${suffix}.bin" ]
args += [
"--startup_blob",
rebase_path("$root_out_dir/snapshot_blob.bin", root_build_dir),
rebase_path("$root_out_dir/snapshot_blob${suffix}.bin", root_build_dir),
]
} else {
outputs += [ "$target_gen_dir/snapshot.cc" ]
outputs += [ "$target_gen_dir/snapshot${suffix}.cc" ]
args += [
"--startup_src",
rebase_path("$target_gen_dir/snapshot.cc", root_build_dir),
rebase_path("$target_gen_dir/snapshot${suffix}.cc", root_build_dir),
]
}
......@@ -880,6 +910,23 @@ if (v8_use_snapshot) {
}
}
if (v8_use_snapshot) {
run_mksnapshot("default") {
args = []
if (v8_enable_embedded_builtins) {
embedded_suffix = ""
}
}
if (v8_use_multi_snapshots) {
run_mksnapshot("trusted") {
args = [ "--no-untrusted-code-mitigations" ]
if (v8_enable_embedded_builtins) {
embedded_suffix = "Trusted"
}
}
}
}
action("v8_dump_build_config") {
script = "tools/testrunner/utils/dump_build_config.py"
outputs = [
......@@ -985,7 +1032,7 @@ if (v8_use_snapshot && !v8_use_external_startup_data) {
public_deps = [
# This should be public so downstream targets can declare the snapshot
# output file as their inputs.
":run_mksnapshot",
":run_mksnapshot_default",
]
sources = [
......@@ -1025,9 +1072,13 @@ if (v8_use_snapshot && v8_use_external_startup_data) {
]
public_deps = [
":natives_blob",
":run_mksnapshot",
":run_mksnapshot_default",
]
if (v8_use_multi_snapshots) {
public_deps += [ ":run_mksnapshot_trusted" ]
}
sources = [
"src/setup-isolate-deserialize.cc",
"src/snapshot/natives-external.cc",
......@@ -1036,6 +1087,9 @@ if (v8_use_snapshot && v8_use_external_startup_data) {
if (v8_enable_embedded_builtins) {
sources += [ "$target_gen_dir/embedded.cc" ]
if (v8_use_multi_snapshots) {
sources += [ "$target_gen_dir/embedded_trusted.cc" ]
}
}
configs = [ ":internal_config" ]
......
......@@ -116,6 +116,11 @@ template("v8_isolate_run") {
} else {
use_snapshot = "false"
}
if (v8_use_multi_snapshots) {
multi_snapshots = "1"
} else {
multi_snapshots = "0"
}
if (v8_has_valgrind) {
has_valgrind = "1"
} else {
......@@ -175,6 +180,8 @@ template("v8_isolate_run") {
"--config-variable",
"ubsan_vptr=$ubsan_vptr",
"--config-variable",
"v8_use_multi_snapshots=$multi_snapshots",
"--config-variable",
"v8_use_external_startup_data=$use_external_startup_data",
"--config-variable",
"v8_use_snapshot=$use_snapshot",
......
......@@ -37,6 +37,9 @@ declare_args() {
# https://803591
v8_use_snapshot = !(is_win && host_os != "win" && target_cpu == "x64")
# Enable several snapshots side-by-side (e.g. default and for trusted code).
v8_use_multi_snapshots = ""
# Use external files for startup data blobs:
# the JS builtins sources and the start snapshot.
v8_use_external_startup_data = ""
......@@ -58,6 +61,10 @@ if (v8_use_external_startup_data == "") {
v8_use_external_startup_data = v8_use_snapshot && !is_ios
}
if (v8_use_multi_snapshots == "") {
v8_use_multi_snapshots = v8_use_external_startup_data && !build_with_chromium
}
if (v8_enable_backtrace == "") {
v8_enable_backtrace = is_debug && !v8_optimized_debug
}
......
......@@ -17,6 +17,13 @@
],
},
}],
['v8_use_snapshot=="true" and v8_use_external_startup_data==1 and v8_use_multi_snapshots==1', {
'variables': {
'files': [
'<(PRODUCT_DIR)/snapshot_blob_trusted.bin',
],
},
}],
['tsan==1', {
'variables': {
'files': [
......
......@@ -1067,6 +1067,8 @@ DEFINE_INT(testing_prng_seed, 42, "Seed used for threading test randomness")
// mksnapshot.cc
DEFINE_STRING(embedded_src, nullptr,
"Path for the generated embedded data file. (mksnapshot only)")
DEFINE_STRING(embedded_suffix, nullptr,
"Symbol suffix in embedded data file. (mksnapshot only)")
DEFINE_STRING(startup_src, nullptr,
"Write V8 startup as C++ src. (mksnapshot only)")
DEFINE_STRING(startup_blob, nullptr,
......
......@@ -70,6 +70,11 @@ base::Atomic32 ThreadId::highest_thread_id_ = 0;
extern const uint8_t* DefaultEmbeddedBlob();
extern uint32_t DefaultEmbeddedBlobSize();
#ifdef V8_MULTI_SNAPSHOTS
extern const uint8_t* DefaultEmbeddedBlobTrusted();
extern uint32_t DefaultEmbeddedBlobSizeTrusted();
#endif
const uint8_t* Isolate::embedded_blob() const { return embedded_blob_; }
uint32_t Isolate::embedded_blob_size() const { return embedded_blob_size_; }
#endif
......@@ -2939,8 +2944,18 @@ bool Isolate::Init(StartupDeserializer* des) {
new CompilerDispatcher(this, V8::GetCurrentPlatform(), FLAG_stack_size);
#ifdef V8_EMBEDDED_BUILTINS
#ifdef V8_MULTI_SNAPSHOTS
if (FLAG_untrusted_code_mitigations) {
embedded_blob_ = DefaultEmbeddedBlob();
embedded_blob_size_ = DefaultEmbeddedBlobSize();
} else {
embedded_blob_ = DefaultEmbeddedBlobTrusted();
embedded_blob_size_ = DefaultEmbeddedBlobSizeTrusted();
}
#else
embedded_blob_ = DefaultEmbeddedBlob();
embedded_blob_size_ = DefaultEmbeddedBlobSize();
#endif
#endif
// Enable logging before setting up the heap
......
......@@ -12,6 +12,12 @@ namespace internal {
#ifdef V8_EMBEDDED_BUILTINS
const uint8_t* DefaultEmbeddedBlob() { return nullptr; }
uint32_t DefaultEmbeddedBlobSize() { return 0; }
#ifdef V8_MULTI_SNAPSHOTS
const uint8_t* DefaultEmbeddedBlobTrusted() { return nullptr; }
uint32_t DefaultEmbeddedBlobSizeTrusted() { return 0; }
#endif
#endif
} // namespace internal
......
......@@ -26,6 +26,10 @@ class SnapshotWriter {
void SetEmbeddedFile(const char* embedded_cpp_file) {
embedded_cpp_path_ = embedded_cpp_file;
}
void SetEmbeddedSuffix(const char* embedded_suffix) {
embedded_suffix_ = embedded_suffix;
}
#endif
void SetSnapshotFile(const char* snapshot_cpp_file) {
......@@ -124,7 +128,7 @@ class SnapshotWriter {
WriteEmbeddedFilePrefix(fp);
WriteEmbeddedFileData(fp, blob);
WriteEmbeddedFileSuffix(fp);
WriteEmbeddedFileSuffix(fp, embedded_suffix_);
fclose(fp);
}
......@@ -138,14 +142,16 @@ class SnapshotWriter {
fprintf(fp, "namespace {\n\n");
}
static void WriteEmbeddedFileSuffix(FILE* fp) {
static void WriteEmbeddedFileSuffix(FILE* fp, const char* symbol_suffix) {
fprintf(fp, "} // namespace\n\n");
fprintf(
fp,
"const uint8_t* DefaultEmbeddedBlob() { return v8_embedded_blob_; }\n");
fprintf(fp,
"uint32_t DefaultEmbeddedBlobSize() { return "
"v8_embedded_blob_size_; }\n\n");
"const uint8_t* DefaultEmbeddedBlob%s() { return "
"v8_embedded_blob_; }\n",
symbol_suffix);
fprintf(fp,
"uint32_t DefaultEmbeddedBlobSize%s() { return "
"v8_embedded_blob_size_; }\n\n",
symbol_suffix);
fprintf(fp, "} // namespace internal\n");
fprintf(fp, "} // namespace v8\n");
}
......@@ -211,6 +217,7 @@ class SnapshotWriter {
#ifdef V8_EMBEDDED_BUILTINS
const char* embedded_cpp_path_ = nullptr;
const char* embedded_suffix_ = "";
#endif
const char* snapshot_cpp_path_;
const char* snapshot_blob_path_;
......@@ -376,6 +383,8 @@ int main(int argc, char** argv) {
if (i::FLAG_startup_blob) writer.SetStartupBlobFile(i::FLAG_startup_blob);
#ifdef V8_EMBEDDED_BUILTINS
if (i::FLAG_embedded_src) writer.SetEmbeddedFile(i::FLAG_embedded_src);
if (i::FLAG_embedded_suffix)
writer.SetEmbeddedSuffix(i::FLAG_embedded_suffix);
#endif
std::unique_ptr<char> embed_script(
......
......@@ -10,6 +10,7 @@
#include "src/base/file-utils.h"
#include "src/base/logging.h"
#include "src/base/platform/platform.h"
#include "src/flags.h"
#include "src/utils.h"
......@@ -86,9 +87,15 @@ void InitializeExternalStartupData(const char* directory_path) {
#ifdef V8_USE_EXTERNAL_STARTUP_DATA
char* natives;
char* snapshot;
const char* snapshot_name = "snapshot_blob.bin";
#ifdef V8_MULTI_SNAPSHOTS
if (!FLAG_untrusted_code_mitigations) {
snapshot_name = "snapshot_blob_trusted.bin";
}
#endif
LoadFromFiles(
base::RelativePath(&natives, directory_path, "natives_blob.bin"),
base::RelativePath(&snapshot, directory_path, "snapshot_blob.bin"));
base::RelativePath(&snapshot, directory_path, snapshot_name));
free(natives);
free(snapshot);
#endif // V8_USE_EXTERNAL_STARTUP_DATA
......
......@@ -793,6 +793,12 @@ class AndroidPlatform(Platform): # pragma: no cover
target_dir,
skip_if_missing=True,
)
self._PushFile(
shell_dir,
"snapshot_blob_trusted.bin",
target_dir,
skip_if_missing=True,
)
self._PushFile(
shell_dir,
"icudtl.dat",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment