Commit 40d66d8b authored by Michael Achenbach's avatar Michael Achenbach Committed by Commit Bot

[build] Make separate snapshot for trusted variant

This enables side-by-side snapshots with and without untrusted-code
mitigations. It'll be the default in all V8 stand-alone builds
with external startup data. Internal snapshots are not supported.

The files snapshot_blob.bin and snapshot_blob_trusted.bin will be
bundled with V8 on swarming and the correct file is loaded dependent
on the --untrusted-code-mitigations runtime flag.

Likewise we embed two snapshots for builtins.

Side-by-side snapshots won't be supported in Chromium.

Bug: v8:7441
Change-Id: I2949ddfd5773649946b1c8e74751d48ad1d9c524
Reviewed-on: https://chromium-review.googlesource.com/960004
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Reviewed-by: 's avatarYang Guo <yangguo@chromium.org>
Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52028}
parent 38525dd2
...@@ -9,6 +9,7 @@ import("//build/config/host_byteorder.gni") ...@@ -9,6 +9,7 @@ import("//build/config/host_byteorder.gni")
import("//build/config/jumbo.gni") import("//build/config/jumbo.gni")
import("//build/config/mips.gni") import("//build/config/mips.gni")
import("//build/config/sanitizers/sanitizers.gni") import("//build/config/sanitizers/sanitizers.gni")
import("//build_overrides/build.gni")
if (is_android) { if (is_android) {
import("//build/config/android/rules.gni") import("//build/config/android/rules.gni")
...@@ -326,6 +327,9 @@ config("features") { ...@@ -326,6 +327,9 @@ config("features") {
if (v8_enable_embedded_builtins) { if (v8_enable_embedded_builtins) {
defines += [ "V8_EMBEDDED_BUILTINS" ] defines += [ "V8_EMBEDDED_BUILTINS" ]
} }
if (v8_use_multi_snapshots) {
defines += [ "V8_MULTI_SNAPSHOTS" ]
}
} }
config("toolchain") { config("toolchain") {
...@@ -718,6 +722,8 @@ action("d8_js2c") { ...@@ -718,6 +722,8 @@ action("d8_js2c") {
if (is_android && enable_java_templates) { if (is_android && enable_java_templates) {
android_assets("v8_external_startup_data_assets") { android_assets("v8_external_startup_data_assets") {
if (v8_use_external_startup_data) { if (v8_use_external_startup_data) {
# We don't support side-by-side snapshots on Android within Chromium.
assert(!v8_use_multi_snapshots)
deps = [ deps = [
"//v8", "//v8",
] ]
...@@ -805,8 +811,24 @@ action("postmortem-metadata") { ...@@ -805,8 +811,24 @@ action("postmortem-metadata") {
rebase_path(sources, root_build_dir) rebase_path(sources, root_build_dir)
} }
if (v8_use_snapshot) { # Template to generate different V8 snapshots based on different runtime flags.
action("run_mksnapshot") { # Can be invoked with run_mksnapshot(<name>). The target will resolve to
# run_mksnapshot_<name>. If <name> is "default", no file suffixes will be used.
# Otherwise files are suffixed, e.g. embedded_<name>.cc and
# snapshot_blob_<name>.bin.
#
# The template exposes the variables:
# args: additional flags for mksnapshots
# embedded_suffix: a camel case suffix for method names in the embedded
# snapshot.
template("run_mksnapshot") {
name = target_name
if (name == "default") {
suffix = ""
} else {
suffix = "_$name"
}
action("run_mksnapshot_" + name) {
visibility = [ ":*" ] # Only targets in this file can depend on this. visibility = [ ":*" ] # Only targets in this file can depend on this.
deps = [ deps = [
...@@ -826,13 +848,21 @@ if (v8_use_snapshot) { ...@@ -826,13 +848,21 @@ if (v8_use_snapshot) {
"--turbo_instruction_scheduling", "--turbo_instruction_scheduling",
] ]
args += invoker.args
if (v8_enable_embedded_builtins) { if (v8_enable_embedded_builtins) {
outputs += [ "$target_gen_dir/embedded.cc" ] outputs += [ "$target_gen_dir/embedded${suffix}.cc" ]
args += [ args += [
"--embedded_src", "--embedded_src",
rebase_path("$target_gen_dir/embedded.cc", root_build_dir), rebase_path("$target_gen_dir/embedded${suffix}.cc", root_build_dir),
]
if (invoker.embedded_suffix != "") {
args += [
"--embedded_suffix",
invoker.embedded_suffix,
] ]
} }
}
if (v8_random_seed != "0") { if (v8_random_seed != "0") {
args += [ args += [
...@@ -853,16 +883,16 @@ if (v8_use_snapshot) { ...@@ -853,16 +883,16 @@ if (v8_use_snapshot) {
} }
if (v8_use_external_startup_data) { if (v8_use_external_startup_data) {
outputs += [ "$root_out_dir/snapshot_blob.bin" ] outputs += [ "$root_out_dir/snapshot_blob${suffix}.bin" ]
args += [ args += [
"--startup_blob", "--startup_blob",
rebase_path("$root_out_dir/snapshot_blob.bin", root_build_dir), rebase_path("$root_out_dir/snapshot_blob${suffix}.bin", root_build_dir),
] ]
} else { } else {
outputs += [ "$target_gen_dir/snapshot.cc" ] outputs += [ "$target_gen_dir/snapshot${suffix}.cc" ]
args += [ args += [
"--startup_src", "--startup_src",
rebase_path("$target_gen_dir/snapshot.cc", root_build_dir), rebase_path("$target_gen_dir/snapshot${suffix}.cc", root_build_dir),
] ]
} }
...@@ -880,6 +910,23 @@ if (v8_use_snapshot) { ...@@ -880,6 +910,23 @@ if (v8_use_snapshot) {
} }
} }
if (v8_use_snapshot) {
run_mksnapshot("default") {
args = []
if (v8_enable_embedded_builtins) {
embedded_suffix = ""
}
}
if (v8_use_multi_snapshots) {
run_mksnapshot("trusted") {
args = [ "--no-untrusted-code-mitigations" ]
if (v8_enable_embedded_builtins) {
embedded_suffix = "Trusted"
}
}
}
}
action("v8_dump_build_config") { action("v8_dump_build_config") {
script = "tools/testrunner/utils/dump_build_config.py" script = "tools/testrunner/utils/dump_build_config.py"
outputs = [ outputs = [
...@@ -985,7 +1032,7 @@ if (v8_use_snapshot && !v8_use_external_startup_data) { ...@@ -985,7 +1032,7 @@ if (v8_use_snapshot && !v8_use_external_startup_data) {
public_deps = [ public_deps = [
# This should be public so downstream targets can declare the snapshot # This should be public so downstream targets can declare the snapshot
# output file as their inputs. # output file as their inputs.
":run_mksnapshot", ":run_mksnapshot_default",
] ]
sources = [ sources = [
...@@ -1025,9 +1072,13 @@ if (v8_use_snapshot && v8_use_external_startup_data) { ...@@ -1025,9 +1072,13 @@ if (v8_use_snapshot && v8_use_external_startup_data) {
] ]
public_deps = [ public_deps = [
":natives_blob", ":natives_blob",
":run_mksnapshot", ":run_mksnapshot_default",
] ]
if (v8_use_multi_snapshots) {
public_deps += [ ":run_mksnapshot_trusted" ]
}
sources = [ sources = [
"src/setup-isolate-deserialize.cc", "src/setup-isolate-deserialize.cc",
"src/snapshot/natives-external.cc", "src/snapshot/natives-external.cc",
...@@ -1036,6 +1087,9 @@ if (v8_use_snapshot && v8_use_external_startup_data) { ...@@ -1036,6 +1087,9 @@ if (v8_use_snapshot && v8_use_external_startup_data) {
if (v8_enable_embedded_builtins) { if (v8_enable_embedded_builtins) {
sources += [ "$target_gen_dir/embedded.cc" ] sources += [ "$target_gen_dir/embedded.cc" ]
if (v8_use_multi_snapshots) {
sources += [ "$target_gen_dir/embedded_trusted.cc" ]
}
} }
configs = [ ":internal_config" ] configs = [ ":internal_config" ]
......
...@@ -116,6 +116,11 @@ template("v8_isolate_run") { ...@@ -116,6 +116,11 @@ template("v8_isolate_run") {
} else { } else {
use_snapshot = "false" use_snapshot = "false"
} }
if (v8_use_multi_snapshots) {
multi_snapshots = "1"
} else {
multi_snapshots = "0"
}
if (v8_has_valgrind) { if (v8_has_valgrind) {
has_valgrind = "1" has_valgrind = "1"
} else { } else {
...@@ -175,6 +180,8 @@ template("v8_isolate_run") { ...@@ -175,6 +180,8 @@ template("v8_isolate_run") {
"--config-variable", "--config-variable",
"ubsan_vptr=$ubsan_vptr", "ubsan_vptr=$ubsan_vptr",
"--config-variable", "--config-variable",
"v8_use_multi_snapshots=$multi_snapshots",
"--config-variable",
"v8_use_external_startup_data=$use_external_startup_data", "v8_use_external_startup_data=$use_external_startup_data",
"--config-variable", "--config-variable",
"v8_use_snapshot=$use_snapshot", "v8_use_snapshot=$use_snapshot",
......
...@@ -37,6 +37,9 @@ declare_args() { ...@@ -37,6 +37,9 @@ declare_args() {
# https://803591 # https://803591
v8_use_snapshot = !(is_win && host_os != "win" && target_cpu == "x64") v8_use_snapshot = !(is_win && host_os != "win" && target_cpu == "x64")
# Enable several snapshots side-by-side (e.g. default and for trusted code).
v8_use_multi_snapshots = ""
# Use external files for startup data blobs: # Use external files for startup data blobs:
# the JS builtins sources and the start snapshot. # the JS builtins sources and the start snapshot.
v8_use_external_startup_data = "" v8_use_external_startup_data = ""
...@@ -58,6 +61,10 @@ if (v8_use_external_startup_data == "") { ...@@ -58,6 +61,10 @@ if (v8_use_external_startup_data == "") {
v8_use_external_startup_data = v8_use_snapshot && !is_ios v8_use_external_startup_data = v8_use_snapshot && !is_ios
} }
if (v8_use_multi_snapshots == "") {
v8_use_multi_snapshots = v8_use_external_startup_data && !build_with_chromium
}
if (v8_enable_backtrace == "") { if (v8_enable_backtrace == "") {
v8_enable_backtrace = is_debug && !v8_optimized_debug v8_enable_backtrace = is_debug && !v8_optimized_debug
} }
......
...@@ -17,6 +17,13 @@ ...@@ -17,6 +17,13 @@
], ],
}, },
}], }],
['v8_use_snapshot=="true" and v8_use_external_startup_data==1 and v8_use_multi_snapshots==1', {
'variables': {
'files': [
'<(PRODUCT_DIR)/snapshot_blob_trusted.bin',
],
},
}],
['tsan==1', { ['tsan==1', {
'variables': { 'variables': {
'files': [ 'files': [
......
...@@ -1067,6 +1067,8 @@ DEFINE_INT(testing_prng_seed, 42, "Seed used for threading test randomness") ...@@ -1067,6 +1067,8 @@ DEFINE_INT(testing_prng_seed, 42, "Seed used for threading test randomness")
// mksnapshot.cc // mksnapshot.cc
DEFINE_STRING(embedded_src, nullptr, DEFINE_STRING(embedded_src, nullptr,
"Path for the generated embedded data file. (mksnapshot only)") "Path for the generated embedded data file. (mksnapshot only)")
DEFINE_STRING(embedded_suffix, nullptr,
"Symbol suffix in embedded data file. (mksnapshot only)")
DEFINE_STRING(startup_src, nullptr, DEFINE_STRING(startup_src, nullptr,
"Write V8 startup as C++ src. (mksnapshot only)") "Write V8 startup as C++ src. (mksnapshot only)")
DEFINE_STRING(startup_blob, nullptr, DEFINE_STRING(startup_blob, nullptr,
......
...@@ -70,6 +70,11 @@ base::Atomic32 ThreadId::highest_thread_id_ = 0; ...@@ -70,6 +70,11 @@ base::Atomic32 ThreadId::highest_thread_id_ = 0;
extern const uint8_t* DefaultEmbeddedBlob(); extern const uint8_t* DefaultEmbeddedBlob();
extern uint32_t DefaultEmbeddedBlobSize(); extern uint32_t DefaultEmbeddedBlobSize();
#ifdef V8_MULTI_SNAPSHOTS
extern const uint8_t* DefaultEmbeddedBlobTrusted();
extern uint32_t DefaultEmbeddedBlobSizeTrusted();
#endif
const uint8_t* Isolate::embedded_blob() const { return embedded_blob_; } const uint8_t* Isolate::embedded_blob() const { return embedded_blob_; }
uint32_t Isolate::embedded_blob_size() const { return embedded_blob_size_; } uint32_t Isolate::embedded_blob_size() const { return embedded_blob_size_; }
#endif #endif
...@@ -2939,8 +2944,18 @@ bool Isolate::Init(StartupDeserializer* des) { ...@@ -2939,8 +2944,18 @@ bool Isolate::Init(StartupDeserializer* des) {
new CompilerDispatcher(this, V8::GetCurrentPlatform(), FLAG_stack_size); new CompilerDispatcher(this, V8::GetCurrentPlatform(), FLAG_stack_size);
#ifdef V8_EMBEDDED_BUILTINS #ifdef V8_EMBEDDED_BUILTINS
#ifdef V8_MULTI_SNAPSHOTS
if (FLAG_untrusted_code_mitigations) {
embedded_blob_ = DefaultEmbeddedBlob();
embedded_blob_size_ = DefaultEmbeddedBlobSize();
} else {
embedded_blob_ = DefaultEmbeddedBlobTrusted();
embedded_blob_size_ = DefaultEmbeddedBlobSizeTrusted();
}
#else
embedded_blob_ = DefaultEmbeddedBlob(); embedded_blob_ = DefaultEmbeddedBlob();
embedded_blob_size_ = DefaultEmbeddedBlobSize(); embedded_blob_size_ = DefaultEmbeddedBlobSize();
#endif
#endif #endif
// Enable logging before setting up the heap // Enable logging before setting up the heap
......
...@@ -12,6 +12,12 @@ namespace internal { ...@@ -12,6 +12,12 @@ namespace internal {
#ifdef V8_EMBEDDED_BUILTINS #ifdef V8_EMBEDDED_BUILTINS
const uint8_t* DefaultEmbeddedBlob() { return nullptr; } const uint8_t* DefaultEmbeddedBlob() { return nullptr; }
uint32_t DefaultEmbeddedBlobSize() { return 0; } uint32_t DefaultEmbeddedBlobSize() { return 0; }
#ifdef V8_MULTI_SNAPSHOTS
const uint8_t* DefaultEmbeddedBlobTrusted() { return nullptr; }
uint32_t DefaultEmbeddedBlobSizeTrusted() { return 0; }
#endif
#endif #endif
} // namespace internal } // namespace internal
......
...@@ -26,6 +26,10 @@ class SnapshotWriter { ...@@ -26,6 +26,10 @@ class SnapshotWriter {
void SetEmbeddedFile(const char* embedded_cpp_file) { void SetEmbeddedFile(const char* embedded_cpp_file) {
embedded_cpp_path_ = embedded_cpp_file; embedded_cpp_path_ = embedded_cpp_file;
} }
void SetEmbeddedSuffix(const char* embedded_suffix) {
embedded_suffix_ = embedded_suffix;
}
#endif #endif
void SetSnapshotFile(const char* snapshot_cpp_file) { void SetSnapshotFile(const char* snapshot_cpp_file) {
...@@ -124,7 +128,7 @@ class SnapshotWriter { ...@@ -124,7 +128,7 @@ class SnapshotWriter {
WriteEmbeddedFilePrefix(fp); WriteEmbeddedFilePrefix(fp);
WriteEmbeddedFileData(fp, blob); WriteEmbeddedFileData(fp, blob);
WriteEmbeddedFileSuffix(fp); WriteEmbeddedFileSuffix(fp, embedded_suffix_);
fclose(fp); fclose(fp);
} }
...@@ -138,14 +142,16 @@ class SnapshotWriter { ...@@ -138,14 +142,16 @@ class SnapshotWriter {
fprintf(fp, "namespace {\n\n"); fprintf(fp, "namespace {\n\n");
} }
static void WriteEmbeddedFileSuffix(FILE* fp) { static void WriteEmbeddedFileSuffix(FILE* fp, const char* symbol_suffix) {
fprintf(fp, "} // namespace\n\n"); fprintf(fp, "} // namespace\n\n");
fprintf(
fp,
"const uint8_t* DefaultEmbeddedBlob() { return v8_embedded_blob_; }\n");
fprintf(fp, fprintf(fp,
"uint32_t DefaultEmbeddedBlobSize() { return " "const uint8_t* DefaultEmbeddedBlob%s() { return "
"v8_embedded_blob_size_; }\n\n"); "v8_embedded_blob_; }\n",
symbol_suffix);
fprintf(fp,
"uint32_t DefaultEmbeddedBlobSize%s() { return "
"v8_embedded_blob_size_; }\n\n",
symbol_suffix);
fprintf(fp, "} // namespace internal\n"); fprintf(fp, "} // namespace internal\n");
fprintf(fp, "} // namespace v8\n"); fprintf(fp, "} // namespace v8\n");
} }
...@@ -211,6 +217,7 @@ class SnapshotWriter { ...@@ -211,6 +217,7 @@ class SnapshotWriter {
#ifdef V8_EMBEDDED_BUILTINS #ifdef V8_EMBEDDED_BUILTINS
const char* embedded_cpp_path_ = nullptr; const char* embedded_cpp_path_ = nullptr;
const char* embedded_suffix_ = "";
#endif #endif
const char* snapshot_cpp_path_; const char* snapshot_cpp_path_;
const char* snapshot_blob_path_; const char* snapshot_blob_path_;
...@@ -376,6 +383,8 @@ int main(int argc, char** argv) { ...@@ -376,6 +383,8 @@ int main(int argc, char** argv) {
if (i::FLAG_startup_blob) writer.SetStartupBlobFile(i::FLAG_startup_blob); if (i::FLAG_startup_blob) writer.SetStartupBlobFile(i::FLAG_startup_blob);
#ifdef V8_EMBEDDED_BUILTINS #ifdef V8_EMBEDDED_BUILTINS
if (i::FLAG_embedded_src) writer.SetEmbeddedFile(i::FLAG_embedded_src); if (i::FLAG_embedded_src) writer.SetEmbeddedFile(i::FLAG_embedded_src);
if (i::FLAG_embedded_suffix)
writer.SetEmbeddedSuffix(i::FLAG_embedded_suffix);
#endif #endif
std::unique_ptr<char> embed_script( std::unique_ptr<char> embed_script(
......
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
#include "src/base/file-utils.h" #include "src/base/file-utils.h"
#include "src/base/logging.h" #include "src/base/logging.h"
#include "src/base/platform/platform.h" #include "src/base/platform/platform.h"
#include "src/flags.h"
#include "src/utils.h" #include "src/utils.h"
...@@ -86,9 +87,15 @@ void InitializeExternalStartupData(const char* directory_path) { ...@@ -86,9 +87,15 @@ void InitializeExternalStartupData(const char* directory_path) {
#ifdef V8_USE_EXTERNAL_STARTUP_DATA #ifdef V8_USE_EXTERNAL_STARTUP_DATA
char* natives; char* natives;
char* snapshot; char* snapshot;
const char* snapshot_name = "snapshot_blob.bin";
#ifdef V8_MULTI_SNAPSHOTS
if (!FLAG_untrusted_code_mitigations) {
snapshot_name = "snapshot_blob_trusted.bin";
}
#endif
LoadFromFiles( LoadFromFiles(
base::RelativePath(&natives, directory_path, "natives_blob.bin"), base::RelativePath(&natives, directory_path, "natives_blob.bin"),
base::RelativePath(&snapshot, directory_path, "snapshot_blob.bin")); base::RelativePath(&snapshot, directory_path, snapshot_name));
free(natives); free(natives);
free(snapshot); free(snapshot);
#endif // V8_USE_EXTERNAL_STARTUP_DATA #endif // V8_USE_EXTERNAL_STARTUP_DATA
......
...@@ -793,6 +793,12 @@ class AndroidPlatform(Platform): # pragma: no cover ...@@ -793,6 +793,12 @@ class AndroidPlatform(Platform): # pragma: no cover
target_dir, target_dir,
skip_if_missing=True, skip_if_missing=True,
) )
self._PushFile(
shell_dir,
"snapshot_blob_trusted.bin",
target_dir,
skip_if_missing=True,
)
self._PushFile( self._PushFile(
shell_dir, shell_dir,
"icudtl.dat", "icudtl.dat",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment