[flags] Disable flags freezing in tests, fuzzers, and others

This CL explicitly disables the --freeze-flags-after-init flag for cases where we modify flags after initialization. This is only tests, fuzzers, and special options to d8, thus not security relevant. These should be the last blockers for enabling the flag globally. R=cbruni@chromium.org Bug: v8:12887 Change-Id: I1d8a03dcc20e524d30c967f6fe15f6401de77612 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706619Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#81179}

[flags] Disable flags freezing in tests, fuzzers, and others
This CL explicitly disables the --freeze-flags-after-init flag for cases where we modify flags after initialization. This is only tests, fuzzers, and special options to d8, thus not security relevant. These should be the last blockers for enabling the flag globally. R=cbruni@chromium.org Bug: v8:12887 Change-Id: I1d8a03dcc20e524d30c967f6fe15f6401de77612 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3706619Reviewed-by: Camillo Bruni <cbruni@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#81179}
46e95920 · Clemens Backes · V8 LUCI CQ · 53efe484 · 46e95920 · 46e95920
Commit 46e95920 authored Jun 15, 2022 by Clemens Backes Committed by V8 LUCI CQ Jun 15, 2022
5 changed files
--- a/src/d8/d8.cc
+++ b/src/d8/d8.cc
@@ -4659,8 +4659,7 @@ bool Shell::SetOptions(int argc, char* argv[]) {
            ShellOptions::CodeCacheOptions::kProduceCache;
      } else if (strncmp(value, "=none", 6) == 0) {
        options.compile_options = v8::ScriptCompiler::kNoCompileOptions;
-        options.code_cache_options =
-            ShellOptions::CodeCacheOptions::kNoProduceCache;
+        options.code_cache_options = ShellOptions::kNoProduceCache;
      } else if (strncmp(value, "=after-execute", 15) == 0) {
        options.compile_options = v8::ScriptCompiler::kNoCompileOptions;
        options.code_cache_options =
@@ -5521,6 +5520,15 @@ int Shell::Main(int argc, char* argv[]) {
    i::SandboxTesting::InstallSandboxCrashFilter();
  }
 #endif
+
+  // Disable flag freezing if we are producing a code cache, because for that we
+  // modify FLAG_hash_seed (below).
+  // Also --stress-opt modifies flags between runs.
+  if (options.code_cache_options != ShellOptions::kNoProduceCache ||
+      options.stress_opt) {
+    i::FLAG_freeze_flags_after_init = false;
+  }
+
  v8::V8::Initialize();
  if (options.snapshot_blob) {
    v8::V8::InitializeExternalStartupDataFromFile(options.snapshot_blob);
@@ -5656,8 +5664,7 @@ int Shell::Main(int argc, char* argv[]) {
          bool last_run = i == options.stress_runs - 1;
          result = RunMain(isolate, last_run);
        }
-      } else if (options.code_cache_options !=
-                 ShellOptions::CodeCacheOptions::kNoProduceCache) {
+      } else if (options.code_cache_options != ShellOptions::kNoProduceCache) {
        {
          // Park the main thread here in case the new isolate wants to perform
          // a shared GC to prevent a deadlock.
@@ -5692,8 +5699,7 @@ int Shell::Main(int argc, char* argv[]) {
                   v8::ScriptCompiler::kNoCompileOptions);
        options.compile_options.Overwrite(
            v8::ScriptCompiler::kConsumeCodeCache);
-        options.code_cache_options.Overwrite(
-            ShellOptions::CodeCacheOptions::kNoProduceCache);
+        options.code_cache_options.Overwrite(ShellOptions::kNoProduceCache);

        printf("============ Run: Consume code cache ============\n");
        // Second run to consume the cache in current isolate

--- a/test/cctest/cctest.cc
+++ b/test/cctest/cctest.cc
@@ -123,6 +123,11 @@ void CcTest::Run(const char* snapshot_directory) {
  CHECK(v8::V8::InitializeSandbox());
 #endif
  cppgc::InitializeProcess(platform->GetPageAllocator());
+
+  // Allow changing flags in cctests.
+  // TODO(12887): Fix tests to avoid changing flag values after initialization.
+  i::FLAG_freeze_flags_after_init = false;
+
  v8::V8::Initialize();
  v8::V8::InitializeExternalStartupData(snapshot_directory);


--- a/test/fuzzer/fuzzer-support.cc
+++ b/test/fuzzer/fuzzer-support.cc
@@ -17,7 +17,12 @@
 namespace v8_fuzzer {

 FuzzerSupport::FuzzerSupport(int* argc, char*** argv) {
-  v8::internal::FLAG_expose_gc = true;
+  i::FLAG_expose_gc = true;
+
+  // Allow changing flags in fuzzers.
+  // TODO(12887): Refactor fuzzers to not change flags after initialization.
+  i::FLAG_freeze_flags_after_init = false;
+
  v8::V8::SetFlagsFromCommandLine(argc, *argv, true);
  v8::V8::InitializeICUDefaultLocation((*argv)[0]);
  v8::V8::InitializeExternalStartupData((*argv)[0]);

--- a/test/unittests/interpreter/generate-bytecode-expectations.cc
+++ b/test/unittests/interpreter/generate-bytecode-expectations.cc
@@ -340,6 +340,10 @@ V8InitializationScope::V8InitializationScope(const char* exec_path)
  i::FLAG_allow_natives_syntax = true;
  i::FLAG_enable_lazy_source_positions = false;

+  // The bytecode expectations printer changes flags; this is not security
+  // relevant, allow this.
+  i::FLAG_freeze_flags_after_init = false;
+
  v8::V8::InitializeICUDefaultLocation(exec_path);
  v8::V8::InitializeExternalStartupData(exec_path);
  v8::V8::InitializePlatform(platform_.get());

--- a/test/unittests/test-utils.h
+++ b/test/unittests/test-utils.h
@@ -39,7 +39,11 @@ class WithDefaultPlatformMixin : public TMixin {
    v8::V8::InitializePlatform(platform_.get());
 #ifdef V8_ENABLE_SANDBOX
    CHECK(v8::V8::InitializeSandbox());
-#endif  // V8_ENABLE_SANDBOX
+#endif
+    // Allow changing flags in unit tests.
+    // TODO(12887): Fix tests to avoid changing flag values after
+    // initialization.
+    i::FLAG_freeze_flags_after_init = false;
    v8::V8::Initialize();
  }