[sandbox] Turn V8_SANDBOX into V8_ENABLE_SANDBOX

This is more consistent with similar features, for example V8_ENABLE_WEBASSEMBLY or V8_ENABLE_MAGLEV. Drive-by: remove V8_SANDBOX_IS_AVAILABLE as it's no longer needed. Bug: v8:10391 Change-Id: I8658c5b0c331a4c73892737083b2c2f9b8f84056 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647355 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Samuel Groß <saelo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#80530}

[sandbox] Turn V8_SANDBOX into V8_ENABLE_SANDBOX
This is more consistent with similar features, for example V8_ENABLE_WEBASSEMBLY or V8_ENABLE_MAGLEV. Drive-by: remove V8_SANDBOX_IS_AVAILABLE as it's no longer needed. Bug: v8:10391 Change-Id: I8658c5b0c331a4c73892737083b2c2f9b8f84056 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3647355 Commit-Queue: Toon Verwaest <verwaest@chromium.org> Auto-Submit: Samuel Groß <saelo@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/main@{#80530}
6f5f5662 · Samuel Groß · V8 LUCI CQ · fa8c5950 · 6f5f5662 · 6f5f5662
Commit 6f5f5662 authored May 13, 2022 by Samuel Groß Committed by V8 LUCI CQ May 13, 2022
30 changed files
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -301,7 +301,7 @@ declare_args() {
  v8_enable_zone_compression = ""
  # Enable the experimental V8 sandbox.
-  # Sets -DV8_SANDBOX.
+  # Sets -DV8_ENABLE_SANDBOX.
  v8_enable_sandbox = ""
  # Enable external pointer sandboxing. Requires v8_enable_sandbox.
@@ -718,7 +718,8 @@ external_v8_defines = [
  "V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE",
  "V8_31BIT_SMIS_ON_64BIT_ARCH",
  "V8_COMPRESS_ZONES",
-  "V8_SANDBOX",
+  "V8_ENABLE_SANDBOX",
+  "V8_SANDBOX",  # TODO(saelo) remove once no longer used in blink
  "V8_SANDBOXED_POINTERS",
  "V8_SANDBOXED_EXTERNAL_POINTERS",
  "V8_DEPRECATION_WARNINGS",
@@ -750,6 +751,7 @@ if (v8_enable_zone_compression) {
 }
 if (v8_enable_sandbox) {
  enabled_external_v8_defines += [ "V8_SANDBOX" ]
+  enabled_external_v8_defines += [ "V8_ENABLE_SANDBOX" ]
 }
 if (v8_enable_sandboxed_pointers) {
  enabled_external_v8_defines += [ "V8_SANDBOXED_POINTERS" ]

--- a/include/v8-initialization.h
+++ b/include/v8-initialization.h
@@ -185,7 +185,7 @@ class V8_EXPORT V8 {
   */
  static void DisposePlatform();
-#ifdef V8_SANDBOX
+#if defined(V8_ENABLE_SANDBOX)
  //
  // Sandbox related API.
  //
@@ -200,8 +200,9 @@ class V8_EXPORT V8 {
   * Returns true on success, false otherwise.
   *
   * TODO(saelo) Once it is no longer optional to initialize the sandbox when
-   * compiling with V8_SANDBOX, the sandbox initialization will likely happen
+   * compiling with V8_ENABLE_SANDBOX, the sandbox initialization will likely
-   * as part of V8::Initialize, at which point this function should be removed.
+   * happen as part of V8::Initialize, at which point this function should be
+   * removed.
   */
  static bool InitializeSandbox();
  V8_DEPRECATED("Use InitializeSandbox()")
@@ -250,7 +251,7 @@ class V8_EXPORT V8 {
  static bool IsUsingSecureVirtualMemoryCage() {
    return IsSandboxConfiguredSecurely();
  }
-#endif
+#endif  // V8_ENABLE_SANDBOX
  /**
   * Activate trap-based bounds checking for WebAssembly.

--- a/include/v8-internal.h
+++ b/include/v8-internal.h
@@ -157,7 +157,7 @@ V8_INLINE static constexpr internal::Address IntToSmi(int value) {
 * Sandbox related types, constants, and functions.
 */
 constexpr bool SandboxIsEnabled() {
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  return true;
 #else
  return false;
@@ -185,7 +185,7 @@ using ExternalPointer_t = uint32_t;
 using ExternalPointer_t = Address;
 #endif
-#ifdef V8_SANDBOX_IS_AVAILABLE
+#ifdef V8_ENABLE_SANDBOX
 // Size of the sandbox, excluding the guard regions surrounding it.
 constexpr size_t kSandboxSizeLog2 = 40;  // 1 TB
@@ -276,7 +276,7 @@ static_assert((1 << (32 - kExternalPointerIndexShift)) ==
              "kExternalPointerTableReservationSize and "
              "kExternalPointerIndexShift don't match");
-#endif  // V8_SANDBOX_IS_AVAILABLE
+#endif  // V8_ENABLE_SANDBOX
 // If sandboxed external pointers are enabled, these tag values will be ORed
 // with the external pointers in the external pointer table to prevent use of

--- a/include/v8config.h
+++ b/include/v8config.h
@@ -580,17 +580,6 @@ V8 shared library set USING_V8_SHARED.
 #endif  // V8_OS_WIN
-// The sandbox is available (i.e. defined) when pointer compression
-// is enabled, but it is only used when V8_SANDBOX is enabled as
-// well. This allows better test coverage of the sandbox.
-#if defined(V8_COMPRESS_POINTERS)
-#define V8_SANDBOX_IS_AVAILABLE
-#endif
-#if defined(V8_SANDBOX) && !defined(V8_SANDBOX_IS_AVAILABLE)
-#error Inconsistent configuration: sandbox is enabled but not available
-#endif
 // From C++17 onwards, static constexpr member variables are defined to be
 // "inline", and adding a separate definition for them can trigger deprecation
 // warnings. For C++14 and below, however, these definitions are required.

--- a/src/api/api.cc
+++ b/src/api/api.cc
@@ -6038,9 +6038,9 @@ void v8::V8::InitializePlatform(Platform* platform) {
  i::V8::InitializePlatform(platform);
 }
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
 bool v8::V8::InitializeSandbox() { return i::V8::InitializeSandbox(); }
-#endif
+#endif  // V8_ENABLE_SANDBOX
 void v8::V8::DisposePlatform() { i::V8::DisposePlatform(); }
@@ -6075,12 +6075,12 @@ bool v8::V8::Initialize(const int build_config) {
  }
  const bool kEmbedderSandbox = (build_config & kSandbox) != 0;
-  if (kEmbedderSandbox != V8_SANDBOX_BOOL) {
+  if (kEmbedderSandbox != V8_ENABLE_SANDBOX_BOOL) {
    FATAL(
        "Embedder-vs-V8 build configuration mismatch. On embedder side "
        "sandbox is %s while on V8 side it's %s.",
        kEmbedderSandbox ? "ENABLED" : "DISABLED",
-        V8_SANDBOX_BOOL ? "ENABLED" : "DISABLED");
+        V8_ENABLE_SANDBOX_BOOL ? "ENABLED" : "DISABLED");
  }
  i::V8::Initialize();
@@ -6205,7 +6205,7 @@ void v8::V8::InitializeExternalStartupDataFromFile(const char* snapshot_blob) {
 const char* v8::V8::GetVersion() { return i::Version::GetVersion(); }
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
 VirtualAddressSpace* v8::V8::GetSandboxAddressSpace() {
  Utils::ApiCheck(i::GetProcessWideSandbox()->is_initialized(),
                  "v8::V8::GetSandboxAddressSpace",
@@ -6238,7 +6238,7 @@ bool v8::V8::IsSandboxConfiguredSecurely() {
  // insecure because these pointers can then access memory outside of them.
  return !i::GetProcessWideSandbox()->is_partially_reserved();
 }
-#endif
+#endif  // V8_ENABLE_SANDBOX
 void V8::GetSharedMemoryStatistics(SharedMemoryStatistics* statistics) {
  i::ReadOnlyHeap::PopulateReadOnlySpaceStatistics(statistics);

--- a/src/d8/d8.cc
+++ b/src/d8/d8.cc
@@ -5439,7 +5439,7 @@ int Shell::Main(int argc, char* argv[]) {
    V8::SetFlagsFromString("--redirect-code-traces-to=code.asm");
  }
  v8::V8::InitializePlatform(g_platform.get());
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  if (!v8::V8::InitializeSandbox()) {
    FATAL("Could not initialize the sandbox");
  }

--- a/src/flags/flag-definitions.h
+++ b/src/flags/flag-definitions.h
@@ -178,15 +178,15 @@ struct MaybeBoolFlag {
 #define V8_SANDBOXED_EXTERNAL_POINTERS_BOOL false
 #endif
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
-#define V8_SANDBOX_BOOL true
+#define V8_ENABLE_SANDBOX_BOOL true
 #else
-#define V8_SANDBOX_BOOL false
+#define V8_ENABLE_SANDBOX_BOOL false
 #endif
 // D8's MultiMappedAllocator is only available on Linux, and only if the sandbox
 // is not enabled.
-#if V8_OS_LINUX && !V8_SANDBOX_BOOL
+#if V8_OS_LINUX && !V8_ENABLE_SANDBOX_BOOL
 #define MULTI_MAPPED_ALLOCATOR_AVAILABLE true
 #else
 #define MULTI_MAPPED_ALLOCATOR_AVAILABLE false

--- a/src/init/isolate-allocator.cc
+++ b/src/init/isolate-allocator.cc
@@ -76,7 +76,7 @@ void IsolateAllocator::InitializeOncePerProcess() {
 #ifdef V8_COMPRESS_POINTERS_IN_SHARED_CAGE
  PtrComprCageReservationParams params;
  base::AddressRegion existing_reservation;
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  // For now, we allow the sandbox to be disabled even when compiling with
  // v8_enable_sandbox. This fallback will be disallowed in the future, at the
  // latest once sandboxed pointers are enabled.

--- a/src/init/v8.cc
+++ b/src/init/v8.cc
@@ -103,14 +103,14 @@ void V8::InitializePlatform(v8::Platform* platform) {
  AdvanceStartupState(V8StartupState::kPlatformInitialized);
 }
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
 bool V8::InitializeSandbox() {
  // Platform must have been initialized already.
  CHECK(platform_);
  v8::VirtualAddressSpace* vas = GetPlatformVirtualAddressSpace();
  return GetProcessWideSandbox()->Initialize(vas);
 }
-#endif  // V8_SANDBOX
+#endif  // V8_ENABLE_SANDBOX
 #define DISABLE_FLAG(flag)                                                    \
  if (FLAG_##flag) {                                                          \
@@ -123,14 +123,14 @@ void V8::Initialize() {
  AdvanceStartupState(V8StartupState::kV8Initializing);
  CHECK(platform_);
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  if (!GetProcessWideSandbox()->is_initialized()) {
    // For now, we still allow the cage to be disabled even if V8 was compiled
-    // with V8_SANDBOX. This will eventually be forbidden.
+    // with V8_ENABLE_SANDBOX. This will eventually be forbidden.
    CHECK(kAllowBackingStoresOutsideSandbox);
    GetProcessWideSandbox()->Disable();
  }
-#endif
+#endif  // V8_ENABLE_SANDBOX
  // Update logging information before enforcing flag implications.
  bool* log_all_flags[] = {&FLAG_turbo_profiling_log_builtins,
@@ -286,11 +286,11 @@ void V8::DisposePlatform() {
  v8::tracing::TracingCategoryObserver::TearDown();
  v8::base::SetPrintStackTrace(nullptr);
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  // TODO(chromium:1218005) alternatively, this could move to its own
  // public TearDownSandbox function.
  GetProcessWideSandbox()->TearDown();
-#endif
+#endif  // V8_ENABLE_SANDBOX
  platform_ = nullptr;
  AdvanceStartupState(V8StartupState::kPlatformDisposed);

--- a/src/init/v8.h
+++ b/src/init/v8.h
@@ -29,7 +29,7 @@ class V8 : public AllStatic {
  [[noreturn]] V8_EXPORT_PRIVATE static void FatalProcessOutOfMemory(
      Isolate* isolate, const char* location, bool is_heap_oom = false);
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  static bool InitializeSandbox();
 #endif

--- a/src/logging/counters-definitions.h
+++ b/src/logging/counters-definitions.h
@@ -109,7 +109,7 @@ namespace internal {
  HR(wasm_cache_count, V8.WasmCacheCount, 0, 100, 101)                         \
  SANDBOXED_HISTOGRAM_LIST(HR)
-#ifdef V8_SANDBOX_IS_AVAILABLE
+#ifdef V8_ENABLE_SANDBOX
 #define SANDBOXED_HISTOGRAM_LIST(HR)                                          \
  /* Number of in-use external pointers in the external pointer table */      \
  /* Counted after sweeping the table at the end of mark-compact GC */        \
@@ -117,7 +117,7 @@ namespace internal {
     kMaxSandboxedExternalPointers, 101)
 #else
 #define SANDBOXED_HISTOGRAM_LIST(HR)
-#endif  // V8_SANDBOX_IS_AVAILABLE
+#endif  // V8_ENABLE_SANDBOX
 #define NESTED_TIMED_HISTOGRAM_LIST(HT)                                       \
  /* Timer histograms, not thread safe: HT(name, caption, max, unit) */       \

--- a/src/objects/backing-store.cc
+++ b/src/objects/backing-store.cc
@@ -115,7 +115,7 @@ void RecordStatus(Isolate* isolate, AllocationStatus status) {
 // that the memory could not be allocated at all.
 void RecordSandboxMemoryAllocationResult(Isolate* isolate, void* result) {
  // This metric is only meaningful when the sandbox is active.
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  if (GetProcessWideSandbox()->is_initialized()) {
    CagedMemoryAllocationOutcome outcome;
    if (result) {
@@ -128,7 +128,7 @@ void RecordSandboxMemoryAllocationResult(Isolate* isolate, void* result) {
    isolate->counters()->caged_memory_allocation_outcome()->AddSample(
        static_cast<int>(outcome));
  }
-#endif
+#endif  // V8_ENABLE_SANDBOX
 }
 inline void DebugCheckZero(void* start, size_t byte_length) {
@@ -211,13 +211,13 @@ BackingStore::~BackingStore() {
  // TODO(saelo) here and elsewhere in this file, replace with
  // GetArrayBufferPageAllocator once the fallback to the platform page
  // allocator is no longer allowed.
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  if (GetProcessWideSandbox()->Contains(buffer_start_)) {
    page_allocator = GetSandboxPageAllocator();
  } else {
    DCHECK(kAllowBackingStoresOutsideSandbox);
  }
-#endif
+#endif  // V8_ENABLE_SANDBOX
 #if V8_ENABLE_WEBASSEMBLY
  if (is_wasm_memory_) {
@@ -426,7 +426,7 @@ std::unique_ptr<BackingStore> BackingStore::TryAllocateAndPartiallyCommitMemory(
  void* allocation_base = nullptr;
  PageAllocator* page_allocator = GetPlatformPageAllocator();
  auto allocate_pages = [&] {
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
    page_allocator = GetSandboxPageAllocator();
    allocation_base = AllocatePages(page_allocator, nullptr, reservation_size,
                                    page_size, PageAllocator::kNoAccess);
@@ -439,7 +439,7 @@ std::unique_ptr<BackingStore> BackingStore::TryAllocateAndPartiallyCommitMemory(
    // or not.
    if (!kAllowBackingStoresOutsideSandbox) return false;
    page_allocator = GetPlatformPageAllocator();
-#endif
+#endif  // V8_ENABLE_SANDBOX
    allocation_base = AllocatePages(page_allocator, nullptr, reservation_size,
                                    page_size, PageAllocator::kNoAccess);
    return allocation_base != nullptr;

--- a/src/sandbox/external-pointer-table-inl.h
+++ b/src/sandbox/external-pointer-table-inl.h
@@ -10,7 +10,7 @@
 #include "src/sandbox/external-pointer.h"
 #include "src/utils/allocation.h"
-#ifdef V8_SANDBOX_IS_AVAILABLE
+#ifdef V8_ENABLE_SANDBOX
 namespace v8 {
 namespace internal {
@@ -144,6 +144,6 @@ void ExternalPointerTable::Mark(uint32_t index) {
 }  // namespace internal
 }  // namespace v8
-#endif  // V8_SANDBOX_IS_AVAILABLE
+#endif  // V8_ENABLE_SANDBOX
 #endif  // V8_SANDBOX_EXTERNAL_POINTER_TABLE_INL_H_
--- a/src/sandbox/external-pointer-table.cc
+++ b/src/sandbox/external-pointer-table.cc
@@ -10,7 +10,7 @@
 #include "src/logging/counters.h"
 #include "src/sandbox/external-pointer-table-inl.h"
-#ifdef V8_SANDBOX_IS_AVAILABLE
+#ifdef V8_ENABLE_SANDBOX
 namespace v8 {
 namespace internal {
@@ -94,4 +94,4 @@ uint32_t ExternalPointerTable::Grow() {
 }  // namespace internal
 }  // namespace v8
-#endif  // V8_SANDBOX_IS_AVAILABLE
+#endif  // V8_ENABLE_SANDBOX
--- a/src/sandbox/external-pointer-table.h
+++ b/src/sandbox/external-pointer-table.h
@@ -11,7 +11,7 @@
 #include "src/base/platform/mutex.h"
 #include "src/common/globals.h"
-#ifdef V8_SANDBOX_IS_AVAILABLE
+#ifdef V8_ENABLE_SANDBOX
 namespace v8 {
 namespace internal {
@@ -200,6 +200,6 @@ class V8_EXPORT_PRIVATE ExternalPointerTable {
 }  // namespace internal
 }  // namespace v8
-#endif  // V8_SANDBOX_IS_AVAILABLE
+#endif  // V8_ENABLE_SANDBOX
 #endif  // V8_SANDBOX_EXTERNAL_POINTER_TABLE_H_
--- a/src/sandbox/sandbox.cc
+++ b/src/sandbox/sandbox.cc
@@ -26,7 +26,7 @@
 namespace v8 {
 namespace internal {
-#ifdef V8_SANDBOX_IS_AVAILABLE
+#ifdef V8_ENABLE_SANDBOX
 // Best-effort helper function to determine the size of the userspace virtual
 // address space. Used to determine appropriate sandbox size and placement.
@@ -322,9 +322,9 @@ void Sandbox::TearDown() {
  disabled_ = false;
 }
-#endif  // V8_SANDBOX_IS_AVAILABLE
+#endif  // V8_ENABLE_SANDBOX
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
 DEFINE_LAZY_LEAKY_OBJECT_GETTER(Sandbox, GetProcessWideSandbox)
 #endif

--- a/src/sandbox/sandbox.h
+++ b/src/sandbox/sandbox.h
@@ -15,7 +15,7 @@ namespace v8 {
 namespace internal {
-#ifdef V8_SANDBOX_IS_AVAILABLE
+#ifdef V8_ENABLE_SANDBOX
 /**
 * The V8 Sandbox.
@@ -173,9 +173,9 @@ class V8_EXPORT_PRIVATE Sandbox {
 #endif
 };
-#endif  // V8_SANDBOX_IS_AVAILABLE
+#endif  // V8_ENABLE_SANDBOX
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
 // This function is only available when the sandbox is actually used.
 V8_EXPORT_PRIVATE Sandbox* GetProcessWideSandbox();
 #endif

--- a/src/snapshot/mksnapshot.cc
+++ b/src/snapshot/mksnapshot.cc
@@ -246,7 +246,7 @@ int main(int argc, char** argv) {
  v8::V8::InitializeICUDefaultLocation(argv[0]);
  std::unique_ptr<v8::Platform> platform = v8::platform::NewDefaultPlatform();
  v8::V8::InitializePlatform(platform.get());
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  if (!v8::V8::InitializeSandbox()) {
    FATAL("Could not initialize the sandbox");
  }

--- a/src/utils/allocation.cc
+++ b/src/utils/allocation.cc
@@ -96,7 +96,7 @@ v8::VirtualAddressSpace* GetPlatformVirtualAddressSpace() {
  return vas.get();
 }
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
 v8::PageAllocator* GetSandboxPageAllocator() {
  // TODO(chromium:1218005) remove this code once the cage is no longer
  // optional.

--- a/src/utils/allocation.h
+++ b/src/utils/allocation.h
@@ -101,7 +101,7 @@ V8_EXPORT_PRIVATE v8::PageAllocator* GetPlatformPageAllocator();
 // pointer.
 V8_EXPORT_PRIVATE v8::VirtualAddressSpace* GetPlatformVirtualAddressSpace();
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
 // Returns the page allocator instance for allocating pages inside the sandbox.
 // Guaranteed to be a valid pointer.
 V8_EXPORT_PRIVATE v8::PageAllocator* GetSandboxPageAllocator();
@@ -112,7 +112,7 @@ V8_EXPORT_PRIVATE v8::PageAllocator* GetSandboxPageAllocator();
 // sandbox and so this will be the SandboxPageAllocator. Otherwise it will be
 // the PlatformPageAllocator.
 inline v8::PageAllocator* GetArrayBufferPageAllocator() {
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  return GetSandboxPageAllocator();
 #else
  return GetPlatformPageAllocator();

--- a/src/wasm/c-api.cc
+++ b/src/wasm/c-api.cc
@@ -393,7 +393,7 @@ auto Engine::make(own<Config>&& config) -> own<Engine> {
  if (!engine) return own<Engine>();
  engine->platform = v8::platform::NewDefaultPlatform();
  v8::V8::InitializePlatform(engine->platform.get());
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  if (!v8::V8::InitializeSandbox()) {
    FATAL("Could not initialize the sandbox");
  }

--- a/test/cctest/cctest.cc
+++ b/test/cctest/cctest.cc
@@ -119,7 +119,7 @@ void CcTest::Run(const char* snapshot_directory) {
    platform = std::move(underlying_default_platform);
  }
  v8::V8::InitializePlatform(platform.get());
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  CHECK(v8::V8::InitializeSandbox());
 #endif
  cppgc::InitializeProcess(platform->GetPageAllocator());

--- a/test/fuzzer/fuzzer-support.cc
+++ b/test/fuzzer/fuzzer-support.cc
@@ -23,7 +23,7 @@ FuzzerSupport::FuzzerSupport(int* argc, char*** argv) {
  v8::V8::InitializeExternalStartupData((*argv)[0]);
  platform_ = v8::platform::NewDefaultPlatform();
  v8::V8::InitializePlatform(platform_.get());
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  if (!v8::V8::InitializeSandbox()) {
    FATAL("Could not initialize the sandbox");
  }

--- a/test/inspector/inspector-test.cc
+++ b/test/inspector/inspector-test.cc
@@ -795,7 +795,7 @@ int InspectorTestMain(int argc, char* argv[]) {
  v8::V8::InitializeICUDefaultLocation(argv[0]);
  std::unique_ptr<Platform> platform(platform::NewDefaultPlatform());
  v8::V8::InitializePlatform(platform.get());
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  if (!v8::V8::InitializeSandbox()) {
    FATAL("Could not initialize the sandbox");
  }

--- a/test/mkgrokdump/mkgrokdump.cc
+++ b/test/mkgrokdump/mkgrokdump.cc
@@ -117,7 +117,7 @@ static int DumpHeapConstants(FILE* out, const char* argv0) {
  // Start up V8.
  std::unique_ptr<v8::Platform> platform = v8::platform::NewDefaultPlatform();
  v8::V8::InitializePlatform(platform.get());
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  if (!v8::V8::InitializeSandbox()) {
    FATAL("Could not initialize the sandbox");
  }

--- a/test/unittests/heap/cppgc/tests.cc
+++ b/test/unittests/heap/cppgc/tests.cc
@@ -29,9 +29,9 @@ void TestWithPlatform::SetUpTestSuite() {
  // For non-standalone builds, we need to initialize V8's platform so that it
  // can be looked-up by trace-event.h.
  v8::V8::InitializePlatform(platform_->GetV8Platform());
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
  CHECK(v8::V8::InitializeSandbox());
-#endif  // V8_SANDBOX
+#endif  // V8_ENABLE_SANDBOX
  v8::V8::Initialize();
 #endif  // !CPPGC_IS_STANDALONE
 }

--- a/test/unittests/heap/unmapper-unittest.cc
+++ b/test/unittests/heap/unmapper-unittest.cc
@@ -279,7 +279,7 @@ class TrackingPageAllocator : public ::v8::PageAllocator {
 // This test is currently incompatible with the sandbox. Enable it
 // once the VirtualAddressSpace interface is stable.
-#if !V8_OS_FUCHSIA && !V8_SANDBOX
+#if !V8_OS_FUCHSIA && !V8_ENABLE_SANDBOX
 template <typename TMixin>
 class SequentialUnmapperTestMixin : public TMixin {
@@ -319,7 +319,7 @@ class SequentialUnmapperTest : public                                     //
    // TrackingPageAllocator.
    // The pointer cage must be destroyed before the sandbox.
    IsolateAllocator::FreeProcessWidePtrComprCageForTesting();
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
    // Reinitialze the sandbox so it uses the TrackingPageAllocator.
    GetProcessWideSandbox()->TearDown();
    constexpr bool use_guard_regions = false;
@@ -336,7 +336,7 @@ class SequentialUnmapperTest : public                                     //
    // freed until process teardown.
    IsolateAllocator::FreeProcessWidePtrComprCageForTesting();
 #endif
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
    GetProcessWideSandbox()->TearDown();
 #endif
    i::FLAG_concurrent_sweeping = old_flag_;
@@ -432,7 +432,7 @@ TEST_F(SequentialUnmapperTest, UnmapOnTeardown) {
  tracking_page_allocator()->CheckIsFree(page->address(), page_size);
 #endif  // V8_COMPRESS_POINTERS
 }
-#endif  // !V8_OS_FUCHSIA && !V8_SANDBOX
+#endif  // !V8_OS_FUCHSIA && !V8_ENABLE_SANDBOX
 }  // namespace internal
 }  // namespace v8
--- a/test/unittests/libplatform/single-threaded-default-platform-unittest.cc
+++ b/test/unittests/libplatform/single-threaded-default-platform-unittest.cc
@@ -15,9 +15,9 @@ class WithSingleThreadedDefaultPlatformMixin : public TMixin {
    platform_ = v8::platform::NewSingleThreadedDefaultPlatform();
    CHECK_NOT_NULL(platform_.get());
    v8::V8::InitializePlatform(platform_.get());
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
    CHECK(v8::V8::InitializeSandbox());
-#endif  // V8_SANDBOX
+#endif  // V8_ENABLE_SANDBOX
    v8::V8::Initialize();
  }

--- a/test/unittests/sandbox/sandbox-unittest.cc
+++ b/test/unittests/sandbox/sandbox-unittest.cc
@@ -9,7 +9,7 @@
 #include "src/base/virtual-address-space.h"
 #include "test/unittests/test-utils.h"
-#ifdef V8_SANDBOX_IS_AVAILABLE
+#ifdef V8_ENABLE_SANDBOX
 namespace v8 {
 namespace internal {
@@ -152,4 +152,4 @@ TEST(SandboxTest, PartiallyReservedSandboxPageAllocation) {
 }  // namespace internal
 }  // namespace v8
-#endif  // V8_SANDBOX_IS_AVAILABLE
+#endif  // V8_ENABLE_SANDBOX
--- a/test/unittests/test-utils.h
+++ b/test/unittests/test-utils.h
@@ -37,9 +37,9 @@ class WithDefaultPlatformMixin : public TMixin {
        0, v8::platform::IdleTaskSupport::kEnabled);
    CHECK_NOT_NULL(platform_.get());
    v8::V8::InitializePlatform(platform_.get());
-#ifdef V8_SANDBOX
+#ifdef V8_ENABLE_SANDBOX
    CHECK(v8::V8::InitializeSandbox());
-#endif  // V8_SANDBOX
+#endif  // V8_ENABLE_SANDBOX
    v8::V8::Initialize();
  }