[d8] Simulate errors before disposing flags

Calling {V8::Dispose} resets flag values, but error simulation relies on
{FLAG_random_seed}. Thus simulate errors before disposing V8.

R=machenbach@chromium.org

Bug: chromium:1168290
Change-Id: Ie3bc921d6dd1dbaece68ef0b801d8b25ba97585f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3315441Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78252}

src/d8/d8.cc

@@ -3360,6 +3360,14 @@ void Shell::OnExit(v8::Isolate* isolate, bool dispose) {
     i::Isolate::Delete(reinterpret_cast<i::Isolate*>(shared_isolate));
   }
 
+  // Simulate errors before disposing V8, as that resets flags (via
+  // FlagList::ResetAllFlags()), but error simulation reads the random seed.
+  if (options.simulate_errors && is_valid_fuzz_script()) {
+    // Simulate several errors detectable by fuzzers behind a flag if the
+    // minimum file size for fuzzing was executed.
+    FuzzerMonitor::SimulateErrors();
+  }
+
   if (dispose) {
     V8::Dispose();
     V8::DisposePlatform();
@@ -3422,12 +3430,6 @@ void Shell::OnExit(v8::Isolate* isolate, bool dispose) {
     delete counters_file_;
     delete counter_map_;
   }
-
-  if (options.simulate_errors && is_valid_fuzz_script()) {
-    // Simulate several errors detectable by fuzzers behind a flag if the
-    // minimum file size for fuzzing was executed.
-    FuzzerMonitor::SimulateErrors();
-  }
 }
 
 void Dummy(char* arg) {}