Reland "[build] Make separate snapshot for trusted variant"

This is a reland of 40d66d8bf8 The fix disambiguates duplicate symbols in the generated embedded builtins file. Original change's description: > [build] Make separate snapshot for trusted variant > > This enables side-by-side snapshots with and without untrusted-code > mitigations. It'll be the default in all V8 stand-alone builds > with external startup data. Internal snapshots are not supported. > > The files snapshot_blob.bin and snapshot_blob_trusted.bin will be > bundled with V8 on swarming and the correct file is loaded dependent > on the --untrusted-code-mitigations runtime flag. > > Likewise we embed two snapshots for builtins. > > Side-by-side snapshots won't be supported in Chromium. > > Bug: v8:7441 > Change-Id: I2949ddfd5773649946b1c8e74751d48ad1d9c524 > Reviewed-on: https://chromium-review.googlesource.com/960004 > Commit-Queue: Michael Achenbach <machenbach@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Cr-Commit-Position: refs/heads/master@{#52028} Bug: v8:7441 Change-Id: I626171d4e07389f0453b4d0a698e2772fd37e8c5 Reviewed-on: https://chromium-review.googlesource.com/968623 Commit-Queue: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#52055}
2018-03-20 11:16:14 +01:00 · 2018-03-20 11:16:14 +01:00 · f0940a6390
commit f0940a6390
parent 48f1fc71cf
10 changed files with 146 additions and 22 deletions
--- a/BUILD.gn
+++ b/BUILD.gn
@ -9,6 +9,7 @@ import("//build/config/host_byteorder.gni")
 import("//build/config/jumbo.gni")
 import("//build/config/mips.gni")
 import("//build/config/sanitizers/sanitizers.gni")
+import("//build_overrides/build.gni")

 if (is_android) {
  import("//build/config/android/rules.gni")
@ -326,6 +327,9 @@ config("features") {
  if (v8_enable_embedded_builtins) {
    defines += [ "V8_EMBEDDED_BUILTINS" ]
  }
+  if (v8_use_multi_snapshots) {
+    defines += [ "V8_MULTI_SNAPSHOTS" ]
+  }
 }

 config("toolchain") {
@ -718,6 +722,8 @@ action("d8_js2c") {
 if (is_android && enable_java_templates) {
  android_assets("v8_external_startup_data_assets") {
    if (v8_use_external_startup_data) {
+      # We don't support side-by-side snapshots on Android within Chromium.
+      assert(!v8_use_multi_snapshots)
      deps = [
        "//v8",
      ]
@ -805,8 +811,24 @@ action("postmortem-metadata") {
         rebase_path(sources, root_build_dir)
 }

-if (v8_use_snapshot) {
-  action("run_mksnapshot") {
+# Template to generate different V8 snapshots based on different runtime flags.
+# Can be invoked with run_mksnapshot(<name>). The target will resolve to
+# run_mksnapshot_<name>. If <name> is "default", no file suffixes will be used.
+# Otherwise files are suffixed, e.g. embedded_<name>.cc and
+# snapshot_blob_<name>.bin.
+#
+# The template exposes the variables:
+#   args: additional flags for mksnapshots
+#   embedded_suffix: a camel case suffix for method names in the embedded
+#       snapshot.
+template("run_mksnapshot") {
+  name = target_name
+  if (name == "default") {
+    suffix = ""
+  } else {
+    suffix = "_$name"
+  }
+  action("run_mksnapshot_" + name) {
    visibility = [ ":*" ]  # Only targets in this file can depend on this.

    deps = [
@ -826,12 +848,20 @@ if (v8_use_snapshot) {
      "--turbo_instruction_scheduling",
    ]

+    args += invoker.args
+
    if (v8_enable_embedded_builtins) {
-      outputs += [ "$target_gen_dir/embedded.cc" ]
+      outputs += [ "$target_gen_dir/embedded${suffix}.cc" ]
      args += [
        "--embedded_src",
-        rebase_path("$target_gen_dir/embedded.cc", root_build_dir),
+        rebase_path("$target_gen_dir/embedded${suffix}.cc", root_build_dir),
      ]
+      if (invoker.embedded_variant != "") {
+        args += [
+          "--embedded_variant",
+          invoker.embedded_variant,
+        ]
+      }
    }

    if (v8_random_seed != "0") {
@ -853,16 +883,16 @@ if (v8_use_snapshot) {
    }

    if (v8_use_external_startup_data) {
-      outputs += [ "$root_out_dir/snapshot_blob.bin" ]
+      outputs += [ "$root_out_dir/snapshot_blob${suffix}.bin" ]
      args += [
        "--startup_blob",
-        rebase_path("$root_out_dir/snapshot_blob.bin", root_build_dir),
+        rebase_path("$root_out_dir/snapshot_blob${suffix}.bin", root_build_dir),
      ]
    } else {
-      outputs += [ "$target_gen_dir/snapshot.cc" ]
+      outputs += [ "$target_gen_dir/snapshot${suffix}.cc" ]
      args += [
        "--startup_src",
-        rebase_path("$target_gen_dir/snapshot.cc", root_build_dir),
+        rebase_path("$target_gen_dir/snapshot${suffix}.cc", root_build_dir),
      ]
    }

@ -880,6 +910,23 @@ if (v8_use_snapshot) {
  }
 }

+if (v8_use_snapshot) {
+  run_mksnapshot("default") {
+    args = []
+    if (v8_enable_embedded_builtins) {
+      embedded_variant = "Default"
+    }
+  }
+  if (v8_use_multi_snapshots) {
+    run_mksnapshot("trusted") {
+      args = [ "--no-untrusted-code-mitigations" ]
+      if (v8_enable_embedded_builtins) {
+        embedded_variant = "Trusted"
+      }
+    }
+  }
+}
+
 action("v8_dump_build_config") {
  script = "tools/testrunner/utils/dump_build_config.py"
  outputs = [
@ -985,7 +1032,7 @@ if (v8_use_snapshot && !v8_use_external_startup_data) {
    public_deps = [
      # This should be public so downstream targets can declare the snapshot
      # output file as their inputs.
-      ":run_mksnapshot",
+      ":run_mksnapshot_default",
    ]

    sources = [
@ -1025,9 +1072,13 @@ if (v8_use_snapshot && v8_use_external_startup_data) {
    ]
    public_deps = [
      ":natives_blob",
-      ":run_mksnapshot",
+      ":run_mksnapshot_default",
    ]

+    if (v8_use_multi_snapshots) {
+      public_deps += [ ":run_mksnapshot_trusted" ]
+    }
+
    sources = [
      "src/setup-isolate-deserialize.cc",
      "src/snapshot/natives-external.cc",
@ -1036,6 +1087,9 @@ if (v8_use_snapshot && v8_use_external_startup_data) {

    if (v8_enable_embedded_builtins) {
      sources += [ "$target_gen_dir/embedded.cc" ]
+      if (v8_use_multi_snapshots) {
+        sources += [ "$target_gen_dir/embedded_trusted.cc" ]
+      }
    }

    configs = [ ":internal_config" ]
--- a/gni/isolate.gni
+++ b/gni/isolate.gni
@ -116,6 +116,11 @@ template("v8_isolate_run") {
      } else {
        use_snapshot = "false"
      }
+      if (v8_use_multi_snapshots) {
+        multi_snapshots = "1"
+      } else {
+        multi_snapshots = "0"
+      }
      if (v8_has_valgrind) {
        has_valgrind = "1"
      } else {
@ -175,6 +180,8 @@ template("v8_isolate_run") {
        "--config-variable",
        "ubsan_vptr=$ubsan_vptr",
        "--config-variable",
+        "v8_use_multi_snapshots=$multi_snapshots",
+        "--config-variable",
        "v8_use_external_startup_data=$use_external_startup_data",
        "--config-variable",
        "v8_use_snapshot=$use_snapshot",
--- a/gni/v8.gni
+++ b/gni/v8.gni
@ -37,6 +37,9 @@ declare_args() {
  # https://803591
  v8_use_snapshot = !(is_win && host_os != "win" && target_cpu == "x64")

+  # Enable several snapshots side-by-side (e.g. default and for trusted code).
+  v8_use_multi_snapshots = ""
+
  # Use external files for startup data blobs:
  # the JS builtins sources and the start snapshot.
  v8_use_external_startup_data = ""
@ -58,6 +61,10 @@ if (v8_use_external_startup_data == "") {
  v8_use_external_startup_data = v8_use_snapshot && !is_ios
 }

+if (v8_use_multi_snapshots == "") {
+  v8_use_multi_snapshots = v8_use_external_startup_data && !build_with_chromium
+}
+
 if (v8_enable_backtrace == "") {
  v8_enable_backtrace = is_debug && !v8_optimized_debug
 }
--- a/src/base.isolate
+++ b/src/base.isolate
@ -17,6 +17,13 @@
        ],
      },
    }],
+    ['v8_use_snapshot=="true" and v8_use_external_startup_data==1 and v8_use_multi_snapshots==1', {
+      'variables': {
+        'files': [
+          '<(PRODUCT_DIR)/snapshot_blob_trusted.bin',
+        ],
+      },
+    }],
    ['tsan==1', {
      'variables': {
        'files': [
--- a/src/flag-definitions.h
+++ b/src/flag-definitions.h
@ -1067,6 +1067,9 @@ DEFINE_INT(testing_prng_seed, 42, "Seed used for threading test randomness")
 // mksnapshot.cc
 DEFINE_STRING(embedded_src, nullptr,
              "Path for the generated embedded data file. (mksnapshot only)")
+DEFINE_STRING(
+    embedded_variant, nullptr,
+    "Label to disambiguate symbols in embedded data file. (mksnapshot only)")
 DEFINE_STRING(startup_src, nullptr,
              "Write V8 startup as C++ src. (mksnapshot only)")
 DEFINE_STRING(startup_blob, nullptr,
--- a/src/isolate.cc
+++ b/src/isolate.cc
@ -70,6 +70,11 @@ base::Atomic32 ThreadId::highest_thread_id_ = 0;
 extern const uint8_t* DefaultEmbeddedBlob();
 extern uint32_t DefaultEmbeddedBlobSize();

+#ifdef V8_MULTI_SNAPSHOTS
+extern const uint8_t* TrustedEmbeddedBlob();
+extern uint32_t TrustedEmbeddedBlobSize();
+#endif
+
 const uint8_t* Isolate::embedded_blob() const { return embedded_blob_; }
 uint32_t Isolate::embedded_blob_size() const { return embedded_blob_size_; }
 #endif
@ -2943,8 +2948,18 @@ bool Isolate::Init(StartupDeserializer* des) {
      new CompilerDispatcher(this, V8::GetCurrentPlatform(), FLAG_stack_size);

 #ifdef V8_EMBEDDED_BUILTINS
+#ifdef V8_MULTI_SNAPSHOTS
+  if (FLAG_untrusted_code_mitigations) {
+    embedded_blob_ = DefaultEmbeddedBlob();
+    embedded_blob_size_ = DefaultEmbeddedBlobSize();
+  } else {
+    embedded_blob_ = TrustedEmbeddedBlob();
+    embedded_blob_size_ = TrustedEmbeddedBlobSize();
+  }
+#else
  embedded_blob_ = DefaultEmbeddedBlob();
  embedded_blob_size_ = DefaultEmbeddedBlobSize();
+#endif
 #endif

  // Enable logging before setting up the heap
--- a/src/snapshot/embedded-empty.cc
+++ b/src/snapshot/embedded-empty.cc
@ -12,6 +12,12 @@ namespace internal {
 #ifdef V8_EMBEDDED_BUILTINS
 const uint8_t* DefaultEmbeddedBlob() { return nullptr; }
 uint32_t DefaultEmbeddedBlobSize() { return 0; }
+
+#ifdef V8_MULTI_SNAPSHOTS
+const uint8_t* TrustedEmbeddedBlob() { return nullptr; }
+uint32_t TrustedEmbeddedBlobSize() { return 0; }
+#endif
+
 #endif

 }  // namespace internal
--- a/src/snapshot/mksnapshot.cc
+++ b/src/snapshot/mksnapshot.cc
@ -26,6 +26,10 @@ class SnapshotWriter {
  void SetEmbeddedFile(const char* embedded_cpp_file) {
    embedded_cpp_path_ = embedded_cpp_file;
  }
+
+  void SetEmbeddedVariant(const char* embedded_variant) {
+    embedded_variant_ = embedded_variant;
+  }
 #endif

  void SetSnapshotFile(const char* snapshot_cpp_file) {
@ -123,8 +127,8 @@ class SnapshotWriter {
    FILE* fp = GetFileDescriptorOrDie(embedded_cpp_path_);

    WriteEmbeddedFilePrefix(fp);
-    WriteEmbeddedFileData(fp, blob);
-    WriteEmbeddedFileSuffix(fp);
+    WriteEmbeddedFileData(fp, blob, embedded_variant_);
+    WriteEmbeddedFileSuffix(fp, embedded_variant_);

    fclose(fp);
  }
@ -138,19 +142,22 @@ class SnapshotWriter {
    fprintf(fp, "namespace {\n\n");
  }

-  static void WriteEmbeddedFileSuffix(FILE* fp) {
+  static void WriteEmbeddedFileSuffix(FILE* fp, const char* embedded_variant) {
    fprintf(fp, "}  // namespace\n\n");
-    fprintf(
-        fp,
-        "const uint8_t* DefaultEmbeddedBlob() { return v8_embedded_blob_; }\n");
    fprintf(fp,
-            "uint32_t DefaultEmbeddedBlobSize() { return "
-            "v8_embedded_blob_size_; }\n\n");
+            "const uint8_t* %sEmbeddedBlob() { return "
+            "v8_%s_embedded_blob_; }\n",
+            embedded_variant, embedded_variant);
+    fprintf(fp,
+            "uint32_t %sEmbeddedBlobSize() { return "
+            "v8_embedded_blob_size_; }\n\n",
+            embedded_variant);
    fprintf(fp, "}  // namespace internal\n");
    fprintf(fp, "}  // namespace v8\n");
  }

-  static void WriteEmbeddedFileData(FILE* fp, const i::EmbeddedData* blob) {
+  static void WriteEmbeddedFileData(FILE* fp, const i::EmbeddedData* blob,
+                                    const char* embedded_variant) {
    // Note: On some platforms (observed on mac64), inserting labels into the
    // .byte stream causes the compiler to reorder symbols, invalidating stored
    // offsets.
@ -160,9 +167,11 @@ class SnapshotWriter {
    // present in the binary.
    // For now, the straight-forward solution seems to be to just emit a pure
    // .byte stream.
-    fprintf(fp, "V8_EMBEDDED_TEXT_HEADER(v8_embedded_blob_)\n");
+    fprintf(fp, "V8_EMBEDDED_TEXT_HEADER(v8_%s_embedded_blob_)\n",
+            embedded_variant);
    WriteBinaryContentsAsByteDirective(fp, blob->data(), blob->size());
-    fprintf(fp, "extern \"C\" const uint8_t v8_embedded_blob_[];\n");
+    fprintf(fp, "extern \"C\" const uint8_t v8_%s_embedded_blob_[];\n",
+            embedded_variant);
    fprintf(fp, "static const uint32_t v8_embedded_blob_size_ = %d;\n\n",
            blob->size());
  }
@ -211,6 +220,7 @@ class SnapshotWriter {

 #ifdef V8_EMBEDDED_BUILTINS
  const char* embedded_cpp_path_ = nullptr;
+  const char* embedded_variant_ = "Default";
 #endif
  const char* snapshot_cpp_path_;
  const char* snapshot_blob_path_;
@ -376,6 +386,8 @@ int main(int argc, char** argv) {
    if (i::FLAG_startup_blob) writer.SetStartupBlobFile(i::FLAG_startup_blob);
 #ifdef V8_EMBEDDED_BUILTINS
    if (i::FLAG_embedded_src) writer.SetEmbeddedFile(i::FLAG_embedded_src);
+    if (i::FLAG_embedded_variant)
+      writer.SetEmbeddedVariant(i::FLAG_embedded_variant);
 #endif

    std::unique_ptr<char> embed_script(
--- a/src/startup-data-util.cc
+++ b/src/startup-data-util.cc
@ -10,6 +10,7 @@
 #include "src/base/file-utils.h"
 #include "src/base/logging.h"
 #include "src/base/platform/platform.h"
+#include "src/flags.h"
 #include "src/utils.h"


@ -86,9 +87,15 @@ void InitializeExternalStartupData(const char* directory_path) {
 #ifdef V8_USE_EXTERNAL_STARTUP_DATA
  char* natives;
  char* snapshot;
+  const char* snapshot_name = "snapshot_blob.bin";
+#ifdef V8_MULTI_SNAPSHOTS
+  if (!FLAG_untrusted_code_mitigations) {
+    snapshot_name = "snapshot_blob_trusted.bin";
+  }
+#endif
  LoadFromFiles(
      base::RelativePath(&natives, directory_path, "natives_blob.bin"),
-      base::RelativePath(&snapshot, directory_path, "snapshot_blob.bin"));
+      base::RelativePath(&snapshot, directory_path, snapshot_name));
  free(natives);
  free(snapshot);
 #endif  // V8_USE_EXTERNAL_STARTUP_DATA
--- a/tools/run_perf.py
+++ b/tools/run_perf.py
@ -793,6 +793,12 @@ class AndroidPlatform(Platform):  # pragma: no cover
        target_dir,
        skip_if_missing=True,
    )
+    self._PushFile(
+        shell_dir,
+        "snapshot_blob_trusted.bin",
+        target_dir,
+        skip_if_missing=True,
+    )
    self._PushFile(
        shell_dir,
        "icudtl.dat",