This renderer command line switch is intended to prevent feature
flag overrides from configuring V8 flags.
To enforce this, v8 feature flag overrides have been conditioned on
this command line switch in the following locations:
- content::RenderProcessImpl::RenderProcessImpl()
- gin::SetFeatureFlags()
This change is intended to enable consistent V8 flags at build-time
and run-time, and hence compatibility for bundled code caches.
Bug: 388577282
Change-Id: Ifd2465cf54bc8353a2f33701157bc9be538eb777
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6144831
Commit-Queue: Thomas Lukaszewicz <tluk@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Code-Coverage: findit-for-me@appspot.gserviceaccount.com <findit-for-me@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#1407497}
Now that SharedArrayBuffer is fully unlaunched except where COI is
ensured, this feature seems redundant as kSharedArrayBuffer provides the
same path to force enabling this feature but isn't desktop specific.
Fixed: 356624443
Change-Id: Iee09f557af290379f7ddc33cfd77d5e396769fbd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6047766
Reviewed-by: Colin Blundell <blundell@chromium.org>
Commit-Queue: Camille Lamy <clamy@chromium.org>
Auto-Submit: Ari Chivukula <arichiv@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1388287}
NOTREACHED() and NOTREACHED_IN_MIGRATION() are both CHECK-fatal now.
The former is [[noreturn]] so this CL also performs dead-code removal
after the NOTREACHED().
This CL does not attempt to do additional rewrites of any surrounding
code, like:
if (!foo) {
NOTREACHED();
}
to CHECK(foo);
Those transforms take a non-trivial amount of time (and there are
thousands of instances). Cleanup can be left as an exercise for the
reader.
This does clean up kCrashOnDanglingBrowserContext as both paths of the
kill switch are currently fatal. This has been rolled out for a long
time.
Bug: 40580068, 40062641
Change-Id: Ib88e710d003e2e48df3fc502ca54d2341d157a0e
Cq-Include-Trybots: luci.chromium.try:linux-dcheck-off-rel
Low-Coverage-Reason: OTHER Should-be-unreachable code
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5974816
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Auto-Submit: Peter Boström <pbos@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1376522}
Because this is a V8 feature, it's not sufficient to have a kill switch
generated from runtime_enabled_features.json5. In addition, the state
of that blink::feature must be forwarded on (if overridden) to V8,
in the usual manner for tying Chromium features to V8 commandline flags.
blink::feature created in Chromium-side shipping CL https://crrev.com/c/5836134.
V8-side shipping in https://crrev.com/c/5837501.
Bug: 42204114
Change-Id: I795c9001f84e336b8d0a803e37aa35f1df80da58
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5838001
Commit-Queue: Adam Klein <adamk@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1351125}
This was generated by replacing " NOTREACHED()" with
" NOTREACHED_IN_MIGRATION()" and running git cl format.
This prepares for making NOTREACHED() [[noreturn]] alongside
NotReachedIsFatal migration of existing inventory.
Bug: 40580068
Change-Id: I3b48b89911ac5e9ffcb211622992f917f8f9e8d9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5539619
Auto-Submit: Peter Boström <pbos@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Owners-Override: Lei Zhang <thestig@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1301096}
Crashpad was understood to be unconditionally enabled in
https://crrev.com/c/5237441. Turns out that that wasn't true for
content_shell.
This change sets up wasm-trap handling for the case where content_shell
has not enabled crash reporting but moves the responsibility to
ShellContentRendererClient. The default ContentRendererClient assumes
that crash reporting is enabled (crashpad enabled by default) and does
not set up its own handler.
Bug: 327517309
Change-Id: If3d5f9a313c22e5926d276e6fdfbe9fefe20445d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5372409
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: danakj <danakj@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1277046}
This makes ChromeOS use crashpad annotations directly now that it's
universally enabled.
We remove the switch --enable-crashpad and
crash_reporter::IsCrashpadEnabled() and clean up some obviously-dead
code as a result.
This does not (yet) universally enable crashpad in components/crash as
it's not turned on for is_castos (which is being turned down). There are
also direct breakpad dependencies in //remoting and //chromecast.
Bug: b:318421053, 1176772, 1520868
Change-Id: I0ecc7792bec4a49a067b660793238f393e70d504
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5237441
Commit-Queue: Peter Boström <pbos@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Ian Barkley-Yeung <iby@chromium.org>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1259483}
This is a reland of commit 520c335469.
Original change's description:
> The use of trap handlers for WebAssembly OOB accesses have been
> enabled in V8 for a while. The chromium tests had already been
> updated to handle the change when testing a simulator build, and this
> patch finally flips the switch to enable the feature.
>
> Cq-Include-Trybots: luci.chromium.try:linux_chromium_msan_rel_ng
> Change-Id: Ife085d435ca28b100e9b16e4e985447c90aa9faa
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5028657
> Commit-Queue: Andre Kempe <andre.kempe@arm.com>
> Reviewed-by: Kentaro Hara <haraken@chromium.org>
> Reviewed-by: danakj <danakj@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1224295}
Cq-Include-Trybots: luci.chromium.try:linux_chromium_msan_rel_ng;luci.chromium.try:linux-arm64-castos
Change-Id: I1c4365bf5a70c568a6493f8c099d3ddbca6affe8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5058536
Reviewed-by: danakj <danakj@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Andre Kempe <andre.kempe@arm.com>
Cr-Commit-Position: refs/heads/main@{#1229271}
The use of trap handlers for WebAssembly OOB accesses have been
enabled in V8 for a while. The chromium tests had already been
updated to handle the change when testing a simulator build, and this
patch finally flips the switch to enable the feature.
Cq-Include-Trybots: luci.chromium.try:linux_chromium_msan_rel_ng
Change-Id: Ife085d435ca28b100e9b16e4e985447c90aa9faa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5028657
Commit-Queue: Andre Kempe <andre.kempe@arm.com>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: danakj <danakj@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1224295}
There are two headers to declare features in content.
- the public one: `content/public/common/content_features.h`
- the private one: `content/common/features.h`.
Unfortunately, most are declared in the public one, despite being used
privately exclusively. This violate the `content/public/` rules. This
patches provides a fix.
Parts of this patch was made programmatically using this script:
https://paste.googleplex.com/6699322946093056, with the following
output: https://paste.googleplex.com/5591288895242240
This patch:
1. Update `docs/how_to_add_your_feature_flag.md` to incentive
developers to the non public versions.
2. Move ~70 features back into the private version.
3. Programmatically update the includes to include the correct
#include header(s).
4. For consistency and minimizing the amount of files modified,
the two headers to use the `features::` namespace.
AX-Relnotes: n/a.
Change-Id: Id9126a95dfbc533d4778b188b659b5acc9b3d9e3
Bug: None
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4836057
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1194718}
Today, SysInfo::NumberfOfProcessors() is called by the constructor of
RenderProcessImpl (via GetThreadPoolInitParams()) before calling
base::SysInfo::SetIsCpuSecurityMitigationsEnabled(). This means that
the value returned by SysInfo::NumberfOfProcessors() doesn't take into
account the fact that CPU security mitigations are enabled.
With this CL, SetCpuSecurityMitigationsEnabled() is called in
RendererMain, before creating the RenderProcessImpl. Checks are added
to prevent calls to SysInfo::NumberfOfProcessors() before a call to
SetCpuSecurityMitigationsEnabled(). Finally, the cache in
SysInfo::NumberOfProcessors() is removed, to allow different values to
be returned when the state of CPU security mitigations varies over the
life of a test process (the cache was added to avoid tripping sandbox
restrictions which are no longer in place
https://codereview.chromium.org/67373006).
Bug: 997677
Change-Id: I59d2807444acad646389663e89f36b913d49ec6e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4521664
Commit-Queue: Francois Pierre Doray <fdoray@chromium.org>
Reviewed-by: Alexander Timin <altimin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1153242}
In the past repeatedly errors happened where flags were set in V8 but
got overridden unexpectedly by blink. With this CL, the default value
of a blink flag cannot override the default value of a V8 flag anymore.
Only if a blink flag is set explicitly does the V8 flag get overridden.
This implementation already existed in gin/v8_initializer.cc.
Change-Id: Ia8c89bf517525daf0a1492e6bfcc734f073b84dd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4306685
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1113059}
We added two memory protection feature flags for a finch trial when
rolling out PKU-based memory protection. They are not needed any more,
and since mprotect-based protection is off by default everywhere now, we
cannot ensure correctness of that configuration any more.
R=mlippautz@chromium.org
Bug: v8:13632
Change-Id: I6d52dff6f8b89fce80fe58c1006d1929f0f7b4c2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4110994
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1088716}
Simplification: V8 enables type reflection when stack switching is
enabled, so there's no need to set the type reflection flag from
Chromium.
Hardening: when the stack switching flag is disabled in Chromium,
ensure that it's also disabled in V8.
Bug: v8:12191
Change-Id: I031c3a3a3620fe981dad85d1bca00f386ef94a29
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3956653
Auto-Submit: Adam Klein <adamk@chromium.org>
Commit-Queue: Stefan Zager <szager@chromium.org>
Reviewed-by: Stefan Zager <szager@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1061857}
The permission policy was originally introduced to ensure that
hypothetical non-spec-compliant enterprise applications would
not be broken by Chrome's introduction of the display-surface
permissions policy. Such apps have had ample time to fix
the issue. It's also observed that the policy is seeing
incredibly low usage as of the last month, and should
therefore be safe to deprecate.
Bug: 1233969
Change-Id: I5d4fe59d15e3ea74bba0b2559f33e517a2ec97c8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3941642
Commit-Queue: Elad Alon <eladalon@chromium.org>
Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Yoav Weiss <yoavweiss@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1058107}
enabled on Mac.
If we are not able to establish if we are in mitigation mode fall back
to returning number of "logical" cores.
Bug: 997677
Change-Id: I8ccc4fefa8e494051dbc1f241548962cb02eefbb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3714401
Commit-Queue: Alex Attar <aattar@google.com>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Francois Pierre Doray <fdoray@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1048590}
This enables the --freeze-flags-after-init V8 flag, which disallows any
flag updates after V8 initialization. This is still disabled by default
in V8, but we can already enable it for the renderer process.
Once it's enabled by default in V8, this change can be reverted.
For now, flag updates are only disallowed by an explicit CHECK. In the
future, the protection will be hardened by actually memory-protecting
the memory area that holds flag values.
R=haraken@chromium.org
CC=sroettger@google.com, cbruni@chromium.org
Bug: v8:12887
Change-Id: I64644110e5e83d3db4e4b7389945966d1bd90ae3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3687671
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1011456}
This patch creates ThreadPool earlier, so that it's guaranteed to exist
before creating field trials. Now both field trials and the ThreadPool
always exist in PostFieldTrialInitialization.
A followup patch will use this entry point to start the heap profiler
in child processes.
Bug: 1327069
Change-Id: I2258fb77f06557460e342144e1c76de13985a4c4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3654912
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Joe Mason <joenotcharles@google.com>
Reviewed-by: Gabriel Charette <gab@chromium.org>
Reviewed-by: Greg Thompson <grt@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1010574}
This flag was redundant with the V8TurboFastApiCalls feature flag, so we
don't need it. This CL also removes test suites that were using the
flag since they have become useles now that the feature is enabled
by default.
There are still perf test suites that run with the feature enabled vs
disabled (via the feature flag). Those were not removed so that we
continue to get data regarding the performance improvements provided by
fast calls.
BUG=1286813
Change-Id: Ic05bac9e6672fc23c0ad42fa57fb8ff9a9cc4e15
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3632518
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Austin Eng <enga@chromium.org>
Commit-Queue: Justin Novosad <junov@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1003113}
The feature is finching since a while on all channels, so we enable it
by default now and then ship via finch.
Since the flag is also enabled by default in V8
(https://crrev.com/c/3568449), we need to explicitly disable it if the
chromium feature is disabled (e.g. via the command line or via a finch
config).
R=creis@chromium.org
Bug: v8:12281, chromium:1255660
Change-Id: Iad7500f009d37051abe5f19233aba21889b2df57
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3568544
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#989355}
