Skip to content

Commit

Permalink
cli: allow --jitless V8 flag in NODE_OPTIONS
Browse files Browse the repository at this point in the history
This work is modeled on nodejs#30094 which allowed
`--disallow-code-generation-from-strings` in `NODE_OPTIONS`.

The `--jitless` v8 option has been supported since 12.0.0. As a v8
option, node automatically picks it up, but there have been a few issues
that were resolved by simply telling users about the option: nodejs#26758,

This PR:
  - allows `--jitless` in `NODE_OPTIONS`
  - documents `--jitless`
  - moves `--experimental-loader=module` to locally restore alphabetical
    order in option documentation

Refs: nodejs#30094
Refs: nodejs#26758
Refs: nodejs#28800

PR-URL: nodejs#32100
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Gus Caplan <[email protected]>
Reviewed-By: Shelley Vohr <[email protected]>
Reviewed-By: David Carlier <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Michael Dawson <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
  • Loading branch information
andrewdotn authored and mmarchini committed Mar 9, 2020
1 parent 9a78c82 commit 9e69d97
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 13 deletions.
30 changes: 22 additions & 8 deletions doc/api/cli.md
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,14 @@ added: v12.9.0

Enable experimental JSON support for the ES Module loader.

### `--experimental-loader=module`
<!-- YAML
added: v9.0.0
-->

Specify the `module` of a custom [experimental ECMAScript Module loader][].
`module` may be either a path to a file, or an ECMAScript Module name.

### `--experimental-modules`
<!-- YAML
added: v8.5.0
Expand Down Expand Up @@ -405,14 +413,6 @@ Specify ways of the inspector web socket url exposure.
By default inspector websocket url is available in stderr and under `/json/list`
endpoint on `http://host:port/json/list`.

### `--experimental-loader=module`
<!-- YAML
added: v9.0.0
-->

Specify the `module` of a custom [experimental ECMAScript Module loader][].
`module` may be either a path to a file, or an ECMAScript Module name.

### `--insecure-http-parser`
<!-- YAML
added: v13.4.0
Expand All @@ -423,6 +423,18 @@ interoperability with non-conformant HTTP implementations. It may also allow
request smuggling and other HTTP attacks that rely on invalid headers being
accepted. Avoid using this option.

### `--jitless`
<!-- YAML
added: v12.0.0
-->

Disable [runtime allocation of executable memory][jitless]. This may be
required on some platforms for security reasons. It can also reduce attack
surface on other platforms, but the performance impact may be severe.

This flag is inherited from V8 and is subject to change upstream. It may
disappear in a non-semver-major release.

### `--max-http-header-size=size`
<!-- YAML
added: v11.6.0
Expand Down Expand Up @@ -1156,6 +1168,7 @@ V8 options that are allowed are:
* `--abort-on-uncaught-exception`
* `--disallow-code-generation-from-strings`
* `--interpreted-frames-native-stack`
* `--jitless`
* `--max-old-space-size`
* `--perf-basic-prof-only-functions`
* `--perf-basic-prof`
Expand Down Expand Up @@ -1391,5 +1404,6 @@ greater than `4` (its current default value). For more information, see the
[debugging security implications]: https://nodejs.org/en/docs/guides/debugging-getting-started/#security-implications
[emit_warning]: process.html#process_process_emitwarning_warning_type_code_ctor
[experimental ECMAScript Module loader]: esm.html#esm_experimental_loaders
[jitless]: https://v8.dev/blog/jitless
[libuv threadpool documentation]: http://docs.libuv.org/en/latest/threadpool.html
[remote code execution]: https://www.owasp.org/index.php/Code_Injection
19 changes: 14 additions & 5 deletions doc/node.1
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,11 @@ Enable experimental ES modules support for import.meta.resolve().
.It Fl -experimental-json-modules
Enable experimental JSON interop support for the ES Module loader.
.
.It Fl -experimental-loader Ns = Ns Ar module
Specify the
.Ar module
to use as a custom module loader.
.
.It Fl -experimental-modules
Enable experimental latest experimental modules features.
.
Expand Down Expand Up @@ -220,17 +225,21 @@ Default is
V8 Inspector integration allows attaching Chrome DevTools and IDEs to Node.js instances for debugging and profiling.
It uses the Chrome DevTools Protocol.
.
.It Fl -experimental-loader Ns = Ns Ar module
Specify the
.Ar module
to use as a custom module loader.
.
.It Fl -insecure-http-parser
Use an insecure HTTP parser that accepts invalid HTTP headers. This may allow
interoperability with non-conformant HTTP implementations. It may also allow
request smuggling and other HTTP attacks that rely on invalid headers being
accepted. Avoid using this option.
.
.It Fl -jitless
Disable runtime allocation of executable memory. This may be required on
some platforms for security reasons. It can also reduce attack surface on
other platforms, but the performance impact may be severe.
.
.Pp
This flag is inherited from V8 and is subject to change upstream. It may
disappear in a non-semver-major release.
.
.It Fl -max-http-header-size Ns = Ns Ar size
Specify the maximum size of HTTP headers in bytes. Defaults to 8KB.
.
Expand Down
4 changes: 4 additions & 0 deletions src/node_options.cc
Original file line number Diff line number Diff line change
Expand Up @@ -616,6 +616,10 @@ PerIsolateOptionsParser::PerIsolateOptionsParser(
"disallow eval and friends",
V8Option{},
kAllowedInEnvironment);
AddOption("--jitless",
"disable runtime allocation of executable memory",
V8Option{},
kAllowedInEnvironment);

#ifdef NODE_REPORT
AddOption("--report-uncaught-exception",
Expand Down
1 change: 1 addition & 0 deletions test/parallel/test-cli-node-options.js
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ if (common.hasCrypto) {
// V8 options
expect('--abort_on-uncaught_exception', 'B\n');
expect('--disallow-code-generation-from-strings', 'B\n');
expect('--jitless', 'B\n');
expect('--max-old-space-size=0', 'B\n');
expect('--stack-trace-limit=100',
/(\s*at f \(\[(eval|worker eval)\]:1:\d*\)\r?\n)/,
Expand Down

0 comments on commit 9e69d97

Please sign in to comment.