tools: make code cache and snapshot deterministic

Use a fixed random seed to ensure that the generated sources are
identical across runs.

The final node binary still reseeds itself on start-up so there should
be no security implications caused by predictable random numbers (e.g.,
`Math.random()`, ASLR, the hash seed, etc.)

Fixes: https://github.com/nodejs/node/issues/29108

PR-URL: https://github.com/nodejs/node/pull/29142
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>

1 files changed, 5 insertions, 0 deletions

diff --git a/tools/code_cache/mkcodecache.cc b/tools/code_cache/mkcodecache.cc
index defa1462ce..e5b43a44b8 100644
--- a/tools/code_cache/mkcodecache.cc
+++ b/tools/code_cache/mkcodecache.cc
@@ -26,6 +26,8 @@ int wmain(int argc, wchar_t* argv[]) {
 int main(int argc, char* argv[]) {
 #endif  // _WIN32
 
+  v8::V8::SetFlagsFromString("--random_seed=42");
+
   if (argc < 2) {
     std::cerr << "Usage: " << argv[0] << " <path/to/output.cc>\n";
     return 1;
@@ -53,6 +55,9 @@ int main(int argc, char* argv[]) {
     v8::Local<v8::Context> context = v8::Context::New(isolate);
     v8::Context::Scope context_scope(context);
 
+    // The command line flags are part of the code cache's checksum so reset
+    // --random_seed= to its default value before creating the code cache.
+    v8::V8::SetFlagsFromString("--random_seed=0");
     std::string cache = CodeCacheBuilder::Generate(context);
     out << cache;
     out.close();