Introducing Integrity audit functions.
[WebKit-https.git] / Source / JavaScriptCore / tools / VMInspectorInlines.h
1 /*
2  * Copyright (C) 2019 Apple Inc. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21  * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25
26 #pragma once
27
28 #include "DirectArguments.h"
29 #include "JSBigInt.h"
30 #include "JSLexicalEnvironment.h"
31 #include "JSModuleEnvironment.h"
32 #include "JSModuleNamespaceObject.h"
33 #include "VMInspector.h"
34 #include <wtf/Assertions.h>
35
36 namespace JSC {
37
38 #define AUDIT_CONDITION(x) (x), #x
39 #define AUDIT_VERIFY(action, verifier, cond, ...) do { \
40         if (action == VerifierAction::ReleaseAssert) \
41             RELEASE_ASSERT(cond, __VA_ARGS__); \
42         else if (!verifier(AUDIT_CONDITION(cond), __VA_ARGS__)) \
43             return false; \
44     } while (false)
45
46 template<VMInspector::VerifierAction action, VMInspector::VerifyFunctor verifier>
47 bool VMInspector::verifyCellSize(VM& vm, JSCell* cell, size_t allocatorCellSize)
48 {
49     Structure* structure = cell->structure(vm);
50     const ClassInfo* classInfo = structure->classInfo();
51     JSType cellType = cell->type();
52     AUDIT_VERIFY(action, verifier, cellType == structure->m_blob.type(), cell, cellType, structure->m_blob.type());
53
54     if (isDynamicallySizedType(cellType)) {
55         size_t cellSize = 0;
56         switch (cellType) {
57         case BigIntType: {
58             auto* bigInt = jsCast<JSBigInt*>(cell);
59             cellSize = JSBigInt::allocationSize(bigInt->length());
60             break;
61         }
62         case DirectArgumentsType: {
63             auto* args = jsCast<DirectArguments*>(cell);
64             cellSize = DirectArguments::allocationSize(args->m_minCapacity);
65             break;
66         }
67         case FinalObjectType:
68             cellSize = JSFinalObject::allocationSize(structure->inlineCapacity());
69             break;
70         case LexicalEnvironmentType: {
71             auto* env = jsCast<JSLexicalEnvironment*>(cell);
72             cellSize = JSLexicalEnvironment::allocationSize(env->symbolTable());
73             break;
74         }
75         case ModuleEnvironmentType: {
76             auto* env = jsCast<JSModuleEnvironment*>(cell);
77             cellSize = JSModuleEnvironment::allocationSize(env->symbolTable());
78             break;
79         }
80         case ModuleNamespaceObjectType: {
81             auto* obj = jsCast<JSModuleNamespaceObject*>(cell);
82             cellSize = JSModuleNamespaceObject::allocationSize(obj->m_names.capacity());
83             break;
84         }
85         default:
86             RELEASE_ASSERT_NOT_REACHED();
87         }
88         AUDIT_VERIFY(action, verifier, cellSize <= allocatorCellSize, cell, cellType, cellSize, allocatorCellSize);
89         AUDIT_VERIFY(action, verifier, cellSize >= classInfo->staticClassSize, cell, cellType, cellSize, classInfo->staticClassSize);
90     } else
91         AUDIT_VERIFY(action, verifier, classInfo->staticClassSize <= allocatorCellSize, cell, cellType, classInfo->staticClassSize, allocatorCellSize);
92
93     return true;
94 }
95
96 template<VMInspector::VerifierAction action, VMInspector::VerifyFunctor verifier>
97 bool VMInspector::verifyCell(VM& vm, JSCell* cell)
98 {
99     size_t allocatorCellSize = 0;
100     if (cell->isLargeAllocation()) {
101         LargeAllocation& largeAllocation = cell->largeAllocation();
102         AUDIT_VERIFY(action, verifier, &largeAllocation.vm() == &vm, cell, cell->type(), &largeAllocation.vm(), &vm);
103
104         bool isValidLargeAllocation = false;
105         for (auto* i : vm.heap.objectSpace().largeAllocations()) {
106             if (i == &largeAllocation) {
107                 isValidLargeAllocation = true;
108                 break;
109             }
110         }
111         AUDIT_VERIFY(action, verifier, isValidLargeAllocation, cell, cell->type());
112
113         allocatorCellSize = largeAllocation.cellSize();
114     } else {
115         MarkedBlock& block = cell->markedBlock();
116         MarkedBlock::Handle& blockHandle = block.handle();
117         AUDIT_VERIFY(action, verifier, &block.vm() == &vm, cell, cell->type(), &block.vm(), &vm);
118
119         uintptr_t blockStartAddress = reinterpret_cast<uintptr_t>(blockHandle.start());
120         AUDIT_VERIFY(action, verifier, blockHandle.contains(cell), cell, cell->type(), blockStartAddress, blockHandle.end());
121
122         uintptr_t cellAddress = reinterpret_cast<uintptr_t>(cell);
123         uintptr_t cellOffset = cellAddress - blockStartAddress;
124         allocatorCellSize = block.cellSize();
125         bool cellIsProperlyAligned = !(cellOffset % allocatorCellSize);
126         AUDIT_VERIFY(action, verifier, cellIsProperlyAligned, cell, cell->type(), allocatorCellSize);
127     }
128
129     auto cellType = cell->type();
130     if (cell->type() != JSImmutableButterflyType)
131         AUDIT_VERIFY(action, verifier, !Gigacage::contains(cell), cell, cellType);
132
133     if (!verifyCellSize<action, verifier>(vm, cell, allocatorCellSize))
134         return false;
135
136     if (Gigacage::isEnabled(Gigacage::JSValue) && cell->isObject()) {
137         JSObject* object = asObject(cell);
138         const Butterfly* butterfly = object->butterfly();
139         AUDIT_VERIFY(action, verifier, !butterfly || Gigacage::isCaged(Gigacage::JSValue, butterfly), cell, cell->type(), butterfly);
140     }
141
142     return true;
143 }
144
145 #undef AUDIT_VERIFY
146 #undef AUDIT_CONDITION
147
148 } // namespace JSC