Cradicle Explorer
darling-JavaScriptCore
/ tools / Integrity.cpp
Integrity.cpp
 1  /*
 2   * Copyright (C) 2019 Apple Inc. All rights reserved.
 3   *
 4   * Redistribution and use in source and binary forms, with or without
 5   * modification, are permitted provided that the following conditions
 6   * are met:
 7   * 1. Redistributions of source code must retain the above copyright
 8   *    notice, this list of conditions and the following disclaimer.
 9   * 2. Redistributions in binary form must reproduce the above copyright
10   *    notice, this list of conditions and the following disclaimer in the
11   *    documentation and/or other materials provided with the distribution.
12   *
13   * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14   * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16   * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
17   * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18   * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19   * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20   * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21   * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22   * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24   */
25  
26  #include "config.h"
27  #include "Integrity.h"
28  
29  #include "JSCellInlines.h"
30  #include "Options.h"
31  #include "VMInspectorInlines.h"
32  
33  namespace JSC {
34  namespace Integrity {
35  
36  namespace {
37  constexpr bool verbose = false;
38  }
39  
40  Random::Random(VM& vm)
41  {
42      reloadAndCheckShouldAuditSlow(vm);
43  }
44  
45  bool Random::reloadAndCheckShouldAuditSlow(VM& vm)
46  {
47      auto locker = holdLock(m_lock);
48  
49      if (!Options::randomIntegrityAuditRate()) {
50          m_triggerBits = 0; // Never trigger, and don't bother reloading.
51          if (verbose)
52              dataLogLn("disabled Integrity audits: trigger bits ", RawPointer(reinterpret_cast<void*>(m_triggerBits)));
53          return false;
54      }
55  
56      // Reload the trigger bits.
57      m_triggerBits = 1ull << 63;
58  
59      uint32_t threshold = UINT_MAX * Options::randomIntegrityAuditRate();
60      for (int i = 0; i < numberOfTriggerBits; ++i) {
61          bool trigger = vm.random().getUint32() <= threshold;
62          m_triggerBits = m_triggerBits | (static_cast<uint64_t>(trigger) << i);
63      }
64      if (verbose)
65          dataLogLn("reloaded Integrity trigger bits ", RawPointer(reinterpret_cast<void*>(m_triggerBits)));
66      ASSERT(m_triggerBits >= (1ull << 63));
67      return vm.random().getUint32() <= threshold;
68  }
69  
70  void auditCellFully(VM& vm, JSCell* cell)
71  {
72      VMInspector::verifyCell<VMInspector::ReleaseAssert>(vm, cell);
73  }
74  
75  void auditCellMinimallySlow(VM&, JSCell* cell)
76  {
77      if (Gigacage::contains(cell)) {
78          if (cell->type() != JSImmutableButterflyType) {
79              if (verbose)
80                  dataLogLn("Bad cell ", RawPointer(cell), " ", JSValue(cell));
81              CRASH();
82          }
83      }
84  }
85  
86  } // namespace Integrity
87  } // namespace JSC