Dynamic code modification support for x64 NaCl modules...

tests/dynamic_code_loading/dynamic_load_test.c

 /*
  * Copyright 2010 The Native Client Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can
  * be found in the LICENSE file.
  */
 
 #include <assert.h>
 #include <errno.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/mman.h>
 
 #include <sys/nacl_syscalls.h>
 
 #include "native_client/tests/dynamic_code_loading/templates.h"
 #include "native_client/tests/inbrowser_test_runner/test_runner.h"
 
+#if defined(__x86_64__)
+#define BUF_SIZE 64

[bsy, 2010/11/11 21:27:21]

why should code buffers be 64 bytes on x86-64 cpus?  a comment please.

[petr, 2010/11/12 18:11:06]

on X86-64 we operate with code samples that do not fit in 32-byte buffers
On 2010/11/11 21:27:21, bsy wrote:

+#else
+#define BUF_SIZE 32
+#endif
+
 #define NACL_BUNDLE_SIZE  32
 /*
  * TODO(bsy): get this value from the toolchain.  Get the toolchain
  * team to provide this value.
  */
 #define NUM_BUNDLES_FOR_HLT 3
 
 /*
  * This is an address that is well into the dynamic code region and page
  * aligned.  There is a test below specifically for installing a function
@@ skipping 56 matching lines @@
 /* Getting the assembler to pad our code fragments in templates.S is
    awkward because we have to output them in data mode, in which the
    assembler wants to output zeroes instead of NOPs for padding.
    Also, the assembler won't put in a terminating HLT, which we need
    on x86-32.  So we do the padding at run time. */
 void copy_and_pad_fragment(void *dest,
                            int dest_size,
                            const char *fragment_start,
                            const char *fragment_end) {
   int fragment_size = fragment_end - fragment_start;
   assert(dest_size % 32 == 0);

[bsy, 2010/11/11 21:27:21]

is this 32 (always) correct?  should it be 16 or 32, depending on bundle size?

[petr, 2010/11/12 18:11:06]

Done.

-  assert(fragment_size < dest_size);
+  assert(fragment_size <= dest_size);
   fill_nops(dest, dest_size);
   memcpy(dest, fragment_start, fragment_size);
 }
 
 /* Check that we can load and run code. */
 void test_loading_code() {
   void *load_area = allocate_code_space(1);
-  uint8_t buf[32];
+  uint8_t buf[BUF_SIZE];
   int rc;
   int (*func)();
 
   copy_and_pad_fragment(buf, sizeof(buf), &template_func, &template_func_end);
 
   rc = nacl_load_code(load_area, buf, sizeof(buf));
   assert(rc == 0);
   assert(memcmp(load_area, buf, sizeof(buf)) == 0);
   /* Need double cast otherwise gcc complains with "ISO C forbids
      conversion of object pointer to function pointer type
      [-pedantic]". */
   func = (int (*)()) (uintptr_t) load_area;
   rc = func();
   assert(rc == 1234);
 }
 
 /* The syscall may have to mmap() shared memory temporarily,
    so there is some interaction with page size.
    Check that we can load to non-page-aligned addresses. */
 void test_loading_code_non_page_aligned() {
   char *load_area = allocate_code_space(1);
-  uint8_t buf[32];
+  uint8_t buf[BUF_SIZE];
   int rc;
 
   copy_and_pad_fragment(buf, sizeof(buf), &template_func, &template_func_end);
 
   rc = nacl_load_code(load_area, buf, sizeof(buf));
   assert(rc == 0);
   assert(memcmp(load_area, buf, sizeof(buf)) == 0);
 
-  load_area += 32;
+  load_area += sizeof(buf);
   rc = nacl_load_code(load_area, buf, sizeof(buf));
   assert(rc == 0);
   assert(memcmp(load_area, buf, sizeof(buf)) == 0);
 }
 
 /* Since there is an interaction with page size, we also test loading
    a multi-page chunk of code. */
 void test_loading_large_chunk() {
   char *load_area = allocate_code_space(2);
   int size = 0x20000;
   uint8_t *data = alloca(size);
   int rc;
 
   fill_nops(data, size);
   rc = nacl_load_code(load_area, data, size);
   assert(rc == 0);
   assert(memcmp(load_area, data, size) == 0);
 }
 
 void test_loading_zero_size() {
   char *load_area = allocate_code_space(1);
   int rc = nacl_load_code(load_area, &template_func, 0);
   assert(rc == 0);
 }
 
 /* Check that we can load code at the very beginning of the dynamic section. */
 void test_loading_code_on_first_dynamic_page() {
   const unsigned int kPageMask = 0xFFFF;
   void *load_area = (void*)((uintptr_t)(etext + kPageMask) & ~kPageMask);
   uint8_t buf[32];

[bsy, 2010/11/11 21:27:21]

should this be BUF_SIZE?  if not, a comment would be nice.

[petr, 2010/11/12 18:11:06]

Done.

   int rc;
   int (*func)();
 
   copy_and_pad_fragment(buf, sizeof(buf), &template_func, &template_func_end);
 
   rc = nacl_load_code(load_area, buf, sizeof(buf));
   assert(rc == 0);
   assert(memcmp(load_area, buf, sizeof(buf)) == 0);
   /* Need double cast otherwise gcc complains with "ISO C forbids
      conversion of object pointer to function pointer type
      [-pedantic]". */
   func = (int (*)()) (uintptr_t) load_area;
   rc = func();
   assert(rc == 1234);
 }
 
 /* In general, the failure tests don't check that loading fails for
    the reason we expect.  TODO(mseaborn): We could do this by
    comparing with expected log output. */
 
 void test_fail_on_validation_error() {
   void *load_area = allocate_code_space(1);
-  uint8_t buf[32];
+  uint8_t buf[BUF_SIZE];
   int rc;
 
   copy_and_pad_fragment(buf, sizeof(buf), &invalid_code, &invalid_code_end);
 
   rc = nacl_load_code(load_area, buf, sizeof(buf));
   assert(rc == -EINVAL);
 }
 
 void test_fail_on_non_bundle_aligned_dest_addresses() {
   char *load_area = allocate_code_space(1);
   int rc;
   uint8_t nops[32];

[bsy, 2010/11/11 21:27:21]

should this be BUF_SIZE too?  if not, a comment would be nice.

[petr, 2010/11/12 18:11:06]

Done.

 
   fill_nops(nops, sizeof(nops));
 
   /* Test unaligned destination. */
   rc = nacl_load_code(load_area + 1, nops, 32);

[bsy, 2010/11/11 21:27:21]

NACL_ARRAY_SIZE(nops) or sizeof nops instead of 32?

[petr, 2010/11/12 18:11:06]

we are testing that the size of a segment is bundle aligned so

s/32/NACL_BUNDLE_SIZE/
On 2010/11/11 21:27:21, bsy wrote:

   assert(rc == -EINVAL);
   rc = nacl_load_code(load_area + 4, nops, 32);

[bsy, 2010/11/11 21:27:21]

ditto

[petr, 2010/11/12 18:11:06]

ditto
On 2010/11/11 21:27:21, bsy wrote:

   assert(rc == -EINVAL);
 
   /* Test unaligned size. */
   rc = nacl_load_code(load_area, nops + 1, 31);

[bsy, 2010/11/11 21:27:21]

NACL_ARRAY_SIZE(nops) - 1 instead of 31?

[petr, 2010/11/12 18:11:06]

ditto
On 2010/11/11 21:27:21, bsy wrote:

   assert(rc == -EINVAL);
   rc = nacl_load_code(load_area, nops + 4, 28);

[bsy, 2010/11/11 21:27:21]

similar to above

[petr, 2010/11/12 18:11:06]

ditto
On 2010/11/11 21:27:21, bsy wrote:

   assert(rc == -EINVAL);
 
   /* Check that the code we're trying works otherwise. */
   rc = nacl_load_code(load_area, nops, 32);

[bsy, 2010/11/11 21:27:21]

!!

[petr, 2010/11/12 18:11:06]

probably, it is just an additional check (maybe redundant)
s/32/NACL_BUNDLE_SIZE/ 
On 2010/11/11 21:27:21, bsy wrote:

   assert(rc == 0);
 }
 
 /* In principle we could load into the initially-loaded executable's
    code area, but at the moment we don't allow it. */
 void test_fail_on_load_to_static_code_area() {
   int size = &hlts_end - &hlts;
   int rc = nacl_load_code(&hlts, &hlts, size);
   assert(rc == -EFAULT);
 }
 
 uint8_t block_in_data_segment[64];
 
 void test_fail_on_load_to_data_area() {
   uint8_t *data;
   int rc;
 
   fill_hlts(block_in_data_segment, sizeof(block_in_data_segment));
 
   /* Align to 32 byte boundary so that we don't fail for a reason
      we're not testing for. */
   data = block_in_data_segment;
   while (((int) data) % 32 != 0)
     data++;
   rc = nacl_load_code(data, data, 32);

[bsy, 2010/11/11 21:27:21]

!!

[petr, 2010/11/12 18:11:06]

s/32/NACL_BUNDLE_SIZE/
On 2010/11/11 21:27:21, bsy wrote:

   assert(rc == -EFAULT);
 }
 
 void test_fail_on_overwrite() {
   void *load_area = allocate_code_space(1);
-  uint8_t buf[32];
+  uint8_t buf[BUF_SIZE];
   int rc;
 
   copy_and_pad_fragment(buf, sizeof(buf), &template_func, &template_func_end);
 
   rc = nacl_load_code(load_area, buf, sizeof(buf));
   assert(rc == 0);
 
   copy_and_pad_fragment(buf, sizeof(buf), &template_func,
                                           &template_func_end);
 
@@ skipping 31 matching lines @@
 
   rc = nacl_load_code(load_area, &branch_forwards, size);
   assert(rc == 0);
   rc = nacl_load_code(load_area + size, &branch_backwards, size);
   assert(rc == 0);
 }
 
 void test_end_of_code_region() {
   int rc;
   void *dest;
   uint8_t data[32];

[bsy, 2010/11/11 21:27:21]

!!

[petr, 2010/11/12 18:11:06]

Done.

   fill_nops(data, sizeof(data));
 
   /* This tries to load into the data segment, which is definitely not
      allowed. */
   dest = (uint8_t *) DYNAMIC_CODE_SEGMENT_END;
   rc = nacl_load_code(dest, data, sizeof(data));
   assert(rc == -EFAULT);
 
   /* This tries to load into the last bundle of the code region, which
      sel_ldr disallows just in case there is some CPU bug in which the
@@ skipping 55 matching lines @@
 
   /* Test again to make sure we didn't run out of space. */
   RUN_TEST(test_loading_code);
 
   return 0;
 }
 
 int main() {
   return RunTests(TestMain);
 }