Implement mapping randomization for 64-bit Linux. Notes:

src/platform-linux.cc

 // Copyright 2011 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 60 matching lines @@
 
 
 double ceiling(double x) {
   return ceil(x);
 }
 
 
 static Mutex* limit_mutex = NULL;
 
 
+static void* GetRandomMmapAddr() {
+  Isolate* isolate;
+  // Note that the current isolate isn't set up in a call path via
+  // CpuFeatures::Probe. We don't care about randomization in this case because
+  // the code page is immediately freed.
+  if (sizeof(void*) == 8 && (isolate = Isolate::UncheckedCurrent())) {

[Vyacheslav Egorov (Chromium), 2011/07/15 11:36:23]

I would prefer conditional compilation based on V8_TARGET_ARCH_X64 here instead
of sizeof(void*) comparison.

Also we prefer explicit comparisons with NULL to implicit to boolean conversion:

Isolate* isolate = Isolate::UncheckedCurrent();
if (isolate != NULL) ...

+    uint32_t rnd1 = V8::RandomPrivate(isolate);
+    uint32_t rnd2 = V8::RandomPrivate(isolate);
+    uint64_t raw_addr = (static_cast<uint64_t>(rnd1) << 33) |

[Vyacheslav Egorov (Chromium), 2011/07/15 12:29:39]

I think it should be 34 not 33.

[William Hesse, 2011/07/15 12:43:22]

All of the masking can be replaced by 
raw_addr = (static_cast<uint64_t>(rnd1) << 14) ^    
(static_cast<uint64_t>(rnd2) << 12)

This has 0s in the upper 18 and lower 12 bits.
You should not combine random numbers with OR unless they
are non-overlapping bits.  A random bit OR another random bit is 1 with
probability 3/4.  Use XOR instead.

+                        (static_cast<uint64_t>(rnd2) << 2);
+    // Mask off the lower 12 and upper 18 bits. (v8 compile options do not
+    // permit the use of a 64-bit constant).

[William Hesse, 2011/07/15 12:43:22]

There are macros in globals.h to enter 64-bit constants into code (on both
32-bit and 64-bit platforms).

+    raw_addr <<= 18;

[Vyacheslav Egorov (Chromium), 2011/07/15 12:29:39]

Look into globals.h. There are macroses that allow to define 64bit constants.

+    raw_addr >>= 12 + 18;
+    raw_addr <<= 12;
+    return reinterpret_cast<void*>(raw_addr);
+  } else {
+    return NULL;
+  }
+}
+
+
 void OS::Setup() {
   // Seed the random number generator.
   // Convert the current time to a 64-bit integer first, before converting it
   // to an unsigned. Going directly can cause an overflow and the seed to be
   // set to all ones. The seed will be identical for different instances that
   // call this setup code within the same millisecond.

[William Hesse, 2011/07/15 12:43:22]

Use XOR, not OR, to combine the overlapping seed sources.

-  uint64_t seed = static_cast<uint64_t>(TimeCurrentMillis());
+  uint64_t seed = Ticks() | (getpid() << 16);

[Vyacheslav Egorov (Chromium), 2011/07/15 11:36:23]

I think the comment above needs updating.

   srandom(static_cast<unsigned int>(seed));
   limit_mutex = CreateMutex();
 
 #ifdef __arm__
   // When running on ARM hardware check that the EABI used by V8 and
   // by the C code is the same.
   bool hard_float = OS::ArmUsingHardFloat();
   if (hard_float) {
 #if !USE_EABI_HARDFLOAT
     PrintF("ERROR: Binary compiled with -mfloat-abi=hard but without "
@@ skipping 262 matching lines @@
 
 
 size_t OS::AllocateAlignment() {
   return sysconf(_SC_PAGESIZE);
 }
 
 
 void* OS::Allocate(const size_t requested,
                    size_t* allocated,
                    bool is_executable) {
-  // TODO(805): Port randomization of allocated executable memory to Linux.
   const size_t msize = RoundUp(requested, sysconf(_SC_PAGESIZE));
   int prot = PROT_READ | PROT_WRITE | (is_executable ? PROT_EXEC : 0);
-  void* mbase = mmap(NULL, msize, prot, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+  void* addr = GetRandomMmapAddr();
+  void* mbase = mmap(addr, msize, prot, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
   if (mbase == MAP_FAILED) {

[William Hesse, 2011/07/15 12:43:22]

I think you need to add the MAP_VARIABLE flag to the flags, once you start
supplying a non-null address to mmap.  Otherwise, the function can fail due to
conflict and return MAP_FAILED, even when memory is available.  It may be that
MAP_VARIABLE is actually a 0 flag, which is why it is working currently.

     LOG(i::Isolate::Current(),
         StringEvent("OS::Allocate", "mmap failed"));
     return NULL;
   }
   *allocated = msize;
   UpdateAllocatedSpaceLimits(mbase, msize);
   return mbase;
 }
 
 
@@ skipping 194 matching lines @@
 #endif  // ndef __GLIBC__
 }
 
 
 // Constants used for mmap.
 static const int kMmapFd = -1;
 static const int kMmapFdOffset = 0;
 
 
 VirtualMemory::VirtualMemory(size_t size) {
-  address_ = mmap(NULL, size, PROT_NONE,
+  address_ = mmap(GetRandomMmapAddr(), size, PROT_NONE,
                   MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE,
                   kMmapFd, kMmapFdOffset);
   size_ = size;
 }
 
 
 VirtualMemory::~VirtualMemory() {
   if (IsReserved()) {
     if (0 == munmap(address(), size())) address_ = MAP_FAILED;
   }
@@ skipping 520 matching lines @@
 
 
 void Sampler::Stop() {
   ASSERT(IsActive());
   SignalSender::RemoveActiveSampler(this);
   SetActive(false);
 }
 
 
 } }  // namespace v8::internal