signature-hashing.h

Go to the documentation of this file.

// Copyright 2024 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
 
#ifndef V8_WASM_SIGNATURE_HASHING_H_
#define V8_WASM_SIGNATURE_HASHING_H_
 
#if !V8_ENABLE_WEBASSEMBLY
#error This header should only be included if WebAssembly is enabled.
#endif  // !V8_ENABLE_WEBASSEMBLY
 
#include "src/codegen/linkage-location.h"
#include "src/codegen/machine-type.h"
#include "src/codegen/signature.h"
#include "src/wasm/value-type.h"
#include "src/wasm/wasm-linkage.h"
 
namespace v8::internal::wasm {
 
inline MachineRepresentation GetMachineRepresentation(ValueTypeBase type) {
  return type.machine_representation();
}
 
inline MachineRepresentation GetMachineRepresentation(MachineType type) {
  return type.representation();
}
 
// This shared helper ensures that {GetWasmCallDescriptor} and
// {SignatureHasher::Hash} remain in sync.
// The {SigType} type must match the {Signature} class, i.e. must support:
//    size_t parameter_count();
//    size_t return_count();
//    T GetParam(size_t index);   for T in {ValueType, MachineType}
//    T GetReturn(size_t index);  for T in {ValueType, MachineType}
// The {ResultCollector} type must match the {LocationSignature::Builder}
// class, i.e. must support:
//    void AddParamAt(size_t index, LinkageLocation location);
//    void AddReturnAt(size_t index, LinkageLocation location);
// {extra_callable_param} configures adding the implicit "callable" parameter
// that import call wrappers have, hard-coded to use the kJSFunctionRegister.
template <class ResultCollector, class SigType>
void IterateSignatureImpl(const SigType* sig, bool extra_callable_param,
                          ResultCollector& locations,
                          int* untagged_parameter_slots,
                          int* total_parameter_slots,
                          int* untagged_return_slots, int* total_return_slots) {
  constexpr int kParamsSlotOffset = 0;
  LinkageLocationAllocator params(kGpParamRegisters, kFpParamRegisters,
                                  kParamsSlotOffset);
  // The instance object.
  locations.AddParamAt(0, params.Next(MachineRepresentation::kTaggedPointer));
  const size_t param_offset = 1;  // Actual params start here.
 
  // Parameters are separated into two groups (first all untagged, then all
  // tagged parameters). This allows for easy iteration of tagged parameters
  // during frame iteration. It also allows for easy signature verification
  // based on counts.
  const size_t parameter_count = sig->parameter_count();
  bool has_tagged_param = false;
  for (size_t i = 0; i < parameter_count; i++) {
    MachineRepresentation param = GetMachineRepresentation(sig->GetParam(i));
    // Skip tagged parameters (e.g. any-ref).
    if (IsAnyTagged(param)) {
      has_tagged_param = true;
      continue;
    }
    locations.AddParamAt(i + param_offset, params.Next(param));
  }
  params.EndSlotArea();  // End the untagged area. Tagged slots come after.
  *untagged_parameter_slots = params.NumStackSlots();
  if (has_tagged_param) {
    for (size_t i = 0; i < parameter_count; i++) {
      MachineRepresentation param = GetMachineRepresentation(sig->GetParam(i));
      if (!IsAnyTagged(param)) continue;  // Skip untagged parameters.
      locations.AddParamAt(i + param_offset, params.Next(param));
    }
  }
  // Import call wrappers have an additional (implicit) parameter, the callable.
  // For consistency with JS, we use the JSFunction register.
  if (extra_callable_param) {
    locations.AddParamAt(
        parameter_count + param_offset,
        LinkageLocation::ForRegister(kJSFunctionRegister.code(),
                                     MachineType::TaggedPointer()));
  }
  int params_stack_height = AddArgumentPaddingSlots(params.NumStackSlots());
  *total_parameter_slots = params_stack_height;
 
  // Add return location(s).
  // For efficient signature verification, order results by taggedness, such
  // that all untagged results appear first in registers and on the stack,
  // followed by tagged results. That way, we can simply check the size of
  // each section, rather than needing a bit map.
  LinkageLocationAllocator rets(kGpReturnRegisters, kFpReturnRegisters,
                                params_stack_height);
 
  const size_t return_count = sig->return_count();
  bool has_tagged_result = false;
  for (size_t i = 0; i < return_count; i++) {
    MachineRepresentation ret = GetMachineRepresentation(sig->GetReturn(i));
    if (IsAnyTagged(ret)) {
      has_tagged_result = true;
      continue;
    }
    locations.AddReturnAt(i, rets.Next(ret));
  }
  rets.EndSlotArea();  // End the untagged area.
  *untagged_return_slots = rets.NumStackSlots();
  if (has_tagged_result) {
    for (size_t i = 0; i < return_count; i++) {
      MachineRepresentation ret = GetMachineRepresentation(sig->GetReturn(i));
      if (!IsAnyTagged(ret)) continue;
      locations.AddReturnAt(i, rets.Next(ret));
    }
  }
  *total_return_slots = rets.NumStackSlots();
}
 
#if V8_ENABLE_SANDBOX
 
// Computes a "signature hash" for sandbox hardening: two functions should have
// the same "signature hash" iff mixing them up (due to in-sandbox corruption)
// cannot possibly lead to a sandbox escape. That means in particular that we
// must ensure the following properties:
// - there must be no tagged/untagged mixups among parameters passed in GP
//   registers.
// - there must be no tagged/untagged mixups among parameters passed on the
//   stack.
// - there must be no mismatch in the sizes of the stack regions used for
//   passing parameters.
// - these same properties must hold for return values.
// To achieve this, we simulate the linkage locations that
// {GetWasmCallDescriptor} would assign, and collect the counts of
// tagged/untagged parameters in registers and on the stack, respectively.
class SignatureHasher {
 public:
  template <typename SigType>
  static uint64_t Hash(const SigType* sig) {
    SignatureHasher hasher;
    int total_param_stack_slots;
    int total_return_stack_slots;
    IterateSignatureImpl(
        sig, false /* no extra callable parameter */, hasher,
        &hasher.params_.untagged_on_stack_, &total_param_stack_slots,
        &hasher.rets_.untagged_on_stack_, &total_return_stack_slots);
 
    hasher.params_.tagged_on_stack_ =
        total_param_stack_slots - hasher.params_.untagged_on_stack_;
    hasher.rets_.tagged_on_stack_ =
        total_return_stack_slots - hasher.rets_.untagged_on_stack_;
 
    return hasher.GetHash();
  }
 
  void AddParamAt(size_t index, LinkageLocation location) {
    if (index == 0) return;  // Skip the instance object.
    CountIfRegister(location, params_);
  }
  void AddReturnAt(size_t index, LinkageLocation location) {
    CountIfRegister(location, rets_);
  }
 
 private:
  static constexpr int kUntaggedInRegBits = 3;
  static constexpr int kTaggedInRegBits = 3;
  static constexpr int kUntaggedOnStackBits = 11;
  static constexpr int kTaggedOnStackBits = 10;
 
  using UntaggedInReg =
      base::BitField<uint32_t, 0, kUntaggedInRegBits, uint64_t>;
  using TaggedInReg = UntaggedInReg::Next<uint32_t, kTaggedInRegBits>;
  using UntaggedOnStack = TaggedInReg::Next<uint32_t, kUntaggedOnStackBits>;
  using TaggedOnStack = UntaggedOnStack::Next<uint32_t, kTaggedOnStackBits>;
 
  static constexpr int kTotalWidth = TaggedOnStack::kLastUsedBit + 1;
  // Make sure we can return the full result (params + results) in a uint64_t.
  static_assert(kTotalWidth * 2 <= 64);
  // Also, we use ~uint64_t{0} as an invalid signature marker, so make sure that
  // this can't be a valid signature.
  static_assert(kTotalWidth * 2 < 64);
 
  // Make sure we chose the bit fields large enough.
  static_assert(arraysize(wasm::kGpParamRegisters) <=
                UntaggedInReg::kNumValues);
  static_assert(arraysize(wasm::kGpParamRegisters) <= TaggedInReg::kNumValues);
  static_assert(arraysize(wasm::kGpReturnRegisters) <=
                UntaggedInReg::kNumValues);
  static_assert(arraysize(wasm::kGpReturnRegisters) <= TaggedInReg::kNumValues);
  static constexpr int kMaxValueSizeInPointers =
      kMaxValueTypeSize / kSystemPointerSize;
  static_assert(wasm::kV8MaxWasmFunctionParams * kMaxValueSizeInPointers <=
                UntaggedOnStack::kNumValues);
  static_assert(wasm::kV8MaxWasmFunctionParams <= TaggedOnStack::kNumValues);
  static_assert(wasm::kV8MaxWasmFunctionReturns * kMaxValueSizeInPointers <=
                UntaggedOnStack::kNumValues);
  static_assert(wasm::kV8MaxWasmFunctionReturns <= TaggedOnStack::kNumValues);
 
  struct Counts {
    int tagged_in_reg_{0};
    int untagged_in_reg_{0};
    int tagged_on_stack_{0};
    int untagged_on_stack_{0};
 
    uint64_t GetHash() const {
      return UntaggedInReg::encode(untagged_in_reg_) |
             TaggedInReg::encode(tagged_in_reg_) |
             UntaggedOnStack::encode(untagged_on_stack_) |
             TaggedOnStack::encode(tagged_on_stack_);
    }
  };
 
  uint64_t GetHash() const {
    return (rets_.GetHash() << kTotalWidth) | params_.GetHash();
  }
 
  void CountIfRegister(LinkageLocation loc, Counts& counts) {
    if (!loc.IsRegister()) {
      DCHECK(loc.IsCallerFrameSlot());
      return;
    }
    MachineType type = loc.GetType();
    if (type.IsTagged()) {
      counts.tagged_in_reg_++;
    } else if (IsIntegral(type.representation())) {
      counts.untagged_in_reg_++;
    } else {
      DCHECK(IsFloatingPoint(type.representation()));
      // No need to count FP registers.
    }
  }
 
  Counts params_{};
  Counts rets_{};
};
 
#else  // V8_ENABLE_SANDBOX
 
class SignatureHasher {
 public:
  template <typename SigType>
  static uint64_t Hash(const SigType* sig) {
    return 0;
  }
};
 
#endif  // V8_ENABLE_SANDBOX
 
}  // namespace v8::internal::wasm
 
#endif  // V8_WASM_SIGNATURE_HASHING_H_