| /* |
| * Copyright (C) 2019-2022 Apple Inc. All rights reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * 1. Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * 2. Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following disclaimer in the |
| * documentation and/or other materials provided with the distribution. |
| * |
| * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY |
| * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR |
| * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, |
| * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, |
| * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR |
| * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
| * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| */ |
| |
| #pragma once |
| |
| #include <wtf/StackBounds.h> |
| #include <wtf/Threading.h> |
| |
| // We only enable the reserved zone size check by default on ASSERT_ENABLED |
| // builds (which usually mean Debug builds). However, it is more valuable to |
| // run this test on Release builds. That said, we don't want to do pay this |
| // cost always because we may need to do stack checks on hot paths too. |
| // Note also that we're deliberately using RELEASE_ASSERTs if the verification |
| // is turned on. This makes it easier for us to turn this on for Release builds |
| // for a reserved zone size calibration test runs. |
| |
| #define VERIFY_STACK_CHECK_RESERVED_ZONE_SIZE ASSERT_ENABLED |
| |
| #if VERIFY_STACK_CHECK_RESERVED_ZONE_SIZE |
| #include <wtf/StackTrace.h> |
| |
| constexpr bool verboseStackCheckVerification = false; |
| #endif |
| |
| namespace WTF { |
| |
| class StackCheck { |
| WTF_MAKE_FAST_ALLOCATED; |
| public: |
| class Scope { |
| public: |
| Scope(StackCheck& checker) |
| : m_checker(checker) |
| { |
| #if VERIFY_STACK_CHECK_RESERVED_ZONE_SIZE |
| RELEASE_ASSERT(checker.m_ownerThread == &Thread::current()); |
| |
| // Make sure that the stack interval between checks never exceed the |
| // reservedZone size. If the interval exceeds the reservedZone size, |
| // then we either need to: |
| // 1. break the interval into smaller pieces (i.e. insert more checks), or |
| // 2. use a larger reservedZone size. |
| uint8_t* currentStackCheckpoint = static_cast<uint8_t*>(currentStackPointer()); |
| uint8_t* previousStackCheckpoint = m_checker.m_lastStackCheckpoint; |
| ptrdiff_t stackBetweenCheckpoints = previousStackCheckpoint - currentStackCheckpoint; |
| |
| m_savedLastStackCheckpoint = m_checker.m_lastStackCheckpoint; |
| m_checker.m_lastStackCheckpoint = currentStackCheckpoint; |
| if constexpr (verboseStackCheckVerification) { |
| m_savedLastCheckpointStackTrace = WTFMove(m_checker.m_lastCheckpointStackTrace); |
| m_checker.m_lastCheckpointStackTrace = StackTrace::captureStackTrace(INT_MAX); |
| } |
| |
| if (UNLIKELY(stackBetweenCheckpoints <= 0 || stackBetweenCheckpoints >= static_cast<ptrdiff_t>(m_checker.m_reservedZone))) |
| reportVerificationFailureAndCrash(); |
| #endif |
| } |
| |
| #if VERIFY_STACK_CHECK_RESERVED_ZONE_SIZE |
| ~Scope() |
| { |
| m_checker.m_lastStackCheckpoint = m_savedLastStackCheckpoint; |
| if constexpr (verboseStackCheckVerification) |
| m_checker.m_lastCheckpointStackTrace = WTFMove(m_savedLastCheckpointStackTrace); |
| } |
| #endif |
| |
| bool isSafeToRecurse() { return m_checker.isSafeToRecurse(); } |
| |
| private: |
| #if VERIFY_STACK_CHECK_RESERVED_ZONE_SIZE |
| WTF_EXPORT_PRIVATE NO_RETURN_DUE_TO_CRASH void reportVerificationFailureAndCrash(); |
| #endif |
| |
| StackCheck& m_checker; |
| #if VERIFY_STACK_CHECK_RESERVED_ZONE_SIZE |
| uint8_t* m_savedLastStackCheckpoint; |
| std::unique_ptr<StackTrace> m_savedLastCheckpointStackTrace; |
| #endif |
| }; |
| |
| StackCheck(const StackBounds& bounds = Thread::current().stack(), size_t minReservedZone = StackBounds::DefaultReservedZone) |
| : m_stackLimit(bounds.recursionLimit(minReservedZone)) |
| #if VERIFY_STACK_CHECK_RESERVED_ZONE_SIZE |
| , m_ownerThread(&Thread::current()) |
| , m_lastStackCheckpoint(static_cast<uint8_t*>(currentStackPointer())) |
| , m_reservedZone(minReservedZone) |
| #endif |
| { } |
| |
| inline bool isSafeToRecurse() { return currentStackPointer() >= m_stackLimit; } |
| |
| private: |
| void* m_stackLimit; |
| #if VERIFY_STACK_CHECK_RESERVED_ZONE_SIZE |
| Thread* m_ownerThread; |
| uint8_t* m_lastStackCheckpoint; |
| size_t m_reservedZone; |
| std::unique_ptr<StackTrace> m_lastCheckpointStackTrace; |
| #endif |
| |
| friend class Scope; |
| }; |
| |
| } // namespace WTF |
| |
| using WTF::StackCheck; |