-
Notifications
You must be signed in to change notification settings - Fork 648
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Harden the trace intepreter so it doesn't access records that don't e…
…xist. Summary: I (ddetlefs) created a trace. At the time I did this, there was a problem with the trace fixup tool, so I fixed up the trace by hand, removing the incomplete last record. When I ran it, the trace interpreter crashed. I figured out that this was from accessing the records vector out of bounds. While we have also fixed the fixup-tool to walk back to "last empty stack", we decided it would also be good to harden the TraceInterpreter against such crashes. I by considering where "records" is accessed, I identified 3 such places. This diff fixes them, in both the hermes and static_h copies of TraceInterpreter.cpp. Reviewed By: mattbfb Differential Revision: D61546894 fbshipit-source-id: c6a99b2631b16913b07956912914c3803f91a15c
- Loading branch information
1 parent
c4767b0
commit 649ceaa
Showing
5 changed files
with
292 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
89 changes: 89 additions & 0 deletions
89
API/hermes/synthtest/tests/partial_trace_host_function.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
/* | ||
* Copyright (c) Meta Platforms, Inc. and affiliates. | ||
* | ||
* This source code is licensed under the MIT license found in the | ||
* LICENSE file in the root directory of this source tree. | ||
*/ | ||
|
||
#include "TestFunctions.h" | ||
|
||
namespace facebook { | ||
namespace hermes { | ||
namespace synthtest { | ||
|
||
const char *partialTraceHostFunctionTrace() { | ||
return R"###( | ||
{ | ||
"globalObjID": 1, | ||
"trace": [ | ||
{ | ||
"type": "BeginExecJSRecord", | ||
"time": 0 | ||
}, | ||
{ | ||
"type": "EndExecJSRecord", | ||
"retval": "undefined:", | ||
"time": 0 | ||
}, | ||
{ | ||
"type": "CreatePropNameRecord", | ||
"objID": 2, | ||
"encoding": "ASCII", | ||
"chars": "f" | ||
}, | ||
{ | ||
"type": "GetPropertyRecord", | ||
"time": 0, | ||
"objID": 1, | ||
"propID": "propIDTag:2", | ||
"propName": "f", | ||
}, | ||
{ | ||
"type": "ReturnToNativeRecord", | ||
"time": 0, | ||
"retval": "object:10" | ||
}, | ||
{ | ||
"type": "CreatePropNameIDRecord", | ||
"objID": 40, | ||
"encoding": "ASCII", | ||
"chars": "HostFunction1" | ||
}, | ||
{ | ||
"type": "CreateHostFunctionRecord", | ||
"time": 0, | ||
"objID": 11, | ||
"propNameID": 40, | ||
"functionName": "HostFunction1" | ||
}, | ||
{ | ||
"type": "CallFromNativeRecord", | ||
"time": 0, | ||
"functionID": 10, | ||
"thisArg": "undefined:", | ||
"args": ["object:11"] | ||
} | ||
] | ||
} | ||
)###"; | ||
} | ||
|
||
const char *partialTraceHostFunctionSource() { | ||
return R"###( | ||
'use strict'; | ||
(function(global) { | ||
// callbacks execute f | ||
// read the zeroth element of the return result, | ||
// execute that as a function with no args, | ||
// read the zeroth element of the return value and expect it to be false. | ||
global.f = function(nativeFunc) { | ||
nativeFunc(); | ||
}; | ||
})(this); | ||
)###"; | ||
} | ||
|
||
} // namespace synthtest | ||
} // namespace hermes | ||
} // namespace facebook |
87 changes: 87 additions & 0 deletions
87
API/hermes/synthtest/tests/partial_trace_host_object_get.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
/* | ||
* Copyright (c) Meta Platforms, Inc. and affiliates. | ||
* | ||
* This source code is licensed under the MIT license found in the | ||
* LICENSE file in the root directory of this source tree. | ||
*/ | ||
|
||
#include "TestFunctions.h" | ||
|
||
namespace facebook { | ||
namespace hermes { | ||
namespace synthtest { | ||
|
||
const char *partialTraceHostObjectGetTrace() { | ||
return R"###( | ||
{ | ||
"globalObjID": 1, | ||
"trace": [ | ||
{ | ||
"type": "BeginExecJSRecord", | ||
"time": 0 | ||
}, | ||
{ | ||
"type": "EndExecJSRecord", | ||
"retval": "undefined:", | ||
"time": 0 | ||
}, | ||
{ | ||
"type": "CreatePropNameRecord", | ||
"objID": 2, | ||
"encoding": "ASCII", | ||
"chars": "f" | ||
}, | ||
{ | ||
"type": "GetPropertyRecord", | ||
"time": 0, | ||
"objID": 1, | ||
"propID": "propIDTag:2", | ||
"propName": "f", | ||
}, | ||
{ | ||
"type": "ReturnToNativeRecord", | ||
"time": 0, | ||
"retval": "object:10" | ||
}, | ||
{ | ||
"type": "CreatePropNameIDRecord", | ||
"objID": 40, | ||
"encoding": "ASCII", | ||
"chars": "HostFunction1" | ||
}, | ||
{ | ||
"type": "CreateHostObjectRecord", | ||
"time": 0, | ||
"objID": 11, | ||
}, | ||
{ | ||
"type": "CallFromNativeRecord", | ||
"time": 0, | ||
"functionID": 10, | ||
"thisArg": "undefined:", | ||
"args": ["object:11"] | ||
} | ||
] | ||
} | ||
)###"; | ||
} | ||
|
||
const char *partialTraceHostObjectGetSource() { | ||
return R"###( | ||
'use strict'; | ||
(function(global) { | ||
// callbacks execute f | ||
// read the zeroth element of the return result, | ||
// execute that as a function with no args, | ||
// read the zeroth element of the return value and expect it to be false. | ||
global.f = function(hostObject) { | ||
return hostObject.a; | ||
}; | ||
})(this); | ||
)###"; | ||
} | ||
|
||
} // namespace synthtest | ||
} // namespace hermes | ||
} // namespace facebook |
87 changes: 87 additions & 0 deletions
87
API/hermes/synthtest/tests/partial_trace_host_object_set.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
/* | ||
* Copyright (c) Meta Platforms, Inc. and affiliates. | ||
* | ||
* This source code is licensed under the MIT license found in the | ||
* LICENSE file in the root directory of this source tree. | ||
*/ | ||
|
||
#include "TestFunctions.h" | ||
|
||
namespace facebook { | ||
namespace hermes { | ||
namespace synthtest { | ||
|
||
const char *partialTraceHostObjectSetTrace() { | ||
return R"###( | ||
{ | ||
"globalObjID": 1, | ||
"trace": [ | ||
{ | ||
"type": "BeginExecJSRecord", | ||
"time": 0 | ||
}, | ||
{ | ||
"type": "EndExecJSRecord", | ||
"retval": "undefined:", | ||
"time": 0 | ||
}, | ||
{ | ||
"type": "CreatePropNameRecord", | ||
"objID": 2, | ||
"encoding": "ASCII", | ||
"chars": "f" | ||
}, | ||
{ | ||
"type": "GetPropertyRecord", | ||
"time": 0, | ||
"objID": 1, | ||
"propID": "propIDTag:2", | ||
"propName": "f", | ||
}, | ||
{ | ||
"type": "ReturnToNativeRecord", | ||
"time": 0, | ||
"retval": "object:10" | ||
}, | ||
{ | ||
"type": "CreatePropNameIDRecord", | ||
"objID": 40, | ||
"encoding": "ASCII", | ||
"chars": "HostFunction1" | ||
}, | ||
{ | ||
"type": "CreateHostObjectRecord", | ||
"time": 0, | ||
"objID": 11, | ||
}, | ||
{ | ||
"type": "CallFromNativeRecord", | ||
"time": 0, | ||
"functionID": 10, | ||
"thisArg": "undefined:", | ||
"args": ["object:11"] | ||
} | ||
] | ||
} | ||
)###"; | ||
} | ||
|
||
const char *partialTraceHostObjectSetSource() { | ||
return R"###( | ||
'use strict'; | ||
(function(global) { | ||
// callbacks execute f | ||
// read the zeroth element of the return result, | ||
// execute that as a function with no args, | ||
// read the zeroth element of the return value and expect it to be false. | ||
global.f = function(hostObject) { | ||
hostObject.a = 7; | ||
}; | ||
})(this); | ||
)###"; | ||
} | ||
|
||
} // namespace synthtest | ||
} // namespace hermes | ||
} // namespace facebook |