[webkit-reviews] review granted: [Bug 240264] Add optional Integrity checks at JSC API boundaries. : [Attachment 459123] proposed patch.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 10 10:01:50 PDT 2022 

Yusuke Suzuki <ysuzuki at apple.com> has granted Mark Lam <mark.lam at apple.com>'s
request for review:
Bug 240264: Add optional Integrity checks at JSC API boundaries.
https://bugs.webkit.org/show_bug.cgi?id=240264

Attachment 459123: proposed patch.

https://bugs.webkit.org/attachment.cgi?id=459123&action=review




--- Comment #7 from Yusuke Suzuki <ysuzuki at apple.com> ---
Comment on attachment 459123
  --> https://bugs.webkit.org/attachment.cgi?id=459123
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=459123&action=review

r=me with comments.

> Source/JavaScriptCore/ChangeLog:22
> +	   4. Moved isSanePointer() to Integrity.h so that it can be used in
more places.

Should we put it under `Integrity` namespace, what do you think of?

> Source/JavaScriptCore/ChangeLog:48
> +	   11. Also strengten Integrity::auditStructureID() so that it will
check if a
> +	       Structure's memory has been released.

Can we split these lists into two sets of lists? They are based on,

1. features enabled only when ENABLE(EXTRA_INTEGRITY_CHECKS) is true
2. others

e.g.

The features enabled with ENABLE(EXTRA_INTEGRITY_CHECKS) are,

1. ...
2. ...
3. ..

> Source/JavaScriptCore/runtime/VM.cpp:410
> +    WTF::compilerFence();

Let's use `storeStoreFence()` to ensure that all the above stores are effective
when we set m_isInService.

> Source/JavaScriptCore/runtime/VM.cpp:435
> +    WTF::compilerFence();

Use storeStoreFence to ensure that when m_isInService is true, we are not
starting the following destruction operations.

> Source/JavaScriptCore/tools/Integrity.h:41
> +#if USE(JSVALUE32)
> +#define ENABLE_EXTRA_INTEGRITY_CHECKS 0 // Not supported.
> +#else
> +// Force ENABLE_EXTRA_INTEGRITY_CHECKS to 1 for your local build if you want
> +// more prolific audits to be enabled.
> +#define ENABLE_EXTRA_INTEGRITY_CHECKS 0
> +#endif

What do you think about enabling it for debug builds? Is it too costly?

More information about the webkit-reviews mailing list