1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/src/share/vm/memory/guardedMemory.hpp Thu Aug 14 15:16:07 2014 +0200
1.3 @@ -0,0 +1,326 @@
1.4 +/*
1.5 + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
1.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
1.7 + *
1.8 + * This code is free software; you can redistribute it and/or modify it
1.9 + * under the terms of the GNU General Public License version 2 only, as
1.10 + * published by the Free Software Foundation.
1.11 + *
1.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
1.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
1.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
1.15 + * version 2 for more details (a copy is included in the LICENSE file that
1.16 + * accompanied this code).
1.17 + *
1.18 + * You should have received a copy of the GNU General Public License version
1.19 + * 2 along with this work; if not, write to the Free Software Foundation,
1.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
1.21 + *
1.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
1.23 + * or visit www.oracle.com if you need additional information or have any
1.24 + * questions.
1.25 + *
1.26 + */
1.27 +
1.28 +#ifndef SHARE_VM_MEMORY_GUARDED_MEMORY_HPP
1.29 +#define SHARE_VM_MEMORY_GUARDED_MEMORY_HPP
1.30 +
1.31 +#include "memory/allocation.hpp"
1.32 +#include "utilities/globalDefinitions.hpp"
1.33 +
1.34 +/**
1.35 + * Guarded memory for detecting buffer overrun.
1.36 + *
1.37 + * Allows allocations to be wrapped with padded bytes of a known byte pattern,
1.38 + * that is a "guard". Guard patterns may be verified to detect buffer overruns.
1.39 + *
1.40 + * Primarily used by "debug malloc" and "checked JNI".
1.41 + *
1.42 + * Memory layout:
1.43 + *
1.44 + * |Offset | Content | Description |
1.45 + * |------------------------------------------------------------
1.46 + * |base_addr | 0xABABABABABABABAB | Head guard |
1.47 + * |+16 | <size_t:user_size> | User data size |
1.48 + * |+sizeof(uintptr_t) | <tag> | Tag word |
1.49 + * |+sizeof(void*) | 0xF1 <user_data> ( | User data |
1.50 + * |+user_size | 0xABABABABABABABAB | Tail guard |
1.51 + * -------------------------------------------------------------
1.52 + *
1.53 + * Where:
1.54 + * - guard padding uses "badResourceValue" (0xAB)
1.55 + * - tag word is general purpose
1.56 + * - user data
1.57 + * -- initially padded with "uninitBlockPad" (0xF1),
1.58 + * -- to "freeBlockPad" (0xBA), when freed
1.59 + *
1.60 + * Usage:
1.61 + *
1.62 + * * Allocations: one may wrap allocations with guard memory:
1.63 + * <code>
1.64 + * Thing* alloc_thing() {
1.65 + * void* mem = user_alloc_fn(GuardedMemory::get_total_size(sizeof(thing)));
1.66 + * GuardedMemory guarded(mem, sizeof(thing));
1.67 + * return (Thing*) guarded.get_user_ptr();
1.68 + * }
1.69 + * </code>
1.70 + * * Verify: memory guards are still in tact
1.71 + * <code>
1.72 + * bool verify_thing(Thing* thing) {
1.73 + * GuardedMemory guarded((void*)thing);
1.74 + * return guarded.verify_guards();
1.75 + * }
1.76 + * </code>
1.77 + * * Free: one may mark bytes as freed (further debugging support)
1.78 + * <code>
1.79 + * void free_thing(Thing* thing) {
1.80 + * GuardedMemory guarded((void*)thing);
1.81 + * assert(guarded.verify_guards(), "Corrupt thing");
1.82 + * user_free_fn(guards.release_for_freeing();
1.83 + * }
1.84 + * </code>
1.85 + */
1.86 +class GuardedMemory : StackObj { // Wrapper on stack
1.87 +
1.88 + // Private inner classes for memory layout...
1.89 +
1.90 +protected:
1.91 +
1.92 + /**
1.93 + * Guard class for header and trailer known pattern to test for overwrites.
1.94 + */
1.95 + class Guard { // Class for raw memory (no vtbl allowed)
1.96 + friend class GuardedMemory;
1.97 + protected:
1.98 + enum {
1.99 + GUARD_SIZE = 16
1.100 + };
1.101 +
1.102 + u_char _guard[GUARD_SIZE];
1.103 +
1.104 + public:
1.105 +
1.106 + void build() {
1.107 + u_char* c = _guard; // Possibly unaligned if tail guard
1.108 + u_char* end = c + GUARD_SIZE;
1.109 + while (c < end) {
1.110 + *c = badResourceValue;
1.111 + c++;
1.112 + }
1.113 + }
1.114 +
1.115 + bool verify() const {
1.116 + u_char* c = (u_char*) _guard;
1.117 + u_char* end = c + GUARD_SIZE;
1.118 + while (c < end) {
1.119 + if (*c != badResourceValue) {
1.120 + return false;
1.121 + }
1.122 + c++;
1.123 + }
1.124 + return true;
1.125 + }
1.126 +
1.127 + }; // GuardedMemory::Guard
1.128 +
1.129 + /**
1.130 + * Header guard and size
1.131 + */
1.132 + class GuardHeader : Guard {
1.133 + friend class GuardedMemory;
1.134 + protected:
1.135 + // Take care in modifying fields here, will effect alignment
1.136 + // e.g. x86 ABI 16 byte stack alignment
1.137 + union {
1.138 + uintptr_t __unused_full_word1;
1.139 + size_t _user_size;
1.140 + };
1.141 + void* _tag;
1.142 + public:
1.143 + void set_user_size(const size_t usz) { _user_size = usz; }
1.144 + size_t get_user_size() const { return _user_size; }
1.145 +
1.146 + void set_tag(const void* tag) { _tag = (void*) tag; }
1.147 + void* get_tag() const { return _tag; }
1.148 +
1.149 + }; // GuardedMemory::GuardHeader
1.150 +
1.151 + // Guarded Memory...
1.152 +
1.153 + protected:
1.154 + u_char* _base_addr;
1.155 +
1.156 + public:
1.157 +
1.158 + /**
1.159 + * Create new guarded memory.
1.160 + *
1.161 + * Wraps, starting at the given "base_ptr" with guards. Use "get_user_ptr()"
1.162 + * to return a pointer suitable for user data.
1.163 + *
1.164 + * @param base_ptr allocation wishing to be wrapped, must be at least "GuardedMemory::get_total_size()" bytes.
1.165 + * @param user_size the size of the user data to be wrapped.
1.166 + * @param tag optional general purpose tag.
1.167 + */
1.168 + GuardedMemory(void* base_ptr, const size_t user_size, const void* tag = NULL) {
1.169 + wrap_with_guards(base_ptr, user_size, tag);
1.170 + }
1.171 +
1.172 + /**
1.173 + * Wrap existing guarded memory.
1.174 + *
1.175 + * To use this constructor, one must have created guarded memory with
1.176 + * "GuardedMemory(void*, size_t, void*)" (or indirectly via helper, e.g. "wrap_copy()").
1.177 + *
1.178 + * @param user_p existing wrapped memory.
1.179 + */
1.180 + GuardedMemory(void* userp) {
1.181 + u_char* user_ptr = (u_char*) userp;
1.182 + assert((uintptr_t)user_ptr > (sizeof(GuardHeader) + 0x1000), "Invalid pointer");
1.183 + _base_addr = (user_ptr - sizeof(GuardHeader));
1.184 + }
1.185 +
1.186 + /**
1.187 + * Create new guarded memory.
1.188 + *
1.189 + * Wraps, starting at the given "base_ptr" with guards. Allows reuse of stack allocated helper.
1.190 + *
1.191 + * @param base_ptr allocation wishing to be wrapped, must be at least "GuardedMemory::get_total_size()" bytes.
1.192 + * @param user_size the size of the user data to be wrapped.
1.193 + * @param tag optional general purpose tag.
1.194 + *
1.195 + * @return user data pointer (inner pointer to supplied "base_ptr").
1.196 + */
1.197 + void* wrap_with_guards(void* base_ptr, size_t user_size, const void* tag = NULL) {
1.198 + assert(base_ptr != NULL, "Attempt to wrap NULL with memory guard");
1.199 + _base_addr = (u_char*)base_ptr;
1.200 + get_head_guard()->build();
1.201 + get_head_guard()->set_user_size(user_size);
1.202 + get_tail_guard()->build();
1.203 + set_tag(tag);
1.204 + set_user_bytes(uninitBlockPad);
1.205 + assert(verify_guards(), "Expected valid memory guards");
1.206 + return get_user_ptr();
1.207 + }
1.208 +
1.209 + /**
1.210 + * Verify head and tail guards.
1.211 + *
1.212 + * @return true if guards are intact, false would indicate a buffer overrun.
1.213 + */
1.214 + bool verify_guards() const {
1.215 + if (_base_addr != NULL) {
1.216 + return (get_head_guard()->verify() && get_tail_guard()->verify());
1.217 + }
1.218 + return false;
1.219 + }
1.220 +
1.221 + /**
1.222 + * Set the general purpose tag.
1.223 + *
1.224 + * @param tag general purpose tag.
1.225 + */
1.226 + void set_tag(const void* tag) { get_head_guard()->set_tag(tag); }
1.227 +
1.228 + /**
1.229 + * Return the general purpose tag.
1.230 + *
1.231 + * @return the general purpose tag, defaults to NULL.
1.232 + */
1.233 + void* get_tag() const { return get_head_guard()->get_tag(); }
1.234 +
1.235 + /**
1.236 + * Return the size of the user data.
1.237 + *
1.238 + * @return the size of the user data.
1.239 + */
1.240 + size_t get_user_size() const {
1.241 + assert(_base_addr, "Not wrapping any memory");
1.242 + return get_head_guard()->get_user_size();
1.243 + }
1.244 +
1.245 + /**
1.246 + * Return the user data pointer.
1.247 + *
1.248 + * @return the user data pointer.
1.249 + */
1.250 + u_char* get_user_ptr() const {
1.251 + assert(_base_addr, "Not wrapping any memory");
1.252 + return _base_addr + sizeof(GuardHeader);
1.253 + }
1.254 +
1.255 + /**
1.256 + * Release the wrapped pointer for resource freeing.
1.257 + *
1.258 + * Pads the user data with "freeBlockPad", and dis-associates the helper.
1.259 + *
1.260 + * @return the original base pointer used to wrap the data.
1.261 + */
1.262 + void* release_for_freeing() {
1.263 + set_user_bytes(freeBlockPad);
1.264 + return release();
1.265 + }
1.266 +
1.267 + /**
1.268 + * Dis-associate the help from the original base address.
1.269 + *
1.270 + * @return the original base pointer used to wrap the data.
1.271 + */
1.272 + void* release() {
1.273 + void* p = (void*) _base_addr;
1.274 + _base_addr = NULL;
1.275 + return p;
1.276 + }
1.277 +
1.278 + virtual void print_on(outputStream* st) const;
1.279 +
1.280 + protected:
1.281 + GuardHeader* get_head_guard() const { return (GuardHeader*) _base_addr; }
1.282 + Guard* get_tail_guard() const { return (Guard*) (get_user_ptr() + get_user_size()); };
1.283 + void set_user_bytes(u_char ch) {
1.284 + memset(get_user_ptr(), ch, get_user_size());
1.285 + }
1.286 +
1.287 +public:
1.288 + /**
1.289 + * Return the total size required for wrapping the given user size.
1.290 + *
1.291 + * @return the total size required for wrapping the given user size.
1.292 + */
1.293 + static size_t get_total_size(size_t user_size) {
1.294 + size_t total_size = sizeof(GuardHeader) + user_size + sizeof(Guard);
1.295 + assert(total_size > user_size, "Unexpected wrap-around");
1.296 + return total_size;
1.297 + }
1.298 +
1.299 + // Helper functions...
1.300 +
1.301 + /**
1.302 + * Wrap a copy of size "len" of "ptr".
1.303 + *
1.304 + * @param ptr the memory to be copied
1.305 + * @param len the length of the copy
1.306 + * @param tag optional general purpose tag (see GuardedMemory::get_tag())
1.307 + *
1.308 + * @return guarded wrapped memory pointer to the user area, or NULL if OOM.
1.309 + */
1.310 + static void* wrap_copy(const void* p, const size_t len, const void* tag = NULL);
1.311 +
1.312 + /**
1.313 + * Free wrapped copy.
1.314 + *
1.315 + * Frees memory copied with "wrap_copy()".
1.316 + *
1.317 + * @param p memory returned by "wrap_copy()".
1.318 + *
1.319 + * @return true if guards were verified as intact. false indicates a buffer overrun.
1.320 + */
1.321 + static bool free_copy(void* p);
1.322 +
1.323 + // Testing...
1.324 +#ifndef PRODUCT
1.325 + static void test_guarded_memory(void);
1.326 +#endif
1.327 +}; // GuardedMemory
1.328 +
1.329 +#endif // SHARE_VM_MEMORY_GUARDED_MEMORY_HPP
