eliott/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird synced 2026-05-11 17:37:33 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0bb987e809ff02ca4bc7776533a69394fb1bb932
ladybird/Libraries/LibJS/Bytecode/Validator.h
Andreas Kling d4ed658429 LibJS: Add bytecode validator scaffolding driven from Bytecode.def 
The plan is to start caching compiled JS bytecode on disk. Before
loading anything from a cache we need confidence that the bytes are
structurally well-formed, since a corrupted or tampered-with cache
file could otherwise hand the interpreter an out-of-bounds jump or a
constant-pool index that points past the end of the table.

This commit lays down the scaffolding for that validator. The walker
lives in Rust (Libraries/LibJS/Rust/src/bytecode/validator.rs) so
that it can share the existing Bytecode.def-driven layout machinery
with the encoder. C++ calls into it through cbindgen, the same way
the rest of the Rust pipeline is wired up.

For now, the validator only does Pass 1: walk the byte stream,
verify each instruction is 8-byte aligned, the opcode byte is in
range, and the reported length keeps us inside the buffer. The
length lookup is generated from Bytecode.def so fixed-length and
variable-length instructions stay in sync with the rest of the
codegen automatically. Per-field bounds checks (operands, labels,
table indices, cache indices) and structural extras (basic block
offsets, exception handlers, source map) come in follow-up commits.

The validator runs after every successful compilation in debug and
sanitizer builds, gated on !NDEBUG || HAS_ADDRESS_SANITIZER, so we
get an extra sanity check on every executable the encoder produces
without paying for it in release builds. Failure trips a
VERIFY_NOT_REACHED with the offset, opcode, and error category
logged via dbgln().
2026-05-03 08:43:19 +02:00

28 lines
609 B
C++
Raw Blame History

/*
* Copyright (c) 2026-present, the Ladybird developers.
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#pragma once
#include <AK/Error.h>
#include <LibJS/Forward.h>
namespace JS::Bytecode {
class Executable;
// Whether the bytecode being validated still has m_cache fields stored as
// indices (BeforeFixup) or has had Executable::fixup_cache_pointers() rewrite
// them into live pointers (AfterFixup). Cache fields are only range-checked
// in the BeforeFixup case.
enum class CacheState : u8 {
BeforeFixup,
AfterFixup,
};
ErrorOr<void> validate_bytecode(Executable const&, CacheState);
}
Reference in New Issue View Git Blame Copy Permalink