From 2cb701f7f3b4f8b2d0f65b499677338034b2403b Mon Sep 17 00:00:00 2001 From: Wenyong Huang Date: Fri, 18 Aug 2023 10:16:03 +0800 Subject: [PATCH] Fix windows AOT hw bound check (#2475) When AOT out of bound linear memory access or stack overflow occurs, the call stack of AOT functions cannot be unwound currently, so from the exception handler, runtime cannot jump back into the place that calls the AOT function. We temporarily skip the current instruction and let AOT code continue to run and return to caller as soon as possible. And use the zydis library the decode the current instruction to get its size. And remove using RtlAddFunctionTable to register the AOT functions since it doesn't work currently. --- core/iwasm/aot/aot_loader.c | 53 --------- core/iwasm/aot/aot_runtime.h | 32 ------ core/iwasm/aot/arch/aot_reloc_x86_64.c | 15 --- core/iwasm/aot/iwasm_aot.cmake | 46 +++++++- core/iwasm/common/wasm_runtime_common.c | 125 ++++++++++++++++----- core/iwasm/compilation/aot_emit_function.c | 22 +++- 6 files changed, 159 insertions(+), 134 deletions(-) diff --git a/core/iwasm/aot/aot_loader.c b/core/iwasm/aot/aot_loader.c index 50e36f9e..0ce2cf9d 100644 --- a/core/iwasm/aot/aot_loader.c +++ b/core/iwasm/aot/aot_loader.c @@ -1644,27 +1644,6 @@ load_function_section(const uint8 *buf, const uint8 *buf_end, AOTModule *module, const uint8 *p = buf, *p_end = buf_end; uint32 i; uint64 size, text_offset; -#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS) - RUNTIME_FUNCTION *rtl_func_table; - AOTUnwindInfo *unwind_info; - uint32 unwind_info_offset = module->code_size - sizeof(AOTUnwindInfo); - uint32 unwind_code_offset = unwind_info_offset - PLT_ITEM_SIZE; -#endif - -#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS) - unwind_info = (AOTUnwindInfo *)((uint8 *)module->code + module->code_size - - sizeof(AOTUnwindInfo)); - unwind_info->Version = 1; - unwind_info->Flags = UNW_FLAG_NHANDLER; - *(uint32 *)&unwind_info->UnwindCode[0] = unwind_code_offset; - - size = sizeof(RUNTIME_FUNCTION) * (uint64)module->func_count; - if (size > 0 - && !(rtl_func_table = module->rtl_func_table = - loader_malloc(size, error_buf, error_buf_size))) { - return false; - } -#endif size = sizeof(void *) * (uint64)module->func_count; if (size > 0 @@ -1691,33 +1670,9 @@ load_function_section(const uint8 *buf, const uint8 *buf_end, AOTModule *module, #if defined(BUILD_TARGET_THUMB) || defined(BUILD_TARGET_THUMB_VFP) /* bits[0] of thumb function address must be 1 */ module->func_ptrs[i] = (void *)((uintptr_t)module->func_ptrs[i] | 1); -#endif -#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS) - rtl_func_table[i].BeginAddress = (DWORD)text_offset; - if (i > 0) { - rtl_func_table[i - 1].EndAddress = rtl_func_table[i].BeginAddress; - } - rtl_func_table[i].UnwindInfoAddress = (DWORD)unwind_info_offset; #endif } -#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS) - if (module->func_count > 0) { - uint32 plt_table_size = - module->is_indirect_mode ? 0 : get_plt_table_size(); - rtl_func_table[module->func_count - 1].EndAddress = - (DWORD)(module->code_size - plt_table_size); - - if (!RtlAddFunctionTable(rtl_func_table, module->func_count, - (DWORD64)(uintptr_t)module->code)) { - set_error_buf(error_buf, error_buf_size, - "add dynamic function table failed"); - return false; - } - module->rtl_func_table_registered = true; - } -#endif - /* Set start function when function pointers are resolved */ if (module->start_func_index != (uint32)-1) { if (module->start_func_index >= module->import_func_count) @@ -3261,14 +3216,6 @@ aot_unload(AOTModule *module) } #endif -#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS) - if (module->rtl_func_table) { - if (module->rtl_func_table_registered) - RtlDeleteFunctionTable(module->rtl_func_table); - wasm_runtime_free(module->rtl_func_table); - } -#endif - #if (defined(BUILD_TARGET_X86_64) || defined(BUILD_TARGET_AMD_64)) \ && !defined(BH_PLATFORM_WINDOWS) { diff --git a/core/iwasm/aot/aot_runtime.h b/core/iwasm/aot/aot_runtime.h index 895823af..4358e307 100644 --- a/core/iwasm/aot/aot_runtime.h +++ b/core/iwasm/aot/aot_runtime.h @@ -92,30 +92,6 @@ typedef struct AOTModuleInstanceExtra { WASMModuleInstanceExtraCommon common; } AOTModuleInstanceExtra; -#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS) -/* clang-format off */ -typedef struct AOTUnwindInfo { - uint8 Version : 3; - uint8 Flags : 5; - uint8 SizeOfProlog; - uint8 CountOfCodes; - uint8 FrameRegister : 4; - uint8 FrameOffset : 4; - struct { - struct { - uint8 CodeOffset; - uint8 UnwindOp : 4; - uint8 OpInfo : 4; - }; - uint16 FrameOffset; - } UnwindCode[1]; -} AOTUnwindInfo; -/* clang-format on */ - -/* size of mov instruction and jmp instruction */ -#define PLT_ITEM_SIZE 12 -#endif - #if defined(BUILD_TARGET_X86_64) || defined(BUILD_TARGET_AMD_64) typedef struct GOTItem { uint32 func_idx; @@ -211,14 +187,6 @@ typedef struct AOTModule { uint32 float_plt_count; #endif -#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS) - /* dynamic function table to be added by RtlAddFunctionTable(), - used to unwind the call stack and register exception handler - for AOT functions */ - RUNTIME_FUNCTION *rtl_func_table; - bool rtl_func_table_registered; -#endif - #if defined(BUILD_TARGET_X86_64) || defined(BUILD_TARGET_AMD_64) uint32 got_item_count; GOTItemList got_item_list; diff --git a/core/iwasm/aot/arch/aot_reloc_x86_64.c b/core/iwasm/aot/arch/aot_reloc_x86_64.c index 1bf5eb59..b5be2459 100644 --- a/core/iwasm/aot/arch/aot_reloc_x86_64.c +++ b/core/iwasm/aot/arch/aot_reloc_x86_64.c @@ -69,9 +69,6 @@ get_plt_table_size() { uint32 size = get_plt_item_size() * (sizeof(target_sym_map) / sizeof(SymbolMap)); -#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS) - size += get_plt_item_size() + sizeof(AOTUnwindInfo); -#endif return size; } @@ -93,18 +90,6 @@ init_plt_table(uint8 *plt) *p++ = 0xE0; plt += get_plt_item_size(); } - -#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS) - p = plt; - /* mov exception_handler, rax */ - *p++ = 0x48; - *p++ = 0xB8; - *(uint64 *)p = 0; /*(uint64)(uintptr_t)aot_exception_handler;*/ - p += sizeof(uint64); - /* jmp rax */ - *p++ = 0xFF; - *p++ = 0xE0; -#endif } static bool diff --git a/core/iwasm/aot/iwasm_aot.cmake b/core/iwasm/aot/iwasm_aot.cmake index 8014f237..efff88dd 100644 --- a/core/iwasm/aot/iwasm_aot.cmake +++ b/core/iwasm/aot/iwasm_aot.cmake @@ -36,5 +36,49 @@ if (WAMR_BUILD_DEBUG_AOT EQUAL 1) file(GLOB debug_source ${IWASM_AOT_DIR}/debug/*.c) endif() -set (IWASM_AOT_SOURCE ${c_source_all} ${arch_source} ${debug_source}) +if ((WAMR_BUILD_TARGET STREQUAL "X86_64" OR WAMR_BUILD_TARGET STREQUAL "AMD_64") + AND (WAMR_BUILD_PLATFORM STREQUAL "windows") + AND (NOT WAMR_DISABLE_HW_BOUND_CHECK EQUAL 1)) + include(FetchContent) + FetchContent_Declare( + zycore + GIT_REPOSITORY https://github.com/zyantific/zycore-c.git + ) + FetchContent_GetProperties(zycore) + if (NOT zycore_POPULATED) + message ("-- Fetching zycore ..") + FetchContent_Populate(zycore) + include_directories("${zycore_SOURCE_DIR}/include") + include_directories("${zycore_BINARY_DIR}") + add_definitions(-DZYCORE_STATIC_BUILD=1) + add_subdirectory(${zycore_SOURCE_DIR} ${zycore_BINARY_DIR} EXCLUDE_FROM_ALL) + file (GLOB_RECURSE c_source_zycore ${zycore_SOURCE_DIR}/src/*.c) + endif () + + FetchContent_Declare( + zydis + GIT_REPOSITORY https://github.com/zyantific/zydis.git + GIT_TAG e14a07895136182a5b53e181eec3b1c6e0b434de + ) + FetchContent_GetProperties(zydis) + if (NOT zydis_POPULATED) + message ("-- Fetching zydis ..") + FetchContent_Populate(zydis) + option(ZYDIS_FEATURE_ENCODER "" OFF) + option(ZYDIS_BUILD_TOOLS "" OFF) + option(ZYDIS_BUILD_EXAMPLES "" OFF) + option(ZYDIS_BUILD_MAN "" OFF) + option(ZYDIS_BUILD_DOXYGEN "" OFF) + include_directories("${zydis_BINARY_DIR}") + include_directories("${zydis_SOURCE_DIR}/include") + include_directories("${zydis_SOURCE_DIR}/src") + add_definitions(-DZYDIS_STATIC_BUILD=1) + add_subdirectory(${zydis_SOURCE_DIR} ${zydis_BINARY_DIR} EXCLUDE_FROM_ALL) + file (GLOB_RECURSE c_source_zydis ${zydis_SOURCE_DIR}/src/*.c) + endif () +endif () + + +set (IWASM_AOT_SOURCE ${c_source_all} ${arch_source} ${debug_source} + ${c_source_zycore} ${c_source_zydis}) diff --git a/core/iwasm/common/wasm_runtime_common.c b/core/iwasm/common/wasm_runtime_common.c index b1866215..09233f24 100644 --- a/core/iwasm/common/wasm_runtime_common.c +++ b/core/iwasm/common/wasm_runtime_common.c @@ -199,7 +199,90 @@ runtime_signal_handler(void *sig_addr) } } } -#else +#else /* else of BH_PLATFORM_WINDOWS */ + +#if WASM_ENABLE_AOT != 0 +#include + +static uint32 +decode_insn(uint8 *insn) +{ + uint8 *data = (uint8 *)insn; + uint32 length = 32; /* reserve enough size */ + + /* Initialize decoder context */ + ZydisDecoder decoder; + ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64, + ZYDIS_STACK_WIDTH_64); + + /* Initialize formatter */ + ZydisFormatter formatter; + ZydisFormatterInit(&formatter, ZYDIS_FORMATTER_STYLE_INTEL); + + /* Loop over the instructions in our buffer */ + ZyanU64 runtime_address = (ZyanU64)(uintptr_t)data; + ZyanUSize offset = 0; + ZydisDecodedInstruction instruction; + ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT_VISIBLE]; + char buffer[256]; + + if (ZYAN_SUCCESS(ZydisDecoderDecodeFull( + &decoder, data + offset, length - offset, &instruction, operands, + ZYDIS_MAX_OPERAND_COUNT_VISIBLE, + ZYDIS_DFLAG_VISIBLE_OPERANDS_ONLY))) { + + /* Format & print the binary instruction structure to + human readable format */ + ZydisFormatterFormatInstruction(&formatter, &instruction, operands, + instruction.operand_count_visible, + buffer, sizeof(buffer), + runtime_address); + + /* Print current instruction */ + /* + os_printf("%012" PRIX64 " ", runtime_address); + puts(buffer); + */ + + return instruction.length; + } + + /* Decode failed */ + return 0; +} +#endif /* end of WASM_ENABLE_AOT != 0 */ + +static LONG +next_action(WASMModuleInstance *module_inst, EXCEPTION_POINTERS *exce_info) +{ +#if WASM_ENABLE_AOT != 0 + uint32 insn_size; +#endif + + if (module_inst->module_type == Wasm_Module_Bytecode + && module_inst->e->running_mode == Mode_Interp) { + /* Continue to search next exception handler for + interpreter mode as it can be caught by + `__try { .. } __except { .. }` sentences in + wasm_runtime.c */ + return EXCEPTION_CONTINUE_SEARCH; + } + +#if WASM_ENABLE_AOT != 0 + /* Skip current instruction and continue to run for AOT/JIT mode. + TODO: implement unwind support for AOT/JIT code in Windows platform */ + insn_size = decode_insn((uint8 *)exce_info->ContextRecord->Rip); + if (insn_size > 0) { + exce_info->ContextRecord->Rip += insn_size; + return EXCEPTION_CONTINUE_EXECUTION; + } +#endif + + /* return different value from EXCEPTION_CONTINUE_SEARCH (= 0) + and EXCEPTION_CONTINUE_EXECUTION (= -1) */ + return -2; +} + static LONG runtime_exception_handler(EXCEPTION_POINTERS *exce_info) { @@ -211,6 +294,7 @@ runtime_exception_handler(EXCEPTION_POINTERS *exce_info) uint8 *mapped_mem_start_addr = NULL; uint8 *mapped_mem_end_addr = NULL; uint32 page_size = os_getpagesize(); + LONG ret; if (exec_env_tls && exec_env_tls->handle == os_self_thread() && (jmpbuf_node = exec_env_tls->jmpbuf_stack_top)) { @@ -232,32 +316,19 @@ runtime_exception_handler(EXCEPTION_POINTERS *exce_info) the wasm func returns, the caller will check whether the exception is thrown and return to runtime. */ wasm_set_exception(module_inst, "out of bounds memory access"); - if (module_inst->module_type == Wasm_Module_Bytecode) { - /* Continue to search next exception handler for - interpreter mode as it can be caught by - `__try { .. } __except { .. }` sentences in - wasm_runtime.c */ - return EXCEPTION_CONTINUE_SEARCH; - } - else { - /* Skip current instruction and continue to run for - AOT mode. TODO: implement unwind support for AOT - code in Windows platform */ - exce_info->ContextRecord->Rip++; - return EXCEPTION_CONTINUE_EXECUTION; - } + ret = next_action(module_inst, exce_info); + if (ret == EXCEPTION_CONTINUE_SEARCH + || ret == EXCEPTION_CONTINUE_EXECUTION) + return ret; } else if (exec_env_tls->exce_check_guard_page <= (uint8 *)sig_addr && (uint8 *)sig_addr < exec_env_tls->exce_check_guard_page + page_size) { bh_assert(wasm_copy_exception(module_inst, NULL)); - if (module_inst->module_type == Wasm_Module_Bytecode) { - return EXCEPTION_CONTINUE_SEARCH; - } - else { - exce_info->ContextRecord->Rip++; - return EXCEPTION_CONTINUE_EXECUTION; - } + ret = next_action(module_inst, exce_info); + if (ret == EXCEPTION_CONTINUE_SEARCH + || ret == EXCEPTION_CONTINUE_EXECUTION) + return ret; } } #if WASM_DISABLE_STACK_HW_BOUND_CHECK == 0 @@ -267,12 +338,10 @@ runtime_exception_handler(EXCEPTION_POINTERS *exce_info) whether the exception is thrown and return to runtime, and the damaged stack will be recovered by _resetstkoflw(). */ wasm_set_exception(module_inst, "native stack overflow"); - if (module_inst->module_type == Wasm_Module_Bytecode) { - return EXCEPTION_CONTINUE_SEARCH; - } - else { - return EXCEPTION_CONTINUE_EXECUTION; - } + ret = next_action(module_inst, exce_info); + if (ret == EXCEPTION_CONTINUE_SEARCH + || ret == EXCEPTION_CONTINUE_EXECUTION) + return ret; } #endif } diff --git a/core/iwasm/compilation/aot_emit_function.c b/core/iwasm/compilation/aot_emit_function.c index aa837a3c..413f4769 100644 --- a/core/iwasm/compilation/aot_emit_function.c +++ b/core/iwasm/compilation/aot_emit_function.c @@ -18,6 +18,17 @@ } \ } while (0) +static bool +is_win_platform(AOTCompContext *comp_ctx) +{ + char *triple = LLVMGetTargetMachineTriple(comp_ctx->target_machine); + + bh_assert(trip); + if (strstr(triple, "win32") || strstr(triple, "win")) + return true; + return false; +} + static bool create_func_return_block(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx) { @@ -458,7 +469,7 @@ check_app_addr_and_convert(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx, } /* Check whether exception was thrown when executing the function */ - if (comp_ctx->enable_bound_check + if ((comp_ctx->enable_bound_check || is_win_platform(comp_ctx)) && !check_call_return(comp_ctx, func_ctx, res)) { return false; } @@ -696,7 +707,7 @@ aot_compile_op_call(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx, goto fail; /* Check whether there was exception thrown when executing the function */ - if (comp_ctx->enable_bound_check + if ((comp_ctx->enable_bound_check || is_win_platform(comp_ctx)) && !check_call_return(comp_ctx, func_ctx, res)) goto fail; } @@ -849,7 +860,8 @@ aot_compile_op_call(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx, /* Check whether there was exception thrown when executing the function */ - if (!tail_call && comp_ctx->enable_bound_check + if (!tail_call + && (comp_ctx->enable_bound_check || is_win_platform(comp_ctx)) && !check_exception_thrown(comp_ctx, func_ctx)) goto fail; } @@ -1431,7 +1443,7 @@ aot_compile_op_call_indirect(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx, goto fail; /* Check whether exception was thrown when executing the function */ - if (comp_ctx->enable_bound_check + if ((comp_ctx->enable_bound_check || is_win_platform(comp_ctx)) && !check_call_return(comp_ctx, func_ctx, res)) goto fail; @@ -1483,7 +1495,7 @@ aot_compile_op_call_indirect(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx, } /* Check whether exception was thrown when executing the function */ - if (comp_ctx->enable_bound_check + if ((comp_ctx->enable_bound_check || is_win_platform(comp_ctx)) && !check_exception_thrown(comp_ctx, func_ctx)) goto fail;