src: perform integrity checks on built-in code cache (!22152) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/joyeecheung/hash-cache-check into master Aug 06, 2018

Currently V8 only checks that the length of the source code is the same as the code used to generate the hash, so we add an additional check here:

During compile time, when generating node_javascript.cc and node_code_cache.cc, we compute and include the hash of the (unwrapped) JavaScript source in both.
At runtime, we check that the hash of the code being compiled and the hash of the code used to generate the cache (inside the wrapper) is the same.

This is based on the assumptions:

internalBinding('code_cache_hash') must be in sync with internalBinding('code_cache') (same C++ file)
internalBinding('natives_hash') must be in sync with process.binding('natives') (same C++ file)
If internalBinding('natives_hash') is in sync with internalBinding('natives_hash'), then the (unwrapped) code used to generate internalBinding('code_cache') should be in sync with the (unwrapped) code in process.binding('natives')

There will be, however, false positives if the wrapper used to generate the cache is different from the one used at run time, and the length of the wrapper somehow stays the same. But that should be rare and can be eased once we make the two bootstrappers cached and checked as well.

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
documentation is changed or added
commit message follows commit guidelines

Admin message

Admin message

src: perform integrity checks on built-in code cache

Checklist

Merge request reports