Limit the call stack size for native/builtin functions as well (#2935)

VM_RECURSION_LIMIT only prevented the recursion of interpreted codeblocks but native/builtin function calls can also create stack overflow due to the too deep recursion. This patch fixes #2905. Co-authored-by: Gabor Loki loki@inf.u-szeged.hu JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu
2019-07-05 12:21:48 +02:00
parent 8766bb3b37
commit e902b870aa
10 changed files with 100 additions and 54 deletions
@@ -40,7 +40,7 @@ set(FEATURE_VALGRIND                OFF     CACHE BOOL   "Enable Valgrind suppor
 set(FEATURE_VM_EXEC_STOP            OFF     CACHE BOOL   "Enable VM execution stopping?")
 set(JERRY_GLOBAL_HEAP_SIZE          "512"   CACHE STRING "Size of memory heap, in kilobytes")
 set(JERRY_REGEXP_RECURSION_LIMIT    "0"     CACHE STRING "Limit of regexp recursion depth")
-set(JERRY_VM_RECURSION_LIMIT        "0"     CACHE STRING "Limit of VM recursion depth")
+set(JERRY_CALL_STACK_LIMIT          "0"     CACHE STRING "Limit of function call recursion depth")

 # Option overrides
 if(USING_MSVC)
@@ -103,7 +103,7 @@ message(STATUS "FEATURE_VALGRIND             " ${FEATURE_VALGRIND})
 message(STATUS "FEATURE_VM_EXEC_STOP         " ${FEATURE_VM_EXEC_STOP})
 message(STATUS "JERRY_GLOBAL_HEAP_SIZE       " ${JERRY_GLOBAL_HEAP_SIZE})
 message(STATUS "JERRY_REGEXP_RECURSION_LIMIT " ${JERRY_REGEXP_RECURSION_LIMIT})
-message(STATUS "JERRY_VM_RECURSION_LIMIT     " ${JERRY_VM_RECURSION_LIMIT})
+message(STATUS "JERRY_CALL_STACK_LIMIT       " ${JERRY_CALL_STACK_LIMIT})

 # Include directories
 set(INCLUDE_CORE_PUBLIC "${CMAKE_CURRENT_SOURCE_DIR}/include")
@@ -293,9 +293,9 @@ if(JERRY_REGEXP_RECURSION_LIMIT)
  set(DEFINES_JERRY ${DEFINES_JERRY} JERRY_REGEXP_RECURSION_LIMIT=${JERRY_REGEXP_RECURSION_LIMIT})
 endif()

-# VM recursion depth limit
-if(JERRY_VM_RECURSION_LIMIT)
-  set(DEFINES_JERRY ${DEFINES_JERRY} JERRY_VM_RECURSION_LIMIT=${JERRY_VM_RECURSION_LIMIT})
+# Function call recursion depth limit
+if(JERRY_CALL_STACK_LIMIT)
+  set(DEFINES_JERRY ${DEFINES_JERRY} JERRY_CALL_STACK_LIMIT=${JERRY_CALL_STACK_LIMIT})
 endif()

 # RegExp byte-code dumps
@@ -436,7 +436,7 @@
 #endif /* !defined (JERRY_VM_EXEC_STOP) */

 /**
- * Set the VM execution recursion limit.
+ * Set the function call recursion limit.
 *
 * Allowed values:
 *  0: Disable recursion limit check.
@@ -447,9 +447,9 @@
 *
 * Default value: 0
 */
-#ifndef JERRY_VM_RECURSION_LIMIT
-# define JERRY_VM_RECURSION_LIMIT 0
-#endif /* !defined (JERRY_VM_RECURSION_LIMIT) */
+#ifndef JERRY_CALL_STACK_LIMIT
+# define JERRY_CALL_STACK_LIMIT 0
+#endif /* !defined (JERRY_CALL_STACK_LIMIT) */


 /**
@@ -44,9 +44,9 @@ ecma_init (void)
  JERRY_CONTEXT (status_flags) &= (uint32_t) ~ECMA_STATUS_HIGH_SEV_GC;
 #endif /* ENABLED (JERRY_PROPRETY_HASHMAP) */

-#if defined (JERRY_VM_RECURSION_LIMIT) && (JERRY_VM_RECURSION_LIMIT != 0)
-  JERRY_CONTEXT (vm_recursion_counter) = JERRY_VM_RECURSION_LIMIT;
-#endif /* defined (JERRY_VM_RECURSION_LIMIT) && (JERRY_VM_RECURSION_LIMIT != 0) */
+#if defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0)
+  JERRY_CONTEXT (function_call_counter) = JERRY_CALL_STACK_LIMIT;
+#endif /* defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0) */

 #if ENABLED (JERRY_ES2015_BUILTIN_PROMISE)
  ecma_job_queue_init ();
@@ -705,6 +705,17 @@ ecma_op_function_call (ecma_object_t *func_obj_p, /**< Function object */
                || ecma_get_object_type (func_obj_p) == ECMA_OBJECT_TYPE_BOUND_FUNCTION
                || !ecma_op_function_has_construct_flag (arguments_list_p));

+#if defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0)
+  if (JERRY_UNLIKELY (JERRY_CONTEXT (function_call_counter) == 0))
+  {
+    return ecma_raise_range_error (ECMA_ERR_MSG ("Maximum call stack size is exceeded."));
+  }
+  else
+  {
+    JERRY_CONTEXT (function_call_counter)--;
+  }
+#endif /* defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0) */
+
  switch (ecma_get_object_type (func_obj_p))
  {
    case ECMA_OBJECT_TYPE_FUNCTION:
@@ -713,10 +724,16 @@ ecma_op_function_call (ecma_object_t *func_obj_p, /**< Function object */
      {
        JERRY_ASSERT (!ecma_op_function_has_construct_flag (arguments_list_p));

-        return ecma_builtin_dispatch_call (func_obj_p,
-                                           this_arg_value,
-                                           arguments_list_p,
-                                           arguments_list_len);
+        ecma_value_t ret_value = ecma_builtin_dispatch_call (func_obj_p,
+                                                             this_arg_value,
+                                                             arguments_list_p,
+                                                             arguments_list_len);
+
+#if defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0)
+        JERRY_CONTEXT (function_call_counter)++;
+#endif /* defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0) */
+
+        return ret_value;
      }

      /* Entering Function Code (ECMA-262 v5, 10.4.3) */
@@ -806,6 +823,10 @@ ecma_op_function_call (ecma_object_t *func_obj_p, /**< Function object */
        ecma_free_value (this_binding);
      }

+#if defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0)
+      JERRY_CONTEXT (function_call_counter)++;
+#endif /* defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0) */
+
      return ret_value;
    }
    case ECMA_OBJECT_TYPE_EXTERNAL_FUNCTION:
@@ -816,6 +837,9 @@ ecma_op_function_call (ecma_object_t *func_obj_p, /**< Function object */
                                                                      this_arg_value,
                                                                      arguments_list_p,
                                                                      arguments_list_len);
+#if defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0)
+      JERRY_CONTEXT (function_call_counter)++;
+#endif /* defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0) */

      if (JERRY_UNLIKELY (ecma_is_value_error_reference (ret_value)))
      {
@@ -864,6 +888,10 @@ ecma_op_function_call (ecma_object_t *func_obj_p, /**< Function object */
        ecma_deref_object (local_env_p);
      }

+#if defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0)
+      JERRY_CONTEXT (function_call_counter)++;
+#endif /* defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0) */
+
      return ret_value;
    }
 #endif /* ENABLED (JERRY_ES2015_ARROW_FUNCTION) */
@@ -874,6 +902,10 @@ ecma_op_function_call (ecma_object_t *func_obj_p, /**< Function object */
    }
  }

+#if defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0)
+  JERRY_CONTEXT (function_call_counter)++;
+#endif /* defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0) */
+
  JERRY_CONTEXT (status_flags) &= (uint32_t) ~ECMA_STATUS_DIRECT_EVAL;

  ecma_extended_object_t *ext_function_p;
@@ -170,9 +170,9 @@ struct jerry_context_t
                                                 *   ECMAScript execution should be stopped */
 #endif /* ENABLED (JERRY_VM_EXEC_STOP) */

-#if defined (JERRY_VM_RECURSION_LIMIT) && (JERRY_VM_RECURSION_LIMIT != 0)
-  uint32_t vm_recursion_counter;  /**< VM recursion counter */
-#endif /* defined (JERRY_VM_RECURSION_LIMIT) && (JERRY_VM_RECURSION_LIMIT != 0) */
+#if defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0)
+  uint32_t function_call_counter;  /**< Function call recursion counter */
+#endif /* defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0) */

 #if ENABLED (JERRY_DEBUGGER)
  uint8_t debugger_send_buffer[JERRY_DEBUGGER_TRANSPORT_MAX_BUFFER_SIZE]; /**< buffer for sending messages */
@@ -46,9 +46,9 @@
 /*
 * Check VM recursion depth limit
 */
-#if defined (JERRY_VM_RECURSION_LIMIT) && (JERRY_VM_RECURSION_LIMIT != 0)
-JERRY_STATIC_ASSERT (JERRY_VM_RECURSION_LIMIT > 0, vm_recursion_limit_must_be_greater_than_zero);
-#endif /* defined (JERRY_VM_RECURSION_LIMIT) && (JERRY_VM_RECURSION_LIMIT != 0) */
+#if defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0)
+JERRY_STATIC_ASSERT (JERRY_CALL_STACK_LIMIT > 0, function_call_recursion_limit_must_be_greater_than_zero);
+#endif /* defined (JERRY_CALL_STACK_LIMIT) && (JERRY_CALL_STACK_LIMIT != 0) */

 /**
 * Get the value of object[property].
@@ -3605,10 +3605,6 @@ vm_execute (vm_frame_ctx_t *frame_ctx_p, /**< frame context */
        }
 #endif /* ENABLED (JERRY_DEBUGGER) */

-#if defined (JERRY_VM_RECURSION_LIMIT) && (JERRY_VM_RECURSION_LIMIT != 0)
-        JERRY_CONTEXT (vm_recursion_counter)++;
-#endif /* defined (JERRY_VM_RECURSION_LIMIT) && (JERRY_VM_RECURSION_LIMIT != 0) */
-
        JERRY_CONTEXT (vm_top_context_p) = prev_context_p;
        return completion_value;
      }
@@ -3629,17 +3625,6 @@ vm_run (const ecma_compiled_code_t *bytecode_header_p, /**< byte-code data heade
        const ecma_value_t *arg_list_p, /**< arguments list */
        ecma_length_t arg_list_len) /**< length of arguments list */
 {
-#if defined (JERRY_VM_RECURSION_LIMIT) && (JERRY_VM_RECURSION_LIMIT != 0)
-  if (JERRY_UNLIKELY (JERRY_CONTEXT (vm_recursion_counter) == 0))
-  {
-    return ecma_raise_range_error (ECMA_ERR_MSG ("VM recursion limit is exceeded."));
-  }
-  else
-  {
-    JERRY_CONTEXT (vm_recursion_counter)--;
-  }
-#endif /* defined (JERRY_VM_RECURSION_LIMIT) && (JERRY_VM_RECURSION_LIMIT != 0) */
-
  ecma_value_t *literal_p;
  vm_frame_ctx_t frame_ctx;
  uint32_t call_stack_size;