[Vm-dev] Cog will require changes to JIT on the next version of Mac

Clément Béra bera.clement at gmail.com
Wed Aug 14 11:33:28 UTC 2019


On Wed, Aug 14, 2019 at 8:22 AM Tobias Pape <Das.Linux at gmx.de> wrote:

>
> Hi
>
> > On 14.08.2019, at 04:29, Ryan Macnak <rmacnak at gmail.com> wrote:
> >
> > Cog will need to be signed with the JIT entitlement and to pass MAP_JIT
> when it allocates executable memory.
> >
> >
> https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_allow-jit
>
> Interesting.
>
> It seems the ideas of OpenBSD W^X finally reached Mac OS X [1], but in a
> different way.
>
> Other JITs handle that by
>  * mmap-ing the to-be-written code region R/W
>  * jitting to that region
>  * when done mprotect to remove the w and add the x
>
> Example: Firefox [2].
>

That is a significant change to Cog's JIT. On the top of my head:
1. When jitting, one would need to control per page the rights inside the
machine code zone and write each CogMethod within a page boundary with a
1-to-1 mapping CogMethod per page (likely memory overhead induced).
2. Inline cache logic (Mono, closedPIC and openPIC) should be changed not
to edit the instructions in the machine code zone but a RW structure
(likely execution time overhead induced), or to change page protection for
relinking (which is think is disallowed, once it is executable it cannot go
back to be W).
3. Machine code zone GC should be changed not to edit the machine code zone
to update literals but a RW located structure, which is particulary nasty
on back-ends where inlined literals are forced (x86_32) or to change page
protection for relinking  (which is think is disallowed, once it is
executable it cannot go back to be W).

I'd say MAP_JIT is the cheap option unless someone has budget to invest in
this change.


> I have no idea why Apple came up with MAP_JIT. If we used the above,
> maybe we don't need to be singend to at least run…
>
> Best regards
>         -Tobias
>
>
> [1]: https://en.wikipedia.org/wiki/W%5EX , https://www.openbsd.org/33.html
> [2]: https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/



-- 
Clément Béra
https://clementbera.github.io/
https://clementbera.wordpress.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20190814/17f788a2/attachment.html>


More information about the Vm-dev mailing list