kit

macos.c (7264B)

---

 /* macOS-specific env bits: mach_vm_remap dual-mapped exec memory,
  * sys_icache_invalidate for the dbg flush path, st_mtimespec mtime,
  * dlsym leading-underscore handling, host_target OS=MACOS/OBJ=MACHO.
  *
  * Compiled only on Darwin; the Makefile selects this file via
  * HOST_UNAME=Darwin. No #ifdef inside.
  */
 
 #include <dlfcn.h>
 #include <libkern/OSCacheControl.h>
 #include <mach-o/dyld.h>
 #include <mach/mach.h>
 #include <mach/mach_vm.h>
 #include <mach/vm_map.h>
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
 
 #include "env_posix.h"
 
 /* ---------------- dual-mapped exec memory ---------------- */
 /* mach_vm_remap creates a second VA pointing at the same physical memory.
  * The write alias is RW; the runtime alias is left at PROT_READ until
  * protect() flips it to PROT_READ|PROT_EXEC. No MAP_JIT, no per-thread
  * mode bit, no entitlement coupling for unsigned dev binaries (signed
  * hardened-runtime binaries need com.apple.security.cs.allow-unsigned-
  * executable-memory). */
 KitStatus os_execmem_reserve_exec(size_t size, KitExecMemRegion* out) {
   void* w;
   mach_vm_address_t r_addr = 0;
   vm_prot_t cur = 0, max = 0;
   kern_return_t kr;
   ExecMemToken* tok;
 
   w = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
   if (w == MAP_FAILED) return KIT_NOMEM;
 
   /* copy=FALSE: the new VA shares the same physical pages.
    * VM_INHERIT_NONE: child processes don't observe the executable alias. */
   kr = mach_vm_remap(mach_task_self(), &r_addr, (mach_vm_size_t)size,
                      /*mask=*/0, VM_FLAGS_ANYWHERE, mach_task_self(),
                      (mach_vm_address_t)(uintptr_t)w,
                      /*copy=*/FALSE, &cur, &max, VM_INHERIT_NONE);
   if (kr != KERN_SUCCESS) {
     munmap(w, size);
     return KIT_ERR;
   }
 
   /* Drop the runtime alias to PROT_READ until protect() flips it. No
    * window of writable+executable: write alias has W (no X), runtime
    * alias has R only (no W, no X yet). */
   if (mprotect((void*)(uintptr_t)r_addr, size, PROT_READ) != 0) {
     munmap((void*)(uintptr_t)r_addr, size);
     munmap(w, size);
     return KIT_ERR;
   }
 
   tok = (ExecMemToken*)malloc(sizeof(*tok));
   if (!tok) {
     munmap((void*)(uintptr_t)r_addr, size);
     munmap(w, size);
     return KIT_NOMEM;
   }
   tok->write_addr = w;
   tok->runtime_addr = (void*)(uintptr_t)r_addr;
   tok->size = size;
 
   exec_dual_register(w, (void*)(uintptr_t)r_addr, size);
 
   out->write = w;
   out->runtime = (void*)(uintptr_t)r_addr;
   out->size = size;
   out->token = tok;
   return KIT_OK;
 }
 
 /* ---------------- dbg W^X dance ---------------- */
 /* Dual-mapped reservation: the write alias is a separate VA already RW.
  * Translate via the registry; no protect flip required, so end is no-op. */
 KitStatus os_dbg_code_write_begin(void* user, void* runtime_addr, size_t n,
                                   void** write_out) {
   (void)user;
   if (!runtime_addr || !n || !write_out) return KIT_INVALID;
   return exec_dual_lookup(runtime_addr, n, write_out) == 0 ? KIT_OK : KIT_ERR;
 }
 
 void os_dbg_code_write_end(void* user, void* runtime_addr, size_t n) {
   (void)user;
   (void)runtime_addr;
   (void)n;
 }
 
 /* sys_icache_invalidate is the documented Apple primitive on aarch64 and
  * is a no-op on x86_64 (correctly modeling that x86 fetches are coherent
  * with stores). Use it across arches for symmetry. */
 void os_dbg_flush_icache(void* user, void* runtime_addr, size_t n) {
   (void)user;
   sys_icache_invalidate(runtime_addr, n);
 }
 
 /* ---------------- st_mtim/mtimespec ---------------- */
 
 int os_stat_mtime_ns(const struct stat* sb, int64_t* out) {
   *out = (int64_t)sb->st_mtimespec.tv_sec * 1000000000LL +
          (int64_t)sb->st_mtimespec.tv_nsec;
   return 0;
 }
 
 /* ---------------- dlsym name mangling ---------------- */
 /* On Mach-O the linker hands us C names with a leading underscore
  * (obj_format_c_mangle), but dlsym(RTLD_DEFAULT) expects the source-level
  * name. Try the stripped form first to avoid a wasted dlsym call per
  * libc symbol. */
 void* os_dlsym(const char* name) {
   void* p;
   if (name[0] == '_' && name[1] != '\0') {
     p = dlsym(RTLD_DEFAULT, name + 1);
     if (p) return p;
   }
   return dlsym(RTLD_DEFAULT, name);
 }
 
 /* ---------------- host_target os/obj ---------------- */
 
 void os_host_target_fill(KitTargetSpec* t) {
   t->os = KIT_OS_MACOS;
   t->obj = KIT_OBJ_MACHO;
 }
 
 /* ---------------- self executable path ---------------- */
 /* _NSGetExecutablePath yields the path as invoked (may contain symlinks or
  * `..`); realpath canonicalizes it to a stable absolute path so installed
  * links keep resolving regardless of how kit was launched. */
 int driver_self_exe_path(DriverEnv* env, char** out, size_t* out_size) {
   char stackbuf[1024];
   char* nsbuf = stackbuf;
   uint32_t cap = (uint32_t)sizeof stackbuf;
   size_t heap_cap = 0;
   char* resolved;
   size_t size;
 
   if (!env || !out || !out_size) return 1;
   if (_NSGetExecutablePath(nsbuf, &cap) != 0) {
     /* cap was set to the required size; allocate and retry once. */
     heap_cap = cap;
     nsbuf = (char*)driver_alloc(env, heap_cap);
     if (!nsbuf) return 1;
     if (_NSGetExecutablePath(nsbuf, &cap) != 0) {
       driver_free(env, nsbuf, heap_cap);
       return 1;
     }
   }
   resolved = realpath(nsbuf, NULL); /* malloc'd; caller frees with free() */
   if (heap_cap) driver_free(env, nsbuf, heap_cap);
   if (!resolved) return 1;
 
   size = driver_strlen(resolved) + 1u;
   *out = (char*)driver_alloc(env, size);
   if (!*out) {
     free(resolved);
     return 1;
   }
   driver_memcpy(*out, resolved, size);
   *out_size = size;
   free(resolved);
   return 0;
 }
 
 /* ---------------- default hosted dirs probe ---------------- */
 /* With no --sysroot or KIT_SYSROOT, locate the macOS SDK by stat'ing the
  * canonical Command Line Tools and Xcode.app SDK roots -- the same locations
  * `xcrun --show-sdk-path` reports, without a subprocess. Pure on-disk
  * discovery: the env-var override is KIT_SYSROOT, handled uniformly in
  * driver/lib/hosted.c. Only the macOS host target is probed; cross-targets get
  * nothing. The <sdk>/usr/{include,lib} mapping mirrors
  * hosted_dirs_from_sysroot's macOS case in driver/lib/hosted.c (layering
  * forbids calling into it from the env TU). */
 int driver_default_hosted_dirs(DriverEnv* env, KitTargetSpec target,
                                DriverHostedDirs* out) {
   static const char* const candidates[] = {
       "/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk",
       "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/"
       "Developer/SDKs/MacOSX.sdk",
   };
   const char* sdk = NULL;
   size_t i;
   (void)env;
   if (target.os != KIT_OS_MACOS) return 1;
   for (i = 0; i < sizeof(candidates) / sizeof(candidates[0]); ++i) {
     if (driver_path_exists(candidates[i])) {
       sdk = candidates[i];
       break;
     }
   }
   if (!sdk) return 1;
   /* The SDK is a single sysroot-shaped tree, so record it as the root (a static
    * literal -- stable for the process). -print-sysroot reports it. */
   out->root = sdk;
   if (driver_hosted_dirs_add_inc_join(out, sdk, "usr/include") != 0 ||
       driver_hosted_dirs_add_lib_join(out, sdk, "usr/lib") != 0)
     return 1;
   return out->nlibdirs ? 0 : 1;
 }