Architecture 7.13 check integrity utility

1

Dear Microej,

I just updated the new release of the architecture ( version 7.13 ) and I have one question regarding a new debug function which has been added :
LLMJVM_checkIntegrity.

I don’t clearly understand the documentation when it refers to the check of internal structure integrity of the JVM. Does it mean that the call to the native function could, for example, modify a JVM memory block, which is not allowed ?

Also, the documentation points out that returning a non-zero checksum does not mean the MicroJvm virtual machine data has not been corrupted, so what’s the level of confidence that we should have in this utility ?

thank you,

Jean-Baptiste

2

Hi Jean Baptiste,

By internal structures, we mean MicroEJ Core Engine structures mapped to Read-Write (RW) sections.

See the detailed list at https://docs.microej.com/en/latest/PlatformDeveloperGuide/coreEngine.html#link.

These sections can be protected against writing from tasks other than the VM task by configuring appropriate MPU rules.

However, a native function, which is called by the VM task, can easily modify an internal structure if it is not written with care.
The most common case is a native function that has to fill a Java array given as argument:
if the some data is wrote out of the memory bounds of the array,
the consecutive objects in the Java heap can be modified and MicroEJ Core Engine will crash later.

The LLMJVM_checkIntegrity() function helps to detect that an internal structure have been corrupted or modified (it cannot detect all the corruption cases).
When walking into these structures, a checksum is also computed with the loaded data.
It is then possible to detect that structures have changed between 2 calls,
which indicate that the code between the 2 calls has corrupted the memory.

Here is the example described in the API documentation:

void Java_com_mycompany_MyClass_myNativeFunction(void) {
    int32_t crcBefore = LLMJVM_checkIntegrity();
    myNativeFunctionDo();
    int32_t crcAfter = LLMJVM_checkIntegrity();
    if(crcBefore != crcAfter){
        // Corrupted MicroJVM virtual machine internal structures
        while(1);
    }
}

If reaching the infinite loop, the call to myNativeFunctionDo() has modified the internal structures which is considered as a corruption.
Obviously, the user data (for example the content of an array) is not taken account by the checksum computation.

–Frédéric

1 Like