Make validator require read sandboxing on ARM.

src/trusted/validator_arm/inst_classes.h

 /*
- * Copyright (c) 2011 The Native Client Authors.  All rights reserved.
+ * Copyright (c) 2011 The Native Client Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
 
 #ifndef NATIVE_CLIENT_SRC_TRUSTED_VALIDATOR_ARM_V2_INST_CLASSES_H
 #define NATIVE_CLIENT_SRC_TRUSTED_VALIDATOR_ARM_V2_INST_CLASSES_H
 
 #include <stdint.h>
 #include "native_client/src/trusted/validator_arm/model.h"
 #include "native_client/src/include/portability.h"
@@ skipping 99 matching lines @@
    * being used.
    *
    * Stubbed to return 'false', which is the common case.
    */
   virtual bool writes_memory(Instruction i) const {
     UNREFERENCED_PARAMETER(i);
     return false;
   }
 
   /*
-   * For instructions that can write memory, gets the register used as the base
-   * for generating the effective address.
+   * For instructions that can read or write memory, gets the register used as
+   * the base for generating the effective address.
    *
-   * The result is useful only for safe instructions where writes_memory() is
-   * true.  It is stubbed to return nonsense.
+   * It is stubbed to return nonsense.
    */
   virtual Register base_address_register(Instruction i) const {
     UNREFERENCED_PARAMETER(i);
     return kRegisterNone;
   }
 
   /*
+   * Checks whether the instruction computes its read or write address as
+   * base address + immediate.
+   *
+   * It is stubbed to return false.
+   */
+  virtual bool offset_is_immediate(Instruction i) const {
+    UNREFERENCED_PARAMETER(i);
+    return false;
+  }
+
+  /*
    * For indirect branch instructions, returns the register being moved into
    * r15.  Otherwise, reports kRegisterNone.
    *
    * Note that this exclusively describes instructions that write r15 from a
    * register, unmodified.  This means BX, BLX, and MOV without shift.  Not
    * even BIC, which we allow to write to r15, is modeled this way.
    */
   virtual Register branch_target_register(Instruction i) const {
     UNREFERENCED_PARAMETER(i);
     return kRegisterNone;
@@ skipping 408 matching lines @@
  * Loads using a register displacement, which may affect Rt (the destination)
  * and Rn (the base address, if writeback is used).
  *
  * Notice we do not care about the width of the loaded value, because it doesn't
  * affect addressing.
  */
 class LoadRegister : public AbstractLoad {
  public:
   virtual ~LoadRegister() {}
 
+  virtual SafetyLevel safety(Instruction i) const;
   virtual RegisterList defs(Instruction i) const;
+  virtual Register base_address_register(Instruction i) const;
 };
 
 /*
  * Loads using an immediate displacement, which may affect Rt (the destination)
  * and Rn (the base address, if writeback is used).
  *
  * Notice we do not care about the width of the loaded value, because it doesn't
  * affect addressing.
  */
 class LoadImmediate : public AbstractLoad {
  public:
   virtual ~LoadImmediate() {}
 
   virtual RegisterList immediate_addressing_defs(Instruction i) const;
+  virtual Register base_address_register(Instruction i) const;
+  virtual bool offset_is_immediate(Instruction i) const;
 };
 
 /*
  * Two-register immediate-offset load, which also writes Rt+1.
  */
 class LoadDoubleI : public LoadImmediate {
  public:
   virtual ~LoadDoubleI() {}
 
   virtual RegisterList defs(Instruction i) const;
+  virtual Register base_address_register(Instruction i) const;
+  virtual bool offset_is_immediate(Instruction i) const;
 };
 
 /*
  * Two-register register-offset load, which also writes Rt+1.
  */
 class LoadDoubleR : public LoadRegister {
  public:
   virtual ~LoadDoubleR() {}
 
+  virtual SafetyLevel safety(Instruction i) const;
   virtual RegisterList defs(Instruction i) const;
+  virtual Register base_address_register(Instruction i) const;
 };
 
 /*
  * LDREX and friends, where writeback is unavailable.
  */
 class LoadExclusive : public AbstractLoad {
  public:
   virtual ~LoadExclusive() {}
+  virtual Register base_address_register(Instruction i) const;
 };
 
 /*
  * LDREXD, which also writes Rt+1.
  */
 class LoadDoubleExclusive : public LoadExclusive {
  public:
   virtual ~LoadDoubleExclusive() {}
 
   virtual RegisterList defs(Instruction i) const;
+  virtual Register base_address_register(Instruction i) const;
 };
 
 /*
  * And, finally, the oddest class of loads: LDM.  In addition to the base
  * register, this may write every other register, subject to a bitmask.
  */
 class LoadMultiple : public ClassDecoder {
  public:
   virtual ~LoadMultiple() {}
 
   virtual SafetyLevel safety(Instruction i) const;
   virtual RegisterList defs(Instruction i) const;
   virtual RegisterList immediate_addressing_defs(Instruction i) const;
+  virtual Register base_address_register(Instruction i) const;
 };
 
 /*
  * A load to a vector register.  Like LoadCoprocessor below, the only visible
  * side effect is from writeback.
  */
 class VectorLoad : public ClassDecoder {
  public:
   virtual ~VectorLoad() {}
 
   virtual SafetyLevel safety(Instruction i) const;
   virtual RegisterList defs(Instruction i) const;
   virtual RegisterList immediate_addressing_defs(Instruction i) const;
+  virtual Register base_address_register(Instruction i) const;
 };
 
 /*
  * A store from a vector register.
  */
 class VectorStore : public ClassDecoder {
  public:
   virtual ~VectorStore() {}
 
   virtual SafetyLevel safety(Instruction i) const;
@@ skipping 113 matching lines @@
   virtual bool is_relative_branch(Instruction i) const {
     UNREFERENCED_PARAMETER(i);
     return true;
   }
   virtual int32_t branch_target_offset(Instruction i) const;
 };
 
 }  // namespace
 
 #endif  // NATIVE_CLIENT_SRC_TRUSTED_VALIDATOR_ARM_V2_INST_CLASSES_H