Chromium Code Reviews Chromium Code Reviews
DescriptionSubzero: Add a flag to mock up bounds checking on unsafe references.
The idea is that, before each load or store operation, we add a couple of compares/branches against the load/store address, one for the lower bound and one for the upper bound. The conditional branches would be to an error throwing routine, and would never be taken in practice. The compares might be against an immediate or a global location. So a load of [reg] will mock-expand to this:
cmp reg, 0
je label
cmp reg, 1
je label
label:
mov xxx, [reg]
We also make address mode inference less aggressive, because for a load of e.g. [eax+4*ecx], we can't compare that address expression against anything in any instruction, so we would have to reconstruct the address and undo at least part of the address mode inference.
The bounds-check mock is added for loads, stores, and rmw operations (with an exclusion for stores to the stack for out-arg pushes). There are probably a small handful of other cases that are missing the bounds check, but if we add the transformation inside legalize(), which is the most obvious place, we may add extra bounds checks because sometimes legalize() is called twice on the same operand.
BUG= none
R=ascull@google.com
Committed: https://gerrit.chromium.org/gerrit/gitweb?p=native_client/pnacl-subzero.git;a=commit;h=ad2989b6e497f6237a3ae66ae3cfbcceaa99d4f5
Patch Set 1 #Patch Set 2 : Don't be super overaggressive with mock bounds checks #Patch Set 3 : Don't check bounds when pushing out-args for calls #Patch Set 4 : Fix comment #
Created: 5 years, 3 months ago
Messages
Total messages: 4 (1 generated)
|
|||||||||||||||||||||||||||||||||||||||||||
