src/codegen-ia32.cc - Issue 15037: Experimental: use the Result class to manage the lifetime of registers...

Side by Side Diff: src/codegen-ia32.cc

Issue 15037: Experimental: use the Result class to manage the lifetime of registers... (Closed) Base URL: http://v8.googlecode.com/svn/branches/experimental/toiger/

Patch Set: '' Created 12 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2006-2008 the V8 project authors. All rights reserved.	1 // Copyright 2006-2008 the V8 project authors. All rights reserved.

2 // Redistribution and use in source and binary forms, with or without	2 // Redistribution and use in source and binary forms, with or without

3 // modification, are permitted provided that the following conditions are	3 // modification, are permitted provided that the following conditions are

4 // met:	4 // met:

5 //	5 //

6 // * Redistributions of source code must retain the above copyright	6 // * Redistributions of source code must retain the above copyright

7 // notice, this list of conditions and the following disclaimer.	7 // notice, this list of conditions and the following disclaimer.

8 // * Redistributions in binary form must reproduce the above	8 // * Redistributions in binary form must reproduce the above

9 // copyright notice, this list of conditions and the following	9 // copyright notice, this list of conditions and the following

10 // disclaimer in the documentation and/or other materials provided	10 // disclaimer in the documentation and/or other materials provided

(...skipping 2646 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2657 ref.GetValue(typeof_state());	2657 ref.GetValue(typeof_state());

2658 }	2658 }

2659 }	2659 }

2660	2660

2661	2661

2662 void CodeGenerator::VisitLiteral(Literal* node) {	2662 void CodeGenerator::VisitLiteral(Literal* node) {

2663 Comment cmnt(masm_, "[ Literal");	2663 Comment cmnt(masm_, "[ Literal");

2664 if (node->handle()->IsSmi() && !IsInlineSmi(node)) {	2664 if (node->handle()->IsSmi() && !IsInlineSmi(node)) {

2665 // To prevent long attacker-controlled byte sequences in code, larger	2665 // To prevent long attacker-controlled byte sequences in code, larger

2666 // Smis are loaded in two steps via a temporary register.	2666 // Smis are loaded in two steps via a temporary register.

2667 Register temp = allocator_->Allocate();	2667 Result temp = allocator_->Allocate();

	2668 ASSERT(temp.is_valid());

2668 int bits = reinterpret_cast<int>(*node->handle());	2669 int bits = reinterpret_cast<int>(*node->handle());

2669 ASSERT(!temp.is(no_reg));	2670 __ mov(temp.reg(), bits & 0x0000FFFF);

2670 __ mov(temp, bits & 0x0000FFFF);	2671 __ xor_(temp.reg(), bits & 0xFFFF0000);

2671 __ xor_(temp, bits & 0xFFFF0000);	2672 frame_->Push(&temp);
	William Hesse 2008/12/19 08:41:03 I thought this was in the assembler's Set() functi I thought this was in the assembler's Set() function. Once we have constant folding, the attacker can put a 32-bit SMI in the code by x = bad_word - 1 + 1. Can this be put in Set() instead? Kevin Millikin (Chromium) 2008/12/19 08:48:11 Possibly, but there's probably a better way. Idea Show quoted text On 2008/12/19 08:41:03, William Hesse wrote: > I thought this was in the assembler's Set() function. Once we have constant > folding, the attacker can put a 32-bit SMI in the code by x = bad_word - 1 + 1. > Can this be put in Set() instead? Possibly, but there's probably a better way. Ideally (once we have constant folding :)) we will just track whether values are "contaminated" by originating with source literals. MacroAssembler::Set is too low-level for that. It doesn't have any idea about where the operand originated, and it's too late to figure it out by the time it's called.
2672 frame_->Push(temp);

2673 allocator_->Unuse(temp);

2674 } else {	2673 } else {

2675 frame_->Push(node->handle());	2674 frame_->Push(node->handle());

2676 }	2675 }

2677 }	2676 }

2678	2677

2679	2678

2680 class RegExpDeferred: public DeferredCode {	2679 class RegExpDeferred: public DeferredCode {

2681 public:	2680 public:

2682 RegExpDeferred(CodeGenerator* generator, RegExpLiteral* node)	2681 RegExpDeferred(CodeGenerator* generator, RegExpLiteral* node)

2683 : DeferredCode(generator), node_(node) {	2682 : DeferredCode(generator), node_(node) {

(...skipping 2980 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
5664	5663

5665 // Slow-case: Go through the JavaScript implementation.	5664 // Slow-case: Go through the JavaScript implementation.

5666 __ bind(&slow);	5665 __ bind(&slow);

5667 __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION);	5666 __ InvokeBuiltin(Builtins::INSTANCE_OF, JUMP_FUNCTION);

5668 }	5667 }

5669	5668

5670	5669

5671 #undef __	5670 #undef __

5672	5671

5673 } } // namespace v8::internal	5672 } } // namespace v8::internal

OLD	NEW

« no previous file with comments | « no previous file | src/register-allocator-ia32.h » ('j') | src/register-allocator-ia32.h » ('J')