| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * Copyright (c) 2012 The Native Client Authors. All rights reserved. | |
| 3 * Use of this source code is governed by a BSD-style license that can be | |
| 4 * found in the LICENSE file. | |
| 5 */ | |
| 6 | |
| 7 #ifndef NATIVE_CLIENT_SRC_TRUSTED_VALIDATOR_X86_NCVAL_REG_SFI_NC_JUMPS_H__ | |
| 8 #define NATIVE_CLIENT_SRC_TRUSTED_VALIDATOR_X86_NCVAL_REG_SFI_NC_JUMPS_H__ | |
| 9 | |
| 10 /* | |
| 11 * nc_jumps.h - Implements set of possible jump points, and set of | |
| 12 * actual jump points, and the verification that the possible | |
| 13 * (explicit) jumps only apply to valid actual jumps. | |
| 14 */ | |
| 15 | |
| 16 #include <stdio.h> | |
| 17 | |
| 18 #include "native_client/src/shared/utils/types.h" | |
| 19 #include "native_client/src/trusted/validator/x86/ncval_reg_sfi/address_sets.h" | |
| 20 | |
| 21 /* The model of a validator state. */ | |
| 22 struct NaClValidatorState; | |
| 23 | |
| 24 /* The model of an iterator through instructions in a code segment. */ | |
| 25 struct NaClInstIter; | |
| 26 | |
| 27 /* The model of a parsed instruction. */ | |
| 28 struct NaClInstState; | |
| 29 | |
| 30 /* Holds information collected about each instruction, and the | |
| 31 * targets of possible jumps. Then, after the code has been processed, | |
| 32 * this information is processed to see if there are any invalid jumps. | |
| 33 */ | |
| 34 typedef struct NaClJumpSets { | |
| 35 /* Holds the set of possible target addresses that can be the result of | |
| 36 * a jump. | |
| 37 */ | |
| 38 NaClAddressSet actual_targets; | |
| 39 /* Holds the set of valid instruction entry points (whenever a pattern of | |
| 40 * multiple instructions are used, the sequence will be treated as atomic, | |
| 41 * only having the first address in the set). | |
| 42 */ | |
| 43 NaClAddressSet possible_targets; | |
| 44 /* Removed targets, due to instruction being in the middle of an atomic | |
| 45 * sequence. Note: This is needed so that we can allow validators to | |
| 46 * run in any order. If we didn't do this, then we are very timing dependent | |
| 47 * on calls to NaClMarkInstructionJumpIllegal, which must appear after | |
| 48 * the call to NaClJumpValidator. | |
| 49 */ | |
| 50 NaClAddressSet removed_targets; | |
| 51 /* Holds the (array) size of each set above. */ | |
| 52 size_t set_array_size; | |
| 53 } NaClJumpSets; | |
| 54 | |
| 55 /* When true, changes the behaviour of NcAddJump to use mask 0xFF for | |
| 56 * indirect jumps (which is a nop). This allows performance tests for | |
| 57 * compiled libraries without having to hand tweak the source code. | |
| 58 */ | |
| 59 extern Bool NACL_FLAGS_identity_mask; | |
| 60 | |
| 61 /* Initializes jump sets to track the set of possible and actual (explicit) | |
| 62 * address. Returns true if successful. | |
| 63 */ | |
| 64 Bool NaClJumpValidatorInitialize(struct NaClValidatorState* state); | |
| 65 | |
| 66 /* Collects information on instruction addresses, and where explicit jumps | |
| 67 * go to. | |
| 68 */ | |
| 69 void NaClJumpValidator(struct NaClValidatorState* state); | |
| 70 | |
| 71 /* Don't record anything but the instruction address, in order to validate | |
| 72 * basic block alignment at the end of validation. | |
| 73 */ | |
| 74 void NaClJumpValidatorRememberIpOnly(struct NaClValidatorState* state); | |
| 75 | |
| 76 /* Compares the collected actual jumps and the set of possible jump points, | |
| 77 * and reports any descrepancies that don't follow NACL rules. | |
| 78 */ | |
| 79 void NaClJumpValidatorSummarize(struct NaClValidatorState* state); | |
| 80 | |
| 81 /* Cleans up memory used by the jump validator. */ | |
| 82 void NaClJumpValidatorCleanUp(struct NaClValidatorState* state); | |
| 83 | |
| 84 /* Record that the given instruction can't be a possible target of a jump, | |
| 85 * because it appears as the non-first | |
| 86 * instruciton in a NACL pattern. This should be called on all such non-first | |
| 87 * instructions (for NACL patterns) so that the instuction sequence is | |
| 88 * checked to be atomic. | |
| 89 */ | |
| 90 void NaClMarkInstructionJumpIllegal(struct NaClValidatorState* state, | |
| 91 struct NaClInstState* inst); | |
| 92 | |
| 93 /* Records that the given sequence of distance instructions (starting with the | |
| 94 * current instruction, and proceeding backwards) can't be a possible target | |
| 95 * of a jump, because they appear as the non-first instruction of a NACL | |
| 96 * pattern. | |
| 97 */ | |
| 98 void NaClMarkInstructionsJumpRangeIllegal(struct NaClValidatorState* vstate, | |
| 99 int distance); | |
| 100 | |
| 101 /* Same as NaClMarkInstructionJumpIllegal, except that it marks the | |
| 102 * n-th instruction back from the current instruction. | |
| 103 */ | |
| 104 void NaClMarkInstructionJumpIllegalLookback( | |
| 105 struct NaClInstIter* iter, | |
| 106 struct NaClValidatorState* state, | |
| 107 size_t n); | |
| 108 | |
| 109 #endif /* NATIVE_CLIENT_SRC_TRUSTED_VALIDATOR_X86_NCVAL_REG_SFI_NC_JUMPS_H__ */ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 625923004:
Delete old x86 validator. (Closed)
Base URL: svn://svn.chromium.org/native_client/trunk/src/native_client