Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(765)

Unified Diff: sandbox/linux/seccomp-bpf/codegen.h

Issue 732423002: Update from chromium https://crrev.com/304586 (Closed) Base URL: https://github.com/domokit/mojo.git@master
Patch Set: Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « sandbox/linux/bpf_dsl/policy_compiler.cc ('k') | sandbox/linux/seccomp-bpf/codegen.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: sandbox/linux/seccomp-bpf/codegen.h
diff --git a/sandbox/linux/seccomp-bpf/codegen.h b/sandbox/linux/seccomp-bpf/codegen.h
index 671b09e4264d3db8ba5a5fdec61d58b0d7b25aca..fd229f7b8e2ad5f823dd86ffd474b5f143276b07 100644
--- a/sandbox/linux/seccomp-bpf/codegen.h
+++ b/sandbox/linux/seccomp-bpf/codegen.h
@@ -24,17 +24,18 @@ typedef std::map<const Instruction*, int> BranchTargets;
typedef std::map<const Instruction*, BasicBlock*> TargetsToBlocks;
typedef std::map<const BasicBlock*, int> IncomingBranches;
-// The code generator instantiates a basic compiler that can convert a
-// graph of BPF instructions into a well-formed stream of BPF instructions.
-// Most notably, it ensures that jumps are always forward and don't exceed
-// the limit of 255 instructions imposed by the instruction set.
+// The code generator implements a basic assembler that can convert a
+// graph of BPF instructions into a well-formed array of BPF
+// instructions. Most notably, it ensures that jumps are always
+// forward and don't exceed the limit of 255 instructions imposed by
+// the instruction set.
//
-// Callers would typically create a new CodeGen object and then use it to
-// build a DAG of Instructions. They'll eventually call Compile() to convert
-// this DAG to a Program.
+// Callers would typically create a new CodeGen object and then use it
+// to build a DAG of instruction nodes. They'll eventually call
+// Compile() to convert this DAG to a Program.
//
// CodeGen gen;
-// Instruction *allow, *branch, *dag;
+// CodeGen::Node allow, branch, dag;
//
// allow =
// gen.MakeInstruction(BPF_RET+BPF_K,
@@ -60,25 +61,32 @@ class SANDBOX_EXPORT CodeGen {
// program in the kernel.
typedef std::vector<struct sock_filter> Program;
+ // Node represents a node within the instruction DAG being compiled.
+ // Nodes are owned by the CodeGen object and need not be explicitly
+ // deleted.
+ using Node = Instruction*;
+
+ // kNullNode represents the "null" node; i.e., the reserved node
+ // value guaranteed to not equal any actual nodes.
+ static const Node kNullNode;
+
CodeGen();
~CodeGen();
- // Create a new instruction. Instructions form a DAG. The instruction objects
- // are owned by the CodeGen object. They do not need to be explicitly
- // deleted.
- // For details on the possible parameters refer to <linux/filter.h>
- Instruction* MakeInstruction(uint16_t code,
- uint32_t k,
- Instruction* next = nullptr);
- Instruction* MakeInstruction(uint16_t code,
- uint32_t k,
- Instruction* jt,
- Instruction* jf);
-
- // Compiles the graph of instructions into a BPF program that can be passed
- // to the kernel. Please note that this function modifies the graph in place
- // and must therefore only be called once per graph.
- void Compile(Instruction* instructions, Program* program);
+ // MakeInstruction creates a node representing the specified
+ // instruction. For details on the possible parameters refer to
+ // https://www.kernel.org/doc/Documentation/networking/filter.txt.
+ // TODO(mdempsky): Reconsider using default arguments here.
+ Node MakeInstruction(uint16_t code,
+ uint32_t k,
+ Node jt = kNullNode,
+ Node jf = kNullNode);
+
+ // Compile linearizes the instruction DAG into a BPF program that
+ // can be executed by a BPF virtual machine. Please note that this
+ // function modifies the graph in place and must therefore only be
+ // called once per graph.
+ void Compile(Node head, Program* program);
private:
friend class CodeGenUnittestHelper;
« no previous file with comments | « sandbox/linux/bpf_dsl/policy_compiler.cc ('k') | sandbox/linux/seccomp-bpf/codegen.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698