Reviewers: Mads Ager, Søren Gjesse, iposva,
Message:
This switches out the existing constant splitting with masking that works
like
this:
1. Generate a random 32-bit value at compilation time.
2. XOR the 32-bit constant with the random value.
3. Emit the resulting immediate value along with the XOR operation to
generate
the original value.
Description:
This switches out the existing constant splitting with masking that works
like
this:
1. Generate a random 32-bit value at compilation time.
2. XOR the 32-bit constant with the random value.
3. Emit the resulting immediate value along with the XOR operation to
generate
the original value.
BUG=http://code.google.com/p/v8/issues/detail?id=908
Please review this at http://codereview.chromium.org/3973002/show
SVN Base: http://v8.googlecode.com/svn/branches/bleeding_edge/
Affected files:
M src/flag-definitions.h
M src/ia32/codegen-ia32.h
M src/ia32/codegen-ia32.cc
Index: src/flag-definitions.h
===================================================================
--- src/flag-definitions.h (revision 5680)
+++ src/flag-definitions.h (working copy)
@@ -140,6 +140,7 @@
// codegen-ia32.cc / codegen-arm.cc
DEFINE_bool(trace, false, "trace function calls")
DEFINE_bool(defer_negation, true, "defer negation operation")
+DEFINE_bool(disable_jit_cookie, false, "jit_cookie always set to NULL")
// codegen.cc
DEFINE_bool(lazy, true, "use lazy compilation")
Index: src/ia32/codegen-ia32.cc
===================================================================
--- src/ia32/codegen-ia32.cc (revision 5680)
+++ src/ia32/codegen-ia32.cc (working copy)
@@ -153,7 +153,8 @@
in_safe_int32_mode_(false),
safe_int32_mode_enabled_(true),
function_return_is_shadowed_(false),
- in_spilled_code_(false) {
+ in_spilled_code_(false),
+ jit_cookie_((FLAG_disable_jit_cookie) ? 0 : V8::Random()) {
}
@@ -5363,16 +5364,16 @@
void CodeGenerator::PushUnsafeSmi(Handle<Object> value) {
ASSERT(value->IsSmi());
int bits = reinterpret_cast<int>(*value);
- __ push(Immediate(bits & 0x0000FFFF));
- __ or_(Operand(esp, 0), Immediate(bits & 0xFFFF0000));
+ __ push(Immediate(bits ^ jit_cookie_));
+ __ xor_(Operand(esp, 0), Immediate(jit_cookie_));
}
void CodeGenerator::StoreUnsafeSmiToLocal(int offset, Handle<Object>
value) {
ASSERT(value->IsSmi());
int bits = reinterpret_cast<int>(*value);
- __ mov(Operand(ebp, offset), Immediate(bits & 0x0000FFFF));
- __ or_(Operand(ebp, offset), Immediate(bits & 0xFFFF0000));
+ __ mov(Operand(ebp, offset), Immediate(bits ^ jit_cookie_));
+ __ xor_(Operand(ebp, offset), Immediate(jit_cookie_));
}
@@ -5380,8 +5381,8 @@
ASSERT(target.is_valid());
ASSERT(value->IsSmi());
int bits = reinterpret_cast<int>(*value);
- __ Set(target, Immediate(bits & 0x0000FFFF));
- __ or_(target, bits & 0xFFFF0000);
+ __ Set(target, Immediate(bits ^ jit_cookie_));
+ __ xor_(target, jit_cookie_);
}
Index: src/ia32/codegen-ia32.h
===================================================================
--- src/ia32/codegen-ia32.h (revision 5680)
+++ src/ia32/codegen-ia32.h (working copy)
@@ -785,6 +785,11 @@
// in a spilled state.
bool in_spilled_code_;
+ // A random cookie that is used for JIT IMM32 Encoding and JIT Code Chunk
+ // Offset Randomization. The command-line switch --disable_jit_cookie
+ // initializes this to NULL causing it to have no effect
+ int jit_cookie_;
+
friend class VirtualFrame;
friend class JumpTarget;
friend class Reference;
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
