Diff
Modified: branches/safari-534.51-branch/Source/_javascript_Core/ChangeLog (91404 => 91405)
--- branches/safari-534.51-branch/Source/_javascript_Core/ChangeLog 2011-07-20 21:12:30 UTC (rev 91404)
+++ branches/safari-534.51-branch/Source/_javascript_Core/ChangeLog 2011-07-20 21:17:13 UTC (rev 91405)
@@ -1,5 +1,42 @@
2011-06-20 Lucas Forschler <[email protected]>
+ Merged 86919.
+
+ 2011-05-19 Oliver Hunt <[email protected]>
+
+ Reviewed by Gavin Barraclough.
+
+ Randomise code starting location a little
+ https://bugs.webkit.org/show_bug.cgi?id=61161
+
+ Add a nop() function to the Assemblers so that we
+ can randomise code offsets slightly at no real cost.
+
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::nop):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::nop):
+ * assembler/MacroAssemblerARM.h:
+ (JSC::MacroAssemblerARM::nop):
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::nop):
+ * assembler/MacroAssemblerMIPS.h:
+ (JSC::MacroAssemblerMIPS::nop):
+ * assembler/MacroAssemblerSH4.h:
+ (JSC::MacroAssemblerSH4::nop):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::nop):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::nop):
+ * jit/JIT.cpp:
+ (JSC::JIT::JIT):
+ (JSC::JIT::privateCompile):
+ * jit/JIT.h:
+ * runtime/WeakRandom.h:
+ (JSC::WeakRandom::getUint32):
+
+2011-06-20 Lucas Forschler <[email protected]>
+
Merged 90232.
2011-07-01 David Kilzer <[email protected]>
Modified: branches/safari-534.51-branch/Source/_javascript_Core/assembler/ARMAssembler.h (91404 => 91405)
--- branches/safari-534.51-branch/Source/_javascript_Core/assembler/ARMAssembler.h 2011-07-20 21:12:30 UTC (rev 91404)
+++ branches/safari-534.51-branch/Source/_javascript_Core/assembler/ARMAssembler.h 2011-07-20 21:17:13 UTC (rev 91405)
@@ -167,6 +167,7 @@
CLZ = 0x016f0f10,
BKPT = 0xe1200070,
BLX = 0x012fff30,
+ NOP_T2 = 0xf3af8000,
#endif
#if WTF_ARM_ARCH_AT_LEAST(7)
MOVW = 0x03000000,
@@ -571,6 +572,11 @@
dtr_dr(true, ARMRegisters::S0, ARMRegisters::S0, ARMRegisters::S0);
#endif
}
+
+ void nop()
+ {
+ m_buffer.putInt(OP_NOP_T2);
+ }
void bx(int rm, Condition cc = AL)
{
Modified: branches/safari-534.51-branch/Source/_javascript_Core/assembler/ARMv7Assembler.h (91404 => 91405)
--- branches/safari-534.51-branch/Source/_javascript_Core/assembler/ARMv7Assembler.h 2011-07-20 21:12:30 UTC (rev 91404)
+++ branches/safari-534.51-branch/Source/_javascript_Core/assembler/ARMv7Assembler.h 2011-07-20 21:17:13 UTC (rev 91405)
@@ -1526,6 +1526,11 @@
m_formatter.vfpOp(OP_VSUB_T2, OP_VSUB_T2b, true, rn, rd, rm);
}
+ void nop()
+ {
+ m_formatter.oneWordOp8Imm8(OP_NOP_T1, 0);
+ }
+
AssemblerLabel label()
{
return m_formatter.label();
Modified: branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerARM.h (91404 => 91405)
--- branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerARM.h 2011-07-20 21:12:30 UTC (rev 91404)
+++ branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerARM.h 2011-07-20 21:17:13 UTC (rev 91405)
@@ -927,6 +927,11 @@
return branchDouble(DoubleEqualOrUnordered, reg, scratch);
}
+ void nop()
+ {
+ m_assembler.nop();
+ }
+
protected:
ARMAssembler::Condition ARMCondition(RelationalCondition cond)
{
Modified: branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h (91404 => 91405)
--- branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h 2011-07-20 21:12:30 UTC (rev 91404)
+++ branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h 2011-07-20 21:17:13 UTC (rev 91405)
@@ -812,6 +812,10 @@
move(src, dest);
}
+ void nop()
+ {
+ m_assembler.nop();
+ }
// Forwards / external control flow operations:
//
Modified: branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h (91404 => 91405)
--- branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h 2011-07-20 21:12:30 UTC (rev 91404)
+++ branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerMIPS.h 2011-07-20 21:17:13 UTC (rev 91405)
@@ -1762,6 +1762,10 @@
return branchDouble(DoubleEqualOrUnordered, reg, scratch);
}
+ void nop()
+ {
+ m_assembler.nop();
+ }
private:
// If m_fixedWidth is true, we will generate a fixed number of instructions.
Modified: branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerSH4.h (91404 => 91405)
--- branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerSH4.h 2011-07-20 21:12:30 UTC (rev 91404)
+++ branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerSH4.h 2011-07-20 21:17:13 UTC (rev 91405)
@@ -1721,6 +1721,12 @@
oldJump.link(this);
return tailRecursiveCall();
}
+
+ void nop()
+ {
+ m_assembler.nop();
+ }
+
protected:
SH4Assembler::Condition SH4Condition(RelationalCondition cond)
{
Modified: branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h (91404 => 91405)
--- branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h 2011-07-20 21:12:30 UTC (rev 91404)
+++ branches/safari-534.51-branch/Source/_javascript_Core/assembler/MacroAssemblerX86Common.h 2011-07-20 21:17:13 UTC (rev 91405)
@@ -1193,6 +1193,11 @@
ASSERT(cond == Below || cond == BelowOrEqual || cond == Above || cond == AboveOrEqual);
return static_cast<RelationalCondition>(X86Assembler::ConditionB + X86Assembler::ConditionA - cond);
}
+
+ void nop()
+ {
+ m_assembler.nop();
+ }
protected:
X86Assembler::Condition x86Condition(RelationalCondition cond)
Modified: branches/safari-534.51-branch/Source/_javascript_Core/assembler/X86Assembler.h (91404 => 91405)
--- branches/safari-534.51-branch/Source/_javascript_Core/assembler/X86Assembler.h 2011-07-20 21:12:30 UTC (rev 91404)
+++ branches/safari-534.51-branch/Source/_javascript_Core/assembler/X86Assembler.h 2011-07-20 21:17:13 UTC (rev 91405)
@@ -138,6 +138,7 @@
OP_MOV_GvEv = 0x8B,
OP_LEA = 0x8D,
OP_GROUP1A_Ev = 0x8F,
+ OP_NOP = 0x90,
OP_CDQ = 0x99,
OP_MOV_EAXOv = 0xA1,
OP_MOV_OvEAX = 0xA3,
@@ -1576,6 +1577,11 @@
unsigned debugOffset() { return m_formatter.debugOffset(); }
#endif
+ void nop()
+ {
+ m_formatter.oneByteOp(OP_NOP);
+ }
+
private:
static void setPointer(void* where, void* value)
Modified: branches/safari-534.51-branch/Source/_javascript_Core/jit/JIT.cpp (91404 => 91405)
--- branches/safari-534.51-branch/Source/_javascript_Core/jit/JIT.cpp 2011-07-20 21:12:30 UTC (rev 91404)
+++ branches/safari-534.51-branch/Source/_javascript_Core/jit/JIT.cpp 2011-07-20 21:17:13 UTC (rev 91405)
@@ -35,6 +35,7 @@
#endif
#include "CodeBlock.h"
+#include "CryptographicallyRandomNumber.h"
#include "Interpreter.h"
#include "JITInlineMethods.h"
#include "JITStubCall.h"
@@ -86,6 +87,11 @@
, m_lastResultBytecodeRegister(std::numeric_limits<int>::max())
, m_jumpTargetsPosition(0)
#endif
+#if USE(OS_RANDOMNESS)
+ , m_randomGenerator(cryptographicallyRandomNumber())
+#else
+ , m_randomGenerator(static_cast<unsigned>(randomNumber() * 0xFFFFFFF))
+#endif
{
}
@@ -458,6 +464,10 @@
JITCode JIT::privateCompile(CodePtr* functionEntryArityCheck)
{
+ // Just add a little bit of randomness to the codegen
+ if (m_randomGenerator.getUint32() & 1)
+ nop();
+
// Could use a pop_m, but would need to offset the following instruction if so.
preserveReturnAddressAfterCall(regT2);
emitPutToCallFrameHeader(regT2, RegisterFile::ReturnPC);
Modified: branches/safari-534.51-branch/Source/_javascript_Core/jit/JIT.h (91404 => 91405)
--- branches/safari-534.51-branch/Source/_javascript_Core/jit/JIT.h 2011-07-20 21:12:30 UTC (rev 91404)
+++ branches/safari-534.51-branch/Source/_javascript_Core/jit/JIT.h 2011-07-20 21:17:13 UTC (rev 91405)
@@ -996,6 +996,7 @@
int m_uninterruptedConstantSequenceBegin;
#endif
#endif
+ WeakRandom m_randomGenerator;
static CodePtr stringGetByValStubGenerator(JSGlobalData* globalData, ExecutablePool* pool);
} JIT_CLASS_ALIGNMENT;
Modified: branches/safari-534.51-branch/Source/_javascript_Core/runtime/WeakRandom.h (91404 => 91405)
--- branches/safari-534.51-branch/Source/_javascript_Core/runtime/WeakRandom.h 2011-07-20 21:12:30 UTC (rev 91404)
+++ branches/safari-534.51-branch/Source/_javascript_Core/runtime/WeakRandom.h 2011-07-20 21:17:13 UTC (rev 91405)
@@ -68,6 +68,11 @@
return advance() / (UINT_MAX + 1.0);
}
+ unsigned getUint32()
+ {
+ return advance();
+ }
+
private:
unsigned advance()
{
