From 46951e659c71130b323665db839627bdedec6d6a Mon Sep 17 00:00:00 2001 From: "ager@chromium.org" Date: Fri, 29 Oct 2010 06:15:34 +0000 Subject: [PATCH] Landing for Justin Schuh. This switches out the existing constant splitting with masking that works like this: 1. Generate a random 32-bit value at compilation time. 2. XOR the 32-bit constant with the random value. 3. Emit the resulting immediate value along with the XOR operation to generate the original value. BUG=http://code.google.com/p/v8/issues/detail?id=908 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00 --- src/flag-definitions.h | 3 +++ src/ia32/codegen-ia32.cc | 15 ++++++++------- src/ia32/codegen-ia32.h | 5 +++++ 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/src/flag-definitions.h b/src/flag-definitions.h index 2474c62..54501ec 100644 --- a/src/flag-definitions.h +++ b/src/flag-definitions.h @@ -140,6 +140,9 @@ DEFINE_bool(stack_trace_on_abort, true, // codegen-ia32.cc / codegen-arm.cc DEFINE_bool(trace, false, "trace function calls") DEFINE_bool(defer_negation, true, "defer negation operation") +DEFINE_bool(mask_constants_with_cookie, + true, + "use random jit cookie to mask large constants") // codegen.cc DEFINE_bool(lazy, true, "use lazy compilation") diff --git a/src/ia32/codegen-ia32.cc b/src/ia32/codegen-ia32.cc index c52e3bf..6d23dd7 100644 --- a/src/ia32/codegen-ia32.cc +++ b/src/ia32/codegen-ia32.cc @@ -153,7 +153,8 @@ CodeGenerator::CodeGenerator(MacroAssembler* masm) in_safe_int32_mode_(false), safe_int32_mode_enabled_(true), function_return_is_shadowed_(false), - in_spilled_code_(false) { + in_spilled_code_(false), + jit_cookie_((FLAG_mask_constants_with_cookie) ? V8::Random() : 0) { } @@ -5363,16 +5364,16 @@ void CodeGenerator::VisitLiteral(Literal* node) { void CodeGenerator::PushUnsafeSmi(Handle value) { ASSERT(value->IsSmi()); int bits = reinterpret_cast(*value); - __ push(Immediate(bits & 0x0000FFFF)); - __ or_(Operand(esp, 0), Immediate(bits & 0xFFFF0000)); + __ push(Immediate(bits ^ jit_cookie_)); + __ xor_(Operand(esp, 0), Immediate(jit_cookie_)); } void CodeGenerator::StoreUnsafeSmiToLocal(int offset, Handle value) { ASSERT(value->IsSmi()); int bits = reinterpret_cast(*value); - __ mov(Operand(ebp, offset), Immediate(bits & 0x0000FFFF)); - __ or_(Operand(ebp, offset), Immediate(bits & 0xFFFF0000)); + __ mov(Operand(ebp, offset), Immediate(bits ^ jit_cookie_)); + __ xor_(Operand(ebp, offset), Immediate(jit_cookie_)); } @@ -5380,8 +5381,8 @@ void CodeGenerator::MoveUnsafeSmi(Register target, Handle value) { ASSERT(target.is_valid()); ASSERT(value->IsSmi()); int bits = reinterpret_cast(*value); - __ Set(target, Immediate(bits & 0x0000FFFF)); - __ or_(target, bits & 0xFFFF0000); + __ Set(target, Immediate(bits ^ jit_cookie_)); + __ xor_(target, jit_cookie_); } diff --git a/src/ia32/codegen-ia32.h b/src/ia32/codegen-ia32.h index b072409..4594b19 100644 --- a/src/ia32/codegen-ia32.h +++ b/src/ia32/codegen-ia32.h @@ -785,6 +785,11 @@ class CodeGenerator: public AstVisitor { // in a spilled state. bool in_spilled_code_; + // A cookie that is used for JIT IMM32 Encoding. Initialized to a + // random number when the command-line + // FLAG_mask_constants_with_cookie is true, zero otherwise. + int jit_cookie_; + friend class VirtualFrame; friend class JumpTarget; friend class Reference; -- 2.7.4