Ignore:
Timestamp:
Mar 5, 2012, 6:40:05 PM (13 years ago)
Author:
[email protected]
Message:

Add basic support for constant blinding to the JIT
https://bugs.webkit.org/show_bug.cgi?id=80354

Reviewed by Filip Pizlo.

This patch adds basic constant blinding support to the JIT, at the
MacroAssembler level. This means all JITs in JSC (Yarr, baseline, and DFG)
get constant blinding. Woo!

This patch only introduces blinding for Imm32, a later patch will do similar
for ImmPtr. In order to make misuse of Imm32 as a trusted type essentially
impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
accessor that's needed to access the actual value. This also means you cannot
accidentally pass an untrusted value to a function that does not perform
blinding.

To make everything work sensibly, this patch also corrects some code that was using
Imm32 when TrustedImm32 could be used, and refactors a few callers that use
untrusted immediates, so that they call slightly different varaints of the functions
that they used previously. This is largely necessary to deal with x86-32 not having
sufficient registers to handle the additional work required when we choose to blind
a constant.

  • assembler/AbstractMacroAssembler.h:

(JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
(Imm32):
(JSC::AbstractMacroAssembler::beginUninterruptedSequence):
(JSC::AbstractMacroAssembler::endUninterruptedSequence):
(JSC::AbstractMacroAssembler::AbstractMacroAssembler):
(AbstractMacroAssembler):
(JSC::AbstractMacroAssembler::inUninterruptedSequence):
(JSC::AbstractMacroAssembler::random):
(JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
(JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):

  • assembler/MacroAssembler.h:

(JSC::MacroAssembler::addressForPoke):
(MacroAssembler):
(JSC::MacroAssembler::poke):
(JSC::MacroAssembler::branchPtr):
(JSC::MacroAssembler::branch32):
(JSC::MacroAssembler::convertInt32ToDouble):
(JSC::MacroAssembler::shouldBlind):
(JSC::MacroAssembler::BlindedImm32::BlindedImm32):
(BlindedImm32):
(JSC::MacroAssembler::keyForConstant):
(JSC::MacroAssembler::xorBlindConstant):
(JSC::MacroAssembler::additionBlindedConstant):
(JSC::MacroAssembler::andBlindedConstant):
(JSC::MacroAssembler::orBlindedConstant):
(JSC::MacroAssembler::loadXorBlindedConstant):
(JSC::MacroAssembler::add32):
(JSC::MacroAssembler::addPtr):
(JSC::MacroAssembler::and32):
(JSC::MacroAssembler::andPtr):
(JSC::MacroAssembler::move):
(JSC::MacroAssembler::or32):
(JSC::MacroAssembler::store32):
(JSC::MacroAssembler::sub32):
(JSC::MacroAssembler::subPtr):
(JSC::MacroAssembler::xor32):
(JSC::MacroAssembler::branchAdd32):
(JSC::MacroAssembler::branchMul32):
(JSC::MacroAssembler::branchSub32):
(JSC::MacroAssembler::trustedImm32ForShift):
(JSC::MacroAssembler::lshift32):
(JSC::MacroAssembler::rshift32):
(JSC::MacroAssembler::urshift32):

  • assembler/MacroAssemblerARMv7.h:

(MacroAssemblerARMv7):
(JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
(JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):

  • assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::branchSubPtr):
(MacroAssemblerX86_64):
(JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):

  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::compileFunction):

  • dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileArithSub):
(JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compileDoubleCompare):
(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compileDoubleCompare):
(JSC::DFG::SpeculativeJIT::compile):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::privateCompile):

  • jit/JITArithmetic.cpp:

(JSC::JIT::compileBinaryArithOp):
(JSC::JIT::emit_op_add):
(JSC::JIT::emit_op_mul):
(JSC::JIT::emit_op_div):

  • jit/JITArithmetic32_64.cpp:

(JSC::JIT::emitAdd32Constant):
(JSC::JIT::emitSub32Constant):
(JSC::JIT::emitBinaryDoubleOp):
(JSC::JIT::emitSlow_op_mul):
(JSC::JIT::emit_op_div):

  • jit/JITCall.cpp:

(JSC::JIT::compileLoadVarargs):

  • jit/JITCall32_64.cpp:

(JSC::JIT::compileLoadVarargs):

  • jit/JITInlineMethods.h:

(JSC::JIT::updateTopCallFrame):
(JSC::JIT::emitValueProfilingSite):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emitSlow_op_jfalse):
(JSC::JIT::emitSlow_op_jtrue):

  • jit/JITStubCall.h:

(JITStubCall):
(JSC::JITStubCall::addArgument):

  • yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::backtrack):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h

    r106590 r109834  
    2929#include "CodeLocation.h"
    3030#include "MacroAssemblerCodeRef.h"
     31#include <wtf/CryptographicallyRandomNumber.h>
    3132#include <wtf/Noncopyable.h>
    3233#include <wtf/UnusedParam.h>
     
    233234
    234235
    235     struct Imm32 : public TrustedImm32 {
     236    struct Imm32 : private TrustedImm32 {
    236237        explicit Imm32(int32_t value)
    237238            : TrustedImm32(value)
     
    244245        }
    245246#endif
     247        const TrustedImm32& asTrustedImm32() const { return *this; }
     248
    246249    };
    247250   
     
    536539    }
    537540
    538     void beginUninterruptedSequence() { }
    539     void endUninterruptedSequence() { }
     541    void beginUninterruptedSequence() { m_inUninterruptedSequence = true; }
     542    void endUninterruptedSequence() { m_inUninterruptedSequence = false; }
    540543
    541544    unsigned debugOffset() { return m_assembler.debugOffset(); }
    542545
    543546protected:
     547    AbstractMacroAssembler()
     548        : m_inUninterruptedSequence(false)
     549        , m_randomSource(cryptographicallyRandomNumber())
     550    {
     551    }
     552
    544553    AssemblerType m_assembler;
     554
     555    bool inUninterruptedSequence()
     556    {
     557        return m_inUninterruptedSequence;
     558    }
     559
     560    bool m_inUninterruptedSequence;
     561   
     562   
     563    uint32_t random()
     564    {
     565        return m_randomSource.getUint32();
     566    }
     567
     568    WeakRandom m_randomSource;
     569   
     570    static bool scratchRegisterForBlinding() { return false; }
     571    static bool shouldBlindForSpecificArch(uint32_t) { return true; }
    545572
    546573    friend class LinkBuffer;
Note: See TracChangeset for help on using the changeset viewer.