2011-05-19 Oliver Hunt <oliver@apple.com>
authoroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 20 May 2011 01:33:46 +0000 (01:33 +0000)
committeroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 20 May 2011 01:33:46 +0000 (01:33 +0000)
        Reviewed by Gavin Barraclough.

        Randomise code starting location a little
        https://bugs.webkit.org/show_bug.cgi?id=61161

        Add a nop() function to the Assemblers so that we
        can randomise code offsets slightly at no real cost.

        * assembler/ARMAssembler.h:
        (JSC::ARMAssembler::nop):
        * assembler/ARMv7Assembler.h:
        (JSC::ARMv7Assembler::nop):
        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::nop):
        * assembler/MacroAssemblerARMv7.h:
        (JSC::MacroAssemblerARMv7::nop):
        * assembler/MacroAssemblerMIPS.h:
        (JSC::MacroAssemblerMIPS::nop):
        * assembler/MacroAssemblerSH4.h:
        (JSC::MacroAssemblerSH4::nop):
        * assembler/MacroAssemblerX86Common.h:
        (JSC::MacroAssemblerX86Common::nop):
        * assembler/X86Assembler.h:
        (JSC::X86Assembler::nop):
        * jit/JIT.cpp:
        (JSC::JIT::JIT):
        (JSC::JIT::privateCompile):
        * jit/JIT.h:
        * runtime/WeakRandom.h:
        (JSC::WeakRandom::getUint32):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@86919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

12 files changed:
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/assembler/ARMAssembler.h
Source/JavaScriptCore/assembler/ARMv7Assembler.h
Source/JavaScriptCore/assembler/MacroAssemblerARM.h
Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
Source/JavaScriptCore/assembler/MacroAssemblerMIPS.h
Source/JavaScriptCore/assembler/MacroAssemblerSH4.h
Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h
Source/JavaScriptCore/assembler/X86Assembler.h
Source/JavaScriptCore/jit/JIT.cpp
Source/JavaScriptCore/jit/JIT.h
Source/JavaScriptCore/runtime/WeakRandom.h

index 4cde07e..2e5f5c9 100644 (file)
@@ -1,5 +1,38 @@
 2011-05-19  Oliver Hunt  <oliver@apple.com>
 
+        Reviewed by Gavin Barraclough.
+
+        Randomise code starting location a little
+        https://bugs.webkit.org/show_bug.cgi?id=61161
+
+        Add a nop() function to the Assemblers so that we
+        can randomise code offsets slightly at no real cost.
+
+        * assembler/ARMAssembler.h:
+        (JSC::ARMAssembler::nop):
+        * assembler/ARMv7Assembler.h:
+        (JSC::ARMv7Assembler::nop):
+        * assembler/MacroAssemblerARM.h:
+        (JSC::MacroAssemblerARM::nop):
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::nop):
+        * assembler/MacroAssemblerMIPS.h:
+        (JSC::MacroAssemblerMIPS::nop):
+        * assembler/MacroAssemblerSH4.h:
+        (JSC::MacroAssemblerSH4::nop):
+        * assembler/MacroAssemblerX86Common.h:
+        (JSC::MacroAssemblerX86Common::nop):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::nop):
+        * jit/JIT.cpp:
+        (JSC::JIT::JIT):
+        (JSC::JIT::privateCompile):
+        * jit/JIT.h:
+        * runtime/WeakRandom.h:
+        (JSC::WeakRandom::getUint32):
+
+2011-05-19  Oliver Hunt  <oliver@apple.com>
+
         Fix windows build.
 
         * wtf/OSAllocatorWin.cpp:
index 03374e0..ae68c28 100644 (file)
@@ -167,6 +167,7 @@ namespace JSC {
             CLZ = 0x016f0f10,
             BKPT = 0xe1200070,
             BLX = 0x012fff30,
+            NOP_T2 = 0xf3af8000,
 #endif
 #if WTF_ARM_ARCH_AT_LEAST(7)
             MOVW = 0x03000000,
@@ -571,6 +572,11 @@ namespace JSC {
             dtr_dr(true, ARMRegisters::S0, ARMRegisters::S0, ARMRegisters::S0);
 #endif
         }
+        
+        void nop()
+        {
+            m_buffer.putInt(OP_NOP_T2);
+        }
 
         void bx(int rm, Condition cc = AL)
         {
index 5696c02..14927aa 100644 (file)
@@ -1526,6 +1526,11 @@ public:
         m_formatter.vfpOp(OP_VSUB_T2, OP_VSUB_T2b, true, rn, rd, rm);
     }
 
+    void nop()
+    {
+        m_formatter.oneWordOp8Imm8(OP_NOP_T1, 0);
+    }
+
     AssemblerLabel label()
     {
         return m_formatter.label();
index d0029e8..b365dce 100644 (file)
@@ -935,6 +935,11 @@ public:
         return branchDouble(DoubleEqualOrUnordered, reg, scratch);
     }
 
+    void nop()
+    {
+        m_assembler.nop();
+    }
+
 protected:
     ARMAssembler::Condition ARMCondition(RelationalCondition cond)
     {
index cc9f9f8..af83347 100644 (file)
@@ -819,6 +819,10 @@ public:
             move(src, dest);
     }
 
+    void nop()
+    {
+        m_assembler.nop();
+    }
 
     // Forwards / external control flow operations:
     //
index cd63b31..9cdfffc 100644 (file)
@@ -1771,6 +1771,10 @@ public:
         return branchDouble(DoubleEqualOrUnordered, reg, scratch);
     }
 
+    void nop()
+    {
+        m_assembler.nop();
+    }
 
 private:
     // If m_fixedWidth is true, we will generate a fixed number of instructions.
index 20e75da..8bed14c 100644 (file)
@@ -1734,6 +1734,12 @@ public:
         oldJump.link(this);
         return tailRecursiveCall();
     }
+
+    void nop()
+    {
+        m_assembler.nop();
+    }
+
 protected:
     SH4Assembler::Condition SH4Condition(RelationalCondition cond)
     {
index 7aca2a6..933b36b 100644 (file)
@@ -1214,6 +1214,11 @@ public:
         ASSERT(cond == Below || cond == BelowOrEqual || cond == Above || cond == AboveOrEqual);
         return static_cast<RelationalCondition>(X86Assembler::ConditionB + X86Assembler::ConditionA - cond);
     }
+    
+    void nop()
+    {
+        m_assembler.nop();
+    }
 
 protected:
     X86Assembler::Condition x86Condition(RelationalCondition cond)
index e3c5bf3..c8723c8 100644 (file)
@@ -138,6 +138,7 @@ private:
         OP_MOV_GvEv                     = 0x8B,
         OP_LEA                          = 0x8D,
         OP_GROUP1A_Ev                   = 0x8F,
+        OP_NOP                          = 0x90,
         OP_CDQ                          = 0x99,
         OP_MOV_EAXOv                    = 0xA1,
         OP_MOV_OvEAX                    = 0xA3,
@@ -1593,6 +1594,11 @@ public:
     unsigned debugOffset() { return m_formatter.debugOffset(); }
 #endif
 
+    void nop()
+    {
+        m_formatter.oneByteOp(OP_NOP);
+    }
+
 private:
 
     static void setPointer(void* where, void* value)
index 981e2e1..653080d 100644 (file)
@@ -35,6 +35,7 @@ JSC::MacroAssemblerX86Common::SSE2CheckState JSC::MacroAssemblerX86Common::s_sse
 #endif
 
 #include "CodeBlock.h"
+#include "CryptographicallyRandomNumber.h"
 #include "Interpreter.h"
 #include "JITInlineMethods.h"
 #include "JITStubCall.h"
@@ -86,6 +87,11 @@ JIT::JIT(JSGlobalData* globalData, CodeBlock* codeBlock)
     , m_lastResultBytecodeRegister(std::numeric_limits<int>::max())
     , m_jumpTargetsPosition(0)
 #endif
+#if USE(OS_RANDOMNESS)
+    , m_randomGenerator(cryptographicallyRandomNumber())
+#else
+    , m_randomGenerator(static_cast<unsigned>(randomNumber() * 0xFFFFFFF))
+#endif
 {
 }
 
@@ -458,6 +464,10 @@ void JIT::privateCompileSlowCases()
 
 JITCode JIT::privateCompile(CodePtr* functionEntryArityCheck)
 {
+    // Just add a little bit of randomness to the codegen
+    if (m_randomGenerator.getUint32() & 1)
+        nop();
+
     // Could use a pop_m, but would need to offset the following instruction if so.
     preserveReturnAddressAfterCall(regT2);
     emitPutToCallFrameHeader(regT2, RegisterFile::ReturnPC);
index ea22854..d79f3f4 100644 (file)
@@ -997,6 +997,7 @@ namespace JSC {
         int m_uninterruptedConstantSequenceBegin;
 #endif
 #endif
+        WeakRandom m_randomGenerator;
         static CodePtr stringGetByValStubGenerator(JSGlobalData* globalData, ExecutablePool* pool);
     } JIT_CLASS_ALIGNMENT;
 
index ff3995e..6083980 100644 (file)
@@ -68,6 +68,11 @@ public:
         return advance() / (UINT_MAX + 1.0);
     }
 
+    unsigned getUint32()
+    {
+        return advance();
+    }
+
 private:
     unsigned advance()
     {