http://codereview.chromium.org/15037/diff/206/12 File src/codegen-ia32.cc (right):
http://codereview.chromium.org/15037/diff/206/12#newcode2672 Line 2672: frame_->Push(&temp); On 2008/12/19 08:41:03, William Hesse wrote: > I thought this was in the assembler's Set() function. Once we have constant > folding, the attacker can put a 32-bit SMI in the code by x = bad_word - 1 + 1. > Can this be put in Set() instead? Possibly, but there's probably a better way. Ideally (once we have constant folding :)) we will just track whether values are "contaminated" by originating with source literals. MacroAssembler::Set is too low-level for that. It doesn't have any idea about where the operand originated, and it's too late to figure it out by the time it's called. http://codereview.chromium.org/15037/diff/206/8 File src/register-allocator-ia32.cc (right): http://codereview.chromium.org/15037/diff/206/8#newcode93 Line 93: Use(edi); On 2008/12/19 08:41:03, William Hesse wrote: > Pretty sad, that we use all of these. :( Those are the callee-save registers at JS function calls. Of those, edi isn't actually reserved. We can free up esi too. We have to come up with a better way to track reserved registers, too. http://codereview.chromium.org/15037/diff/206/11 File src/register-allocator-ia32.h (right): http://codereview.chromium.org/15037/diff/206/11#newcode94 Line 94: On 2008/12/19 08:41:03, William Hesse wrote: > Do we also want ToRegister(Register target)? Ultimately, yes. It was in a withdrawn change I sent out a few days ago, and it'll pop up again soon. http://codereview.chromium.org/15037/diff/206/9 File src/virtual-frame-ia32.cc (right): http://codereview.chromium.org/15037/diff/206/9#newcode349 Line 349: frame_registers_.count(element.reg().code()) > 1)) { On 2008/12/19 08:41:03, William Hesse wrote: > Shouldn't we overload count() and is_used() to take > a Register, as well as a code? We have so many occurrences > of is_used(x.reg().code()). Good idea. You want to do it :) http://codereview.chromium.org/15037 --~--~---------~--~----~------------~-------~--~----~ v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev -~----------~----~----~----~------~----~------~--~---
