Mercurial > hg > graal-jvmci-8
comparison src/cpu/x86/vm/x86_64.ad @ 2320:41d4973cf100
6942326: x86 code in string_indexof() could read beyond reserved heap space
Summary: copy small (<8) strings on stack if str+16 crosses a page boundary and load from stack into XMM. Back up pointer when loading string's tail.
Reviewed-by: never
| author | kvn |
|---|---|
| date | Sat, 26 Feb 2011 12:10:54 -0800 |
| parents | 6bbaedb03534 |
| children | 7e88bdae86ec |
comparison
equal
deleted
inserted
replaced
| 2319:8190d4b75e09 | 2320:41d4973cf100 |
|---|---|
| 1 // | 1 // |
| 2 // Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. | 2 // Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. |
| 3 // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. | 3 // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 // | 4 // |
| 5 // This code is free software; you can redistribute it and/or modify it | 5 // This code is free software; you can redistribute it and/or modify it |
| 6 // under the terms of the GNU General Public License version 2 only, as | 6 // under the terms of the GNU General Public License version 2 only, as |
| 7 // published by the Free Software Foundation. | 7 // published by the Free Software Foundation. |
| 11596 $tmp1$$XMMRegister); | 11596 $tmp1$$XMMRegister); |
| 11597 %} | 11597 %} |
| 11598 ins_pipe( pipe_slow ); | 11598 ins_pipe( pipe_slow ); |
| 11599 %} | 11599 %} |
| 11600 | 11600 |
| 11601 // fast search of substring with known size. | |
| 11602 instruct string_indexof_con(rdi_RegP str1, rdx_RegI cnt1, rsi_RegP str2, immI int_cnt2, | |
| 11603 rbx_RegI result, regD vec, rax_RegI cnt2, rcx_RegI tmp, rFlagsReg cr) | |
| 11604 %{ | |
| 11605 predicate(UseSSE42Intrinsics); | |
| 11606 match(Set result (StrIndexOf (Binary str1 cnt1) (Binary str2 int_cnt2))); | |
| 11607 effect(TEMP vec, USE_KILL str1, USE_KILL str2, USE_KILL cnt1, KILL cnt2, KILL tmp, KILL cr); | |
| 11608 | |
| 11609 format %{ "String IndexOf $str1,$cnt1,$str2,$int_cnt2 -> $result // KILL $vec, $cnt1, $cnt2, $tmp" %} | |
| 11610 ins_encode %{ | |
| 11611 int icnt2 = (int)$int_cnt2$$constant; | |
| 11612 if (icnt2 >= 8) { | |
| 11613 // IndexOf for constant substrings with size >= 8 elements | |
| 11614 // which don't need to be loaded through stack. | |
| 11615 __ string_indexofC8($str1$$Register, $str2$$Register, | |
| 11616 $cnt1$$Register, $cnt2$$Register, | |
| 11617 icnt2, $result$$Register, | |
| 11618 $vec$$XMMRegister, $tmp$$Register); | |
| 11619 } else { | |
| 11620 // Small strings are loaded through stack if they cross page boundary. | |
| 11621 __ string_indexof($str1$$Register, $str2$$Register, | |
| 11622 $cnt1$$Register, $cnt2$$Register, | |
| 11623 icnt2, $result$$Register, | |
| 11624 $vec$$XMMRegister, $tmp$$Register); | |
| 11625 } | |
| 11626 %} | |
| 11627 ins_pipe( pipe_slow ); | |
| 11628 %} | |
| 11629 | |
| 11601 instruct string_indexof(rdi_RegP str1, rdx_RegI cnt1, rsi_RegP str2, rax_RegI cnt2, | 11630 instruct string_indexof(rdi_RegP str1, rdx_RegI cnt1, rsi_RegP str2, rax_RegI cnt2, |
| 11602 rbx_RegI result, regD tmp1, rcx_RegI tmp2, rFlagsReg cr) | 11631 rbx_RegI result, regD vec, rcx_RegI tmp, rFlagsReg cr) |
| 11603 %{ | 11632 %{ |
| 11604 predicate(UseSSE42Intrinsics); | 11633 predicate(UseSSE42Intrinsics); |
| 11605 match(Set result (StrIndexOf (Binary str1 cnt1) (Binary str2 cnt2))); | 11634 match(Set result (StrIndexOf (Binary str1 cnt1) (Binary str2 cnt2))); |
| 11606 effect(TEMP tmp1, USE_KILL str1, USE_KILL str2, USE_KILL cnt1, USE_KILL cnt2, KILL tmp2, KILL cr); | 11635 effect(TEMP vec, USE_KILL str1, USE_KILL str2, USE_KILL cnt1, USE_KILL cnt2, KILL tmp, KILL cr); |
| 11607 | 11636 |
| 11608 format %{ "String IndexOf $str1,$cnt1,$str2,$cnt2 -> $result // KILL $tmp1, $tmp2" %} | 11637 format %{ "String IndexOf $str1,$cnt1,$str2,$cnt2 -> $result // KILL all" %} |
| 11609 ins_encode %{ | 11638 ins_encode %{ |
| 11610 __ string_indexof($str1$$Register, $str2$$Register, | 11639 __ string_indexof($str1$$Register, $str2$$Register, |
| 11611 $cnt1$$Register, $cnt2$$Register, $result$$Register, | 11640 $cnt1$$Register, $cnt2$$Register, |
| 11612 $tmp1$$XMMRegister, $tmp2$$Register); | 11641 (-1), $result$$Register, |
| 11642 $vec$$XMMRegister, $tmp$$Register); | |
| 11613 %} | 11643 %} |
| 11614 ins_pipe( pipe_slow ); | 11644 ins_pipe( pipe_slow ); |
| 11615 %} | 11645 %} |
| 11616 | 11646 |
| 11617 // fast string equals | 11647 // fast string equals |