Mercurial > hg > truffle
comparison src/cpu/x86/vm/x86_32.ad @ 2320:41d4973cf100
6942326: x86 code in string_indexof() could read beyond reserved heap space
Summary: copy small (<8) strings on stack if str+16 crosses a page boundary and load from stack into XMM. Back up pointer when loading string's tail.
Reviewed-by: never
| author | kvn |
|---|---|
| date | Sat, 26 Feb 2011 12:10:54 -0800 |
| parents | 6bbaedb03534 |
| children | 7e88bdae86ec |
comparison
equal
deleted
inserted
replaced
| 2319:8190d4b75e09 | 2320:41d4973cf100 |
|---|---|
| 1 // | 1 // |
| 2 // Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved. | 2 // Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. |
| 3 // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. | 3 // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 // | 4 // |
| 5 // This code is free software; you can redistribute it and/or modify it | 5 // This code is free software; you can redistribute it and/or modify it |
| 6 // under the terms of the GNU General Public License version 2 only, as | 6 // under the terms of the GNU General Public License version 2 only, as |
| 7 // published by the Free Software Foundation. | 7 // published by the Free Software Foundation. |
| 12656 $tmp1$$XMMRegister, $tmp2$$XMMRegister); | 12656 $tmp1$$XMMRegister, $tmp2$$XMMRegister); |
| 12657 %} | 12657 %} |
| 12658 ins_pipe( pipe_slow ); | 12658 ins_pipe( pipe_slow ); |
| 12659 %} | 12659 %} |
| 12660 | 12660 |
| 12661 // fast search of substring with known size. | |
| 12662 instruct string_indexof_con(eDIRegP str1, eDXRegI cnt1, eSIRegP str2, immI int_cnt2, | |
| 12663 eBXRegI result, regXD vec, eAXRegI cnt2, eCXRegI tmp, eFlagsReg cr) %{ | |
| 12664 predicate(UseSSE42Intrinsics); | |
| 12665 match(Set result (StrIndexOf (Binary str1 cnt1) (Binary str2 int_cnt2))); | |
| 12666 effect(TEMP vec, USE_KILL str1, USE_KILL str2, USE_KILL cnt1, KILL cnt2, KILL tmp, KILL cr); | |
| 12667 | |
| 12668 format %{ "String IndexOf $str1,$cnt1,$str2,$int_cnt2 -> $result // KILL $vec, $cnt1, $cnt2, $tmp" %} | |
| 12669 ins_encode %{ | |
| 12670 int icnt2 = (int)$int_cnt2$$constant; | |
| 12671 if (icnt2 >= 8) { | |
| 12672 // IndexOf for constant substrings with size >= 8 elements | |
| 12673 // which don't need to be loaded through stack. | |
| 12674 __ string_indexofC8($str1$$Register, $str2$$Register, | |
| 12675 $cnt1$$Register, $cnt2$$Register, | |
| 12676 icnt2, $result$$Register, | |
| 12677 $vec$$XMMRegister, $tmp$$Register); | |
| 12678 } else { | |
| 12679 // Small strings are loaded through stack if they cross page boundary. | |
| 12680 __ string_indexof($str1$$Register, $str2$$Register, | |
| 12681 $cnt1$$Register, $cnt2$$Register, | |
| 12682 icnt2, $result$$Register, | |
| 12683 $vec$$XMMRegister, $tmp$$Register); | |
| 12684 } | |
| 12685 %} | |
| 12686 ins_pipe( pipe_slow ); | |
| 12687 %} | |
| 12688 | |
| 12661 instruct string_indexof(eDIRegP str1, eDXRegI cnt1, eSIRegP str2, eAXRegI cnt2, | 12689 instruct string_indexof(eDIRegP str1, eDXRegI cnt1, eSIRegP str2, eAXRegI cnt2, |
| 12662 eBXRegI result, regXD tmp1, eCXRegI tmp2, eFlagsReg cr) %{ | 12690 eBXRegI result, regXD vec, eCXRegI tmp, eFlagsReg cr) %{ |
| 12663 predicate(UseSSE42Intrinsics); | 12691 predicate(UseSSE42Intrinsics); |
| 12664 match(Set result (StrIndexOf (Binary str1 cnt1) (Binary str2 cnt2))); | 12692 match(Set result (StrIndexOf (Binary str1 cnt1) (Binary str2 cnt2))); |
| 12665 effect(TEMP tmp1, USE_KILL str1, USE_KILL str2, USE_KILL cnt1, USE_KILL cnt2, KILL tmp2, KILL cr); | 12693 effect(TEMP vec, USE_KILL str1, USE_KILL str2, USE_KILL cnt1, USE_KILL cnt2, KILL tmp, KILL cr); |
| 12666 | 12694 |
| 12667 format %{ "String IndexOf $str1,$cnt1,$str2,$cnt2 -> $result // KILL $tmp2, $tmp1" %} | 12695 format %{ "String IndexOf $str1,$cnt1,$str2,$cnt2 -> $result // KILL all" %} |
| 12668 ins_encode %{ | 12696 ins_encode %{ |
| 12669 __ string_indexof($str1$$Register, $str2$$Register, | 12697 __ string_indexof($str1$$Register, $str2$$Register, |
| 12670 $cnt1$$Register, $cnt2$$Register, $result$$Register, | 12698 $cnt1$$Register, $cnt2$$Register, |
| 12671 $tmp1$$XMMRegister, $tmp2$$Register); | 12699 (-1), $result$$Register, |
| 12700 $vec$$XMMRegister, $tmp$$Register); | |
| 12672 %} | 12701 %} |
| 12673 ins_pipe( pipe_slow ); | 12702 ins_pipe( pipe_slow ); |
| 12674 %} | 12703 %} |
| 12675 | 12704 |
| 12676 // fast array equals | 12705 // fast array equals |