ac2d4c4818
* x64: improve tests for `heap_addr` This change adds Cranelift `compile` tests for the various cases for `heap_addr`. The idea behind this is to more clearly show what the penalties are for dynamically- vs statically-allocated memory as well as turning Spectre mitigations on and off. * Add test case: "right" size memory with Spectre enabled
86 lines
2.2 KiB
Plaintext
86 lines
2.2 KiB
Plaintext
test compile precise-output
|
|
set enable_heap_access_spectre_mitigation=false
|
|
target x86_64
|
|
|
|
;; Calculate a heap address on a dynamically-allocated memory with Spectre
|
|
;; mitigations disabled. This is a 7-instruction sequence with loads, ignoring
|
|
;; intermediate `mov`s.
|
|
function %f(i32, i64 vmctx) -> i64 {
|
|
gv0 = vmctx
|
|
gv1 = load.i64 notrap aligned gv0+0
|
|
gv2 = load.i64 notrap aligned gv0+8
|
|
heap0 = dynamic gv1, bound gv2, offset_guard 0x1000, index_type i32
|
|
|
|
block0(v0: i32, v1: i64):
|
|
v2 = heap_addr.i64 heap0, v0, 0x8000
|
|
return v2
|
|
}
|
|
|
|
; pushq %rbp
|
|
; movq %rsp, %rbp
|
|
; block0:
|
|
; movl %edi, %eax
|
|
; movq 8(%rsi), %r11
|
|
; movq %rax, %rdi
|
|
; addq %rdi, $32768, %rdi
|
|
; jnb ; ud2 heap_oob ;
|
|
; cmpq %r11, %rdi
|
|
; jbe label1; j label2
|
|
; block1:
|
|
; addq %rax, 0(%rsi), %rax
|
|
; movq %rbp, %rsp
|
|
; popq %rbp
|
|
; ret
|
|
; block2:
|
|
; ud2 heap_oob
|
|
|
|
;; For a static memory with no Spectre mitigations, we observe a smaller amount
|
|
;; of bounds checking: the offset check (`cmp + jbe + j`) and the offset
|
|
;; calculation (`add`)--4 instructions.
|
|
function %f(i64 vmctx, i32) -> i64 system_v {
|
|
gv0 = vmctx
|
|
gv1 = load.i64 notrap aligned gv0+0
|
|
heap0 = static gv1, bound 0x1000, offset_guard 0x1000, index_type i32
|
|
|
|
block0(v0: i64, v1: i32):
|
|
v10 = heap_addr.i64 heap0, v1, 0
|
|
return v10
|
|
}
|
|
|
|
; pushq %rbp
|
|
; movq %rsp, %rbp
|
|
; block0:
|
|
; movl %esi, %eax
|
|
; cmpq $4096, %rax
|
|
; jbe label1; j label2
|
|
; block1:
|
|
; addq %rax, 0(%rdi), %rax
|
|
; movq %rbp, %rsp
|
|
; popq %rbp
|
|
; ret
|
|
; block2:
|
|
; ud2 heap_oob
|
|
|
|
;; For a static memory with no Spectre mitigations and the "right" size (4GB
|
|
;; memory, 2GB guard regions), Cranelift emits no bounds checking, simply
|
|
;; `add`--a single instruction.
|
|
function %f(i64 vmctx, i32) -> i64 system_v {
|
|
gv0 = vmctx
|
|
gv1 = load.i64 notrap aligned gv0+0
|
|
heap0 = static gv1, bound 0x1_0000_0000, offset_guard 0x8000_0000, index_type i32
|
|
|
|
block0(v0: i64, v1: i32):
|
|
v10 = heap_addr.i64 heap0, v1, 0
|
|
return v10
|
|
}
|
|
|
|
; pushq %rbp
|
|
; movq %rsp, %rbp
|
|
; block0:
|
|
; movl %esi, %eax
|
|
; addq %rax, 0(%rdi), %rax
|
|
; movq %rbp, %rsp
|
|
; popq %rbp
|
|
; ret
|
|
|