|
From: Julian S. <js...@ac...> - 2005-05-19 11:54:31
|
> On Thursday 19 May 2005 11:32, Tom Hughes wrote: > Wouldn't it be better to do it for any code on the stack? Any code on > the stack is inherently dangerous because it can be invalidated by the > stack pointer moving. > > So just testing for code being in a segment with SF_STACK set might > do as a heuristic. Yes. You're quite right. I'm just trying to figure out how to balance the conflicting demands of (1) self-check as many translations as possible so as to minimise the chances of not catching one of these trampolines vs (2) self-check as few translations as possible so as to minimise the performance hit. > On i386 (32 bit), trampolines have the following properties: > > (1) they are always aligned on 16 byte boundaries > (2) they always consist of the following two instructions: > > mov #STATIC,ecx > jmp FUNCTION That's true, but it's too fragile, as Tom points out. One over- enthusiastic gcc hacker changing this a bit and we're hosed. Self-checking all translations from a stackish segment seems about right. So, what I'm thinking is to calculate a 32-bit CRC of the code and store it in the translation; then rerun the crc for the self-check. Except a CRC is expensive in terms of insns and cache misses (it requires a table). Mark Adler (co-author of gzip) had some other magic checksum scheme that gzip uses, which doesn't require a table and is fast. Maybe use that instead. J |