Hide the x86-64 sandbox base address.

Prevent sandbox addresses from being written to the stack.  This
covers the following cases:

1. Function calls manually push a masked return address and jump to
the target, rather than using the call instruction.

2. When the function prolog chooses to use a frame pointer (rbp), it
saves a masked version of the old rbp.

3. Indirect branches (jumps, calls, and returns) uniformly use r11 to
construct the 64-bit target address.

4. Register r11 is marked as reserved (similar to r15) so that the
register allocator won't inadvertently spill a code address to the
stack.

These transformations can be disabled for performance testing with the
flag "-sfi-hide-sandbox-base=false".

BUG= https://code.google.com/p/nativeclient/issues/detail?id=1235
R=eliben@chromium.org, mseaborn@chromium.org

Review URL: https://codereview.chromium.org/19505003

0 files changed, 0 insertions, 0 deletions