[Winpcap-bugs] adding an outstanding performance optimization to
the JIT filter
Sebastian Gottschalk
seppig_relay at gmx.de
Thu May 8 21:36:15 GMT 2008
Hello there.
Since I can't subscribe to the dev mailing list due to expired cert and busy
OCSP server, I'm posting it here instead.
In the JIT filter source it, it mentions that MOV reg,0 should be replaced
with XOR reg,reg - so I simply implemented this. I also added the TEST
instruction, which is much more efficient than CMP if one only wants to
check for (in)equality, also a TEST against an immediate of zero can be
replaced by a test against the register itself.
Here's the diff:
--- jitter.h ---
/// xor dr32,sr32
#define XORrd(dr32, sr32) \
emitm(&stream, 0x33, 1); \
emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1);
/// test dr32, sr32
#define TESTrd(dr32, sr32) \
emitm(&stream, 0x85, 1); \
emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
/// test dr32, i32
#define TESTid(dr32, i32) \
if (dr32 == EAX){ \
emitm(&stream, 0xa9, 1); \
emitm(&stream, i32, 4);} \
else{ \
emitm(&stream, 0x85, 1); \
emitm(&stream, 0x1c << 3 | (dr32 & 0x7), 1);\
emitm(&stream, i32, 4);}
------
--- jitter.c 2008-03-03 00:41:38.000000000 +0100
+++ jitter.c 2008-05-08 23:20:36.000000000 +0200
@@ -389 +389 @@
- CMPid(EAX, ins->k)
+ TESTid(EAX, ins->k)
@@ -421 +421 @@
- CMPrd(EAX, EDX)
+ TESTrd(EAX, EDX)
@@ -457 +457 @@
- CMPid(EDX, 0)
+ TESTid(EDX, EDX)
s/MOVid\(EAX,0//XORrd(EAX,EAX/g
s/MOVid\(EDX,0//XORrd(EDX,EDX/g
Could someone verify this for correctness?
I also have a question: Where does the filter execution routine check for
DIVISION_THROUGH_ZERO exceptions, and how could we possibly help with
non-conditional backward jumps? After all, a malicious filter program might
crash the system!
Greetings,
Sebastian Gottschalk
More information about the Winpcap-bugs
mailing list