[Winpcap-users] adding an outstanding performance optimization to
the JIT filter
Sebastian Gottschalk
seppig_relay at gmx.de
Sun May 25 07:26:43 GMT 2008
Hello there.
In the JIT filter source it, it mentions that MOV reg,0 should be replaced
with XOR reg,reg - so I simply implemented this. I also added the TEST
instruction, which is much more efficient than CMP if one only wants to
check for (in)equality, also a TEST against an immediate of zero can be
replaced by a test against the register itself.
Here's the diff:
--- jitter.h ---
/// xor dr32,sr32
#define XORrd(dr32, sr32) \
emitm(&stream, 0x33, 1); \
emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1);
/// test dr32, sr32
#define TESTrd(dr32, sr32) \
emitm(&stream, 0x85, 1); \
emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
/// test dr32, i32
#define TESTid(dr32, i32) \
if (dr32 == EAX){ \
emitm(&stream, 0xa9, 1); \
emitm(&stream, i32, 4);} \
else{ \
emitm(&stream, 0x85, 1); \
emitm(&stream, 0x1c << 3 | (dr32 & 0x7), 1);\
emitm(&stream, i32, 4);}
------
jitter.c:
@@ -389 +389 @@
- CMPid(EAX, ins->k)
+ TESTid(EAX, ins->k)
@@ -421 +421 @@
- CMPrd(EAX, EDX)
+ TESTrd(EAX, EDX)
@@ -457 +457 @@
- CMPid(EDX, 0)
+ TESTid(EDX, EDX)
------
jitter.c:
s/MOVid\(EAX,0//XORrd(EAX,EAX/g
s/MOVid\(EDX,0//XORrd(EDX,EDX/g
Could someone verify this for correctness?
I also have a question: Where does the filter execution routine check for
DIVISION_THROUGH_ZERO exceptions, and how could we possibly help with
non-conditional backward jumps? After all, a malicious filter program might
crash the system!
Greetings,
Sebastian Gottschalk
More information about the Winpcap-users
mailing list