sandbox/linux/bpf_dsl: remove ErrorCode intermediary representation

This changes PolicyCompiler to skip the pass that converts ResultExprs
into ErrorCodes, and instead it directly emits instructions using
CodeGen.

Reduces the size of sandbox_linux_unittests in release builds on amd64
by about 30kB.

BUG=414363

Review URL: https://codereview.chromium.org/1309963002

Cr-Commit-Position: refs/heads/master@{#347470}

sandbox/linux/BUILD.gn

@@ -119,7 +119,6 @@ source_set("sandbox_linux_unittests_sources") {
       "bpf_dsl/cons_unittest.cc",
       "bpf_dsl/dump_bpf.cc",
       "bpf_dsl/dump_bpf.h",
-      "bpf_dsl/errorcode_unittest.cc",
       "bpf_dsl/syscall_set_unittest.cc",
       "bpf_dsl/test_trap_registry.cc",
       "bpf_dsl/test_trap_registry.h",
@@ -218,7 +217,6 @@ component("seccomp_bpf") {
     "bpf_dsl/codegen.cc",
     "bpf_dsl/codegen.h",
     "bpf_dsl/cons.h",
-    "bpf_dsl/errorcode.cc",
     "bpf_dsl/errorcode.h",
     "bpf_dsl/linux_syscall_ranges.h",
     "bpf_dsl/policy.cc",

sandbox/linux/bpf_dsl/bpf_dsl.cc

@@ -11,6 +11,7 @@
 #include "sandbox/linux/bpf_dsl/bpf_dsl_impl.h"
 #include "sandbox/linux/bpf_dsl/errorcode.h"
 #include "sandbox/linux/bpf_dsl/policy_compiler.h"
+#include "sandbox/linux/system_headers/linux_seccomp.h"
 
 namespace sandbox {
 namespace bpf_dsl {
@@ -20,8 +21,8 @@ class AllowResultExprImpl : public internal::ResultExprImpl {
  public:
   AllowResultExprImpl() {}
 
-  ErrorCode Compile(PolicyCompiler* pc) const override {
-    return ErrorCode(ErrorCode::ERR_ALLOWED);
+  CodeGen::Node Compile(PolicyCompiler* pc) const override {
+    return pc->Return(SECCOMP_RET_ALLOW);
   }
 
   bool IsAllow() const override { return true; }
@@ -38,8 +39,8 @@ class ErrorResultExprImpl : public internal::ResultExprImpl {
     CHECK(err_ >= ErrorCode::ERR_MIN_ERRNO && err_ <= ErrorCode::ERR_MAX_ERRNO);
   }
 
-  ErrorCode Compile(PolicyCompiler* pc) const override {
-    return pc->Error(err_);
+  CodeGen::Node Compile(PolicyCompiler* pc) const override {
+    return pc->Return(SECCOMP_RET_ERRNO + err_);
   }
 
   bool IsDeny() const override { return true; }
@@ -56,8 +57,8 @@ class KillResultExprImpl : public internal::ResultExprImpl {
  public:
   KillResultExprImpl() {}
 
-  ErrorCode Compile(PolicyCompiler* pc) const override {
-    return ErrorCode(ErrorCode::ERR_KILL);
+  CodeGen::Node Compile(PolicyCompiler* pc) const override {
+    return pc->Return(SECCOMP_RET_KILL);
   }
 
   bool IsDeny() const override { return true; }
@@ -72,8 +73,8 @@ class TraceResultExprImpl : public internal::ResultExprImpl {
  public:
   TraceResultExprImpl(uint16_t aux) : aux_(aux) {}
 
-  ErrorCode Compile(PolicyCompiler* pc) const override {
-    return ErrorCode(ErrorCode::ERR_TRACE + aux_);
+  CodeGen::Node Compile(PolicyCompiler* pc) const override {
+    return pc->Return(SECCOMP_RET_TRACE + aux_);
   }
 
  private:
@@ -91,7 +92,7 @@ class TrapResultExprImpl : public internal::ResultExprImpl {
     DCHECK(func_);
   }
 
-  ErrorCode Compile(PolicyCompiler* pc) const override {
+  CodeGen::Node Compile(PolicyCompiler* pc) const override {
     return pc->Trap(func_, arg_, safe_);
   }
 
@@ -116,7 +117,7 @@ class IfThenResultExprImpl : public internal::ResultExprImpl {
                        const ResultExpr& else_result)
       : cond_(cond), then_result_(then_result), else_result_(else_result) {}
 
-  ErrorCode Compile(PolicyCompiler* pc) const override {
+  CodeGen::Node Compile(PolicyCompiler* pc) const override {
     return cond_->Compile(
         pc, then_result_->Compile(pc), else_result_->Compile(pc));
   }
@@ -139,10 +140,10 @@ class ConstBoolExprImpl : public internal::BoolExprImpl {
  public:
   ConstBoolExprImpl(bool value) : value_(value) {}
 
-  ErrorCode Compile(PolicyCompiler* pc,
-                    ErrorCode true_ec,
-                    ErrorCode false_ec) const override {
-    return value_ ? true_ec : false_ec;
+  CodeGen::Node Compile(PolicyCompiler* pc,
+                        CodeGen::Node then_node,
+                        CodeGen::Node else_node) const override {
+    return value_ ? then_node : else_node;
   }
 
  private:
@@ -153,40 +154,39 @@ class ConstBoolExprImpl : public internal::BoolExprImpl {
   DISALLOW_COPY_AND_ASSIGN(ConstBoolExprImpl);
 };
 
-class PrimitiveBoolExprImpl : public internal::BoolExprImpl {
+class MaskedEqualBoolExprImpl : public internal::BoolExprImpl {
  public:
-  PrimitiveBoolExprImpl(int argno,
-                        ErrorCode::ArgType is_32bit,
-                        uint64_t mask,
-                        uint64_t value)
-      : argno_(argno), is_32bit_(is_32bit), mask_(mask), value_(value) {}
-
-  ErrorCode Compile(PolicyCompiler* pc,
-                    ErrorCode true_ec,
-                    ErrorCode false_ec) const override {
-    return pc->CondMaskedEqual(
-        argno_, is_32bit_, mask_, value_, true_ec, false_ec);
+  MaskedEqualBoolExprImpl(int argno,
+                          size_t width,
+                          uint64_t mask,
+                          uint64_t value)
+      : argno_(argno), width_(width), mask_(mask), value_(value) {}
+
+  CodeGen::Node Compile(PolicyCompiler* pc,
+                        CodeGen::Node then_node,
+                        CodeGen::Node else_node) const override {
+    return pc->MaskedEqual(argno_, width_, mask_, value_, then_node, else_node);
   }
 
  private:
-  ~PrimitiveBoolExprImpl() override {}
+  ~MaskedEqualBoolExprImpl() override {}
 
   int argno_;
-  ErrorCode::ArgType is_32bit_;
+  size_t width_;
   uint64_t mask_;
   uint64_t value_;
 
-  DISALLOW_COPY_AND_ASSIGN(PrimitiveBoolExprImpl);
+  DISALLOW_COPY_AND_ASSIGN(MaskedEqualBoolExprImpl);
 };
 
 class NegateBoolExprImpl : public internal::BoolExprImpl {
  public:
   explicit NegateBoolExprImpl(const BoolExpr& cond) : cond_(cond) {}
 
-  ErrorCode Compile(PolicyCompiler* pc,
-                    ErrorCode true_ec,
-                    ErrorCode false_ec) const override {
-    return cond_->Compile(pc, false_ec, true_ec);
+  CodeGen::Node Compile(PolicyCompiler* pc,
+                        CodeGen::Node then_node,
+                        CodeGen::Node else_node) const override {
+    return cond_->Compile(pc, else_node, then_node);
   }
 
  private:
@@ -202,10 +202,11 @@ class AndBoolExprImpl : public internal::BoolExprImpl {
   AndBoolExprImpl(const BoolExpr& lhs, const BoolExpr& rhs)
       : lhs_(lhs), rhs_(rhs) {}
 
-  ErrorCode Compile(PolicyCompiler* pc,
-                    ErrorCode true_ec,
-                    ErrorCode false_ec) const override {
-    return lhs_->Compile(pc, rhs_->Compile(pc, true_ec, false_ec), false_ec);
+  CodeGen::Node Compile(PolicyCompiler* pc,
+                        CodeGen::Node then_node,
+                        CodeGen::Node else_node) const override {
+    return lhs_->Compile(pc, rhs_->Compile(pc, then_node, else_node),
+                         else_node);
   }
 
  private:
@@ -222,10 +223,11 @@ class OrBoolExprImpl : public internal::BoolExprImpl {
   OrBoolExprImpl(const BoolExpr& lhs, const BoolExpr& rhs)
       : lhs_(lhs), rhs_(rhs) {}
 
-  ErrorCode Compile(PolicyCompiler* pc,
-                    ErrorCode true_ec,
-                    ErrorCode false_ec) const override {
-    return lhs_->Compile(pc, true_ec, rhs_->Compile(pc, true_ec, false_ec));
+  CodeGen::Node Compile(PolicyCompiler* pc,
+                        CodeGen::Node then_node,
+                        CodeGen::Node else_node) const override {
+    return lhs_->Compile(pc, then_node,
+                         rhs_->Compile(pc, then_node, else_node));
   }
 
  private:
@@ -270,11 +272,7 @@ BoolExpr ArgEq(int num, size_t size, uint64_t mask, uint64_t val) {
   // accordingly.
   CHECK(size == 4 || size == 8);
 
-  // TODO(mdempsky): Should we just always use TP_64BIT?
-  const ErrorCode::ArgType arg_type =
-      (size == 4) ? ErrorCode::TP_32BIT : ErrorCode::TP_64BIT;
-
-  return BoolExpr(new const PrimitiveBoolExprImpl(num, arg_type, mask, val));
+  return BoolExpr(new const MaskedEqualBoolExprImpl(num, size, mask, val));
 }
 
 }  // namespace internal

sandbox/linux/bpf_dsl/bpf_dsl_impl.h

@@ -7,6 +7,7 @@
 
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
+#include "sandbox/linux/bpf_dsl/codegen.h"
 #include "sandbox/sandbox_export.h"
 
 namespace sandbox {
@@ -19,12 +20,12 @@ namespace internal {
 // Internal interface implemented by BoolExpr implementations.
 class BoolExprImpl : public base::RefCounted<BoolExprImpl> {
  public:
-  // Compile uses |pc| to construct an ErrorCode that conditionally continues
-  // to either |true_ec| or |false_ec|, depending on whether the represented
+  // Compile uses |pc| to emit a CodeGen::Node that conditionally continues
+  // to either |then_node| or |false_node|, depending on whether the represented
   // boolean expression is true or false.
-  virtual ErrorCode Compile(PolicyCompiler* pc,
-                            ErrorCode true_ec,
-                            ErrorCode false_ec) const = 0;
+  virtual CodeGen::Node Compile(PolicyCompiler* pc,
+                                CodeGen::Node then_node,
+                                CodeGen::Node else_node) const = 0;
 
  protected:
   BoolExprImpl() {}
@@ -38,9 +39,9 @@ class BoolExprImpl : public base::RefCounted<BoolExprImpl> {
 // Internal interface implemented by ResultExpr implementations.
 class ResultExprImpl : public base::RefCounted<ResultExprImpl> {
  public:
-  // Compile uses |pc| to construct an ErrorCode analogous to the represented
-  // result expression.
-  virtual ErrorCode Compile(PolicyCompiler* pc) const = 0;
+  // Compile uses |pc| to emit a CodeGen::Node that executes the
+  // represented result expression.
+  virtual CodeGen::Node Compile(PolicyCompiler* pc) const = 0;
 
   // HasUnsafeTraps returns whether the result expression is or recursively
   // contains an unsafe trap expression.