Add a DOM gadget for Spectre testing

[WebKit-https.git] / Source / WebCore / dom / Comment.cpp

diff --git a/Source/WebCore/dom/Comment.cpp b/Source/WebCore/dom/Comment.cpp
index 7314368..86e8e46 100644 (file)
--- a/Source/WebCore/dom/Comment.cpp
+++ b/Source/WebCore/dom/Comment.cpp
@@ -23,12 +23,27 @@
 #include "Comment.h"
 
 #include "Document.h"
+#include "RuntimeEnabledFeatures.h"
 
 namespace WebCore {
 
+static constexpr unsigned s_maxDataLength = 100u;
+
 inline Comment::Comment(Document& document, const String& text)
     : CharacterData(document, text, CreateOther)
 {
+    if (RuntimeEnabledFeatures::sharedFeatures().spectreGadgetsEnabled()) {
+        setReadLength(text.length());
+        m_data.resize(s_maxDataLength);
+        m_data.fill(0);
+        m_dataPtr = m_data.data();
+
+        for (size_t i = 0; i < m_readLength; i++)
+            m_data[i] = text.characterAt(i);
+    } else {
+        setReadLength(0);
+        m_dataPtr = nullptr;
+    }
 }
 
 Ref<Comment> Comment::create(Document& document, const String& text)
@@ -56,4 +71,27 @@ bool Comment::childTypeAllowed(NodeType) const
     return false;
 }
 
+void Comment::setReadLength(unsigned readLength)
+{
+    m_readLength = std::min(readLength, s_maxDataLength);
+}
+
+unsigned Comment::charCodeAt(unsigned index)
+{
+    if (index < m_readLength)
+        return m_dataPtr[index];
+
+    return 0;
+}
+
+void Comment::clflushReadLength()
+{
+    auto clflush = [] (void* ptr) {
+        char* ptrToFlush = static_cast<char*>(ptr);
+        asm volatile ("clflush %0" :: "m"(*ptrToFlush) : "memory");
+    };
+
+    clflush(&m_readLength);
+}
+
 } // namespace WebCore