Strings should not be allocated in a gigacage
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 May 2018 00:40:18 +0000 (00:40 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 May 2018 00:40:18 +0000 (00:40 +0000)
commitaf6f01e0bf066a5a7a0154e4839188040c306f0d
tree3444daa97824e1c62a4281128b34291be1f0656f
parent0aa60edb77b5d13f32e804b175bff5d1cff71325
Strings should not be allocated in a gigacage
https://bugs.webkit.org/show_bug.cgi?id=185218

Reviewed by Saam Barati.
Source/bmalloc:

This removes the string gigacage.

Putting strings in a gigacage prevents read gadgets. The other things that get to be in gigacages
are there to prevent read-write gadgets.

Also, putting strings in a gigacage seems to have been a bigger regression than putting other
things in gigacages.

Therefore, to maximize the benefit/cost ratio of gigacages, we should evict strings from them. If
we want to throw away perf for security, there are more beneficial things to sacrifice.

* bmalloc/Gigacage.h:
(Gigacage::name):
(Gigacage::basePtr):
(Gigacage::size):
(Gigacage::forEachKind):
* bmalloc/HeapKind.h:
(bmalloc::isGigacage):
(bmalloc::gigacageKind):
(bmalloc::heapKind):
(bmalloc::isActiveHeapKindAfterEnsuringGigacage):
(bmalloc::mapToActiveHeapKindAfterEnsuringGigacage):

Source/JavaScriptCore:

* runtime/JSBigInt.cpp:
(JSC::JSBigInt::toStringGeneric):
* runtime/JSString.cpp:
(JSC::JSRopeString::resolveRopeToAtomicString const):
(JSC::JSRopeString::resolveRope const):
* runtime/JSString.h:
(JSC::JSString::create):
(JSC::JSString::createHasOtherOwner):
* runtime/VM.h:
(JSC::VM::gigacageAuxiliarySpace):

Source/WebCore:

No new tests because no new behavior.

* Modules/indexeddb/server/IDBSerialization.cpp:
(WebCore::decodeKey):
* bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::readString):
* html/canvas/CanvasRenderingContext2D.cpp:
(WebCore::normalizeSpaces):
* html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::takeRemainingWhitespace):
* platform/URLParser.cpp:
(WebCore::percentEncodeByte):
(WebCore::serializeURLEncodedForm):
(WebCore::URLParser::serialize):
* platform/URLParser.h:
* platform/graphics/FourCC.cpp:
(WebCore::FourCC::toString const):
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::ReplicaState::cloneID const):
* platform/text/LocaleICU.cpp:
(WebCore::LocaleICU::decimalSymbol):
(WebCore::LocaleICU::decimalTextAttribute):
(WebCore::getDateFormatPattern):
(WebCore::LocaleICU::createLabelVector):
(WebCore::getFormatForSkeleton):
* platform/win/FileSystemWin.cpp:
(WebCore::FileSystem::getFinalPathName):
(WebCore::FileSystem::pathByAppendingComponent):
(WebCore::FileSystem::storageDirectory):

Source/WTF:

* WTF.xcodeproj/project.pbxproj:
* wtf/Deque.h:
* wtf/Forward.h:
* wtf/Gigacage.h:
(Gigacage::name):
(Gigacage::basePtr):
* wtf/Vector.h:
(WTF::VectorBufferBase::allocateBuffer):
(WTF::VectorBufferBase::tryAllocateBuffer):
(WTF::VectorBufferBase::reallocateBuffer):
(WTF::VectorBufferBase::deallocateBuffer):
(WTF::minCapacity>::Vector):
(WTF::=):
(WTF::minCapacity>::contains const):
(WTF::minCapacity>::findMatching const):
(WTF::minCapacity>::find const):
(WTF::minCapacity>::reverseFind const):
(WTF::minCapacity>::appendIfNotContains):
(WTF::minCapacity>::fill):
(WTF::minCapacity>::appendRange):
(WTF::minCapacity>::expandCapacity):
(WTF::minCapacity>::tryExpandCapacity):
(WTF::minCapacity>::resize):
(WTF::minCapacity>::resizeToFit):
(WTF::minCapacity>::shrink):
(WTF::minCapacity>::grow):
(WTF::minCapacity>::asanSetInitialBufferSizeTo):
(WTF::minCapacity>::asanSetBufferSizeToFullCapacity):
(WTF::minCapacity>::asanBufferSizeWillChangeTo):
(WTF::minCapacity>::reserveCapacity):
(WTF::minCapacity>::tryReserveCapacity):
(WTF::minCapacity>::reserveInitialCapacity):
(WTF::minCapacity>::shrinkCapacity):
(WTF::minCapacity>::append):
(WTF::minCapacity>::tryAppend):
(WTF::minCapacity>::constructAndAppend):
(WTF::minCapacity>::tryConstructAndAppend):
(WTF::minCapacity>::appendSlowCase):
(WTF::minCapacity>::constructAndAppendSlowCase):
(WTF::minCapacity>::tryConstructAndAppendSlowCase):
(WTF::minCapacity>::uncheckedAppend):
(WTF::minCapacity>::appendVector):
(WTF::minCapacity>::insert):
(WTF::minCapacity>::insertVector):
(WTF::minCapacity>::remove):
(WTF::minCapacity>::removeFirst):
(WTF::minCapacity>::removeFirstMatching):
(WTF::minCapacity>::removeAll):
(WTF::minCapacity>::removeAllMatching):
(WTF::minCapacity>::reverse):
(WTF::minCapacity>::map const):
(WTF::minCapacity>::releaseBuffer):
(WTF::minCapacity>::checkConsistency):
(WTF::swap):
(WTF::operator==):
(WTF::operator!=):
(WTF::removeRepeatedElements):
(WTF::Malloc>::Vector): Deleted.
(WTF::Malloc>::contains const): Deleted.
(WTF::Malloc>::findMatching const): Deleted.
(WTF::Malloc>::find const): Deleted.
(WTF::Malloc>::reverseFind const): Deleted.
(WTF::Malloc>::appendIfNotContains): Deleted.
(WTF::Malloc>::fill): Deleted.
(WTF::Malloc>::appendRange): Deleted.
(WTF::Malloc>::expandCapacity): Deleted.
(WTF::Malloc>::tryExpandCapacity): Deleted.
(WTF::Malloc>::resize): Deleted.
(WTF::Malloc>::resizeToFit): Deleted.
(WTF::Malloc>::shrink): Deleted.
(WTF::Malloc>::grow): Deleted.
(WTF::Malloc>::asanSetInitialBufferSizeTo): Deleted.
(WTF::Malloc>::asanSetBufferSizeToFullCapacity): Deleted.
(WTF::Malloc>::asanBufferSizeWillChangeTo): Deleted.
(WTF::Malloc>::reserveCapacity): Deleted.
(WTF::Malloc>::tryReserveCapacity): Deleted.
(WTF::Malloc>::reserveInitialCapacity): Deleted.
(WTF::Malloc>::shrinkCapacity): Deleted.
(WTF::Malloc>::append): Deleted.
(WTF::Malloc>::tryAppend): Deleted.
(WTF::Malloc>::constructAndAppend): Deleted.
(WTF::Malloc>::tryConstructAndAppend): Deleted.
(WTF::Malloc>::appendSlowCase): Deleted.
(WTF::Malloc>::constructAndAppendSlowCase): Deleted.
(WTF::Malloc>::tryConstructAndAppendSlowCase): Deleted.
(WTF::Malloc>::uncheckedAppend): Deleted.
(WTF::Malloc>::appendVector): Deleted.
(WTF::Malloc>::insert): Deleted.
(WTF::Malloc>::insertVector): Deleted.
(WTF::Malloc>::remove): Deleted.
(WTF::Malloc>::removeFirst): Deleted.
(WTF::Malloc>::removeFirstMatching): Deleted.
(WTF::Malloc>::removeAll): Deleted.
(WTF::Malloc>::removeAllMatching): Deleted.
(WTF::Malloc>::reverse): Deleted.
(WTF::Malloc>::map const): Deleted.
(WTF::Malloc>::releaseBuffer): Deleted.
(WTF::Malloc>::checkConsistency): Deleted.
* wtf/text/AtomicStringImpl.h:
* wtf/text/CString.cpp:
(WTF::CStringBuffer::createUninitialized):
* wtf/text/CString.h:
* wtf/text/StringBuffer.h:
(WTF::StringBuffer::StringBuffer):
(WTF::StringBuffer::~StringBuffer):
(WTF::StringBuffer::resize):
* wtf/text/StringImpl.cpp:
(WTF::StringImpl::~StringImpl):
(WTF::StringImpl::destroy):
(WTF::StringImpl::createUninitializedInternalNonEmpty):
(WTF::StringImpl::reallocateInternal):
(WTF::StringImpl::releaseAssertCaged const): Deleted.
* wtf/text/StringImpl.h:
(WTF::StringImpl::createSubstringSharingImpl):
(WTF::StringImpl::tryCreateUninitialized):
(WTF::StringImpl::adopt):
(WTF::StringImpl::assertCaged const): Deleted.
* wtf/text/StringMalloc.cpp: Removed.
* wtf/text/StringMalloc.h: Removed.
* wtf/text/StringVector.h: Removed.
* wtf/text/SymbolImpl.h:
* wtf/text/UniquedStringImpl.h:
* wtf/text/WTFString.h:
(WTF::String::adopt):
(WTF::String::assertCaged const): Deleted.
(WTF::String::releaseAssertCaged const): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@231337 268f45cc-cd09-0410-ab3c-d52691b4dbfc
38 files changed:
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSBigInt.cpp
Source/JavaScriptCore/runtime/JSString.cpp
Source/JavaScriptCore/runtime/JSString.h
Source/JavaScriptCore/runtime/VM.h
Source/WTF/ChangeLog
Source/WTF/WTF.xcodeproj/project.pbxproj
Source/WTF/wtf/CMakeLists.txt
Source/WTF/wtf/Deque.h
Source/WTF/wtf/Forward.h
Source/WTF/wtf/Gigacage.h
Source/WTF/wtf/Vector.h
Source/WTF/wtf/text/AtomicStringImpl.h
Source/WTF/wtf/text/CString.cpp
Source/WTF/wtf/text/CString.h
Source/WTF/wtf/text/StringBuffer.h
Source/WTF/wtf/text/StringImpl.cpp
Source/WTF/wtf/text/StringImpl.h
Source/WTF/wtf/text/StringMalloc.cpp [deleted file]
Source/WTF/wtf/text/StringMalloc.h [deleted file]
Source/WTF/wtf/text/StringVector.h [deleted file]
Source/WTF/wtf/text/SymbolImpl.h
Source/WTF/wtf/text/UniquedStringImpl.h
Source/WTF/wtf/text/WTFString.h
Source/WebCore/ChangeLog
Source/WebCore/Modules/indexeddb/server/IDBSerialization.cpp
Source/WebCore/bindings/js/SerializedScriptValue.cpp
Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp
Source/WebCore/html/parser/HTMLTreeBuilder.cpp
Source/WebCore/platform/URLParser.cpp
Source/WebCore/platform/URLParser.h
Source/WebCore/platform/graphics/FourCC.cpp
Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp
Source/WebCore/platform/text/LocaleICU.cpp
Source/WebCore/platform/win/FileSystemWin.cpp
Source/bmalloc/ChangeLog
Source/bmalloc/bmalloc/Gigacage.h
Source/bmalloc/bmalloc/HeapKind.h