https://bugs.webkit.org/show_bug.cgi?id=181351
Add a DOM gadget for Spectre testing
* runtime/Options.h:
* dom/Comment.cpp:
(WebCore::Comment::Comment):
(WebCore::Comment::setReadLength): Deleted.
(WebCore::Comment::charCodeAt): Deleted.
(WebCore::Comment::clflushReadLength): Deleted.
* dom/Comment.h:
* dom/Comment.idl:
* page/RuntimeEnabledFeatures.cpp:
(WebCore::RuntimeEnabledFeatures::spectreGadgetsEnabled const): Deleted.
* page/RuntimeEnabledFeatures.h:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226658
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2018-01-09 Michael Saboff <msaboff@apple.com>
+
+ Unreviewed, rolling out r226600 and r226603
+ https://bugs.webkit.org/show_bug.cgi?id=181351
+
+ Add a DOM gadget for Spectre testing
+
+ * runtime/Options.h:
+
2018-01-09 Saam Barati <sbarati@apple.com>
Reduce graph size by replacing terminal nodes in blocks that have a ForceOSRExit with Unreachable
\
v(bool, enableSpectreMitigations, true, Restricted, "Enable Spectre mitigations.") \
\
- v(bool, enableSpectreGadgets, false, Restricted, "enable gadgets to test Spectre mitigations.") \
- \
v(bool, useAsyncIterator, enableAsyncIteration, Normal, "Allow to use Async Iterator in JS.") \
\
v(bool, failToCompileWebAssemblyCode, false, Normal, "If true, no Wasm::Plan will sucessfully compile a function.") \
+2018-01-09 Michael Saboff <msaboff@apple.com>
+
+ Unreviewed, rolling out r226600 and r226603
+ https://bugs.webkit.org/show_bug.cgi?id=181351
+
+ Add a DOM gadget for Spectre testing
+
+ * dom/Comment.cpp:
+ (WebCore::Comment::Comment):
+ (WebCore::Comment::setReadLength): Deleted.
+ (WebCore::Comment::charCodeAt): Deleted.
+ (WebCore::Comment::clflushReadLength): Deleted.
+ * dom/Comment.h:
+ * dom/Comment.idl:
+ * page/RuntimeEnabledFeatures.cpp:
+ (WebCore::RuntimeEnabledFeatures::spectreGadgetsEnabled const): Deleted.
+ * page/RuntimeEnabledFeatures.h:
+
2018-01-09 Don Olmstead <don.olmstead@sony.com>
Add additional WEBCORE_EXPORTs
#include "Comment.h"
#include "Document.h"
-#include "RuntimeEnabledFeatures.h"
namespace WebCore {
-static constexpr unsigned s_maxDataLength = 100u;
-
inline Comment::Comment(Document& document, const String& text)
: CharacterData(document, text, CreateOther)
{
- if (RuntimeEnabledFeatures::sharedFeatures().spectreGadgetsEnabled()) {
- setReadLength(text.length());
- m_data.resize(s_maxDataLength);
- m_data.fill(0);
- m_dataPtr = m_data.data();
-
- for (size_t i = 0; i < m_readLength; i++)
- m_data[i] = text.characterAt(i);
- } else {
- setReadLength(0);
- m_dataPtr = nullptr;
- }
}
Ref<Comment> Comment::create(Document& document, const String& text)
return false;
}
-void Comment::setReadLength(unsigned readLength)
-{
- m_readLength = std::min(readLength, s_maxDataLength);
-}
-
-unsigned Comment::charCodeAt(unsigned index)
-{
- if (index < m_readLength)
- return m_dataPtr[index];
-
- return 0;
-}
-
-void Comment::clflushReadLength()
-{
-#if CPU(X86_64) && !OS(WINDOWS)
- auto clflush = [] (void* ptr) {
- char* ptrToFlush = static_cast<char*>(ptr);
- asm volatile ("clflush %0" :: "m"(*ptrToFlush) : "memory");
- };
-
- clflush(&m_readLength);
-#endif
-}
-
} // namespace WebCore
public:
static Ref<Comment> create(Document&, const String&);
- void setReadLength(unsigned);
- unsigned charCodeAt(unsigned);
- void clflushReadLength();
-
private:
Comment(Document&, const String&);
NodeType nodeType() const override;
Ref<Node> cloneNodeInternal(Document&, CloningOperation) override;
bool childTypeAllowed(NodeType) const override;
-
- Vector<int32_t> m_data;
- size_t m_readLength;
- int32_t* m_dataPtr;
};
} // namespace WebCore
ConstructorCallWith=Document,
JSGenerateToJSObject
] interface Comment : CharacterData {
- [EnabledAtRuntime=SpectreGadgets] void setReadLength(unsigned long readLength);
- [EnabledAtRuntime=SpectreGadgets] unsigned long charCodeAt(unsigned long index);
- [EnabledAtRuntime=SpectreGadgets] void clflushReadLength();
};
#include "RuntimeEnabledFeatures.h"
#include "MediaPlayer.h"
-#include <JavaScriptCore/Options.h>
#include <wtf/NeverDestroyed.h>
namespace WebCore {
return runtimeEnabledFeatures;
}
-bool RuntimeEnabledFeatures::spectreGadgetsEnabled() const
-{
- return JSC::Options::enableSpectreGadgets();
-}
-
#if ENABLE(VIDEO)
bool RuntimeEnabledFeatures::audioEnabled() const
{
void setServiceWorkerEnabled(bool isEnabled) { m_serviceWorkerEnabled = isEnabled; }
#endif
- bool spectreGadgetsEnabled() const;
-
#if ENABLE(VIDEO)
bool audioEnabled() const;
#endif
git://git.webkit.org / WebKit-https.git / commitdiff