Should not use variable-length-array (VLA)
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 15 Mar 2020 10:16:52 +0000 (10:16 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 15 Mar 2020 10:16:52 +0000 (10:16 +0000)
https://bugs.webkit.org/show_bug.cgi?id=209043

Reviewed by Mark Lam.

PerformanceTests:

* MediaTime/Configurations/Base.xcconfig:

Source/bmalloc:

* Configurations/Base.xcconfig:

Source/JavaScriptCore:

This patch disables variable-length-array (VLA). If this feature uses user-input, user can
control the stack height consumed by C++ code. This patch avoids using VLA. To achieve that,

    1. We set `-Wvla` warning option to trigger warnings if it is used.
    2. Introduce MarkedJSValueRefArray for API. This replaces `JSValueRef arguments[variableLength]` use case.
       MarkedJSValueRefArray registers itself to JSC GC so that GC can mark it as a strong root.

* API/JSContext.mm:
(+[JSContext currentArguments]):
* API/JSValue.mm:
(-[JSValue callWithArguments:]):
(-[JSValue constructWithArguments:]):
(-[JSValue invokeMethod:withArguments:]):
* API/MarkedJSValueRefArray.cpp: Added.
(JSC::MarkedJSValueRefArray::MarkedJSValueRefArray):
(JSC::MarkedJSValueRefArray::~MarkedJSValueRefArray):
(JSC::MarkedJSValueRefArray::visitAggregate):
* API/MarkedJSValueRefArray.h: Added.
* API/tests/minidom.c:
(print):
* API/tests/testapi.cpp:
(TestAPI::markedJSValueArrayAndGC):
(testCAPIViaCpp):
* Configurations/Base.xcconfig:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* heap/Heap.cpp:
(JSC::Heap::addCoreConstraints):
(JSC::Heap::addMarkedJSValueRefArray):
* heap/Heap.h:
* heap/MarkedSpace.h:
(JSC::MarkedSpace::activeWeakSetsBegin): Deleted.
(JSC::MarkedSpace::activeWeakSetsEnd): Deleted.
(JSC::MarkedSpace::newActiveWeakSetsBegin): Deleted.
(JSC::MarkedSpace::newActiveWeakSetsEnd): Deleted.
* runtime/ArgList.h:

Source/WebCore:

* Configurations/Base.xcconfig:
* crypto/mac/SerializedCryptoKeyWrapMac.mm:
(WebCore::wrapSerializedCryptoKey):
(WebCore::unwrapSerializedCryptoKey):
* html/canvas/WebGL2RenderingContext.cpp:
(WebCore::WebGL2RenderingContext::getInternalformatParameter):
* platform/mediastream/mac/CoreAudioCaptureDeviceManager.cpp:
(WebCore::CoreAudioCaptureDeviceManager::refreshAudioCaptureDevices):
* platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm:
(WebCore::updateDisplayID):
(WebCore::ScreenDisplayCaptureSourceMac::screenCaptureDevices):

Source/WebCore/PAL:

* Configurations/Base.xcconfig:

Source/WebInspectorUI:

* Configurations/Base.xcconfig:

Source/WebKit:

* Configurations/Base.xcconfig:
* UIProcess/_WKTouchEventGenerator.mm:
(-[_WKTouchEventGenerator touchDown:touchCount:]):
(-[_WKTouchEventGenerator liftUp:touchCount:]):
(-[_WKTouchEventGenerator moveToPoints:touchCount:duration:]):

Source/WebKitLegacy/mac:

* Configurations/Base.xcconfig:

Source/WTF:

* Configurations/Base.xcconfig:
* wtf/UUID.cpp:
(WTF::bootSessionUUIDString):

Tools:

* ContentExtensionTester/Configurations/Base.xcconfig:
* lldb/lldbWebKitTester/Configurations/Base.xcconfig:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258478 268f45cc-cd09-0410-ab3c-d52691b4dbfc

39 files changed:
PerformanceTests/ChangeLog
PerformanceTests/MediaTime/Configurations/Base.xcconfig
Source/JavaScriptCore/API/JSContext.mm
Source/JavaScriptCore/API/JSValue.mm
Source/JavaScriptCore/API/MarkedJSValueRefArray.cpp [new file with mode: 0644]
Source/JavaScriptCore/API/MarkedJSValueRefArray.h [new file with mode: 0644]
Source/JavaScriptCore/API/tests/minidom.c
Source/JavaScriptCore/API/tests/testapi.cpp
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/Configurations/Base.xcconfig
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/Sources.txt
Source/JavaScriptCore/heap/Heap.cpp
Source/JavaScriptCore/heap/Heap.h
Source/JavaScriptCore/heap/MarkedSpace.h
Source/JavaScriptCore/runtime/ArgList.h
Source/WTF/ChangeLog
Source/WTF/Configurations/Base.xcconfig
Source/WTF/wtf/UUID.cpp
Source/WebCore/ChangeLog
Source/WebCore/Configurations/Base.xcconfig
Source/WebCore/PAL/ChangeLog
Source/WebCore/PAL/Configurations/Base.xcconfig
Source/WebCore/crypto/mac/SerializedCryptoKeyWrapMac.mm
Source/WebCore/html/canvas/WebGL2RenderingContext.cpp
Source/WebCore/platform/mediastream/mac/CoreAudioCaptureDeviceManager.cpp
Source/WebCore/platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm
Source/WebInspectorUI/ChangeLog
Source/WebInspectorUI/Configurations/Base.xcconfig
Source/WebKit/ChangeLog
Source/WebKit/Configurations/Base.xcconfig
Source/WebKit/UIProcess/_WKTouchEventGenerator.mm
Source/WebKitLegacy/mac/ChangeLog
Source/WebKitLegacy/mac/Configurations/Base.xcconfig
Source/bmalloc/ChangeLog
Source/bmalloc/Configurations/Base.xcconfig
Tools/ChangeLog
Tools/ContentExtensionTester/Configurations/Base.xcconfig
Tools/lldb/lldbWebKitTester/Configurations/Base.xcconfig

index 0f09307..71e6bf5 100644 (file)
@@ -1,3 +1,12 @@
+2020-03-15  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Should not use variable-length-array (VLA)
+        https://bugs.webkit.org/show_bug.cgi?id=209043
+
+        Reviewed by Mark Lam.
+
+        * MediaTime/Configurations/Base.xcconfig:
+
 2020-02-17  Don Olmstead  <don.olmstead@sony.com>
 
         [CMake] Use builtin targets
index 35c0889..101156a 100644 (file)
@@ -82,7 +82,7 @@ GCC_WARN_UNINITIALIZED_AUTOS = YES;
 GCC_WARN_UNUSED_FUNCTION = YES;
 GCC_WARN_UNUSED_VARIABLE = YES;
 PREBINDING = NO;
-WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough;
+WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough -Wvla;
 HEADER_SEARCH_PATHS = $(BUILT_PRODUCTS_DIR)/usr/local/include $(DSTROOT)/usr/local/include icu $(HEADER_SEARCH_PATHS);
 
 TARGET_MAC_OS_X_VERSION_MAJOR = $(TARGET_MAC_OS_X_VERSION_MAJOR$(MACOSX_DEPLOYMENT_TARGET:suffix:identifier));
index 912ceb3..b853b81 100644 (file)
     if (!entry->currentArguments) {
         JSContext *context = [JSContext currentContext];
         size_t count = entry->argumentCount;
-        JSValue * argumentArray[count];
-        for (size_t i =0; i < count; ++i)
-            argumentArray[i] = [JSValue valueWithJSValueRef:entry->arguments[i] inContext:context];
-        entry->currentArguments = [[NSArray alloc] initWithObjects:argumentArray count:count];
+        NSMutableArray *arguments = [[NSMutableArray alloc] initWithCapacity:count];
+        for (size_t i = 0; i < count; ++i)
+            [arguments setObject:[JSValue valueWithJSValueRef:entry->arguments[i] inContext:context] atIndexedSubscript:i];
+        entry->currentArguments = arguments;
     }
 
     return entry->currentArguments;
index e18a5cf..f60d1fb 100644 (file)
@@ -36,6 +36,7 @@
 #import "JSValueInternal.h"
 #import "JSValuePrivate.h"
 #import "JSWrapperMap.h"
+#import "MarkedJSValueRefArray.h"
 #import "ObjcRuntimeExtras.h"
 #import "JSCInlines.h"
 #import "JSCJSValue.h"
@@ -472,8 +473,12 @@ inline Expected<Result, JSValueRef> performPropertyOperation(NSStringFunction st
 
 - (JSValue *)callWithArguments:(NSArray *)argumentArray
 {
+    JSC::JSGlobalObject* globalObject = toJS([_context JSGlobalContextRef]);
+    JSC::VM& vm = globalObject->vm();
+    JSC::JSLockHolder locker(vm);
+
     NSUInteger argumentCount = [argumentArray count];
-    JSValueRef arguments[argumentCount];
+    JSC::MarkedJSValueRefArray arguments([_context JSGlobalContextRef], argumentCount);
     for (unsigned i = 0; i < argumentCount; ++i)
         arguments[i] = objectToValue(_context, [argumentArray objectAtIndex:i]);
 
@@ -482,7 +487,7 @@ inline Expected<Result, JSValueRef> performPropertyOperation(NSStringFunction st
     if (exception)
         return [_context valueFromNotifyException:exception];
 
-    JSValueRef result = JSObjectCallAsFunction([_context JSGlobalContextRef], object, 0, argumentCount, arguments, &exception);
+    JSValueRef result = JSObjectCallAsFunction([_context JSGlobalContextRef], object, 0, argumentCount, arguments.data(), &exception);
     if (exception)
         return [_context valueFromNotifyException:exception];
 
@@ -491,8 +496,12 @@ inline Expected<Result, JSValueRef> performPropertyOperation(NSStringFunction st
 
 - (JSValue *)constructWithArguments:(NSArray *)argumentArray
 {
+    JSC::JSGlobalObject* globalObject = toJS([_context JSGlobalContextRef]);
+    JSC::VM& vm = globalObject->vm();
+    JSC::JSLockHolder locker(vm);
+
     NSUInteger argumentCount = [argumentArray count];
-    JSValueRef arguments[argumentCount];
+    JSC::MarkedJSValueRefArray arguments([_context JSGlobalContextRef], argumentCount);
     for (unsigned i = 0; i < argumentCount; ++i)
         arguments[i] = objectToValue(_context, [argumentArray objectAtIndex:i]);
 
@@ -501,7 +510,7 @@ inline Expected<Result, JSValueRef> performPropertyOperation(NSStringFunction st
     if (exception)
         return [_context valueFromNotifyException:exception];
 
-    JSObjectRef result = JSObjectCallAsConstructor([_context JSGlobalContextRef], object, argumentCount, arguments, &exception);
+    JSObjectRef result = JSObjectCallAsConstructor([_context JSGlobalContextRef], object, argumentCount, arguments.data(), &exception);
     if (exception)
         return [_context valueFromNotifyException:exception];
 
@@ -510,8 +519,12 @@ inline Expected<Result, JSValueRef> performPropertyOperation(NSStringFunction st
 
 - (JSValue *)invokeMethod:(NSString *)method withArguments:(NSArray *)arguments
 {
+    JSC::JSGlobalObject* globalObject = toJS([_context JSGlobalContextRef]);
+    JSC::VM& vm = globalObject->vm();
+    JSC::JSLockHolder locker(vm);
+
     NSUInteger argumentCount = [arguments count];
-    JSValueRef argumentArray[argumentCount];
+    JSC::MarkedJSValueRefArray argumentArray([_context JSGlobalContextRef], argumentCount);
     for (unsigned i = 0; i < argumentCount; ++i)
         argumentArray[i] = objectToValue(_context, [arguments objectAtIndex:i]);
 
@@ -529,7 +542,7 @@ inline Expected<Result, JSValueRef> performPropertyOperation(NSStringFunction st
     if (exception)
         return [_context valueFromNotifyException:exception];
 
-    JSValueRef result = JSObjectCallAsFunction([_context JSGlobalContextRef], object, thisObject, argumentCount, argumentArray, &exception);
+    JSValueRef result = JSObjectCallAsFunction([_context JSGlobalContextRef], object, thisObject, argumentCount, argumentArray.data(), &exception);
     if (exception)
         return [_context valueFromNotifyException:exception];
 
diff --git a/Source/JavaScriptCore/API/MarkedJSValueRefArray.cpp b/Source/JavaScriptCore/API/MarkedJSValueRefArray.cpp
new file mode 100644 (file)
index 0000000..be99216
--- /dev/null
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "MarkedJSValueRefArray.h"
+
+#include "JSCInlines.h"
+#include "JSCJSValue.h"
+#include "JSObject.h"
+
+namespace JSC {
+
+MarkedJSValueRefArray::MarkedJSValueRefArray(JSGlobalContextRef context, unsigned size)
+    : m_size(size)
+{
+    if (m_size > MarkedArgumentBuffer::inlineCapacity) {
+        m_buffer = BufferUniquePtr::create(m_size);
+        toJS(context)->vm().heap.addMarkedJSValueRefArray(this);
+        ASSERT(isOnList());
+    }
+}
+
+MarkedJSValueRefArray::~MarkedJSValueRefArray()
+{
+    if (isOnList())
+        remove();
+}
+
+void MarkedJSValueRefArray::visitAggregate(SlotVisitor& visitor)
+{
+    JSValueRef* buffer = data();
+    for (unsigned index = 0; index < m_size; ++index) {
+        JSValueRef value = buffer[index];
+#if !CPU(ADDRESS64)
+        JSCell* jsCell = reinterpret_cast<JSCell*>(const_cast<OpaqueJSValue*>(value));
+        if (!jsCell)
+            continue;
+        visitor.appendUnbarriered(jsCell); // We should mark the wrapper itself to keep JSValueRef live.
+#else
+        visitor.appendUnbarriered(bitwise_cast<JSValue>(value));
+#endif
+    }
+}
+
+} // namespace JSC
diff --git a/Source/JavaScriptCore/API/MarkedJSValueRefArray.h b/Source/JavaScriptCore/API/MarkedJSValueRefArray.h
new file mode 100644 (file)
index 0000000..1ade50e
--- /dev/null
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "ArgList.h"
+#include <wtf/ForbidHeapAllocation.h>
+#include <wtf/Noncopyable.h>
+#include <wtf/Nonmovable.h>
+
+namespace JSC {
+
+class MarkedJSValueRefArray final : public BasicRawSentinelNode<MarkedJSValueRefArray> {
+    WTF_MAKE_NONCOPYABLE(MarkedJSValueRefArray);
+    WTF_MAKE_NONMOVABLE(MarkedJSValueRefArray);
+    WTF_FORBID_HEAP_ALLOCATION;
+public:
+    using BufferUniquePtr = CagedUniquePtr<Gigacage::JSValue, JSValueRef>;
+    static constexpr size_t inlineCapacity = MarkedArgumentBuffer::inlineCapacity;
+
+    JS_EXPORT_PRIVATE MarkedJSValueRefArray(JSGlobalContextRef, unsigned);
+    JS_EXPORT_PRIVATE ~MarkedJSValueRefArray();
+
+    size_t size() const { return m_size; }
+    bool isEmpty() const { return !m_size; }
+
+    JSValueRef& operator[](unsigned index) { return data()[index]; }
+
+    const JSValueRef* data() const
+    {
+        return const_cast<MarkedJSValueRefArray*>(this)->data();
+    }
+
+    JSValueRef* data()
+    {
+        if (m_buffer)
+            return m_buffer.get(m_size);
+        return m_inlineBuffer;
+    }
+
+    void visitAggregate(SlotVisitor&);
+
+private:
+    unsigned m_size;
+    JSValueRef m_inlineBuffer[inlineCapacity] { };
+    BufferUniquePtr m_buffer;
+};
+
+} // namespace JSC
index 6ebb399..f4a074c 100644 (file)
@@ -88,10 +88,11 @@ static JSValueRef print(JSContextRef context, JSObjectRef object, JSObjectRef th
     if (argumentCount > 0) {
         JSStringRef string = JSValueToStringCopy(context, arguments[0], exception);
         size_t numChars = JSStringGetMaximumUTF8CStringSize(string);
-        char stringUTF8[numChars];
+        char* stringUTF8 = (char*)malloc(numChars);
         JSStringGetUTF8CString(string, stringUTF8, numChars);
         printf("%s\n", stringUTF8);
         JSStringRelease(string);
+        free(stringUTF8);
     }
     
     return JSValueMakeUndefined(context);
index 2a9f86a..e9c5bcf 100644 (file)
@@ -29,6 +29,7 @@
 #include "JSCJSValueInlines.h"
 #include "JSGlobalObjectInlines.h"
 #include "JSObject.h"
+#include "MarkedJSValueRefArray.h"
 
 #include <JavaScriptCore/JSContextRefPrivate.h>
 #include <JavaScriptCore/JSObjectRefPrivate.h>
@@ -42,6 +43,7 @@
 
 extern "C" void configureJSCForTesting();
 extern "C" int testCAPIViaCpp(const char* filter);
+extern "C" void JSSynchronousGarbageCollectForDebugging(JSContextRef);
 
 class APIString {
     WTF_MAKE_NONCOPYABLE(APIString);
@@ -144,6 +146,7 @@ public:
     void promiseUnhandledRejectionFromUnhandledRejectionCallback();
     void promiseEarlyHandledRejections();
     void topCallFrameAccess();
+    void markedJSValueArrayAndGC();
 
     int failed() const { return m_failed; }
 
@@ -620,6 +623,33 @@ void TestAPI::topCallFrameAccess()
     }
 }
 
+void TestAPI::markedJSValueArrayAndGC()
+{
+    auto testMarkedJSValueArray = [&](unsigned count) {
+        auto* globalObject = toJS(context);
+        JSC::JSLockHolder locker(globalObject->vm());
+        JSC::MarkedJSValueRefArray values(context, count);
+        for (unsigned index = 0; index < count; ++index) {
+            String target = makeString("Prefix", index);
+            auto holder = OpaqueJSString::tryCreate(target);
+            JSValueRef string = JSValueMakeString(context, holder.get());
+            values[index] = string;
+        }
+        JSSynchronousGarbageCollectForDebugging(context);
+        bool ok = true;
+        for (unsigned index = 0; index < count; ++index) {
+            String target = makeString("Prefix", index);
+            auto holder = OpaqueJSString::tryCreate(target);
+            JSValueRef string = JSValueMakeString(context, holder.get());
+            if (!JSValueIsStrictEqual(context, values[index], string))
+                ok = false;
+        }
+        check(ok, "Held JSString should be alive and correct.");
+    };
+    testMarkedJSValueArray(4);
+    testMarkedJSValueArray(1000);
+}
+
 void configureJSCForTesting()
 {
     JSC::Config::configureForTesting();
@@ -659,6 +689,7 @@ int testCAPIViaCpp(const char* filter)
     RUN(promiseUnhandledRejection());
     RUN(promiseUnhandledRejectionFromUnhandledRejectionCallback());
     RUN(promiseEarlyHandledRejections());
+    RUN(markedJSValueArrayAndGC());
 
     if (tasks.isEmpty()) {
         dataLogLn("Filtered all tests: ERROR");
index bdd6321..024ab0a 100644 (file)
@@ -1,3 +1,47 @@
+2020-03-15  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Should not use variable-length-array (VLA)
+        https://bugs.webkit.org/show_bug.cgi?id=209043
+
+        Reviewed by Mark Lam.
+
+        This patch disables variable-length-array (VLA). If this feature uses user-input, user can
+        control the stack height consumed by C++ code. This patch avoids using VLA. To achieve that,
+
+            1. We set `-Wvla` warning option to trigger warnings if it is used.
+            2. Introduce MarkedJSValueRefArray for API. This replaces `JSValueRef arguments[variableLength]` use case.
+               MarkedJSValueRefArray registers itself to JSC GC so that GC can mark it as a strong root.
+
+        * API/JSContext.mm:
+        (+[JSContext currentArguments]):
+        * API/JSValue.mm:
+        (-[JSValue callWithArguments:]):
+        (-[JSValue constructWithArguments:]):
+        (-[JSValue invokeMethod:withArguments:]):
+        * API/MarkedJSValueRefArray.cpp: Added.
+        (JSC::MarkedJSValueRefArray::MarkedJSValueRefArray):
+        (JSC::MarkedJSValueRefArray::~MarkedJSValueRefArray):
+        (JSC::MarkedJSValueRefArray::visitAggregate):
+        * API/MarkedJSValueRefArray.h: Added.
+        * API/tests/minidom.c:
+        (print):
+        * API/tests/testapi.cpp:
+        (TestAPI::markedJSValueArrayAndGC):
+        (testCAPIViaCpp):
+        * Configurations/Base.xcconfig:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Sources.txt:
+        * heap/Heap.cpp:
+        (JSC::Heap::addCoreConstraints):
+        (JSC::Heap::addMarkedJSValueRefArray):
+        * heap/Heap.h:
+        * heap/MarkedSpace.h:
+        (JSC::MarkedSpace::activeWeakSetsBegin): Deleted.
+        (JSC::MarkedSpace::activeWeakSetsEnd): Deleted.
+        (JSC::MarkedSpace::newActiveWeakSetsBegin): Deleted.
+        (JSC::MarkedSpace::newActiveWeakSetsEnd): Deleted.
+        * runtime/ArgList.h:
+
 2020-03-14  Saam Barati  <sbarati@apple.com>
 
         Unreviewed. Fix windows build by making configSizeToProtect stay 4KB.
index 7e03268..7e6253f 100644 (file)
@@ -98,7 +98,7 @@ GCC_WARN_UNUSED_FUNCTION = YES;
 GCC_WARN_UNUSED_VARIABLE = YES;
 CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
 PREBINDING = NO;
-WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough;
+WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough -Wvla;
 
 HEADER_SEARCH_PATHS = . "${BUILT_PRODUCTS_DIR}/usr/local/include" $(HEADER_SEARCH_PATHS);
 
index 4afce01..9e0ee1d 100644 (file)
                E3C79CAB1DB9A4DC00D1ECA4 /* DOMJITEffect.h in Headers */ = {isa = PBXBuildFile; fileRef = E3C79CAA1DB9A4D600D1ECA4 /* DOMJITEffect.h */; settings = {ATTRIBUTES = (Private, ); }; };
                E3C8ED4323A1DBCB00131958 /* IsoInlinedHeapCellType.h in Headers */ = {isa = PBXBuildFile; fileRef = E3C8ED4223A1DBC500131958 /* IsoInlinedHeapCellType.h */; };
                E3D239C91B829C1C00BBEF67 /* JSModuleEnvironment.h in Headers */ = {isa = PBXBuildFile; fileRef = E3D239C71B829C1C00BBEF67 /* JSModuleEnvironment.h */; settings = {ATTRIBUTES = (Private, ); }; };
+               E3D3515F241B89D7008DC16E /* MarkedJSValueRefArray.h in Headers */ = {isa = PBXBuildFile; fileRef = E3D3515D241B89CE008DC16E /* MarkedJSValueRefArray.h */; };
                E3D877741E65C0A000BE945A /* BytecodeDumper.h in Headers */ = {isa = PBXBuildFile; fileRef = E3D877721E65C08900BE945A /* BytecodeDumper.h */; };
                E3EE137621FBD43500D83C4B /* ErrorType.h in Headers */ = {isa = PBXBuildFile; fileRef = E3EE137421FBD43400D83C4B /* ErrorType.h */; settings = {ATTRIBUTES = (Private, ); }; };
                E3F23A7F1ECF13EE00978D99 /* SnippetSlowPathCalls.h in Headers */ = {isa = PBXBuildFile; fileRef = E3F23A7E1ECF13E500978D99 /* SnippetSlowPathCalls.h */; settings = {ATTRIBUTES = (Private, ); }; };
                E3D264281D38C042000BE174 /* BytecodeGraph.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BytecodeGraph.h; sourceTree = "<group>"; };
                E3D264291D38C042000BE174 /* BytecodeRewriter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BytecodeRewriter.cpp; sourceTree = "<group>"; };
                E3D2642A1D38C042000BE174 /* BytecodeRewriter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BytecodeRewriter.h; sourceTree = "<group>"; };
+               E3D3515D241B89CE008DC16E /* MarkedJSValueRefArray.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MarkedJSValueRefArray.h; sourceTree = "<group>"; };
+               E3D3515E241B89CF008DC16E /* MarkedJSValueRefArray.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = MarkedJSValueRefArray.cpp; sourceTree = "<group>"; };
                E3D877711E65C08900BE945A /* BytecodeDumper.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BytecodeDumper.cpp; sourceTree = "<group>"; };
                E3D877721E65C08900BE945A /* BytecodeDumper.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BytecodeDumper.h; sourceTree = "<group>"; };
                E3EE137421FBD43400D83C4B /* ErrorType.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ErrorType.h; sourceTree = "<group>"; };
                                7A9774A7206B82C9008D03D0 /* JSWeakValue.h */,
                                86E3C60C167BAB87006D760A /* JSWrapperMap.h */,
                                86E3C60B167BAB87006D760A /* JSWrapperMap.mm */,
+                               E3D3515E241B89CF008DC16E /* MarkedJSValueRefArray.cpp */,
+                               E3D3515D241B89CE008DC16E /* MarkedJSValueRefArray.h */,
                                86F3EEB9168CCF750077B92A /* ObjCCallbackFunction.h */,
                                86F3EEBA168CCF750077B92A /* ObjCCallbackFunction.mm */,
                                86F3EEB616855A5B0077B92A /* ObjcRuntimeExtras.h */,
                                142D6F0913539A2800B02E86 /* MarkedBlock.h in Headers */,
                                0F7C5FB81D888A0C0044F5E2 /* MarkedBlockInlines.h in Headers */,
                                141448CB13A176EC00F5BA1A /* MarkedBlockSet.h in Headers */,
+                               E3D3515F241B89D7008DC16E /* MarkedJSValueRefArray.h in Headers */,
                                14D2F3DB139F4BE200491031 /* MarkedSpace.h in Headers */,
                                0F7DF1351E2970DC0095951B /* MarkedSpaceInlines.h in Headers */,
                                0F660E381E0517BB0031462C /* MarkingConstraint.h in Headers */,
index e009666..c7b638b 100644 (file)
@@ -40,6 +40,7 @@ API/JSValueRef.cpp
 API/JSWeakObjectMapRefPrivate.cpp
 API/JSWeakPrivate.cpp
 API/JSWeakValue.cpp
+API/MarkedJSValueRefArray.cpp
 API/OpaqueJSString.cpp
 
 assembler/AbstractMacroAssembler.cpp
index 007e8b5..6c58148 100644 (file)
@@ -58,6 +58,7 @@
 #include "JSWebAssemblyCodeBlock.h"
 #include "MachineStackMarker.h"
 #include "MarkStackMergingConstraint.h"
+#include "MarkedJSValueRefArray.h"
 #include "MarkedSpaceInlines.h"
 #include "MarkingConstraintSet.h"
 #include "PreventCollectionScope.h"
@@ -2758,6 +2759,10 @@ void Heap::addCoreConstraints()
                 MarkedArgumentBuffer::markLists(slotVisitor, *m_markListSet);
             }
 
+            m_markedJSValueRefArrays.forEach([&] (MarkedJSValueRefArray* array) {
+                array->visitAggregate(slotVisitor);
+            });
+
             {
                 SetRootMarkReasonScope rootScope(slotVisitor, SlotVisitor::RootMarkReason::VMExceptions);
                 slotVisitor.appendUnbarriered(m_vm.exception());
@@ -3002,6 +3007,12 @@ void Heap::setBonusVisitorTask(RefPtr<SharedTask<void(SlotVisitor&)>> task)
     m_markingConditionVariable.notifyAll();
 }
 
+
+void Heap::addMarkedJSValueRefArray(MarkedJSValueRefArray* array)
+{
+    m_markedJSValueRefArrays.append(array);
+}
+
 void Heap::runTaskInParallel(RefPtr<SharedTask<void(SlotVisitor&)>> task)
 {
     unsigned initialRefCount = task->refCount();
index 237f18f..b0b361b 100644 (file)
@@ -73,6 +73,7 @@ class LLIntOffsetsExtractor;
 class MachineThreads;
 class MarkStackArray;
 class MarkStackMergingConstraint;
+class MarkedJSValueRefArray;
 class BlockDirectory;
 class MarkedArgumentBuffer;
 class MarkingConstraint;
@@ -240,6 +241,7 @@ public:
     JS_EXPORT_PRIVATE std::unique_ptr<TypeCountSet> objectTypeCounts();
 
     HashSet<MarkedArgumentBuffer*>& markListSet();
+    void addMarkedJSValueRefArray(MarkedJSValueRefArray*);
     
     template<typename Functor> void forEachProtectedCell(const Functor&);
     template<typename Functor> void forEachCodeBlock(const Functor&);
@@ -617,6 +619,7 @@ private:
 
     ProtectCountSet m_protectedValues;
     std::unique_ptr<HashSet<MarkedArgumentBuffer*>> m_markListSet;
+    SentinelLinkedList<MarkedJSValueRefArray, BasicRawSentinelNode<MarkedJSValueRefArray>> m_markedJSValueRefArrays;
 
     std::unique_ptr<MachineThreads> m_machineThreads;
     
index ad36622..8936e51 100644 (file)
@@ -173,11 +173,6 @@ public:
     // When this is true it means that we have flipped but the mark bits haven't converged yet.
     bool isMarking() const { return m_isMarking; }
     
-    WeakSet* activeWeakSetsBegin() { return m_activeWeakSets.begin(); }
-    WeakSet* activeWeakSetsEnd() { return m_activeWeakSets.end(); }
-    WeakSet* newActiveWeakSetsBegin() { return m_newActiveWeakSets.begin(); }
-    WeakSet* newActiveWeakSetsEnd() { return m_newActiveWeakSets.end(); }
-    
     void dumpBits(PrintStream& = WTF::dataFile());
     
     JS_EXPORT_PRIVATE static std::array<size_t, numSizeClasses> s_sizeClassForSizeStep;
index 949b9b0..765ea58 100644 (file)
@@ -36,7 +36,7 @@ class MarkedArgumentBuffer : public RecordOverflow {
 
 public:
     using Base = RecordOverflow;
-    static const size_t inlineCapacity = 8;
+    static constexpr size_t inlineCapacity = 8;
     typedef HashSet<MarkedArgumentBuffer*> ListSet;
 
     // Constructor for a read-write list, to which you may append values.
index bac4fc0..20137b5 100644 (file)
@@ -1,3 +1,14 @@
+2020-03-15  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Should not use variable-length-array (VLA)
+        https://bugs.webkit.org/show_bug.cgi?id=209043
+
+        Reviewed by Mark Lam.
+
+        * Configurations/Base.xcconfig:
+        * wtf/UUID.cpp:
+        (WTF::bootSessionUUIDString):
+
 2020-03-13  Myles C. Maxfield  <mmaxfield@apple.com>
 
         [Cocoa] Push applicationSDKVersion() down from WebCore into WTF
index 4390752..e8ac173 100644 (file)
@@ -97,7 +97,7 @@ GCC_WARN_UNINITIALIZED_AUTOS = YES;
 GCC_WARN_UNUSED_FUNCTION = YES;
 GCC_WARN_UNUSED_VARIABLE = YES;
 PREBINDING = NO;
-WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough;
+WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough -Wvla;
 HEADER_SEARCH_PATHS = $(BUILT_PRODUCTS_DIR)$(WTF_INSTALL_PATH_PREFIX)/usr/local/include $(DSTROOT)$(WTF_INSTALL_PATH_PREFIX)/usr/local/include $(inherited);
 SYSTEM_HEADER_SEARCH_PATHS = $(SDK_DIR)$(WTF_INSTALL_PATH_PREFIX)/usr/local/include $(inherited);
 LIBRARY_SEARCH_PATHS = $(SDK_DIR)$(WTF_INSTALL_PATH_PREFIX)/usr/local/lib $(inherited);
index 3c74331..ce9fcb0 100644 (file)
@@ -70,8 +70,9 @@ String bootSessionUUIDString()
     static LazyNeverDestroyed<String> bootSessionUUID;
     static std::once_flag onceKey;
     std::call_once(onceKey, [] {
-        size_t uuidLength = 37;
-        char uuid[uuidLength];
+        constexpr size_t maxUUIDLength = 37;
+        char uuid[maxUUIDLength];
+        size_t uuidLength = maxUUIDLength;
         if (sysctlbyname("kern.bootsessionuuid", uuid, &uuidLength, nullptr, 0))
             return;
         bootSessionUUID.construct(static_cast<const char*>(uuid), uuidLength - 1);
index 58436ef..7428448 100644 (file)
@@ -1,3 +1,22 @@
+2020-03-15  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Should not use variable-length-array (VLA)
+        https://bugs.webkit.org/show_bug.cgi?id=209043
+
+        Reviewed by Mark Lam.
+
+        * Configurations/Base.xcconfig:
+        * crypto/mac/SerializedCryptoKeyWrapMac.mm:
+        (WebCore::wrapSerializedCryptoKey):
+        (WebCore::unwrapSerializedCryptoKey):
+        * html/canvas/WebGL2RenderingContext.cpp:
+        (WebCore::WebGL2RenderingContext::getInternalformatParameter):
+        * platform/mediastream/mac/CoreAudioCaptureDeviceManager.cpp:
+        (WebCore::CoreAudioCaptureDeviceManager::refreshAudioCaptureDevices):
+        * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm:
+        (WebCore::updateDisplayID):
+        (WebCore::ScreenDisplayCaptureSourceMac::screenCaptureDevices):
+
 2020-03-14  Brent Fulgham  <bfulgham@apple.com>
 
         Add missing checks needed for AppBound Quirk
index 3d4c553..43c1553 100644 (file)
@@ -88,7 +88,7 @@ GCC_WARN_SIGN_COMPARE = YES;
 GCC_WARN_UNINITIALIZED_AUTOS = YES;
 GCC_WARN_UNUSED_FUNCTION = YES;
 GCC_WARN_UNUSED_VARIABLE = YES;
-WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough -Wno-unknown-warning-option;
+WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough -Wvla -Wno-unknown-warning-option;
 
 TARGET_MAC_OS_X_VERSION_MAJOR = $(TARGET_MAC_OS_X_VERSION_MAJOR$(MACOSX_DEPLOYMENT_TARGET:suffix:identifier));
 TARGET_MAC_OS_X_VERSION_MAJOR_13 = 101300;
index 0fca1f7..dca58cb 100644 (file)
@@ -1,3 +1,12 @@
+2020-03-15  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Should not use variable-length-array (VLA)
+        https://bugs.webkit.org/show_bug.cgi?id=209043
+
+        Reviewed by Mark Lam.
+
+        * Configurations/Base.xcconfig:
+
 2020-03-12  Per Arne Vollan  <pvollan@apple.com>
 
         [macOS] _AXSApplicationAccessibilityEnabled should not be called
index 814be83..0083e2a 100644 (file)
@@ -88,7 +88,7 @@ GCC_WARN_SIGN_COMPARE = YES;
 GCC_WARN_UNINITIALIZED_AUTOS = YES;
 GCC_WARN_UNUSED_FUNCTION = YES;
 GCC_WARN_UNUSED_VARIABLE = YES;
-WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough -Wno-unknown-warning-option;
+WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough -Wvla -Wno-unknown-warning-option;
 
 TARGET_MAC_OS_X_VERSION_MAJOR = $(TARGET_MAC_OS_X_VERSION_MAJOR$(MACOSX_DEPLOYMENT_TARGET:suffix:identifier));
 TARGET_MAC_OS_X_VERSION_MAJOR_13 = 101300;
index eba1bb0..3e47969 100644 (file)
@@ -220,8 +220,9 @@ bool wrapSerializedCryptoKey(const Vector<uint8_t>& masterKey, const Vector<uint
     wrappedKEK.shrink(wrappedKEKSize);
 
     Vector<uint8_t> encryptedKey(key.size());
-    size_t tagLength = 16;
-    uint8_t tag[tagLength];
+    constexpr size_t maxTagLength = 16;
+    size_t tagLength = maxTagLength;
+    uint8_t tag[maxTagLength];
 
     ALLOW_DEPRECATED_DECLARATIONS_BEGIN
     status = CCCryptorGCM(kCCEncrypt, kCCAlgorithmAES128, kek.data(), kek.size(),
@@ -287,8 +288,9 @@ bool unwrapSerializedCryptoKey(const Vector<uint8_t>& masterKey, const Vector<ui
         return false;
     kek.shrink(kekSize);
 
-    size_t tagLength = 16;
-    uint8_t actualTag[tagLength];
+    constexpr size_t maxTagLength = 16;
+    size_t tagLength = maxTagLength;
+    uint8_t actualTag[maxTagLength];
 
     key.resize(encryptedKey.size());
     ALLOW_DEPRECATED_DECLARATIONS_BEGIN
index 9d7bea8..43cf69d 100644 (file)
@@ -393,8 +393,8 @@ WebGLAny WebGL2RenderingContext::getInternalformatParameter(GCGLenum target, GCG
 #if USE(OPENGL_ES)
     m_context->getInternalformativ(target, internalformat, GraphicsContextGL::NUM_SAMPLE_COUNTS, 1, &numValues);
 
-    GCGLint params[numValues];
-    m_context->getInternalformativ(target, internalformat, pname, numValues, params);
+    Vector<GCGLint> params(numValues);
+    m_context->getInternalformativ(target, internalformat, pname, numValues, params.data());
 #else
     // On desktop OpenGL 4.1 or below we must emulate glGetInternalformativ.
 
@@ -423,12 +423,12 @@ WebGLAny WebGL2RenderingContext::getInternalformatParameter(GCGLenum target, GCG
     // Since multisampling is not supported for signed and unsigned integer internal formats,
     // the value of GL_NUM_SAMPLE_COUNTS will be zero for such formats.
     numValues = isIntegerFormat(internalformat) ? 0 : samples.size();
-    GCGLint params[numValues];
+    Vector<GCGLint> params(numValues);
     for (size_t i = 0; i < static_cast<size_t>(numValues); ++i)
         params[i] = samples[i];
 #endif
 
-    return Int32Array::tryCreate(params, numValues);
+    return Int32Array::tryCreate(params.data(), numValues);
 }
 
 void WebGL2RenderingContext::invalidateFramebuffer(GCGLenum, const Vector<GCGLenum>&)
index 8ccd881..ae958b2 100644 (file)
@@ -167,8 +167,8 @@ void CoreAudioCaptureDeviceManager::refreshAudioCaptureDevices(NotifyIfDevicesHa
     }
 
     size_t deviceCount = dataSize / sizeof(AudioObjectID);
-    AudioObjectID deviceIDs[deviceCount];
-    err = AudioObjectGetPropertyData(kAudioObjectSystemObject, &address, 0, nullptr, &dataSize, deviceIDs);
+    Vector<AudioObjectID> deviceIDs(deviceCount);
+    err = AudioObjectGetPropertyData(kAudioObjectSystemObject, &address, 0, nullptr, &dataSize, deviceIDs.data());
     if (err) {
         LOG(Media, "CoreAudioCaptureDeviceManager::refreshAudioCaptureDevices(%p) failed to get device list %d (%.4s)", this, (int)err, (char*)&err);
         return;
index 582a723..538eff9 100644 (file)
@@ -62,8 +62,8 @@ static Optional<CGDirectDisplayID> updateDisplayID(CGDirectDisplayID displayID)
         return WTF::nullopt;
     }
 
-    CGDirectDisplayID activeDisplays[displayCount];
-    err = CGGetActiveDisplayList(displayCount, &(activeDisplays[0]), &displayCount);
+    Vector<CGDirectDisplayID> activeDisplays(displayCount);
+    err = CGGetActiveDisplayList(displayCount, activeDisplays.data(), &displayCount);
     if (err) {
         RELEASE_LOG(Media, "CGGetActiveDisplayList() returned error %d when trying to get the active display list", static_cast<int>(err));
         return WTF::nullopt;
@@ -319,8 +319,8 @@ void ScreenDisplayCaptureSourceMac::screenCaptureDevices(Vector<CaptureDevice>&
         return;
     }
 
-    CGDirectDisplayID activeDisplays[displayCount];
-    err = CGGetActiveDisplayList(displayCount, &(activeDisplays[0]), &displayCount);
+    Vector<CGDirectDisplayID> activeDisplays(displayCount);
+    err = CGGetActiveDisplayList(displayCount, activeDisplays.data(), &displayCount);
     if (err) {
         RELEASE_LOG(Media, "CGGetActiveDisplayList() returned error %d when trying to get the active display list", (int)err);
         return;
index c3f517d..4378a6c 100644 (file)
@@ -1,3 +1,12 @@
+2020-03-15  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Should not use variable-length-array (VLA)
+        https://bugs.webkit.org/show_bug.cgi?id=209043
+
+        Reviewed by Mark Lam.
+
+        * Configurations/Base.xcconfig:
+
 2020-03-10  Devin Rousso  <drousso@apple.com>
 
         REGRESSION(r253759): Web Inspector: Audits: results folder doesn't get selected by pressing Arrow Down key
index 86fda12..cc37f86 100644 (file)
@@ -64,7 +64,7 @@ CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES;
 GCC_WARN_UNINITIALIZED_AUTOS = YES
 GCC_WARN_UNUSED_FUNCTION = YES;
 GCC_WARN_UNUSED_VARIABLE = YES
-WARNING_CFLAGS = -Wall -W -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wformat-security -Wmissing-format-attribute -Wpointer-arith -Wwrite-strings -Wno-unused-parameter -Wexit-time-destructors;
+WARNING_CFLAGS = -Wall -W -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wformat-security -Wmissing-format-attribute -Wpointer-arith -Wwrite-strings -Wno-unused-parameter -Wexit-time-destructors -Wvla;
 
 ENGINEERING_BUILD_DEFINES = $(ENGINEERING_BUILD_DEFINES_$(ENGINEERING_BUILD));
 ENGINEERING_BUILD_DEFINES_1 = ENGINEERING_BUILD=1;
index 8966648..4e2b3e6 100644 (file)
@@ -1,3 +1,16 @@
+2020-03-15  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Should not use variable-length-array (VLA)
+        https://bugs.webkit.org/show_bug.cgi?id=209043
+
+        Reviewed by Mark Lam.
+
+        * Configurations/Base.xcconfig:
+        * UIProcess/_WKTouchEventGenerator.mm:
+        (-[_WKTouchEventGenerator touchDown:touchCount:]):
+        (-[_WKTouchEventGenerator liftUp:touchCount:]):
+        (-[_WKTouchEventGenerator moveToPoints:touchCount:duration:]):
+
 2020-03-14  Brady Eidson  <beidson@apple.com>
 
         Fix the "deliver cached ranges" logic in PDFPlugin (and other small cleanups)
index 78d1c77..d6a9109 100644 (file)
@@ -86,7 +86,7 @@ GCC_WARN_UNUSED_FUNCTION = YES;
 GCC_WARN_UNUSED_VARIABLE = YES;
 OTHER_MIGFLAGS = -F$(BUILT_PRODUCTS_DIR);
 PREBINDING = NO;
-WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat-security -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wno-unused-parameter -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough;
+WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat-security -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wno-unused-parameter -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough -Wvla;
 
 TARGET_MAC_OS_X_VERSION_MAJOR = $(TARGET_MAC_OS_X_VERSION_MAJOR$(MACOSX_DEPLOYMENT_TARGET:suffix:identifier));
 TARGET_MAC_OS_X_VERSION_MAJOR_13 = 101300;
index 647d8e9..03bc36c 100644 (file)
@@ -294,12 +294,12 @@ ALLOW_DEPRECATED_DECLARATIONS_END
 {
     touchCount = std::min(touchCount, HIDMaxTouchCount);
 
-    CGPoint locations[touchCount];
+    Vector<CGPoint> locations(touchCount);
 
     for (NSUInteger index = 0; index < touchCount; ++index)
         locations[index] = location;
     
-    [self touchDownAtPoints:locations touchCount:touchCount];
+    [self touchDownAtPoints:locations.data() touchCount:touchCount];
 }
 
 - (void)touchDown:(CGPoint)location
@@ -327,12 +327,12 @@ ALLOW_DEPRECATED_DECLARATIONS_END
 {
     touchCount = std::min(touchCount, HIDMaxTouchCount);
 
-    CGPoint locations[touchCount];
+    Vector<CGPoint> locations(touchCount);
 
     for (NSUInteger index = 0; index < touchCount; ++index)
         locations[index] = location;
     
-    [self liftUpAtPoints:locations touchCount:touchCount];
+    [self liftUpAtPoints:locations.data() touchCount:touchCount];
 }
 
 - (void)liftUp:(CGPoint)location
@@ -344,8 +344,8 @@ ALLOW_DEPRECATED_DECLARATIONS_END
 {
     touchCount = std::min(touchCount, HIDMaxTouchCount);
 
-    CGPoint startLocations[touchCount];
-    CGPoint nextLocations[touchCount];
+    Vector<CGPoint> startLocations(touchCount);
+    Vector<CGPoint> nextLocations(touchCount);
 
     CFAbsoluteTime startTime = CFAbsoluteTimeGetCurrent();
     CFTimeInterval elapsed = 0;
@@ -361,7 +361,7 @@ ALLOW_DEPRECATED_DECLARATIONS_END
 
             nextLocations[i] = calculateNextCurveLocation(startLocations[i], newLocations[i], interval);
         }
-        [self _updateTouchPoints:nextLocations count:touchCount];
+        [self _updateTouchPoints:nextLocations.data() count:touchCount];
 
         delayBetweenMove(eventIndex++, elapsed);
     }
index c1ae87c..f80267a 100644 (file)
@@ -1,3 +1,12 @@
+2020-03-15  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Should not use variable-length-array (VLA)
+        https://bugs.webkit.org/show_bug.cgi?id=209043
+
+        Reviewed by Mark Lam.
+
+        * Configurations/Base.xcconfig:
+
 2020-03-12  Brent Fulgham  <bfulgham@apple.com>
 
         Correct preference handling and naming conventions in AppBound browsing preferences
index 2023129..da8be9f 100644 (file)
@@ -88,7 +88,7 @@ CLANG_WARN_DOCUMENTATION_COMMENTS = YES;
 OTHER_MIGFLAGS = -F$(BUILT_PRODUCTS_DIR);
 CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES;
 PREBINDING = NO;
-WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat-security -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wno-unused-parameter -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough;
+WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat-security -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wno-unused-parameter -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough -Wvla;
 
 TARGET_MAC_OS_X_VERSION_MAJOR = $(TARGET_MAC_OS_X_VERSION_MAJOR$(MACOSX_DEPLOYMENT_TARGET:suffix:identifier));
 TARGET_MAC_OS_X_VERSION_MAJOR_13 = 101300;
index e53787b..e0235b4 100644 (file)
@@ -1,3 +1,12 @@
+2020-03-15  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Should not use variable-length-array (VLA)
+        https://bugs.webkit.org/show_bug.cgi?id=209043
+
+        Reviewed by Mark Lam.
+
+        * Configurations/Base.xcconfig:
+
 2020-03-13  Saam Barati  <sbarati@apple.com>
 
         configSizeToProtect should be 16KB
index c000fb6..b404970 100644 (file)
@@ -94,7 +94,7 @@ GCC_WARN_UNINITIALIZED_AUTOS = YES;
 GCC_WARN_UNUSED_FUNCTION = YES;
 GCC_WARN_UNUSED_VARIABLE = YES;
 PREBINDING = NO;
-WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough;
+WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wconditional-uninitialized -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough -Wvla;
 
 TARGET_MAC_OS_X_VERSION_MAJOR = $(TARGET_MAC_OS_X_VERSION_MAJOR$(MACOSX_DEPLOYMENT_TARGET:suffix:identifier));
 TARGET_MAC_OS_X_VERSION_MAJOR_13 = 101300;
index 291ed42..8333cbf 100644 (file)
@@ -1,3 +1,13 @@
+2020-03-15  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Should not use variable-length-array (VLA)
+        https://bugs.webkit.org/show_bug.cgi?id=209043
+
+        Reviewed by Mark Lam.
+
+        * ContentExtensionTester/Configurations/Base.xcconfig:
+        * lldb/lldbWebKitTester/Configurations/Base.xcconfig:
+
 2020-03-13  Alex Christensen  <achristensen@webkit.org>
 
         WKWebView._negotiatedLegacyTLS should be correct after back/forward navigations
index c167dd3..67e4775 100644 (file)
@@ -65,7 +65,7 @@ GCC_WARN_UNDECLARED_SELECTOR = YES;
 GCC_WARN_UNINITIALIZED_AUTOS = YES;
 GCC_WARN_UNUSED_FUNCTION = YES;
 GCC_WARN_UNUSED_VARIABLE = YES;
-WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough;
+WARNING_CFLAGS = -Wall -Wextra -Wcast-qual -Wchar-subscripts -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough -Wvla;
 
 TARGET_MAC_OS_X_VERSION_MAJOR = $(TARGET_MAC_OS_X_VERSION_MAJOR$(MACOSX_DEPLOYMENT_TARGET:suffix:identifier));
 TARGET_MAC_OS_X_VERSION_MAJOR_13 = 101300;
index 914a921..2e9754a 100644 (file)
@@ -82,7 +82,7 @@ GCC_WARN_UNDECLARED_SELECTOR = YES;
 GCC_WARN_UNINITIALIZED_AUTOS = YES;
 GCC_WARN_UNUSED_FUNCTION = YES;
 GCC_WARN_UNUSED_VARIABLE = NO;
-WARNING_CFLAGS = -Wcast-qual -Wchar-subscripts -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough;
+WARNING_CFLAGS = -Wcast-qual -Wchar-subscripts -Wextra-tokens -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wpacked -Wpointer-arith -Wredundant-decls -Wundef -Wwrite-strings -Wexit-time-destructors -Wglobal-constructors -Wtautological-compare -Wimplicit-fallthrough -Wvla;
 
 HEADER_SEARCH_PATHS = ${BUILT_PRODUCTS_DIR}/usr/local/include;