Remove Options::enableSpectreMitigations
authorrmorisset@apple.com <rmorisset@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 30 Jan 2020 01:06:08 +0000 (01:06 +0000)
committerrmorisset@apple.com <rmorisset@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 30 Jan 2020 01:06:08 +0000 (01:06 +0000)
https://bugs.webkit.org/show_bug.cgi?id=193885

Reviewed by Saam Barati.

From what I remember we decided to remove the spectre-specific mitigations we had tried (in favor of things like process-per-origin).
I don't think anyone is using the SpectreGadget we had added for experiments either.
So this patch removes the following three options, and all the code that depended on them:
- enableSpectreMitigations (was true, only used in one place)
- enableSpectreGadgets (was false)
- zeroStackFrame (was false, and was an experiment about Spectre variant 4 if I remember correctly)

Source/JavaScriptCore:

* b3/air/AirCode.cpp:
(JSC::B3::Air::defaultPrologueGenerator):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
* jit/AssemblyHelpers.h:
* jit/JIT.cpp:
(JSC::JIT::compileWithoutLinking):
* runtime/OptionsList.h:
* wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::addCallIndirect):
* yarr/YarrJIT.cpp:
(JSC::Yarr::YarrGenerator::initCallFrame):

Source/WebCore:

No new tests as there is no new behaviour added.

* CMakeLists.txt:
* DerivedSources-input.xcfilelist:
* DerivedSources-output.xcfilelist:
* DerivedSources.make:
* Sources.txt:
* WebCore.xcodeproj/project.pbxproj:
* bindings/js/WebCoreBuiltinNames.h:
* dom/SpectreGadget.cpp: Removed.
* dom/SpectreGadget.h: Removed.
* dom/SpectreGadget.idl: Removed.
* page/RuntimeEnabledFeatures.cpp:
* page/RuntimeEnabledFeatures.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@255406 268f45cc-cd09-0410-ab3c-d52691b4dbfc

23 files changed:
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/b3/air/AirCode.cpp
Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Source/JavaScriptCore/jit/AssemblyHelpers.h
Source/JavaScriptCore/jit/JIT.cpp
Source/JavaScriptCore/runtime/OptionsList.h
Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
Source/JavaScriptCore/yarr/YarrJIT.cpp
Source/WebCore/CMakeLists.txt
Source/WebCore/ChangeLog
Source/WebCore/DerivedSources-input.xcfilelist
Source/WebCore/DerivedSources-output.xcfilelist
Source/WebCore/DerivedSources.make
Source/WebCore/Sources.txt
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/bindings/js/WebCoreBuiltinNames.h
Source/WebCore/dom/SpectreGadget.cpp [deleted file]
Source/WebCore/dom/SpectreGadget.h [deleted file]
Source/WebCore/dom/SpectreGadget.idl [deleted file]
Source/WebCore/page/RuntimeEnabledFeatures.cpp
Source/WebCore/page/RuntimeEnabledFeatures.h

index 0142ea9..18911a8 100644 (file)
@@ -1,3 +1,35 @@
+2020-01-29  Robin Morisset  <rmorisset@apple.com>
+
+        Remove Options::enableSpectreMitigations
+        https://bugs.webkit.org/show_bug.cgi?id=193885
+
+        Reviewed by Saam Barati.
+
+        From what I remember we decided to remove the spectre-specific mitigations we had tried (in favor of things like process-per-origin).
+        I don't think anyone is using the SpectreGadget we had added for experiments either.
+        So this patch removes the following three options, and all the code that depended on them:
+        - enableSpectreMitigations (was true, only used in one place)
+        - enableSpectreGadgets (was false)
+        - zeroStackFrame (was false, and was an experiment about Spectre variant 4 if I remember correctly)
+
+        * b3/air/AirCode.cpp:
+        (JSC::B3::Air::defaultPrologueGenerator):
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::compile):
+        (JSC::DFG::JITCompiler::compileFunction):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::lower):
+        * jit/AssemblyHelpers.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::compileWithoutLinking):
+        * runtime/OptionsList.h:
+        * wasm/WasmB3IRGenerator.cpp:
+        (JSC::Wasm::B3IRGenerator::addCallIndirect):
+        * yarr/YarrJIT.cpp:
+        (JSC::Yarr::YarrGenerator::initCallFrame):
+
 2020-01-29  Devin Rousso  <drousso@apple.com>
 
         Web Inspector: add instrumentation for showing existing Web Animations
index d5d69c3..bb7b78f 100644 (file)
@@ -46,8 +46,6 @@ static void defaultPrologueGenerator(CCallHelpers& jit, Code& code)
     if (code.frameSize()) {
         AllowMacroScratchRegisterUsageIf allowScratch(jit, isARM64());
         jit.addPtr(MacroAssembler::TrustedImm32(-code.frameSize()), MacroAssembler::framePointerRegister,  MacroAssembler::stackPointerRegister);
-        if (Options::zeroStackFrame())
-            jit.clearStackFrame(MacroAssembler::framePointerRegister, MacroAssembler::stackPointerRegister, GPRInfo::nonArgGPR0, code.frameSize());
     }
     
     jit.emitSave(code.calleeSaveRegisterAtOffsetList());
index c5544bb..4f61cc1 100644 (file)
@@ -353,8 +353,6 @@ void JITCompiler::compile()
     emitStackOverflowCheck(*this, stackOverflow);
 
     addPtr(TrustedImm32(-(m_graph.frameRegisterCount() * sizeof(Register))), GPRInfo::callFrameRegister, stackPointerRegister);
-    if (Options::zeroStackFrame())
-        clearStackFrame(GPRInfo::callFrameRegister, stackPointerRegister, GPRInfo::regT0, m_graph.frameRegisterCount() * sizeof(Register));
     checkStackPointerAlignment();
     compileSetupRegistersForEntry();
     compileEntryExecutionFlag();
@@ -422,8 +420,6 @@ void JITCompiler::compileFunction()
 
     // Move the stack pointer down to accommodate locals
     addPtr(TrustedImm32(-(m_graph.frameRegisterCount() * sizeof(Register))), GPRInfo::callFrameRegister, stackPointerRegister);
-    if (Options::zeroStackFrame())
-        clearStackFrame(GPRInfo::callFrameRegister, stackPointerRegister, GPRInfo::regT0, m_graph.frameRegisterCount() * sizeof(Register));
     checkStackPointerAlignment();
 
     compileSetupRegistersForEntry();
index 7a07b8a..642b163 100644 (file)
@@ -1848,8 +1848,6 @@ void SpeculativeJIT::compileCurrentBlock()
 
     if (m_block->isCatchEntrypoint) {
         m_jit.addPtr(CCallHelpers::TrustedImm32(-(m_jit.graph().frameRegisterCount() * sizeof(Register))), GPRInfo::callFrameRegister,  CCallHelpers::stackPointerRegister);
-        if (Options::zeroStackFrame())
-            m_jit.clearStackFrame(GPRInfo::callFrameRegister, CCallHelpers::stackPointerRegister, GPRInfo::regT0, m_jit.graph().frameRegisterCount() * sizeof(Register));
         m_jit.emitSaveCalleeSaves();
         m_jit.emitMaterializeTagCheckRegisters();
         m_jit.emitPutToCallFrameHeader(m_jit.codeBlock(), CallFrameSlot::codeBlock);
index 0fe88d6..4d3427b 100644 (file)
@@ -205,8 +205,6 @@ public:
                 [codeBlock] (CCallHelpers& jit, B3::Air::Code& code) {
                     AllowMacroScratchRegisterUsage allowScratch(jit);
                     jit.addPtr(CCallHelpers::TrustedImm32(-code.frameSize()), GPRInfo::callFrameRegister, CCallHelpers::stackPointerRegister);
-                    if (Options::zeroStackFrame())
-                        jit.clearStackFrame(GPRInfo::callFrameRegister, CCallHelpers::stackPointerRegister, GPRInfo::regT0, code.frameSize());
 
                     jit.emitSave(code.calleeSaveRegisterAtOffsetList());
                     jit.emitPutToCallFrameHeader(codeBlock, VirtualRegister(CallFrameSlot::codeBlock));
index 69342de..729f584 100644 (file)
@@ -502,30 +502,6 @@ public:
 #endif
     }
 
-    void clearStackFrame(GPRReg currentTop, GPRReg newTop, GPRReg temp, unsigned frameSize)
-    {
-        ASSERT(frameSize % stackAlignmentBytes() == 0);
-        if (frameSize <= 128) {
-            for (unsigned offset = 0; offset < frameSize; offset += sizeof(CPURegister))
-                storePtr(TrustedImm32(0), Address(currentTop, -8 - offset));
-        } else {
-            constexpr unsigned storeBytesPerIteration = stackAlignmentBytes();
-            constexpr unsigned storesPerIteration = storeBytesPerIteration / sizeof(CPURegister);
-
-            move(currentTop, temp);
-            Label zeroLoop = label();
-            subPtr(TrustedImm32(storeBytesPerIteration), temp);
-#if CPU(ARM64)
-            static_assert(storesPerIteration == 2, "clearStackFrame() for ARM64 assumes stack is 16 byte aligned");
-            storePair64(ARM64Registers::zr, ARM64Registers::zr, temp);
-#else
-            for (unsigned i = storesPerIteration; i-- != 0;)
-                storePtr(TrustedImm32(0), Address(temp, sizeof(CPURegister) * i));
-#endif
-            branchPtr(NotEqual, temp, newTop).linkTo(zeroLoop, this);
-        }
-    }
-
 #if CPU(X86_64)
     static constexpr size_t prologueStackPointerDelta()
     {
index e4248f2..fc99798 100644 (file)
@@ -708,8 +708,6 @@ void JIT::compileWithoutLinking(JITCompilationEffort effort)
 
     move(regT1, stackPointerRegister);
     checkStackPointerAlignment();
-    if (Options::zeroStackFrame())
-        clearStackFrame(callFrameRegister, stackPointerRegister, regT0, maxFrameSize);
 
     emitSaveCalleeSaves();
     emitMaterializeTagCheckRegisters();
index 57c2d2d..40323c8 100644 (file)
@@ -442,10 +442,6 @@ constexpr bool enableWebAssemblyStreamingApi = false;
     \
     v(Bool, useWebAssembly, true, Normal, "Expose the WebAssembly global object.") \
     \
-    v(Bool, enableSpectreMitigations, true, Restricted, "Enable Spectre mitigations.") \
-    v(Bool, enableSpectreGadgets, false, Restricted, "enable gadgets to test Spectre mitigations.") \
-    v(Bool, zeroStackFrame, false, Normal, "Zero stack frame on entry to a function.") \
-    \
     v(Bool, failToCompileWebAssemblyCode, false, Normal, "If true, no Wasm::Plan will sucessfully compile a function.") \
     v(Size, webAssemblyPartialCompileLimit, 5000, Normal, "Limit on the number of bytes a Wasm::Plan::compile should attempt before checking for other work.") \
     v(Unsigned, webAssemblyBBQAirOptimizationLevel, 0, Normal, "Air Optimization level for BBQ Web Assembly module compilations.") \
index c79f498..e04c466 100644 (file)
@@ -1754,7 +1754,6 @@ auto B3IRGenerator::addCallIndirect(unsigned tableIndex, const Signature& signat
     ExpressionType callableFunctionBuffer;
     ExpressionType instancesBuffer;
     ExpressionType callableFunctionBufferLength;
-    ExpressionType mask;
     {
         ExpressionType table = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
             instanceValue(), safeCast<int32_t>(Instance::offsetOfTablePtr(m_numImportFunctions, tableIndex)));
@@ -1764,9 +1763,6 @@ auto B3IRGenerator::addCallIndirect(unsigned tableIndex, const Signature& signat
             table, safeCast<int32_t>(FuncRefTable::offsetOfInstances()));
         callableFunctionBufferLength = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int32, origin(),
             table, safeCast<int32_t>(Table::offsetOfLength()));
-        mask = m_currentBlock->appendNew<Value>(m_proc, ZExt32, origin(),
-            m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int32, origin(),
-                table, safeCast<int32_t>(Table::offsetOfMask())));
     }
 
     // Check the index we are looking for is valid.
@@ -1781,9 +1777,6 @@ auto B3IRGenerator::addCallIndirect(unsigned tableIndex, const Signature& signat
 
     calleeIndex = m_currentBlock->appendNew<Value>(m_proc, ZExt32, origin(), calleeIndex);
 
-    if (Options::enableSpectreMitigations())
-        calleeIndex = m_currentBlock->appendNew<Value>(m_proc, BitAnd, origin(), mask, calleeIndex);
-
     ExpressionType callableFunction;
     {
         // Compute the offset in the table index space we are looking for.
index d2f0e8e..629bbe4 100644 (file)
@@ -638,31 +638,8 @@ class YarrGenerator : public YarrJITInfo, private MacroAssembler {
     void initCallFrame()
     {
         unsigned callFrameSizeInBytes = alignCallFrameSizeInBytes(m_pattern.m_body->m_callFrameSize);
-        if (callFrameSizeInBytes) {
-#if CPU(X86_64) || CPU(ARM64)
-            if (Options::zeroStackFrame()) {
-                // We need to start from the stack pointer, because we could have spilled callee saves
-                move(stackPointerRegister, regT0);
-                subPtr(Imm32(callFrameSizeInBytes), stackPointerRegister);
-                if (callFrameSizeInBytes <= 128) {
-                    for (unsigned offset = 0; offset < callFrameSizeInBytes; offset += sizeof(intptr_t))
-                        storePtr(TrustedImm32(0), Address(regT0, -8 - offset));
-                } else {
-                    Label zeroLoop = label();
-                    subPtr(TrustedImm32(sizeof(intptr_t) * 2), regT0);
-#if CPU(ARM64)
-                    storePair64(ARM64Registers::zr, ARM64Registers::zr, regT0);
-#else
-                    storePtr(TrustedImm32(0), Address(regT0));
-                    storePtr(TrustedImm32(0), Address(regT0, sizeof(intptr_t)));
-#endif
-                    branchPtr(NotEqual, regT0, stackPointerRegister).linkTo(zeroLoop, this);
-                }
-            } else
-#endif
-                subPtr(Imm32(callFrameSizeInBytes), stackPointerRegister);
-
-        }
+        if (callFrameSizeInBytes)
+            subPtr(Imm32(callFrameSizeInBytes), stackPointerRegister);
     }
     void removeCallFrame()
     {
index ef310b7..9332cf6 100644 (file)
@@ -751,7 +751,6 @@ set(WebCore_NON_SVG_IDL_FILES
     dom/ShadowRoot.idl
     dom/ShadowRootMode.idl
     dom/Slotable.idl
-    dom/SpectreGadget.idl
     dom/StaticRange.idl
     dom/StringCallback.idl
     dom/Text.idl
index aded978..1377b45 100644 (file)
@@ -1,3 +1,32 @@
+2020-01-29  Robin Morisset  <rmorisset@apple.com>
+
+        Remove Options::enableSpectreMitigations
+        https://bugs.webkit.org/show_bug.cgi?id=193885
+
+        Reviewed by Saam Barati.
+
+        From what I remember we decided to remove the spectre-specific mitigations we had tried (in favor of things like process-per-origin).
+        I don't think anyone is using the SpectreGadget we had added for experiments either.
+        So this patch removes the following three options, and all the code that depended on them:
+        - enableSpectreMitigations (was true, only used in one place)
+        - enableSpectreGadgets (was false)
+        - zeroStackFrame (was false, and was an experiment about Spectre variant 4 if I remember correctly)
+
+        No new tests as there is no new behaviour added.
+
+        * CMakeLists.txt:
+        * DerivedSources-input.xcfilelist:
+        * DerivedSources-output.xcfilelist:
+        * DerivedSources.make:
+        * Sources.txt:
+        * WebCore.xcodeproj/project.pbxproj:
+        * bindings/js/WebCoreBuiltinNames.h:
+        * dom/SpectreGadget.cpp: Removed.
+        * dom/SpectreGadget.h: Removed.
+        * dom/SpectreGadget.idl: Removed.
+        * page/RuntimeEnabledFeatures.cpp:
+        * page/RuntimeEnabledFeatures.h:
+
 2020-01-29  Sihui Liu  <sihui_liu@apple.com>
 
         Set QoS of blobUtilityQueue to be Utility
index 370aba6..a19d515 100644 (file)
@@ -636,7 +636,6 @@ $(PROJECT_DIR)/dom/SecurityPolicyViolationEvent.idl
 $(PROJECT_DIR)/dom/ShadowRoot.idl
 $(PROJECT_DIR)/dom/ShadowRootMode.idl
 $(PROJECT_DIR)/dom/Slotable.idl
-$(PROJECT_DIR)/dom/SpectreGadget.idl
 $(PROJECT_DIR)/dom/StaticRange.idl
 $(PROJECT_DIR)/dom/StringCallback.idl
 $(PROJECT_DIR)/dom/Text.idl
index 37784ae..60a1131 100644 (file)
@@ -1777,8 +1777,6 @@ $(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSourceBuffer.cpp
 $(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSourceBuffer.h
 $(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSourceBufferList.cpp
 $(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSourceBufferList.h
-$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSpectreGadget.cpp
-$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSpectreGadget.h
 $(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSpeechSynthesis.cpp
 $(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSpeechSynthesis.h
 $(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSpeechSynthesisEvent.cpp
index 10edaf8..7fcee29 100644 (file)
@@ -648,7 +648,6 @@ JS_BINDING_IDLS = \
     $(WebCore)/dom/ShadowRoot.idl \
     $(WebCore)/dom/ShadowRootMode.idl \
     $(WebCore)/dom/Slotable.idl \
-    $(WebCore)/dom/SpectreGadget.idl \
     $(WebCore)/dom/StaticRange.idl \
     $(WebCore)/dom/StringCallback.idl \
     $(WebCore)/dom/Text.idl \
index 641d6fd..116b388 100644 (file)
@@ -953,7 +953,6 @@ dom/ShadowRoot.cpp
 dom/SimulatedClick.cpp
 dom/SlotAssignment.cpp
 dom/SpaceSplitString.cpp
-dom/SpectreGadget.cpp
 dom/StaticNodeList.cpp
 dom/StaticRange.cpp
 dom/StringCallback.cpp
@@ -3408,7 +3407,6 @@ JSShadowRootMode.cpp
 JSSlotable.cpp
 JSSourceBuffer.cpp
 JSSourceBufferList.cpp
-JSSpectreGadget.cpp
 JSSpeechSynthesis.cpp
 JSSpeechSynthesisEvent.cpp
 JSSpeechSynthesisUtterance.cpp
index cc587ce..987a639 100644 (file)
                656D373F0ADBA5DE00A4554D /* ResourceLoader.h in Headers */ = {isa = PBXBuildFile; fileRef = 656D37270ADBA5DE00A4554D /* ResourceLoader.h */; settings = {ATTRIBUTES = (Private, ); }; };
                656D37430ADBA5DE00A4554D /* NetscapePlugInStreamLoader.h in Headers */ = {isa = PBXBuildFile; fileRef = 656D372B0ADBA5DE00A4554D /* NetscapePlugInStreamLoader.h */; settings = {ATTRIBUTES = (Private, ); }; };
                656D37480ADBA5DE00A4554D /* SubresourceLoader.h in Headers */ = {isa = PBXBuildFile; fileRef = 656D37300ADBA5DE00A4554D /* SubresourceLoader.h */; settings = {ATTRIBUTES = (Private, ); }; };
-               657AFAFC20047A2900509464 /* SpectreGadget.h in Headers */ = {isa = PBXBuildFile; fileRef = 657AFAF82004789900509464 /* SpectreGadget.h */; };
                658436860AE01B7400E53753 /* FrameLoadRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = 658436850AE01B7400E53753 /* FrameLoadRequest.h */; settings = {ATTRIBUTES = (Private, ); }; };
                659A7D130B6DB4D9001155B3 /* SubstituteData.h in Headers */ = {isa = PBXBuildFile; fileRef = 659A7D120B6DB4D9001155B3 /* SubstituteData.h */; settings = {ATTRIBUTES = (Private, ); }; };
                659DDC8309E198BA001BF3C6 /* JSDocument.h in Headers */ = {isa = PBXBuildFile; fileRef = 659DDC8109E198BA001BF3C6 /* JSDocument.h */; settings = {ATTRIBUTES = (Private, ); }; };
                656D37270ADBA5DE00A4554D /* ResourceLoader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ResourceLoader.h; sourceTree = "<group>"; };
                656D372B0ADBA5DE00A4554D /* NetscapePlugInStreamLoader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = NetscapePlugInStreamLoader.h; sourceTree = "<group>"; };
                656D37300ADBA5DE00A4554D /* SubresourceLoader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SubresourceLoader.h; sourceTree = "<group>"; };
-               657AFAF82004789900509464 /* SpectreGadget.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SpectreGadget.h; sourceTree = "<group>"; };
-               657AFAFA2004789A00509464 /* SpectreGadget.idl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = SpectreGadget.idl; sourceTree = "<group>"; };
-               657AFAFB2004789A00509464 /* SpectreGadget.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SpectreGadget.cpp; sourceTree = "<group>"; };
                658436850AE01B7400E53753 /* FrameLoadRequest.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = FrameLoadRequest.h; sourceTree = "<group>"; };
                6593923909AE435C002C531F /* URLMac.mm */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.objcpp; path = URLMac.mm; sourceTree = "<group>"; };
                659A7D120B6DB4D9001155B3 /* SubstituteData.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SubstituteData.h; sourceTree = "<group>"; };
                                9B532EA21BA928570038A827 /* SlotAssignment.h */,
                                D01A27AB10C9BFD800026A42 /* SpaceSplitString.cpp */,
                                D01A27AC10C9BFD800026A42 /* SpaceSplitString.h */,
-                               657AFAFB2004789A00509464 /* SpectreGadget.cpp */,
-                               657AFAF82004789900509464 /* SpectreGadget.h */,
-                               657AFAFA2004789A00509464 /* SpectreGadget.idl */,
                                BC7FA62C0D1F0EFF00DB22A9 /* StaticNodeList.cpp */,
                                BC7FA62B0D1F0EFF00DB22A9 /* StaticNodeList.h */,
                                F44EBBDA1DB5DD9D00277334 /* StaticRange.cpp */,
                                84A81F420FC7E02700955300 /* SourceGraphic.h in Headers */,
                                D01A27AE10C9BFD800026A42 /* SpaceSplitString.h in Headers */,
                                626CDE0F1140424C001E5A68 /* SpatialNavigation.h in Headers */,
-                               657AFAFC20047A2900509464 /* SpectreGadget.h in Headers */,
                                AA2A5AD416A4861100975A25 /* SpeechSynthesis.h in Headers */,
                                C14938072234551A000CD707 /* SpeechSynthesisClient.h in Headers */,
                                AA2A5AD216A4860A00975A25 /* SpeechSynthesisEvent.h in Headers */,
index ce4f72c..44d50b2 100644 (file)
@@ -215,7 +215,6 @@ namespace WebCore {
     macro(ServiceWorkerGlobalScope) \
     macro(ServiceWorkerRegistration) \
     macro(ShadowRoot) \
-    macro(SpectreGadget) \
     macro(StaticRange) \
     macro(StylePropertyMapReadOnly) \
     macro(StylePropertyMap) \
diff --git a/Source/WebCore/dom/SpectreGadget.cpp b/Source/WebCore/dom/SpectreGadget.cpp
deleted file mode 100644 (file)
index 6d95bdd..0000000
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
-* Copyright (C) 2018 Apple Inc. All rights reserved.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions
-* are met:
-* 1. Redistributions of source code must retain the above copyright
-*    notice, this list of conditions and the following disclaimer.
-* 2. Redistributions in binary form must reproduce the above copyright
-*    notice, this list of conditions and the following disclaimer in the
-*    documentation and/or other materials provided with the distribution.
-*
-* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
-* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-* PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
-* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-#include "config.h"
-#include "SpectreGadget.h"
-
-#include "RuntimeEnabledFeatures.h"
-#include <wtf/text/WTFString.h>
-
-namespace WebCore {
-
-inline SpectreGadget::SpectreGadget(const String& text)
-{
-    if (RuntimeEnabledFeatures::sharedFeatures().spectreGadgetsEnabled()) {
-        m_data.resize(text.length());
-        setReadLength(text.length());
-        m_data.fill(0);
-        m_dataPtr = m_data.data();
-
-        for (size_t i = 0; i < m_readLength; i++)
-            m_data[i] = text.characterAt(i);
-    } else {
-        setReadLength(0);
-        m_dataPtr = nullptr;
-    }
-}
-
-Ref<SpectreGadget> SpectreGadget::create(const String& text)
-{
-    return adoptRef(*new SpectreGadget(text));
-}
-
-void SpectreGadget::setReadLength(size_t readLength)
-{
-    m_readLength = std::min(readLength, m_data.size());
-}
-
-unsigned SpectreGadget::charCodeAt(size_t index)
-{
-    if (index < m_readLength)
-        return m_dataPtr[index];
-
-    return 0;
-}
-
-void SpectreGadget::clflushReadLength()
-{
-#if CPU(X86_64) && !OS(WINDOWS)
-    auto clflush = [] (void* ptr) {
-        char* ptrToFlush = static_cast<char*>(ptr);
-        asm volatile ("clflush %0" :: "m"(*ptrToFlush) : "memory");
-    };
-
-    clflush(&m_readLength);
-#endif
-}
-
-} // namespace WebCore
diff --git a/Source/WebCore/dom/SpectreGadget.h b/Source/WebCore/dom/SpectreGadget.h
deleted file mode 100644 (file)
index 1e38c6c..0000000
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
-* Copyright (C) 2018 Apple Inc. All rights reserved.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions
-* are met:
-* 1. Redistributions of source code must retain the above copyright
-*    notice, this list of conditions and the following disclaimer.
-* 2. Redistributions in binary form must reproduce the above copyright
-*    notice, this list of conditions and the following disclaimer in the
-*    documentation and/or other materials provided with the distribution.
-*
-* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
-* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-* PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
-* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-#pragma once
-
-#include <unicode/uchar.h>
-#include <wtf/RefCounted.h>
-#include <wtf/Vector.h>
-
-namespace WebCore {
-
-class SpectreGadget final : public RefCounted<SpectreGadget> {
-public:
-    static Ref<SpectreGadget> create(const String&);
-
-    void setReadLength(size_t);
-    unsigned charCodeAt(size_t);
-    void clflushReadLength();
-
-private:
-    SpectreGadget(const String&);
-
-    size_t m_readLength;
-    Vector<UChar> m_data;
-    UChar* m_dataPtr;
-};
-
-} // namespace WebCore
-
diff --git a/Source/WebCore/dom/SpectreGadget.idl b/Source/WebCore/dom/SpectreGadget.idl
deleted file mode 100644 (file)
index adf4bd8..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
-* Copyright (C) 2018 Apple Inc. All rights reserved.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions
-* are met:
-* 1. Redistributions of source code must retain the above copyright
-*    notice, this list of conditions and the following disclaimer.
-* 2. Redistributions in binary form must reproduce the above copyright
-*    notice, this list of conditions and the following disclaimer in the
-*    documentation and/or other materials provided with the distribution.
-*
-* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
-* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-* PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR
-* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-[
-    Exposed=Window,
-    EnabledAtRuntime=SpectreGadgets,
-    Constructor(DOMString data),
-    ImplementationLacksVTable
- ] interface SpectreGadget {
-    void setReadLength(unsigned long readLength);
-    unsigned long charCodeAt(unsigned long index);
-    void clflushReadLength();
-};
-
index e09b20e..64b51f6 100644 (file)
@@ -59,11 +59,6 @@ RuntimeEnabledFeatures& RuntimeEnabledFeatures::sharedFeatures()
     return runtimeEnabledFeatures;
 }
 
-bool RuntimeEnabledFeatures::spectreGadgetsEnabled() const
-{
-    return JSC::Options::enableSpectreGadgets();
-}
-
 #if ENABLE(TOUCH_EVENTS)
 bool RuntimeEnabledFeatures::touchEventsEnabled() const
 {
index d3616da..d5ef93a 100644 (file)
@@ -135,8 +135,6 @@ public:
     bool fetchAPIKeepAliveEnabled() const { return m_fetchAPIKeepAliveEnabled; }
     void setFetchAPIKeepAliveEnabled(bool isEnabled) { m_fetchAPIKeepAliveEnabled = isEnabled; }
 
-    bool spectreGadgetsEnabled() const;
-
     void setInspectorAdditionsEnabled(bool isEnabled) { m_inspectorAdditionsEnabled = isEnabled; }
     bool inspectorAdditionsEnabled() const { return m_inspectorAdditionsEnabled; }