[webkit-changes] [227111] branches/safari-605-branch/Source/JavaScriptCore

Wed, 17 Jan 2018 21:48:06 -0800

Title: [227111] branches/safari-605-branch/Source/_javascript_Core
Revision
227111
Author
jmarc...@apple.com
Date
2018-01-17 21:47:33 -0800 (Wed, 17 Jan 2018)

Log Message

Cherry-pick r227047. rdar://problem/36587246


Modified Paths

Diff

Modified: branches/safari-605-branch/Source/_javascript_Core/ChangeLog (227110 => 227111)


--- branches/safari-605-branch/Source/_javascript_Core/ChangeLog	2018-01-18 05:47:30 UTC (rev 227110)
+++ branches/safari-605-branch/Source/_javascript_Core/ChangeLog	2018-01-18 05:47:33 UTC (rev 227111)
@@ -1,5 +1,25 @@
 2018-01-17  Jason Marcell  <jmarc...@apple.com>
 
+        Cherry-pick r227047. rdar://problem/36587246
+
+    2018-01-16  JF Bastien  <jfbast...@apple.com>
+
+            Allow dangerous disabling of poison
+            https://bugs.webkit.org/show_bug.cgi?id=181685
+            <rdar://problem/36546265>
+
+            Reviewed by Keith Miller.
+
+            Some tools such as leak detectors and such like to look at real
+            pointers, and poisoned ones confuse them. Add a JSC option to
+            disable poisoning, but log to the console when this is done.
+
+            * runtime/JSCPoison.cpp:
+            (JSC::initializePoison):
+            * runtime/Options.h:
+
+2018-01-17  Jason Marcell  <jmarc...@apple.com>
+
         Cherry-pick r226940. rdar://problem/36598019
 
     2018-01-13  Mark Lam  <mark....@apple.com>

Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/JSCPoison.cpp (227110 => 227111)


--- branches/safari-605-branch/Source/_javascript_Core/runtime/JSCPoison.cpp	2018-01-18 05:47:30 UTC (rev 227110)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/JSCPoison.cpp	2018-01-18 05:47:33 UTC (rev 227111)
@@ -26,6 +26,7 @@
 #include "config.h"
 #include "JSCPoison.h"
 
+#include "Options.h"
 #include <mutex>
 #include <wtf/HashSet.h>
 
@@ -39,6 +40,8 @@
 {
     static std::once_flag initializeOnceFlag;
     std::call_once(initializeOnceFlag, [] {
+        if (!Options::usePoisoning())
+            return;
 
 #define INITIALIZE_POISON(poisonID) \
     POISON(poisonID) = makePoison();

Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/Options.h (227110 => 227111)


--- branches/safari-605-branch/Source/_javascript_Core/runtime/Options.h	2018-01-18 05:47:30 UTC (rev 227110)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/Options.h	2018-01-18 05:47:33 UTC (rev 227111)
@@ -459,8 +459,8 @@
     v(bool, useWebAssembly, true, Normal, "Expose the WebAssembly global object.") \
     \
     v(bool, enableSpectreMitigations, true, Restricted, "Enable Spectre mitigations.") \
-    \
     v(bool, enableSpectreGadgets, false, Restricted, "enable gadgets to test Spectre mitigations.") \
+    v(bool, usePoisoning, true, Normal, "Poison is randomized at load time when true, and initialized to 0 if false which defeats some Spectre and type confusion mitigations, but allows tools such as leak detectors to function better.") \
     \
     v(bool, useAsyncIterator, enableAsyncIteration, Normal, "Allow to use Async Iterator in JS.") \
     \

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to