Modified: branches/safari-605-branch/Source/_javascript_Core/ChangeLog (227110 => 227111)
--- branches/safari-605-branch/Source/_javascript_Core/ChangeLog 2018-01-18 05:47:30 UTC (rev 227110)
+++ branches/safari-605-branch/Source/_javascript_Core/ChangeLog 2018-01-18 05:47:33 UTC (rev 227111)
@@ -1,5 +1,25 @@
2018-01-17 Jason Marcell <jmarc...@apple.com>
+ Cherry-pick r227047. rdar://problem/36587246
+
+ 2018-01-16 JF Bastien <jfbast...@apple.com>
+
+ Allow dangerous disabling of poison
+ https://bugs.webkit.org/show_bug.cgi?id=181685
+ <rdar://problem/36546265>
+
+ Reviewed by Keith Miller.
+
+ Some tools such as leak detectors and such like to look at real
+ pointers, and poisoned ones confuse them. Add a JSC option to
+ disable poisoning, but log to the console when this is done.
+
+ * runtime/JSCPoison.cpp:
+ (JSC::initializePoison):
+ * runtime/Options.h:
+
+2018-01-17 Jason Marcell <jmarc...@apple.com>
+
Cherry-pick r226940. rdar://problem/36598019
2018-01-13 Mark Lam <mark....@apple.com>
Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/JSCPoison.cpp (227110 => 227111)
--- branches/safari-605-branch/Source/_javascript_Core/runtime/JSCPoison.cpp 2018-01-18 05:47:30 UTC (rev 227110)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/JSCPoison.cpp 2018-01-18 05:47:33 UTC (rev 227111)
@@ -26,6 +26,7 @@
#include "config.h"
#include "JSCPoison.h"
+#include "Options.h"
#include <mutex>
#include <wtf/HashSet.h>
@@ -39,6 +40,8 @@
{
static std::once_flag initializeOnceFlag;
std::call_once(initializeOnceFlag, [] {
+ if (!Options::usePoisoning())
+ return;
#define INITIALIZE_POISON(poisonID) \
POISON(poisonID) = makePoison();
Modified: branches/safari-605-branch/Source/_javascript_Core/runtime/Options.h (227110 => 227111)
--- branches/safari-605-branch/Source/_javascript_Core/runtime/Options.h 2018-01-18 05:47:30 UTC (rev 227110)
+++ branches/safari-605-branch/Source/_javascript_Core/runtime/Options.h 2018-01-18 05:47:33 UTC (rev 227111)
@@ -459,8 +459,8 @@
v(bool, useWebAssembly, true, Normal, "Expose the WebAssembly global object.") \
\
v(bool, enableSpectreMitigations, true, Restricted, "Enable Spectre mitigations.") \
- \
v(bool, enableSpectreGadgets, false, Restricted, "enable gadgets to test Spectre mitigations.") \
+ v(bool, usePoisoning, true, Normal, "Poison is randomized at load time when true, and initialized to 0 if false which defeats some Spectre and type confusion mitigations, but allows tools such as leak detectors to function better.") \
\
v(bool, useAsyncIterator, enableAsyncIteration, Normal, "Allow to use Async Iterator in JS.") \
\