Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (226777 => 226778)
--- trunk/Source/_javascript_Core/ChangeLog 2018-01-11 15:21:05 UTC (rev 226777)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-01-11 15:28:38 UTC (rev 226778)
@@ -1,3 +1,12 @@
+2018-01-11 Michael Saboff <msab...@apple.com>
+
+ Add a DOM gadget for Spectre testing
+ https://bugs.webkit.org/show_bug.cgi?id=181351
+
+ Reviewed by Ryosuke Niwa.
+
+ * runtime/Options.h:
+
2018-01-11 Yusuke Suzuki <utatane....@gmail.com>
[DFG][FTL] regExpMatchFast should be handled
Modified: trunk/Source/_javascript_Core/runtime/Options.h (226777 => 226778)
--- trunk/Source/_javascript_Core/runtime/Options.h 2018-01-11 15:21:05 UTC (rev 226777)
+++ trunk/Source/_javascript_Core/runtime/Options.h 2018-01-11 15:28:38 UTC (rev 226778)
@@ -460,6 +460,8 @@
\
v(bool, enableSpectreMitigations, true, Restricted, "Enable Spectre mitigations.") \
\
+ v(bool, enableSpectreGadgets, false, Restricted, "enable gadgets to test Spectre mitigations.") \
+ \
v(bool, useAsyncIterator, enableAsyncIteration, Normal, "Allow to use Async Iterator in JS.") \
\
v(bool, failToCompileWebAssemblyCode, false, Normal, "If true, no Wasm::Plan will sucessfully compile a function.") \
Modified: trunk/Source/WebCore/CMakeLists.txt (226777 => 226778)
--- trunk/Source/WebCore/CMakeLists.txt 2018-01-11 15:21:05 UTC (rev 226777)
+++ trunk/Source/WebCore/CMakeLists.txt 2018-01-11 15:28:38 UTC (rev 226778)
@@ -596,6 +596,7 @@
dom/ShadowRoot.idl
dom/ShadowRootMode.idl
dom/Slotable.idl
+ dom/SpectreGadget.idl
dom/StaticRange.idl
dom/StringCallback.idl
dom/Text.idl
Modified: trunk/Source/WebCore/ChangeLog (226777 => 226778)
--- trunk/Source/WebCore/ChangeLog 2018-01-11 15:21:05 UTC (rev 226777)
+++ trunk/Source/WebCore/ChangeLog 2018-01-11 15:28:38 UTC (rev 226778)
@@ -1,3 +1,33 @@
+2018-01-11 Michael Saboff <msab...@apple.com>
+
+ Add a DOM gadget for Spectre testing
+ https://bugs.webkit.org/show_bug.cgi?id=181351
+
+ Reviewed by Ryosuke Niwa.
+
+ This change is used to test Spectre mitigations.
+
+ Added a new DOM class to test for Spectre issues in the DOM layer.
+ This additional functionality is disabled by default and must be enabled
+ through the JSC option "enableSpectreGadgets".
+
+ * CMakeLists.txt:
+ * DerivedSources.make:
+ * Sources.txt:
+ * WebCore.xcodeproj/project.pbxproj:
+ * bindings/js/WebCoreBuiltinNames.h:
+ * dom/SpectreGadget.cpp: Added.
+ (WebCore::SpectreGadget::SpectreGadget):
+ (WebCore::SpectreGadget::create):
+ (WebCore::SpectreGadget::setReadLength):
+ (WebCore::SpectreGadget::charCodeAt):
+ (WebCore::SpectreGadget::clflushReadLength):
+ * dom/SpectreGadget.h: Added.
+ * dom/SpectreGadget.idl: Added.
+ * page/RuntimeEnabledFeatures.cpp:
+ (WebCore::RuntimeEnabledFeatures::spectreGadgetsEnabled const):
+ * page/RuntimeEnabledFeatures.h:
+
2018-01-11 Philippe Normand <pnorm...@igalia.com>
[GTK] media/muted-video-is-playing-audio.html is timing out
Modified: trunk/Source/WebCore/DerivedSources.make (226777 => 226778)
--- trunk/Source/WebCore/DerivedSources.make 2018-01-11 15:21:05 UTC (rev 226777)
+++ trunk/Source/WebCore/DerivedSources.make 2018-01-11 15:28:38 UTC (rev 226778)
@@ -513,6 +513,7 @@
$(WebCore)/dom/ShadowRoot.idl \
$(WebCore)/dom/ShadowRootMode.idl \
$(WebCore)/dom/Slotable.idl \
+ $(WebCore)/dom/SpectreGadget.idl \
$(WebCore)/dom/StaticRange.idl \
$(WebCore)/dom/StringCallback.idl \
$(WebCore)/dom/Text.idl \
Modified: trunk/Source/WebCore/Sources.txt (226777 => 226778)
--- trunk/Source/WebCore/Sources.txt 2018-01-11 15:21:05 UTC (rev 226777)
+++ trunk/Source/WebCore/Sources.txt 2018-01-11 15:28:38 UTC (rev 226778)
@@ -787,6 +787,7 @@
dom/SimulatedClick.cpp
dom/SlotAssignment.cpp
dom/SpaceSplitString.cpp
+dom/SpectreGadget.cpp
dom/StaticNodeList.cpp
dom/StaticRange.cpp
dom/StringCallback.cpp
@@ -2953,6 +2954,7 @@
JSSlotable.cpp
JSSourceBuffer.cpp
JSSourceBufferList.cpp
+JSSpectreGadget.cpp
JSSpeechSynthesis.cpp
JSSpeechSynthesisEvent.cpp
JSSpeechSynthesisUtterance.cpp
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (226777 => 226778)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2018-01-11 15:21:05 UTC (rev 226777)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2018-01-11 15:28:38 UTC (rev 226778)
@@ -1792,6 +1792,7 @@
656D373F0ADBA5DE00A4554D /* ResourceLoader.h in Headers */ = {isa = PBXBuildFile; fileRef = 656D37270ADBA5DE00A4554D /* ResourceLoader.h */; settings = {ATTRIBUTES = (Private, ); }; };
656D37430ADBA5DE00A4554D /* NetscapePlugInStreamLoader.h in Headers */ = {isa = PBXBuildFile; fileRef = 656D372B0ADBA5DE00A4554D /* NetscapePlugInStreamLoader.h */; settings = {ATTRIBUTES = (Private, ); }; };
656D37480ADBA5DE00A4554D /* SubresourceLoader.h in Headers */ = {isa = PBXBuildFile; fileRef = 656D37300ADBA5DE00A4554D /* SubresourceLoader.h */; settings = {ATTRIBUTES = (Private, ); }; };
+ 657AFAFC20047A2900509464 /* SpectreGadget.h in Headers */ = {isa = PBXBuildFile; fileRef = 657AFAF82004789900509464 /* SpectreGadget.h */; };
658436860AE01B7400E53753 /* FrameLoadRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = 658436850AE01B7400E53753 /* FrameLoadRequest.h */; settings = {ATTRIBUTES = (Private, ); }; };
6593923809AE4346002C531F /* URL.h in Headers */ = {isa = PBXBuildFile; fileRef = 6593923609AE4346002C531F /* URL.h */; settings = {ATTRIBUTES = (Private, ); }; };
659A7D130B6DB4D9001155B3 /* SubstituteData.h in Headers */ = {isa = PBXBuildFile; fileRef = 659A7D120B6DB4D9001155B3 /* SubstituteData.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -8506,6 +8507,9 @@
656D37270ADBA5DE00A4554D /* ResourceLoader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ResourceLoader.h; sourceTree = "<group>"; };
656D372B0ADBA5DE00A4554D /* NetscapePlugInStreamLoader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = NetscapePlugInStreamLoader.h; sourceTree = "<group>"; };
656D37300ADBA5DE00A4554D /* SubresourceLoader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SubresourceLoader.h; sourceTree = "<group>"; };
+ 657AFAF82004789900509464 /* SpectreGadget.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SpectreGadget.h; sourceTree = "<group>"; };
+ 657AFAFA2004789A00509464 /* SpectreGadget.idl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = SpectreGadget.idl; sourceTree = "<group>"; };
+ 657AFAFB2004789A00509464 /* SpectreGadget.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SpectreGadget.cpp; sourceTree = "<group>"; };
658436850AE01B7400E53753 /* FrameLoadRequest.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = FrameLoadRequest.h; sourceTree = "<group>"; };
6593923509AE4346002C531F /* URL.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = URL.cpp; sourceTree = "<group>"; };
6593923609AE4346002C531F /* URL.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = URL.h; sourceTree = "<group>"; };
@@ -25700,6 +25704,9 @@
9B532EA21BA928570038A827 /* SlotAssignment.h */,
D01A27AB10C9BFD800026A42 /* SpaceSplitString.cpp */,
D01A27AC10C9BFD800026A42 /* SpaceSplitString.h */,
+ 657AFAFB2004789A00509464 /* SpectreGadget.cpp */,
+ 657AFAF82004789900509464 /* SpectreGadget.h */,
+ 657AFAFA2004789A00509464 /* SpectreGadget.idl */,
BC7FA62C0D1F0EFF00DB22A9 /* StaticNodeList.cpp */,
BC7FA62B0D1F0EFF00DB22A9 /* StaticNodeList.h */,
F44EBBDA1DB5DD9D00277334 /* StaticRange.cpp */,
@@ -29349,6 +29356,7 @@
84A81F420FC7E02700955300 /* SourceGraphic.h in Headers */,
D01A27AE10C9BFD800026A42 /* SpaceSplitString.h in Headers */,
626CDE0F1140424C001E5A68 /* SpatialNavigation.h in Headers */,
+ 657AFAFC20047A2900509464 /* SpectreGadget.h in Headers */,
AA2A5AD416A4861100975A25 /* SpeechSynthesis.h in Headers */,
AA2A5AD216A4860A00975A25 /* SpeechSynthesisEvent.h in Headers */,
AA2A5AD016A4860400975A25 /* SpeechSynthesisUtterance.h in Headers */,
Modified: trunk/Source/WebCore/bindings/js/WebCoreBuiltinNames.h (226777 => 226778)
--- trunk/Source/WebCore/bindings/js/WebCoreBuiltinNames.h 2018-01-11 15:21:05 UTC (rev 226777)
+++ trunk/Source/WebCore/bindings/js/WebCoreBuiltinNames.h 2018-01-11 15:28:38 UTC (rev 226778)
@@ -139,6 +139,7 @@
macro(ServiceWorkerGlobalScope) \
macro(ServiceWorkerRegistration) \
macro(ShadowRoot) \
+ macro(SpectreGadget) \
macro(StaticRange) \
macro(VRDisplay) \
macro(VRDisplayCapabilities) \
Added: trunk/Source/WebCore/dom/SpectreGadget.cpp (0 => 226778)
--- trunk/Source/WebCore/dom/SpectreGadget.cpp (rev 0)
+++ trunk/Source/WebCore/dom/SpectreGadget.cpp 2018-01-11 15:28:38 UTC (rev 226778)
@@ -0,0 +1,79 @@
+/*
+* Copyright (C) 2018 Apple Inc. All rights reserved.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+* 1. Redistributions of source code must retain the above copyright
+* notice, this list of conditions and the following disclaimer.
+* 2. Redistributions in binary form must reproduce the above copyright
+* notice, this list of conditions and the following disclaimer in the
+* documentation and/or other materials provided with the distribution.
+*
+* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include "config.h"
+#include "SpectreGadget.h"
+
+#include "RuntimeEnabledFeatures.h"
+
+namespace WebCore {
+
+inline SpectreGadget::SpectreGadget(const String& text)
+{
+ if (RuntimeEnabledFeatures::sharedFeatures().spectreGadgetsEnabled()) {
+ m_data.resize(text.length());
+ setReadLength(text.length());
+ m_data.fill(0);
+ m_dataPtr = m_data.data();
+
+ for (size_t i = 0; i < m_readLength; i++)
+ m_data[i] = text.characterAt(i);
+ } else {
+ setReadLength(0);
+ m_dataPtr = nullptr;
+ }
+}
+
+Ref<SpectreGadget> SpectreGadget::create(const String& text)
+{
+ return adoptRef(*new SpectreGadget(text));
+}
+
+void SpectreGadget::setReadLength(size_t readLength)
+{
+ m_readLength = std::min(readLength, m_data.size());
+}
+
+unsigned SpectreGadget::charCodeAt(size_t index)
+{
+ if (index < m_readLength)
+ return m_dataPtr[index];
+
+ return 0;
+}
+
+void SpectreGadget::clflushReadLength()
+{
+#if CPU(X86_64) && !OS(WINDOWS)
+ auto clflush = [] (void* ptr) {
+ char* ptrToFlush = static_cast<char*>(ptr);
+ asm volatile ("clflush %0" :: "m"(*ptrToFlush) : "memory");
+ };
+
+ clflush(&m_readLength);
+#endif
+}
+
+} // namespace WebCore
Added: trunk/Source/WebCore/dom/SpectreGadget.h (0 => 226778)
--- trunk/Source/WebCore/dom/SpectreGadget.h (rev 0)
+++ trunk/Source/WebCore/dom/SpectreGadget.h 2018-01-11 15:28:38 UTC (rev 226778)
@@ -0,0 +1,50 @@
+/*
+* Copyright (C) 2018 Apple Inc. All rights reserved.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+* 1. Redistributions of source code must retain the above copyright
+* notice, this list of conditions and the following disclaimer.
+* 2. Redistributions in binary form must reproduce the above copyright
+* notice, this list of conditions and the following disclaimer in the
+* documentation and/or other materials provided with the distribution.
+*
+* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#pragma once
+
+#include <wtf/RefCounted.h>
+#include <wtf/RefPtr.h>
+
+namespace WebCore {
+
+class SpectreGadget final : public RefCounted<SpectreGadget> {
+public:
+ static Ref<SpectreGadget> create(const String&);
+
+ void setReadLength(size_t);
+ unsigned charCodeAt(size_t);
+ void clflushReadLength();
+
+private:
+ SpectreGadget(const String&);
+
+ size_t m_readLength;
+ Vector<UChar> m_data;
+ UChar* m_dataPtr;
+};
+
+} // namespace WebCore
+
Added: trunk/Source/WebCore/dom/SpectreGadget.idl (0 => 226778)
--- trunk/Source/WebCore/dom/SpectreGadget.idl (rev 0)
+++ trunk/Source/WebCore/dom/SpectreGadget.idl 2018-01-11 15:28:38 UTC (rev 226778)
@@ -0,0 +1,36 @@
+/*
+* Copyright (C) 2018 Apple Inc. All rights reserved.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+* 1. Redistributions of source code must retain the above copyright
+* notice, this list of conditions and the following disclaimer.
+* 2. Redistributions in binary form must reproduce the above copyright
+* notice, this list of conditions and the following disclaimer in the
+* documentation and/or other materials provided with the distribution.
+*
+* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+[
+ Exposed=Window,
+ EnabledAtRuntime=SpectreGadgets,
+ Constructor(DOMString data),
+ ImplementationLacksVTable
+ ] interface SpectreGadget {
+ void setReadLength(unsigned long readLength);
+ unsigned long charCodeAt(unsigned long index);
+ void clflushReadLength();
+};
+
Modified: trunk/Source/WebCore/page/RuntimeEnabledFeatures.cpp (226777 => 226778)
--- trunk/Source/WebCore/page/RuntimeEnabledFeatures.cpp 2018-01-11 15:21:05 UTC (rev 226777)
+++ trunk/Source/WebCore/page/RuntimeEnabledFeatures.cpp 2018-01-11 15:28:38 UTC (rev 226778)
@@ -33,6 +33,7 @@
#include "RuntimeEnabledFeatures.h"
#include "MediaPlayer.h"
+#include <_javascript_Core/Options.h>
#include <wtf/NeverDestroyed.h>
namespace WebCore {
@@ -51,6 +52,11 @@
return runtimeEnabledFeatures;
}
+bool RuntimeEnabledFeatures::spectreGadgetsEnabled() const
+{
+ return JSC::Options::enableSpectreGadgets();
+}
+
#if ENABLE(VIDEO)
bool RuntimeEnabledFeatures::audioEnabled() const
{
Modified: trunk/Source/WebCore/page/RuntimeEnabledFeatures.h (226777 => 226778)
--- trunk/Source/WebCore/page/RuntimeEnabledFeatures.h 2018-01-11 15:21:05 UTC (rev 226777)
+++ trunk/Source/WebCore/page/RuntimeEnabledFeatures.h 2018-01-11 15:28:38 UTC (rev 226778)
@@ -220,6 +220,8 @@
void setServiceWorkerEnabled(bool isEnabled) { m_serviceWorkerEnabled = isEnabled; }
#endif
+ bool spectreGadgetsEnabled() const;
+
#if ENABLE(VIDEO)
bool audioEnabled() const;
#endif
