Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (255405 => 255406)
--- trunk/Source/_javascript_Core/ChangeLog 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-01-30 01:06:08 UTC (rev 255406)
@@ -1,3 +1,35 @@
+2020-01-29 Robin Morisset <rmoris...@apple.com>
+
+ Remove Options::enableSpectreMitigations
+ https://bugs.webkit.org/show_bug.cgi?id=193885
+
+ Reviewed by Saam Barati.
+
+ From what I remember we decided to remove the spectre-specific mitigations we had tried (in favor of things like process-per-origin).
+ I don't think anyone is using the SpectreGadget we had added for experiments either.
+ So this patch removes the following three options, and all the code that depended on them:
+ - enableSpectreMitigations (was true, only used in one place)
+ - enableSpectreGadgets (was false)
+ - zeroStackFrame (was false, and was an experiment about Spectre variant 4 if I remember correctly)
+
+ * b3/air/AirCode.cpp:
+ (JSC::B3::Air::defaultPrologueGenerator):
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::compile):
+ (JSC::DFG::JITCompiler::compileFunction):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::lower):
+ * jit/AssemblyHelpers.h:
+ * jit/JIT.cpp:
+ (JSC::JIT::compileWithoutLinking):
+ * runtime/OptionsList.h:
+ * wasm/WasmB3IRGenerator.cpp:
+ (JSC::Wasm::B3IRGenerator::addCallIndirect):
+ * yarr/YarrJIT.cpp:
+ (JSC::Yarr::YarrGenerator::initCallFrame):
+
2020-01-29 Devin Rousso <drou...@apple.com>
Web Inspector: add instrumentation for showing existing Web Animations
Modified: trunk/Source/_javascript_Core/b3/air/AirCode.cpp (255405 => 255406)
--- trunk/Source/_javascript_Core/b3/air/AirCode.cpp 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/_javascript_Core/b3/air/AirCode.cpp 2020-01-30 01:06:08 UTC (rev 255406)
@@ -46,8 +46,6 @@
if (code.frameSize()) {
AllowMacroScratchRegisterUsageIf allowScratch(jit, isARM64());
jit.addPtr(MacroAssembler::TrustedImm32(-code.frameSize()), MacroAssembler::framePointerRegister, MacroAssembler::stackPointerRegister);
- if (Options::zeroStackFrame())
- jit.clearStackFrame(MacroAssembler::framePointerRegister, MacroAssembler::stackPointerRegister, GPRInfo::nonArgGPR0, code.frameSize());
}
jit.emitSave(code.calleeSaveRegisterAtOffsetList());
Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp (255405 => 255406)
--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp 2020-01-30 01:06:08 UTC (rev 255406)
@@ -353,8 +353,6 @@
emitStackOverflowCheck(*this, stackOverflow);
addPtr(TrustedImm32(-(m_graph.frameRegisterCount() * sizeof(Register))), GPRInfo::callFrameRegister, stackPointerRegister);
- if (Options::zeroStackFrame())
- clearStackFrame(GPRInfo::callFrameRegister, stackPointerRegister, GPRInfo::regT0, m_graph.frameRegisterCount() * sizeof(Register));
checkStackPointerAlignment();
compileSetupRegistersForEntry();
compileEntryExecutionFlag();
@@ -422,8 +420,6 @@
// Move the stack pointer down to accommodate locals
addPtr(TrustedImm32(-(m_graph.frameRegisterCount() * sizeof(Register))), GPRInfo::callFrameRegister, stackPointerRegister);
- if (Options::zeroStackFrame())
- clearStackFrame(GPRInfo::callFrameRegister, stackPointerRegister, GPRInfo::regT0, m_graph.frameRegisterCount() * sizeof(Register));
checkStackPointerAlignment();
compileSetupRegistersForEntry();
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (255405 => 255406)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2020-01-30 01:06:08 UTC (rev 255406)
@@ -1848,8 +1848,6 @@
if (m_block->isCatchEntrypoint) {
m_jit.addPtr(CCallHelpers::TrustedImm32(-(m_jit.graph().frameRegisterCount() * sizeof(Register))), GPRInfo::callFrameRegister, CCallHelpers::stackPointerRegister);
- if (Options::zeroStackFrame())
- m_jit.clearStackFrame(GPRInfo::callFrameRegister, CCallHelpers::stackPointerRegister, GPRInfo::regT0, m_jit.graph().frameRegisterCount() * sizeof(Register));
m_jit.emitSaveCalleeSaves();
m_jit.emitMaterializeTagCheckRegisters();
m_jit.emitPutToCallFrameHeader(m_jit.codeBlock(), CallFrameSlot::codeBlock);
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (255405 => 255406)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2020-01-30 01:06:08 UTC (rev 255406)
@@ -205,8 +205,6 @@
[codeBlock] (CCallHelpers& jit, B3::Air::Code& code) {
AllowMacroScratchRegisterUsage allowScratch(jit);
jit.addPtr(CCallHelpers::TrustedImm32(-code.frameSize()), GPRInfo::callFrameRegister, CCallHelpers::stackPointerRegister);
- if (Options::zeroStackFrame())
- jit.clearStackFrame(GPRInfo::callFrameRegister, CCallHelpers::stackPointerRegister, GPRInfo::regT0, code.frameSize());
jit.emitSave(code.calleeSaveRegisterAtOffsetList());
jit.emitPutToCallFrameHeader(codeBlock, VirtualRegister(CallFrameSlot::codeBlock));
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.h (255405 => 255406)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2020-01-30 01:06:08 UTC (rev 255406)
@@ -502,30 +502,6 @@
#endif
}
- void clearStackFrame(GPRReg currentTop, GPRReg newTop, GPRReg temp, unsigned frameSize)
- {
- ASSERT(frameSize % stackAlignmentBytes() == 0);
- if (frameSize <= 128) {
- for (unsigned offset = 0; offset < frameSize; offset += sizeof(CPURegister))
- storePtr(TrustedImm32(0), Address(currentTop, -8 - offset));
- } else {
- constexpr unsigned storeBytesPerIteration = stackAlignmentBytes();
- constexpr unsigned storesPerIteration = storeBytesPerIteration / sizeof(CPURegister);
-
- move(currentTop, temp);
- Label zeroLoop = label();
- subPtr(TrustedImm32(storeBytesPerIteration), temp);
-#if CPU(ARM64)
- static_assert(storesPerIteration == 2, "clearStackFrame() for ARM64 assumes stack is 16 byte aligned");
- storePair64(ARM64Registers::zr, ARM64Registers::zr, temp);
-#else
- for (unsigned i = storesPerIteration; i-- != 0;)
- storePtr(TrustedImm32(0), Address(temp, sizeof(CPURegister) * i));
-#endif
- branchPtr(NotEqual, temp, newTop).linkTo(zeroLoop, this);
- }
- }
-
#if CPU(X86_64)
static constexpr size_t prologueStackPointerDelta()
{
Modified: trunk/Source/_javascript_Core/jit/JIT.cpp (255405 => 255406)
--- trunk/Source/_javascript_Core/jit/JIT.cpp 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/_javascript_Core/jit/JIT.cpp 2020-01-30 01:06:08 UTC (rev 255406)
@@ -708,8 +708,6 @@
move(regT1, stackPointerRegister);
checkStackPointerAlignment();
- if (Options::zeroStackFrame())
- clearStackFrame(callFrameRegister, stackPointerRegister, regT0, maxFrameSize);
emitSaveCalleeSaves();
emitMaterializeTagCheckRegisters();
Modified: trunk/Source/_javascript_Core/runtime/OptionsList.h (255405 => 255406)
--- trunk/Source/_javascript_Core/runtime/OptionsList.h 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/_javascript_Core/runtime/OptionsList.h 2020-01-30 01:06:08 UTC (rev 255406)
@@ -442,10 +442,6 @@
\
v(Bool, useWebAssembly, true, Normal, "Expose the WebAssembly global object.") \
\
- v(Bool, enableSpectreMitigations, true, Restricted, "Enable Spectre mitigations.") \
- v(Bool, enableSpectreGadgets, false, Restricted, "enable gadgets to test Spectre mitigations.") \
- v(Bool, zeroStackFrame, false, Normal, "Zero stack frame on entry to a function.") \
- \
v(Bool, failToCompileWebAssemblyCode, false, Normal, "If true, no Wasm::Plan will sucessfully compile a function.") \
v(Size, webAssemblyPartialCompileLimit, 5000, Normal, "Limit on the number of bytes a Wasm::Plan::compile should attempt before checking for other work.") \
v(Unsigned, webAssemblyBBQAirOptimizationLevel, 0, Normal, "Air Optimization level for BBQ Web Assembly module compilations.") \
Modified: trunk/Source/_javascript_Core/wasm/WasmB3IRGenerator.cpp (255405 => 255406)
--- trunk/Source/_javascript_Core/wasm/WasmB3IRGenerator.cpp 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/_javascript_Core/wasm/WasmB3IRGenerator.cpp 2020-01-30 01:06:08 UTC (rev 255406)
@@ -1754,7 +1754,6 @@
ExpressionType callableFunctionBuffer;
ExpressionType instancesBuffer;
ExpressionType callableFunctionBufferLength;
- ExpressionType mask;
{
ExpressionType table = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
instanceValue(), safeCast<int32_t>(Instance::offsetOfTablePtr(m_numImportFunctions, tableIndex)));
@@ -1764,9 +1763,6 @@
table, safeCast<int32_t>(FuncRefTable::offsetOfInstances()));
callableFunctionBufferLength = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int32, origin(),
table, safeCast<int32_t>(Table::offsetOfLength()));
- mask = m_currentBlock->appendNew<Value>(m_proc, ZExt32, origin(),
- m_currentBlock->appendNew<MemoryValue>(m_proc, Load, Int32, origin(),
- table, safeCast<int32_t>(Table::offsetOfMask())));
}
// Check the index we are looking for is valid.
@@ -1781,9 +1777,6 @@
calleeIndex = m_currentBlock->appendNew<Value>(m_proc, ZExt32, origin(), calleeIndex);
- if (Options::enableSpectreMitigations())
- calleeIndex = m_currentBlock->appendNew<Value>(m_proc, BitAnd, origin(), mask, calleeIndex);
-
ExpressionType callableFunction;
{
// Compute the offset in the table index space we are looking for.
Modified: trunk/Source/_javascript_Core/yarr/YarrJIT.cpp (255405 => 255406)
--- trunk/Source/_javascript_Core/yarr/YarrJIT.cpp 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/_javascript_Core/yarr/YarrJIT.cpp 2020-01-30 01:06:08 UTC (rev 255406)
@@ -638,31 +638,8 @@
void initCallFrame()
{
unsigned callFrameSizeInBytes = alignCallFrameSizeInBytes(m_pattern.m_body->m_callFrameSize);
- if (callFrameSizeInBytes) {
-#if CPU(X86_64) || CPU(ARM64)
- if (Options::zeroStackFrame()) {
- // We need to start from the stack pointer, because we could have spilled callee saves
- move(stackPointerRegister, regT0);
- subPtr(Imm32(callFrameSizeInBytes), stackPointerRegister);
- if (callFrameSizeInBytes <= 128) {
- for (unsigned offset = 0; offset < callFrameSizeInBytes; offset += sizeof(intptr_t))
- storePtr(TrustedImm32(0), Address(regT0, -8 - offset));
- } else {
- Label zeroLoop = label();
- subPtr(TrustedImm32(sizeof(intptr_t) * 2), regT0);
-#if CPU(ARM64)
- storePair64(ARM64Registers::zr, ARM64Registers::zr, regT0);
-#else
- storePtr(TrustedImm32(0), Address(regT0));
- storePtr(TrustedImm32(0), Address(regT0, sizeof(intptr_t)));
-#endif
- branchPtr(NotEqual, regT0, stackPointerRegister).linkTo(zeroLoop, this);
- }
- } else
-#endif
- subPtr(Imm32(callFrameSizeInBytes), stackPointerRegister);
-
- }
+ if (callFrameSizeInBytes)
+ subPtr(Imm32(callFrameSizeInBytes), stackPointerRegister);
}
void removeCallFrame()
{
Modified: trunk/Source/WebCore/CMakeLists.txt (255405 => 255406)
--- trunk/Source/WebCore/CMakeLists.txt 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/CMakeLists.txt 2020-01-30 01:06:08 UTC (rev 255406)
@@ -751,7 +751,6 @@
dom/ShadowRoot.idl
dom/ShadowRootMode.idl
dom/Slotable.idl
- dom/SpectreGadget.idl
dom/StaticRange.idl
dom/StringCallback.idl
dom/Text.idl
Modified: trunk/Source/WebCore/ChangeLog (255405 => 255406)
--- trunk/Source/WebCore/ChangeLog 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/ChangeLog 2020-01-30 01:06:08 UTC (rev 255406)
@@ -1,3 +1,32 @@
+2020-01-29 Robin Morisset <rmoris...@apple.com>
+
+ Remove Options::enableSpectreMitigations
+ https://bugs.webkit.org/show_bug.cgi?id=193885
+
+ Reviewed by Saam Barati.
+
+ From what I remember we decided to remove the spectre-specific mitigations we had tried (in favor of things like process-per-origin).
+ I don't think anyone is using the SpectreGadget we had added for experiments either.
+ So this patch removes the following three options, and all the code that depended on them:
+ - enableSpectreMitigations (was true, only used in one place)
+ - enableSpectreGadgets (was false)
+ - zeroStackFrame (was false, and was an experiment about Spectre variant 4 if I remember correctly)
+
+ No new tests as there is no new behaviour added.
+
+ * CMakeLists.txt:
+ * DerivedSources-input.xcfilelist:
+ * DerivedSources-output.xcfilelist:
+ * DerivedSources.make:
+ * Sources.txt:
+ * WebCore.xcodeproj/project.pbxproj:
+ * bindings/js/WebCoreBuiltinNames.h:
+ * dom/SpectreGadget.cpp: Removed.
+ * dom/SpectreGadget.h: Removed.
+ * dom/SpectreGadget.idl: Removed.
+ * page/RuntimeEnabledFeatures.cpp:
+ * page/RuntimeEnabledFeatures.h:
+
2020-01-29 Sihui Liu <sihui_...@apple.com>
Set QoS of blobUtilityQueue to be Utility
Modified: trunk/Source/WebCore/DerivedSources-input.xcfilelist (255405 => 255406)
--- trunk/Source/WebCore/DerivedSources-input.xcfilelist 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/DerivedSources-input.xcfilelist 2020-01-30 01:06:08 UTC (rev 255406)
@@ -636,7 +636,6 @@
$(PROJECT_DIR)/dom/ShadowRoot.idl
$(PROJECT_DIR)/dom/ShadowRootMode.idl
$(PROJECT_DIR)/dom/Slotable.idl
-$(PROJECT_DIR)/dom/SpectreGadget.idl
$(PROJECT_DIR)/dom/StaticRange.idl
$(PROJECT_DIR)/dom/StringCallback.idl
$(PROJECT_DIR)/dom/Text.idl
Modified: trunk/Source/WebCore/DerivedSources-output.xcfilelist (255405 => 255406)
--- trunk/Source/WebCore/DerivedSources-output.xcfilelist 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/DerivedSources-output.xcfilelist 2020-01-30 01:06:08 UTC (rev 255406)
@@ -1777,8 +1777,6 @@
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSourceBuffer.h
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSourceBufferList.cpp
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSourceBufferList.h
-$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSpectreGadget.cpp
-$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSpectreGadget.h
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSpeechSynthesis.cpp
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSpeechSynthesis.h
$(BUILT_PRODUCTS_DIR)/DerivedSources/WebCore/JSSpeechSynthesisEvent.cpp
Modified: trunk/Source/WebCore/DerivedSources.make (255405 => 255406)
--- trunk/Source/WebCore/DerivedSources.make 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/DerivedSources.make 2020-01-30 01:06:08 UTC (rev 255406)
@@ -648,7 +648,6 @@
$(WebCore)/dom/ShadowRoot.idl \
$(WebCore)/dom/ShadowRootMode.idl \
$(WebCore)/dom/Slotable.idl \
- $(WebCore)/dom/SpectreGadget.idl \
$(WebCore)/dom/StaticRange.idl \
$(WebCore)/dom/StringCallback.idl \
$(WebCore)/dom/Text.idl \
Modified: trunk/Source/WebCore/Sources.txt (255405 => 255406)
--- trunk/Source/WebCore/Sources.txt 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/Sources.txt 2020-01-30 01:06:08 UTC (rev 255406)
@@ -953,7 +953,6 @@
dom/SimulatedClick.cpp
dom/SlotAssignment.cpp
dom/SpaceSplitString.cpp
-dom/SpectreGadget.cpp
dom/StaticNodeList.cpp
dom/StaticRange.cpp
dom/StringCallback.cpp
@@ -3408,7 +3407,6 @@
JSSlotable.cpp
JSSourceBuffer.cpp
JSSourceBufferList.cpp
-JSSpectreGadget.cpp
JSSpeechSynthesis.cpp
JSSpeechSynthesisEvent.cpp
JSSpeechSynthesisUtterance.cpp
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (255405 => 255406)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2020-01-30 01:06:08 UTC (rev 255406)
@@ -1982,7 +1982,6 @@
656D373F0ADBA5DE00A4554D /* ResourceLoader.h in Headers */ = {isa = PBXBuildFile; fileRef = 656D37270ADBA5DE00A4554D /* ResourceLoader.h */; settings = {ATTRIBUTES = (Private, ); }; };
656D37430ADBA5DE00A4554D /* NetscapePlugInStreamLoader.h in Headers */ = {isa = PBXBuildFile; fileRef = 656D372B0ADBA5DE00A4554D /* NetscapePlugInStreamLoader.h */; settings = {ATTRIBUTES = (Private, ); }; };
656D37480ADBA5DE00A4554D /* SubresourceLoader.h in Headers */ = {isa = PBXBuildFile; fileRef = 656D37300ADBA5DE00A4554D /* SubresourceLoader.h */; settings = {ATTRIBUTES = (Private, ); }; };
- 657AFAFC20047A2900509464 /* SpectreGadget.h in Headers */ = {isa = PBXBuildFile; fileRef = 657AFAF82004789900509464 /* SpectreGadget.h */; };
658436860AE01B7400E53753 /* FrameLoadRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = 658436850AE01B7400E53753 /* FrameLoadRequest.h */; settings = {ATTRIBUTES = (Private, ); }; };
659A7D130B6DB4D9001155B3 /* SubstituteData.h in Headers */ = {isa = PBXBuildFile; fileRef = 659A7D120B6DB4D9001155B3 /* SubstituteData.h */; settings = {ATTRIBUTES = (Private, ); }; };
659DDC8309E198BA001BF3C6 /* JSDocument.h in Headers */ = {isa = PBXBuildFile; fileRef = 659DDC8109E198BA001BF3C6 /* JSDocument.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -9159,9 +9158,6 @@
656D37270ADBA5DE00A4554D /* ResourceLoader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = ResourceLoader.h; sourceTree = "<group>"; };
656D372B0ADBA5DE00A4554D /* NetscapePlugInStreamLoader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = NetscapePlugInStreamLoader.h; sourceTree = "<group>"; };
656D37300ADBA5DE00A4554D /* SubresourceLoader.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SubresourceLoader.h; sourceTree = "<group>"; };
- 657AFAF82004789900509464 /* SpectreGadget.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SpectreGadget.h; sourceTree = "<group>"; };
- 657AFAFA2004789A00509464 /* SpectreGadget.idl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = SpectreGadget.idl; sourceTree = "<group>"; };
- 657AFAFB2004789A00509464 /* SpectreGadget.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SpectreGadget.cpp; sourceTree = "<group>"; };
658436850AE01B7400E53753 /* FrameLoadRequest.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = FrameLoadRequest.h; sourceTree = "<group>"; };
6593923909AE435C002C531F /* URLMac.mm */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.objcpp; path = URLMac.mm; sourceTree = "<group>"; };
659A7D120B6DB4D9001155B3 /* SubstituteData.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = SubstituteData.h; sourceTree = "<group>"; };
@@ -28352,9 +28348,6 @@
9B532EA21BA928570038A827 /* SlotAssignment.h */,
D01A27AB10C9BFD800026A42 /* SpaceSplitString.cpp */,
D01A27AC10C9BFD800026A42 /* SpaceSplitString.h */,
- 657AFAFB2004789A00509464 /* SpectreGadget.cpp */,
- 657AFAF82004789900509464 /* SpectreGadget.h */,
- 657AFAFA2004789A00509464 /* SpectreGadget.idl */,
BC7FA62C0D1F0EFF00DB22A9 /* StaticNodeList.cpp */,
BC7FA62B0D1F0EFF00DB22A9 /* StaticNodeList.h */,
F44EBBDA1DB5DD9D00277334 /* StaticRange.cpp */,
@@ -32336,7 +32329,6 @@
84A81F420FC7E02700955300 /* SourceGraphic.h in Headers */,
D01A27AE10C9BFD800026A42 /* SpaceSplitString.h in Headers */,
626CDE0F1140424C001E5A68 /* SpatialNavigation.h in Headers */,
- 657AFAFC20047A2900509464 /* SpectreGadget.h in Headers */,
AA2A5AD416A4861100975A25 /* SpeechSynthesis.h in Headers */,
C14938072234551A000CD707 /* SpeechSynthesisClient.h in Headers */,
AA2A5AD216A4860A00975A25 /* SpeechSynthesisEvent.h in Headers */,
Modified: trunk/Source/WebCore/bindings/js/WebCoreBuiltinNames.h (255405 => 255406)
--- trunk/Source/WebCore/bindings/js/WebCoreBuiltinNames.h 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/bindings/js/WebCoreBuiltinNames.h 2020-01-30 01:06:08 UTC (rev 255406)
@@ -215,7 +215,6 @@
macro(ServiceWorkerGlobalScope) \
macro(ServiceWorkerRegistration) \
macro(ShadowRoot) \
- macro(SpectreGadget) \
macro(StaticRange) \
macro(StylePropertyMapReadOnly) \
macro(StylePropertyMap) \
Deleted: trunk/Source/WebCore/dom/SpectreGadget.cpp (255405 => 255406)
--- trunk/Source/WebCore/dom/SpectreGadget.cpp 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/dom/SpectreGadget.cpp 2020-01-30 01:06:08 UTC (rev 255406)
@@ -1,80 +0,0 @@
-/*
-* Copyright (C) 2018 Apple Inc. All rights reserved.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions
-* are met:
-* 1. Redistributions of source code must retain the above copyright
-* notice, this list of conditions and the following disclaimer.
-* 2. Redistributions in binary form must reproduce the above copyright
-* notice, this list of conditions and the following disclaimer in the
-* documentation and/or other materials provided with the distribution.
-*
-* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
-* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
-* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-#include "config.h"
-#include "SpectreGadget.h"
-
-#include "RuntimeEnabledFeatures.h"
-#include <wtf/text/WTFString.h>
-
-namespace WebCore {
-
-inline SpectreGadget::SpectreGadget(const String& text)
-{
- if (RuntimeEnabledFeatures::sharedFeatures().spectreGadgetsEnabled()) {
- m_data.resize(text.length());
- setReadLength(text.length());
- m_data.fill(0);
- m_dataPtr = m_data.data();
-
- for (size_t i = 0; i < m_readLength; i++)
- m_data[i] = text.characterAt(i);
- } else {
- setReadLength(0);
- m_dataPtr = nullptr;
- }
-}
-
-Ref<SpectreGadget> SpectreGadget::create(const String& text)
-{
- return adoptRef(*new SpectreGadget(text));
-}
-
-void SpectreGadget::setReadLength(size_t readLength)
-{
- m_readLength = std::min(readLength, m_data.size());
-}
-
-unsigned SpectreGadget::charCodeAt(size_t index)
-{
- if (index < m_readLength)
- return m_dataPtr[index];
-
- return 0;
-}
-
-void SpectreGadget::clflushReadLength()
-{
-#if CPU(X86_64) && !OS(WINDOWS)
- auto clflush = [] (void* ptr) {
- char* ptrToFlush = static_cast<char*>(ptr);
- asm volatile ("clflush %0" :: "m"(*ptrToFlush) : "memory");
- };
-
- clflush(&m_readLength);
-#endif
-}
-
-} // namespace WebCore
Deleted: trunk/Source/WebCore/dom/SpectreGadget.h (255405 => 255406)
--- trunk/Source/WebCore/dom/SpectreGadget.h 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/dom/SpectreGadget.h 2020-01-30 01:06:08 UTC (rev 255406)
@@ -1,51 +0,0 @@
-/*
-* Copyright (C) 2018 Apple Inc. All rights reserved.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions
-* are met:
-* 1. Redistributions of source code must retain the above copyright
-* notice, this list of conditions and the following disclaimer.
-* 2. Redistributions in binary form must reproduce the above copyright
-* notice, this list of conditions and the following disclaimer in the
-* documentation and/or other materials provided with the distribution.
-*
-* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
-* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
-* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-#pragma once
-
-#include <unicode/uchar.h>
-#include <wtf/RefCounted.h>
-#include <wtf/Vector.h>
-
-namespace WebCore {
-
-class SpectreGadget final : public RefCounted<SpectreGadget> {
-public:
- static Ref<SpectreGadget> create(const String&);
-
- void setReadLength(size_t);
- unsigned charCodeAt(size_t);
- void clflushReadLength();
-
-private:
- SpectreGadget(const String&);
-
- size_t m_readLength;
- Vector<UChar> m_data;
- UChar* m_dataPtr;
-};
-
-} // namespace WebCore
-
Deleted: trunk/Source/WebCore/dom/SpectreGadget.idl (255405 => 255406)
--- trunk/Source/WebCore/dom/SpectreGadget.idl 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/dom/SpectreGadget.idl 2020-01-30 01:06:08 UTC (rev 255406)
@@ -1,36 +0,0 @@
-/*
-* Copyright (C) 2018 Apple Inc. All rights reserved.
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions
-* are met:
-* 1. Redistributions of source code must retain the above copyright
-* notice, this list of conditions and the following disclaimer.
-* 2. Redistributions in binary form must reproduce the above copyright
-* notice, this list of conditions and the following disclaimer in the
-* documentation and/or other materials provided with the distribution.
-*
-* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
-* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
-* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
-* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-[
- Exposed=Window,
- EnabledAtRuntime=SpectreGadgets,
- Constructor(DOMString data),
- ImplementationLacksVTable
- ] interface SpectreGadget {
- void setReadLength(unsigned long readLength);
- unsigned long charCodeAt(unsigned long index);
- void clflushReadLength();
-};
-
Modified: trunk/Source/WebCore/page/RuntimeEnabledFeatures.cpp (255405 => 255406)
--- trunk/Source/WebCore/page/RuntimeEnabledFeatures.cpp 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/page/RuntimeEnabledFeatures.cpp 2020-01-30 01:06:08 UTC (rev 255406)
@@ -59,11 +59,6 @@
return runtimeEnabledFeatures;
}
-bool RuntimeEnabledFeatures::spectreGadgetsEnabled() const
-{
- return JSC::Options::enableSpectreGadgets();
-}
-
#if ENABLE(TOUCH_EVENTS)
bool RuntimeEnabledFeatures::touchEventsEnabled() const
{
Modified: trunk/Source/WebCore/page/RuntimeEnabledFeatures.h (255405 => 255406)
--- trunk/Source/WebCore/page/RuntimeEnabledFeatures.h 2020-01-30 01:02:17 UTC (rev 255405)
+++ trunk/Source/WebCore/page/RuntimeEnabledFeatures.h 2020-01-30 01:06:08 UTC (rev 255406)
@@ -135,8 +135,6 @@
bool fetchAPIKeepAliveEnabled() const { return m_fetchAPIKeepAliveEnabled; }
void setFetchAPIKeepAliveEnabled(bool isEnabled) { m_fetchAPIKeepAliveEnabled = isEnabled; }
- bool spectreGadgetsEnabled() const;
-
void setInspectorAdditionsEnabled(bool isEnabled) { m_inspectorAdditionsEnabled = isEnabled; }
bool inspectorAdditionsEnabled() const { return m_inspectorAdditionsEnabled; }
