RESOLVED FIXED 181685
Allow dangerous disabling of poison
https://bugs.webkit.org/show_bug.cgi?id=181685
Summary Allow dangerous disabling of poison
JF Bastien
Reported 2018-01-16 09:13:34 PST
Some tools such as leak detectors and such like to look at real pointers, and poisoned ones confuse them. Add a JSC option to disable poisoning, but log to the console when this is done.
Attachments
patch (3.19 KB, patch)
2018-01-16 09:15 PST, JF Bastien
keith_miller: review+
patch (3.65 KB, patch)
2018-01-16 09:33 PST, JF Bastien
no flags
patch (3.51 KB, patch)
2018-01-16 13:09 PST, JF Bastien
ews-watchlist: commit-queue-
Archive of layout-test-results from ews123 for ios-simulator-wk2 (2.25 MB, application/zip)
2018-01-16 15:04 PST, EWS Watchlist
no flags
patch (2.81 KB, patch)
2018-01-16 16:47 PST, JF Bastien
saam: commit-queue-
patch (2.81 KB, patch)
2018-01-16 20:28 PST, JF Bastien
no flags
Radar WebKit Bug Importer
Comment 1 2018-01-16 09:13:56 PST
JF Bastien
Comment 2 2018-01-16 09:15:30 PST
Keith Miller
Comment 3 2018-01-16 09:26:22 PST
Comment on attachment 331392 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=331392&action=review r=me. > Source/JavaScriptCore/ChangeLog:3 > + Allow dangerous disabling of poison I like to live my life on the edge... > Source/JavaScriptCore/runtime/Options.h:490 > + v(bool, dangerousDisablePoison, false, Normal, "if true, all poison will be initialized to 0 which defeats some Spectre and type confusion mitigations, but allows tools such as leak detectors to function better.") \ Nit: Can we put this by the other Spectre flags? Or move the other flags into their own section.
JF Bastien
Comment 4 2018-01-16 09:33:18 PST
Created attachment 331395 [details] patch Move option.
JF Bastien
Comment 5 2018-01-16 13:09:30 PST
Created attachment 331421 [details] patch Remove logging since it's not very clear and actionable.
Saam Barati
Comment 6 2018-01-16 15:00:37 PST
Comment on attachment 331421 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=331421&action=review > Source/JavaScriptCore/runtime/Options.h:463 > + v(bool, dangerousDisablePoison, false, Normal, "if true, all poison will be initialized to 0 which defeats some Spectre and type confusion mitigations, but allows tools such as leak detectors to function better.") \ Why did we name it like this? I would've done: usePoisoning or something along those lines. Many of our options are dangerous. I don't think it needs to be called out.
EWS Watchlist
Comment 7 2018-01-16 15:04:37 PST
Comment on attachment 331421 [details] patch Attachment 331421 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/6098072 New failing tests: http/tests/misc/resource-timing-resolution.html
EWS Watchlist
Comment 8 2018-01-16 15:04:38 PST
Created attachment 331435 [details] Archive of layout-test-results from ews123 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews123 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.6
JF Bastien
Comment 9 2018-01-16 16:14:25 PST
(In reply to Saam Barati from comment #6) > Comment on attachment 331421 [details] > patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=331421&action=review > > > Source/JavaScriptCore/runtime/Options.h:463 > > + v(bool, dangerousDisablePoison, false, Normal, "if true, all poison will be initialized to 0 which defeats some Spectre and type confusion mitigations, but allows tools such as leak detectors to function better.") \ > > Why did we name it like this? I would've done: > usePoisoning > or something along those lines. > > Many of our options are dangerous. I don't think it needs to be called out. Because in this case we'll likely tell people to use this option if they want these tools to work, and it should be used with care. Is there a precedent for us telling people "set this option to get feature X working" when it's dangerous to do so?
JF Bastien
Comment 10 2018-01-16 16:47:58 PST
Created attachment 331441 [details] patch Talked to Michael, moved to the name Saam suggested. Sending to CQ.
Saam Barati
Comment 11 2018-01-16 17:00:05 PST
Comment on attachment 331441 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=331441&action=review > Source/JavaScriptCore/runtime/JSCPoison.cpp:44 > + if (Options::usePoisoning()) > + return; needs to be inverted.
JF Bastien
Comment 12 2018-01-16 20:28:29 PST
Created attachment 331457 [details] patch (In reply to Saam Barati from comment #11) > Comment on attachment 331441 [details] > patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=331441&action=review > > > Source/JavaScriptCore/runtime/JSCPoison.cpp:44 > > + if (Options::usePoisoning()) > > + return; > > needs to be inverted. Outch, thanks for catching that! Coding while child mostly plays next to me is a bad idea...
WebKit Commit Bot
Comment 13 2018-01-16 21:15:49 PST
The commit-queue encountered the following flaky tests while processing attachment 331457 [details]: imported/w3c/web-platform-tests/media-source/mediasource-config-change-mp4-a-bitrate.html bug 181669 (authors: cdumez@apple.com and jer.noble@apple.com) The commit-queue is continuing to process your patch.
WebKit Commit Bot
Comment 14 2018-01-16 21:15:58 PST
The commit-queue encountered the following flaky tests while processing attachment 331457 [details]: imported/w3c/web-platform-tests/media-source/mediasource-config-change-mp4-v-bitrate.html bug 181717 (authors: cdumez@apple.com and jer.noble@apple.com) imported/w3c/web-platform-tests/media-source/mediasource-config-change-mp4-v-framerate.html bug 181718 (authors: cdumez@apple.com and jer.noble@apple.com) The commit-queue is continuing to process your patch.
WebKit Commit Bot
Comment 15 2018-01-16 21:40:45 PST
Comment on attachment 331457 [details] patch Clearing flags on attachment: 331457 Committed r227047: <https://trac.webkit.org/changeset/227047>
WebKit Commit Bot
Comment 16 2018-01-16 21:40:46 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.