Bug 41019 - Canvas: Remember verified clean origins for drawImage()
Summary: Canvas: Remember verified clean origins for drawImage()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords: Performance
Depends on:
Blocks:
 
Reported: 2010-06-22 16:02 PDT by Andreas Kling
Modified: 2010-06-25 12:15 PDT (History)
3 users (show)

See Also:

Attachments
Proposed patch (2.27 KB, patch)
2010-06-22 16:04 PDT, Andreas Kling 		darin: review-
darin: commit-queue-
Details | Formatted Diff | Diff
Proposed patch v2 (2.14 KB, patch)
2010-06-22 18:35 PDT, Andreas Kling 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Kling 2010-06-22 16:02:27 PDT 
This canvas game:
http://www.watersheep.org/~markh/html_canvas/game.html

..is doing a ton of drawImage() calls, and 25% of that time is spent checking that the image URL's don't taint the canvas.

Simply caching the KURL's of verified origins helps performance a lot.
Comment 1 Andreas Kling 2010-06-22 16:04:55 PDT 
Created attachment 59427 [details]
Proposed patch
Comment 2 Darin Adler 2010-06-22 17:41:21 PDT 
Comment on attachment 59427 [details]
Proposed patch

Why is this optimization important? It seems dangerous to cache security decisions because the conditions the security decision was based on could change in theory, so we should only do it if we absolutely need to. How did you determine the optimization was needed? Did this come up in some real world benchmark?

Is the common code path for checkOrigin the KURL one or the String one? I ask because we could easily store strings in the hash instead of URLs and then we could do the fast check before even turning a string into a URL. It's free to turn an URL back into a string with string(), and strings hash even better than URLs do, so I think you should really consider using strings instead of URLs as the hash keys.

> +        ListHashSet<KURL> m_cleanOrigins;

You want HashSet, not ListHashSet. ListHashSet is a more expensive and complex variant of HashSet that guarantees you can get the elements of the set back in the order you added them.

review- because this should be HashSet not ListHashSet.
Comment 3 Andreas Kling 2010-06-22 18:35:12 PDT 
Created attachment 59456 [details]
Proposed patch v2

The origin of the canvas's underlying document will not change, so caching verified URL's should be perfectly safe.

The KURL path is the common one, but it indeed makes more sense to cache the Strings.

I've updated the patch to use HashSet<String>, thanks for the feedback.
Comment 4 Sam Weinig 2010-06-22 23:55:57 PDT 
(In reply to comment #3)
> Created an attachment (id=59456) [details]
> Proposed patch v2
> 
> The origin of the canvas's underlying document will not change, so caching verified URL's should be perfectly safe.

Are you sure?  What if document.domain is set in between calls to canvas methods.  That could change the tainting the rules I believe.
Comment 5 Andreas Kling 2010-06-23 09:43:49 PDT 
(In reply to comment #4)
> Are you sure?  What if document.domain is set in between calls to canvas methods.  That could change the tainting the rules I believe.

From SecurityOrigin::canRequest(KURL):

// We call isSameSchemeHostPort here instead of canAccess because we want
// to ignore document.domain effects.
if (isSameSchemeHostPort(targetOrigin.get()))
    return true;

This is on the path currently taken by canvas's origin check.
Comment 6 WebKit Commit Bot 2010-06-25 12:15:18 PDT 
Comment on attachment 59456 [details]
Proposed patch v2

Clearing flags on attachment: 59456

Committed r61877: <http://trac.webkit.org/changeset/61877>
Comment 7 WebKit Commit Bot 2010-06-25 12:15:25 PDT 
All reviewed patches have been landed.  Closing bug.