Changeset 249808 in webkit

Timestamp:

Sep 12, 2019, 8:04:29 AM (6 years ago)

Author:

mark.lam@apple.com

Message:

Harden JSC against the abuse of runtime options.
​https://bugs.webkit.org/show_bug.cgi?id=201597
<rdar://problem/55167068>

Reviewed by Filip Pizlo.

JSTests:

Remove the call to forceGCSlowPaths(). This utility function will be removed.
The modern way to set the required option is to use @ requireOptions.

• stress/ftl-try-catch-oom-error-lazy-slow-path.js:

Source/JavaScriptCore:

Linux parts contributed by Carlos Garcia Campos <​cgarcia@igalia.com>.

1. Introduce a JSC::Config struct that will be protected as ReadOnly once the first VM instance is constructed. The end of the VM constructor calls Config::permanentlyFreeze() which will make the Config ReadOnly.

Note: this is currently only supported for OS(DARWIN) and OS(LINUX).
OS(WINDOWS) will need to implement some missing pieces before it can enable
this hardening (see FIXME in JSCConfig.cpp).

The hardening strategy here is to put immutable global values into the Config.
Any modifications that need to be made to these values must be done before the
first VM instance is done instantiating. This ensures that no script will
ever run while the Config is still writable.

Also, the policy for this hardening is that a process is opted in by default.
If there's a valid need to disable this hardening (e.g. for some test
environments), the relevant process will need to opt itself out by calling
Config::configureForTesting().

The jsc shell, WK2 UI and WebContent processes are opted in by default.
Only test processes may be opt out.

2. Put all JSC::Options in the Config. This enforces the invariant that options can only be changed before we instantiate a VM. Once a VM is instantiated, the options are immutable.

3. Remove functionForceGCSlowPaths() from the jsc shell. Setting Options::forceGCSlowPaths this way is no longer allowed.

4. Re-factored the Options code (Options.h) into:
   • OptionEntry.h: the data structure that stores the option values.
   • OptionsList.h: the list of options.
   • Options.h: the Options singleton object which is the interface for accessing options.

Renamed the JSC_OPTIONS macro to FOR_EACH_JSC_OPTION, because
"FOR_EACH_JSC_OPTION(SET_OPTION_VALUE)" reads a lot better than
"JSC_OPTIONS(FOR_EACH_OPTION)".

5. Change testapi to call Config::configureForTesting(). Parts of testapi makes use of setting options in its tests. Hence, this hardening is disabled for testapi.

Note: the jsc shell does enable this hardening.

6. Put ExecutableAllocator's immutable globals in the Config.

7. RELEASE_ASSERT that restrictedOptionsEnabled in order to use the FunctionOverrides test utility.

8. RELEASE_ASSERT that Options::useDollarVM() is enabled in order to use the $vm.

We must RELEASE_ASSERT(Options::useDollarVM()) in all JSDollarVM functions
that are non-trivial at an eye's glance. This includes (but is not limited to):

constructors
create() factory
createStructure() factory
finishCreation()
HOST_CALL or operation functions
Constructors and methods of utility and test classes

The only exception are some constexpr constructors used for instantiating
globals (since these must have trivial constructors) e.g. DOMJITAttribute.
Instead, these constructors should always be ALWAYS_INLINE.

• API/glib/JSCOptions.cpp:

(jscOptionsSetValue):
(jscOptionsGetValue):
(jsc_options_foreach):
(jsc_options_get_option_group):

• API/tests/testapi.c:

(main):

• API/tests/testapi.cpp:

(configureJSCForTesting):

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• Sources.txt:
• jit/ExecutableAllocator.cpp:

(JSC::isJITEnabled):
(JSC::ExecutableAllocator::setJITEnabled):
(JSC::ExecutableAllocator::initializeUnderlyingAllocator):
(JSC::ExecutableAllocator::isValid const):
(JSC::ExecutableAllocator::underMemoryPressure):
(JSC::ExecutableAllocator::memoryPressureMultiplier):
(JSC::ExecutableAllocator::allocate):
(JSC::ExecutableAllocator::isValidExecutableMemory):
(JSC::ExecutableAllocator::getLock const):
(JSC::ExecutableAllocator::committedByteCount):
(JSC::ExecutableAllocator::dumpProfile):
(JSC::startOfFixedExecutableMemoryPoolImpl):
(JSC::endOfFixedExecutableMemoryPoolImpl):
(JSC::isJITPC):
(JSC::dumpJITMemory):
(JSC::ExecutableAllocator::initialize):
(JSC::ExecutableAllocator::singleton):

• jit/ExecutableAllocator.h:

(JSC::performJITMemcpy):

• jsc.cpp:

(GlobalObject::finishCreation):
(functionJSCOptions):
(jscmain):
(functionForceGCSlowPaths): Deleted.

• runtime/ConfigFile.cpp:

(JSC::ConfigFile::parse):

• runtime/InitializeThreading.cpp:

(JSC::initializeThreading):

• runtime/JSCConfig.cpp: Added.

(JSC::Config::disableFreezingForTesting):
(JSC::Config::enableRestrictedOptions):
(JSC::Config::permanentlyFreeze):

• runtime/JSCConfig.h: Added.

(JSC::Config::configureForTesting):

• runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::exposeDollarVM):

• runtime/OptionEntry.h: Added.

(JSC::OptionRange::operator= ):
(JSC::OptionRange::rangeString const):

• runtime/Options.cpp:

(JSC::Options::isAvailable):
(JSC::scaleJITPolicy):
(JSC::Options::initialize):
(JSC::Options::setOptions):
(JSC::Options::setOptionWithoutAlias):
(JSC::Options::setAliasedOption):
(JSC::Option::dump const):
(JSC::Option::operator== const):
(): Deleted.
(JSC::Options::enableRestrictedOptions): Deleted.

• runtime/Options.h:

(JSC::Option::Option):
(JSC::Option::defaultOption const):
(JSC::Option::boolVal):
(JSC::Option::unsignedVal):
(JSC::Option::doubleVal):
(JSC::Option::int32Val):
(JSC::Option::optionRangeVal):
(JSC::Option::optionStringVal):
(JSC::Option::gcLogLevelVal):
(JSC::OptionRange::operator= ): Deleted.
(JSC::OptionRange::rangeString const): Deleted.

• runtime/OptionsList.h: Added.

(JSC::countNumberOfJSCOptions):

• runtime/VM.cpp:

(JSC::VM::VM):

• tools/FunctionOverrides.cpp:

(JSC::FunctionOverrides::FunctionOverrides):
(JSC::FunctionOverrides::reinstallOverrides):
(JSC::FunctionOverrides::initializeOverrideFor):
(JSC::FunctionOverrides::parseOverridesInFile):

• tools/JSDollarVM.cpp:

(JSC::JSDollarVMCallFrame::JSDollarVMCallFrame):
(JSC::JSDollarVMCallFrame::createStructure):
(JSC::JSDollarVMCallFrame::create):
(JSC::JSDollarVMCallFrame::finishCreation):
(JSC::JSDollarVMCallFrame::addProperty):
(JSC::Element::Element):
(JSC::Element::create):
(JSC::Element::createStructure):
(JSC::Root::Root):
(JSC::Root::create):
(JSC::Root::createStructure):
(JSC::SimpleObject::SimpleObject):
(JSC::SimpleObject::create):
(JSC::SimpleObject::createStructure):
(JSC::ImpureGetter::ImpureGetter):
(JSC::ImpureGetter::createStructure):
(JSC::ImpureGetter::create):
(JSC::ImpureGetter::finishCreation):
(JSC::ImpureGetter::getOwnPropertySlot):
(JSC::CustomGetter::CustomGetter):
(JSC::CustomGetter::createStructure):
(JSC::CustomGetter::create):
(JSC::CustomGetter::getOwnPropertySlot):
(JSC::CustomGetter::customGetter):
(JSC::CustomGetter::customGetterAcessor):
(JSC::RuntimeArray::create):
(JSC::RuntimeArray::destroy):
(JSC::RuntimeArray::getOwnPropertySlot):
(JSC::RuntimeArray::getOwnPropertySlotByIndex):
(JSC::RuntimeArray::createPrototype):
(JSC::RuntimeArray::createStructure):
(JSC::RuntimeArray::finishCreation):
(JSC::RuntimeArray::RuntimeArray):
(JSC::RuntimeArray::lengthGetter):
(JSC::DOMJITNode::DOMJITNode):
(JSC::DOMJITNode::createStructure):
(JSC::DOMJITNode::checkSubClassSnippet):
(JSC::DOMJITNode::create):
(JSC::DOMJITGetter::DOMJITGetter):
(JSC::DOMJITGetter::createStructure):
(JSC::DOMJITGetter::create):
(JSC::DOMJITGetter::DOMJITAttribute::DOMJITAttribute):
(JSC::DOMJITGetter::DOMJITAttribute::slowCall):
(JSC::DOMJITGetter::DOMJITAttribute::callDOMGetter):
(JSC::DOMJITGetter::customGetter):
(JSC::DOMJITGetter::finishCreation):
(JSC::DOMJITGetterComplex::DOMJITGetterComplex):
(JSC::DOMJITGetterComplex::createStructure):
(JSC::DOMJITGetterComplex::create):
(JSC::DOMJITGetterComplex::DOMJITAttribute::DOMJITAttribute):
(JSC::DOMJITGetterComplex::DOMJITAttribute::slowCall):
(JSC::DOMJITGetterComplex::DOMJITAttribute::callDOMGetter):
(JSC::DOMJITGetterComplex::functionEnableException):
(JSC::DOMJITGetterComplex::customGetter):
(JSC::DOMJITGetterComplex::finishCreation):
(JSC::DOMJITFunctionObject::DOMJITFunctionObject):
(JSC::DOMJITFunctionObject::createStructure):
(JSC::DOMJITFunctionObject::create):
(JSC::DOMJITFunctionObject::functionWithTypeCheck):
(JSC::DOMJITFunctionObject::functionWithoutTypeCheck):
(JSC::DOMJITFunctionObject::checkSubClassSnippet):
(JSC::DOMJITFunctionObject::finishCreation):
(JSC::DOMJITCheckSubClassObject::DOMJITCheckSubClassObject):
(JSC::DOMJITCheckSubClassObject::createStructure):
(JSC::DOMJITCheckSubClassObject::create):
(JSC::DOMJITCheckSubClassObject::functionWithTypeCheck):
(JSC::DOMJITCheckSubClassObject::functionWithoutTypeCheck):
(JSC::DOMJITCheckSubClassObject::finishCreation):
(JSC::DOMJITGetterBaseJSObject::DOMJITGetterBaseJSObject):
(JSC::DOMJITGetterBaseJSObject::createStructure):
(JSC::DOMJITGetterBaseJSObject::create):
(JSC::DOMJITGetterBaseJSObject::DOMJITAttribute::DOMJITAttribute):
(JSC::DOMJITGetterBaseJSObject::DOMJITAttribute::slowCall):
(JSC::DOMJITGetterBaseJSObject::DOMJITAttribute::callDOMGetter):
(JSC::DOMJITGetterBaseJSObject::customGetter):
(JSC::DOMJITGetterBaseJSObject::finishCreation):
(JSC::JSTestCustomGetterSetter::JSTestCustomGetterSetter):
(JSC::JSTestCustomGetterSetter::create):
(JSC::JSTestCustomGetterSetter::createStructure):
(JSC::customSetAccessor):
(JSC::customSetValue):
(JSC::JSTestCustomGetterSetter::finishCreation):
(JSC::Element::handleOwner):
(JSC::Element::finishCreation):
(JSC::WasmStreamingParser::WasmStreamingParser):
(JSC::WasmStreamingParser::create):
(JSC::WasmStreamingParser::createStructure):
(JSC::WasmStreamingParser::finishCreation):
(JSC::functionWasmStreamingParserAddBytes):
(JSC::functionWasmStreamingParserFinalize):
(JSC::functionCrash):
(JSC::functionBreakpoint):
(JSC::functionDFGTrue):
(JSC::functionFTLTrue):
(JSC::functionCpuMfence):
(JSC::functionCpuRdtsc):
(JSC::functionCpuCpuid):
(JSC::functionCpuPause):
(JSC::functionCpuClflush):
(JSC::CallerFrameJITTypeFunctor::CallerFrameJITTypeFunctor):
(JSC::getExecutableForFunction):
(JSC::functionLLintTrue):
(JSC::functionJITTrue):
(JSC::functionNoInline):
(JSC::functionGC):
(JSC::functionEdenGC):
(JSC::functionDumpSubspaceHashes):
(JSC::functionCallFrame):
(JSC::functionCodeBlockForFrame):
(JSC::codeBlockFromArg):
(JSC::functionCodeBlockFor):
(JSC::functionDumpSourceFor):
(JSC::functionDumpBytecodeFor):
(JSC::doPrint):
(JSC::functionDataLog):
(JSC::functionPrint):
(JSC::functionDumpCallFrame):
(JSC::functionDumpStack):
(JSC::functionDumpRegisters):
(JSC::functionDumpCell):
(JSC::functionIndexingMode):
(JSC::functionInlineCapacity):
(JSC::functionValue):
(JSC::functionGetPID):
(JSC::functionHaveABadTime):
(JSC::functionIsHavingABadTime):
(JSC::functionCreateGlobalObject):
(JSC::functionCreateProxy):
(JSC::functionCreateRuntimeArray):
(JSC::functionCreateNullRopeString):
(JSC::functionCreateImpureGetter):
(JSC::functionCreateCustomGetterObject):
(JSC::functionCreateDOMJITNodeObject):
(JSC::functionCreateDOMJITGetterObject):
(JSC::functionCreateDOMJITGetterComplexObject):
(JSC::functionCreateDOMJITFunctionObject):
(JSC::functionCreateDOMJITCheckSubClassObject):
(JSC::functionCreateDOMJITGetterBaseJSObject):
(JSC::functionCreateWasmStreamingParser):
(JSC::functionSetImpureGetterDelegate):
(JSC::functionCreateBuiltin):
(JSC::functionGetPrivateProperty):
(JSC::functionCreateRoot):
(JSC::functionCreateElement):
(JSC::functionGetElement):
(JSC::functionCreateSimpleObject):
(JSC::functionGetHiddenValue):
(JSC::functionSetHiddenValue):
(JSC::functionShadowChickenFunctionsOnStack):
(JSC::functionSetGlobalConstRedeclarationShouldNotThrow):
(JSC::functionFindTypeForExpression):
(JSC::functionReturnTypeFor):
(JSC::functionFlattenDictionaryObject):
(JSC::functionDumpBasicBlockExecutionRanges):
(JSC::functionHasBasicBlockExecuted):
(JSC::functionBasicBlockExecutionCount):
(JSC::functionEnableExceptionFuzz):
(JSC::changeDebuggerModeWhenIdle):
(JSC::functionEnableDebuggerModeWhenIdle):
(JSC::functionDisableDebuggerModeWhenIdle):
(JSC::functionDeleteAllCodeWhenIdle):
(JSC::functionGlobalObjectCount):
(JSC::functionGlobalObjectForObject):
(JSC::functionGetGetterSetter):
(JSC::functionLoadGetterFromGetterSetter):
(JSC::functionCreateCustomTestGetterSetter):
(JSC::functionDeltaBetweenButterflies):
(JSC::functionTotalGCTime):
(JSC::functionParseCount):
(JSC::functionIsWasmSupported):
(JSC::JSDollarVM::finishCreation):
(JSC::JSDollarVM::addFunction):
(JSC::JSDollarVM::addConstructibleFunction):

• tools/JSDollarVM.h:

Source/WebCore:

No new tests. Covered by existing tests.

Enable Options::useDollarVM before we tell the JSGlobalObject to exposeDollarVM().
The $vm utility is now hardened to require that Options::useDollarVM be
enabled in order for it to be used.

• testing/js/WebCoreTestSupport.cpp:

(WebCoreTestSupport::injectInternalsObject):

Source/WebKit:

Linux parts contributed by Carlos Garcia Campos <​cgarcia@igalia.com>.

1. Add plumbing to allow WK2 tests to configureJSCForTesting().
2. Removed the call enable Options::useBigInt in WebInspectorUI. WebInspectorUI doesn't really need it for now.

• PluginProcess/unix/PluginProcessMainUnix.cpp:
• Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceEntryPoint.h:

(WebKit::XPCServiceInitializer):

• Shared/unix/AuxiliaryProcessMain.cpp:

(WebKit::AuxiliaryProcessMainBase::parseCommandLine):

• Shared/unix/AuxiliaryProcessMain.h:

(WebKit::AuxiliaryProcessMain):

• UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::copy):

• UIProcess/API/APIProcessPoolConfiguration.h:
• UIProcess/API/C/WKContextConfigurationRef.cpp:

(WKContextConfigurationSetShouldConfigureJSCForTesting):

• UIProcess/API/C/WKContextConfigurationRef.h:
• UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h:
• UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm:

(-[_WKProcessPoolConfiguration configureJSCForTesting]):
(-[_WKProcessPoolConfiguration setConfigureJSCForTesting:]):

• UIProcess/Launcher/ProcessLauncher.h:

(WebKit::ProcessLauncher::Client::shouldConfigureJSCForTesting const):

• UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:

(WebKit::ProcessLauncher::launchProcess):

• UIProcess/Launcher/mac/ProcessLauncherMac.mm:

(WebKit::ProcessLauncher::launchProcess):

• UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::shouldConfigureJSCForTesting const):

• UIProcess/WebProcessProxy.h:
• WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::WebInspectorUI):

Source/WTF:

Add a source file that was missing so that Xcode can search its contents too.

• WTF.xcodeproj/project.pbxproj:

Tools:

Linux parts contributed by Carlos Garcia Campos <​cgarcia@igalia.com>.
Windows parts contributed by Fujii Hironori <Fujii Hironori>.

Call JSC::Config::configureForTesting() in test harnesses or at the top of tests
to disable the hardening on test runs. Tests rely on setting options to enable
test features.

• DumpRenderTree/mac/DumpRenderTree.mm:

(dumpRenderTree):

• DumpRenderTree/win/DumpRenderTree.cpp:

(initialize):

• TestWebKitAPI/PlatformUtilities.cpp:

(TestWebKitAPI::Util::createContextWithInjectedBundle):

• TestWebKitAPI/Tests/JavaScriptCore/glib/TestJSC.cpp:

(main):

• TestWebKitAPI/Tests/WebKitCocoa/ApplePay.mm:

(TestWebKitAPI::TEST):
(TestWebKitAPI::runActiveSessionTest):

• TestWebKitAPI/Tests/WebKitCocoa/WKWebViewDiagnosticLogging.mm:

(TEST):

• TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm:

(TEST):

• TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.mm:

(TestWebKitAPI::TEST):

• TestWebKitAPI/WKWebViewConfigurationExtras.h:
• TestWebKitAPI/WKWebViewConfigurationExtras.mm:

(+[WKWebViewConfiguration _test_configurationWithTestPlugInClassName:]):
(+[WKWebViewConfiguration _test_configurationWithTestPlugInClassName:configureJSCForTesting:]):

• WebKitTestRunner/TestController.cpp:

(WTR::TestController::generateContextConfiguration const):

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/stress/ftl-try-catch-oom-error-lazy-slow-path.js (modified) (1 diff)
• Source/JavaScriptCore/API/glib/JSCOptions.cpp (modified) (9 diffs)
• Source/JavaScriptCore/API/tests/testapi.c (modified) (3 diffs)
• Source/JavaScriptCore/API/tests/testapi.cpp (modified) (3 diffs)
• Source/JavaScriptCore/CMakeLists.txt (modified) (2 diffs)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (modified) (12 diffs)
• Source/JavaScriptCore/Sources.txt (modified) (3 diffs)
• Source/JavaScriptCore/jit/ExecutableAllocator.cpp (modified) (23 diffs)
• Source/JavaScriptCore/jit/ExecutableAllocator.h (modified) (5 diffs)
• Source/JavaScriptCore/jsc.cpp (modified) (5 diffs)
• Source/JavaScriptCore/runtime/ConfigFile.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/InitializeThreading.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/JSCConfig.cpp (added)
• Source/JavaScriptCore/runtime/JSCConfig.h (added)
• Source/JavaScriptCore/runtime/JSGlobalObject.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/OptionEntry.h (added)
• Source/JavaScriptCore/runtime/Options.cpp (modified) (15 diffs)
• Source/JavaScriptCore/runtime/Options.h (modified) (11 diffs)
• Source/JavaScriptCore/runtime/OptionsList.h (added)
• Source/JavaScriptCore/runtime/VM.cpp (modified) (1 diff)
• Source/JavaScriptCore/tools/FunctionOverrides.cpp (modified) (5 diffs)
• Source/JavaScriptCore/tools/JSDollarVM.cpp (modified) (172 diffs)
• Source/JavaScriptCore/tools/JSDollarVM.h (modified) (5 diffs)
• Source/WTF/ChangeLog (modified) (1 diff)
• Source/WTF/WTF.xcodeproj/project.pbxproj (modified) (2 diffs)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/testing/js/WebCoreTestSupport.cpp (modified) (1 diff)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/PluginProcess/unix/PluginProcessMainUnix.cpp (modified) (1 diff)
• Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceEntryPoint.h (modified) (2 diffs)
• Source/WebKit/Shared/unix/AuxiliaryProcessMain.cpp (modified) (2 diffs)
• Source/WebKit/Shared/unix/AuxiliaryProcessMain.h (modified) (1 diff)
• Source/WebKit/UIProcess/API/APIProcessPoolConfiguration.cpp (modified) (2 diffs)
• Source/WebKit/UIProcess/API/APIProcessPoolConfiguration.h (modified) (3 diffs)
• Source/WebKit/UIProcess/API/C/WKContextConfigurationRef.cpp (modified) (2 diffs)
• Source/WebKit/UIProcess/API/C/WKContextConfigurationRef.h (modified) (2 diffs)
• Source/WebKit/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h (modified) (2 diffs)
• Source/WebKit/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm (modified) (2 diffs)
• Source/WebKit/UIProcess/Launcher/ProcessLauncher.h (modified) (2 diffs)
• Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp (modified) (2 diffs)
• Source/WebKit/UIProcess/Launcher/mac/ProcessLauncherMac.mm (modified) (2 diffs)
• Source/WebKit/UIProcess/WebProcessProxy.cpp (modified) (2 diffs)
• Source/WebKit/UIProcess/WebProcessProxy.h (modified) (2 diffs)
• Source/WebKit/WebProcess/WebPage/WebInspectorUI.cpp (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/DumpRenderTree/mac/DumpRenderTree.mm (modified) (2 diffs)
• Tools/DumpRenderTree/win/DumpRenderTree.cpp (modified) (1 diff)
• Tools/TestWebKitAPI/PlatformUtilities.cpp (modified) (2 diffs)
• Tools/TestWebKitAPI/Tests/JavaScriptCore/glib/TestJSC.cpp (modified) (2 diffs)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/ApplePay.mm (modified) (7 diffs)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebViewDiagnosticLogging.mm (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm (modified) (2 diffs)
• Tools/TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.mm (modified) (2 diffs)
• Tools/TestWebKitAPI/WKWebViewConfigurationExtras.h (modified) (2 diffs)
• Tools/TestWebKitAPI/WKWebViewConfigurationExtras.mm (modified) (2 diffs)
• Tools/WebKitTestRunner/TestController.cpp (modified) (1 diff)

trunk/JSTests/ChangeLog ¶

@@ +1 @@
+2019-09-12  Mark Lam  <mark.lam@apple.com>
+
+        Harden JSC against the abuse of runtime options.
+        https://bugs.webkit.org/show_bug.cgi?id=201597
+        <rdar://problem/55167068>
+
+        Reviewed by Filip Pizlo.
+
+        Remove the call to forceGCSlowPaths().  This utility function will be removed.
+        The modern way to set the required option is to use //@ requireOptions.
+
+        * stress/ftl-try-catch-oom-error-lazy-slow-path.js:
+
 2019-09-11  Yusuke Suzuki  <ysuzuki@apple.com>
 

trunk/JSTests/stress/ftl-try-catch-oom-error-lazy-slow-path.js ¶

@@ -1 @@
-forceGCSlowPaths(); // Force OOM error in FTL MakeRope to happen in a lazy slow path.
+//@ requireOptions("--forceGCSlowPaths=true")
+
+// We require --forceGCSlowPaths=true to force OOM error in FTL MakeRope to happen in a lazy slow path.
 
 function assert(b) {

trunk/Source/JavaScriptCore/API/glib/JSCOptions.cpp ¶

@@ -32 +32 @@
  *
  * JavaScript options allow changing the behavior of the JavaScript engine.
- * They affect the way the engine works, so it's encouraged to set the options
+ * They affect the way the engine works, so the options must be set
  * at the very beginning of the program execution, before any other JavaScript
  * API call. Most of the options are only useful for testing and debugging.
@@ -167 +167 @@
 static gboolean jscOptionsSetValue(const char* option, const GValue* value)
 {
-#define FOR_EACH_OPTION(type_, name_, defaultValue_, availability_, description_) \
+#define SET_OPTION_VALUE(type_, name_, defaultValue_, availability_, description_) \
     if (!g_strcmp0(#name_, option)) {                                   \
-        type_ valueToSet;                                               \
+        OptionEntry::type_ valueToSet;                                  \
         if (!valueFromGValue(value, valueToSet))                        \
             return FALSE;                                               \
@@ -177 +177 @@
 
     Options::initialize();
-    JSC_OPTIONS(FOR_EACH_OPTION)
-#undef FOR_EACH_OPTION
+    FOR_EACH_JSC_OPTION(SET_OPTION_VALUE)
+#undef SET_OPTION_VALUE
 
     return FALSE;
@@ -185 +185 @@
 static gboolean jscOptionsGetValue(const char* option, GValue* value)
 {
-#define FOR_EACH_OPTION(type_, name_, defaultValue_, availability_, description_) \
+#define GET_OPTION_VALUE(type_, name_, defaultValue_, availability_, description_) \
     if (!g_strcmp0(#name_, option)) {                                   \
-        type_ valueToGet = Options::name_();                            \
+        OptionEntry::type_ valueToGet = Options::name_();               \
         valueToGValue(valueToGet, value);                               \
         return TRUE;                                                    \
@@ -193 +193 @@
 
     Options::initialize();
-    JSC_OPTIONS(FOR_EACH_OPTION)
-#undef FOR_EACH_OPTION
+    FOR_EACH_JSC_OPTION(GET_OPTION_VALUE)
+#undef GET_OPTION_VALUE
 
     return FALSE;
@@ -615 +615 @@
     g_return_if_fail(function);
 
-#define FOR_EACH_OPTION(type_, name_, defaultValue_, availability_, description_) \
+#define VISIT_OPTION(type_, name_, defaultValue_, availability_, description_) \
     if (Options::Availability::availability_ == Options::Availability::Normal \
         || Options::isAvailable(Options::name_##ID, Options::Availability::availability_)) { \
-        type_ defaultValue { };                                         \
+        OptionEntry::type_ defaultValue { };                            \
         auto optionType = jscOptionsType(defaultValue);                 \
         if (function (#name_, optionType, description_, userData))      \
@@ -625 +625 @@
 
     Options::initialize();
-    JSC_OPTIONS(FOR_EACH_OPTION)
-#undef FOR_EACH_OPTION
+    FOR_EACH_JSC_OPTION(VISIT_OPTION)
+#undef VISIT_OPTION
 }
 
@@ -665 +665 @@
 
     GArray* entries = g_array_new(TRUE, TRUE, sizeof(GOptionEntry));
-#define FOR_EACH_OPTION(type_, name_, defaultValue_, availability_, description_) \
+#define REGISTER_OPTION(type_, name_, defaultValue_, availability_, description_) \
     if (Options::Availability::availability_ == Options::Availability::Normal \
         || Options::isAvailable(Options::name_##ID, Options::Availability::availability_)) { \
@@ -679 +679 @@
 
     Options::initialize();
-    JSC_OPTIONS(FOR_EACH_OPTION)
-#undef FOR_EACH_OPTION
+    FOR_EACH_JSC_OPTION(REGISTER_OPTION)
+#undef REGISTER_OPTION
 
     g_option_group_add_entries(group, reinterpret_cast<GOptionEntry*>(entries->data));

trunk/Source/JavaScriptCore/API/tests/testapi.c ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2006-2017 Apple Inc.  All rights reserved.
+ * Copyright (C) 2006-2019 Apple Inc.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -78 +78 @@
 #endif
 
+void configureJSCForTesting(void);
 int testCAPIViaCpp(const char* filter);
 
@@ -1387 +1388 @@
     SetErrorMode(0);
 #endif
+
+    configureJSCForTesting();
 
 #if !OS(WINDOWS)

trunk/Source/JavaScriptCore/API/tests/testapi.cpp ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -40 +40 @@
 #include <wtf/text/StringCommon.h>
 
+extern "C" void configureJSCForTesting();
 extern "C" int testCAPIViaCpp(const char* filter);
 
@@ -588 +589 @@
     callFunction("(function () { const p = Promise.reject(); Promise.resolve().then(() => { p.catch(() => {}); }); })");
     check(!callbackCalled, "unhandled rejection callback should not be called for asynchronous early-handled rejection");
+}
+
+void configureJSCForTesting()
+{
+    JSC::Config::configureForTesting();
 }
 

trunk/Source/JavaScriptCore/CMakeLists.txt ¶

@@ -843 +843 @@
     runtime/JSArrayBufferViewInlines.h
     runtime/JSBigInt.h
+    runtime/JSCConfig.h
     runtime/JSCInlines.h
     runtime/JSCJSValue.h
@@ -919 +920 @@
     runtime/ObjectPrototype.h
     runtime/Operations.h
+    runtime/OptionEntry.h
     runtime/Options.h
+    runtime/OptionsList.h
     runtime/ParseInt.h
     runtime/PrivateName.h

trunk/Source/JavaScriptCore/ChangeLog ¶

@@ +1 @@
+2019-09-12  Mark Lam  <mark.lam@apple.com>
+
+        Harden JSC against the abuse of runtime options.
+        https://bugs.webkit.org/show_bug.cgi?id=201597
+        <rdar://problem/55167068>
+
+        Reviewed by Filip Pizlo.
+
+        Linux parts contributed by Carlos Garcia Campos <cgarcia@igalia.com>.
+
+        1. Introduce a JSC::Config struct that will be protected as ReadOnly once the
+           first VM instance is constructed.  The end of the VM constructor calls
+           Config::permanentlyFreeze() which will make the Config ReadOnly.
+
+           Note: this is currently only supported for OS(DARWIN) and OS(LINUX).
+           OS(WINDOWS) will need to implement some missing pieces before it can enable
+           this hardening (see FIXME in JSCConfig.cpp).
+
+           The hardening strategy here is to put immutable global values into the Config.
+           Any modifications that need to be made to these values must be done before the
+           first VM instance is done instantiating.  This ensures that no script will
+           ever run while the Config is still writable.
+
+           Also, the policy for this hardening is that a process is opted in by default.
+           If there's a valid need to disable this hardening (e.g. for some test
+           environments), the relevant process will need to opt itself out by calling
+           Config::configureForTesting().
+
+           The jsc shell, WK2 UI and WebContent processes are opted in by default.
+           Only test processes may be opt out.
+
+        2. Put all JSC::Options in the Config.  This enforces the invariant that options
+           can only be changed before we instantiate a VM.  Once a VM is instantiated,
+           the options are immutable.
+
+        3. Remove functionForceGCSlowPaths() from the jsc shell.  Setting
+           Options::forceGCSlowPaths this way is no longer allowed.
+
+        4. Re-factored the Options code (Options.h) into:
+           - OptionEntry.h: the data structure that stores the option values.
+           - OptionsList.h: the list of options.
+           - Options.h: the Options singleton object which is the interface for accessing options.
+
+           Renamed the JSC_OPTIONS macro to FOR_EACH_JSC_OPTION, because
+           "FOR_EACH_JSC_OPTION(SET_OPTION_VALUE)" reads a lot better than
+           "JSC_OPTIONS(FOR_EACH_OPTION)".
+
+        5. Change testapi to call Config::configureForTesting().  Parts of testapi makes
+           use of setting options in its tests.  Hence, this hardening is disabled for
+           testapi.
+
+           Note: the jsc shell does enable this hardening.
+
+        6. Put ExecutableAllocator's immutable globals in the Config.
+
+        7. RELEASE_ASSERT that restrictedOptionsEnabled in order to use the
+           FunctionOverrides test utility.
+
+        8. RELEASE_ASSERT that Options::useDollarVM() is enabled in order to use the $vm.
+
+           We must RELEASE_ASSERT(Options::useDollarVM()) in all JSDollarVM functions
+           that are non-trivial at an eye's glance.  This includes (but is not limited to):
+               constructors
+               create() factory
+               createStructure() factory
+               finishCreation()
+               HOST_CALL or operation functions
+               Constructors and methods of utility and test classes
+
+           The only exception are some constexpr constructors used for instantiating
+           globals (since these must have trivial constructors) e.g. DOMJITAttribute.
+           Instead, these constructors should always be ALWAYS_INLINE.
+
+        * API/glib/JSCOptions.cpp:
+        (jscOptionsSetValue):
+        (jscOptionsGetValue):
+        (jsc_options_foreach):
+        (jsc_options_get_option_group):
+        * API/tests/testapi.c:
+        (main):
+        * API/tests/testapi.cpp:
+        (configureJSCForTesting):
+        * CMakeLists.txt:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * Sources.txt:
+        * jit/ExecutableAllocator.cpp:
+        (JSC::isJITEnabled):
+        (JSC::ExecutableAllocator::setJITEnabled):
+        (JSC::ExecutableAllocator::initializeUnderlyingAllocator):
+        (JSC::ExecutableAllocator::isValid const):
+        (JSC::ExecutableAllocator::underMemoryPressure):
+        (JSC::ExecutableAllocator::memoryPressureMultiplier):
+        (JSC::ExecutableAllocator::allocate):
+        (JSC::ExecutableAllocator::isValidExecutableMemory):
+        (JSC::ExecutableAllocator::getLock const):
+        (JSC::ExecutableAllocator::committedByteCount):
+        (JSC::ExecutableAllocator::dumpProfile):
+        (JSC::startOfFixedExecutableMemoryPoolImpl):
+        (JSC::endOfFixedExecutableMemoryPoolImpl):
+        (JSC::isJITPC):
+        (JSC::dumpJITMemory):
+        (JSC::ExecutableAllocator::initialize):
+        (JSC::ExecutableAllocator::singleton):
+        * jit/ExecutableAllocator.h:
+        (JSC::performJITMemcpy):
+        * jsc.cpp:
+        (GlobalObject::finishCreation):
+        (functionJSCOptions):
+        (jscmain):
+        (functionForceGCSlowPaths): Deleted.
+        * runtime/ConfigFile.cpp:
+        (JSC::ConfigFile::parse):
+        * runtime/InitializeThreading.cpp:
+        (JSC::initializeThreading):
+        * runtime/JSCConfig.cpp: Added.
+        (JSC::Config::disableFreezingForTesting):
+        (JSC::Config::enableRestrictedOptions):
+        (JSC::Config::permanentlyFreeze):
+        * runtime/JSCConfig.h: Added.
+        (JSC::Config::configureForTesting):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::exposeDollarVM):
+        * runtime/OptionEntry.h: Added.
+        (JSC::OptionRange::operator= ):
+        (JSC::OptionRange::rangeString const):
+        * runtime/Options.cpp:
+        (JSC::Options::isAvailable):
+        (JSC::scaleJITPolicy):
+        (JSC::Options::initialize):
+        (JSC::Options::setOptions):
+        (JSC::Options::setOptionWithoutAlias):
+        (JSC::Options::setAliasedOption):
+        (JSC::Option::dump const):
+        (JSC::Option::operator== const):
+        (): Deleted.
+        (JSC::Options::enableRestrictedOptions): Deleted.
+        * runtime/Options.h:
+        (JSC::Option::Option):
+        (JSC::Option::defaultOption const):
+        (JSC::Option::boolVal):
+        (JSC::Option::unsignedVal):
+        (JSC::Option::doubleVal):
+        (JSC::Option::int32Val):
+        (JSC::Option::optionRangeVal):
+        (JSC::Option::optionStringVal):
+        (JSC::Option::gcLogLevelVal):
+        (JSC::OptionRange::operator= ): Deleted.
+        (JSC::OptionRange::rangeString const): Deleted.
+        * runtime/OptionsList.h: Added.
+        (JSC::countNumberOfJSCOptions):
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        * tools/FunctionOverrides.cpp:
+        (JSC::FunctionOverrides::FunctionOverrides):
+        (JSC::FunctionOverrides::reinstallOverrides):
+        (JSC::FunctionOverrides::initializeOverrideFor):
+        (JSC::FunctionOverrides::parseOverridesInFile):
+        * tools/JSDollarVM.cpp:
+        (JSC::JSDollarVMCallFrame::JSDollarVMCallFrame):
+        (JSC::JSDollarVMCallFrame::createStructure):
+        (JSC::JSDollarVMCallFrame::create):
+        (JSC::JSDollarVMCallFrame::finishCreation):
+        (JSC::JSDollarVMCallFrame::addProperty):
+        (JSC::Element::Element):
+        (JSC::Element::create):
+        (JSC::Element::createStructure):
+        (JSC::Root::Root):
+        (JSC::Root::create):
+        (JSC::Root::createStructure):
+        (JSC::SimpleObject::SimpleObject):
+        (JSC::SimpleObject::create):
+        (JSC::SimpleObject::createStructure):
+        (JSC::ImpureGetter::ImpureGetter):
+        (JSC::ImpureGetter::createStructure):
+        (JSC::ImpureGetter::create):
+        (JSC::ImpureGetter::finishCreation):
+        (JSC::ImpureGetter::getOwnPropertySlot):
+        (JSC::CustomGetter::CustomGetter):
+        (JSC::CustomGetter::createStructure):
+        (JSC::CustomGetter::create):
+        (JSC::CustomGetter::getOwnPropertySlot):
+        (JSC::CustomGetter::customGetter):
+        (JSC::CustomGetter::customGetterAcessor):
+        (JSC::RuntimeArray::create):
+        (JSC::RuntimeArray::destroy):
+        (JSC::RuntimeArray::getOwnPropertySlot):
+        (JSC::RuntimeArray::getOwnPropertySlotByIndex):
+        (JSC::RuntimeArray::createPrototype):
+        (JSC::RuntimeArray::createStructure):
+        (JSC::RuntimeArray::finishCreation):
+        (JSC::RuntimeArray::RuntimeArray):
+        (JSC::RuntimeArray::lengthGetter):
+        (JSC::DOMJITNode::DOMJITNode):
+        (JSC::DOMJITNode::createStructure):
+        (JSC::DOMJITNode::checkSubClassSnippet):
+        (JSC::DOMJITNode::create):
+        (JSC::DOMJITGetter::DOMJITGetter):
+        (JSC::DOMJITGetter::createStructure):
+        (JSC::DOMJITGetter::create):
+        (JSC::DOMJITGetter::DOMJITAttribute::DOMJITAttribute):
+        (JSC::DOMJITGetter::DOMJITAttribute::slowCall):
+        (JSC::DOMJITGetter::DOMJITAttribute::callDOMGetter):
+        (JSC::DOMJITGetter::customGetter):
+        (JSC::DOMJITGetter::finishCreation):
+        (JSC::DOMJITGetterComplex::DOMJITGetterComplex):
+        (JSC::DOMJITGetterComplex::createStructure):
+        (JSC::DOMJITGetterComplex::create):
+        (JSC::DOMJITGetterComplex::DOMJITAttribute::DOMJITAttribute):
+        (JSC::DOMJITGetterComplex::DOMJITAttribute::slowCall):
+        (JSC::DOMJITGetterComplex::DOMJITAttribute::callDOMGetter):
+        (JSC::DOMJITGetterComplex::functionEnableException):
+        (JSC::DOMJITGetterComplex::customGetter):
+        (JSC::DOMJITGetterComplex::finishCreation):
+        (JSC::DOMJITFunctionObject::DOMJITFunctionObject):
+        (JSC::DOMJITFunctionObject::createStructure):
+        (JSC::DOMJITFunctionObject::create):
+        (JSC::DOMJITFunctionObject::functionWithTypeCheck):
+        (JSC::DOMJITFunctionObject::functionWithoutTypeCheck):
+        (JSC::DOMJITFunctionObject::checkSubClassSnippet):
+        (JSC::DOMJITFunctionObject::finishCreation):
+        (JSC::DOMJITCheckSubClassObject::DOMJITCheckSubClassObject):
+        (JSC::DOMJITCheckSubClassObject::createStructure):
+        (JSC::DOMJITCheckSubClassObject::create):
+        (JSC::DOMJITCheckSubClassObject::functionWithTypeCheck):
+        (JSC::DOMJITCheckSubClassObject::functionWithoutTypeCheck):
+        (JSC::DOMJITCheckSubClassObject::finishCreation):
+        (JSC::DOMJITGetterBaseJSObject::DOMJITGetterBaseJSObject):
+        (JSC::DOMJITGetterBaseJSObject::createStructure):
+        (JSC::DOMJITGetterBaseJSObject::create):
+        (JSC::DOMJITGetterBaseJSObject::DOMJITAttribute::DOMJITAttribute):
+        (JSC::DOMJITGetterBaseJSObject::DOMJITAttribute::slowCall):
+        (JSC::DOMJITGetterBaseJSObject::DOMJITAttribute::callDOMGetter):
+        (JSC::DOMJITGetterBaseJSObject::customGetter):
+        (JSC::DOMJITGetterBaseJSObject::finishCreation):
+        (JSC::JSTestCustomGetterSetter::JSTestCustomGetterSetter):
+        (JSC::JSTestCustomGetterSetter::create):
+        (JSC::JSTestCustomGetterSetter::createStructure):
+        (JSC::customSetAccessor):
+        (JSC::customSetValue):
+        (JSC::JSTestCustomGetterSetter::finishCreation):
+        (JSC::Element::handleOwner):
+        (JSC::Element::finishCreation):
+        (JSC::WasmStreamingParser::WasmStreamingParser):
+        (JSC::WasmStreamingParser::create):
+        (JSC::WasmStreamingParser::createStructure):
+        (JSC::WasmStreamingParser::finishCreation):
+        (JSC::functionWasmStreamingParserAddBytes):
+        (JSC::functionWasmStreamingParserFinalize):
+        (JSC::functionCrash):
+        (JSC::functionBreakpoint):
+        (JSC::functionDFGTrue):
+        (JSC::functionFTLTrue):
+        (JSC::functionCpuMfence):
+        (JSC::functionCpuRdtsc):
+        (JSC::functionCpuCpuid):
+        (JSC::functionCpuPause):
+        (JSC::functionCpuClflush):
+        (JSC::CallerFrameJITTypeFunctor::CallerFrameJITTypeFunctor):
+        (JSC::getExecutableForFunction):
+        (JSC::functionLLintTrue):
+        (JSC::functionJITTrue):
+        (JSC::functionNoInline):
+        (JSC::functionGC):
+        (JSC::functionEdenGC):
+        (JSC::functionDumpSubspaceHashes):
+        (JSC::functionCallFrame):
+        (JSC::functionCodeBlockForFrame):
+        (JSC::codeBlockFromArg):
+        (JSC::functionCodeBlockFor):
+        (JSC::functionDumpSourceFor):
+        (JSC::functionDumpBytecodeFor):
+        (JSC::doPrint):
+        (JSC::functionDataLog):
+        (JSC::functionPrint):
+        (JSC::functionDumpCallFrame):
+        (JSC::functionDumpStack):
+        (JSC::functionDumpRegisters):
+        (JSC::functionDumpCell):
+        (JSC::functionIndexingMode):
+        (JSC::functionInlineCapacity):
+        (JSC::functionValue):
+        (JSC::functionGetPID):
+        (JSC::functionHaveABadTime):
+        (JSC::functionIsHavingABadTime):
+        (JSC::functionCreateGlobalObject):
+        (JSC::functionCreateProxy):
+        (JSC::functionCreateRuntimeArray):
+        (JSC::functionCreateNullRopeString):
+        (JSC::functionCreateImpureGetter):
+        (JSC::functionCreateCustomGetterObject):
+        (JSC::functionCreateDOMJITNodeObject):
+        (JSC::functionCreateDOMJITGetterObject):
+        (JSC::functionCreateDOMJITGetterComplexObject):
+        (JSC::functionCreateDOMJITFunctionObject):
+        (JSC::functionCreateDOMJITCheckSubClassObject):
+        (JSC::functionCreateDOMJITGetterBaseJSObject):
+        (JSC::functionCreateWasmStreamingParser):
+        (JSC::functionSetImpureGetterDelegate):
+        (JSC::functionCreateBuiltin):
+        (JSC::functionGetPrivateProperty):
+        (JSC::functionCreateRoot):
+        (JSC::functionCreateElement):
+        (JSC::functionGetElement):
+        (JSC::functionCreateSimpleObject):
+        (JSC::functionGetHiddenValue):
+        (JSC::functionSetHiddenValue):
+        (JSC::functionShadowChickenFunctionsOnStack):
+        (JSC::functionSetGlobalConstRedeclarationShouldNotThrow):
+        (JSC::functionFindTypeForExpression):
+        (JSC::functionReturnTypeFor):
+        (JSC::functionFlattenDictionaryObject):
+        (JSC::functionDumpBasicBlockExecutionRanges):
+        (JSC::functionHasBasicBlockExecuted):
+        (JSC::functionBasicBlockExecutionCount):
+        (JSC::functionEnableExceptionFuzz):
+        (JSC::changeDebuggerModeWhenIdle):
+        (JSC::functionEnableDebuggerModeWhenIdle):
+        (JSC::functionDisableDebuggerModeWhenIdle):
+        (JSC::functionDeleteAllCodeWhenIdle):
+        (JSC::functionGlobalObjectCount):
+        (JSC::functionGlobalObjectForObject):
+        (JSC::functionGetGetterSetter):
+        (JSC::functionLoadGetterFromGetterSetter):
+        (JSC::functionCreateCustomTestGetterSetter):
+        (JSC::functionDeltaBetweenButterflies):
+        (JSC::functionTotalGCTime):
+        (JSC::functionParseCount):
+        (JSC::functionIsWasmSupported):
+        (JSC::JSDollarVM::finishCreation):
+        (JSC::JSDollarVM::addFunction):
+        (JSC::JSDollarVM::addConstructibleFunction):
+        * tools/JSDollarVM.h:
+
 2019-09-11  Devin Rousso  <drousso@apple.com>
 

trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj ¶

@@ -114 +114 @@
                 E1AC2E2720F7B94C00B0897D /* Unlock Keychain */ = {
                         isa = PBXAggregateTarget;
-                        buildConfigurationList = 14CFB10523035EF300F0048C /* Build configuration list */;
+                        buildConfigurationList = 14CFB10523035EF300F0048C /* Build configuration list for PBXAggregateTarget "Unlock Keychain" */;
                         buildPhases = (
                                 E1AC2E2C20F7B95800B0897D /* Unlock Keychain */,
@@ -1872 +1872 @@
                 FE318FE01CAC982F00DFCC54 /* ECMAScriptSpecInternalFunctions.h in Headers */ = {isa = PBXBuildFile; fileRef = FE318FDE1CAC8C5300DFCC54 /* ECMAScriptSpecInternalFunctions.h */; };
                 FE3422121D6B81C30032BE88 /* ThrowScope.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3422111D6B818C0032BE88 /* ThrowScope.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                FE3842322324D51B009DD445 /* OptionEntry.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3842302324D51A009DD445 /* OptionEntry.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                FE3842332324D51B009DD445 /* OptionsList.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3842312324D51B009DD445 /* OptionsList.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FE384EE61ADDB7AD0055DE2C /* JSDollarVM.h in Headers */ = {isa = PBXBuildFile; fileRef = FE384EE21ADDB7AD0055DE2C /* JSDollarVM.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FE3A06A61C10B72D00390FDD /* JITBitOrGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3A06A41C10B70800390FDD /* JITBitOrGenerator.h */; };
@@ -1880 +1882 @@
                 FE3A06C01C11041A00390FDD /* JITRightShiftGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3A06B91C1103D900390FDD /* JITRightShiftGenerator.h */; };
                 FE476FF4207E85D50093CA2D /* JITCodeMap.h in Headers */ = {isa = PBXBuildFile; fileRef = FE476FF3207E85D40093CA2D /* JITCodeMap.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                FE48BD4423245E9300F136D0 /* JSCConfig.h in Headers */ = {isa = PBXBuildFile; fileRef = FE48BD4223245E8700F136D0 /* JSCConfig.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FE48E6381EB118D2005D7A96 /* ObjectInitializationScope.h in Headers */ = {isa = PBXBuildFile; fileRef = FE48E6361EB1188F005D7A96 /* ObjectInitializationScope.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FE4BFF2C1AD476E700088F87 /* FunctionOverrides.h in Headers */ = {isa = PBXBuildFile; fileRef = FE4BFF2A1AD476E700088F87 /* FunctionOverrides.h */; };
@@ -1922 +1925 @@
                         filePatterns = "*.h";
                         fileType = pattern.proxy;
+                        inputFiles = (
+                        );
                         isEditable = 1;
                         outputFiles = (
@@ -5063 +5068 @@
                 FE35C2FB21B1E6C7000F4CA8 /* OpcodeGroup.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = OpcodeGroup.rb; sourceTree = "<group>"; };
                 FE35C2FC21B1E6C7000F4CA8 /* Metadata.rb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.ruby; path = Metadata.rb; sourceTree = "<group>"; };
+                FE3842302324D51A009DD445 /* OptionEntry.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OptionEntry.h; sourceTree = "<group>"; };
+                FE3842312324D51B009DD445 /* OptionsList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OptionsList.h; sourceTree = "<group>"; };
                 FE384EE11ADDB7AD0055DE2C /* JSDollarVM.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSDollarVM.cpp; sourceTree = "<group>"; };
                 FE384EE21ADDB7AD0055DE2C /* JSDollarVM.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSDollarVM.h; sourceTree = "<group>"; };
@@ -5078 +5085 @@
                 FE42388F1BE18C1200514737 /* JITSubGenerator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JITSubGenerator.cpp; sourceTree = "<group>"; };
                 FE476FF3207E85D40093CA2D /* JITCodeMap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITCodeMap.h; sourceTree = "<group>"; };
+                FE48BD4223245E8700F136D0 /* JSCConfig.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = JSCConfig.h; sourceTree = "<group>"; };
+                FE48BD4323245E8700F136D0 /* JSCConfig.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = JSCConfig.cpp; sourceTree = "<group>"; };
                 FE48E6361EB1188F005D7A96 /* ObjectInitializationScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ObjectInitializationScope.h; sourceTree = "<group>"; };
                 FE48E6371EB118AD005D7A96 /* ObjectInitializationScope.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ObjectInitializationScope.cpp; sourceTree = "<group>"; };
@@ -7135 +7144 @@
                                 86FA9E8F142BBB2D001773B7 /* JSBoundFunction.cpp */,
                                 86FA9E90142BBB2E001773B7 /* JSBoundFunction.h */,
+                                FE48BD4323245E8700F136D0 /* JSCConfig.cpp */,
+                                FE48BD4223245E8700F136D0 /* JSCConfig.h */,
                                 657CF45619BF6662004ACBF2 /* JSCallee.cpp */,
                                 657CF45719BF6662004ACBF2 /* JSCallee.h */,
@@ -7355 +7366 @@
                                 F692A8770255597D01FF60F7 /* Operations.cpp */,
                                 F692A8780255597D01FF60F7 /* Operations.h */,
+                                FE3842302324D51A009DD445 /* OptionEntry.h */,
                                 0FE228EA1436AB2300196C48 /* Options.cpp */,
                                 0FE228EB1436AB2300196C48 /* Options.h */,
+                                FE3842312324D51B009DD445 /* OptionsList.h */,
                                 37C738D11EDB5672003F2B0B /* ParseInt.h */,
                                 868916A9155F285400CB2B9A /* PrivateName.h */,
@@ -9336 +9349 @@
                                 A7D89D0217A0B90400773AD8 /* FTLLoweredNodeValue.h in Headers */,
                                 0F2B9CF919D0BAC100B1D1B5 /* FTLOperations.h in Headers */,
+                                FE3842322324D51B009DD445 /* OptionEntry.h in Headers */,
                                 0FD8A31C17D51F2200CA2C40 /* FTLOSREntry.h in Headers */,
                                 0F235BDD17178E1C00690C7F /* FTLOSRExit.h in Headers */,
@@ -9525 +9539 @@
                                 A125846F1B45A36000CC7F6C /* IntlNumberFormatPrototype.lut.h in Headers */,
                                 A12BBFF21B044A8B00664B69 /* IntlObject.h in Headers */,
+                                FE48BD4423245E9300F136D0 /* JSCConfig.h in Headers */,
                                 708EBE241CE8F35800453146 /* IntlObjectInlines.h in Headers */,
                                 860BD801148EA6F200112B2F /* Intrinsic.h in Headers */,
@@ -9978 +9993 @@
                                 0FE050291AA9095600D33B33 /* ScopedArgumentsTable.h in Headers */,
                                 0FE0502B1AA9095600D33B33 /* ScopeOffset.h in Headers */,
+                                FE3842332324D51B009DD445 /* OptionsList.h in Headers */,
                                 0F24E55217EE274900ABB217 /* ScratchRegisterAllocator.h in Headers */,
                                 A5FD0068189AFE9C00633231 /* ScriptArguments.h in Headers */,
@@ -12192 +12208 @@
                         defaultConfigurationName = Production;
                 };
-                14CFB10523035EF300F0048C /* Build configuration list */ = {
+                14CFB10523035EF300F0048C /* Build configuration list for PBXAggregateTarget "Unlock Keychain" */ = {
                         isa = XCConfigurationList;
                         buildConfigurations = (

trunk/Source/JavaScriptCore/Sources.txt ¶

@@ -734 +734 @@
 runtime/CommonSlowPaths.cpp
 runtime/CompilationResult.cpp
-tools/CompilerTimingScope.cpp
 runtime/Completion.cpp
 runtime/ConfigFile.cpp
@@ -814 +813 @@
 runtime/JSBigInt.cpp
 runtime/JSBoundFunction.cpp
+runtime/JSCConfig.cpp
 runtime/JSCJSValue.cpp
 runtime/JSCPtrTag.cpp
@@ -985 +985 @@
 tools/CodeProfile.cpp
 tools/CodeProfiling.cpp
+tools/CompilerTimingScope.cpp
 tools/FunctionOverrides.cpp
 tools/FunctionWhitelist.cpp

trunk/Source/JavaScriptCore/jit/ExecutableAllocator.cpp ¶

@@ -93 +93 @@
 
 #if defined(FIXED_EXECUTABLE_MEMORY_POOL_SIZE_IN_MB) && FIXED_EXECUTABLE_MEMORY_POOL_SIZE_IN_MB > 0
-static const size_t fixedExecutableMemoryPoolSize = FIXED_EXECUTABLE_MEMORY_POOL_SIZE_IN_MB * 1024 * 1024;
+static constexpr size_t fixedExecutableMemoryPoolSize = FIXED_EXECUTABLE_MEMORY_POOL_SIZE_IN_MB * 1024 * 1024;
 #elif CPU(ARM)
-static const size_t fixedExecutableMemoryPoolSize = 16 * 1024 * 1024;
+static constexpr size_t fixedExecutableMemoryPoolSize = 16 * 1024 * 1024;
 #elif CPU(ARM64)
-static const size_t fixedExecutableMemoryPoolSize = 128 * 1024 * 1024;
+static constexpr size_t fixedExecutableMemoryPoolSize = 128 * 1024 * 1024;
 #elif CPU(X86_64)
-static const size_t fixedExecutableMemoryPoolSize = 1024 * 1024 * 1024;
+static constexpr size_t fixedExecutableMemoryPoolSize = 1024 * 1024 * 1024;
 #else
-static const size_t fixedExecutableMemoryPoolSize = 32 * 1024 * 1024;
+static constexpr size_t fixedExecutableMemoryPoolSize = 32 * 1024 * 1024;
 #endif
 
 #if CPU(ARM)
-static const double executablePoolReservationFraction = 0.15;
+static constexpr double executablePoolReservationFraction = 0.15;
 #else
-static const double executablePoolReservationFraction = 0.25;
-#endif
-
-#if ENABLE(SEPARATED_WX_HEAP)
-JS_EXPORT_PRIVATE bool useFastPermisionsJITCopy { false };
-JS_EXPORT_PRIVATE JITWriteSeparateHeapsFunction jitWriteSeparateHeapsFunction;
-#endif
-
-#if !USE(EXECUTE_ONLY_JIT_WRITE_FUNCTION) && HAVE(REMAP_JIT)
-static uintptr_t startOfFixedWritableMemoryPool;
-#endif
-
-class FixedVMPoolExecutableAllocator;
-static FixedVMPoolExecutableAllocator* allocator = nullptr;
-
-static bool s_isJITEnabled = true;
+static constexpr double executablePoolReservationFraction = 0.25;
+#endif
+
 static bool isJITEnabled()
 {
+    bool jitEnabled = !g_jscConfig.jitDisabled;
 #if PLATFORM(IOS_FAMILY) && (CPU(ARM64) || CPU(ARM))
-    return processHasEntitlement("dynamic-codesigning") && s_isJITEnabled;
+    return processHasEntitlement("dynamic-codesigning") && jitEnabled;
 #else
-    return s_isJITEnabled;
+    return jitEnabled;
 #endif
 }
@@ -134 +122 @@
 void ExecutableAllocator::setJITEnabled(bool enabled)
 {
-    ASSERT(!allocator);
-    if (s_isJITEnabled == enabled)
+    bool jitEnabled = !g_jscConfig.jitDisabled;
+    ASSERT(!g_jscConfig.fixedVMPoolExecutableAllocator);
+    if (jitEnabled == enabled)
         return;
 
-    s_isJITEnabled = enabled;
+    g_jscConfig.jitDisabled = !enabled;
 
 #if PLATFORM(IOS_FAMILY) && (CPU(ARM64) || CPU(ARM))
@@ -194 +183 @@
 #if ENABLE(FAST_JIT_PERMISSIONS)
             if (os_thread_self_restrict_rwx_is_supported()) {
-                useFastPermisionsJITCopy = true;
+                g_jscConfig.useFastPermisionsJITCopy = true;
                 os_thread_self_restrict_rwx_to_rx();
             } else
@@ -213 +202 @@
             void* reservationEnd = reinterpret_cast<uint8_t*>(reservationBase) + reservationSize;
 
-            m_memoryStart = MacroAssemblerCodePtr<ExecutableMemoryPtrTag>(tagCodePtr<ExecutableMemoryPtrTag>(reservationBase));
-            m_memoryEnd = MacroAssemblerCodePtr<ExecutableMemoryPtrTag>(tagCodePtr<ExecutableMemoryPtrTag>(reservationEnd));
+            g_jscConfig.startExecutableMemory = tagCodePtr<ExecutableMemoryPtrTag>(reservationBase);
+            g_jscConfig.endExecutableMemory = tagCodePtr<ExecutableMemoryPtrTag>(reservationEnd);
         }
     }
@@ -220 +209 @@
     virtual ~FixedVMPoolExecutableAllocator();
 
-    void* memoryStart() { return m_memoryStart.untaggedExecutableAddress(); }
-    void* memoryEnd() { return m_memoryEnd.untaggedExecutableAddress(); }
+    void* memoryStart() { return untagCodePtr<ExecutableMemoryPtrTag>(g_jscConfig.startExecutableMemory); }
+    void* memoryEnd() { return untagCodePtr<ExecutableMemoryPtrTag>(g_jscConfig.endExecutableMemory); }
     bool isJITPC(void* pc) { return memoryStart() <= pc && pc < memoryEnd(); }
 
@@ -303 +292 @@
 
 #if ENABLE(SEPARATED_WX_HEAP)
-        jitWriteSeparateHeapsFunction = reinterpret_cast<JITWriteSeparateHeapsFunction>(writeThunk.code().executableAddress());
+        g_jscConfig.jitWriteSeparateHeaps = reinterpret_cast<JITWriteSeparateHeapsFunction>(writeThunk.code().executableAddress());
 #endif
     }
@@ -382 +371 @@
     static void genericWriteToJITRegion(off_t offset, const void* data, size_t dataSize)
     {
-        memcpy((void*)(startOfFixedWritableMemoryPool + offset), data, dataSize);
+        memcpy((void*)(g_jscConfig.startOfFixedWritableMemoryPool + offset), data, dataSize);
     }
 
     MacroAssemblerCodeRef<JITThunkPtrTag> jitWriteThunkGenerator(void* address, void*, size_t)
     {
-        startOfFixedWritableMemoryPool = reinterpret_cast<uintptr_t>(address);
+        g_jscConfig.startOfFixedWritableMemoryPool = reinterpret_cast<uintptr_t>(address);
         void* function = reinterpret_cast<void*>(&genericWriteToJITRegion);
 #if CPU(ARM_THUMB2)
@@ -408 +397 @@
 private:
     PageReservation m_reservation;
-    MacroAssemblerCodePtr<ExecutableMemoryPtrTag> m_memoryStart;
-    MacroAssemblerCodePtr<ExecutableMemoryPtrTag> m_memoryEnd;
 };
 
@@ -419 +406 @@
 void ExecutableAllocator::initializeUnderlyingAllocator()
 {
-    ASSERT(!allocator);
-    allocator = new FixedVMPoolExecutableAllocator();
-    CodeProfiling::notifyAllocator(allocator);
+    RELEASE_ASSERT(!g_jscConfig.fixedVMPoolExecutableAllocator);
+    g_jscConfig.fixedVMPoolExecutableAllocator = new FixedVMPoolExecutableAllocator();
+    CodeProfiling::notifyAllocator(g_jscConfig.fixedVMPoolExecutableAllocator);
 }
 
 bool ExecutableAllocator::isValid() const
 {
+    auto* allocator = g_jscConfig.fixedVMPoolExecutableAllocator;
     if (!allocator)
         return Base::isValid();
@@ -433 +421 @@
 bool ExecutableAllocator::underMemoryPressure()
 {
+    auto* allocator = g_jscConfig.fixedVMPoolExecutableAllocator;
     if (!allocator)
         return Base::underMemoryPressure();
@@ -440 +429 @@
 double ExecutableAllocator::memoryPressureMultiplier(size_t addedMemoryUsage)
 {
+    auto* allocator = g_jscConfig.fixedVMPoolExecutableAllocator;
     if (!allocator)
         return Base::memoryPressureMultiplier(addedMemoryUsage);
@@ -459 +449 @@
 RefPtr<ExecutableMemoryHandle> ExecutableAllocator::allocate(size_t sizeInBytes, void* ownerUID, JITCompilationEffort effort)
 {
+    auto* allocator = g_jscConfig.fixedVMPoolExecutableAllocator;
     if (!allocator)
         return Base::allocate(sizeInBytes, ownerUID, effort);
@@ -496 +487 @@
     }
 
-#if CPU(ARM64E)
     void* start = allocator->memoryStart();
     void* end = allocator->memoryEnd();
@@ -503 +493 @@
     RELEASE_ASSERT(start <= resultStart && resultStart < end);
     RELEASE_ASSERT(start < resultEnd && resultEnd <= end);
-#endif
     return result;
 }
@@ -509 +498 @@
 bool ExecutableAllocator::isValidExecutableMemory(const AbstractLocker& locker, void* address)
 {
+    auto* allocator = g_jscConfig.fixedVMPoolExecutableAllocator;
     if (!allocator)
         return Base::isValidExecutableMemory(locker, address);
@@ -516 +506 @@
 Lock& ExecutableAllocator::getLock() const
 {
+    auto* allocator = g_jscConfig.fixedVMPoolExecutableAllocator;
     if (!allocator)
         return Base::getLock();
@@ -523 +514 @@
 size_t ExecutableAllocator::committedByteCount()
 {
+    auto* allocator = g_jscConfig.fixedVMPoolExecutableAllocator;
     if (!allocator)
         return Base::committedByteCount();
@@ -531 +523 @@
 void ExecutableAllocator::dumpProfile()
 {
+    auto* allocator = g_jscConfig.fixedVMPoolExecutableAllocator;
     if (!allocator)
         return;
@@ -539 +532 @@
 void* startOfFixedExecutableMemoryPoolImpl()
 {
+    auto* allocator = g_jscConfig.fixedVMPoolExecutableAllocator;
     if (!allocator)
         return nullptr;
@@ -546 +540 @@
 void* endOfFixedExecutableMemoryPoolImpl()
 {
+    auto* allocator = g_jscConfig.fixedVMPoolExecutableAllocator;
     if (!allocator)
         return nullptr;
@@ -553 +548 @@
 bool isJITPC(void* pc)
 {
+    auto* allocator = g_jscConfig.fixedVMPoolExecutableAllocator;
     return allocator && allocator->isJITPC(pc);
 }
@@ -558 +554 @@
 void dumpJITMemory(const void* dst, const void* src, size_t size)
 {
-    ASSERT(Options::dumpJITMemoryPath());
+    RELEASE_ASSERT(Options::dumpJITMemoryPath());
 
 #if OS(DARWIN)
@@ -636 +632 @@
 namespace JSC {
 
-static ExecutableAllocator* executableAllocator;
-
 void ExecutableAllocator::initialize()
 {
-    executableAllocator = new ExecutableAllocator;
+    g_jscConfig.executableAllocator = new ExecutableAllocator;
 }
 
 ExecutableAllocator& ExecutableAllocator::singleton()
 {
-    ASSERT(executableAllocator);
-    return *executableAllocator;
+    ASSERT(g_jscConfig.executableAllocator);
+    return *g_jscConfig.executableAllocator;
 }
 

trunk/Source/JavaScriptCore/jit/ExecutableAllocator.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2008-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -27 +27 @@
 
 #include "JITCompilationEffort.h"
+#include "JSCConfig.h"
 #include "JSCPtrTag.h"
 #include "Options.h"
@@ -116 +117 @@
 JS_EXPORT_PRIVATE void dumpJITMemory(const void*, const void*, size_t);
 
-#if ENABLE(SEPARATED_WX_HEAP)
-
-typedef void (*JITWriteSeparateHeapsFunction)(off_t, const void*, size_t);
-extern JS_EXPORT_PRIVATE JITWriteSeparateHeapsFunction jitWriteSeparateHeapsFunction;
-extern JS_EXPORT_PRIVATE bool useFastPermisionsJITCopy;
-
-#endif // ENABLE(SEPARATED_WX_HEAP)
-
 static ALWAYS_INLINE void* performJITMemcpy(void *dst, const void *src, size_t n)
 {
@@ -139 +132 @@
 #if ENABLE(FAST_JIT_PERMISSIONS)
 #if ENABLE(SEPARATED_WX_HEAP)
-        if (useFastPermisionsJITCopy)
+        if (g_jscConfig.useFastPermisionsJITCopy)
 #endif
         {
@@ -150 +143 @@
 
 #if ENABLE(SEPARATED_WX_HEAP)
-        if (jitWriteSeparateHeapsFunction) {
+        if (g_jscConfig.jitWriteSeparateHeaps) {
             // Use execute-only write thunk for writes inside the JIT region. This is a variant of
             // memcpy that takes an offset into the JIT region as its destination (first) parameter.
             off_t offset = (off_t)((uintptr_t)dst - startOfFixedExecutableMemoryPool<uintptr_t>());
-            retagCodePtr<JITThunkPtrTag, CFunctionPtrTag>(jitWriteSeparateHeapsFunction)(offset, src, n);
+            retagCodePtr<JITThunkPtrTag, CFunctionPtrTag>(g_jscConfig.jitWriteSeparateHeaps)(offset, src, n);
             return dst;
         }

trunk/Source/JavaScriptCore/jsc.cpp ¶

@@ -302 +302 @@
 static EncodedJSValue JSC_HOST_CALL functionFullGC(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionEdenGC(ExecState*);
-static EncodedJSValue JSC_HOST_CALL functionForceGCSlowPaths(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionHeapSize(ExecState*);
 static EncodedJSValue JSC_HOST_CALL functionCreateMemoryFootprint(ExecState*);
@@ -521 +520 @@
         addFunction(vm, "fullGC", functionFullGC, 0);
         addFunction(vm, "edenGC", functionEdenGC, 0);
-        addFunction(vm, "forceGCSlowPaths", functionForceGCSlowPaths, 0);
         addFunction(vm, "gcHeapSize", functionHeapSize, 0);
         addFunction(vm, "MemoryFootprint", functionCreateMemoryFootprint, 0);
@@ -1371 +1369 @@
 }
 
-EncodedJSValue JSC_HOST_CALL functionForceGCSlowPaths(ExecState*)
-{
-    // It's best for this to be the first thing called in the 
-    // JS program so the option is set to true before we JIT.
-    Options::forceGCSlowPaths() = true;
-    return JSValue::encode(jsUndefined());
-}
-
 EncodedJSValue JSC_HOST_CALL functionHeapSize(ExecState* exec)
 {
@@ -2124 +2114 @@
     VM& vm = exec->vm();
     JSObject* optionsObject = constructEmptyObject(exec);
-#define FOR_EACH_OPTION(type_, name_, defaultValue_, availability_, description_) \
+#define READ_OPTION(type_, name_, defaultValue_, availability_, description_) \
     addOption(vm, optionsObject, Identifier::fromString(vm, #name_), Options::name_());
-    JSC_OPTIONS(FOR_EACH_OPTION)
-#undef FOR_EACH_OPTION
+    FOR_EACH_JSC_OPTION(READ_OPTION)
+#undef READ_OPTION
     return JSValue::encode(optionsObject);
 }
@@ -3099 +3089 @@
 {
     // Need to override and enable restricted options before we start parsing options below.
-    Options::enableRestrictedOptions(true);
+    Config::enableRestrictedOptions();
 
     WTF::initializeMainThread();

trunk/Source/JavaScriptCore/runtime/ConfigFile.cpp ¶

@@ -466 +466 @@
 
         if (!jscOptionsBuilder.isEmpty()) {
-            Options::enableRestrictedOptions(true);
+            JSC::Config::enableRestrictedOptions();
             Options::setOptions(jscOptionsBuilder.toString().utf8().data());
         }

trunk/Source/JavaScriptCore/runtime/InitializeThreading.cpp ¶

@@ -34 +34 @@
 #include "Heap.h"
 #include "Identifier.h"
+#include "JSCConfig.h"
 #include "JSCPtrTag.h"
 #include "JSDateMath.h"
@@ -63 +64 @@
 
     std::call_once(initializeThreadingOnceFlag, []{
+        RELEASE_ASSERT(!g_jscConfig.initializeThreadingHasBeenCalled);
+        g_jscConfig.initializeThreadingHasBeenCalled = true;
+
         WTF::initializeThreading();
         Options::initialize();

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp ¶

@@ -1823 +1823 @@
 void JSGlobalObject::exposeDollarVM(VM& vm)
 {
+    RELEASE_ASSERT(g_jscConfig.restrictedOptionsEnabled && Options::useDollarVM());
     if (hasOwnProperty(globalExec(), vm.propertyNames->builtinNames().dollarVMPrivateName()))
         return;

trunk/Source/JavaScriptCore/runtime/Options.cpp ¶

@@ -57 +57 @@
 namespace JSC {
 
-namespace {
-#ifdef NDEBUG
-bool restrictedOptionsEnabled = false;
-#else
-bool restrictedOptionsEnabled = true;
-#endif
-}
-
-void Options::enableRestrictedOptions(bool enableOrNot)
-{
-    restrictedOptionsEnabled = enableOrNot;
-}
-    
 static bool parse(const char* string, bool& value)
 {
@@ -149 +136 @@
 {
     if (availability == Availability::Restricted)
-        return restrictedOptionsEnabled;
+        return g_jscConfig.restrictedOptionsEnabled;
     ASSERT(availability == Availability::Configurable);
     
@@ -296 +283 @@
 }
 
-Options::Entry Options::s_options[Options::numberOfOptions];
-Options::Entry Options::s_defaultOptions[Options::numberOfOptions];
-
 // Realize the names for each of the options:
 const Options::EntryInfo Options::s_optionsInfo[Options::numberOfOptions] = {
-#define FOR_EACH_OPTION(type_, name_, defaultValue_, availability_, description_) \
-    { #name_, description_, Options::Type::type_##Type, Availability::availability_ },
-    JSC_OPTIONS(FOR_EACH_OPTION)
-#undef FOR_EACH_OPTION
+#define FILL_OPTION_INFO(type_, name_, defaultValue_, availability_, description_) \
+    { #name_, description_, Options::Type::type_, Availability::availability_ },
+    FOR_EACH_JSC_OPTION(FILL_OPTION_INFO)
+#undef FILL_OPTION_INFO
 };
 
@@ -333 +317 @@
     for (int i = 0; i < numberOfOptionsToScale; i++) {
         Option option(optionsToScale[i].id);
-        ASSERT(option.type() == Options::Type::int32Type);
+        ASSERT(option.type() == Options::Type::Int32);
         option.int32Val() *= scaleFactor;
         option.int32Val() = std::max(option.int32Val(), optionsToScale[i].minVal);
@@ -530 +514 @@
         initializeOptionsOnceFlag,
         [] {
+#ifndef NDEBUG
+            Config::enableRestrictedOptions();
+#endif
             // Initialize each of the options with their default values:
-#define FOR_EACH_OPTION(type_, name_, defaultValue_, availability_, description_) \
-            name_() = defaultValue_;                                    \
+#define INIT_OPTION(type_, name_, defaultValue_, availability_, description_) \
+            name_() = defaultValue_; \
             name_##Default() = defaultValue_;
-            JSC_OPTIONS(FOR_EACH_OPTION)
-#undef FOR_EACH_OPTION
+            FOR_EACH_JSC_OPTION(INIT_OPTION)
+#undef INIT_OPTION
 
             overrideDefaults();
@@ -556 +543 @@
                 CRASH();
 #else // PLATFORM(COCOA)
-#define FOR_EACH_OPTION(type_, name_, defaultValue_, availability_, description_) \
+#define OVERRIDE_OPTION_WITH_HEURISTICS(type_, name_, defaultValue_, availability_, description_) \
             overrideOptionWithHeuristic(name_(), name_##ID, "JSC_" #name_, Availability::availability_);
-            JSC_OPTIONS(FOR_EACH_OPTION)
-#undef FOR_EACH_OPTION
+            FOR_EACH_JSC_OPTION(OVERRIDE_OPTION_WITH_HEURISTICS)
+#undef OVERRIDE_OPTION_WITH_HEURISTICS
 #endif // PLATFORM(COCOA)
 
-#define FOR_EACH_OPTION(aliasedName_, unaliasedName_, equivalence_) \
+#define OVERRIDE_ALIASED_OPTION_WITH_HEURISTICS(aliasedName_, unaliasedName_, equivalence_) \
             overrideAliasedOptionWithHeuristic("JSC_" #aliasedName_);
-            JSC_ALIASED_OPTIONS(FOR_EACH_OPTION)
-#undef FOR_EACH_OPTION
+            FOR_EACH_JSC_ALIASED_OPTION(OVERRIDE_ALIASED_OPTION_WITH_HEURISTICS)
+#undef OVERRIDE_ALIASED_OPTION_WITH_HEURISTICS
 
 #if 0
@@ -643 +630 @@
 bool Options::setOptions(const char* optionsStr)
 {
+    RELEASE_ASSERT(!g_jscConfig.isPermanentlyFrozen);
     Vector<char*> options;
 
@@ -737 +725 @@
     // For each option, check if the specify arg is a match. If so, set the arg
     // if the value makes sense. Otherwise, move on to checking the next option.
-#define FOR_EACH_OPTION(type_, name_, defaultValue_, availability_, description_) \
+#define SET_OPTION_IF_MATCH(type_, name_, defaultValue_, availability_, description_) \
     if (strlen(#name_) == static_cast<size_t>(equalStr - arg)      \
         && !strncmp(arg, #name_, equalStr - arg)) {                \
@@ -743 +731 @@
             && !isAvailable(name_##ID, Availability::availability_)) \
             return false;                                          \
-        type_ value;                                               \
+        OptionEntry::type_ value;                                  \
         value = (defaultValue_);                                   \
         bool success = parse(valueStr, value);                     \
@@ -755 +743 @@
     }
 
-    JSC_OPTIONS(FOR_EACH_OPTION)
-#undef FOR_EACH_OPTION
+    FOR_EACH_JSC_OPTION(SET_OPTION_IF_MATCH)
+#undef SET_OPTION_IF_MATCH
 
     return false; // No option matched.
@@ -799 +787 @@
     }
 
-    JSC_ALIASED_OPTIONS(FOR_EACH_OPTION)
+    FOR_EACH_JSC_ALIASED_OPTION(FOR_EACH_OPTION)
 #undef FOR_EACH_OPTION
 
@@ -891 +879 @@
 {
     switch (type()) {
-    case Options::Type::boolType:
-        builder.append(m_entry.boolVal ? "true" : "false");
+    case Options::Type::Bool:
+        builder.append(m_entry.valBool ? "true" : "false");
         break;
-    case Options::Type::unsignedType:
-        builder.appendNumber(m_entry.unsignedVal);
+    case Options::Type::Unsigned:
+        builder.appendNumber(m_entry.valUnsigned);
         break;
-    case Options::Type::sizeType:
-        builder.appendNumber(m_entry.sizeVal);
+    case Options::Type::Size:
+        builder.appendNumber(m_entry.valSize);
         break;
-    case Options::Type::doubleType:
-        builder.appendFixedPrecisionNumber(m_entry.doubleVal);
+    case Options::Type::Double:
+        builder.appendFixedPrecisionNumber(m_entry.valDouble);
         break;
-    case Options::Type::int32Type:
-        builder.appendNumber(m_entry.int32Val);
+    case Options::Type::Int32:
+        builder.appendNumber(m_entry.valInt32);
         break;
-    case Options::Type::optionRangeType:
-        builder.append(m_entry.optionRangeVal.rangeString());
+    case Options::Type::OptionRange:
+        builder.append(m_entry.valOptionRange.rangeString());
         break;
-    case Options::Type::optionStringType: {
-        const char* option = m_entry.optionStringVal;
+    case Options::Type::OptionString: {
+        const char* option = m_entry.valOptionString;
         if (!option)
             option = "";
@@ -918 +906 @@
         break;
     }
-    case Options::Type::gcLogLevelType: {
-        builder.append(GCLogging::levelAsString(m_entry.gcLogLevelVal));
+    case Options::Type::GCLogLevel: {
+        builder.append(GCLogging::levelAsString(m_entry.valGCLogLevel));
         break;
     }
@@ -928 +916 @@
 {
     switch (type()) {
-    case Options::Type::boolType:
-        return m_entry.boolVal == other.m_entry.boolVal;
-    case Options::Type::unsignedType:
-        return m_entry.unsignedVal == other.m_entry.unsignedVal;
-    case Options::Type::sizeType:
-        return m_entry.sizeVal == other.m_entry.sizeVal;
-    case Options::Type::doubleType:
-        return (m_entry.doubleVal == other.m_entry.doubleVal) || (std::isnan(m_entry.doubleVal) && std::isnan(other.m_entry.doubleVal));
-    case Options::Type::int32Type:
-        return m_entry.int32Val == other.m_entry.int32Val;
-    case Options::Type::optionRangeType:
-        return m_entry.optionRangeVal.rangeString() == other.m_entry.optionRangeVal.rangeString();
-    case Options::Type::optionStringType:
-        return (m_entry.optionStringVal == other.m_entry.optionStringVal)
-            || (m_entry.optionStringVal && other.m_entry.optionStringVal && !strcmp(m_entry.optionStringVal, other.m_entry.optionStringVal));
-    case Options::Type::gcLogLevelType:
-        return m_entry.gcLogLevelVal == other.m_entry.gcLogLevelVal;
+    case Options::Type::Bool:
+        return m_entry.valBool == other.m_entry.valBool;
+    case Options::Type::Unsigned:
+        return m_entry.valUnsigned == other.m_entry.valUnsigned;
+    case Options::Type::Size:
+        return m_entry.valSize == other.m_entry.valSize;
+    case Options::Type::Double:
+        return (m_entry.valDouble == other.m_entry.valDouble) || (std::isnan(m_entry.valDouble) && std::isnan(other.m_entry.valDouble));
+    case Options::Type::Int32:
+        return m_entry.valInt32 == other.m_entry.valInt32;
+    case Options::Type::OptionRange:
+        return m_entry.valOptionRange.rangeString() == other.m_entry.valOptionRange.rangeString();
+    case Options::Type::OptionString:
+        return (m_entry.valOptionString == other.m_entry.valOptionString)
+            || (m_entry.valOptionString && other.m_entry.valOptionString && !strcmp(m_entry.valOptionString, other.m_entry.valOptionString));
+    case Options::Type::GCLogLevel:
+        return m_entry.valGCLogLevel == other.m_entry.valGCLogLevel;
     }
     return false;
@@ -950 +938 @@
 
 } // namespace JSC
-

trunk/Source/JavaScriptCore/runtime/Options.h ¶

@@ -26 +26 @@
 #pragma once
 
-#include "GCLogging.h"
+#include "JSCConfig.h"
 #include "JSExportMacros.h"
 #include <stdint.h>
@@ -42 +42 @@
 // How do JSC VM options work?
 // ===========================
-// The JSC_OPTIONS() macro below defines a list of all JSC options in use,
+// The FOR_EACH_JSC_OPTION() macro below defines a list of all JSC options in use,
 // along with their types and default values. The options values are actually
-// realized as an array of Options::Entry elements.
+// realized as an array of OptionEntry elements in JSC::Config.
 //
 //     Options::initialize() will initialize the array of options values with
-// the defaults specified in JSC_OPTIONS() below. After that, the values can
+// the defaults specified in FOR_EACH_JSC_OPTION() below. After that, the values can
 // be programmatically read and written to using an accessor method with the
 // same name as the option. For example, the option "useJIT" can be read and
@@ -68 +68 @@
 // ensure that the new values set are sane and reasonable for your own run.
 
-class OptionRange {
-private:
-    enum RangeState { Uninitialized, InitError, Normal, Inverted };
-public:
-    OptionRange& operator= (const int& rhs)
-    { // Only needed for initialization
-        if (!rhs) {
-            m_state = Uninitialized;
-            m_rangeString = 0;
-            m_lowLimit = 0;
-            m_highLimit = 0;
-        }
-        return *this;
-    }
-
-    bool init(const char*);
-    bool isInRange(unsigned);
-    const char* rangeString() const { return (m_state > InitError) ? m_rangeString : s_nullRangeStr; }
-    
-    void dump(PrintStream& out) const;
-
-private:
-    static const char* const s_nullRangeStr;
-
-    RangeState m_state;
-    const char* m_rangeString;
-    unsigned m_lowLimit;
-    unsigned m_highLimit;
-};
-
-typedef OptionRange optionRange;
-typedef const char* optionString;
-
 #if PLATFORM(IOS_FAMILY)
 #define MAXIMUM_NUMBER_OF_FTL_COMPILER_THREADS 2
@@ -112 +79 @@
 constexpr bool enableWebAssemblyStreamingApi = false;
 #endif
-
-#define JSC_OPTIONS(v) \
-    v(bool, useKernTCSM, true, Normal, "Note: this needs to go before other options since they depend on this value.") \
-    v(bool, validateOptions, false, Normal, "crashes if mis-typed JSC options were passed to the VM") \
-    v(unsigned, dumpOptions, 0, Normal, "dumps JSC options (0 = None, 1 = Overridden only, 2 = All, 3 = Verbose)") \
-    v(optionString, configFile, nullptr, Normal, "file to configure JSC options and logging location") \
-    \
-    v(bool, useLLInt,  true, Normal, "allows the LLINT to be used if true") \
-    v(bool, useJIT, jitEnabledByDefault(), Normal, "allows the executable pages to be allocated for JIT and thunks if true") \
-    v(bool, useBaselineJIT, true, Normal, "allows the baseline JIT to be used if true") \
-    v(bool, useDFGJIT, true, Normal, "allows the DFG JIT to be used if true") \
-    v(bool, useRegExpJIT, jitEnabledByDefault(), Normal, "allows the RegExp JIT to be used if true") \
-    v(bool, useDOMJIT, is64Bit(), Normal, "allows the DOMJIT to be used if true") \
-    \
-    v(bool, reportMustSucceedExecutableAllocations, false, Normal, nullptr) \
-    \
-    v(unsigned, maxPerThreadStackUsage, 4 * MB, Normal, "Max allowed stack usage by the VM") \
-    v(unsigned, softReservedZoneSize, 128 * KB, Normal, "A buffer greater than reservedZoneSize that reserves space for stringifying exceptions.") \
-    v(unsigned, reservedZoneSize, 64 * KB, Normal, "The amount of stack space we guarantee to our clients (and to interal VM code that does not call out to clients).") \
-    \
-    v(bool, crashIfCantAllocateJITMemory, false, Normal, nullptr) \
-    v(unsigned, jitMemoryReservationSize, 0, Normal, "Set this number to change the executable allocation size in ExecutableAllocatorFixedVMPool. (In bytes.)") \
-    v(bool, useSeparatedWXHeap, false, Normal, nullptr) \
-    \
-    v(bool, forceCodeBlockLiveness, false, Normal, nullptr) \
-    v(bool, forceICFailure, false, Normal, nullptr) \
-    \
-    v(unsigned, repatchCountForCoolDown, 8, Normal, nullptr) \
-    v(unsigned, initialCoolDownCount, 20, Normal, nullptr) \
-    v(unsigned, repatchBufferingCountdown, 8, Normal, nullptr) \
-    \
-    v(bool, dumpGeneratedBytecodes, false, Normal, nullptr) \
-    v(bool, dumpBytecodeLivenessResults, false, Normal, nullptr) \
-    v(bool, validateBytecode, false, Normal, nullptr) \
-    v(bool, forceDebuggerBytecodeGeneration, false, Normal, nullptr) \
-    v(bool, dumpBytecodesBeforeGeneratorification, false, Normal, nullptr) \
-    \
-    v(bool, useFunctionDotArguments, true, Normal, nullptr) \
-    v(bool, useTailCalls, true, Normal, nullptr) \
-    v(bool, optimizeRecursiveTailCalls, true, Normal, nullptr) \
-    v(bool, alwaysUseShadowChicken, false, Normal, nullptr) \
-    v(unsigned, shadowChickenLogSize, 1000, Normal, nullptr) \
-    v(unsigned, shadowChickenMaxTailDeletedFramesSize, 128, Normal, nullptr) \
-    \
-    /* dumpDisassembly implies dumpDFGDisassembly. */ \
-    v(bool, dumpDisassembly, false, Normal, "dumps disassembly of all JIT compiled code upon compilation") \
-    v(bool, asyncDisassembly, false, Normal, nullptr) \
-    v(bool, dumpDFGDisassembly, false, Normal, "dumps disassembly of DFG function upon compilation") \
-    v(bool, dumpFTLDisassembly, false, Normal, "dumps disassembly of FTL function upon compilation") \
-    v(bool, dumpRegExpDisassembly, false, Normal, "dumps disassembly of RegExp upon compilation") \
-    v(bool, dumpAllDFGNodes, false, Normal, nullptr) \
-    v(bool, logJITCodeForPerf, false, Configurable, nullptr) \
-    v(optionRange, bytecodeRangeToJITCompile, 0, Normal, "bytecode size range to allow compilation on, e.g. 1:100") \
-    v(optionRange, bytecodeRangeToDFGCompile, 0, Normal, "bytecode size range to allow DFG compilation on, e.g. 1:100") \
-    v(optionRange, bytecodeRangeToFTLCompile, 0, Normal, "bytecode size range to allow FTL compilation on, e.g. 1:100") \
-    v(optionString, jitWhitelist, nullptr, Normal, "file with list of function signatures to allow compilation on") \
-    v(optionString, dfgWhitelist, nullptr, Normal, "file with list of function signatures to allow DFG compilation on") \
-    v(optionString, ftlWhitelist, nullptr, Normal, "file with list of function signatures to allow FTL compilation on") \
-    v(bool, dumpSourceAtDFGTime, false, Normal, "dumps source code of JS function being DFG compiled") \
-    v(bool, dumpBytecodeAtDFGTime, false, Normal, "dumps bytecode of JS function being DFG compiled") \
-    v(bool, dumpGraphAfterParsing, false, Normal, nullptr) \
-    v(bool, dumpGraphAtEachPhase, false, Normal, nullptr) \
-    v(bool, dumpDFGGraphAtEachPhase, false, Normal, "dumps the DFG graph at each phase of DFG compilation (note this excludes DFG graphs during FTL compilation)") \
-    v(bool, dumpDFGFTLGraphAtEachPhase, false, Normal, "dumps the DFG graph at each phase of DFG compilation when compiling FTL code") \
-    v(bool, dumpB3GraphAtEachPhase, false, Normal, "dumps the B3 graph at each phase of compilation") \
-    v(bool, dumpAirGraphAtEachPhase, false, Normal, "dumps the Air graph at each phase of compilation") \
-    v(bool, verboseDFGBytecodeParsing, false, Normal, nullptr) \
-    v(bool, safepointBeforeEachPhase, true, Normal, nullptr) \
-    v(bool, verboseCompilation, false, Normal, nullptr) \
-    v(bool, verboseFTLCompilation, false, Normal, nullptr) \
-    v(bool, logCompilationChanges, false, Normal, nullptr) \
-    v(bool, useProbeOSRExit, false, Normal, nullptr) \
-    v(bool, printEachOSRExit, false, Normal, nullptr) \
-    v(bool, validateGraph, false, Normal, nullptr) \
-    v(bool, validateGraphAtEachPhase, false, Normal, nullptr) \
-    v(bool, verboseValidationFailure, false, Normal, nullptr) \
-    v(bool, verboseOSR, false, Normal, nullptr) \
-    v(bool, verboseDFGOSRExit, false, Normal, nullptr) \
-    v(bool, verboseFTLOSRExit, false, Normal, nullptr) \
-    v(bool, verboseCallLink, false, Normal, nullptr) \
-    v(bool, verboseCompilationQueue, false, Normal, nullptr) \
-    v(bool, reportCompileTimes, false, Normal, "dumps JS function signature and the time it took to compile in all tiers") \
-    v(bool, reportBaselineCompileTimes, false, Normal, "dumps JS function signature and the time it took to BaselineJIT compile") \
-    v(bool, reportDFGCompileTimes, false, Normal, "dumps JS function signature and the time it took to DFG and FTL compile") \
-    v(bool, reportFTLCompileTimes, false, Normal, "dumps JS function signature and the time it took to FTL compile") \
-    v(bool, reportTotalCompileTimes, false, Normal, nullptr) \
-    v(bool, reportParseTimes, false, Normal, "dumps JS function signature and the time it took to parse") \
-    v(bool, reportBytecodeCompileTimes, false, Normal, "dumps JS function signature and the time it took to bytecode compile") \
-    v(bool, countParseTimes, false, Normal, "counts parse times") \
-    v(bool, verboseExitProfile, false, Normal, nullptr) \
-    v(bool, verboseCFA, false, Normal, nullptr) \
-    v(bool, verboseDFGFailure, false, Normal, nullptr) \
-    v(bool, verboseFTLToJSThunk, false, Normal, nullptr) \
-    v(bool, verboseFTLFailure, false, Normal, nullptr) \
-    v(bool, alwaysComputeHash, false, Normal, nullptr) \
-    v(bool, testTheFTL, false, Normal, nullptr) \
-    v(bool, verboseSanitizeStack, false, Normal, nullptr) \
-    v(bool, useGenerationalGC, true, Normal, nullptr) \
-    v(bool, useConcurrentGC, true, Normal, nullptr) \
-    v(bool, collectContinuously, false, Normal, nullptr) \
-    v(double, collectContinuouslyPeriodMS, 1, Normal, nullptr) \
-    v(bool, forceFencedBarrier, false, Normal, nullptr) \
-    v(bool, verboseVisitRace, false, Normal, nullptr) \
-    v(bool, optimizeParallelSlotVisitorsForStoppedMutator, false, Normal, nullptr) \
-    v(unsigned, largeHeapSize, 32 * 1024 * 1024, Normal, nullptr) \
-    v(unsigned, smallHeapSize, 1 * 1024 * 1024, Normal, nullptr) \
-    v(double, smallHeapRAMFraction, 0.25, Normal, nullptr) \
-    v(double, smallHeapGrowthFactor, 2, Normal, nullptr) \
-    v(double, mediumHeapRAMFraction, 0.5, Normal, nullptr) \
-    v(double, mediumHeapGrowthFactor, 1.5, Normal, nullptr) \
-    v(double, largeHeapGrowthFactor, 1.24, Normal, nullptr) \
-    v(double, miniVMHeapGrowthFactor, 1.27, Normal, nullptr) \
-    v(double, criticalGCMemoryThreshold, 0.80, Normal, "percent memory in use the GC considers critical.  The collector is much more aggressive above this threshold") \
-    v(double, minimumMutatorUtilization, 0, Normal, nullptr) \
-    v(double, maximumMutatorUtilization, 0.7, Normal, nullptr) \
-    v(double, epsilonMutatorUtilization, 0.01, Normal, nullptr) \
-    v(double, concurrentGCMaxHeadroom, 1.5, Normal, nullptr) \
-    v(double, concurrentGCPeriodMS, 2, Normal, nullptr) \
-    v(bool, useStochasticMutatorScheduler, true, Normal, nullptr) \
-    v(double, minimumGCPauseMS, 0.3, Normal, nullptr) \
-    v(double, gcPauseScale, 0.3, Normal, nullptr) \
-    v(double, gcIncrementBytes, 10000, Normal, nullptr) \
-    v(double, gcIncrementMaxBytes, 100000, Normal, nullptr) \
-    v(double, gcIncrementScale, 0, Normal, nullptr) \
-    v(bool, scribbleFreeCells, false, Normal, nullptr) \
-    v(double, sizeClassProgression, 1.4, Normal, nullptr) \
-    v(unsigned, largeAllocationCutoff, 100000, Normal, nullptr) \
-    v(bool, dumpSizeClasses, false, Normal, nullptr) \
-    v(bool, useBumpAllocator, true, Normal, nullptr) \
-    v(bool, stealEmptyBlocksFromOtherAllocators, true, Normal, nullptr) \
-    v(bool, eagerlyUpdateTopCallFrame, false, Normal, nullptr) \
-    v(bool, dumpZappedCellCrashData, false, Normal, nullptr) \
-    \
-    v(bool, useOSREntryToDFG, true, Normal, nullptr) \
-    v(bool, useOSREntryToFTL, true, Normal, nullptr) \
-    \
-    v(bool, useFTLJIT, true, Normal, "allows the FTL JIT to be used if true") \
-    v(bool, useFTLTBAA, true, Normal, nullptr) \
-    v(bool, validateFTLOSRExitLiveness, false, Normal, nullptr) \
-    v(unsigned, defaultB3OptLevel, 2, Normal, nullptr) \
-    v(bool, b3AlwaysFailsBeforeCompile, false, Normal, nullptr) \
-    v(bool, b3AlwaysFailsBeforeLink, false, Normal, nullptr) \
-    v(bool, ftlCrashes, false, Normal, nullptr) /* fool-proof way of checking that you ended up in the FTL. ;-) */\
-    v(bool, clobberAllRegsInFTLICSlowPath, !ASSERT_DISABLED, Normal, nullptr) \
-    v(bool, enableJITDebugAssertions, !ASSERT_DISABLED, Normal, nullptr) \
-    v(bool, useAccessInlining, true, Normal, nullptr) \
-    v(unsigned, maxAccessVariantListSize, 8, Normal, nullptr) \
-    v(bool, usePolyvariantDevirtualization, true, Normal, nullptr) \
-    v(bool, usePolymorphicAccessInlining, true, Normal, nullptr) \
-    v(unsigned, maxPolymorphicAccessInliningListSize, 8, Normal, nullptr) \
-    v(bool, usePolymorphicCallInlining, true, Normal, nullptr) \
-    v(bool, usePolymorphicCallInliningForNonStubStatus, false, Normal, nullptr) \
-    v(unsigned, maxPolymorphicCallVariantListSize, 15, Normal, nullptr) \
-    v(unsigned, maxPolymorphicCallVariantListSizeForTopTier, 5, Normal, nullptr) \
-    v(unsigned, maxPolymorphicCallVariantListSizeForWebAssemblyToJS, 5, Normal, nullptr) \
-    v(unsigned, maxPolymorphicCallVariantsForInlining, 5, Normal, nullptr) \
-    v(unsigned, frequentCallThreshold, 2, Normal, nullptr) \
-    v(double, minimumCallToKnownRate, 0.51, Normal, nullptr) \
-    v(bool, createPreHeaders, true, Normal, nullptr) \
-    v(bool, useMovHintRemoval, true, Normal, nullptr) \
-    v(bool, usePutStackSinking, true, Normal, nullptr) \
-    v(bool, useObjectAllocationSinking, true, Normal, nullptr) \
-    v(bool, useValueRepElimination, true, Normal, nullptr) \
-    v(bool, useArityFixupInlining, true, Normal, nullptr) \
-    v(bool, logExecutableAllocation, false, Normal, nullptr) \
-    v(unsigned, maxDFGNodesInBasicBlockForPreciseAnalysis, 20000, Normal, "Disable precise but costly analysis and give conservative results if the number of DFG nodes in a block exceeds this threshold") \
-    \
-    v(bool, useConcurrentJIT, true, Normal, "allows the DFG / FTL compilation in threads other than the executing JS thread") \
-    v(unsigned, numberOfDFGCompilerThreads, computeNumberOfWorkerThreads(3, 2) - 1, Normal, nullptr) \
-    v(unsigned, numberOfFTLCompilerThreads, computeNumberOfWorkerThreads(MAXIMUM_NUMBER_OF_FTL_COMPILER_THREADS, 2) - 1, Normal, nullptr) \
-    v(int32, priorityDeltaOfDFGCompilerThreads, computePriorityDeltaOfWorkerThreads(-1, 0), Normal, nullptr) \
-    v(int32, priorityDeltaOfFTLCompilerThreads, computePriorityDeltaOfWorkerThreads(-2, 0), Normal, nullptr) \
-    v(int32, priorityDeltaOfWasmCompilerThreads, computePriorityDeltaOfWorkerThreads(-1, 0), Normal, nullptr) \
-    \
-    v(bool, useProfiler, false, Normal, nullptr) \
-    v(bool, disassembleBaselineForProfiler, true, Normal, nullptr) \
-    \
-    v(bool, useArchitectureSpecificOptimizations, true, Normal, nullptr) \
-    \
-    v(bool, breakOnThrow, false, Normal, nullptr) \
-    \
-    v(unsigned, maximumOptimizationCandidateBytecodeCost, 100000, Normal, nullptr) \
-    \
-    v(unsigned, maximumFunctionForCallInlineCandidateBytecodeCost, 120, Normal, nullptr) \
-    v(unsigned, maximumFunctionForClosureCallInlineCandidateBytecodeCost, 100, Normal, nullptr) \
-    v(unsigned, maximumFunctionForConstructInlineCandidateBytecoodeCost, 100, Normal, nullptr) \
-    \
-    v(unsigned, maximumFTLCandidateBytecodeCost, 20000, Normal, nullptr) \
-    \
-    /* Depth of inline stack, so 1 = no inlining, 2 = one level, etc. */ \
-    v(unsigned, maximumInliningDepth, 5, Normal, "maximum allowed inlining depth.  Depth of 1 means no inlining") \
-    v(unsigned, maximumInliningRecursion, 2, Normal, nullptr) \
-    \
-    /* Maximum size of a caller for enabling inlining. This is purely to protect us */\
-    /* from super long compiles that take a lot of memory. */\
-    v(unsigned, maximumInliningCallerBytecodeCost, 10000, Normal, nullptr) \
-    \
-    v(unsigned, maximumVarargsForInlining, 100, Normal, nullptr) \
-    \
-    v(unsigned, maximumBinaryStringSwitchCaseLength, 50, Normal, nullptr) \
-    v(unsigned, maximumBinaryStringSwitchTotalLength, 2000, Normal, nullptr) \
-    \
-    v(double, jitPolicyScale, 1.0, Normal, "scale JIT thresholds to this specified ratio between 0.0 (compile ASAP) and 1.0 (compile like normal).") \
-    v(bool, forceEagerCompilation, false, Normal, nullptr) \
-    v(int32, thresholdForJITAfterWarmUp, 500, Normal, nullptr) \
-    v(int32, thresholdForJITSoon, 100, Normal, nullptr) \
-    \
-    v(int32, thresholdForOptimizeAfterWarmUp, 1000, Normal, nullptr) \
-    v(int32, thresholdForOptimizeAfterLongWarmUp, 1000, Normal, nullptr) \
-    v(int32, thresholdForOptimizeSoon, 1000, Normal, nullptr) \
-    v(int32, executionCounterIncrementForLoop, 1, Normal, nullptr) \
-    v(int32, executionCounterIncrementForEntry, 15, Normal, nullptr) \
-    \
-    v(int32, thresholdForFTLOptimizeAfterWarmUp, 100000, Normal, nullptr) \
-    v(int32, thresholdForFTLOptimizeSoon, 1000, Normal, nullptr) \
-    v(int32, ftlTierUpCounterIncrementForLoop, 1, Normal, nullptr) \
-    v(int32, ftlTierUpCounterIncrementForReturn, 15, Normal, nullptr) \
-    v(unsigned, ftlOSREntryFailureCountForReoptimization, 15, Normal, nullptr) \
-    v(unsigned, ftlOSREntryRetryThreshold, 100, Normal, nullptr) \
-    \
-    v(int32, evalThresholdMultiplier, 10, Normal, nullptr) \
-    v(unsigned, maximumEvalCacheableSourceLength, 256, Normal, nullptr) \
-    \
-    v(bool, randomizeExecutionCountsBetweenCheckpoints, false, Normal, nullptr) \
-    v(int32, maximumExecutionCountsBetweenCheckpointsForBaseline, 1000, Normal, nullptr) \
-    v(int32, maximumExecutionCountsBetweenCheckpointsForUpperTiers, 50000, Normal, nullptr) \
-    \
-    v(unsigned, likelyToTakeSlowCaseMinimumCount, 20, Normal, nullptr) \
-    v(unsigned, couldTakeSlowCaseMinimumCount, 10, Normal, nullptr) \
-    \
-    v(unsigned, osrExitCountForReoptimization, 100, Normal, nullptr) \
-    v(unsigned, osrExitCountForReoptimizationFromLoop, 5, Normal, nullptr) \
-    \
-    v(unsigned, reoptimizationRetryCounterMax, 0, Normal, nullptr)  \
-    \
-    v(unsigned, minimumOptimizationDelay, 1, Normal, nullptr) \
-    v(unsigned, maximumOptimizationDelay, 5, Normal, nullptr) \
-    v(double, desiredProfileLivenessRate, 0.75, Normal, nullptr) \
-    v(double, desiredProfileFullnessRate, 0.35, Normal, nullptr) \
-    \
-    v(double, doubleVoteRatioForDoubleFormat, 2, Normal, nullptr) \
-    v(double, structureCheckVoteRatioForHoisting, 1, Normal, nullptr) \
-    v(double, checkArrayVoteRatioForHoisting, 1, Normal, nullptr) \
-    \
-    v(unsigned, maximumDirectCallStackSize, 200, Normal, nullptr) \
-    \
-    v(unsigned, minimumNumberOfScansBetweenRebalance, 100, Normal, nullptr) \
-    v(unsigned, numberOfGCMarkers, computeNumberOfGCMarkers(8), Normal, nullptr) \
-    v(bool, useParallelMarkingConstraintSolver, true, Normal, nullptr) \
-    v(unsigned, opaqueRootMergeThreshold, 1000, Normal, nullptr) \
-    v(double, minHeapUtilization, 0.8, Normal, nullptr) \
-    v(double, minMarkedBlockUtilization, 0.9, Normal, nullptr) \
-    v(unsigned, slowPathAllocsBetweenGCs, 0, Normal, "force a GC on every Nth slow path alloc, where N is specified by this option") \
-    \
-    v(double, percentCPUPerMBForFullTimer, 0.0003125, Normal, nullptr) \
-    v(double, percentCPUPerMBForEdenTimer, 0.0025, Normal, nullptr) \
-    v(double, collectionTimerMaxPercentCPU, 0.05, Normal, nullptr) \
-    \
-    v(bool, forceWeakRandomSeed, false, Normal, nullptr) \
-    v(unsigned, forcedWeakRandomSeed, 0, Normal, nullptr) \
-    \
-    v(bool, useZombieMode, false, Normal, "debugging option to scribble over dead objects with 0xbadbeef0") \
-    v(bool, useImmortalObjects, false, Normal, "debugging option to keep all objects alive forever") \
-    v(bool, sweepSynchronously, false, Normal, "debugging option to sweep all dead objects synchronously at GC end before resuming mutator") \
-    v(unsigned, maxSingleAllocationSize, 0, Configurable, "debugging option to limit individual allocations to a max size (0 = limit not set, N = limit size in bytes)") \
-    \
-    v(gcLogLevel, logGC, GCLogging::None, Normal, "debugging option to log GC activity (0 = None, 1 = Basic, 2 = Verbose)") \
-    v(bool, useGC, true, Normal, nullptr) \
-    v(bool, gcAtEnd, false, Normal, "If true, the jsc CLI will do a GC before exiting") \
-    v(bool, forceGCSlowPaths, false, Normal, "If true, we will force all JIT fast allocations down their slow paths.") \
-    v(unsigned, gcMaxHeapSize, 0, Normal, nullptr) \
-    v(unsigned, forceRAMSize, 0, Normal, nullptr) \
-    v(bool, recordGCPauseTimes, false, Normal, nullptr) \
-    v(bool, dumpHeapStatisticsAtVMDestruction, false, Normal, nullptr) \
-    v(bool, forceCodeBlockToJettisonDueToOldAge, false, Normal, "If true, this means that anytime we can jettison a CodeBlock due to old age, we do.") \
-    v(bool, useEagerCodeBlockJettisonTiming, false, Normal, "If true, the time slices for jettisoning a CodeBlock due to old age are shrunk significantly.") \
-    \
-    v(bool, useTypeProfiler, false, Normal, nullptr) \
-    v(bool, useControlFlowProfiler, false, Normal, nullptr) \
-    \
-    v(bool, useSamplingProfiler, false, Normal, nullptr) \
-    v(unsigned, sampleInterval, 1000, Normal, "Time between stack traces in microseconds.") \
-    v(bool, collectSamplingProfilerDataForJSCShell, false, Normal, "This corresponds to the JSC shell's --sample option.") \
-    v(unsigned, samplingProfilerTopFunctionsCount, 12, Normal, "Number of top functions to report when using the command line interface.") \
-    v(unsigned, samplingProfilerTopBytecodesCount, 40, Normal, "Number of top bytecodes to report when using the command line interface.") \
-    v(optionString, samplingProfilerPath, nullptr, Normal, "The path to the directory to write sampiling profiler output to. This probably will not work with WK2 unless the path is in the whitelist.") \
-    v(bool, sampleCCode, false, Normal, "Causes the sampling profiler to record profiling data for C frames.") \
-    \
-    v(bool, alwaysGeneratePCToCodeOriginMap, false, Normal, "This will make sure we always generate a PCToCodeOriginMap for JITed code.") \
-    \
-    v(bool, verifyHeap, false, Normal, nullptr) \
-    v(unsigned, numberOfGCCyclesToRecordForVerification, 3, Normal, nullptr) \
-    \
-    v(unsigned, exceptionStackTraceLimit, 100, Normal, "Stack trace limit for internal Exception object") \
-    v(unsigned, defaultErrorStackTraceLimit, 100, Normal, "The default value for Error.stackTraceLimit") \
-    v(bool, useExceptionFuzz, false, Normal, nullptr) \
-    v(unsigned, fireExceptionFuzzAt, 0, Normal, nullptr) \
-    v(bool, validateDFGExceptionHandling, false, Normal, "Causes the DFG to emit code validating exception handling for each node that can exit") /* This is true by default on Debug builds */\
-    v(bool, dumpSimulatedThrows, false, Normal, "Dumps the call stack of the last simulated throw if exception scope verification fails") \
-    v(bool, validateExceptionChecks, false, Normal, "Verifies that needed exception checks are performed.") \
-    v(unsigned, unexpectedExceptionStackTraceLimit, 100, Normal, "Stack trace limit for debugging unexpected exceptions observed in the VM") \
-    \
-    v(bool, useExecutableAllocationFuzz, false, Normal, nullptr) \
-    v(unsigned, fireExecutableAllocationFuzzAt, 0, Normal, nullptr) \
-    v(unsigned, fireExecutableAllocationFuzzAtOrAfter, 0, Normal, nullptr) \
-    v(bool, verboseExecutableAllocationFuzz, false, Normal, nullptr) \
-    \
-    v(bool, useOSRExitFuzz, false, Normal, nullptr) \
-    v(unsigned, fireOSRExitFuzzAtStatic, 0, Normal, nullptr) \
-    v(unsigned, fireOSRExitFuzzAt, 0, Normal, nullptr) \
-    v(unsigned, fireOSRExitFuzzAtOrAfter, 0, Normal, nullptr) \
-    \
-    v(bool, useRandomizingFuzzerAgent, false, Normal, nullptr) \
-    v(unsigned, seedOfRandomizingFuzzerAgent, 1, Normal, nullptr) \
-    v(bool, dumpRandomizingFuzzerAgentPredictions, false, Normal, nullptr) \
-    v(bool, useDoublePredictionFuzzerAgent, false, Normal, nullptr) \
-    \
-    v(bool, logPhaseTimes, false, Normal, nullptr) \
-    v(double, rareBlockPenalty, 0.001, Normal, nullptr) \
-    v(bool, airLinearScanVerbose, false, Normal, nullptr) \
-    v(bool, airLinearScanSpillsEverything, false, Normal, nullptr) \
-    v(bool, airForceBriggsAllocator, false, Normal, nullptr) \
-    v(bool, airForceIRCAllocator, false, Normal, nullptr) \
-    v(bool, airRandomizeRegs, false, Normal, nullptr) \
-    v(unsigned, airRandomizeRegsSeed, 0, Normal, nullptr) \
-    v(bool, coalesceSpillSlots, true, Normal, nullptr) \
-    v(bool, logAirRegisterPressure, false, Normal, nullptr) \
-    v(bool, useB3TailDup, true, Normal, nullptr) \
-    v(unsigned, maxB3TailDupBlockSize, 3, Normal, nullptr) \
-    v(unsigned, maxB3TailDupBlockSuccessors, 3, Normal, nullptr) \
-    \
-    v(bool, useDollarVM, false, Restricted, "installs the $vm debugging tool in global objects") \
-    v(optionString, functionOverrides, nullptr, Restricted, "file with debugging overrides for function bodies") \
-    v(bool, useSigillCrashAnalyzer, false, Configurable, "logs data about SIGILL crashes") \
-    \
-    v(unsigned, watchdog, 0, Normal, "watchdog timeout (0 = Disabled, N = a timeout period of N milliseconds)") \
-    v(bool, usePollingTraps, false, Normal, "use polling (instead of signalling) VM traps") \
-    \
-    v(bool, useMachForExceptions, true, Normal, "Use mach exceptions rather than signals to handle faults and pass thread messages. (This does nothing on platforms without mach)") \
-    \
-    v(bool, useICStats, false, Normal, nullptr) \
-    \
-    v(unsigned, prototypeHitCountForLLIntCaching, 2, Normal, "Number of prototype property hits before caching a prototype in the LLInt. A count of 0 means never cache.") \
-    \
-    v(bool, dumpCompiledRegExpPatterns, false, Normal, nullptr) \
-    \
-    v(bool, dumpModuleRecord, false, Normal, nullptr) \
-    v(bool, dumpModuleLoadingState, false, Normal, nullptr) \
-    v(bool, exposeInternalModuleLoader, false, Normal, "expose the internal module loader object to the global space for debugging") \
-    \
-    v(bool, useSuperSampler, false, Normal, nullptr) \
-    \
-    v(bool, useSourceProviderCache, true, Normal, "If false, the parser will not use the source provider cache. It's good to verify everything works when this is false. Because the cache is so successful, it can mask bugs.") \
-    v(bool, useCodeCache, true, Normal, "If false, the unlinked byte code cache will not be used.") \
-    \
-    v(bool, useWebAssembly, true, Normal, "Expose the WebAssembly global object.") \
-    \
-    v(bool, enableSpectreMitigations, true, Restricted, "Enable Spectre mitigations.") \
-    v(bool, enableSpectreGadgets, false, Restricted, "enable gadgets to test Spectre mitigations.") \
-    v(bool, zeroStackFrame, false, Normal, "Zero stack frame on entry to a function.") \
-    \
-    v(bool, failToCompileWebAssemblyCode, false, Normal, "If true, no Wasm::Plan will sucessfully compile a function.") \
-    v(size, webAssemblyPartialCompileLimit, 5000, Normal, "Limit on the number of bytes a Wasm::Plan::compile should attempt before checking for other work.") \
-    v(unsigned, webAssemblyBBQAirOptimizationLevel, 0, Normal, "Air Optimization level for BBQ Web Assembly module compilations.") \
-    v(unsigned, webAssemblyBBQB3OptimizationLevel, 1, Normal, "B3 Optimization level for BBQ Web Assembly module compilations.") \
-    v(unsigned, webAssemblyOMGOptimizationLevel, Options::defaultB3OptLevel(), Normal, "B3 Optimization level for OMG Web Assembly module compilations.") \
-    \
-    v(bool, useBBQTierUpChecks, true, Normal, "Enables tier up checks for our BBQ code.") \
-    v(bool, useWebAssemblyOSR, true, Normal, nullptr) \
-    v(int32, thresholdForOMGOptimizeAfterWarmUp, 50000, Normal, "The count before we tier up a function to OMG.") \
-    v(int32, thresholdForOMGOptimizeSoon, 500, Normal, nullptr) \
-    v(int32, omgTierUpCounterIncrementForLoop, 1, Normal, "The amount the tier up counter is incremented on each loop backedge.") \
-    v(int32, omgTierUpCounterIncrementForEntry, 15, Normal, "The amount the tier up counter is incremented on each function entry.") \
-    /* FIXME: enable fast memories on iOS and pre-allocate them. https://bugs.webkit.org/show_bug.cgi?id=170774 */ \
-    v(bool, useWebAssemblyFastMemory, !isIOS(), Normal, "If true, we will try to use a 32-bit address space with a signal handler to bounds check wasm memory.") \
-    v(bool, logWebAssemblyMemory, false, Normal, nullptr) \
-    v(unsigned, webAssemblyFastMemoryRedzonePages, 128, Normal, "WebAssembly fast memories use 4GiB virtual allocations, plus a redzone (counted as multiple of 64KiB WebAssembly pages) at the end to catch reg+imm accesses which exceed 32-bit, anything beyond the redzone is explicitly bounds-checked") \
-    v(bool, crashIfWebAssemblyCantFastMemory, false, Normal, "If true, we will crash if we can't obtain fast memory for wasm.") \
-    v(unsigned, maxNumWebAssemblyFastMemories, 4, Normal, nullptr) \
-    v(bool, useFastTLSForWasmContext, true, Normal, "If true, we will store context in fast TLS. If false, we will pin it to a register.") \
-    v(bool, wasmBBQUsesAir, true, Normal, nullptr) \
-    v(size, webAssemblyBBQAirModeThreshold, isIOS() ? (10 * MB) : 0, Normal, "If 0, we always use BBQ Air. If Wasm module code size hits this threshold, we compile Wasm module with B3 BBQ mode.") \
-    v(bool, useWebAssemblyStreamingApi, enableWebAssemblyStreamingApi, Normal, "Allow to run WebAssembly's Streaming API") \
-    v(bool, useCallICsForWebAssemblyToJSCalls, true, Normal, "If true, we will use CallLinkInfo to inline cache Wasm to JS calls.") \
-    v(bool, useEagerWebAssemblyModuleHashing, false, Normal, "Unnamed WebAssembly modules are identified in backtraces through their hash, if available.") \
-    v(bool, useWebAssemblyReferences, true, Normal, "Allow types from the wasm references spec.") \
-    v(bool, useWeakRefs, false, Normal, "Expose the WeakRef constructor.") \
-    v(bool, useBigInt, false, Normal, "If true, we will enable BigInt support.") \
-    v(bool, useNullishAwareOperators, false, Normal, "Enable support for ?. and ?? operators.") \
-    v(bool, useArrayAllocationProfiling, true, Normal, "If true, we will use our normal array allocation profiling. If false, the allocation profile will always claim to be undecided.") \
-    v(bool, forcePolyProto, false, Normal, "If true, create_this will always create an object with a poly proto structure.") \
-    v(bool, forceMiniVMMode, false, Normal, "If true, it will force mini VM mode on.") \
-    v(bool, useTracePoints, false, Normal, nullptr) \
-    v(bool, traceLLIntExecution, false, Configurable, nullptr) \
-    v(bool, traceLLIntSlowPath, false, Configurable, nullptr) \
-    v(bool, traceBaselineJITExecution, false, Normal, nullptr) \
-    v(unsigned, thresholdForGlobalLexicalBindingEpoch, UINT_MAX, Normal, "Threshold for global lexical binding epoch. If the epoch reaches to this value, CodeBlock metadata for scope operations will be revised globally. It needs to be greater than 1.") \
-    v(optionString, diskCachePath, nullptr, Restricted, nullptr) \
-    v(bool, forceDiskCache, false, Restricted, nullptr) \
-    v(bool, validateAbstractInterpreterState, false, Restricted, nullptr) \
-    v(double, validateAbstractInterpreterStateProbability, 0.5, Normal, nullptr) \
-    v(optionString, dumpJITMemoryPath, nullptr, Restricted, nullptr) \
-    v(double, dumpJITMemoryFlushInterval, 10, Restricted, "Maximum time in between flushes of the JIT memory dump in seconds.") \
-    v(bool, useUnlinkedCodeBlockJettisoning, false, Normal, "If true, UnlinkedCodeBlock can be jettisoned.") \
-
-
-enum OptionEquivalence {
-    SameOption,
-    InvertedOption,
-};
-
-#define JSC_ALIASED_OPTIONS(v) \
-    v(enableFunctionDotArguments, useFunctionDotArguments, SameOption) \
-    v(enableTailCalls, useTailCalls, SameOption) \
-    v(showDisassembly, dumpDisassembly, SameOption) \
-    v(showDFGDisassembly, dumpDFGDisassembly, SameOption) \
-    v(showFTLDisassembly, dumpFTLDisassembly, SameOption) \
-    v(showAllDFGNodes, dumpAllDFGNodes, SameOption) \
-    v(alwaysDoFullCollection, useGenerationalGC, InvertedOption) \
-    v(enableOSREntryToDFG, useOSREntryToDFG, SameOption) \
-    v(enableOSREntryToFTL, useOSREntryToFTL, SameOption) \
-    v(enableAccessInlining, useAccessInlining, SameOption) \
-    v(enablePolyvariantDevirtualization, usePolyvariantDevirtualization, SameOption) \
-    v(enablePolymorphicAccessInlining, usePolymorphicAccessInlining, SameOption) \
-    v(enablePolymorphicCallInlining, usePolymorphicCallInlining, SameOption) \
-    v(enableMovHintRemoval, useMovHintRemoval, SameOption) \
-    v(enableObjectAllocationSinking, useObjectAllocationSinking, SameOption) \
-    v(enableConcurrentJIT, useConcurrentJIT, SameOption) \
-    v(enableProfiler, useProfiler, SameOption) \
-    v(enableArchitectureSpecificOptimizations, useArchitectureSpecificOptimizations, SameOption) \
-    v(enablePolyvariantCallInlining, usePolyvariantCallInlining, SameOption) \
-    v(enablePolyvariantByIdInlining, usePolyvariantByIdInlining, SameOption) \
-    v(objectsAreImmortal, useImmortalObjects, SameOption) \
-    v(showObjectStatistics, dumpObjectStatistics, SameOption) \
-    v(disableGC, useGC, InvertedOption) \
-    v(enableTypeProfiler, useTypeProfiler, SameOption) \
-    v(enableControlFlowProfiler, useControlFlowProfiler, SameOption) \
-    v(enableExceptionFuzz, useExceptionFuzz, SameOption) \
-    v(enableExecutableAllocationFuzz, useExecutableAllocationFuzz, SameOption) \
-    v(enableOSRExitFuzz, useOSRExitFuzz, SameOption) \
-    v(enableDollarVM, useDollarVM, SameOption) \
-    v(enableWebAssembly, useWebAssembly, SameOption) \
-    v(verboseDFGByteCodeParsing, verboseDFGBytecodeParsing, SameOption) \
-    v(maximumOptimizationCandidateInstructionCount, maximumOptimizationCandidateBytecodeCost, SameOption) \
-    v(maximumFunctionForCallInlineCandidateInstructionCount, maximumFunctionForCallInlineCandidateBytecodeCost, SameOption) \
-    v(maximumFunctionForClosureCallInlineCandidateInstructionCount, maximumFunctionForClosureCallInlineCandidateBytecodeCost, SameOption) \
-    v(maximumFunctionForConstructInlineCandidateInstructionCount, maximumFunctionForConstructInlineCandidateBytecoodeCost, SameOption) \
-    v(maximumFTLCandidateInstructionCount, maximumFTLCandidateBytecodeCost, SameOption) \
-    v(maximumInliningCallerSize, maximumInliningCallerBytecodeCost, SameOption) \
-
 
 class Options {
@@ -578 +95 @@
     };
 
-    // This typedef is to allow us to eliminate the '_' in the field name in
-    // union inside Entry. This is needed to keep the style checker happy.
-    typedef int32_t int32;
-    typedef size_t size;
-
-    // Declare the option IDs:
+#define DECLARE_OPTION_ID(type_, name_, defaultValue_, availability_, description_) \
+    name_##ID,
+
     enum ID {
-#define FOR_EACH_OPTION(type_, name_, defaultValue_, availability_, description_) \
-        name_##ID,
-        JSC_OPTIONS(FOR_EACH_OPTION)
-#undef FOR_EACH_OPTION
+        FOR_EACH_JSC_OPTION(DECLARE_OPTION_ID)
         numberOfOptions
     };
+#undef DECLARE_OPTION_ID
 
     enum class Type {
-        boolType,
-        unsignedType,
-        doubleType,
-        int32Type,
-        sizeType,
-        optionRangeType,
-        optionStringType,
-        gcLogLevelType,
+        Bool,
+        Unsigned,
+        Double,
+        Int32,
+        Size,
+        OptionRange,
+        OptionString,
+        GCLogLevel,
     };
 
@@ -618 +130 @@
     JS_EXPORT_PRIVATE static void ensureOptionsAreCoherent();
 
-    JS_EXPORT_PRIVATE static void enableRestrictedOptions(bool enableOrNot);
-
-    // Declare accessors for each option:
-#define FOR_EACH_OPTION(type_, name_, defaultValue_, availability_, description_) \
-    ALWAYS_INLINE static type_& name_() { return s_options[name_##ID].type_##Val; } \
-    ALWAYS_INLINE static type_& name_##Default() { return s_defaultOptions[name_##ID].type_##Val; }
-
-    JSC_OPTIONS(FOR_EACH_OPTION)
-#undef FOR_EACH_OPTION
+#define DECLARE_OPTION_ACCESSORS(type_, name_, defaultValue_, availability_, description_) \
+    ALWAYS_INLINE static OptionEntry::type_& name_() { return g_jscConfig.options[name_##ID].val##type_; }  \
+    ALWAYS_INLINE static OptionEntry::type_& name_##Default() { return g_jscConfig.defaultOptions[name_##ID].val##type_; }
+
+    FOR_EACH_JSC_OPTION(DECLARE_OPTION_ACCESSORS)
+#undef DECLARE_OPTION_ACCESSORS
 
     static bool isAvailable(ID, Availability);
 
 private:
-    // For storing for an option value:
-    union Entry {
-        bool boolVal;
-        unsigned unsignedVal;
-        double doubleVal;
-        int32 int32Val;
-        size sizeVal;
-        OptionRange optionRangeVal;
-        const char* optionStringVal;
-        GCLogging::Level gcLogLevelVal;
-    };
 
     // For storing constant meta data about each option:
@@ -667 +165 @@
     static bool overrideAliasedOptionWithHeuristic(const char* name);
 
-    // Declare the singleton instance of the options store:
-    JS_EXPORT_PRIVATE static Entry s_options[numberOfOptions];
-    JS_EXPORT_PRIVATE static Entry s_defaultOptions[numberOfOptions];
     static const EntryInfo s_optionsInfo[numberOfOptions];
 
@@ -679 +174 @@
     Option(Options::ID id)
         : m_id(id)
-        , m_entry(Options::s_options[m_id])
+        , m_entry(g_jscConfig.options[m_id])
     {
     }
@@ -706 +201 @@
 private:
     // Only used for constructing default Options.
-    Option(Options::ID id, Options::Entry& entry)
+    Option(Options::ID id, OptionEntry& entry)
         : m_id(id)
         , m_entry(entry)
@@ -713 +208 @@
     
     Options::ID m_id;
-    Options::Entry& m_entry;
+    OptionEntry& m_entry;
 };
 
@@ -743 +238 @@
 inline const Option Option::defaultOption() const
 {
-    return Option(m_id, Options::s_defaultOptions[m_id]);
+    return Option(m_id, g_jscConfig.defaultOptions[m_id]);
 }
 
 inline bool& Option::boolVal()
 {
-    return m_entry.boolVal;
+    return m_entry.valBool;
 }
 
 inline unsigned& Option::unsignedVal()
 {
-    return m_entry.unsignedVal;
+    return m_entry.valUnsigned;
 }
 
 inline double& Option::doubleVal()
 {
-    return m_entry.doubleVal;
+    return m_entry.valDouble;
 }
 
 inline int32_t& Option::int32Val()
 {
-    return m_entry.int32Val;
+    return m_entry.valInt32;
 }
 
 inline OptionRange Option::optionRangeVal()
 {
-    return m_entry.optionRangeVal;
+    return m_entry.valOptionRange;
 }
 
 inline const char* Option::optionStringVal()
 {
-    return m_entry.optionStringVal;
+    return m_entry.valOptionString;
 }
 
 inline GCLogging::Level& Option::gcLogLevelVal()
 {
-    return m_entry.gcLogLevelVal;
+    return m_entry.valGCLogLevel;
 }
 

trunk/Source/JavaScriptCore/runtime/VM.cpp ¶

@@ -471 +471 @@
 
     VMInspector::instance().add(this);
+
+    if (!g_jscConfig.disabledFreezingForTesting)
+        Config::permanentlyFreeze();
 }
 

trunk/Source/JavaScriptCore/tools/FunctionOverrides.cpp ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -103 +103 @@
 FunctionOverrides::FunctionOverrides(const char* overridesFileName)
 {
+    RELEASE_ASSERT(g_jscConfig.restrictedOptionsEnabled);
     parseOverridesInFile(holdLock(m_lock), overridesFileName);
 }
@@ -108 +109 @@
 void FunctionOverrides::reinstallOverrides()
 {
+    RELEASE_ASSERT(g_jscConfig.restrictedOptionsEnabled);
     FunctionOverrides& overrides = FunctionOverrides::overrides();
     auto locker = holdLock(overrides.m_lock);
@@ -144 +146 @@
 bool FunctionOverrides::initializeOverrideFor(const SourceCode& origCode, FunctionOverrides::OverrideInfo& result)
 {
-    ASSERT(Options::functionOverrides());
+    RELEASE_ASSERT(g_jscConfig.restrictedOptionsEnabled);
+    RELEASE_ASSERT(Options::functionOverrides());
     FunctionOverrides& overrides = FunctionOverrides::overrides();
 
@@ -236 +239 @@
 void FunctionOverrides::parseOverridesInFile(const AbstractLocker&, const char* fileName)
 {
+    RELEASE_ASSERT(g_jscConfig.restrictedOptionsEnabled);
     if (!fileName)
         return;

trunk/Source/JavaScriptCore/tools/JSDollarVM.cpp ¶

@@ -31 +31 @@
 #include "DOMAttributeGetterSetter.h"
 #include "DOMJITGetterSetter.h"
+#include "Debugger.h"
 #include "FrameTracers.h"
 #include "FunctionCodeBlock.h"
@@ -41 +42 @@
 #include "JSProxy.h"
 #include "JSString.h"
+#include "Options.h"
 #include "Parser.h"
 #include "ShadowChicken.h"
@@ -63 +65 @@
 namespace {
 
+// We must RELEASE_ASSERT(Options::useDollarVM()) in all JSDollarVM functions
+// that are non-trivial at an eye's glance. This includes (but is not limited to):
+//      constructors
+//      create() factory
+//      createStructure() factory
+//      finishCreation()
+//      HOST_CALL or operation functions
+//      Constructors and methods of utility and test classes
+//
+// The only exception are some constexpr constructors used for instantiating
+// globals (since these must have trivial constructors) e.g. DOMJITAttribute.
+// Instead, these constructors should always be ALWAYS_INLINE.
+
 class JSDollarVMCallFrame : public JSDestructibleObject {
     using Base = JSDestructibleObject;
@@ -68 +83 @@
     JSDollarVMCallFrame(VM& vm, Structure* structure)
         : Base(vm, structure)
-    { }
+    {
+        RELEASE_ASSERT(Options::useDollarVM());
+    }
 
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
     }
@@ -77 +95 @@
     static JSDollarVMCallFrame* create(ExecState* exec, unsigned requestedFrameIndex)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         JSGlobalObject* globalObject = exec->lexicalGlobalObject();
@@ -87 +106 @@
     void finishCreation(VM& vm, CallFrame* frame, unsigned requestedFrameIndex)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         Base::finishCreation(vm);
 
@@ -124 +144 @@
     void addProperty(VM& vm, const char* name, JSValue value)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         Identifier identifier = Identifier::fromString(vm, name);
         putDirect(vm, identifier, value);
@@ -139 +160 @@
         : Base(vm, structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -148 +170 @@
     static Element* create(VM& vm, JSGlobalObject* globalObject, Root* root)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         Structure* structure = createStructure(vm, globalObject, jsNull());
         Element* element = new (NotNull, allocateCell<Element>(vm.heap)) Element(vm, structure);
@@ -168 +191 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
     }
@@ -194 +218 @@
         : Base(vm, structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -209 +234 @@
     static Root* create(VM& vm, JSGlobalObject* globalObject)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         Structure* structure = createStructure(vm, globalObject, jsNull());
         Root* root = new (NotNull, allocateCell<Root>(vm.heap)) Root(vm, structure);
@@ -221 +247 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
     }
@@ -240 +267 @@
         : Base(vm, structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -247 +275 @@
     static SimpleObject* create(VM& vm, JSGlobalObject* globalObject)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         Structure* structure = createStructure(vm, globalObject, jsNull());
         SimpleObject* simpleObject = new (NotNull, allocateCell<SimpleObject>(vm.heap)) SimpleObject(vm, structure);
@@ -263 +292 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
     }
@@ -288 +318 @@
         : Base(vm, structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -296 +327 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
     }
@@ -301 +333 @@
     static ImpureGetter* create(VM& vm, Structure* structure, JSObject* delegate)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         ImpureGetter* getter = new (NotNull, allocateCell<ImpureGetter>(vm.heap)) ImpureGetter(vm, structure);
         getter->finishCreation(vm, delegate);
@@ -308 +341 @@
     void finishCreation(VM& vm, JSObject* delegate)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         Base::finishCreation(vm);
         if (delegate)
@@ -315 +349 @@
     static bool getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName name, PropertySlot& slot)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         auto scope = DECLARE_THROW_SCOPE(vm);
@@ -350 +385 @@
         : Base(vm, structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -358 +394 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
     }
@@ -363 +400 @@
     static CustomGetter* create(VM& vm, Structure* structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         CustomGetter* getter = new (NotNull, allocateCell<CustomGetter>(vm.heap)) CustomGetter(vm, structure);
         getter->finishCreation(vm);
@@ -370 +408 @@
     static bool getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         CustomGetter* thisObject = jsCast<CustomGetter*>(object);
@@ -388 +427 @@
     static EncodedJSValue customGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         auto scope = DECLARE_THROW_SCOPE(vm);
@@ -403 +443 @@
     static EncodedJSValue customGetterAcessor(ExecState* exec, EncodedJSValue thisValue, PropertyName)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         auto scope = DECLARE_THROW_SCOPE(vm);
@@ -424 +465 @@
     static RuntimeArray* create(ExecState* exec)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         JSGlobalObject* globalObject = exec->lexicalGlobalObject();
@@ -437 +479 @@
     static void destroy(JSCell* cell)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         static_cast<RuntimeArray*>(cell)->RuntimeArray::~RuntimeArray();
     }
@@ -444 +487 @@
     static bool getOwnPropertySlot(JSObject* object, ExecState* exec, PropertyName propertyName, PropertySlot& slot)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         RuntimeArray* thisObject = jsCast<RuntimeArray*>(object);
@@ -462 +506 @@
     static bool getOwnPropertySlotByIndex(JSObject* object, ExecState* exec, unsigned index, PropertySlot& slot)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         RuntimeArray* thisObject = jsCast<RuntimeArray*>(object);
         if (index < thisObject->getLength()) {
@@ -487 +532 @@
     static ArrayPrototype* createPrototype(VM&, JSGlobalObject* globalObject)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return globalObject->arrayPrototype();
     }
@@ -492 +538 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(DerivedArrayType, StructureFlags), info(), ArrayClass);
     }
@@ -498 +545 @@
     void finishCreation(ExecState* exec)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         Base::finishCreation(vm);
@@ -510 +558 @@
         : JSArray(exec->vm(), structure, 0)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
     static EncodedJSValue lengthGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         auto scope = DECLARE_THROW_SCOPE(vm);
@@ -531 +581 @@
         : Base(vm, structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -539 +590 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
     }
@@ -545 +597 @@
     static Ref<Snippet> checkSubClassSnippet()
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         Ref<Snippet> snippet = Snippet::create();
         snippet->setGenerator([=](CCallHelpers& jit, SnippetParams& params) {
@@ -557 +610 @@
     static DOMJITNode* create(VM& vm, Structure* structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         DOMJITNode* getter = new (NotNull, allocateCell<DOMJITNode>(vm.heap)) DOMJITNode(vm, structure);
         getter->finishCreation(vm);
@@ -578 +632 @@
         : Base(vm, structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -586 +641 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
     }
@@ -591 +647 @@
     static DOMJITGetter* create(VM& vm, Structure* structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         DOMJITGetter* getter = new (NotNull, allocateCell<DOMJITGetter>(vm.heap)) DOMJITGetter(vm, structure);
         getter->finishCreation(vm);
@@ -598 +655 @@
     class DOMJITAttribute : public DOMJIT::GetterSetter {
     public:
-        constexpr DOMJITAttribute()
+        ALWAYS_INLINE constexpr DOMJITAttribute()
             : DOMJIT::GetterSetter(
                 DOMJITGetter::customGetter,
@@ -613 +670 @@
         static EncodedJSValue JIT_OPERATION slowCall(ExecState* exec, void* pointer)
         {
+            RELEASE_ASSERT(Options::useDollarVM());
             VM& vm = exec->vm();
             NativeCallFrameTracer tracer(vm, exec);
@@ -620 +678 @@
         static Ref<DOMJIT::CallDOMGetterSnippet> callDOMGetter()
         {
+            RELEASE_ASSERT(Options::useDollarVM());
             Ref<DOMJIT::CallDOMGetterSnippet> snippet = DOMJIT::CallDOMGetterSnippet::create();
             snippet->requireGlobalObject = false;
@@ -639 +698 @@
     static EncodedJSValue customGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         DOMJITNode* thisObject = jsDynamicCast<DOMJITNode*>(vm, JSValue::decode(thisValue));
@@ -650 +710 @@
 void DOMJITGetter::finishCreation(VM& vm)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     Base::finishCreation(vm);
     const DOMJIT::GetterSetter* domJIT = &DOMJITGetterDOMJIT;
@@ -661 +722 @@
         : Base(vm, structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -669 +731 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
     }
@@ -674 +737 @@
     static DOMJITGetterComplex* create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         DOMJITGetterComplex* getter = new (NotNull, allocateCell<DOMJITGetterComplex>(vm.heap)) DOMJITGetterComplex(vm, structure);
         getter->finishCreation(vm, globalObject);
@@ -681 +745 @@
     class DOMJITAttribute : public DOMJIT::GetterSetter {
     public:
-        constexpr DOMJITAttribute()
+        ALWAYS_INLINE constexpr DOMJITAttribute()
             : DOMJIT::GetterSetter(
                 DOMJITGetterComplex::customGetter,
@@ -696 +760 @@
         static EncodedJSValue JIT_OPERATION slowCall(ExecState* exec, void* pointer)
         {
+            RELEASE_ASSERT(Options::useDollarVM());
             VM& vm = exec->vm();
             NativeCallFrameTracer tracer(vm, exec);
@@ -710 +775 @@
         static Ref<DOMJIT::CallDOMGetterSnippet> callDOMGetter()
         {
+            RELEASE_ASSERT(Options::useDollarVM());
             Ref<DOMJIT::CallDOMGetterSnippet> snippet = DOMJIT::CallDOMGetterSnippet::create();
             static_assert(GPRInfo::numberOfRegisters >= 4, "Number of registers should be larger or equal to 4.");
@@ -734 +800 @@
     static EncodedJSValue JSC_HOST_CALL functionEnableException(ExecState* exec)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         auto* object = jsDynamicCast<DOMJITGetterComplex*>(vm, exec->thisValue());
@@ -743 +810 @@
     static EncodedJSValue customGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         auto scope = DECLARE_THROW_SCOPE(vm);
@@ -760 +828 @@
 void DOMJITGetterComplex::finishCreation(VM& vm, JSGlobalObject* globalObject)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     Base::finishCreation(vm);
     const DOMJIT::GetterSetter* domJIT = &DOMJITGetterComplexDOMJIT;
@@ -772 +841 @@
         : Base(vm, structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -778 +848 @@
     static const unsigned StructureFlags = Base::StructureFlags;
 
-
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
     }
@@ -786 +856 @@
     static DOMJITFunctionObject* create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         DOMJITFunctionObject* object = new (NotNull, allocateCell<DOMJITFunctionObject>(vm.heap)) DOMJITFunctionObject(vm, structure);
         object->finishCreation(vm, globalObject);
@@ -793 +864 @@
     static EncodedJSValue JSC_HOST_CALL functionWithTypeCheck(ExecState* exec)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
+        NativeCallFrameTracer tracer(vm, exec);
         auto scope = DECLARE_THROW_SCOPE(vm);
 
@@ -804 +877 @@
     static EncodedJSValue JIT_OPERATION functionWithoutTypeCheck(ExecState* exec, DOMJITNode* node)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         NativeCallFrameTracer tracer(vm, exec);
@@ -812 +886 @@
     static Ref<Snippet> checkSubClassSnippet()
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         Ref<Snippet> snippet = Snippet::create();
         snippet->numFPScratchRegisters = 1;
@@ -834 +909 @@
 void DOMJITFunctionObject::finishCreation(VM& vm, JSGlobalObject* globalObject)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     Base::finishCreation(vm);
     putDirectNativeFunction(vm, globalObject, Identifier::fromString(vm, "func"), 0, functionWithTypeCheck, NoIntrinsic, &DOMJITFunctionObjectSignature, static_cast<unsigned>(PropertyAttribute::ReadOnly));
@@ -843 +919 @@
         : Base(vm, structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -849 +926 @@
     static const unsigned StructureFlags = Base::StructureFlags;
 
-
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
     }
@@ -857 +934 @@
     static DOMJITCheckSubClassObject* create(VM& vm, JSGlobalObject* globalObject, Structure* structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         DOMJITCheckSubClassObject* object = new (NotNull, allocateCell<DOMJITCheckSubClassObject>(vm.heap)) DOMJITCheckSubClassObject(vm, structure);
         object->finishCreation(vm, globalObject);
@@ -864 +942 @@
     static EncodedJSValue JSC_HOST_CALL functionWithTypeCheck(ExecState* exec)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         auto scope = DECLARE_THROW_SCOPE(vm);
@@ -875 +954 @@
     static EncodedJSValue JIT_OPERATION functionWithoutTypeCheck(ExecState* exec, DOMJITNode* node)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         NativeCallFrameTracer tracer(vm, exec);
@@ -888 +968 @@
 void DOMJITCheckSubClassObject::finishCreation(VM& vm, JSGlobalObject* globalObject)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     Base::finishCreation(vm);
     putDirectNativeFunction(vm, globalObject, Identifier::fromString(vm, "func"), 0, functionWithTypeCheck, NoIntrinsic, &DOMJITCheckSubClassObjectSignature, static_cast<unsigned>(PropertyAttribute::ReadOnly));
@@ -897 +978 @@
         : Base(vm, structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -905 +987 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(JSC::JSType(LastJSCObjectType + 1), StructureFlags), info());
     }
@@ -910 +993 @@
     static DOMJITGetterBaseJSObject* create(VM& vm, Structure* structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         DOMJITGetterBaseJSObject* getter = new (NotNull, allocateCell<DOMJITGetterBaseJSObject>(vm.heap)) DOMJITGetterBaseJSObject(vm, structure);
         getter->finishCreation(vm);
@@ -917 +1001 @@
     class DOMJITAttribute : public DOMJIT::GetterSetter {
     public:
-        constexpr DOMJITAttribute()
+        ALWAYS_INLINE constexpr DOMJITAttribute()
             : DOMJIT::GetterSetter(
                 DOMJITGetterBaseJSObject::customGetter,
@@ -932 +1016 @@
         static EncodedJSValue JIT_OPERATION slowCall(ExecState* exec, void* pointer)
         {
+            RELEASE_ASSERT(Options::useDollarVM());
             VM& vm = exec->vm();
             NativeCallFrameTracer tracer(vm, exec);
@@ -940 +1025 @@
         static Ref<DOMJIT::CallDOMGetterSnippet> callDOMGetter()
         {
+            RELEASE_ASSERT(Options::useDollarVM());
             Ref<DOMJIT::CallDOMGetterSnippet> snippet = DOMJIT::CallDOMGetterSnippet::create();
             snippet->requireGlobalObject = false;
@@ -959 +1045 @@
     static EncodedJSValue customGetter(ExecState* exec, EncodedJSValue thisValue, PropertyName)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         VM& vm = exec->vm();
         JSObject* thisObject = jsDynamicCast<JSObject*>(vm, JSValue::decode(thisValue));
@@ -970 +1057 @@
 void DOMJITGetterBaseJSObject::finishCreation(VM& vm)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     Base::finishCreation(vm);
     const DOMJIT::GetterSetter* domJIT = &DOMJITGetterBaseJSObjectDOMJIT;
@@ -996 +1084 @@
     JSTestCustomGetterSetter(VM& vm, Structure* structure)
         : Base(vm, structure)
-    { }
+    {
+        RELEASE_ASSERT(Options::useDollarVM());
+    }
 
     static JSTestCustomGetterSetter* create(VM& vm, JSGlobalObject*, Structure* structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         JSTestCustomGetterSetter* result = new (NotNull, allocateCell<JSTestCustomGetterSetter>(vm.heap)) JSTestCustomGetterSetter(vm, structure);
         result->finishCreation(vm);
@@ -1009 +1100 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, globalObject->objectPrototype(), TypeInfo(ObjectType, StructureFlags), info());
     }
@@ -1031 +1123 @@
 static bool customSetAccessor(ExecState* exec, EncodedJSValue thisObject, EncodedJSValue encodedValue)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
 
@@ -1044 +1137 @@
 static bool customSetValue(ExecState* exec, EncodedJSValue slotValue, EncodedJSValue encodedValue)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
 
@@ -1059 +1153 @@
 void JSTestCustomGetterSetter::finishCreation(VM& vm)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     Base::finishCreation(vm);
 
@@ -1091 +1186 @@
 ElementHandleOwner* Element::handleOwner()
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     static ElementHandleOwner* owner = 0;
     if (!owner)
@@ -1099 +1195 @@
 void Element::finishCreation(VM& vm, Root* root)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     Base::finishCreation(vm);
     setRoot(vm, root);
@@ -1131 +1228 @@
         , m_streamingParser(m_info.get(), m_client)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -1137 +1235 @@
     static WasmStreamingParser* create(VM& vm, JSGlobalObject* globalObject)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         Structure* structure = createStructure(vm, globalObject, jsNull());
         WasmStreamingParser* result = new (NotNull, allocateCell<WasmStreamingParser>(vm.heap)) WasmStreamingParser(vm, structure);
@@ -1145 +1244 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
     }
@@ -1152 +1252 @@
     void finishCreation(VM& vm)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         Base::finishCreation(vm);
 
@@ -1170 +1271 @@
 EncodedJSValue JSC_HOST_CALL functionWasmStreamingParserAddBytes(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(exec->vm());
+
     auto* thisObject = jsDynamicCast<WasmStreamingParser*>(vm, exec->thisValue());
     if (!thisObject)
@@ -1183 +1286 @@
 EncodedJSValue JSC_HOST_CALL functionWasmStreamingParserFinalize(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     auto* thisObject = jsDynamicCast<WasmStreamingParser*>(vm, exec->thisValue());
@@ -1202 +1306 @@
 static NO_RETURN_DUE_TO_CRASH EncodedJSValue JSC_HOST_CALL functionCrash(ExecState*)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     CRASH();
 }
@@ -1209 +1314 @@
 static EncodedJSValue JSC_HOST_CALL functionBreakpoint(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     // Nothing should throw here but we might as well double check...
     VM& vm = exec->vm();
@@ -1223 +1329 @@
 static EncodedJSValue JSC_HOST_CALL functionDFGTrue(ExecState*)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     return JSValue::encode(jsBoolean(false));
 }
@@ -1230 +1337 @@
 static EncodedJSValue JSC_HOST_CALL functionFTLTrue(ExecState*)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     return JSValue::encode(jsBoolean(false));
 }
@@ -1235 +1343 @@
 static EncodedJSValue JSC_HOST_CALL functionCpuMfence(ExecState*)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
 #if CPU(X86_64) && !OS(WINDOWS)
     asm volatile("mfence" ::: "memory");
@@ -1243 +1352 @@
 static EncodedJSValue JSC_HOST_CALL functionCpuRdtsc(ExecState*)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
 #if CPU(X86_64) && !OS(WINDOWS)
     unsigned high;
@@ -1255 +1365 @@
 static EncodedJSValue JSC_HOST_CALL functionCpuCpuid(ExecState*)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
 #if CPU(X86_64) && !OS(WINDOWS)
     WTF::x86_cpuid();
@@ -1263 +1374 @@
 static EncodedJSValue JSC_HOST_CALL functionCpuPause(ExecState*)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
 #if CPU(X86_64) && !OS(WINDOWS)
     asm volatile ("pause" ::: "memory");
@@ -1280 +1392 @@
 static EncodedJSValue JSC_HOST_CALL functionCpuClflush(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
 #if CPU(X86_64) && !OS(WINDOWS)
     VM& vm = exec->vm();
@@ -1325 +1438 @@
         , m_jitType(JITType::None)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
 
@@ -1345 +1459 @@
 static FunctionExecutable* getExecutableForFunction(JSValue theFunctionValue)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     if (!theFunctionValue.isCell())
         return nullptr;
@@ -1363 +1478 @@
 static EncodedJSValue JSC_HOST_CALL functionLLintTrue(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     if (!exec)
         return JSValue::encode(jsUndefined());
@@ -1374 +1490 @@
 static EncodedJSValue JSC_HOST_CALL functionJITTrue(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     if (!exec)
         return JSValue::encode(jsUndefined());
@@ -1387 +1504 @@
 static EncodedJSValue JSC_HOST_CALL functionNoInline(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     if (exec->argumentCount() < 1)
         return JSValue::encode(jsUndefined());
@@ -1402 +1520 @@
 static EncodedJSValue JSC_HOST_CALL functionGC(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VMInspector::gc(exec);
     return JSValue::encode(jsUndefined());
@@ -1410 +1529 @@
 static EncodedJSValue JSC_HOST_CALL functionEdenGC(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VMInspector::edenGC(exec);
     return JSValue::encode(jsUndefined());
@@ -1418 +1538 @@
 static EncodedJSValue JSC_HOST_CALL functionDumpSubspaceHashes(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     VMInspector::dumpSubspaceHashes(&vm);
@@ -1439 +1560 @@
 static EncodedJSValue JSC_HOST_CALL functionCallFrame(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     unsigned frameNumber = 1;
     if (exec->argumentCount() >= 1) {
@@ -1459 +1581 @@
 static EncodedJSValue JSC_HOST_CALL functionCodeBlockForFrame(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     unsigned frameNumber = 1;
     if (exec->argumentCount() >= 1) {
@@ -1479 +1602 @@
 static CodeBlock* codeBlockFromArg(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     if (exec->argumentCount() < 1)
@@ -1512 +1636 @@
 static EncodedJSValue JSC_HOST_CALL functionCodeBlockFor(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     CodeBlock* codeBlock = codeBlockFromArg(exec);
     WTF::StringPrintStream stream;
@@ -1525 +1650 @@
 static EncodedJSValue JSC_HOST_CALL functionDumpSourceFor(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     CodeBlock* codeBlock = codeBlockFromArg(exec);
     if (codeBlock)
@@ -1535 +1661 @@
 static EncodedJSValue JSC_HOST_CALL functionDumpBytecodeFor(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     CodeBlock* codeBlock = codeBlockFromArg(exec);
     if (codeBlock)
@@ -1543 +1670 @@
 static EncodedJSValue doPrint(ExecState* exec, bool addLineFeed)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     auto scope = DECLARE_THROW_SCOPE(exec->vm());
     for (unsigned i = 0; i < exec->argumentCount(); ++i) {
@@ -1566 +1694 @@
 static EncodedJSValue JSC_HOST_CALL functionDataLog(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     const bool addLineFeed = false;
     return doPrint(exec, addLineFeed);
@@ -1574 +1703 @@
 static EncodedJSValue JSC_HOST_CALL functionPrint(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     const bool addLineFeed = true;
     return doPrint(exec, addLineFeed);
@@ -1582 +1712 @@
 static EncodedJSValue JSC_HOST_CALL functionDumpCallFrame(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     // When the callers call this function, they are expecting to dump their
     // own frame. So skip 1 for this frame.
@@ -1592 +1723 @@
 static EncodedJSValue JSC_HOST_CALL functionDumpStack(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     // When the callers call this function, they are expecting to dump the
     // stack starting their own frame. So skip 1 for this frame.
@@ -1605 +1737 @@
 static EncodedJSValue JSC_HOST_CALL functionDumpRegisters(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     unsigned requestedFrameIndex = 1;
     if (exec->argumentCount() >= 1) {
@@ -1632 +1765 @@
 static EncodedJSValue JSC_HOST_CALL functionDumpCell(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     JSValue value = exec->argument(0);
     if (!value.isCell())
@@ -1644 +1778 @@
 static EncodedJSValue JSC_HOST_CALL functionIndexingMode(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     if (!exec->argument(0).isObject())
         return encodedJSUndefined();
@@ -1654 +1789 @@
 static EncodedJSValue JSC_HOST_CALL functionInlineCapacity(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     if (auto* object = jsDynamicCast<JSObject*>(vm, exec->argument(0)))
@@ -1665 +1801 @@
 static EncodedJSValue JSC_HOST_CALL functionValue(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     WTF::StringPrintStream stream;
     for (unsigned i = 0; i < exec->argumentCount(); ++i) {
@@ -1679 +1816 @@
 static EncodedJSValue JSC_HOST_CALL functionGetPID(ExecState*)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     return JSValue::encode(jsNumber(getCurrentProcessID()));
 }
@@ -1686 +1824 @@
 static EncodedJSValue JSC_HOST_CALL functionHaveABadTime(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1705 +1844 @@
 static EncodedJSValue JSC_HOST_CALL functionIsHavingABadTime(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1727 +1867 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateGlobalObject(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1735 +1876 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateProxy(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1748 +1890 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateRuntimeArray(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     JSLockHolder lock(exec);
     RuntimeArray* array = RuntimeArray::create(exec);
@@ -1755 +1898 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateNullRopeString(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1762 +1906 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateImpureGetter(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1775 +1920 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateCustomGetterObject(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1784 +1930 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITNodeObject(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1793 +1940 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITGetterObject(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1802 +1950 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITGetterComplexObject(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1811 +1960 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITFunctionObject(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1820 +1970 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITCheckSubClassObject(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1829 +1980 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateDOMJITGetterBaseJSObject(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1839 +1991 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateWasmStreamingParser(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1847 +2000 @@
 static EncodedJSValue JSC_HOST_CALL functionSetImpureGetterDelegate(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1868 +2022 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateBuiltin(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
@@ -1885 +2040 @@
 static EncodedJSValue JSC_HOST_CALL functionGetPrivateProperty(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
@@ -1902 +2058 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateRoot(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1909 +2066 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateElement(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1921 +2079 @@
 static EncodedJSValue JSC_HOST_CALL functionGetElement(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1932 +2091 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateSimpleObject(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1939 +2099 @@
 static EncodedJSValue JSC_HOST_CALL functionGetHiddenValue(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1953 +2114 @@
 static EncodedJSValue JSC_HOST_CALL functionSetHiddenValue(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSLockHolder lock(vm);
@@ -1969 +2131 @@
 static EncodedJSValue JSC_HOST_CALL functionShadowChickenFunctionsOnStack(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
@@ -1993 +2156 @@
 static EncodedJSValue JSC_HOST_CALL functionSetGlobalConstRedeclarationShouldNotThrow(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     vm.setGlobalConstRedeclarationShouldThrow(false);
@@ -2000 +2164 @@
 static EncodedJSValue JSC_HOST_CALL functionFindTypeForExpression(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     RELEASE_ASSERT(vm.typeProfiler());
@@ -2019 +2184 @@
 static EncodedJSValue JSC_HOST_CALL functionReturnTypeFor(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     RELEASE_ASSERT(vm.typeProfiler());
@@ -2034 +2200 @@
 static EncodedJSValue JSC_HOST_CALL functionFlattenDictionaryObject(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSValue value = exec->argument(0);
@@ -2043 +2210 @@
 static EncodedJSValue JSC_HOST_CALL functionDumpBasicBlockExecutionRanges(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     RELEASE_ASSERT(vm.controlFlowProfiler());
@@ -2051 +2219 @@
 static EncodedJSValue JSC_HOST_CALL functionHasBasicBlockExecuted(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     RELEASE_ASSERT(vm.controlFlowProfiler());
@@ -2070 +2239 @@
 static EncodedJSValue JSC_HOST_CALL functionBasicBlockExecutionCount(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     RELEASE_ASSERT(vm.controlFlowProfiler());
@@ -2089 +2259 @@
 static EncodedJSValue JSC_HOST_CALL functionEnableExceptionFuzz(ExecState*)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     Options::useExceptionFuzz() = true;
     return JSValue::encode(jsUndefined());
 }
 
+class DoNothingDebugger final : public Debugger {
+    WTF_MAKE_NONCOPYABLE(DoNothingDebugger);
+    WTF_MAKE_FAST_ALLOCATED;
+public:
+    DoNothingDebugger(VM& vm)
+        : Debugger(vm)
+    {
+        RELEASE_ASSERT(Options::useDollarVM());
+        setSuppressAllPauses(true);
+    }
+
+private:
+    void sourceParsed(ExecState*, SourceProvider*, int, const WTF::String&) override
+    {
+        RELEASE_ASSERT(Options::useDollarVM());
+    }
+};
+
 static EncodedJSValue changeDebuggerModeWhenIdle(ExecState* exec, OptionSet<CodeGenerationMode> codeGenerationMode)
 {
-    bool newDebuggerMode = codeGenerationMode.contains(CodeGenerationMode::Debugger);
-    if (Options::forceDebuggerBytecodeGeneration() == newDebuggerMode)
+    RELEASE_ASSERT(Options::useDollarVM());
+    JSGlobalObject* globalObject = exec->lexicalGlobalObject();
+
+    bool debuggerRequested = codeGenerationMode.contains(CodeGenerationMode::Debugger);
+    if (debuggerRequested == globalObject->hasDebugger())
         return JSValue::encode(jsUndefined());
 
     VM* vm = &exec->vm();
     vm->whenIdle([=] () {
-        Options::forceDebuggerBytecodeGeneration() = newDebuggerMode;
-        vm->deleteAllCode(PreventCollectionAndDeleteAllCode);
-        if (newDebuggerMode)
-            vm->ensureShadowChicken();
+        if (debuggerRequested) {
+            Debugger* debugger = new DoNothingDebugger(globalObject->vm());
+            globalObject->setDebugger(debugger);
+            debugger->activateBreakpoints(); // Also deletes all code.
+        } else {
+            Debugger* debugger = globalObject->debugger();
+            debugger->deactivateBreakpoints(); // Also deletes all code.
+            globalObject->setDebugger(nullptr);
+            delete debugger;
+        }
     });
     return JSValue::encode(jsUndefined());
@@ -2111 +2309 @@
 static EncodedJSValue JSC_HOST_CALL functionEnableDebuggerModeWhenIdle(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     return changeDebuggerModeWhenIdle(exec, { CodeGenerationMode::Debugger });
 }
@@ -2116 +2315 @@
 static EncodedJSValue JSC_HOST_CALL functionDisableDebuggerModeWhenIdle(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     return changeDebuggerModeWhenIdle(exec, { });
 }
@@ -2121 +2321 @@
 static EncodedJSValue JSC_HOST_CALL functionDeleteAllCodeWhenIdle(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM* vm = &exec->vm();
     vm->whenIdle([=] () {
@@ -2130 +2331 @@
 static EncodedJSValue JSC_HOST_CALL functionGlobalObjectCount(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     return JSValue::encode(jsNumber(exec->vm().heap.globalObjectCount()));
 }
@@ -2135 +2337 @@
 static EncodedJSValue JSC_HOST_CALL functionGlobalObjectForObject(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     JSValue value = exec->argument(0);
     RELEASE_ASSERT(value.isObject());
@@ -2144 +2347 @@
 static EncodedJSValue JSC_HOST_CALL functionGetGetterSetter(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
@@ -2173 +2377 @@
 static EncodedJSValue JSC_HOST_CALL functionLoadGetterFromGetterSetter(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
@@ -2189 +2394 @@
 static EncodedJSValue JSC_HOST_CALL functionCreateCustomTestGetterSetter(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSGlobalObject* globalObject = exec->lexicalGlobalObject();
@@ -2196 +2402 @@
 static EncodedJSValue JSC_HOST_CALL functionDeltaBetweenButterflies(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     JSObject* a = jsDynamicCast<JSObject*>(vm, exec->argument(0));
@@ -2212 +2419 @@
 static EncodedJSValue JSC_HOST_CALL functionTotalGCTime(ExecState* exec)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     VM& vm = exec->vm();
     return JSValue::encode(jsNumber(vm.heap.totalGCTime().seconds()));
@@ -2218 +2426 @@
 static EncodedJSValue JSC_HOST_CALL functionParseCount(ExecState*)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     return JSValue::encode(jsNumber(globalParseCount.load()));
 }
@@ -2223 +2432 @@
 static EncodedJSValue JSC_HOST_CALL functionIsWasmSupported(ExecState*)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
 #if ENABLE(WEBASSEMBLY)
     return JSValue::encode(jsBoolean(Wasm::isSupported()));
@@ -2232 +2442 @@
 void JSDollarVM::finishCreation(VM& vm)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     Base::finishCreation(vm);
 
@@ -2352 +2563 @@
 void JSDollarVM::addFunction(VM& vm, JSGlobalObject* globalObject, const char* name, NativeFunction function, unsigned arguments)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     Identifier identifier = Identifier::fromString(vm, name);
     putDirect(vm, identifier, JSFunction::create(vm, globalObject, arguments, identifier.string(), function));
@@ -2358 +2570 @@
 void JSDollarVM::addConstructibleFunction(VM& vm, JSGlobalObject* globalObject, const char* name, NativeFunction function, unsigned arguments)
 {
+    RELEASE_ASSERT(Options::useDollarVM());
     Identifier identifier = Identifier::fromString(vm, name);
     putDirect(vm, identifier, JSFunction::create(vm, globalObject, arguments, identifier.string(), function, NoIntrinsic, function));

trunk/Source/JavaScriptCore/tools/JSDollarVM.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -27 +27 @@
 
 #include "JSObject.h"
+#include "Options.h"
 
 namespace JSC {
-    
+
 class JSDollarVM final : public JSNonFinalObject {
 public:
@@ -38 +39 @@
     static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         return Structure::create(vm, globalObject, prototype, TypeInfo(ObjectType, StructureFlags), info());
     }
@@ -43 +45 @@
     static JSDollarVM* create(VM& vm, Structure* structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
         JSDollarVM* instance = new (NotNull, allocateCell<JSDollarVM>(vm.heap)) JSDollarVM(vm, structure);
         instance->finishCreation(vm);
@@ -52 +55 @@
         : Base(vm, structure)
     {
+        RELEASE_ASSERT(Options::useDollarVM());
     }
+
 
     void finishCreation(VM&);

trunk/Source/WTF/ChangeLog ¶

@@ +1 @@
+2019-09-12  Mark Lam  <mark.lam@apple.com>
+
+        Harden JSC against the abuse of runtime options.
+        https://bugs.webkit.org/show_bug.cgi?id=201597
+        <rdar://problem/55167068>
+
+        Reviewed by Filip Pizlo.
+
+        Add a source file that was missing so that Xcode can search its contents too.
+
+        * WTF.xcodeproj/project.pbxproj:
+
 2019-09-09  Tim Horton  <timothy_horton@apple.com>
 

trunk/Source/WTF/WTF.xcodeproj/project.pbxproj ¶

@@ -692 +692 @@
                 FE1E2C392240C05400F6B729 /* PtrTag.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PtrTag.cpp; sourceTree = "<group>"; };
                 FE1E2C41224187C600F6B729 /* PlatformRegisters.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PlatformRegisters.cpp; sourceTree = "<group>"; };
+                FE3842342325CC80009DD445 /* ResourceUsage.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ResourceUsage.h; sourceTree = "<group>"; };
                 FE7497E4208FFCAA0003565B /* PtrTag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PtrTag.h; sourceTree = "<group>"; };
                 FE7497ED209163060003565B /* MetaAllocatorPtr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MetaAllocatorPtr.h; sourceTree = "<group>"; };
@@ -1116 +1117 @@
                                 86F46F5F1A2840EE00CCBF22 /* RefCounter.h */,
                                 A8A47303151A825B004123FF /* RefPtr.h */,
+                                FE3842342325CC80009DD445 /* ResourceUsage.h */,
                                 A8A47305151A825B004123FF /* RetainPtr.h */,
                                 2CDED0F118115C85004DBA70 /* RunLoop.cpp */,

trunk/Source/WebCore/ChangeLog ¶

@@ +1 @@
+2019-09-12  Mark Lam  <mark.lam@apple.com>
+
+        Harden JSC against the abuse of runtime options.
+        https://bugs.webkit.org/show_bug.cgi?id=201597
+        <rdar://problem/55167068>
+
+        Reviewed by Filip Pizlo.
+
+        No new tests.  Covered by existing tests.
+
+        Enable Options::useDollarVM before we tell the JSGlobalObject to exposeDollarVM().
+        The $vm utility is now hardened to require that Options::useDollarVM be
+        enabled in order for it to be used.
+
+        * testing/js/WebCoreTestSupport.cpp:
+        (WebCoreTestSupport::injectInternalsObject):
+
 2019-09-12  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebCore/testing/js/WebCoreTestSupport.cpp ¶

@@ -64 +64 @@
     if (is<Document>(*scriptContext)) {
         globalObject->putDirect(vm, Identifier::fromString(vm, Internals::internalsId), toJS(exec, globalObject, Internals::create(downcast<Document>(*scriptContext))));
+        Options::useDollarVM() = true;
         globalObject->exposeDollarVM(vm);
     }

trunk/Source/WebKit/ChangeLog ¶

@@ +1 @@
+2019-09-12  Mark Lam  <mark.lam@apple.com>
+
+        Harden JSC against the abuse of runtime options.
+        https://bugs.webkit.org/show_bug.cgi?id=201597
+        <rdar://problem/55167068>
+
+        Reviewed by Filip Pizlo.
+
+        Linux parts contributed by Carlos Garcia Campos <cgarcia@igalia.com>.
+
+        1. Add plumbing to allow WK2 tests to configureJSCForTesting().
+        2. Removed the call enable Options::useBigInt in WebInspectorUI.
+           WebInspectorUI doesn't really need it for now.
+
+        * PluginProcess/unix/PluginProcessMainUnix.cpp:
+        * Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceEntryPoint.h:
+        (WebKit::XPCServiceInitializer):
+        * Shared/unix/AuxiliaryProcessMain.cpp:
+        (WebKit::AuxiliaryProcessMainBase::parseCommandLine):
+        * Shared/unix/AuxiliaryProcessMain.h:
+        (WebKit::AuxiliaryProcessMain):
+        * UIProcess/API/APIProcessPoolConfiguration.cpp:
+        (API::ProcessPoolConfiguration::copy):
+        * UIProcess/API/APIProcessPoolConfiguration.h:
+        * UIProcess/API/C/WKContextConfigurationRef.cpp:
+        (WKContextConfigurationSetShouldConfigureJSCForTesting):
+        * UIProcess/API/C/WKContextConfigurationRef.h:
+        * UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h:
+        * UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm:
+        (-[_WKProcessPoolConfiguration configureJSCForTesting]):
+        (-[_WKProcessPoolConfiguration setConfigureJSCForTesting:]):
+        * UIProcess/Launcher/ProcessLauncher.h:
+        (WebKit::ProcessLauncher::Client::shouldConfigureJSCForTesting const):
+        * UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:
+        (WebKit::ProcessLauncher::launchProcess):
+        * UIProcess/Launcher/mac/ProcessLauncherMac.mm:
+        (WebKit::ProcessLauncher::launchProcess):
+        * UIProcess/WebProcessProxy.cpp:
+        (WebKit::WebProcessProxy::shouldConfigureJSCForTesting const):
+        * UIProcess/WebProcessProxy.h:
+        * WebProcess/WebPage/WebInspectorUI.cpp:
+        (WebKit::WebInspectorUI::WebInspectorUI):
+
 2019-09-12  Michael Catanzaro  <mcatanzaro@igalia.com>
 

trunk/Source/WebKit/PluginProcess/unix/PluginProcessMainUnix.cpp ¶

@@ -74 +74 @@
             ASSERT(argc == 3);
 #if PLUGIN_ARCHITECTURE(UNIX)
+            InitializeWebKit2();
             exit(NetscapePluginModule::scanPlugin(argv[2]) ? EXIT_SUCCESS : EXIT_FAILURE);
 #else

trunk/Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceEntryPoint.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -77 +77 @@
 void XPCServiceInitializer(OSObjectPtr<xpc_connection_t> connection, xpc_object_t initializerMessage, xpc_object_t priorityBoostMessage)
 {
-    if (initializerMessage && xpc_dictionary_get_bool(initializerMessage, "disable-jit"))
-        JSC::ExecutableAllocator::setJITEnabled(false);
+    if (initializerMessage) {
+        if (xpc_dictionary_get_bool(initializerMessage, "configure-jsc-for-testing"))
+            JSC::Config::configureForTesting();
+        if (xpc_dictionary_get_bool(initializerMessage, "disable-jit"))
+            JSC::ExecutableAllocator::setJITEnabled(false);
+    }
 
     XPCServiceInitializerDelegateType delegate(WTFMove(connection), initializerMessage);

trunk/Source/WebKit/Shared/unix/AuxiliaryProcessMain.cpp ¶

@@ -27 +27 @@
 #include "AuxiliaryProcessMain.h"
 
+#include <JavaScriptCore/Options.h>
 #include <WebCore/ProcessIdentifier.h>
 #include <stdlib.h>
+#include <string.h>
 
 namespace WebKit {
@@ -40 +42 @@
     m_parameters.processIdentifier = makeObjectIdentifier<WebCore::ProcessIdentifierType>(atoll(argv[1]));
     m_parameters.connectionIdentifier = atoi(argv[2]);
+#if ENABLE(DEVELOPER_MODE)
+    if (argc > 3 && !strcmp(argv[3], "--configure-jsc-for-testing"))
+        JSC::Config::configureForTesting();
+#endif
     return true;
 }

trunk/Source/WebKit/Shared/unix/AuxiliaryProcessMain.h ¶

@@ -58 +58 @@
         return EXIT_FAILURE;
 
-    InitializeWebKit2();
-
     if (!auxiliaryMain.parseCommandLine(argc, argv))
         return EXIT_FAILURE;
+
+    InitializeWebKit2();
 
     initializeAuxiliaryProcess<AuxiliaryProcessType>(auxiliaryMain.takeInitializationParameters());

trunk/Source/WebKit/UIProcess/API/APIProcessPoolConfiguration.cpp ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -101 +101 @@
     copy->m_shouldCaptureAudioInUIProcess = this->m_shouldCaptureAudioInUIProcess;
     copy->m_shouldCaptureDisplayInUIProcess = this->m_shouldCaptureDisplayInUIProcess;
+    copy->m_shouldConfigureJSCForTesting = this->m_shouldConfigureJSCForTesting;
     copy->m_isJITEnabled = this->m_isJITEnabled;
     copy->m_downloadMonitorSpeedMultiplier = this->m_downloadMonitorSpeedMultiplier;

trunk/Source/WebKit/UIProcess/API/APIProcessPoolConfiguration.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -148 +148 @@
     void setShouldCaptureDisplayInUIProcess(bool shouldCaptureDisplayInUIProcess) { m_shouldCaptureDisplayInUIProcess = shouldCaptureDisplayInUIProcess; }
 
+    bool shouldConfigureJSCForTesting() const { return m_shouldConfigureJSCForTesting; }
+    void setShouldConfigureJSCForTesting(bool value) { m_shouldConfigureJSCForTesting = value; }
     bool isJITEnabled() const { return m_isJITEnabled; }
     void setJITEnabled(bool enabled) { m_isJITEnabled = enabled; }
@@ -219 +221 @@
     bool m_clientWouldBenefitFromAutomaticProcessPrewarming { false };
     WTF::String m_customWebContentServiceBundleIdentifier;
+    bool m_shouldConfigureJSCForTesting { false };
     bool m_isJITEnabled { true };
     bool m_usesSingleWebProcess { false };

trunk/Source/WebKit/UIProcess/API/C/WKContextConfigurationRef.cpp ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -215 +215 @@
 }
 
+void WKContextConfigurationSetShouldConfigureJSCForTesting(WKContextConfigurationRef configuration, bool value)
+{
+    toImpl(configuration)->setShouldConfigureJSCForTesting(value);
+}

trunk/Source/WebKit/UIProcess/API/C/WKContextConfigurationRef.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -91 +91 @@
 WK_EXPORT void WKContextConfigurationSetDiskCacheSizeOverride(WKContextConfigurationRef configuration, int64_t size) WK_C_API_DEPRECATED;
     
+WK_EXPORT void WKContextConfigurationSetShouldConfigureJSCForTesting(WKContextConfigurationRef configuration, bool value);
+
 #ifdef __cplusplus
 }

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -73 +73 @@
 @property (nonatomic, nullable, copy, setter=setHSTSStorageDirectory:) NSURL *hstsStorageDirectory WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
 
+@property (nonatomic) BOOL configureJSCForTesting WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+
 @end
 

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -410 +410 @@
 }
 
+- (BOOL)configureJSCForTesting
+{
+    return _processPoolConfiguration->shouldConfigureJSCForTesting();
+}
+
+- (void)setConfigureJSCForTesting:(BOOL)value
+{
+    _processPoolConfiguration->setShouldConfigureJSCForTesting(value);
+}
+
 #pragma mark WKObject protocol implementation
 

trunk/Source/WebKit/UIProcess/Launcher/ProcessLauncher.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2010, 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -56 +56 @@
         
         virtual void didFinishLaunching(ProcessLauncher*, IPC::Connection::Identifier) = 0;
+        virtual bool shouldConfigureJSCForTesting() const { return false; }
         virtual bool isJITEnabled() const { return true; }
     };

trunk/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp ¶

@@ -114 +114 @@
         nargs += prefixArgs.size();
     }
+
+    bool configureJSCForTesting = false;
+    if (m_launchOptions.processType == ProcessLauncher::ProcessType::Web && m_client && m_client->shouldConfigureJSCForTesting()) {
+        configureJSCForTesting = true;
+        nargs++;
+    }
 #endif
 
@@ -126 +132 @@
     argv[i++] = processIdentifier.get();
     argv[i++] = webkitSocket.get();
+#if ENABLE(DEVELOPER_MODE)
+    if (configureJSCForTesting)
+        argv[i++] = const_cast<char*>("--configure-jsc-for-testing");
+#endif
 #if ENABLE(NETSCAPE_PLUGIN_API)
     argv[i++] = const_cast<char*>(realPluginPath.data());

trunk/Source/WebKit/UIProcess/Launcher/mac/ProcessLauncherMac.mm ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -175 +175 @@
     auto bootstrapMessage = adoptOSObject(xpc_dictionary_create(nullptr, nullptr, 0));
     
-    if (m_client && !m_client->isJITEnabled())
-        xpc_dictionary_set_bool(bootstrapMessage.get(), "disable-jit", true);
+    if (m_client) {
+        if (m_client->shouldConfigureJSCForTesting())
+            xpc_dictionary_set_bool(bootstrapMessage.get(), "configure-jsc-for-testing", true);
+        if (!m_client->isJITEnabled())
+            xpc_dictionary_set_bool(bootstrapMessage.get(), "disable-jit", true);
+    }
 
     xpc_dictionary_set_string(bootstrapMessage.get(), "message-name", "bootstrap");

trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -1314 +1314 @@
 }
 
+bool WebProcessProxy::shouldConfigureJSCForTesting() const
+{
+    return processPool().configuration().shouldConfigureJSCForTesting();
+}
+
 bool WebProcessProxy::isJITEnabled() const
 {

trunk/Source/WebKit/UIProcess/WebProcessProxy.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -336 +336 @@
 #endif
 
+    bool shouldConfigureJSCForTesting() const final;
     bool isJITEnabled() const final;
 

trunk/Source/WebKit/WebProcess/WebPage/WebInspectorUI.cpp ¶

@@ -52 +52 @@
     , m_frontendAPIDispatcher(page)
 {
-    JSC::Options::useBigInt() = true;
-        
     RuntimeEnabledFeatures::sharedFeatures().setInspectorAdditionsEnabled(true);
     RuntimeEnabledFeatures::sharedFeatures().setImageBitmapOffscreenCanvasEnabled(true);

trunk/Tools/ChangeLog ¶

@@ +1 @@
+2019-09-12  Mark Lam  <mark.lam@apple.com>
+
+        Harden JSC against the abuse of runtime options.
+        https://bugs.webkit.org/show_bug.cgi?id=201597
+        <rdar://problem/55167068>
+
+        Reviewed by Filip Pizlo.
+
+        Linux parts contributed by Carlos Garcia Campos <cgarcia@igalia.com>.
+        Windows parts contributed by Fujii Hironori <Hironori.Fujii@sony.com>.
+
+        Call JSC::Config::configureForTesting() in test harnesses or at the top of tests
+        to disable the hardening on test runs.  Tests rely on setting options to enable
+        test features.
+
+        * DumpRenderTree/mac/DumpRenderTree.mm:
+        (dumpRenderTree):
+        * DumpRenderTree/win/DumpRenderTree.cpp:
+        (initialize):
+        * TestWebKitAPI/PlatformUtilities.cpp:
+        (TestWebKitAPI::Util::createContextWithInjectedBundle):
+        * TestWebKitAPI/Tests/JavaScriptCore/glib/TestJSC.cpp:
+        (main):
+        * TestWebKitAPI/Tests/WebKitCocoa/ApplePay.mm:
+        (TestWebKitAPI::TEST):
+        (TestWebKitAPI::runActiveSessionTest):
+        * TestWebKitAPI/Tests/WebKitCocoa/WKWebViewDiagnosticLogging.mm:
+        (TEST):
+        * TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm:
+        (TEST):
+        * TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.mm:
+        (TestWebKitAPI::TEST):
+        * TestWebKitAPI/WKWebViewConfigurationExtras.h:
+        * TestWebKitAPI/WKWebViewConfigurationExtras.mm:
+        (+[WKWebViewConfiguration _test_configurationWithTestPlugInClassName:]):
+        (+[WKWebViewConfiguration _test_configurationWithTestPlugInClassName:configureJSCForTesting:]):
+        * WebKitTestRunner/TestController.cpp:
+        (WTR::TestController::generateContextConfiguration const):
+
 2019-09-12  Keith Rollin  <krollin@apple.com>
 

trunk/Tools/DumpRenderTree/mac/DumpRenderTree.mm ¶

@@ -58 +58 @@
 #import "WorkQueueItem.h"
 #import <CoreFoundation/CoreFoundation.h>
+#import <JavaScriptCore/JSCConfig.h>
 #import <JavaScriptCore/Options.h>
 #import <JavaScriptCore/TestRunnerUtils.h>
@@ -1284 +1285 @@
 void dumpRenderTree(int argc, const char *argv[])
 {
+    JSC::Config::configureForTesting();
+
 #if PLATFORM(IOS_FAMILY)
     setUpIOSLayoutTestCommunication();

trunk/Tools/DumpRenderTree/win/DumpRenderTree.cpp ¶

@@ -315 +315 @@
 static void initialize()
 {
+    JSC::Config::configureForTesting();
+
     if (HMODULE webKitModule = LoadLibrary(WEBKITDLL))
         if (FARPROC dllRegisterServer = GetProcAddress(webKitModule, "DllRegisterServer"))

trunk/Tools/TestWebKitAPI/PlatformUtilities.cpp ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -41 +41 @@
     auto configuration = adoptWK(WKContextConfigurationCreate());
     WKContextConfigurationSetInjectedBundlePath(configuration.get(), injectedBundlePath.get());
+    WKContextConfigurationSetShouldConfigureJSCForTesting(configuration.get(), true);
     return WKContextCreateWithConfiguration(configuration.get());
 }

trunk/Tools/TestWebKitAPI/Tests/JavaScriptCore/glib/TestJSC.cpp ¶

@@ -3742 +3742 @@
     g_test_init(&argc, &argv, nullptr);
 
+    // options should always be the first test, since changing options
+    // is not allowed after the first VM instance is created.
+    g_test_add_func("/jsc/options", testsJSCOptions);
     g_test_add_func("/jsc/basic", testJSCBasic);
     g_test_add_func("/jsc/types", testJSCTypes);
@@ -3756 +3759 @@
     g_test_add_func("/jsc/weak-value", testJSCWeakValue);
     g_test_add_func("/jsc/vm", testsJSCVirtualMachine);
-    g_test_add_func("/jsc/options", testsJSCOptions);
 #ifdef G_DEFINE_AUTOPTR_CLEANUP_FUNC
     g_test_add_func("/jsc/autocleanups", testsJSCAutocleanups);

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ApplePay.mm ¶

@@ -95 +95 @@
     auto messageHandler = adoptNS([[TestApplePayAvailableScriptMessageHandler alloc] initWithAPIsAvailableExpectation:YES canMakePaymentsExpectation:YES]);
 
-    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals"];
+    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
     [configuration.userContentController addScriptMessageHandler:messageHandler.get() name:@"testApplePay"];
 
@@ -113 +113 @@
     auto userScript = adoptNS([[WKUserScript alloc] initWithSource:userScriptSource injectionTime:WKUserScriptInjectionTimeAtDocumentStart forMainFrameOnly:YES]);
 
-    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals"];
+    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
     [configuration.userContentController addUserScript:userScript.get()];
     [configuration.userContentController addScriptMessageHandler:messageHandler.get() name:@"testApplePay"];
@@ -136 +136 @@
     auto userScript = adoptNS([[WKUserScript alloc] initWithSource:userScriptSource injectionTime:WKUserScriptInjectionTimeAtDocumentStart forMainFrameOnly:YES]);
 
-    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals"];
+    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
     [configuration.userContentController addUserScript:userScript.get()];
     [configuration.userContentController addScriptMessageHandler:messageHandler.get() name:@"testApplePay"];
@@ -157 +157 @@
     auto userScript = adoptNS([[WKUserScript alloc] initWithSource:userScriptSource injectionTime:WKUserScriptInjectionTimeAtDocumentEnd forMainFrameOnly:YES]);
     
-    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals"];
+    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
     [configuration.userContentController addUserScript:userScript.get()];
     [configuration.userContentController addScriptMessageHandler:messageHandler.get() name:@"testApplePay"];
@@ -177 +177 @@
     auto messageHandler = adoptNS([[TestApplePayAvailableScriptMessageHandler alloc] initWithAPIsAvailableExpectation:YES canMakePaymentsExpectation:NO]);
 
-    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals"];
+    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
     [configuration.userContentController addScriptMessageHandler:messageHandler.get() name:@"testApplePay"];
 
@@ -198 +198 @@
     auto messageHandler = adoptNS([[TestApplePayAvailableScriptMessageHandler alloc] initWithAPIsAvailableExpectation:YES canMakePaymentsExpectation:NO]);
 
-    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals"];
+    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
     [configuration.userContentController addScriptMessageHandler:messageHandler.get() name:@"testApplePay"];
 
@@ -222 +222 @@
     auto userScript = adoptNS([[WKUserScript alloc] initWithSource:userScriptSource injectionTime:WKUserScriptInjectionTimeAtDocumentStart forMainFrameOnly:YES]);
 
-    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals"];
+    WKWebViewConfiguration *configuration = [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES];
     [configuration.userContentController addScriptMessageHandler:messageHandler.get() name:@"testApplePay"];
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebViewDiagnosticLogging.mm ¶

@@ -88 +88 @@
 TEST(WKWebView, DiagnosticLoggingDictionary)
 {
-    auto webView = adoptNS([[WKWebView alloc] initWithFrame:CGRectZero configuration:[WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals"]]);
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:CGRectZero configuration:[WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"WebProcessPlugInWithInternals" configureJSCForTesting:YES]]);
     auto testLoggingDelegate = adoptNS([TestLoggingDelegate new]);
     [webView _setDiagnosticLoggingDelegate:testLoggingDelegate.get()];

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm ¶

@@ -31 +31 @@
 #import "TestNavigationDelegate.h"
 #import "TestWKWebView.h"
+#import <JavaScriptCore/JSCConfig.h>
 #import <WebKit/WKPreferencesRef.h>
 #import <WebKit/WKProcessPoolPrivate.h>
@@ -618 +619 @@
 TEST(WebKit, MediaCache)
 {
+    JSC::Config::configureForTesting();
+
     std::atomic<bool> done = false;
     using namespace TestWebKitAPI;

trunk/Tools/TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.mm ¶

@@ -32 +32 @@
 #import <Carbon/Carbon.h>
 #import <IOKit/pwr_mgt/IOPMLib.h>
+#import <JavaScriptCore/JSCConfig.h>
 #import <JavaScriptCore/JSContext.h>
 #import <WebCore/Settings.h>
@@ -143 +144 @@
 TEST(WebKitLegacy, MediaPlaybackSleepAssertion)
 {
+    JSC::Config::configureForTesting();
+
     didFinishLoad = false;
     didBeginPlaying = false;

trunk/Tools/TestWebKitAPI/WKWebViewConfigurationExtras.h ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28 +28 @@
 @interface WKWebViewConfiguration (TestWebKitAPIExtras)
 + (instancetype)_test_configurationWithTestPlugInClassName:(NSString *)className;
++ (instancetype)_test_configurationWithTestPlugInClassName:(NSString *)className configureJSCForTesting:(BOOL)value;
 @end

trunk/Tools/TestWebKitAPI/WKWebViewConfigurationExtras.mm ¶

@@ -1 +1 @@
 /*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -36 +36 @@
 + (instancetype)_test_configurationWithTestPlugInClassName:(NSString *)className
 {
+    return [WKWebViewConfiguration _test_configurationWithTestPlugInClassName:className configureJSCForTesting:NO];
+}
+
++ (instancetype)_test_configurationWithTestPlugInClassName:(NSString *)className configureJSCForTesting:(BOOL)value
+{
     auto processPoolConfiguration = adoptNS([[_WKProcessPoolConfiguration alloc] init]);
     [processPoolConfiguration setInjectedBundleURL:[[NSBundle mainBundle] URLForResource:@"TestWebKitAPI" withExtension:@"wkbundle"]];
+    [processPoolConfiguration setConfigureJSCForTesting:value];
 
     auto processPool = adoptNS([[WKProcessPool alloc] _initWithConfiguration:processPoolConfiguration.get()]);

trunk/Tools/WebKitTestRunner/TestController.cpp ¶

@@ -504 +504 @@
     }
 
+    WKContextConfigurationSetShouldConfigureJSCForTesting(configuration.get(), true);
+
     return configuration;
 }