Changeset 95900 in webkit

Timestamp:

Sep 23, 2011 8:51:55 PM (13 years ago)

Author:

abarth@webkit.org

Message:

Canvas security checks show up on HTML5GamingTest benchmark
​https://bugs.webkit.org/show_bug.cgi?id=68743

Reviewed by Oliver Hunt.

Prior to this patch, the canvas security checks took as much as 4% of
the time on the HTML5GamingTest benchmark:

​http://craftymind.com/factory/guimark2/HTML5GamingTest.html

This patch uses a couple of AtomicStrings and shuffles around the order
of the security check to take this down to around 0.1% (which is near
the noise floor of what I can measure with my profiler).

• html/canvas/CanvasRenderingContext.cpp:

(WebCore::CanvasRenderingContext::wouldTaintOrigin):

• loader/CrossOriginAccessControl.cpp:

(WebCore::passesAccessControlCheck):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• html/canvas/CanvasRenderingContext.cpp (modified) (1 diff)
• loader/CrossOriginAccessControl.cpp (modified) (2 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-09-23  Adam Barth  <abarth@webkit.org>
+
+        Canvas security checks show up on HTML5GamingTest benchmark
+        https://bugs.webkit.org/show_bug.cgi?id=68743
+
+        Reviewed by Oliver Hunt.
+
+        Prior to this patch, the canvas security checks took as much as 4% of
+        the time on the HTML5GamingTest benchmark:
+
+        http://craftymind.com/factory/guimark2/HTML5GamingTest.html
+
+        This patch uses a couple of AtomicStrings and shuffles around the order
+        of the security check to take this down to around 0.1% (which is near
+        the noise floor of what I can measure with my profiler).
+
+        * html/canvas/CanvasRenderingContext.cpp:
+        (WebCore::CanvasRenderingContext::wouldTaintOrigin):
+        * loader/CrossOriginAccessControl.cpp:
+        (WebCore::passesAccessControlCheck):
+
 2011-09-23  Justin Novosad  <junov@chromium.org>
 

trunk/Source/WebCore/html/canvas/CanvasRenderingContext.cpp

@@ -62 +62 @@
 
     CachedImage* cachedImage = image->cachedImage();
-    if (!cachedImage->passesAccessControlCheck(canvas()->securityOrigin())) {
-        if (wouldTaintOrigin(cachedImage->response().url()))
-            return true;
-    }
-
     if (!cachedImage->image()->hasSingleSecurityOrigin())
         return true;
 
-    return false;
+    return wouldTaintOrigin(cachedImage->response().url()) && !cachedImage->passesAccessControlCheck(canvas()->securityOrigin());
 }
 

trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp

@@ -137 +137 @@
 bool passesAccessControlCheck(const ResourceResponse& response, StoredCredentials includeCredentials, SecurityOrigin* securityOrigin, String& errorDescription)
 {
+    AtomicallyInitializedStatic(AtomicString, accessControlAllowOrigin = "access-control-allow-origin");
+    AtomicallyInitializedStatic(AtomicString, accessControlAllowCredentials = "access-control-allow-credentials");
+
     // A wildcard Access-Control-Allow-Origin can not be used if credentials are to be sent,
     // even with Access-Control-Allow-Credentials set to true.
-    const String& accessControlOriginString = response.httpHeaderField("Access-Control-Allow-Origin");
+    const String& accessControlOriginString = response.httpHeaderField(accessControlAllowOrigin);
     if (accessControlOriginString == "*" && includeCredentials == DoNotAllowStoredCredentials)
         return true;
@@ -159 +162 @@
 
     if (includeCredentials == AllowStoredCredentials) {
-        const String& accessControlCredentialsString = response.httpHeaderField("Access-Control-Allow-Credentials");
+        const String& accessControlCredentialsString = response.httpHeaderField(accessControlAllowCredentials);
         if (accessControlCredentialsString != "true") {
             errorDescription = "Credentials flag is true, but Access-Control-Allow-Credentials is not \"true\".";