Samuel Lelièvre | 30 Jul 11:36 2015
Picon

Re: SVG horizontal and vertical lines not rendered in Safari

Hi Benjamin,

Yes, could you please confirm (when you can)
if this is solved in Safari 9. That would be a relief.

Samuel

2015-07-30 10:38 GMT+02:00 Benjamin Poulain <benjamin <at> webkit.org>:
> Hi Samuel,
>
> It looks like this bug is fixed in WebKit. I attached a screenshot of your
> test case run in WebKit Nightly.
>
> I don't have a release branch of Safari 9 with me tonight but I can check
> tomorrow if that is important.
>
> Benjamin
>
>
> On 7/30/15 1:28 AM, Samuel Lelièvre wrote:
>>
>> Hello,
>>
>> In Safari, horizontal and vertical lines in SVG pictures
>> are not rendered [1] [2].
>>
>> [1]
>> http://samuel.lelievre.free.fr/bug/safari-svg-bug-horizontal-vertical-line.html
>> [2] https://github.com/matplotlib/matplotlib/issues/991/
>>
(Continue reading)

Samuel Lelièvre | 30 Jul 10:28 2015
Picon

SVG horizontal and vertical lines not rendered in Safari

Hello,

In Safari, horizontal and vertical lines in SVG pictures
are not rendered [1] [2].

[1] http://samuel.lelievre.free.fr/bug/safari-svg-bug-horizontal-vertical-line.html
[2] https://github.com/matplotlib/matplotlib/issues/991/

I understand that this is a Webkit bug.
Is that correct? Is the bug referenced
in the Webkit issue tracker? Is there
progress?

Sadly I don't have time to install Webkit
and do serious bug testing and reporting,
but I subscribed to webkit-help so I can
read replies to the list.

Samuel
Sharma, Rupali | 30 Jul 05:30 2015

Incorrect values to JSC from .js

Hi,

 

While running a web page which eventually runs a javascript, we are seeing, the data values (floating point) cease to pass correcty to the JSC. To be precise, when in method:

JSValue::toNumber()

When the tag is pointing to double type, but the ‘asDouble’ value is ‘PNaN’.  So I have following questions:

1.       I am certain, the .js is sending right values, as I see them correctly passed in older EAport( based on WebKit-r157437). Where should I check ‘u’ is getting faulty values from in JSC?

2.       Is it okay for u.asBits.tag to be isDouble, whereas ‘asDouble’ value is not finite. What are the cases if it is?

3.       I do see a major change being made to JSC - https://lists.webkit.org/pipermail/webkit-dev/2014-January/026143.html

It could be related to it?

 

To give more details if needed, here is the URL which I am using - http://hakim.se/experiments/html5/trail/03/

Also, I see the same issue with WinCairo as well.  However, I don’t see the issue with JIT disabled platforms.

 

Thanks,
Rupali

 

 

<div>
<div class="WordSection1">
<p class="MsoNormal"><span>Hi,<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>While running a web page which eventually runs a javascript, we are seeing, the data values (floating point) cease to pass correcty to
 the JSC. To be precise, when in method:<p></p></span></p>
<p class="MsoNormal"><span>JSValue</span><span>::toNumber</span><span>()</span><span><p></p></span></p>
<p class="MsoNormal"><span>When the tag is pointing to double type, but the &lsquo;asDouble&rsquo; value is &lsquo;PNaN&rsquo;. &nbsp;So I have following questions:<p></p></span></p>
<p class="MsoListParagraph"><span><span>1.<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><span>I am certain, the .js is sending right values, as I see them correctly passed in older EAport( based on
</span><span>WebKit-r157437). Where should I check &lsquo;u&rsquo; is getting faulty values from in JSC?</span><span><p></p></span></p>
<p class="MsoListParagraph"><span><span>2.<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><span>Is it okay for u.asBits.tag to be isDouble, whereas &lsquo;asDouble&rsquo; value is not finite. What are the cases if it is?<p></p></span></p>
<p class="MsoListParagraph"><span><span>3.<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span></span><span>I do see a major change being made to JSC -
</span><a href="https://lists.webkit.org/pipermail/webkit-dev/2014-January/026143.html"><span>https://lists.webkit.org/pipermail/webkit-dev/2014-January/026143.html</span></a><span><p></p></span></p>
<p class="MsoNormal"><span>It could be related to it?<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>To give more details if needed, here is the URL which I am using -
<a href="http://hakim.se/experiments/html5/trail/03/"><span>http://hakim.se/experiments/html5/trail/03/</span></a></span><span><p></p></span></p>
<p class="MsoNormal"><span>Also, I see the same issue with WinCairo as well. &nbsp;However, I don&rsquo;t see the issue with JIT disabled platforms.<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>Thanks,<br>
Rupali<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
</div>
</div>
Vienneau, Christopher | 29 Jul 20:03 2015

Nightly builds webpage not updating source download

Hi,

 

At http://nightly.webkit.org/ it appears the “Mac OS X” download gets updated regularly but the “Source” download hasn’t been updated since Oct 2014.  I’m curious if this is broken, or its intentionally not supported.

 

Thanks

 

Chris Vienneau

<div>
<div class="WordSection1">
<p class="MsoNormal">Hi,<p></p></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal">At <a href="http://nightly.webkit.org/">http://nightly.webkit.org/</a> it appears the &ldquo;Mac OS X&rdquo; download gets updated regularly but the &ldquo;Source&rdquo; download hasn&rsquo;t been updated since Oct 2014.&nbsp; I&rsquo;m curious if this is broken, or its intentionally
 not supported.<p></p></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal">Thanks<p></p></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal">Chris Vienneau<p></p></p>
</div>
</div>
Sharma, Rupali | 29 Jul 02:27 2015

Re: Memory corruption with webkit using JIT

 

 

From: Sharma, Rupali
Sent: Tuesday, July 28, 2015 5:21 PM
To: 'webkit-help <at> lists.webkit.org'
Subject: RE: [webkit-help] Memory corruption with webkit using JIT

 

Hello,

 

We confirmed that PC-64bit version of our demo has JIT enabled, and we do NOT see the crash in there. Therefore, this issue is x86-specific only for us.

 

Thanks,
Rupali

 

From: Sharma, Rupali
Sent: Monday, July 27, 2015 11:35 AM
To: 'Alex Christensen'
Cc: webkit-help <at> lists.webkit.org
Subject: RE: [webkit-help] Memory corruption with webkit using JIT

 

Hello,

 

To follow-up, do we have any update on this issue we are facing?

 

Thanks,

Rupali

 

From: Alex Christensen [mailto:achristensen <at> apple.com]
Sent: Thursday, July 23, 2015 11:03 AM
To: Sharma, Rupali
Cc: webkit-help <at> lists.webkit.org
Subject: Re: [webkit-help] Memory corruption with webkit using JIT

 

I’m not an expert in the JSC JIT, but do you see this problem when the JIT is disabled in Platform.h?

 

<div>
<div class="WordSection1">
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<div>
<div>
<p class="MsoNormal"><span>From:</span><span> Sharma, Rupali
<br>Sent: Tuesday, July 28, 2015 5:21 PM<br>To: 'webkit-help <at> lists.webkit.org'<br>Subject: RE: [webkit-help] Memory corruption with webkit using JIT<p></p></span></p>
</div>
</div>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal"><span>Hello,<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>We confirmed that PC-64bit version of our demo has JIT enabled, and we do NOT see the crash in there. Therefore, this issue is x86-specific only for us.<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>Thanks,<br>
Rupali<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<div>
<div>
<p class="MsoNormal"><span>From:</span><span> Sharma, Rupali
<br>Sent: Monday, July 27, 2015 11:35 AM<br>To: 'Alex Christensen'<br>Cc: <a href="mailto:webkit-help <at> lists.webkit.org">webkit-help <at> lists.webkit.org</a><br>Subject: RE: [webkit-help] Memory corruption with webkit using JIT<p></p></span></p>
</div>
</div>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal"><span>Hello,<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>To follow-up, do we have any update on this issue we are facing?<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>Thanks,<p></p></span></p>
<p class="MsoNormal"><span>Rupali<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<div>
<div>
<p class="MsoNormal"><span>From:</span><span> Alex Christensen [<a href="mailto:achristensen <at> apple.com">mailto:achristensen <at> apple.com</a>]
<br>Sent: Thursday, July 23, 2015 11:03 AM<br>To: Sharma, Rupali<br>Cc: <a href="mailto:webkit-help <at> lists.webkit.org">webkit-help <at> lists.webkit.org</a><br>Subject: Re: [webkit-help] Memory corruption with webkit using JIT<p></p></span></p>
</div>
</div>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal">I&rsquo;m not an expert in the JSC JIT, but do you see this problem when the JIT is disabled in Platform.h?<p></p></p>
<div>
<p class="MsoNormal"><p>&nbsp;</p></p>
</div>
</div>
</div>
Sharma, Rupali | 23 Jul 19:46 2015

Memory corruption with webkit using JIT

Hello,

 

We are seeing an access violation exception, on our PC-32 bit  version of EAWebKit Demo (which is using JIT) on a 3d-demo i.e. http://deanm.github.com/pre3d/monster.html

We’ve seen the same crash on WinCairo, however it doesn’t happen on our PS4 version of EAWebKitDemo, which doesn’t use JIT. So that points the corruption happening within JSC.  Looking at the heap stats from debugger, we don’t see any leaks, and that is the reason, we are more sure about it being an invalid write, most probably overwriting the guard fill.

 

We don’t see the crash with older WebKit build, which was too old (WebKit-r157437) though. Our present webkit is build – 179714 of the trunk.  Are you aware of the memory corruption issues with JIT?

 

Although it’s way ahead than the point of interest, but here is the call stack of the crash on WinCairo debug build:

 

00 0018ee74 0a8e4759 WTF!WTFCrash+0x21 [c:\cygwin\home\rupsharma\archives\179714\source\wtf\wtf\assertions.cpp <at> 321]

01 0018ee98 0a90fe80 JavaScriptCore!JSC::PropertyTable::reinsert+0xa9 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\propertymaphashtable.h <at> 484]

02 0018eec8 0a90cecf JavaScriptCore!JSC::PropertyTable::rehash+0x110 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\propertymaphashtable.h <at> 512]

03 0018ef04 0a906b0d JavaScriptCore!JSC::PropertyTable::add+0xbf [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\propertymaphashtable.h <at> 356]

04 0018ef5c 0a903141 JavaScriptCore!JSC::Structure::add+0x12d [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\structure.cpp <at> 902]

05 0018ef8c 0a839222 JavaScriptCore!JSC::Structure::addPropertyTransition+0x221 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\structure.cpp <at> 422]

06 0018f014 0a882369 JavaScriptCore!JSC::JSObject::putDirectInternal<0>+0x572 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\jsobject.h <at> 1392]

07 0018f0c0 0a5a15b8 JavaScriptCore!JSC::JSObject::put+0x229 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\jsobject.cpp <at> 356]

08 0018f0e8 0a7205fa JavaScriptCore!JSC::JSValue::put+0x78 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\jscjsvalueinlines.h <at> 750]

09 0018f154 0a71b109 JavaScriptCore!putByVal+0x17a [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\jit\jitoperations.cpp <at> 476]

0a 0018f1e8 11c33a35 JavaScriptCore!operationPutByVal+0x259 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\jit\jitoperations.cpp <at> 533]

WARNING: Frame IP not in any known module. Following frames may be wrong.

0b 0018f358 0a9b1e8b 0x11c33a35

0c 0018f3b0 0a80f604 JavaScriptCore!llint_entry+0x425f [C:\Debug_WinCairo\bin32\Debug_WinCairo\obj32\JavaScriptCore\DerivedSources\LowLevelInterpreterWin.asm <at> 7119]

0d 0018f3f8 114c023d JavaScriptCore!slow_path_enter+0x114 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\commonslowpaths.cpp <at> 520]

0e 0018f448 0a9ada99 0x114c023d

0f 0018f4a4 0a70c599 JavaScriptCore!vmEntryToJavaScript+0x109 [C:\Debug_WinCairo\bin32\Debug_WinCairo\obj32\JavaScriptCore\DerivedSources\LowLevelInterpreterWin.asm <at> 110]

10 0018f500 0a6e71e2 JavaScriptCore!JSC::JITCode::execute+0xd9 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\jit\jitcode.cpp <at> 77]

11 0018f604 0a801fce JavaScriptCore!JSC::Interpreter::executeCall+0x3e2 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\interpreter\interpreter.cpp <at> 978]

12 0018f630 0a802027 JavaScriptCore!JSC::call+0x7e [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\calldata.cpp <at> 39]

*** WARNING: Unable to verify checksum for WebKit.dll

13 0018f678 047f7dc4 JavaScriptCore!JSC::call+0x47 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\calldata.cpp <at> 44]

14 0018f6bc 0479a24e WebKit!WebCore::JSMainThreadExecState::call+0x54 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\bindings\js\jsmainthreadexecstate.h <at> 56]

15 0018f7e0 0479a4a2 WebKit!WebCore::ScheduledAction::executeFunctionInContext+0x1de [c:\cygwin\home\rupsharma\archives\179714\source\webcore\bindings\js\scheduledaction.cpp <at> 104]

16 0018f820 04799f76 WebKit!WebCore::ScheduledAction::execute+0xf2 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\bindings\js\scheduledaction.cpp <at> 126]

17 0018f830 0536d9a4 WebKit!WebCore::ScheduledAction::execute+0x36 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\bindings\js\scheduledaction.cpp <at> 79]

18 0018f904 051fc8c5 WebKit!WebCore::DOMTimer::fired+0x1f4 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\page\domtimer.cpp <at> 369]

19 0018f93c 051fc766 WebKit!WebCore::ThreadTimers::sharedTimerFiredInternal+0x155 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\platform\threadtimers.cpp <at> 132]

1a 0018f944 05793d1f WebKit!WebCore::ThreadTimers::sharedTimerFired+0x16 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\platform\threadtimers.cpp <at> 108]

1b 0018f950 755962fa WebKit!WebCore::TimerWindowWndProc+0xaf [c:\cygwin\home\rupsharma\archives\179714\source\webcore\platform\win\sharedtimerwin.cpp <at> 92]

1c 0018f97c 75596d3a user32!InternalCallWinProc+0x23

1d 0018f9f4 755977c4 user32!UserCallWinProcCheckWow+0x109

1e 0018fa54 7559788a user32!DispatchMessageWorker+0x3bc

1f 0018fa64 046cbd6d user32!DispatchMessageW+0xf

*** WARNING: Unable to verify checksum for WinLauncher.dll

20 0018fa8c 1000ab25 WebKit!WebKitMessageLoop::run+0x6d [c:\cygwin\home\rupsharma\archives\179714\source\webkit\win\webkitmessageloop.cpp <at> 96]

21 0018fb58 1000cfc8 WinLauncher_10000000!wWinMain+0x625 [c:\cygwin\home\rupsharma\archives\179714\tools\winlauncher\winmain.cpp <at> 168]

*** WARNING: Unable to verify checksum for WinLauncher.exe

*** ERROR: Module load completed but symbols could not be loaded for WinLauncher.exe

22 0018fb70 004014ab WinLauncher_10000000!dllLauncherEntryPoint+0x18 [c:\cygwin\home\rupsharma\archives\179714\tools\winlauncher\common.cpp <at> 832]

23 0018ff3c 00404203 WinLauncher+0x14ab

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for kernel32.dll -

24 0018ff88 76d2337a WinLauncher+0x4203

25 0018ff94 773392e2 kernel32!BaseThreadInitThunk+0x12

26 0018ffd4 773392b5 ntdll!__RtlUserThreadStart+0x70

27 0018ffec 00000000 ntdll!_RtlUserThreadStart+0x1b

 

 

Thanks,

Rupali

 

 

 

<div>
<div class="WordSection1">
<p class="MsoNormal"><span>Hello,<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p><span>We are seeing an access violation exception, on our PC-32 bit &nbsp;version of EAWebKit Demo (which is using JIT) on
 a 3d-demo i.e. </span><span><a href="http://deanm.github.com/pre3d/monster.html"><span>http://deanm.github.com/pre3d/monster.html</span></a>
<p></p></span></p>
<p class="MsoNormal"><span>We&rsquo;ve seen the same crash on WinCairo, however it doesn&rsquo;t happen on our PS4 version of EAWebKitDemo, which doesn&rsquo;t use JIT. So that points
 the corruption happening within JSC. &nbsp;Looking at the heap stats from debugger, we don&rsquo;t see any leaks, and that is the reason, we are more sure about it being an invalid write, most probably overwriting the guard fill.<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>We don&rsquo;t see the crash with older WebKit build, which was too old (WebKit-r157437) though. Our present webkit is build &ndash; 179714 of the
 trunk. &nbsp;Are you aware of the memory corruption issues with JIT?<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>Although it&rsquo;s way ahead than the point of interest, but here is the call stack of the crash on WinCairo debug build:<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>00 0018ee74 0a8e4759 WTF!WTFCrash+0x21 [c:\cygwin\home\rupsharma\archives\179714\source\wtf\wtf\assertions.cpp  <at>  321]<p></p></span></p>
<p class="MsoNormal"><span>01 0018ee98 0a90fe80 JavaScriptCore!JSC::PropertyTable::reinsert+0xa9 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\propertymaphashtable.h
  <at>  484]<p></p></span></p>
<p class="MsoNormal"><span>02 0018eec8 0a90cecf JavaScriptCore!JSC::PropertyTable::rehash+0x110 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\propertymaphashtable.h
  <at>  512]<p></p></span></p>
<p class="MsoNormal"><span>03 0018ef04 0a906b0d JavaScriptCore!JSC::PropertyTable::add+0xbf [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\propertymaphashtable.h
  <at>  356]<p></p></span></p>
<p class="MsoNormal"><span>04 0018ef5c 0a903141 JavaScriptCore!JSC::Structure::add+0x12d [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\structure.cpp
  <at>  902]<p></p></span></p>
<p class="MsoNormal"><span>05 0018ef8c 0a839222 JavaScriptCore!JSC::Structure::addPropertyTransition+0x221 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\structure.cpp
  <at>  422]<p></p></span></p>
<p class="MsoNormal"><span>06 0018f014 0a882369 JavaScriptCore!JSC::JSObject::putDirectInternal&lt;0&gt;+0x572 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\jsobject.h
  <at>  1392]<p></p></span></p>
<p class="MsoNormal"><span>07 0018f0c0 0a5a15b8 JavaScriptCore!JSC::JSObject::put+0x229 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\jsobject.cpp
  <at>  356]<p></p></span></p>
<p class="MsoNormal"><span>08 0018f0e8 0a7205fa JavaScriptCore!JSC::JSValue::put+0x78 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\jscjsvalueinlines.h
  <at>  750]<p></p></span></p>
<p class="MsoNormal"><span>09 0018f154 0a71b109 JavaScriptCore!putByVal+0x17a [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\jit\jitoperations.cpp
  <at>  476]<p></p></span></p>
<p class="MsoNormal"><span>0a 0018f1e8 11c33a35 JavaScriptCore!operationPutByVal+0x259 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\jit\jitoperations.cpp
  <at>  533]<p></p></span></p>
<p class="MsoNormal"><span>WARNING: Frame IP not in any known module. Following frames may be wrong.<p></p></span></p>
<p class="MsoNormal"><span>0b 0018f358 0a9b1e8b 0x11c33a35<p></p></span></p>
<p class="MsoNormal"><span>0c 0018f3b0 0a80f604 JavaScriptCore!llint_entry+0x425f [C:\Debug_WinCairo\bin32\Debug_WinCairo\obj32\JavaScriptCore\DerivedSources\LowLevelInterpreterWin.asm
  <at>  7119]<p></p></span></p>
<p class="MsoNormal"><span>0d 0018f3f8 114c023d JavaScriptCore!slow_path_enter+0x114 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\commonslowpaths.cpp
  <at>  520]<p></p></span></p>
<p class="MsoNormal"><span>0e 0018f448 0a9ada99 0x114c023d<p></p></span></p>
<p class="MsoNormal"><span>0f 0018f4a4 0a70c599 JavaScriptCore!vmEntryToJavaScript+0x109 [C:\Debug_WinCairo\bin32\Debug_WinCairo\obj32\JavaScriptCore\DerivedSources\LowLevelInterpreterWin.asm
  <at>  110]<p></p></span></p>
<p class="MsoNormal"><span>10 0018f500 0a6e71e2 JavaScriptCore!JSC::JITCode::execute+0xd9 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\jit\jitcode.cpp
  <at>  77]<p></p></span></p>
<p class="MsoNormal"><span>11 0018f604 0a801fce JavaScriptCore!JSC::Interpreter::executeCall+0x3e2 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\interpreter\interpreter.cpp
  <at>  978]<p></p></span></p>
<p class="MsoNormal"><span>12 0018f630 0a802027 JavaScriptCore!JSC::call+0x7e [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\calldata.cpp
  <at>  39]<p></p></span></p>
<p class="MsoNormal"><span>*** WARNING: Unable to verify checksum for WebKit.dll<p></p></span></p>
<p class="MsoNormal"><span>13 0018f678 047f7dc4 JavaScriptCore!JSC::call+0x47 [c:\cygwin\home\rupsharma\archives\179714\source\javascriptcore\runtime\calldata.cpp
  <at>  44]<p></p></span></p>
<p class="MsoNormal"><span>14 0018f6bc 0479a24e WebKit!WebCore::JSMainThreadExecState::call+0x54 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\bindings\js\jsmainthreadexecstate.h
  <at>  56]<p></p></span></p>
<p class="MsoNormal"><span>15 0018f7e0 0479a4a2 WebKit!WebCore::ScheduledAction::executeFunctionInContext+0x1de [c:\cygwin\home\rupsharma\archives\179714\source\webcore\bindings\js\scheduledaction.cpp
  <at>  104]<p></p></span></p>
<p class="MsoNormal"><span>16 0018f820 04799f76 WebKit!WebCore::ScheduledAction::execute+0xf2 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\bindings\js\scheduledaction.cpp
  <at>  126]<p></p></span></p>
<p class="MsoNormal"><span>17 0018f830 0536d9a4 WebKit!WebCore::ScheduledAction::execute+0x36 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\bindings\js\scheduledaction.cpp
  <at>  79]<p></p></span></p>
<p class="MsoNormal"><span>18 0018f904 051fc8c5 WebKit!WebCore::DOMTimer::fired+0x1f4 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\page\domtimer.cpp
  <at>  369]<p></p></span></p>
<p class="MsoNormal"><span>19 0018f93c 051fc766 WebKit!WebCore::ThreadTimers::sharedTimerFiredInternal+0x155 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\platform\threadtimers.cpp
  <at>  132]<p></p></span></p>
<p class="MsoNormal"><span>1a 0018f944 05793d1f WebKit!WebCore::ThreadTimers::sharedTimerFired+0x16 [c:\cygwin\home\rupsharma\archives\179714\source\webcore\platform\threadtimers.cpp
  <at>  108]<p></p></span></p>
<p class="MsoNormal"><span>1b 0018f950 755962fa WebKit!WebCore::TimerWindowWndProc+0xaf [c:\cygwin\home\rupsharma\archives\179714\source\webcore\platform\win\sharedtimerwin.cpp
  <at>  92]<p></p></span></p>
<p class="MsoNormal"><span>1c 0018f97c 75596d3a user32!InternalCallWinProc+0x23<p></p></span></p>
<p class="MsoNormal"><span>1d 0018f9f4 755977c4 user32!UserCallWinProcCheckWow+0x109<p></p></span></p>
<p class="MsoNormal"><span>1e 0018fa54 7559788a user32!DispatchMessageWorker+0x3bc<p></p></span></p>
<p class="MsoNormal"><span>1f 0018fa64 046cbd6d user32!DispatchMessageW+0xf<p></p></span></p>
<p class="MsoNormal"><span>*** WARNING: Unable to verify checksum for WinLauncher.dll<p></p></span></p>
<p class="MsoNormal"><span>20 0018fa8c 1000ab25 WebKit!WebKitMessageLoop::run+0x6d [c:\cygwin\home\rupsharma\archives\179714\source\webkit\win\webkitmessageloop.cpp
  <at>  96]<p></p></span></p>
<p class="MsoNormal"><span>21 0018fb58 1000cfc8 WinLauncher_10000000!wWinMain+0x625 [c:\cygwin\home\rupsharma\archives\179714\tools\winlauncher\winmain.cpp
  <at>  168]<p></p></span></p>
<p class="MsoNormal"><span>*** WARNING: Unable to verify checksum for WinLauncher.exe<p></p></span></p>
<p class="MsoNormal"><span>*** ERROR: Module load completed but symbols could not be loaded for WinLauncher.exe<p></p></span></p>
<p class="MsoNormal"><span>22 0018fb70 004014ab WinLauncher_10000000!dllLauncherEntryPoint+0x18 [c:\cygwin\home\rupsharma\archives\179714\tools\winlauncher\common.cpp
  <at>  832]<p></p></span></p>
<p class="MsoNormal"><span>23 0018ff3c 00404203 WinLauncher+0x14ab<p></p></span></p>
<p class="MsoNormal"><span>*** ERROR: Symbol file could not be found.&nbsp; Defaulted to export symbols for kernel32.dll -
<p></p></span></p>
<p class="MsoNormal"><span>24 0018ff88 76d2337a WinLauncher+0x4203<p></p></span></p>
<p class="MsoNormal"><span>25 0018ff94 773392e2 kernel32!BaseThreadInitThunk+0x12<p></p></span></p>
<p class="MsoNormal"><span>26 0018ffd4 773392b5 ntdll!__RtlUserThreadStart+0x70<p></p></span></p>
<p class="MsoNormal"><span>27 0018ffec 00000000 ntdll!_RtlUserThreadStart+0x1b<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span>Thanks,<p></p></span></p>
<p class="MsoNormal"><span>Rupali<p></p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><span><p>&nbsp;</p></span></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
</div>
</div>
Picon

How to set getter on document.location?

I'm working on controlled environment for analysing malicious JS code. I use PhantomJS (based on Webkit) to execute it.

Now I'm trying to intercept get acces to window.location to return fake location to analysed script, but I can't do it. My test JS code:
Object.defineProperty(window.location, "href",
{
  get: function ()
  {
    document.write("HOOK");
  }
});
console.log(window.location);

When I try to execute it I got "Attempting to change access mechanism for an unconfigurable property.". I patched Location.idl: added "Deletable" to "attribute DOMString href", rebuilt the project and test it again. This won't work too. I tried to patch DOMWindow.idl (Deletable on attribute location) and other files and now I gave up with it.

Could you please help me with this task? How can I make attributes "hookable" in Webkit?
<div><div dir="ltr">
<div>
<div>
<div>I'm working on controlled environment for analysing malicious JS code. I use PhantomJS (based on Webkit) to execute it.<br><br>
</div>Now
 I'm trying to intercept get acces to window.location to return fake 
location to analysed script, but I can't do it. My test JS code:<br>Object.defineProperty(window.location, "href",<br>{<br>&nbsp; get: function ()<br>&nbsp; {<br>&nbsp;&nbsp;&nbsp; document.write("HOOK");<br>&nbsp; }<br>});<br>console.log(window.location);<br><br>
</div>When
 I try to execute it I got "Attempting to change access mechanism for an
 unconfigurable property.". I patched Location.idl: added "Deletable" to
 "attribute DOMString href", rebuilt the project and test it again. This
 won't work too. I tried to patch DOMWindow.idl (Deletable on attribute 
location) and other files and now I gave up with it.<br><br>
</div>Could you please help me with this task? How can I make attributes "hookable" in Webkit?</div></div>
Tuan Bach Quoc | 7 Jul 00:07 2015
Picon

Content blocker, performance issue

Hi Webkit team,

I was reading the documentation around the content blocker extension. there is one sentence that triggers my curiosity:

If the rule compiler detects that a set of rules would negatively impact user experience, it refuses to load them and returns an error.

The compiler will check the performance of the rules only once? or every time a page is loaded?

Basically my concern is that the performance of the set of rules are also impacted by the page the user is currently loading. The performance of a set of rules could be different depending on which website it is applied to right ?

Could we have more details on how the compiler works and how does it evaluate if the rules are "negatively impact user experience" ?

Many thanks in advance for reading,

Tuan
<div><div dir="ltr">Hi Webkit team,<div><br></div>
<div>I was reading the documentation around the content blocker extension. there is one sentence that triggers my curiosity:</div>
<div><br></div>
<div>
<span>If the rule compiler detects that a set of rules would negatively impact user experience, it refuses to load them and returns an error.</span><br>
</div>
<div><br></div>
<div>The compiler will check the performance of the rules only once? or every time a page is loaded?</div>
<div><br></div>
<div>Basically my concern is that the performance of the set of rules are also impacted by the page the user is currently loading. The performance of a set of rules could be different depending on which website it is applied to right ?</div>
<div><br></div>
<div>Could we have more details on how the compiler works and how does it evaluate if the rules are "<span>negatively impact user experience" ?</span>
</div>
<div><span><br></span></div>
<div><span>Many thanks in advance for reading,</span></div>
<div><span><br></span></div>
<div><span>Tuan</span></div>
</div></div>
signup_mail2002 | 6 Jul 20:46 2015
Picon

Content blocker vs filtering


Hi,

I am wondering is webkit's content blocking extension framework different then the network content filtering announced for ios9?

I am wondering if this can't be combined in functionality somewhat.

First of all all browsers on iOS has to use WebKit (as far as I know) so an extension would or could apply to all iOS browsers right?

Secondly a simpler content blocking is via URL/IP matching using local or remote blacklist (no way this can be created via JSON rules - too big, and how can these be updated efficiently) So WOT, SiteAdvisor, LinkChecker, Safe Web, etc.

What these plug-in do in general
1)URL/IP scanning (i.e.: category base blocking, parental control)
2)content scanning (AV and Ad scan usually)
3)link annotation (same as #1 but ads info beside the link as a visual annotation). This require a way to modify content (iOS is the only platform where this is not possible without resorting to VPN/Proxy which is costly and slow)

Basically we need the following entry points:

1) configuration for block page, whitelist/blacklist (exception list that are mutually exclusive I imagine). If you define RESTful protocol for filtering on URL/API and you do the caching (remember this can be used for parental control because it contents site categories and dangerous info) then we can simply provide a URL and define authentication mechanism (ex: access token). This makes things simple for page blocking.

2) before page load get event to decide if page can be loaded. URL/IP info is needed. If WebKit uses REST model then we just configure the back end info and WebKit will handle everything else.

3) before page is shown after page is ready, give event for opportunity to inspect the page or modify the content ( we are all sandboxed apps/extension there should be no restriction on what we can do). Having DOM obj of the page would make things easy or allow injection of JavaScript. If this is done at network level MITM attack would be used to decrypt HTTPS traffic (used by most if not all Enterprise grade filtering proxies) and not something I like particularly.

4) if a page is blocked but is allowed to load there must be mechanism to allow the page to load without going into an infinite loop (I.e.: temporary unblock)

I think JSON format is good for simple static logic but not necessarily flexible enough for all cases. In my opinion it is not very future proof (let 3rd party worry about the filtering/block logic).

Let me know if there is another mailing list for content filtering that I am talking about or I am missing something about this new feature.

<div>
<p dir="ltr"><br>
Hi,</p>
<p dir="ltr">I am wondering is webkit's content blocking extension framework different then the network content filtering announced for ios9?</p>
<p dir="ltr">I am wondering if this can't be combined in functionality somewhat. </p>
<p dir="ltr">First of all all browsers on iOS has to use WebKit (as far as I know) so an extension would or could apply to all iOS browsers right?</p>
<p dir="ltr">Secondly a simpler content blocking is via URL/IP matching using local or remote blacklist (no way this can be created via JSON rules - too big, and how can these be updated efficiently) So WOT, SiteAdvisor, LinkChecker, Safe Web, etc. </p>
<p dir="ltr">What these plug-in do in general<br>
1)URL/IP scanning (i.e.: category base blocking, parental control)<br>
2)content scanning (AV and Ad scan usually)<br>
3)link annotation (same as #1 but ads info beside the link as a visual annotation). This require a way to modify content (iOS is the only platform where this is not possible without resorting to VPN/Proxy which is costly and slow)</p>
<p dir="ltr">Basically we need the following entry points:</p>
<p dir="ltr">1) configuration for block page, whitelist/blacklist (exception list that are mutually exclusive I imagine). If you define RESTful protocol for filtering on URL/API and you do the caching (remember this can be used for parental control because it contents site categories and dangerous info) then we can simply provide a URL and define authentication mechanism (ex: access token). This makes things simple for page blocking.</p>
<p dir="ltr">2) before page load get event to decide if page can be loaded. URL/IP info is needed. If WebKit uses REST model then we just configure the back end info and WebKit will handle everything else.</p>
<p dir="ltr">3) before page is shown after page is ready, give event for opportunity to inspect the page or modify the content ( we are all sandboxed apps/extension there should be no restriction on what we can do). Having DOM obj of the page would make things easy or allow injection of JavaScript. If this is done at network level MITM attack would be used to decrypt HTTPS traffic (used by most if not all Enterprise grade filtering proxies) and not something I like particularly.</p>
<p dir="ltr">4) if a page is blocked but is allowed to load there must be mechanism to allow the page to load without going into an infinite loop (I.e.: temporary unblock)</p>
<p dir="ltr">I think JSON format is good for simple static logic but not necessarily flexible enough for all cases. In my opinion it is not very future proof (let 3rd party worry about the filtering/block logic).</p>
<p dir="ltr">Let me know if there is another mailing list for content filtering that I am talking about or I am missing something about this new feature.</p>
</div>
Brent Montrose | 22 Jun 19:11 2015
Picon

Content Blocking

Hello

I have another question regarding Content Blocking, and performance.

For the "Action" types of "css-display-none" are the following two
examples effectively the same (hiding content on example.com)?

Example 1:

"trigger": {
"url-filter": "^https?://([^/]*\.)?example\.com"
},
"action": {
"type": "css-display-none",
"selector": ".ad"
}

Example 2:
"trigger": {
"url-filter": "^https?://",
"if-domain": "example.com"
},
"action": {
"type": "css-display-none",
"selector": ".ad"
}

Example 1 explicitly specifies the domain in the "url-filter".
Example 2 uses a very generic "url-filter", but utilizes the
"if-domain" restrict which domains the selector would be applied to.

Are these two rules effectively the same?  (I think they are based on
my understanding).  Also, is there a performance difference between
the two?  If so, which one would perform better, and why?

Thanks for your assistance.

-- Brent
Robert Jones | 17 Jun 06:54 2015
Picon

Testing content blocking

Hi All,

I'm trying out some things with the new content blocking features in WebKit.  Does anyone have suggestions on how to test content blocking beyond the following technique:

 - Create JSON file
 - Force iOS Simulator to reload the JSON file
 - Reload the web page in mobile Safari
 - Visually observe the correct behavior

I've noticed, when using 'css-display-none', that the blocked content is still visible in the web inspector, although the content is correctly blocked in mobile Safari.  So, I don't think I can observe the output of the web inspector.

Is it possible to hook into some other part of WebKit to find out what's being blocked?  Are there perhaps some unit tests that do something like this?

Thanks,
Rob
<div><div dir="ltr">Hi All,<div><br></div>
<div>I'm trying out some things with the new content blocking features in WebKit.&nbsp; Does anyone have suggestions on how to test content blocking beyond the following technique:</div>
<div><br></div>
<div>&nbsp;- Create JSON file</div>
<div>&nbsp;- Force iOS Simulator to reload the JSON file</div>
<div>&nbsp;- Reload the web page in mobile Safari</div>
<div>&nbsp;- Visually observe the correct behavior</div>
<div><br></div>
<div>I've noticed, when using 'css-display-none', that the blocked content is still visible in the web inspector, although the content is correctly blocked in mobile Safari.&nbsp; So, I don't think I can observe the output of the web inspector.</div>
<div><br></div>
<div>Is it possible to hook into some other part of WebKit to find out what's being blocked?&nbsp; Are there perhaps some unit tests that do something like this?</div>
<div><br></div>
<div>Thanks,</div>
<div>Rob</div>

</div></div>

Gmane