| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This relies heavily on the documented fact that we only support trusted
QML/JS content, meaning most files are only significant, not critical.
This also extends to the handling of qmlc files (as in
compilationunitmapper), as we store them in a user owned, non-shared
cache directory – so any vulnerability there would already mean that an
attacker has write-priviledges on user data.
An exception is ArrayBuffer, which can be used with arbitrary user data,
and should create a valid QBA.
Fixes: QTBUG-136970
Pick-to: 6.10 6.9 6.8
QUIP: 23
Change-Id: I22033fe6ab4acf8362a8183e25b92331d45cb32c
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`Scope` provides a mean of performing uninitialized scoped allocations
on the JS stack.
This can generally be unsafe as this form of allocation temporarily
leaves an element representing garbage memory on the JS stack, which
could be accessed by other parts of the program.
Indeed, a set of bugs related to this kind of behavior was recently
solved.
Hence, to reduce the surface of those kind of bugs, the usages of
uninitialized scoped allocations were reduced to a minimum.
The solution to the recent set of bugs related to uninitialized scoped
allocations introduced a series of `construct` methods that ensure that
the uninitialized allocation and the initialization of the allocated
elements are performed as a single step of computation, reducing the
surface for incorrect usages of those kind of allocations.
The solution was expanded by the introduction of new `construct` methods
that cover initialization from other types and some different means of
initialization that were used around the code-base to work with
uninitialized scoped allocations.
Similarly, the various allocation methods in `Scope` were subsumed by
the new `construct` methods, with the only remaining means of allocation
being the uninitialized one that is used as a building block for the
`construct` methods.
In particular, `Scope` provided three forms of allocation under the
various `alloc` methods.
The aforementioned uninitialized allocation and an allocation that
performed initialization to either the Undefined or the Empty value.
The latter two forms of allocation were converted to forms of
`construct`.
Since they directly map to the same concept of allocation plus
initialization, the conversion avoids having two names for the same
concept.
More specifically, the form of allocation that initialized to the
Undefined value was converted to the new `constructUndefined` which
keeps the same behavior.
The different naming from the basic `construct` methods is justified by
the different interface, which doesn't require choosing a initial value,
and the different implementation which is built on the more general
`construct` methods rather than the lower level allocation routines.
The form of allocation that initialized to the Empty value was removed
as it was found to be unused in the code-base.
The converted allocation methods generally provides the same interface
and behavior with the exception of always requiring the user to specify
the amount of allocate objects.
This is a change compared to the previous interface which allowed a
zero-argument version that allocated a single element.
The writer of the patch considered the additional terseness
inconsequential compared to the required additional code so that the
possibility was not preserved.
The code related to the converted allocation forms was removed as a
consequence of the conversion.
The remaining uninitialized allocation form was made private, to avoid
general usage outside of `Scope`, and favoring usages of the substitute
`construct` methods.
A comment that was related to usages of uninitialized scoped allocations
was moved to the lower level `jsAlloca`, which forms the basis for those
allocations and creates the abovementioned issues, where it was expanded
upon.
Usages of the non-uninitialized allocation forms around the code-base
were modified to use the new `constructUndefined` method.
Most usages of the uninitialized allocation form were modified to use
the new `construct` methods that were added to replace them.
Exceptions were made for those cases where the initialization routine is
either very complex or depends on details that shouldn't belong to
`Scope` such that they cannot be trivially encapsulated in a `construct`
method.
Instead, the relevant function or object was friended by `Scope` to
allow accesses to the now private form of allocation.
Those usages were previously checked and are supposed to be safe but
should be scrutinized if they are modified or the code around them is
modified.
One of the friended functions, `callDatafromJs`, previously offered a
default argument that was not made use of in the code-base.
The default value for the argument was removed to simplify friending the
function, considering the difficulty the language has with friended
function with default arguments and considering that it would have
required the default value to be moved out of the function definition
into a forward declaration in the unrelated header that defines `Scope`.
It is expected that the changes will reduce the surface of usage of
uninitialized scoped allocations in favor of a slightly safer approach,
make the issue that those usages can produce more apparent and generally
centralize the usages as much as possible to make them easier to
evaluate and keep track of.
Change-Id: I351329f2c139201e0728791df6da297698170f55
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
Reviewed-by: Sami Shalayel <sami.shalayel@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The RegExp JIT should behave the same as the V4 JIT. In particular, it
should honor the same JIT call threshold and not second guess any
manually set thresholds. To do this we need to store the match count in
32 bits. In turn we can store the 5 flags we may have in 8 bits. To make
this safe, pass typed flags to the initialization functions. Also,
consider the flags when calculating hash values. Finally, in the init()
function, we don't need to initialize members to zero, since that is
already guaranteed by the memory manager. And we can delete the
flagsAsString() method since it's unused.
This requires shuffling some #includes into the places where they
actually belong.
[ChangeLog][QtQml] The JavaScript regular expression engine now honors
QV4_JIT_CALL_THRESHOLD for its own JIT. If QV4_JIT_CALL_THRESHOLD is
not set, it uses the JIT after 3 interpreted matches for any regular
expression, rather than the previous 5. Matching a regular expression
on a string longer than 1024 bytes counts as 3 matches. This is to
retain the default behavior of JIT'ing regular expressions right away
when encountering long strings.
Task-number: QTBUG-131957
Change-Id: I269ccea55d34b191ef18d7cd5fccd4cad8aec7cd
Reviewed-by: Sami Shalayel <sami.shalayel@qt.io>
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most FunctionObjects do not actually need their custom jsCall members.
They will only call the functions from the vtable anyway. FunctionObject
can therefore be split into a static and a dynamic variant. Only the
dyanmic variant needs to carry (and invoke) the extra pointer. The
jsCallWithMetaTypes pointer is completely pointless because none of the
dynamic functions actually implement it.
Furthermore, the QV4::Function and QV4::ExecutionContext pointers in
FunctionObject are only needed by actual JavaScript functions. The
builtins that like to be dynamic functions never need them. Therefore,
split out another class for this.
In the generic FunctionObject, we need the capability to decide at run
time whether the function shall be a constructor or not. Add a flag to
replace the check for jsCallAsConstructor.
Also, where we can, avoid the pessimization of checking whether a
function is a constructor before trying to call it as constructor.
Rather have the default implementation throw the exception.
As a side effect, for most functions we don't need an ExecutionContext
anymore. The engine is enough.
Task-number: QTBUG-124662
Change-Id: Iac657fa71288dd6ec230a33de2986ba3bcf4628c
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a semantic patch using ClangTidyTransformator as in
qtbase/df9d882d41b741fef7c5beeddb0abe9d904443d8:
auto QtContainerClass = anyOf(
expr(hasType(cxxRecordDecl(isSameOrDerivedFrom(hasAnyName(classes))))).bind(o),
expr(hasType(namedDecl(hasAnyName(<classes>)))).bind(o));
makeRule(cxxMemberCallExpr(on(QtContainerClass),
callee(cxxMethodDecl(hasAnyName({"count", "length"),
parameterCountIs(0))))),
changeTo(cat(access(o, cat("size"), "()"))),
cat("use 'size()' instead of 'count()/length()'"))
a.k.a qt-port-to-std-compatible-api with config Scope: 'Container',
with the extended set of container classes recognized.
Change-Id: Idb1f75dfe2323bd1d9e8b4d58d54f1b4b80c7ed7
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop unnecessary includes detected by clangd-iwyu.
Add new includes due to the transitive includes. Also, some of the
includes were detected as unused even if they were actually in use.
In those cases, use angular brackets instead of "" which deceives
the tool not to complain.
Affected subfolders: JsRuntime, Qml
Fixes: QTBUG-106473
Change-Id: I483da15d42a8e3ce6cd3b654909665fff3075d6b
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Replace the current license disclaimer in files by
a SPDX-License-Identifier.
Files that have to be modified by hand are modified.
License files are organized under LICENSES directory.
Pick-to: 6.4
Task-number: QTBUG-67283
Change-Id: I63563bbeb6f60f89d2c99660400dca7fab78a294
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
|
| |
|
|
|
| |
Change-Id: I6657ffd1e29124211642c62f719057cfe9b2aa6c
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We either have pre-populated arguments and thisObject, then we can just
use them and keep them const. Or, we want to allocate and populate the
arguments and the thisObject. Then, do allocate them in a separate
object, and transform that into JSCallData afterwards if necessary.
Furthermore, avoid alloc(0) as that just returns the current stack top.
Writing to it will clobber other data. Rather, just use nullptr and
crash if it's written to.
Also, remove the useless operator-> from JSCallData. That one just
confuses the reader.
Change-Id: I8310911fcfe005b05a07b78fcb3791d991a0c2ce
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
| |
|
|
|
|
|
|
| |
Task-number: QTBUG-84319
Change-Id: I2dcfb8a2db98282c7a1acdad1e6f4f949f26df15
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Shawn Rutledge <shawn.rutledge@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
| |
This avoids the warnings on conversion to QChar.
Change-Id: Ib774f24592d6f09a531c60bb6fa6e5bdbec88120
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
| |
|
|
|
|
|
|
| |
Remove all code that supported converting between JS RegExp's and
QRegExp, as QRegExp is going away in Qt6.
Change-Id: I4863e68dd87a337d7e836d1b26c28ee3bb914e9f
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
|
| |
|
|
|
|
|
| |
Add support for InvertedGreedinessOption and MultilineOption.
Change-Id: I19dce6e356a7ec406640bb8858885cd576b4aa2f
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
|
| |
|
|
|
|
|
|
| |
If the call resulted in an exception the return value is undefined.
Task-number: QTBUG-81581
Change-Id: Ibfdd5e1229cf5437f270232d3b1a91308adeec72
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
| |
|
|
|
|
|
| |
Otherwise we try to assign an invalid RegExp object, which crashes.
Change-Id: I85478406524a2a9d7542758caaa1b42b4090bb93
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
| |
|
|
|
|
|
|
| |
Provide different export macros and different top level headers for
each, don't include runtime headers from compiler sources.
Change-Id: I7dc3f8c95839a00a871ba045ec65af87123154be
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: I778cfe842ddf1c600a837d8f2061a338887eed95
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QRegularExpression is the recommended way to do regular expressions
nowadays. Support assignment of JavaScript regular expressions to
QRegularExpression properties of QObjects and the other way around.
QJSValue::toVariant() will create a QRegularExpression from a JavaScript
RegExp by default now.
[ChangeLog][QtQml][Important Behavior Changes] QRegularExpression is now
supported the same way QRegExp is in QML. QJSValue::toVariant() creates
a QRegularExpression variant rather than a QRegExp one from a JavaScript
regular expression now.
Fixes: QTBUG-73429
Change-Id: I301a02771cd17903406c2bc5c7aaeca6cce629f0
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The Yarr JIT can generate code that fails to evaluate the RegExp at
runtime. In that case we need to fall back to the interpreter.
Also, don't needlessly cast the unsigned return value of RegExp::match
to signed int before range-checking it. And fix some typos in the
comments for the disassembler dumps.
Fixes: QTBUG-72879
Change-Id: Ic8f80c076d6461d714816a9f66e1cac1d9b0c7a8
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Respect the newTarget passed into those constructors and make
sure we set up the proto chain correctly.
Change-Id: I3d12c7dbef4b33660a6715d73e9fb0f89105167a
Fixes: QTBUG-71138
Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io>
|
| |
|
|
|
| |
Change-Id: I44a90dec16dc1421a32a7770b353a4df14c057f9
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Get rid of Primitive and move the corresponding methods
directly into Value. Mark many methods in Value as
constexpr and turn Value into a POD type again.
Keep Primitive as a pure alias to Value for source
compatibility of other modules that might be using it.
Change-Id: Icb47458947dd3482c8852e95782123ea4346f5ec
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: I6de8031a04c372a5309a878811da55b93b53da3d
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: Ia5ed7afc67122f4d70bf2e0169537f936df036a9
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: I767b27faab912e91962797ca154d929473113cc1
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: If9f7c07ea657ba8503b9188a7b77e301f23423ef
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: I5a2c9cb1e9dcca664526b3949671d72d2ffee427
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: Ie966628d020eb010eb5ecc3279fed2b002975728
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: Id632a4f4648f68f3b46d31f84e4ee05c86391f3e
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
Move properties from RegExpObject to getters in RegExp.prototype
to be compliant with the JS spec.
Implement support for the sticky flags ('y') and correctly parse
the flags in the RegExp constructor.
Change-Id: I5cf05d14e8139cf30d46235b8d466fb96084fcb7
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: Id94c3cc25835b53bae08713cdd8f2e384d907690
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: I4e7a44ae2b5759febec6f83ab9fa85612515ab04
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
| |
Add support for the 'u' flag for regular expressions.
Change-Id: I409054eaa9c50183619752d14f2638f5a38c0ea7
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Support the new.target meta property in the codegen, and
add support for passing the newtarget into the constructor
vtable methods and the execution context.
Change-Id: I62ea58e5e92d894035a76e35776203e9837c383b
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Turns out that the overloading of vtable methods and regular
ones is problematic in some cases. So let's rather make it explicit
which methods are part of the vtable, and which aren't.
Change-Id: Ifee32a26104d30f3c82bca8b5a9cdea2d4f4f526
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
| |
This finalizes the refactoring of Object's vtable API. Also added
the receiver argument to the method as required by the ES7 spec.
Change-Id: I36f9989211c47458788fe9f7e929862bcfe7b845
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: Ie19dc556d13081a1b750695e81d6b4e5a6b3afac
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: I18b3e382e679f95d7cb53b4ed03be2513ea0204b
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: I1d9e8922130553acf2bf8fe5a88f209aec90c1fb
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
| |
Turn it into a method instead of accessing the array directly
to simplify refactoring.
Change-Id: I197b56c8f58cfdfd294f429e6b15268c755f9837
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
| |
They don't need a prototype argument neither anymore.
Change-Id: I80fa99cb382e8dca4cfa51fdd87b4c9b0f59573a
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
From now on we prefer nullptr instead of 0 to clarify cases where
we are assigning or testing a pointer rather than a numeric zero.
Also, replaced cases where 0 was passed as Qt::KeyboardModifiers
with Qt::NoModifier (clang-tidy replaced them with nullptr, which
waas wrong, so it was just as well to make the tests more readable
rather than to revert those lines).
Change-Id: I4735d35e4d9f42db5216862ce091429eadc6e65d
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
|
|
|
| |
Use it in regexp matching. There's probably other places where
we should use this as well.
Change-Id: Ie2774acff0a5ec7b1c26c564fa40e65fecea29d4
Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
|
| |
|
|
|
| |
Change-Id: Ie364357b5e1ecf09eb264181e11b0247b07fad6c
Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io>
|
| |
|
|
|
| |
Change-Id: I159b57acc7a2133ef1ad545aa84e792c63449a57
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
|
| |
|
|
|
|
|
| |
To make it consistent with the rest of the engine.
Change-Id: I57b98fa26134f9864c663f47371ef3e9ca16ac9c
Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io>
|
| |
|
|
|
| |
Change-Id: Ic53532edae9a209aa7125af6f00a9d993d74f1a3
Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io>
|
| |
|
|
|
| |
Change-Id: I7c7a69791e98ba0ce82b4d23785fc12a510c449e
Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io>
|
| |
|
|
|
|
|
|
| |
As, this is going to change in a simple stack based structure
to keep pointers to the data to pass to calls.
Change-Id: Ia9aa3f81ee3eeba36affd16aac7b2fe97d59aea9
Reviewed-by: Erik Verbruggen <erik.verbruggen@qt.io>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
src/qml/compiler/qv4codegen.cpp
src/qml/compiler/qv4compileddata.cpp
src/qml/compiler/qv4compileddata_p.h
src/qml/compiler/qv4isel_moth_p.h
src/qml/compiler/qv4ssa.cpp
src/qml/jit/qv4assembler_p.h
src/qml/jit/qv4isel_masm_p.h
src/qml/jit/qv4regalloc.cpp
src/qml/jsruntime/qv4engine.cpp
src/qml/jsruntime/qv4qmlcontext_p.h
src/qml/jsruntime/qv4regexp.cpp
src/qml/jsruntime/qv4regexp_p.h
src/qml/jsruntime/qv4regexpobject.cpp
src/qml/jsruntime/qv4runtime.cpp
src/qml/jsruntime/qv4vme_moth.cpp
src/qml/qml/v8/qqmlbuiltinfunctions.cpp
tests/auto/qml/qml.pro
tests/auto/qml/qmlplugindump/tst_qmlplugindump.cpp
tools/qmlcachegen/qmlcachegen.cpp
Change-Id: I1577e195c736f3414089036b957a01cb91a3ca23
|
