Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b9fa7bcf117064356a95aae272fe426d65f30610
https://github.com/WebKit/WebKit/commit/b9fa7bcf117064356a95aae272fe426d65f30610
Author: Elliott Williams <[email protected]>
Date: 2025-08-12 (Tue, 12 Aug 2025)
Changed paths:
M Source/JavaScriptCore/Configurations/AllowedSPI-legacy.toml
M Source/JavaScriptCore/Configurations/AllowedSPI.toml
M Source/WebCore/Configurations/AllowedSPI-legacy.toml
M Source/WebCore/Configurations/AllowedSPI.toml
M Source/WebGPU/Configurations/AllowedSPI-legacy.toml
M Source/WebKit/Configurations/AllowedSPI-legacy.toml
M Source/WebKit/Configurations/AllowedSPI.toml
M Source/WebKitLegacy/mac/Configurations/AllowedSPI-legacy.toml
M Tools/Scripts/libraries/webkitapipy/webkitapipy/allow.py
M Tools/Scripts/libraries/webkitapipy/webkitapipy/allow_unittest.py
M Tools/Scripts/libraries/webkitapipy/webkitapipy/macho.py
M Tools/Scripts/libraries/webkitapipy/webkitapipy/sdkdb.py
M Tools/Scripts/libraries/webkitapipy/webkitapipy/sdkdb_unittest.py
Log Message:
-----------
[webkitapipy] Allowed selector names are ambiguous between classes, leading
to false positives
https://bugs.webkit.org/show_bug.cgi?id=296133
Reviewed by Mike Wyrzykowski and Brianna Fan.
It's possible for a selector to be implemented multiple times in the
SDK, where some implementations are SPI methods and others are API. In
this situation, audit-spi would prevent us from listing that selector as
an allowed declaration; it knows of the API method and emits an
UnnecessaryAllowedName diagnostic.
But if we are indeed binding to an SPI method, we want to be able to
track it in the allowlist, even if the selector's access is ambiguous.
To support this, change the allowlist format to use a class-bound
selector name. Instead of a string selector:
"initWithQueue:"
we'll now write:
{ name = "initWithQueue:", class = "CoreTelephonyClient" }
to allow -[CoreTelephonyClient initWithQueue:] specifically. When the
class is unknown, such as when being pre-populated by the sellist, a
class of "?" represents any receiver.
To support this, have APIReport (binary analysis) and SDKDB (SDK
analysis) ingestions track the class that each known selector is
implemented on. Add a clause to the audit() query to only match an
allowlist entry with a class binding if the `class_name`s match.
Reformat the selectors in existing allowlists. Add a few new clauses
that work towards making the internal iOS 26 build pass audit-spi.
* Source/JavaScriptCore/Configurations/AllowedSPI-legacy.toml:
* Source/JavaScriptCore/Configurations/AllowedSPI.toml:
* Source/WebCore/Configurations/AllowedSPI-legacy.toml:
* Source/WebCore/Configurations/AllowedSPI.toml:
* Source/WebGPU/Configurations/AllowedSPI-legacy.toml:
* Source/WebKit/Configurations/AllowedSPI-legacy.toml: Clarify some
existing allowed selectors to be bound to specific SPI methods. These
were discovered during work to support SPI checking in iOS 26 -- the
selectors are all SPI methods, but there are unrelated API methods
with the same name.
* Source/WebKit/Configurations/AllowedSPI.toml:
* Source/WebKitLegacy/mac/Configurations/AllowedSPI-legacy.toml:
* Tools/Scripts/libraries/webkitapipy/webkitapipy/allow.py:
(AllowedSPI):
(AllowedSPI.Selector):
(AllowList.from_dict): As a drive-by enhancement, fail when an allowlist entry
has
an unrecognized key. This helps catch typos instead of silently
ignoring them.
(AllowList.from_file): As a drive-by enhancement, report the file being
parsed when handling a decode error.
* Tools/Scripts/libraries/webkitapipy/webkitapipy/allow_unittest.py:
* Tools/Scripts/libraries/webkitapipy/webkitapipy/macho.py:
(APIReport):
(APIReport.Selector):
(APIReport._populate_from_dyld_info):
* Tools/Scripts/libraries/webkitapipy/webkitapipy/sdkdb.py:
(SDKDB._initialize_db):
(SDKDB.add_partial_sdkdb):
(SDKDB):
(SDKDB._add_partial_sdkdb):
(SDKDB.InsertionKind.statement):
(SDKDB._add_api_report):
(SDKDB._add_allowlist):
(SDKDB.add_for_auditing):
(SDKDB.audit):
(SDKDB._add_symbol):
(SDKDB._add_objc_class):
(SDKDB._add_objc_selector):
* Tools/Scripts/libraries/webkitapipy/webkitapipy/sdkdb_unittest.py: In
addition to some new test cases, refactor the allowlist fixture logic
to make it easier to test with different allowlists. Add cases
which ingest SDKDBs.
(TestSDKDB.add_partial_sdkdb):
(TestSDKDB):
(TestSDKDB.add_allowlist):
(TestSDKDB.test_audit_allowed_conditional):
(TestSDKDB.test_audit_missing_name_conditional):
(TestSDKDB.test_audit_missing_name_negated_conditional):
(TestSDKDB.test_audit_allowed_negated_conditional):
(TestSDKDB.test_audit_allowed_multiple_conditions):
(TestSDKDB.test_audit_missing_name_multiple_conditions):
(TestSDKDB.test_audit_missing_name_multiple_conditions_negation):
(TestSDKDB.test_audit_unnecessary_allow_from_selector):
(TestSDKDB.test_audit_allowed_fully_qualified_selector):
(TestSDKDB.test_audit_api_in_loaded_and_unloaded_library):
Canonical link: https://commits.webkit.org/298571@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
