ec0af16644
4 Commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
dependabot[bot]
|
4377bc917f |
Bump ws from 7.3.0 to 7.4.6 in /tools/perf-canvaskit-puppeteer
Bumps [ws](https://github.com/websockets/ws) from 7.3.0 to 7.4.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/websockets/ws/releases">ws's releases</a>.</em></p> <blockquote> <h2>7.4.6</h2> <h1>Bug fixes</h1> <ul> <li>Fixed a ReDoS vulnerability (00c425ec).</li> </ul> <p>A specially crafted value of the <code>Sec-Websocket-Protocol</code> header could be used to significantly slow down a ws server.</p> <pre lang="js"><code>for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) { const value = 'b' + ' '.repeat(length) + 'x'; const start = process.hrtime.bigint(); <p>value.trim().split(/ *, */);</p> <p>const end = process.hrtime.bigint();</p> <p>console.log('length = %d, time = %f ns', length, end - start); } </code></pre></p> <p>The vulnerability was responsibly disclosed along with a fix in private by <a href="https://github.com/robmcl4">Robert McLaughlin</a> from University of California, Santa Barbara.</p> <p>In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the <a href="https://nodejs.org/api/cli.html#cli_max_http_header_size_size"><code>--max-http-header-size=size</code></a> and/or the <a href="https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener"><code>maxHeaderSize</code></a> options.</p> <h2>7.4.5</h2> <h1>Bug fixes</h1> <ul> <li>UTF-8 validation is now done even if <code>utf-8-validate</code> is not installed (23ba6b29).</li> <li>Fixed an edge case where <code>websocket.close()</code> and <code>websocket.terminate()</code> did not close the connection (67e25ff5).</li> </ul> <h2>7.4.4</h2> <h1>Bug fixes</h1> <ul> <li>Fixed a bug that could cause the process to crash when using the permessage-deflate extension (92774377).</li> </ul> <h2>7.4.3</h2> <h1>Bug fixes</h1> <ul> <li>The deflate/inflate stream is now reset instead of reinitialized when context takeover is disabled (<a href="https://github-redirect.dependabot.com/websockets/ws/issues/1840">#1840</a>).</li> </ul> <h2>7.4.2</h2> <h1>Bug fixes</h1> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
dependabot[bot]
|
6c5e78d099 |
Bump bl from 4.0.2 to 4.0.3 in /tools/perf-canvaskit-puppeteer
This is a security fix. This is an imported pull request from https://github.com/google/skia/pull/65 GitOrigin-RevId: 38f6e1b1fd360a28135ce0579dbc5521edbcf1a3 Change-Id: I5f38b6f76fcd2943decd5dbe7df7546d4ce2084f Reviewed-on: https://skia-review.googlesource.com/c/skia/+/338052 Reviewed-by: Ravi Mistry <rmistry@google.com> Commit-Queue: Ravi Mistry <rmistry@google.com> |
||
Elliot Evans
|
b437d7b5e4 |
Add puppeteer perf for performance degredation related to transforming a complex path. Translations
and rotations both have an effect on cache usage. Snapping translations to integer coordinations reduces cache usage. Opacity of path painting does not have an effect on cache usage. Bug: skia:10272 Change-Id: Id5d5f08cb43645c9ec44b9d8e5e96643041727c3 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/292280 Reviewed-by: Kevin Lubick <kjlubick@google.com> |
||
Kevin Lubick
|
5443bb32a2 |
[canvaskit] Start a generic puppeteer perfing system.
IMPORTANT LESSON: when bringing in node (and possibly other executables) via CIPD, add them to the path in gen_tasks_logic so the parent executable (the task driver itself) has the right PATH set. Otherwise, the subprocesses it spawns might grab the wrong version because of how golang handles environments of subprocesses. This is starting as a fork of Skottie WASM. I hope to have a more unified system for creating and running benchmarks. Overall overview: gen_tasks_logic.go creates a task in task.json that compiles CanvasKit and the task drivers and then executes our task (i.e. perf_puppeteer.go) perf_puppeteer runs a node program (perf-with-puppeteer.js) that uses puppeteer to execute benchmarking code on an html page (canvaskit-skottie-frames-load.html). I needed to update the node package so npm could be updated from 3.x to 6.14.4 so it knew about `npm ci`. This may not have been entirely necessary, given the problems of executing the correct npm (see important lesson above), but it hasn't broken things further, so more up-to-date is probably a good thing. Suggested Review Order: - canvaskit-skottie-frames-load.html (note it is similar to skottie-wasm-perf.html, but it waits for a button click to start animating and records times from the main JS thread itself) - perf-with-puppeteer.js (similar to skottie-wasm-perf.js, but has some things made optional [e.g. tracing]) - perf_puppeteer_test.go (shows the inputs/outputs of various steps) - perf_puppeteer.go - Everything else. Change-Id: I380e81b825f36682c257664d488267edaf36369e Reviewed-on: https://skia-review.googlesource.com/c/skia/+/285783 Commit-Queue: Kevin Lubick <kjlubick@google.com> Reviewed-by: Eric Boren <borenet@google.com> |