| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We assume that QML or JS code comes from a trusted source. Therefore,
most files are deemed to be significant even if they parse data. This
includes the source code itself but also the associated metadata or
cache files.
However, the QML compiler also generates C++ code. Extra care needs to
be taken with the generator as a vulnerability there could propagate and
have a disproportionate effect on the program's security. It is marked
as critical.
QUIP: 23
Fixes: QTBUG-136195
Pick-to: 6.10 6.9 6.8
Change-Id: I70630361ec8e9cb3969f78a3fdf36a41334a33b3
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
A revision was also added to the aotstats json format. Print a message
asking the user to try again with a clean build if a missmatch in
revision is found.
Task-number: QTBUG-134790
Pick-to: 6.9 6.8
Change-Id: I0961bf841db17f280492ec787f404d9fe9b563f4
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The behavior of aotstats has been fragile in the past. Cement it by
adding a test for the expected output for the stats of a project. The
test covers different potentially tricky scenarios.
The output is now sorted alphabetically for module URI and filename.
Bindings and functions are already sorted by file order. This makes the
output deterministic and also more easy to navigate.
Task-number: QTBUG-124667
Pick-to: 6.8
Change-Id: Ie5917c53b3826d39b044e2fb2763a5af2106bccf
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Reviewed-by: Ulf Hermann <ulf.hermann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible to pass --only-bytecode to qmlcachegen. As the name
implies, this only generates the bytecode for the qml files and does not
compile them. This case was not taken into account which could lead to
files commands depend upon not being generated.
Therefore, keep track of empty and only-bytecode modules in files
generated by cmake and pass them to qmlaotstats upon aggregation such
that it can include that information in the report.
Also, only pass the arguments specific to aotstats to qmlcachegen if
--only-bytecode is not set for that module.
Fixes: QTBUG-130084
Task-number: QTBUG-124667
Pick-to: 6.8
Change-Id: I44b4a80e8a6fd2f9bc16ae1bb2c8d540ff3b697b
Reviewed-by: Sami Shalayel <sami.shalayel@qt.io>
|
|
|
This patch enables the aggregation and printing of aotstats recorded by
qmlcachegen for compiled qml files. The aotstats files for individual
qml files are aggregated into module-level aotstats files and then into
one global aotstats file. This file is then presented into a more human
friendly format.
The all_aotstats target can be used to print the collected stats of all
the compiled files and modules.
Due to CMake configuration errors, the feature has temporarily been
disabled on Xcode. This should be fixed before soon.
Created QTBUG-125995.
Task-number: QTBUG-124667
Change-Id: I0c82142626743e9c1af98516c553f4dd7bc6da13
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>
|
