I-Google ishicilele ama-prototypes ambalwa abonisa amathuba okuxhaphaza ubungozi be-Specter class lapho isebenzisa ikhodi ye-JavaScript esipheqululini, yeqa izindlela zokuvikela ezingezwe ngaphambilini. Ukuxhaphaza kungasetshenziswa ukuthola ukufinyelela kumemori yenqubo yokucubungula okuqukethwe kwewebhu kuthebhu yamanje. Ukuhlola ukusebenza kokuxhashazwa, iwebhusayithi leaky.page yethulwa, futhi ikhodi echaza umqondo womsebenzi yathunyelwa ku-GitHub.
I-prototype ehlongozwayo yakhelwe ukuhlasela amasistimu anamaphrosesa we-Intel Core i7-6500U endaweni ene-Linux ne-Chrome 88. Ukuze usebenzise ukuxhashazwa kwezinye izindawo, ukuguqulwa kuyadingeka. Indlela yokuxhaphaza ayiqondile kuma-Intel processors - ngemuva kokujwayela okufanele, ukuxhashazwa kwaqinisekiswa ukuthi kusebenza kumasistimu anama-CPU avela kwabanye abakhiqizi, okuhlanganisa i-Apple M1 esekelwe ekwakhiweni kwe-ARM. Ngemuva kokulungiswa okuncane, ukuxhaphaza kuyasebenza nakwamanye amasistimu wokusebenza nakwezinye iziphequluli ezisekelwe enjini ye-Chromium.
Endaweni esuselwe kumaphrosesa ajwayelekile e-Chrome 88 kanye ne-Intel Skylake, kube nokwenzeka ukuvuza idatha kusukela kunqubo enesibopho sokucubungula okuqukethwe kwewebhu kuthebhu yamanje ye-Chrome (inqubo yesinikezeli) ngesivinini esingu-1 kilobyte ngomzuzwana. Ukwengeza, ezinye izinhlobo ze-prototype zenziwe, isibonelo, ukuxhaphaza okuvumela, ngezindleko zokunciphisa ukuzinza, ukukhulisa izinga lokuvuza libe ngu-8kB/s uma kusetshenziswa isibali sikhathi sokusebenza.now() ngokunemba kwama-microseconds angu-5 (0.005 millisecond ). Kuphinde kwalungiselelwa inguqulo esebenza ngokunemba kwesibali-sikhathi se-millisecond eyodwa, engase isetshenziselwe ukuhlela ukufinyelela kumemori yenye inqubo ngesivinini esingaba ngamabhayithi angu-60 ngomzuzwana.
Ikhodi yedemo eshicilelwe iqukethe izingxenye ezintathu. Ingxenye yokuqala ilinganisa isibali sikhathi ukuze silinganisele isikhathi sokwenziwa semisebenzi edingekayo ukuze kubuyiselwe idatha esele kunqolobane yokucubungula njengomphumela wokuqagela kokuqagela kwemiyalelo ye-CPU. Ingxenye yesibili inquma isakhiwo sememori esisetshenziswa lapho kwabiwa amalungu afanayo e-JavaScript.
Ingxenye yesithathu isebenzisa ngokuqondile ukuba sengozini kweSpecter ukuze inqume okuqukethwe yinkumbulo yenqubo yamanje njengomphumela wokudala izimo zokwenziwa kokuqagela kwemisebenzi ethile, umphumela wayo olahlwa iphrosesa ngemva kokunquma ukubikezela okungaphumelelanga, kodwa iminonjana ukusetshenziswa kufakwa kunqolobane evamile futhi kungabuyiselwa kusetshenziswa izindlela zokunquma okuqukethwe kwenqolobane ngamashaneli ezinkampani zangaphandle ahlaziya izinguquko zesikhathi sokufinyelela kudatha egcinwe kunqolobane nengagciniwe.
Indlela yokuxhaphaza ehlongozwayo yenza kube nokwenzeka ukwenza ngaphandle kwezibali zesikhathi ezinemba okuphezulu ezitholakala nge-performance.now() API, futhi ngaphandle kokusekelwa kohlobo lwe-SharedArrayBuffer, okuvumela ukudala amalungu afanayo kumemori eyabiwe. Ukuxhashazwa kuhlanganisa igajethi ye-Specter, ebangela ukwenziwa okulawulwayo kokuqagela kwekhodi, kanye nokuhlaziya ukuvuza kwesiteshi esiseceleni, esithola idatha egcinwe kunqolobane etholwe phakathi nokuqagela.
Igajethi isetshenziswa kusetshenziswa amalungu afanayo e-JavaScript lapho kuzanywa ukufinyelela indawo engaphandle kwemingcele yebhafa, okuthinta isimo sokuqagela igatsha ngenxa yokuba khona kokuhlola usayizi webhafa okwengezwe umhlanganisi (umcubunguli wenza ngokuqagela ukufinyelela ngaphambi kwesikhathi, kodwa ibuyisela emuva isimo ngemva kokuhlola). Ukuhlaziya okuqukethwe kwenqolobane ezimeni zokunemba okunganele kwesibali sikhathi, kuhlongozwa indlela ekhohlisa isu le-Tree-PLRU lokukhishwa kwedatha esetshenziswa kumaphrosesa futhi ivumela, ngokwandisa inani lemijikelezo, ukwandisa kakhulu umehluko ngesikhathi lapho ubuya. inani elivela kunqolobane futhi lapho lingekho inani kunqolobane.
Kuyaphawulwa ukuthi i-Google ishicilele isibonelo sokuxhaphaza ukuze kuboniswe ukuba nokwenzeka kokuhlasela kusetshenziswa ubungozi besigaba se-Specter nokukhuthaza abathuthukisi bewebhu ukuthi basebenzise amasu anciphisa ubungozi bokuhlaselwa okunjalo. Ngesikhathi esifanayo, i-Google ikholelwa ukuthi ngaphandle kokusebenza kabusha okuphawulekayo kwe-prototype ehlongozwayo, akunakwenzeka ukudala ukuxhaphazwa kwendawo yonke okungalungele ukuboniswa kuphela, kodwa nokusetshenziswa kabanzi.
Ukuze kuncishiswe ubungozi, abanikazi besayithi bakhuthazwa ukuthi basebenzise izihloko ezisanda kuqaliswa ezisetshenziswa yi-Cross-Origin Opener Policy (COOP), i-Cross-Origin Embedder Policy (COEP), i-Cross-Origin Resource Policy (CORP), Landa i-Metadata Request, i-X-Frame- Izinketho, X -Content-Type-Options kanye ne-SameSite Cookie. Lezi zindlela azivikeli ngokuqondile ekuhlaselweni, kodwa zikuvumela ukuthi uhlukanise idatha yesayithi ekuvuzeni ibe yizinqubo lapho ikhodi yomhlaseli ingenziwa khona (ukuvuza kwenzeka kwinkumbulo yenqubo yamanje, okuthi, ngaphezu kwekhodi yomhlaseli. , futhi ingacubungula idatha esuka kwenye isayithi evulwe kuleyo thebhu efanayo). Umqondo oyinhloko uwukuhlukanisa ukwenziwa kwekhodi yesayithi ezinqubweni ezihlukene kusuka kukhodi yenkampani yangaphandle etholwe emithonjeni engathembekile, isibonelo, efakwe nge-iframe.
Source: opennet.ru