Thank you devs for setting up Battlecode. I was observing how the code runs, and unfortunately, it appears as though initial startup code evaluation time counts against the allotted execution time for the bot. One possible fix is changing eval
to Function
and passing three parameters like so. This will allow the time the code starts to be recorded inside the code itself. Then, Object.freeze
will prevent tampering with this number.
The security bug is that the robot can use window.parent
and window.top
to access the global namespace and communicate with other robots instantly and sabotage the other team. The solution is to delete window.parent
and delete window.top
to prevent access
function runCode(codeString, wallClockReference){
// wallClockReference is an array whose first index will be set to the time now
var iframeElement = document.createElement("iframe");
iframeElement.width = iframeElement.height = "0";
iframeElement.setAttribute("style", "border-width:0px");
document.body.appendChild(iframeElement);
codeString = '"use strict";arguments[0][0]=arguments[1].now();arguments[2](arguments[0]);' + codeString;
var ctxWindow = iframeElement.contentWindow;
var timeObj = [];
// patch security bugs: //
delete ctxWindow.parent;
delete ctxWindow.top;
///////////////////////////
var resultingValue = ctxWindow.Function(codeString).call(
ctxWindow, // `this`
timeObj, // arguments[0]
performance, // arguments[1]
Object.freeze // arguments[2]
);
wallClockReference.push(timeObj[0], performance.now()); // use Array.prototype.push to reduce delay
document.body.removeChild(iframeElement);
return resultingValue;
}
Observe the difference using the test code below.
(function(){
var startTime = performance.now();
var val = [];
runCode('for(var i=0;i<128;i++);'.repeat(4096) + 'console.log("Hello World")', val);
var endTime = performance.now();
console.log("Timing the way it is now: " + (endTime - startTime));
console.log("Timing the way it should be: " + (val[1] - val[0]));
;
})();
As seen, without this optimization, the user's granted execution time can in some times be halved. I do not know about you, but I for one do not believe that code parsing time should count against you. Rather, only code startup time and execution time should count against you.