[webkit-changes] [WebKit/WebKit] 1d912c: Cherry-pick 252432.1036 at safari-7614-branch (c553da...

Thu Mar 30 06:49:26 PDT 2023

  Branch: refs/heads/webkitglib/2.40
  Home:   https://github.com/WebKit/WebKit
  Commit: 1d912c017ce29682c2cf3035bf568f1cf3b857bd
      https://github.com/WebKit/WebKit/commit/1d912c017ce29682c2cf3035bf568f1cf3b857bd
  Author: Michael Saboff <msaboff at apple.com>
  Date:   2023-03-30 (Thu, 30 Mar 2023)

  Changed paths:
    A JSTests/stress/regexp-testinline-stacklimits.js
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/runtime/RegExp.h
    M Source/JavaScriptCore/yarr/YarrJIT.cpp

  Log Message:
  -----------
  Cherry-pick 252432.1036 at safari-7614-branch (c553da3adc35). https://bugs.webkit.org/show_bug.cgi?id=250873

    [JSC] RegExp.test inline is missing some stack overflow checks
    https://bugs.webkit.org/show_bug.cgi?id=250873
    rdar://104072550

    Reviewed by Yusuke Suzuki.

    The RegExp.test inline code is missing two stack overflow checks.
     1) When compiling the pattern string to a YarrPattern, we checked for stack overflow,
        but didn't do anything with the failure.
     2) When allocating the stack space needed to execute the JIT code for the expression
        we need to first check that we have enough stack.
    This change adds checks for both cases using the JSRegExpResult::JITCodeFailure return value when we
    would have overflowed the stack.  The results checking code after the inline code sees that error
    value, it will now call out to the appropriate C++ helper function to perform the match.
    Those functions are capable of throwing Out of Stack exceptions.

    * JSTests/stress/regexp-testinline-stacklimits.js: Added new test.
    (baz):
    (bar):
    (foo):
    (true.string_appeared_here.repeat):
    (true.catch):
    * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compileRegExpTestInline):
    * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
    (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
    * Source/JavaScriptCore/runtime/RegExp.h:
    * Source/JavaScriptCore/yarr/YarrJIT.cpp:
    (JSC::Yarr::jitCompileInlinedTest):

    Canonical link: https://commits.webkit.org/252432.1036@safari-7614-branch


  Commit: 564e5b80111eae966032016bd4b2a3fc9eee1358
      https://github.com/WebKit/WebKit/commit/564e5b80111eae966032016bd4b2a3fc9eee1358
  Author: Carlos Garcia Campos <cgarcia at igalia.com>
  Date:   2023-03-30 (Thu, 30 Mar 2023)

  Changed paths:
    M Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp

  Log Message:
  -----------
  Cherry-pick 262317 at main (8203d28d8126). https://bugs.webkit.org/show_bug.cgi?id=233455

    [GTK][GTK4] MiniBrowser asserts in isInAcceleratedCompositingMode opening page in debug mode
    https://bugs.webkit.org/show_bug.cgi?id=233455

    Reviewed by Žan Doberšek.

    Send EnterAcceleratedCompositingMode as soon as web process enters
    accelerated compositing mode instead of waiting for the first backing
    store update.

    * Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:
    (WebKit::DrawingAreaCoordinatedGraphics::enterAcceleratedCompositingMode):

    Canonical link: https://commits.webkit.org/262317@main


Compare: https://github.com/WebKit/WebKit/compare/534a3a6ea4c4...564e5b80111e