[webkit-changes] [WebKit/WebKit] f7b354: Cherry-pick 3db5312ccb75. rdar://problem/108471471
Patrick Angle
noreply at github.com
Wed May 3 14:39:56 PDT 2023
Branch: refs/heads/safari-7616.1.12-branch
Home: https://github.com/WebKit/WebKit
Commit: f7b3549c34978fae61ff991c1e58c08bae69b296
https://github.com/WebKit/WebKit/commit/f7b3549c34978fae61ff991c1e58c08bae69b296
Author: Jer Noble <jer.noble at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
M Source/WebKit/Shared/Cocoa/WebPreferencesDefaultValuesCocoa.mm
M Source/WebKit/Shared/WebPreferencesDefaultValues.h
Log Message:
-----------
Cherry-pick 3db5312ccb75. rdar://problem/108471471
Unreviewed, reverting r262665 at main.
https://bugs.webkit.org/show_bug.cgi?id=255902
rdar://108471471
[Cocoa] Netflix videos will not play, will eventually error
Reverted changeset:
"[Cocoa] Enable SampleBufferContentKeySessionSupport by default"
https://bugs.webkit.org/show_bug.cgi?id=255067
https://commits.webkit.org/262665@main
Canonical link: https://commits.webkit.org/263366@main
Identifier: 263289.1 at safari-7616.1.12-branch
Commit: 4f1089aa0de30ef75ae54889d960e1c231034047
https://github.com/WebKit/WebKit/commit/4f1089aa0de30ef75ae54889d960e1c231034047
Author: Commit Queue <commit-queue at webkit.org>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M Source/WebKit/Shared/WebPreferencesDefaultValues.cpp
Log Message:
-----------
Cherry-pick 574dcb6844bb. rdar://problem/108499789
Unreviewed, reverting r262174 at main.
https://bugs.webkit.org/show_bug.cgi?id=255918
regressions fixed
Reverted changeset:
"[macOS] Disable background webcontent suspension by default"
https://bugs.webkit.org/show_bug.cgi?id=254535
https://commits.webkit.org/262174@main
Canonical link: https://commits.webkit.org/263364@main
Canonical link: https://commits.webkit.org/263289.2@safari-7616.1.12-branch
Commit: f69b65dd0682bb916e338130348d107bf6c7b74a
https://github.com/WebKit/WebKit/commit/f69b65dd0682bb916e338130348d107bf6c7b74a
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M Source/JavaScriptCore/bytecode/GetByStatus.cpp
M Source/JavaScriptCore/bytecode/GetByStatus.h
M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGNode.h
M Source/JavaScriptCore/dfg/DFGNodeType.h
M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
M Source/JavaScriptCore/jit/AssemblyHelpers.h
M Source/JavaScriptCore/jit/JITOperations.cpp
Log Message:
-----------
Cherry-pick 98d5e19f0344. rdar://problem/108398043
[JSC] Integrate inlined megamorphic access in DFG and FTL
https://bugs.webkit.org/show_bug.cgi?id=255821
rdar://108398043
Reviewed by Mark Lam.
DFG and FTL should get Baseline IC's megamorphic GetById state, and emit special GetByIdMegamorphic node, which
does megamorphic access inline (without IC) from the beginning. This is (1) faster than IC and (2) avoid repeated
repatching of code.
Here is a bit fun thing: emitting GetByIdMegamorphic means that we give up polymorphic IC optimization. So this needs very careful handling.
It is possible that one function can be inlined from the other function, and then it gets limited # of structures.
In this case, continue using IC is better than falling back to megamorphic case. But if the function gets compiled before,
and even optimizing JIT saw the megamorphism, then this is likely that this function continues having megamorphic behavior,
and inlined megamorphic code is faster. Currently, we use GetByIdMegamorphic only when the exact same form of CodeOrigin gets
this megamorphic state before (same level of inlining etc.). This is very conservative but effective since IC is very fast
when it worked well (but costly if it doesn't work and get megamorphic).
Once this cost-benefit tradeoff gets changed (via handler IC), we can revisit this condition.
ToT Patched
megamorphic-own-load 37.0244+-0.1000 ^ 34.3635+-0.0982 ^ definitely 1.0774x faster
megamorphic-dfg 7.4125+-0.0400 7.3945+-0.0251
megamorphic-load 4.5447+-0.0232 ^ 4.3989+-0.0293 ^ definitely 1.0332x faster
megamorphic-prototype-load 37.0116+-0.1119 ^ 34.4312+-0.1764 ^ definitely 1.0749x faster
megamorphic-miss 30.6568+-0.0471 ^ 28.5222+-0.1031 ^ definitely 1.0748x faster
* Source/JavaScriptCore/bytecode/GetByStatus.cpp:
(JSC::GetByStatus::computeFor):
(JSC::GetByStatus::GetByStatus):
(JSC::isSameStyledCodeOrigin):
(JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback):
(JSC::GetByStatus::makesCalls const):
(JSC::GetByStatus::merge):
(JSC::GetByStatus::dump const):
* Source/JavaScriptCore/bytecode/GetByStatus.h:
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::generateWithGuard):
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleGetById):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* Source/JavaScriptCore/dfg/DFGNode.h:
(JSC::DFG::Node::convertToGetByOffset):
(JSC::DFG::Node::convertToMultiGetByOffset):
(JSC::DFG::Node::hasCacheableIdentifier):
(JSC::DFG::Node::hasHeapPrediction):
* Source/JavaScriptCore/dfg/DFGNodeType.h:
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileGetByIdMegamorphic):
* Source/JavaScriptCore/ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByIdMegamorphic):
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::loadMegamorphicProperty):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
Canonical link: https://commits.webkit.org/263300@main
Identifier: 263289.3 at safari-7616.1.12-branch
Commit: a4f1c11073c4699ba5d1cb50301c864d45bfca3a
https://github.com/WebKit/WebKit/commit/a4f1c11073c4699ba5d1cb50301c864d45bfca3a
Author: David Degazio <d_degazio at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
M Source/JavaScriptCore/heap/FreeList.cpp
M Source/JavaScriptCore/heap/FreeList.h
M Source/JavaScriptCore/heap/FreeListInlines.h
M Source/JavaScriptCore/heap/MarkedBlockInlines.h
M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
Log Message:
-----------
Cherry-pick 2fbb3152165b. rdar://problem/108377867
Use bump ranges instead of free list in JSC allocator
https://bugs.webkit.org/show_bug.cgi?id=255798
rdar://108377867
Reviewed by Yusuke Suzuki and Mark Lam.
Replaces the JSC free list allocator with a list of free intervals.
Each interval represents a contiguous block of dead cells, and within
each interval we can bump-allocate. This should mean we bump-allocate
more often, and potentially speed up sweeping by nature of installing
fewer free list cells, especially for use cases where we don't often
manage to totally empty blocks currently.
* Source/JavaScriptCore/heap/FreeList.cpp:
(JSC::FreeList::clear):
(JSC::FreeList::initialize):
(JSC::FreeList::contains const):
(JSC::FreeList::dump const):
(JSC::FreeList::initializeList): Deleted.
(JSC::FreeList::initializeBump): Deleted.
* Source/JavaScriptCore/heap/FreeList.h:
(JSC::FreeCell::scramble):
(JSC::FreeCell::descramble):
(JSC::FreeCell::makeLast):
(JSC::FreeCell::setNext):
(JSC::FreeCell::decode):
(JSC::FreeCell::offsetOfScrambledBits):
(JSC::FreeList::allocationWillFail const):
(JSC::FreeList::isSentinel):
(JSC::FreeList::offsetOfHead):
(JSC::FreeList::offsetOfPayloadStart):
(JSC::FreeList::offsetOfPayloadEnd):
(JSC::FreeList::head const):
(JSC::FreeCell::next const): Deleted.
(JSC::FreeCell::offsetOfScrambledNext): Deleted.
(JSC::FreeList::offsetOfScrambledHead): Deleted.
(JSC::FreeList::offsetOfRemaining): Deleted.
* Source/JavaScriptCore/heap/FreeListInlines.h:
(JSC::FreeList::allocate):
(JSC::FreeList::forEach const):
* Source/JavaScriptCore/heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::Handle::specializedSweep):
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::jitAssertTagsInPlace):
(JSC::AssemblyHelpers::emitExceptionCheck):
(JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
(JSC::AssemblyHelpers::loadProperty):
(JSC::AssemblyHelpers::storeProperty):
(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
(JSC::AssemblyHelpers::emitAllocateVariableSized):
(JSC::AssemblyHelpers::restoreCalleeSavesFromEntryFrameCalleeSavesBuffer):
(JSC::AssemblyHelpers::emitRestoreCalleeSavesFor):
Canonical link: https://commits.webkit.org/263313@main
Identifier: 263289.4 at safari-7616.1.12-branch
Commit: 3a615cb54b30bd76b4e88953176bcc39608219bc
https://github.com/WebKit/WebKit/commit/3a615cb54b30bd76b4e88953176bcc39608219bc
Author: Jer Noble <jer.noble at apple.com>
Date: 2023-04-26 (Wed, 26 Apr 2023)
Changed paths:
M Source/WebCore/PAL/pal/cocoa/AVFoundationSoftLink.mm
Log Message:
-----------
Cherry-pick afb4d354559f. rdar://problem/108531838
[Mac] Media loading causes a crash when running in the base system
https://bugs.webkit.org/show_bug.cgi?id=255964
rdar://108531838
Reviewed by Alex Christensen.
Make the AVAudioSession class optional in AVFoundationSoftLink.
* Source/WebCore/PAL/pal/cocoa/AVFoundationSoftLink.mm:
Canonical link: https://commits.webkit.org/263414@main
Identifier: 263289.5 at safari-7616.1.12-branch
Commit: 8a51c2aba726a1ccdbc2371749107ddc7d61e2a6
https://github.com/WebKit/WebKit/commit/8a51c2aba726a1ccdbc2371749107ddc7d61e2a6
Author: Commit Queue <commit-queue at webkit.org>
Date: 2023-04-26 (Wed, 26 Apr 2023)
Changed paths:
M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.h
M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm
Log Message:
-----------
Cherry-pick 9f898b6f9ff6. rdar://problem/108439267
Unreviewed, reverting r263269 at main.
https://bugs.webkit.org/show_bug.cgi?id=255851
Speedometer2.1 regression
Reverted changeset:
"Use a RunLoop Observer for RemoteLayerTreeDrawingArea."
https://bugs.webkit.org/show_bug.cgi?id=255769
https://commits.webkit.org/263269@main
Canonical link: https://commits.webkit.org/263296@main
Identifier: 263289.6 at safari-7616.1.12-branch
Commit: fcd2cc1f2f382c3158ca0e273d1c17b03de2f233
https://github.com/WebKit/WebKit/commit/fcd2cc1f2f382c3158ca0e273d1c17b03de2f233
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-04-28 (Fri, 28 Apr 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7616.1.12.1
Identifier: 263289.7 at safari-7616.1.12-branch
Commit: 67aa7aff2653885fe356fecaa7cdaead0533b8c7
https://github.com/WebKit/WebKit/commit/67aa7aff2653885fe356fecaa7cdaead0533b8c7
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7616.1.12.2
Identifier: 263289.8 at safari-7616.1.12-branch
Commit: 602d0104c54abdfdb0667bf0e639f9e0d0b1905f
https://github.com/WebKit/WebKit/commit/602d0104c54abdfdb0667bf0e639f9e0d0b1905f
Author: Patrick Angle <pangle at apple.com>
Date: 2023-05-01 (Mon, 01 May 2023)
Changed paths:
M LayoutTests/inspector/dom/showFlexOverlay.html
M LayoutTests/inspector/dom/showGridOverlay.html
M Source/WebCore/inspector/InspectorOverlay.cpp
Log Message:
-----------
Cherry-pick 05e01b57a4ec. rdar://problem/108745762
Web Inspector: Crash when inspecting CSS Grid without defined columns or rows
https://bugs.webkit.org/show_bug.cgi?id=256072
rdar://108641874
Reviewed by Devin Rousso.
262869 at main fixed issues with determining the authored grid track sizes, but in the process introduced a potential null
pointer deref due to us erroneously trying to get a reference to a RefPtr's value instead of getting its pointer for use
in a dynamic downcast.
* LayoutTests/inspector/dom/showFlexOverlay.html:
- Drive-by ensure we enable all options for flex overlays too so that those paths are exercises.
* LayoutTests/inspector/dom/showGridOverlay.html:
* Source/WebCore/inspector/InspectorOverlay.cpp:
(WebCore::authoredGridTrackSizes):
Canonical link: https://commits.webkit.org/263517@main
Identifier: 263289.9 at safari-7616.1.12-branch
Compare: https://github.com/WebKit/WebKit/compare/f7b3549c3497%5E...602d0104c54a
More information about the webkit-changes
mailing list