[webkit-changes] [WebKit/WebKit] 7e2624: Fix ThinLTO build failure when linking aginst libp...
Commit Queue
noreply at github.com
Fri May 5 11:25:10 PDT 2023
Branch: refs/heads/safari-7616.1.11-branch
Home: https://github.com/WebKit/WebKit
Commit: 7e2624afe27e39bc8e1ad48b370e5a3aff1bd1ee
https://github.com/WebKit/WebKit/commit/7e2624afe27e39bc8e1ad48b370e5a3aff1bd1ee
Author: Elliott Williams <emw at apple.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
M Source/JavaScriptCore/Configurations/JavaScriptCore.xcconfig
Log Message:
-----------
Fix ThinLTO build failure when linking aginst libpas.a
https://bugs.webkit.org/show_bug.cgi?id=255804
rdar://108319256
Unreviewed build fix.
Linking against libpas using search paths (-hidden-lpas) was causing a
Mac Catalyst production build to use the wrong archive. Fix by linking
against an exact path, the same way libbmalloc is linked.
* Source/JavaScriptCore/Configurations/JavaScriptCore.xcconfig:
Canonical link: https://commits.webkit.org/263266@main
(cherry picked from commit 5c5b8c1c2f6ade6b2b98428f6ade6e67797138ba)
Identifier: 263164.1 at safari-7616.1.11-branch
Commit: 77fbc14c3c51423dc0694a24e9167d7ca2540061
https://github.com/WebKit/WebKit/commit/77fbc14c3c51423dc0694a24e9167d7ca2540061
Author: Russell Epstein <repstein at apple.com>
Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7616.1.11.1
Identifier: 262889.277 at safari-7616.1.11-branch
Commit: 8a972b1cc35656c163c614c57f83d8e4fd13a312
https://github.com/WebKit/WebKit/commit/8a972b1cc35656c163c614c57f83d8e4fd13a312
Author: Russell Epstein <repstein at apple.com>
Date: 2023-04-24 (Mon, 24 Apr 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7616.1.11.2
Identifier: 262889.278 at safari-7616.1.11-branch
Commit: 9a0d46229a1990b863c17400029cac007e2ce750
https://github.com/WebKit/WebKit/commit/9a0d46229a1990b863c17400029cac007e2ce750
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-04-24 (Mon, 24 Apr 2023)
Changed paths:
A JSTests/microbenchmarks/megamorphic-dfg.js
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
M Source/JavaScriptCore/dfg/DFGNode.cpp
M Source/JavaScriptCore/dfg/DFGNode.h
Log Message:
-----------
Cherry-pick d77ef3a80e9c. rdar://problem/108302994
[JSC] Convert GetByVal + StringIdent constant to GetById to encourage megamorphic IC
https://bugs.webkit.org/show_bug.cgi?id=255709
rdar://108302994
Reviewed by Alexey Shvayka.
This patch converts DFG/FTL GetByVal + StringIdent constant to GetById. The main benefit of this is that
we can use megamorphic IC from GetById.
ToT Patched
megamorphic-dfg 10.9843+-0.0357 ^ 7.3780+-0.0332 ^ definitely 1.4888x faster
* JSTests/microbenchmarks/megamorphic-dfg.js: Added.
(test):
(test2):
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* Source/JavaScriptCore/dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToGetById):
* Source/JavaScriptCore/dfg/DFGNode.h:
Canonical link: https://commits.webkit.org/263200@main
Identifier: 262889.279 at safari-7616.1.11-branch
Commit: c117b987ee2b22e1a4604ac2a7556066964fe46a
https://github.com/WebKit/WebKit/commit/c117b987ee2b22e1a4604ac2a7556066964fe46a
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-04-24 (Mon, 24 Apr 2023)
Changed paths:
M Source/JavaScriptCore/bytecode/GetByStatus.cpp
M Source/JavaScriptCore/bytecode/GetByStatus.h
M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGNode.h
M Source/JavaScriptCore/dfg/DFGNodeType.h
M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
M Source/JavaScriptCore/jit/AssemblyHelpers.h
M Source/JavaScriptCore/jit/JITOperations.cpp
Log Message:
-----------
Cherry-pick 98d5e19f0344. rdar://problem/108398043
[JSC] Integrate inlined megamorphic access in DFG and FTL
https://bugs.webkit.org/show_bug.cgi?id=255821
rdar://108398043
Reviewed by Mark Lam.
DFG and FTL should get Baseline IC's megamorphic GetById state, and emit special GetByIdMegamorphic node, which
does megamorphic access inline (without IC) from the beginning. This is (1) faster than IC and (2) avoid repeated
repatching of code.
Here is a bit fun thing: emitting GetByIdMegamorphic means that we give up polymorphic IC optimization. So this needs very careful handling.
It is possible that one function can be inlined from the other function, and then it gets limited # of structures.
In this case, continue using IC is better than falling back to megamorphic case. But if the function gets compiled before,
and even optimizing JIT saw the megamorphism, then this is likely that this function continues having megamorphic behavior,
and inlined megamorphic code is faster. Currently, we use GetByIdMegamorphic only when the exact same form of CodeOrigin gets
this megamorphic state before (same level of inlining etc.). This is very conservative but effective since IC is very fast
when it worked well (but costly if it doesn't work and get megamorphic).
Once this cost-benefit tradeoff gets changed (via handler IC), we can revisit this condition.
ToT Patched
megamorphic-own-load 37.0244+-0.1000 ^ 34.3635+-0.0982 ^ definitely 1.0774x faster
megamorphic-dfg 7.4125+-0.0400 7.3945+-0.0251
megamorphic-load 4.5447+-0.0232 ^ 4.3989+-0.0293 ^ definitely 1.0332x faster
megamorphic-prototype-load 37.0116+-0.1119 ^ 34.4312+-0.1764 ^ definitely 1.0749x faster
megamorphic-miss 30.6568+-0.0471 ^ 28.5222+-0.1031 ^ definitely 1.0748x faster
* Source/JavaScriptCore/bytecode/GetByStatus.cpp:
(JSC::GetByStatus::computeFor):
(JSC::GetByStatus::GetByStatus):
(JSC::isSameStyledCodeOrigin):
(JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback):
(JSC::GetByStatus::makesCalls const):
(JSC::GetByStatus::merge):
(JSC::GetByStatus::dump const):
* Source/JavaScriptCore/bytecode/GetByStatus.h:
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::generateWithGuard):
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleGetById):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* Source/JavaScriptCore/dfg/DFGNode.h:
(JSC::DFG::Node::convertToGetByOffset):
(JSC::DFG::Node::convertToMultiGetByOffset):
(JSC::DFG::Node::hasCacheableIdentifier):
(JSC::DFG::Node::hasHeapPrediction):
* Source/JavaScriptCore/dfg/DFGNodeType.h:
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileGetByIdMegamorphic):
* Source/JavaScriptCore/ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByIdMegamorphic):
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::loadMegamorphicProperty):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
Canonical link: https://commits.webkit.org/263300@main
Identifier: 262889.280 at safari-7616.1.11-branch
Commit: cfb85857f8a985d541550d62e1b135440db12329
https://github.com/WebKit/WebKit/commit/cfb85857f8a985d541550d62e1b135440db12329
Author: David Degazio <d_degazio at apple.com>
Date: 2023-04-24 (Mon, 24 Apr 2023)
Changed paths:
M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
M Source/JavaScriptCore/heap/FreeList.cpp
M Source/JavaScriptCore/heap/FreeList.h
M Source/JavaScriptCore/heap/FreeListInlines.h
M Source/JavaScriptCore/heap/MarkedBlockInlines.h
M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
Log Message:
-----------
Cherry-pick 2fbb3152165b. rdar://problem/108377867
Use bump ranges instead of free list in JSC allocator
https://bugs.webkit.org/show_bug.cgi?id=255798
rdar://108377867
Reviewed by Yusuke Suzuki and Mark Lam.
Replaces the JSC free list allocator with a list of free intervals.
Each interval represents a contiguous block of dead cells, and within
each interval we can bump-allocate. This should mean we bump-allocate
more often, and potentially speed up sweeping by nature of installing
fewer free list cells, especially for use cases where we don't often
manage to totally empty blocks currently.
* Source/JavaScriptCore/heap/FreeList.cpp:
(JSC::FreeList::clear):
(JSC::FreeList::initialize):
(JSC::FreeList::contains const):
(JSC::FreeList::dump const):
(JSC::FreeList::initializeList): Deleted.
(JSC::FreeList::initializeBump): Deleted.
* Source/JavaScriptCore/heap/FreeList.h:
(JSC::FreeCell::scramble):
(JSC::FreeCell::descramble):
(JSC::FreeCell::makeLast):
(JSC::FreeCell::setNext):
(JSC::FreeCell::decode):
(JSC::FreeCell::offsetOfScrambledBits):
(JSC::FreeList::allocationWillFail const):
(JSC::FreeList::isSentinel):
(JSC::FreeList::offsetOfHead):
(JSC::FreeList::offsetOfPayloadStart):
(JSC::FreeList::offsetOfPayloadEnd):
(JSC::FreeList::head const):
(JSC::FreeCell::next const): Deleted.
(JSC::FreeCell::offsetOfScrambledNext): Deleted.
(JSC::FreeList::offsetOfScrambledHead): Deleted.
(JSC::FreeList::offsetOfRemaining): Deleted.
* Source/JavaScriptCore/heap/FreeListInlines.h:
(JSC::FreeList::allocate):
(JSC::FreeList::forEach const):
* Source/JavaScriptCore/heap/MarkedBlockInlines.h:
(JSC::MarkedBlock::Handle::specializedSweep):
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::jitAssertTagsInPlace):
(JSC::AssemblyHelpers::emitExceptionCheck):
(JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
(JSC::AssemblyHelpers::loadProperty):
(JSC::AssemblyHelpers::storeProperty):
(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
(JSC::AssemblyHelpers::emitAllocateVariableSized):
(JSC::AssemblyHelpers::restoreCalleeSavesFromEntryFrameCalleeSavesBuffer):
(JSC::AssemblyHelpers::emitRestoreCalleeSavesFor):
Canonical link: https://commits.webkit.org/263313@main
Identifier: 262889.281 at safari-7616.1.11-branch
Commit: 32606b32b2a931b28523140b733c6b82ad309645
https://github.com/WebKit/WebKit/commit/32606b32b2a931b28523140b733c6b82ad309645
Author: Gavin Phillips <gavin.p at apple.com>
Date: 2023-04-24 (Mon, 24 Apr 2023)
Changed paths:
M Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm
Log Message:
-----------
Cherry-pick 0819d58fc483. rdar://problem/108235706
Move PKPaymentMethod and NSMutableURLRequest to Secure mode
https://bugs.webkit.org/show_bug.cgi?id=255791
rdar://108235706
Reviewed by Wenson Hsieh.
Move PKPaymentMethod & NSMutableURLRequest to using Secure mode
for deserialization.
* Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm:
(IPC::shouldEnableStrictMode):
Canonical link: https://commits.webkit.org/263256@main
Identifier: 262889.282 at safari-7616.1.11-branch
Commit: a262c2046bb40cbfa7e0a96511e0529e4cff99b7
https://github.com/WebKit/WebKit/commit/a262c2046bb40cbfa7e0a96511e0529e4cff99b7
Author: Russell Epstein <repstein at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7616.1.11.3
Canonical link: https://commits.webkit.org/263164.8@safari-7616.1.11-branch
Commit: 7ba0697c8d5bf04484a908706f5f0d2c3183ab53
https://github.com/WebKit/WebKit/commit/7ba0697c8d5bf04484a908706f5f0d2c3183ab53
Author: Miguel Salinas <miguel_salinas at apple.com>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M Source/WebKit/UIProcess/ProcessThrottler.cpp
M Source/WebKit/UIProcess/ProcessThrottler.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm
Log Message:
-----------
Cherry-pick 0420e99f1060. rdar://problem/106969950
[macOS] background tab suspension - 3.5% MBA8,2 membuster regression
https://bugs.webkit.org/show_bug.cgi?id=255226
rdar://106969950
Reviewed by Chris Dumez.
Membuster sends a low memory signal to web content processes to measure
the memory impact of our low memory handler. When runningboard
throttling is enabled on MBA8,2 the web content process never gets
scheduled due to the machine only having 2 cores and the web content
process having a priority of darwin_bg. This fix holds the foreground
assertion for 8 minutes after the last foreground activity is released
to ensure we have enough time to handle the low memory signal in
membuster. I also tried having the web content process take an assertion
on itself for the duration of the low memory handler but that did not
fix the regression.
* Source/WebKit/UIProcess/ProcessThrottler.cpp:
(WebKit::ProcessThrottlerTimedActivity::ProcessThrottlerTimedActivity):
(WebKit::ProcessThrottlerTimedActivity::operator=):
(WebKit::ProcessThrottlerTimedActivity::activityTimedOut):
(WebKit::ProcessThrottlerTimedActivity::updateTimer):
(WebKit::ProcessThrottler::TimedActivity::TimedActivity): Deleted.
(WebKit::ProcessThrottler::TimedActivity::operator=): Deleted.
(WebKit::ProcessThrottler::TimedActivity::activityTimedOut): Deleted.
(WebKit::ProcessThrottler::TimedActivity::updateTimer): Deleted.
* Source/WebKit/UIProcess/ProcessThrottler.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::ProcessActivityState::ProcessActivityState):
(WebKit::WebPageProxy::ProcessActivityState::takeVisibleActivity):
(WebKit::WebPageProxy::ProcessActivityState::takeAudibleActivity):
(WebKit::WebPageProxy::ProcessActivityState::takeCapturingActivity):
(WebKit::WebPageProxy::ProcessActivityState::reset):
(WebKit::WebPageProxy::ProcessActivityState::dropVisibleActivity):
(WebKit::WebPageProxy::ProcessActivityState::dropAudibleActivity):
(WebKit::WebPageProxy::ProcessActivityState::dropCapturingActivity):
(WebKit::WebPageProxy::ProcessActivityState::hasValidVisibleActivity const):
(WebKit::WebPageProxy::ProcessActivityState::hasValidAudibleActivity const):
(WebKit::WebPageProxy::ProcessActivityState::hasValidCapturingActivity const):
(WebKit::WebPageProxy::ProcessActivityState::takeOpeningAppLinkActivity):
(WebKit::WebPageProxy::ProcessActivityState::dropOpeningAppLinkActivity):
(WebKit::WebPageProxy::ProcessActivityState::hasValidOpeningAppLinkActivity const):
(WebKit::WebPageProxy::close):
(WebKit::WebPageProxy::updateThrottleState):
(WebKit::WebPageProxy::clearAudibleActivity):
(WebKit::WebPageProxy::waitForDidUpdateActivityState):
(WebKit::WebPageProxy::resetStateAfterProcessExited):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::willOpenAppLink):
Canonical link: https://commits.webkit.org/263264@main
Canonical link: https://commits.webkit.org/263164.9@safari-7616.1.11-branch
Commit: e77e17933de1f9cc464a35463a615dbb7825b9a5
https://github.com/WebKit/WebKit/commit/e77e17933de1f9cc464a35463a615dbb7825b9a5
Author: Commit Queue <commit-queue at webkit.org>
Date: 2023-04-25 (Tue, 25 Apr 2023)
Changed paths:
M Source/WebKit/Shared/WebPreferencesDefaultValues.cpp
Log Message:
-----------
Cherry-pick 574dcb6844bb. rdar://problem/108499789
Unreviewed, reverting r262174 at main.
https://bugs.webkit.org/show_bug.cgi?id=255918
regressions fixed
Reverted changeset:
"[macOS] Disable background webcontent suspension by default"
https://bugs.webkit.org/show_bug.cgi?id=254535
https://commits.webkit.org/262174@main
Canonical link: https://commits.webkit.org/263364@main
Canonical link: https://commits.webkit.org/263164.10@safari-7616.1.11-branch
Compare: https://github.com/WebKit/WebKit/compare/7e2624afe27e%5E...e77e17933de1
More information about the webkit-changes
mailing list