[webkit-changes] [WebKit/WebKit] 5c4c58: Versioning.
Michael Saboff
noreply at github.com
Wed Oct 25 13:53:22 PDT 2023
Branch: refs/heads/safari-7615.1.26.101-branch
Home: https://github.com/WebKit/WebKit
Commit: 5c4c58a12ac8cc572cda55ac9e5939225f7a8d58
https://github.com/WebKit/WebKit/commit/5c4c58a12ac8cc572cda55ac9e5939225f7a8d58
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-03-10 (Fri, 10 Mar 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
Canonical link: https://commits.webkit.org/259548.384@safari-7615.1.26.101-branch
Commit: 703ea7ea42e0bc41342fb9fa592e65cfb367458a
https://github.com/WebKit/WebKit/commit/703ea7ea42e0bc41342fb9fa592e65cfb367458a
Author: Chris Dumez <cdumez at apple.com>
Date: 2023-03-10 (Fri, 10 Mar 2023)
Changed paths:
M Source/WebKit/UIProcess/WebFrameProxy.cpp
Log Message:
-----------
Cherry-pick aa394d9f173f. rdar://problem/106546295
Unreviewed build fix after 261429 at main
https://bugs.webkit.org/show_bug.cgi?id=253711
rdar://106546295
* Source/WebKit/UIProcess/WebFrameProxy.cpp:
(WebKit::WebFrameProxy::getFrameInfo):
Canonical link: https://commits.webkit.org/261509@main
Canonical link: https://commits.webkit.org/259548.385@safari-7615.1.26.101-branch
Commit: 4de4ee5dfe49f5daa17df29648c3f6db813f931e
https://github.com/WebKit/WebKit/commit/4de4ee5dfe49f5daa17df29648c3f6db813f931e
Author: Kocsen Chung <kocsen_chung at apple.com>
Date: 2023-03-13 (Mon, 13 Mar 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.1.26.101.7
Canonical link: https://commits.webkit.org/259548.386@safari-7615.1.26.101-branch
Commit: 3d83598e0447dee53c4754006e58d8152b4164f6
https://github.com/WebKit/WebKit/commit/3d83598e0447dee53c4754006e58d8152b4164f6
Author: Dan Robson <dan_robson at apple.com>
Date: 2023-03-14 (Tue, 14 Mar 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
Commit: d30b892739e5d0ffb4f61222120c992ad413d7e1
https://github.com/WebKit/WebKit/commit/d30b892739e5d0ffb4f61222120c992ad413d7e1
Author: Tyler Wilcock <tyler_w at apple.com>
Date: 2023-03-14 (Tue, 14 Mar 2023)
Changed paths:
A LayoutTests/accessibility/changing-aria-hidden-with-display-none-parent-expected.txt
A LayoutTests/accessibility/changing-aria-hidden-with-display-none-parent.html
A LayoutTests/platform/ios-simulator/accessibility/changing-aria-hidden-with-display-none-parent-expected.txt
M LayoutTests/platform/ios/TestExpectations
M Source/WebCore/accessibility/AXObjectCache.cpp
M Source/WebCore/accessibility/AccessibilityNodeObject.cpp
Log Message:
-----------
Cherry-pick dd026e944caa. rdar://problem/106724493
Improve Ref / RefPtr hygiene in AXObjectCache::handleAttributeChange and AccessibilityNodeObject::textUnderElement
rdar://problem/106557770
Reviewed by Chris Fleizach.
Bring these two functions in line with the WebKit smart pointer style
guide (https://github.com/WebKit/WebKit/wiki/Smart-Pointer-Usage-Guidelines) by
reference counting AccessibilityObjects before passing them into non-trivial functions.
* Source/WebCore/accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::handleAttributeChange):
* Source/WebCore/accessibility/AccessibilityNodeObject.cpp:
(WebCore::AccessibilityNodeObject::textUnderElement const):
* LayoutTests/platform/ios/TestExpectations:
Mark new test as passing.
* LayoutTests/accessibility/changing-aria-hidden-with-display-none-parent-expected.txt: Added.
* LayoutTests/accessibility/changing-aria-hidden-with-display-none-parent.html: Added.
* LayoutTests/platform/ios-simulator/accessibility/changing-aria-hidden-with-display-none-parent-expected.txt: Added.
Canonical link: https://commits.webkit.org/259548.387@safari-7615-branch
Identifier: 259548.388 at safari-7615.1.26.101-branch
Commit: bf7ed7a2bd7da80084b401cb4f1baab7f7219d20
https://github.com/WebKit/WebKit/commit/bf7ed7a2bd7da80084b401cb4f1baab7f7219d20
Author: Matt Woodrow <mattwoodrow at apple.com>
Date: 2023-03-14 (Tue, 14 Mar 2023)
Changed paths:
A LayoutTests/fast/canvas/offscreen-disabled-construct3-quirk-expected.txt
A LayoutTests/fast/canvas/offscreen-disabled-construct3-quirk.html
M Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
Log Message:
-----------
Cherry-pick 0489426718c9. rdar://problem/106724425
OffscreenCanvas support without WebGL breaks Construct 3 content.
https://bugs.webkit.org/show_bug.cgi?id=253431
<rdar://106341361>
Reviewed by Chris Dumez.
Construct 3 is testing for the presence of OffscreenCanvas on the main thread, and then assumes
that a WebGL context will be able to be constructed from it.
We've only enabled Canvas2D on OffscreenCanvas currently, so detect this library and disable
OffscreenCanvas entirely.
* LayoutTests/fast/canvas/offscreen-disabled-construct3-quirk-expected.txt: Added.
* LayoutTests/fast/canvas/offscreen-disabled-construct3-quirk.html: Added.
* Source/WebCore/bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::getOwnPropertySlot):
Canonical link: https://commits.webkit.org/259548.408@safari-7615-branch
Identifier: 259548.389 at safari-7615.1.26.101-branch
Commit: f2a7a5fbe06bcfa31817110bc93d94d666822227
https://github.com/WebKit/WebKit/commit/f2a7a5fbe06bcfa31817110bc93d94d666822227
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-03-14 (Tue, 14 Mar 2023)
Changed paths:
R JSTests/microbenchmarks/map-iteration-and-array-destructuring.js
M JSTests/stress/destructuring-assignment-accepts-iterables.js
M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
Log Message:
-----------
Cherry-pick 182d422f3194. rdar://problem/106724518
Revert [255681 at main] [JSC] Use fast iteration for array destructuring
rdar://106578250
Reviewed by Mark Lam.
Revert 255681 at main based on regression in rdar://106578250.
* JSTests/microbenchmarks/map-iteration-and-array-destructuring.js: Removed.
* JSTests/stress/destructuring-assignment-accepts-iterables.js:
(set shouldBe):
(set new):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitEnumeration):
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::ArrayPatternNode::bindValue const):
Canonical link: https://commits.webkit.org/259548.413@safari-7615-branch
Identifier: 259548.390 at safari-7615.1.26.101-branch
Commit: 8083debb1f9eab6425f10421c185cea040702926
https://github.com/WebKit/WebKit/commit/8083debb1f9eab6425f10421c185cea040702926
Author: Russell Epstein <repstein at apple.com>
Date: 2023-03-23 (Thu, 23 Mar 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.1.26.101.9
Canonical link: https://commits.webkit.org/259548.391@safari-7615.1.26.101-branch
Commit: 7b1c12ba838881cfe87168578774f63edbac6f79
https://github.com/WebKit/WebKit/commit/7b1c12ba838881cfe87168578774f63edbac6f79
Author: Russell Epstein <repstein at apple.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.1.26.101.10
Canonical link: https://commits.webkit.org/259548.392@safari-7615.1.26.101-branch
Commit: ee9d233ab9e520a54763e2f3a1f04b3a2d242345
https://github.com/WebKit/WebKit/commit/ee9d233ab9e520a54763e2f3a1f04b3a2d242345
Author: Alex Christensen <achristensen at apple.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M Source/WebKit/GPUProcess/GPUConnectionToWebProcess.cpp
M Source/WebKit/GPUProcess/GPUConnectionToWebProcess.h
M Source/WebKit/GPUProcess/GPUProcess.cpp
M Source/WebKit/GPUProcess/GPUProcess.h
M Source/WebKit/GPUProcess/GPUProcess.messages.in
M Source/WebKit/Shared/GPUProcessConnectionParameters.h
M Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
M Source/WebKit/UIProcess/GPU/GPUProcessProxy.h
M Source/WebKit/UIProcess/WebProcessPool.cpp
M Source/WebKit/UIProcess/WebProcessProxy.cpp
M Source/WebKit/UIProcess/WebProcessProxy.h
Log Message:
-----------
Cherry-pick 3891a934a192. rdar://problem/107562531
Verify WebGPU is enabled in GPUConnectionToWebProcess::createRemoteGPU
https://bugs.webkit.org/show_bug.cgi?id=254373
rdar://107153896
Reviewed by Myles C. Maxfield, Geoffrey Garen and Chris Dumez.
Have the GPUConnectionToWebProcess keep a boolean to keep track of whether
WebGPU is enabled for any Page in that process. Update the boolean when
adding or removing a Page. If we get a message to use the entry point of
WebGPU and WebGPU is disabled, then terminate the web content process
from which the message came instead of creating a RemoteGPU.
* Source/WebKit/GPUProcess/GPUConnectionToWebProcess.cpp:
(WebKit::m_webGPUEnabled):
(WebKit::GPUConnectionToWebProcess::createRemoteGPU):
(WebKit::m_routingArbitrator): Deleted.
* Source/WebKit/GPUProcess/GPUConnectionToWebProcess.h:
(WebKit::GPUConnectionToWebProcess::updateWebGPUEnabled):
* Source/WebKit/GPUProcess/GPUProcess.cpp:
(WebKit::GPUProcess::updateWebGPUEnabled):
* Source/WebKit/GPUProcess/GPUProcess.h:
* Source/WebKit/GPUProcess/GPUProcess.messages.in:
* Source/WebKit/Shared/GPUProcessConnectionParameters.h:
(WebKit::GPUProcessConnectionParameters::encode const):
(WebKit::GPUProcessConnectionParameters::decode):
* Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp:
(WebKit::GPUProcessProxy::updateWebGPUEnabled):
* Source/WebKit/UIProcess/GPU/GPUProcessProxy.h:
* Source/WebKit/UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::createGPUProcessConnection):
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::addExistingWebPage):
(WebKit::WebProcessProxy::removeWebPage):
(WebKit::WebProcessProxy::updateWebGPUEnabledStateInGPUProcess):
* Source/WebKit/UIProcess/WebProcessProxy.h:
Canonical link: https://commits.webkit.org/259548.478@safari-7615-branch
Commit: 72fb0a8dfd1680e9d5c28507459ff2bc546ccd7f
https://github.com/WebKit/WebKit/commit/72fb0a8dfd1680e9d5c28507459ff2bc546ccd7f
Author: Mark Lam <mark.lam at apple.com>
Date: 2023-04-03 (Mon, 03 Apr 2023)
Changed paths:
M Source/JavaScriptCore/heap/Heap.cpp
M Source/JavaScriptCore/heap/Heap.h
M Source/JavaScriptCore/heap/HeapInlines.h
M Source/JavaScriptCore/runtime/ArgList.cpp
M Source/JavaScriptCore/runtime/ArgList.h
M Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp
M Source/WebCore/Modules/webaudio/AudioWorkletProcessor.h
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
Log Message:
-----------
Cherry-pick 2c49ff7b0481. rdar://problem/107562512
CloneDeserializer::deserialize() should store cell pointers in a MarkedVector.
https://bugs.webkit.org/show_bug.cgi?id=254797
rdar://107369977
Reviewed by Justin Michaud.
Previously, CloneDeserializer::deserialize() was storing pointers to newly created objects
in a few Vectors. This is problematic because the GC is not aware of Vectors, and cannot
scan them. In this patch, we refactor the MarkedArgumentBuffer class into a MarkedVector
template class that offer 2 enhancements:
1. It can be configured to store specific types of cell pointer types. This avoids us
having to constantly cast JSValues into these pointers.
2. It allows us to specify the type of OverflowHandler we want to use. In this case,
we want to use CrashOnOverflow. The previous MarkedArgumentBuffer always assumes
RecordOnOverflow. This allows us to avoid having to manually check for overflows,
or have to use appendWithCrashOnOverflow. For our current needs, MarkedVector can be
used as a drop in replacement for Vector.
And we fix the CloneDeserializer::deserialize() issue by replacing the use of Vectors
with MarkedVector instead.
* Source/JavaScriptCore/heap/Heap.cpp:
(JSC::Heap::addCoreConstraints):
* Source/JavaScriptCore/heap/Heap.h:
* Source/JavaScriptCore/heap/HeapInlines.h:
* Source/JavaScriptCore/runtime/ArgList.cpp:
(JSC::MarkedVectorBase::addMarkSet):
(JSC::MarkedVectorBase::markLists):
(JSC::MarkedVectorBase::slowEnsureCapacity):
(JSC::MarkedVectorBase::expandCapacity):
(JSC::MarkedVectorBase::slowAppend):
(JSC::MarkedArgumentBufferBase::addMarkSet): Deleted.
(JSC::MarkedArgumentBufferBase::markLists): Deleted.
(JSC::MarkedArgumentBufferBase::slowEnsureCapacity): Deleted.
(JSC::MarkedArgumentBufferBase::expandCapacity): Deleted.
(JSC::MarkedArgumentBufferBase::slowAppend): Deleted.
* Source/JavaScriptCore/runtime/ArgList.h:
(JSC::MarkedVectorWithSize::MarkedVectorWithSize):
(JSC::MarkedVectorWithSize::at const):
(JSC::MarkedVectorWithSize::clear):
(JSC::MarkedVectorWithSize::append):
(JSC::MarkedVectorWithSize::appendWithCrashOnOverflow):
(JSC::MarkedVectorWithSize::last const):
(JSC::MarkedVectorWithSize::takeLast):
(JSC::MarkedVectorWithSize::ensureCapacity):
(JSC::MarkedVectorWithSize::hasOverflowed):
(JSC::MarkedVectorWithSize::fill):
(JSC::MarkedArgumentBufferWithSize::MarkedArgumentBufferWithSize): Deleted.
* Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp:
(WebCore::AudioWorkletProcessor::buildJSArguments):
* Source/WebCore/Modules/webaudio/AudioWorkletProcessor.h:
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::deserialize):
Canonical link: https://commits.webkit.org/259548.530@safari-7615-branch
Commit: a7ddace549cba2086616699674f509519e8d0ee7
https://github.com/WebKit/WebKit/commit/a7ddace549cba2086616699674f509519e8d0ee7
Author: Russell Epstein <repstein at apple.com>
Date: 2023-04-28 (Fri, 28 Apr 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7615.1.26.101.11
Canonical link: https://commits.webkit.org/259548.395@safari-7615.1.26.101-branch
Commit: d58023d6ff6a4765845c5b72d50662bdbba7dd2a
https://github.com/WebKit/WebKit/commit/d58023d6ff6a4765845c5b72d50662bdbba7dd2a
Author: Antoine Quint <graouts at webkit.org>
Date: 2023-04-28 (Fri, 28 Apr 2023)
Changed paths:
M Source/WebCore/animation/WebAnimation.cpp
Log Message:
-----------
Cherry-pick 1d6fe184ea53. rdar://problem/107856564
Potential use-after-free in WebAnimation::commitStyles
https://bugs.webkit.org/show_bug.cgi?id=254840
rdar://107444873
Reviewed by Dean Jackson and Darin Adler.
Ensure that the animation's effect and target are kept alive for the duration of this method
since it is possible that calling updateStyleIfNeeded() could call into JavaScript and thus
these two pointers could be changed to a null value using the Web Animations API.
* Source/WebCore/animation/WebAnimation.cpp:
(WebCore::WebAnimation::commitStyles):
Canonical link: https://commits.webkit.org/259548.532@safari-7615-branch
Canonical link: https://commits.webkit.org/259548.396@safari-7615.1.26.101-branch
Commit: 1dd0013214e34497043a8337fec3f55d25d9eb25
https://github.com/WebKit/WebKit/commit/1dd0013214e34497043a8337fec3f55d25d9eb25
Author: Michael Saboff <msaboff at apple.com>
Date: 2023-04-28 (Fri, 28 Apr 2023)
Changed paths:
A JSTests/stress/string-replace-regexp-matchBOL-correct-advancing.js
M Source/JavaScriptCore/runtime/StringPrototype.cpp
M Source/JavaScriptCore/yarr/YarrInterpreter.cpp
Log Message:
-----------
Cherry-pick e34edaa74575. rdar://problem/107856432
[JSC] RegExpGlobalData::performMatch issue leading to OOB read
https://bugs.webkit.org/show_bug.cgi?id=254930
rdar://107436732
Reviewed by Alexey Shvayka.
Fixed two issues:
1) In YarrInterpreter.cpp::matchAssertionBOL() we were advancing the string position for non-BMP
characters. Since it is an assertion, we shouldn't advance the character position.
Made the same fix to matchAssertionEOL().
2) In StringPrototype.cpp::replaceUsingRegExpSearch(), we need to advance past both elements of
a non-BMP character for the case where the RegExp match is empty.
* JSTests/stress/string-replace-regexp-matchBOL-correct-advancing.js: New test.
* Source/JavaScriptCore/runtime/StringPrototype.cpp:
(JSC::replaceUsingRegExpSearch):
* Source/JavaScriptCore/yarr/YarrInterpreter.cpp:
(JSC::Yarr::Interpreter::InputStream::readCheckedDontAdvance):
(JSC::Yarr::Interpreter::matchAssertionBOL):
(JSC::Yarr::Interpreter::matchAssertionEOL):
Canonical link: https://commits.webkit.org/259548.551@safari-7615-branch
Canonical link: https://commits.webkit.org/259548.397@safari-7615.1.26.101-branch
Compare: https://github.com/WebKit/WebKit/compare/5c4c58a12ac8%5E...1dd0013214e3
More information about the webkit-changes
mailing list