[webkit-changes] [WebKit/WebKit] 5c4c58: Versioning.

Michael Saboff noreply at github.com
Wed Oct 25 13:53:22 PDT 2023


  Branch: refs/heads/safari-7615.1.26.101-branch
  Home:   https://github.com/WebKit/WebKit
  Commit: 5c4c58a12ac8cc572cda55ac9e5939225f7a8d58
      https://github.com/WebKit/WebKit/commit/5c4c58a12ac8cc572cda55ac9e5939225f7a8d58
  Author: Dan Robson <dan_robson at apple.com>
  Date:   2023-03-10 (Fri, 10 Mar 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

Canonical link: https://commits.webkit.org/259548.384@safari-7615.1.26.101-branch


  Commit: 703ea7ea42e0bc41342fb9fa592e65cfb367458a
      https://github.com/WebKit/WebKit/commit/703ea7ea42e0bc41342fb9fa592e65cfb367458a
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-03-10 (Fri, 10 Mar 2023)

  Changed paths:
    M Source/WebKit/UIProcess/WebFrameProxy.cpp

  Log Message:
  -----------
  Cherry-pick aa394d9f173f. rdar://problem/106546295

    Unreviewed build fix after 261429 at main
    https://bugs.webkit.org/show_bug.cgi?id=253711
    rdar://106546295

    * Source/WebKit/UIProcess/WebFrameProxy.cpp:
    (WebKit::WebFrameProxy::getFrameInfo):

    Canonical link: https://commits.webkit.org/261509@main

Canonical link: https://commits.webkit.org/259548.385@safari-7615.1.26.101-branch


  Commit: 4de4ee5dfe49f5daa17df29648c3f6db813f931e
      https://github.com/WebKit/WebKit/commit/4de4ee5dfe49f5daa17df29648c3f6db813f931e
  Author: Kocsen Chung <kocsen_chung at apple.com>
  Date:   2023-03-13 (Mon, 13 Mar 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7615.1.26.101.7

Canonical link: https://commits.webkit.org/259548.386@safari-7615.1.26.101-branch


  Commit: 3d83598e0447dee53c4754006e58d8152b4164f6
      https://github.com/WebKit/WebKit/commit/3d83598e0447dee53c4754006e58d8152b4164f6
  Author: Dan Robson <dan_robson at apple.com>
  Date:   2023-03-14 (Tue, 14 Mar 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.


  Commit: d30b892739e5d0ffb4f61222120c992ad413d7e1
      https://github.com/WebKit/WebKit/commit/d30b892739e5d0ffb4f61222120c992ad413d7e1
  Author: Tyler Wilcock <tyler_w at apple.com>
  Date:   2023-03-14 (Tue, 14 Mar 2023)

  Changed paths:
    A LayoutTests/accessibility/changing-aria-hidden-with-display-none-parent-expected.txt
    A LayoutTests/accessibility/changing-aria-hidden-with-display-none-parent.html
    A LayoutTests/platform/ios-simulator/accessibility/changing-aria-hidden-with-display-none-parent-expected.txt
    M LayoutTests/platform/ios/TestExpectations
    M Source/WebCore/accessibility/AXObjectCache.cpp
    M Source/WebCore/accessibility/AccessibilityNodeObject.cpp

  Log Message:
  -----------
  Cherry-pick dd026e944caa. rdar://problem/106724493

    Improve Ref / RefPtr hygiene in AXObjectCache::handleAttributeChange and AccessibilityNodeObject::textUnderElement
    rdar://problem/106557770

    Reviewed by Chris Fleizach.

    Bring these two functions in line with the WebKit smart pointer style
    guide (https://github.com/WebKit/WebKit/wiki/Smart-Pointer-Usage-Guidelines) by
    reference counting AccessibilityObjects before passing them into non-trivial functions.

    * Source/WebCore/accessibility/AXObjectCache.cpp:
    (WebCore::AXObjectCache::handleAttributeChange):
    * Source/WebCore/accessibility/AccessibilityNodeObject.cpp:
    (WebCore::AccessibilityNodeObject::textUnderElement const):
    * LayoutTests/platform/ios/TestExpectations:
    Mark new test as passing.
    * LayoutTests/accessibility/changing-aria-hidden-with-display-none-parent-expected.txt: Added.
    * LayoutTests/accessibility/changing-aria-hidden-with-display-none-parent.html: Added.
    * LayoutTests/platform/ios-simulator/accessibility/changing-aria-hidden-with-display-none-parent-expected.txt: Added.

    Canonical link: https://commits.webkit.org/259548.387@safari-7615-branch

Identifier: 259548.388 at safari-7615.1.26.101-branch


  Commit: bf7ed7a2bd7da80084b401cb4f1baab7f7219d20
      https://github.com/WebKit/WebKit/commit/bf7ed7a2bd7da80084b401cb4f1baab7f7219d20
  Author: Matt Woodrow <mattwoodrow at apple.com>
  Date:   2023-03-14 (Tue, 14 Mar 2023)

  Changed paths:
    A LayoutTests/fast/canvas/offscreen-disabled-construct3-quirk-expected.txt
    A LayoutTests/fast/canvas/offscreen-disabled-construct3-quirk.html
    M Source/WebCore/bindings/js/JSDOMWindowCustom.cpp

  Log Message:
  -----------
  Cherry-pick 0489426718c9. rdar://problem/106724425

    OffscreenCanvas support without WebGL breaks Construct 3 content.
    https://bugs.webkit.org/show_bug.cgi?id=253431
    <rdar://106341361>

    Reviewed by Chris Dumez.

    Construct 3 is testing for the presence of OffscreenCanvas on the main thread, and then assumes
    that a WebGL context will be able to be constructed from it.
    We've only enabled Canvas2D on OffscreenCanvas currently, so detect this library and disable
    OffscreenCanvas entirely.

    * LayoutTests/fast/canvas/offscreen-disabled-construct3-quirk-expected.txt: Added.
    * LayoutTests/fast/canvas/offscreen-disabled-construct3-quirk.html: Added.
    * Source/WebCore/bindings/js/JSDOMWindowCustom.cpp:
    (WebCore::JSDOMWindow::getOwnPropertySlot):

    Canonical link: https://commits.webkit.org/259548.408@safari-7615-branch

Identifier: 259548.389 at safari-7615.1.26.101-branch


  Commit: f2a7a5fbe06bcfa31817110bc93d94d666822227
      https://github.com/WebKit/WebKit/commit/f2a7a5fbe06bcfa31817110bc93d94d666822227
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-03-14 (Tue, 14 Mar 2023)

  Changed paths:
    R JSTests/microbenchmarks/map-iteration-and-array-destructuring.js
    M JSTests/stress/destructuring-assignment-accepts-iterables.js
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
    M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

  Log Message:
  -----------
  Cherry-pick 182d422f3194. rdar://problem/106724518

    Revert [255681 at main] [JSC] Use fast iteration for array destructuring
    rdar://106578250

    Reviewed by Mark Lam.

    Revert 255681 at main based on regression in rdar://106578250.

    * JSTests/microbenchmarks/map-iteration-and-array-destructuring.js: Removed.
    * JSTests/stress/destructuring-assignment-accepts-iterables.js:
    (set shouldBe):
    (set new):
    * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
    (JSC::BytecodeGenerator::emitEnumeration):
    * Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
    (JSC::ArrayPatternNode::bindValue const):

    Canonical link: https://commits.webkit.org/259548.413@safari-7615-branch

Identifier: 259548.390 at safari-7615.1.26.101-branch


  Commit: 8083debb1f9eab6425f10421c185cea040702926
      https://github.com/WebKit/WebKit/commit/8083debb1f9eab6425f10421c185cea040702926
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-03-23 (Thu, 23 Mar 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7615.1.26.101.9

Canonical link: https://commits.webkit.org/259548.391@safari-7615.1.26.101-branch


  Commit: 7b1c12ba838881cfe87168578774f63edbac6f79
      https://github.com/WebKit/WebKit/commit/7b1c12ba838881cfe87168578774f63edbac6f79
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-04-03 (Mon, 03 Apr 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7615.1.26.101.10

Canonical link: https://commits.webkit.org/259548.392@safari-7615.1.26.101-branch


  Commit: ee9d233ab9e520a54763e2f3a1f04b3a2d242345
      https://github.com/WebKit/WebKit/commit/ee9d233ab9e520a54763e2f3a1f04b3a2d242345
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2023-04-03 (Mon, 03 Apr 2023)

  Changed paths:
    M Source/WebKit/GPUProcess/GPUConnectionToWebProcess.cpp
    M Source/WebKit/GPUProcess/GPUConnectionToWebProcess.h
    M Source/WebKit/GPUProcess/GPUProcess.cpp
    M Source/WebKit/GPUProcess/GPUProcess.h
    M Source/WebKit/GPUProcess/GPUProcess.messages.in
    M Source/WebKit/Shared/GPUProcessConnectionParameters.h
    M Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
    M Source/WebKit/UIProcess/GPU/GPUProcessProxy.h
    M Source/WebKit/UIProcess/WebProcessPool.cpp
    M Source/WebKit/UIProcess/WebProcessProxy.cpp
    M Source/WebKit/UIProcess/WebProcessProxy.h

  Log Message:
  -----------
  Cherry-pick 3891a934a192. rdar://problem/107562531

    Verify WebGPU is enabled in GPUConnectionToWebProcess::createRemoteGPU
    https://bugs.webkit.org/show_bug.cgi?id=254373
    rdar://107153896

    Reviewed by Myles C. Maxfield, Geoffrey Garen and Chris Dumez.

    Have the GPUConnectionToWebProcess keep a boolean to keep track of whether
    WebGPU is enabled for any Page in that process.  Update the boolean when
    adding or removing a Page.  If we get a message to use the entry point of
    WebGPU and WebGPU is disabled, then terminate the web content process
    from which the message came instead of creating a RemoteGPU.

    * Source/WebKit/GPUProcess/GPUConnectionToWebProcess.cpp:
    (WebKit::m_webGPUEnabled):
    (WebKit::GPUConnectionToWebProcess::createRemoteGPU):
    (WebKit::m_routingArbitrator): Deleted.
    * Source/WebKit/GPUProcess/GPUConnectionToWebProcess.h:
    (WebKit::GPUConnectionToWebProcess::updateWebGPUEnabled):
    * Source/WebKit/GPUProcess/GPUProcess.cpp:
    (WebKit::GPUProcess::updateWebGPUEnabled):
    * Source/WebKit/GPUProcess/GPUProcess.h:
    * Source/WebKit/GPUProcess/GPUProcess.messages.in:
    * Source/WebKit/Shared/GPUProcessConnectionParameters.h:
    (WebKit::GPUProcessConnectionParameters::encode const):
    (WebKit::GPUProcessConnectionParameters::decode):
    * Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp:
    (WebKit::GPUProcessProxy::updateWebGPUEnabled):
    * Source/WebKit/UIProcess/GPU/GPUProcessProxy.h:
    * Source/WebKit/UIProcess/WebProcessPool.cpp:
    (WebKit::WebProcessPool::createGPUProcessConnection):
    * Source/WebKit/UIProcess/WebProcessProxy.cpp:
    (WebKit::WebProcessProxy::addExistingWebPage):
    (WebKit::WebProcessProxy::removeWebPage):
    (WebKit::WebProcessProxy::updateWebGPUEnabledStateInGPUProcess):
    * Source/WebKit/UIProcess/WebProcessProxy.h:

    Canonical link: https://commits.webkit.org/259548.478@safari-7615-branch


  Commit: 72fb0a8dfd1680e9d5c28507459ff2bc546ccd7f
      https://github.com/WebKit/WebKit/commit/72fb0a8dfd1680e9d5c28507459ff2bc546ccd7f
  Author: Mark Lam <mark.lam at apple.com>
  Date:   2023-04-03 (Mon, 03 Apr 2023)

  Changed paths:
    M Source/JavaScriptCore/heap/Heap.cpp
    M Source/JavaScriptCore/heap/Heap.h
    M Source/JavaScriptCore/heap/HeapInlines.h
    M Source/JavaScriptCore/runtime/ArgList.cpp
    M Source/JavaScriptCore/runtime/ArgList.h
    M Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp
    M Source/WebCore/Modules/webaudio/AudioWorkletProcessor.h
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp

  Log Message:
  -----------
  Cherry-pick 2c49ff7b0481. rdar://problem/107562512

    CloneDeserializer::deserialize() should store cell pointers in a MarkedVector.
    https://bugs.webkit.org/show_bug.cgi?id=254797
    rdar://107369977

    Reviewed by Justin Michaud.

    Previously, CloneDeserializer::deserialize() was storing pointers to newly created objects
    in a few Vectors.  This is problematic because the GC is not aware of Vectors, and cannot
    scan them.  In this patch, we refactor the MarkedArgumentBuffer class into a MarkedVector
    template class that offer 2 enhancements:

    1. It can be configured to store specific types of cell pointer types.  This avoids us
       having to constantly cast JSValues into these pointers.

    2. It allows us to specify the type of OverflowHandler we want to use.  In this case,
       we want to use CrashOnOverflow.  The previous MarkedArgumentBuffer always assumes
       RecordOnOverflow.  This allows us to avoid having to manually check for overflows,
       or have to use appendWithCrashOnOverflow.  For our current needs, MarkedVector can be
       used as a drop in replacement for Vector.

    And we fix the CloneDeserializer::deserialize() issue by replacing the use of Vectors
    with MarkedVector instead.

    * Source/JavaScriptCore/heap/Heap.cpp:
    (JSC::Heap::addCoreConstraints):
    * Source/JavaScriptCore/heap/Heap.h:
    * Source/JavaScriptCore/heap/HeapInlines.h:
    * Source/JavaScriptCore/runtime/ArgList.cpp:
    (JSC::MarkedVectorBase::addMarkSet):
    (JSC::MarkedVectorBase::markLists):
    (JSC::MarkedVectorBase::slowEnsureCapacity):
    (JSC::MarkedVectorBase::expandCapacity):
    (JSC::MarkedVectorBase::slowAppend):
    (JSC::MarkedArgumentBufferBase::addMarkSet): Deleted.
    (JSC::MarkedArgumentBufferBase::markLists): Deleted.
    (JSC::MarkedArgumentBufferBase::slowEnsureCapacity): Deleted.
    (JSC::MarkedArgumentBufferBase::expandCapacity): Deleted.
    (JSC::MarkedArgumentBufferBase::slowAppend): Deleted.
    * Source/JavaScriptCore/runtime/ArgList.h:
    (JSC::MarkedVectorWithSize::MarkedVectorWithSize):
    (JSC::MarkedVectorWithSize::at const):
    (JSC::MarkedVectorWithSize::clear):
    (JSC::MarkedVectorWithSize::append):
    (JSC::MarkedVectorWithSize::appendWithCrashOnOverflow):
    (JSC::MarkedVectorWithSize::last const):
    (JSC::MarkedVectorWithSize::takeLast):
    (JSC::MarkedVectorWithSize::ensureCapacity):
    (JSC::MarkedVectorWithSize::hasOverflowed):
    (JSC::MarkedVectorWithSize::fill):
    (JSC::MarkedArgumentBufferWithSize::MarkedArgumentBufferWithSize): Deleted.
    * Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp:
    (WebCore::AudioWorkletProcessor::buildJSArguments):
    * Source/WebCore/Modules/webaudio/AudioWorkletProcessor.h:
    * Source/WebCore/bindings/js/SerializedScriptValue.cpp:
    (WebCore::CloneDeserializer::deserialize):

    Canonical link: https://commits.webkit.org/259548.530@safari-7615-branch


  Commit: a7ddace549cba2086616699674f509519e8d0ee7
      https://github.com/WebKit/WebKit/commit/a7ddace549cba2086616699674f509519e8d0ee7
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-04-28 (Fri, 28 Apr 2023)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7615.1.26.101.11

Canonical link: https://commits.webkit.org/259548.395@safari-7615.1.26.101-branch


  Commit: d58023d6ff6a4765845c5b72d50662bdbba7dd2a
      https://github.com/WebKit/WebKit/commit/d58023d6ff6a4765845c5b72d50662bdbba7dd2a
  Author: Antoine Quint <graouts at webkit.org>
  Date:   2023-04-28 (Fri, 28 Apr 2023)

  Changed paths:
    M Source/WebCore/animation/WebAnimation.cpp

  Log Message:
  -----------
  Cherry-pick 1d6fe184ea53. rdar://problem/107856564

    Potential use-after-free in WebAnimation::commitStyles
    https://bugs.webkit.org/show_bug.cgi?id=254840
    rdar://107444873

    Reviewed by Dean Jackson and Darin Adler.

    Ensure that the animation's effect and target are kept alive for the duration of this method
    since it is possible that calling updateStyleIfNeeded() could call into JavaScript and thus
    these two pointers could be changed to a null value using the Web Animations API.

    * Source/WebCore/animation/WebAnimation.cpp:
    (WebCore::WebAnimation::commitStyles):

    Canonical link: https://commits.webkit.org/259548.532@safari-7615-branch

Canonical link: https://commits.webkit.org/259548.396@safari-7615.1.26.101-branch


  Commit: 1dd0013214e34497043a8337fec3f55d25d9eb25
      https://github.com/WebKit/WebKit/commit/1dd0013214e34497043a8337fec3f55d25d9eb25
  Author: Michael Saboff <msaboff at apple.com>
  Date:   2023-04-28 (Fri, 28 Apr 2023)

  Changed paths:
    A JSTests/stress/string-replace-regexp-matchBOL-correct-advancing.js
    M Source/JavaScriptCore/runtime/StringPrototype.cpp
    M Source/JavaScriptCore/yarr/YarrInterpreter.cpp

  Log Message:
  -----------
  Cherry-pick e34edaa74575. rdar://problem/107856432

    [JSC] RegExpGlobalData::performMatch issue leading to OOB read
    https://bugs.webkit.org/show_bug.cgi?id=254930
    rdar://107436732

    Reviewed by Alexey Shvayka.

    Fixed two issues:
    1) In YarrInterpreter.cpp::matchAssertionBOL() we were advancing the string position for non-BMP
       characters.  Since it is an assertion, we shouldn't advance the character position.
       Made the same fix to matchAssertionEOL().
    2) In StringPrototype.cpp::replaceUsingRegExpSearch(), we need to advance past both elements of
       a non-BMP character for the case where the RegExp match is empty.

    * JSTests/stress/string-replace-regexp-matchBOL-correct-advancing.js: New test.
    * Source/JavaScriptCore/runtime/StringPrototype.cpp:
    (JSC::replaceUsingRegExpSearch):
    * Source/JavaScriptCore/yarr/YarrInterpreter.cpp:
    (JSC::Yarr::Interpreter::InputStream::readCheckedDontAdvance):
    (JSC::Yarr::Interpreter::matchAssertionBOL):
    (JSC::Yarr::Interpreter::matchAssertionEOL):

    Canonical link: https://commits.webkit.org/259548.551@safari-7615-branch

Canonical link: https://commits.webkit.org/259548.397@safari-7615.1.26.101-branch


Compare: https://github.com/WebKit/WebKit/compare/5c4c58a12ac8%5E...1dd0013214e3


More information about the webkit-changes mailing list