[webkit-changes] [WebKit/WebKit] e2264e: Versioning.
Russell Epstein
noreply at github.com
Tue Jan 23 07:28:30 PST 2024
Branch: refs/heads/safari-7617.2.4.11-branch
Home: https://github.com/WebKit/WebKit
Commit: e2264e53553ad93a2d56b2f77113cddd6c970aa8
https://github.com/WebKit/WebKit/commit/e2264e53553ad93a2d56b2f77113cddd6c970aa8
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2023-12-19 (Tue, 19 Dec 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-617.2.4.11.1
Canonical link: https://commits.webkit.org/267815.657@safari-7617.2.4.11-branch
Commit: 670a4adb29bf7be4a2564a5730afff199701aa5f
https://github.com/WebKit/WebKit/commit/670a4adb29bf7be4a2564a5730afff199701aa5f
Author: Russell Epstein <repstein at apple.com>
Date: 2023-12-19 (Tue, 19 Dec 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7617.2.4.11.2
Canonical link: https://commits.webkit.org/267815.658@safari-7617.2.4.11-branch
Commit: 8699d5fa7a975f4ab0c8bb10db77967d2b9fb962
https://github.com/WebKit/WebKit/commit/8699d5fa7a975f4ab0c8bb10db77967d2b9fb962
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-617.2.4.11.3
Canonical link: https://commits.webkit.org/267815.659@safari-7617.2.4.11-branch
Commit: b80a293b367b728053857f91999335a22abc64a1
https://github.com/WebKit/WebKit/commit/b80a293b367b728053857f91999335a22abc64a1
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M Source/WebCore/Modules/encryptedmedia/MediaKeySystemRequest.cpp
M Source/WebCore/Modules/encryptedmedia/MediaKeySystemRequest.h
M Source/WebCore/Modules/encryptedmedia/NavigatorEME.cpp
M Source/WebKit/UIProcess/MediaKeySystemPermissionRequestManagerProxy.cpp
M Source/WebKit/WebProcess/EncryptedMedia/MediaKeySystemPermissionRequestManager.cpp
M Source/WebKit/WebProcess/EncryptedMedia/MediaKeySystemPermissionRequestManager.h
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
M Source/WebKitLegacy/mac/WebCoreSupport/WebMediaKeySystemClient.mm
Log Message:
-----------
Cherry-pick 2bee8872e3b9. rdar://118004786
REGRESSION (233845 at main): Crash in MediaKeySystemRequest::~MediaKeySystemRequest
https://bugs.webkit.org/show_bug.cgi?id=266619
rdar://118004786
Reviewed by Jean-Yves Avenard.
In 233845 at main, NavigatorEME::requestMediaKeySystemAccess moved the task that creates the CDM
instance into a completion handler that's called asynchronously once the client allows media key
access. The completion handler captured a raw pointer to the document, leading to a crash if the
document is destroyed before the completion handler is called. Debug builds would also assert in
CompletionHandler::~CompletionHandler because ActiveDOMObject::queueTaskInEventLoop would not
invoke the task queued by MediaKeySystemRequest::allow - which captured a CompletionHandler - when
scriptExecutionContext is null.
Addressed the crash by capturing document as a WeakPtr and null-checking it prior to calling
Document::postTask in NavigatorEME::requestMediaKeySystemAccess's allow callback. Addressed the
assertion failure by removing the unnecessary asynchronous CompletionHandler from
Messages::WebPage::MediaKeySystemWasGranted.
* Source/WebCore/Modules/encryptedmedia/MediaKeySystemRequest.cpp:
(WebCore::MediaKeySystemRequest::allow):
* Source/WebCore/Modules/encryptedmedia/MediaKeySystemRequest.h:
* Source/WebCore/Modules/encryptedmedia/NavigatorEME.cpp:
(WebCore::NavigatorEME::requestMediaKeySystemAccess):
* Source/WebKit/UIProcess/MediaKeySystemPermissionRequestManagerProxy.cpp:
(WebKit::MediaKeySystemPermissionRequestManagerProxy::grantRequest):
* Source/WebKit/WebProcess/EncryptedMedia/MediaKeySystemPermissionRequestManager.cpp:
(WebKit::MediaKeySystemPermissionRequestManager::mediaKeySystemWasGranted):
* Source/WebKit/WebProcess/EncryptedMedia/MediaKeySystemPermissionRequestManager.h:
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::mediaKeySystemWasGranted):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
* Source/WebKitLegacy/mac/WebCoreSupport/WebMediaKeySystemClient.mm:
(WebMediaKeySystemClient::requestMediaKeySystem):
Canonical link: https://commits.webkit.org/267815.655@safari-7617-branch
Canonical link: https://commits.webkit.org/267815.660@safari-7617.2.4.11-branch
Commit: 2b8379635f5e78119596fa059511847592056789
https://github.com/WebKit/WebKit/commit/2b8379635f5e78119596fa059511847592056789
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp
Log Message:
-----------
Cherry-pick 64a739754a58. rdar://117839300
Ensure NetworkStorageManager gets destroyed on the main thread
https://bugs.webkit.org/show_bug.cgi?id=266603
rdar://117839300
Reviewed by Chris Dumez and Alex Christensen.
Dispatch a task to main thread to release ref of NetworkStorageManager in stopReceivingMessageFromConnection, which may
help fix the crash under IDBStorageRegistry::removeConnectionToClient in rdar://117839300.
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp:
(WebKit::NetworkStorageManager::stopReceivingMessageFromConnection):
Canonical link: https://commits.webkit.org/272313@main
Canonical link: https://commits.webkit.org/267815.661@safari-7617.2.4.11-branch
Commit: 612bd2103522cff4b9f3dc831c47ff645c9d3de6
https://github.com/WebKit/WebKit/commit/612bd2103522cff4b9f3dc831c47ff645c9d3de6
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2023-12-20 (Wed, 20 Dec 2023)
Changed paths:
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp
Log Message:
-----------
Revert "Cherry-pick 64a739754a58. rdar://117839300"
This reverts commit 2b8379635f5e78119596fa059511847592056789.
Canonical link: https://commits.webkit.org/267815.662@safari-7617.2.4.11-branch
Commit: e53eb7ff29fe5a92db038b66a88f149afa30b60d
https://github.com/WebKit/WebKit/commit/e53eb7ff29fe5a92db038b66a88f149afa30b60d
Author: Myah Cobbs <mcobbs at apple.com>
Date: 2024-01-02 (Tue, 02 Jan 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7617.2.4.11.4
Identifier: 267815.663 at safari-7617.2.4.11-branch
Commit: fa8fab352aac3ce21160be2e0fd21ced7ff74f65
https://github.com/WebKit/WebKit/commit/fa8fab352aac3ce21160be2e0fd21ced7ff74f65
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-01-03 (Wed, 03 Jan 2024)
Changed paths:
M Source/JavaScriptCore/heap/Heap.cpp
M Source/JavaScriptCore/heap/Heap.h
M Source/JavaScriptCore/runtime/VM.cpp
M Source/WebCore/page/Page.cpp
Log Message:
-----------
Apply patch. rdar://120425013
[JSC] Prefer full GC on opportunistic GC when navigation happens
https://bugs.webkit.org/show_bug.cgi?id=264492
rdar://118179290
Reviewed by Wenson Hsieh.
Previously, when navigation happens, opportunistic GC may perform full GC.
But this happens only when GC statistics says "we should do full GC instead of eden GC
based on memory usage".
But this happens only when navigation happens, and if we have enough time, then it is
nice if we can just do full GC instead of eden GC even though we are not reaching to
full GC threshold since (1) there are out-living objects and they can be collected only
in full GC and (2) it is likely that most of objects are already garbage when navigation
happens regardless of allocation threshold.
This patch changes scheduleOpportunisticFullCollectionIfNeeded to attempt to perform full
GC always when navigation happens.
* Source/JavaScriptCore/heap/Heap.cpp:
(JSC::Heap::scheduleOpportunisticFullCollectionIfNeeded):
Canonical link: https://commits.webkit.org/270502@main
Canonical link: https://commits.webkit.org/267815.664@safari-7617.2.4.11-branch
Commit: 52a4c3d1e2f593adf53e042b9d40f01127894b5c
https://github.com/WebKit/WebKit/commit/52a4c3d1e2f593adf53e042b9d40f01127894b5c
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-01-03 (Wed, 03 Jan 2024)
Changed paths:
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/heap/EdenGCActivityCallback.cpp
M Source/JavaScriptCore/heap/EdenGCActivityCallback.h
M Source/JavaScriptCore/heap/FullGCActivityCallback.cpp
M Source/JavaScriptCore/heap/FullGCActivityCallback.h
M Source/JavaScriptCore/heap/GCActivityCallback.cpp
M Source/JavaScriptCore/heap/GCActivityCallback.h
M Source/JavaScriptCore/heap/Heap.cpp
M Source/JavaScriptCore/heap/Heap.h
M Source/JavaScriptCore/heap/MarkedSpace.cpp
M Source/JavaScriptCore/heap/MarkedSpace.h
M Source/JavaScriptCore/runtime/DeferredWorkTimer.h
M Source/JavaScriptCore/runtime/JSRunLoopTimer.h
M Source/JavaScriptCore/runtime/VM.cpp
M Source/WebCore/bindings/js/CommonVM.cpp
M Source/WebCore/page/OpportunisticTaskScheduler.cpp
M Source/WebCore/page/OpportunisticTaskScheduler.h
Log Message:
-----------
Apply patch. rdar://120425220
Adjust GC Timer a bit with heuristics to avoid running it while critical tasks are waiting
https://bugs.webkit.org/show_bug.cgi?id=265055
rdar://118574205
Reviewed by Wenson Hsieh and Justin Michaud.
We found that GC timer fires randomly and it runs GC at random timing. We should avoid
running it when there is critical tasks are waiting. This patch starts with a naive simple
approach which just defers this GC invocation with some threshold when there is a waiting task.
We are not directly using OpportunisticTaskScheduler since it is active only when a page is visible
and active, but we would like to run this GC for background page too. Eventually we would like
to unify both into one global mechanism but we put it as a future work.
* Source/JavaScriptCore/CMakeLists.txt:
* Source/JavaScriptCore/heap/EdenGCActivityCallback.cpp:
(JSC::EdenGCActivityCallback::EdenGCActivityCallback):
(JSC::EdenGCActivityCallback::doCollection):
* Source/JavaScriptCore/heap/EdenGCActivityCallback.h:
(JSC::EdenGCActivityCallback::tryCreate):
(): Deleted.
(JSC::GCActivityCallback::tryCreateEdenTimer): Deleted.
* Source/JavaScriptCore/heap/FullGCActivityCallback.cpp:
(JSC::FullGCActivityCallback::FullGCActivityCallback):
(JSC::FullGCActivityCallback::doCollection):
* Source/JavaScriptCore/heap/FullGCActivityCallback.h:
(JSC::FullGCActivityCallback::tryCreate):
(): Deleted.
(JSC::GCActivityCallback::tryCreateFullTimer): Deleted.
* Source/JavaScriptCore/heap/GCActivityCallback.cpp:
(JSC::GCActivityCallback::GCActivityCallback):
(JSC::GCActivityCallback::scheduleTimer):
* Source/JavaScriptCore/heap/GCActivityCallback.h:
(JSC::GCActivityCallback::didGCRecently const):
(JSC::GCActivityCallback::setDidGCRecently):
(JSC::GCActivityCallback::GCActivityCallback):
* Source/JavaScriptCore/heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::collect):
(JSC::Heap::updateAllocationLimits):
(JSC::Heap::collectNowFullIfNotDoneRecently):
(JSC::Heap::setFullActivityCallback):
(JSC::Heap::setEdenActivityCallback):
* Source/JavaScriptCore/heap/Heap.h:
* Source/JavaScriptCore/heap/MarkedSpace.cpp:
(JSC::MarkedSpace::beginMarking):
* Source/JavaScriptCore/heap/MarkedSpace.h:
(JSC::MarkedSpace::edenVersion const):
* Source/JavaScriptCore/runtime/DeferredWorkTimer.h:
* Source/JavaScriptCore/runtime/JSRunLoopTimer.h:
* Source/JavaScriptCore/runtime/VM.cpp:
(JSC::VM::performOpportunisticallyScheduledTasks):
* Source/WebCore/bindings/js/CommonVM.cpp:
(WebCore::commonVMSlow):
* Source/WebCore/page/OpportunisticTaskScheduler.cpp:
(WebCore::OpportunisticTaskScheduler::runLoopObserverFired):
(WebCore::isBusyForTimerBasedGC):
(WebCore::OpportunisticTaskScheduler::FullGCActivityCallback::doCollection):
(WebCore::OpportunisticTaskScheduler::EdenGCActivityCallback::doCollection):
* Source/WebCore/page/OpportunisticTaskScheduler.h:
(WebCore::OpportunisticTaskScheduler::create): Deleted.
(WebCore::OpportunisticTaskScheduler::willQueueIdleCallback): Deleted.
(WebCore::OpportunisticTaskScheduler::hasImminentlyScheduledWork const): Deleted.
Canonical link: https://commits.webkit.org/270919@main
Canonical link: https://commits.webkit.org/267815.665@safari-7617.2.4.11-branch
Commit: ce6f95e31db9c19a929543a68947e144248a3ef4
https://github.com/WebKit/WebKit/commit/ce6f95e31db9c19a929543a68947e144248a3ef4
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-01-03 (Wed, 03 Jan 2024)
Changed paths:
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGByteCodeParser.h
M Source/JavaScriptCore/dfg/DFGPlan.cpp
Log Message:
-----------
Apply patch. rdar://120424986
[JSC] Insert more DFG safepoints during DFG ByteCodeParser
https://bugs.webkit.org/show_bug.cgi?id=265559
rdar://118959478
Reviewed by Mark Lam.
This patch adds more DFG safepoints into DFG ByteCodeParser so that
we can stop DFG compiler threads when GC requests.
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::pruneUnreachableNodes):
(JSC::DFG::ByteCodeParser::parse):
(JSC::DFG::parse):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.h:
* Source/JavaScriptCore/dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
Canonical link: https://commits.webkit.org/271320@main
Canonical link: https://commits.webkit.org/267815.666@safari-7617.2.4.11-branch
Commit: cb17de6ba682d0459d80ca1631664b48d35b378a
https://github.com/WebKit/WebKit/commit/cb17de6ba682d0459d80ca1631664b48d35b378a
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-01-03 (Wed, 03 Jan 2024)
Changed paths:
M Source/JavaScriptCore/heap/EdenGCActivityCallback.cpp
M Source/JavaScriptCore/heap/EdenGCActivityCallback.h
M Source/JavaScriptCore/heap/FullGCActivityCallback.cpp
M Source/JavaScriptCore/heap/FullGCActivityCallback.h
M Source/JavaScriptCore/heap/GCActivityCallback.cpp
M Source/JavaScriptCore/heap/GCActivityCallback.h
M Source/JavaScriptCore/heap/Synchronousness.h
M Source/WebCore/page/OpportunisticTaskScheduler.cpp
M Source/WebCore/page/OpportunisticTaskScheduler.h
Log Message:
-----------
Apply patch. rdar://120425130
[JSC] Use synchronous GCActivityCallback GC with RunLoopObserver
https://bugs.webkit.org/show_bug.cgi?id=265515
rdar://118930139
Reviewed by Wenson Hsieh.
Now we can schedule GC only when we are idle from GCActivityCallback. So we do not need to run async version.
This patch changes two things.
1. We set up RunLoopObserver and run GC when RunLoop gets idle state after GCActivityCallback detects GC opportunities.
2. We use sync GC instead of async GC since we now run this only when we are idle. We do not need to run async version.
* Source/JavaScriptCore/heap/EdenGCActivityCallback.cpp:
(JSC::EdenGCActivityCallback::EdenGCActivityCallback):
(JSC::EdenGCActivityCallback::doCollection):
* Source/JavaScriptCore/heap/EdenGCActivityCallback.h:
(JSC::EdenGCActivityCallback::tryCreate):
* Source/JavaScriptCore/heap/FullGCActivityCallback.cpp:
(JSC::FullGCActivityCallback::FullGCActivityCallback):
(JSC::FullGCActivityCallback::doCollection):
* Source/JavaScriptCore/heap/FullGCActivityCallback.h:
(JSC::FullGCActivityCallback::tryCreate):
* Source/JavaScriptCore/heap/GCActivityCallback.cpp:
(JSC::GCActivityCallback::GCActivityCallback):
* Source/JavaScriptCore/heap/GCActivityCallback.h:
* Source/JavaScriptCore/heap/Synchronousness.h:
* Source/WebCore/page/OpportunisticTaskScheduler.cpp:
(WebCore::OpportunisticTaskScheduler::FullGCActivityCallback::FullGCActivityCallback):
(WebCore::OpportunisticTaskScheduler::FullGCActivityCallback::doCollection):
(WebCore::OpportunisticTaskScheduler::EdenGCActivityCallback::EdenGCActivityCallback):
(WebCore::OpportunisticTaskScheduler::EdenGCActivityCallback::doCollection):
* Source/WebCore/page/OpportunisticTaskScheduler.h:
Canonical link: https://commits.webkit.org/271324@main
Canonical link: https://commits.webkit.org/267815.667@safari-7617.2.4.11-branch
Commit: 142767571e4fee0dcf01aea1352976a4d067b088
https://github.com/WebKit/WebKit/commit/142767571e4fee0dcf01aea1352976a4d067b088
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-01-03 (Wed, 03 Jan 2024)
Changed paths:
M Source/JavaScriptCore/bytecode/CodeBlock.cpp
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGCapabilities.cpp
M Source/JavaScriptCore/dfg/DFGCapabilities.h
M Source/JavaScriptCore/heap/LocalAllocatorInlines.h
M Source/JavaScriptCore/jit/JITPlan.h
M Source/JavaScriptCore/runtime/Options.cpp
M Source/JavaScriptCore/runtime/OptionsList.h
Log Message:
-----------
Apply patch. rdar://120424954
[JSC] Adjust inlining options
https://bugs.webkit.org/show_bug.cgi?id=266563
rdar://119795209
Reviewed by Justin Michaud.
This patch extends JSC to have different inlining options for DFG and FTL.
This is great since DFG and FTL have different purpose and we would like
to make DFG smaller-compilation and faster and keeping FTL heavy and highly optimized.
And then, we adjust these numbers based on benchmarks.
1. DFG inlining heuristics becomes 80.
2. FTL call inlining heuristics becomes 125.
* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::setupWithUnlinkedBaselineCode):
(JSC::CodeBlock::computeCapabilityLevel):
(JSC::CodeBlock::noticeIncomingCall):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::inliningCost):
(JSC::DFG::ByteCodeParser::getInliningBalance):
* Source/JavaScriptCore/dfg/DFGCapabilities.cpp:
(JSC::DFG::mightInlineFunctionForCall):
(JSC::DFG::mightInlineFunctionForClosureCall):
(JSC::DFG::mightInlineFunctionForConstruct):
* Source/JavaScriptCore/dfg/DFGCapabilities.h:
(JSC::DFG::mightInlineFunctionForCall):
(JSC::DFG::mightInlineFunctionForClosureCall):
(JSC::DFG::mightInlineFunctionForConstruct):
(JSC::DFG::functionForCallCapabilityLevel):
(JSC::DFG::functionForConstructCapabilityLevel):
(JSC::DFG::inlineFunctionForCallCapabilityLevel):
(JSC::DFG::inlineFunctionForClosureCallCapabilityLevel):
(JSC::DFG::inlineFunctionForConstructCapabilityLevel):
(JSC::DFG::mightInlineFunctionFor):
(JSC::DFG::mightInlineFunction):
(JSC::DFG::inlineFunctionForCapabilityLevel):
* Source/JavaScriptCore/heap/LocalAllocatorInlines.h:
(JSC::LocalAllocator::allocate):
* Source/JavaScriptCore/jit/JITPlan.h:
(JSC::JITPlan::jitType const):
* Source/JavaScriptCore/runtime/Options.cpp:
(JSC::overrideDefaults):
* Source/JavaScriptCore/runtime/OptionsList.h:
Canonical link: https://commits.webkit.org/272208@main
Canonical link: https://commits.webkit.org/267815.668@safari-7617.2.4.11-branch
Commit: e5b74b0190bfdee52e8e8f6ac6716515bcb0dc20
https://github.com/WebKit/WebKit/commit/e5b74b0190bfdee52e8e8f6ac6716515bcb0dc20
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-01-03 (Wed, 03 Jan 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-617.2.4.11.5
Canonical link: https://commits.webkit.org/267815.669@safari-7617.2.4.11-branch
Commit: 06e557b830f66662abe27e7fff55838105936e64
https://github.com/WebKit/WebKit/commit/06e557b830f66662abe27e7fff55838105936e64
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-01-05 (Fri, 05 Jan 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-617.2.4.11.6
Canonical link: https://commits.webkit.org/267815.670@safari-7617.2.4.11-branch
Commit: 61d47f64edd9a39dc2c14fcb6f6dd944a359eb79
https://github.com/WebKit/WebKit/commit/61d47f64edd9a39dc2c14fcb6f6dd944a359eb79
Author: Dan Robson <dan_robson at apple.com>
Date: 2024-01-05 (Fri, 05 Jan 2024)
Changed paths:
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
A Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.cpp
A Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.h
M Source/JavaScriptCore/dfg/DFGGraph.cpp
M Source/JavaScriptCore/dfg/DFGPlan.cpp
M Source/JavaScriptCore/dfg/DFGPlan.h
Log Message:
-----------
Apply patch. rdar://120560604
[JSC] DFG constant property load should check the validity at the main thread
https://bugs.webkit.org/show_bug.cgi?id=267134
rdar://120443399
Reviewed by Mark Lam.
Consider the following case,
CheckStructure O, S1 | S3
GetByOffset O, offset
And S1 -> S2 -> S3 structure transition happens.
By changing object concurrently with the compiler, it is possible that we will constant fold the property with O + S2.
While we insert watchpoints into S1 and S3, we cannot notice the change of the property in S2.
If we change O to S3 before running code, CheckStructure passes and we can use a value loaded from O + S2.
1. If S1 and S3 transitions are both already watched by DFG / FTL, then we do not need to care about the issue.
CheckStructure ensures that O is S1 or S3. And both has watchpoints which fires when transition happens.
So, if we are transitioning from S1 to S2 while compiling, it already invalidates the code.
2. If there is only one Structure (S1), then we can keep the current optimization by checking this condition at the main thread.
CheckStructure ensures that O is S1. And this means that if the assumption is met at the main thread, then we can continue
using this code safely. To check this condition, we added DesiredObjectProperties, which records JSObject*, offset, value, and structure.
And at the end of compilation, in the main thread, we check this assumption is still met.
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.cpp: Added.
(JSC::DFG::DesiredObjectProperties::addLazily):
(JSC::DFG::DesiredObjectProperties::areStillValidOnMainThread):
* Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.h: Added.
* Source/JavaScriptCore/dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetConstantProperty):
* Source/JavaScriptCore/dfg/DFGPlan.cpp:
(JSC::DFG::Plan::cancel):
(JSC::DFG::Plan::isStillValidOnMainThread):
* Source/JavaScriptCore/dfg/DFGPlan.h:
Canonical link: https://commits.webkit.org/272448.7@safari-7618-branch
Commit: 7efdaf176e13f84ad3dad9b0a0ad1662d842085e
https://github.com/WebKit/WebKit/commit/7efdaf176e13f84ad3dad9b0a0ad1662d842085e
Author: Dan Robson <dan_robson at apple.com>
Date: 2024-01-05 (Fri, 05 Jan 2024)
Changed paths:
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Log Message:
-----------
Cherry-pick 31601205b6f3. rdar://120560604
[JSC] DFG constant property load should check the validity at the main thread
https://bugs.webkit.org/show_bug.cgi?id=267134
rdar://120443399
Reviewed by Mark Lam.
Consider the following case,
CheckStructure O, S1 | S3
GetByOffset O, offset
And S1 -> S2 -> S3 structure transition happens.
By changing object concurrently with the compiler, it is possible that we will constant fold the property with O + S2.
While we insert watchpoints into S1 and S3, we cannot notice the change of the property in S2.
If we change O to S3 before running code, CheckStructure passes and we can use a value loaded from O + S2.
1. If S1 and S3 transitions are both already watched by DFG / FTL, then we do not need to care about the issue.
CheckStructure ensures that O is S1 or S3. And both has watchpoints which fires when transition happens.
So, if we are transitioning from S1 to S2 while compiling, it already invalidates the code.
2. If there is only one Structure (S1), then we can keep the current optimization by checking this condition at the main thread.
CheckStructure ensures that O is S1. And this means that if the assumption is met at the main thread, then we can continue
using this code safely. To check this condition, we added DesiredObjectProperties, which records JSObject*, offset, value, and structure.
And at the end of compilation, in the main thread, we check this assumption is still met.
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.cpp: Added.
(JSC::DFG::DesiredObjectProperties::addLazily):
(JSC::DFG::DesiredObjectProperties::areStillValidOnMainThread):
* Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.h: Added.
* Source/JavaScriptCore/dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetConstantProperty):
* Source/JavaScriptCore/dfg/DFGPlan.cpp:
(JSC::DFG::Plan::cancel):
(JSC::DFG::Plan::isStillValidOnMainThread):
* Source/JavaScriptCore/dfg/DFGPlan.h:
Canonical link: https://commits.webkit.org/272448.7@safari-7618-branch
Canonical link: https://commits.webkit.org/267815.672@safari-7617.2.4.11-branch
Commit: 4b73defb0b0b076f527fe2f657ab9e7fc543c244
https://github.com/WebKit/WebKit/commit/4b73defb0b0b076f527fe2f657ab9e7fc543c244
Author: Dan Robson <dan_robson at apple.com>
Date: 2024-01-05 (Fri, 05 Jan 2024)
Changed paths:
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
R Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.cpp
R Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.h
M Source/JavaScriptCore/dfg/DFGGraph.cpp
M Source/JavaScriptCore/dfg/DFGPlan.cpp
M Source/JavaScriptCore/dfg/DFGPlan.h
Log Message:
-----------
Cherry-pick a8b53bc4d7b3. rdar://120560604
[JSC] Remove DFGDesiredObjectProperties
https://bugs.webkit.org/show_bug.cgi?id=267134
rdar://120443399
Reviewed by Mark Lam.
When we limit the structure only one, there is no way to change the property without firing
property replacement watchpoint while keeping object's structure as specified. So removing DFGDesiredObjectProperties.
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.cpp: Removed.
* Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.h: Removed.
* Source/JavaScriptCore/dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetConstantProperty):
* Source/JavaScriptCore/dfg/DFGPlan.cpp:
(JSC::DFG::Plan::cancel):
(JSC::DFG::Plan::isStillValidOnMainThread):
* Source/JavaScriptCore/dfg/DFGPlan.h:
Canonical link: https://commits.webkit.org/272448.8@safari-7618-branch
Canonical link: https://commits.webkit.org/267815.673@safari-7617.2.4.11-branch
Commit: 55f88a9a4f09b9e3accb5906014ea61121428236
https://github.com/WebKit/WebKit/commit/55f88a9a4f09b9e3accb5906014ea61121428236
Author: Dan Robson <dan_robson at apple.com>
Date: 2024-01-05 (Fri, 05 Jan 2024)
Changed paths:
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
A Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.cpp
A Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.h
M Source/JavaScriptCore/dfg/DFGGraph.cpp
M Source/JavaScriptCore/dfg/DFGPlan.cpp
M Source/JavaScriptCore/dfg/DFGPlan.h
Log Message:
-----------
Revert "Cherry-pick a8b53bc4d7b3. rdar://120560604"
This reverts commit 4b73defb0b0b076f527fe2f657ab9e7fc543c244.
Canonical link: https://commits.webkit.org/267815.674@safari-7617.2.4.11-branch
Commit: 7579eda71a7786926c329a6151917f81f6bce3be
https://github.com/WebKit/WebKit/commit/7579eda71a7786926c329a6151917f81f6bce3be
Author: Dan Robson <dan_robson at apple.com>
Date: 2024-01-05 (Fri, 05 Jan 2024)
Changed paths:
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Log Message:
-----------
Revert "Cherry-pick 31601205b6f3. rdar://120560604"
This reverts commit 7efdaf176e13f84ad3dad9b0a0ad1662d842085e.
Canonical link: https://commits.webkit.org/267815.675@safari-7617.2.4.11-branch
Commit: d4a552350a90bee4118037d83f7dcfcab0184d19
https://github.com/WebKit/WebKit/commit/d4a552350a90bee4118037d83f7dcfcab0184d19
Author: Dan Robson <dan_robson at apple.com>
Date: 2024-01-05 (Fri, 05 Jan 2024)
Changed paths:
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
R Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.cpp
R Source/JavaScriptCore/dfg/DFGDesiredObjectProperties.h
M Source/JavaScriptCore/dfg/DFGGraph.cpp
M Source/JavaScriptCore/dfg/DFGPlan.cpp
M Source/JavaScriptCore/dfg/DFGPlan.h
Log Message:
-----------
Revert "Apply patch. rdar://120560604"
This reverts commit 61d47f64edd9a39dc2c14fcb6f6dd944a359eb79.
Canonical link: https://commits.webkit.org/267815.676@safari-7617.2.4.11-branch
Commit: 29fbd924925821f9321a1eed94fedbaabd934c33
https://github.com/WebKit/WebKit/commit/29fbd924925821f9321a1eed94fedbaabd934c33
Author: Dan Robson <dan_robson at apple.com>
Date: 2024-01-05 (Fri, 05 Jan 2024)
Changed paths:
M Source/JavaScriptCore/dfg/DFGGraph.cpp
Log Message:
-----------
Apply patch. rdar://120560604
Canonical link: https://commits.webkit.org/267815.677@safari-7617.2.4.11-branch
Commit: b895075bf89e27424146bbcfd138c6b14d3c7498
https://github.com/WebKit/WebKit/commit/b895075bf89e27424146bbcfd138c6b14d3c7498
Author: Dan Robson <dan_robson at apple.com>
Date: 2024-01-10 (Wed, 10 Jan 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-617.2.4.11.7
Canonical link: https://commits.webkit.org/267815.678@safari-7617.2.4.11-branch
Commit: 692ee545dbe93299189b974aa572c7fd4b6277bc
https://github.com/WebKit/WebKit/commit/692ee545dbe93299189b974aa572c7fd4b6277bc
Author: Russell Epstein <repstein at apple.com>
Date: 2024-01-10 (Wed, 10 Jan 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7617.2.4.11.8
Canonical link: https://commits.webkit.org/267815.679@safari-7617.2.4.11-branch
Compare: https://github.com/WebKit/WebKit/compare/e2264e53553a%5E...692ee545dbe9
More information about the webkit-changes
mailing list