[webkit-changes] [WebKit/WebKit] 9140fb: Support specifying explicit SDK version
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 9140fbde2d9227d8df40b4db4daf9d1de71ad02f https://github.com/WebKit/WebKit/commit/9140fbde2d9227d8df40b4db4daf9d1de71ad02f Author: Oliver Hunt Date: 2024-05-20 (Mon, 20 May 2024) Changed paths: M Tools/Scripts/webkitdirs.pm Log Message: --- Support specifying explicit SDK version https://bugs.webkit.org/show_bug.cgi?id=274298 Reviewed by Elliott Williams. Strip the version number from the specified SDK as well when setting the platform name * Tools/Scripts/webkitdirs.pm: (determineXcodeSDKPlatformName): Canonical link: https://commits.webkit.org/279009@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] b40b23: Bindings integrity logic depends on incorrect beha...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b40b23ef5c8b1e86efd379f753d142ec778584a2 https://github.com/WebKit/WebKit/commit/b40b23ef5c8b1e86efd379f753d142ec778584a2 Author: Oliver Hunt Date: 2024-05-16 (Thu, 16 May 2024) Changed paths: M Source/WTF/wtf/PointerPreparations.h M Source/WebCore/bindings/scripts/CodeGeneratorJS.pm M Source/WebCore/bindings/scripts/test/JS/JSExposedStar.cpp M Source/WebCore/bindings/scripts/test/JS/JSExposedToWorkerAndWindow.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestAsyncIterable.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestAsyncKeyValueIterable.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestCEReactions.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestCallTracer.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestConditionalIncludes.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestConditionallyReadWrite.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestDefaultToJSON.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestDefaultToJSONFilteredByExposed.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestDelegateToSharedSyntheticAttribute.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestDomainSecurity.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestEnabledBySetting.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestEnabledForContext.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestException.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestGenerateAddOpaqueRoot.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestIterable.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestLegacyFactoryFunction.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestLegacyNoInterfaceObject.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestLegacyOverrideBuiltIns.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestMapLike.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestMapLikeWithOverriddenOperations.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithLegacyOverrideBuiltIns.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithLegacyUnforgeableProperties.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithLegacyUnforgeablePropertiesAndLegacyOverrideBuiltIns.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestNode.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestOperationConditional.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestPluginInterface.cpp M Source/WebCore/bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp M Source/WebCore/bindings/scripts/test/JS
[webkit-changes] [221546] trunk/Source/JavaScriptCore
Title: [221546] trunk/Source/_javascript_Core Revision 221546 Author oli...@apple.com Date 2017-09-02 21:42:51 -0700 (Sat, 02 Sep 2017) Log Message Need an API to get the global context from JSObjectRef https://bugs.webkit.org/show_bug.cgi?id=176291 Reviewed by Saam Barati. Very simple additional API, starting off as SPI on principle. * API/JSObjectRef.cpp: (JSObjectGetGlobalContext): * API/JSObjectRefPrivate.h: * API/tests/testapi.c: (main): Modified Paths trunk/Source/_javascript_Core/API/JSObjectRef.cpp trunk/Source/_javascript_Core/API/JSObjectRefPrivate.h trunk/Source/_javascript_Core/API/tests/testapi.c trunk/Source/_javascript_Core/ChangeLog Diff Modified: trunk/Source/_javascript_Core/API/JSObjectRef.cpp (221545 => 221546) --- trunk/Source/_javascript_Core/API/JSObjectRef.cpp 2017-09-03 04:05:00 UTC (rev 221545) +++ trunk/Source/_javascript_Core/API/JSObjectRef.cpp 2017-09-03 04:42:51 UTC (rev 221546) @@ -691,3 +691,12 @@ result = proxy->target(); return toRef(result); } + +JSGlobalContextRef JSObjectGetGlobalContext(JSObjectRef objectRef) +{ +JSObject* object = toJS(objectRef); +if (!object) +return nullptr; +return reinterpret_cast(object->globalObject()->globalExec()); +} + Modified: trunk/Source/_javascript_Core/API/JSObjectRefPrivate.h (221545 => 221546) --- trunk/Source/_javascript_Core/API/JSObjectRefPrivate.h 2017-09-03 04:05:00 UTC (rev 221545) +++ trunk/Source/_javascript_Core/API/JSObjectRefPrivate.h 2017-09-03 04:42:51 UTC (rev 221546) @@ -69,6 +69,8 @@ JS_EXPORT JSObjectRef JSObjectGetProxyTarget(JSObjectRef); +JS_EXPORT JSGlobalContextRef JSObjectGetGlobalContext(JSObjectRef object); + #ifdef __cplusplus } #endif Modified: trunk/Source/_javascript_Core/API/tests/testapi.c (221545 => 221546) --- trunk/Source/_javascript_Core/API/tests/testapi.c 2017-09-03 04:05:00 UTC (rev 221545) +++ trunk/Source/_javascript_Core/API/tests/testapi.c 2017-09-03 04:42:51 UTC (rev 221546) @@ -2040,6 +2040,22 @@ JSGlobalContextRelease(context); } +// Check JSObjectGetGlobalContext +{ +JSGlobalContextRef context = JSGlobalContextCreateInGroup(NULL, NULL); +{ +JSObjectRef globalObject = JSContextGetGlobalObject(context); +assertTrue(JSObjectGetGlobalContext(globalObject) == context, "global object context is correct"); +JSObjectRef object = JSObjectMake(context, NULL, NULL); +assertTrue(JSObjectGetGlobalContext(object) == context, "regular object context is correct"); +JSStringRef returnFunctionSource = JSStringCreateWithUTF8CString("return this;"); +JSObjectRef theFunction = JSObjectMakeFunction(context, NULL, 0, NULL, returnFunctionSource, NULL, 1, NULL); +assertTrue(JSObjectGetGlobalContext(theFunction) == context, "function object context is correct"); +assertTrue(JSObjectGetGlobalContext(NULL) == NULL, "NULL object context is NULL"); +JSStringRelease(returnFunctionSource); +} +JSGlobalContextRelease(context); +} failed = testTypedArrayCAPI() || failed; failed = testExecutionTimeLimit() || failed; failed = testFunctionOverrides() || failed; Modified: trunk/Source/_javascript_Core/ChangeLog (221545 => 221546) --- trunk/Source/_javascript_Core/ChangeLog 2017-09-03 04:05:00 UTC (rev 221545) +++ trunk/Source/_javascript_Core/ChangeLog 2017-09-03 04:42:51 UTC (rev 221546) @@ -1,3 +1,18 @@ +2017-09-02 Oliver Hunt <oli...@apple.com> + +Need an API to get the global context from JSObjectRef +https://bugs.webkit.org/show_bug.cgi?id=176291 + +Reviewed by Saam Barati. + +Very simple additional API, starting off as SPI on principle. + +* API/JSObjectRef.cpp: +(JSObjectGetGlobalContext): +* API/JSObjectRefPrivate.h: +* API/tests/testapi.c: +(main): + 2017-09-02 Yusuke Suzuki <utatane@gmail.com> [DFG] Relax arity requirement ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [216301] trunk
Title: [216301] trunk Revision 216301 Author oli...@apple.com Date 2017-05-05 17:33:20 -0700 (Fri, 05 May 2017) Log Message Move trivial String prototype functions to JS builtins https://bugs.webkit.org/show_bug.cgi?id=171737 Reviewed by Saam Barati. Source/_javascript_Core: Super simple change to migrate all of the old school html-ifying string operations to builtin JS. Core implementation is basically a 1-for-1 match to the spec. * builtins/StringPrototype.js: (globalPrivate.createHTML): (anchor): (big): (blink): (bold): (fixed): (fontcolor): (fontsize): (italics): (link): (small): (strike): (sub): (sup): * runtime/StringPrototype.cpp: (JSC::StringPrototype::finishCreation): (JSC::stringProtoFuncBig): Deleted. (JSC::stringProtoFuncSmall): Deleted. (JSC::stringProtoFuncBlink): Deleted. (JSC::stringProtoFuncBold): Deleted. (JSC::stringProtoFuncFixed): Deleted. (JSC::stringProtoFuncItalics): Deleted. (JSC::stringProtoFuncStrike): Deleted. (JSC::stringProtoFuncSub): Deleted. (JSC::stringProtoFuncSup): Deleted. (JSC::stringProtoFuncFontcolor): Deleted. (JSC::stringProtoFuncFontsize): Deleted. (JSC::stringProtoFuncAnchor): Deleted. (JSC::stringProtoFuncLink): Deleted. LayoutTests: Updated output * js/dom/string-anchor-expected.txt: * js/dom/string-anchor.html: * js/dom/string-fontcolor-expected.txt: * js/dom/string-fontcolor.html: * js/dom/string-fontsize-expected.txt: * js/dom/string-fontsize.html: * js/dom/string-link-expected.txt: * js/dom/string-link.html: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/js/dom/string-anchor-expected.txt trunk/LayoutTests/js/dom/string-anchor.html trunk/LayoutTests/js/dom/string-fontcolor-expected.txt trunk/LayoutTests/js/dom/string-fontcolor.html trunk/LayoutTests/js/dom/string-fontsize-expected.txt trunk/LayoutTests/js/dom/string-fontsize.html trunk/LayoutTests/js/dom/string-link-expected.txt trunk/LayoutTests/js/dom/string-link.html trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/builtins/StringPrototype.js trunk/Source/_javascript_Core/runtime/StringPrototype.cpp Diff Modified: trunk/LayoutTests/ChangeLog (216300 => 216301) --- trunk/LayoutTests/ChangeLog 2017-05-06 00:24:11 UTC (rev 216300) +++ trunk/LayoutTests/ChangeLog 2017-05-06 00:33:20 UTC (rev 216301) @@ -1,3 +1,21 @@ +2017-05-05 Oliver Hunt <oli...@apple.com> + +Move trivial String prototype functions to JS builtins +https://bugs.webkit.org/show_bug.cgi?id=171737 + +Reviewed by Saam Barati. + +Updated output + +* js/dom/string-anchor-expected.txt: +* js/dom/string-anchor.html: +* js/dom/string-fontcolor-expected.txt: +* js/dom/string-fontcolor.html: +* js/dom/string-fontsize-expected.txt: +* js/dom/string-fontsize.html: +* js/dom/string-link-expected.txt: +* js/dom/string-link.html: + 2017-05-05 Dean Jackson <d...@apple.com> Restrict SVG filters to accessible security origins Modified: trunk/LayoutTests/js/dom/string-anchor-expected.txt (216300 => 216301) --- trunk/LayoutTests/js/dom/string-anchor-expected.txt 2017-05-06 00:24:11 UTC (rev 216300) +++ trunk/LayoutTests/js/dom/string-anchor-expected.txt 2017-05-06 00:33:20 UTC (rev 216301) @@ -9,8 +9,8 @@ PASS '_'.anchor('"') is "_" PASS '_'.anchor('" href="" is " PASS String.prototype.anchor.call(0x2A, 0x2A) is "42" -PASS String.prototype.anchor.call(undefined) threw exception TypeError: Type error. -PASS String.prototype.anchor.call(null) threw exception TypeError: Type error. +PASS String.prototype.anchor.call(undefined) threw exception TypeError: String.prototype.link requires that |this| not be null or undefined. +PASS String.prototype.anchor.call(null) threw exception TypeError: String.prototype.link requires that |this| not be null or undefined. PASS String.prototype.anchor.length is 1 PASS successfullyParsed is true Modified: trunk/LayoutTests/js/dom/string-anchor.html (216300 => 216301) --- trunk/LayoutTests/js/dom/string-anchor.html 2017-05-06 00:24:11 UTC (rev 216300) +++ trunk/LayoutTests/js/dom/string-anchor.html 2017-05-06 00:33:20 UTC (rev 216301) @@ -28,10 +28,10 @@ shouldBe("String.prototype.anchor.call(0x2A, 0x2A)", '"42"'); // Generic use on non-coercible object `undefined`. -shouldThrow("String.prototype.anchor.call(undefined)", '"TypeError: Type error"'); +shouldThrowErrorName("String.prototype.anchor.call(undefined)", 'TypeError'); // Generic use on non-coercible object `null`. -shouldThrow("String.prototype.anchor.call(null)", '"TypeError: Type error"'); +shouldThrowErrorName("String.prototype.anchor.call(null)", 'TypeError'); // Check anchor.length. shouldBe("String.prototype.anchor.length", "1"); Modified: trunk/LayoutTests/js/dom/string-fontcolor-expected.txt (216300 => 21630
[webkit-changes] [215345] trunk/Source
Title: [215345] trunk/Source Revision 215345 Author oli...@apple.com Date 2017-04-13 16:13:41 -0700 (Thu, 13 Apr 2017) Log Message allocationSize should use safe arithmetic by default https://bugs.webkit.org/show_bug.cgi?id=170804 Reviewed by JF Bastien. Make all allocationSize() functions work in terms of Checked Source/_javascript_Core: * runtime/DirectArguments.h: (JSC::DirectArguments::offsetOfSlot): (JSC::DirectArguments::allocationSize): * runtime/HashMapImpl.h: (JSC::HashMapBuffer::allocationSize): * runtime/JSArray.h: (JSC::JSArray::allocationSize): * runtime/JSArrayBufferView.h: (JSC::JSArrayBufferView::allocationSize): * runtime/JSAsyncFunction.h: (JSC::JSAsyncFunction::allocationSize): * runtime/JSFixedArray.h: (JSC::JSFixedArray::allocationSize): * runtime/JSFunction.h: (JSC::JSFunction::allocationSize): * runtime/JSGeneratorFunction.h: (JSC::JSGeneratorFunction::allocationSize): * runtime/JSModuleNamespaceObject.h: * runtime/JSObject.h: (JSC::JSFinalObject::allocationSize): * runtime/JSWrapperObject.h: (JSC::JSWrapperObject::allocationSize): * runtime/ScopedArguments.h: (JSC::ScopedArguments::allocationSize): * runtime/VM.h: (JSC::ScratchBuffer::allocationSize): * wasm/js/JSWebAssemblyCodeBlock.h: (JSC::JSWebAssemblyCodeBlock::offsetOfImportStubs): (JSC::JSWebAssemblyCodeBlock::allocationSize): * wasm/js/JSWebAssemblyInstance.h: (JSC::JSWebAssemblyInstance::allocationSize): Source/WTF: * wtf/text/StringImpl.h: (WTF::StringImpl::allocationSize): (WTF::StringImpl::tailOffset): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/DirectArguments.h trunk/Source/_javascript_Core/runtime/HashMapImpl.h trunk/Source/_javascript_Core/runtime/JSArray.h trunk/Source/_javascript_Core/runtime/JSArrayBufferView.h trunk/Source/_javascript_Core/runtime/JSAsyncFunction.h trunk/Source/_javascript_Core/runtime/JSFixedArray.h trunk/Source/_javascript_Core/runtime/JSFunction.h trunk/Source/_javascript_Core/runtime/JSGeneratorFunction.h trunk/Source/_javascript_Core/runtime/JSModuleNamespaceObject.h trunk/Source/_javascript_Core/runtime/JSObject.h trunk/Source/_javascript_Core/runtime/JSWrapperObject.h trunk/Source/_javascript_Core/runtime/ScopedArguments.h trunk/Source/_javascript_Core/runtime/VM.h trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyCodeBlock.h trunk/Source/_javascript_Core/wasm/js/JSWebAssemblyInstance.h trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/text/StringImpl.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (215344 => 215345) --- trunk/Source/_javascript_Core/ChangeLog 2017-04-13 22:48:13 UTC (rev 215344) +++ trunk/Source/_javascript_Core/ChangeLog 2017-04-13 23:13:41 UTC (rev 215345) @@ -1,3 +1,45 @@ +2017-04-13 Oliver Hunt <oli...@apple.com> + +allocationSize should use safe arithmetic by default +https://bugs.webkit.org/show_bug.cgi?id=170804 + +Reviewed by JF Bastien. + +Make all allocationSize() functions work in terms +of Checked + +* runtime/DirectArguments.h: +(JSC::DirectArguments::offsetOfSlot): +(JSC::DirectArguments::allocationSize): +* runtime/HashMapImpl.h: +(JSC::HashMapBuffer::allocationSize): +* runtime/JSArray.h: +(JSC::JSArray::allocationSize): +* runtime/JSArrayBufferView.h: +(JSC::JSArrayBufferView::allocationSize): +* runtime/JSAsyncFunction.h: +(JSC::JSAsyncFunction::allocationSize): +* runtime/JSFixedArray.h: +(JSC::JSFixedArray::allocationSize): +* runtime/JSFunction.h: +(JSC::JSFunction::allocationSize): +* runtime/JSGeneratorFunction.h: +(JSC::JSGeneratorFunction::allocationSize): +* runtime/JSModuleNamespaceObject.h: +* runtime/JSObject.h: +(JSC::JSFinalObject::allocationSize): +* runtime/JSWrapperObject.h: +(JSC::JSWrapperObject::allocationSize): +* runtime/ScopedArguments.h: +(JSC::ScopedArguments::allocationSize): +* runtime/VM.h: +(JSC::ScratchBuffer::allocationSize): +* wasm/js/JSWebAssemblyCodeBlock.h: +(JSC::JSWebAssemblyCodeBlock::offsetOfImportStubs): +(JSC::JSWebAssemblyCodeBlock::allocationSize): +* wasm/js/JSWebAssemblyInstance.h: +(JSC::JSWebAssemblyInstance::allocationSize): + 2017-04-13 JF Bastien <jfbast...@apple.com> WebAssembly: manage memory better Modified: trunk/Source/_javascript_Core/runtime/DirectArguments.h (215344 => 215345) --- trunk/Source/_javascript_Core/runtime/DirectArguments.h 2017-04-13 22:48:13 UTC (rev 215344) +++ trunk/Source/_javascript_Core/runtime/DirectArguments.h 2017-04-13 23:13:41 UTC (rev 215345) @@ -143,12 +143,12 @@ return WTF::roundUpToMultipleOf<sizeof(WriteBarrier)>(sizeof(DirectArguments)); } -static size_t offsetOfSlot(uint32_t index) +static size_t offsetOfSlot(Checked index
[webkit-changes] [215168] trunk/Source/JavaScriptCore
Title: [215168] trunk/Source/_javascript_Core Revision 215168 Author oli...@apple.com Date 2017-04-09 16:47:14 -0700 (Sun, 09 Apr 2017) Log Message Remove use of strcpy from JSC https://bugs.webkit.org/show_bug.cgi?id=170646 Reviewed by Mark Lam. Replace the use of strcpy with memcpy as strcpy keeps on tripping various analyser warnings even though its trivially safe in this case. Essentially code hygiene, no change in behaviour, no perf impact. * dfg/DFGDisassembler.cpp: (JSC::DFG::Disassembler::dumpDisassembly): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/dfg/DFGDisassembler.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (215167 => 215168) --- trunk/Source/_javascript_Core/ChangeLog 2017-04-09 23:42:02 UTC (rev 215167) +++ trunk/Source/_javascript_Core/ChangeLog 2017-04-09 23:47:14 UTC (rev 215168) @@ -1,3 +1,20 @@ +2017-04-08 Oliver Hunt <oli...@apple.com> + +Remove use of strcpy from JSC +https://bugs.webkit.org/show_bug.cgi?id=170646 + +Reviewed by Mark Lam. + +Replace the use of strcpy with memcpy as strcpy keeps +on tripping various analyser warnings even though its +trivially safe in this case. + +Essentially code hygiene, no change in behaviour, no +perf impact. + +* dfg/DFGDisassembler.cpp: +(JSC::DFG::Disassembler::dumpDisassembly): + 2017-04-09 Joseph Pecoraro <pecor...@apple.com> test262: test262/test/annexB/language/expressions/object/__proto__-fn-name.js Modified: trunk/Source/_javascript_Core/dfg/DFGDisassembler.cpp (215167 => 215168) --- trunk/Source/_javascript_Core/dfg/DFGDisassembler.cpp 2017-04-09 23:42:02 UTC (rev 215167) +++ trunk/Source/_javascript_Core/dfg/DFGDisassembler.cpp 2017-04-09 23:47:14 UTC (rev 215168) @@ -159,7 +159,7 @@ else amountOfNodeWhiteSpace = Graph::amountOfNodeWhiteSpace(context); auto prefixBuffer = std::make_unique<char[]>(prefixLength + amountOfNodeWhiteSpace + 1); -strcpy(prefixBuffer.get(), prefix); +memcpy(prefixBuffer.get(), prefix, prefixLength); for (int i = 0; i < amountOfNodeWhiteSpace; ++i) prefixBuffer[i + prefixLength] = ' '; prefixBuffer[prefixLength + amountOfNodeWhiteSpace] = 0; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [202507] trunk/Source/WebCore
Title: [202507] trunk/Source/WebCore Revision 202507 Author oli...@apple.com Date 2016-06-27 12:17:24 -0700 (Mon, 27 Jun 2016) Log Message Update ATS WebContent exception for more robust framework information https://bugs.webkit.org/show_bug.cgi?id=159151 Reviewed by Alex Christensen. We found some unexpected poor interaction with AVFoundation in the existing CFNetwork SPI. This new SPI is more solid and let's us provide more useful information while also being more future proof against new frameworks and ATS modes. * platform/network/mac/ResourceHandleMac.mm: (WebCore::ResourceHandle::createNSURLConnection): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm trunk/Source/WebCore/platform/spi/cf/CFNetworkSPI.h Diff Modified: trunk/Source/WebCore/ChangeLog (202506 => 202507) --- trunk/Source/WebCore/ChangeLog 2016-06-27 19:11:33 UTC (rev 202506) +++ trunk/Source/WebCore/ChangeLog 2016-06-27 19:17:24 UTC (rev 202507) @@ -1,3 +1,18 @@ +2016-06-27 Oliver Hunt <oli...@apple.com> + +Update ATS WebContent exception for more robust framework information +https://bugs.webkit.org/show_bug.cgi?id=159151 + +Reviewed by Alex Christensen. + +We found some unexpected poor interaction with AVFoundation in the existing +CFNetwork SPI. This new SPI is more solid and let's us provide more useful +information while also being more future proof against new frameworks and +ATS modes. + +* platform/network/mac/ResourceHandleMac.mm: +(WebCore::ResourceHandle::createNSURLConnection): + 2016-06-27 Antoine Quint <grao...@apple.com> [iOS] Media controls are too cramped with small video Modified: trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm (202506 => 202507) --- trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm 2016-06-27 19:11:33 UTC (rev 202506) +++ trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm 2016-06-27 19:17:24 UTC (rev 202507) @@ -226,12 +226,11 @@ #if HAVE(TIMINGDATAOPTIONS) [propertyDictionary setObject:@{@"_kCFURLConnectionPropertyTimingDataOptions": @(_TimingDataOptionsEnableW3CNavigationTiming)} forKey:@"kCFURLConnectionURLConnectionProperties"]; #endif - -#if TARGET_OS_IPHONE || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100) + // This is used to signal that to CFNetwork that this connection should be considered // web content for purposes of App Transport Security. -[propertyDictionary setObject:@{@"NSAllowsArbitraryLoadsInWebContent": @""} forKey:(NSString *)_kCFURLConnectionPropertyATSContext]; -#endif +[propertyDictionary setObject:@{@"NSAllowsArbitraryLoadsInWebContent": @YES} forKey:@"_kCFURLConnectionPropertyATSFrameworkOverrides"]; + d->m_connection = adoptNS([[NSURLConnection alloc] _initWithRequest:nsRequest delegate:delegate usesCache:usesCache maxContentLength:0 startImmediately:NO connectionProperties:propertyDictionary]); } Modified: trunk/Source/WebCore/platform/spi/cf/CFNetworkSPI.h (202506 => 202507) --- trunk/Source/WebCore/platform/spi/cf/CFNetworkSPI.h 2016-06-27 19:11:33 UTC (rev 202506) +++ trunk/Source/WebCore/platform/spi/cf/CFNetworkSPI.h 2016-06-27 19:17:24 UTC (rev 202507) @@ -201,7 +201,6 @@ #endif #if TARGET_OS_IPHONE || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100) -EXTERN_C const CFStringRef _kCFURLConnectionPropertyATSContext; EXTERN_C CFDataRef _CFNetworkCopyATSContext(void); EXTERN_C Boolean _CFNetworkSetATSContext(CFDataRef); #endif ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [202356] trunk/Source/WebCore
Title: [202356] trunk/Source/WebCore Revision 202356 Author oli...@apple.com Date 2016-06-22 16:23:46 -0700 (Wed, 22 Jun 2016) Log Message Integrate WebKit's CFURLConnection with App Transport Security https://bugs.webkit.org/show_bug.cgi?id=159039 Reviewed by Alex Christensen. Pass additional options to NSURLConnect initialiser to identify that this connection is for WebKit content loading. * platform/network/mac/ResourceHandleMac.mm: (WebCore::ResourceHandle::createNSURLConnection): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm trunk/Source/WebCore/platform/spi/cf/CFNetworkSPI.h Diff Modified: trunk/Source/WebCore/ChangeLog (202355 => 202356) --- trunk/Source/WebCore/ChangeLog 2016-06-22 22:56:56 UTC (rev 202355) +++ trunk/Source/WebCore/ChangeLog 2016-06-22 23:23:46 UTC (rev 202356) @@ -1,3 +1,17 @@ +2016-06-22 Oliver Hunt <oli...@apple.com> + +Integrate WebKit's CFURLConnection with App Transport Security +https://bugs.webkit.org/show_bug.cgi?id=159039 + + +Reviewed by Alex Christensen. + +Pass additional options to NSURLConnect initialiser to identify that +this connection is for WebKit content loading. + +* platform/network/mac/ResourceHandleMac.mm: +(WebCore::ResourceHandle::createNSURLConnection): + 2016-06-20 Jeremy Jones <jere...@apple.com> Adopt commitPriority to get rid of the 2 AVPL solution for PiP Modified: trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm (202355 => 202356) --- trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm 2016-06-22 22:56:56 UTC (rev 202355) +++ trunk/Source/WebCore/platform/network/mac/ResourceHandleMac.mm 2016-06-22 23:23:46 UTC (rev 202356) @@ -226,6 +226,12 @@ #if HAVE(TIMINGDATAOPTIONS) [propertyDictionary setObject:@{@"_kCFURLConnectionPropertyTimingDataOptions": @(_TimingDataOptionsEnableW3CNavigationTiming)} forKey:@"kCFURLConnectionURLConnectionProperties"]; #endif + +#if TARGET_OS_IPHONE || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100) +// This is used to signal that to CFNetwork that this connection should be considered +// web content for purposes of App Transport Security. +[propertyDictionary setObject:@{@"NSAllowsArbitraryLoadsInWebContent": @""} forKey:(NSString *)_kCFURLConnectionPropertyATSContext]; +#endif d->m_connection = adoptNS([[NSURLConnection alloc] _initWithRequest:nsRequest delegate:delegate usesCache:usesCache maxContentLength:0 startImmediately:NO connectionProperties:propertyDictionary]); } Modified: trunk/Source/WebCore/platform/spi/cf/CFNetworkSPI.h (202355 => 202356) --- trunk/Source/WebCore/platform/spi/cf/CFNetworkSPI.h 2016-06-22 22:56:56 UTC (rev 202355) +++ trunk/Source/WebCore/platform/spi/cf/CFNetworkSPI.h 2016-06-22 23:23:46 UTC (rev 202356) @@ -201,6 +201,7 @@ #endif #if TARGET_OS_IPHONE || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100) +EXTERN_C const CFStringRef _kCFURLConnectionPropertyATSContext; EXTERN_C CFDataRef _CFNetworkCopyATSContext(void); EXTERN_C Boolean _CFNetworkSetATSContext(CFDataRef); #endif ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [202015] trunk/Source/JavaScriptCore
Title: [202015] trunk/Source/_javascript_Core Revision 202015 Author oli...@apple.com Date 2016-06-13 16:17:00 -0700 (Mon, 13 Jun 2016) Log Message DFG Validation fails when performing a concatenation with only a single entry https://bugs.webkit.org/show_bug.cgi?id=158699 Reviewed by Saam Barati. Fairly simple short circuiting of a single replacement template string without any padding to be planted as a simple to string rather than op_strcat. * bytecompiler/NodesCodegen.cpp: (JSC::TemplateLiteralNode::emitBytecode): * tests/stress/template-literal.js: (testSingleNode): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp trunk/Source/_javascript_Core/tests/stress/template-literal.js Diff Modified: trunk/Source/_javascript_Core/ChangeLog (202014 => 202015) --- trunk/Source/_javascript_Core/ChangeLog 2016-06-13 23:05:20 UTC (rev 202014) +++ trunk/Source/_javascript_Core/ChangeLog 2016-06-13 23:17:00 UTC (rev 202015) @@ -1,3 +1,19 @@ +2016-06-13 Oliver Hunt <oli...@apple.com> + +DFG Validation fails when performing a concatenation with only a single entry +https://bugs.webkit.org/show_bug.cgi?id=158699 + +Reviewed by Saam Barati. + +Fairly simple short circuiting of a single replacement template string +without any padding to be planted as a simple to string rather than +op_strcat. + +* bytecompiler/NodesCodegen.cpp: +(JSC::TemplateLiteralNode::emitBytecode): +* tests/stress/template-literal.js: +(testSingleNode): + 2016-06-13 Filip Pizlo <fpi...@apple.com> FTL::Output methods should be out-of-line whenever possible Modified: trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp (202014 => 202015) --- trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp 2016-06-13 23:05:20 UTC (rev 202014) +++ trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp 2016-06-13 23:17:00 UTC (rev 202015) @@ -272,6 +272,9 @@ generator.emitNode(temporaryRegisters.last().get(), templateString->value()); } +if (temporaryRegisters.size() == 1) +return generator.emitToString(generator.finalDestination(dst, temporaryRegisters[0].get()), temporaryRegisters[0].get()); + return generator.emitStrcat(generator.finalDestination(dst, temporaryRegisters[0].get()), temporaryRegisters[0].get(), temporaryRegisters.size()); } Modified: trunk/Source/_javascript_Core/tests/stress/template-literal.js (202014 => 202015) --- trunk/Source/_javascript_Core/tests/stress/template-literal.js 2016-06-13 23:05:20 UTC (rev 202014) +++ trunk/Source/_javascript_Core/tests/stress/template-literal.js 2016-06-13 23:17:00 UTC (rev 202015) @@ -205,3 +205,35 @@ test(stat[1], undefined); test(stat[2], undefined); }()); + +dfgTests =[ +function testSingleNode() { +for (var i = 0; i < 1000; i++) +`${1}` +}, +function testPreNode() { +for (var i = 0; i < 1000; i++) +`n${1}` +}, +function testPostNode() { +for (var i = 0; i < 1000; i++) +`${1}n` +}, +function testSingleObjectNode() { +for (var i = 0; i < 1000; i++) +`${{}}` +}, +function testObjectPreNode() { +for (var i = 0; i < 1000; i++) +`n${{}}` +}, +function testObjectPostNode() { +for (var i = 0; i < 1000; i++) +`${{}}n` +}, +]; + +for(var f of dfgTests) { +noInline(f) +f(); +} \ No newline at end of file ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [201714] trunk
Title: [201714] trunk Revision 201714 Author oli...@apple.com Date 2016-06-06 10:31:28 -0700 (Mon, 06 Jun 2016) Log Message RegExp unicode parsing reads an extra character before failing https://bugs.webkit.org/show_bug.cgi?id=158376 Reviewed by Saam Barati. Source/_javascript_Core: This was a probably harmless bug, but keeps triggering assertions for me locally. Essentially we'd see a parse error, set the error type, but then carry on parsing. In debug builds this asserts, in release builds you are pretty safe unless you're exceptionally unlucky with where the error occurs. * yarr/YarrParser.h: (JSC::Yarr::Parser::parseEscape): LayoutTests: Add a couple of tests. * js/script-tests/regexp-unicode.js: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/js/regexp-unicode-expected.txt trunk/LayoutTests/js/script-tests/regexp-unicode.js trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/yarr/YarrParser.h Diff Modified: trunk/LayoutTests/ChangeLog (201713 => 201714) --- trunk/LayoutTests/ChangeLog 2016-06-06 17:22:23 UTC (rev 201713) +++ trunk/LayoutTests/ChangeLog 2016-06-06 17:31:28 UTC (rev 201714) @@ -1,3 +1,14 @@ +2016-06-03 Oliver Hunt <oli...@apple.com> + +RegExp unicode parsing reads an extra character before failing +https://bugs.webkit.org/show_bug.cgi?id=158376 + +Reviewed by Saam Barati. + +Add a couple of tests. + +* js/script-tests/regexp-unicode.js: + 2016-06-06 Chris Dumez <cdu...@apple.com> Crash under JSObject::getOwnPropertyDescriptor() Modified: trunk/LayoutTests/js/regexp-unicode-expected.txt (201713 => 201714) --- trunk/LayoutTests/js/regexp-unicode-expected.txt 2016-06-06 17:22:23 UTC (rev 201713) +++ trunk/LayoutTests/js/regexp-unicode-expected.txt 2016-06-06 17:31:28 UTC (rev 201714) @@ -151,6 +151,8 @@ PASS r = new RegExp("[\\x]", "u") threw exception SyntaxError: Invalid regular _expression_: invalid escaped character for unicode pattern. PASS r = new RegExp("\\u", "u") threw exception SyntaxError: Invalid regular _expression_: invalid escaped character for unicode pattern. PASS r = new RegExp("[\\u]", "u") threw exception SyntaxError: Invalid regular _expression_: invalid escaped character for unicode pattern. +PASS r = new RegExp("\\u{", "u") threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape. +PASS r = new RegExp("\\u{\udead", "u") threw exception SyntaxError: Invalid regular _expression_: invalid unicode {} escape. PASS successfullyParsed is true TEST COMPLETE Modified: trunk/LayoutTests/js/script-tests/regexp-unicode.js (201713 => 201714) --- trunk/LayoutTests/js/script-tests/regexp-unicode.js 2016-06-06 17:22:23 UTC (rev 201713) +++ trunk/LayoutTests/js/script-tests/regexp-unicode.js 2016-06-06 17:31:28 UTC (rev 201714) @@ -205,11 +205,11 @@ var invalidEscapeException = "SyntaxError: Invalid regular _expression_: invalid escaped character for unicode pattern"; var newRegExp; -function shouldThrowInvalidEscape(pattern) +function shouldThrowInvalidEscape(pattern, error='invalidEscapeException') { newRegExp = 'r = new RegExp("' + pattern + '", "u")'; -shouldThrow(newRegExp, 'invalidEscapeException'); +shouldThrow(newRegExp, error); } shouldThrowInvalidEscape("-"); @@ -222,3 +222,5 @@ shouldThrowInvalidEscape("u"); shouldThrowInvalidEscape("[u]"); +shouldThrowInvalidEscape("u{", '"SyntaxError: Invalid regular _expression_: invalid unicode {} escape"'); +shouldThrowInvalidEscape("u{\\udead", '"SyntaxError: Invalid regular _expression_: invalid unicode {} escape"'); Modified: trunk/Source/_javascript_Core/ChangeLog (201713 => 201714) --- trunk/Source/_javascript_Core/ChangeLog 2016-06-06 17:22:23 UTC (rev 201713) +++ trunk/Source/_javascript_Core/ChangeLog 2016-06-06 17:31:28 UTC (rev 201714) @@ -1,3 +1,19 @@ +2016-06-03 Oliver Hunt <oli...@apple.com> + +RegExp unicode parsing reads an extra character before failing +https://bugs.webkit.org/show_bug.cgi?id=158376 + +Reviewed by Saam Barati. + +This was a probably harmless bug, but keeps triggering assertions +for me locally. Essentially we'd see a parse error, set the error +type, but then carry on parsing. In debug builds this asserts, in +release builds you are pretty safe unless you're exceptionally +unlucky with where the error occurs. + +* yarr/YarrParser.h: +(JSC::Yarr::Parser::parseEscape): + 2016-06-06 Guillaume Emont <guijem...@igalia.com> [jsc][mips] fix JIT::emit_op_log_shadow_chicken_prologue/_tail Modified: trunk/Source/_javascript_Core/yarr/YarrParser.h (201713 => 201714) --- trunk/Sou
[webkit-changes] [201624] trunk
Title: [201624] trunk Revision 201624 Author oli...@apple.com Date 2016-06-02 16:07:48 -0700 (Thu, 02 Jun 2016) Log Message JS parser incorrectly handles invalid utf8 in error messages. https://bugs.webkit.org/show_bug.cgi?id=158128 Reviewed by Saam Barati. Source/_javascript_Core: The bug here was caused by us using PrintStream's toString method to produce the error message for a parse error, even though toString may produce a null string in the event of invalid utf8 that causes the error in first case. So when we try to create an error message containing the invalid character code, we set m_errorMessage to the null string, as that signals "no error" we don't stop parsing, and everything goes down hill from there. Now we use the new toStringWithLatin1Fallback so that we can always produce an error message, even if it contains invalid unicode. We also add an additional fallback so that we can guarantee an error message is set even if we're given a null string. There's a debug mode assertion to prevent anyone accidentally attempting to clear the message via setErrorMessage. * parser/Parser.cpp: (JSC::Parser::logError): * parser/Parser.h: (JSC::Parser::setErrorMessage): Source/WTF: Add a new toStringWithLatin1Fallback that simply uses String::fromUTF8WithLatin1Fallback, so we can avoid the standard String::fromUTF8 null return. * wtf/StringPrintStream.cpp: (WTF::StringPrintStream::toStringWithLatin1Fallback): * wtf/StringPrintStream.h: LayoutTests: Add a testcase. * js/invalid-utf8-in-syntax-error-expected.txt: Added. * js/script-tests/invalid-utf8-in-syntax-error.js: Added. Modified Paths trunk/LayoutTests/ChangeLog trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/parser/Parser.cpp trunk/Source/_javascript_Core/parser/Parser.h trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/StringPrintStream.cpp trunk/Source/WTF/wtf/StringPrintStream.h Added Paths trunk/LayoutTests/js/invalid-utf8-in-syntax-error-expected.txt trunk/LayoutTests/js/script-tests/invalid-utf8-in-syntax-error.js Diff Modified: trunk/LayoutTests/ChangeLog (201623 => 201624) --- trunk/LayoutTests/ChangeLog 2016-06-02 22:43:25 UTC (rev 201623) +++ trunk/LayoutTests/ChangeLog 2016-06-02 23:07:48 UTC (rev 201624) @@ -1,3 +1,15 @@ +2016-06-02 Oliver Hunt <oli...@apple.com> + +JS parser incorrectly handles invalid utf8 in error messages. +https://bugs.webkit.org/show_bug.cgi?id=158128 + +Reviewed by Saam Barati. + +Add a testcase. + +* js/invalid-utf8-in-syntax-error-expected.txt: Added. +* js/script-tests/invalid-utf8-in-syntax-error.js: Added. + 2016-06-02 Michael Saboff <msab...@apple.com> REGRESSION(r200694): %ThrowTypeError% is not unique Added: trunk/LayoutTests/js/invalid-utf8-in-syntax-error-expected.txt (0 => 201624) --- trunk/LayoutTests/js/invalid-utf8-in-syntax-error-expected.txt (rev 0) +++ trunk/LayoutTests/js/invalid-utf8-in-syntax-error-expected.txt 2016-06-02 23:07:48 UTC (rev 201624) @@ -0,0 +1,10 @@ +Ensures that we correctly propagate the error message for lexer errors containing invalid utf8 code sequences + +On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". + + +PASS ({f("\x{DEAD}")}) threw exception SyntaxError: Unexpected string literal "íº". Expected a parameter pattern or a ')' in parameter list.. +PASS successfullyParsed is true + +TEST COMPLETE + Added: trunk/LayoutTests/js/script-tests/invalid-utf8-in-syntax-error.js (0 => 201624) --- trunk/LayoutTests/js/script-tests/invalid-utf8-in-syntax-error.js (rev 0) +++ trunk/LayoutTests/js/script-tests/invalid-utf8-in-syntax-error.js 2016-06-02 23:07:48 UTC (rev 201624) @@ -0,0 +1,6 @@ +description('Ensures that we correctly propagate the error message for lexer errors containing invalid utf8 code sequences'); + +shouldThrow('({f("\udead")})'); + +var successfullyParsed = true; + Modified: trunk/Source/_javascript_Core/ChangeLog (201623 => 201624) --- trunk/Source/_javascript_Core/ChangeLog 2016-06-02 22:43:25 UTC (rev 201623) +++ trunk/Source/_javascript_Core/ChangeLog 2016-06-02 23:07:48 UTC (rev 201624) @@ -1,3 +1,30 @@ +2016-06-02 Oliver Hunt <oli...@apple.com> + +JS parser incorrectly handles invalid utf8 in error messages. +https://bugs.webkit.org/show_bug.cgi?id=158128 + +Reviewed by Saam Barati. + +The bug here was caused by us using PrintStream's toString method +to produce the error message for a parse error, even though toString +may produce a null string in the event of invalid utf8 that causes +the error in first case. So when we try to create an error message +containing the invalid character code, we set m_errorMessage to the +null string, as that signals "no error" we
[webkit-changes] [200496] trunk/Source/JavaScriptCore
Title: [200496] trunk/Source/_javascript_Core Revision 200496 Author oli...@apple.com Date 2016-05-05 16:59:07 -0700 (Thu, 05 May 2016) Log Message Enable separated heap by default on ios https://bugs.webkit.org/show_bug.cgi?id=156720 Reviewed by Geoffrey Garen. We've fixed the xnu side of things, so we can reland this. * runtime/Options.cpp: (JSC::recomputeDependentOptions): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/Options.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (200495 => 200496) --- trunk/Source/_javascript_Core/ChangeLog 2016-05-05 23:54:44 UTC (rev 200495) +++ trunk/Source/_javascript_Core/ChangeLog 2016-05-05 23:59:07 UTC (rev 200496) @@ -1,3 +1,15 @@ +2016-05-05 Oliver Hunt <oli...@apple.com> + +Enable separated heap by default on ios +https://bugs.webkit.org/show_bug.cgi?id=156720 + +Reviewed by Geoffrey Garen. + +We've fixed the xnu side of things, so we can reland this. + +* runtime/Options.cpp: +(JSC::recomputeDependentOptions): + 2016-05-05 Joseph Pecoraro <pecor...@apple.com> JSContext Inspector: Better CommandLineAPI in JSContext inspection Modified: trunk/Source/_javascript_Core/runtime/Options.cpp (200495 => 200496) --- trunk/Source/_javascript_Core/runtime/Options.cpp 2016-05-05 23:54:44 UTC (rev 200495) +++ trunk/Source/_javascript_Core/runtime/Options.cpp 2016-05-05 23:59:07 UTC (rev 200496) @@ -352,6 +352,13 @@ Options::useOSREntryToFTL() = false; } +#if PLATFORM(IOS) && !PLATFORM(IOS_SIMULATOR) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 10 +// Override globally for now. Longer term we'll just make the default +// be to have this option enabled, and have platforms that don't support +// it just silently use a single mapping. +Options::useSeparatedWXHeap() = true; +#endif + // Compute the maximum value of the reoptimization retry counter. This is simply // the largest value at which we don't overflow the execute counter, when using it // to left-shift the execution counter by this amount. Currently the value ends ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [200097] trunk/Source/JavaScriptCore
Title: [200097] trunk/Source/_javascript_Core Revision 200097 Author oli...@apple.com Date 2016-04-26 10:46:23 -0700 (Tue, 26 Apr 2016) Log Message 2016-04-26 Oliver Hunt <oli...@apple.com> Enable separated heap by default on ios https://bugs.webkit.org/show_bug.cgi?id=156720 Unreviewed roll-in of this change. There is only one additional allocation involved in this logic, and that is a duplicate mapping. Either our tools are not report real memory usage or this revision is not responsible for the regression. * runtime/Options.cpp: (JSC::recomputeDependentOptions): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/Options.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (200096 => 200097) --- trunk/Source/_javascript_Core/ChangeLog 2016-04-26 17:38:43 UTC (rev 200096) +++ trunk/Source/_javascript_Core/ChangeLog 2016-04-26 17:46:23 UTC (rev 200097) @@ -1,3 +1,18 @@ +2016-04-26 Oliver Hunt <oli...@apple.com> + +Enable separated heap by default on ios +https://bugs.webkit.org/show_bug.cgi?id=156720 + +Unreviewed roll-in of this change. There is only one +additional allocation involved in this logic, and that +is a duplicate mapping. + +Either our tools are not report real memory usage +or this revision is not responsible for the regression. + +* runtime/Options.cpp: +(JSC::recomputeDependentOptions): + 2016-04-26 Filip Pizlo <fpi...@apple.com> DFG backends shouldn't emit type checks at KnownBlah edges Modified: trunk/Source/_javascript_Core/runtime/Options.cpp (200096 => 200097) --- trunk/Source/_javascript_Core/runtime/Options.cpp 2016-04-26 17:38:43 UTC (rev 200096) +++ trunk/Source/_javascript_Core/runtime/Options.cpp 2016-04-26 17:46:23 UTC (rev 200097) @@ -341,6 +341,13 @@ Options::useOSREntryToFTL() = false; } +#if PLATFORM(IOS) && !PLATFORM(IOS_SIMULATOR) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 10 +// Override globally for now. Longer term we'll just make the default +// be to have this option enabled, and have platforms that don't support +// it just silently use a single mapping. +Options::useSeparatedWXHeap() = true; +#endif + // Compute the maximum value of the reoptimization retry counter. This is simply // the largest value at which we don't overflow the execute counter, when using it // to left-shift the execution counter by this amount. Currently the value ends ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [199734] trunk/Source/JavaScriptCore
Title: [199734] trunk/Source/_javascript_Core Revision 199734 Author oli...@apple.com Date 2016-04-19 11:34:13 -0700 (Tue, 19 Apr 2016) Log Message Enable separated heap by default on ios https://bugs.webkit.org/show_bug.cgi?id=156720 Reviewed by ggaren. * runtime/Options.cpp: (JSC::recomputeDependentOptions): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/Options.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (199733 => 199734) --- trunk/Source/_javascript_Core/ChangeLog 2016-04-19 17:58:57 UTC (rev 199733) +++ trunk/Source/_javascript_Core/ChangeLog 2016-04-19 18:34:13 UTC (rev 199734) @@ -1,3 +1,13 @@ +2016-04-18 Oliver Hunt <oli...@apple.com> + +Enable separated heap by default on ios +https://bugs.webkit.org/show_bug.cgi?id=156720 + +Reviewed by ggaren. + +* runtime/Options.cpp: +(JSC::recomputeDependentOptions): + 2016-04-19 Mark Lam <mark@apple.com> Re-landing: ES6: Implement String.prototype.split and RegExp.prototype[@@split]. Modified: trunk/Source/_javascript_Core/runtime/Options.cpp (199733 => 199734) --- trunk/Source/_javascript_Core/runtime/Options.cpp 2016-04-19 17:58:57 UTC (rev 199733) +++ trunk/Source/_javascript_Core/runtime/Options.cpp 2016-04-19 18:34:13 UTC (rev 199734) @@ -341,6 +341,13 @@ Options::useOSREntryToFTL() = false; } +#if (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 10) +// Override globally for now. Longer term we'll just make the default +// be to have this option enabled, and have platforms that don't support +// it just silently use a single mapping. +Options::useSeparatedWXHeap() = true; +#endif + // Compute the maximum value of the reoptimization retry counter. This is simply // the largest value at which we don't overflow the execute counter, when using it // to left-shift the execution counter by this amount. Currently the value ends ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [199299] trunk
Title: [199299] trunk Revision 199299 Author oli...@apple.com Date 2016-04-11 12:00:48 -0700 (Mon, 11 Apr 2016) Log Message Remove compile time define for SEPARATED_HEAP https://bugs.webkit.org/show_bug.cgi?id=155508 Reviewed by Mark Lam. Source/_javascript_Core: Remove the SEPARATED_HEAP compile time flag. The separated heap is available, but off by default, on x86_64, ARMv7, and ARM64. Working through the issues that happened last time essentially required implementing the ARMv7 path for the separated heap just so I could find all the ways it was going wrong. We fixed all the logic by making the branch and jump logic in the linker and assemblers take two parameters, the location to write to, and the location we'll actually be writing to. We need to do this because it's no longer sufficient to compute jumps relative to region the linker is writing to. The repatching jump, branch, and call functions only need the executable address as the patching is performed directly using performJITMemcpy function which works in terms of the executable address. There is no performance impact on jsc-benchmarks with the separate heap either emabled or disabled. * Configurations/FeatureDefines.xcconfig: * assembler/ARM64Assembler.h: (JSC::ARM64Assembler::linkJump): (JSC::ARM64Assembler::linkCall): (JSC::ARM64Assembler::relinkJump): (JSC::ARM64Assembler::relinkCall): (JSC::ARM64Assembler::link): (JSC::ARM64Assembler::linkJumpOrCall): (JSC::ARM64Assembler::linkCompareAndBranch): (JSC::ARM64Assembler::linkConditionalBranch): (JSC::ARM64Assembler::linkTestAndBranch): (JSC::ARM64Assembler::relinkJumpOrCall): * assembler/ARMv7Assembler.h: (JSC::ARMv7Assembler::revertJumpTo_movT3movtcmpT2): (JSC::ARMv7Assembler::revertJumpTo_movT3): (JSC::ARMv7Assembler::link): (JSC::ARMv7Assembler::linkJump): (JSC::ARMv7Assembler::relinkJump): (JSC::ARMv7Assembler::repatchCompact): (JSC::ARMv7Assembler::replaceWithJump): (JSC::ARMv7Assembler::replaceWithLoad): (JSC::ARMv7Assembler::replaceWithAddressComputation): (JSC::ARMv7Assembler::setInt32): (JSC::ARMv7Assembler::setUInt7ForLoad): (JSC::ARMv7Assembler::isB): (JSC::ARMv7Assembler::isBX): (JSC::ARMv7Assembler::isMOV_imm_T3): (JSC::ARMv7Assembler::isMOVT): (JSC::ARMv7Assembler::isNOP_T1): (JSC::ARMv7Assembler::isNOP_T2): (JSC::ARMv7Assembler::linkJumpT1): (JSC::ARMv7Assembler::linkJumpT2): (JSC::ARMv7Assembler::linkJumpT3): (JSC::ARMv7Assembler::linkJumpT4): (JSC::ARMv7Assembler::linkConditionalJumpT4): (JSC::ARMv7Assembler::linkBX): (JSC::ARMv7Assembler::linkConditionalBX): (JSC::ARMv7Assembler::linkJumpAbsolute): * assembler/LinkBuffer.cpp: (JSC::LinkBuffer::copyCompactAndLinkCode): * assembler/MacroAssemblerARM64.h: (JSC::MacroAssemblerARM64::link): * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::link): * jit/ExecutableAllocator.h: (JSC::performJITMemcpy): * jit/ExecutableAllocatorFixedVMPool.cpp: (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps): (JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator): (JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion): (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): Deleted. * runtime/Options.cpp: (JSC::recomputeDependentOptions): * runtime/Options.h: Source/WebCore: * Configurations/FeatureDefines.xcconfig: Source/WebKit/mac: * Configurations/FeatureDefines.xcconfig: Source/WebKit2: * Configurations/FeatureDefines.xcconfig: Source/WTF: * wtf/FeatureDefines.h: * wtf/Platform.h: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig trunk/Source/_javascript_Core/assembler/ARM64Assembler.h trunk/Source/_javascript_Core/assembler/ARMv7Assembler.h trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h trunk/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h trunk/Source/_javascript_Core/jit/ExecutableAllocator.h trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp trunk/Source/_javascript_Core/runtime/Options.cpp trunk/Source/_javascript_Core/runtime/Options.h trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/FeatureDefines.h trunk/Source/WTF/wtf/Platform.h trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig trunk/Source/WebKit/mac/ChangeLog trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig trunk/Tools/TestWebKitAPI/Configurations/FeatureDefines.xcconfig Diff Modified: trunk/Source/_javascript_Core/ChangeLog (199298 => 199299) --- trunk/Source/_javascript_Core/ChangeLog 2016-04-11 18:49:13 UTC (rev 199298) +++ trunk/Source/_javascript_Core/ChangeLog 2016-04-11 19:00:48 UTC (rev 199299) @@ -1,3 +1,87 @@ +2016-04-05 Oliver Hunt <oli...@apple.com> + +Remove compile time define for SEPARATED_HEAP +https://bugs.webkit.org/show_bug.cgi?
[webkit-changes] [198252] trunk/Source/JavaScriptCore
Title: [198252] trunk/Source/_javascript_Core Revision 198252 Author oli...@apple.com Date 2016-03-15 18:02:32 -0700 (Tue, 15 Mar 2016) Log Message Rename performJITMemcpy to something more inline with our normal webkit function names https://bugs.webkit.org/show_bug.cgi?id=155525 Reviewed by Saam Barati. Simple bulk search/replace with a better name. * assembler/ARM64Assembler.h: (JSC::ARM64Assembler::fillNops): (JSC::ARM64Assembler::replaceWithJump): (JSC::ARM64Assembler::replaceWithLoad): (JSC::ARM64Assembler::replaceWithAddressComputation): (JSC::ARM64Assembler::setPointer): (JSC::ARM64Assembler::repatchInt32): (JSC::ARM64Assembler::repatchCompact): (JSC::ARM64Assembler::linkJumpOrCall): (JSC::ARM64Assembler::linkCompareAndBranch): (JSC::ARM64Assembler::linkConditionalBranch): (JSC::ARM64Assembler::linkTestAndBranch): * assembler/LinkBuffer.cpp: (JSC::LinkBuffer::copyCompactAndLinkCode): * jit/ExecutableAllocator.h: (JSC::writeToExecutableRegion): (JSC::performJITMemcpy): Deleted. Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/assembler/ARM64Assembler.h trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp trunk/Source/_javascript_Core/jit/ExecutableAllocator.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (198251 => 198252) --- trunk/Source/_javascript_Core/ChangeLog 2016-03-16 00:45:32 UTC (rev 198251) +++ trunk/Source/_javascript_Core/ChangeLog 2016-03-16 01:02:32 UTC (rev 198252) @@ -1,5 +1,32 @@ 2016-03-15 Oliver Hunt <oli...@apple.com> +Rename performJITMemcpy to something more inline with our normal webkit function names +https://bugs.webkit.org/show_bug.cgi?id=155525 + +Reviewed by Saam Barati. + +Simple bulk search/replace with a better name. + +* assembler/ARM64Assembler.h: +(JSC::ARM64Assembler::fillNops): +(JSC::ARM64Assembler::replaceWithJump): +(JSC::ARM64Assembler::replaceWithLoad): +(JSC::ARM64Assembler::replaceWithAddressComputation): +(JSC::ARM64Assembler::setPointer): +(JSC::ARM64Assembler::repatchInt32): +(JSC::ARM64Assembler::repatchCompact): +(JSC::ARM64Assembler::linkJumpOrCall): +(JSC::ARM64Assembler::linkCompareAndBranch): +(JSC::ARM64Assembler::linkConditionalBranch): +(JSC::ARM64Assembler::linkTestAndBranch): +* assembler/LinkBuffer.cpp: +(JSC::LinkBuffer::copyCompactAndLinkCode): +* jit/ExecutableAllocator.h: +(JSC::writeToExecutableRegion): +(JSC::performJITMemcpy): Deleted. + +2016-03-15 Oliver Hunt <oli...@apple.com> + Build fix. * jit/ExecutableAllocatorFixedVMPool.cpp: Modified: trunk/Source/_javascript_Core/assembler/ARM64Assembler.h (198251 => 198252) --- trunk/Source/_javascript_Core/assembler/ARM64Assembler.h 2016-03-16 00:45:32 UTC (rev 198251) +++ trunk/Source/_javascript_Core/assembler/ARM64Assembler.h 2016-03-16 01:02:32 UTC (rev 198252) @@ -1490,7 +1490,7 @@ size_t n = size / sizeof(int32_t); for (int32_t* ptr = static_cast<int32_t*>(base); n--;) { int insn = nopPseudo(); -performJITMemcpy(ptr++, , sizeof(int)); +writeToExecutableRegion(ptr++, , sizeof(int)); } } @@ -2501,7 +2501,7 @@ intptr_t offset = (reinterpret_cast(to) - reinterpret_cast(where)) >> 2; ASSERT(static_cast(offset) == offset); int insn = unconditionalBranchImmediate(false, static_cast(offset)); -performJITMemcpy(where, , sizeof(int)); +writeToExecutableRegion(where, , sizeof(int)); cacheFlush(where, sizeof(int)); } @@ -2526,7 +2526,7 @@ ASSERT(!shift); ASSERT(!(imm12 & ~0xff8)); int insn = loadStoreRegisterUnsignedImmediate(MemOpSize_64, false, MemOp_LOAD, encodePositiveImmediate<64>(imm12), rn, rd); -performJITMemcpy(where, , sizeof(int)); +writeToExecutableRegion(where, , sizeof(int)); cacheFlush(where, sizeof(int)); } #if !ASSERT_DISABLED @@ -2560,7 +2560,7 @@ ASSERT(opc == MemOp_LOAD); ASSERT(!(imm12 & ~0x1ff)); int insn = addSubtractImmediate(Datasize_64, AddOp_ADD, DontSetFlags, 0, imm12 * sizeof(void*), rn, rt); -performJITMemcpy(where, , sizeof(int)); +writeToExecutableRegion(where, , sizeof(int)); cacheFlush(where, sizeof(int)); } #if !ASSERT_DISABLED @@ -2594,7 +2594,7 @@ buffer[0] = moveWideImediate(Datasize_64, MoveWideOp_Z, 0, getHalfword(value, 0), rd); buffer[1] = moveWideImediate(Datasize_64, MoveWideOp_K, 1, getHalfword(value, 1), rd); buffer[2] = moveWideImediate(Datasize_64, MoveWideOp_K, 2, getHalfword(value, 2), rd); -performJITMemcpy(address, buffer, sizeof(int) * 3); +writeToExecutableRegion(address, bu
[webkit-changes] [198241] trunk/Source/JavaScriptCore
Title: [198241] trunk/Source/_javascript_Core Revision 198241 Author oli...@apple.com Date 2016-03-15 16:29:53 -0700 (Tue, 15 Mar 2016) Log Message Improved build fix. Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (198240 => 198241) --- trunk/Source/_javascript_Core/ChangeLog 2016-03-15 23:24:23 UTC (rev 198240) +++ trunk/Source/_javascript_Core/ChangeLog 2016-03-15 23:29:53 UTC (rev 198241) @@ -1,3 +1,9 @@ +2016-03-15 Oliver Hunt <oli...@apple.com> + +Build fix. + +* jit/ExecutableAllocatorFixedVMPool.cpp: + 2016-03-15 Mark Lam <mark@apple.com> Gardening: build fix after r198235. Modified: trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp (198240 => 198241) --- trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp 2016-03-15 23:24:23 UTC (rev 198240) +++ trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp 2016-03-15 23:29:53 UTC (rev 198241) @@ -205,11 +205,9 @@ jitWriteFunction = reinterpret_cast(writeThunk.code().executableAddress()); } -#if CPU(ARM64) +#if CPU(ARM64) && ENABLE(SEPARATED_HEAP_JIT_WRITE_FUNCTION) MacroAssemblerCodeRef jitWriteThunkGenerator(void* writableAddr, void* stubBase, size_t stubSize) { -ASSERT_UNUSED(startOfFixedWritableMemoryPool, !startOfFixedWritableMemoryPool); - using namespace ARM64Registers; using TrustedImm32 = MacroAssembler::TrustedImm32; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [198235] trunk/Source
Title: [198235] trunk/Source Revision 198235 Author oli...@apple.com Date 2016-03-15 15:44:59 -0700 (Tue, 15 Mar 2016) Log Message Remove compile time define for SEPARATED_HEAP https://bugs.webkit.org/show_bug.cgi?id=155508 Reviewed by Mark Lam. Source/_javascript_Core: This removes the compile time define for the SEPARATED_HEAP feature, and moves to a default-off runtime preference. This happily also removes the need for world rebuilds while bringing it up on different platforms. * Configurations/FeatureDefines.xcconfig: * assembler/LinkBuffer.cpp: (JSC::LinkBuffer::copyCompactAndLinkCode): * jit/ExecutableAllocator.h: (JSC::performJITMemcpy): * jit/ExecutableAllocatorFixedVMPool.cpp: (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps): (JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator): (JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion): (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): Deleted. * runtime/Options.cpp: (JSC::recomputeDependentOptions): * runtime/Options.h: Source/WebCore: Remove the feature define. * Configurations/FeatureDefines.xcconfig: Source/WebKit/mac: Remove the feature define. * Configurations/FeatureDefines.xcconfig: Source/WebKit2: Remove the feature define. * Configurations/FeatureDefines.xcconfig: Source/WTF: Remove the feature define. * wtf/FeatureDefines.h: * wtf/Platform.h: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp trunk/Source/_javascript_Core/jit/ExecutableAllocator.h trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp trunk/Source/_javascript_Core/runtime/Options.cpp trunk/Source/_javascript_Core/runtime/Options.h trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/FeatureDefines.h trunk/Source/WTF/wtf/Platform.h trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig trunk/Source/WebKit/mac/ChangeLog trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig Diff Modified: trunk/Source/_javascript_Core/ChangeLog (198234 => 198235) --- trunk/Source/_javascript_Core/ChangeLog 2016-03-15 22:42:15 UTC (rev 198234) +++ trunk/Source/_javascript_Core/ChangeLog 2016-03-15 22:44:59 UTC (rev 198235) @@ -1,3 +1,30 @@ +2016-03-15 Oliver Hunt <oli...@apple.com> + +Remove compile time define for SEPARATED_HEAP +https://bugs.webkit.org/show_bug.cgi?id=155508 + +Reviewed by Mark Lam. + +This removes the compile time define for the SEPARATED_HEAP +feature, and moves to a default-off runtime preference. + +This happily also removes the need for world rebuilds while +bringing it up on different platforms. + +* Configurations/FeatureDefines.xcconfig: +* assembler/LinkBuffer.cpp: +(JSC::LinkBuffer::copyCompactAndLinkCode): +* jit/ExecutableAllocator.h: +(JSC::performJITMemcpy): +* jit/ExecutableAllocatorFixedVMPool.cpp: +(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps): +(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator): +(JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion): +(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): Deleted. +* runtime/Options.cpp: +(JSC::recomputeDependentOptions): +* runtime/Options.h: + 2016-03-15 Commit Queue <commit-qu...@webkit.org> Unreviewed, rolling out r198148. Modified: trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig (198234 => 198235) --- trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig 2016-03-15 22:42:15 UTC (rev 198234) +++ trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig 2016-03-15 22:44:59 UTC (rev 198235) @@ -192,7 +192,4 @@ ENABLE_SHADOW_DOM = ENABLE_SHADOW_DOM; ENABLE_CUSTOM_ELEMENTS = ENABLE_CUSTOM_ELEMENTS; -ENABLE_SEPARATED_WX_HEAP[sdk=iphone*] = ; -ENABLE_SEPARATED_WX_HEAP[sdk=macosx*] = ; - -FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_AVF_CAPTIONS) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_ES6_ARROWFUNCTION_SYNTAX) $(ENABLE_ES6_CLASS_SYNTAX) $(ENABLE_ES6_GENERATORS) $(ENABLE_ES6_MODULES) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSP_NEXT) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_GRID_LAYOUT) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_SHAPES) $(ENABLE_CSS3_TEXT) $(ENABLE_CSS3_TEXT_LINE_BREAK) $(ENABLE
[webkit-changes] [198167] trunk/Source
Title: [198167] trunk/Source Revision 198167 Author oli...@apple.com Date 2016-03-14 16:14:15 -0700 (Mon, 14 Mar 2016) Log Message Temporarily disable the separated heap. https://bugs.webkit.org/show_bug.cgi?id=155472 Reviewed by Geoffrey Garen. Temporarily disable this. * Configurations/FeatureDefines.xcconfig: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig trunk/Source/WebKit/mac/ChangeLog trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig Diff Modified: trunk/Source/_javascript_Core/ChangeLog (198166 => 198167) --- trunk/Source/_javascript_Core/ChangeLog 2016-03-14 22:58:28 UTC (rev 198166) +++ trunk/Source/_javascript_Core/ChangeLog 2016-03-14 23:14:15 UTC (rev 198167) @@ -1,3 +1,14 @@ +2016-03-14 Oliver Hunt <oli...@apple.com> + +Temporarily disable the separated heap. +https://bugs.webkit.org/show_bug.cgi?id=155472 + +Reviewed by Geoffrey Garen. + +Temporarily disable this. + +* Configurations/FeatureDefines.xcconfig: + 2016-03-14 Joseph Pecoraro <pecor...@apple.com> Reduce generated JSON HeapSnapshot size Modified: trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig (198166 => 198167) --- trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig 2016-03-14 22:58:28 UTC (rev 198166) +++ trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig 2016-03-14 23:14:15 UTC (rev 198167) @@ -192,7 +192,7 @@ ENABLE_SHADOW_DOM = ENABLE_SHADOW_DOM; ENABLE_CUSTOM_ELEMENTS = ENABLE_CUSTOM_ELEMENTS; -ENABLE_SEPARATED_WX_HEAP[sdk=iphone*] = ENABLE_SEPARATED_WX_HEAP; +ENABLE_SEPARATED_WX_HEAP[sdk=iphone*] = ; ENABLE_SEPARATED_WX_HEAP[sdk=macosx*] = ; FEATURE_DEFINES = $(ENABLE_3D_TRANSFORMS) $(ENABLE_ACCELERATED_2D_CANVAS) $(ENABLE_ACCELERATED_OVERFLOW_SCROLLING) $(ENABLE_AVF_CAPTIONS) $(ENABLE_ATTACHMENT_ELEMENT) $(ENABLE_CACHE_PARTITIONING) $(ENABLE_CANVAS_PATH) $(ENABLE_CANVAS_PROXY) $(ENABLE_CHANNEL_MESSAGING) $(ENABLE_ES6_ARROWFUNCTION_SYNTAX) $(ENABLE_ES6_CLASS_SYNTAX) $(ENABLE_ES6_GENERATORS) $(ENABLE_ES6_MODULES) $(ENABLE_CONTENT_FILTERING) $(ENABLE_CSP_NEXT) $(ENABLE_CSS_ANIMATIONS_LEVEL_2) $(ENABLE_CSS_BOX_DECORATION_BREAK) $(ENABLE_CSS_COMPOSITING) $(ENABLE_CSS_DEVICE_ADAPTATION) $(ENABLE_CSS_GRID_LAYOUT) $(ENABLE_CSS_IMAGE_ORIENTATION) $(ENABLE_CSS_IMAGE_RESOLUTION) $(ENABLE_CSS_REGIONS) $(ENABLE_CSS_SELECTORS_LEVEL4) $(ENABLE_CSS_SHAPES) $(ENABLE_CSS3_TEXT) $(ENABLE_CSS3_TEXT_LINE_BREAK) $(ENABLE_CURSOR_VISIBILITY) $(ENABLE_CUSTOM_SCHEME_HANDLER) $(ENABLE_DASHBOARD_SUPPORT) $(ENABLE_DATALIST_ELEMENT) $(ENABLE_DATA_TRANSFER_ITEMS) $(ENABLE_DETAILS_ELEMENT) $(ENABLE_DEVICE_ORIENTATION) $(ENABLE_DOM4_EVENTS_CONSTRUCTOR) $(ENABLE_ENCRYPTED_MEDIA) $(ENABLE_ENCRYPTED_MEDIA_V2) $(ENABLE_FETCH_API) $(ENABLE_FILTERS_LEVEL_2) $(ENABLE_FONT_LOAD_EVENTS) $(ENABLE_FULLSCREEN_API) $(ENABLE_GAMEPAD) $(ENABLE_GAMEPAD_DEPRECATED) $(ENABLE_GEOLOCATION) $(ENABLE_ICONDATABASE) $(ENABLE_SERVICE_CONTROLS) $(ENABLE_INDEXED_DATABASE) $(ENABLE_INDEXED_DATABASE_IN_WORKERS) $(ENABLE_INDIE_UI) $(ENABLE_INPUT_TYPE_COLOR) $(ENABLE_INPUT_TYPE_COLOR_POPOVER) $(ENABLE_INPUT_TYPE_DATE) $(ENABLE_INPUT_TYPE_DATETIME_INCOMPLETE) $(ENABLE_INPUT_TYPE_DATETIMELOCAL) $(ENABLE_INPUT_TYPE_MONTH) $(ENABLE_INPUT_TYPE_TIME) $(ENABLE_INPUT_TYPE_WEEK) $(ENABLE_WIRELESS_PLAYBACK_TARGET) $(ENABLE_INTL) $(ENABLE_IOS_GESTURE_EVENTS) $(ENABLE_IOS_TEXT_AUTOSIZING) $(ENABLE_IOS_TOUCH_EVENTS) $(ENABLE_LEGACY_CSS_VENDOR_PREFIXES) $(ENABLE_LEGACY_NOTIFICATIONS) $(ENABLE_LEGACY_VENDOR_PREFIXES) $(ENABLE_LEGACY_WEB_AUDIO) $(ENABLE_LETTERPRESS) $(ENABLE_LINK_PREFETCH) $(ENABLE_MAC_GESTURE_EVENTS) $(ENABLE_MATHML) $(ENABLE_MEDIA_CONTROLS_SCRIPT) $(ENABLE_MEDIA_SESSION) $(ENABLE_MEDIA_SOURCE) $(ENABLE_MEDIA_STATISTICS) $(ENABLE_MEDIA_STREAM) $(ENABLE_METER_ELEMENT) $(ENABLE_MHTML) $(ENABLE_MOUSE_CURSOR_SCALE) $(ENABLE_NAVIGATOR_CONTENT_UTILS) $(ENABLE_NAVIGATOR_HWCONCURRENCY) $(ENABLE_NOTIFICATIONS) $(ENABLE_PDFKIT_PLUGIN) $(ENABLE_POINTER_LOCK) $(ENABLE_PROXIMITY_EVENTS) $(ENABLE_PUBLIC_SUFFIX_LIST) $(ENABLE_QUOTA) $(ENABLE_REQUEST_ANIMATION_FRAME) $(ENABLE_REQUEST_AUTOCOMPLETE) $(ENABLE_REMOTE_INSPECTOR) $(ENABLE_RESOLUTION_MEDIA_QUERY) $(ENABLE_RESOURCE_USAGE) $(ENABLE_RUBBER_BANDING) $(ENABLE_CSS_SCROLL_SNAP) $(ENABLE_SPEECH_SYNTHESIS) $(ENABLE_STREAMS_API) $(ENABLE_SUBTLE_CRYPTO) $(ENABLE_SVG_FONTS) $(ENABLE_TELEPHONE_NUMBER_DETECTION) $(ENABLE_TEMPLATE_ELEMENT) $(ENABLE_TEXT_AUTOSIZING) $(ENABLE_TOUCH_EVENTS) $(ENABLE_TOUCH_ICON_LOADING) $(ENABLE_CSS_TRAILING_WORD) $(ENABLE_USERSELECT_ALL) $(ENABLE_VIDEO) $(ENABLE_VIDEO_TRACK) $(ENABLE_DATACUE_VALUE) $(ENABLE_VIEW_MODE_CSS_MEDIA) $(ENABLE_WEBASSEMBLY) $(ENABLE_WEBGL) $(ENABLE_WEBGL2) $(ENA
[webkit-changes] [197878] trunk/Source
Title: [197878] trunk/Source Revision 197878 Author oli...@apple.com Date 2016-03-09 13:15:00 -0800 (Wed, 09 Mar 2016) Log Message Fix old iOS Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/Platform.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (197877 => 197878) --- trunk/Source/_javascript_Core/ChangeLog 2016-03-09 21:13:51 UTC (rev 197877) +++ trunk/Source/_javascript_Core/ChangeLog 2016-03-09 21:15:00 UTC (rev 197878) @@ -1,5 +1,12 @@ 2016-03-09 Oliver Hunt <oli...@apple.com> +Fix old iOS + +* jit/ExecutableAllocatorFixedVMPool.cpp: +(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps): + +2016-03-09 Oliver Hunt <oli...@apple.com> + Wincairo buildfix https://bugs.webkit.org/show_bug.cgi?id=155245 Modified: trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp (197877 => 197878) --- trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp 2016-03-09 21:13:51 UTC (rev 197877) +++ trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp 2016-03-09 21:15:00 UTC (rev 197878) @@ -181,7 +181,7 @@ bool remapSucceeded = (ret == KERN_SUCCESS); if (!remapSucceeded) -writableAddr = (mach_vm_address_t)jitBase; +return; // Assemble a thunk that will serve as the means for writing into the JIT region. MacroAssemblerCodeRef writeThunk = jitWriteThunkGenerator(writableAddr, stubBase, stubSize); Modified: trunk/Source/WTF/ChangeLog (197877 => 197878) --- trunk/Source/WTF/ChangeLog 2016-03-09 21:13:51 UTC (rev 197877) +++ trunk/Source/WTF/ChangeLog 2016-03-09 21:15:00 UTC (rev 197878) @@ -1,3 +1,9 @@ +2016-03-09 Oliver Hunt <oli...@apple.com> + +Fix old iOS + +* wtf/Platform.h: + 2016-03-08 Filip Pizlo <fpi...@apple.com> Remove failing assertion. There are strings that claim to be atomic but that the Modified: trunk/Source/WTF/wtf/Platform.h (197877 => 197878) --- trunk/Source/WTF/wtf/Platform.h 2016-03-09 21:13:51 UTC (rev 197877) +++ trunk/Source/WTF/wtf/Platform.h 2016-03-09 21:15:00 UTC (rev 197878) @@ -1138,8 +1138,10 @@ #define USE_OS_LOG 1 #endif -#if !CPU(ARM64) && defined(ENABLE_SEPARATED_WX_HEAP) +#if defined(ENABLE_SEPARATED_WX_HEAP) +#if !(CPU(ARM64) && ((PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 10))) #undef ENABLE_SEPARATED_WX_HEAP #endif +#endif #endif /* WTF_Platform_h */ ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [197876] trunk/Source/JavaScriptCore
Title: [197876] trunk/Source/_javascript_Core Revision 197876 Author oli...@apple.com Date 2016-03-09 13:09:51 -0800 (Wed, 09 Mar 2016) Log Message Wincairo buildfix https://bugs.webkit.org/show_bug.cgi?id=155245 Reviewed by Mark Lam. Fix up exports for a few symbols * jit/ExecutableAllocator.h: * jit/ExecutableAllocatorFixedVMPool.cpp: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/jit/ExecutableAllocator.h trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (197875 => 197876) --- trunk/Source/_javascript_Core/ChangeLog 2016-03-09 20:55:28 UTC (rev 197875) +++ trunk/Source/_javascript_Core/ChangeLog 2016-03-09 21:09:51 UTC (rev 197876) @@ -1,3 +1,15 @@ +2016-03-09 Oliver Hunt <oli...@apple.com> + +Wincairo buildfix +https://bugs.webkit.org/show_bug.cgi?id=155245 + +Reviewed by Mark Lam. + +Fix up exports for a few symbols + +* jit/ExecutableAllocator.h: +* jit/ExecutableAllocatorFixedVMPool.cpp: + 2016-03-09 Mark Lam <mark@apple.com> Add dumping of function _expression_ names in CodeBlock bytecode dump. Modified: trunk/Source/_javascript_Core/jit/ExecutableAllocator.h (197875 => 197876) --- trunk/Source/_javascript_Core/jit/ExecutableAllocator.h 2016-03-09 20:55:28 UTC (rev 197875) +++ trunk/Source/_javascript_Core/jit/ExecutableAllocator.h 2016-03-09 21:09:51 UTC (rev 197876) @@ -89,11 +89,11 @@ static const double executablePoolReservationFraction = 0.25; #endif -extern uintptr_t startOfFixedExecutableMemoryPool; -extern uintptr_t endOfFixedExecutableMemoryPool; +extern JS_EXPORTDATA uintptr_t startOfFixedExecutableMemoryPool; +extern JS_EXPORTDATA uintptr_t endOfFixedExecutableMemoryPool; #if ENABLE(SEPARATED_WX_HEAP) -extern uintptr_t jitWriteFunctionAddress; +extern JS_EXPORTDATA uintptr_t jitWriteFunctionAddress; #endif #endif // ENABLE(EXECUTABLE_ALLOCATOR_FIXED) Modified: trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp (197875 => 197876) --- trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp 2016-03-09 20:55:28 UTC (rev 197875) +++ trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp 2016-03-09 21:09:51 UTC (rev 197876) @@ -85,11 +85,11 @@ namespace JSC { -JS_EXPORT_PRIVATE uintptr_t startOfFixedExecutableMemoryPool; -JS_EXPORT_PRIVATE uintptr_t endOfFixedExecutableMemoryPool; +JS_EXPORTDATA uintptr_t startOfFixedExecutableMemoryPool; +JS_EXPORTDATA uintptr_t endOfFixedExecutableMemoryPool; #if ENABLE(SEPARATED_WX_HEAP) -JS_EXPORT_PRIVATE uintptr_t jitWriteFunctionAddress; +JS_EXPORTDATA uintptr_t jitWriteFunctionAddress; #endif class FixedVMPoolExecutableAllocator : public MetaAllocator { ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [197821] trunk/Source/JavaScriptCore
Title: [197821] trunk/Source/_javascript_Core Revision 197821 Author oli...@apple.com Date 2016-03-08 17:05:53 -0800 (Tue, 08 Mar 2016) Log Message Fix ios bot build. Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (197820 => 197821) --- trunk/Source/_javascript_Core/ChangeLog 2016-03-09 01:00:34 UTC (rev 197820) +++ trunk/Source/_javascript_Core/ChangeLog 2016-03-09 01:05:53 UTC (rev 197821) @@ -1,3 +1,10 @@ +2016-03-08 Oliver Hunt <oli...@apple.com> + +Fix ios bot build. + +* jit/ExecutableAllocatorFixedVMPool.cpp: +(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps): + 2016-03-08 Mark Lam <mark@apple.com> Implement Function.name support for getters/setters and inferring name of function properties. Modified: trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp (197820 => 197821) --- trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp 2016-03-09 01:00:34 UTC (rev 197820) +++ trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp 2016-03-09 01:05:53 UTC (rev 197821) @@ -54,7 +54,29 @@ #if OS(DARWIN) #include -#include +extern "C" { +/* Routine mach_vm_remap */ +#ifdef mig_external +mig_external +#else +extern +#endif /* mig_external */ +kern_return_t mach_vm_remap +( + vm_map_t target_task, + mach_vm_address_t *target_address, + mach_vm_size_t size, + mach_vm_offset_t mask, + int flags, + vm_map_t src_task, + mach_vm_address_t src_address, + boolean_t copy, + vm_prot_t *cur_protection, + vm_prot_t *max_protection, + vm_inherit_t inheritance + ); +} + #endif #endif @@ -157,31 +179,33 @@ mach_task_self(), (mach_vm_address_t)jitBase, FALSE, , , VM_INHERIT_DEFAULT); -RELEASE_ASSERT(ret == KERN_SUCCESS); +bool remapSucceeded = (ret == KERN_SUCCESS); +if (!remapSucceeded) +writableAddr = (mach_vm_address_t)jitBase; - // Assemble a thunk that will serve as the means for writing into the JIT region. MacroAssemblerCodeRef writeThunk = jitWriteThunkGenerator(writableAddr, stubBase, stubSize); int result = 0; +if (!remapSucceeded) { #if defined(VM_PROT_EXECUTE_ONLY) -// Prevent reading the write thunk code. -result = mprotect(stubBase, stubSize, VM_PROT_EXECUTE_ONLY); -RELEASE_ASSERT(!result); +// Prevent reading the write thunk code. +result = mprotect(stubBase, stubSize, VM_PROT_EXECUTE_ONLY); +RELEASE_ASSERT(!result); #endif - -// Prevent writing into the executable JIT mapping. -result = mprotect(jitBase, jitSize, VM_PROT_READ | VM_PROT_EXECUTE); -RELEASE_ASSERT(!result); -// Prevent execution in the writable JIT mapping. -result = mprotect((void*)writableAddr, jitSize, VM_PROT_READ | VM_PROT_WRITE); -RELEASE_ASSERT(!result); +// Prevent writing into the executable JIT mapping. +result = mprotect(jitBase, jitSize, VM_PROT_READ | VM_PROT_EXECUTE); +RELEASE_ASSERT(!result); -// Zero out writableAddr to avoid leaking the address of the writable mapping. -memset_s(, sizeof(writableAddr), 0, sizeof(writableAddr)); +// Prevent execution in the writable JIT mapping. +result = mprotect((void*)writableAddr, jitSize, VM_PROT_READ | VM_PROT_WRITE); +RELEASE_ASSERT(!result); +// Zero out writableAddr to avoid leaking the address of the writable mapping. +memset_s(, sizeof(writableAddr), 0, sizeof(writableAddr)); +} jitWriteFunctionAddress = (uintptr_t)writeThunk.code().executableAddress(); } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [197818] trunk/Source/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
Title: [197818] trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp Revision 197818 Author oli...@apple.com Date 2016-03-08 16:25:48 -0800 (Tue, 08 Mar 2016) Log Message Build fix Modified Paths trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp Diff Modified: trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp (197817 => 197818) --- trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp 2016-03-09 00:21:26 UTC (rev 197817) +++ trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp 2016-03-09 00:25:48 UTC (rev 197818) @@ -153,7 +153,7 @@ remapFlags |= VM_FLAGS_RANDOM_ADDR; #endif kern_return_t ret = mach_vm_remap(mach_task_self(), , jitSize, 0, -VM_FLAGS_ANYWHERE | VM_FLAGS_RANDOM_ADDR, +remapFlags, mach_task_self(), (mach_vm_address_t)jitBase, FALSE, , , VM_INHERIT_DEFAULT); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [197816] trunk
Title: [197816] trunk Revision 197816 Author oli...@apple.com Date 2016-03-08 16:08:53 -0800 (Tue, 08 Mar 2016) Log Message Start moving to separated writable and executable mappings in the JIT https://bugs.webkit.org/show_bug.cgi?id=155178 Reviewed by Fil Pizlo. Source/_javascript_Core: Start moving to a separate writable and executable heap for the various JITs. As part of our work to harden the JIT against various attacks, we're moving away from our current RWX heap and on to using separate RW and X mappings. This means that simply leaking the location of the executable mapping is not sufficient to compromise JSC, so we can continue to use direct executable pointers in our GC objects (which we need for performance), but keep the writable pointer in only a single location so that we are less likely to leak the address. To further obscure the address of the writable region we place it in an execute only region of memory so that it is not possible to read the location from anywhere. That means an attacker must have at least partial control of PC (to call jitMemCopy) before they can start to attack the JIT. This work is initially ARM64 only, as we use as the jitMemCopy is currently specific to that platform's calling conventions and layout. We're just landing it in the current form so that we can at least ensure it doesn't regress. * Configurations/FeatureDefines.xcconfig: * assembler/ARM64Assembler.h: (JSC::ARM64Assembler::ldp): (JSC::ARM64Assembler::ldnp): (JSC::ARM64Assembler::fillNops): (JSC::ARM64Assembler::stp): (JSC::ARM64Assembler::stnp): (JSC::ARM64Assembler::replaceWithJump): (JSC::ARM64Assembler::replaceWithLoad): (JSC::ARM64Assembler::replaceWithAddressComputation): (JSC::ARM64Assembler::setPointer): (JSC::ARM64Assembler::repatchInt32): (JSC::ARM64Assembler::repatchCompact): (JSC::ARM64Assembler::linkJumpOrCall): (JSC::ARM64Assembler::linkCompareAndBranch): (JSC::ARM64Assembler::linkConditionalBranch): (JSC::ARM64Assembler::linkTestAndBranch): (JSC::ARM64Assembler::loadStoreRegisterPairOffset): (JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal): * assembler/LinkBuffer.cpp: (JSC::LinkBuffer::copyCompactAndLinkCode): (JSC::LinkBuffer::allocate): * assembler/LinkBuffer.h: (JSC::LinkBuffer::LinkBuffer): * assembler/MacroAssemblerARM64.h: (JSC::MacroAssemblerARM64::sub64): (JSC::MacroAssemblerARM64::load64): (JSC::MacroAssemblerARM64::loadPair64): (JSC::MacroAssemblerARM64::loadPair64WithNonTemporalAccess): (JSC::MacroAssemblerARM64::load8): (JSC::MacroAssemblerARM64::store64): (JSC::MacroAssemblerARM64::storePair64): (JSC::MacroAssemblerARM64::storePair64WithNonTemporalAccess): (JSC::MacroAssemblerARM64::store8): (JSC::MacroAssemblerARM64::branchAdd64): (JSC::MacroAssemblerARM64::branchSub64): * jit/ExecutableAllocator.h: (JSC::performJITMemcpy): * jit/ExecutableAllocatorFixedVMPool.cpp: (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps): (JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator): * runtime/Options.cpp: (JSC::recomputeDependentOptions): * runtime/Options.h: Source/WebCore: Update feature defines. * Configurations/FeatureDefines.xcconfig: Source/WebKit/mac: Update feature defines. * Configurations/FeatureDefines.xcconfig: Source/WebKit2: Update feature defines. * Configurations/FeatureDefines.xcconfig: Source/WTF: Update feature defines. * wtf/FeatureDefines.h: * wtf/Platform.h: ARM64 for now. Tools: Making run-jsc-benchmarks slightly happier on my machine. * Scripts/run-jsc-benchmarks: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig trunk/Source/_javascript_Core/assembler/ARM64Assembler.h trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp trunk/Source/_javascript_Core/assembler/LinkBuffer.h trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h trunk/Source/_javascript_Core/jit/ExecutableAllocator.h trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp trunk/Source/_javascript_Core/runtime/Options.cpp trunk/Source/_javascript_Core/runtime/Options.h trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/FeatureDefines.h trunk/Source/WTF/wtf/Platform.h trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig trunk/Source/WebKit/mac/ChangeLog trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig trunk/Tools/ChangeLog trunk/Tools/Scripts/run-jsc-benchmarks Diff Modified: trunk/Source/_javascript_Core/ChangeLog (197815 => 197816) --- trunk/Source/_javascript_Core/ChangeLog 2016-03-09 00:01:09 UTC (rev 197815) +++ trunk/Source/_javascript_Core/ChangeLog 2016-03-09 00:08:53 UTC (rev 197816) @@ -1,3 +1,76 @@ +2016-03-08 Oliver Hunt <oli...@apple.com> + +Start moving to separated writable and executable mappings i
[webkit-changes] [197793] trunk
Title: [197793] trunk Revision 197793 Author oli...@apple.com Date 2016-03-08 12:53:11 -0800 (Tue, 08 Mar 2016) Log Message Start moving to separated writable and executable mappings in the JIT https://bugs.webkit.org/show_bug.cgi?id=155178 Reviewed by Filip Pizlo. Source/_javascript_Core: Start moving to a separate writable and executable heap for the various JITs. As part of our work to harden the JIT against various attacks, we're moving away from our current RWX heap and on to using separate RW and X mappings. This means that simply leaking the location of the executable mapping is not sufficient to compromise JSC, so we can continue to use direct executable pointers in our GC objects (which we need for performance), but keep the writable pointer in only a single location so that we are less likely to leak the address. To further obscure the address of the writable region we place it in an execute only region of memory so that it is not possible to read the location from anywhere. That means an attacker must have at least partial control of PC (to call jitMemCopy) before they can start to attack the JIT. This work is initially ARM64 only, as we use as the jitMemCopy is currently specific to that platform's calling conventions and layout. We're just landing it in the current form so that we can at least ensure it doesn't regress. * Configurations/FeatureDefines.xcconfig: * assembler/ARM64Assembler.h: (JSC::ARM64Assembler::ldp): (JSC::ARM64Assembler::ldnp): (JSC::ARM64Assembler::fillNops): (JSC::ARM64Assembler::stp): (JSC::ARM64Assembler::stnp): (JSC::ARM64Assembler::replaceWithJump): (JSC::ARM64Assembler::replaceWithLoad): (JSC::ARM64Assembler::replaceWithAddressComputation): (JSC::ARM64Assembler::setPointer): (JSC::ARM64Assembler::repatchInt32): (JSC::ARM64Assembler::repatchCompact): (JSC::ARM64Assembler::linkJumpOrCall): (JSC::ARM64Assembler::linkCompareAndBranch): (JSC::ARM64Assembler::linkConditionalBranch): (JSC::ARM64Assembler::linkTestAndBranch): (JSC::ARM64Assembler::loadStoreRegisterPairOffset): (JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal): * assembler/LinkBuffer.cpp: (JSC::LinkBuffer::copyCompactAndLinkCode): (JSC::LinkBuffer::allocate): * assembler/LinkBuffer.h: (JSC::LinkBuffer::LinkBuffer): * assembler/MacroAssemblerARM64.h: (JSC::MacroAssemblerARM64::sub64): (JSC::MacroAssemblerARM64::load64): (JSC::MacroAssemblerARM64::loadPair64): (JSC::MacroAssemblerARM64::loadPair64WithNonTemporalAccess): (JSC::MacroAssemblerARM64::load8): (JSC::MacroAssemblerARM64::store64): (JSC::MacroAssemblerARM64::storePair64): (JSC::MacroAssemblerARM64::storePair64WithNonTemporalAccess): (JSC::MacroAssemblerARM64::store8): (JSC::MacroAssemblerARM64::branchAdd64): (JSC::MacroAssemblerARM64::branchSub64): * jit/ExecutableAllocator.h: (JSC::performJITMemcpy): * jit/ExecutableAllocatorFixedVMPool.cpp: (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): (JSC::FixedVMPoolExecutableAllocator::initializeBulletproofJIT): (JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator): * runtime/Options.cpp: (JSC::recomputeDependentOptions): * runtime/Options.h: Source/WebCore: Update feature defines. * Configurations/FeatureDefines.xcconfig: Source/WebKit/mac: Update feature defines. * Configurations/FeatureDefines.xcconfig: Source/WebKit2: Update feature defines. * Configurations/FeatureDefines.xcconfig: Source/WTF: Update feature defines. * wtf/FeatureDefines.h: * wtf/Platform.h: ARM64 for now. Tools: Making run-jsc-benchmarks slightly happier on my machine. * Scripts/run-jsc-benchmarks: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/Configurations/FeatureDefines.xcconfig trunk/Source/_javascript_Core/assembler/ARM64Assembler.h trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp trunk/Source/_javascript_Core/assembler/LinkBuffer.h trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.h trunk/Source/_javascript_Core/jit/ExecutableAllocator.h trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp trunk/Source/_javascript_Core/runtime/Options.cpp trunk/Source/_javascript_Core/runtime/Options.h trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/FeatureDefines.h trunk/Source/WTF/wtf/Platform.h trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/Configurations/FeatureDefines.xcconfig trunk/Source/WebKit/mac/ChangeLog trunk/Source/WebKit/mac/Configurations/FeatureDefines.xcconfig trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Configurations/FeatureDefines.xcconfig trunk/Tools/ChangeLog trunk/Tools/Scripts/run-jsc-benchmarks Added Paths trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMMach.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (197792 => 197793) --- trunk/Source/_javascript_Core/ChangeLog 2016-03-08 20:35:23 UTC (rev 197792) +++ trunk/Source/_javascript_Core/ChangeLog 2016-03-08 20:53:11 UTC (rev 197793) @@ -1,3 +1,76 @@ +2016-03-08 Oliver Hunt <oli...@app
[webkit-changes] [197256] trunk/Source/JavaScriptCore
Title: [197256] trunk/Source/_javascript_Core Revision 197256 Author oli...@apple.com Date 2016-02-27 11:28:25 -0800 (Sat, 27 Feb 2016) Log Message CLoop build fix. Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (197255 => 197256) --- trunk/Source/_javascript_Core/ChangeLog 2016-02-27 18:30:58 UTC (rev 197255) +++ trunk/Source/_javascript_Core/ChangeLog 2016-02-27 19:28:25 UTC (rev 197256) @@ -1,3 +1,9 @@ +2016-02-27 Oliver Hunt <oli...@apple.com> + +CLoop build fix. + +* jit/ExecutableAllocatorFixedVMPool.cpp: + 2016-02-26 Oliver Hunt <oli...@apple.com> Remove the on demand executable allocator Modified: trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp (197255 => 197256) --- trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp 2016-02-27 18:30:58 UTC (rev 197255) +++ trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp 2016-02-27 19:28:25 UTC (rev 197256) @@ -26,6 +26,8 @@ #include "config.h" #include "ExecutableAllocator.h" +#if ENABLE(ASSEMBLER) + #include "JSCInlines.h" #include "CodeProfiling.h" @@ -220,3 +222,5 @@ #endif } + +#endif ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [197226] trunk/Source
Title: [197226] trunk/Source Revision 197226 Author oli...@apple.com Date 2016-02-26 18:10:29 -0800 (Fri, 26 Feb 2016) Log Message Remove the on demand executable allocator https://bugs.webkit.org/show_bug.cgi?id=154749 Reviewed by Geoffrey Garen. Source/_javascript_Core: Remove all the DemandExecutable code and executable allocator ifdefs. * CMakeLists.txt: * _javascript_Core.vcxproj/_javascript_Core.vcxproj: * _javascript_Core.vcxproj/_javascript_Core.vcxproj.filters: * _javascript_Core.xcodeproj/project.pbxproj: * jit/ExecutableAllocator.cpp: Removed. (JSC::DemandExecutableAllocator::DemandExecutableAllocator): Deleted. (JSC::DemandExecutableAllocator::~DemandExecutableAllocator): Deleted. (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): Deleted. (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): Deleted. (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): Deleted. (JSC::DemandExecutableAllocator::allocateNewSpace): Deleted. (JSC::DemandExecutableAllocator::notifyNeedPage): Deleted. (JSC::DemandExecutableAllocator::notifyPageIsFree): Deleted. (JSC::DemandExecutableAllocator::allocators): Deleted. (JSC::DemandExecutableAllocator::allocatorsMutex): Deleted. (JSC::ExecutableAllocator::initializeAllocator): Deleted. (JSC::ExecutableAllocator::ExecutableAllocator): Deleted. (JSC::ExecutableAllocator::~ExecutableAllocator): Deleted. (JSC::ExecutableAllocator::isValid): Deleted. (JSC::ExecutableAllocator::underMemoryPressure): Deleted. (JSC::ExecutableAllocator::memoryPressureMultiplier): Deleted. (JSC::ExecutableAllocator::allocate): Deleted. (JSC::ExecutableAllocator::committedByteCount): Deleted. (JSC::ExecutableAllocator::dumpProfile): Deleted. (JSC::ExecutableAllocator::getLock): Deleted. (JSC::ExecutableAllocator::isValidExecutableMemory): Deleted. (JSC::ExecutableAllocator::reprotectRegion): Deleted. * jit/ExecutableAllocator.h: * jit/ExecutableAllocatorFixedVMPool.cpp: * jit/JITStubRoutine.h: (JSC::JITStubRoutine::canPerformRangeFilter): Deleted. (JSC::JITStubRoutine::filteringStartAddress): Deleted. (JSC::JITStubRoutine::filteringExtentSize): Deleted. Source/WTF: Remove the DeamndExecutableAllocator compile flags. * wtf/Platform.h: Modified Paths trunk/Source/_javascript_Core/CMakeLists.txt trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj.filters trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj trunk/Source/_javascript_Core/jit/ExecutableAllocator.h trunk/Source/_javascript_Core/jit/ExecutableAllocatorFixedVMPool.cpp trunk/Source/_javascript_Core/jit/JITStubRoutine.h trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/Platform.h Removed Paths trunk/Source/_javascript_Core/jit/ExecutableAllocator.cpp Diff Modified: trunk/Source/_javascript_Core/CMakeLists.txt (197225 => 197226) --- trunk/Source/_javascript_Core/CMakeLists.txt 2016-02-27 02:03:18 UTC (rev 197225) +++ trunk/Source/_javascript_Core/CMakeLists.txt 2016-02-27 02:10:29 UTC (rev 197226) @@ -515,7 +515,6 @@ jit/CallFrameShuffler32_64.cpp jit/CallFrameShuffler64.cpp jit/ExecutableAllocationFuzz.cpp -jit/ExecutableAllocator.cpp jit/ExecutableAllocatorFixedVMPool.cpp jit/GCAwareJITStubRoutine.cpp jit/GPRInfo.cpp Modified: trunk/Source/_javascript_Core/ChangeLog (197225 => 197226) --- trunk/Source/_javascript_Core/ChangeLog 2016-02-27 02:03:18 UTC (rev 197225) +++ trunk/Source/_javascript_Core/ChangeLog 2016-02-27 02:10:29 UTC (rev 197226) @@ -1,3 +1,46 @@ +2016-02-26 Oliver Hunt <oli...@apple.com> + +Remove the on demand executable allocator +https://bugs.webkit.org/show_bug.cgi?id=154749 + +Reviewed by Geoffrey Garen. + +Remove all the DemandExecutable code and executable allocator ifdefs. + +* CMakeLists.txt: +* _javascript_Core.vcxproj/_javascript_Core.vcxproj: +* _javascript_Core.vcxproj/_javascript_Core.vcxproj.filters: +* _javascript_Core.xcodeproj/project.pbxproj: +* jit/ExecutableAllocator.cpp: Removed. +(JSC::DemandExecutableAllocator::DemandExecutableAllocator): Deleted. +(JSC::DemandExecutableAllocator::~DemandExecutableAllocator): Deleted. +(JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): Deleted. +(JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): Deleted. +(JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): Deleted. +(JSC::DemandExecutableAllocator::allocateNewSpace): Deleted. +(JSC::DemandExecutableAllocator::notifyNeedPage): Deleted. +(JSC::DemandExecutableAllocator::notifyPageIsFree): Deleted. +(JSC::DemandExecutableAllocator::allocators): Deleted. +(JSC::DemandExecutableAllocator::allocatorsMutex): Deleted. +(JSC::ExecutableAllocator::initial
[webkit-changes] [197185] trunk/Source/JavaScriptCore
Title: [197185] trunk/Source/_javascript_Core Revision 197185 Author oli...@apple.com Date 2016-02-26 11:18:06 -0800 (Fri, 26 Feb 2016) Log Message Make testRegExp not crash when given an invalid regexp https://bugs.webkit.org/show_bug.cgi?id=154732 Reviewed by Mark Lam. * testRegExp.cpp: (parseRegExpLine): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/testRegExp.cpp trunk/Source/_javascript_Core/tests/regexp/RegExpTest.data Diff Modified: trunk/Source/_javascript_Core/ChangeLog (197184 => 197185) --- trunk/Source/_javascript_Core/ChangeLog 2016-02-26 19:09:24 UTC (rev 197184) +++ trunk/Source/_javascript_Core/ChangeLog 2016-02-26 19:18:06 UTC (rev 197185) @@ -1,3 +1,13 @@ +2016-02-26 Oliver Hunt <oli...@apple.com> + +Make testRegExp not crash when given an invalid regexp +https://bugs.webkit.org/show_bug.cgi?id=154732 + +Reviewed by Mark Lam. + +* testRegExp.cpp: +(parseRegExpLine): + 2016-02-26 Benjamin Poulain <benja...@webkit.org> [JSC] Add the test for r197155 Modified: trunk/Source/_javascript_Core/testRegExp.cpp (197184 => 197185) --- trunk/Source/_javascript_Core/testRegExp.cpp 2016-02-26 19:09:24 UTC (rev 197184) +++ trunk/Source/_javascript_Core/testRegExp.cpp 2016-02-26 19:18:06 UTC (rev 197185) @@ -339,7 +339,10 @@ ++i; -return RegExp::create(vm, pattern.toString(), regExpFlags(line + i)); +RegExp* r = RegExp::create(vm, pattern.toString(), regExpFlags(line + i)); +if (r->isValid()) +return r; +return nullptr; } static RegExpTest* parseTestLine(char* line, int lineLength) @@ -465,6 +468,14 @@ if (regExpTest) delete regExpTest; +} else if (linePtr[0] == '-') { +tests++; +regexp = 0; // Reset the live regexp to avoid confusing other subsequent tests +bool successfullyParsed = parseRegExpLine(vm, linePtr + 1, lineLength - 1); +if (successfullyParsed) { +failures++; +fprintf(stderr, "Failure on line %u. '%s' is not a valid regexp\n", lineNumber, linePtr + 1); +} } } Modified: trunk/Source/_javascript_Core/tests/regexp/RegExpTest.data (197184 => 197185) --- trunk/Source/_javascript_Core/tests/regexp/RegExpTest.data 2016-02-26 19:09:24 UTC (rev 197184) +++ trunk/Source/_javascript_Core/tests/regexp/RegExpTest.data 2016-02-26 19:18:06 UTC (rev 197185) @@ -1038,3 +1038,8 @@ "ca\nb\n", 0, -1, (-1, -1) "b\nca\n", 0, -1, (-1, -1) "b\nca", 0, -1, (-1, -1) + +-/asd +-?? +-*+ + ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [184316] trunk/Source
Title: [184316] trunk/Source Revision 184316 Author oli...@apple.com Date 2015-05-13 16:18:56 -0700 (Wed, 13 May 2015) Log Message Source/_javascript_Core: Ensure that all the smart pointer types in WTF clear their pointer before deref https://bugs.webkit.org/show_bug.cgi?id=143789 Reviewed by Ryosuke Niwa. One of the simpler cases of this in _javascript_Core. There are other cases where we need to guard the derefs but they are more complex cases. * inspector/JSInjectedScriptHost.cpp: (Inspector::JSInjectedScriptHost::releaseImpl): * inspector/JSJavaScriptCallFrame.cpp: (Inspector::JSJavaScriptCallFrame::releaseImpl): Source/WTF: Ensure that all the smart pointer types in WTF clear their pointer before deref https://bugs.webkit.org/show_bug.cgi?id=143789 Reviewed by Ryosuke Niwa. In order to prevent use after free bugs caused by destructors that end up trying to access the smart pointer itself, we should make sure we always clear the m_ptr field before calling deref. Essentially the UaF path is: struct Foo : RefCountedFoo { Wibble* m_wibble; void doSomething(); ~Foo() { m_wibble-doSomethingLikeCleanup(); } }; struct Wibble { void doSomethingLikeCleanup() { if (m_foo) { /* if this branch is not here we get a null deref */ m_foo-doSomething(); } } void replaceFoo(Foo* foo) { m_foo = foo; } RefPtrFoo m_foo; }; Wibble* someWibble = /* a Wibble with m_foo-m_refCount == 1 */; /* and m_foo points to someWibble */; someWibble-replaceFoo(someOtherFoo); + someWibble-m_foo-m_ptr-deref(); + someWibble-m_foo-m_ptr-~Foo() + someWibble-m_foo-m_ptr-m_wibble-doSomethingLikeCleanup() + someWibble-m_foo-m_ptr-m_wibble /* someWibble */ -m_foo-m_ptr /*logically dead*/ -doSomething() By clearing m_ptr first we either force a null pointer deref or we force our code down a path that does not use the dead smart pointer. * wtf/PassRefPtr.h: (WTF::PassRefPtr::~PassRefPtr): * wtf/Ref.h: (WTF::Ref::~Ref): (WTF::Ref::operator=): * wtf/RefPtr.h: (WTF::RefPtr::~RefPtr): * wtf/RetainPtr.h: (WTF::RetainPtr::~RetainPtr): (WTF::RetainPtrT::clear): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/inspector/JSInjectedScriptHost.cpp trunk/Source/_javascript_Core/inspector/JSJavaScriptCallFrame.cpp trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/PassRefPtr.h trunk/Source/WTF/wtf/RefPtr.h trunk/Source/WTF/wtf/RetainPtr.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (184315 => 184316) --- trunk/Source/_javascript_Core/ChangeLog 2015-05-13 23:09:13 UTC (rev 184315) +++ trunk/Source/_javascript_Core/ChangeLog 2015-05-13 23:18:56 UTC (rev 184316) @@ -1,3 +1,18 @@ +2015-05-13 Oliver Hunt oli...@apple.com +Ensure that all the smart pointer types in WTF clear their pointer before deref +https://bugs.webkit.org/show_bug.cgi?id=143789 + +Reviewed by Ryosuke Niwa. + +One of the simpler cases of this in _javascript_Core. There +are other cases where we need to guard the derefs but they +are more complex cases. + +* inspector/JSInjectedScriptHost.cpp: +(Inspector::JSInjectedScriptHost::releaseImpl): +* inspector/JSJavaScriptCallFrame.cpp: +(Inspector::JSJavaScriptCallFrame::releaseImpl): + 2015-05-13 Alexandr Skachkov gskach...@gmail.com Small refactoring before ES6 Arrow function implementation. Modified: trunk/Source/_javascript_Core/inspector/JSInjectedScriptHost.cpp (184315 => 184316) --- trunk/Source/_javascript_Core/inspector/JSInjectedScriptHost.cpp 2015-05-13 23:09:13 UTC (rev 184315) +++ trunk/Source/_javascript_Core/inspector/JSInjectedScriptHost.cpp 2015-05-13 23:18:56 UTC (rev 184316) @@ -85,10 +85,8 @@ void JSInjectedScriptHost::releaseImpl() { -if (m_impl) { -m_impl-deref(); -m_impl = nullptr; -} +if (auto impl = std::exchange(m_impl, nullptr)) +impl-deref(); } JSInjectedScriptHost::~JSInjectedScriptHost() Modified: trunk/Source/_javascript_Core/inspector/JSJavaScriptCallFrame.cpp (184315 => 184316) --- trunk/Source/_javascript_Core/inspector/JSJavaScriptCallFrame.cpp 2015-05-13 23:09:13 UTC (rev 184315) +++ trunk/Source/_javascript_Core/inspector/JSJavaScriptCallFrame.cpp 2015-05-13 23:18:56 UTC (rev 184316) @@ -64,10 +64,8 @@ void JSJavaScriptCallFrame::releaseImpl() { -if (m_impl) { -m_impl-deref(); -m_impl = nullptr; -} +if (auto impl = std::exchange(m_impl, nullptr)) +impl-deref(); } JSJavaScriptCallFrame::~JSJavaScriptCallFrame() Modified: trunk/Source/WTF/ChangeLog (184315 => 184316) --- trunk/Source/WTF/ChangeLog 2015-05-13 23:09:13 UTC (rev 184315) +++ trunk/Source/WTF/ChangeLog 2015-05-13 23:18:56 UTC (rev 184
[webkit-changes] [184009] trunk/Source/JavaScriptCore
Title: [184009] trunk/Source/_javascript_Core Revision 184009 Author oli...@apple.com Date 2015-05-08 13:07:29 -0700 (Fri, 08 May 2015) Log Message MapDataImpl::add() shouldn't do the same hash lookup twice. https://bugs.webkit.org/show_bug.cgi?id=144759 Reviewed by Gavin Barraclough. We don't actually need to do a double lookup here, all we need to do is update the index to point to the correct m_size. * runtime/MapDataInlines.h: (JSC::JSIterator::add): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/MapDataInlines.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (184008 => 184009) --- trunk/Source/_javascript_Core/ChangeLog 2015-05-08 19:43:59 UTC (rev 184008) +++ trunk/Source/_javascript_Core/ChangeLog 2015-05-08 20:07:29 UTC (rev 184009) @@ -1,3 +1,16 @@ +2015-05-08 Oliver Hunt oli...@apple.com + +MapDataImpl::add() shouldn't do the same hash lookup twice. +https://bugs.webkit.org/show_bug.cgi?id=144759 + +Reviewed by Gavin Barraclough. + +We don't actually need to do a double lookup here, all we need to +do is update the index to point to the correct m_size. + +* runtime/MapDataInlines.h: +(JSC::JSIterator::add): + 2015-05-08 Andreas Kling akl...@apple.com Micro-optimize JSON serialization of string primitives. Modified: trunk/Source/_javascript_Core/runtime/MapDataInlines.h (184008 => 184009) --- trunk/Source/_javascript_Core/runtime/MapDataInlines.h 2015-05-08 19:43:59 UTC (rev 184008) +++ trunk/Source/_javascript_Core/runtime/MapDataInlines.h 2015-05-08 20:07:29 UTC (rev 184009) @@ -91,15 +91,16 @@ template typename Map, typename Key inline Entry* MapDataImplEntry, JSIterator::add(ExecState* exec, JSCell* owner, Map map, Key key, KeyType keyValue) { -typename Map::iterator location = map.find(key); -if (location != map.end()) -return m_entries[location-value]; +auto result = map.add(key, m_size); +if (!result.isNewEntry) +return m_entries[result.iterator-value]; -if (!ensureSpaceForAppend(exec, owner)) +if (!ensureSpaceForAppend(exec, owner)) { +map.remove(result.iterator); return 0; +} -auto result = map.add(key, m_size); -RELEASE_ASSERT(result.isNewEntry); +result.iterator-value = m_size; Entry* entry = m_entries[m_size++]; new (entry) Entry(); entry-setKey(exec-vm(), owner, keyValue.value); @@ -174,7 +175,9 @@ { ASSERT(shouldPack()); int32_t newEnd = 0; -RELEASE_ASSERT(newCapacity 0); +ASSERT(newCapacity 0); +RELEASE_ASSERT(newCapacity m_size); + for (int32_t i = 0; i m_size; i++) { Entry entry = m_entries[i]; if (!entry.key()) { @@ -194,14 +197,22 @@ } // Fixup for the hashmaps -for (auto ptr = m_valueKeyedTable.begin(); ptr != m_valueKeyedTable.end(); ++ptr) -ptr-value = m_entries[ptr-value].key().get().asInt32(); -for (auto ptr = m_cellKeyedTable.begin(); ptr != m_cellKeyedTable.end(); ++ptr) -ptr-value = m_entries[ptr-value].key().get().asInt32(); -for (auto ptr = m_stringKeyedTable.begin(); ptr != m_stringKeyedTable.end(); ++ptr) -ptr-value = m_entries[ptr-value].key().get().asInt32(); -for (auto ptr = m_symbolKeyedTable.begin(); ptr != m_symbolKeyedTable.end(); ++ptr) -ptr-value = m_entries[ptr-value].key().get().asInt32(); +for (auto ptr = m_valueKeyedTable.begin(); ptr != m_valueKeyedTable.end(); ++ptr) { +if (ptr-value m_size) +ptr-value = m_entries[ptr-value].key().get().asInt32(); +} +for (auto ptr = m_cellKeyedTable.begin(); ptr != m_cellKeyedTable.end(); ++ptr) { +if (ptr-value m_size) +ptr-value = m_entries[ptr-value].key().get().asInt32(); +} +for (auto ptr = m_stringKeyedTable.begin(); ptr != m_stringKeyedTable.end(); ++ptr) { +if (ptr-value m_size) +ptr-value = m_entries[ptr-value].key().get().asInt32(); +} +for (auto ptr = m_symbolKeyedTable.begin(); ptr != m_symbolKeyedTable.end(); ++ptr) { +if (ptr-value m_size) +ptr-value = m_entries[ptr-value].key().get().asInt32(); +} ASSERT((m_size - newEnd) == m_deletedCount); m_deletedCount = 0; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [183648] trunk/Source/WebCore
Title: [183648] trunk/Source/WebCore Revision 183648 Author oli...@apple.com Date 2015-04-30 15:40:30 -0700 (Thu, 30 Apr 2015) Log Message DOM bindings should not be using a reference type to point to a temporary object https://bugs.webkit.org/show_bug.cgi?id=144474 Reviewed by Beth Dakin. The DOM bindings will currently try and use a local reference to point to a temporary object. This currently works as a by product of the compiler's stack layout. This patch removes the dependency on undefined behaviour by ensuring that we use a value rather than reference type. * bindings/scripts/CodeGeneratorJS.pm: (GenerateParametersCheck): (GetNativeTypeForCallbacks): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm Diff Modified: trunk/Source/WebCore/ChangeLog (183647 => 183648) --- trunk/Source/WebCore/ChangeLog 2015-04-30 22:16:42 UTC (rev 183647) +++ trunk/Source/WebCore/ChangeLog 2015-04-30 22:40:30 UTC (rev 183648) @@ -1,3 +1,19 @@ +2015-04-30 Oliver Hunt oli...@apple.com + +DOM bindings should not be using a reference type to point to a temporary object +https://bugs.webkit.org/show_bug.cgi?id=144474 + +Reviewed by Beth Dakin. + +The DOM bindings will currently try and use a local reference to point +to a temporary object. This currently works as a by product of the compiler's +stack layout. This patch removes the dependency on undefined behaviour +by ensuring that we use a value rather than reference type. + +* bindings/scripts/CodeGeneratorJS.pm: +(GenerateParametersCheck): +(GetNativeTypeForCallbacks): + 2015-04-30 Brady Eidson beid...@apple.com _javascript_ using WebSQL can create their own WebKit info table. Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (183647 => 183648) --- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2015-04-30 22:16:42 UTC (rev 183647) +++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2015-04-30 22:40:30 UTC (rev 183648) @@ -3303,7 +3303,7 @@ push(@$outputArray, AtomicStringImpl* existing_$name = exec-argument($argsIndex).isEmpty() ? nullptr : exec-argument($argsIndex).toString(exec)-toExistingAtomicString(exec);\n); push(@$outputArray, if (!existing_$name)\n); push(@$outputArray, return JSValue::encode(jsNull());\n); -push(@$outputArray, const AtomicString $name(existing_$name);\n); +push(@$outputArray, const AtomicString $name(existing_$name);\n); } else { push(@$outputArray, . GetNativeTypeFromSignature($parameter) . $name( . JSValueToNative($parameter, $optional $defaultAttribute $defaultAttribute eq NullString ? argumentOrNull(exec, $argsIndex) : exec-argument($argsIndex), $function-signature-extendedAttributes-{Conditional}) . );\n); } @@ -3644,7 +3644,7 @@ my %nativeType = ( CompareHow = Range::CompareHow, -DOMString = const String, +DOMString = const String, NodeFilter = RefPtrNodeFilter, SerializedScriptValue = RefPtrSerializedScriptValue, Date = double, @@ -3704,6 +3704,7 @@ my $type = shift; return PassRefPtrSerializedScriptValue if $type eq SerializedScriptValue; return PassRefPtrDOMStringList if $type eq DOMStringList; +return const String if $type eq DOMString; return GetNativeType($type); } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [182289] trunk/Source/WebKit2
Title: [182289] trunk/Source/WebKit2 Revision 182289 Author oli...@apple.com Date 2015-04-02 14:52:53 -0700 (Thu, 02 Apr 2015) Log Message Ensure that we always set network ATS context in the network process https://bugs.webkit.org/show_bug.cgi?id=143343 Reviewed by Dan Bernstein. If a custom cache location or size we were early returning before setting the CFNetwork ATS context. This is clearly an error. * NetworkProcess/cocoa/NetworkProcessCocoa.mm: (WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (182288 => 182289) --- trunk/Source/WebKit2/ChangeLog 2015-04-02 21:48:32 UTC (rev 182288) +++ trunk/Source/WebKit2/ChangeLog 2015-04-02 21:52:53 UTC (rev 182289) @@ -1,3 +1,16 @@ +2015-04-02 Oliver Hunt oli...@apple.com + +Ensure that we always set network ATS context in the network process +https://bugs.webkit.org/show_bug.cgi?id=143343 + +Reviewed by Dan Bernstein. + +If a custom cache location or size we were early returning before setting +the CFNetwork ATS context. This is clearly an error. + +* NetworkProcess/cocoa/NetworkProcessCocoa.mm: +(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): + 2015-04-02 Alexey Proskuryakov a...@apple.com Make checkURLReceivedFromWebProcess not rely on details of platform URL implementation. Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm (182288 => 182289) --- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2015-04-02 21:48:32 UTC (rev 182288) +++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2015-04-02 21:52:53 UTC (rev 182289) @@ -54,6 +54,10 @@ #endif m_diskCacheDirectory = parameters.diskCacheDirectory; +#if (PLATFORM(IOS) __IPHONE_OS_VERSION_MIN_REQUIRED = 9) || (PLATFORM(MAC) __MAC_OS_X_VERSION_MIN_REQUIRED = 101100) +_CFNetworkSetATSContext(parameters.networkATSContext.get()); +#endif + // FIXME: Most of what this function does for cache size gets immediately overridden by setCacheModel(). // - memory cache size passed from UI process is always ignored; // - disk cache size passed from UI process is effectively a minimum size. @@ -88,9 +92,6 @@ return; _CFURLCacheSetMinSizeForVMCachedResource(cache.get(), NetworkResourceLoader::fileBackedResourceMinimumSize()); -#if (TARGET_OS_IPHONE __IPHONE_OS_VERSION_MIN_REQUIRED = 9) || (PLATFORM(MAC) __MAC_OS_X_VERSION_MIN_REQUIRED = 101100) -_CFNetworkSetATSContext(parameters.networkATSContext.get()); -#endif } static uint64_t memorySize() ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [182073] trunk/Source
Title: [182073] trunk/Source Revision 182073 Author oli...@apple.com Date 2015-03-27 12:04:28 -0700 (Fri, 27 Mar 2015) Log Message Forward additional CFNetwork ATS information to child processes https://bugs.webkit.org/show_bug.cgi?id=143136 Reviewed by Anders Carlsson. Source/WebCore: Declare SPI. * platform/spi/cf/CFNetworkSPI.h: Source/WebKit2: Add additional process creation parameter information, and pass it to the child processes that actually use CFNetwork. * NetworkProcess/cocoa/NetworkProcessCocoa.mm: (WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): * Shared/Network/NetworkProcessCreationParameters.cpp: (WebKit::NetworkProcessCreationParameters::encode): (WebKit::NetworkProcessCreationParameters::decode): * Shared/Network/NetworkProcessCreationParameters.h: * Shared/Plugins/PluginProcessCreationParameters.cpp: (WebKit::PluginProcessCreationParameters::encode): (WebKit::PluginProcessCreationParameters::decode): * Shared/Plugins/PluginProcessCreationParameters.h: * Shared/WebProcessCreationParameters.cpp: (WebKit::WebProcessCreationParameters::encode): (WebKit::WebProcessCreationParameters::decode): * Shared/WebProcessCreationParameters.h: * UIProcess/Cocoa/WebProcessPoolCocoa.mm: (WebKit::WebProcessPool::platformInitializeWebProcess): (WebKit::WebProcessPool::platformInitializeNetworkProcess): * UIProcess/Plugins/mac/PluginProcessProxyMac.mm: (WebKit::PluginProcessProxy::platformInitializePluginProcess): * WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::platformInitializeWebProcess): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/platform/spi/cf/CFNetworkSPI.h trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h trunk/Source/WebKit2/Shared/Plugins/PluginProcessCreationParameters.cpp trunk/Source/WebKit2/Shared/Plugins/PluginProcessCreationParameters.h trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h trunk/Source/WebKit2/UIProcess/Cocoa/WebProcessPoolCocoa.mm trunk/Source/WebKit2/UIProcess/Plugins/mac/PluginProcessProxyMac.mm trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm Diff Modified: trunk/Source/WebCore/ChangeLog (182072 => 182073) --- trunk/Source/WebCore/ChangeLog 2015-03-27 19:04:04 UTC (rev 182072) +++ trunk/Source/WebCore/ChangeLog 2015-03-27 19:04:28 UTC (rev 182073) @@ -1,3 +1,14 @@ +2015-03-27 Oliver Hunt oli...@apple.com + +Forward additional CFNetwork ATS information to child processes +https://bugs.webkit.org/show_bug.cgi?id=143136 + +Reviewed by Anders Carlsson. + +Declare SPI. + +* platform/spi/cf/CFNetworkSPI.h: + 2015-03-27 Chris Dumez cdu...@apple.com [WK2][NetworkCache] We only cache responses with status codes that are cacheable by default Modified: trunk/Source/WebCore/platform/spi/cf/CFNetworkSPI.h (182072 => 182073) --- trunk/Source/WebCore/platform/spi/cf/CFNetworkSPI.h 2015-03-27 19:04:04 UTC (rev 182072) +++ trunk/Source/WebCore/platform/spi/cf/CFNetworkSPI.h 2015-03-27 19:04:28 UTC (rev 182073) @@ -57,6 +57,7 @@ typedef const struct _CFURLCache* CFURLCacheRef; typedef const struct _CFURLRequest *CFURLRequestRef; typedef const struct __CFURLStorageSession* CFURLStorageSessionRef; +typedef const struct __CFData *CFDataRef; #ifdef __BLOCKS__ typedef void (^CFCachedURLResponseCallBackBlock)(CFCachedURLResponseRef); @@ -110,4 +111,9 @@ @end #endif +#if (TARGET_OS_IPHONE __IPHONE_OS_VERSION_MIN_REQUIRED = 9) || (PLATFORM(MAC) __MAC_OS_X_VERSION_MIN_REQUIRED = 101100) +EXTERN_C CFDataRef _CFNetworkCopyATSContext(void); +EXTERN_C Boolean _CFNetworkSetATSContext(CFDataRef); +#endif + #endif // CFNetworkSPI_h Modified: trunk/Source/WebKit2/ChangeLog (182072 => 182073) --- trunk/Source/WebKit2/ChangeLog 2015-03-27 19:04:04 UTC (rev 182072) +++ trunk/Source/WebKit2/ChangeLog 2015-03-27 19:04:28 UTC (rev 182073) @@ -1,3 +1,35 @@ +2015-03-27 Oliver Hunt oli...@apple.com + +Forward additional CFNetwork ATS information to child processes +https://bugs.webkit.org/show_bug.cgi?id=143136 + +Reviewed by Anders Carlsson. + +Add additional process creation parameter information, and pass it +to the child processes that actually use CFNetwork. + +* NetworkProcess/cocoa/NetworkProcessCocoa.mm: +(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): +* Shared/Network/NetworkProcessCreationParameters.cpp: +(WebKit::NetworkProcessCreationParameters::encode): +(WebKit::NetworkProcessCreationParameters::decode): +* Shared/Network/NetworkProcessCreationParameters.h: +* Shared/Plugins/PluginProcessCreationParameters.cpp: +(WebKit::PluginProcessCreationParameter
[webkit-changes] [181134] trunk
/ChangeLog (181133 => 181134) --- trunk/LayoutTests/ChangeLog 2015-03-06 04:38:01 UTC (rev 181133) +++ trunk/LayoutTests/ChangeLog 2015-03-06 04:43:12 UTC (rev 181134) @@ -1,3 +1,31 @@ +2015-03-05 Oliver Hunt oli...@apple.com + +Block mixed mode content +https://bugs.webkit.org/show_bug.cgi?id=142378 + +Reviewed by Darin Adler. + +Update test results to reflect the new reality. + +* http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt: +* http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt: +* http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt: +* http/tests/security/mixedContent/insecure-image-in-main-frame-expected.txt: +* http/tests/security/mixedContent/insecure-plugin-in-iframe-expected.txt: +* http/tests/security/mixedContent/insecure-script-in-iframe-expected.txt: +* http/tests/security/mixedContent/insecure-xhr-in-main-frame-expected.txt: +* http/tests/security/mixedContent/insecure-xhr-in-main-frame.html: +* http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt: +* http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame.html: +* http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe-expected.txt: +* http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt: +* http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html: +* http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe-expected.txt: +* http/tests/security/mixedContent/resources/frame-with-insecure-frame.html: +* http/tests/security/mixedContent/resources/frame-with-redirect-http-to-https-frame.html: +* http/tests/security/mixedContent/resources/frame-with-redirect-https-to-http-frame.html: +* http/tests/xmlhttprequest/access-control-response-with-body.html: + 2015-03-05 Benjamin Poulain bpoul...@apple.com new layout test http/tests/usercontentfilter/character-set-basic-support.html fails Modified: trunk/LayoutTests/http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt (181133 => 181134) --- trunk/LayoutTests/http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt 2015-03-06 04:38:01 UTC (rev 181133) +++ trunk/LayoutTests/http/tests/security/mixedContent/insecure-css-in-iframe-expected.txt 2015-03-06 04:43:12 UTC (rev 181134) @@ -1,9 +1,8 @@ frame !--framePath //!--frame0 - didStartProvisionalLoadForFrame main frame - didFinishDocumentLoadForFrame frame !--framePath //!--frame0 - didCommitLoadForFrame -CONSOLE MESSAGE: line 4: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-css.html ran insecure content from http://127.0.0.1:8080/security/mixedContent/resources/style.css. +CONSOLE MESSAGE: line 4: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-css.html was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/style.css. -didRunInsecureContent frame !--framePath //!--frame0 - didFinishDocumentLoadForFrame frame !--framePath //!--frame0 - didHandleOnloadEventsForFrame main frame - didHandleOnloadEventsForFrame Modified: trunk/LayoutTests/http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt (181133 => 181134) --- trunk/LayoutTests/http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt 2015-03-06 04:38:01 UTC (rev 181133) +++ trunk/LayoutTests/http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt 2015-03-06 04:43:12 UTC (rev 181134) @@ -3,9 +3,8 @@ main frame - didHandleOnloadEventsForFrame main frame - didFinishLoadForFrame main frame - didCommitLoadForFrame -CONSOLE MESSAGE: line 4: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-css.html ran insecure content from http://127.0.0.1:8080/security/mixedContent/resources/style.css. +CONSOLE MESSAGE: line 4: [blocked] The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-css.html was not allowed to run insecure content from http://127.0.0.1:8080/security/mixedContent/resources/style.css. -didRunInsecureContent main frame - didFinishDocumentLoadForFrame main frame - didHandleOnloadEventsForFrame main frame - didFinishLoadForFrame Modified: trunk/LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt (181133 => 181134) --- trunk/LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt 2015-03-06 04:38:01 UTC (rev 181133) +++ trunk/LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt 2015-03-06 04:43:12 UTC (rev 181134) @@ -4,14 +4,10 @@ main frame - didFinishLoadForFrame
[webkit-changes] [177284] trunk/Source
::uncheckedAppend): (WTF::OverflowHandler::appendVector): (WTF::OverflowHandler::insert): (WTF::OverflowHandler::insertVector): (WTF::OverflowHandler::remove): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp trunk/Source/_javascript_Core/ftl/FTLAbbreviations.h trunk/Source/_javascript_Core/llint/LLIntData.cpp trunk/Source/_javascript_Core/parser/Parser.h trunk/Source/_javascript_Core/runtime/JSArray.cpp trunk/Source/_javascript_Core/tools/ProfileTreeNode.h trunk/Source/_javascript_Core/yarr/YarrJIT.cpp trunk/Source/WTF/ChangeLog trunk/Source/WTF/WTF.vcxproj/WTF.vcxproj trunk/Source/WTF/WTF.vcxproj/WTF.vcxproj.filters trunk/Source/WTF/WTF.xcodeproj/project.pbxproj trunk/Source/WTF/wtf/RefCountedArray.h trunk/Source/WTF/wtf/Vector.h trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp trunk/Source/WebCore/editing/TextIterator.cpp trunk/Source/WebCore/page/mac/ServicesOverlayController.mm trunk/Source/WebCore/platform/graphics/SegmentedFontData.cpp trunk/Source/WebCore/platform/graphics/WOFFFileFormat.cpp trunk/Source/WebCore/platform/graphics/cairo/GradientCairo.cpp trunk/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp trunk/Source/WebCore/rendering/RenderBox.cpp trunk/Source/WebCore/rendering/style/GridResolvedPosition.cpp trunk/Source/WebCore/svg/SVGFontElement.cpp trunk/Source/WebCore/svg/SVGPathByteStream.h trunk/Source/WebCore/xml/XPathNodeSet.h Added Paths trunk/Source/WTF/wtf/IndexedIterator.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (177283 => 177284) --- trunk/Source/_javascript_Core/ChangeLog 2014-12-15 18:02:46 UTC (rev 177283) +++ trunk/Source/_javascript_Core/ChangeLog 2014-12-15 18:04:58 UTC (rev 177284) @@ -1,3 +1,33 @@ +2014-12-15 Oliver Hunt oli...@apple.com + +Make sure range based iteration of Vector still receives bounds checking +https://bugs.webkit.org/show_bug.cgi?id=138821 + +Reviewed by Mark Lam. + +Update code to deal with slightly changed iterator semantics. + +* bytecode/UnlinkedCodeBlock.cpp: +(JSC::UnlinkedCodeBlock::visitChildren): +* bytecompiler/BytecodeGenerator.cpp: +(JSC::BytecodeGenerator::emitComplexPopScopes): +* dfg/DFGSpeculativeJIT.cpp: +(JSC::DFG::SpeculativeJIT::emitSwitchIntJump): +* ftl/FTLAbbreviations.h: +(JSC::FTL::mdNode): +(JSC::FTL::buildCall): +* llint/LLIntData.cpp: +(JSC::LLInt::Data::performAssertions): +* parser/Parser.h: +(JSC::Scope::Scope): +* runtime/JSArray.cpp: +(JSC::JSArray::setLengthWithArrayStorage): +(JSC::JSArray::sortCompactedVector): +* tools/ProfileTreeNode.h: +(JSC::ProfileTreeNode::dumpInternal): +* yarr/YarrJIT.cpp: +(JSC::Yarr::YarrGenerator::matchCharacterClass): + 2014-12-14 Filip Pizlo fpi...@apple.com PutLocalSinkingPhase has an invalid assertion about incoming values, because both liveness and deferral analyses are conservative Modified: trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp (177283 => 177284) --- trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp 2014-12-15 18:02:46 UTC (rev 177283) +++ trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp 2014-12-15 18:04:58 UTC (rev 177284) @@ -229,9 +229,9 @@ Base::visitChildren(thisObject, visitor); visitor.append(thisObject-m_symbolTable); for (FunctionExpressionVector::iterator ptr = thisObject-m_functionDecls.begin(), end = thisObject-m_functionDecls.end(); ptr != end; ++ptr) -visitor.append(ptr); +visitor.append(WTF::getPtr(ptr)); for (FunctionExpressionVector::iterator ptr = thisObject-m_functionExprs.begin(), end = thisObject-m_functionExprs.end(); ptr != end; ++ptr) -visitor.append(ptr); +visitor.append(WTF::getPtr(ptr)); visitor.appendValues(thisObject-m_constantRegisters.data(), thisObject-m_constantRegisters.size()); if (thisObject-m_rareData) { for (size_t i = 0, end = thisObject-m_rareData-m_regexps.size(); i != end; i++) Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (177283 => 177284) --- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2014-12-15 18:02:46 UTC (rev 177283) +++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2014-12-15 18:04:58 UTC (rev 177284) @@ -2283,8 +2283,8 @@ int topScopeIndex = -1; int bottomScopeIndex = -1; if (flipScopes) { -topScopeIndex = topScope - m_scopeContextStack.begin(); -bottomScopeIndex = bottomScope - m_scopeContextStack.begin(); +topScopeIndex = topScope - m_scopeContextStack.data(); +bottomS
[webkit-changes] [176705] trunk/Source/WTF
Title: [176705] trunk/Source/WTF Revision 176705 Author oli...@apple.com Date 2014-12-02 18:01:42 -0800 (Tue, 02 Dec 2014) Log Message Fix IOS builds. Modified Paths trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/IndexedIterator.h Diff Modified: trunk/Source/WTF/ChangeLog (176704 => 176705) --- trunk/Source/WTF/ChangeLog 2014-12-03 01:52:18 UTC (rev 176704) +++ trunk/Source/WTF/ChangeLog 2014-12-03 02:01:42 UTC (rev 176705) @@ -1,3 +1,9 @@ +2014-12-02 Oliver Hunt oli...@apple.com + +Fix IOS builds. + +* wtf/IndexedIterator.h: + 2014-12-02 Gavin Barraclough barraclo...@apple.com Generalize PageActivityAssertionToken Modified: trunk/Source/WTF/wtf/IndexedIterator.h (176704 => 176705) --- trunk/Source/WTF/wtf/IndexedIterator.h 2014-12-03 01:52:18 UTC (rev 176704) +++ trunk/Source/WTF/wtf/IndexedIterator.h 2014-12-03 02:01:42 UTC (rev 176705) @@ -225,7 +225,7 @@ return result -= static_castunsigned long long(decrement); } -#if __SIZEOF_SIZE_T__ != __SIZEOF_INT__ || PLATFORM(MAC) +#if __SIZEOF_SIZE_T__ != __SIZEOF_INT__ || PLATFORM(MAC) || PLATFORM(IOS) IndexedIterator operator+(unsigned increment) const { IndexedIterator result(*this); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [176592] trunk/Source
::=): (WTF::OverflowHandler::fill): (WTF::OverflowHandler::expandCapacity): (WTF::OverflowHandler::tryExpandCapacity): (WTF::OverflowHandler::resize): (WTF::OverflowHandler::shrink): (WTF::OverflowHandler::grow): (WTF::OverflowHandler::reserveCapacity): (WTF::OverflowHandler::tryReserveCapacity): (WTF::OverflowHandler::shrinkCapacity): (WTF::OverflowHandler::append): (WTF::OverflowHandler::tryAppend): (WTF::OverflowHandler::appendSlowCase): (WTF::OverflowHandler::uncheckedAppend): (WTF::OverflowHandler::appendVector): (WTF::OverflowHandler::insert): (WTF::OverflowHandler::insertVector): (WTF::OverflowHandler::remove): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp trunk/Source/_javascript_Core/ftl/FTLAbbreviations.h trunk/Source/_javascript_Core/llint/LLIntData.cpp trunk/Source/_javascript_Core/parser/Parser.h trunk/Source/_javascript_Core/runtime/JSArray.cpp trunk/Source/_javascript_Core/tools/ProfileTreeNode.h trunk/Source/_javascript_Core/yarr/YarrJIT.cpp trunk/Source/WTF/ChangeLog trunk/Source/WTF/WTF.vcxproj/WTF.vcxproj trunk/Source/WTF/WTF.vcxproj/WTF.vcxproj.filters trunk/Source/WTF/WTF.xcodeproj/project.pbxproj trunk/Source/WTF/wtf/RefCountedArray.h trunk/Source/WTF/wtf/Vector.h trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/bindings/js/SerializedScriptValue.cpp trunk/Source/WebCore/editing/TextIterator.cpp trunk/Source/WebCore/page/mac/ServicesOverlayController.mm trunk/Source/WebCore/platform/graphics/SegmentedFontData.cpp trunk/Source/WebCore/platform/graphics/WOFFFileFormat.cpp trunk/Source/WebCore/platform/graphics/cairo/GradientCairo.cpp trunk/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp trunk/Source/WebCore/rendering/RenderBox.cpp trunk/Source/WebCore/rendering/style/GridResolvedPosition.cpp trunk/Source/WebCore/svg/SVGFontElement.cpp trunk/Source/WebCore/svg/SVGPathByteStream.h trunk/Source/WebCore/xml/XPathNodeSet.h Added Paths trunk/Source/WTF/wtf/IndexedIterator.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (176591 => 176592) --- trunk/Source/_javascript_Core/ChangeLog 2014-12-01 14:48:34 UTC (rev 176591) +++ trunk/Source/_javascript_Core/ChangeLog 2014-12-01 17:50:35 UTC (rev 176592) @@ -1,3 +1,36 @@ +2014-11-17 Oliver Hunt oli...@apple.com + +Make sure range based iteration of Vector still receives bounds checking +https://bugs.webkit.org/show_bug.cgi?id=138821 + +Reviewed by Mark Lam. + +There are a few uses of begin()/end() that explicitly require pointers, +so we use getPtr() to extract the underlying pointer generically. + +* bytecode/UnlinkedCodeBlock.cpp: +(JSC::UnlinkedCodeBlock::visitChildren): +* bytecompiler/BytecodeGenerator.cpp: +(JSC::BytecodeGenerator::emitComplexPopScopes): +* dfg/DFGSpeculativeJIT.cpp: +(JSC::DFG::SpeculativeJIT::emitSwitchIntJump): +* ftl/FTLAbbreviations.h: +(JSC::FTL::mdNode): +(JSC::FTL::buildCall): +* llint/LLIntData.cpp: +(JSC::LLInt::Data::performAssertions): +* parser/Parser.h: +(JSC::Scope::Scope): +* profiler/ProfileNode.cpp: +(JSC::ProfileNode::debugPrintRecursively): +* runtime/JSArray.cpp: +(JSC::JSArray::setLengthWithArrayStorage): +(JSC::JSArray::sortCompactedVector): +* tools/ProfileTreeNode.h: +(JSC::ProfileTreeNode::dumpInternal): +* yarr/YarrJIT.cpp: +(JSC::Yarr::YarrGenerator::matchCharacterClass): + 2014-11-29 Andreas Kling akl...@apple.com PropertyTable keys should be AtomicStringImpl. Modified: trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp (176591 => 176592) --- trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp 2014-12-01 14:48:34 UTC (rev 176591) +++ trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp 2014-12-01 17:50:35 UTC (rev 176592) @@ -234,9 +234,9 @@ Base::visitChildren(thisObject, visitor); visitor.append(thisObject-m_symbolTable); for (FunctionExpressionVector::iterator ptr = thisObject-m_functionDecls.begin(), end = thisObject-m_functionDecls.end(); ptr != end; ++ptr) -visitor.append(ptr); +visitor.append(WTF::getPtr(ptr)); for (FunctionExpressionVector::iterator ptr = thisObject-m_functionExprs.begin(), end = thisObject-m_functionExprs.end(); ptr != end; ++ptr) -visitor.append(ptr); +visitor.append(WTF::getPtr(ptr)); visitor.appendValues(thisObject-m_constantRegisters.data(), thisObject-m_constantRegisters.size()); if (thisObject-m_rareData) { for (size_t i = 0, end = thisObject-m_rareData-m_regexps.size(); i != end; i++) Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (176591 => 176592) --- trunk/Source/_javasc
[webkit-changes] [176603] trunk/Source/WTF
Title: [176603] trunk/Source/WTF Revision 176603 Author oli...@apple.com Date 2014-12-01 13:49:00 -0800 (Mon, 01 Dec 2014) Log Message Fix 32-bit build. * wtf/IndexedIterator.h: Modified Paths trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/IndexedIterator.h Diff Modified: trunk/Source/WTF/ChangeLog (176602 => 176603) --- trunk/Source/WTF/ChangeLog 2014-12-01 21:15:42 UTC (rev 176602) +++ trunk/Source/WTF/ChangeLog 2014-12-01 21:49:00 UTC (rev 176603) @@ -1,3 +1,9 @@ +2014-12-01 Oliver Hunt oli...@apple.com + +Fix 32-bit build. + +* wtf/IndexedIterator.h: + 2014-11-17 Oliver Hunt oli...@apple.com Make sure range based iteration of Vector still receives bounds checking Modified: trunk/Source/WTF/wtf/IndexedIterator.h (176602 => 176603) --- trunk/Source/WTF/wtf/IndexedIterator.h 2014-12-01 21:15:42 UTC (rev 176602) +++ trunk/Source/WTF/wtf/IndexedIterator.h 2014-12-01 21:49:00 UTC (rev 176603) @@ -225,7 +225,7 @@ return result -= static_castunsigned long long(decrement); } -#if __SIZEOF_SIZE_T__ != __SIZEOF_INT__ +#if __SIZEOF_SIZE_T__ != __SIZEOF_INT__ || !PLATFORM(WIN) IndexedIterator operator+(unsigned increment) const { IndexedIterator result(*this); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [176616] trunk/Source/WTF
Title: [176616] trunk/Source/WTF Revision 176616 Author oli...@apple.com Date 2014-12-01 17:16:04 -0800 (Mon, 01 Dec 2014) Log Message Fix non-mac builds. * wtf/IndexedIterator.h: Modified Paths trunk/Source/WTF/ChangeLog trunk/Source/WTF/wtf/IndexedIterator.h Diff Modified: trunk/Source/WTF/ChangeLog (176615 => 176616) --- trunk/Source/WTF/ChangeLog 2014-12-02 01:12:27 UTC (rev 176615) +++ trunk/Source/WTF/ChangeLog 2014-12-02 01:16:04 UTC (rev 176616) @@ -1,5 +1,11 @@ 2014-12-01 Oliver Hunt oli...@apple.com +Fix non-mac builds. + +* wtf/IndexedIterator.h: + +2014-12-01 Oliver Hunt oli...@apple.com + Fix 32-bit build. * wtf/IndexedIterator.h: Modified: trunk/Source/WTF/wtf/IndexedIterator.h (176615 => 176616) --- trunk/Source/WTF/wtf/IndexedIterator.h 2014-12-02 01:12:27 UTC (rev 176615) +++ trunk/Source/WTF/wtf/IndexedIterator.h 2014-12-02 01:16:04 UTC (rev 176616) @@ -225,7 +225,7 @@ return result -= static_castunsigned long long(decrement); } -#if __SIZEOF_SIZE_T__ != __SIZEOF_INT__ || !PLATFORM(WIN) +#if __SIZEOF_SIZE_T__ != __SIZEOF_INT__ || PLATFORM(MAC) IndexedIterator operator+(unsigned increment) const { IndexedIterator result(*this); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [174821] trunk/Source/JavaScriptCore
Title: [174821] trunk/Source/_javascript_Core Revision 174821 Author oli...@apple.com Date 2014-10-17 09:07:08 -0700 (Fri, 17 Oct 2014) Log Message Various arguments optimisations in codegen fail to account for arguments being in lexical record https://bugs.webkit.org/show_bug.cgi?id=137617 Reviewed by Michael Saboff. Rework the way we track |arguments| references so that we don't try to use the |arguments| reference on the stack if it's not safe. To do this without nuking performance it was necessary to update the parser to track modification of the |arguments| reference itself. * bytecode/CodeBlock.cpp: * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): (JSC::BytecodeGenerator::willResolveToArguments): (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister): (JSC::BytecodeGenerator::emitCall): (JSC::BytecodeGenerator::emitConstruct): (JSC::BytecodeGenerator::emitEnumeration): (JSC::BytecodeGenerator::uncheckedRegisterForArguments): Deleted. * bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister): * bytecompiler/NodesCodegen.cpp: (JSC::BracketAccessorNode::emitBytecode): (JSC::DotAccessorNode::emitBytecode): (JSC::getArgumentByVal): (JSC::CallFunctionCallDotNode::emitBytecode): (JSC::ApplyFunctionCallDotNode::emitBytecode): (JSC::ArrayPatternNode::emitDirectBinding): * interpreter/StackVisitor.cpp: (JSC::StackVisitor::Frame::existingArguments): * parser/Nodes.h: (JSC::ScopeNode::modifiesArguments): * parser/Parser.cpp: (JSC::ParserLexerType::parseInner): * parser/Parser.h: (JSC::Scope::getCapturedVariables): * parser/ParserModes.h: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp trunk/Source/_javascript_Core/interpreter/StackVisitor.cpp trunk/Source/_javascript_Core/parser/Nodes.h trunk/Source/_javascript_Core/parser/Parser.cpp trunk/Source/_javascript_Core/parser/Parser.h trunk/Source/_javascript_Core/parser/ParserModes.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (174820 => 174821) --- trunk/Source/_javascript_Core/ChangeLog 2014-10-17 10:51:08 UTC (rev 174820) +++ trunk/Source/_javascript_Core/ChangeLog 2014-10-17 16:07:08 UTC (rev 174821) @@ -1,3 +1,45 @@ +2014-10-10 Oliver Hunt oli...@apple.com + +Various arguments optimisations in codegen fail to account for arguments being in lexical record +https://bugs.webkit.org/show_bug.cgi?id=137617 + +Reviewed by Michael Saboff. + +Rework the way we track |arguments| references so that we don't try +to use the |arguments| reference on the stack if it's not safe. + +To do this without nuking performance it was necessary to update +the parser to track modification of the |arguments| reference +itself. + +* bytecode/CodeBlock.cpp: +* bytecompiler/BytecodeGenerator.cpp: +(JSC::BytecodeGenerator::BytecodeGenerator): +(JSC::BytecodeGenerator::willResolveToArguments): +(JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister): +(JSC::BytecodeGenerator::emitCall): +(JSC::BytecodeGenerator::emitConstruct): +(JSC::BytecodeGenerator::emitEnumeration): +(JSC::BytecodeGenerator::uncheckedRegisterForArguments): Deleted. +* bytecompiler/BytecodeGenerator.h: +(JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister): +* bytecompiler/NodesCodegen.cpp: +(JSC::BracketAccessorNode::emitBytecode): +(JSC::DotAccessorNode::emitBytecode): +(JSC::getArgumentByVal): +(JSC::CallFunctionCallDotNode::emitBytecode): +(JSC::ApplyFunctionCallDotNode::emitBytecode): +(JSC::ArrayPatternNode::emitDirectBinding): +* interpreter/StackVisitor.cpp: +(JSC::StackVisitor::Frame::existingArguments): +* parser/Nodes.h: +(JSC::ScopeNode::modifiesArguments): +* parser/Parser.cpp: +(JSC::ParserLexerType::parseInner): +* parser/Parser.h: +(JSC::Scope::getCapturedVariables): +* parser/ParserModes.h: + 2014-10-17 Gyuyoung Kim gyuyoung@samsung.com Use WTF::move() instead of std::move() to help ensure move semantics in _javascript_Core Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (174820 => 174821) --- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2014-10-17 10:51:08 UTC (rev 174820) +++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2014-10-17 16:07:08 UTC (rev 174821) @@ -3888,6 +3888,8 @@ if (codeBlock-usesArguments() virtualReg == codeBlock-argumentsRegister()) return; +if (codeBlock-usesArguments() virtualReg == unmodifiedArgumentsRegister(codeBlock-argumentsRegister())) +
[webkit-changes] [174795] trunk/Source/JavaScriptCore
Title: [174795] trunk/Source/_javascript_Core Revision 174795 Author oli...@apple.com Date 2014-10-16 15:02:16 -0700 (Thu, 16 Oct 2014) Log Message Use a single allocation for the Arguments object https://bugs.webkit.org/show_bug.cgi?id=137751 Reviewed by Filip Pizlo. This patch removes the secondary allocation for parameters in the Arguments object. This is faily simple, but we needed to make it possible for the JIT to allocate a variable GC object. To do this i've added a new emitAllocateVariableSizedJSObject function to the JIT that does the work to find the correct heap for a variable sized allocation and then bump that allocator. * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::emitAllocateArguments): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject): * heap/CopyToken.h: * heap/Heap.h: (JSC::Heap::subspaceForObjectWithoutDestructor): (JSC::Heap::subspaceForObjectNormalDestructor): (JSC::Heap::subspaceForObjectsWithImmortalStructure): * heap/MarkedSpace.h: (JSC::MarkedSpace::subspaceForObjectsWithNormalDestructor): (JSC::MarkedSpace::subspaceForObjectsWithImmortalStructure): (JSC::MarkedSpace::subspaceForObjectsWithoutDestructor): * interpreter/StackVisitor.cpp: (JSC::StackVisitor::Frame::createArguments): * runtime/Arguments.cpp: (JSC::Arguments::visitChildren): (JSC::Arguments::copyBackingStore): (JSC::Arguments::tearOff): (JSC::Arguments::allocateRegisterArray): Deleted. * runtime/Arguments.h: (JSC::Arguments::create): (JSC::Arguments::isTornOff): (JSC::Arguments::offsetOfRegisterArray): (JSC::Arguments::registerArraySizeInBytes): (JSC::Arguments::registerArray): (JSC::Arguments::allocationSize): Deleted. Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h trunk/Source/_javascript_Core/heap/CopyToken.h trunk/Source/_javascript_Core/heap/Heap.h trunk/Source/_javascript_Core/heap/MarkedSpace.h trunk/Source/_javascript_Core/interpreter/StackVisitor.cpp trunk/Source/_javascript_Core/runtime/Arguments.cpp trunk/Source/_javascript_Core/runtime/Arguments.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (174794 => 174795) --- trunk/Source/_javascript_Core/ChangeLog 2014-10-16 21:58:06 UTC (rev 174794) +++ trunk/Source/_javascript_Core/ChangeLog 2014-10-16 22:02:16 UTC (rev 174795) @@ -1,3 +1,45 @@ +2014-10-15 Oliver Hunt oli...@apple.com + +Use a single allocation for the Arguments object +https://bugs.webkit.org/show_bug.cgi?id=137751 + +Reviewed by Filip Pizlo. + +This patch removes the secondary allocation for parameters in the Arguments +object. This is faily simple, but we needed to make it possible for the JIT +to allocate a variable GC object. To do this i've added a new +emitAllocateVariableSizedJSObject function to the JIT that does the work to +find the correct heap for a variable sized allocation and then bump that +allocator. + +* dfg/DFGSpeculativeJIT.cpp: +(JSC::DFG::SpeculativeJIT::emitAllocateArguments): +* dfg/DFGSpeculativeJIT.h: +(JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject): +* heap/CopyToken.h: +* heap/Heap.h: +(JSC::Heap::subspaceForObjectWithoutDestructor): +(JSC::Heap::subspaceForObjectNormalDestructor): +(JSC::Heap::subspaceForObjectsWithImmortalStructure): +* heap/MarkedSpace.h: +(JSC::MarkedSpace::subspaceForObjectsWithNormalDestructor): +(JSC::MarkedSpace::subspaceForObjectsWithImmortalStructure): +(JSC::MarkedSpace::subspaceForObjectsWithoutDestructor): +* interpreter/StackVisitor.cpp: +(JSC::StackVisitor::Frame::createArguments): +* runtime/Arguments.cpp: +(JSC::Arguments::visitChildren): +(JSC::Arguments::copyBackingStore): +(JSC::Arguments::tearOff): +(JSC::Arguments::allocateRegisterArray): Deleted. +* runtime/Arguments.h: +(JSC::Arguments::create): +(JSC::Arguments::isTornOff): +(JSC::Arguments::offsetOfRegisterArray): +(JSC::Arguments::registerArraySizeInBytes): +(JSC::Arguments::registerArray): +(JSC::Arguments::allocationSize): Deleted. + 2014-10-15 Filip Pizlo fpi...@apple.com Apparently we've had a hole in arguments capture all along Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (174794 => 174795) --- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2014-10-16 21:58:06 UTC (rev 174794) +++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2014-10-16 22:02:16 UTC (rev 174795) @@ -111,8 +111,12 @@ void SpeculativeJIT::emitAllocateArguments(GPRReg resultGPR, GPRReg scratchGPR1, GPRReg scratchGPR2, MacroAssembler::JumpList slowPath) { Structure* structure = m_jit.graph().globalObjectFor(m_currentNode-origin.se
[webkit-changes] [174606] trunk/Source/JavaScriptCore
Title: [174606] trunk/Source/_javascript_Core Revision 174606 Author oli...@apple.com Date 2014-10-10 12:03:20 -0700 (Fri, 10 Oct 2014) Log Message Various arguments optimisations in codegen fail to account for arguments being in lexical record https://bugs.webkit.org/show_bug.cgi?id=137617 Reviewed by Michael Saboff. Rework the way we track |arguments| references so that we don't try to use the |arguments| reference on the stack if it's not safe. To do this without nuking performance it was necessary to update the parser to track modification of the |arguments| reference itself. * bytecode/CodeBlock.cpp: * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): (JSC::BytecodeGenerator::willResolveToArguments): (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister): (JSC::BytecodeGenerator::emitCall): (JSC::BytecodeGenerator::emitConstruct): (JSC::BytecodeGenerator::emitEnumeration): (JSC::BytecodeGenerator::uncheckedRegisterForArguments): Deleted. * bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister): * bytecompiler/NodesCodegen.cpp: (JSC::BracketAccessorNode::emitBytecode): (JSC::DotAccessorNode::emitBytecode): (JSC::getArgumentByVal): (JSC::CallFunctionCallDotNode::emitBytecode): (JSC::ApplyFunctionCallDotNode::emitBytecode): (JSC::ArrayPatternNode::emitDirectBinding): * interpreter/StackVisitor.cpp: (JSC::StackVisitor::Frame::existingArguments): * parser/Nodes.h: (JSC::ScopeNode::modifiesArguments): * parser/Parser.cpp: (JSC::ParserLexerType::parseInner): * parser/Parser.h: (JSC::Scope::getCapturedVariables): * parser/ParserModes.h: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h trunk/Source/_javascript_Core/bytecompiler/NodesCodegen.cpp trunk/Source/_javascript_Core/interpreter/StackVisitor.cpp trunk/Source/_javascript_Core/parser/Nodes.h trunk/Source/_javascript_Core/parser/Parser.cpp trunk/Source/_javascript_Core/parser/Parser.h trunk/Source/_javascript_Core/parser/ParserModes.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (174605 => 174606) --- trunk/Source/_javascript_Core/ChangeLog 2014-10-10 18:32:44 UTC (rev 174605) +++ trunk/Source/_javascript_Core/ChangeLog 2014-10-10 19:03:20 UTC (rev 174606) @@ -1,3 +1,45 @@ +2014-10-10 Oliver Hunt oli...@apple.com + +Various arguments optimisations in codegen fail to account for arguments being in lexical record +https://bugs.webkit.org/show_bug.cgi?id=137617 + +Reviewed by Michael Saboff. + +Rework the way we track |arguments| references so that we don't try +to use the |arguments| reference on the stack if it's not safe. + +To do this without nuking performance it was necessary to update +the parser to track modification of the |arguments| reference +itself. + +* bytecode/CodeBlock.cpp: +* bytecompiler/BytecodeGenerator.cpp: +(JSC::BytecodeGenerator::BytecodeGenerator): +(JSC::BytecodeGenerator::willResolveToArguments): +(JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister): +(JSC::BytecodeGenerator::emitCall): +(JSC::BytecodeGenerator::emitConstruct): +(JSC::BytecodeGenerator::emitEnumeration): +(JSC::BytecodeGenerator::uncheckedRegisterForArguments): Deleted. +* bytecompiler/BytecodeGenerator.h: +(JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister): +* bytecompiler/NodesCodegen.cpp: +(JSC::BracketAccessorNode::emitBytecode): +(JSC::DotAccessorNode::emitBytecode): +(JSC::getArgumentByVal): +(JSC::CallFunctionCallDotNode::emitBytecode): +(JSC::ApplyFunctionCallDotNode::emitBytecode): +(JSC::ArrayPatternNode::emitDirectBinding): +* interpreter/StackVisitor.cpp: +(JSC::StackVisitor::Frame::existingArguments): +* parser/Nodes.h: +(JSC::ScopeNode::modifiesArguments): +* parser/Parser.cpp: +(JSC::ParserLexerType::parseInner): +* parser/Parser.h: +(JSC::Scope::getCapturedVariables): +* parser/ParserModes.h: + 2014-10-09 Joseph Pecoraro pecor...@apple.com Web Inspector: Remove unused generator code Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (174605 => 174606) --- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2014-10-10 18:32:44 UTC (rev 174605) +++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2014-10-10 19:03:20 UTC (rev 174606) @@ -3887,6 +3887,8 @@ if (codeBlock-usesArguments() virtualReg == codeBlock-argumentsRegister()) return; +if (codeBlock-usesArguments() virtualReg == unmodifiedArgumentsRegister(codeBlock-argumentsRegister())) +return; if (codeBlock-captureCount() cod
[webkit-changes] [174478] trunk/Source/JavaScriptCore
Title: [174478] trunk/Source/_javascript_Core Revision 174478 Author oli...@apple.com Date 2014-10-08 13:54:24 -0700 (Wed, 08 Oct 2014) Log Message Make sure arguments tearoff is performed through the environment record if necessary https://bugs.webkit.org/show_bug.cgi?id=137538 Reviewed by Michael Saboff. Fairly simple change. If we have a lexical record we need to pull the unmodified arguments object from the record and then use the standard op_tear_off_arguments instruction on the temporary. * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitGetOwnScope): (JSC::BytecodeGenerator::emitReturn): * bytecompiler/BytecodeGenerator.h: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (174477 => 174478) --- trunk/Source/_javascript_Core/ChangeLog 2014-10-08 20:40:18 UTC (rev 174477) +++ trunk/Source/_javascript_Core/ChangeLog 2014-10-08 20:54:24 UTC (rev 174478) @@ -1,3 +1,19 @@ +2014-10-08 Oliver Hunt oli...@apple.com + +Make sure arguments tearoff is performed through the environment record if necessary +https://bugs.webkit.org/show_bug.cgi?id=137538 + +Reviewed by Michael Saboff. + +Fairly simple change. If we have a lexical record we need to pull the unmodified +arguments object from the record and then use the standard op_tear_off_arguments +instruction on the temporary. + +* bytecompiler/BytecodeGenerator.cpp: +(JSC::BytecodeGenerator::emitGetOwnScope): +(JSC::BytecodeGenerator::emitReturn): +* bytecompiler/BytecodeGenerator.h: + 2014-10-08 pe...@outlook.com pe...@outlook.com [WinCairo] Enable JIT on 32-bit. Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (174477 => 174478) --- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2014-10-08 20:40:18 UTC (rev 174477) +++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2014-10-08 20:54:24 UTC (rev 174478) @@ -1299,6 +1299,20 @@ return dst; } + +RegisterID* BytecodeGenerator::emitGetOwnScope(RegisterID* dst, const Identifier identifier, OwnScopeLookupRules) +{ +emitOpcode(op_resolve_scope); +instructions().append(kill(dst)); +instructions().append(addConstant(identifier)); +instructions().append(LocalClosureVar); +// This should be m_localScopeDepth if we aren't doing +// resolution during emitReturn() +instructions().append(0); +instructions().append(0); +return dst; +} + RegisterID* BytecodeGenerator::emitResolveConstantLocal(RegisterID* dst, const Identifier identifier, ResolveScopeInfo info) { if (!m_symbolTable || m_codeType != FunctionCode) @@ -1906,8 +1920,17 @@ RegisterID* BytecodeGenerator::emitReturn(RegisterID* src) { if (m_codeBlock-usesArguments() m_codeBlock-numParameters() != 1 !isStrictMode()) { +RefPtrRegisterID scratchRegister; +int argumentsIndex = unmodifiedArgumentsRegister(m_codeBlock-argumentsRegister()).offset(); +if (m_lexicalEnvironmentRegister m_codeType == FunctionCode) { +scratchRegister = newTemporary(); +emitGetOwnScope(scratchRegister.get(), propertyNames().arguments, OwnScopeForReturn); +ResolveScopeInfo scopeInfo(unmodifiedArgumentsRegister(m_codeBlock-argumentsRegister()).offset()); +emitGetFromScope(scratchRegister.get(), scratchRegister.get(), propertyNames().arguments, ThrowIfNotFound, scopeInfo); +argumentsIndex = scratchRegister-index(); +} emitOpcode(op_tear_off_arguments); -instructions().append(unmodifiedArgumentsRegister(m_codeBlock-argumentsRegister()).offset()); +instructions().append(argumentsIndex); instructions().append(m_lexicalEnvironmentRegister ? m_lexicalEnvironmentRegister-index() : emitLoad(0, JSValue())-index()); } Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h (174477 => 174478) --- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h 2014-10-08 20:40:18 UTC (rev 174477) +++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h 2014-10-08 20:54:24 UTC (rev 174478) @@ -659,6 +659,13 @@ RegisterID* emitCallVarargs(OpcodeID, RegisterID* dst, RegisterID* func, RegisterID* thisRegister, RegisterID* arguments, RegisterID* firstFreeRegister, int32_t firstVarArgOffset, RegisterID* profileHookRegister, const JSTextPosition divot, const JSTextPosition divotStart, const JSTextPosition divotEnd); RegisterID* initializeCapturedVariable(RegisterID* dst, const Identifier, RegisterID*); +// We'll may want a non-return mode in future, but currently +// this is only used during emitReturn(). emitReturn() occurs +// with the novel state of having poppe
[webkit-changes] [174401] trunk/Source/JavaScriptCore
Title: [174401] trunk/Source/_javascript_Core Revision 174401 Author oli...@apple.com Date 2014-10-07 11:57:57 -0700 (Tue, 07 Oct 2014) Log Message Remove op_new_captured_func https://bugs.webkit.org/show_bug.cgi?id=137491 Reviewed by Mark Lam. Removes the op_captured_new_func opcode as part of the work towards having any magical opcodes that write directly to named registers and then have a follow on op to ensure that the environment record correctly represents the stack state. For this we add a non-captured scratch register so we don't have to have any kind of magic opcode, and instead simply have sensible creation and move semantics for capturing new functions. * bytecode/BytecodeList.json: * bytecode/BytecodeUseDef.h: (JSC::computeUsesForBytecodeOffset): (JSC::computeDefsForBytecodeOffset): * bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpBytecode): (JSC::CodeBlock::CodeBlock): * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): (JSC::BytecodeGenerator::emitNewFunction): (JSC::BytecodeGenerator::emitLazyNewFunction): (JSC::BytecodeGenerator::emitNewFunctionInternal): * bytecompiler/BytecodeGenerator.h: * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGCapabilities.cpp: (JSC::DFG::capabilityLevel): * jit/JIT.cpp: (JSC::JIT::privateCompileMainPass): * jit/JIT.h: * jit/JITOpcodes.cpp: (JSC::JIT::emit_op_new_captured_func): Deleted. * llint/LowLevelInterpreter32_64.asm: * llint/LowLevelInterpreter64.asm: * runtime/CommonSlowPaths.cpp: (JSC::SLOW_PATH_DECL): Deleted. * runtime/CommonSlowPaths.h: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecode/BytecodeList.json trunk/Source/_javascript_Core/bytecode/BytecodeUseDef.h trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp trunk/Source/_javascript_Core/jit/JIT.cpp trunk/Source/_javascript_Core/jit/JIT.h trunk/Source/_javascript_Core/jit/JITOpcodes.cpp trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm trunk/Source/_javascript_Core/runtime/CommonSlowPaths.cpp trunk/Source/_javascript_Core/runtime/CommonSlowPaths.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (174400 => 174401) --- trunk/Source/_javascript_Core/ChangeLog 2014-10-07 18:41:49 UTC (rev 174400) +++ trunk/Source/_javascript_Core/ChangeLog 2014-10-07 18:57:57 UTC (rev 174401) @@ -1,3 +1,48 @@ +2014-10-07 Oliver Hunt oli...@apple.com + +Remove op_new_captured_func +https://bugs.webkit.org/show_bug.cgi?id=137491 + +Reviewed by Mark Lam. + +Removes the op_captured_new_func opcode as part of the work +towards having any magical opcodes that write directly to +named registers and then have a follow on op to ensure that +the environment record correctly represents the stack state. + +For this we add a non-captured scratch register so we don't +have to have any kind of magic opcode, and instead simply +have sensible creation and move semantics for capturing new +functions. + +* bytecode/BytecodeList.json: +* bytecode/BytecodeUseDef.h: +(JSC::computeUsesForBytecodeOffset): +(JSC::computeDefsForBytecodeOffset): +* bytecode/CodeBlock.cpp: +(JSC::CodeBlock::dumpBytecode): +(JSC::CodeBlock::CodeBlock): +* bytecompiler/BytecodeGenerator.cpp: +(JSC::BytecodeGenerator::BytecodeGenerator): +(JSC::BytecodeGenerator::emitNewFunction): +(JSC::BytecodeGenerator::emitLazyNewFunction): +(JSC::BytecodeGenerator::emitNewFunctionInternal): +* bytecompiler/BytecodeGenerator.h: +* dfg/DFGByteCodeParser.cpp: +(JSC::DFG::ByteCodeParser::parseBlock): +* dfg/DFGCapabilities.cpp: +(JSC::DFG::capabilityLevel): +* jit/JIT.cpp: +(JSC::JIT::privateCompileMainPass): +* jit/JIT.h: +* jit/JITOpcodes.cpp: +(JSC::JIT::emit_op_new_captured_func): Deleted. +* llint/LowLevelInterpreter32_64.asm: +* llint/LowLevelInterpreter64.asm: +* runtime/CommonSlowPaths.cpp: +(JSC::SLOW_PATH_DECL): Deleted. +* runtime/CommonSlowPaths.h: + 2014-10-06 Andy Estes aes...@apple.com Objective-C objects must be fully defined when used in a WTF::Vector Modified: trunk/Source/_javascript_Core/bytecode/BytecodeList.json (174400 => 174401) --- trunk/Source/_javascript_Core/bytecode/BytecodeList.json 2014-10-07 18:41:49 UTC (rev 174400) +++ trunk/Source/_javascript_Core/bytecode/BytecodeList.json 2014-10-07 18:57:57 UTC (rev 174401) @@ -93,7 +93,6 @@ { name : op_switch_char, leng
[webkit-changes] [174359] trunk/Source/JavaScriptCore
Title: [174359] trunk/Source/_javascript_Core Revision 174359 Author oli...@apple.com Date 2014-10-06 12:29:27 -0700 (Mon, 06 Oct 2014) Log Message REGRESSION(r174226): [JSC] Crash when running the perf test Speedometer/Full.html https://bugs.webkit.org/show_bug.cgi?id=137404 Reviewed by Michael Saboff. Update the Arguments object to recognise that it must always have an environment record if the referenced callee has one, and if such is not present it should not try to extract one from the callframe, as that path leads to madness. Happily this makes some of the other code more sensible, and removes a bunch of unnecessary and icky logic. * interpreter/Interpreter.cpp: (JSC::unwindCallFrame): * jit/JITOperations.cpp: * llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): * runtime/Arguments.cpp: (JSC::Arguments::tearOff): (JSC::Arguments::didTearOffActivation): Deleted. * runtime/Arguments.h: (JSC::Arguments::argument): (JSC::Arguments::finishCreation): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/interpreter/Interpreter.cpp trunk/Source/_javascript_Core/jit/JITOperations.cpp trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp trunk/Source/_javascript_Core/runtime/Arguments.cpp trunk/Source/_javascript_Core/runtime/Arguments.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (174358 => 174359) --- trunk/Source/_javascript_Core/ChangeLog 2014-10-06 19:20:19 UTC (rev 174358) +++ trunk/Source/_javascript_Core/ChangeLog 2014-10-06 19:29:27 UTC (rev 174359) @@ -1,3 +1,30 @@ +2014-10-06 Oliver Hunt oli...@apple.com + +REGRESSION(r174226): [JSC] Crash when running the perf test Speedometer/Full.html +https://bugs.webkit.org/show_bug.cgi?id=137404 + +Reviewed by Michael Saboff. + +Update the Arguments object to recognise that it must always have an +environment record if the referenced callee has one, and if such is not +present it should not try to extract one from the callframe, as that +path leads to madness. + +Happily this makes some of the other code more sensible, and removes a +bunch of unnecessary and icky logic. + +* interpreter/Interpreter.cpp: +(JSC::unwindCallFrame): +* jit/JITOperations.cpp: +* llint/LLIntSlowPaths.cpp: +(JSC::LLInt::LLINT_SLOW_PATH_DECL): +* runtime/Arguments.cpp: +(JSC::Arguments::tearOff): +(JSC::Arguments::didTearOffActivation): Deleted. +* runtime/Arguments.h: +(JSC::Arguments::argument): +(JSC::Arguments::finishCreation): + 2014-10-04 Brian J. Burg b...@cs.washington.edu Unreviewed, rolling out r174319. Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (174358 => 174359) --- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2014-10-06 19:20:19 UTC (rev 174358) +++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2014-10-06 19:29:27 UTC (rev 174359) @@ -448,7 +448,6 @@ ASSERT(!callFrame-hadException()); } -JSValue lexicalEnvironment; if (codeBlock-codeType() == FunctionCode codeBlock-needsActivation()) { #if ENABLE(DFG_JIT) RELEASE_ASSERT(!visitor-isInlinedFrame()); @@ -457,10 +456,8 @@ if (codeBlock-codeType() == FunctionCode codeBlock-usesArguments()) { if (Arguments* arguments = visitor-existingArguments()) { -if (lexicalEnvironment lexicalEnvironment.isCell()) -arguments-didTearOffActivation(callFrame, jsCastJSLexicalEnvironment*(lexicalEnvironment)); #if ENABLE(DFG_JIT) -else if (visitor-isInlinedFrame()) +if (visitor-isInlinedFrame()) arguments-tearOff(callFrame, visitor-inlineCallFrame()); #endif else Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (174358 => 174359) --- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2014-10-06 19:20:19 UTC (rev 174358) +++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2014-10-06 19:29:27 UTC (rev 174359) @@ -1590,13 +1590,9 @@ return JSValue::encode(result); } -void JIT_OPERATION operationTearOffArguments(ExecState* exec, JSCell* argumentsCell, JSCell* activationCell) +void JIT_OPERATION operationTearOffArguments(ExecState* exec, JSCell* argumentsCell, JSCell*) { ASSERT(exec-codeBlock()-usesArguments()); -if (activationCell) { -jsCastArguments*(argumentsCell)-didTearOffActivation(exec, jsCastJSLexicalEnvironment*(activationCell)); -return; -} jsCastArguments*(argumentsCell)-tearOff(exec); } Modified: trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (174358 => 174359) --- trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2014-10-06 19:20:19 UTC (rev 174358) +++ trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp 2014-10-06 19:29:27 UTC (rev 174359) @@ -1250,10 +1250,7 @@ LLINT_BEGIN(); ASSERT(ex
[webkit-changes] [174361] trunk/Source/JavaScriptCore
Title: [174361] trunk/Source/_javascript_Core Revision 174361 Author oli...@apple.com Date 2014-10-06 13:27:16 -0700 (Mon, 06 Oct 2014) Log Message Fix cloop build. Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/interpreter/Interpreter.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (174360 => 174361) --- trunk/Source/_javascript_Core/ChangeLog 2014-10-06 20:18:05 UTC (rev 174360) +++ trunk/Source/_javascript_Core/ChangeLog 2014-10-06 20:27:16 UTC (rev 174361) @@ -1,3 +1,10 @@ +2014-10-06 Oliver Hunt oli...@apple.com + +Fix cloop build + +* interpreter/Interpreter.cpp: +(JSC::unwindCallFrame): + 2014-10-06 Mark Lam mark@apple.com Unreviewed build fix. Modified: trunk/Source/_javascript_Core/interpreter/Interpreter.cpp (174360 => 174361) --- trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2014-10-06 20:18:05 UTC (rev 174360) +++ trunk/Source/_javascript_Core/interpreter/Interpreter.cpp 2014-10-06 20:27:16 UTC (rev 174361) @@ -459,8 +459,8 @@ #if ENABLE(DFG_JIT) if (visitor-isInlinedFrame()) arguments-tearOff(callFrame, visitor-inlineCallFrame()); +else #endif -else arguments-tearOff(callFrame); } } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [174362] trunk/Source/JavaScriptCore
Title: [174362] trunk/Source/_javascript_Core Revision 174362 Author oli...@apple.com Date 2014-10-06 13:42:21 -0700 (Mon, 06 Oct 2014) Log Message Remove incorrect assertion. Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/Arguments.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (174361 => 174362) --- trunk/Source/_javascript_Core/ChangeLog 2014-10-06 20:27:16 UTC (rev 174361) +++ trunk/Source/_javascript_Core/ChangeLog 2014-10-06 20:42:21 UTC (rev 174362) @@ -1,5 +1,12 @@ 2014-10-06 Oliver Hunt oli...@apple.com +Remove incorrect assertion. + +* runtime/Arguments.cpp: +(JSC::Arguments::tearOff): + +2014-10-06 Oliver Hunt oli...@apple.com + Fix cloop build * interpreter/Interpreter.cpp: Modified: trunk/Source/_javascript_Core/runtime/Arguments.cpp (174361 => 174362) --- trunk/Source/_javascript_Core/runtime/Arguments.cpp 2014-10-06 20:27:16 UTC (rev 174361) +++ trunk/Source/_javascript_Core/runtime/Arguments.cpp 2014-10-06 20:42:21 UTC (rev 174362) @@ -372,8 +372,6 @@ void Arguments::tearOff(CallFrame* callFrame) { -if (m_callee-jsExecutable()-needsActivation()) -RELEASE_ASSERT(m_lexicalEnvironment); if (isTornOff()) return; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [174294] trunk/Source/JavaScriptCore
Title: [174294] trunk/Source/_javascript_Core Revision 174294 Author oli...@apple.com Date 2014-10-03 14:46:14 -0700 (Fri, 03 Oct 2014) Log Message tearoff_arguments should always refer to the unmodified arguments register https://bugs.webkit.org/show_bug.cgi?id=137406 Reviewed by Michael Saboff. To simplify subsequent work, and remove unnecessary work from actual execution this patch simply ensures that tear_off_arguments refers to the actual unmodified arguments register. * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitReturn): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * jit/JITOpcodes.cpp: (JSC::JIT::emit_op_tear_off_arguments): * jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_tear_off_arguments): * llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): * llint/LowLevelInterpreter32_64.asm: * llint/LowLevelInterpreter64.asm: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp trunk/Source/_javascript_Core/jit/JITOpcodes.cpp trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp trunk/Source/_javascript_Core/llint/LLIntSlowPaths.cpp trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm Diff Modified: trunk/Source/_javascript_Core/ChangeLog (174293 => 174294) --- trunk/Source/_javascript_Core/ChangeLog 2014-10-03 21:43:18 UTC (rev 174293) +++ trunk/Source/_javascript_Core/ChangeLog 2014-10-03 21:46:14 UTC (rev 174294) @@ -1,3 +1,27 @@ +2014-10-03 Oliver Hunt oli...@apple.com + +tearoff_arguments should always refer to the unmodified arguments register +https://bugs.webkit.org/show_bug.cgi?id=137406 + +Reviewed by Michael Saboff. + +To simplify subsequent work, and remove unnecessary work from +actual execution this patch simply ensures that tear_off_arguments +refers to the actual unmodified arguments register. + +* bytecompiler/BytecodeGenerator.cpp: +(JSC::BytecodeGenerator::emitReturn): +* dfg/DFGByteCodeParser.cpp: +(JSC::DFG::ByteCodeParser::parseBlock): +* jit/JITOpcodes.cpp: +(JSC::JIT::emit_op_tear_off_arguments): +* jit/JITOpcodes32_64.cpp: +(JSC::JIT::emit_op_tear_off_arguments): +* llint/LLIntSlowPaths.cpp: +(JSC::LLInt::LLINT_SLOW_PATH_DECL): +* llint/LowLevelInterpreter32_64.asm: +* llint/LowLevelInterpreter64.asm: + 2014-10-03 Saam Barati saambara...@gmail.com Web Inspector: Move the computation that results in UI strings from JSC to the Web Inspector Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (174293 => 174294) --- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2014-10-03 21:43:18 UTC (rev 174293) +++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2014-10-03 21:46:14 UTC (rev 174294) @@ -1913,7 +1913,7 @@ { if (m_codeBlock-usesArguments() m_codeBlock-numParameters() != 1 !isStrictMode()) { emitOpcode(op_tear_off_arguments); -instructions().append(m_codeBlock-argumentsRegister().offset()); +instructions().append(unmodifiedArgumentsRegister(m_codeBlock-argumentsRegister()).offset()); instructions().append(m_lexicalEnvironmentRegister ? m_lexicalEnvironmentRegister-index() : emitLoad(0, JSValue())-index()); } Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (174293 => 174294) --- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2014-10-03 21:43:18 UTC (rev 174293) +++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2014-10-03 21:46:14 UTC (rev 174294) @@ -3407,7 +3407,7 @@ case op_tear_off_arguments: { m_graph.m_hasArguments = true; -addToGraph(TearOffArguments, get(unmodifiedArgumentsRegister(VirtualRegister(currentInstruction[1].u.operand))), get(VirtualRegister(currentInstruction[2].u.operand))); +addToGraph(TearOffArguments, get(VirtualRegister(currentInstruction[1].u.operand)), get(VirtualRegister(currentInstruction[2].u.operand))); NEXT_OPCODE(op_tear_off_arguments); } Modified: trunk/Source/_javascript_Core/jit/JITOpcodes.cpp (174293 => 174294) --- trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2014-10-03 21:43:18 UTC (rev 174293) +++ trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2014-10-03 21:46:14 UTC (rev 174294) @@ -229,8 +229,8 @@ int arguments = currentInstruction[1].u.operand; int lexicalEnvironment = currentInstruction[2].u.operand; -Jump argsNotCreated = branchTest64(Zero, Address(callFrameRegister, sizeof(Register) * (unmodifiedArgumentsRegister(VirtualRegister(arguments)).offset(; -emitGetVirtualRegister(unmodifiedArgumentsRegister(VirtualRegister(arguments)).offset(), regT0
[webkit-changes] [174108] trunk/Source/JavaScriptCore
Title: [174108] trunk/Source/_javascript_Core Revision 174108 Author oli...@apple.com Date 2014-09-30 10:27:10 -0700 (Tue, 30 Sep 2014) Log Message Fix C API header https://bugs.webkit.org/show_bug.cgi?id=137254 rdar://problem/18487528 Build fix Guard extern C behind __cplusplus ifdef * API/JSBase.h: Modified Paths trunk/Source/_javascript_Core/API/JSBase.h trunk/Source/_javascript_Core/ChangeLog Diff Modified: trunk/Source/_javascript_Core/API/JSBase.h (174107 => 174108) --- trunk/Source/_javascript_Core/API/JSBase.h 2014-09-30 15:19:16 UTC (rev 174107) +++ trunk/Source/_javascript_Core/API/JSBase.h 2014-09-30 17:27:10 UTC (rev 174108) @@ -37,12 +37,18 @@ #if __has_include(Foundation/NSMapTablePriv.h) #import Foundation/NSMapTablePriv.h #else + +#ifndef __cplusplus extern C { +#endif void *NSMapGet(NSMapTable *, const void *key); void NSMapInsert(NSMapTable *, const void *key, const void *value); void NSMapRemove(NSMapTable *, const void *key); + +#ifndef __cplusplus } #endif +#endif #endif // defined(TARGET_OS_IPHONE) TARGET_OS_IPHONE #endif // __OBJC__ Modified: trunk/Source/_javascript_Core/ChangeLog (174107 => 174108) --- trunk/Source/_javascript_Core/ChangeLog 2014-09-30 15:19:16 UTC (rev 174107) +++ trunk/Source/_javascript_Core/ChangeLog 2014-09-30 17:27:10 UTC (rev 174108) @@ -1,3 +1,15 @@ +2014-09-30 Oliver Hunt oli...@apple.com + +Fix C API header +https://bugs.webkit.org/show_bug.cgi?id=137254 +rdar://problem/18487528 + +Build fix + +Guard extern C behind __cplusplus ifdef + +* API/JSBase.h: + 2014-09-29 Brian J. Burg b...@cs.washington.edu Web Inspector: InjectedScripts should not be profiled or displayed in Timeline ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [173490] trunk/Source/JavaScriptCore
Title: [173490] trunk/Source/_javascript_Core Revision 173490 Author oli...@apple.com Date 2014-09-10 14:52:02 -0700 (Wed, 10 Sep 2014) Log Message Rename JSVariableObject to JSEnvironmentRecord to align naming with ES spec https://bugs.webkit.org/show_bug.cgi?id=136710 Reviewed by Anders Carlsson. This is a trivial rename. * CMakeLists.txt: * _javascript_Core.vcxproj/_javascript_Core.vcxproj: * _javascript_Core.vcxproj/_javascript_Core.vcxproj.filters: * _javascript_Core.xcodeproj/project.pbxproj: * dfg/DFGAbstractHeap.h: * dfg/DFGClobberize.h: (JSC::DFG::clobberize): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * ftl/FTLAbstractHeapRepository.cpp: * ftl/FTLAbstractHeapRepository.h: * ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters): * jit/JITOpcodes32_64.cpp: * jit/JITPropertyAccess.cpp: (JSC::JIT::emitGetClosureVar): (JSC::JIT::emitPutClosureVar): * jit/JITPropertyAccess32_64.cpp: (JSC::JIT::emitGetClosureVar): (JSC::JIT::emitPutClosureVar): * llint/LLIntOffsetsExtractor.cpp: * llint/LowLevelInterpreter32_64.asm: * llint/LowLevelInterpreter64.asm: * runtime/JSActivation.cpp: (JSC::JSActivation::getOwnNonIndexPropertyNames): * runtime/JSActivation.h: * runtime/JSEnvironmentRecord.cpp: Renamed from Source/_javascript_Core/runtime/JSVariableObject.cpp. * runtime/JSEnvironmentRecord.h: Renamed from Source/_javascript_Core/runtime/JSVariableObject.h. (JSC::JSEnvironmentRecord::registers): (JSC::JSEnvironmentRecord::registerAt): (JSC::JSEnvironmentRecord::addressOfRegisters): (JSC::JSEnvironmentRecord::offsetOfRegisters): (JSC::JSEnvironmentRecord::JSEnvironmentRecord): * runtime/JSNameScope.h: * runtime/JSSegmentedVariableObject.h: Modified Paths trunk/Source/_javascript_Core/CMakeLists.txt trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj trunk/Source/_javascript_Core/_javascript_Core.vcxproj/_javascript_Core.vcxproj.filters trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj trunk/Source/_javascript_Core/dfg/DFGAbstractHeap.h trunk/Source/_javascript_Core/dfg/DFGClobberize.h trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp trunk/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.cpp trunk/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp trunk/Source/_javascript_Core/llint/LLIntOffsetsExtractor.cpp trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm trunk/Source/_javascript_Core/runtime/JSActivation.cpp trunk/Source/_javascript_Core/runtime/JSActivation.h trunk/Source/_javascript_Core/runtime/JSNameScope.h trunk/Source/_javascript_Core/runtime/JSSegmentedVariableObject.h Added Paths trunk/Source/_javascript_Core/runtime/JSEnvironmentRecord.cpp trunk/Source/_javascript_Core/runtime/JSEnvironmentRecord.h Removed Paths trunk/Source/_javascript_Core/runtime/JSVariableObject.cpp trunk/Source/_javascript_Core/runtime/JSVariableObject.h Diff Modified: trunk/Source/_javascript_Core/CMakeLists.txt (173489 => 173490) --- trunk/Source/_javascript_Core/CMakeLists.txt 2014-09-10 21:45:22 UTC (rev 173489) +++ trunk/Source/_javascript_Core/CMakeLists.txt 2014-09-10 21:52:02 UTC (rev 173490) @@ -471,7 +471,7 @@ runtime/JSTypedArrayConstructors.cpp runtime/JSTypedArrayPrototypes.cpp runtime/JSTypedArrays.cpp -runtime/JSVariableObject.cpp +runtime/JSEnvironmentRecord.cpp runtime/JSWeakMap.cpp runtime/JSWithScope.cpp runtime/JSWrapperObject.cpp Modified: trunk/Source/_javascript_Core/ChangeLog (173489 => 173490) --- trunk/Source/_javascript_Core/ChangeLog 2014-09-10 21:45:22 UTC (rev 173489) +++ trunk/Source/_javascript_Core/ChangeLog 2014-09-10 21:52:02 UTC (rev 173490) @@ -1,3 +1,50 @@ +2014-09-10 Oliver Hunt oli...@apple.com + +Rename JSVariableObject to JSEnvironmentRecord to align naming with ES spec +https://bugs.webkit.org/show_bug.cgi?id=136710 + +Reviewed by Anders Carlsson. + +This is a trivial rename. + +* CMakeLists.txt: +* _javascript_Core.vcxproj/_javascript_Core.vcxproj: +* _javascript_Core.vcxproj/_javascript_Core.vcxproj.filters: +* _javascript_Core.xcodeproj/project.pbxproj: +* dfg/DFGAbstractHeap.h: +* dfg/DFGClobberize.h: +(JSC::DFG::clobberize): +* dfg/DFGSpeculativeJIT32_64.cpp: +(JSC::DFG::SpeculativeJIT::compile): +* dfg/DFGSpeculativeJIT64.cpp: +(JSC::DFG::SpeculativeJIT::compile): +* ftl/FTLAbstractHeapReposito
[webkit-changes] [172808] trunk/Source/JavaScriptCore
Title: [172808] trunk/Source/_javascript_Core Revision 172808 Author oli...@apple.com Date 2014-08-20 13:47:45 -0700 (Wed, 20 Aug 2014) Log Message Stop implicitly skipping a function's own activation when walking the scope chain https://bugs.webkit.org/show_bug.cgi?id=136118 Reviewed by Geoffrey Garen. Remove the current logic that implicitly skips a function's own activation when walking the scope chain. This is ground work for ensuring that all closed variable access is made through the function's activation. This leads to a further 10% regression on earley, but we're already tracking the overall performance regression. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::CodeBlock): * dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreterAbstractStateType::executeEffects): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::getScope): (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGClobberize.h: (JSC::DFG::clobberize): * dfg/DFGDoesGC.cpp: (JSC::DFG::doesGC): * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * dfg/DFGHeapLocation.cpp: (WTF::printInternal): * dfg/DFGHeapLocation.h: * dfg/DFGNodeType.h: * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): * dfg/DFGSafeToExecute.h: (JSC::DFG::safeToExecute): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * jit/JITPropertyAccess.cpp: (JSC::JIT::emitResolveClosure): * llint/LowLevelInterpreter32_64.asm: * llint/LowLevelInterpreter64.asm: * runtime/JSScope.cpp: (JSC::JSScope::abstractResolve): * runtime/JSScope.h: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp trunk/Source/_javascript_Core/dfg/DFGClobberize.h trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp trunk/Source/_javascript_Core/dfg/DFGHeapLocation.cpp trunk/Source/_javascript_Core/dfg/DFGHeapLocation.h trunk/Source/_javascript_Core/dfg/DFGNodeType.h trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm trunk/Source/_javascript_Core/runtime/JSScope.cpp trunk/Source/_javascript_Core/runtime/JSScope.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (172807 => 172808) --- trunk/Source/_javascript_Core/ChangeLog 2014-08-20 20:28:24 UTC (rev 172807) +++ trunk/Source/_javascript_Core/ChangeLog 2014-08-20 20:47:45 UTC (rev 172808) @@ -1,3 +1,50 @@ +2014-08-20 Oliver Hunt oli...@apple.com + +Stop implicitly skipping a function's own activation when walking the scope chain +https://bugs.webkit.org/show_bug.cgi?id=136118 + +Reviewed by Geoffrey Garen. + +Remove the current logic that implicitly skips a function's +own activation when walking the scope chain. This is ground +work for ensuring that all closed variable access is made +through the function's activation. This leads to a further +10% regression on earley, but we're already tracking the +overall performance regression. + +* bytecode/CodeBlock.cpp: +(JSC::CodeBlock::CodeBlock): +* dfg/DFGAbstractInterpreterInlines.h: +(JSC::DFG::AbstractInterpreterAbstractStateType::executeEffects): +* dfg/DFGByteCodeParser.cpp: +(JSC::DFG::ByteCodeParser::getScope): +(JSC::DFG::ByteCodeParser::parseBlock): +* dfg/DFGClobberize.h: +(JSC::DFG::clobberize): +* dfg/DFGDoesGC.cpp: +(JSC::DFG::doesGC): +* dfg/DFGFixupPhase.cpp: +(JSC::DFG::FixupPhase::fixupNode): +* dfg/DFGHeapLocation.cpp: +(WTF::printInternal): +* dfg/DFGHeapLocation.h: +* dfg/DFGNodeType.h: +* dfg/DFGPredictionPropagationPhase.cpp: +(JSC::DFG::PredictionPropagationPhase::propagate): +* dfg/DFGSafeToExecute.h: +(JSC::DFG::safeToExecute): +* dfg/DFGSpeculativeJIT32_64.cpp: +(JSC::DFG::SpeculativeJIT::compile): +* dfg/DFGSpeculativeJIT64.cpp: +(JSC::DFG::SpeculativeJIT::compile): +* jit/JITPropertyAccess.cpp: +(JSC::JIT::emitResolveClosure): +* llint/LowLevelInterpreter32_64.asm: +* llint/LowLevelInterpreter64.asm: +* runtime/JSScope.cpp: +(JSC::JSScope::abstractResolve): +* runtime/JSScope.h: + 2014-08-20 Michael Saboff msab...@apple.com REGRESSION: Web Inspector crashes when reloading apple.
[webkit-changes] [172594] trunk/Source/JavaScriptCore
Title: [172594] trunk/Source/_javascript_Core Revision 172594 Author oli...@apple.com Date 2014-08-14 11:07:00 -0700 (Thu, 14 Aug 2014) Log Message Create activations eagerly https://bugs.webkit.org/show_bug.cgi?id=135942 Reviewed by Geoffrey Garen. Prepare to rewrite activation objects into a more sane implementation. Step 1 is reverting to eager creation of the activation object. This results in a 1.35x regression in earley, but otherwise has a minimal performance impact. The earley regression is being tracked by bug #135943 * bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): (JSC::BytecodeGenerator::emitNewFunctionInternal): (JSC::BytecodeGenerator::emitNewFunctionExpression): (JSC::BytecodeGenerator::emitCallEval): (JSC::BytecodeGenerator::emitPushWithScope): (JSC::BytecodeGenerator::emitPushCatchScope): (JSC::BytecodeGenerator::createActivationIfNecessary): Deleted. * bytecompiler/BytecodeGenerator.h: * jit/JITOpcodes.cpp: (JSC::JIT::emit_op_create_activation): * jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_create_activation): * llint/LowLevelInterpreter32_64.asm: * llint/LowLevelInterpreter64.asm: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.h trunk/Source/_javascript_Core/jit/JITOpcodes.cpp trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm Diff Modified: trunk/Source/_javascript_Core/ChangeLog (172593 => 172594) --- trunk/Source/_javascript_Core/ChangeLog 2014-08-14 17:59:53 UTC (rev 172593) +++ trunk/Source/_javascript_Core/ChangeLog 2014-08-14 18:07:00 UTC (rev 172594) @@ -1,3 +1,66 @@ +2014-08-14 Oliver Hunt oli...@apple.com + +Create activations eagerly +https://bugs.webkit.org/show_bug.cgi?id=135942 + +Reviewed by Geoffrey Garen. + +Prepare to rewrite activation objects into a more +sane implementation. Step 1 is reverting to eager +creation of the activation object. This results in +a 1.35x regression in earley, but otherwise has a +minimal performance impact. + +The earley regression is being tracked by bug #135943 + +* bytecompiler/BytecodeGenerator.cpp: +(JSC::BytecodeGenerator::BytecodeGenerator): +(JSC::BytecodeGenerator::emitNewFunctionInternal): +(JSC::BytecodeGenerator::emitNewFunctionExpression): +(JSC::BytecodeGenerator::emitCallEval): +(JSC::BytecodeGenerator::emitPushWithScope): +(JSC::BytecodeGenerator::emitPushCatchScope): +(JSC::BytecodeGenerator::createActivationIfNecessary): Deleted. +* bytecompiler/BytecodeGenerator.h: +* jit/JITOpcodes.cpp: +(JSC::JIT::emit_op_create_activation): +* jit/JITOpcodes32_64.cpp: +(JSC::JIT::emit_op_create_activation): +* llint/LowLevelInterpreter32_64.asm: +* llint/LowLevelInterpreter64.asm: + +2014-08-14 Oliver Hunt oli...@apple.com + +Create activations eagerly +https://bugs.webkit.org/show_bug.cgi?id=135942 + +Reviewed by Geoffrey Garen. + +Prepare to rewrite activation objects into a more +sane implementation. Step 1 is reverting to eager +creation of the activation object. This results in +a 1.35x regression in earley, but otherwise has a +minimal performance impact. + +The earley regression is being tracked by +http://webkit.org/b/135943 + +* bytecompiler/BytecodeGenerator.cpp: +(JSC::BytecodeGenerator::BytecodeGenerator): +(JSC::BytecodeGenerator::emitNewFunctionInternal): +(JSC::BytecodeGenerator::emitNewFunctionExpression): +(JSC::BytecodeGenerator::emitCallEval): +(JSC::BytecodeGenerator::emitPushWithScope): +(JSC::BytecodeGenerator::emitPushCatchScope): +(JSC::BytecodeGenerator::createActivationIfNecessary): Deleted. +* bytecompiler/BytecodeGenerator.h: +* jit/JITOpcodes.cpp: +(JSC::JIT::emit_op_create_activation): +* jit/JITOpcodes32_64.cpp: +(JSC::JIT::emit_op_create_activation): +* llint/LowLevelInterpreter32_64.asm: +* llint/LowLevelInterpreter64.asm: + 2014-08-14 Tomas Popela tpop...@redhat.com Add support for ppc, ppc64, ppc64le, s390, s390x into the CMake build Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (172593 => 172594) --- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2014-08-14 17:59:53 UTC (rev 172593) +++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2014-08-14 18:07:00 UTC (rev 172594) @@ -248,6 +248,8 @@ m_activationRegister = addVar(); emitInitLazyRegister(m_activationRegister); m_cod
[webkit-changes] [172598] trunk/Source/JavaScriptCore
Title: [172598] trunk/Source/_javascript_Core Revision 172598 Author oli...@apple.com Date 2014-08-14 12:28:55 -0700 (Thu, 14 Aug 2014) Log Message Update scope resolution to assume that the parent activation is always there https://bugs.webkit.org/show_bug.cgi?id=135947 Reviewed by Andreas Kling. Another incremental step in removing the idea of lazily created activations. * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * jit/JITPropertyAccess.cpp: (JSC::JIT::emitResolveClosure): * jit/JITPropertyAccess32_64.cpp: (JSC::JIT::emitResolveClosure): * llint/LowLevelInterpreter32_64.asm: * llint/LowLevelInterpreter64.asm: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm Diff Modified: trunk/Source/_javascript_Core/ChangeLog (172597 => 172598) --- trunk/Source/_javascript_Core/ChangeLog 2014-08-14 18:54:56 UTC (rev 172597) +++ trunk/Source/_javascript_Core/ChangeLog 2014-08-14 19:28:55 UTC (rev 172598) @@ -1,5 +1,26 @@ 2014-08-14 Oliver Hunt oli...@apple.com +Update scope resolution to assume that the parent activation is always there +https://bugs.webkit.org/show_bug.cgi?id=135947 + +Reviewed by Andreas Kling. + +Another incremental step in removing the idea of lazily created +activations. + +* dfg/DFGSpeculativeJIT32_64.cpp: +(JSC::DFG::SpeculativeJIT::compile): +* dfg/DFGSpeculativeJIT64.cpp: +(JSC::DFG::SpeculativeJIT::compile): +* jit/JITPropertyAccess.cpp: +(JSC::JIT::emitResolveClosure): +* jit/JITPropertyAccess32_64.cpp: +(JSC::JIT::emitResolveClosure): +* llint/LowLevelInterpreter32_64.asm: +* llint/LowLevelInterpreter64.asm: + +2014-08-14 Oliver Hunt oli...@apple.com + Create activations eagerly https://bugs.webkit.org/show_bug.cgi?id=135942 Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (172597 => 172598) --- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2014-08-14 18:54:56 UTC (rev 172597) +++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2014-08-14 19:28:55 UTC (rev 172598) @@ -3517,13 +3517,7 @@ GPRTemporary result(this, Reuse, scope); GPRReg resultGPR = result.gpr(); m_jit.move(scope.gpr(), resultGPR); -JITCompiler::Jump activationNotCreated = -m_jit.branchTestPtr( -JITCompiler::Zero, -JITCompiler::payloadFor( -static_castVirtualRegister(m_jit.graph().machineActivationRegister(; m_jit.loadPtr(JITCompiler::Address(resultGPR, JSScope::offsetOfNext()), resultGPR); -activationNotCreated.link(m_jit); cellResult(resultGPR, node); break; } Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (172597 => 172598) --- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2014-08-14 18:54:56 UTC (rev 172597) +++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2014-08-14 19:28:55 UTC (rev 172598) @@ -3627,13 +3627,7 @@ GPRTemporary result(this, Reuse, scope); GPRReg resultGPR = result.gpr(); m_jit.move(scope.gpr(), resultGPR); -JITCompiler::Jump activationNotCreated = -m_jit.branchTest64( -JITCompiler::Zero, -JITCompiler::addressFor( -static_castVirtualRegister(m_jit.graph().machineActivationRegister(; m_jit.loadPtr(JITCompiler::Address(resultGPR, JSScope::offsetOfNext()), resultGPR); -activationNotCreated.link(m_jit); cellResult(resultGPR, node); break; } Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp (172597 => 172598) --- trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2014-08-14 18:54:56 UTC (rev 172597) +++ trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2014-08-14 19:28:55 UTC (rev 172598) @@ -596,9 +596,7 @@ emitGetVirtualRegister(JSStack::ScopeChain, regT0); if (m_codeBlock-needsActivation()) { emitGetVirtualRegister(m_codeBlock-activationRegister(), regT1); -Jump noActivation = branchTestPtr(Zero, regT1); loadPtr(Address(regT0, JSScope::offsetOfNext()), regT0); -noActivation.link(this); } for (unsigned i = 0; i depth; ++i) loadPtr(Address(regT0, JSScope::offsetOfNext()), regT0); Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp (172597 => 172598) --- trunk/Source/_java
[webkit-changes] [172381] trunk
Title: [172381] trunk Revision 172381 Author oli...@apple.com Date 2014-08-10 13:12:01 -0700 (Sun, 10 Aug 2014) Log Message Destructuring assignment in a var declaration list incorrectly consumes subsequent variable initialisers https://bugs.webkit.org/show_bug.cgi?id=135773 Reviewed by Michael Saboff. Source/_javascript_Core: We should be using parseAssignment _expression_ in order to get the correct precedence. * parser/Parser.cpp: (JSC::ParserLexerType::parseVarDeclarationList): LayoutTests: Add new tests. * js/destructuring-assignment-expected.txt: * js/script-tests/destructuring-assignment.js: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/js/destructuring-assignment-expected.txt trunk/LayoutTests/js/script-tests/destructuring-assignment.js trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/parser/Parser.cpp Diff Modified: trunk/LayoutTests/ChangeLog (172380 => 172381) --- trunk/LayoutTests/ChangeLog 2014-08-10 20:07:34 UTC (rev 172380) +++ trunk/LayoutTests/ChangeLog 2014-08-10 20:12:01 UTC (rev 172381) @@ -1,3 +1,15 @@ +2014-08-10 Oliver Hunt oli...@apple.com + +Destructuring assignment in a var declaration list incorrectly consumes subsequent variable initialisers +https://bugs.webkit.org/show_bug.cgi?id=135773 + +Reviewed by Michael Saboff. + +Add new tests. + +* js/destructuring-assignment-expected.txt: +* js/script-tests/destructuring-assignment.js: + 2014-08-09 Zalan Bujtas za...@apple.com Subpixel rendering: Transforms on non-compositing layers leave bits behind when the box boundaries changes. Modified: trunk/LayoutTests/js/destructuring-assignment-expected.txt (172380 => 172381) --- trunk/LayoutTests/js/destructuring-assignment-expected.txt 2014-08-10 20:07:34 UTC (rev 172380) +++ trunk/LayoutTests/js/destructuring-assignment-expected.txt 2014-08-10 20:12:01 UTC (rev 172381) @@ -81,6 +81,10 @@ PASS testDeconstructArgs('1', '2') is '12' PASS testDeconstructArgLength('1', '2') is 2 PASS testDeconstructArgs('2') is '23' +PASS a is 1 +PASS b is 2 +PASS c is 3 +PASS d is 4 PASS successfullyParsed is true TEST COMPLETE Modified: trunk/LayoutTests/js/script-tests/destructuring-assignment.js (172380 => 172381) --- trunk/LayoutTests/js/script-tests/destructuring-assignment.js 2014-08-10 20:07:34 UTC (rev 172380) +++ trunk/LayoutTests/js/script-tests/destructuring-assignment.js 2014-08-10 20:12:01 UTC (rev 172381) @@ -50,6 +50,11 @@ Object.prototype.__defineGetter__(1, function(){ var r = text; text = fail; return r; }) shouldBe(testDeconstructArgs('2'), '23'); +var [a,b] = [1,2], [c,d] = [3,4] +shouldBe(a, 1) +shouldBe(b, 2) +shouldBe(c, 3) +shouldBe(d, 4) Modified: trunk/Source/_javascript_Core/ChangeLog (172380 => 172381) --- trunk/Source/_javascript_Core/ChangeLog 2014-08-10 20:07:34 UTC (rev 172380) +++ trunk/Source/_javascript_Core/ChangeLog 2014-08-10 20:12:01 UTC (rev 172381) @@ -1,3 +1,16 @@ +2014-08-10 Oliver Hunt oli...@apple.com + +Destructuring assignment in a var declaration list incorrectly consumes subsequent variable initialisers +https://bugs.webkit.org/show_bug.cgi?id=135773 + +Reviewed by Michael Saboff. + +We should be using parseAssignment _expression_ in order to get the correct +precedence. + +* parser/Parser.cpp: +(JSC::ParserLexerType::parseVarDeclarationList): + 2014-08-10 Diego Pino Garcia dp...@igalia.com JSC Lexer is allowing octals 08 and 09 in strict mode functions Modified: trunk/Source/_javascript_Core/parser/Parser.cpp (172380 => 172381) --- trunk/Source/_javascript_Core/parser/Parser.cpp 2014-08-10 20:07:34 UTC (rev 172380) +++ trunk/Source/_javascript_Core/parser/Parser.cpp 2014-08-10 20:12:01 UTC (rev 172381) @@ -484,7 +484,7 @@ lastPattern = pattern; if (hasInitializer) { next(TreeBuilder::DontBuildStrings); // consume '=' -TreeExpression rhs = parseExpression(context); +TreeExpression rhs = parseAssignmentExpression(context); node = context.createDeconstructingAssignment(location, pattern, rhs); lastInitializer = rhs; } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [172238] trunk/Source/WebKit2
Title: [172238] trunk/Source/WebKit2 Revision 172238 Author oli...@apple.com Date 2014-08-07 13:27:15 -0700 (Thu, 07 Aug 2014) Log Message WebContent needs access to HSTS database due to some networking still being performed in process https://bugs.webkit.org/show_bug.cgi?id=135711 rdar://17940220 Reviewed by Alexey Proskuryakov. Simple patch in the same theme as the equivalent network process extension. Provide an extension that covers the WebContent specific HSTS file and consume it on launch. * Shared/WebProcessCreationParameters.cpp: (WebKit::WebProcessCreationParameters::encode): (WebKit::WebProcessCreationParameters::decode): * Shared/WebProcessCreationParameters.h: * UIProcess/WebContext.cpp: (WebKit::WebContext::createNewWebProcess): * UIProcess/WebContext.h: * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::webContentHSTSDatabasePath): * WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::platformInitializeWebProcess): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h trunk/Source/WebKit2/UIProcess/WebContext.cpp trunk/Source/WebKit2/UIProcess/WebContext.h trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (172237 => 172238) --- trunk/Source/WebKit2/ChangeLog 2014-08-07 20:26:15 UTC (rev 172237) +++ trunk/Source/WebKit2/ChangeLog 2014-08-07 20:27:15 UTC (rev 172238) @@ -1,3 +1,27 @@ +2014-08-07 Oliver Hunt oli...@apple.com + +WebContent needs access to HSTS database due to some networking still being performed in process +https://bugs.webkit.org/show_bug.cgi?id=135711 +rdar://17940220 + +Reviewed by Alexey Proskuryakov. + +Simple patch in the same theme as the equivalent network process +extension. Provide an extension that covers the WebContent specific +HSTS file and consume it on launch. + +* Shared/WebProcessCreationParameters.cpp: +(WebKit::WebProcessCreationParameters::encode): +(WebKit::WebProcessCreationParameters::decode): +* Shared/WebProcessCreationParameters.h: +* UIProcess/WebContext.cpp: +(WebKit::WebContext::createNewWebProcess): +* UIProcess/WebContext.h: +* UIProcess/mac/WebContextMac.mm: +(WebKit::WebContext::webContentHSTSDatabasePath): +* WebProcess/cocoa/WebProcessCocoa.mm: +(WebKit::WebProcess::platformInitializeWebProcess): + 2014-08-07 Gordon Sheridan gordon_sheri...@apple.com Clear the m_previousItem member of HistoryControllers when it matches the HistoryItem being removed. Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp (172237 => 172238) --- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2014-08-07 20:26:15 UTC (rev 172237) +++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2014-08-07 20:27:15 UTC (rev 172238) @@ -71,6 +71,10 @@ encoder openGLCacheDirectoryExtensionHandle; encoder containerTemporaryDirectory; encoder containerTemporaryDirectoryExtensionHandle; +#if PLATFORM(IOS) +encoder hstsDatabasePath; +encoder hstsDatabasePathExtensionHandle; +#endif encoder shouldUseTestingNetworkSession; encoder urlSchemesRegistererdAsEmptyDocument; encoder urlSchemesRegisteredAsSecure; @@ -172,6 +176,12 @@ return false; if (!decoder.decode(parameters.containerTemporaryDirectoryExtensionHandle)) return false; +#if PLATFORM(IOS) +if (!decoder.decode(parameters.hstsDatabasePath)) +return false; +if (!decoder.decode(parameters.hstsDatabasePathExtensionHandle)) +return false; +#endif if (!decoder.decode(parameters.shouldUseTestingNetworkSession)) return false; if (!decoder.decode(parameters.urlSchemesRegistererdAsEmptyDocument)) Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h (172237 => 172238) --- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h 2014-08-07 20:26:15 UTC (rev 172237) +++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h 2014-08-07 20:27:15 UTC (rev 172238) @@ -77,6 +77,12 @@ String containerTemporaryDirectory; SandboxExtension::Handle containerTemporaryDirectoryExtensionHandle; +#if PLATFORM(IOS) +// FIXME: Remove this once rdar://problem/17726660 is fixed. +String hstsDatabasePath; +SandboxExtension::Handle hstsDatabasePathExtensionHandle; +#endif + bool shouldUseTestingNetworkSession; VectorString urlSchemesRegistererdAsEmptyDocument; Modified: trunk/Source/WebKit2/UIProcess/WebContext.cpp (172237 => 172238) --- trunk/Source/WebKit2/UIProcess/WebContext.cpp 2014-08-07 20:26:15 UTC (rev 172237) +++ trunk/Source/WebKit2/UIProcess/WebContext.cpp 2014-08-07 20:27:15 UTC (rev 172238) @@ -6
[webkit-changes] [172031] trunk/Source/WebKit2
Title: [172031] trunk/Source/WebKit2 Revision 172031 Author oli...@apple.com Date 2014-08-05 09:41:46 -0700 (Tue, 05 Aug 2014) Log Message SSO expects to be able to walk parent application's bundle https://bugs.webkit.org/show_bug.cgi?id=135581 rdar://problem/17864079 Reviewed by Alexey Proskuryakov. SSO expects to be able to walk the parent application's bundle looking for Info plists. To allow this to actually work we provide an extension from the ui process that covers the bundle directory, and then in the profile restrict access to the ability to read directories and files named Info.plist. * NetworkProcess/cocoa/NetworkProcessCocoa.mm: (WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: * Shared/Network/NetworkProcessCreationParameters.cpp: (WebKit::NetworkProcessCreationParameters::encode): (WebKit::NetworkProcessCreationParameters::decode): * Shared/Network/NetworkProcessCreationParameters.h: * UIProcess/WebContext.cpp: (WebKit::WebContext::ensureNetworkProcess): (WebKit::WebContext::parentBundleDirectory): * UIProcess/WebContext.h: * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::parentBundleDirectory): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h trunk/Source/WebKit2/UIProcess/WebContext.cpp trunk/Source/WebKit2/UIProcess/WebContext.h trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (172030 => 172031) --- trunk/Source/WebKit2/ChangeLog 2014-08-05 16:38:53 UTC (rev 172030) +++ trunk/Source/WebKit2/ChangeLog 2014-08-05 16:41:46 UTC (rev 172031) @@ -1,3 +1,32 @@ +2014-08-05 Oliver Hunt oli...@apple.com + +SSO expects to be able to walk parent application's bundle +https://bugs.webkit.org/show_bug.cgi?id=135581 +rdar://problem/17864079 + +Reviewed by Alexey Proskuryakov. + +SSO expects to be able to walk the parent application's +bundle looking for Info plists. To allow this to actually +work we provide an extension from the ui process that +covers the bundle directory, and then in the profile +restrict access to the ability to read directories and +files named Info.plist. + +* NetworkProcess/cocoa/NetworkProcessCocoa.mm: +(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): +* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: +* Shared/Network/NetworkProcessCreationParameters.cpp: +(WebKit::NetworkProcessCreationParameters::encode): +(WebKit::NetworkProcessCreationParameters::decode): +* Shared/Network/NetworkProcessCreationParameters.h: +* UIProcess/WebContext.cpp: +(WebKit::WebContext::ensureNetworkProcess): +(WebKit::WebContext::parentBundleDirectory): +* UIProcess/WebContext.h: +* UIProcess/mac/WebContextMac.mm: +(WebKit::WebContext::parentBundleDirectory): + 2014-08-04 Benjamin Poulain benja...@webkit.org Add a flag for the CSS Selectors level 4 implementation Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm (172030 => 172031) --- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2014-08-05 16:38:53 UTC (rev 172030) +++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2014-08-05 16:41:46 UTC (rev 172031) @@ -63,6 +63,7 @@ SandboxExtension::consumePermanently(parameters.cookieStorageDirectoryExtensionHandle); #if PLATFORM(IOS) SandboxExtension::consumePermanently(parameters.hstsDatabasePathExtensionHandle); +SandboxExtension::consumePermanently(parameters.parentBundleDirectoryExtensionHandle); #endif m_diskCacheDirectory = parameters.diskCacheDirectory; Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (172030 => 172031) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-08-05 16:38:53 UTC (rev 172030) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-08-05 16:41:46 UTC (rev 172031) @@ -29,7 +29,7 @@ (import removed-dev-nodes.sb) ;; Access to client's cache folder re-vending to CFNetwork. -;; FIXME: Remove the webkti specific extension classes rdar://problem/17755931 +;; FIXME: Remove the webkit specific extension classes rdar://problem/17755931 (allow file-issue-extension (require-all (extension com.apple.app-sandbox.read-write) (extension-class com.apple.nsurlstorage.extension-cache))) @@ -38,6 +38,27 @@ (allow file-read* file-write* (extension com.apple.app-sandbox.read-write)) (allow file-read* (
[webkit-changes] [171943] trunk/Source/WebKit2
Title: [171943] trunk/Source/WebKit2 Revision 171943 Author oli...@apple.com Date 2014-08-01 12:19:22 -0700 (Fri, 01 Aug 2014) Log Message Various frameworks may want to use the container temp directory, so our current restrictions are too tight https://bugs.webkit.org/show_bug.cgi?id=135518 rdar://17869279 Reviewed by Anders Carlsson. We don't (and can't) have complete knowledge of what different frameworks will want to use the container temporary directory for, and so our current attempt to heavily restrict access is simply too tight. This patch recognises this by simply giving read-write access to the entire NSTemporary() directory (e.g. $container/tmp in the general case), rather than the single sub directory we wishfully thought that we would be able to get away with. * Shared/WebProcessCreationParameters.cpp: (WebKit::WebProcessCreationParameters::encode): (WebKit::WebProcessCreationParameters::decode): * Shared/WebProcessCreationParameters.h: * UIProcess/WebContext.cpp: (WebKit::WebContext::createNewWebProcess): (WebKit::WebContext::mediaCacheDirectory): Deleted. * UIProcess/WebContext.h: * UIProcess/efl/WebContextEfl.cpp: (WebKit::WebContext::containerTemporaryDirectory): (WebKit::WebContext::platformMediaCacheDirectory): Deleted. * UIProcess/gtk/WebContextGtk.cpp: (WebKit::WebContext::containerTemporaryDirectory): (WebKit::WebContext::platformMediaCacheDirectory): Deleted. * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::containerTemporaryDirectory): (WebKit::WebContext::platformMediaCacheDirectory): Deleted. * WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::platformInitializeWebProcess): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h trunk/Source/WebKit2/UIProcess/WebContext.cpp trunk/Source/WebKit2/UIProcess/WebContext.h trunk/Source/WebKit2/UIProcess/efl/WebContextEfl.cpp trunk/Source/WebKit2/UIProcess/gtk/WebContextGtk.cpp trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (171942 => 171943) --- trunk/Source/WebKit2/ChangeLog 2014-08-01 19:19:14 UTC (rev 171942) +++ trunk/Source/WebKit2/ChangeLog 2014-08-01 19:19:22 UTC (rev 171943) @@ -1,3 +1,40 @@ +2014-08-01 Oliver Hunt oli...@apple.com + +Various frameworks may want to use the container temp directory, so our current restrictions are too tight +https://bugs.webkit.org/show_bug.cgi?id=135518 +rdar://17869279 + +Reviewed by Anders Carlsson. + +We don't (and can't) have complete knowledge of what different frameworks +will want to use the container temporary directory for, and so our +current attempt to heavily restrict access is simply too tight. + +This patch recognises this by simply giving read-write access to the +entire NSTemporary() directory (e.g. $container/tmp in the general case), +rather than the single sub directory we wishfully thought that we would +be able to get away with. + +* Shared/WebProcessCreationParameters.cpp: +(WebKit::WebProcessCreationParameters::encode): +(WebKit::WebProcessCreationParameters::decode): +* Shared/WebProcessCreationParameters.h: +* UIProcess/WebContext.cpp: +(WebKit::WebContext::createNewWebProcess): +(WebKit::WebContext::mediaCacheDirectory): Deleted. +* UIProcess/WebContext.h: +* UIProcess/efl/WebContextEfl.cpp: +(WebKit::WebContext::containerTemporaryDirectory): +(WebKit::WebContext::platformMediaCacheDirectory): Deleted. +* UIProcess/gtk/WebContextGtk.cpp: +(WebKit::WebContext::containerTemporaryDirectory): +(WebKit::WebContext::platformMediaCacheDirectory): Deleted. +* UIProcess/mac/WebContextMac.mm: +(WebKit::WebContext::containerTemporaryDirectory): +(WebKit::WebContext::platformMediaCacheDirectory): Deleted. +* WebProcess/cocoa/WebProcessCocoa.mm: +(WebKit::WebProcess::platformInitializeWebProcess): + 2014-08-01 Dan Bernstein m...@apple.com rdar://problem/17862013 REGRESSION (r169357): Disabling allow plug-ins doesn't stick on quit/relaunch Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp (171942 => 171943) --- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2014-08-01 19:19:14 UTC (rev 171942) +++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2014-08-01 19:19:22 UTC (rev 171943) @@ -69,8 +69,8 @@ encoder cookieStorageDirectoryExtensionHandle; encoder openGLCacheDirectory; encoder openGLCacheDirectoryExtensionHandle; -encoder mediaCacheDirectory; -encoder mediaCacheDirectoryExtensionHandle; +encoder containerTemporaryDirectory; +encoder containerTemporaryDirectoryExtensionHandle; e
[webkit-changes] [171887] trunk/Source/WebKit2
Title: [171887] trunk/Source/WebKit2 Revision 171887 Author oli...@apple.com Date 2014-07-31 14:48:33 -0700 (Thu, 31 Jul 2014) Log Message Various SSO services need the networking process to be able to spoof its bundle id https://bugs.webkit.org/show_bug.cgi?id=135468 rdar://problem/17864139 Reviewed by Alexey Proskuryakov. Just add the entitlement required to allow the sandbox to let this happen. * Configurations/Network-iOS.entitlements: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Configurations/Network-iOS.entitlements Diff Modified: trunk/Source/WebKit2/ChangeLog (171886 => 171887) --- trunk/Source/WebKit2/ChangeLog 2014-07-31 21:38:27 UTC (rev 171886) +++ trunk/Source/WebKit2/ChangeLog 2014-07-31 21:48:33 UTC (rev 171887) @@ -1,3 +1,15 @@ +2014-07-31 Oliver Hunt oli...@apple.com + +Various SSO services need the networking process to be able to spoof its bundle id +https://bugs.webkit.org/show_bug.cgi?id=135468 +rdar://problem/17864139 + +Reviewed by Alexey Proskuryakov. + +Just add the entitlement required to allow the sandbox to let this happen. + +* Configurations/Network-iOS.entitlements: + 2014-07-31 Przemyslaw Kuczynski p.kuczyn...@samsung.com Fix uninitialized scalar variable Modified: trunk/Source/WebKit2/Configurations/Network-iOS.entitlements (171886 => 171887) --- trunk/Source/WebKit2/Configurations/Network-iOS.entitlements 2014-07-31 21:38:27 UTC (rev 171886) +++ trunk/Source/WebKit2/Configurations/Network-iOS.entitlements 2014-07-31 21:48:33 UTC (rev 171887) @@ -2,6 +2,8 @@ !DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd plist version=1.0 dict + keycom.apple.private.accounts.bundleidspoofing/key + true/ keyseatbelt-profiles/key array stringcom.apple.WebKit.Networking/string ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [171629] trunk/Source/WebKit2
Title: [171629] trunk/Source/WebKit2 Revision 171629 Author oli...@apple.com Date 2014-07-25 16:17:09 -0700 (Fri, 25 Jul 2014) Log Message Creating incorrect sandbox extension for hsts plist due to missing / https://bugs.webkit.org/show_bug.cgi?id=135309 Reviewed by Sam Weinig. So it turns out that you do actually need /'s in paths... Now we actually create the correct extension. * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::platformDefaultNetworkingHSTSDatabasePath): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (171628 => 171629) --- trunk/Source/WebKit2/ChangeLog 2014-07-25 23:02:36 UTC (rev 171628) +++ trunk/Source/WebKit2/ChangeLog 2014-07-25 23:17:09 UTC (rev 171629) @@ -1,3 +1,16 @@ +2014-07-25 Oliver Hunt oli...@apple.com + +Creating incorrect sandbox extension for hsts plist due to missing / +https://bugs.webkit.org/show_bug.cgi?id=135309 + +Reviewed by Sam Weinig. + +So it turns out that you do actually need /'s in paths... +Now we actually create the correct extension. + +* UIProcess/mac/WebContextMac.mm: +(WebKit::WebContext::platformDefaultNetworkingHSTSDatabasePath): + 2014-07-24 Anders Carlsson ander...@apple.com WKNavigation's properties are either always nil or don't behave as documented Modified: trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm (171628 => 171629) --- trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-07-25 23:02:36 UTC (rev 171628) +++ trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-07-25 23:17:09 UTC (rev 171629) @@ -316,7 +316,7 @@ return String(); } -return path + HSTS.plist; +return path + /HSTS.plist; #else notImplemented(); return [@ stringByStandardizingPath]; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [171519] trunk/Source/WebKit2
Title: [171519] trunk/Source/WebKit2 Revision 171519 Author oli...@apple.com Date 2014-07-24 13:18:06 -0700 (Thu, 24 Jul 2014) Log Message Need to explicitly support location services in webcontent profile https://bugs.webkit.org/show_bug.cgi?id=135251 rdar://17798346 Reviewed by Dan Bernstein. Switching to uikit-app means that we remove the implicit support for location services. This makes us explicitly opt-in. * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb Diff Modified: trunk/Source/WebKit2/ChangeLog (171518 => 171519) --- trunk/Source/WebKit2/ChangeLog 2014-07-24 20:13:34 UTC (rev 171518) +++ trunk/Source/WebKit2/ChangeLog 2014-07-24 20:18:06 UTC (rev 171519) @@ -1,3 +1,16 @@ +2014-07-24 Oliver Hunt oli...@apple.com + +Need to explicitly support location services in webcontent profile +https://bugs.webkit.org/show_bug.cgi?id=135251 +rdar://17798346 + +Reviewed by Dan Bernstein. + +Switching to uikit-app means that we remove the implicit support +for location services. This makes us explicitly opt-in. + +* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: + 2014-07-24 Tim Horton timothy_hor...@apple.com Crash at [WKContentView _applicationWillEnterForeground:] + 28 Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (171518 => 171519) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-24 20:13:34 UTC (rev 171518) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-24 20:18:06 UTC (rev 171519) @@ -28,7 +28,7 @@ (import UIKit-apps.sb) (import removed-dev-nodes.sb) -(uikit-app 'with-opengl) +(uikit-app 'with-opengl 'with-location-services) ;; Access to media controls (play-media) ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [171490] trunk/Source/WebKit2
Title: [171490] trunk/Source/WebKit2 Revision 171490 Author oli...@apple.com Date 2014-07-23 14:43:43 -0700 (Wed, 23 Jul 2014) Log Message Incorrect commit for sandbox profile https://bugs.webkit.org/show_bug.cgi?id=135214 rdar://17739108 Reviewed by Anders Carlsson. * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb Diff Modified: trunk/Source/WebKit2/ChangeLog (171489 => 171490) --- trunk/Source/WebKit2/ChangeLog 2014-07-23 21:16:33 UTC (rev 171489) +++ trunk/Source/WebKit2/ChangeLog 2014-07-23 21:43:43 UTC (rev 171490) @@ -1,3 +1,13 @@ +2014-07-23 Oliver Hunt oli...@apple.com + +Incorrect commit for sandbox profile +https://bugs.webkit.org/show_bug.cgi?id=135214 +rdar://17739108 + +Reviewed by Anders Carlsson. + +* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: + 2014-07-23 Dan Bernstein m...@apple.com rdar://problem/17782623 [iOS] Client-certificate authentication isn’t working with some certificates Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (171489 => 171490) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-23 21:16:33 UTC (rev 171489) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-23 21:43:43 UTC (rev 171490) @@ -25,7 +25,7 @@ (deny default (with partial-symbolication)) (allow system-audit file-read-metadata) -(import common.sb) +(import UIKit-apps.sb) (import removed-dev-nodes.sb) (uikit-app 'with-opengl) ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [171493] trunk/Source/WebKit2
Title: [171493] trunk/Source/WebKit2 Revision 171493 Author oli...@apple.com Date 2014-07-23 15:03:54 -0700 (Wed, 23 Jul 2014) Log Message Add a pseudo target to create sandbox override roots https://bugs.webkit.org/show_bug.cgi?id=135216 rdar://17785560 Reviewed by Alexey Proskuryakov. Just a duplicate of the standard ios sandbox target, targetting the profile overrides directory. This means we can make roots that Just Work. * WebKit2.xcodeproj/project.pbxproj: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj Diff Modified: trunk/Source/WebKit2/ChangeLog (171492 => 171493) --- trunk/Source/WebKit2/ChangeLog 2014-07-23 21:56:30 UTC (rev 171492) +++ trunk/Source/WebKit2/ChangeLog 2014-07-23 22:03:54 UTC (rev 171493) @@ -1,5 +1,19 @@ 2014-07-23 Oliver Hunt oli...@apple.com +Add a pseudo target to create sandbox override roots +https://bugs.webkit.org/show_bug.cgi?id=135216 +rdar://17785560 + +Reviewed by Alexey Proskuryakov. + +Just a duplicate of the standard ios sandbox target, targetting +the profile overrides directory. This means we can make roots +that Just Work. + +* WebKit2.xcodeproj/project.pbxproj: + +2014-07-23 Oliver Hunt oli...@apple.com + Incorrect commit for sandbox profile https://bugs.webkit.org/show_bug.cgi?id=135214 rdar://17739108 Modified: trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj (171492 => 171493) --- trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj 2014-07-23 21:56:30 UTC (rev 171492) +++ trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj 2014-07-23 22:03:54 UTC (rev 171493) @@ -45,6 +45,17 @@ name = WebKit2SandboxProfiles; productName = WebKit2SandboxProfiles; }; + A7C0DC2D19804DEE00253CED /* WebKit2SandboxProfiles-IOSOverride */ = { + isa = PBXAggregateTarget; + buildConfigurationList = A7C0DC3219804DEE00253CED /* Build configuration list for PBXAggregateTarget WebKit2SandboxProfiles-IOSOverride */; + buildPhases = ( +A7C0DC2E19804DEE00253CED /* CopyFiles */, + ); + dependencies = ( + ); + name = WebKit2SandboxProfiles-IOSOverride; + productName = WebKit2SandboxProfiles; + }; C0CE72851247E66800BC0EC4 /* Derived Sources */ = { isa = PBXAggregateTarget; buildConfigurationList = C0CE72891247E68600BC0EC4 /* Build configuration list for PBXAggregateTarget Derived Sources */; @@ -1112,6 +1123,9 @@ A78CCDDA193AC9F4005ECC25 /* com.apple.WebKit.Databases.sb in CopyFiles */ = {isa = PBXBuildFile; fileRef = A78CCDD7193AC9E3005ECC25 /* com.apple.WebKit.Databases.sb */; }; A78CCDDB193AC9F8005ECC25 /* com.apple.WebKit.Networking.sb in CopyFiles */ = {isa = PBXBuildFile; fileRef = A78CCDD8193AC9E3005ECC25 /* com.apple.WebKit.Networking.sb */; }; A78CCDDC193AC9FB005ECC25 /* com.apple.WebKit.WebContent.sb in CopyFiles */ = {isa = PBXBuildFile; fileRef = A78CCDD9193AC9E3005ECC25 /* com.apple.WebKit.WebContent.sb */; }; + A7C0DC2F19804DEE00253CED /* com.apple.WebKit.Databases.sb in CopyFiles */ = {isa = PBXBuildFile; fileRef = A78CCDD7193AC9E3005ECC25 /* com.apple.WebKit.Databases.sb */; }; + A7C0DC3019804DEE00253CED /* com.apple.WebKit.Networking.sb in CopyFiles */ = {isa = PBXBuildFile; fileRef = A78CCDD8193AC9E3005ECC25 /* com.apple.WebKit.Networking.sb */; }; + A7C0DC3119804DEE00253CED /* com.apple.WebKit.WebContent.sb in CopyFiles */ = {isa = PBXBuildFile; fileRef = A78CCDD9193AC9E3005ECC25 /* com.apple.WebKit.WebContent.sb */; }; A7D792D61767CB6E00881CBE /* ActivityAssertion.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A7D792D51767CB6E00881CBE /* ActivityAssertion.cpp */; }; A7D792D81767CCA300881CBE /* ActivityAssertion.h in Headers */ = {isa = PBXBuildFile; fileRef = A7D792D41767CB0900881CBE /* ActivityAssertion.h */; }; A7E93CED1925331100A1DC48 /* ChildProcessIOS.mm in Sources */ = {isa = PBXBuildFile; fileRef = A7E93CEB192531AA00A1DC48 /* ChildProcessIOS.mm */; }; @@ -1957,6 +1971,18 @@ ); runOnlyForDeploymentPostprocessing = 0; }; + A7C0DC2E19804DEE00253CED /* CopyFiles */ = { + isa = PBXCopyFilesBuildPhase; + buildActionMask = 2147483647; + dstPath = /usr/local/share/sandbox; + dstSubfolderSpec = 0; + files = ( +A7C0DC2F19804DEE00253CED /* com.apple.WebKit.Databases.sb in CopyFiles */, +A7C0DC3019804DEE00253CED /* com.apple.WebKit.Networking.sb in CopyFiles */, +A7C0DC3119804DEE00253CED /* com.apple.WebKit.WebContent.sb in CopyFiles */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; BCDE093C13272496001259FB /* Copy Plug-in Process Shim */ = { isa = PBXCopyFilesBuildPhase; buildActionMask = 2147483647; @@ -8221,6 +8247,7 @@ 51F7DC3F180CC93600212CA3 /* Databases */, 5180C713180CCA3100FDA612 /* Databases.Development */, A7AADA1019395CA9003EA1C7 /* WebKit2SandboxProfiles */, +A7C0DC2D19804DEE00253CED /* WebKit2SandboxProfiles-IOSOv
[webkit-changes] [171356] trunk/Source/WebKit2
Title: [171356] trunk/Source/WebKit2 Revision 171356 Author oli...@apple.com Date 2014-07-22 12:58:25 -0700 (Tue, 22 Jul 2014) Log Message Provide networking process with access to its HSTS db https://bugs.webkit.org/show_bug.cgi?id=135121 rdar://17654369 Reviewed by Alexey Proskuryakov. Add an extension parameter to pass the hsts database file. This requires us to create the Caches/com.apple.WebKit.Networking directory in the UI process, as the network sandbox does not allow it to create the containing directory. * NetworkProcess/cocoa/NetworkProcessCocoa.mm: (WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): * Shared/Network/NetworkProcessCreationParameters.cpp: (WebKit::NetworkProcessCreationParameters::encode): (WebKit::NetworkProcessCreationParameters::decode): * Shared/Network/NetworkProcessCreationParameters.h: * UIProcess/WebContext.cpp: (WebKit::WebContext::ensureNetworkProcess): (WebKit::WebContext::networkingHSTSDatabasePath): * UIProcess/WebContext.h: * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::platformDefaultNetworkingHSTSDatabasePath): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h trunk/Source/WebKit2/UIProcess/WebContext.cpp trunk/Source/WebKit2/UIProcess/WebContext.h trunk/Source/WebKit2/UIProcess/efl/WebContextEfl.cpp trunk/Source/WebKit2/UIProcess/gtk/WebContextGtk.cpp trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (171355 => 171356) --- trunk/Source/WebKit2/ChangeLog 2014-07-22 19:48:24 UTC (rev 171355) +++ trunk/Source/WebKit2/ChangeLog 2014-07-22 19:58:25 UTC (rev 171356) @@ -1,3 +1,29 @@ +2014-07-22 Oliver Hunt oli...@apple.com + +Provide networking process with access to its HSTS db +https://bugs.webkit.org/show_bug.cgi?id=135121 +rdar://17654369 + +Reviewed by Alexey Proskuryakov. + +Add an extension parameter to pass the hsts database file. +This requires us to create the Caches/com.apple.WebKit.Networking +directory in the UI process, as the network sandbox +does not allow it to create the containing directory. + +* NetworkProcess/cocoa/NetworkProcessCocoa.mm: +(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): +* Shared/Network/NetworkProcessCreationParameters.cpp: +(WebKit::NetworkProcessCreationParameters::encode): +(WebKit::NetworkProcessCreationParameters::decode): +* Shared/Network/NetworkProcessCreationParameters.h: +* UIProcess/WebContext.cpp: +(WebKit::WebContext::ensureNetworkProcess): +(WebKit::WebContext::networkingHSTSDatabasePath): +* UIProcess/WebContext.h: +* UIProcess/mac/WebContextMac.mm: +(WebKit::WebContext::platformDefaultNetworkingHSTSDatabasePath): + 2014-07-22 Benjamin Poulain bpoul...@apple.com [iOS][WK2] UI helpers that zoom on an element ignore the viewport's allowsUserScaling Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm (171355 => 171356) --- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2014-07-22 19:48:24 UTC (rev 171355) +++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2014-07-22 19:58:25 UTC (rev 171356) @@ -61,6 +61,9 @@ void NetworkProcess::platformInitializeNetworkProcessCocoa(const NetworkProcessCreationParameters parameters) { SandboxExtension::consumePermanently(parameters.cookieStorageDirectoryExtensionHandle); +#if PLATFORM(IOS) +SandboxExtension::consumePermanently(parameters.hstsDatabasePathExtensionHandle); +#endif m_diskCacheDirectory = parameters.diskCacheDirectory; if (!m_diskCacheDirectory.isNull()) { Modified: trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp (171355 => 171356) --- trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp 2014-07-22 19:48:24 UTC (rev 171355) +++ trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp 2014-07-22 19:58:25 UTC (rev 171356) @@ -44,6 +44,10 @@ encoder diskCacheDirectoryExtensionHandle; encoder cookieStorageDirectory; encoder cookieStorageDirectoryExtensionHandle; +#if PLATFORM(IOS) +encoder hstsDatabasePath; +encoder hstsDatabasePathExtensionHandle; +#endif encoder shouldUseTestingNetworkSession; #if ENABLE(CUSTOM_PROTOCOLS) encoder urlSchemesRegisteredForCustomProtocols; @@ -79,6 +83,12 @@ return false; if (!decoder.decode(result.cookieStorageDirectoryExtensionHandle)) return false; +#if PLATFORM(IOS) +if (!decoder.decode(result.hstsDatabasePath)) +return false; +if (!decoder.decode(result.hstsDatabasePathExtensionHandle)) +return false
[webkit-changes] [171363] trunk/Source/WebKit2
Title: [171363] trunk/Source/WebKit2 Revision 171363 Author oli...@apple.com Date 2014-07-22 14:25:24 -0700 (Tue, 22 Jul 2014) Log Message Remove unused com.apple.webkit.* rules from profiles https://bugs.webkit.org/show_bug.cgi?id=135174 rdar://17755931 Reviewed by Anders Carlsson. We never send these rules so we should just remove use of them from the profiles. * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb Diff Modified: trunk/Source/WebKit2/ChangeLog (171362 => 171363) --- trunk/Source/WebKit2/ChangeLog 2014-07-22 21:08:50 UTC (rev 171362) +++ trunk/Source/WebKit2/ChangeLog 2014-07-22 21:25:24 UTC (rev 171363) @@ -1,5 +1,19 @@ 2014-07-22 Oliver Hunt oli...@apple.com +Remove unused com.apple.webkit.* rules from profiles +https://bugs.webkit.org/show_bug.cgi?id=135174 +rdar://17755931 + +Reviewed by Anders Carlsson. + +We never send these rules so we should just remove use of them +from the profiles. + +* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: +* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: + +2014-07-22 Oliver Hunt oli...@apple.com + Provide networking process with access to its HSTS db https://bugs.webkit.org/show_bug.cgi?id=135121 rdar://17654369 Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (171362 => 171363) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-07-22 21:08:50 UTC (rev 171362) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-07-22 21:25:24 UTC (rev 171363) @@ -28,21 +28,15 @@ (import common.sb) (import removed-dev-nodes.sb) -;; Sandbox extensions -(allow file-read* (extension com.apple.webkit.read)) - ;; Access to client's cache folder re-vending to CFNetwork. ;; FIXME: Remove the webkti specific extension classes rdar://problem/17755931 (allow file-issue-extension (require-all -(require-any (extension com.apple.webkit.read-write) (extension com.apple.app-sandbox.read-write)) +(extension com.apple.app-sandbox.read-write) (extension-class com.apple.nsurlstorage.extension-cache))) ;; App sandbox extensions (allow file-read* file-write* (extension com.apple.app-sandbox.read-write)) -;; Access to own cache temp folders. -(allow file-read* file-write* (extension com.apple.webkit.read-write)) - ;; IOKit user clients (allow iokit-open (iokit-user-client-class RootDomainUserClient)) Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (171362 => 171363) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-22 21:08:50 UTC (rev 171362) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-22 21:25:24 UTC (rev 171363) @@ -57,25 +57,12 @@ (read-only-and-issue-extensions (extension com.apple.app-sandbox.read)) (read-write-and-issue-extensions (extension com.apple.app-sandbox.read-write)) -(allow file-issue-extension -(require-all -(extension-class com.apple.webkit.read) -(require-any -(extension com.apple.app-sandbox.read) -(extension com.apple.app-sandbox.read-write - - ;; Access to client's cache folder re-vending to CFNetwork. ;; FIXME: Remove the webkti specific extension classes rdar://problem/17755931 (allow file-issue-extension (require-all -(require-any (extension com.apple.webkit.read-write) (extension com.apple.app-sandbox.read-write)) +(extension com.apple.app-sandbox.read-write) (extension-class com.apple.nsurlstorage.extension-cache))) -;; Access to own cache temp folders. -(allow file-read* (extension com.apple.webkit.read)) -(allow file-read* file-write* (extension com.apple.webkit.read-write)) - - ;; Allow the OpenGL Profiler to attach. (instruments-support); For rdar://problem/7931952 ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [171365] trunk/Source/WebKit2
Title: [171365] trunk/Source/WebKit2 Revision 171365 Author oli...@apple.com Date 2014-07-22 14:32:28 -0700 (Tue, 22 Jul 2014) Log Message Add accountsd access to network sandbox profile https://bugs.webkit.org/show_bug.cgi?id=135176 rdar://17656487 Reviewed by Anders Carlsson. This is available to the webcontent process already, but is also needed for the networking process. * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb Diff Modified: trunk/Source/WebKit2/ChangeLog (171364 => 171365) --- trunk/Source/WebKit2/ChangeLog 2014-07-22 21:30:48 UTC (rev 171364) +++ trunk/Source/WebKit2/ChangeLog 2014-07-22 21:32:28 UTC (rev 171365) @@ -1,5 +1,18 @@ 2014-07-22 Oliver Hunt oli...@apple.com +Add accountsd access to network sandbox profile +https://bugs.webkit.org/show_bug.cgi?id=135176 +rdar://17656487 + +Reviewed by Anders Carlsson. + +This is available to the webcontent process already, but is also +needed for the networking process. + +* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: + +2014-07-22 Oliver Hunt oli...@apple.com + Remove unused com.apple.webkit.* rules from profiles https://bugs.webkit.org/show_bug.cgi?id=135174 rdar://17755931 Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (171364 => 171365) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-07-22 21:30:48 UTC (rev 171364) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-07-22 21:32:28 UTC (rev 171365) @@ -49,8 +49,9 @@ ;; Security framework (allow mach-lookup - (global-name com.apple.ocspd) - (global-name com.apple.securityd)) +(global-name com.apple.ocspd) +(global-name com.apple.securityd) +(global-name com.apple.accountsd.accountmanager)) (deny file-write-create (vnode-type SYMLINK)) ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [171384] trunk/Source/WebKit2
Title: [171384] trunk/Source/WebKit2 Revision 171384 Author oli...@apple.com Date 2014-07-22 19:37:51 -0700 (Tue, 22 Jul 2014) Log Message Reduce the size of the root WebContent sandbox profile https://bugs.webkit.org/show_bug.cgi?id=135182 rdar://problem/17739108 Reviewed by Alexey Proskuryakov. Switch from apple-ui-app to uikit-app as the root of the webcontent profile. * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb Diff Modified: trunk/Source/WebKit2/ChangeLog (171383 => 171384) --- trunk/Source/WebKit2/ChangeLog 2014-07-23 02:19:55 UTC (rev 171383) +++ trunk/Source/WebKit2/ChangeLog 2014-07-23 02:37:51 UTC (rev 171384) @@ -1,3 +1,16 @@ +2014-07-22 Oliver Hunt oli...@apple.com + +Reduce the size of the root WebContent sandbox profile +https://bugs.webkit.org/show_bug.cgi?id=135182 +rdar://problem/17739108 + +Reviewed by Alexey Proskuryakov. + +Switch from apple-ui-app to uikit-app as the root of the webcontent +profile. + +* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: + 2014-07-22 Jinwoo Song jinwoo7.s...@samsung.com Unreviewed build fix on EFL port after r171356. Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (171383 => 171384) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-23 02:19:55 UTC (rev 171383) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-23 02:37:51 UTC (rev 171384) @@ -27,10 +27,8 @@ (import common.sb) (import removed-dev-nodes.sb) -(import apple-UI-apps.sb) -(apple-ui-app com.apple.WebKit.WebContent 'with-opengl) -(opengl) +(uikit-app 'with-opengl) ;; Access to media controls (play-media) ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [171322] trunk/Source/WebKit2
Title: [171322] trunk/Source/WebKit2 Revision 171322 Author oli...@apple.com Date 2014-07-21 17:10:11 -0700 (Mon, 21 Jul 2014) Log Message Correct sandbox profiles to fix some excess privileges https://bugs.webkit.org/show_bug.cgi?id=135134 rdar://problem/17741886 rdar://problem/17739080 Reviewed by Alexey Proskuryakov. This cleans up our sandbox profiles to fix a few issues - the profiles no longer allow us to issue file extension we have the ability to consume, and tightens some of the other file access rules. This means we have to addd some rules to allow us to access things that we previously had access to due to lax file system restrictions. Some of the features were fixable simply by using entitlements on the process rather than custom rules. * Configurations/WebContent-iOS.entitlements: * Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb: * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Configurations/WebContent-iOS.entitlements trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb Diff Modified: trunk/Source/WebKit2/ChangeLog (171321 => 171322) --- trunk/Source/WebKit2/ChangeLog 2014-07-22 00:09:19 UTC (rev 171321) +++ trunk/Source/WebKit2/ChangeLog 2014-07-22 00:10:11 UTC (rev 171322) @@ -1,3 +1,27 @@ +2014-07-21 Oliver Hunt oli...@apple.com + +Correct sandbox profiles to fix some excess privileges +https://bugs.webkit.org/show_bug.cgi?id=135134 +rdar://problem/17741886 +rdar://problem/17739080 + +Reviewed by Alexey Proskuryakov. + +This cleans up our sandbox profiles to fix a few issues - the profiles +no longer allow us to issue file extension we have the ability to consume, +and tightens some of the other file access rules. + +This means we have to addd some rules to allow us to access things +that we previously had access to due to lax file system restrictions. + +Some of the features were fixable simply by using entitlements on the +process rather than custom rules. + +* Configurations/WebContent-iOS.entitlements: +* Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb: +* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: +* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: + 2014-07-21 Simon Fraser simon.fra...@apple.com [iOS WK2] Turn off position:fixed behavior when the keyboard is up Modified: trunk/Source/WebKit2/Configurations/WebContent-iOS.entitlements (171321 => 171322) --- trunk/Source/WebKit2/Configurations/WebContent-iOS.entitlements 2014-07-22 00:09:19 UTC (rev 171321) +++ trunk/Source/WebKit2/Configurations/WebContent-iOS.entitlements 2014-07-22 00:10:11 UTC (rev 171322) @@ -10,6 +10,10 @@ true/ keycom.apple.private.webinspector.proxy-application/key true/ + keycom.apple.locationd.authorizeapplications/key + true/ + keycom.apple.locationd.effective_bundle/key + true/ keyseatbelt-profiles/key array stringcom.apple.WebKit.WebContent/string Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb (171321 => 171322) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb 2014-07-22 00:09:19 UTC (rev 171321) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb 2014-07-22 00:10:11 UTC (rev 171322) @@ -28,20 +28,4 @@ (import common.sb) (import removed-dev-nodes.sb) -;; Sandbox extensions -(define (apply-read-and-issue-extension op path-filter) -(op file-read* path-filter) -(op file-issue-extension (require-all (extension-class com.apple.app-sandbox.read) path-filter))) -(define (apply-write-and-issue-extension op path-filter) -(op file-write* path-filter) -(op file-issue-extension (require-all (extension-class com.apple.app-sandbox.read-write) path-filter))) -(define (read-only-and-issue-extensions path-filter) -(apply-read-and-issue-extension allow path-filter)) -(define (read-write-and-issue-extensions path-filter) -(apply-read-and-issue-extension allow path-filter) -(apply-write-and-issue-extension allow path-filter)) -(read-only-and-issue-extensions (extension com.apple.app-sandbox.read)) -(read-write-and-issue-extensions (extension com.apple.app-sandbox.read-write)) - -(if (defined? 'vnode-type) -(deny file-write-create (vnode-type SYMLINK))) +(allow file-read* file-write* (extension com.apple.app-sandbox.read-write)) Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (171321 => 171322) --- trunk/Source/WebKit2/Resources/Sandbox
[webkit-changes] [171326] trunk/Source/WebKit2
Title: [171326] trunk/Source/WebKit2 Revision 171326 Author oli...@apple.com Date 2014-07-21 17:38:38 -0700 (Mon, 21 Jul 2014) Log Message Remove global cookie workaround from sandbox profiles https://bugs.webkit.org/show_bug.cgi?id=135138 rdar://17513375 Reviewed by Alexey Proskuryakov. Remove the workaround needed for global cookie access, and silencing of the associated sandbox violation. * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::platformDefaultCookieStorageDirectory): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (171325 => 171326) --- trunk/Source/WebKit2/ChangeLog 2014-07-22 00:37:13 UTC (rev 171325) +++ trunk/Source/WebKit2/ChangeLog 2014-07-22 00:38:38 UTC (rev 171326) @@ -1,5 +1,21 @@ 2014-07-21 Oliver Hunt oli...@apple.com +Remove global cookie workaround from sandbox profiles +https://bugs.webkit.org/show_bug.cgi?id=135138 +rdar://17513375 + +Reviewed by Alexey Proskuryakov. + +Remove the workaround needed for global cookie access, and silencing +of the associated sandbox violation. + +* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: +* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: +* UIProcess/mac/WebContextMac.mm: +(WebKit::WebContext::platformDefaultCookieStorageDirectory): + +2014-07-21 Oliver Hunt oli...@apple.com + Correct sandbox profiles to fix some excess privileges https://bugs.webkit.org/show_bug.cgi?id=135134 rdar://problem/17741886 Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (171325 => 171326) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-07-22 00:37:13 UTC (rev 171325) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-07-22 00:38:38 UTC (rev 171326) @@ -28,10 +28,6 @@ (import common.sb) (import removed-dev-nodes.sb) -;; Access CFNetwork shared cookies -;; This is too generous -- rdar://problem/17496756 -(apple-cookie-access 'with-read-write) - ;; Sandbox extensions (allow file-read* (extension com.apple.webkit.read)) Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (171325 => 171326) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-22 00:37:13 UTC (rev 171325) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-22 00:38:38 UTC (rev 171326) @@ -32,10 +32,6 @@ (apple-ui-app com.apple.WebKit.WebContent 'with-opengl) (opengl) -;; Access CFNetwork shared cookies -;; This is too generous -- rdar://problem/17496756 -(apple-cookie-access 'with-read-write) - ;; Access to media controls (play-media) (media-remote) Modified: trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm (171325 => 171326) --- trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-07-22 00:37:13 UTC (rev 171325) +++ trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-07-22 00:38:38 UTC (rev 171326) @@ -277,10 +277,6 @@ path = path + /Library/Cookies; path = stringByResolvingSymlinksInPath(path); -// Temporary work around for rdar://rdar://problem/17513375 -if (path == /private/var/mobile/Library/Cookies) -return String(); - return path; #else notImplemented(); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [171257] trunk/Source/WebKit2
Title: [171257] trunk/Source/WebKit2 Revision 171257 Author oli...@apple.com Date 2014-07-18 18:30:35 -0700 (Fri, 18 Jul 2014) Log Message We don't provide an extension to the temp file used for uploads https://bugs.webkit.org/show_bug.cgi?id=135079 Reviewed by Sam Weinig. Make sure didChooseFilesForOpenPanelWithDisplayStringAndIcon vends extensions for the files passed to the content process. * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::didChooseFilesForOpenPanelWithDisplayStringAndIcon): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp Diff Modified: trunk/Source/WebKit2/ChangeLog (171256 => 171257) --- trunk/Source/WebKit2/ChangeLog 2014-07-19 00:52:18 UTC (rev 171256) +++ trunk/Source/WebKit2/ChangeLog 2014-07-19 01:30:35 UTC (rev 171257) @@ -1,3 +1,16 @@ +2014-07-18 Oliver Hunt oli...@apple.com + +We don't provide an extension to the temp file used for uploads +https://bugs.webkit.org/show_bug.cgi?id=135079 + +Reviewed by Sam Weinig. + +Make sure didChooseFilesForOpenPanelWithDisplayStringAndIcon vends +extensions for the files passed to the content process. + +* UIProcess/WebPageProxy.cpp: +(WebKit::WebPageProxy::didChooseFilesForOpenPanelWithDisplayStringAndIcon): + 2014-07-18 Tim Horton timothy_hor...@apple.com ASSERTion failures in ViewGestureController indicating that we're copying WebBackForwardList Modified: trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp (171256 => 171257) --- trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp 2014-07-19 00:52:18 UTC (rev 171256) +++ trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp 2014-07-19 01:30:35 UTC (rev 171257) @@ -3775,6 +3775,16 @@ if (!isValid()) return; +#if ENABLE(SANDBOX_EXTENSIONS) +// FIXME: The sandbox extensions should be sent with the DidChooseFilesForOpenPanel message. This +// is gated on a way of passing SandboxExtension::Handles in a Vector. +for (size_t i = 0; i fileURLs.size(); ++i) { +SandboxExtension::Handle sandboxExtensionHandle; +SandboxExtension::createHandle(fileURLs[i], SandboxExtension::ReadOnly, sandboxExtensionHandle); +m_process-send(Messages::WebPage::ExtendSandboxForFileFromOpenPanel(sandboxExtensionHandle), m_pageID); +} +#endif + m_process-send(Messages::WebPage::DidChooseFilesForOpenPanelWithDisplayStringAndIcon(fileURLs, displayString, iconData ? iconData-dataReference() : IPC::DataReference()), m_pageID); m_openPanelResultListener-invalidate(); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [171113] trunk/Source/WebKit2
Title: [171113] trunk/Source/WebKit2 Revision 171113 Author oli...@apple.com Date 2014-07-15 13:31:50 -0700 (Tue, 15 Jul 2014) Log Message More tidying of the webcontent sandbox profile https://bugs.webkit.org/show_bug.cgi?id=134938 Reviewed by Alexey Proskuryakov. Remove some excessive abilities from the profile and make the required ones explicit. * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb Diff Modified: trunk/Source/WebKit2/ChangeLog (171112 => 171113) --- trunk/Source/WebKit2/ChangeLog 2014-07-15 19:41:32 UTC (rev 171112) +++ trunk/Source/WebKit2/ChangeLog 2014-07-15 20:31:50 UTC (rev 171113) @@ -1,3 +1,15 @@ +2014-07-15 Oliver Hunt oli...@apple.com + +More tidying of the webcontent sandbox profile +https://bugs.webkit.org/show_bug.cgi?id=134938 + +Reviewed by Alexey Proskuryakov. + +Remove some excessive abilities from the profile and make +the required ones explicit. + +* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: + 2014-07-14 Andreas Kling akl...@apple.com [iOS] Don't progressively re-render tiles while pinch-zooming under memory pressure. Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (171112 => 171113) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-15 19:41:32 UTC (rev 171112) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-15 20:31:50 UTC (rev 171113) @@ -29,7 +29,7 @@ (import removed-dev-nodes.sb) (import apple-UI-apps.sb) -(apple-ui-app com.apple.WebKit.WebContent 'with-webkit 'with-opengl) +(apple-ui-app com.apple.WebKit.WebContent 'with-opengl) (opengl) ;; Access CFNetwork shared cookies @@ -87,7 +87,10 @@ ;; Various services required by CFNetwork and other frameworks (allow mach-lookup - (global-name com.apple.PowerManagement.control)) +(global-name com.apple.PowerManagement.control) +(global-name com.apple.accountsd.accountmanager)) (deny file-write-create (vnode-type SYMLINK)) (deny file-read-xattr file-write-xattr (xattr-regex #^com\.apple\.security\.private\.)) + +(network-client (remote tcp)) ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [171090] trunk/Source/WebKit2
Title: [171090] trunk/Source/WebKit2 Revision 171090 Author oli...@apple.com Date 2014-07-14 16:13:56 -0700 (Mon, 14 Jul 2014) Log Message Restrict network process to remote connections https://bugs.webkit.org/show_bug.cgi?id=134908 Reviewed by Geoffrey Garen. Further restrict network client * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb Diff Modified: trunk/Source/WebKit2/ChangeLog (171089 => 171090) --- trunk/Source/WebKit2/ChangeLog 2014-07-14 22:32:01 UTC (rev 171089) +++ trunk/Source/WebKit2/ChangeLog 2014-07-14 23:13:56 UTC (rev 171090) @@ -1,3 +1,14 @@ +2014-07-14 Oliver Hunt oli...@apple.com + +Restrict network process to remote connections +https://bugs.webkit.org/show_bug.cgi?id=134908 + +Reviewed by Geoffrey Garen. + +Further restrict network client + +* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: + 2014-07-14 Tim Horton timothy_hor...@apple.com ASSERT(isMainThread()) under OneShotDisplayLinkHandler Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (171089 => 171090) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-07-14 22:32:01 UTC (rev 171089) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-07-14 23:13:56 UTC (rev 171090) @@ -53,7 +53,7 @@ (allow mach-lookup (global-name com.apple.PowerManagement.control)) -(network-client) +(network-client (remote tcp)) ;; Security framework (allow mach-lookup ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [171023] trunk/Source/WebKit2
Title: [171023] trunk/Source/WebKit2 Revision 171023 Author oli...@apple.com Date 2014-07-12 11:32:13 -0700 (Sat, 12 Jul 2014) Log Message Temporary work around for rdar://rdar://problem/17513375 https://bugs.webkit.org/show_bug.cgi?id=134848 Reviewed by Sam Weinig. Temporarily work around rdar://rdar://problem/17513375 by dropping the explicit cookie storage if it points out of the container. * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::platformDefaultCookieStorageDirectory): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (171022 => 171023) --- trunk/Source/WebKit2/ChangeLog 2014-07-12 18:13:57 UTC (rev 171022) +++ trunk/Source/WebKit2/ChangeLog 2014-07-12 18:32:13 UTC (rev 171023) @@ -1,3 +1,17 @@ +2014-07-12 Oliver Hunt oli...@apple.com + +Temporary work around for rdar://rdar://problem/17513375 +https://bugs.webkit.org/show_bug.cgi?id=134848 + +Reviewed by Sam Weinig. + +Temporarily work around rdar://rdar://problem/17513375 by +dropping the explicit cookie storage if it points out of the +container. + +* UIProcess/mac/WebContextMac.mm: +(WebKit::WebContext::platformDefaultCookieStorageDirectory): + 2014-07-11 Enrica Casucci enr...@apple.com Implement textStylingAtPosition in WK2. Modified: trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm (171022 => 171023) --- trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-07-12 18:13:57 UTC (rev 171022) +++ trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-07-12 18:32:13 UTC (rev 171023) @@ -276,7 +276,12 @@ path = NSHomeDirectory(); path = path + /Library/Cookies; -return stringByResolvingSymlinksInPath(path); +path = stringByResolvingSymlinksInPath(path); +// Temporary work around for rdar://rdar://problem/17513375 +if (path == /var/mobile/Library/Cookies) +return String(); + +return path; #else notImplemented(); return [@ stringByStandardizingPath]; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [171024] trunk/Source/WebKit2
Title: [171024] trunk/Source/WebKit2 Revision 171024 Author oli...@apple.com Date 2014-07-12 11:33:43 -0700 (Sat, 12 Jul 2014) Log Message Extend WebContent sandbox to allow some extra access for frameworks https://bugs.webkit.org/show_bug.cgi?id=134844 Reviewed by Sam Weinig. Open up the webcontent sandbox a bit so that some external frameworks can work correctly. * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: * Shared/WebProcessCreationParameters.cpp: (WebKit::WebProcessCreationParameters::encode): (WebKit::WebProcessCreationParameters::decode): * Shared/WebProcessCreationParameters.h: * UIProcess/WebContext.cpp: (WebKit::WebContext::createNewWebProcess): (WebKit::WebContext::mediaCacheDirectory): * UIProcess/WebContext.h: * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::platformMediaCacheDirectory): * WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::platformInitializeWebProcess): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h trunk/Source/WebKit2/UIProcess/WebContext.cpp trunk/Source/WebKit2/UIProcess/WebContext.h trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (171023 => 171024) --- trunk/Source/WebKit2/ChangeLog 2014-07-12 18:32:13 UTC (rev 171023) +++ trunk/Source/WebKit2/ChangeLog 2014-07-12 18:33:43 UTC (rev 171024) @@ -1,5 +1,29 @@ 2014-07-12 Oliver Hunt oli...@apple.com +Extend WebContent sandbox to allow some extra access for frameworks +https://bugs.webkit.org/show_bug.cgi?id=134844 + +Reviewed by Sam Weinig. + +Open up the webcontent sandbox a bit so that some external frameworks +can work correctly. + +* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: +* Shared/WebProcessCreationParameters.cpp: +(WebKit::WebProcessCreationParameters::encode): +(WebKit::WebProcessCreationParameters::decode): +* Shared/WebProcessCreationParameters.h: +* UIProcess/WebContext.cpp: +(WebKit::WebContext::createNewWebProcess): +(WebKit::WebContext::mediaCacheDirectory): +* UIProcess/WebContext.h: +* UIProcess/mac/WebContextMac.mm: +(WebKit::WebContext::platformMediaCacheDirectory): +* WebProcess/cocoa/WebProcessCocoa.mm: +(WebKit::WebProcess::platformInitializeWebProcess): + +2014-07-12 Oliver Hunt oli...@apple.com + Temporary work around for rdar://rdar://problem/17513375 https://bugs.webkit.org/show_bug.cgi?id=134848 Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (171023 => 171024) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-12 18:32:13 UTC (rev 171023) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-12 18:33:43 UTC (rev 171024) @@ -85,5 +85,9 @@ (allow mach-lookup (global-name com.apple.webinspector)) +;; Various services required by CFNetwork and other frameworks +(allow mach-lookup + (global-name com.apple.PowerManagement.control)) + (deny file-write-create (vnode-type SYMLINK)) (deny file-read-xattr file-write-xattr (xattr-regex #^com\.apple\.security\.private\.)) Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp (171023 => 171024) --- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2014-07-12 18:32:13 UTC (rev 171023) +++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2014-07-12 18:33:43 UTC (rev 171024) @@ -69,6 +69,8 @@ encoder cookieStorageDirectoryExtensionHandle; encoder openGLCacheDirectory; encoder openGLCacheDirectoryExtensionHandle; +encoder mediaCacheDirectory; +encoder mediaCacheDirectoryExtensionHandle; encoder shouldUseTestingNetworkSession; encoder urlSchemesRegistererdAsEmptyDocument; encoder urlSchemesRegisteredAsSecure; @@ -166,6 +168,10 @@ return false; if (!decoder.decode(parameters.openGLCacheDirectoryExtensionHandle)) return false; +if (!decoder.decode(parameters.mediaCacheDirectory)) +return false; +if (!decoder.decode(parameters.mediaCacheDirectoryExtensionHandle)) +return false; if (!decoder.decode(parameters.shouldUseTestingNetworkSession)) return false; if (!decoder.decode(parameters.urlSchemesRegistererdAsEmptyDocument)) Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h (171023 => 171024) --- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h 2014-07-12 18:32:13 UTC (rev 171023) +++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h 2014-07-12 18:33:43 UTC (rev 171024) @@
[webkit-changes] [171030] trunk/Source/WebKit2
Title: [171030] trunk/Source/WebKit2 Revision 171030 Author oli...@apple.com Date 2014-07-12 14:49:41 -0700 (Sat, 12 Jul 2014) Log Message Fix typo in prior patch https://bugs.webkit.org/show_bug.cgi?id=134858 Reviewed by Sam Weinig. Fix typo * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::platformDefaultCookieStorageDirectory): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (171029 => 171030) --- trunk/Source/WebKit2/ChangeLog 2014-07-12 21:36:42 UTC (rev 171029) +++ trunk/Source/WebKit2/ChangeLog 2014-07-12 21:49:41 UTC (rev 171030) @@ -1,3 +1,15 @@ +2014-07-12 Oliver Hunt oli...@apple.com + +Fix typo in prior patch +https://bugs.webkit.org/show_bug.cgi?id=134858 + +Reviewed by Sam Weinig. + +Fix typo + +* UIProcess/mac/WebContextMac.mm: +(WebKit::WebContext::platformDefaultCookieStorageDirectory): + 2014-07-12 Dan Bernstein m...@apple.com [Cocoa] Client is not notified of same-document navigations Modified: trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm (171029 => 171030) --- trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-07-12 21:36:42 UTC (rev 171029) +++ trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-07-12 21:49:41 UTC (rev 171030) @@ -278,7 +278,7 @@ path = path + /Library/Cookies; path = stringByResolvingSymlinksInPath(path); // Temporary work around for rdar://rdar://problem/17513375 -if (path == /var/mobile/Library/Cookies) +if (path == /private/var/mobile/Library/Cookies) return String(); return path; ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [170970] trunk/Source/WebKit2
Title: [170970] trunk/Source/WebKit2 Revision 170970 Author oli...@apple.com Date 2014-07-10 11:33:39 -0700 (Thu, 10 Jul 2014) Log Message Pass sandbox extension for GL cache over to webprocess https://bugs.webkit.org/show_bug.cgi?id=134806 Reviewed by Anders Carlsson. Add additional WebProcess parameters to pass an extension that allows access to the opengl cache directory in the host application's container. * Shared/WebProcessCreationParameters.cpp: (WebKit::WebProcessCreationParameters::encode): (WebKit::WebProcessCreationParameters::decode): * Shared/WebProcessCreationParameters.h: * UIProcess/WebContext.cpp: (WebKit::WebContext::createNewWebProcess): (WebKit::WebContext::openGLCacheDirectory): * UIProcess/WebContext.h: * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::platformDefaultOpenGLCacheDirectory): * WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::platformInitializeWebProcess): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h trunk/Source/WebKit2/UIProcess/WebContext.cpp trunk/Source/WebKit2/UIProcess/WebContext.h trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (170969 => 170970) --- trunk/Source/WebKit2/ChangeLog 2014-07-10 18:24:23 UTC (rev 170969) +++ trunk/Source/WebKit2/ChangeLog 2014-07-10 18:33:39 UTC (rev 170970) @@ -1,3 +1,27 @@ +2014-07-10 Oliver Hunt oli...@apple.com + +Pass sandbox extension for GL cache over to webprocess +https://bugs.webkit.org/show_bug.cgi?id=134806 + +Reviewed by Anders Carlsson. + +Add additional WebProcess parameters to pass an extension +that allows access to the opengl cache directory in the +host application's container. + +* Shared/WebProcessCreationParameters.cpp: +(WebKit::WebProcessCreationParameters::encode): +(WebKit::WebProcessCreationParameters::decode): +* Shared/WebProcessCreationParameters.h: +* UIProcess/WebContext.cpp: +(WebKit::WebContext::createNewWebProcess): +(WebKit::WebContext::openGLCacheDirectory): +* UIProcess/WebContext.h: +* UIProcess/mac/WebContextMac.mm: +(WebKit::WebContext::platformDefaultOpenGLCacheDirectory): +* WebProcess/cocoa/WebProcessCocoa.mm: +(WebKit::WebProcess::platformInitializeWebProcess): + 2014-07-10 Dan Bernstein m...@apple.com iOS build fix. Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp (170969 => 170970) --- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2014-07-10 18:24:23 UTC (rev 170969) +++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2014-07-10 18:33:39 UTC (rev 170970) @@ -67,6 +67,8 @@ encoder diskCacheDirectoryExtensionHandle; encoder cookieStorageDirectory; encoder cookieStorageDirectoryExtensionHandle; +encoder openGLCacheDirectory; +encoder openGLCacheDirectoryExtensionHandle; encoder shouldUseTestingNetworkSession; encoder urlSchemesRegistererdAsEmptyDocument; encoder urlSchemesRegisteredAsSecure; @@ -160,6 +162,10 @@ return false; if (!decoder.decode(parameters.cookieStorageDirectoryExtensionHandle)) return false; +if (!decoder.decode(parameters.openGLCacheDirectory)) +return false; +if (!decoder.decode(parameters.openGLCacheDirectoryExtensionHandle)) +return false; if (!decoder.decode(parameters.shouldUseTestingNetworkSession)) return false; if (!decoder.decode(parameters.urlSchemesRegistererdAsEmptyDocument)) Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h (170969 => 170970) --- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h 2014-07-10 18:24:23 UTC (rev 170969) +++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h 2014-07-10 18:33:39 UTC (rev 170970) @@ -72,6 +72,8 @@ SandboxExtension::Handle diskCacheDirectoryExtensionHandle; String cookieStorageDirectory; SandboxExtension::Handle cookieStorageDirectoryExtensionHandle; +String openGLCacheDirectory; +SandboxExtension::Handle openGLCacheDirectoryExtensionHandle; bool shouldUseTestingNetworkSession; Modified: trunk/Source/WebKit2/UIProcess/WebContext.cpp (170969 => 170970) --- trunk/Source/WebKit2/UIProcess/WebContext.cpp 2014-07-10 18:24:23 UTC (rev 170969) +++ trunk/Source/WebKit2/UIProcess/WebContext.cpp 2014-07-10 18:33:39 UTC (rev 170970) @@ -590,6 +590,10 @@ if (!parameters.cookieStorageDirectory.isEmpty()) SandboxExtension::createHandleForReadWriteDirectory(parameters.cookieStorageDirectory, parameters.cookieStorageDirectoryExtensionHandle); +parameters.openGLCacheDirectory = openGLCacheDirectory(); +if (!parameters.openGLCacheDirec
[webkit-changes] [170979] trunk/Source/WebKit2
Title: [170979] trunk/Source/WebKit2 Revision 170979 Author oli...@apple.com Date 2014-07-10 16:17:12 -0700 (Thu, 10 Jul 2014) Log Message Remove use of container relative restrictions in the network process sandbox https://bugs.webkit.org/show_bug.cgi?id=134816 Reviewed by Anders Carlsson. As i'm tidying up the various sandboxes and that's meaning we need to reduce some file restrictions in the network process. * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb Diff Modified: trunk/Source/WebKit2/ChangeLog (170978 => 170979) --- trunk/Source/WebKit2/ChangeLog 2014-07-10 22:26:02 UTC (rev 170978) +++ trunk/Source/WebKit2/ChangeLog 2014-07-10 23:17:12 UTC (rev 170979) @@ -1,3 +1,15 @@ +2014-07-10 Oliver Hunt oli...@apple.com + +Remove use of container relative restrictions in the network process sandbox +https://bugs.webkit.org/show_bug.cgi?id=134816 + +Reviewed by Anders Carlsson. + +As i'm tidying up the various sandboxes and that's meaning we +need to reduce some file restrictions in the network process. + +* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: + 2014-07-10 Pratik Solanki psola...@apple.com Unreviewed iOS build fix after r170974. Define id if building a non ObjC file. Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (170978 => 170979) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-07-10 22:26:02 UTC (rev 170978) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-07-10 23:17:12 UTC (rev 170979) @@ -33,22 +33,17 @@ (apple-cookie-access 'with-read-write) ;; Sandbox extensions -(allow file-read* (container-subpath Library/) - (extension com.apple.webkit.read)) +(allow file-read* (extension com.apple.webkit.read)) ;; Access to client's cache folder re-vending to CFNetwork. -(allow file-read* file-write* (require-all (container-subpath Library/) - (extension com.apple.nsurlstorage.extension-cache))) -(allow file-issue-extension (require-all ((container-subpath Library/) - (extension-class com.apple.nsurlstorage.extension-cache))) +(allow file-read* file-write* (extension com.apple.nsurlstorage.extension-cache)) +(allow file-issue-extension (extension-class com.apple.nsurlstorage.extension-cache)) ;; App sandbox extensions -(allow file-read* file-write* (require-all (container-subpath Library/) - (extension com.apple.app-sandbox.read-write))) +(allow file-read* file-write* (extension com.apple.app-sandbox.read-write)) ;; Access to own cache temp folders. -(allow file-read* file-write* (require-all (container-subpath ) - (extension com.apple.webkit.read-write))) +(allow file-read* file-write* (extension com.apple.webkit.read-write)) ;; IOKit user clients (allow iokit-open ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [170733] trunk/Source/WebKit2
Title: [170733] trunk/Source/WebKit2 Revision 170733 Author oli...@apple.com Date 2014-07-02 15:54:32 -0700 (Wed, 02 Jul 2014) Log Message Restrict network process sandbox https://bugs.webkit.org/show_bug.cgi?id=134360 Reviewed by Sam Weinig. Add more restrictions to the network process sandbox. * NetworkProcess/cocoa/NetworkProcessCocoa.mm: (WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): Always use the cache directory provided in the initialization parameters, and make sure we consume the cookie directory extension. * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Make the sandbox profile much more restrictive. * Shared/Network/NetworkProcessCreationParameters.cpp: (WebKit::NetworkProcessCreationParameters::encode): (WebKit::NetworkProcessCreationParameters::decode): * Shared/Network/NetworkProcessCreationParameters.h: The network process now requires an extension to access its cookie storage. * Shared/mac/SandboxUtilities.cpp: (WebKit::pathForProcessContainer): * Shared/mac/SandboxUtilities.h: We need to be able to get hold of our container so that we can get the correct cookie storage directory. * UIProcess/WebContext.cpp: (WebKit::WebContext::ensureNetworkProcess): We have to pass in the an extension for the cookie storage directory when initalising the network process * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::platformDefaultCookieStorageDirectory): Make sure we provide the correct location on IOS * WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::platformInitializeWebProcess): Consume the cookie storage extension Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h trunk/Source/WebKit2/Shared/mac/SandboxUtilities.cpp trunk/Source/WebKit2/Shared/mac/SandboxUtilities.h trunk/Source/WebKit2/UIProcess/WebContext.cpp trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (170732 => 170733) --- trunk/Source/WebKit2/ChangeLog 2014-07-02 22:52:41 UTC (rev 170732) +++ trunk/Source/WebKit2/ChangeLog 2014-07-02 22:54:32 UTC (rev 170733) @@ -1,3 +1,40 @@ +2014-06-28 Oliver Hunt oli...@apple.com + + Restrict network process sandbox + https://bugs.webkit.org/show_bug.cgi?id=134360 + + Reviewed by Sam Weinig. + + Add more restrictions to the network process sandbox. + + * NetworkProcess/cocoa/NetworkProcessCocoa.mm: + (WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): + Always use the cache directory provided in the initialization parameters, + and make sure we consume the cookie directory extension. + * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: + Make the sandbox profile much more restrictive. + * Shared/Network/NetworkProcessCreationParameters.cpp: + (WebKit::NetworkProcessCreationParameters::encode): + (WebKit::NetworkProcessCreationParameters::decode): + * Shared/Network/NetworkProcessCreationParameters.h: + The network process now requires an extension to access + its cookie storage. + * Shared/mac/SandboxUtilities.cpp: + (WebKit::pathForProcessContainer): + * Shared/mac/SandboxUtilities.h: + We need to be able to get hold of our container so + that we can get the correct cookie storage directory. + * UIProcess/WebContext.cpp: + (WebKit::WebContext::ensureNetworkProcess): + We have to pass in the an extension for the cookie storage directory when + initalising the network process + * UIProcess/mac/WebContextMac.mm: + (WebKit::WebContext::platformDefaultCookieStorageDirectory): + Make sure we provide the correct location on IOS + * WebProcess/cocoa/WebProcessCocoa.mm: + (WebKit::WebProcess::platformInitializeWebProcess): + Consume the cookie storage extension + 2014-07-02 Csaba Osztrogonác o...@webkit.org URTBF after r170725. Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm (170732 => 170733) --- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2014-07-02 22:52:41 UTC (rev 170732) +++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2014-07-02 22:54:32 UTC (rev 170733) @@ -60,24 +60,23 @@ void NetworkProcess::platformInitializeNetworkProcessCocoa(const NetworkProcessCreationParameters parameters) { +SandboxExtension::consumePermanently(parameters.cookieStorageDirectoryExtension
[webkit-changes] [170608] trunk/Source/WebKit2
Title: [170608] trunk/Source/WebKit2 Revision 170608 Author oli...@apple.com Date 2014-06-30 15:51:39 -0700 (Mon, 30 Jun 2014) Log Message Restrict network process sandbox https://bugs.webkit.org/show_bug.cgi?id=134360 Reviewed by Sam Weinig. Add more restrictions to the network process sandbox. * NetworkProcess/cocoa/NetworkProcessCocoa.mm: (WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): Always use the cache directory provided in the initialization parameters, and make sure we consume the cookie directory extension. * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Make the sandbox profile much more restrictive. * Shared/Network/NetworkProcessCreationParameters.cpp: (WebKit::NetworkProcessCreationParameters::encode): (WebKit::NetworkProcessCreationParameters::decode): * Shared/Network/NetworkProcessCreationParameters.h: The network process now requires an extension to access its cookie storage. * Shared/mac/SandboxUtilities.cpp: (WebKit::pathForProcessContainer): * Shared/mac/SandboxUtilities.h: We need to be able to get hold of our container so that we can get the correct cookie storage directory. * UIProcess/WebContext.cpp: (WebKit::WebContext::ensureNetworkProcess): We have to pass in the an extension for the cookie storage directory when initalising the network process * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::platformDefaultCookieStorageDirectory): Make sure we provide the correct location on IOS * WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::platformInitializeWebProcess): Consume the cookie storage extension Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h trunk/Source/WebKit2/Shared/mac/SandboxUtilities.cpp trunk/Source/WebKit2/Shared/mac/SandboxUtilities.h trunk/Source/WebKit2/UIProcess/WebContext.cpp trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (170607 => 170608) --- trunk/Source/WebKit2/ChangeLog 2014-06-30 22:50:59 UTC (rev 170607) +++ trunk/Source/WebKit2/ChangeLog 2014-06-30 22:51:39 UTC (rev 170608) @@ -1,3 +1,40 @@ +2014-06-28 Oliver Hunt oli...@apple.com + + Restrict network process sandbox + https://bugs.webkit.org/show_bug.cgi?id=134360 + + Reviewed by Sam Weinig. + + Add more restrictions to the network process sandbox. + + * NetworkProcess/cocoa/NetworkProcessCocoa.mm: + (WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): + Always use the cache directory provided in the initialization parameters, + and make sure we consume the cookie directory extension. + * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: + Make the sandbox profile much more restrictive. + * Shared/Network/NetworkProcessCreationParameters.cpp: + (WebKit::NetworkProcessCreationParameters::encode): + (WebKit::NetworkProcessCreationParameters::decode): + * Shared/Network/NetworkProcessCreationParameters.h: + The network process now requires an extension to access + its cookie storage. + * Shared/mac/SandboxUtilities.cpp: + (WebKit::pathForProcessContainer): + * Shared/mac/SandboxUtilities.h: + We need to be able to get hold of our container so + that we can get the correct cookie storage directory. + * UIProcess/WebContext.cpp: + (WebKit::WebContext::ensureNetworkProcess): + We have to pass in the an extension for the cookie storage directory when + initalising the network process + * UIProcess/mac/WebContextMac.mm: + (WebKit::WebContext::platformDefaultCookieStorageDirectory): + Make sure we provide the correct location on IOS + * WebProcess/cocoa/WebProcessCocoa.mm: + (WebKit::WebProcess::platformInitializeWebProcess): + Consume the cookie storage extension + 2014-06-30 Simon Fraser simon.fra...@apple.com [iOS WK2] Turn off scrollsToTop on overflow UIScrollViews Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm (170607 => 170608) --- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2014-06-30 22:50:59 UTC (rev 170607) +++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2014-06-30 22:51:39 UTC (rev 170608) @@ -60,24 +60,23 @@ void NetworkProcess::platformInitializeNetworkProcessCocoa(const NetworkProcessCreationParameters parameters) { +SandboxExtension::consumePerma
[webkit-changes] [170313] trunk/Source/WebKit2
Title: [170313] trunk/Source/WebKit2 Revision 170313 Author oli...@apple.com Date 2014-06-23 13:19:35 -0700 (Mon, 23 Jun 2014) Log Message Ensure that we always use symlink free paths when specifying cache directories https://bugs.webkit.org/show_bug.cgi?id=134206 Reviewed by Anders Carlsson. Sandboxing will deny symlink based paths, so we use realpath to create extensions. This leaves us in the position of an extension using a visually different path from other parts of the process code. This patch simply makes sure that we always use the realpath for cache directories, so making debugging easier and also ensuring that we don't ever accidentally try to use a path with symlinks that will thus get denied. * Shared/SandboxExtension.h: (WebKit::stringByResolvingSymlinksInPath): * Shared/mac/SandboxExtensionMac.mm: (WebKit::stringByResolvingSymlinksInPath): * UIProcess/WebContext.cpp: (WebKit::WebContext::ensureNetworkProcess): * UIProcess/mac/WebContextMac.mm: (WebKit::WebContext::platformDefaultApplicationCacheDirectory): (WebKit::WebContext::platformDefaultDiskCacheDirectory): (WebKit::WebContext::platformDefaultWebSQLDatabaseDirectory): (WebKit::WebContext::platformDefaultIconDatabasePath): (WebKit::WebContext::platformDefaultLocalStorageDirectory): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Shared/SandboxExtension.h trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm trunk/Source/WebKit2/UIProcess/WebContext.cpp trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (170312 => 170313) --- trunk/Source/WebKit2/ChangeLog 2014-06-23 19:58:19 UTC (rev 170312) +++ trunk/Source/WebKit2/ChangeLog 2014-06-23 20:19:35 UTC (rev 170313) @@ -1,3 +1,30 @@ +2014-06-23 Oliver Hunt oli...@apple.com + +Ensure that we always use symlink free paths when specifying cache directories +https://bugs.webkit.org/show_bug.cgi?id=134206 + +Reviewed by Anders Carlsson. + +Sandboxing will deny symlink based paths, so we use realpath to create extensions. +This leaves us in the position of an extension using a visually different path +from other parts of the process code. This patch simply makes sure that we always +use the realpath for cache directories, so making debugging easier and also ensuring +that we don't ever accidentally try to use a path with symlinks that will thus get +denied. + +* Shared/SandboxExtension.h: +(WebKit::stringByResolvingSymlinksInPath): +* Shared/mac/SandboxExtensionMac.mm: +(WebKit::stringByResolvingSymlinksInPath): +* UIProcess/WebContext.cpp: +(WebKit::WebContext::ensureNetworkProcess): +* UIProcess/mac/WebContextMac.mm: +(WebKit::WebContext::platformDefaultApplicationCacheDirectory): +(WebKit::WebContext::platformDefaultDiskCacheDirectory): +(WebKit::WebContext::platformDefaultWebSQLDatabaseDirectory): +(WebKit::WebContext::platformDefaultIconDatabasePath): +(WebKit::WebContext::platformDefaultLocalStorageDirectory): + 2014-06-23 Roger Fong roger_f...@apple.com Unregister notification observer registered in r170156. Modified: trunk/Source/WebKit2/Shared/SandboxExtension.h (170312 => 170313) --- trunk/Source/WebKit2/Shared/SandboxExtension.h 2014-06-23 19:58:19 UTC (rev 170312) +++ trunk/Source/WebKit2/Shared/SandboxExtension.h 2014-06-23 20:19:35 UTC (rev 170313) @@ -132,6 +132,9 @@ inline bool SandboxExtension::consume() { return true; } inline bool SandboxExtension::consumePermanently() { return true; } inline bool SandboxExtension::consumePermanently(const Handle) { return true; } +inline String stringByResolvingSymlinksInPath(const String path) { return path; } +#else +String stringByResolvingSymlinksInPath(const String path); #endif } // namespace WebKit Modified: trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm (170312 => 170313) --- trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm 2014-06-23 19:58:19 UTC (rev 170312) +++ trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm 2014-06-23 20:19:35 UTC (rev 170313) @@ -207,6 +207,11 @@ return resolvedPath; } +String stringByResolvingSymlinksInPath(const String path) +{ +return String::fromUTF8(resolveSymlinksInPath(path.utf8())); +} + void SandboxExtension::createHandle(const String path, Type type, Handle handle) { ASSERT(!handle.m_sandboxExtension); Modified: trunk/Source/WebKit2/UIProcess/WebContext.cpp (170312 => 170313) --- trunk/Source/WebKit2/UIProcess/WebContext.cpp 2014-06-23 19:58:19 UTC (rev 170312) +++ trunk/Source/WebKit2/UIProcess/WebContext.cpp 2014-06-23 20:19:35 UTC (rev 170313) @@ -406,7 +406,7 @@ parameters.cacheModel = m_cacheModel; -parameters.diskCacheDirectory = diskCacheDirectory(); +parameters.diskCacheDirectory = stringByResolvingSymlinksInPath(diskCa
[webkit-changes] [170155] trunk/Source/WebKit2
Title: [170155] trunk/Source/WebKit2 Revision 170155 Author oli...@apple.com Date 2014-06-19 11:56:25 -0700 (Thu, 19 Jun 2014) Log Message 2014-06-19 Oliver Hunt oli...@apple.com Switch to using the process parameters during initialisation to determine whether we hsould be using the network process. RS=Sam Weinig * WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::platformInitializeWebProcess): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (170154 => 170155) --- trunk/Source/WebKit2/ChangeLog 2014-06-19 18:33:20 UTC (rev 170154) +++ trunk/Source/WebKit2/ChangeLog 2014-06-19 18:56:25 UTC (rev 170155) @@ -1,3 +1,13 @@ +2014-06-19 Oliver Hunt oli...@apple.com + +Switch to using the process parameters during initialisation +to determine whether we hsould be using the network process. + +RS=Sam Weinig + +* WebProcess/cocoa/WebProcessCocoa.mm: +(WebKit::WebProcess::platformInitializeWebProcess): + 2014-06-19 Pratik Solanki psola...@apple.com Copy SharedBuffer data into IPC message directly Modified: trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm (170154 => 170155) --- trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm 2014-06-19 18:33:20 UTC (rev 170154) +++ trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm 2014-06-19 18:56:25 UTC (rev 170155) @@ -171,7 +171,7 @@ // When the network process is enabled, each web process wants a stand-alone // NSURLCache, which it can disable to save memory. -if (!usesNetworkProcess()) { +if (!parameters.usesNetworkProcess) { #if PLATFORM(IOS) if (!parameters.uiProcessBundleIdentifier.isNull()) { [NSURLCache setSharedURLCache:adoptNS([[NSURLCache alloc] ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [170079] trunk
Title: [170079] trunk Revision 170079 Author oli...@apple.com Date 2014-06-17 15:29:56 -0700 (Tue, 17 Jun 2014) Log Message Fix error messages for incorrect hex literals https://bugs.webkit.org/show_bug.cgi?id=133998 Reviewed by Mark Lam. Source/_javascript_Core: Ensure that the error messages for bogus hex literals actually make sense. * parser/Lexer.cpp: (JSC::LexerT::lex): * parser/ParserTokens.h: LayoutTests: Update tests for sane error messages. * sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.3_Numeric_Literals/S7.8.3_A6.1_T1-expected.txt: * sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.3_Numeric_Literals/S7.8.3_A6.1_T2-expected.txt: * sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.3_Numeric_Literals/S7.8.3_A6.2_T1-expected.txt: * sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.3_Numeric_Literals/S7.8.3_A6.2_T2-expected.txt: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.3_Numeric_Literals/S7.8.3_A6.1_T1-expected.txt trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.3_Numeric_Literals/S7.8.3_A6.1_T2-expected.txt trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.3_Numeric_Literals/S7.8.3_A6.2_T1-expected.txt trunk/LayoutTests/sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.3_Numeric_Literals/S7.8.3_A6.2_T2-expected.txt trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/parser/Lexer.cpp trunk/Source/_javascript_Core/parser/ParserTokens.h Added Paths trunk/LayoutTests/js/parser-error-messages-expected.txt trunk/LayoutTests/js/parser-error-messages.html trunk/LayoutTests/js/script-tests/parser-error-messages.js Diff Modified: trunk/LayoutTests/ChangeLog (170078 => 170079) --- trunk/LayoutTests/ChangeLog 2014-06-17 22:27:16 UTC (rev 170078) +++ trunk/LayoutTests/ChangeLog 2014-06-17 22:29:56 UTC (rev 170079) @@ -1,3 +1,17 @@ +2014-06-17 Oliver Hunt oli...@apple.com + +Fix error messages for incorrect hex literals +https://bugs.webkit.org/show_bug.cgi?id=133998 + +Reviewed by Mark Lam. + +Update tests for sane error messages. + +* sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.3_Numeric_Literals/S7.8.3_A6.1_T1-expected.txt: +* sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.3_Numeric_Literals/S7.8.3_A6.1_T2-expected.txt: +* sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.3_Numeric_Literals/S7.8.3_A6.2_T1-expected.txt: +* sputnik/Conformance/07_Lexical_Conventions/7.8_Literals/7.8.3_Numeric_Literals/S7.8.3_A6.2_T2-expected.txt: + 2014-06-17 Carlos Alberto Lopez Perez clo...@igalia.com [GTK] Fix the handling of resize events after r169505. Added: trunk/LayoutTests/js/parser-error-messages-expected.txt (0 => 170079) --- trunk/LayoutTests/js/parser-error-messages-expected.txt (rev 0) +++ trunk/LayoutTests/js/parser-error-messages-expected.txt 2014-06-17 22:29:56 UTC (rev 170079) @@ -0,0 +1,14 @@ +Tests error messages to make sure that they're sane + +On success, you will see a series of PASS messages, followed by TEST COMPLETE. + + +PASS parseTest('0x') is No hexadecimal digits after '0x' +PASS parseTest('0xg') is No hexadecimal digits after '0x' +PASS parseTest('0x1.2') is Unexpected number '.2'. Parse error. +PASS parseTest('0x1g') is No space between hexadecimal literal and identifier +PASS parseTest('0x1in') is No space between hexadecimal literal and identifier +PASS successfullyParsed is true + +TEST COMPLETE + Added: trunk/LayoutTests/js/parser-error-messages.html (0 => 170079) --- trunk/LayoutTests/js/parser-error-messages.html (rev 0) +++ trunk/LayoutTests/js/parser-error-messages.html 2014-06-17 22:29:56 UTC (rev 170079) @@ -0,0 +1,10 @@ +!DOCTYPE HTML PUBLIC -//IETF//DTD HTML//EN +html +head +script src="" +/head +body +script src="" +script src="" +/body +/html Added: trunk/LayoutTests/js/script-tests/parser-error-messages.js (0 => 170079) --- trunk/LayoutTests/js/script-tests/parser-error-messages.js (rev 0) +++ trunk/LayoutTests/js/script-tests/parser-error-messages.js 2014-06-17 22:29:56 UTC (rev 170079) @@ -0,0 +1,17 @@ +description(Tests error messages to make sure that they're sane); + +function parseTest(source) +{ +try { +eval(source); +} catch (e) { +return e.message +} +} + +shouldBe(parseTest('0x'), \No hexadecimal digits after '0x'\); +shouldBe(parseTest('0xg'), \No hexadecimal digits after '0x'\); +shouldBe(parseTest('0x1.2'), \Unexpected number '.2'. Parse error.\); +shouldBe(parseTest('0x1g'), \No space between hexadecimal literal and identifier\); +shouldBe(parseTest('0x1in'), \No space between hexadecimal literal and identifier\); + Modified: trunk/LayoutTests/sputnik/Confo
[webkit-changes] [169821] trunk/Source/WebKit2
Title: [169821] trunk/Source/WebKit2 Revision 169821 Author oli...@apple.com Date 2014-06-11 13:13:37 -0700 (Wed, 11 Jun 2014) Log Message Restrict database process profile https://bugs.webkit.org/show_bug.cgi?id=133750 Reviewed by Alexey Proskuryakov. Make the sandbox profile much more restrictive. * Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb Diff Modified: trunk/Source/WebKit2/ChangeLog (169820 => 169821) --- trunk/Source/WebKit2/ChangeLog 2014-06-11 19:59:24 UTC (rev 169820) +++ trunk/Source/WebKit2/ChangeLog 2014-06-11 20:13:37 UTC (rev 169821) @@ -1,3 +1,14 @@ +2014-06-11 Oliver Hunt oli...@apple.com + +Restrict database process profile +https://bugs.webkit.org/show_bug.cgi?id=133750 + +Reviewed by Alexey Proskuryakov. + +Make the sandbox profile much more restrictive. + +* Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb: + 2014-06-11 Roger Fong roger_f...@apple.com Don't snapshot offscreen plugins that would normally be considered primary plugins after they are moved in view. Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb (169820 => 169821) --- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb 2014-06-11 19:59:24 UTC (rev 169820) +++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb 2014-06-11 20:13:37 UTC (rev 169821) @@ -4,10 +4,10 @@ ; modification, are permitted provided that the following conditions ; are met: ; 1. Redistributions of source code must retain the above copyright -; notice, this list of conditions and the following disclaimer. +;notice, this list of conditions and the following disclaimer. ; 2. Redistributions in binary form must reproduce the above copyright -; notice, this list of conditions and the following disclaimer in the -; documentation and/or other materials provided with the distribution. +;notice, this list of conditions and the following disclaimer in the +;documentation and/or other materials provided with the distribution. ; ; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' ; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, @@ -22,7 +22,26 @@ ; THE POSSIBILITY OF SUCH DAMAGE. (version 1) -(allow default) +(deny default (with partial-symbolication)) +(allow system-audit file-read-metadata) (import common.sb) (import removed-dev-nodes.sb) + +;; Sandbox extensions +(define (apply-read-and-issue-extension op path-filter) +(op file-read* path-filter) +(op file-issue-extension (require-all (extension-class com.apple.app-sandbox.read) path-filter))) +(define (apply-write-and-issue-extension op path-filter) +(op file-write* path-filter) +(op file-issue-extension (require-all (extension-class com.apple.app-sandbox.read-write) path-filter))) +(define (read-only-and-issue-extensions path-filter) +(apply-read-and-issue-extension allow path-filter)) +(define (read-write-and-issue-extensions path-filter) +(apply-read-and-issue-extension allow path-filter) +(apply-write-and-issue-extension allow path-filter)) +(read-only-and-issue-extensions (extension com.apple.app-sandbox.read)) +(read-write-and-issue-extensions (extension com.apple.app-sandbox.read-write)) + +(if (defined? 'vnode-type) +(deny file-write-create (vnode-type SYMLINK))) ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [169759] trunk/Source/WebKit2
Title: [169759] trunk/Source/WebKit2 Revision 169759 Author oli...@apple.com Date 2014-06-10 13:33:00 -0700 (Tue, 10 Jun 2014) Log Message Add process entitlements https://bugs.webkit.org/show_bug.cgi?id=133693 Reviewed by Alexey Proskuryakov. Add entitlements description for Database process, and ensure that we reference the correct seatbelt profiles. * Configurations/DatabaseService.Development.xcconfig: * Configurations/DatabaseService.xcconfig: * Configurations/Databases-iOS.entitlements: * Configurations/Network-iOS.entitlements: * Configurations/WebContent-iOS.entitlements: * WebKit2.xcodeproj/project.pbxproj: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Configurations/DatabaseService.Development.xcconfig trunk/Source/WebKit2/Configurations/DatabaseService.xcconfig trunk/Source/WebKit2/Configurations/Network-iOS.entitlements trunk/Source/WebKit2/Configurations/WebContent-iOS.entitlements trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj Added Paths trunk/Source/WebKit2/Configurations/Databases-iOS.entitlements Diff Modified: trunk/Source/WebKit2/ChangeLog (169758 => 169759) --- trunk/Source/WebKit2/ChangeLog 2014-06-10 20:29:29 UTC (rev 169758) +++ trunk/Source/WebKit2/ChangeLog 2014-06-10 20:33:00 UTC (rev 169759) @@ -1,3 +1,20 @@ +2014-06-10 Oliver Hunt oli...@apple.com + +Add process entitlements +https://bugs.webkit.org/show_bug.cgi?id=133693 + +Reviewed by Alexey Proskuryakov. + +Add entitlements description for Database process, and +ensure that we reference the correct seatbelt profiles. + +* Configurations/DatabaseService.Development.xcconfig: +* Configurations/DatabaseService.xcconfig: +* Configurations/Databases-iOS.entitlements: +* Configurations/Network-iOS.entitlements: +* Configurations/WebContent-iOS.entitlements: +* WebKit2.xcodeproj/project.pbxproj: + 2014-06-10 Alexey Proskuryakov a...@apple.com Fix crashes on some plug-in tests. Modified: trunk/Source/WebKit2/Configurations/DatabaseService.Development.xcconfig (169758 => 169759) --- trunk/Source/WebKit2/Configurations/DatabaseService.Development.xcconfig 2014-06-10 20:29:29 UTC (rev 169758) +++ trunk/Source/WebKit2/Configurations/DatabaseService.Development.xcconfig 2014-06-10 20:33:00 UTC (rev 169759) @@ -27,3 +27,6 @@ PRODUCT_NAME = com.apple.WebKit.Databases.Development; INFOPLIST_FILE = DatabaseProcess/EntryPoint/mac/XPCService/DatabaseService.Development/Info.plist; + +CODE_SIGN_ENTITLEMENTS[sdk=iphoneos*] = Configurations/Databases-iOS.entitlements +CODE_SIGN_ENTITLEMENTS[sdk=iphonesimulator*] = Configurations/Databases-iOS.entitlements Modified: trunk/Source/WebKit2/Configurations/DatabaseService.xcconfig (169758 => 169759) --- trunk/Source/WebKit2/Configurations/DatabaseService.xcconfig 2014-06-10 20:29:29 UTC (rev 169758) +++ trunk/Source/WebKit2/Configurations/DatabaseService.xcconfig 2014-06-10 20:33:00 UTC (rev 169759) @@ -27,3 +27,6 @@ PRODUCT_NAME = com.apple.WebKit.Databases; INFOPLIST_FILE = DatabaseProcess/EntryPoint/mac/XPCService/DatabaseService/Info.plist; + +CODE_SIGN_ENTITLEMENTS[sdk=iphoneos*] = Configurations/Databases-iOS.entitlements +CODE_SIGN_ENTITLEMENTS[sdk=iphonesimulator*] = Configurations/Databases-iOS.entitlements Copied: trunk/Source/WebKit2/Configurations/Databases-iOS.entitlements (from rev 169758, trunk/Source/WebKit2/Configurations/Network-iOS.entitlements) (0 => 169759) --- trunk/Source/WebKit2/Configurations/Databases-iOS.entitlements (rev 0) +++ trunk/Source/WebKit2/Configurations/Databases-iOS.entitlements 2014-06-10 20:33:00 UTC (rev 169759) @@ -0,0 +1,10 @@ +?xml version=1.0 encoding=UTF-8? +!DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd +plist version=1.0 +dict + keyseatbelt-profiles/key + array + stringcom.apple.WebKit.Databases/string + /array +/dict +/plist Modified: trunk/Source/WebKit2/Configurations/Network-iOS.entitlements (169758 => 169759) --- trunk/Source/WebKit2/Configurations/Network-iOS.entitlements 2014-06-10 20:29:29 UTC (rev 169758) +++ trunk/Source/WebKit2/Configurations/Network-iOS.entitlements 2014-06-10 20:33:00 UTC (rev 169759) @@ -2,6 +2,10 @@ !DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd plist version=1.0 dict + keyseatbelt-profiles/key + array + stringcom.apple.WebKit.Networking/string + /array keycom.apple.private.network.socket-delegate/key true/ keykeychain-access-groups/key Modified: trunk/Source/WebKit2/Configurations/WebContent-iOS.entitlements (169758 => 169759) --- trunk/Source/WebKit2/Configurations/WebContent-iOS.entitlements 2014-06-10 20:29:29 UTC (rev 169758) +++ trunk/Source/WebKit2/Configurations/WebContent-iOS.entitlements 2014-06-10 20:33:00 UTC (rev 169759) @@ -10,6 +10,10 @@ true/ keycom.apple.private.webinspector
[webkit-changes] [169622] trunk/Source/WebKit2
Title: [169622] trunk/Source/WebKit2 Revision 169622 Author oli...@apple.com Date 2014-06-05 12:49:56 -0700 (Thu, 05 Jun 2014) Log Message Enable SANDBOX_EXTENSIONS build flag universally on cocoa https://bugs.webkit.org/show_bug.cgi?id=133556 Reviewed by Alexey Proskuryakov. Remove unnecessary iOS exception. * WebKit2Prefix.h: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/WebKit2Prefix.h Diff Modified: trunk/Source/WebKit2/ChangeLog (169621 => 169622) --- trunk/Source/WebKit2/ChangeLog 2014-06-05 18:40:23 UTC (rev 169621) +++ trunk/Source/WebKit2/ChangeLog 2014-06-05 19:49:56 UTC (rev 169622) @@ -1,3 +1,14 @@ +2014-06-05 Oliver Hunt oli...@apple.com + +Enable SANDBOX_EXTENSIONS build flag universally on cocoa +https://bugs.webkit.org/show_bug.cgi?id=133556 + +Reviewed by Alexey Proskuryakov. + +Remove unnecessary iOS exception. + +* WebKit2Prefix.h: + 2014-06-05 Alexey Proskuryakov a...@apple.com [Mac] Tweak plug-in sandbox profiles Modified: trunk/Source/WebKit2/WebKit2Prefix.h (169621 => 169622) --- trunk/Source/WebKit2/WebKit2Prefix.h 2014-06-05 18:40:23 UTC (rev 169621) +++ trunk/Source/WebKit2/WebKit2Prefix.h 2014-06-05 19:49:56 UTC (rev 169622) @@ -32,9 +32,7 @@ #if PLATFORM(COCOA) -#if !PLATFORM(IOS) #define ENABLE_SANDBOX_EXTENSIONS 1 -#endif #define ENABLE_WEB_PROCESS_SANDBOX 1 ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [169598] trunk
Title: [169598] trunk Revision 169598 Author oli...@apple.com Date 2014-06-04 14:54:46 -0700 (Wed, 04 Jun 2014) Log Message ArrayIterator should not be exposed in Safari 8 https://bugs.webkit.org/show_bug.cgi?id=133494 Reviewed by Michael Saboff. Source/_javascript_Core: Separate out types that require constructor objects, and don't include the iterator types in that list. * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): * runtime/JSGlobalObject.h: LayoutTests: Add tests. * js/no-iterator-constructors.html: Added. * js/script-tests/no-iterator-constructors.js: Added. Modified Paths trunk/LayoutTests/ChangeLog trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp trunk/Source/_javascript_Core/runtime/JSGlobalObject.h Added Paths trunk/LayoutTests/js/no-iterator-constructors-expected.txt trunk/LayoutTests/js/no-iterator-constructors.html trunk/LayoutTests/js/script-tests/no-iterator-constructors.js Diff Modified: trunk/LayoutTests/ChangeLog (169597 => 169598) --- trunk/LayoutTests/ChangeLog 2014-06-04 21:44:16 UTC (rev 169597) +++ trunk/LayoutTests/ChangeLog 2014-06-04 21:54:46 UTC (rev 169598) @@ -1,3 +1,15 @@ +2014-06-04 Oliver Hunt oli...@apple.com + +ArrayIterator should not be exposed in Safari 8 +https://bugs.webkit.org/show_bug.cgi?id=133494 + +Reviewed by Michael Saboff. + +Add tests. + +* js/no-iterator-constructors.html: Added. +* js/script-tests/no-iterator-constructors.js: Added. + 2014-05-27 Myles C. Maxfield mmaxfi...@apple.com Lists styled with SVG fonts are not rendered as expected Added: trunk/LayoutTests/js/no-iterator-constructors-expected.txt (0 => 169598) --- trunk/LayoutTests/js/no-iterator-constructors-expected.txt (rev 0) +++ trunk/LayoutTests/js/no-iterator-constructors-expected.txt 2014-06-04 21:54:46 UTC (rev 169598) @@ -0,0 +1,13 @@ +This test makes sure we aren't putting the iterator constructors on the global object. + +On success, you will see a series of PASS messages, followed by TEST COMPLETE. + + +PASS 'ArrayIterator' in this is false +PASS 'ArgumentsIterator' in this is false +PASS 'MapIterator' in this is false +PASS 'SetIterator' in this is false +PASS successfullyParsed is true + +TEST COMPLETE + Added: trunk/LayoutTests/js/no-iterator-constructors.html (0 => 169598) --- trunk/LayoutTests/js/no-iterator-constructors.html (rev 0) +++ trunk/LayoutTests/js/no-iterator-constructors.html 2014-06-04 21:54:46 UTC (rev 169598) @@ -0,0 +1,10 @@ +!DOCTYPE HTML PUBLIC -//IETF//DTD HTML//EN +html +head +script src="" +/head +body +script src="" +script src="" +/body +/html Added: trunk/LayoutTests/js/script-tests/no-iterator-constructors.js (0 => 169598) --- trunk/LayoutTests/js/script-tests/no-iterator-constructors.js (rev 0) +++ trunk/LayoutTests/js/script-tests/no-iterator-constructors.js 2014-06-04 21:54:46 UTC (rev 169598) @@ -0,0 +1,7 @@ +description(This test makes sure we aren't putting the iterator constructors on the global object.); + +var global = this; +shouldBeFalse('ArrayIterator' in this); +shouldBeFalse('ArgumentsIterator' in this); +shouldBeFalse('MapIterator' in this); +shouldBeFalse('SetIterator' in this); Modified: trunk/Source/_javascript_Core/ChangeLog (169597 => 169598) --- trunk/Source/_javascript_Core/ChangeLog 2014-06-04 21:44:16 UTC (rev 169597) +++ trunk/Source/_javascript_Core/ChangeLog 2014-06-04 21:54:46 UTC (rev 169598) @@ -1,3 +1,17 @@ +2014-06-04 Oliver Hunt oli...@apple.com + +ArrayIterator should not be exposed in Safari 8 +https://bugs.webkit.org/show_bug.cgi?id=133494 + +Reviewed by Michael Saboff. + +Separate out types that require constructor objects, and don't +include the iterator types in that list. + +* runtime/JSGlobalObject.cpp: +(JSC::JSGlobalObject::reset): +* runtime/JSGlobalObject.h: + 2014-06-04 Filip Pizlo fpi...@apple.com DFG::Safepoint::begin() should set m_didCallBegin before releasing the rightToRun lock, because otherwise, Safepoint::checkLivenessAndVisitChildren() may assert due to a race Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp (169597 => 169598) --- trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2014-06-04 21:44:16 UTC (rev 169597) +++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2014-06-04 21:54:46 UTC (rev 169598) @@ -421,7 +421,7 @@ #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName) \ putDirectWithoutTransition(vm, vm.propertyNames- jsName, lowerName ## Constructor, DontEnum); \ -FOR_EACH_SIMPLE_BUILTIN_TYPE(PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE) +FOR_EACH_SIMPLE_BUILTIN_TYPE_WITH_CONSTRUCTOR(PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE) #undef PUT_CONSTRUCTO
[webkit-changes] [169533] trunk/Source/WebKit2
Title: [169533] trunk/Source/WebKit2 Revision 169533 Author oli...@apple.com Date 2014-06-02 10:22:33 -0700 (Mon, 02 Jun 2014) Log Message Restructure initial distinct sandbox profiles https://bugs.webkit.org/show_bug.cgi?id=133415 Reviewed by Alexey Proskuryakov. Add support for manually instantiating the network and content process sandboxes, and add initial profiles. These profiles are completely generic so we can make sure nothing is broken by enabling them. This also adds a target to the WebKit2 project to correctly process the profiles. * DatabaseProcess/ios/DatabaseProcessIOS.mm: (WebKit::DatabaseProcess::initializeSandbox): * DatabaseProcess/ios/com.apple.WebKit.DatabasesIOS.sb: Removed. * NetworkProcess/ios/NetworkProcessIOS.mm: (WebKit::NetworkProcess::initializeSandbox): * Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb: Added. * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Added. * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Added. * WebKit2.xcodeproj/project.pbxproj: * WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::initializeSandbox): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/DatabaseProcess/ios/DatabaseProcessIOS.mm trunk/Source/WebKit2/NetworkProcess/ios/NetworkProcessIOS.mm trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj trunk/Source/WebKit2/WebKit2Prefix.h trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm Added Paths trunk/Source/WebKit2/Resources/SandboxProfiles/ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb Removed Paths trunk/Source/WebKit2/DatabaseProcess/ios/com.apple.WebKit.DatabasesIOS.sb Diff Modified: trunk/Source/WebKit2/ChangeLog (169532 => 169533) --- trunk/Source/WebKit2/ChangeLog 2014-06-02 16:37:45 UTC (rev 169532) +++ trunk/Source/WebKit2/ChangeLog 2014-06-02 17:22:33 UTC (rev 169533) @@ -1,3 +1,30 @@ +2014-05-31 Oliver Hunt oli...@apple.com + +Restructure initial distinct sandbox profiles +https://bugs.webkit.org/show_bug.cgi?id=133415 + +Reviewed by Alexey Proskuryakov. + +Add support for manually instantiating the network and +content process sandboxes, and add initial profiles. +These profiles are completely generic so we can make sure +nothing is broken by enabling them. + +This also adds a target to the WebKit2 project to correctly +process the profiles. + +* DatabaseProcess/ios/DatabaseProcessIOS.mm: +(WebKit::DatabaseProcess::initializeSandbox): +* DatabaseProcess/ios/com.apple.WebKit.DatabasesIOS.sb: Removed. +* NetworkProcess/ios/NetworkProcessIOS.mm: +(WebKit::NetworkProcess::initializeSandbox): +* Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb: Added. +* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Added. +* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Added. +* WebKit2.xcodeproj/project.pbxproj: +* WebProcess/cocoa/WebProcessCocoa.mm: +(WebKit::WebProcess::initializeSandbox): + 2014-06-01 Sam Weinig s...@webkit.org [Cocoa] Add SPI to get a WebArchive of the WKWebView Modified: trunk/Source/WebKit2/DatabaseProcess/ios/DatabaseProcessIOS.mm (169532 => 169533) --- trunk/Source/WebKit2/DatabaseProcess/ios/DatabaseProcessIOS.mm 2014-06-02 16:37:45 UTC (rev 169532) +++ trunk/Source/WebKit2/DatabaseProcess/ios/DatabaseProcessIOS.mm 2014-06-02 17:22:33 UTC (rev 169533) @@ -52,9 +52,9 @@ void DatabaseProcess::initializeSandbox(const ChildProcessInitializationParameters parameters, SandboxInitializationParameters sandboxParameters) { #if ENABLE_MANUAL_DATABASE_SANDBOXING -// Need to overide the default, because service has a different bundle ID. +// Need to override the default, because service has a different bundle ID. NSBundle *webkit2Bundle = [NSBundle bundleForClass:NSClassFromString(@WKView)]; -sandboxParameters.setOverrideSandboxProfilePath([webkit2Bundle pathForResource:@com.apple.WebKit.DatabasesIOS ofType:@sb]); +sandboxParameters.setOverrideSandboxProfilePath([webkit2Bundle pathForResource:@com.apple.WebKit.Databases ofType:@sb]); ChildProcess::initializeSandbox(parameters, sandboxParameters); #endif } Deleted: trunk/Source/WebKit2/DatabaseProcess/ios/com.apple.WebKit.DatabasesIOS.sb (169532 => 169533) --- trunk/Source/WebKit2/DatabaseProcess/ios/com.apple.WebKit.DatabasesIOS.sb 2014-06-02 16:37:45 UTC (rev 169532) +++ trunk/Source/WebKit2/DatabaseProcess/ios/com.apple.WebKit.DatabasesIOS.sb 2014-06-02 17:22:33 UTC (rev 169533) @@ -1,53 +0,0 @@ -; Copyright (C) 2014 Apple Inc. All rights reserved. -; -; Redistribution and use
[webkit-changes] [169548] trunk/Source/WebKit2
Title: [169548] trunk/Source/WebKit2 Revision 169548 Author oli...@apple.com Date 2014-06-02 15:13:43 -0700 (Mon, 02 Jun 2014) Log Message Move ifdef to the right place. Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (169547 => 169548) --- trunk/Source/WebKit2/ChangeLog 2014-06-02 22:07:24 UTC (rev 169547) +++ trunk/Source/WebKit2/ChangeLog 2014-06-02 22:13:43 UTC (rev 169548) @@ -1,3 +1,12 @@ +2014-06-02 Oliver Hunt oli...@apple.com + +Move ifdef to the right place. + +RS=Enrica + +* WebProcess/cocoa/WebProcessCocoa.mm: +(WebKit::WebProcess::initializeSandbox): + 2014-06-02 Gavin Barraclough barraclo...@apple.com Set default voucher for XPC client processes Modified: trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm (169547 => 169548) --- trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm 2014-06-02 22:07:24 UTC (rev 169547) +++ trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm 2014-06-02 22:13:43 UTC (rev 169548) @@ -252,8 +252,8 @@ #else sandboxParameters.setOverrideSandboxProfilePath([webkit2Bundle pathForResource:@com.apple.WebProcess ofType:@sb]); #endif +ChildProcess::initializeSandbox(parameters, sandboxParameters); #endif -ChildProcess::initializeSandbox(parameters, sandboxParameters); #else UNUSED_PARAM(parameters); UNUSED_PARAM(sandboxParameters); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [169260] trunk/Source/WebCore
Title: [169260] trunk/Source/WebCore Revision 169260 Author oli...@apple.com Date 2014-05-23 10:08:14 -0700 (Fri, 23 May 2014) Log Message Navigator object needs to have properties directly on the instance object https://bugs.webkit.org/show_bug.cgi?id=133221 Reviewed by Mark Lam. Flag the Navigator object as requiring properties to be on the instance as there were a few compatibility issues when on the prototype. * bindings/scripts/CodeGeneratorJS.pm: (InterfaceRequiresAttributesOnInstance): Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm Diff Modified: trunk/Source/WebCore/ChangeLog (169259 => 169260) --- trunk/Source/WebCore/ChangeLog 2014-05-23 16:42:56 UTC (rev 169259) +++ trunk/Source/WebCore/ChangeLog 2014-05-23 17:08:14 UTC (rev 169260) @@ -1,3 +1,16 @@ +2014-05-23 Oliver Hunt oli...@apple.com + +Navigator object needs to have properties directly on the instance object +https://bugs.webkit.org/show_bug.cgi?id=133221 + +Reviewed by Mark Lam. + +Flag the Navigator object as requiring properties to be on the instance +as there were a few compatibility issues when on the prototype. + +* bindings/scripts/CodeGeneratorJS.pm: +(InterfaceRequiresAttributesOnInstance): + 2014-05-23 Simon Fraser simon.fra...@apple.com Switch CSSGradientValue to use more references Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (169259 => 169260) --- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2014-05-23 16:42:56 UTC (rev 169259) +++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2014-05-23 17:08:14 UTC (rev 169260) @@ -623,6 +623,7 @@ # FIXME: These two should be fixed by removing the custom override of message, etc return 1 if $interfaceName =~ Exception; return 1 if $interfaceName =~ Error; +return 1 if $interfaceName =~ Navigator; return 1 if IsDOMGlobalObject($interface); ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [169176] trunk/Source/WebKit2
Title: [169176] trunk/Source/WebKit2 Revision 169176 Author oli...@apple.com Date 2014-05-21 13:52:21 -0700 (Wed, 21 May 2014) Log Message [iOS] Enable sandboxing for the database process https://bugs.webkit.org/show_bug.cgi?id=132963 Reviewed by Alexey Proskuryakov. Simply ensure that the database process is running in a tight sandbox. As part of this i've separated out ChildProcessIOS and ensures that the database process loads a custom sandbox. * Configurations/WebKit.xcconfig: * DatabaseProcess/ios/DatabaseProcessIOS.mm: (WebKit::DatabaseProcess::initializeSandbox): * DatabaseProcess/ios/com.apple.WebKit.DatabasesIOS.sb: Added. * Shared/ios/ChildProcessIOS.mm: Added. Essentially cloned from the Mac version, only all the OSX specific logic has been stripped. (WebKit::ChildProcess::setApplicationIsDaemon): (WebKit::ChildProcess::platformInitialize): (WebKit::ChildProcess::initializeSandbox): (WebKit::ChildProcess::setQOS): * Shared/mac/ChildProcessMac.mm: Remove all the IOS ifdefs. (WebKit::ChildProcess::setApplicationIsDaemon): (WebKit::ChildProcess::platformInitialize): (WebKit::ChildProcess::initializeSandbox): (WebKit::ChildProcess::setQOS): * WebKit2.xcodeproj/project.pbxproj: Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Configurations/WebKit.xcconfig trunk/Source/WebKit2/DatabaseProcess/ios/DatabaseProcessIOS.mm trunk/Source/WebKit2/Shared/mac/ChildProcessMac.mm trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj Added Paths trunk/Source/WebKit2/DatabaseProcess/ios/com.apple.WebKit.DatabasesIOS.sb trunk/Source/WebKit2/Shared/ios/ChildProcessIOS.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (169175 => 169176) --- trunk/Source/WebKit2/ChangeLog 2014-05-21 20:39:36 UTC (rev 169175) +++ trunk/Source/WebKit2/ChangeLog 2014-05-21 20:52:21 UTC (rev 169176) @@ -1,3 +1,33 @@ +2014-05-21 Oliver Hunt oli...@apple.com + +[iOS] Enable sandboxing for the database process +https://bugs.webkit.org/show_bug.cgi?id=132963 + +Reviewed by Alexey Proskuryakov. + +Simply ensure that the database process is running in a tight +sandbox. As part of this i've separated out ChildProcessIOS +and ensures that the database process loads a custom sandbox. + +* Configurations/WebKit.xcconfig: +* DatabaseProcess/ios/DatabaseProcessIOS.mm: +(WebKit::DatabaseProcess::initializeSandbox): +* DatabaseProcess/ios/com.apple.WebKit.DatabasesIOS.sb: Added. +* Shared/ios/ChildProcessIOS.mm: Added. +Essentially cloned from the Mac version, only all the OSX +specific logic has been stripped. +(WebKit::ChildProcess::setApplicationIsDaemon): +(WebKit::ChildProcess::platformInitialize): +(WebKit::ChildProcess::initializeSandbox): +(WebKit::ChildProcess::setQOS): +* Shared/mac/ChildProcessMac.mm: +Remove all the IOS ifdefs. +(WebKit::ChildProcess::setApplicationIsDaemon): +(WebKit::ChildProcess::platformInitialize): +(WebKit::ChildProcess::initializeSandbox): +(WebKit::ChildProcess::setQOS): +* WebKit2.xcodeproj/project.pbxproj: + 2014-05-21 Andy Estes aes...@apple.com [iOS] Create a UIPrintFormatter for WKWebView Modified: trunk/Source/WebKit2/Configurations/WebKit.xcconfig (169175 => 169176) --- trunk/Source/WebKit2/Configurations/WebKit.xcconfig 2014-05-21 20:39:36 UTC (rev 169175) +++ trunk/Source/WebKit2/Configurations/WebKit.xcconfig 2014-05-21 20:52:21 UTC (rev 169176) @@ -43,7 +43,7 @@ OTHER_LDFLAGS_macosx = $(ASAN_OTHER_LDFLAGS) $(FRAMEWORK_AND_LIBRARY_LDFLAGS) -framework WebCore -sub_umbrella WebCore -framework WebKitLegacy -sub_umbrella WebKitLegacy; EXCLUDED_SOURCE_FILE_NAMES = $(EXCLUDED_SOURCE_FILE_NAMES_$(PLATFORM_NAME)); -EXCLUDED_SOURCE_FILE_NAMES_iphoneos = *.pdf com.apple.WebKit.DatabaseProcess.sb com.apple.WebKit.NetworkProcess.sb com.apple.WebProcess.sb PlugInSandboxProfiles/*.sb; +EXCLUDED_SOURCE_FILE_NAMES_iphoneos = *.pdf com.apple.WebKit.Databases.sb com.apple.WebKit.NetworkProcess.sb com.apple.WebProcess.sb PlugInSandboxProfiles/*.sb; EXCLUDED_SOURCE_FILE_NAMES_iphonesimulator = $(EXCLUDED_SOURCE_FILE_NAMES_iphoneos); INSTALLHDRS_SCRIPT_PHASE = YES; Modified: trunk/Source/WebKit2/DatabaseProcess/ios/DatabaseProcessIOS.mm (169175 => 169176) --- trunk/Source/WebKit2/DatabaseProcess/ios/DatabaseProcessIOS.mm 2014-05-21 20:39:36 UTC (rev 169175) +++ trunk/Source/WebKit2/DatabaseProcess/ios/DatabaseProcessIOS.mm 2014-05-21 20:52:21 UTC (rev 169176) @@ -30,12 +30,15 @@ #import DatabaseProcess.h #import SandboxInitializationParameters.h +#import WebCore/FileSystem.h #import WebCore/LocalizedStrings.h #import WebCore/NotImplemented.h #import WebKitSystemInterface.h using namespace WebCore; +#define ENABLE_MANUAL_DATABASE_SANDBOXING 0 + namespace WebKit { void DatabaseProcess::initializeProcess(const ChildProcessInitializationP
[webkit-changes] [169180] trunk/Source/WebKit2
Title: [169180] trunk/Source/WebKit2 Revision 169180 Author oli...@apple.com Date 2014-05-21 17:11:07 -0700 (Wed, 21 May 2014) Log Message Only enable sandbox extensions on mac. Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/WebKit2Prefix.h Diff Modified: trunk/Source/WebKit2/ChangeLog (169179 => 169180) --- trunk/Source/WebKit2/ChangeLog 2014-05-21 22:03:50 UTC (rev 169179) +++ trunk/Source/WebKit2/ChangeLog 2014-05-22 00:11:07 UTC (rev 169180) @@ -1,5 +1,13 @@ 2014-05-21 Oliver Hunt oli...@apple.com +Only enable sandbox extensions on mac. + +RS = Alexey. + +* WebKit2Prefix.h: + +2014-05-21 Oliver Hunt oli...@apple.com + [iOS] Enable sandboxing for the database process https://bugs.webkit.org/show_bug.cgi?id=132963 Modified: trunk/Source/WebKit2/WebKit2Prefix.h (169179 => 169180) --- trunk/Source/WebKit2/WebKit2Prefix.h 2014-05-21 22:03:50 UTC (rev 169179) +++ trunk/Source/WebKit2/WebKit2Prefix.h 2014-05-22 00:11:07 UTC (rev 169180) @@ -32,9 +32,8 @@ #if PLATFORM(COCOA) -#define ENABLE_SANDBOX_EXTENSIONS 1 - #if !PLATFORM(IOS) +#define ENABLE_SANDBOX_EXTENSIONS 1 #define ENABLE_WEB_PROCESS_SANDBOX 1 #endif ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [168984] trunk/Source/WebKit2
Title: [168984] trunk/Source/WebKit2 Revision 168984 Author oli...@apple.com Date 2014-05-16 16:28:40 -0700 (Fri, 16 May 2014) Log Message Separate enabling sandbox extensions from the WEB_PROCESS_SANDBOX flag https://bugs.webkit.org/show_bug.cgi?id=133016 Reviewed by Alexey Proskuryakov. Add a distinct SANDBOX_EXTENSIONS flag to guard sandbox extensions and switch over to it in the places that extensions are used. * Shared/SandboxExtension.h: * Shared/mac/SandboxExtensionMac.mm: * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::didChooseFilesForOpenPanel): * WebKit2Prefix.h: * WebProcess/WebPage/WebPage.cpp: * WebProcess/WebPage/WebPage.h: * WebProcess/WebPage/WebPage.messages.in: * WebProcess/cocoa/WebProcessCocoa.mm: (WebKit::WebProcess::platformInitializeWebProcess): Modified Paths trunk/Source/WebKit2/ChangeLog trunk/Source/WebKit2/Shared/SandboxExtension.h trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp trunk/Source/WebKit2/WebKit2Prefix.h trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp trunk/Source/WebKit2/WebProcess/WebPage/WebPage.h trunk/Source/WebKit2/WebProcess/WebPage/WebPage.messages.in trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm Diff Modified: trunk/Source/WebKit2/ChangeLog (168983 => 168984) --- trunk/Source/WebKit2/ChangeLog 2014-05-16 22:09:51 UTC (rev 168983) +++ trunk/Source/WebKit2/ChangeLog 2014-05-16 23:28:40 UTC (rev 168984) @@ -1,3 +1,24 @@ +2014-05-16 Oliver Hunt oli...@apple.com + +Separate enabling sandbox extensions from the WEB_PROCESS_SANDBOX flag +https://bugs.webkit.org/show_bug.cgi?id=133016 + +Reviewed by Alexey Proskuryakov. + +Add a distinct SANDBOX_EXTENSIONS flag to guard sandbox extensions +and switch over to it in the places that extensions are used. + +* Shared/SandboxExtension.h: +* Shared/mac/SandboxExtensionMac.mm: +* UIProcess/WebPageProxy.cpp: +(WebKit::WebPageProxy::didChooseFilesForOpenPanel): +* WebKit2Prefix.h: +* WebProcess/WebPage/WebPage.cpp: +* WebProcess/WebPage/WebPage.h: +* WebProcess/WebPage/WebPage.messages.in: +* WebProcess/cocoa/WebProcessCocoa.mm: +(WebKit::WebProcess::platformInitializeWebProcess): + 2014-05-16 Benjamin Poulain bpoul...@apple.com [iOS][WK2] Add a heuristic to set the right horizontal offset on rotation for responsive websites Modified: trunk/Source/WebKit2/Shared/SandboxExtension.h (168983 => 168984) --- trunk/Source/WebKit2/Shared/SandboxExtension.h 2014-05-16 22:09:51 UTC (rev 168983) +++ trunk/Source/WebKit2/Shared/SandboxExtension.h 2014-05-16 23:28:40 UTC (rev 168984) @@ -32,7 +32,7 @@ #include wtf/RefCounted.h #include wtf/text/WTFString.h -#if ENABLE(WEB_PROCESS_SANDBOX) +#if ENABLE(SANDBOX_EXTENSIONS) typedef struct __WKSandboxExtension* WKSandboxExtensionRef; #endif @@ -62,7 +62,7 @@ private: friend class SandboxExtension; -#if ENABLE(WEB_PROCESS_SANDBOX) +#if ENABLE(SANDBOX_EXTENSIONS) mutable WKSandboxExtensionRef m_sandboxExtension; #endif }; @@ -81,7 +81,7 @@ static bool decode(IPC::ArgumentDecoder, HandleArray); private: -#if ENABLE(WEB_PROCESS_SANDBOX) +#if ENABLE(SANDBOX_EXTENSIONS) std::unique_ptrHandle[] m_data; size_t m_size; #else @@ -104,13 +104,13 @@ private: explicit SandboxExtension(const Handle); -#if ENABLE(WEB_PROCESS_SANDBOX) +#if ENABLE(SANDBOX_EXTENSIONS) mutable WKSandboxExtensionRef m_sandboxExtension; size_t m_useCount; #endif }; -#if !ENABLE(WEB_PROCESS_SANDBOX) +#if !ENABLE(SANDBOX_EXTENSIONS) inline SandboxExtension::Handle::Handle() { } inline SandboxExtension::Handle::~Handle() { } inline void SandboxExtension::Handle::encode(IPC::ArgumentEncoder) const { } Modified: trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm (168983 => 168984) --- trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm 2014-05-16 22:09:51 UTC (rev 168983) +++ trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm 2014-05-16 23:28:40 UTC (rev 168984) @@ -26,7 +26,7 @@ #import config.h #import SandboxExtension.h -#if ENABLE(WEB_PROCESS_SANDBOX) +#if ENABLE(SANDBOX_EXTENSIONS) #import ArgumentDecoder.h #import ArgumentEncoder.h @@ -322,4 +322,4 @@ } // namespace WebKit -#endif // ENABLE(WEB_PROCESS_SANDBOX) +#endif // ENABLE(SANDBOX_EXTENSIONS) Modified: trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp (168983 => 168984) --- trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp 2014-05-16 22:09:51 UTC (rev 168983) +++ trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp 2014-05-16 23:28:40 UTC (rev 168984) @@ -3601,7 +3601,7 @@ if (!isValid()) return; -#if ENABLE(WEB_PROCESS_SANDBOX) +#if ENABLE(SANDBOX_EXTENSIONS) // FIXME: The sandbox extensions should be sent with the DidChooseFilesForOpenPanel message. This
[webkit-changes] [168429] trunk/Source/WebKit
Title: [168429] trunk/Source/WebKit Revision 168429 Author oli...@apple.com Date 2014-05-07 11:13:04 -0700 (Wed, 07 May 2014) Log Message Fix windows build. Modified Paths trunk/Source/WebKit/ChangeLog trunk/Source/WebKit/WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in Diff Modified: trunk/Source/WebKit/ChangeLog (168428 => 168429) --- trunk/Source/WebKit/ChangeLog 2014-05-07 17:29:33 UTC (rev 168428) +++ trunk/Source/WebKit/ChangeLog 2014-05-07 18:13:04 UTC (rev 168429) @@ -1,3 +1,9 @@ +2014-05-07 Oliver Hunt oli...@apple.com + +Fix windows build. + +* WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in: + 2014-05-06 Anders Carlsson ander...@apple.com Put the symlink in the right place. Modified: trunk/Source/WebKit/WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in (168428 => 168429) --- trunk/Source/WebKit/WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in 2014-05-07 17:29:33 UTC (rev 168428) +++ trunk/Source/WebKit/WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in 2014-05-07 18:13:04 UTC (rev 168429) @@ -480,6 +480,7 @@ ?isAPIValueWrapper@JSCell@JSC@@QBE_NXZ #endif symbolWithPointer(?reportDeprecatedGetterError@WebCore@@YA_JAAVExecState@JSC@@PBD1@Z, ?reportDeprecatedGetterError@WebCore@@YA_JAEAVExecState@JSC@@PEBD1@Z) +symbolWithPointer(?reportDeprecatedSetterError@WebCore@@YAXAAVExecState@JSC@@PBD1@Z, ?reportDeprecatedSetterError@WebCore@@YAXAAVExecState@JSC@@PBD1@Z) symbolWithPointer(?throwGetterTypeError@WebCore@@YA_JAAVExecState@JSC@@PBD1@Z, ?throwGetterTypeError@WebCore@@YA_JAEAVExecState@JSC@@PEBD1@Z) symbolWithPointer(?throwSequenceTypeError@WebCore@@YAXAAVExecState@JSC@@@Z, ?throwSequenceTypeError@WebCore@@YAXAEAVExecState@JSC@@@Z) symbolWithPointer(?throwSetterTypeError@WebCore@@YAXAAVExecState@JSC@@PBD1@Z, ?throwSetterTypeError@WebCore@@YAXAEAVExecState@JSC@@PEBD1@Z) ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [168389] trunk/Source/WebCore
Title: [168389] trunk/Source/WebCore Revision 168389 Author oli...@apple.com Date 2014-05-06 16:11:00 -0700 (Tue, 06 May 2014) Log Message Fix build. Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/WebCore.exp.in Diff Modified: trunk/Source/WebCore/ChangeLog (168388 => 168389) --- trunk/Source/WebCore/ChangeLog 2014-05-06 22:53:12 UTC (rev 168388) +++ trunk/Source/WebCore/ChangeLog 2014-05-06 23:11:00 UTC (rev 168389) @@ -1,3 +1,9 @@ +2014-05-06 Oliver Hunt oli...@apple.com + +Fix build. + +* WebCore.exp.in: + 2014-05-06 Andreas Kling akl...@apple.com Add missing line from r168384. Modified: trunk/Source/WebCore/WebCore.exp.in (168388 => 168389) --- trunk/Source/WebCore/WebCore.exp.in 2014-05-06 22:53:12 UTC (rev 168388) +++ trunk/Source/WebCore/WebCore.exp.in 2014-05-06 23:11:00 UTC (rev 168389) @@ -994,6 +994,7 @@ __ZN7WebCore27applicationIsMicrosoftMyDayEv __ZN7WebCore27protocolHostAndPortAreEqualERKNS_3URLES2_ __ZN7WebCore27reportDeprecatedGetterErrorERN3JSC9ExecStateEPKcS4_ +__ZN7WebCore27reportDeprecatedSetterErrorERN3JSC9ExecStateEPKcS4_ __ZN7WebCore27startObservingCookieChangesEPFvvE __ZN7WebCore28DocumentStyleSheetCollection12addUserSheetEN3WTF7PassRefINS_18StyleSheetContentsEEE __ZN7WebCore28DocumentStyleSheetCollection14addAuthorSheetEN3WTF7PassRefINS_18StyleSheetContentsEEE ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [167964] trunk
Title: [167964] trunk Revision 167964 Author oli...@apple.com Date 2014-04-29 15:23:17 -0700 (Tue, 29 Apr 2014) Log Message Source/_javascript_Core: Don't hold on to parameterBindingNodes forever https://bugs.webkit.org/show_bug.cgi?id=132360 Reviewed by Geoffrey Garen. Don't keep the parameter nodes anymore. Instead we store the original parameter string and reparse whenever we actually need them. Because we only actually need them for compilation this only results in a single extra parse. * bytecode/UnlinkedCodeBlock.cpp: (JSC::generateFunctionCodeBlock): (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): (JSC::UnlinkedFunctionExecutable::visitChildren): (JSC::UnlinkedFunctionExecutable::finishCreation): (JSC::UnlinkedFunctionExecutable::paramString): (JSC::UnlinkedFunctionExecutable::parameters): (JSC::UnlinkedFunctionExecutable::parameterCount): Deleted. * bytecode/UnlinkedCodeBlock.h: (JSC::UnlinkedFunctionExecutable::create): (JSC::UnlinkedFunctionExecutable::parameterCount): (JSC::UnlinkedFunctionExecutable::parameters): Deleted. (JSC::UnlinkedFunctionExecutable::finishCreation): Deleted. * parser/ASTBuilder.h: (JSC::ASTBuilder::ASTBuilder): (JSC::ASTBuilder::setFunctionBodyParameters): * parser/Nodes.h: (JSC::FunctionBodyNode::parametersStartOffset): (JSC::FunctionBodyNode::parametersEndOffset): (JSC::FunctionBodyNode::setParameterLocation): * parser/Parser.cpp: (JSC::ParserLexerType::parseFunctionInfo): (JSC::parseParameters): * parser/Parser.h: (JSC::parse): * parser/SourceCode.h: (JSC::SourceCode::subExpression): * parser/SyntaxChecker.h: (JSC::SyntaxChecker::setFunctionBodyParameters): LayoutTests: Don't hold on to parameter BindingNodes forever https://bugs.webkit.org/show_bug.cgi?id=132360 Reviewed by Geoffrey Garen. We don't regenerate the parameter string anymore, so these tests now match the original input. * js/destructuring-assignment-expected.txt: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/js/destructuring-assignment-expected.txt trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.h trunk/Source/_javascript_Core/parser/ASTBuilder.h trunk/Source/_javascript_Core/parser/Nodes.h trunk/Source/_javascript_Core/parser/Parser.cpp trunk/Source/_javascript_Core/parser/Parser.h trunk/Source/_javascript_Core/parser/SourceCode.h trunk/Source/_javascript_Core/parser/SyntaxChecker.h Diff Modified: trunk/LayoutTests/ChangeLog (167963 => 167964) --- trunk/LayoutTests/ChangeLog 2014-04-29 22:21:04 UTC (rev 167963) +++ trunk/LayoutTests/ChangeLog 2014-04-29 22:23:17 UTC (rev 167964) @@ -1,3 +1,15 @@ +2014-04-29 Oliver Hunt oli...@apple.com + +Don't hold on to parameter BindingNodes forever +https://bugs.webkit.org/show_bug.cgi?id=132360 + +Reviewed by Geoffrey Garen. + +We don't regenerate the parameter string anymore, so these tests now +match the original input. + +* js/destructuring-assignment-expected.txt: + 2014-04-28 Roger Fong roger_f...@apple.com Plugins hidden by images should autoplay. Modified: trunk/LayoutTests/js/destructuring-assignment-expected.txt (167963 => 167964) --- trunk/LayoutTests/js/destructuring-assignment-expected.txt 2014-04-29 22:21:04 UTC (rev 167963) +++ trunk/LayoutTests/js/destructuring-assignment-expected.txt 2014-04-29 22:23:17 UTC (rev 167964) @@ -12,7 +12,7 @@ PASS var {a,b}={a:'1',b:'2'}; var r=a+b; r is '12' Function as String: (function({a,b}) { return a+b;}) PASS (function({a,b}) { return a+b;})({a:'1',b:'2'}) is '12' -PASS (function ({a:a,b:b}) { return a+b;})({a:'1',b:'2'}) is '12' +PASS (function ({a,b}) { return a+b;})({a:'1',b:'2'}) is '12' PASS ({a,b}={a:'1',b:'2'}); var r=a+b; r is '12' PASS var {c:a,d:b}={c:'1',d:'2'}; var r=a+b; r is '12' Function as String: (function({c:a,d:b}) { return a+b;}) @@ -27,7 +27,7 @@ PASS var {true:a,false:b,undefined:c,null:d,in:e,for:f,1.5:g,'foo bar':h}={true:'a',false:'b',undefined:'c',null:'d',in:'e',for:'f',1.5:'g','foo bar':'h'}; var r=a+b+c+d+e+f+g+h; r is 'abcdefgh' Function as String: (function({true:a,false:b,undefined:c,null:d,in:e,for:f,1.5:g,'foo bar':h}) { return a+b+c+d+e+f+g+h;}) PASS (function({true:a,false:b,undefined:c,null:d,in:e,for:f,1.5:g,'foo bar':h}) { return a+b+c+d+e+f+g+h;})({true:'a',false:'b',undefined:'c',null:'d',in:'e',for:'f',1.5:'g','foo bar':'h'}) is 'abcdefgh' -PASS (function ({true:a,false:b,undefined:c,null:d,in:e,for:f,1.5:g,foo bar:h}) { return a+b+c+d+e+f+g+h;})({true:'a',false:'b',undefined:'c',null:'d',in:'e',for:'f',1.5:'g','foo bar':'h'}) is 'abcdefgh' +PASS (function ({true:a,false:b,undefined:c,null:d,in:e,for:f,1.5:g,'foo bar':h}) { return a+b+c+d+e+f+g+h;})({true:'a',false:'b',undefined:'c',null:'d',in:'e',for:'f',1.5:'g','foo bar':'h'}) is 'abcdefgh' PASS ({true:a,false:b,undefined:c,null:d,in:e,for:f,1.5:g,'foo bar':h}={true:'a',fa
[webkit-changes] [167813] trunk/Source/JavaScriptCore
Title: [167813] trunk/Source/_javascript_Core Revision 167813 Author oli...@apple.com Date 2014-04-25 11:51:20 -0700 (Fri, 25 Apr 2014) Log Message Remove unused parameter from codeblock linking function https://bugs.webkit.org/show_bug.cgi?id=132199 Reviewed by Anders Carlsson. No change in behaviour. This is just a small change to make it slightly easier to reason about what the offsets in UnlinkedFunctionExecutable actually mean. * bytecode/UnlinkedCodeBlock.cpp: (JSC::UnlinkedFunctionExecutable::link): * bytecode/UnlinkedCodeBlock.h: * runtime/Executable.cpp: (JSC::ProgramExecutable::initializeGlobalProperties): Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.h trunk/Source/_javascript_Core/runtime/Executable.cpp Diff Modified: trunk/Source/_javascript_Core/ChangeLog (167812 => 167813) --- trunk/Source/_javascript_Core/ChangeLog 2014-04-25 18:17:46 UTC (rev 167812) +++ trunk/Source/_javascript_Core/ChangeLog 2014-04-25 18:51:20 UTC (rev 167813) @@ -1,3 +1,20 @@ +2014-04-25 Oliver Hunt oli...@apple.com + +Remove unused parameter from codeblock linking function +https://bugs.webkit.org/show_bug.cgi?id=132199 + +Reviewed by Anders Carlsson. + +No change in behaviour. This is just a small change to make it +slightly easier to reason about what the offsets in UnlinkedFunctionExecutable +actually mean. + +* bytecode/UnlinkedCodeBlock.cpp: +(JSC::UnlinkedFunctionExecutable::link): +* bytecode/UnlinkedCodeBlock.h: +* runtime/Executable.cpp: +(JSC::ProgramExecutable::initializeGlobalProperties): + 2014-04-25 Andreas Kling akl...@apple.com Mark some things with WTF_MAKE_FAST_ALLOCATED. Modified: trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp (167812 => 167813) --- trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp 2014-04-25 18:17:46 UTC (rev 167812) +++ trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.cpp 2014-04-25 18:51:20 UTC (rev 167813) @@ -124,15 +124,14 @@ visitor.append(thisObject-m_symbolTableForConstruct); } -FunctionExecutable* UnlinkedFunctionExecutable::link(VM vm, const SourceCode source, size_t lineOffset, size_t sourceOffset) +FunctionExecutable* UnlinkedFunctionExecutable::link(VM vm, const SourceCode source, size_t lineOffset) { unsigned firstLine = lineOffset + m_firstLineOffset; -unsigned startOffset = sourceOffset + m_startOffset; bool startColumnIsOnFirstSourceLine = !m_firstLineOffset; unsigned startColumn = m_unlinkedBodyStartColumn + (startColumnIsOnFirstSourceLine ? source.startColumn() : 1); bool endColumnIsOnStartLine = !m_lineCount; unsigned endColumn = m_unlinkedBodyEndColumn + (endColumnIsOnStartLine ? startColumn : 1); -SourceCode code(source.provider(), startOffset, startOffset + m_sourceLength, firstLine, startColumn); +SourceCode code(source.provider(), m_startOffset, m_startOffset + m_sourceLength, firstLine, startColumn); return FunctionExecutable::create(vm, code, this, firstLine, firstLine + m_lineCount, startColumn, endColumn); } Modified: trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.h (167812 => 167813) --- trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.h 2014-04-25 18:17:46 UTC (rev 167812) +++ trunk/Source/_javascript_Core/bytecode/UnlinkedCodeBlock.h 2014-04-25 18:51:20 UTC (rev 167813) @@ -132,7 +132,7 @@ static UnlinkedFunctionExecutable* fromGlobalCode(const Identifier, ExecState*, Debugger*, const SourceCode, JSObject** exception); -FunctionExecutable* link(VM, const SourceCode, size_t lineOffset, size_t sourceOffset); +FunctionExecutable* link(VM, const SourceCode, size_t lineOffset); void clearCodeForRecompilation() { Modified: trunk/Source/_javascript_Core/runtime/Executable.cpp (167812 => 167813) --- trunk/Source/_javascript_Core/runtime/Executable.cpp 2014-04-25 18:17:46 UTC (rev 167812) +++ trunk/Source/_javascript_Core/runtime/Executable.cpp 2014-04-25 18:51:20 UTC (rev 167813) @@ -485,7 +485,7 @@ for (size_t i = 0; i functionDeclarations.size(); ++i) { UnlinkedFunctionExecutable* unlinkedFunctionExecutable = functionDeclarations[i].second.get(); -JSValue value = JSFunction::create(vm, unlinkedFunctionExecutable-link(vm, m_source, lineNo(), 0), scope); +JSValue value = JSFunction::create(vm, unlinkedFunctionExecutable-link(vm, m_source, lineNo()), scope); globalObject-addFunction(callFrame, functionDeclarations[i].first, value); } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [167832] trunk
Title: [167832] trunk Revision 167832 Author oli...@apple.com Date 2014-04-25 16:14:16 -0700 (Fri, 25 Apr 2014) Log Message Need earlier cell test https://bugs.webkit.org/show_bug.cgi?id=132211 Reviewed by Mark Lam. Source/_javascript_Core: Move cell test to before the function call repatch location, as the repatch logic for 32bit assumes that the caller will already have performed a cell check. * jit/JITCall32_64.cpp: (JSC::JIT::compileOpCall): LayoutTests: Tests * js/regress/polymorphic-array-call-expected.txt: Added. * js/regress/polymorphic-array-call.html: Added. * js/regress/script-tests/polymorphic-array-call.js: Added. (func.C.this.m): (func.C): (func): Modified Paths trunk/LayoutTests/ChangeLog trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/jit/JITCall32_64.cpp Added Paths trunk/LayoutTests/js/regress/polymorphic-array-call-expected.txt trunk/LayoutTests/js/regress/polymorphic-array-call.html trunk/LayoutTests/js/regress/script-tests/polymorphic-array-call.js Diff Modified: trunk/LayoutTests/ChangeLog (167831 => 167832) --- trunk/LayoutTests/ChangeLog 2014-04-25 23:08:01 UTC (rev 167831) +++ trunk/LayoutTests/ChangeLog 2014-04-25 23:14:16 UTC (rev 167832) @@ -1,3 +1,19 @@ +2014-04-25 Oliver Hunt oli...@apple.com + +Need earlier cell test +https://bugs.webkit.org/show_bug.cgi?id=132211 + +Reviewed by Mark Lam. + +Tests + +* js/regress/polymorphic-array-call-expected.txt: Added. +* js/regress/polymorphic-array-call.html: Added. +* js/regress/script-tests/polymorphic-array-call.js: Added. +(func.C.this.m): +(func.C): +(func): + 2014-04-11 Jer Noble jer.no...@apple.com Support Live streams in media controls. Added: trunk/LayoutTests/js/regress/polymorphic-array-call-expected.txt (0 => 167832) --- trunk/LayoutTests/js/regress/polymorphic-array-call-expected.txt (rev 0) +++ trunk/LayoutTests/js/regress/polymorphic-array-call-expected.txt 2014-04-25 23:14:16 UTC (rev 167832) @@ -0,0 +1,10 @@ +JSRegress/polymorphic-array-call + +On success, you will see a series of PASS messages, followed by TEST COMPLETE. + + +PASS no exception thrown +PASS successfullyParsed is true + +TEST COMPLETE + Added: trunk/LayoutTests/js/regress/polymorphic-array-call.html (0 => 167832) --- trunk/LayoutTests/js/regress/polymorphic-array-call.html (rev 0) +++ trunk/LayoutTests/js/regress/polymorphic-array-call.html 2014-04-25 23:14:16 UTC (rev 167832) @@ -0,0 +1,12 @@ +!DOCTYPE HTML PUBLIC -//IETF//DTD HTML//EN +html +head +script src="" +/head +body +script src="" +script src="" +script src="" +script src="" +/body +/html Added: trunk/LayoutTests/js/regress/script-tests/polymorphic-array-call.js (0 => 167832) --- trunk/LayoutTests/js/regress/script-tests/polymorphic-array-call.js (rev 0) +++ trunk/LayoutTests/js/regress/script-tests/polymorphic-array-call.js 2014-04-25 23:14:16 UTC (rev 167832) @@ -0,0 +1,23 @@ +//@ runDefault +var result = 0; +function func() { +function C() { +this.m = function () { + result ^= result * 3 + 5 + (result 3); +}; +}; +var a=[]; +for (var i =0; i 1; i++) { +a[i] = (new C); +} +a[9000].m = 0.87655; +for (var i = 0; i 1; i++) +a[i].m(); +} +try { + func(); +} catch(e) { + +} +if (result != 1561806289) + throw Expected 1561806289 but got + result Modified: trunk/Source/_javascript_Core/ChangeLog (167831 => 167832) --- trunk/Source/_javascript_Core/ChangeLog 2014-04-25 23:08:01 UTC (rev 167831) +++ trunk/Source/_javascript_Core/ChangeLog 2014-04-25 23:14:16 UTC (rev 167832) @@ -1,3 +1,17 @@ +2014-04-25 Oliver Hunt oli...@apple.com + +Need earlier cell test +https://bugs.webkit.org/show_bug.cgi?id=132211 + +Reviewed by Mark Lam. + +Move cell test to before the function call repatch +location, as the repatch logic for 32bit assumes that the +caller will already have performed a cell check. + +* jit/JITCall32_64.cpp: +(JSC::JIT::compileOpCall): + 2014-04-25 Andreas Kling akl...@apple.com Un-fast-allocate JSGlobalObjectRareData because Windows doesn't build and I'm not in the mood. Modified: trunk/Source/_javascript_Core/jit/JITCall32_64.cpp (167831 => 167832) --- trunk/Source/_javascript_Core/jit/JITCall32_64.cpp 2014-04-25 23:08:01 UTC (rev 167831) +++ trunk/Source/_javascript_Core/jit/JITCall32_64.cpp 2014-04-25 23:14:16 UTC (rev 167832) @@ -304,11 +304,12 @@ return; } +addSlowCase(branch32(NotEqual, regT1, TrustedImm32(JSValue::CellTag))); + DataLabelPtr addressOfLinkedFunctionCheck; Jump slowCase = branchPtrWithPatch(NotEqual, regT0, addressOfLinkedFunctionCheck, TrustedImmPtr(0)); addSlowCase(slowCa
[webkit-changes] [167380] trunk
Title: [167380] trunk Revision 167380 Author oli...@apple.com Date 2014-04-16 13:10:41 -0700 (Wed, 16 Apr 2014) Log Message Simple ES6 feature:Array.prototype.fill https://bugs.webkit.org/show_bug.cgi?id=131703 Reviewed by David Hyatt. Source/_javascript_Core: Add support for Array.prototype.fill * builtins/Array.prototype.js: (fill): * runtime/ArrayPrototype.cpp: LayoutTests: Add tests. * js/Object-getOwnPropertyNames-expected.txt: * js/array-fill-expected.txt: Added. * js/array-fill.html: Added. * js/script-tests/Object-getOwnPropertyNames.js: * js/script-tests/array-fill.js: Added. Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/js/Object-getOwnPropertyNames-expected.txt trunk/LayoutTests/js/script-tests/Object-getOwnPropertyNames.js trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/builtins/Array.prototype.js trunk/Source/_javascript_Core/runtime/ArrayPrototype.cpp Added Paths trunk/LayoutTests/js/array-fill-expected.txt trunk/LayoutTests/js/array-fill.html trunk/LayoutTests/js/script-tests/array-fill.js Diff Modified: trunk/LayoutTests/ChangeLog (167379 => 167380) --- trunk/LayoutTests/ChangeLog 2014-04-16 20:02:48 UTC (rev 167379) +++ trunk/LayoutTests/ChangeLog 2014-04-16 20:10:41 UTC (rev 167380) @@ -1,3 +1,18 @@ +2014-04-16 Oliver Hunt oli...@apple.com + +Simple ES6 feature:Array.prototype.fill +https://bugs.webkit.org/show_bug.cgi?id=131703 + +Reviewed by David Hyatt. + +Add tests. + +* js/Object-getOwnPropertyNames-expected.txt: +* js/array-fill-expected.txt: Added. +* js/array-fill.html: Added. +* js/script-tests/Object-getOwnPropertyNames.js: +* js/script-tests/array-fill.js: Added. + 2014-04-16 David Kilzer ddkil...@apple.com Remove test results that match platform/mac results Modified: trunk/LayoutTests/js/Object-getOwnPropertyNames-expected.txt (167379 => 167380) --- trunk/LayoutTests/js/Object-getOwnPropertyNames-expected.txt 2014-04-16 20:02:48 UTC (rev 167379) +++ trunk/LayoutTests/js/Object-getOwnPropertyNames-expected.txt 2014-04-16 20:10:41 UTC (rev 167380) @@ -45,7 +45,7 @@ PASS getSortedOwnPropertyNames(Function) is ['length', 'name', 'prototype'] PASS getSortedOwnPropertyNames(Function.prototype) is ['apply', 'bind', 'call', 'constructor', 'length', 'name', 'toString'] PASS getSortedOwnPropertyNames(Array) is ['isArray', 'length', 'name', 'prototype'] -PASS getSortedOwnPropertyNames(Array.prototype) is ['concat', 'constructor', 'entries', 'every', 'filter', 'forEach', 'indexOf', 'join', 'keys', 'lastIndexOf', 'length', 'map', 'pop', 'push', 'reduce', 'reduceRight', 'reverse', 'shift', 'slice', 'some', 'sort', 'splice', 'toLocaleString', 'toString', 'unshift'] +PASS getSortedOwnPropertyNames(Array.prototype) is ['concat', 'constructor', 'entries', 'every', 'fill', 'filter', 'forEach', 'indexOf', 'join', 'keys', 'lastIndexOf', 'length', 'map', 'pop', 'push', 'reduce', 'reduceRight', 'reverse', 'shift', 'slice', 'some', 'sort', 'splice', 'toLocaleString', 'toString', 'unshift'] PASS getSortedOwnPropertyNames(String) is ['fromCharCode', 'length', 'name', 'prototype'] PASS getSortedOwnPropertyNames(String.prototype) is ['anchor', 'big', 'blink', 'bold', 'charAt', 'charCodeAt', 'concat', 'constructor', 'fixed', 'fontcolor', 'fontsize', 'indexOf', 'italics', 'lastIndexOf', 'length', 'link', 'localeCompare', 'match', 'replace', 'search', 'slice', 'small', 'split', 'strike', 'sub', 'substr', 'substring', 'sup', 'toLocaleLowerCase', 'toLocaleUpperCase', 'toLowerCase', 'toString', 'toUpperCase', 'trim', 'trimLeft', 'trimRight', 'valueOf'] PASS getSortedOwnPropertyNames(Boolean) is ['length', 'name', 'prototype'] Added: trunk/LayoutTests/js/array-fill-expected.txt (0 => 167380) --- trunk/LayoutTests/js/array-fill-expected.txt (rev 0) +++ trunk/LayoutTests/js/array-fill-expected.txt 2014-04-16 20:10:41 UTC (rev 167380) @@ -0,0 +1,20 @@ +This test checks the behavior of the Array.prototype.fill() + +On success, you will see a series of PASS messages, followed by TEST COMPLETE. + + +PASS [0, 0, 0, 0, 0].fill() is [undefined, undefined, undefined, undefined, undefined] +PASS [0, 0, 0, 0, 0].fill(3) is [3, 3, 3, 3, 3] +PASS [0, 0, 0, 0, 0].fill(3, 1) is [0, 3, 3, 3, 3] +PASS [0, 0, 0, 0, 0].fill(3, 1, 3) is [0, 3, 3, 0, 0] +PASS [0, 0, 0, 0, 0].fill(3, 1, 1000) is [0, 3, 3, 3, 3] +PASS [0, 0, 0, 0, 0].fill(3, -2, 1000) is [0, 0, 0, 3, 3] +PASS [0, 0, 0, 0, 0].fill(3, -2, 4) is [0, 0, 0, 3, 0] +PASS [0, 0, 0, 0, 0].fill(3, -2, -1) is [0, 0, 0, 3, 0] +PASS [0, 0, 0, 0, 0].fill(3, -2, -3) is [0, 0, 0, 0, 0] +PASS [0, 0, 0, 0, 0].fill(3, undefined, 4) is [3, 3, 3, 3, 0] +PASS [ , , , , 0].fill(3, 1, 3) is [, 3, 3, , 0] +PASS successfullyParsed is true + +TEST COMPLETE + Added: trunk/LayoutTests/js/array-fill.html (0 => 167380) --- trunk/LayoutTests/js/array-fill.html (rev
[webkit-changes] [167251] trunk/Source/WebCore
Title: [167251] trunk/Source/WebCore Revision 167251 Author oli...@apple.com Date 2014-04-14 10:17:20 -0700 (Mon, 14 Apr 2014) Log Message Update test result Modified Paths trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNondeterministic.cpp Diff Modified: trunk/Source/WebCore/ChangeLog (167250 => 167251) --- trunk/Source/WebCore/ChangeLog 2014-04-14 16:31:43 UTC (rev 167250) +++ trunk/Source/WebCore/ChangeLog 2014-04-14 17:17:20 UTC (rev 167251) @@ -1,3 +1,10 @@ +2014-04-14 Oliver Hunt oli...@apple.com + +Update test result + +* bindings/scripts/test/JS/JSTestNondeterministic.cpp: +(WebCore::JSTestNondeterministicConstructor::finishCreation): + 2014-04-14 Dirk Schulze k...@webkit.org Optimize Canvas fill and drawImage with SourceIn, DestinationIn, SourceOut, and DestinationAtop using transparencyLayer. Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNondeterministic.cpp (167250 => 167251) --- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNondeterministic.cpp 2014-04-14 16:31:43 UTC (rev 167250) +++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNondeterministic.cpp 2014-04-14 17:17:20 UTC (rev 167251) @@ -64,7 +64,7 @@ { Base::finishCreation(vm); ASSERT(inherits(info())); -putDirect(vm, vm.propertyNames-prototype, JSTestNondeterministicPrototype::self(vm, globalObject), DontDelete | ReadOnly); +putDirectPrototypeProperty(vm, JSTestNondeterministicPrototype::self(vm, globalObject), DontDelete | ReadOnly); putDirect(vm, vm.propertyNames-length, jsNumber(0), ReadOnly | DontDelete | DontEnum); } ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [167272] trunk
Title: [167272] trunk Revision 167272 Author oli...@apple.com Date 2014-04-14 15:05:44 -0700 (Mon, 14 Apr 2014) Log Message Function.bind itself is too slow https://bugs.webkit.org/show_bug.cgi?id=131636 Reviewed by Geoffrey Garen. Source/_javascript_Core: Rather than forcing creation of an activation, we now store bound function properties directly on the returned closure. This is necessary to deal with code that creates many function bindings, but does not call them very often. This is a 60% speed up in the included js/regress test. * builtins/BuiltinExecutables.cpp: (JSC::BuiltinExecutables::createBuiltinExecutable): * builtins/Function.prototype.js: (bind.bindingFunction): (bind.else.switch.case.1.bindingFunction.bindingFunction.bindingFunction.boundOversizedCallThunk): (bind.else.switch.case.1.bindingFunction): (bind.else.switch.case.2.bindingFunction.bindingFunction.bindingFunction.boundOversizedCallThunk): (bind.else.switch.case.2.bindingFunction): (bind.else.switch.case.3.bindingFunction.bindingFunction.bindingFunction.boundOversizedCallThunk): (bind.else.switch.case.3.bindingFunction): (bind.else.switch.bindingFunction): (bind): (bind.else.switch.case.1.bindingFunction.oversizedCall): Deleted. (bind.else.switch.case.2.bindingFunction.oversizedCall): Deleted. (bind.else.switch.case.3.bindingFunction.oversizedCall): Deleted. * runtime/CommonIdentifiers.h: LayoutTests: New test, and fix bogus log in old one * js/regress/function-bind-create-expected.html: Added. * js/regress/function-bind-create.html: Added. * js/regress/script-tests/function-bind-create.js: Added. (test): * js/regress/script-tests/function-bind.js: Modified Paths trunk/LayoutTests/ChangeLog trunk/LayoutTests/js/regress/script-tests/function-bind.js trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/builtins/Function.prototype.js trunk/Source/_javascript_Core/runtime/CommonIdentifiers.h Added Paths trunk/LayoutTests/js/regress/function-bind-create-expected.html trunk/LayoutTests/js/regress/function-bind-create.html trunk/LayoutTests/js/regress/script-tests/function-bind-create.js Diff Modified: trunk/LayoutTests/ChangeLog (167271 => 167272) --- trunk/LayoutTests/ChangeLog 2014-04-14 21:51:17 UTC (rev 167271) +++ trunk/LayoutTests/ChangeLog 2014-04-14 22:05:44 UTC (rev 167272) @@ -1,3 +1,18 @@ +2014-04-14 Oliver Hunt oli...@apple.com + +Function.bind itself is too slow +https://bugs.webkit.org/show_bug.cgi?id=131636 + +Reviewed by Geoffrey Garen. + +New test, and fix bogus log in old one + +* js/regress/function-bind-create-expected.html: Added. +* js/regress/function-bind-create.html: Added. +* js/regress/script-tests/function-bind-create.js: Added. +(test): +* js/regress/script-tests/function-bind.js: + 2014-04-14 Brian J. Burg b...@cs.washington.edu Web Replay: memoize fallback time values for document.lastModified Added: trunk/LayoutTests/js/regress/function-bind-create-expected.html (0 => 167272) --- trunk/LayoutTests/js/regress/function-bind-create-expected.html (rev 0) +++ trunk/LayoutTests/js/regress/function-bind-create-expected.html 2014-04-14 22:05:44 UTC (rev 167272) @@ -0,0 +1,10 @@ +JSRegress/function-bind + +On success, you will see a series of PASS messages, followed by TEST COMPLETE. + + +PASS no exception thrown +PASS successfullyParsed is true + +TEST COMPLETE + Added: trunk/LayoutTests/js/regress/function-bind-create.html (0 => 167272) --- trunk/LayoutTests/js/regress/function-bind-create.html (rev 0) +++ trunk/LayoutTests/js/regress/function-bind-create.html 2014-04-14 22:05:44 UTC (rev 167272) @@ -0,0 +1,12 @@ +!DOCTYPE HTML PUBLIC -//IETF//DTD HTML//EN +html +head +script src="" +/head +body +script src="" +script src="" +script src="" +script src="" +/body +/html Added: trunk/LayoutTests/js/regress/script-tests/function-bind-create.js (0 => 167272) --- trunk/LayoutTests/js/regress/script-tests/function-bind-create.js (rev 0) +++ trunk/LayoutTests/js/regress/script-tests/function-bind-create.js 2014-04-14 22:05:44 UTC (rev 167272) @@ -0,0 +1,8 @@ +var count = 0; +function test() { return result ^ (count += 3); } +var result = 0; +for (var i = 0; i 10; i++) + result = result ^ (i * test.bind(1,2)()) + 1; + +if (result != 509992157) +throw Bad result: + result; Modified: trunk/LayoutTests/js/regress/script-tests/function-bind.js (167271 => 167272) --- trunk/LayoutTests/js/regress/script-tests/function-bind.js 2014-04-14 21:51:17 UTC (rev 167271) +++ trunk/LayoutTests/js/regress/script-tests/function-bind.js 2014-04-14 22:05:44 UTC (rev 167272) @@ -6,7 +6,6 @@ var g1 = foo.bind({}, 1); var g2 = foo.bind({}, 1, 2); var g3 = foo.bind({}, 1, 2, 3); -var start = new Date; var result = 0; for (var i = 0; i 10; +
[webkit-changes] [167137] trunk/Source/JavaScriptCore
Title: [167137] trunk/Source/_javascript_Core Revision 167137 Author oli...@apple.com Date 2014-04-11 11:39:22 -0700 (Fri, 11 Apr 2014) Log Message Add BuiltinLog function to make debugging builtins easier https://bugs.webkit.org/show_bug.cgi?id=131550 Reviewed by Andreas Kling. Add a logging function that builtins can use for debugging. * runtime/CommonIdentifiers.h: * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): * runtime/JSGlobalObjectFunctions.cpp: (JSC::globalFuncBuiltinLog): * runtime/JSGlobalObjectFunctions.h: Modified Paths trunk/Source/_javascript_Core/ChangeLog trunk/Source/_javascript_Core/runtime/CommonIdentifiers.h trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.h Diff Modified: trunk/Source/_javascript_Core/ChangeLog (167136 => 167137) --- trunk/Source/_javascript_Core/ChangeLog 2014-04-11 18:23:31 UTC (rev 167136) +++ trunk/Source/_javascript_Core/ChangeLog 2014-04-11 18:39:22 UTC (rev 167137) @@ -1,3 +1,19 @@ +2014-04-11 Oliver Hunt oli...@apple.com + +Add BuiltinLog function to make debugging builtins easier +https://bugs.webkit.org/show_bug.cgi?id=131550 + +Reviewed by Andreas Kling. + +Add a logging function that builtins can use for debugging. + +* runtime/CommonIdentifiers.h: +* runtime/JSGlobalObject.cpp: +(JSC::JSGlobalObject::reset): +* runtime/JSGlobalObjectFunctions.cpp: +(JSC::globalFuncBuiltinLog): +* runtime/JSGlobalObjectFunctions.h: + 2014-04-11 Julien Brianceau jbria...@cisco.com Fix LLInt for sh4 architecture (broken since C stack merge). Modified: trunk/Source/_javascript_Core/runtime/CommonIdentifiers.h (167136 => 167137) --- trunk/Source/_javascript_Core/runtime/CommonIdentifiers.h 2014-04-11 18:23:31 UTC (rev 167136) +++ trunk/Source/_javascript_Core/runtime/CommonIdentifiers.h 2014-04-11 18:39:22 UTC (rev 167137) @@ -225,7 +225,8 @@ macro(boundFunction) \ macro(boundFunctionLength) \ macro(prototypeForHasInstance) \ -macro(SetTypeErrorAccessor) +macro(SetTypeErrorAccessor) \ +macro(BuiltinLog) namespace JSC { Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp (167136 => 167137) --- trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2014-04-11 18:23:31 UTC (rev 167136) +++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2014-04-11 18:39:22 UTC (rev 167137) @@ -451,6 +451,7 @@ } JSFunction* setTypeErrorAccessor = JSFunction::create(vm, this, 2, vm.propertyNames-emptyIdentifier.string(), globalFuncSetTypeErrorAccessor); +JSFunction* builtinLog = JSFunction::create(vm, this, 1, vm.propertyNames-emptyIdentifier.string(), globalFuncBuiltinLog); GlobalPropertyInfo staticGlobals[] = { GlobalPropertyInfo(vm.propertyNames-NaN, jsNaN(), DontEnum | DontDelete | ReadOnly), GlobalPropertyInfo(vm.propertyNames-Infinity, jsNumber(std::numeric_limitsdouble::infinity()), DontEnum | DontDelete | ReadOnly), @@ -458,7 +459,8 @@ GlobalPropertyInfo(vm.propertyNames-undefinedPrivateName, jsUndefined(), DontEnum | DontDelete | ReadOnly), GlobalPropertyInfo(vm.propertyNames-ObjectPrivateName, objectConstructor, DontEnum | DontDelete | ReadOnly), GlobalPropertyInfo(vm.propertyNames-TypeErrorPrivateName, m_typeErrorConstructor.get(), DontEnum | DontDelete | ReadOnly), -GlobalPropertyInfo(vm.propertyNames-SetTypeErrorAccessorPrivateName, setTypeErrorAccessor, DontEnum | DontDelete | ReadOnly) +GlobalPropertyInfo(vm.propertyNames-SetTypeErrorAccessorPrivateName, setTypeErrorAccessor, DontEnum | DontDelete | ReadOnly), +GlobalPropertyInfo(vm.propertyNames-BuiltinLogPrivateName, builtinLog, DontEnum | DontDelete | ReadOnly) }; addStaticGlobals(staticGlobals, WTF_ARRAY_LENGTH(staticGlobals)); Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp (167136 => 167137) --- trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp 2014-04-11 18:23:31 UTC (rev 167136) +++ trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.cpp 2014-04-11 18:39:22 UTC (rev 167137) @@ -821,4 +821,10 @@ return JSValue::encode(jsUndefined()); } +EncodedJSValue JSC_HOST_CALL globalFuncBuiltinLog(ExecState* exec) +{ +dataLog(exec-argument(0).toWTFString(exec), \n); +return JSValue::encode(jsUndefined()); +} + } // namespace JSC Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.h (167136 => 167137) --- trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.h 2014-04-11 18:23:31 UTC (rev 167136) +++ trunk/Source/_javascript_Core/runtime/JSGlobalObjectFunctions.h 2014-04-11 18:39:22 UTC (rev 167137) @@ -52,6 +52,7 @@ EncodedJSValue JSC_HOST_CALL globalFuncProtoGetter(ExecState*);