Skip to site navigation (Press enter)

[webkit-changes] [280008] trunk

sbarati Fri, 16 Jul 2021 16:40:53 -0700

Title: [280008] trunk

Revision: 280008
Author: sbar...@apple.com
Date: 2021-07-16 16:40:00 -0700 (Fri, 16 Jul 2021)

Log Message

Grab the lock in FTL::Thunks::keyForSlowPathCallThunk
https://bugs.webkit.org/show_bug.cgi?id=227988
<rdar://problem/80627901>


Reviewed by Mark Lam.

JSTests:

* stress/thunks-hash-map-should-grab-lock.js: Added.

Source/_javascript_Core:

Both FTL::Thunks::keyForSlowPathCallThunk and FTL::Thunks::getSlowPathCallThunk
both touch the thunks hash map. In r278030, when I added the lock, I grabbed it
in getSlowPathCallThunk, but forgot to also grab it in keyForSlowPathCallThunk.

* ftl/FTLThunks.h:
(JSC::FTL::Thunks::keyForSlowPathCallThunk):

Modified Paths

trunk/JSTests/ChangeLog
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/ftl/FTLThunks.h

Added Paths

trunk/JSTests/stress/thunks-hash-map-should-grab-lock.js

Diff

Modified: trunk/JSTests/ChangeLog (280007 => 280008)


--- trunk/JSTests/ChangeLog	2021-07-16 23:23:44 UTC (rev 280007)
+++ trunk/JSTests/ChangeLog	2021-07-16 23:40:00 UTC (rev 280008)
@@ -1,3 +1,13 @@
+2021-07-16  Saam Barati  <sbar...@apple.com>
+
+        Grab the lock in FTL::Thunks::keyForSlowPathCallThunk
+        https://bugs.webkit.org/show_bug.cgi?id=227988
+        <rdar://problem/80627901>
+
+        Reviewed by Mark Lam.
+
+        * stress/thunks-hash-map-should-grab-lock.js: Added.
+
 2021-07-16  Yusuke Suzuki  <ysuz...@apple.com>
 
         [JSC] RegExp::dumpToStream must not ref Strings since it is called concurrently

Added: trunk/JSTests/stress/thunks-hash-map-should-grab-lock.js (0 => 280008)


--- trunk/JSTests/stress/thunks-hash-map-should-grab-lock.js	                        (rev 0)
+++ trunk/JSTests/stress/thunks-hash-map-should-grab-lock.js	2021-07-16 23:40:00 UTC (rev 280008)
@@ -0,0 +1,481 @@
+function main() {
+    const v4 = [5330.006088804686];
+    const v5 = [-1809859085,-1809859085,-1809859085];
+    const v6 = [noInline,5330.006088804686,-1809859085,noInline,noInline,noInline,v4];
+    const v7 = {};
+    const v8 = v7.__proto__;
+    function v9(v10,v11,v12) {
+        const v13 = 1;
+    }
+    function v14(v15,v16,v17,v18) {
+        function v19(v20,v21,v22) {
+            const v23 = isConcatSpreadable;
+        }
+        const v24 = v9 | v16;
+        switch (v18) {
+            default:
+                const v25 = 0;
+                const v26 = 2;
+                const v27 = 1;
+                const v30 = {constructor:5330.006088804686,e:Int16Array,length:-1000.0};
+                const v36 = [64562.579056559596,64562.579056559596,64562.579056559596];
+                const v38 = [1000000000000.0,1000000000000.0];
+                const v39 = [1.7976931348623157e+308,1.7976931348623157e+308,1.7976931348623157e+308];
+                const v40 = [-2147483649,-2147483649,-2147483649];
+                const v41 = [Symbol,"symbol",-2147483649,v39];
+                function v42(v43,v44) {
+                    function v45(v46,v47) {
+                    }
+                    const v48 = 0;
+                    let v49 = -449638095;
+                    const v56 = [1098305835,1098305835,1098305835];
+                    const v57 = [3.0,v56,Uint8Array,100,v36,3.0,v40,1098305835,"f8bvzbzCeL"];
+                    for (let v60 = 0; v60 < 7; v60++) {
+                        v49 *= "symbol";
+                    }
+                    const v61 = 65537;
+                    const v62 = 100;
+                }
+                const v67 = [-1000000.0,-1000000.0];
+                const v68 = [3];
+                const v69 = [placeholder,"EPSILON",3,3,3,"EPSILON",v68,-1000000.0,-1000000.0,v67];
+                const v70 = {a:-1000000.0,c:v67,constructor:3,length:3,toString:placeholder};
+                const v71 = {b:"EPSILON",constructor:v70,toString:placeholder,valueOf:v70};
+                function v72(v73,v74,v75) {
+                    return v74;
+                    return "EPSILON";
+                }
+                function v77(v78,...v79) {
+                    "9007199254740991".toString = v78;
+                }
+                function v80(v81,v82,v83) {
+                    const v85 = Object();
+                    const v86 = Object;
+                }
+                function v87(v88,v89) {
+                    const v92 = [-9007199254740993,-9007199254740993,-9007199254740993,Reflect];
+                }
+                function v93(v94,v95,v96,v97) {
+                    v95 *= -1000000.0;
+                    const v99 = Math.sinh(v87);
+                    const v100 = v96[-9007199254740993];
+                    const v101 = v99 in v69;
+                    const v104 = [2147483648,2147483648];
+                    let v107 = Array(1);
+                    const v113 = ["symbol"];
+                    const v114 = [Proxy,v113,Uint16Array,3905494558,v113,"65536",v107,3,v113,v104];
+                    "9007199254740991".c = Proxy;
+                    const v118 = [328474.42085578316];
+                    const v119 = [1073741824,1073741824,1073741824];
+                    const v120 = [v118,1073741824,v118,v119,edenGC,v118];
+                    v107 |= v119;
+                    let v121 = 0;
+                    const v122 = 7;
+                    v120[-628655074] = v67;
+                    const v123 = v121++;
+                }
+                const v124 = v87 ** v80;
+                const v126 = Math.cos("EPSILON");
+                let v127 = 0;
+                for (let v130 = v127; v130 < 100; v130++) {
+                    const v132 = new ArrayBuffer(1);
+                    const v133 = v93(v69,v69,v132,-1000000.0);
+                }
+                while (v127 < v127) {
+                    const v134 = v69.__proto__;
+                    const v139 = [-728330.3265197863];
+                    const v140 = [1429225192,1429225192,1429225192,1429225192,1429225192];
+                    const v141 = [-728330.3265197863,"arguments"];
+                    const v142 = {__proto__:SyntaxError,a:-728330.3265197863,b:1429225192,c:-728330.3265197863,e:v141,length:v139};
+                    function v143(v144,v145,v146) {
+                        const v148 = [-2.2250738585072014e-308,-2.2250738585072014e-308];
+                        const v150 = -Infinity;
+                        const v151 = [v150,v150,v150,v150];
+                        const v152 = [-4096,-4096,-4096,-4096,-4096];
+                        const v153 = {constructor:v152,d:v151,e:-4096,toString:v152};
+                    }
+                    function v154(v155,v156,v157) {
+                        const v159 = [-4.0];
+                    }
+                    function v160(v161,v162,v163,v164) {
+                        const v165 = {...-728330.3265197863};
+                        const v166 = Object;
+                        const v170 = [Reflect,-9007199254740993,"symbol"];
+                        function v171(v172,v173) {
+                            const v174 = "symbol"();
+                        }
+                        const v176 = {b:v170,e:Object,m:Object,p:Object};
+                        function v177(v178) {
+                        }
+                        function v179(v180,v181) {
+                            v177 = v180;
+                        }
+                        const v183 = Promise(v179);
+                        const v184 = Math;
+                        let v185 = 0;
+                        const v186 = 6;
+                        const v188 = Symbol.isConcatSpreadable;
+                        const v193 = [WeakSet,1000000000000.0,1000000000000.0,1000000000000.0,1000000000000.0];
+                        const v194 = [v143];
+                        let v195 = ["8bBjE0UXWG",-1371564362,"8bBjE0UXWG",-1371564362,1000000000000.0];
+                        const v196 = {__proto__:1000000000000.0,a:-1371564362,constructor:-1371564362,d:v194,length:-1371564362,toString:v194,valueOf:WeakSet};
+                        const v197 = `
+                    if (v193) {
+                        v195 = v194;
+                    } else {
+                    }
+                    v196;
+                `;
+                        const v199 = eval(v197);
+                        const v200 = v185++;
+                    }
+                    const v202 = [-992573.80551079,-992573.80551079,-992573.80551079,-992573.80551079,-992573.80551079];
+                    function v203(v204,v205,v206,v207) {
+                        const v208 = 2152590594;
+                    }
+                    for (let v212 = 0; v212 < 100; v212++) {
+                        const v213 = {a:v202,d:v212,valueOf:v203,n:v143};
+                        const v216 = v160(v141,v213,true,1n);
+                    }
+                    const v218 = Object();
+                    const v219 = {a:v140,d:-728330.3265197863,m:v154,n:Object};
+                    for (let v225 = 0; v225 < 100; v225++) {
+                        const v226 = v160(v202,v219,false,127n);
+                    }
+                    const v227 = v127++;
+                }
+                const v229 = new ArrayBuffer(3);
+                const v230 = v93(v68,v67,v229,-1000000.0);
+                const v231 = 0;
+                const v232 = 100;
+                const v233 = 1;
+                const v234 = v229.slice(3,3);
+                const v236 = [-978743.409124711,-978743.409124711,-978743.409124711,-978743.409124711];
+                const v237 = -2941233314;
+                function v238(v239,v240,v241,v242) {
+                    const v243 = Object;
+                }
+                const v245 = Object();
+                const v246 = 0;
+                const v248 = Object();
+                function v253(v254,v255,v256,v257,v258) {
+                }
+                const v262 = [Reflect,-9007199254740993,"symbol"];
+                const v263 = 0;
+                const v264 = 4;
+                function v265(v266,v267) {
+                }
+                const v268 = Object;
+                function v269(v270,v271,v272,v273) {
+                    let v274 = -9007199254740993;
+                    function v275(v276,v277) {
+                    }
+                    for (let v281 = 0; v281 < 100; v281++) {
+                        const v282 = undefined;
+                        v274 = Object;
+                        const v283 = Object;
+                        const v284 = 128;
+                    }
+                }
+                const v285 = [..."function",v253,Object,...v262,Reflect,-9007199254740993,v269];
+                const v286 = Object();
+                const v289 = [-930287.9353503535,-930287.9353503535];
+                const v291 = v289["sort"](gc);
+                function v292() {
+                }
+                function v294(v295,v296,v297) {
+                }
+                function v298(v299,v300) {
+                    const v301 = Object;
+                }
+                for (let v305 = 0; v305 < 100; v305++) {
+                    const v306 = {c:"symbol",n:v298,p:v42};
+                    const v307 = class V307 extends v298 {
+                        constructor(v309,v310,v311) {
+                        }
+                        setInt32(v313,v314,v315) {
+                        }
+                    };
+                    const v316 = typeof Symbol;
+                    const v320 = [-2147483649,5,36389,36389,5];
+                    const v321 = [5,v294,5,WeakMap,WeakMap,"symbol",v320,WeakMap,v320];
+                    const v323 = v316 == "bigint";
+                    const v324 = 492553152;
+                    function v326(v327) {
+                        const v332 = [-850362.9275343849,-850362.9275343849,-850362.9275343849,-850362.9275343849];
+                        const v333 = [3394849528,3394849528,3394849528,3394849528,3394849528];
+                        const v334 = [NaN,-850362.9275343849,NaN,3394849528,-850362.9275343849,v332,3394849528,"symbol","symbol"];
+                        const v335 = {a:3394849528,constructor:v333,d:3394849528,e:-850362.9275343849,valueOf:NaN};
+                        function v336(v337,v338) {
+                            const v339 = 0;
+                            const v340 = 4;
+                            const v341 = 1;
+                        }
+                        function v342(v343,v344,v345,v346) {
+                            v345 &= v336;
+                        }
+                        const v351 = [2.220446049250313e-16,2.220446049250313e-16];
+                        const v352 = [v351,2.220446049250313e-16,v351,v351,2.220446049250313e-16,2.220446049250313e-16];
+                        const v353 = {a:eval,d:v351,length:"K5TBuZfx37",valueOf:v352};
+                        for (const v354 in v353) {
+                        }
+                        const v355 = -1473930017;
+                        const v357 = [-943008.3478723817,-943008.3478723817,-943008.3478723817,-943008.3478723817,-943008.3478723817];
+                        const v358 = EvalError;
+                        for (let v362 = 0; v362 < 100; v362++) {
+                        }
+                        function v363(v364,v365,v366) {
+                        }
+                        const v368 = new Uint32Array(128);
+                        const v369 = 0;
+                        const v370 = 100;
+                        const v371 = 1;
+                        const v372 = 0;
+                        const v377 = [709290.2011916025,709290.2011916025,709290.2011916025];
+                        const v378 = [8];
+                        const v379 = [v377,v378,"function",709290.2011916025,8,v377,8,v378,8,"function"];
+                        const v381 = RegExp["bind"](v379);
+                        const v382 = "number";
+                        function v383(v384,v385,v386,v387,v388) {
+                        }
+                        const v389 = RegExp(128);
+                        const v391 = [-712307.0609914319];
+                        try {
+                        } catch(v392) {
+                            function v395(v396,v397,v398) {
+                            }
+                            function v399(v400,v401,v402,v403,v404) {
+                            }
+                            const v405 = {b:v399,c:"number",n:v399,p:v395};
+                            const v406 = v405 << 10;
+                            const v408 = new Object();
+                            v408.constructor = v406;
+                        } finally {
+                        }
+                        const v409 = Object;
+                        const v410 = WeakMap;
+                        const v411 = new v381();
+                        const v412 = undefined;
+                    }
+                    function v413(v414,v415,v416,v417) {
+                        const v422 = -Infinity;
+                        const v423 = [-3035.408685595263,v422,v417,v417];
+                        const v424 = [-128,-128,-128,-128,-128];
+                        const v425 = [v424,v38,-3035.408685595263,"U8Al4eAS9M",-128,v423,Symbol,v424,v422];
+                        const v426 = {__proto__:v320,a:v321,c:v422,constructor:v425,e:v425,valueOf:OSRExit};
+                        const v427 = Math.ceil(v417);
+                    }
+                    const v429 = -341399.99040002376;
+                    const v430 = [];
+                    const v432 = v413(1634412225n,0,1634412225n,228881.63549994724);
+                }
+                for (let v436 = 0; v436 < 100; v436++) {
+                    const v438 = [128];
+                    const v440 = [-5.0,-5.0];
+                    function v441(v442,v443,v444,v445,v446) {
+                        const v448 = [128,128,128,128];
+                        const v449 = Object;
+                        function v450(v451,v452,v453,v454) {
+                            return v452;
+                            const v455 = Symbol;
+                        }
+                    }
+                    const v456 = {__proto__:"symbol",b:v440,m:v441};
+                }
+                const v457 = Object;
+                break;
+            case v8:
+        }
+    }
+    const v461 = [NaN,2.2250738585072014e-308];
+    const v463 = new Object();
+    const v466 = [1000.0,1000.0,1000.0,1000.0];
+    const v467 = [257,257,257,257,257];
+    function v468(v469,v470,v471,v472,v473) {
+        const v474 = Object;
+        const v482 = [1000.0];
+        const v483 = [2147483648,2147483648,2147483648];
+        const v484 = [v466,2147483648,1000.0,"unscopable","unscopable",v482,2147483648];
+        const v485 = {__proto__:2147483648,c:v484,d:v484,e:RegExp,length:v483};
+        function v486(v487,v488,v489,v490) {
+            const v492 = {get:v486,set:v468};
+            const v494 = Object.defineProperty(v485,-553341319,v492);
+        }
+        const v496 = [5.0,5.0,5.0,5.0,5.0];
+        const v497 = [-3079145285,-3079145285,-3079145285,-3079145285,-3079145285];
+        const v498 = [v496,v497,TypeError,"waWCvAkoS4",-3079145285,-3079145285,-3079145285,v496];
+        const v499 = {c:v498,e:v497,valueOf:v496};
+        const v502 = [3261140219,3261140219,3261140219,3261140219];
+        const v503 = [ReferenceError,v502,3261140219,ReferenceError,v502];
+        function v504(v505,v506) {
+            const v508 = 0.0;
+            const v509 = [536870912,536870912,536870912];
+            const v510 = 0;
+            const v511 = 100;
+            const v512 = 1;
+            const v513 = 0;
+        }
+        function v514(v515,v516,v517,v518,v519) {
+        }
+        const v520 = {a:v514,c:v504,n:v514,o:v514};
+        const v521 = Object;
+        function v522(v523,v524,v525,v526) {
+            const v529 = [-188231.08097627666,-188231.08097627666,-188231.08097627666,-188231.08097627666,-188231.08097627666];
+            const v530 = [128,128,128,128];
+            const v531 = [128];
+            function v532(v533,v534,v535) {
+            }
+            function v537(v538,v539,v540) {
+            }
+            function v541(v542) {
+            }
+            function v543(v544,v545,v546,v547) {
+            }
+            const v550 = {a:v530,d:v529,n:v532,o:v543};
+            const v551 = {d:v529,e:0,n:Object,p:v541};
+            const v552 = {a:1,c:v551,m:v541,n:v537};
+            const v553 = v543(v550,v530,v552,v531);
+        }
+        const v556 = [2957591721,65537,65537];
+        const v557 = 0;
+        const v558 = 100;
+        const v559 = 1;
+        const v560 = 0;
+        const v561 = 100;
+        const v562 = 1;
+        let v563 = 0;
+        const v564 = 9;
+        const v565 = v563++;
+        const v567 = Object();
+        const v568 = v522(v503,v567,v497,"waWCvAkoS4");
+        const v570 = {a:v498,b:true,m:v504,n:v514};
+        const v571 = {b:true,c:v520,m:v522,n:ReferenceError};
+        const v572 = {e:v499,m:v522,p:v522};
+        const v573 = 1000000000.0;
+        const v574 = Object;
+        const v575 = Array;
+        const v576 = 2310230861;
+        const v577 = noInline;
+        const v578 = undefined;
+        const v579 = undefined;
+        const v580 = Object;
+        const v581 = 0.0;
+        const v582 = undefined;
+        const v583 = undefined;
+        const v584 = 9;
+        const v586 = 255;
+        function v587(v588,v589,v590,v591,v592) {
+        }
+        const v593 = [-643716.8376327635,-643716.8376327635];
+        const v594 = [v593,-643716.8376327635];
+        function v595(v596,v597,v598,v599) {
+        }
+        const v600 = 17007;
+        function v602() {
+        }
+        const v603 = Symbol;
+        const v607 = [278107.52108750446,278107.52108750446];
+        const v608 = [2957591721,3,3,3];
+        const v609 = [v496,"global"];
+        const v610 = {__proto__:v607,a:v609,b:3,c:v608,e:v556,length:v609};
+        function v611(v612,v613,v614,v615) {
+        }
+        const v616 = {o:v595};
+        const v617 = {c:v594,e:v616,m:v587,p:Array};
+        const v618 = {d:-643716.8376327635,e:v616,o:v602,p:v611};
+        const v619 = 0;
+        const v620 = 0;
+        const v621 = 100;
+        const v622 = 1;
+        const v626 = [-2.0];
+        const v627 = [-4001868469,-4001868469,-4001868469];
+        const v628 = [-4001868469,v627,-4001868469,v626,Int32Array,v627,Int32Array,v626,v626];
+        const v629 = Object;
+        const v633 = [Reflect,-9007199254740993,"symbol"];
+        const v634 = Object;
+        const v635 = 0;
+        const v636 = 100;
+        const v637 = 1;
+        const v641 = [9007199254740992,9007199254740992,9007199254740992,9007199254740992];
+        function v642(v643,v644) {
+        }
+        function v646() {
+        }
+        function v647(v648,v649,v650) {
+        }
+        function v651(v652,v653,v654,v655) {
+        }
+        function v656(v657,v658,v659,v660) {
+        }
+        let v661 = 0;
+        const v662 = 100;
+        const v663 = 1;
+        const v664 = 0;
+        const v665 = 100;
+        const v666 = 1;
+        const v668 = Object();
+        const v669 = +Object;
+        const v670 = {b:v669,d:2.220446049250313e-16,o:Object,p:Object};
+        const v671 = {a:v670,m:v647,o:v646};
+        const v673 = v656(v671,true,"MAX_VALUE",2.220446049250313e-16);
+        const v675 = {b:v642,d:v646,n:v647};
+        const v676 = v651(-4294967295n,v675,v641,"MAX_VALUE");
+        const v677 = 0;
+        const v678 = 100;
+        const v680 = [1000.0,2.2250738585072014e-308,278107.52108750446];
+        const v681 = undefined;
+        const v682 = undefined;
+        const v683 = 2;
+        const v684 = v661++;
+        const v685 = v651(-4294967295n,v675,v641,"MAX_VALUE");
+        const v686 = v656(v671,true,"MAX_VALUE",2.220446049250313e-16);
+        const v687 = Object;
+        const v688 = Object;
+        const v689 = v628.length;
+        const v690 = 2764779354;
+        const v692 = 734069.8122223162;
+        function v693(v694,v695) {
+        }
+        function v696(v697) {
+        }
+        const v699 = Object();
+        const v700 = 0;
+        const v703 = Object();
+        const v705 = Object();
+        const v706 = {c:v705,e:Object,p:Object};
+        const v707 = undefined;
+        const v708 = undefined;
+        const v709 = {d:v696,e:Object,n:fiatInt52,o:fiatInt52};
+        const v710 = {b:100,c:v709,o:fiatInt52};
+        const v711 = {c:v709,e:Object,p:v693};
+        const v712 = 0;
+        const v716 = [1000000000000.0,1000000000000.0,1000000000000.0,1000000000000.0,1000000000000.0];
+        const v717 = [Promise,1000000000000.0,"symbol",Promise,1000000000000.0,v716];
+        const v718 = v717.toLocaleString;
+        function* v719(v720,v721,v722,v723) {
+        }
+        const v725 = [0.0,0.0];
+    }
+    const v726 = Object;
+    const v728 = Object();
+    const v729 = 0;
+    const v730 = 100;
+    const v731 = 1;
+    function v732(v733,v734) {
+    }
+    const v736 = new Promise(v732);
+    const v737 = v468(1000.0,v467,Promise,v736,v728);
+    v463.c = v461;
+    const v739 = {a:NaN,e:2147483647n,m:v14,n:v9};
+    const v740 = v14(v739,v5,v5,v461);
+    const v741 = undefined;
+    const v743 = [0,v14];
+    const v744 = "QfGwvs3aEk".replaceAll;
+    const v745 = Reflect.apply(v744,v6,v743);
+    gc();
+}
+noDFG(main);
+noFTL(main);
+try {
+main();
+} catch { }

Modified: trunk/Source/_javascript_Core/ChangeLog (280007 => 280008)


--- trunk/Source/_javascript_Core/ChangeLog	2021-07-16 23:23:44 UTC (rev 280007)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-07-16 23:40:00 UTC (rev 280008)
@@ -1,3 +1,18 @@
+2021-07-16  Saam Barati  <sbar...@apple.com>
+
+        Grab the lock in FTL::Thunks::keyForSlowPathCallThunk
+        https://bugs.webkit.org/show_bug.cgi?id=227988
+        <rdar://problem/80627901>
+
+        Reviewed by Mark Lam.
+
+        Both FTL::Thunks::keyForSlowPathCallThunk and FTL::Thunks::getSlowPathCallThunk
+        both touch the thunks hash map. In r278030, when I added the lock, I grabbed it
+        in getSlowPathCallThunk, but forgot to also grab it in keyForSlowPathCallThunk.
+
+        * ftl/FTLThunks.h:
+        (JSC::FTL::Thunks::keyForSlowPathCallThunk):
+
 2021-07-16  Commit Queue  <commit-qu...@webkit.org>
 
         Unreviewed, reverting r279916.

Modified: trunk/Source/_javascript_Core/ftl/FTLThunks.h (280007 => 280008)


--- trunk/Source/_javascript_Core/ftl/FTLThunks.h	2021-07-16 23:23:44 UTC (rev 280007)
+++ trunk/Source/_javascript_Core/ftl/FTLThunks.h	2021-07-16 23:40:00 UTC (rev 280008)
@@ -87,6 +87,7 @@
 
     SlowPathCallKey keyForSlowPathCallThunk(MacroAssemblerCodePtr<JITThunkPtrTag> ptr)
     {
+        Locker locker { m_lock };
         return keyForThunk(m_slowPathCallThunks, ptr);
     }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes