Branch: refs/heads/safari-7618.2.12.10-branch
Home: https://github.com/WebKit/WebKit
Commit: 046928bac9d7aa004a9af53164688e5550ae82ab
https://github.com/WebKit/WebKit/commit/046928bac9d7aa004a9af53164688e5550ae82ab
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-15 (Mon, 15 Apr 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7618.2.12.10.1
Canonical link: https://commits.webkit.org/272448.932@safari-7618.2.12.10-branch
Commit: 6ae709749b2c728199debc3960ca61643c11ea0e
https://github.com/WebKit/WebKit/commit/6ae709749b2c728199debc3960ca61643c11ea0e
Author: Per Arne Vollan <pvol...@apple.com>
Date: 2024-04-16 (Tue, 16 Apr 2024)
Changed paths:
M Source/WebKit/Platform/cocoa/XPCUtilities.h
M Source/WebKit/Platform/cocoa/XPCUtilities.mm
M Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm
M Source/WebKit/Shared/Cocoa/XPCEndpoint.mm
M
Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm
Log Message:
-----------
Cherry-pick 3c2c899f692d. rdar://126479653
WebKit process termination with xpc_connection_kill does not always work
https://bugs.webkit.org/show_bug.cgi?id=272669
rdar://126479653
Reviewed by Chris Dumez.
WebKit process termination with xpc_connection_kill does not always work.
We are currently seeing flaky
termination behavior on macOS, where the child processes are not always
terminated successfully.
Additionally, on iOS, the XPC connection has become anonymous due to
migration to extensions for WebKit
processes, and xpc_connection_kill does not support anonymous connections.
This patch addresses this
issue by creating and sending a XPC message to the child process to request
termination. This has a
high chance of success, since we know that the XPC connection termination
watchdog is holding a
background assertion on the process, so it is not suspended. Additionally,
the XPC message is being
handled on the XPC event handler thread, which is handling very few
messages, so it is very unlikely
that it is blocked and cannot handle the message. This gives the process a
chance to exit cleanly and
send a reply back. If the UI process does not receive the expected reply,
it will try calling
xpc_connection_kill.
* Source/WebKit/Platform/cocoa/XPCUtilities.h:
* Source/WebKit/Platform/cocoa/XPCUtilities.mm:
(WebKit::terminateWithReason):
(WebKit::handleXPCExitMessage):
* Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm:
(WebKit::AuthenticationManager::initializeConnection):
* Source/WebKit/Shared/Cocoa/XPCEndpoint.mm:
(WebKit::XPCEndpoint::XPCEndpoint):
*
Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm:
(WebKit::XPCServiceEventHandler):
Canonical link: https://commits.webkit.org/277509@main
Commit: 168c94dfb25f58854fa356cc2353fd0383d0cec7
https://github.com/WebKit/WebKit/commit/168c94dfb25f58854fa356cc2353fd0383d0cec7
Author: Chris Dumez <cdu...@apple.com>
Date: 2024-04-16 (Tue, 16 Apr 2024)
Changed paths:
M Source/WebKit/Shared/AuxiliaryProcess.h
M Source/WebKit/Shared/AuxiliaryProcess.messages.in
M Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm
M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h
M Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm
Log Message:
-----------
Cherry-pick d6540a38e780. rdar://126492909
Regression(277427@main) Crash under
AuxiliaryProcessProxy::notifyPreferencesChanged()
https://bugs.webkit.org/show_bug.cgi?id=272695
rdar://126492909
Reviewed by Per Arne Vollan.
We were using a HashMap to store preferences whose key was a
std::pair<String, String>.
The first String was the domain and the second the preference name.
However, for global
preferences, the domain is null, causing a crash when hashing the key.
To address an issue, we now store global preferences in a separate HashMap.
* Source/WebKit/Shared/AuxiliaryProcess.h:
* Source/WebKit/Shared/AuxiliaryProcess.messages.in:
* Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm:
(WebKit::AuxiliaryProcess::preferencesDidUpdate):
* Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:
(WebKit::AuxiliaryProcessProxy::didChangeThrottleState):
* Source/WebKit/UIProcess/AuxiliaryProcessProxy.h:
* Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm:
(WebKit::AuxiliaryProcessProxy::notifyPreferencesChanged):
Canonical link: https://commits.webkit.org/277514@main
Commit: a5376aab1bd33d7ed445439cbc63eb4ba7862417
https://github.com/WebKit/WebKit/commit/a5376aab1bd33d7ed445439cbc63eb4ba7862417
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-16 (Tue, 16 Apr 2024)
Changed paths:
M Source/WebKit/Platform/cocoa/XPCUtilities.h
M Source/WebKit/Platform/cocoa/XPCUtilities.mm
M Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm
M Source/WebKit/Shared/Cocoa/XPCEndpoint.mm
M
Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm
Log Message:
-----------
Revert "WebKit process termination with xpc_connection_kill does not always
work"
This reverts commit 3c2c899f692d5278142b9c476868672da9ae8e04.
Commit: 2443ef894bf319d9b4e41943a904c5a0c85fcf6d
https://github.com/WebKit/WebKit/commit/2443ef894bf319d9b4e41943a904c5a0c85fcf6d
Author: Dan Robson <dtr_bugzi...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7618.2.12.10.2
Canonical link: https://commits.webkit.org/272448.936@safari-7618.2.12.10-branch
Commit: 68075b6641fcaa3e62e8d748848b015781d19707
https://github.com/WebKit/WebKit/commit/68075b6641fcaa3e62e8d748848b015781d19707
Author: Yijia Huang <yijia_hu...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/runtime/CachedTypes.cpp
A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp
R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in
M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/WTF/wtf/spi/darwin/dyldSPI.h
Log Message:
-----------
Cherry-pick eff5765b8477. rdar://126195542
[JSC] Use JavaScriptCore framework dyld UUID for computing bytecode cache
version
https://bugs.webkit.org/show_bug.cgi?id=272660
rdar://126195542
Reviewed by Yusuke Suzuki.
Previously, we used the JSCBuiltins.o, CachedTypes.o, and project source
version
number for computing JSC bytecode cache version. That may not strong enough
to reject a stale bytecode cache. This patch utilizes
JavaScriptCore.framework’s
UUID to compute the bytecode cache hash version for Darwin OSes and uses
__TIMESTAMP__ for the others.
* Source/JavaScriptCore/CMakeLists.txt:
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/runtime/CachedTypes.cpp:
(JSC::GenericCacheEntry::GenericCacheEntry):
(JSC::GenericCacheEntry::isUpToDate const):
* Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp: Added.
(JSC::computeJSCBytecodeCacheVersion):
* Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in: Removed.
* Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h:
Canonical link: https://commits.webkit.org/277548@main
Canonical link: https://commits.webkit.org/272448.937@safari-7618.2.12.10-branch
Commit: 6c3336bce26e169ed0afd222684eddc7e2269cf0
https://github.com/WebKit/WebKit/commit/6c3336bce26e169ed0afd222684eddc7e2269cf0
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/runtime/CachedTypes.cpp
R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp
A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in
M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/WTF/wtf/spi/darwin/dyldSPI.h
Log Message:
-----------
Revert rdar://126195542
* Source/JavaScriptCore/CMakeLists.txt:
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/runtime/CachedTypes.cpp:
(JSC::GenericCacheEntry::GenericCacheEntry):
(JSC::GenericCacheEntry::isUpToDate const):
* Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp: Removed.
* Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in: Added.
* Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h:
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:
* Source/WTF/wtf/spi/darwin/dyldSPI.h:
Commit: 9f8097dee3c36547a878d378b6303e2129dfd44b
https://github.com/WebKit/WebKit/commit/9f8097dee3c36547a878d378b6303e2129dfd44b
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/bytecode/ExpressionInfo.h
M Source/JavaScriptCore/runtime/CachedTypes.cpp
M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h
A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp
R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in
M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/WTF/wtf/spi/darwin/dyldSPI.h
Log Message:
-----------
Apply patch. rdar://126195542
Commit: cf230d9707dfa18e211e166abfc3206d6f268a6f
https://github.com/WebKit/WebKit/commit/cf230d9707dfa18e211e166abfc3206d6f268a6f
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/bytecode/ExpressionInfo.h
M Source/JavaScriptCore/runtime/CachedTypes.cpp
M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h
R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp
A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in
M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/WTF/wtf/spi/darwin/dyldSPI.h
Log Message:
-----------
Revert rdar://126195542
* Source/JavaScriptCore/CMakeLists.txt:
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/bytecode/ExpressionInfo.h:
* Source/JavaScriptCore/runtime/CachedTypes.cpp:
(JSC::GenericCacheEntry::GenericCacheEntry):
(JSC::GenericCacheEntry::isUpToDate const):
* Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h:
* Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp: Removed.
* Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in: Added.
* Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h:
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:
* Source/WTF/wtf/spi/darwin/dyldSPI.h:
Commit: 988bdce50871caf629ad17b03278a7545a1f2a3e
https://github.com/WebKit/WebKit/commit/988bdce50871caf629ad17b03278a7545a1f2a3e
Author: Per Arne Vollan <pvol...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/WebKit/Platform/cocoa/XPCUtilities.mm
Log Message:
-----------
Cherry-pick 1bfeac262aa5. rdar://126479653
Compile fix after <https://commits.webkit.org/277509@main>
https://bugs.webkit.org/show_bug.cgi?id=272824
rdar://126479653
Unreviewed compile fix.
* Source/WebKit/Platform/cocoa/XPCUtilities.mm:
Canonical link: https://commits.webkit.org/277621@main
Commit: a2c0dd0613baee1c2e60a1d2ac8c30e162059510
https://github.com/WebKit/WebKit/commit/a2c0dd0613baee1c2e60a1d2ac8c30e162059510
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/bytecode/ExpressionInfo.h
M Source/JavaScriptCore/runtime/CachedTypes.cpp
M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h
A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp
R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in
M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/WTF/wtf/spi/darwin/dyldSPI.h
Log Message:
-----------
Apply patch. rdar://126195542
Commit: 783ba3a915a9155245ccdce194a73712d3046025
https://github.com/WebKit/WebKit/commit/783ba3a915a9155245ccdce194a73712d3046025
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/WebKit/Platform/cocoa/XPCUtilities.mm
Log Message:
-----------
Revert 988bdce50871
* Source/WebKit/Platform/cocoa/XPCUtilities.mm:
Commit: 8aae01cfbe53d47cd711008dae5bc8f2069f5742
https://github.com/WebKit/WebKit/commit/8aae01cfbe53d47cd711008dae5bc8f2069f5742
Author: Per Arne Vollan <pvol...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/WebKit/Platform/cocoa/XPCUtilities.h
M Source/WebKit/Platform/cocoa/XPCUtilities.mm
M Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm
M Source/WebKit/Shared/Cocoa/XPCEndpoint.mm
M
Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm
Log Message:
-----------
Cherry-pick 3c2c899f692d. rdar://126479653
WebKit process termination with xpc_connection_kill does not always work
https://bugs.webkit.org/show_bug.cgi?id=272669
rdar://126479653
Reviewed by Chris Dumez.
WebKit process termination with xpc_connection_kill does not always work.
We are currently seeing flaky
termination behavior on macOS, where the child processes are not always
terminated successfully.
Additionally, on iOS, the XPC connection has become anonymous due to
migration to extensions for WebKit
processes, and xpc_connection_kill does not support anonymous connections.
This patch addresses this
issue by creating and sending a XPC message to the child process to request
termination. This has a
high chance of success, since we know that the XPC connection termination
watchdog is holding a
background assertion on the process, so it is not suspended. Additionally,
the XPC message is being
handled on the XPC event handler thread, which is handling very few
messages, so it is very unlikely
that it is blocked and cannot handle the message. This gives the process a
chance to exit cleanly and
send a reply back. If the UI process does not receive the expected reply,
it will try calling
xpc_connection_kill.
* Source/WebKit/Platform/cocoa/XPCUtilities.h:
* Source/WebKit/Platform/cocoa/XPCUtilities.mm:
(WebKit::terminateWithReason):
(WebKit::handleXPCExitMessage):
* Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm:
(WebKit::AuthenticationManager::initializeConnection):
* Source/WebKit/Shared/Cocoa/XPCEndpoint.mm:
(WebKit::XPCEndpoint::XPCEndpoint):
*
Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm:
(WebKit::XPCServiceEventHandler):
Canonical link: https://commits.webkit.org/277509@main
Commit: 5e5e258a00fadc90582c564613a0eb3557ebcf3f
https://github.com/WebKit/WebKit/commit/5e5e258a00fadc90582c564613a0eb3557ebcf3f
Author: Per Arne Vollan <pvol...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/WebKit/Platform/cocoa/XPCUtilities.mm
Log Message:
-----------
Cherry-pick 1bfeac262aa5. rdar://126479653
Compile fix after <https://commits.webkit.org/277509@main>
https://bugs.webkit.org/show_bug.cgi?id=272824
rdar://126479653
Unreviewed compile fix.
* Source/WebKit/Platform/cocoa/XPCUtilities.mm:
Canonical link: https://commits.webkit.org/277621@main
Commit: da1cebe5c0b16070d0cd67c62f7044fbd95c3250
https://github.com/WebKit/WebKit/commit/da1cebe5c0b16070d0cd67c62f7044fbd95c3250
Author: Per Arne Vollan <pvol...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/WebKit/Configurations/BaseExtension.xcconfig
M Source/WebKit/WebKit.xcodeproj/project.pbxproj
Log Message:
-----------
Cherry-pick 272448.936@safari-7618-branch (e4b082b5052c). rdar://126637839
Cherry-pick 277628@main (0402a0f80064). rdar://126637918
Change install location of WebKit process extensions
https://bugs.webkit.org/show_bug.cgi?id=268946
rdar://126613034
Reviewed by Jonathan Bedard.
This was previously landed in <https://commits.webkit.org/274425@main>.
This patch addresses
an issue where extensions are not discovered in the new location on
Simulator.
* Source/WebKit/Configurations/BaseExtension.xcconfig:
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
Canonical link: https://commits.webkit.org/277628@main
Canonical link: https://commits.webkit.org/272448.936@safari-7618-branch
Canonical link: https://commits.webkit.org/272448.946@safari-7618.2.12.10-branch
Commit: 9943fcd94ec5ff4b5d8ba2efea75c1acd475dcb0
https://github.com/WebKit/WebKit/commit/9943fcd94ec5ff4b5d8ba2efea75c1acd475dcb0
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/bytecode/ExpressionInfo.h
M Source/JavaScriptCore/runtime/CachedTypes.cpp
M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h
R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp
A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in
M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/WTF/wtf/spi/darwin/dyldSPI.h
Log Message:
-----------
Revert rdar://126195542 (️CrashTracer: amsengagementd at
com.apple.JavaScriptCore: JSC::CodeBlock::finishCreation)
this reverts commit a2c0dd0613baee1c2e60a1d2ac8c30e162059510
* Source/JavaScriptCore/CMakeLists.txt:
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/bytecode/ExpressionInfo.h:
* Source/JavaScriptCore/runtime/CachedTypes.cpp:
(JSC::GenericCacheEntry::GenericCacheEntry):
(JSC::GenericCacheEntry::isUpToDate const):
* Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h:
* Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp: Removed.
* Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in: Added.
* Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h:
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:
* Source/WTF/wtf/spi/darwin/dyldSPI.h:
Commit: c60dc8bf7ca2715a5f33fdaa2e70aba09e4e287b
https://github.com/WebKit/WebKit/commit/c60dc8bf7ca2715a5f33fdaa2e70aba09e4e287b
Author: David Degazio <d_dega...@apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/JavaScriptCore/bytecode/CodeBlock.cpp
M Source/JavaScriptCore/bytecode/MetadataTable.cpp
M Source/JavaScriptCore/bytecode/MetadataTable.h
M Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h
Log Message:
-----------
Cherry-pick 4cac7925aca4. rdar://121747906
[JSC] Mitigate null UnlinkedMetadataTable pointer in CodeBlock destructor
https://bugs.webkit.org/show_bug.cgi?id=272787
rdar://121747906
Reviewed by Yusuke Suzuki.
Attempts to fix a rare bug where the UnlinkedMetadataTable pointer accessed
in the CodeBlock destructor can become null. We think this may be due to a
series of thread-unsafe reference count operations that might allow the
destructor to happen twice, perhaps simultaneously on two threads. This
patch attempts to mitigate this by:
1. Making UnlinkedMetadataTable and MetadataTable thread-safe refcounted.
2. Checking for the presence of a null UnlinkedMetadataTable pointer in the
appropriate functions, and attempting to handle it nonfatally. This
means
we skip updating the didOptimize state in the CodeBlock destructor, and
that we intentionally leak MetadataTables if they have this null
pointer.
* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
* Source/JavaScriptCore/bytecode/MetadataTable.cpp:
(JSC::MetadataTable::destroy):
(JSC::MetadataTable::sizeInBytesForGC):
* Source/JavaScriptCore/bytecode/MetadataTable.h:
(JSC::MetadataTable::forEachValueProfile):
(JSC::MetadataTable::valueProfileForOffset):
(JSC::MetadataTable::deref):
(JSC::MetadataTable::unlinkedMetadata const):
(JSC::MetadataTable::totalSize const):
* Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h:
Canonical link: https://commits.webkit.org/272448.937@safari-7618-branch
Commit: bcea360031f4051515ac914418208f2e274f0ce6
https://github.com/WebKit/WebKit/commit/bcea360031f4051515ac914418208f2e274f0ce6
Author: Chris Dumez <cdu...@apple.com>
Date: 2024-04-18 (Thu, 18 Apr 2024)
Changed paths:
M
Source/WebKit/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFrame.mm
Log Message:
-----------
Cherry-pick 2aaac5377578. rdar://126706870
Add page null check under [WKWebProcessPlugInFrame
_browserContextController]
https://bugs.webkit.org/show_bug.cgi?id=271174
rdar://122276358
Reviewed by Sihui Liu.
Add page null check under [WKWebProcessPlugInFrame
_browserContextController] to address
some crashes in the wild.
*
Source/WebKit/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFrame.mm:
(-[WKWebProcessPlugInFrame _browserContextController]):
Canonical link: https://commits.webkit.org/276318@main
Commit: e9b873d82d80d6fd245788ab17b503113fa08487
https://github.com/WebKit/WebKit/commit/e9b873d82d80d6fd245788ab17b503113fa08487
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-18 (Thu, 18 Apr 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7618.2.12.10.3
Canonical link: https://commits.webkit.org/272448.950@safari-7618.2.12.10-branch
Commit: 15d90771ccc7f91e8cac75c5d82902bd0ed54fec
https://github.com/WebKit/WebKit/commit/15d90771ccc7f91e8cac75c5d82902bd0ed54fec
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-19 (Fri, 19 Apr 2024)
Changed paths:
M
Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm
M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm
M Tools/TestWebKitAPI/Tests/WebKit/OverrideAppleLanguagesPreference.mm
Log Message:
-----------
Apply patch. rdar://126555755
Commit: 3552c37f03f0d8a855ba8505c19d3b0e9782c5ec
https://github.com/WebKit/WebKit/commit/3552c37f03f0d8a855ba8505c19d3b0e9782c5ec
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-19 (Fri, 19 Apr 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7618.2.12.10.4
Canonical link: https://commits.webkit.org/272448.952@safari-7618.2.12.10-branch
Commit: c5dd61b4cbe2d51377e083e98c91390b599711cf
https://github.com/WebKit/WebKit/commit/c5dd61b4cbe2d51377e083e98c91390b599711cf
Author: Dan Robson <dtr_bugzi...@apple.com>
Date: 2024-04-22 (Mon, 22 Apr 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7618.2.12.10.5
Canonical link: https://commits.webkit.org/272448.953@safari-7618.2.12.10-branch
Commit: 81c26e6a4483686853f4f88dbde6e212062755d3
https://github.com/WebKit/WebKit/commit/81c26e6a4483686853f4f88dbde6e212062755d3
Author: Keith Miller <keith_mil...@apple.com>
Date: 2024-04-22 (Mon, 22 Apr 2024)
Changed paths:
M Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h
M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
M Source/JavaScriptCore/jit/ThunkGenerators.cpp
M Source/JavaScriptCore/llint/LLIntThunks.cpp
M Source/JavaScriptCore/runtime/Options.cpp
M Source/JavaScriptCore/runtime/OptionsList.h
M Source/WTF/wtf/PtrTag.h
M Source/WebKit/WebProcess/WebProcess.cpp
M Tools/Scripts/run-jsc-stress-tests
Log Message:
-----------
Cherry-pick f442fbe222f3. rdar://125596635
Make it harder to get a PAC signing gadget in JIT code.
https://bugs.webkit.org/show_bug.cgi?id=272750
rdar://125596635
Reviewed by Yusuke Suzuki.
Right now if an attacker can control where code is allocated they can
overlap code to create a PAC bypass.
This patch makes that harder (in the WebContent process) by only allowing
pacibsp and pacizb. This means
that during arity fixup we now tag the return PC with pacizb. This is ok
because we don't use the zero
diversifier for anything. For reifying inlined call frames during OSR exit
things are a bit more complicated.
First we have be careful to only move signed return addresses into lr then
untag them there. Also, we have
to shuffle SP to point to where it would in reified frame. This means that
there is technically live data
below our SP, which on many OSes causes problems. Talking to our kernel
folks however this isn't a problem
as long as we don't have any signal handlers or run lldb expressions in
this window. We don't use signal
handlers in the WebContent process and this patch tries to limit/document
the window of JIT code where lldb
would trash the stack.
* Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h:
(JSC::MacroAssemblerARM64E::tagPtr):
* Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
(JSC::AssemblyHelpers::transferReturnPC):
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::arityFixupGenerator):
* Source/JavaScriptCore/llint/LLIntThunks.cpp:
(JSC::LLInt::tagGateThunk):
(JSC::LLInt::untagGateThunk):
* Source/JavaScriptCore/runtime/OptionsList.h:
* Source/WTF/wtf/PtrTag.h:
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeProcess):
* Tools/Scripts/run-jsc-stress-tests:
Canonical link: https://commits.webkit.org/272448.948@safari-7618-branch
Canonical link: https://commits.webkit.org/272448.954@safari-7618.2.12.10-branch
Commit: 40a1b705561be7cfd333ba4fe4e6804255b7db0d
https://github.com/WebKit/WebKit/commit/40a1b705561be7cfd333ba4fe4e6804255b7db0d
Author: Jer Noble <jer.no...@apple.com>
Date: 2024-04-23 (Tue, 23 Apr 2024)
Changed paths:
M Source/WebCore/platform/mediastream/mac/AVVideoCaptureSource.mm
Log Message:
-----------
Cherry-pick 6c86b501dc6d. rdar://126717672
[iOS] CRASH: exception thrown from AVVideoCaptureSource::stopSession()
https://bugs.webkit.org/show_bug.cgi?id=273088
rdar://126717672
Reviewed by Eric Carlson.
Crashtracer data shows that an exception is thrown from -[AVCaptureSession
stopRunning] because that
method is called after -beginConfiguration, but before
-commitConfiguration. Make this method robust
to that exception, and add our own ASSERT that we are not in the middle of
configuration in order to
catch this case before it gets to AVCapture.
* Source/WebCore/platform/mediastream/mac/AVVideoCaptureSource.mm:
(WebCore::AVVideoCaptureSource::stopSession):
Canonical link: https://commits.webkit.org/277869@main
Commit: 85fac75af00cd45fe899b6f601126367c2956622
https://github.com/WebKit/WebKit/commit/85fac75af00cd45fe899b6f601126367c2956622
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-23 (Tue, 23 Apr 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7618.2.12.10.6
Canonical link: https://commits.webkit.org/272448.956@safari-7618.2.12.10-branch
Commit: 0de7121779f13d7234e48adc93cd2ff6efdc4cd9
https://github.com/WebKit/WebKit/commit/0de7121779f13d7234e48adc93cd2ff6efdc4cd9
Author: Dan Robson <dtr_bugzi...@apple.com>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7618.2.12.10.7
Canonical link: https://commits.webkit.org/272448.957@safari-7618.2.12.10-branch
Commit: 08f0de8d751d2f1ba3df4e312b7c4ce9667ad0e7
https://github.com/WebKit/WebKit/commit/08f0de8d751d2f1ba3df4e312b7c4ce9667ad0e7
Author: Kimmo Kinnunen <kkinnu...@apple.com>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M Source/ThirdParty/ANGLE/src/compiler/translator/msl/Name.cpp
M Source/ThirdParty/ANGLE/src/compiler/translator/msl/TranslatorMSL.cpp
M Source/ThirdParty/ANGLE/src/tests/gl_tests/GLSLTest.cpp
Log Message:
-----------
Cherry-pick bce91c8033e3. rdar://126944294
WebGL fails to compile shaders with out variables that are arrays and start
with underscore
rdar://126944294
Reviewed by Chris Dumez.
Integrates upstream commit:
commit e0e91b8cbb2e096d2d009cd0d1fbe20d785f2263
Author: Kimmo Kinnunen <kkinnu...@apple.com>
Date: Mon Apr 22 18:11:30 2024 -0700
Metal: Fix rewritten out variables with underscores
Fix compilation in case of output variables start with underscores.
Make name emission always emit MSL name ANGLE_{name}, so that GLSL `_e`
and `e` cannot clash. This regressed in angleproject:8558.
Bug: b/335744344
Change-Id: Ibae4dba4a24888acc1461582e69d48218ba11176
Canonical link: https://commits.webkit.org/272448.959@safari-7618-branch
Canonical link: https://commits.webkit.org/272448.958@safari-7618.2.12.10-branch
Commit: 4e7e6f90721fd9c3a3be4d7f564ebb729264fe39
https://github.com/WebKit/WebKit/commit/4e7e6f90721fd9c3a3be4d7f564ebb729264fe39
Author: Dan Robson <dtr_bugzi...@apple.com>
Date: 2024-04-24 (Wed, 24 Apr 2024)
Changed paths:
M Source/ThirdParty/ANGLE/src/compiler/translator/msl/Name.cpp
M Source/ThirdParty/ANGLE/src/compiler/translator/msl/TranslatorMSL.cpp
M Source/ThirdParty/ANGLE/src/tests/gl_tests/GLSLTest.cpp
Log Message:
-----------
Revert "Cherry-pick bce91c8033e3. rdar://126944294"
This reverts commit 08f0de8d751d2f1ba3df4e312b7c4ce9667ad0e7.
Canonical link: https://commits.webkit.org/272448.959@safari-7618.2.12.10-branch
Commit: ef7653da4436ada69c80432b6b963335b3926176
https://github.com/WebKit/WebKit/commit/ef7653da4436ada69c80432b6b963335b3926176
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-04-29 (Mon, 29 Apr 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7618.2.12.10.8
Canonical link: https://commits.webkit.org/272448.960@safari-7618.2.12.10-branch
Commit: 7cc38cbe11a204f06f5683ddcee4ccbbd4691ce2
https://github.com/WebKit/WebKit/commit/7cc38cbe11a204f06f5683ddcee4ccbbd4691ce2
Author: Dan Robson <dtr_bugzi...@apple.com>
Date: 2024-05-01 (Wed, 01 May 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7618.2.12.10.9
Canonical link: https://commits.webkit.org/272448.961@safari-7618.2.12.10-branch
Commit: 5b0e147c095567387a080a2da87c79f95ed04744
https://github.com/WebKit/WebKit/commit/5b0e147c095567387a080a2da87c79f95ed04744
Author: Aditya Keerthi <akeer...@apple.com>
Date: 2024-05-01 (Wed, 01 May 2024)
Changed paths:
M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
Log Message:
-----------
Cherry-pick 687fbeefa898. rdar://127259364
[iOS] Unable to upload photos to Adobe Express app
https://bugs.webkit.org/show_bug.cgi?id=273444
rdar://127259364
Reviewed by Abrar Rahman Protyasha and Wenson Hsieh.
Adobe Express does not support HEIC photo uploads.
Disable the setting which only transcodes HEIC photo uploads to JPEG if the
"accept" attribute on file inputs excludes the HEIC MIME type.
Adobe Express specifies "image/*" in order to get support for Adobe
Illustrator
files, however, they still wish to exclude HEIC. Due to a bug in
CoreServices,
they are unable to specify a specific MIME type for Illustrator files.
Consequently, they are forced to claim support for all image types.
Fix by restoring the old behavior.
* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
Canonical link: https://commits.webkit.org/278196@main
Canonical link: https://commits.webkit.org/272448.962@safari-7618.2.12.10-branch
Compare: https://github.com/WebKit/WebKit/compare/046928bac9d7%5E...5b0e147c0955
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
