Branch: refs/heads/safari-7618.2.12.10-branch Home: https://github.com/WebKit/WebKit Commit: 046928bac9d7aa004a9af53164688e5550ae82ab https://github.com/WebKit/WebKit/commit/046928bac9d7aa004a9af53164688e5550ae82ab Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-15 (Mon, 15 Apr 2024)
Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.10.1 Canonical link: https://commits.webkit.org/272448.932@safari-7618.2.12.10-branch Commit: 6ae709749b2c728199debc3960ca61643c11ea0e https://github.com/WebKit/WebKit/commit/6ae709749b2c728199debc3960ca61643c11ea0e Author: Per Arne Vollan <pvol...@apple.com> Date: 2024-04-16 (Tue, 16 Apr 2024) Changed paths: M Source/WebKit/Platform/cocoa/XPCUtilities.h M Source/WebKit/Platform/cocoa/XPCUtilities.mm M Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm M Source/WebKit/Shared/Cocoa/XPCEndpoint.mm M Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm Log Message: ----------- Cherry-pick 3c2c899f692d. rdar://126479653 WebKit process termination with xpc_connection_kill does not always work https://bugs.webkit.org/show_bug.cgi?id=272669 rdar://126479653 Reviewed by Chris Dumez. WebKit process termination with xpc_connection_kill does not always work. We are currently seeing flaky termination behavior on macOS, where the child processes are not always terminated successfully. Additionally, on iOS, the XPC connection has become anonymous due to migration to extensions for WebKit processes, and xpc_connection_kill does not support anonymous connections. This patch addresses this issue by creating and sending a XPC message to the child process to request termination. This has a high chance of success, since we know that the XPC connection termination watchdog is holding a background assertion on the process, so it is not suspended. Additionally, the XPC message is being handled on the XPC event handler thread, which is handling very few messages, so it is very unlikely that it is blocked and cannot handle the message. This gives the process a chance to exit cleanly and send a reply back. If the UI process does not receive the expected reply, it will try calling xpc_connection_kill. * Source/WebKit/Platform/cocoa/XPCUtilities.h: * Source/WebKit/Platform/cocoa/XPCUtilities.mm: (WebKit::terminateWithReason): (WebKit::handleXPCExitMessage): * Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm: (WebKit::AuthenticationManager::initializeConnection): * Source/WebKit/Shared/Cocoa/XPCEndpoint.mm: (WebKit::XPCEndpoint::XPCEndpoint): * Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm: (WebKit::XPCServiceEventHandler): Canonical link: https://commits.webkit.org/277509@main Commit: 168c94dfb25f58854fa356cc2353fd0383d0cec7 https://github.com/WebKit/WebKit/commit/168c94dfb25f58854fa356cc2353fd0383d0cec7 Author: Chris Dumez <cdu...@apple.com> Date: 2024-04-16 (Tue, 16 Apr 2024) Changed paths: M Source/WebKit/Shared/AuxiliaryProcess.h M Source/WebKit/Shared/AuxiliaryProcess.messages.in M Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h M Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm Log Message: ----------- Cherry-pick d6540a38e780. rdar://126492909 Regression(277427@main) Crash under AuxiliaryProcessProxy::notifyPreferencesChanged() https://bugs.webkit.org/show_bug.cgi?id=272695 rdar://126492909 Reviewed by Per Arne Vollan. We were using a HashMap to store preferences whose key was a std::pair<String, String>. The first String was the domain and the second the preference name. However, for global preferences, the domain is null, causing a crash when hashing the key. To address an issue, we now store global preferences in a separate HashMap. * Source/WebKit/Shared/AuxiliaryProcess.h: * Source/WebKit/Shared/AuxiliaryProcess.messages.in: * Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm: (WebKit::AuxiliaryProcess::preferencesDidUpdate): * Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp: (WebKit::AuxiliaryProcessProxy::didChangeThrottleState): * Source/WebKit/UIProcess/AuxiliaryProcessProxy.h: * Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm: (WebKit::AuxiliaryProcessProxy::notifyPreferencesChanged): Canonical link: https://commits.webkit.org/277514@main Commit: a5376aab1bd33d7ed445439cbc63eb4ba7862417 https://github.com/WebKit/WebKit/commit/a5376aab1bd33d7ed445439cbc63eb4ba7862417 Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-16 (Tue, 16 Apr 2024) Changed paths: M Source/WebKit/Platform/cocoa/XPCUtilities.h M Source/WebKit/Platform/cocoa/XPCUtilities.mm M Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm M Source/WebKit/Shared/Cocoa/XPCEndpoint.mm M Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm Log Message: ----------- Revert "WebKit process termination with xpc_connection_kill does not always work" This reverts commit 3c2c899f692d5278142b9c476868672da9ae8e04. Commit: 2443ef894bf319d9b4e41943a904c5a0c85fcf6d https://github.com/WebKit/WebKit/commit/2443ef894bf319d9b4e41943a904c5a0c85fcf6d Author: Dan Robson <dtr_bugzi...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.10.2 Canonical link: https://commits.webkit.org/272448.936@safari-7618.2.12.10-branch Commit: 68075b6641fcaa3e62e8d748848b015781d19707 https://github.com/WebKit/WebKit/commit/68075b6641fcaa3e62e8d748848b015781d19707 Author: Yijia Huang <yijia_hu...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/JavaScriptCore/CMakeLists.txt M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/runtime/CachedTypes.cpp A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp M Source/WTF/wtf/spi/darwin/dyldSPI.h Log Message: ----------- Cherry-pick eff5765b8477. rdar://126195542 [JSC] Use JavaScriptCore framework dyld UUID for computing bytecode cache version https://bugs.webkit.org/show_bug.cgi?id=272660 rdar://126195542 Reviewed by Yusuke Suzuki. Previously, we used the JSCBuiltins.o, CachedTypes.o, and project source version number for computing JSC bytecode cache version. That may not strong enough to reject a stale bytecode cache. This patch utilizes JavaScriptCore.framework’s UUID to compute the bytecode cache hash version for Darwin OSes and uses __TIMESTAMP__ for the others. * Source/JavaScriptCore/CMakeLists.txt: * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/Sources.txt: * Source/JavaScriptCore/runtime/CachedTypes.cpp: (JSC::GenericCacheEntry::GenericCacheEntry): (JSC::GenericCacheEntry::isUpToDate const): * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp: Added. (JSC::computeJSCBytecodeCacheVersion): * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in: Removed. * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h: Canonical link: https://commits.webkit.org/277548@main Canonical link: https://commits.webkit.org/272448.937@safari-7618.2.12.10-branch Commit: 6c3336bce26e169ed0afd222684eddc7e2269cf0 https://github.com/WebKit/WebKit/commit/6c3336bce26e169ed0afd222684eddc7e2269cf0 Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/JavaScriptCore/CMakeLists.txt M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/runtime/CachedTypes.cpp R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp M Source/WTF/wtf/spi/darwin/dyldSPI.h Log Message: ----------- Revert rdar://126195542 * Source/JavaScriptCore/CMakeLists.txt: * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/Sources.txt: * Source/JavaScriptCore/runtime/CachedTypes.cpp: (JSC::GenericCacheEntry::GenericCacheEntry): (JSC::GenericCacheEntry::isUpToDate const): * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp: Removed. * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in: Added. * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h: * Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp: * Source/WTF/wtf/spi/darwin/dyldSPI.h: Commit: 9f8097dee3c36547a878d378b6303e2129dfd44b https://github.com/WebKit/WebKit/commit/9f8097dee3c36547a878d378b6303e2129dfd44b Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/JavaScriptCore/CMakeLists.txt M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/bytecode/ExpressionInfo.h M Source/JavaScriptCore/runtime/CachedTypes.cpp M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp M Source/WTF/wtf/spi/darwin/dyldSPI.h Log Message: ----------- Apply patch. rdar://126195542 Commit: cf230d9707dfa18e211e166abfc3206d6f268a6f https://github.com/WebKit/WebKit/commit/cf230d9707dfa18e211e166abfc3206d6f268a6f Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/JavaScriptCore/CMakeLists.txt M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/bytecode/ExpressionInfo.h M Source/JavaScriptCore/runtime/CachedTypes.cpp M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp M Source/WTF/wtf/spi/darwin/dyldSPI.h Log Message: ----------- Revert rdar://126195542 * Source/JavaScriptCore/CMakeLists.txt: * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/Sources.txt: * Source/JavaScriptCore/bytecode/ExpressionInfo.h: * Source/JavaScriptCore/runtime/CachedTypes.cpp: (JSC::GenericCacheEntry::GenericCacheEntry): (JSC::GenericCacheEntry::isUpToDate const): * Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h: * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp: Removed. * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in: Added. * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h: * Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp: * Source/WTF/wtf/spi/darwin/dyldSPI.h: Commit: 988bdce50871caf629ad17b03278a7545a1f2a3e https://github.com/WebKit/WebKit/commit/988bdce50871caf629ad17b03278a7545a1f2a3e Author: Per Arne Vollan <pvol...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/WebKit/Platform/cocoa/XPCUtilities.mm Log Message: ----------- Cherry-pick 1bfeac262aa5. rdar://126479653 Compile fix after <https://commits.webkit.org/277509@main> https://bugs.webkit.org/show_bug.cgi?id=272824 rdar://126479653 Unreviewed compile fix. * Source/WebKit/Platform/cocoa/XPCUtilities.mm: Canonical link: https://commits.webkit.org/277621@main Commit: a2c0dd0613baee1c2e60a1d2ac8c30e162059510 https://github.com/WebKit/WebKit/commit/a2c0dd0613baee1c2e60a1d2ac8c30e162059510 Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/JavaScriptCore/CMakeLists.txt M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/bytecode/ExpressionInfo.h M Source/JavaScriptCore/runtime/CachedTypes.cpp M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp M Source/WTF/wtf/spi/darwin/dyldSPI.h Log Message: ----------- Apply patch. rdar://126195542 Commit: 783ba3a915a9155245ccdce194a73712d3046025 https://github.com/WebKit/WebKit/commit/783ba3a915a9155245ccdce194a73712d3046025 Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/WebKit/Platform/cocoa/XPCUtilities.mm Log Message: ----------- Revert 988bdce50871 * Source/WebKit/Platform/cocoa/XPCUtilities.mm: Commit: 8aae01cfbe53d47cd711008dae5bc8f2069f5742 https://github.com/WebKit/WebKit/commit/8aae01cfbe53d47cd711008dae5bc8f2069f5742 Author: Per Arne Vollan <pvol...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/WebKit/Platform/cocoa/XPCUtilities.h M Source/WebKit/Platform/cocoa/XPCUtilities.mm M Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm M Source/WebKit/Shared/Cocoa/XPCEndpoint.mm M Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm Log Message: ----------- Cherry-pick 3c2c899f692d. rdar://126479653 WebKit process termination with xpc_connection_kill does not always work https://bugs.webkit.org/show_bug.cgi?id=272669 rdar://126479653 Reviewed by Chris Dumez. WebKit process termination with xpc_connection_kill does not always work. We are currently seeing flaky termination behavior on macOS, where the child processes are not always terminated successfully. Additionally, on iOS, the XPC connection has become anonymous due to migration to extensions for WebKit processes, and xpc_connection_kill does not support anonymous connections. This patch addresses this issue by creating and sending a XPC message to the child process to request termination. This has a high chance of success, since we know that the XPC connection termination watchdog is holding a background assertion on the process, so it is not suspended. Additionally, the XPC message is being handled on the XPC event handler thread, which is handling very few messages, so it is very unlikely that it is blocked and cannot handle the message. This gives the process a chance to exit cleanly and send a reply back. If the UI process does not receive the expected reply, it will try calling xpc_connection_kill. * Source/WebKit/Platform/cocoa/XPCUtilities.h: * Source/WebKit/Platform/cocoa/XPCUtilities.mm: (WebKit::terminateWithReason): (WebKit::handleXPCExitMessage): * Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm: (WebKit::AuthenticationManager::initializeConnection): * Source/WebKit/Shared/Cocoa/XPCEndpoint.mm: (WebKit::XPCEndpoint::XPCEndpoint): * Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm: (WebKit::XPCServiceEventHandler): Canonical link: https://commits.webkit.org/277509@main Commit: 5e5e258a00fadc90582c564613a0eb3557ebcf3f https://github.com/WebKit/WebKit/commit/5e5e258a00fadc90582c564613a0eb3557ebcf3f Author: Per Arne Vollan <pvol...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/WebKit/Platform/cocoa/XPCUtilities.mm Log Message: ----------- Cherry-pick 1bfeac262aa5. rdar://126479653 Compile fix after <https://commits.webkit.org/277509@main> https://bugs.webkit.org/show_bug.cgi?id=272824 rdar://126479653 Unreviewed compile fix. * Source/WebKit/Platform/cocoa/XPCUtilities.mm: Canonical link: https://commits.webkit.org/277621@main Commit: da1cebe5c0b16070d0cd67c62f7044fbd95c3250 https://github.com/WebKit/WebKit/commit/da1cebe5c0b16070d0cd67c62f7044fbd95c3250 Author: Per Arne Vollan <pvol...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/WebKit/Configurations/BaseExtension.xcconfig M Source/WebKit/WebKit.xcodeproj/project.pbxproj Log Message: ----------- Cherry-pick 272448.936@safari-7618-branch (e4b082b5052c). rdar://126637839 Cherry-pick 277628@main (0402a0f80064). rdar://126637918 Change install location of WebKit process extensions https://bugs.webkit.org/show_bug.cgi?id=268946 rdar://126613034 Reviewed by Jonathan Bedard. This was previously landed in <https://commits.webkit.org/274425@main>. This patch addresses an issue where extensions are not discovered in the new location on Simulator. * Source/WebKit/Configurations/BaseExtension.xcconfig: * Source/WebKit/WebKit.xcodeproj/project.pbxproj: Canonical link: https://commits.webkit.org/277628@main Canonical link: https://commits.webkit.org/272448.936@safari-7618-branch Canonical link: https://commits.webkit.org/272448.946@safari-7618.2.12.10-branch Commit: 9943fcd94ec5ff4b5d8ba2efea75c1acd475dcb0 https://github.com/WebKit/WebKit/commit/9943fcd94ec5ff4b5d8ba2efea75c1acd475dcb0 Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/JavaScriptCore/CMakeLists.txt M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/bytecode/ExpressionInfo.h M Source/JavaScriptCore/runtime/CachedTypes.cpp M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp M Source/WTF/wtf/spi/darwin/dyldSPI.h Log Message: ----------- Revert rdar://126195542 (️CrashTracer: amsengagementd at com.apple.JavaScriptCore: JSC::CodeBlock::finishCreation) this reverts commit a2c0dd0613baee1c2e60a1d2ac8c30e162059510 * Source/JavaScriptCore/CMakeLists.txt: * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/Sources.txt: * Source/JavaScriptCore/bytecode/ExpressionInfo.h: * Source/JavaScriptCore/runtime/CachedTypes.cpp: (JSC::GenericCacheEntry::GenericCacheEntry): (JSC::GenericCacheEntry::isUpToDate const): * Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h: * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp: Removed. * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in: Added. * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h: * Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp: * Source/WTF/wtf/spi/darwin/dyldSPI.h: Commit: c60dc8bf7ca2715a5f33fdaa2e70aba09e4e287b https://github.com/WebKit/WebKit/commit/c60dc8bf7ca2715a5f33fdaa2e70aba09e4e287b Author: David Degazio <d_dega...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/JavaScriptCore/bytecode/CodeBlock.cpp M Source/JavaScriptCore/bytecode/MetadataTable.cpp M Source/JavaScriptCore/bytecode/MetadataTable.h M Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h Log Message: ----------- Cherry-pick 4cac7925aca4. rdar://121747906 [JSC] Mitigate null UnlinkedMetadataTable pointer in CodeBlock destructor https://bugs.webkit.org/show_bug.cgi?id=272787 rdar://121747906 Reviewed by Yusuke Suzuki. Attempts to fix a rare bug where the UnlinkedMetadataTable pointer accessed in the CodeBlock destructor can become null. We think this may be due to a series of thread-unsafe reference count operations that might allow the destructor to happen twice, perhaps simultaneously on two threads. This patch attempts to mitigate this by: 1. Making UnlinkedMetadataTable and MetadataTable thread-safe refcounted. 2. Checking for the presence of a null UnlinkedMetadataTable pointer in the appropriate functions, and attempting to handle it nonfatally. This means we skip updating the didOptimize state in the CodeBlock destructor, and that we intentionally leak MetadataTables if they have this null pointer. * Source/JavaScriptCore/bytecode/CodeBlock.cpp: (JSC::CodeBlock::~CodeBlock): * Source/JavaScriptCore/bytecode/MetadataTable.cpp: (JSC::MetadataTable::destroy): (JSC::MetadataTable::sizeInBytesForGC): * Source/JavaScriptCore/bytecode/MetadataTable.h: (JSC::MetadataTable::forEachValueProfile): (JSC::MetadataTable::valueProfileForOffset): (JSC::MetadataTable::deref): (JSC::MetadataTable::unlinkedMetadata const): (JSC::MetadataTable::totalSize const): * Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h: Canonical link: https://commits.webkit.org/272448.937@safari-7618-branch Commit: bcea360031f4051515ac914418208f2e274f0ce6 https://github.com/WebKit/WebKit/commit/bcea360031f4051515ac914418208f2e274f0ce6 Author: Chris Dumez <cdu...@apple.com> Date: 2024-04-18 (Thu, 18 Apr 2024) Changed paths: M Source/WebKit/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFrame.mm Log Message: ----------- Cherry-pick 2aaac5377578. rdar://126706870 Add page null check under [WKWebProcessPlugInFrame _browserContextController] https://bugs.webkit.org/show_bug.cgi?id=271174 rdar://122276358 Reviewed by Sihui Liu. Add page null check under [WKWebProcessPlugInFrame _browserContextController] to address some crashes in the wild. * Source/WebKit/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInFrame.mm: (-[WKWebProcessPlugInFrame _browserContextController]): Canonical link: https://commits.webkit.org/276318@main Commit: e9b873d82d80d6fd245788ab17b503113fa08487 https://github.com/WebKit/WebKit/commit/e9b873d82d80d6fd245788ab17b503113fa08487 Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-18 (Thu, 18 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.10.3 Canonical link: https://commits.webkit.org/272448.950@safari-7618.2.12.10-branch Commit: 15d90771ccc7f91e8cac75c5d82902bd0ed54fec https://github.com/WebKit/WebKit/commit/15d90771ccc7f91e8cac75c5d82902bd0ed54fec Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-19 (Fri, 19 Apr 2024) Changed paths: M Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm M Tools/TestWebKitAPI/Tests/WebKit/OverrideAppleLanguagesPreference.mm Log Message: ----------- Apply patch. rdar://126555755 Commit: 3552c37f03f0d8a855ba8505c19d3b0e9782c5ec https://github.com/WebKit/WebKit/commit/3552c37f03f0d8a855ba8505c19d3b0e9782c5ec Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-19 (Fri, 19 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.10.4 Canonical link: https://commits.webkit.org/272448.952@safari-7618.2.12.10-branch Commit: c5dd61b4cbe2d51377e083e98c91390b599711cf https://github.com/WebKit/WebKit/commit/c5dd61b4cbe2d51377e083e98c91390b599711cf Author: Dan Robson <dtr_bugzi...@apple.com> Date: 2024-04-22 (Mon, 22 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.10.5 Canonical link: https://commits.webkit.org/272448.953@safari-7618.2.12.10-branch Commit: 81c26e6a4483686853f4f88dbde6e212062755d3 https://github.com/WebKit/WebKit/commit/81c26e6a4483686853f4f88dbde6e212062755d3 Author: Keith Miller <keith_mil...@apple.com> Date: 2024-04-22 (Mon, 22 Apr 2024) Changed paths: M Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp M Source/JavaScriptCore/jit/ThunkGenerators.cpp M Source/JavaScriptCore/llint/LLIntThunks.cpp M Source/JavaScriptCore/runtime/Options.cpp M Source/JavaScriptCore/runtime/OptionsList.h M Source/WTF/wtf/PtrTag.h M Source/WebKit/WebProcess/WebProcess.cpp M Tools/Scripts/run-jsc-stress-tests Log Message: ----------- Cherry-pick f442fbe222f3. rdar://125596635 Make it harder to get a PAC signing gadget in JIT code. https://bugs.webkit.org/show_bug.cgi?id=272750 rdar://125596635 Reviewed by Yusuke Suzuki. Right now if an attacker can control where code is allocated they can overlap code to create a PAC bypass. This patch makes that harder (in the WebContent process) by only allowing pacibsp and pacizb. This means that during arity fixup we now tag the return PC with pacizb. This is ok because we don't use the zero diversifier for anything. For reifying inlined call frames during OSR exit things are a bit more complicated. First we have be careful to only move signed return addresses into lr then untag them there. Also, we have to shuffle SP to point to where it would in reified frame. This means that there is technically live data below our SP, which on many OSes causes problems. Talking to our kernel folks however this isn't a problem as long as we don't have any signal handlers or run lldb expressions in this window. We don't use signal handlers in the WebContent process and this patch tries to limit/document the window of JIT code where lldb would trash the stack. * Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h: (JSC::MacroAssemblerARM64E::tagPtr): * Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp: (JSC::DFG::reifyInlinedCallFrames): (JSC::AssemblyHelpers::transferReturnPC): * Source/JavaScriptCore/jit/ThunkGenerators.cpp: (JSC::arityFixupGenerator): * Source/JavaScriptCore/llint/LLIntThunks.cpp: (JSC::LLInt::tagGateThunk): (JSC::LLInt::untagGateThunk): * Source/JavaScriptCore/runtime/OptionsList.h: * Source/WTF/wtf/PtrTag.h: * Source/WebKit/WebProcess/WebProcess.cpp: (WebKit::WebProcess::initializeProcess): * Tools/Scripts/run-jsc-stress-tests: Canonical link: https://commits.webkit.org/272448.948@safari-7618-branch Canonical link: https://commits.webkit.org/272448.954@safari-7618.2.12.10-branch Commit: 40a1b705561be7cfd333ba4fe4e6804255b7db0d https://github.com/WebKit/WebKit/commit/40a1b705561be7cfd333ba4fe4e6804255b7db0d Author: Jer Noble <jer.no...@apple.com> Date: 2024-04-23 (Tue, 23 Apr 2024) Changed paths: M Source/WebCore/platform/mediastream/mac/AVVideoCaptureSource.mm Log Message: ----------- Cherry-pick 6c86b501dc6d. rdar://126717672 [iOS] CRASH: exception thrown from AVVideoCaptureSource::stopSession() https://bugs.webkit.org/show_bug.cgi?id=273088 rdar://126717672 Reviewed by Eric Carlson. Crashtracer data shows that an exception is thrown from -[AVCaptureSession stopRunning] because that method is called after -beginConfiguration, but before -commitConfiguration. Make this method robust to that exception, and add our own ASSERT that we are not in the middle of configuration in order to catch this case before it gets to AVCapture. * Source/WebCore/platform/mediastream/mac/AVVideoCaptureSource.mm: (WebCore::AVVideoCaptureSource::stopSession): Canonical link: https://commits.webkit.org/277869@main Commit: 85fac75af00cd45fe899b6f601126367c2956622 https://github.com/WebKit/WebKit/commit/85fac75af00cd45fe899b6f601126367c2956622 Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-23 (Tue, 23 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.10.6 Canonical link: https://commits.webkit.org/272448.956@safari-7618.2.12.10-branch Commit: 0de7121779f13d7234e48adc93cd2ff6efdc4cd9 https://github.com/WebKit/WebKit/commit/0de7121779f13d7234e48adc93cd2ff6efdc4cd9 Author: Dan Robson <dtr_bugzi...@apple.com> Date: 2024-04-24 (Wed, 24 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.10.7 Canonical link: https://commits.webkit.org/272448.957@safari-7618.2.12.10-branch Commit: 08f0de8d751d2f1ba3df4e312b7c4ce9667ad0e7 https://github.com/WebKit/WebKit/commit/08f0de8d751d2f1ba3df4e312b7c4ce9667ad0e7 Author: Kimmo Kinnunen <kkinnu...@apple.com> Date: 2024-04-24 (Wed, 24 Apr 2024) Changed paths: M Source/ThirdParty/ANGLE/src/compiler/translator/msl/Name.cpp M Source/ThirdParty/ANGLE/src/compiler/translator/msl/TranslatorMSL.cpp M Source/ThirdParty/ANGLE/src/tests/gl_tests/GLSLTest.cpp Log Message: ----------- Cherry-pick bce91c8033e3. rdar://126944294 WebGL fails to compile shaders with out variables that are arrays and start with underscore rdar://126944294 Reviewed by Chris Dumez. Integrates upstream commit: commit e0e91b8cbb2e096d2d009cd0d1fbe20d785f2263 Author: Kimmo Kinnunen <kkinnu...@apple.com> Date: Mon Apr 22 18:11:30 2024 -0700 Metal: Fix rewritten out variables with underscores Fix compilation in case of output variables start with underscores. Make name emission always emit MSL name ANGLE_{name}, so that GLSL `_e` and `e` cannot clash. This regressed in angleproject:8558. Bug: b/335744344 Change-Id: Ibae4dba4a24888acc1461582e69d48218ba11176 Canonical link: https://commits.webkit.org/272448.959@safari-7618-branch Canonical link: https://commits.webkit.org/272448.958@safari-7618.2.12.10-branch Commit: 4e7e6f90721fd9c3a3be4d7f564ebb729264fe39 https://github.com/WebKit/WebKit/commit/4e7e6f90721fd9c3a3be4d7f564ebb729264fe39 Author: Dan Robson <dtr_bugzi...@apple.com> Date: 2024-04-24 (Wed, 24 Apr 2024) Changed paths: M Source/ThirdParty/ANGLE/src/compiler/translator/msl/Name.cpp M Source/ThirdParty/ANGLE/src/compiler/translator/msl/TranslatorMSL.cpp M Source/ThirdParty/ANGLE/src/tests/gl_tests/GLSLTest.cpp Log Message: ----------- Revert "Cherry-pick bce91c8033e3. rdar://126944294" This reverts commit 08f0de8d751d2f1ba3df4e312b7c4ce9667ad0e7. Canonical link: https://commits.webkit.org/272448.959@safari-7618.2.12.10-branch Commit: ef7653da4436ada69c80432b6b963335b3926176 https://github.com/WebKit/WebKit/commit/ef7653da4436ada69c80432b6b963335b3926176 Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-29 (Mon, 29 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.10.8 Canonical link: https://commits.webkit.org/272448.960@safari-7618.2.12.10-branch Commit: 7cc38cbe11a204f06f5683ddcee4ccbbd4691ce2 https://github.com/WebKit/WebKit/commit/7cc38cbe11a204f06f5683ddcee4ccbbd4691ce2 Author: Dan Robson <dtr_bugzi...@apple.com> Date: 2024-05-01 (Wed, 01 May 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.10.9 Canonical link: https://commits.webkit.org/272448.961@safari-7618.2.12.10-branch Commit: 5b0e147c095567387a080a2da87c79f95ed04744 https://github.com/WebKit/WebKit/commit/5b0e147c095567387a080a2da87c79f95ed04744 Author: Aditya Keerthi <akeer...@apple.com> Date: 2024-05-01 (Wed, 01 May 2024) Changed paths: M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml Log Message: ----------- Cherry-pick 687fbeefa898. rdar://127259364 [iOS] Unable to upload photos to Adobe Express app https://bugs.webkit.org/show_bug.cgi?id=273444 rdar://127259364 Reviewed by Abrar Rahman Protyasha and Wenson Hsieh. Adobe Express does not support HEIC photo uploads. Disable the setting which only transcodes HEIC photo uploads to JPEG if the "accept" attribute on file inputs excludes the HEIC MIME type. Adobe Express specifies "image/*" in order to get support for Adobe Illustrator files, however, they still wish to exclude HEIC. Due to a bug in CoreServices, they are unable to specify a specific MIME type for Illustrator files. Consequently, they are forced to claim support for all image types. Fix by restoring the old behavior. * Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml: Canonical link: https://commits.webkit.org/278196@main Canonical link: https://commits.webkit.org/272448.962@safari-7618.2.12.10-branch Compare: https://github.com/WebKit/WebKit/compare/046928bac9d7%5E...5b0e147c0955 To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes