Branch: refs/tags/WebKit-7613.6.1.0.3
Home: https://github.com/WebKit/WebKit
Commit: 906929f11e55200ae29b7d5de82156d91d086e49
https://github.com/WebKit/WebKit/commit/906929f11e55200ae29b7d5de82156d91d086e49
Author: Alan Coon <alanc...@apple.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.4.1.0.1
Canonical link: https://commits.webkit.org/245886.806@safari-7613.3.9.0-branch
Commit: 5a8de3f50180a061d1140261ef82c825f7730952
https://github.com/WebKit/WebKit/commit/5a8de3f50180a061d1140261ef82c825f7730952
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
A JSTests/stress/bigint-array-byte-offset.js
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Log Message:
-----------
Cherry-pick 1f3e8b70b999. rdar://problem/97264358
[AArch32][Aarch64] ASSERTION FAILED variant.intrinsic() == NoIntrinsic in
void JSC::DFG::ByteCodeParser::handleGetById
https://bugs.webkit.org/show_bug.cgi?id=242599
<rdar://96836847>
Reviewed by Mark Lam.
Previously all intrinsic getters are handled. So at this point, it should
be NoIntrinsic.
But after introducing 4GB TypedArray and BigInt64Array, this handling can
fail.
However, in this case, we should just continue using this generic path:
invoking a getter.
Thus, the current code is correct, and this assertion is stale.
This patch removes this stale assertion.
* JSTests/stress/bigint-array-byte-offset.js: Added.
(__f_2):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleGetById):
Canonical link: https://commits.webkit.org/252391@main
Canonical link: https://commits.webkit.org/245886.807@safari-7613.3.9.0-branch
Commit: d5b48dbd85a070d0b0a1f27395f84755087b73bb
https://github.com/WebKit/WebKit/commit/d5b48dbd85a070d0b0a1f27395f84755087b73bb
Author: Chris Dumez <cdu...@apple.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
M Source/WebCore/bindings/js/DOMPromiseProxy.h
Log Message:
-----------
Cherry-pick 4ac005fe82bb. rdar://problem/97276126
Do hardening in DOMPromiseProxy
https://bugs.webkit.org/show_bug.cgi?id=242528
<rdar://96204017>
Reviewed by Darin Adler.
Make sure we make a copy of the deferred promises before iterating over
them, in
case the code inside the loop modifies the Vector. Similarly, do a copy of
the
return value or exception the deferred promises are settled with, in case
|this|
goes away.
* Source/WebCore/bindings/js/DOMPromiseProxy.h:
(WebCore::DOMPromiseProxy<IDLType>::resolve):
(WebCore::DOMPromiseProxy<IDLAny>::resolve):
(WebCore::DOMPromiseProxy<IDLType>::resolveWithNewlyCreated):
(WebCore::DOMPromiseProxy<IDLType>::reject):
(WebCore::DOMPromiseProxy<IDLUndefined>::resolve):
(WebCore::DOMPromiseProxy<IDLUndefined>::reject):
(WebCore::DOMPromiseProxyWithResolveCallback<IDLType>::resolve):
(WebCore::DOMPromiseProxyWithResolveCallback<IDLType>::resolveWithNewlyCreated):
(WebCore::DOMPromiseProxyWithResolveCallback<IDLType>::reject):
Canonical link: https://commits.webkit.org/252305@main
Canonical link: https://commits.webkit.org/245886.808@safari-7613.3.9.0-branch
Commit: 0e1154a51dcc5ab61c86e5eb764cd7147a7649d3
https://github.com/WebKit/WebKit/commit/0e1154a51dcc5ab61c86e5eb764cd7147a7649d3
Author: Alan Bujtas <za...@apple.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
M Source/WebCore/rendering/LegacyLineLayout.cpp
Log Message:
-----------
Cherry-pick 4bfe200db44b. rdar://problem/97277370
Existing floatingObject->originatingLine() is not always an incorrect state
with security implication
https://bugs.webkit.org/show_bug.cgi?id=242493
Reviewed by Simon Fraser.
The float object's originating line is the line box where we see the float
first. Having duplicate originating line is an incorrect state which may lead
to a security issue. However re-assigning the same line should not be
considered one.
* Source/WebCore/rendering/LegacyLineLayout.cpp:
(WebCore::LegacyLineLayout::determineStartPosition):
Canonical link: https://commits.webkit.org/252269@main
Canonical link: https://commits.webkit.org/245886.809@safari-7613.3.9.0-branch
Commit: 0a6cd9c47e963ee45f0dff2531add5c8c89cc44f
https://github.com/WebKit/WebKit/commit/0a6cd9c47e963ee45f0dff2531add5c8c89cc44f
Author: Youenn Fablet <youe...@gmail.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
M Source/ThirdParty/libwebrtc/Source/webrtc/pc/rtp_sender.cc
Log Message:
-----------
Cherry-pick 4cfca4164256. rdar://problem/97276088
Update rtp_sender RestoreEncodingLayers function
https://bugs.webkit.org/show_bug.cgi?id=242506
rdar://96590018
Reviewed by Eric Carlson.
* Source/ThirdParty/libwebrtc/Source/webrtc/pc/rtp_sender.cc:
Canonical link: https://commits.webkit.org/252302@main
Canonical link: https://commits.webkit.org/245886.810@safari-7613.3.9.0-branch
Commit: a0989c64649f4a2ed7e5956c100a1bac3d0c10ba
https://github.com/WebKit/WebKit/commit/a0989c64649f4a2ed7e5956c100a1bac3d0c10ba
Author: Kyle Piddington <kpidding...@apple.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_render_utils.h
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_render_utils.mm
M
Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/shaders/format_autogen.h
M
Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/shaders/gen_indices.metal
M
Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/shaders/mtl_default_shaders_src_autogen.inc
M
Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/shaders/mtl_default_shaders_src_autogen.metal
Log Message:
-----------
Cherry-pick 7bf231b1fd35. rdar://problem/97324250
[ANGLE] Bounds check index buffer generation
https://bugs.webkit.org/show_bug.cgi?id=242762
Bounds check element buffer access during triangle fan generation.
Out of bounds reads of the element buffer on both the CPU and GPU will
result in getting back
index zero, rather than reading garbage memory
Reviewed by Dean Jackson.
* Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_render_utils.h:
* Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/mtl_render_utils.mm:
(rx::mtl::IndexGeneratorUtils::generateTriFanBufferFromElementsArray):
(rx::mtl::IndexGeneratorUtils::generateTriFanBufferFromElementsArrayGPU):
(rx::mtl::IndexGeneratorUtils::generateTriFanBufferFromElementsArrayCPU):
*
Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/shaders/format_autogen.h:
*
Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/shaders/gen_indices.metal:
*
Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/shaders/mtl_default_shaders_src_autogen.inc:
*
Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/shaders/mtl_default_shaders_src_autogen.metal:
Canonical link: https://commits.webkit.org/252526@main
Canonical link: https://commits.webkit.org/245886.811@safari-7613.3.9.0-branch
Commit: d845f4bfcf5bd821ee06f22990e8617b039662cc
https://github.com/WebKit/WebKit/commit/d845f4bfcf5bd821ee06f22990e8617b039662cc
Author: Saam Barati <sbar...@apple.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
M Source/JavaScriptCore/dfg/DFGCPSRethreadingPhase.cpp
M Source/JavaScriptCore/dfg/DFGGraph.cpp
Log Message:
-----------
Cherry-pick 8b320548f922. rdar://problem/97274970
Don't allow Flush/PhantomLocal to be the head variable in a block in
ThreadedCPS
https://bugs.webkit.org/show_bug.cgi?id=242096
Reviewed by Yusuke Suzuki.
Before this patch, we would allow Flush/PhantomLocal to be the node inside
the variableAtHead Operands
in a basic block. However, this causes some issues inside of our CFG
simplifcations phase.
CFG simplification will look at the variables at the head of the basic
blocks that it's going to
remove to indicate how we should preserve liveness in its predecessor. We
would then preserve
liveness using a Flush if the variableAtHead was Flushed, otherwise, we
would use a PhantomLocal.
However, the variable at the head might be a PhantomLocal, and it might be
a PhantomLocal
over a variable that's Flushed. However, in our IsFlushed analysis, we
never mark
PhantomLocals as IsFlushed, we only mark value producing nodes, Flush, or
Phis.
We do this by traversing the Phi data flow graph to propagate IsFlushed.
And a Phi
can never transitively point to a PhantomLocal, so it will never indicate
if a
variable is flushed.
To fix this, we just make the variableAtHead contain a Phi instead of
a Flush/PhantomLocal in the situation where it used to be a
Flush/PhantomLocal.
This Phi is what the Flush/PhantomLocal used to point to. And the compiler
is
already prepared for variableAtHead to point to a Phi since that's
what happens for GetLocal. GetLocal will point to a Phi that's inside
variableAtHead. And now what's pointed to by variableAtHead will
properly indicate if the variable is flushed since it'll be a Phi or a
SetArgument node.
* Source/JavaScriptCore/dfg/DFGCPSRethreadingPhase.cpp:
(JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
(JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
* Source/JavaScriptCore/dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dumpBlockHeader):
Canonical link: https://commits.webkit.org/252192@main
Canonical link: https://commits.webkit.org/245886.812@safari-7613.3.9.0-branch
Commit: ec2fe2a686526772b66f7a437a8e06dc71231b7c
https://github.com/WebKit/WebKit/commit/ec2fe2a686526772b66f7a437a8e06dc71231b7c
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
Log Message:
-----------
Cherry-pick a3dd7dc5f60b. rdar://problem/97278973
[JSC] Drop wasm stale assertion
https://bugs.webkit.org/show_bug.cgi?id=242047
rdar://95866655
Reviewed by Mark Lam.
This patch drops stale assertion in addDelegateToUnreachable.
* Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:
(JSC::Wasm::LLIntGenerator::addDelegateToUnreachable):
Canonical link: https://commits.webkit.org/251902@main
Canonical link: https://commits.webkit.org/245886.813@safari-7613.3.9.0-branch
Commit: f04744decc111e77a7c01ded55093d343d5b2b7b
https://github.com/WebKit/WebKit/commit/f04744decc111e77a7c01ded55093d343d5b2b7b
Author: Alan Bujtas <za...@apple.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
M Source/WebCore/rendering/RenderElement.cpp
M Source/WebCore/rendering/RenderLayer.cpp
M Source/WebCore/rendering/RenderLayer.h
Log Message:
-----------
Cherry-pick a8bfed275263. rdar://problem/97273521
Do not include unparented RenderLayers in RenderLayer::topLayerRenderLayers
https://bugs.webkit.org/show_bug.cgi?id=241963
<rdar://95098693>
Reviewed by Simon Fraser.
* Source/WebCore/rendering/RenderElement.cpp:
(WebCore::findNextLayer):
(WebCore::layerNextSiblingRespectingTopLayer):
* Source/WebCore/rendering/RenderLayer.cpp:
* Source/WebCore/rendering/RenderLayer.h:
Canonical link: https://commits.webkit.org/251848@main
Canonical link: https://commits.webkit.org/245886.814@safari-7613.3.9.0-branch
Commit: 7f676a460181db52d1b44e9b8a103f626ae90384
https://github.com/WebKit/WebKit/commit/7f676a460181db52d1b44e9b8a103f626ae90384
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
M Source/JavaScriptCore/jsc.cpp
M Source/JavaScriptCore/runtime/InitializeThreading.cpp
M Source/JavaScriptCore/shell/playstation/TestShell.cpp
M Source/JavaScriptCore/wasm/WasmFaultSignalHandler.cpp
M Source/JavaScriptCore/wasm/WasmFaultSignalHandler.h
M Source/JavaScriptCore/wasm/WasmMemory.cpp
M Source/WebKit/WebProcess/WebProcess.cpp
Log Message:
-----------
Cherry-pick bb92169c6b02. rdar://problem/97264328
[JSC] Activate wasm fault handler when signaling memory is used
https://bugs.webkit.org/show_bug.cgi?id=242358
rdar://96056675
Reviewed by Mark Lam.
https://github.com/WebKit/WebKit/commit/42ad6e4af024381a287ea6a587da469ef43f2819
broke JavaScriptCore.framework's wasm signal handler
since it is no longer installed. This patch activates that handler when
wasm memory is created with signaling requirement, which is
Signaling or Shared memory. We do not activate this in JSC::initialize
since LLDB has a bug that it cannot handle mach exception.
We defer this initialization only when we use Wasm::Memory with necessary
features.
* Source/JavaScriptCore/jsc.cpp:
(runJSC):
* Source/JavaScriptCore/runtime/InitializeThreading.cpp:
(JSC::initialize):
* Source/JavaScriptCore/shell/playstation/TestShell.cpp:
(setupTestRun):
* Source/JavaScriptCore/wasm/WasmFaultSignalHandler.cpp:
(JSC::Wasm::activateSignalingMemory):
(JSC::Wasm::initializeSignalingMemory): Deleted.
* Source/JavaScriptCore/wasm/WasmFaultSignalHandler.h:
* Source/JavaScriptCore/wasm/WasmMemory.cpp:
(JSC::Wasm::MemoryHandle::MemoryHandle):
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeWebProcess):
Canonical link: https://commits.webkit.org/252164@main
Canonical link: https://commits.webkit.org/245886.815@safari-7613.3.9.0-branch
Commit: da4179b034adba7de371ff71e5c902b8bcc53b2c
https://github.com/WebKit/WebKit/commit/da4179b034adba7de371ff71e5c902b8bcc53b2c
Author: Brandon Stewart <brandonstew...@apple.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
M Source/WebCore/crypto/SubtleCrypto.cpp
Log Message:
-----------
Cherry-pick c29e5a28c176. rdar://problem/97276107
Ensure promise is not garbage collected
https://bugs.webkit.org/show_bug.cgi?id=242287
Reviewed by Tim Nguyen.
We need to ensure that the promise always remains alive when in use.
Adding a RefPtr guarantees that it will not be garbage collected.
* Source/WebCore/crypto/SubtleCrypto.cpp:
(WebCore::SubtleCrypto::unwrapKey):
Canonical link: https://commits.webkit.org/252091@main
Canonical link: https://commits.webkit.org/245886.816@safari-7613.3.9.0-branch
Commit: b9a715e45910d40433ce8b415102f223d7a68e7a
https://github.com/WebKit/WebKit/commit/b9a715e45910d40433ce8b415102f223d7a68e7a
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
M Source/JavaScriptCore/wasm/WasmFunctionParser.h
Log Message:
-----------
Cherry-pick cb3e9788095c. rdar://problem/97276414
[JSC] Clean up delegate's error message
https://bugs.webkit.org/show_bug.cgi?id=242099
Reviewed by Saam Barati.
This patch fixes error message for delegate wasm opcode, it is not br or
br_if.
* Source/JavaScriptCore/wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseDelegateTarget):
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
Canonical link: https://commits.webkit.org/251944@main
Canonical link: https://commits.webkit.org/245886.817@safari-7613.3.9.0-branch
Commit: 5ddcf36b601c7229c3a36940c81f8f2a27ed88a0
https://github.com/WebKit/WebKit/commit/5ddcf36b601c7229c3a36940c81f8f2a27ed88a0
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2022-08-03 (Wed, 03 Aug 2022)
Changed paths:
M Source/WebCore/bindings/js/JSDOMGuardedObject.cpp
Log Message:
-----------
Cherry-pick ecad671df9fc. rdar://problem/97274999
Refine JSDOMGuardedObject
https://bugs.webkit.org/show_bug.cgi?id=242282
rdar://94649571
Reviewed by Mark Lam.
This patch fixes the following issues.
1. JSDOMGuardedObject should emit write-barrier after storing a reference
to JSDOMGlobalObject.
2. Regardless of m_guarded status, we should unregister itself from
JSDOMGlobalObject if JSDOMGlobalObject
is live since we register it in the constructor.
* Source/WebCore/bindings/js/JSDOMGuardedObject.cpp:
(WebCore::DOMGuardedObject::DOMGuardedObject):
(WebCore::DOMGuardedObject::clear):
(WebCore::DOMGuardedObject::removeFromGlobalObject):
Canonical link: https://commits.webkit.org/252086@main
Canonical link: https://commits.webkit.org/245886.818@safari-7613.3.9.0-branch
Commit: 6b69f56e4cc972b5c66f05e6fe701cdbe7a7b39d
https://github.com/WebKit/WebKit/commit/6b69f56e4cc972b5c66f05e6fe701cdbe7a7b39d
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2022-08-08 (Mon, 08 Aug 2022)
Changed paths:
A JSTests/stress/map-clear-get.js
A JSTests/stress/set-clear-has.js
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp
M Source/JavaScriptCore/runtime/HashMapImpl.h
M Source/JavaScriptCore/runtime/HashMapImplInlines.h
M Source/JavaScriptCore/runtime/JSMap.h
M Source/JavaScriptCore/runtime/JSModuleLoader.cpp
M Source/JavaScriptCore/runtime/JSSet.h
M Source/JavaScriptCore/runtime/MapConstructor.cpp
M Source/JavaScriptCore/runtime/MapPrototype.cpp
M Source/JavaScriptCore/runtime/SetConstructor.cpp
M Source/JavaScriptCore/runtime/SetPrototype.cpp
M Source/JavaScriptCore/runtime/WeakMapImplInlines.h
M Source/WebCore/bindings/js/JSDOMMapLike.cpp
M Source/WebCore/bindings/js/JSDOMSetLike.cpp
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
Log Message:
-----------
Cherry-pick fdaaccf6d779. rdar://problem/98335573
Cherry-pick 1ed1e4a336e1. rdar://problem/98068082
[JSC] Make JSMap and JSSet construction more simple and efficient
https://bugs.webkit.org/show_bug.cgi?id=243557
rdar://98068082
Reviewed by Mark Lam and Saam Barati.
This patch makes the initial buffer of JSMap / JSSet nullptr so that we
can make allocation of them
simpler and efficient for non-using case. It cleans up many code in
module loader etc. And it paves
the way to allocating them from DFG and FTL efficiently. It also cleans
up SerializedScriptValue
implementation.
* JSTests/stress/map-clear-get.js: Added.
(shouldBe):
(test):
* JSTests/stress/set-clear-has.js: Added.
(shouldBe):
(set clear):
(set shouldBe):
(set new):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp:
(JSC::AbstractModuleRecord::finishCreation):
* Source/JavaScriptCore/runtime/HashMapImpl.h:
(JSC::HashMapBuffer::tryCreate):
(JSC::HashMapImpl::HashMapImpl):
(JSC::HashMapBuffer::create): Deleted.
(JSC::HashMapImpl::shouldRehashAfterAdd const): Deleted.
* Source/JavaScriptCore/runtime/HashMapImplInlines.h:
(JSC::shouldShrink):
(JSC::shouldRehash):
(JSC::nextCapacity):
(JSC::HashMapImpl<HashMapBucketType>::finishCreation):
(JSC::HashMapImpl<HashMapBucketType>::add):
(JSC::HashMapImpl<HashMapBucketType>::addNormalized):
(JSC::HashMapImpl<HashMapBucketType>::remove):
(JSC::HashMapImpl<HashMapBucketType>::clear):
(JSC::HashMapImpl<HashMapBucketType>::setUpHeadAndTail):
(JSC::HashMapImpl<HashMapBucketType>::addNormalizedNonExistingForCloning):
(JSC::HashMapImpl<HashMapBucketType>::addNormalizedNonExistingForCloningInternal):
(JSC::HashMapImpl<HashMapBucketType>::addNormalizedInternal):
(JSC::HashMapImpl<HashMapBucketType>::findBucketAlreadyHashedAndNormalized):
(JSC::HashMapImpl<HashMapBucketType>::rehash):
(JSC::HashMapImpl<HashMapBucketType>::makeAndSetNewBuffer):
(JSC::HashMapImpl<HashMapBucketType>::assertBufferIsEmpty):
(JSC::shouldRehashAfterAdd): Deleted.
(JSC::HashMapImpl<HashMapBucketType>::assertBufferIsEmpty const):
Deleted.
* Source/JavaScriptCore/runtime/JSMap.h:
* Source/JavaScriptCore/runtime/JSModuleLoader.cpp:
(JSC::JSModuleLoader::finishCreation):
* Source/JavaScriptCore/runtime/JSSet.h:
* Source/JavaScriptCore/runtime/MapConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/MapPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/SetConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/SetPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/WeakMapImplInlines.h:
(JSC::WeakMapImpl<WeakMapBucket>::shouldRehashAfterAdd const):
* Source/WebCore/bindings/js/JSDOMMapLike.cpp:
(WebCore::getBackingMap):
* Source/WebCore/bindings/js/JSDOMSetLike.cpp:
(WebCore::getBackingSet):
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::deserialize):
Canonical link: https://commits.webkit.org/253133@main
Canonical link:
https://commits.webkit.org/245886.832@safari-7613.3.9.0-branch
Canonical link: https://commits.webkit.org/245886.819@safari-7613.4.1.0-branch
Commit: cc1264ff76335cd62a22a57ed1b4a5bf8939f43a
https://github.com/WebKit/WebKit/commit/cc1264ff76335cd62a22a57ed1b4a5bf8939f43a
Author: Alan Coon <alanc...@apple.com>
Date: 2022-08-08 (Mon, 08 Aug 2022)
Changed paths:
M Source/WTF/Scripts/Preferences/WebPreferences.yaml
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebKit/UIProcess/API/C/WKPreferences.cpp
M Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm
Log Message:
-----------
Cherry-pick 3e51b624e5ec. rdar://problem/97275837
Canonical link: https://commits.webkit.org/245886.821@safari-7613.4.1.0-branch
Commit: 4c0398cd5328d5be4f44d06edd73d96b1a9cf687
https://github.com/WebKit/WebKit/commit/4c0398cd5328d5be4f44d06edd73d96b1a9cf687
Author: Eric Carlson <eric.carl...@apple.com>
Date: 2022-08-08 (Mon, 08 Aug 2022)
Changed paths:
M Source/WebCore/PAL/pal/spi/cg/CoreGraphicsSPI.h
M Source/WebCore/page/ActivityState.cpp
M Source/WebCore/page/ActivityState.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm
M Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
M Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebProcessPool.h
M Source/WebKit/UIProcess/WebProcessProxy.h
M Source/WebKit/UIProcess/mac/WindowServerConnection.h
M Source/WebKit/UIProcess/mac/WindowServerConnection.mm
M Tools/TestWebKitAPI/Tests/WebKit/GetUserMedia.mm
Log Message:
-----------
Cherry-pick 6e14685cafbd. rdar://problem/97275137
Mute capture when disconnected from hardware console
rdar://87794804
Reviewed by Brent Fulgham
* Source/WebCore/PAL/pal/spi/cg/CoreGraphicsSPI.h
* Source/WebCore/page/ActivityState.cpp
* Source/WebCore/page/ActivityState.h
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm
* Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
* Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm
* Source/WebKit/UIProcess/WebPageProxy.cpp
* Source/WebKit/UIProcess/WebPageProxy.h
* Source/WebKit/UIProcess/WebProcessPool.h
* Source/WebKit/UIProcess/WebProcessProxy.h
* Source/WebKit/UIProcess/mac/WindowServerConnection.h
* Source/WebKit/UIProcess/mac/WindowServerConnection.mm
* Tools/TestWebKitAPI/Tests/WebKit/GetUserMedia.mm
Canonical link: https://commits.webkit.org/251762@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@295757
268f45cc-cd09-0410-ab3c-d52691b4dbfc
Canonical link: https://commits.webkit.org/245886.822@safari-7613.4.1.0-branch
Commit: 5e1e9e342804bdd1d4df6aed4cef4b326681f658
https://github.com/WebKit/WebKit/commit/5e1e9e342804bdd1d4df6aed4cef4b326681f658
Author: Abigail Fox <abigail_...@apple.com>
Date: 2022-08-08 (Mon, 08 Aug 2022)
Changed paths:
M Source/WebCore/platform/cocoa/PlaybackSessionModel.h
M Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm
M Source/WebCore/platform/ios/PlaybackSessionInterfaceAVKit.mm
M Source/WebCore/platform/ios/VideoFullscreenInterfaceAVKit.mm
M Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.messages.in
M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm
M Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm
Log Message:
-----------
Cherry-pick f5f63453c9cd. rdar://problem/97273615
Refactor PlaybackSessionModel::externalPlaybackTargetType to use enum class
rdar://63360025
https://bugs.webkit.org/show_bug.cgi?id=242476
Reviewed by Eric Carlson.
* Source/WebCore/platform/cocoa/PlaybackSessionModel.h:
(): Deleted.
* Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm:
(WebCore::PlaybackSessionModelMediaElement::externalPlaybackTargetType
const):
* Source/WebCore/platform/ios/PlaybackSessionInterfaceAVKit.mm:
(WebCore::PlaybackSessionInterfaceAVKit::externalPlaybackChanged):
* Source/WebCore/platform/ios/VideoFullscreenInterfaceAVKit.mm:
(VideoFullscreenInterfaceAVKit::~VideoFullscreenInterfaceAVKit):
* Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm:
(VideoFullscreenControllerContext::externalPlaybackTargetType const):
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h:
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.messages.in:
* Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
(WebKit::PlaybackSessionManagerProxy::externalPlaybackPropertiesChanged):
* Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm:
(WebKit::PlaybackSessionManager::externalPlaybackChanged):
Canonical link: https://commits.webkit.org/252247@main
Canonical link: https://commits.webkit.org/245886.823@safari-7613.4.1.0-branch
Commit: 726d1034d700c1b18455de3f56f038960761da83
https://github.com/WebKit/WebKit/commit/726d1034d700c1b18455de3f56f038960761da83
Author: Alan Coon <alanc...@apple.com>
Date: 2022-08-10 (Wed, 10 Aug 2022)
Changed paths:
M Source/WTF/Scripts/Preferences/WebPreferences.yaml
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebKit/UIProcess/API/C/WKPreferences.cpp
M Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm
Log Message:
-----------
Revert 3e51b624e5ec. rdar://problem/97275837
This reverts commit cc1264ff76335cd62a22a57ed1b4a5bf8939f43a.
Canonical link: https://commits.webkit.org/245886.824@safari-7613.4.1.0-branch
Commit: 5d2cc6074b86f0df8892f9683361e9f51e8ab73f
https://github.com/WebKit/WebKit/commit/5d2cc6074b86f0df8892f9683361e9f51e8ab73f
Author: Alan Coon <alanc...@apple.com>
Date: 2022-08-10 (Wed, 10 Aug 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.4.1.0.2
Canonical link: https://commits.webkit.org/245886.825@safari-7613.4.1.0-branch
Commit: 1394b06f39aab790eced1e754b58b1170262f65c
https://github.com/WebKit/WebKit/commit/1394b06f39aab790eced1e754b58b1170262f65c
Author: Alan Coon <alanc...@apple.com>
Date: 2022-08-10 (Wed, 10 Aug 2022)
Changed paths:
M Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp
Log Message:
-----------
Apply patch. rdar://problem/97276205
Canonical link: https://commits.webkit.org/245886.826@safari-7613.4.1.0-branch
Commit: 899003b833b6365ee59af86ee6842efcd607c47a
https://github.com/WebKit/WebKit/commit/899003b833b6365ee59af86ee6842efcd607c47a
Author: Alan Coon <alanc...@apple.com>
Date: 2022-08-10 (Wed, 10 Aug 2022)
Changed paths:
M Source/WTF/Scripts/Preferences/WebPreferences.yaml
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebKit/UIProcess/API/C/WKPreferences.cpp
M Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm
Log Message:
-----------
Cherry-pick 3e51b624e5ec. rdar://problem/97275837
This reverts commit 726d1034d700c1b18455de3f56f038960761da83.
Canonical link: https://commits.webkit.org/245886.827@safari-7613.4.1.0-branch
Commit: 08cc7f2e638ec5264e8832f2e1aeec225e0190cd
https://github.com/WebKit/WebKit/commit/08cc7f2e638ec5264e8832f2e1aeec225e0190cd
Author: Russell Epstein <repst...@apple.com>
Date: 2022-08-11 (Thu, 11 Aug 2022)
Changed paths:
M Source/WTF/Scripts/Preferences/WebPreferences.yaml
M Source/WebCore/loader/DocumentLoader.cpp
M Source/WebKit/UIProcess/API/C/WKPreferences.cpp
M Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm
Log Message:
-----------
Revert "Cherry-pick 3e51b624e5ec. rdar://problem/97275837"
This reverts commit 899003b833b6365ee59af86ee6842efcd607c47a.
Canonical link: https://commits.webkit.org/245886.828@safari-7613.4.1.0-branch
Commit: 78772cac166ad953efdfb42fd34fb6a3e4de96de
https://github.com/WebKit/WebKit/commit/78772cac166ad953efdfb42fd34fb6a3e4de96de
Author: Russell Epstein <repst...@apple.com>
Date: 2022-08-11 (Thu, 11 Aug 2022)
Changed paths:
M Source/JavaScriptCore/bytecode/BytecodeDumper.cpp
M Source/JavaScriptCore/bytecode/BytecodeDumper.h
M Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmAirIRGenerator.h
M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmB3IRGenerator.h
M Source/JavaScriptCore/wasm/WasmBBQPlan.cpp
M Source/JavaScriptCore/wasm/WasmBBQPlan.h
M Source/JavaScriptCore/wasm/WasmHandlerInfo.h
M Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h
M Source/JavaScriptCore/wasm/WasmOMGPlan.cpp
M Source/JavaScriptCore/wasm/WasmOMGPlan.h
M Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp
M Source/JavaScriptCore/wasm/WasmOSREntryPlan.h
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
Log Message:
-----------
Apply patch. rdar://problem/97021541
Canonical link: https://commits.webkit.org/245886.829@safari-7613.4.1.0-branch
Commit: 4434a3007d520b5f199ac307c5029f429a85c956
https://github.com/WebKit/WebKit/commit/4434a3007d520b5f199ac307c5029f429a85c956
Author: Russell Epstein <repst...@apple.com>
Date: 2022-08-11 (Thu, 11 Aug 2022)
Changed paths:
M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
Log Message:
-----------
Apply patch. rdar://problem/97263817
Canonical link: https://commits.webkit.org/245886.830@safari-7613.4.1.0-branch
Commit: 9eabbe4e332bc5d980370ae957e3a6fa6ac403d3
https://github.com/WebKit/WebKit/commit/9eabbe4e332bc5d980370ae957e3a6fa6ac403d3
Author: Russell Epstein <repst...@apple.com>
Date: 2022-08-11 (Thu, 11 Aug 2022)
Changed paths:
M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp
M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h
M Source/WebCore/Modules/indexeddb/shared/IDBResultData.cpp
M Source/WebCore/Modules/indexeddb/shared/IDBResultData.h
Log Message:
-----------
Apply patch. rdar://problem/97276161
Canonical link: https://commits.webkit.org/245886.831@safari-7613.4.1.0-branch
Commit: a539633a1b424371cc1a23d9547240b3fa57fc86
https://github.com/WebKit/WebKit/commit/a539633a1b424371cc1a23d9547240b3fa57fc86
Author: Richard Robinson <richard_robins...@apple.com>
Date: 2022-08-15 (Mon, 15 Aug 2022)
Changed paths:
M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm
Log Message:
-----------
Cherry-pick 02857c1a71fe. rdar://problem/97324281
Make PDF annotation creation more robust
https://bugs.webkit.org/show_bug.cgi?id=242781
rdar://96688395
Reviewed by Aditya Keerthi.
* Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm:
(WebKit::PDFPlugin::createPasswordEntryForm):
(WebKit::PDFPlugin::setActiveAnnotation):
Canonical link: https://commits.webkit.org/252513@main
Canonical link: https://commits.webkit.org/245886.832@safari-7613.4.1.0-branch
Commit: b0bd0f115d5e66aa3ccb375816eb5741a9146b56
https://github.com/WebKit/WebKit/commit/b0bd0f115d5e66aa3ccb375816eb5741a9146b56
Author: Per Arne Vollan <pvol...@apple.com>
Date: 2022-08-15 (Mon, 15 Aug 2022)
Changed paths:
M Source/WebCore/Modules/speech/SpeechRecognitionCaptureSourceImpl.cpp
M Source/WebCore/Modules/webaudio/MediaStreamAudioSourceCocoa.cpp
M Source/WebCore/platform/audio/cocoa/WebAudioBufferList.cpp
M Source/WebCore/platform/audio/cocoa/WebAudioBufferList.h
M Source/WebCore/platform/mock/MockAudioDestinationCocoa.h
Log Message:
-----------
Cherry-pick 659f5b107515. rdar://problem/97689284
Account for larger sample spaces in WebAudioBufferList
https://bugs.webkit.org/show_bug.cgi?id=243181
<rdar://97391151>
Reviewed by Chris Dumez.
Use size_t for sample count to account for larger sample spaces in
WebAudioBufferList.
* Source/WebCore/Modules/speech/SpeechRecognitionCaptureSourceImpl.cpp:
(WebCore::SpeechRecognitionCaptureSourceImpl::pullSamplesAndCallDataCallback):
* Source/WebCore/Modules/webaudio/MediaStreamAudioSourceCocoa.cpp:
(WebCore::MediaStreamAudioSource::consumeAudio):
* Source/WebCore/platform/audio/cocoa/WebAudioBufferList.cpp:
(WebCore::WebAudioBufferList::WebAudioBufferList):
(WebCore::computeBufferSizes):
(WebCore::WebAudioBufferList::isSupportedDescription):
(WebCore::WebAudioBufferList::setSampleCount):
* Source/WebCore/platform/audio/cocoa/WebAudioBufferList.h:
* Source/WebCore/platform/mediastream/mac/MockAudioSharedUnit.mm:
* Source/WebCore/platform/mock/MockAudioDestinationCocoa.h:
Canonical link: https://commits.webkit.org/252808@main
Canonical link: https://commits.webkit.org/245886.833@safari-7613.4.1.0-branch
Commit: 0504ebf2768d6d4d28dc8b385103b51317c05191
https://github.com/WebKit/WebKit/commit/0504ebf2768d6d4d28dc8b385103b51317c05191
Author: Alan Coon <alanc...@apple.com>
Date: 2022-08-15 (Mon, 15 Aug 2022)
Changed paths:
M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm
Log Message:
-----------
Revert 02857c1a71fe. rdar://problem/97324281
This reverts commit a539633a1b424371cc1a23d9547240b3fa57fc86.
Canonical link: https://commits.webkit.org/245886.834@safari-7613.4.1.0-branch
Commit: fd49f1b001dd08d8357087c072054706d95ad208
https://github.com/WebKit/WebKit/commit/fd49f1b001dd08d8357087c072054706d95ad208
Author: Alan Coon <alanc...@apple.com>
Date: 2022-09-01 (Thu, 01 Sep 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.5.1.0.1
Canonical link: https://commits.webkit.org/245886.835@safari-7613.4.1.0-branch
Commit: 353f9e53dea8066c2b45d771aa198beb0d573c85
https://github.com/WebKit/WebKit/commit/353f9e53dea8066c2b45d771aa198beb0d573c85
Author: Alan Coon <alanc...@apple.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.5.1.0.2
Canonical link: https://commits.webkit.org/245886.836@safari-7613.4.1.0-branch
Commit: fb27035017e464208f3b2ae98b3d4a551d8d035b
https://github.com/WebKit/WebKit/commit/fb27035017e464208f3b2ae98b3d4a551d8d035b
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGGraph.h
M Source/JavaScriptCore/dfg/DFGNode.h
M Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
M Source/JavaScriptCore/dfg/DFGNodeFlags.h
M Source/JavaScriptCore/dfg/DFGNodeType.h
Log Message:
-----------
Cherry-pick ef76e31a2a06. rdar://problem/99203199
[JSC] BakcwardPropagationPhase should carry NaN / Infinity handling
https://bugs.webkit.org/show_bug.cgi?id=242964
rdar://96791603
Reviewed by Mark Lam.
For correctness, we should carry NaN / Infinity handling to make it more
clear in the code generation site.
* Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupArithDivInt32):
(JSC::DFG::FixupPhase::fixupArithDiv):
* Source/JavaScriptCore/dfg/DFGGraph.h:
* Source/JavaScriptCore/dfg/DFGNode.h:
* Source/JavaScriptCore/dfg/DFGNodeFlags.cpp:
(JSC::DFG::dumpNodeFlags):
* Source/JavaScriptCore/dfg/DFGNodeFlags.h:
(JSC::DFG::bytecodeCanIgnoreNaNAndInfinity):
(JSC::DFG::nodeCanSpeculateInt32ForDiv):
* Source/JavaScriptCore/dfg/DFGNodeType.h:
Canonical link: https://commits.webkit.org/252675@main
Canonical link: https://commits.webkit.org/245886.837@safari-7613.4.1.0-branch
Commit: ef3bf06da387c8c91a940ab97d0780fe9ed24153
https://github.com/WebKit/WebKit/commit/ef3bf06da387c8c91a940ab97d0780fe9ed24153
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2022-09-23 (Fri, 23 Sep 2022)
Changed paths:
M Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGGraph.h
M Source/JavaScriptCore/dfg/DFGNode.h
M Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
M Source/JavaScriptCore/dfg/DFGNodeFlags.h
M Source/JavaScriptCore/dfg/DFGNodeType.h
Log Message:
-----------
Cherry-pick 0f4e2b68c124. rdar://problem/99203199
[JSC] Revert 252675@main and do simple fix for now
https://bugs.webkit.org/show_bug.cgi?id=243697
Reviewed by Mark Lam.
This patch revert 252675@main, and instead, just always emitting check for
div / mod,
because 252675@main caused JetStream2 regression.
* Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupArithDivInt32):
(JSC::DFG::FixupPhase::fixupArithDiv):
* Source/JavaScriptCore/dfg/DFGGraph.h:
* Source/JavaScriptCore/dfg/DFGNode.h:
* Source/JavaScriptCore/dfg/DFGNodeFlags.cpp:
(JSC::DFG::dumpNodeFlags):
* Source/JavaScriptCore/dfg/DFGNodeFlags.h:
(JSC::DFG::bytecodeCanIgnoreNaNAndInfinity): Deleted.
(JSC::DFG::nodeCanSpeculateInt32ForDiv): Deleted.
* Source/JavaScriptCore/dfg/DFGNodeType.h:
Canonical link: https://commits.webkit.org/253246@main
Canonical link: https://commits.webkit.org/245886.838@safari-7613.4.1.0-branch
Commit: cbf91c03915558ed09255cc753d3f6443ee7f783
https://github.com/WebKit/WebKit/commit/cbf91c03915558ed09255cc753d3f6443ee7f783
Author: Alan Coon <alanc...@apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.6.1.0.1
Canonical link: https://commits.webkit.org/245886.839@safari-7613.4.1.0-branch
Commit: 199ebb752dd8e5699ef7b1776cd9db0afe3d7e67
https://github.com/WebKit/WebKit/commit/199ebb752dd8e5699ef7b1776cd9db0afe3d7e67
Author: Alex Christensen <achristen...@webkit.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Source/WTF/wtf/URLHelpers.cpp
M Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm
Log Message:
-----------
Cherry-pick 16904a9a85c8. rdar://problem/101518562
Punycode all IPA extensions code points in URLs
https://bugs.webkit.org/show_bug.cgi?id=247289
rdar://101429376
Reviewed by Tim Horton.
* Source/WTF/wtf/URLHelpers.cpp:
(WTF::URLHelpers::isLookalikeCharacter):
* Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/256267@main
Canonical link: https://commits.webkit.org/245886.839@safari-7613.4.1.0-branch
Commit: 44e845aba9eb42d8118dce5c01c59539d9512ad3
https://github.com/WebKit/WebKit/commit/44e845aba9eb42d8118dce5c01c59539d9512ad3
Author: Alex Christensen <achristen...@webkit.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Source/WTF/wtf/URLHelpers.cpp
M Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm
Log Message:
-----------
Cherry-pick 85e478aae63c. rdar://problem/100623939
Punycode Arabic diacritics when not preceded by an Arabic code point in a
URL host
https://bugs.webkit.org/show_bug.cgi?id=247461
rdar://100426863
Reviewed by Said Abou-Hallawa.
* Source/WTF/wtf/URLHelpers.cpp:
(WTF::URLHelpers::isArabicDiacritic):
(WTF::URLHelpers::isArabicCodePoint):
(WTF::URLHelpers::isLookalikeCharacter):
* Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/256332@main
Canonical link: https://commits.webkit.org/245886.840@safari-7613.4.1.0-branch
Commit: 04050e1cb8356bc3902874006bd8c43ffad73d0d
https://github.com/WebKit/WebKit/commit/04050e1cb8356bc3902874006bd8c43ffad73d0d
Author: Alex Christensen <achristen...@webkit.org>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M LayoutTests/fast/encoding/idn-security-expected.txt
M LayoutTests/fast/encoding/idn-security.html
M Source/WTF/wtf/URLHelpers.cpp
M Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm
Log Message:
-----------
Cherry-pick a6c922ea6f05. rdar://problem/101518569
Punycode U+0E01 when in the context of non-Thai characters
https://bugs.webkit.org/show_bug.cgi?id=247287
rdar://101434628
Reviewed by Tim Horton.
* Source/WTF/wtf/URLHelpers.cpp:
(WTF::URLHelpers::isLookalikeCharacterOfScriptType<USCRIPT_THAI>):
(WTF::URLHelpers::isLookalikeCharacter):
* Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm:
(TestWebKitAPI::TEST):
Canonical link: https://commits.webkit.org/256276@main
Canonical link: https://commits.webkit.org/245886.841@safari-7613.4.1.0-branch
Commit: 34444ef889fb9b8778d7fe2b40c2a16880c36230
https://github.com/WebKit/WebKit/commit/34444ef889fb9b8778d7fe2b40c2a16880c36230
Author: Matt Woodrow <mattwood...@apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M
LayoutTests/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt
M
LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt
M
LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt
A
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt
A
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
Log Message:
-----------
Cherry-pick ad6383440b73. rdar://problem/101291011
Throw a DataCloneError when attempting to serialize an ImageBitmap without
the origin-clean flag.
https://bugs.webkit.org/show_bug.cgi?id=246783
<rdar://100901435>
Reviewed by Youenn Fablet.
The HTML spec expects us to reject serialization/transfer of ImageBitmaps
that don't have the origin-clean flag, rather
than tansferring them and tainting any <canvas> elements they get drawn to.
*
LayoutTests/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt:
*
LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt:
*
LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt:
*
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt:
*
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt:
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::dumpImageBitmap):
(WebCore::SerializedScriptValue::create):
Canonical link: https://commits.webkit.org/255882@main
Canonical link: https://commits.webkit.org/245886.842@safari-7613.4.1.0-branch
Commit: 5ab53f3b7c90100bd9d1eacbc4df091fc67eed95
https://github.com/WebKit/WebKit/commit/5ab53f3b7c90100bd9d1eacbc4df091fc67eed95
Author: Michael Saboff <msab...@apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
A JSTests/stress/regexp-strengthreduce-results-noholes.js
M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
Log Message:
-----------
Cherry-pick b0b694fd099f. rdar://problem/100902686
Strength reduction analyzes RegEx.exec incorrectly and generate a hole for
the result array
https://bugs.webkit.org/show_bug.cgi?id=245464
rdar://100494428
Reviewed by Mark Lam.
When employing RegExp.exec strength reductions, we need to create
"undefined" entries in the result array
instead of null entries per the EcmaScript spec for RegExp.match.
* JSTests/stress/regexp-strengthreduce-results-noholes.js: Added.
(runRegExp):
(assertSameAsFirstResult):
* Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
Canonical link: https://commits.webkit.org/256241@main
Canonical link: https://commits.webkit.org/245886.843@safari-7613.4.1.0-branch
Commit: 203a082fdd7b87e8a2e83f89e7f1b2fdc9eee58e
https://github.com/WebKit/WebKit/commit/203a082fdd7b87e8a2e83f89e7f1b2fdc9eee58e
Author: Kimmo Kinnunen <kkinnu...@apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M LayoutTests/fast/canvas/webgl/largeBuffer-expected.txt
M LayoutTests/fast/canvas/webgl/largeBuffer.html
A LayoutTests/platform/gtk/fast/canvas/webgl/largeBuffer-expected.txt
A LayoutTests/webgl/buffer-copysubdata-overlap-no-crash-expected.txt
A LayoutTests/webgl/buffer-copysubdata-overlap-no-crash.html
M LayoutTests/webgl/webgl-allow-shared-expected.txt
M Source/WebCore/html/canvas/WebGL2RenderingContext.cpp
M Source/WebCore/html/canvas/WebGL2RenderingContext.h
M Source/WebCore/html/canvas/WebGLBuffer.cpp
M Source/WebCore/html/canvas/WebGLBuffer.h
M Source/WebCore/html/canvas/WebGLRenderingContext.cpp
M Source/WebCore/html/canvas/WebGLRenderingContext.h
M Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp
M Source/WebCore/html/canvas/WebGLRenderingContextBase.h
Log Message:
-----------
Cherry-pick be0a403feb9d. rdar://problem/101591366
WebGL buffers maintain shadow copy
https://bugs.webkit.org/show_bug.cgi?id=245137
rdar://97453557
Reviewed by Kenneth Russell.
Remove the code caching the WebGL buffer data and size.
The data was used to assert that indices drawn with DrawElements are
in range for other buffers.
Remove the data, it is verified by ANGLE.
The size was used to assert that updates to the buffer are in range.
Since we do not check the success of the updates, we cannot cache the
size. The size is checked by ANGLE.
* LayoutTests/webgl/buffer-copysubdata-overlap-no-crash.html: Added.
* Source/WebCore/html/canvas/WebGL2RenderingContext.cpp:
(WebCore::WebGL2RenderingContext::copyBufferSubData):
(WebCore::WebGL2RenderingContext::getBufferSubData):
(WebCore::WebGL2RenderingContext::validateIndexArrayConservative): Deleted.
* Source/WebCore/html/canvas/WebGL2RenderingContext.h:
* Source/WebCore/html/canvas/WebGLBuffer.cpp:
(WebCore::WebGLBuffer::WebGLBuffer):
(WebCore::WebGLBuffer::associateBufferDataImpl):
(WebCore::WebGLBuffer::associateBufferSubDataImpl):
(WebCore::WebGLBuffer::associateCopyBufferSubData):
* Source/WebCore/html/canvas/WebGLBuffer.h:
* Source/WebCore/html/canvas/WebGLRenderingContext.cpp:
* Source/WebCore/html/canvas/WebGLRenderingContext.h:
* Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::bufferData):
(WebCore::WebGLRenderingContextBase::bufferSubData):
(WebCore::WebGLRenderingContextBase::validateVertexAttributes):
(WebCore::WebGLRenderingContextBase::validateDrawArrays):
(WebCore::WebGLRenderingContextBase::validateDrawElements):
* Source/WebCore/html/canvas/WebGLRenderingContextBase.h:
(WebCore::WebGLRenderingContextBase::getMaxIndex):
Canonical link: https://commits.webkit.org/254544@main
Canonical link: https://commits.webkit.org/245886.844@safari-7613.4.1.0-branch
Commit: 98c314b3d7f961c48123cae443675bdf26454bb1
https://github.com/WebKit/WebKit/commit/98c314b3d7f961c48123cae443675bdf26454bb1
Author: Yusuke Suzuki <ysuz...@apple.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Source/JavaScriptCore/dfg/DFGFailedFinalizer.h
M Source/JavaScriptCore/dfg/DFGFinalizer.h
M Source/JavaScriptCore/dfg/DFGJITFinalizer.h
M Source/JavaScriptCore/dfg/DFGPlan.cpp
M Source/JavaScriptCore/ftl/FTLJITFinalizer.h
Log Message:
-----------
Cherry-pick c4c58496ef4a. rdar://problem/101290752
[JSC] Simplify Finalization in DFG / FTL
https://bugs.webkit.org/show_bug.cgi?id=246724
rdar://101165751
Reviewed by Justin Michaud.
This patch simplifies DFG / FTL finalization by early returning failure
case.
* Source/JavaScriptCore/dfg/DFGFailedFinalizer.h:
* Source/JavaScriptCore/dfg/DFGFinalizer.h:
* Source/JavaScriptCore/dfg/DFGJITFinalizer.h:
* Source/JavaScriptCore/dfg/DFGPlan.cpp:
(JSC::DFG::Plan::finalize):
* Source/JavaScriptCore/ftl/FTLJITFinalizer.h:
Canonical link: https://commits.webkit.org/255714@main
Canonical link: https://commits.webkit.org/245886.845@safari-7613.4.1.0-branch
Commit: e7eaf1f8634dc7f55ef19ef808ba658bff7e6060
https://github.com/WebKit/WebKit/commit/e7eaf1f8634dc7f55ef19ef808ba658bff7e6060
Author: Yijia Huang <hyjo...@gmail.com>
Date: 2022-11-09 (Wed, 09 Nov 2022)
Changed paths:
M Source/JavaScriptCore/dfg/DFGClobberize.h
Log Message:
-----------
Cherry-pick fd57a49d07c9. rdar://problem/100903734
[JSC] Should model BigInt with side effects
https://bugs.webkit.org/show_bug.cgi?id=246291
rdar://100494823
Reviewed by Yusuke Suzuki.
Operations with two BigInt operands have side effects,
which should not be hoisted from loops.
* Source/JavaScriptCore/dfg/DFGClobberize.cpp:
(JSC::DFG::doesWrites):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
Canonical link: https://commits.webkit.org/255368@main
Canonical link: https://commits.webkit.org/245886.846@safari-7613.4.1.0-branch
Commit: 3117d671e8053960f9912b564b94cb4bc0e3a537
https://github.com/WebKit/WebKit/commit/3117d671e8053960f9912b564b94cb4bc0e3a537
Author: Alan Coon <alanc...@apple.com>
Date: 2022-11-15 (Tue, 15 Nov 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.6.1.0.2
Canonical link: https://commits.webkit.org/245886.847@safari-7613.4.1.0-branch
Commit: 60823f4925076fa93d2b2e2758e5317cdf80c46c
https://github.com/WebKit/WebKit/commit/60823f4925076fa93d2b2e2758e5317cdf80c46c
Author: David Degazio <d_dega...@apple.com>
Date: 2022-11-15 (Tue, 15 Nov 2022)
Changed paths:
A JSTests/stress/intl-locale-invalid-hourCycles.js
M Source/JavaScriptCore/runtime/IntlLocale.cpp
Log Message:
-----------
Cherry-pick 86fbeb6fcd63. rdar://problem/102251589
Intl.Locale.prototype.hourCycles leaks empty JSValue to script
https://bugs.webkit.org/show_bug.cgi?id=247562
rdar://102031379
Reviewed by Mark Lam.
We currently don't check if IntlLocale::hourCycles returns a null JSArray,
which allows it
to be encoded as an empty JSValue and exposed to user code. This patch
throws a TypeError
when udatpg_open returns a failed status.
* JSTests/stress/intl-locale-invalid-hourCycles.js: Added.
(main):
* Source/JavaScriptCore/runtime/IntlLocale.cpp:
(JSC::IntlLocale::hourCycles):
Canonical link: https://commits.webkit.org/256473@main
Canonical link: https://commits.webkit.org/245886.848@safari-7613.4.1.0-branch
Commit: a333f4e99c1e872b6a4cc3527f06b2a985e13c47
https://github.com/WebKit/WebKit/commit/a333f4e99c1e872b6a4cc3527f06b2a985e13c47
Author: Russell Epstein <repst...@apple.com>
Date: 2022-11-28 (Mon, 28 Nov 2022)
Changed paths:
M Source/JavaScriptCore/Configurations/Version.xcconfig
M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
M Source/WebCore/Configurations/Version.xcconfig
M Source/WebCore/PAL/Configurations/Version.xcconfig
M Source/WebGPU/Configurations/Version.xcconfig
M Source/WebInspectorUI/Configurations/Version.xcconfig
M Source/WebKit/Configurations/Version.xcconfig
M Source/WebKitLegacy/mac/Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7613.6.1.0.3
Canonical link: https://commits.webkit.org/245886.849@safari-7613.4.1.0-branch
Commit: 9a529fd127ee65b2bf755781b2bb3ea6d13bf0b3
https://github.com/WebKit/WebKit/commit/9a529fd127ee65b2bf755781b2bb3ea6d13bf0b3
Author: Mark Lam <mark....@apple.com>
Date: 2022-11-28 (Mon, 28 Nov 2022)
Changed paths:
A JSTests/stress/speculate-real-number-in-object-is.js
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Log Message:
-----------
Cherry-pick 71cdc1c09ef1. rdar://problem/102718559
The provenType filtering in FTL's speculateRealNumber is incorrect.
https://bugs.webkit.org/show_bug.cgi?id=248266
<rdar://problem/102531234>
Reviewed by Justin Michaud.
speculateRealNumber does a doubleEqual compare, which filters out double
values which
are not NaN. NaN values will fall through to the `intCase` block. In the
`intCase` block,
the isNotInt32() check there was given a proven type that wrongly filters
out ~SpecFullDouble.
Consider a scenario where the edge was proven to be { SpecInt32Only,
SpecDoubleReal,
SpecDoublePureNaN }. SpecFullDouble is defined as SpecDoubleReal |
SpecDoubleNaN, and
SpecDoubleNaN is defined as SpecDoublePureNaN | SpecDoubleImpureNaN.
Hence, the filtering
of the proven type with ~SpecFullDouble means that isNotInt32() will
effectively be given
a proven type of
{ SpecInt32Only, SpecDoubleReal, SpecDoublePureNaN } - {
SpecDoubleReal, SpecDoublePureNaN }
which yields
{ SpecInt32Only }.
As a result, the compiler will think that that isNotIn32() check will
always fail. This
is not correct if the actual incoming value for that edge is actually a
PureNaN. In this
case, speculateRealNumber should have OSR exited, but it doesn't because it
thinks that
the isNotInt32() check will always fail and elide the check altogether.
In this patch, we fix this by replacing the ~SpecFullDouble with
~SpecDoubleReal. We also
rename the `intCase` block to `intOrNaNCase` to document what it actually
handles.
* JSTests/stress/speculate-real-number-in-object-is.js: Added.
(test.object_is_opt):
(test):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
Canonical link: https://commits.webkit.org/252432.839@safari-7614-branch
Canonical link: https://commits.webkit.org/245886.850@safari-7613.4.1.0-branch
Compare: https://github.com/WebKit/WebKit/compare/906929f11e55%5E...9a529fd127ee
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
