Branch: refs/heads/safari-7618.2.12.11-branch Home: https://github.com/WebKit/WebKit Commit: 81f909247af06819839196e4f9979c94698cfd35 https://github.com/WebKit/WebKit/commit/81f909247af06819839196e4f9979c94698cfd35 Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-15 (Mon, 15 Apr 2024)
Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.11.1 Canonical link: https://commits.webkit.org/272448.932@safari-7618.2.12.11-branch Commit: 89cc7e8043da967517b409ebbcee648c38499638 https://github.com/WebKit/WebKit/commit/89cc7e8043da967517b409ebbcee648c38499638 Author: Chris Dumez <cdu...@apple.com> Date: 2024-04-16 (Tue, 16 Apr 2024) Changed paths: M Source/WebKit/Shared/AuxiliaryProcess.h M Source/WebKit/Shared/AuxiliaryProcess.messages.in M Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h M Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm Log Message: ----------- Cherry-pick d6540a38e780. rdar://126492909 Regression(277427@main) Crash under AuxiliaryProcessProxy::notifyPreferencesChanged() https://bugs.webkit.org/show_bug.cgi?id=272695 rdar://126492909 Reviewed by Per Arne Vollan. We were using a HashMap to store preferences whose key was a std::pair<String, String>. The first String was the domain and the second the preference name. However, for global preferences, the domain is null, causing a crash when hashing the key. To address an issue, we now store global preferences in a separate HashMap. * Source/WebKit/Shared/AuxiliaryProcess.h: * Source/WebKit/Shared/AuxiliaryProcess.messages.in: * Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm: (WebKit::AuxiliaryProcess::preferencesDidUpdate): * Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp: (WebKit::AuxiliaryProcessProxy::didChangeThrottleState): * Source/WebKit/UIProcess/AuxiliaryProcessProxy.h: * Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm: (WebKit::AuxiliaryProcessProxy::notifyPreferencesChanged): Canonical link: https://commits.webkit.org/277514@main Commit: a66b8dac4cca3f9c9236fe49cfb0c03e683e353c https://github.com/WebKit/WebKit/commit/a66b8dac4cca3f9c9236fe49cfb0c03e683e353c Author: Yijia Huang <yijia_hu...@apple.com> Date: 2024-04-16 (Tue, 16 Apr 2024) Changed paths: M Source/JavaScriptCore/CMakeLists.txt M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/runtime/CachedTypes.cpp A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp M Source/WTF/wtf/spi/darwin/dyldSPI.h Log Message: ----------- Cherry-pick eff5765b8477. rdar://126195542 [JSC] Use JavaScriptCore framework dyld UUID for computing bytecode cache version https://bugs.webkit.org/show_bug.cgi?id=272660 rdar://126195542 Reviewed by Yusuke Suzuki. Previously, we used the JSCBuiltins.o, CachedTypes.o, and project source version number for computing JSC bytecode cache version. That may not strong enough to reject a stale bytecode cache. This patch utilizes JavaScriptCore.framework’s UUID to compute the bytecode cache hash version for Darwin OSes and uses __TIMESTAMP__ for the others. * Source/JavaScriptCore/CMakeLists.txt: * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/Sources.txt: * Source/JavaScriptCore/runtime/CachedTypes.cpp: (JSC::GenericCacheEntry::GenericCacheEntry): (JSC::GenericCacheEntry::isUpToDate const): * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp: Added. (JSC::computeJSCBytecodeCacheVersion): * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in: Removed. * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h: Canonical link: https://commits.webkit.org/277548@main Commit: dfdaa2bacaeab99d2945d1081727c922e4dcb09e https://github.com/WebKit/WebKit/commit/dfdaa2bacaeab99d2945d1081727c922e4dcb09e Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-16 (Tue, 16 Apr 2024) Changed paths: M Source/JavaScriptCore/CMakeLists.txt M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/runtime/CachedTypes.cpp R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp M Source/WTF/wtf/spi/darwin/dyldSPI.h Log Message: ----------- Revert "[JSC] Use JavaScriptCore framework dyld UUID for computing bytecode cache version" ull request #17881: rdar://109546827 (Screenshot received in transcript shown stretched on Mac (but not on iPhone)) This reverts commit eff5765b8477190745b7957c20f46e56c6e89fb5. Commit: 1f1f4809aec17313a7cf422e97cfb0ab1dd667b4 https://github.com/WebKit/WebKit/commit/1f1f4809aec17313a7cf422e97cfb0ab1dd667b4 Author: Dan Robson <dtr_bugzi...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.11.2 Canonical link: https://commits.webkit.org/272448.936@safari-7618.2.12.11-branch Commit: cd4a1e1d77a3bb89ce2dbd1402a2fd8f09331586 https://github.com/WebKit/WebKit/commit/cd4a1e1d77a3bb89ce2dbd1402a2fd8f09331586 Author: Dan Robson <dtr_bugzi...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/JavaScriptCore/CMakeLists.txt M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/bytecode/ExpressionInfo.h M Source/JavaScriptCore/runtime/CachedTypes.cpp M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp M Source/WTF/wtf/spi/darwin/dyldSPI.h Log Message: ----------- Cherry-pick eff5765b8477. rdar://126195542 [JSC] Use JavaScriptCore framework dyld UUID for computing bytecode cache version https://bugs.webkit.org/show_bug.cgi?id=272660 rdar://126195542 Reviewed by Yusuke Suzuki. Previously, we used the JSCBuiltins.o, CachedTypes.o, and project source version number for computing JSC bytecode cache version. That may not strong enough to reject a stale bytecode cache. This patch utilizes JavaScriptCore.framework’s UUID to compute the bytecode cache hash version for Darwin OSes and uses __TIMESTAMP__ for the others. * Source/JavaScriptCore/CMakeLists.txt: * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/Sources.txt: * Source/JavaScriptCore/runtime/CachedTypes.cpp: (JSC::GenericCacheEntry::GenericCacheEntry): (JSC::GenericCacheEntry::isUpToDate const): * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp: Added. (JSC::computeJSCBytecodeCacheVersion): * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in: Removed. * Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h: Canonical link: https://commits.webkit.org/277548@main Canonical link: https://commits.webkit.org/272448.937@safari-7618.2.12.11-branch Commit: b836cac34e6be538836fe6d41b55384359ee9fe7 https://github.com/WebKit/WebKit/commit/b836cac34e6be538836fe6d41b55384359ee9fe7 Author: Tyler Wilcock <tyle...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp Log Message: ----------- Cherry-pick f8bf94a9121b. rdar://126567078 Add missing handling of AXPropertyName::AccessibilityText in AXIsolatedTree::updateNodeProperties rdar://126567078 Reviewed by Chris Fleizach. Without explicitly handling this property, dynamic updates to it get dropped, causing stale content. * Source/WebCore/accessibility/isolatedtree/AXIsolatedTree.cpp: (WebCore::AXIsolatedTree::updateNodeProperties): Canonical link: https://commits.webkit.org/272448.934@safari-7618-branch Canonical link: https://commits.webkit.org/272448.938@safari-7618.2.12.11-branch Commit: 75d587309429cd9b1cc2333548a0d79475ebc8bd https://github.com/WebKit/WebKit/commit/75d587309429cd9b1cc2333548a0d79475ebc8bd Author: Per Arne Vollan <pvol...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/WebKit/Platform/cocoa/XPCUtilities.h M Source/WebKit/Platform/cocoa/XPCUtilities.mm M Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm M Source/WebKit/Shared/Cocoa/XPCEndpoint.mm M Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm Log Message: ----------- Cherry-pick 3c2c899f692d. rdar://126479653 WebKit process termination with xpc_connection_kill does not always work https://bugs.webkit.org/show_bug.cgi?id=272669 rdar://126479653 Reviewed by Chris Dumez. WebKit process termination with xpc_connection_kill does not always work. We are currently seeing flaky termination behavior on macOS, where the child processes are not always terminated successfully. Additionally, on iOS, the XPC connection has become anonymous due to migration to extensions for WebKit processes, and xpc_connection_kill does not support anonymous connections. This patch addresses this issue by creating and sending a XPC message to the child process to request termination. This has a high chance of success, since we know that the XPC connection termination watchdog is holding a background assertion on the process, so it is not suspended. Additionally, the XPC message is being handled on the XPC event handler thread, which is handling very few messages, so it is very unlikely that it is blocked and cannot handle the message. This gives the process a chance to exit cleanly and send a reply back. If the UI process does not receive the expected reply, it will try calling xpc_connection_kill. * Source/WebKit/Platform/cocoa/XPCUtilities.h: * Source/WebKit/Platform/cocoa/XPCUtilities.mm: (WebKit::terminateWithReason): (WebKit::handleXPCExitMessage): * Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm: (WebKit::AuthenticationManager::initializeConnection): * Source/WebKit/Shared/Cocoa/XPCEndpoint.mm: (WebKit::XPCEndpoint::XPCEndpoint): * Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm: (WebKit::XPCServiceEventHandler): Canonical link: https://commits.webkit.org/277509@main Commit: ccb5865f5b57e08b24d8d7b3b59440bd19fdfe94 https://github.com/WebKit/WebKit/commit/ccb5865f5b57e08b24d8d7b3b59440bd19fdfe94 Author: Per Arne Vollan <pvol...@apple.com> Date: 2024-04-17 (Wed, 17 Apr 2024) Changed paths: M Source/WebKit/Platform/cocoa/XPCUtilities.mm Log Message: ----------- Cherry-pick 1bfeac262aa5. rdar://126479653 Compile fix after <https://commits.webkit.org/277509@main> https://bugs.webkit.org/show_bug.cgi?id=272824 rdar://126479653 Unreviewed compile fix. * Source/WebKit/Platform/cocoa/XPCUtilities.mm: Canonical link: https://commits.webkit.org/277621@main Commit: 6d89b5441636e5b512e2dd3151c863cb87f1e9dc https://github.com/WebKit/WebKit/commit/6d89b5441636e5b512e2dd3151c863cb87f1e9dc Author: Ryosuke Niwa <rn...@webkit.org> Date: 2024-04-18 (Thu, 18 Apr 2024) Changed paths: M Source/WebKit/UIProcess/mac/WebViewImpl.mm Log Message: ----------- Cherry-pick 9b8a9a91f89a. rdar://125534586 Make WKWindowVisibilityObserver more robust https://bugs.webkit.org/show_bug.cgi?id=272605 <rdar://125534586> Reviewed by Sihui Liu and Wenson Hsieh. This PR makes WKWindowVisibilityObserver more robust by remembering the observed NSWindow and automatically stop observing NSWindow in dealloc, startObserving, and ~WebViewImpl. Always unregister KVO from the shared font panel if _shouldObserveFontPanel is set to YES in stopObserving before exiting early for _window being nil. This fixes Mail's top crasher. This PR also deploys __weak and WeakPtr to WKWindowVisibilityObserver to safe guard against any kind of use-after-free bugs. Also assert that we're on the main thread in various places. * Source/WebKit/UIProcess/mac/WebViewImpl.mm: (-[WKWindowVisibilityObserver initWithView:impl:]): (-[WKWindowVisibilityObserver dealloc]): (-[WKWindowVisibilityObserver startObserving:]): (-[WKWindowVisibilityObserver stopObserving]): (-[WKWindowVisibilityObserver enableObservingFontPanel]): Added. (-[WKWindowVisibilityObserver startObservingFontPanel]): (-[WKWindowVisibilityObserver startObservingLookupDismissalIfNeeded]): (-[WKWindowVisibilityObserver _windowDidOrderOnScreen:]): (-[WKWindowVisibilityObserver _windowDidOrderOffScreen:]): (-[WKWindowVisibilityObserver _windowDidBecomeKey:]): (-[WKWindowVisibilityObserver _windowDidResignKey:]): (-[WKWindowVisibilityObserver _windowDidMiniaturize:]): (-[WKWindowVisibilityObserver _windowDidDeminiaturize:]): (-[WKWindowVisibilityObserver _windowDidMove:]): (-[WKWindowVisibilityObserver _windowDidResize:]): (-[WKWindowVisibilityObserver _windowWillBeginSheet:]): (-[WKWindowVisibilityObserver _windowDidChangeBackingProperties:]): (-[WKWindowVisibilityObserver _windowDidChangeScreen:]): (-[WKWindowVisibilityObserver _windowDidChangeLayerHosting:]): (-[WKWindowVisibilityObserver _windowDidChangeOcclusionState:]): (-[WKWindowVisibilityObserver _screenDidChangeColorSpace:]): (-[WKWindowVisibilityObserver observeValueForKeyPath:ofObject:change:context:]): (-[WKWindowVisibilityObserver _dictionaryLookupPopoverWillClose:]): (-[WKWindowVisibilityObserver _activeSpaceDidChange:]): (WebKit::WebViewImpl::~WebViewImpl): (WebKit::WebViewImpl::viewWillMoveToWindowImpl): (WebKit::WebViewImpl::didBecomeEditable): Canonical link: https://commits.webkit.org/277625@main Commit: 00eaa0e0fc811de12616947e3ead654770326221 https://github.com/WebKit/WebKit/commit/00eaa0e0fc811de12616947e3ead654770326221 Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-18 (Thu, 18 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.11.3 Canonical link: https://commits.webkit.org/272448.942@safari-7618.2.12.11-branch Commit: c60465f5108c8246ba0f858b64cb2dd58496038c https://github.com/WebKit/WebKit/commit/c60465f5108c8246ba0f858b64cb2dd58496038c Author: Dan Robson <dtr_bugzi...@apple.com> Date: 2024-04-22 (Mon, 22 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.11.4 Canonical link: https://commits.webkit.org/272448.943@safari-7618.2.12.11-branch Commit: a60a6226a8e31fd653efd472a6edda895f0e8cae https://github.com/WebKit/WebKit/commit/a60a6226a8e31fd653efd472a6edda895f0e8cae Author: Keith Miller <keith_mil...@apple.com> Date: 2024-04-22 (Mon, 22 Apr 2024) Changed paths: M Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp M Source/JavaScriptCore/jit/ThunkGenerators.cpp M Source/JavaScriptCore/llint/LLIntThunks.cpp M Source/JavaScriptCore/runtime/Options.cpp M Source/JavaScriptCore/runtime/OptionsList.h M Source/WTF/wtf/PtrTag.h M Source/WebKit/WebProcess/WebProcess.cpp M Tools/Scripts/run-jsc-stress-tests Log Message: ----------- Cherry-pick f442fbe222f3. rdar://125596635 Make it harder to get a PAC signing gadget in JIT code. https://bugs.webkit.org/show_bug.cgi?id=272750 rdar://125596635 Reviewed by Yusuke Suzuki. Right now if an attacker can control where code is allocated they can overlap code to create a PAC bypass. This patch makes that harder (in the WebContent process) by only allowing pacibsp and pacizb. This means that during arity fixup we now tag the return PC with pacizb. This is ok because we don't use the zero diversifier for anything. For reifying inlined call frames during OSR exit things are a bit more complicated. First we have be careful to only move signed return addresses into lr then untag them there. Also, we have to shuffle SP to point to where it would in reified frame. This means that there is technically live data below our SP, which on many OSes causes problems. Talking to our kernel folks however this isn't a problem as long as we don't have any signal handlers or run lldb expressions in this window. We don't use signal handlers in the WebContent process and this patch tries to limit/document the window of JIT code where lldb would trash the stack. * Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h: (JSC::MacroAssemblerARM64E::tagPtr): * Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp: (JSC::DFG::reifyInlinedCallFrames): (JSC::AssemblyHelpers::transferReturnPC): * Source/JavaScriptCore/jit/ThunkGenerators.cpp: (JSC::arityFixupGenerator): * Source/JavaScriptCore/llint/LLIntThunks.cpp: (JSC::LLInt::tagGateThunk): (JSC::LLInt::untagGateThunk): * Source/JavaScriptCore/runtime/OptionsList.h: * Source/WTF/wtf/PtrTag.h: * Source/WebKit/WebProcess/WebProcess.cpp: (WebKit::WebProcess::initializeProcess): * Tools/Scripts/run-jsc-stress-tests: Canonical link: https://commits.webkit.org/272448.948@safari-7618-branch Canonical link: https://commits.webkit.org/272448.944@safari-7618.2.12.11-branch Commit: dd75c8b09a43f3152dc89f97fc5c1b931b624f27 https://github.com/WebKit/WebKit/commit/dd75c8b09a43f3152dc89f97fc5c1b931b624f27 Author: Dan Robson <dtr_bugzi...@apple.com> Date: 2024-04-24 (Wed, 24 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.11.5 Canonical link: https://commits.webkit.org/272448.945@safari-7618.2.12.11-branch Commit: da624b17c0e9947791ceefc1cdc01601b7955fdd https://github.com/WebKit/WebKit/commit/da624b17c0e9947791ceefc1cdc01601b7955fdd Author: Kimmo Kinnunen <kkinnu...@apple.com> Date: 2024-04-24 (Wed, 24 Apr 2024) Changed paths: M Source/ThirdParty/ANGLE/src/compiler/translator/msl/Name.cpp M Source/ThirdParty/ANGLE/src/compiler/translator/msl/TranslatorMSL.cpp M Source/ThirdParty/ANGLE/src/tests/gl_tests/GLSLTest.cpp Log Message: ----------- Cherry-pick bce91c8033e3. rdar://126944294 WebGL fails to compile shaders with out variables that are arrays and start with underscore rdar://126944294 Reviewed by Chris Dumez. Integrates upstream commit: commit e0e91b8cbb2e096d2d009cd0d1fbe20d785f2263 Author: Kimmo Kinnunen <kkinnu...@apple.com> Date: Mon Apr 22 18:11:30 2024 -0700 Metal: Fix rewritten out variables with underscores Fix compilation in case of output variables start with underscores. Make name emission always emit MSL name ANGLE_{name}, so that GLSL `_e` and `e` cannot clash. This regressed in angleproject:8558. Bug: b/335744344 Change-Id: Ibae4dba4a24888acc1461582e69d48218ba11176 Canonical link: https://commits.webkit.org/272448.959@safari-7618-branch Canonical link: https://commits.webkit.org/272448.946@safari-7618.2.12.11-branch Commit: 0ab7920cdaf2b7c9aa743a13d1958b9a12f43f15 https://github.com/WebKit/WebKit/commit/0ab7920cdaf2b7c9aa743a13d1958b9a12f43f15 Author: Dan Robson <dtr_bugzi...@apple.com> Date: 2024-04-24 (Wed, 24 Apr 2024) Changed paths: M Source/ThirdParty/ANGLE/src/compiler/translator/msl/Name.cpp M Source/ThirdParty/ANGLE/src/compiler/translator/msl/TranslatorMSL.cpp M Source/ThirdParty/ANGLE/src/tests/gl_tests/GLSLTest.cpp Log Message: ----------- Revert "Cherry-pick bce91c8033e3. rdar://126944294" This reverts commit da624b17c0e9947791ceefc1cdc01601b7955fdd. Canonical link: https://commits.webkit.org/272448.947@safari-7618.2.12.11-branch Commit: d5d9247df66196f0cb59bd56e228370ed952fe4f https://github.com/WebKit/WebKit/commit/d5d9247df66196f0cb59bd56e228370ed952fe4f Author: Mohsin Qureshi <mohs...@apple.com> Date: 2024-04-29 (Mon, 29 Apr 2024) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7618.2.12.11.6 Canonical link: https://commits.webkit.org/272448.948@safari-7618.2.12.11-branch Compare: https://github.com/WebKit/WebKit/compare/81f909247af0%5E...d5d9247df661 To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes