[webkit-changes] [258460] trunk/Source
Title: [258460] trunk/Source
Revision 258460
Author sbar...@apple.com
Date 2020-03-13 21:11:44 -0700 (Fri, 13 Mar 2020)
Log Message
configSizeToProtect should be 16KB
https://bugs.webkit.org/show_bug.cgi?id=209068
Reviewed by Keith Miller.
Source/bmalloc:
* bmalloc/Gigacage.h:
Source/_javascript_Core:
* runtime/JSCConfig.h:
Modified Paths
trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/runtime/JSCConfig.cpp
trunk/Source/_javascript_Core/runtime/JSCConfig.h
trunk/Source/bmalloc/ChangeLog
trunk/Source/bmalloc/bmalloc/Gigacage.h
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (258459 => 258460)
--- trunk/Source/_javascript_Core/ChangeLog 2020-03-14 03:11:34 UTC (rev 258459)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-03-14 04:11:44 UTC (rev 258460)
@@ -1,3 +1,12 @@
+2020-03-13 Saam Barati
+
+configSizeToProtect should be 16KB
+https://bugs.webkit.org/show_bug.cgi?id=209068
+
+Reviewed by Keith Miller.
+
+* runtime/JSCConfig.h:
+
2020-03-13 Yusuke Suzuki
Unreviewed, fix JSC / test262 tests
Modified: trunk/Source/_javascript_Core/runtime/JSCConfig.cpp (258459 => 258460)
--- trunk/Source/_javascript_Core/runtime/JSCConfig.cpp 2020-03-14 03:11:34 UTC (rev 258459)
+++ trunk/Source/_javascript_Core/runtime/JSCConfig.cpp 2020-03-14 04:11:44 UTC (rev 258460)
@@ -37,7 +37,7 @@
namespace JSC {
-alignas(PageSize) JS_EXPORT_PRIVATE Config g_jscConfig;
+alignas(ConfigSizeToProtect) JS_EXPORT_PRIVATE Config g_jscConfig;
void Config::disableFreezingForTesting()
{
Modified: trunk/Source/_javascript_Core/runtime/JSCConfig.h (258459 => 258460)
--- trunk/Source/_javascript_Core/runtime/JSCConfig.h 2020-03-14 03:11:34 UTC (rev 258459)
+++ trunk/Source/_javascript_Core/runtime/JSCConfig.h 2020-03-14 04:11:44 UTC (rev 258460)
@@ -34,14 +34,8 @@
class FixedVMPoolExecutableAllocator;
class VM;
-#if CPU(ARM64) || PLATFORM(WATCHOS)
-constexpr size_t PageSize = 16 * KB;
-#else
-constexpr size_t PageSize = 4 * KB;
-#endif
+constexpr size_t ConfigSizeToProtect = 16 * KB;
-constexpr size_t ConfigSizeToProtect = PageSize;
-
#if ENABLE(SEPARATED_WX_HEAP)
using JITWriteSeparateHeapsFunction = void (*)(off_t, const void*, size_t);
#endif
@@ -90,9 +84,8 @@
};
};
-extern "C" alignas(PageSize) JS_EXPORT_PRIVATE Config g_jscConfig;
+extern "C" alignas(ConfigSizeToProtect) JS_EXPORT_PRIVATE Config g_jscConfig;
static_assert(sizeof(Config) == ConfigSizeToProtect, "");
-static_assert(roundUpToMultipleOf(ConfigSizeToProtect) == ConfigSizeToProtect, "");
} // namespace JSC
Modified: trunk/Source/bmalloc/ChangeLog (258459 => 258460)
--- trunk/Source/bmalloc/ChangeLog 2020-03-14 03:11:34 UTC (rev 258459)
+++ trunk/Source/bmalloc/ChangeLog 2020-03-14 04:11:44 UTC (rev 258460)
@@ -1,3 +1,12 @@
+2020-03-13 Saam Barati
+
+configSizeToProtect should be 16KB
+https://bugs.webkit.org/show_bug.cgi?id=209068
+
+Reviewed by Keith Miller.
+
+* bmalloc/Gigacage.h:
+
2020-03-09 Mike Gorse
Build failure on ppc64le if __unix is undefined
Modified: trunk/Source/bmalloc/bmalloc/Gigacage.h (258459 => 258460)
--- trunk/Source/bmalloc/bmalloc/Gigacage.h 2020-03-14 03:11:34 UTC (rev 258459)
+++ trunk/Source/bmalloc/bmalloc/Gigacage.h 2020-03-14 04:11:44 UTC (rev 258460)
@@ -66,16 +66,16 @@
#if GIGACAGE_ENABLED
+constexpr size_t configSizeToProtect = 16 * bmalloc::Sizes::kB;
+
#if BOS_EFFECTIVE_ADDRESS_WIDTH < 48
constexpr size_t primitiveGigacageSize = 2 * bmalloc::Sizes::GB;
constexpr size_t jsValueGigacageSize = 2 * bmalloc::Sizes::GB;
constexpr size_t maximumCageSizeReductionForSlide = bmalloc::Sizes::GB / 4;
-constexpr size_t configSizeToProtect = 16 * bmalloc::Sizes::kB;
#else
constexpr size_t primitiveGigacageSize = 32 * bmalloc::Sizes::GB;
constexpr size_t jsValueGigacageSize = 16 * bmalloc::Sizes::GB;
constexpr size_t maximumCageSizeReductionForSlide = 4 * bmalloc::Sizes::GB;
-constexpr size_t configSizeToProtect = 4 * bmalloc::Sizes::kB;
#endif
// In Linux, if `vm.overcommit_memory = 2` is specified, mmap with large size can fail if it exceeds the size of RAM.
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [258459] trunk
Title: [258459] trunk Revision 258459 Author s...@apple.com Date 2020-03-13 20:11:34 -0700 (Fri, 13 Mar 2020) Log Message SVGMatrix should have the access right of its owner SVGTransform always https://bugs.webkit.org/show_bug.cgi?id=207462 Reviewed by Simon Fraser. Source/WebCore: The SVGMatrix needs to be reattached to its owner SVGTransform when the access right of this owner changes. The access right of the owner changes when it gets attached to or detached from a higher level owner. Test: svg/dom/SVGTransformList-anim-read-only.html * svg/SVGTransform.h: * svg/properties/SVGProperty.h: (WebCore::SVGProperty::attach): (WebCore::SVGProperty::detach): (WebCore::SVGProperty::reattach): LayoutTests: * svg/dom/SVGTransformList-anim-read-only-expected.txt: Added. * svg/dom/SVGTransformList-anim-read-only.html: Added. Modified Paths trunk/LayoutTests/ChangeLog trunk/Source/WebCore/ChangeLog trunk/Source/WebCore/svg/SVGTransform.h trunk/Source/WebCore/svg/properties/SVGProperty.h Added Paths trunk/LayoutTests/svg/dom/SVGTransformList-anim-read-only-expected.txt trunk/LayoutTests/svg/dom/SVGTransformList-anim-read-only.html Diff Modified: trunk/LayoutTests/ChangeLog (258458 => 258459) --- trunk/LayoutTests/ChangeLog 2020-03-14 02:10:54 UTC (rev 258458) +++ trunk/LayoutTests/ChangeLog 2020-03-14 03:11:34 UTC (rev 258459) @@ -1,3 +1,13 @@ +2020-03-13 Said Abou-Hallawa + +SVGMatrix should have the access right of its owner SVGTransform always +https://bugs.webkit.org/show_bug.cgi?id=207462 + +Reviewed by Simon Fraser. + +* svg/dom/SVGTransformList-anim-read-only-expected.txt: Added. +* svg/dom/SVGTransformList-anim-read-only.html: Added. + 2020-03-13 Zalan Bujtas [Tree building] Block::attachIgnoringContinuation should allow inline tables as before child container Added: trunk/LayoutTests/svg/dom/SVGTransformList-anim-read-only-expected.txt (0 => 258459) --- trunk/LayoutTests/svg/dom/SVGTransformList-anim-read-only-expected.txt (rev 0) +++ trunk/LayoutTests/svg/dom/SVGTransformList-anim-read-only-expected.txt 2020-03-14 03:11:34 UTC (rev 258459) @@ -0,0 +1,28 @@ +This test checks the read-only property of SVGTransformList.animVal + +On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". + + + +Check SVGAnimatedTransformList.animVal is a readonly SVGTransformList +PASS transformAnim.appendItem(t) threw exception NoModificationAllowedError: The object can not be modified.. +PASS transformAnim.clear() threw exception NoModificationAllowedError: The object can not be modified.. +PASS transformAnim.initialize(t) threw exception NoModificationAllowedError: The object can not be modified.. +PASS transformAnim.insertItemBefore(t, 0) threw exception NoModificationAllowedError: The object can not be modified.. +PASS transformAnim.replaceItem(t, 0) threw exception NoModificationAllowedError: The object can not be modified.. +PASS transformAnim.removeItem(0) threw exception NoModificationAllowedError: The object can not be modified.. +PASS transformAnim(0) = t threw exception ReferenceError: Left side of assignment is not a reference.. + +Check items of SVGAnimatedTransformList.animVal are readonly SVGTransform +PASS t.setScale(2, 2) threw exception NoModificationAllowedError: The object can not be modified.. +PASS t.setMatrix(m) threw exception NoModificationAllowedError: The object can not be modified.. +PASS m.b = 2 threw exception NoModificationAllowedError: The object can not be modified.. + +Check detached items from SVGAnimatedTransformList.animVal are not readonly SVGTransform +PASS t.setScale(2, 2) did not throw exception. +PASS t.setMatrix(m) did not throw exception. +PASS m.b = 2 did not throw exception. +PASS successfullyParsed is true + +TEST COMPLETE + Added: trunk/LayoutTests/svg/dom/SVGTransformList-anim-read-only.html (0 => 258459) --- trunk/LayoutTests/svg/dom/SVGTransformList-anim-read-only.html (rev 0) +++ trunk/LayoutTests/svg/dom/SVGTransformList-anim-read-only.html 2020-03-14 03:11:34 UTC (rev 258459) @@ -0,0 +1,53 @@ + + + + + + + +