Branch: refs/heads/safari-7616.1.11-branch Home: https://github.com/WebKit/WebKit Commit: 7e2624afe27e39bc8e1ad48b370e5a3aff1bd1ee https://github.com/WebKit/WebKit/commit/7e2624afe27e39bc8e1ad48b370e5a3aff1bd1ee Author: Elliott Williams <e...@apple.com> Date: 2023-04-21 (Fri, 21 Apr 2023)
Changed paths: M Source/JavaScriptCore/Configurations/JavaScriptCore.xcconfig Log Message: ----------- Fix ThinLTO build failure when linking aginst libpas.a https://bugs.webkit.org/show_bug.cgi?id=255804 rdar://108319256 Unreviewed build fix. Linking against libpas using search paths (-hidden-lpas) was causing a Mac Catalyst production build to use the wrong archive. Fix by linking against an exact path, the same way libbmalloc is linked. * Source/JavaScriptCore/Configurations/JavaScriptCore.xcconfig: Canonical link: https://commits.webkit.org/263266@main (cherry picked from commit 5c5b8c1c2f6ade6b2b98428f6ade6e67797138ba) Identifier: 263164.1@safari-7616.1.11-branch Commit: 77fbc14c3c51423dc0694a24e9167d7ca2540061 https://github.com/WebKit/WebKit/commit/77fbc14c3c51423dc0694a24e9167d7ca2540061 Author: Russell Epstein <repst...@apple.com> Date: 2023-04-21 (Fri, 21 Apr 2023) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7616.1.11.1 Identifier: 262889.277@safari-7616.1.11-branch Commit: 8a972b1cc35656c163c614c57f83d8e4fd13a312 https://github.com/WebKit/WebKit/commit/8a972b1cc35656c163c614c57f83d8e4fd13a312 Author: Russell Epstein <repst...@apple.com> Date: 2023-04-24 (Mon, 24 Apr 2023) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7616.1.11.2 Identifier: 262889.278@safari-7616.1.11-branch Commit: 9a0d46229a1990b863c17400029cac007e2ce750 https://github.com/WebKit/WebKit/commit/9a0d46229a1990b863c17400029cac007e2ce750 Author: Yusuke Suzuki <ysuz...@apple.com> Date: 2023-04-24 (Mon, 24 Apr 2023) Changed paths: A JSTests/microbenchmarks/megamorphic-dfg.js M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h M Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp M Source/JavaScriptCore/dfg/DFGNode.cpp M Source/JavaScriptCore/dfg/DFGNode.h Log Message: ----------- Cherry-pick d77ef3a80e9c. rdar://problem/108302994 [JSC] Convert GetByVal + StringIdent constant to GetById to encourage megamorphic IC https://bugs.webkit.org/show_bug.cgi?id=255709 rdar://108302994 Reviewed by Alexey Shvayka. This patch converts DFG/FTL GetByVal + StringIdent constant to GetById. The main benefit of this is that we can use megamorphic IC from GetById. ToT Patched megamorphic-dfg 10.9843+-0.0357 ^ 7.3780+-0.0332 ^ definitely 1.4888x faster * JSTests/microbenchmarks/megamorphic-dfg.js: Added. (test): (test2): * Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): * Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): * Source/JavaScriptCore/dfg/DFGNode.cpp: (JSC::DFG::Node::convertToGetById): * Source/JavaScriptCore/dfg/DFGNode.h: Canonical link: https://commits.webkit.org/263200@main Identifier: 262889.279@safari-7616.1.11-branch Commit: c117b987ee2b22e1a4604ac2a7556066964fe46a https://github.com/WebKit/WebKit/commit/c117b987ee2b22e1a4604ac2a7556066964fe46a Author: Yusuke Suzuki <ysuz...@apple.com> Date: 2023-04-24 (Mon, 24 Apr 2023) Changed paths: M Source/JavaScriptCore/bytecode/GetByStatus.cpp M Source/JavaScriptCore/bytecode/GetByStatus.h M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp M Source/JavaScriptCore/dfg/DFGClobberize.h M Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp M Source/JavaScriptCore/dfg/DFGDoesGC.cpp M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp M Source/JavaScriptCore/dfg/DFGNode.h M Source/JavaScriptCore/dfg/DFGNodeType.h M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp M Source/JavaScriptCore/dfg/DFGSafeToExecute.h M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp M Source/JavaScriptCore/ftl/FTLCapabilities.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp M Source/JavaScriptCore/jit/AssemblyHelpers.cpp M Source/JavaScriptCore/jit/AssemblyHelpers.h M Source/JavaScriptCore/jit/JITOperations.cpp Log Message: ----------- Cherry-pick 98d5e19f0344. rdar://problem/108398043 [JSC] Integrate inlined megamorphic access in DFG and FTL https://bugs.webkit.org/show_bug.cgi?id=255821 rdar://108398043 Reviewed by Mark Lam. DFG and FTL should get Baseline IC's megamorphic GetById state, and emit special GetByIdMegamorphic node, which does megamorphic access inline (without IC) from the beginning. This is (1) faster than IC and (2) avoid repeated repatching of code. Here is a bit fun thing: emitting GetByIdMegamorphic means that we give up polymorphic IC optimization. So this needs very careful handling. It is possible that one function can be inlined from the other function, and then it gets limited # of structures. In this case, continue using IC is better than falling back to megamorphic case. But if the function gets compiled before, and even optimizing JIT saw the megamorphism, then this is likely that this function continues having megamorphic behavior, and inlined megamorphic code is faster. Currently, we use GetByIdMegamorphic only when the exact same form of CodeOrigin gets this megamorphic state before (same level of inlining etc.). This is very conservative but effective since IC is very fast when it worked well (but costly if it doesn't work and get megamorphic). Once this cost-benefit tradeoff gets changed (via handler IC), we can revisit this condition. ToT Patched megamorphic-own-load 37.0244+-0.1000 ^ 34.3635+-0.0982 ^ definitely 1.0774x faster megamorphic-dfg 7.4125+-0.0400 7.3945+-0.0251 megamorphic-load 4.5447+-0.0232 ^ 4.3989+-0.0293 ^ definitely 1.0332x faster megamorphic-prototype-load 37.0116+-0.1119 ^ 34.4312+-0.1764 ^ definitely 1.0749x faster megamorphic-miss 30.6568+-0.0471 ^ 28.5222+-0.1031 ^ definitely 1.0748x faster * Source/JavaScriptCore/bytecode/GetByStatus.cpp: (JSC::GetByStatus::computeFor): (JSC::GetByStatus::GetByStatus): (JSC::isSameStyledCodeOrigin): (JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback): (JSC::GetByStatus::makesCalls const): (JSC::GetByStatus::merge): (JSC::GetByStatus::dump const): * Source/JavaScriptCore/bytecode/GetByStatus.h: * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::InlineCacheCompiler::generateWithGuard): * Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): * Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleGetById): * Source/JavaScriptCore/dfg/DFGClobberize.h: (JSC::DFG::clobberize): * Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): * Source/JavaScriptCore/dfg/DFGDoesGC.cpp: (JSC::DFG::doesGC): * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * Source/JavaScriptCore/dfg/DFGNode.h: (JSC::DFG::Node::convertToGetByOffset): (JSC::DFG::Node::convertToMultiGetByOffset): (JSC::DFG::Node::hasCacheableIdentifier): (JSC::DFG::Node::hasHeapPrediction): * Source/JavaScriptCore/dfg/DFGNodeType.h: * Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp: * Source/JavaScriptCore/dfg/DFGSafeToExecute.h: (JSC::DFG::safeToExecute): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h: * Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): (JSC::DFG::SpeculativeJIT::compileGetByIdMegamorphic): * Source/JavaScriptCore/ftl/FTLCapabilities.cpp: (JSC::FTL::canCompile): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileNode): (JSC::FTL::DFG::LowerDFGToB3::compileGetByIdMegamorphic): * Source/JavaScriptCore/jit/AssemblyHelpers.cpp: (JSC::AssemblyHelpers::loadMegamorphicProperty): * Source/JavaScriptCore/jit/AssemblyHelpers.h: * Source/JavaScriptCore/jit/JITOperations.cpp: (JSC::JSC_DEFINE_JIT_OPERATION): Canonical link: https://commits.webkit.org/263300@main Identifier: 262889.280@safari-7616.1.11-branch Commit: cfb85857f8a985d541550d62e1b135440db12329 https://github.com/WebKit/WebKit/commit/cfb85857f8a985d541550d62e1b135440db12329 Author: David Degazio <d_dega...@apple.com> Date: 2023-04-24 (Mon, 24 Apr 2023) Changed paths: M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h M Source/JavaScriptCore/heap/FreeList.cpp M Source/JavaScriptCore/heap/FreeList.h M Source/JavaScriptCore/heap/FreeListInlines.h M Source/JavaScriptCore/heap/MarkedBlockInlines.h M Source/JavaScriptCore/jit/AssemblyHelpers.cpp Log Message: ----------- Cherry-pick 2fbb3152165b. rdar://problem/108377867 Use bump ranges instead of free list in JSC allocator https://bugs.webkit.org/show_bug.cgi?id=255798 rdar://108377867 Reviewed by Yusuke Suzuki and Mark Lam. Replaces the JSC free list allocator with a list of free intervals. Each interval represents a contiguous block of dead cells, and within each interval we can bump-allocate. This should mean we bump-allocate more often, and potentially speed up sweeping by nature of installing fewer free list cells, especially for use cases where we don't often manage to totally empty blocks currently. * Source/JavaScriptCore/heap/FreeList.cpp: (JSC::FreeList::clear): (JSC::FreeList::initialize): (JSC::FreeList::contains const): (JSC::FreeList::dump const): (JSC::FreeList::initializeList): Deleted. (JSC::FreeList::initializeBump): Deleted. * Source/JavaScriptCore/heap/FreeList.h: (JSC::FreeCell::scramble): (JSC::FreeCell::descramble): (JSC::FreeCell::makeLast): (JSC::FreeCell::setNext): (JSC::FreeCell::decode): (JSC::FreeCell::offsetOfScrambledBits): (JSC::FreeList::allocationWillFail const): (JSC::FreeList::isSentinel): (JSC::FreeList::offsetOfHead): (JSC::FreeList::offsetOfPayloadStart): (JSC::FreeList::offsetOfPayloadEnd): (JSC::FreeList::head const): (JSC::FreeCell::next const): Deleted. (JSC::FreeCell::offsetOfScrambledNext): Deleted. (JSC::FreeList::offsetOfScrambledHead): Deleted. (JSC::FreeList::offsetOfRemaining): Deleted. * Source/JavaScriptCore/heap/FreeListInlines.h: (JSC::FreeList::allocate): (JSC::FreeList::forEach const): * Source/JavaScriptCore/heap/MarkedBlockInlines.h: (JSC::MarkedBlock::Handle::specializedSweep): * Source/JavaScriptCore/jit/AssemblyHelpers.cpp: (JSC::AssemblyHelpers::jitAssertTagsInPlace): (JSC::AssemblyHelpers::emitExceptionCheck): (JSC::AssemblyHelpers::emitNonPatchableExceptionCheck): (JSC::AssemblyHelpers::loadProperty): (JSC::AssemblyHelpers::storeProperty): (JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator): (JSC::AssemblyHelpers::emitAllocateVariableSized): (JSC::AssemblyHelpers::restoreCalleeSavesFromEntryFrameCalleeSavesBuffer): (JSC::AssemblyHelpers::emitRestoreCalleeSavesFor): Canonical link: https://commits.webkit.org/263313@main Identifier: 262889.281@safari-7616.1.11-branch Commit: 32606b32b2a931b28523140b733c6b82ad309645 https://github.com/WebKit/WebKit/commit/32606b32b2a931b28523140b733c6b82ad309645 Author: Gavin Phillips <gavi...@apple.com> Date: 2023-04-24 (Mon, 24 Apr 2023) Changed paths: M Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm Log Message: ----------- Cherry-pick 0819d58fc483. rdar://problem/108235706 Move PKPaymentMethod and NSMutableURLRequest to Secure mode https://bugs.webkit.org/show_bug.cgi?id=255791 rdar://108235706 Reviewed by Wenson Hsieh. Move PKPaymentMethod & NSMutableURLRequest to using Secure mode for deserialization. * Source/WebKit/Shared/Cocoa/ArgumentCodersCocoa.mm: (IPC::shouldEnableStrictMode): Canonical link: https://commits.webkit.org/263256@main Identifier: 262889.282@safari-7616.1.11-branch Commit: a262c2046bb40cbfa7e0a96511e0529e4cff99b7 https://github.com/WebKit/WebKit/commit/a262c2046bb40cbfa7e0a96511e0529e4cff99b7 Author: Russell Epstein <repst...@apple.com> Date: 2023-04-25 (Tue, 25 Apr 2023) Changed paths: M Configurations/Version.xcconfig Log Message: ----------- Versioning. WebKit-7616.1.11.3 Canonical link: https://commits.webkit.org/263164.8@safari-7616.1.11-branch Commit: 7ba0697c8d5bf04484a908706f5f0d2c3183ab53 https://github.com/WebKit/WebKit/commit/7ba0697c8d5bf04484a908706f5f0d2c3183ab53 Author: Miguel Salinas <miguel_sali...@apple.com> Date: 2023-04-25 (Tue, 25 Apr 2023) Changed paths: M Source/WebKit/UIProcess/ProcessThrottler.cpp M Source/WebKit/UIProcess/ProcessThrottler.h M Source/WebKit/UIProcess/WebPageProxy.cpp M Source/WebKit/UIProcess/WebPageProxy.h M Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm Log Message: ----------- Cherry-pick 0420e99f1060. rdar://problem/106969950 [macOS] background tab suspension - 3.5% MBA8,2 membuster regression https://bugs.webkit.org/show_bug.cgi?id=255226 rdar://106969950 Reviewed by Chris Dumez. Membuster sends a low memory signal to web content processes to measure the memory impact of our low memory handler. When runningboard throttling is enabled on MBA8,2 the web content process never gets scheduled due to the machine only having 2 cores and the web content process having a priority of darwin_bg. This fix holds the foreground assertion for 8 minutes after the last foreground activity is released to ensure we have enough time to handle the low memory signal in membuster. I also tried having the web content process take an assertion on itself for the duration of the low memory handler but that did not fix the regression. * Source/WebKit/UIProcess/ProcessThrottler.cpp: (WebKit::ProcessThrottlerTimedActivity::ProcessThrottlerTimedActivity): (WebKit::ProcessThrottlerTimedActivity::operator=): (WebKit::ProcessThrottlerTimedActivity::activityTimedOut): (WebKit::ProcessThrottlerTimedActivity::updateTimer): (WebKit::ProcessThrottler::TimedActivity::TimedActivity): Deleted. (WebKit::ProcessThrottler::TimedActivity::operator=): Deleted. (WebKit::ProcessThrottler::TimedActivity::activityTimedOut): Deleted. (WebKit::ProcessThrottler::TimedActivity::updateTimer): Deleted. * Source/WebKit/UIProcess/ProcessThrottler.h: * Source/WebKit/UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::ProcessActivityState::ProcessActivityState): (WebKit::WebPageProxy::ProcessActivityState::takeVisibleActivity): (WebKit::WebPageProxy::ProcessActivityState::takeAudibleActivity): (WebKit::WebPageProxy::ProcessActivityState::takeCapturingActivity): (WebKit::WebPageProxy::ProcessActivityState::reset): (WebKit::WebPageProxy::ProcessActivityState::dropVisibleActivity): (WebKit::WebPageProxy::ProcessActivityState::dropAudibleActivity): (WebKit::WebPageProxy::ProcessActivityState::dropCapturingActivity): (WebKit::WebPageProxy::ProcessActivityState::hasValidVisibleActivity const): (WebKit::WebPageProxy::ProcessActivityState::hasValidAudibleActivity const): (WebKit::WebPageProxy::ProcessActivityState::hasValidCapturingActivity const): (WebKit::WebPageProxy::ProcessActivityState::takeOpeningAppLinkActivity): (WebKit::WebPageProxy::ProcessActivityState::dropOpeningAppLinkActivity): (WebKit::WebPageProxy::ProcessActivityState::hasValidOpeningAppLinkActivity const): (WebKit::WebPageProxy::close): (WebKit::WebPageProxy::updateThrottleState): (WebKit::WebPageProxy::clearAudibleActivity): (WebKit::WebPageProxy::waitForDidUpdateActivityState): (WebKit::WebPageProxy::resetStateAfterProcessExited): * Source/WebKit/UIProcess/WebPageProxy.h: * Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm: (WebKit::WebPageProxy::willOpenAppLink): Canonical link: https://commits.webkit.org/263264@main Canonical link: https://commits.webkit.org/263164.9@safari-7616.1.11-branch Commit: e77e17933de1f9cc464a35463a615dbb7825b9a5 https://github.com/WebKit/WebKit/commit/e77e17933de1f9cc464a35463a615dbb7825b9a5 Author: Commit Queue <commit-qu...@webkit.org> Date: 2023-04-25 (Tue, 25 Apr 2023) Changed paths: M Source/WebKit/Shared/WebPreferencesDefaultValues.cpp Log Message: ----------- Cherry-pick 574dcb6844bb. rdar://problem/108499789 Unreviewed, reverting r262174@main. https://bugs.webkit.org/show_bug.cgi?id=255918 regressions fixed Reverted changeset: "[macOS] Disable background webcontent suspension by default" https://bugs.webkit.org/show_bug.cgi?id=254535 https://commits.webkit.org/262174@main Canonical link: https://commits.webkit.org/263364@main Canonical link: https://commits.webkit.org/263164.10@safari-7616.1.11-branch Compare: https://github.com/WebKit/WebKit/compare/7e2624afe27e%5E...e77e17933de1 _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes