[webkit-changes] [262479] trunk

[ysuzuki]

Title: [262479] trunk

Revision

262479

Author

ysuz...@apple.com

Date

2020-06-02 23:53:16 -0700 (Tue, 02 Jun 2020)

Log Message

ASSERTION FAILED: isCell() under WebCore::JSDOMConstructor seen with webaudio/the-audio-api/the-audiocontext-interface/audiocontextoptions.html
https://bugs.webkit.org/show_bug.cgi?id=212650

Reviewed by Mark Lam.

Source/WebCore:

Some DOM constructor can return jsNull. For example, AudioContext constructor can return jsNull when it exceeds # of hardware audio contexts.
However CodeGeneratorJS assumes that DOM constructor always returns an object, or throws an exception.
This patch adds object check after DOM constructor call to handle the jsNull case while it does not change the existing semantics.

* bindings/scripts/CodeGeneratorJS.pm:
(GenerateConstructorDefinition):

LayoutTests:

* platform/ios/TestExpectations:
* platform/mac/TestExpectations:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/platform/ios/TestExpectations
• trunk/LayoutTests/platform/mac/TestExpectations
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
• trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.cpp
• trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp
• trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.cpp
• trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNode.cpp
• trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp
• trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp
• trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp
• trunk/Source/WebCore/bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp
• trunk/Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.cpp

Diff

Modified: trunk/LayoutTests/ChangeLog (262478 => 262479)

--- trunk/LayoutTests/ChangeLog	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/LayoutTests/ChangeLog	2020-06-03 06:53:16 UTC (rev 262479)
@@ -1,3 +1,13 @@
+2020-06-02  Yusuke Suzuki  <ysuz...@apple.com>
+
+        ASSERTION FAILED: isCell() under WebCore::JSDOMConstructor seen with webaudio/the-audio-api/the-audiocontext-interface/audiocontextoptions.html
+        https://bugs.webkit.org/show_bug.cgi?id=212650
+
+        Reviewed by Mark Lam.
+
+        * platform/ios/TestExpectations:
+        * platform/mac/TestExpectations:
+
 2020-06-02  Simon Fraser  <simon.fra...@apple.com>
 
         EventRegion::translate() needs to offset the wheel event regions

Modified: trunk/LayoutTests/platform/ios/TestExpectations (262478 => 262479)

--- trunk/LayoutTests/platform/ios/TestExpectations	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/LayoutTests/platform/ios/TestExpectations	2020-06-03 06:53:16 UTC (rev 262479)
@@ -3529,7 +3529,5 @@
 
 webkit.org/b/212493 imported/w3c/web-platform-tests/css/css-grid/grid-items/grid-items-sizing-alignment-001.html [ ImageOnlyFailure ]
 
-webkit.org/b/212650 [ Debug ] imported/w3c/web-platform-tests/webaudio/the-audio-api/the-audiocontext-interface/audiocontextoptions.html [ Skip ]
-
 # This test requires an update to system decoders
 webkit.org/b/212565 imported/w3c/web-platform-tests/encoding/single-byte-decoder.html [ Failure ]

Modified: trunk/LayoutTests/platform/mac/TestExpectations (262478 => 262479)

--- trunk/LayoutTests/platform/mac/TestExpectations	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/LayoutTests/platform/mac/TestExpectations	2020-06-03 06:53:16 UTC (rev 262479)
@@ -1968,7 +1968,5 @@
 webkit.org/b/212594 webgl/2.0.0/conformance/canvas/buffer-offscreen-test.html [ Failure ]
 webkit.org/b/212594 webgl/1.0.3/conformance/canvas/buffer-offscreen-test.html [ Failure ]
 
-webkit.org/b/212650 [ Debug ] imported/w3c/web-platform-tests/webaudio/the-audio-api/the-audiocontext-interface/audiocontextoptions.html [ Skip ]
-
 # This test requires an update to system decoders
 webkit.org/b/212565 [ Catalina Mojave ] imported/w3c/web-platform-tests/encoding/single-byte-decoder.html [ Failure ]

Modified: trunk/Source/WebCore/ChangeLog (262478 => 262479)

--- trunk/Source/WebCore/ChangeLog	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/Source/WebCore/ChangeLog	2020-06-03 06:53:16 UTC (rev 262479)
@@ -1,3 +1,17 @@
+2020-06-02  Yusuke Suzuki  <ysuz...@apple.com>
+
+        ASSERTION FAILED: isCell() under WebCore::JSDOMConstructor seen with webaudio/the-audio-api/the-audiocontext-interface/audiocontextoptions.html
+        https://bugs.webkit.org/show_bug.cgi?id=212650
+
+        Reviewed by Mark Lam.
+
+        Some DOM constructor can return jsNull. For example, AudioContext constructor can return jsNull when it exceeds # of hardware audio contexts.
+        However CodeGeneratorJS assumes that DOM constructor always returns an object, or throws an exception.
+        This patch adds object check after DOM constructor call to handle the jsNull case while it does not change the existing semantics.
+
+        * bindings/scripts/CodeGeneratorJS.pm:
+        (GenerateConstructorDefinition):
+
 2020-06-02  Simon Fraser  <simon.fra...@apple.com>
 
         EventRegion::translate() needs to offset the wheel event regions

Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (262478 => 262479)

--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm	2020-06-03 06:53:16 UTC (rev 262479)
@@ -7476,10 +7476,13 @@
             push(@constructionConversionArguments, "WTFMove(object)");
 
             # FIXME: toJSNewlyCreated should return JSObject* instead of JSValue.
+            # But certain constructor can return jsNull() e.g. AudioContext.
             push(@$outputArray, "    auto jsValue = toJSNewlyCreated<${IDLType}>(" . join(", ", @constructionConversionArguments) . ");\n");
             push(@$outputArray, "    RETURN_IF_EXCEPTION(throwScope, { });\n") if $interface->extendedAttributes->{ConstructorMayThrowException};
-            push(@$outputArray, "    setSubclassStructureIfNeeded<${implType}>(lexicalGlobalObject, callFrame, asObject(jsValue));\n");
-            push(@$outputArray, "    RETURN_IF_EXCEPTION(throwScope, { });\n");
+            push(@$outputArray, "    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {\n");
+            push(@$outputArray, "        setSubclassStructureIfNeeded<${implType}>(lexicalGlobalObject, callFrame, object);\n");
+            push(@$outputArray, "        RETURN_IF_EXCEPTION(throwScope, { });\n");
+            push(@$outputArray, "    }\n");
             push(@$outputArray, "    return JSValue::encode(jsValue);\n");
             push(@$outputArray, "}\n\n");
         }

Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.cpp (262478 => 262479)

--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.cpp	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.cpp	2020-06-03 06:53:16 UTC (rev 262479)
@@ -181,8 +181,10 @@
     RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
     auto object = TestEventConstructor::create(WTFMove(type), WTFMove(eventInitDict));
     auto jsValue = toJSNewlyCreated<IDLInterface<TestEventConstructor>>(*lexicalGlobalObject, *castedThis->globalObject(), WTFMove(object));
-    setSubclassStructureIfNeeded<TestEventConstructor>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestEventConstructor>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 

Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp (262478 => 262479)

--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp	2020-06-03 06:53:16 UTC (rev 262479)
@@ -284,8 +284,10 @@
     auto object = TestInterface::create(*context, WTFMove(str1), WTFMove(str2));
     auto jsValue = toJSNewlyCreated<IDLInterface<TestInterface>>(*lexicalGlobalObject, *castedThis->globalObject(), throwScope, WTFMove(object));
     RETURN_IF_EXCEPTION(throwScope, { });
-    setSubclassStructureIfNeeded<TestInterface>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestInterface>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 

Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.cpp (262478 => 262479)

--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.cpp	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.cpp	2020-06-03 06:53:16 UTC (rev 262479)
@@ -120,8 +120,10 @@
     auto object = TestNamedConstructor::createForJSConstructor(WTFMove(str1), WTFMove(str2), WTFMove(str3));
     auto jsValue = toJSNewlyCreated<IDLInterface<TestNamedConstructor>>(*lexicalGlobalObject, *castedThis->globalObject(), throwScope, WTFMove(object));
     RETURN_IF_EXCEPTION(throwScope, { });
-    setSubclassStructureIfNeeded<TestNamedConstructor>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestNamedConstructor>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 

Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNode.cpp (262478 => 262479)

--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNode.cpp	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestNode.cpp	2020-06-03 06:53:16 UTC (rev 262479)
@@ -116,8 +116,10 @@
     ASSERT(castedThis);
     auto object = TestNode::create();
     auto jsValue = toJSNewlyCreated<IDLInterface<TestNode>>(*lexicalGlobalObject, *castedThis->globalObject(), WTFMove(object));
-    setSubclassStructureIfNeeded<TestNode>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestNode>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 

Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp (262478 => 262479)

--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp	2020-06-03 06:53:16 UTC (rev 262479)
@@ -1972,8 +1972,10 @@
     RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
     auto object = TestObj::create(document, testCallback.releaseNonNull(), testCallbackFunction.releaseNonNull());
     auto jsValue = toJSNewlyCreated<IDLInterface<TestObj>>(*lexicalGlobalObject, *castedThis->globalObject(), WTFMove(object));
-    setSubclassStructureIfNeeded<TestObj>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestObj>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 

Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp (262478 => 262479)

--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp	2020-06-03 06:53:16 UTC (rev 262479)
@@ -98,8 +98,10 @@
     RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
     auto object = TestOverloadedConstructors::create(*arrayBuffer);
     auto jsValue = toJSNewlyCreated<IDLInterface<TestOverloadedConstructors>>(*lexicalGlobalObject, *castedThis->globalObject(), WTFMove(object));
-    setSubclassStructureIfNeeded<TestOverloadedConstructors>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestOverloadedConstructors>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 
@@ -114,8 +116,10 @@
     RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
     auto object = TestOverloadedConstructors::create(arrayBufferView.releaseNonNull());
     auto jsValue = toJSNewlyCreated<IDLInterface<TestOverloadedConstructors>>(*lexicalGlobalObject, *castedThis->globalObject(), WTFMove(object));
-    setSubclassStructureIfNeeded<TestOverloadedConstructors>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestOverloadedConstructors>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 
@@ -130,8 +134,10 @@
     RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
     auto object = TestOverloadedConstructors::create(*blob);
     auto jsValue = toJSNewlyCreated<IDLInterface<TestOverloadedConstructors>>(*lexicalGlobalObject, *castedThis->globalObject(), WTFMove(object));
-    setSubclassStructureIfNeeded<TestOverloadedConstructors>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestOverloadedConstructors>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 
@@ -146,8 +152,10 @@
     RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
     auto object = TestOverloadedConstructors::create(WTFMove(string));
     auto jsValue = toJSNewlyCreated<IDLInterface<TestOverloadedConstructors>>(*lexicalGlobalObject, *castedThis->globalObject(), WTFMove(object));
-    setSubclassStructureIfNeeded<TestOverloadedConstructors>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestOverloadedConstructors>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 
@@ -161,8 +169,10 @@
     RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
     auto object = TestOverloadedConstructors::create(WTFMove(longArgs));
     auto jsValue = toJSNewlyCreated<IDLInterface<TestOverloadedConstructors>>(*lexicalGlobalObject, *castedThis->globalObject(), WTFMove(object));
-    setSubclassStructureIfNeeded<TestOverloadedConstructors>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestOverloadedConstructors>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 

Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp (262478 => 262479)

--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp	2020-06-03 06:53:16 UTC (rev 262479)
@@ -97,8 +97,10 @@
     RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
     auto object = TestOverloadedConstructorsWithSequence::create(WTFMove(sequenceOfStrings));
     auto jsValue = toJSNewlyCreated<IDLInterface<TestOverloadedConstructorsWithSequence>>(*lexicalGlobalObject, *castedThis->globalObject(), WTFMove(object));
-    setSubclassStructureIfNeeded<TestOverloadedConstructorsWithSequence>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestOverloadedConstructorsWithSequence>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 
@@ -113,8 +115,10 @@
     RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
     auto object = TestOverloadedConstructorsWithSequence::create(WTFMove(string));
     auto jsValue = toJSNewlyCreated<IDLInterface<TestOverloadedConstructorsWithSequence>>(*lexicalGlobalObject, *castedThis->globalObject(), WTFMove(object));
-    setSubclassStructureIfNeeded<TestOverloadedConstructorsWithSequence>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestOverloadedConstructorsWithSequence>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 

Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp (262478 => 262479)

--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp	2020-06-03 06:53:16 UTC (rev 262479)
@@ -182,8 +182,10 @@
     RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
     auto object = TestPromiseRejectionEvent::create(*castedThis->globalObject(), WTFMove(type), WTFMove(eventInitDict));
     auto jsValue = toJSNewlyCreated<IDLInterface<TestPromiseRejectionEvent>>(*lexicalGlobalObject, *castedThis->globalObject(), WTFMove(object));
-    setSubclassStructureIfNeeded<TestPromiseRejectionEvent>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestPromiseRejectionEvent>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 

Modified: trunk/Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.cpp (262478 => 262479)

--- trunk/Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.cpp	2020-06-03 06:25:50 UTC (rev 262478)
+++ trunk/Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.cpp	2020-06-03 06:53:16 UTC (rev 262479)
@@ -173,8 +173,10 @@
     RETURN_IF_EXCEPTION(throwScope, encodedJSValue());
     auto object = TestTypedefs::create(WTFMove(hello), testCallbackFunction.releaseNonNull(), testCallbackInterface.releaseNonNull());
     auto jsValue = toJSNewlyCreated<IDLInterface<TestTypedefs>>(*lexicalGlobalObject, *castedThis->globalObject(), WTFMove(object));
-    setSubclassStructureIfNeeded<TestTypedefs>(lexicalGlobalObject, callFrame, asObject(jsValue));
-    RETURN_IF_EXCEPTION(throwScope, { });
+    if (auto* object = jsDynamicCast<JSObject*>(vm, jsValue)) {
+        setSubclassStructureIfNeeded<TestTypedefs>(lexicalGlobalObject, callFrame, object);
+        RETURN_IF_EXCEPTION(throwScope, { });
+    }
     return JSValue::encode(jsValue);
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes