Diff
Modified: trunk/Source/WTF/ChangeLog (279364 => 279365)
--- trunk/Source/WTF/ChangeLog 2021-06-29 07:14:08 UTC (rev 279364)
+++ trunk/Source/WTF/ChangeLog 2021-06-29 07:19:27 UTC (rev 279365)
@@ -1,3 +1,28 @@
+2021-06-29 Antti Koivisto <an...@apple.com>
+
+ Enable Probabilistic Guard Malloc for RuleData and RuleFeature vectors
+ https://bugs.webkit.org/show_bug.cgi?id=227446
+
+ Reviewed by Geoffrey Garen.
+
+ Add SystemMalloc type that can be used with containers like Vector and
+ ProbabilisticGuardMalloc alias for it on Mac/iOS platforms.
+
+ * WTF.xcodeproj/project.pbxproj:
+ * wtf/CMakeLists.txt:
+ * wtf/SystemMalloc.h: Added.
+ (WTF::SystemMalloc::malloc):
+ (WTF::SystemMalloc::tryMalloc):
+ (WTF::SystemMalloc::zeroedMalloc):
+ (WTF::SystemMalloc::tryZeroedMalloc):
+ (WTF::SystemMalloc::realloc):
+ (WTF::SystemMalloc::tryRealloc):
+ (WTF::SystemMalloc::free):
+ * wtf/Vector.h:
+ (WTF::Malloc>::appendVector):
+
+ Include all template parameters for the appendVector argument.
+
2021-06-28 Mikhail R. Gadelha <mikh...@igalia.com>
Prevent sign-extended casts for 32 bits arch
Modified: trunk/Source/WTF/WTF.xcodeproj/project.pbxproj (279364 => 279365)
--- trunk/Source/WTF/WTF.xcodeproj/project.pbxproj 2021-06-29 07:14:08 UTC (rev 279364)
+++ trunk/Source/WTF/WTF.xcodeproj/project.pbxproj 2021-06-29 07:19:27 UTC (rev 279365)
@@ -760,6 +760,7 @@
E4A0AD371A96245500536DF6 /* WorkQueue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WorkQueue.cpp; sourceTree = "<group>"; };
E4A0AD381A96245500536DF6 /* WorkQueue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WorkQueue.h; sourceTree = "<group>"; };
E4A0AD3C1A96253C00536DF6 /* WorkQueueCocoa.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WorkQueueCocoa.cpp; sourceTree = "<group>"; };
+ E4D2AE4D268A4C7F00DFEA02 /* SystemMalloc.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SystemMalloc.h; sourceTree = "<group>"; };
EB2C86D8267B275C0052CB9A /* CPUTimePOSIX.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CPUTimePOSIX.cpp; sourceTree = "<group>"; };
EB61EDC62409CCC0001EFE36 /* SystemTracingCocoa.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SystemTracingCocoa.cpp; sourceTree = "<group>"; };
EB95E1EF161A72410089A2F5 /* ByteOrder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ByteOrder.h; sourceTree = "<group>"; };
@@ -1292,6 +1293,7 @@
0FDDBFA61666DFA300C55FEF /* StringPrintStream.h */,
5597F82C1D94B9970066BC21 /* SynchronizedFixedQueue.h */,
E3E158251EADA53C004A079D /* SystemFree.h */,
+ E4D2AE4D268A4C7F00DFEA02 /* SystemMalloc.h */,
0FB317C31C488001007E395A /* SystemTracing.h */,
DEF7FE5F22581AC800C15129 /* TaggedArrayStoragePtr.h */,
7B2739F12632A8940040F182 /* ThreadAssertions.h */,
Modified: trunk/Source/WTF/wtf/CMakeLists.txt (279364 => 279365)
--- trunk/Source/WTF/wtf/CMakeLists.txt 2021-06-29 07:14:08 UTC (rev 279364)
+++ trunk/Source/WTF/wtf/CMakeLists.txt 2021-06-29 07:19:27 UTC (rev 279365)
@@ -264,6 +264,7 @@
StringPrintStream.h
SynchronizedFixedQueue.h
SystemFree.h
+ SystemMalloc.h
SystemTracing.h
TaggedArrayStoragePtr.h
ThreadAssertions.h
Added: trunk/Source/WTF/wtf/SystemMalloc.h (0 => 279365)
--- trunk/Source/WTF/wtf/SystemMalloc.h (rev 0)
+++ trunk/Source/WTF/wtf/SystemMalloc.h 2021-06-29 07:19:27 UTC (rev 279365)
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2021 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#if PLATFORM(MAC) || PLATFORM(IOS_FAMILY)
+// Probabilistic Guard Malloc is not really enabled on older platforms but opt those to system malloc too for consistency.
+#define HAVE_PROBABILISTIC_GUARD_MALLOC 1
+#endif
+
+namespace WTF {
+
+struct SystemMalloc {
+ static void* malloc(size_t size)
+ {
+ auto* result = ::malloc(size);
+ if (!result)
+ CRASH();
+ return result;
+ }
+
+ static void* tryMalloc(size_t size)
+ {
+ return ::malloc(size);
+ }
+
+ static void* zeroedMalloc(size_t size)
+ {
+ auto* result = ::malloc(size);
+ if (!result)
+ CRASH();
+ memset(result, 0, size);
+ return result;
+ }
+
+ static void* tryZeroedMalloc(size_t size)
+ {
+ auto* result = ::malloc(size);
+ if (!result)
+ return nullptr;
+ memset(result, 0, size);
+ return result;
+ }
+
+ static void* realloc(void* p, size_t size)
+ {
+ auto* result = ::realloc(p, size);
+ if (!result)
+ CRASH();
+ return result;
+ }
+
+ static void* tryRealloc(void* p, size_t size)
+ {
+ return ::realloc(p, size);
+ }
+
+ static void free(void* p)
+ {
+ ::free(p);
+ }
+};
+
+#if HAVE(PROBABILISTIC_GUARD_MALLOC)
+using ProbabilisticGuardMalloc = SystemMalloc;
+#endif
+
+}
+
+using WTF::SystemMalloc;
+#if HAVE(PROBABILISTIC_GUARD_MALLOC)
+using WTF::ProbabilisticGuardMalloc;
+#endif
Modified: trunk/Source/WTF/wtf/Vector.h (279364 => 279365)
--- trunk/Source/WTF/wtf/Vector.h 2021-06-29 07:14:08 UTC (rev 279364)
+++ trunk/Source/WTF/wtf/Vector.h 2021-06-29 07:19:27 UTC (rev 279365)
@@ -784,8 +784,8 @@
template<typename U> ALWAYS_INLINE void append(const U* u, size_t size) { append<FailureAction::Crash>(u, size); }
template<typename U> ALWAYS_INLINE bool tryAppend(const U* u, size_t size) { return append<FailureAction::Report>(u, size); }
- template<typename U, size_t otherCapacity> void appendVector(const Vector<U, otherCapacity>&);
- template<typename U, size_t otherCapacity> void appendVector(Vector<U, otherCapacity>&&);
+ template<typename U, size_t otherCapacity, typename OtherOverflowHandler, size_t otherMinCapacity, typename OtherMalloc> void appendVector(const Vector<U, otherCapacity, OtherOverflowHandler, otherMinCapacity, OtherMalloc>&);
+ template<typename U, size_t otherCapacity, typename OtherOverflowHandler, size_t otherMinCapacity, typename OtherMalloc> void appendVector(Vector<U, otherCapacity, OtherOverflowHandler, otherMinCapacity, OtherMalloc>&&);
void insert(size_t position, ValueType&& value) { insert<ValueType>(position, std::forward<ValueType>(value)); }
template<typename U> void insert(size_t position, const U*, size_t);
@@ -1383,15 +1383,15 @@
}
template<typename T, size_t inlineCapacity, typename OverflowHandler, size_t minCapacity, typename Malloc>
-template<typename U, size_t otherCapacity>
-inline void Vector<T, inlineCapacity, OverflowHandler, minCapacity, Malloc>::appendVector(const Vector<U, otherCapacity>& val)
+template<typename U, size_t otherCapacity, typename OtherOverflowHandler, size_t otherMinCapacity, typename OtherMalloc>
+inline void Vector<T, inlineCapacity, OverflowHandler, minCapacity, Malloc>::appendVector(const Vector<U, otherCapacity, OtherOverflowHandler, otherMinCapacity, OtherMalloc>& val)
{
append(val.begin(), val.size());
}
template<typename T, size_t inlineCapacity, typename OverflowHandler, size_t minCapacity, typename Malloc>
-template<typename U, size_t otherCapacity>
-inline void Vector<T, inlineCapacity, OverflowHandler, minCapacity, Malloc>::appendVector(Vector<U, otherCapacity>&& val)
+template<typename U, size_t otherCapacity, typename OtherOverflowHandler, size_t otherMinCapacity, typename OtherMalloc>
+inline void Vector<T, inlineCapacity, OverflowHandler, minCapacity, Malloc>::appendVector(Vector<U, otherCapacity, OtherOverflowHandler, otherMinCapacity, OtherMalloc>&& val)
{
size_t newSize = m_size + val.size();
if (newSize > capacity())
Modified: trunk/Source/WebCore/ChangeLog (279364 => 279365)
--- trunk/Source/WebCore/ChangeLog 2021-06-29 07:14:08 UTC (rev 279364)
+++ trunk/Source/WebCore/ChangeLog 2021-06-29 07:19:27 UTC (rev 279365)
@@ -1,3 +1,21 @@
+2021-06-29 Antti Koivisto <an...@apple.com>
+
+ Enable Probabilistic Guard Malloc for RuleData and RuleFeature vectors
+ https://bugs.webkit.org/show_bug.cgi?id=227446
+
+ Reviewed by Geoffrey Garen.
+
+ Help for catching a crash.
+
+ * style/RuleFeature.cpp:
+ (WebCore::Style::RuleFeatureSet::collectFeatures):
+ (WebCore::Style::RuleFeatureSet::add):
+ * style/RuleFeature.h:
+ * style/RuleSet.h:
+ * style/StyleScopeRuleSets.cpp:
+ (WebCore::Style::makeRuleSet):
+ (WebCore::Style::ensureInvalidationRuleSets):
+
2021-06-29 Martin Robinson <mrobin...@igalia.com>
CSS scroll snap should allow scrolling to the middle of snap areas that overflow the snapport
Modified: trunk/Source/WebCore/style/RuleFeature.cpp (279364 => 279365)
--- trunk/Source/WebCore/style/RuleFeature.cpp 2021-06-29 07:14:08 UTC (rev 279364)
+++ trunk/Source/WebCore/style/RuleFeature.cpp 2021-06-29 07:19:27 UTC (rev 279365)
@@ -186,7 +186,7 @@
for (auto& nameAndMatch : selectorFeatures.classes) {
classRules.ensure(nameAndMatch.first, [] {
- return makeUnique<Vector<RuleFeature>>();
+ return makeUnique<RuleFeatureVector>();
}).iterator->value->append({ ruleData, nameAndMatch.second });
if (nameAndMatch.second == MatchElement::Host)
classesAffectingHost.add(nameAndMatch.first);
@@ -202,7 +202,7 @@
}
for (auto& keyAndMatch : selectorFeatures.pseudoClasses) {
pseudoClassRules.ensure(keyAndMatch.first, [] {
- return makeUnique<Vector<RuleFeature>>();
+ return makeUnique<RuleFeatureVector>();
}).iterator->value->append({ ruleData, keyAndMatch.second });
if (keyAndMatch.second == MatchElement::Host)
pseudoClassesAffectingHost.add(keyAndMatch.first);
@@ -220,7 +220,7 @@
uncommonAttributeRules.appendVector(other.uncommonAttributeRules);
for (auto& keyValuePair : other.classRules) {
classRules.ensure(keyValuePair.key, [] {
- return makeUnique<Vector<RuleFeature>>();
+ return makeUnique<RuleFeatureVector>();
}).iterator->value->appendVector(*keyValuePair.value);
}
classesAffectingHost.add(other.classesAffectingHost.begin(), other.classesAffectingHost.end());
@@ -234,7 +234,7 @@
for (auto& keyValuePair : other.pseudoClassRules) {
pseudoClassRules.ensure(keyValuePair.key, [] {
- return makeUnique<Vector<RuleFeature>>();
+ return makeUnique<RuleFeatureVector>();
}).iterator->value->appendVector(*keyValuePair.value);
}
pseudoClassesAffectingHost.add(other.pseudoClassesAffectingHost.begin(), other.pseudoClassesAffectingHost.end());
Modified: trunk/Source/WebCore/style/RuleFeature.h (279364 => 279365)
--- trunk/Source/WebCore/style/RuleFeature.h 2021-06-29 07:14:08 UTC (rev 279364)
+++ trunk/Source/WebCore/style/RuleFeature.h 2021-06-29 07:19:27 UTC (rev 279365)
@@ -25,6 +25,7 @@
#include <wtf/Forward.h>
#include <wtf/HashMap.h>
#include <wtf/HashSet.h>
+#include <wtf/SystemMalloc.h>
#include <wtf/text/AtomString.h>
#include <wtf/text/AtomStringHash.h>
@@ -39,6 +40,13 @@
enum class MatchElement : uint8_t { Subject, Parent, Ancestor, DirectSibling, IndirectSibling, AnySibling, ParentSibling, AncestorSibling, Host };
constexpr unsigned matchElementCount = static_cast<unsigned>(MatchElement::Host) + 1;
+#if HAVE(PROBABILISTIC_GUARD_MALLOC)
+// Help finding rdar://77450900
+using RuleMalloc = ProbabilisticGuardMalloc;
+#else
+using RuleMalloc = FastMalloc;
+#endif
+
struct RuleFeature {
RuleFeature(const RuleData&, std::optional<MatchElement> = std::nullopt);
@@ -58,6 +66,8 @@
const CSSSelector* invalidationSelector { nullptr };
};
+using RuleFeatureVector = Vector<RuleFeature, 0, CrashOnOverflow, 16, RuleMalloc>;
+
struct RuleFeatureSet {
void add(const RuleFeatureSet&);
void clear();
@@ -70,12 +80,12 @@
HashSet<AtomString> attributeCanonicalLocalNamesInRules;
HashSet<AtomString> attributeLocalNamesInRules;
HashSet<AtomString> contentAttributeNamesInRules;
- Vector<RuleFeature> siblingRules;
- Vector<RuleFeature> uncommonAttributeRules;
+ RuleFeatureVector siblingRules;
+ RuleFeatureVector uncommonAttributeRules;
- HashMap<AtomString, std::unique_ptr<Vector<RuleFeature>>> classRules;
+ HashMap<AtomString, std::unique_ptr<RuleFeatureVector>> classRules;
HashMap<AtomString, std::unique_ptr<Vector<RuleFeatureWithInvalidationSelector>>> attributeRules;
- HashMap<CSSSelector::PseudoClassType, std::unique_ptr<Vector<RuleFeature>>, WTF::IntHash<CSSSelector::PseudoClassType>, WTF::StrongEnumHashTraits<CSSSelector::PseudoClassType>> pseudoClassRules;
+ HashMap<CSSSelector::PseudoClassType, std::unique_ptr<RuleFeatureVector>, WTF::IntHash<CSSSelector::PseudoClassType>, WTF::StrongEnumHashTraits<CSSSelector::PseudoClassType>> pseudoClassRules;
HashSet<AtomString> classesAffectingHost;
HashSet<AtomString> attributesAffectingHost;
HashSet<CSSSelector::PseudoClassType, WTF::IntHash<CSSSelector::PseudoClassType>, WTF::StrongEnumHashTraits<CSSSelector::PseudoClassType>> pseudoClassesAffectingHost;
Modified: trunk/Source/WebCore/style/RuleSet.h (279364 => 279365)
--- trunk/Source/WebCore/style/RuleSet.h 2021-06-29 07:14:08 UTC (rev 279364)
+++ trunk/Source/WebCore/style/RuleSet.h 2021-06-29 07:19:27 UTC (rev 279365)
@@ -67,13 +67,13 @@
~RuleSet();
- typedef Vector<RuleData, 1> RuleDataVector;
+ typedef Vector<RuleData, 1, CrashOnOverflow, 16, RuleMalloc> RuleDataVector;
typedef HashMap<AtomString, std::unique_ptr<RuleDataVector>> AtomRuleMap;
struct DynamicMediaQueryRules {
Vector<Ref<const MediaQuerySet>> mediaQuerySets;
Vector<size_t> affectedRulePositions;
- Vector<RuleFeature> ruleFeatures;
+ RuleFeatureVector ruleFeatures;
bool requiresFullReset { false };
bool result { true };
};
@@ -87,7 +87,7 @@
struct DynamicContext {
Ref<const MediaQuerySet> set;
Vector<size_t> affectedRulePositions { };
- Vector<RuleFeature> ruleFeatures { };
+ RuleFeatureVector ruleFeatures { };
};
Vector<DynamicContext> dynamicContextStack { };
@@ -147,7 +147,7 @@
struct CollectedMediaQueryChanges {
bool requiredFullReset { false };
Vector<size_t> changedQueryIndexes { };
- Vector<const Vector<RuleFeature>*> ruleFeatures { };
+ Vector<RuleFeatureVector*> ruleFeatures { };
};
CollectedMediaQueryChanges evaluateDynamicMediaQueryRules(const MediaQueryEvaluator&, size_t startIndex);
Modified: trunk/Source/WebCore/style/StyleScopeRuleSets.cpp (279364 => 279365)
--- trunk/Source/WebCore/style/StyleScopeRuleSets.cpp 2021-06-29 07:14:08 UTC (rev 279364)
+++ trunk/Source/WebCore/style/StyleScopeRuleSets.cpp 2021-06-29 07:19:27 UTC (rev 279365)
@@ -117,7 +117,7 @@
}
}
-static RefPtr<RuleSet> makeRuleSet(const Vector<RuleFeature>& rules)
+static RefPtr<RuleSet> makeRuleSet(const RuleFeatureVector& rules)
{
size_t size = rules.size();
if (!size)
@@ -219,8 +219,8 @@
m_features.shrinkToFit();
}
-template<typename KeyType, typename RuleFeatureType, typename Hash, typename HashTraits>
-static Vector<InvalidationRuleSet>* ensureInvalidationRuleSets(const KeyType& key, HashMap<KeyType, std::unique_ptr<Vector<InvalidationRuleSet>>, Hash, HashTraits>& ruleSetMap, const HashMap<KeyType, std::unique_ptr<Vector<RuleFeatureType>>, Hash, HashTraits>& ruleFeatures)
+template<typename KeyType, typename RuleFeatureVectorType, typename Hash, typename HashTraits>
+static Vector<InvalidationRuleSet>* ensureInvalidationRuleSets(const KeyType& key, HashMap<KeyType, std::unique_ptr<Vector<InvalidationRuleSet>>, Hash, HashTraits>& ruleSetMap, const HashMap<KeyType, std::unique_ptr<RuleFeatureVectorType>, Hash, HashTraits>& ruleFeatures)
{
return ruleSetMap.ensure(key, [&] () -> std::unique_ptr<Vector<InvalidationRuleSet>> {
auto* features = ruleFeatures.get(key);
@@ -230,12 +230,15 @@
std::array<RefPtr<RuleSet>, matchElementCount> matchElementArray;
std::array<Vector<const CSSSelector*>, matchElementCount> invalidationSelectorArray;
for (auto& feature : *features) {
+ RELEASE_ASSERT(feature.matchElement);
auto arrayIndex = static_cast<unsigned>(*feature.matchElement);
+ RELEASE_ASSERT(arrayIndex < matchElementArray.size());
+
auto& ruleSet = matchElementArray[arrayIndex];
if (!ruleSet)
ruleSet = RuleSet::create();
ruleSet->addRule(*feature.styleRule, feature.selectorIndex, feature.selectorListIndex);
- if constexpr (std::is_same<RuleFeatureType, RuleFeatureWithInvalidationSelector>::value) {
+ if constexpr (std::is_same<typename RuleFeatureVectorType::ValueType, RuleFeatureWithInvalidationSelector>::value) {
if (feature.invalidationSelector)
invalidationSelectorArray[arrayIndex].append(feature.invalidationSelector);
}
