Branch: refs/heads/webkitglib/2.40
Home: https://github.com/WebKit/WebKit
Commit: 1d912c017ce29682c2cf3035bf568f1cf3b857bd
https://github.com/WebKit/WebKit/commit/1d912c017ce29682c2cf3035bf568f1cf3b857bd
Author: Michael Saboff <[email protected]>
Date: 2023-03-30 (Thu, 30 Mar 2023)
Changed paths:
A JSTests/stress/regexp-testinline-stacklimits.js
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/runtime/RegExp.h
M Source/JavaScriptCore/yarr/YarrJIT.cpp
Log Message:
-----------
Cherry-pick 252432.1036@safari-7614-branch (c553da3adc35).
https://bugs.webkit.org/show_bug.cgi?id=250873
[JSC] RegExp.test inline is missing some stack overflow checks
https://bugs.webkit.org/show_bug.cgi?id=250873
rdar://104072550
Reviewed by Yusuke Suzuki.
The RegExp.test inline code is missing two stack overflow checks.
1) When compiling the pattern string to a YarrPattern, we checked for
stack overflow,
but didn't do anything with the failure.
2) When allocating the stack space needed to execute the JIT code for the
expression
we need to first check that we have enough stack.
This change adds checks for both cases using the
JSRegExpResult::JITCodeFailure return value when we
would have overflowed the stack. The results checking code after the
inline code sees that error
value, it will now call out to the appropriate C++ helper function to
perform the match.
Those functions are capable of throwing Out of Stack exceptions.
* JSTests/stress/regexp-testinline-stacklimits.js: Added new test.
(baz):
(bar):
(foo):
(true.string_appeared_here.repeat):
(true.catch):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileRegExpTestInline):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/runtime/RegExp.h:
* Source/JavaScriptCore/yarr/YarrJIT.cpp:
(JSC::Yarr::jitCompileInlinedTest):
Canonical link: https://commits.webkit.org/252432.1036@safari-7614-branch
Commit: 564e5b80111eae966032016bd4b2a3fc9eee1358
https://github.com/WebKit/WebKit/commit/564e5b80111eae966032016bd4b2a3fc9eee1358
Author: Carlos Garcia Campos <[email protected]>
Date: 2023-03-30 (Thu, 30 Mar 2023)
Changed paths:
M
Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp
Log Message:
-----------
Cherry-pick 262317@main (8203d28d8126).
https://bugs.webkit.org/show_bug.cgi?id=233455
[GTK][GTK4] MiniBrowser asserts in isInAcceleratedCompositingMode opening
page in debug mode
https://bugs.webkit.org/show_bug.cgi?id=233455
Reviewed by Žan Doberšek.
Send EnterAcceleratedCompositingMode as soon as web process enters
accelerated compositing mode instead of waiting for the first backing
store update.
*
Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp:
(WebKit::DrawingAreaCoordinatedGraphics::enterAcceleratedCompositingMode):
Canonical link: https://commits.webkit.org/262317@main
Compare: https://github.com/WebKit/WebKit/compare/534a3a6ea4c4...564e5b80111e
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
