Commit f9eb142a authored by Alberto Garcia's avatar Alberto Garcia
Browse files

New upstream version 2.21.3

parent 6080a7ef
......@@ -14,7 +14,7 @@
<div class="titlepage">
<div>
<div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">JavaScriptCore GLib Reference Manual</p></th></tr></table></div>
<div><p class="releaseinfo">for JavaScriptCore 2.21.2</p></div>
<div><p class="releaseinfo">for JavaScriptCore 2.21.3</p></div>
</div>
<hr>
</div>
......
......@@ -175,7 +175,7 @@ have included when compiling your code.</p>
<hr>
<div class="refsect2">
<a name="JSC-MICRO-VERSION:CAPS"></a><h3>JSC_MICRO_VERSION</h3>
<pre class="programlisting">#define JSC_MICRO_VERSION (2)
<pre class="programlisting">#define JSC_MICRO_VERSION (3)
</pre>
</div>
</div>
......
......@@ -14,7 +14,7 @@
<div class="titlepage">
<div>
<div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">WebKit2GTK+ Reference Manual</p></th></tr></table></div>
<div><p class="releaseinfo">for WebKit2GTK+ 2.21.2</p></div>
<div><p class="releaseinfo">for WebKit2GTK+ 2.21.3</p></div>
</div>
<hr>
</div>
......
......@@ -213,7 +213,7 @@ against at application run time.</p>
<hr>
<div class="refsect2">
<a name="WEBKIT-MICRO-VERSION:CAPS"></a><h3>WEBKIT_MICRO_VERSION</h3>
<pre class="programlisting">#define WEBKIT_MICRO_VERSION (2)
<pre class="programlisting">#define WEBKIT_MICRO_VERSION (3)
</pre>
<p>Like <a class="link" href="webkit2gtk-4.0-WebKitVersion.html#webkit-get-micro-version" title="webkit_get_micro_version ()"><code class="function">webkit_get_micro_version()</code></a>, but from the headers used at
application compile time, rather than from the library linked
......
......@@ -14,7 +14,7 @@
<div class="titlepage">
<div>
<div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">WebKitDOMGTK+ Reference Manual</p></th></tr></table></div>
<div><p class="releaseinfo">for WebKitDOMGTK+ 2.21.2</p></div>
<div><p class="releaseinfo">for WebKitDOMGTK+ 2.21.3</p></div>
</div>
<hr>
</div>
......
=================
WebKitGTK+ 2.21.3
=================
What's new in WebKitGTK+ 2.21.3?
- Ensure memory monitor properly notifies all child processes.
- Add maximize, minimize and fullscreen window commands to WebDriver.
- Fix a network process crash when trying to get cookies of about:blank page.
- Fix UI process crash when closing the window under Wayland.
- Disable Gigacage if mmap fails to allocate in Linux.
- Fix several crashes and rendering issues.
=================
WebKitGTK+ 2.21.2
=================
......
......@@ -490,6 +490,7 @@ set(JavaScriptCore_PRIVATE_FRAMEWORK_HEADERS
heap/AlignedMemoryAllocator.h
heap/AllocationFailureMode.h
heap/Allocator.h
heap/AllocatorInlines.h
heap/AllocatorForMode.h
heap/BlockDirectory.h
heap/BlockDirectoryInlines.h
......@@ -500,6 +501,7 @@ set(JavaScriptCore_PRIVATE_FRAMEWORK_HEADERS
heap/CollectionScope.h
heap/CollectorPhase.h
heap/CompleteSubspace.h
heap/CompleteSubspaceInlines.h
heap/ConstraintConcurrency.h
heap/ConstraintParallelism.h
heap/ConstraintVolatility.h
......@@ -533,10 +535,12 @@ set(JavaScriptCore_PRIVATE_FRAMEWORK_HEADERS
heap/IncrementalSweeper.h
heap/IsoCellSet.h
heap/IsoSubspace.h
heap/IsoSubspaceInlines.h
heap/IsoSubspacePerVM.h
heap/LargeAllocation.h
heap/ListableHandler.h
heap/LocalAllocator.h
heap/LocalAllocatorInlines.h
heap/LockDuringMarking.h
heap/MachineStackMarker.h
heap/MarkStack.h
......@@ -556,9 +560,7 @@ set(JavaScriptCore_PRIVATE_FRAMEWORK_HEADERS
heap/Subspace.h
heap/SubspaceInlines.h
heap/Synchronousness.h
heap/ThreadLocalCache.h
heap/TinyBloomFilter.h
heap/UnconditionalFinalizer.h
heap/VisitRaceKey.h
heap/Weak.h
heap/WeakBlock.h
......
......@@ -524,8 +524,6 @@ heap/StopIfNecessaryTimer.cpp
heap/Subspace.cpp
heap/SynchronousStopTheWorldMutatorScheduler.cpp
heap/Synchronousness.cpp
heap/ThreadLocalCache.cpp
heap/ThreadLocalCacheLayout.cpp
heap/VisitRaceKey.cpp
heap/Weak.cpp
heap/WeakBlock.cpp
......@@ -806,6 +804,7 @@ runtime/JSGlobalLexicalEnvironment.cpp
runtime/JSGlobalObject.cpp
runtime/JSGlobalObjectDebuggable.cpp
runtime/JSGlobalObjectFunctions.cpp
runtime/JSImmutableButterfly.cpp
runtime/JSInternalPromise.cpp
runtime/JSInternalPromiseConstructor.cpp
runtime/JSInternalPromiseDeferred.cpp
......
......@@ -767,7 +767,7 @@ function arraySpeciesCreate(array, length)
}
@globalPrivate
function flattenIntoArray(target, source, sourceLength, targetIndex, depth)
function flatIntoArray(target, source, sourceLength, targetIndex, depth)
{
"use strict";
......@@ -775,7 +775,7 @@ function flattenIntoArray(target, source, sourceLength, targetIndex, depth)
if (sourceIndex in source) {
var element = source[sourceIndex];
if (depth > 0 && @isArray(element))
targetIndex = @flattenIntoArray(target, element, @toLength(element.length), targetIndex, depth - 1);
targetIndex = @flatIntoArray(target, element, @toLength(element.length), targetIndex, depth - 1);
else {
if (targetIndex >= @MAX_SAFE_INTEGER)
@throwTypeError("flatten array exceeds 2**53 - 1");
......@@ -787,11 +787,11 @@ function flattenIntoArray(target, source, sourceLength, targetIndex, depth)
return targetIndex;
}
function flatten()
function flat()
{
"use strict";
var array = @toObject(this, "Array.prototype.flatten requires that |this| not be null or undefined");
var array = @toObject(this, "Array.prototype.flat requires that |this| not be null or undefined");
var length = @toLength(array.length);
var depthNum = 1;
......@@ -801,12 +801,12 @@ function flatten()
var result = @arraySpeciesCreate(array, 0);
@flattenIntoArray(result, array, length, 0, depthNum);
@flatIntoArray(result, array, length, 0, depthNum);
return result;
}
@globalPrivate
function flattenIntoArrayWithCallback(target, source, sourceLength, targetIndex, callback, thisArg)
function flatIntoArrayWithCallback(target, source, sourceLength, targetIndex, callback, thisArg)
{
"use strict";
......@@ -814,7 +814,7 @@ function flattenIntoArrayWithCallback(target, source, sourceLength, targetIndex,
if (sourceIndex in source) {
var element = callback.@call(thisArg, source[sourceIndex], sourceIndex, source);
if (@isArray(element))
targetIndex = @flattenIntoArray(target, element, @toLength(element.length), targetIndex, 0);
targetIndex = @flatIntoArray(target, element, @toLength(element.length), targetIndex, 0);
else {
if (targetIndex >= @MAX_SAFE_INTEGER)
@throwTypeError("flatten array exceeds 2**53 - 1");
......@@ -840,5 +840,5 @@ function flatMap(callback)
var result = @arraySpeciesCreate(array, 0);
return @flattenIntoArrayWithCallback(result, array, length, 0, callback, thisArg);
return @flatIntoArrayWithCallback(result, array, length, 0, callback, thisArg);
}
......@@ -680,7 +680,7 @@ void AccessCase::generateImpl(AccessGenerationState& state)
switch (m_type) {
case InHit:
case InMiss:
jit.boxBooleanPayload(m_type == InHit, valueRegs.payloadGPR());
jit.boxBoolean(m_type == InHit, valueRegs);
state.succeed();
return;
......
......@@ -28,6 +28,8 @@
#include "JSCInlines.h"
#include <algorithm>
namespace JSC {
void ArrayAllocationProfile::updateProfile()
......@@ -50,7 +52,14 @@ void ArrayAllocationProfile::updateProfile()
if (!lastArray)
return;
if (LIKELY(Options::useArrayAllocationProfiling())) {
m_currentIndexingType = leastUpperBoundOfIndexingTypes(m_currentIndexingType, lastArray->indexingType());
// The basic model here is that we will upgrade ourselves to whatever the CoW version of lastArray is except ArrayStorage since we don't have CoW ArrayStorage.
IndexingType indexingType = leastUpperBoundOfIndexingTypes(m_currentIndexingType & IndexingTypeMask, lastArray->indexingType());
if (isCopyOnWrite(m_currentIndexingType)) {
if (indexingType > ArrayWithContiguous)
indexingType = ArrayWithContiguous;
indexingType |= CopyOnWrite;
}
m_currentIndexingType = indexingType;
m_largestSeenVectorLength = std::min(std::max(m_largestSeenVectorLength, lastArray->getVectorLength()), BASE_CONTIGUOUS_VECTOR_LEN_MAX);
}
m_lastArray = nullptr;
......
......@@ -56,7 +56,7 @@ public:
}
JS_EXPORT_PRIVATE void updateProfile();
static IndexingType selectIndexingTypeFor(ArrayAllocationProfile* profile)
{
if (!profile)
......@@ -71,6 +71,8 @@ public:
return lastArray;
}
void initializeIndexingMode(IndexingType recommendedIndexingMode) { m_currentIndexingType = recommendedIndexingMode; }
private:
IndexingType m_currentIndexingType { ArrayWithUndecided };
......
......@@ -72,6 +72,12 @@ void dumpArrayModes(PrintStream& out, ArrayModes arrayModes)
out.print(comma, "ArrayWithArrayStorage");
if (arrayModes & asArrayModes(ArrayWithSlowPutArrayStorage))
out.print(comma, "ArrayWithSlowPutArrayStorage");
if (arrayModes & asArrayModes(CopyOnWriteArrayWithInt32))
out.print(comma, "CopyOnWriteArrayWithInt32");
if (arrayModes & asArrayModes(CopyOnWriteArrayWithDouble))
out.print(comma, "CopyOnWriteArrayWithDouble");
if (arrayModes & asArrayModes(CopyOnWriteArrayWithContiguous))
out.print(comma, "CopyOnWriteArrayWithContiguous");
if (arrayModes & Int8ArrayMode)
out.print(comma, "Int8ArrayMode");
......@@ -147,46 +153,19 @@ CString ArrayProfile::briefDescription(const ConcurrentJSLocker& locker, CodeBlo
CString ArrayProfile::briefDescriptionWithoutUpdating(const ConcurrentJSLocker&)
{
StringPrintStream out;
bool hasPrinted = false;
if (m_observedArrayModes) {
if (hasPrinted)
out.print(", ");
out.print(ArrayModesDump(m_observedArrayModes));
hasPrinted = true;
}
if (m_mayStoreToHole) {
if (hasPrinted)
out.print(", ");
out.print("Hole");
hasPrinted = true;
}
if (m_outOfBounds) {
if (hasPrinted)
out.print(", ");
out.print("OutOfBounds");
hasPrinted = true;
}
if (m_mayInterceptIndexedAccesses) {
if (hasPrinted)
out.print(", ");
out.print("Intercept");
hasPrinted = true;
}
if (m_usesOriginalArrayStructures) {
if (hasPrinted)
out.print(", ");
out.print("Original");
hasPrinted = true;
}
UNUSED_PARAM(hasPrinted);
CommaPrinter comma;
if (m_observedArrayModes)
out.print(comma, ArrayModesDump(m_observedArrayModes));
if (m_mayStoreToHole)
out.print(comma, "Hole");
if (m_outOfBounds)
out.print(comma, "OutOfBounds");
if (m_mayInterceptIndexedAccesses)
out.print(comma, "Intercept");
if (m_usesOriginalArrayStructures)
out.print(comma, "Original");
return out.toCString();
}
......
......@@ -35,22 +35,42 @@ class CodeBlock;
class LLIntOffsetsExtractor;
// This is a bitfield where each bit represents an type of array access that we have seen.
// There are 16 indexing types that use the lower bits.
// There are 19 indexing types that use the lower bits.
// There are 9 typed array types taking the bits 16 to 25.
typedef unsigned ArrayModes;
const ArrayModes Int8ArrayMode = 1 << 16;
const ArrayModes Int16ArrayMode = 1 << 17;
const ArrayModes Int32ArrayMode = 1 << 18;
const ArrayModes Uint8ArrayMode = 1 << 19;
const ArrayModes Uint8ClampedArrayMode = 1 << 20;
const ArrayModes Uint16ArrayMode = 1 << 21;
const ArrayModes Uint32ArrayMode = 1 << 22;
const ArrayModes Float32ArrayMode = 1 << 23;
const ArrayModes Float64ArrayMode = 1 << 24;
const ArrayModes CopyOnWriteArrayWithInt32ArrayMode = 1 << 16;
const ArrayModes CopyOnWriteArrayWithDoubleArrayMode = 1 << 17;
const ArrayModes CopyOnWriteArrayWithContiguousArrayMode = 1 << 18;
#define asArrayModes(type) \
(static_cast<unsigned>(1) << static_cast<unsigned>(type))
const ArrayModes Int8ArrayMode = 1 << 19;
const ArrayModes Int16ArrayMode = 1 << 20;
const ArrayModes Int32ArrayMode = 1 << 21;
const ArrayModes Uint8ArrayMode = 1 << 22;
const ArrayModes Uint8ClampedArrayMode = 1 << 23;
const ArrayModes Uint16ArrayMode = 1 << 24;
const ArrayModes Uint32ArrayMode = 1 << 25;
const ArrayModes Float32ArrayMode = 1 << 26;
const ArrayModes Float64ArrayMode = 1 << 27;
inline constexpr ArrayModes asArrayModes(IndexingType indexingMode)
{
if (isCopyOnWrite(indexingMode)) {
switch (indexingMode) {
case CopyOnWriteArrayWithInt32:
return CopyOnWriteArrayWithInt32ArrayMode;
case CopyOnWriteArrayWithDouble:
return CopyOnWriteArrayWithDoubleArrayMode;
case CopyOnWriteArrayWithContiguous:
return CopyOnWriteArrayWithContiguousArrayMode;
default:
UNREACHABLE_FOR_PLATFORM();
return 0;
}
}
return static_cast<unsigned>(1) << static_cast<unsigned>(indexingMode);
}
#define ALL_TYPED_ARRAY_MODES \
(Int8ArrayMode \
......@@ -73,6 +93,11 @@ const ArrayModes Float64ArrayMode = 1 << 24;
| asArrayModes(NonArrayWithSlowPutArrayStorage) \
| ALL_TYPED_ARRAY_MODES)
#define ALL_COPY_ON_WRITE_ARRAY_MODES \
(CopyOnWriteArrayWithInt32ArrayMode \
| CopyOnWriteArrayWithDoubleArrayMode \
| CopyOnWriteArrayWithContiguousArrayMode)
#define ALL_ARRAY_ARRAY_MODES \
(asArrayModes(ArrayClass) \
| asArrayModes(ArrayWithUndecided) \
......@@ -80,7 +105,8 @@ const ArrayModes Float64ArrayMode = 1 << 24;
| asArrayModes(ArrayWithDouble) \
| asArrayModes(ArrayWithContiguous) \
| asArrayModes(ArrayWithArrayStorage) \
| asArrayModes(ArrayWithSlowPutArrayStorage))
| asArrayModes(ArrayWithSlowPutArrayStorage) \
| ALL_COPY_ON_WRITE_ARRAY_MODES)
#define ALL_ARRAY_MODES (ALL_NON_ARRAY_ARRAY_MODES | ALL_ARRAY_ARRAY_MODES)
......@@ -109,7 +135,8 @@ inline ArrayModes arrayModeFromStructure(Structure* structure)
case NotTypedArray:
break;
}
return asArrayModes(structure->indexingType());
return asArrayModes(structure->indexingMode());
}
void dumpArrayModes(PrintStream&, ArrayModes);
......@@ -137,7 +164,10 @@ inline bool arrayModesAlreadyChecked(ArrayModes proven, ArrayModes expected)
inline bool arrayModesInclude(ArrayModes arrayModes, IndexingType shape)
{
return !!(arrayModes & (asArrayModes(NonArray | shape) | asArrayModes(ArrayClass | shape)));
ArrayModes modes = asArrayModes(NonArray | shape) | asArrayModes(ArrayClass | shape);
if (hasInt32(shape) || hasDouble(shape) || hasContiguous(shape))
modes |= asArrayModes(ArrayClass | shape | CopyOnWrite);
return !!(arrayModes & modes);
}
inline bool shouldUseSlowPutArrayStorage(ArrayModes arrayModes)
......@@ -175,6 +205,11 @@ inline bool hasSeenNonArray(ArrayModes arrayModes)
return arrayModes & ALL_NON_ARRAY_ARRAY_MODES;
}
inline bool hasSeenCopyOnWriteArray(ArrayModes arrayModes)
{
return arrayModes & ALL_COPY_ON_WRITE_ARRAY_MODES;
}
class ArrayProfile {
public:
ArrayProfile()
......@@ -228,7 +263,7 @@ public:
bool outOfBounds(const ConcurrentJSLocker&) const { return m_outOfBounds; }
bool usesOriginalArrayStructures(const ConcurrentJSLocker&) const { return m_usesOriginalArrayStructures; }
CString briefDescription(const ConcurrentJSLocker&, CodeBlock*);
CString briefDescriptionWithoutUpdating(const ConcurrentJSLocker&);
......
......@@ -229,7 +229,9 @@ void BytecodeGeneratorification::run()
VirtualRegister operand = virtualRegisterForLocal(index);
Storage storage = storageForGeneratorLocal(index);
UnlinkedValueProfile profile = m_codeBlock->addValueProfile();
UnlinkedValueProfile profile = m_codeBlock->vm()->canUseJIT()
? m_codeBlock->addValueProfile()
: static_cast<UnlinkedValueProfile>(-1);
fragment.appendInstruction(
op_get_from_scope,
operand.offset(), // dst
......
......@@ -20,9 +20,12 @@
{ "name" : "op_new_object", "length" : 4 },
{ "name" : "op_new_array", "length" : 5 },
{ "name" : "op_new_array_with_size", "length" : 4 },
{ "name" : "op_new_array_buffer", "offsets" :
[{"dst" : "int"},
{"immutableButterfly" : "int"},
{"profile" : "ArrayAllocationProfile*"}]},
{ "name" : "op_new_array_with_spread", "length" : 5 },
{ "name" : "op_spread", "length" : 3 },
{ "name" : "op_new_array_buffer", "length" : 4 },
{ "name" : "op_new_regexp", "length" : 3 },
{ "name" : "op_mov", "length" : 3 },
{ "name" : "op_not", "length" : 3 },
......
......@@ -35,6 +35,7 @@
#include "BytecodeDumper.h"
#include "BytecodeGenerator.h"
#include "BytecodeLivenessAnalysis.h"
#include "BytecodeStructs.h"
#include "BytecodeUseDef.h"
#include "CallLinkStatus.h"
#include "CodeBlockSet.h"
......@@ -599,12 +600,19 @@ bool CodeBlock::finishCreation(VM& vm, ScriptExecutable* ownerExecutable, Unlink
}
case op_new_array:
case op_new_array_buffer:
case op_new_array_with_size: {
int arrayAllocationProfileIndex = pc[opLength - 1].u.operand;
instructions[i + opLength - 1] = &m_arrayAllocationProfiles[arrayAllocationProfileIndex];
case op_new_array_with_size:
case op_new_array_buffer: {
unsigned arrayAllocationProfileIndex;
IndexingType recommendedIndexingType;
std::tie(arrayAllocationProfileIndex, recommendedIndexingType) = UnlinkedCodeBlock::decompressArrayAllocationProfile(pc[opLength - 1].u.operand);
ArrayAllocationProfile* profile = &m_arrayAllocationProfiles[arrayAllocationProfileIndex];
if (pc[0].u.opcode == op_new_array_buffer)
profile->initializeIndexingMode(recommendedIndexingType);
instructions[i + opLength - 1] = profile;
break;
}
case op_new_object: {
int objectAllocationProfileIndex = pc[opLength - 1].u.operand;
ObjectAllocationProfile* objectAllocationProfile = &m_objectAllocationProfiles[objectAllocationProfileIndex];
......
......@@ -63,7 +63,6 @@
#include "ProfilerJettisonReason.h"
#include "ProgramExecutable.h"
#include "PutPropertySlot.h"
#include "UnconditionalFinalizer.h"
#include "ValueProfile.h"
#include "VirtualRegister.h"
#include "Watchpoint.h"
......
......@@ -263,7 +263,7 @@ bool InlineAccess::generateArrayLength(StructureStubInfo& stubInfo, JSArray* arr
GPRReg scratch = getScratchRegister(stubInfo);
jit.load8(CCallHelpers::Address(base, JSCell::indexingTypeAndMiscOffset()), scratch);
jit.and32(CCallHelpers::TrustedImm32(IsArray | IndexingShapeMask), scratch);
jit.and32(CCallHelpers::TrustedImm32(IndexingTypeMask), scratch);
auto branchToSlowPath = jit.patchableBranch32(
CCallHelpers::NotEqual, scratch, CCallHelpers::TrustedImm32(array->indexingType()));
jit.loadPtr(CCallHelpers::Address(base, JSObject::butterflyOffset()), value.payloadGPR());
......@@ -287,7 +287,7 @@ bool InlineAccess::generateSelfInAccess(StructureStubInfo& stubInfo, Structure*
MacroAssembler::NotEqual,
MacroAssembler::Address(base, JSCell::structureIDOffset()),
MacroAssembler::TrustedImm32(bitwise_cast<uint32_t>(structure->id())));
jit.boxBooleanPayload(true, value.payloadGPR());
jit.boxBoolean(true, value);
bool linkedCodeInline = linkCodeInline("in access", jit, stubInfo, [&] (LinkBuffer& linkBuffer) {
linkBuffer.link(branchToSlowPath, stubInfo.slowPathStartLocation());
......
......@@ -105,7 +105,7 @@ ALWAYS_INLINE void ObjectAllocationProfile::initializeProfile(VM& vm, JSGlobalOb
// Take advantage of extra inline capacity available in the size class.
if (allocator) {
size_t slop = (allocator.cellSize(vm.heap) - allocationSize) / sizeof(WriteBarrier<Unknown>);
size_t slop = (allocator.cellSize() - allocationSize) / sizeof(WriteBarrier<Unknown>);
inlineCapacity += slop;
if (inlineCapacity > JSFinalObject::maxInlineCapacity())
inlineCapacity = JSFinalObject::maxInlineCapacity();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment