parent
52fba13746
commit
e88f69a44e
@ -1,2 +1,2 @@
|
||||
SOURCES/webkitgtk-2.40.5.tar.xz
|
||||
SOURCES/webkitgtk-2.46.1.tar.xz
|
||||
SOURCES/webkitgtk-keys.gpg
|
||||
|
@ -1,2 +1,2 @@
|
||||
2f4d06b021115eb4106177f7d5f534f45b5d3b2e SOURCES/webkitgtk-2.40.5.tar.xz
|
||||
cf57cbbadf2a07c6ede1c886f9742b7d352460c0 SOURCES/webkitgtk-keys.gpg
|
||||
0c2267a0ad26f40cc413a9a46934e1d0c73611cb SOURCES/webkitgtk-2.46.1.tar.xz
|
||||
04b10b8a486542c4551269c20b18b5c1c6cb4f94 SOURCES/webkitgtk-keys.gpg
|
||||
|
@ -1,80 +0,0 @@
|
||||
From 00352dd86bfa102b6e4b792120e3ef3498a27d1e Mon Sep 17 00:00:00 2001
|
||||
From: Russell Epstein <repstein@apple.com>
|
||||
Date: Fri, 17 Nov 2023 15:48:32 -0800
|
||||
Subject: [PATCH] Cherry-pick b0a755e34426.
|
||||
https://bugs.webkit.org/show_bug.cgi?id=265067
|
||||
|
||||
Race condition between JSObject::getDirectConcurrently users and Structure::flattenDictionaryStructure
|
||||
https://bugs.webkit.org/show_bug.cgi?id=265067
|
||||
rdar://118548733
|
||||
|
||||
Reviewed by Justin Michaud and Mark Lam.
|
||||
|
||||
Like Array shift/unshift, flattenDictionaryStructure is the other code which can shrink butterfly for named properties (no other code does it).
|
||||
Compiler threads rely on the fact that normally named property storage never shrunk. And we should catch this exceptional case by taking a cellLock
|
||||
in the compiler thread. But flattenDictionaryStructure is not taking cellLock correctly.
|
||||
|
||||
This patch computes afterOutOfLineCapacity first to detect that whether this flattening will shrink the butterfly.
|
||||
And if it is, then we take a cellLock. We do not need to take it if we do not shrink the butterfly.
|
||||
|
||||
* Source/JavaScriptCore/runtime/Structure.cpp:
|
||||
(JSC::Structure::flattenDictionaryStructure):
|
||||
|
||||
Canonical link: https://commits.webkit.org/267815.577@safari-7617-branch
|
||||
|
||||
Canonical link: https://commits.webkit.org/265870.632@safari-7616.2.9.10-branch
|
||||
---
|
||||
Source/JavaScriptCore/runtime/Structure.cpp | 28 +++++++++++++++------
|
||||
1 file changed, 21 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/Source/JavaScriptCore/runtime/Structure.cpp b/Source/JavaScriptCore/runtime/Structure.cpp
|
||||
index 2922e2478794c..9d094e2c8adc8 100644
|
||||
--- a/Source/JavaScriptCore/runtime/Structure.cpp
|
||||
+++ b/Source/JavaScriptCore/runtime/Structure.cpp
|
||||
@@ -913,17 +913,31 @@ Structure* Structure::flattenDictionaryStructure(VM& vm, JSObject* object)
|
||||
checkOffsetConsistency();
|
||||
ASSERT(isDictionary());
|
||||
ASSERT(object->structure() == this);
|
||||
-
|
||||
- GCSafeConcurrentJSLocker locker(m_lock, vm);
|
||||
-
|
||||
- object->setStructureIDDirectly(id().nuke());
|
||||
- WTF::storeStoreFence();
|
||||
|
||||
+ Locker<JSCellLock> cellLocker(NoLockingNecessary);
|
||||
+
|
||||
+ PropertyTable* table = nullptr;
|
||||
size_t beforeOutOfLineCapacity = this->outOfLineCapacity();
|
||||
+ size_t afterOutOfLineCapacity = beforeOutOfLineCapacity;
|
||||
if (isUncacheableDictionary()) {
|
||||
- PropertyTable* table = propertyTableOrNull();
|
||||
+ table = propertyTableOrNull();
|
||||
ASSERT(table);
|
||||
+ PropertyOffset maxOffset = invalidOffset;
|
||||
+ if (unsigned propertyCount = table->size())
|
||||
+ maxOffset = offsetForPropertyNumber(propertyCount - 1, m_inlineCapacity);
|
||||
+ afterOutOfLineCapacity = outOfLineCapacity(maxOffset);
|
||||
+ }
|
||||
|
||||
+ // This is the only case we shrink butterfly in this function. We should take a cell lock to protect against concurrent access to the butterfly.
|
||||
+ if (beforeOutOfLineCapacity != afterOutOfLineCapacity)
|
||||
+ cellLocker = Locker { object->cellLock() };
|
||||
+
|
||||
+ GCSafeConcurrentJSLocker locker(m_lock, vm);
|
||||
+
|
||||
+ object->setStructureIDDirectly(id().nuke());
|
||||
+ WTF::storeStoreFence();
|
||||
+
|
||||
+ if (isUncacheableDictionary()) {
|
||||
size_t propertyCount = table->size();
|
||||
|
||||
// Holds our values compacted by insertion order. This is OK since GC is deferred.
|
||||
@@ -955,7 +969,7 @@ Structure* Structure::flattenDictionaryStructure(VM& vm, JSObject* object)
|
||||
setDictionaryKind(NoneDictionaryKind);
|
||||
setHasBeenFlattenedBefore(true);
|
||||
|
||||
- size_t afterOutOfLineCapacity = this->outOfLineCapacity();
|
||||
+ ASSERT(this->outOfLineCapacity() == afterOutOfLineCapacity);
|
||||
|
||||
if (object->butterfly() && beforeOutOfLineCapacity != afterOutOfLineCapacity) {
|
||||
ASSERT(beforeOutOfLineCapacity > afterOutOfLineCapacity);
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,59 @@
|
||||
diff --git a/Source/WTF/wtf/glib/GSocketMonitor.cpp b/Source/WTF/wtf/glib/GSocketMonitor.cpp
|
||||
index c88ea9f91ca49..f3e31efb50530 100644
|
||||
--- a/Source/WTF/wtf/glib/GSocketMonitor.cpp
|
||||
+++ b/Source/WTF/wtf/glib/GSocketMonitor.cpp
|
||||
@@ -33,6 +33,7 @@ namespace WTF {
|
||||
|
||||
GSocketMonitor::~GSocketMonitor()
|
||||
{
|
||||
+ RELEASE_ASSERT(!m_isExecutingCallback);
|
||||
stop();
|
||||
}
|
||||
|
||||
@@ -40,7 +41,17 @@ gboolean GSocketMonitor::socketSourceCallback(GSocket*, GIOCondition condition,
|
||||
{
|
||||
if (g_cancellable_is_cancelled(monitor->m_cancellable.get()))
|
||||
return G_SOURCE_REMOVE;
|
||||
- return monitor->m_callback(condition);
|
||||
+
|
||||
+ monitor->m_isExecutingCallback = true;
|
||||
+ gboolean result = monitor->m_callback(condition);
|
||||
+ monitor->m_isExecutingCallback = false;
|
||||
+
|
||||
+ if (monitor->m_shouldDestroyCallback) {
|
||||
+ monitor->m_callback = nullptr;
|
||||
+ monitor->m_shouldDestroyCallback = false;
|
||||
+ }
|
||||
+
|
||||
+ return result;
|
||||
}
|
||||
|
||||
void GSocketMonitor::start(GSocket* socket, GIOCondition condition, RunLoop& runLoop, Function<gboolean(GIOCondition)>&& callback)
|
||||
@@ -65,7 +76,13 @@ void GSocketMonitor::stop()
|
||||
m_cancellable = nullptr;
|
||||
g_source_destroy(m_source.get());
|
||||
m_source = nullptr;
|
||||
- m_callback = nullptr;
|
||||
+
|
||||
+ // It's normal to stop the socket monitor from inside its callback.
|
||||
+ // Don't destroy the callback while it's still executing.
|
||||
+ if (m_isExecutingCallback)
|
||||
+ m_shouldDestroyCallback = true;
|
||||
+ else
|
||||
+ m_callback = nullptr;
|
||||
}
|
||||
|
||||
} // namespace WTF
|
||||
diff --git a/Source/WTF/wtf/glib/GSocketMonitor.h b/Source/WTF/wtf/glib/GSocketMonitor.h
|
||||
index 7ec383a6e37c7..9393c546b5938 100644
|
||||
--- a/Source/WTF/wtf/glib/GSocketMonitor.h
|
||||
+++ b/Source/WTF/wtf/glib/GSocketMonitor.h
|
||||
@@ -51,6 +51,8 @@ class GSocketMonitor {
|
||||
GRefPtr<GSource> m_source;
|
||||
GRefPtr<GCancellable> m_cancellable;
|
||||
Function<gboolean(GIOCondition)> m_callback;
|
||||
+ bool m_isExecutingCallback { false };
|
||||
+ bool m_shouldDestroyCallback { false };
|
||||
};
|
||||
|
||||
} // namespace WTF
|
@ -1,6 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iF0EABEDAB0WIQTX/PYc+aLeqzHYG9Pz0yLQ7EWCwwUCZMjRYQAKCRDz0yLQ7EWC
|
||||
wwPPAJ0XUmEmSr4IFQWpbDfPOR9keXY+lwCfVLyOFL8T55psriGN4vkxVZqq+EM=
|
||||
=nGCs
|
||||
-----END PGP SIGNATURE-----
|
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEAToBJ6ycZbNP+mJSbBAJtpOXU5MFAmb6Z+AACgkQbBAJtpOX
|
||||
U5NlAw/8CHhuDyRYXXA40eq/bBGdeqKprVXAMPReGMulG7ZPd4qu1eokED7XZCdO
|
||||
HUe/3Mdzppo/B9gqpPuCnb57/e0b6ma1E66bsHCE33+uUxy1n22kT43gsdEO7etZ
|
||||
toVMK/QUMhMEgwfJkXGIW8odIcvoqYKP9C0sMdpdhGbNr+OBRMJmk6eWAAhNP/mj
|
||||
csx3xUpBzCJ5vlDCfinYlOhPm2Bl40QgED6yocaMa6rlt/gOj5ctwr97v9BaU3qG
|
||||
OZKP6o9nOAh5aUbHdyFADg7CMP7opqBMpH+yBg7pqQQ73NnKNw9jPp6shWanOmKk
|
||||
FFSU8QgZu5lSvp/I3cBaSY0+QuQmUBeq1wFSlrKw8YmVZgFspj7i1WVfu4aDFdMQ
|
||||
1VeEG4atsKatS+oeW0h6NGhWjlIYlaKqB6Vylb/fv3/RvaRocSkWEsMikipf6dWX
|
||||
0KuBvf9Jr/6wSA62XuGqIPUxLjbRirGdADVQGqb4Yvk7spok8JnQGdxqixgfbuWc
|
||||
xURun7A3B6S5y4/UHARSmLyXqmO55o6bT1iuIlbzK06rd9AWfA8CgLNUySVsdWzO
|
||||
HHGvLweSeMDS5dlVr4vE0eczUICBtl6TB6A9ydsxTj1TvmgrmDlBVls5XWFK0vcs
|
||||
ErTeBoMPCjYcjD8lqo5O7nr0uDMNHLYlEvaq5t5EYVZergylVPo=
|
||||
=WrNA
|
||||
-----END PGP SIGNATURE-----
|
@ -0,0 +1,49 @@
|
||||
diff -up webkitgtk-2.45.92/Source/ThirdParty/skia/include/private/base/SkFeatures.h.orig webkitgtk-2.45.92/Source/ThirdParty/skia/include/private/base/SkFeatures.h
|
||||
--- webkitgtk-2.45.92/Source/ThirdParty/skia/include/private/base/SkFeatures.h.orig 2024-09-12 08:22:24.667260964 +0000
|
||||
+++ webkitgtk-2.45.92/Source/ThirdParty/skia/include/private/base/SkFeatures.h 2024-09-12 08:22:46.616832364 +0000
|
||||
@@ -69,6 +69,10 @@
|
||||
#define SK_CPU_LOONGARCH 1
|
||||
#endif
|
||||
|
||||
+#if defined(__powerpc__) || defined (__powerpc64__)
|
||||
+ #define SK_CPU_PPC 1
|
||||
+#endif
|
||||
+
|
||||
/**
|
||||
* SK_CPU_SSE_LEVEL
|
||||
*
|
||||
diff -up webkitgtk-2.45.92/Source/ThirdParty/skia/src/core/SkRasterPipeline.h.orig webkitgtk-2.45.92/Source/ThirdParty/skia/src/core/SkRasterPipeline.h
|
||||
--- webkitgtk-2.45.92/Source/ThirdParty/skia/src/core/SkRasterPipeline.h.orig 2024-09-12 08:16:25.444163366 +0000
|
||||
+++ webkitgtk-2.45.92/Source/ThirdParty/skia/src/core/SkRasterPipeline.h 2024-09-12 08:16:43.603797893 +0000
|
||||
@@ -27,7 +27,7 @@ struct SkImageInfo;
|
||||
struct skcms_TransferFunction;
|
||||
|
||||
#if __has_cpp_attribute(clang::musttail) && !defined(__EMSCRIPTEN__) && !defined(SK_CPU_ARM32) && \
|
||||
- !defined(SK_CPU_LOONGARCH)
|
||||
+ !defined(SK_CPU_LOONGARCH) && !defined(SK_CPU_PPC)
|
||||
#define SK_HAS_MUSTTAIL 1
|
||||
#else
|
||||
#define SK_HAS_MUSTTAIL 0
|
||||
diff -up webkitgtk-2.45.92/Source/ThirdParty/skia/modules/skcms/src/skcms_internals.h.orig webkitgtk-2.45.92/Source/ThirdParty/skia/modules/skcms/src/skcms_internals.h
|
||||
--- webkitgtk-2.45.92/Source/ThirdParty/skia/modules/skcms/src/skcms_internals.h.orig 2024-09-12 08:49:09.985808211 +0000
|
||||
+++ webkitgtk-2.45.92/Source/ThirdParty/skia/modules/skcms/src/skcms_internals.h 2024-09-12 08:49:19.835612828 +0000
|
||||
@@ -48,6 +48,7 @@ extern "C" {
|
||||
&& !defined(__arm__) \
|
||||
&& !defined(__riscv) \
|
||||
&& !defined(__loongarch__) \
|
||||
+ && !defined(__powerpc__) \
|
||||
&& !defined(_WIN32) && !defined(__SYMBIAN32__)
|
||||
#define SKCMS_HAS_MUSTTAIL 1
|
||||
#endif
|
||||
diff -up webkitgtk-2.45.92/Source/WTF/wtf/Compiler.h.orig webkitgtk-2.45.92/Source/WTF/wtf/Compiler.h
|
||||
--- webkitgtk-2.45.92/Source/WTF/wtf/Compiler.h.orig 2024-09-12 09:14:10.775885415 +0000
|
||||
+++ webkitgtk-2.45.92/Source/WTF/wtf/Compiler.h 2024-09-12 09:15:27.264379291 +0000
|
||||
@@ -271,7 +271,7 @@
|
||||
/* MUST_TAIL_CALL */
|
||||
|
||||
#if !defined(MUST_TAIL_CALL) && defined(__cplusplus) && defined(__has_cpp_attribute)
|
||||
-#if __has_cpp_attribute(clang::musttail)
|
||||
+#if __has_cpp_attribute(clang::musttail) && !defined(__powerpc__)
|
||||
#define MUST_TAIL_CALL [[clang::musttail]]
|
||||
#endif
|
||||
#endif
|
Loading…
Reference in new issue