Timeline
Jun 23, 2013:
- 11:20 PM Changeset in webkit [151893] by
-
- 2 edits in trunk/LayoutTests
AX: Rebaseline test after r151868
https://bugs.webkit.org/show_bug.cgi?id=117892
Rubber stamped by Chris Fleizach.
- platform/mac/accessibility/lists-expected.txt:
- 10:49 PM Changeset in webkit [151892] by
-
- 2 edits in trunk/LayoutTests
Unreviewed EFL gardening. Unskip two media tests because there is no crash after system update.
- platform/efl/TestExpectations:
- 9:07 PM Changeset in webkit [151891] by
-
- 1 edit in branches/dfgFourthTier/Source/WTF/ChangeLog
fourthTier: DFG should optimize identifier string equality
https://bugs.webkit.org/show_bug.cgi?id=117920
Reviewed by Sam Weinig.
Note that this ChangeLog was supposed to be committed in r151890.
Expose the IsIdentifier bit to the JIT.
- wtf/text/StringImpl.h:
(WTF::StringImpl::flagIsIdentifier):
- 9:05 PM Changeset in webkit [151890] by
-
- 12 edits6 adds in branches/dfgFourthTier
fourthTier: DFG should optimize identifier string equality
https://bugs.webkit.org/show_bug.cgi?id=117920
Source/JavaScriptCore:
Reviewed by Sam Weinig.
This is a 20% speed-up for string equality comparisons when both strings are
identifiers.
This is important for two reasons:
1) Using strings as enumerations is an idiom. A great example is typeof. It
would be great if this performed better.
2) When I implement switch_string in the DFG, it would be great to optimize
the case where the switched-on value is an identifier. That would involve
a simple binary switch rather than a more complicated trie-switch over
characters.
- bytecode/SpeculatedType.cpp:
(JSC::dumpSpeculation):
(JSC::speculationToAbbreviatedString):
(JSC::speculationFromCell):
- bytecode/SpeculatedType.h:
(JSC):
(JSC::isStringIdentSpeculation):
(JSC::isStringSpeculation):
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGNode.h:
(JSC::DFG::Node::shouldSpeculateStringIdent):
(Node):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileStrictEq):
(JSC::DFG::SpeculativeJIT::compileStringEquality):
(JSC::DFG::SpeculativeJIT::compileStringIdentEquality):
(DFG):
(JSC::DFG::SpeculativeJIT::speculateString):
(JSC::DFG::SpeculativeJIT::speculateStringIdentAndLoadStorage):
(JSC::DFG::SpeculativeJIT::speculateStringIdent):
(JSC::DFG::SpeculativeJIT::speculate):
- dfg/DFGSpeculativeJIT.h:
(SpeculativeJIT):
- dfg/DFGUseKind.cpp:
(WTF::printInternal):
- dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):
(JSC::DFG::isCell):
LayoutTests:
Reviewed by Sam Weinig.
Add a benchmark for string equality where there is a long identifier, and
also add a benchmark for non-identifier string equality (since the previous
test for string equality was really identifier equality).
- fast/js/regress/script-tests/string-long-ident-equality.js: Added.
(foo):
- fast/js/regress/script-tests/string-var-equality.js: Added.
(addFoo):
(foo):
- fast/js/regress/string-long-ident-equality-expected.txt: Added.
- fast/js/regress/string-long-ident-equality.html: Added.
- fast/js/regress/string-var-equality-expected.txt: Added.
- fast/js/regress/string-var-equality.html: Added.
- 6:41 PM Changeset in webkit [151889] by
-
- 7 edits3 adds in branches/dfgFourthTier
Merge trunk r147965.
Source/JavaScriptCore:
2013-04-08 Filip Pizlo <fpizlo@apple.com>
DFG should be able to inline string equality comparisons
https://bugs.webkit.org/show_bug.cgi?id=114224
Reviewed by Oliver Hunt.
Inline 8-bit string equality, go to slow path for 16-bit strings. 2x speed-up for string equality
comparisons on 8-bit strings. 20-50% speed-up on JSRegress/HashMap tests. 30% speed-up on
string-fasta. 2% speed-up on SunSpider overall. Some small speed-ups elsewhere.
This is a gnarly change but we have loads of test coverage already between the HashMap tests and
preexisting DFG string equality tests (which appear to have been designed to test OSR exits, but
also give us good overall coverage on string equality behavior).
- dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGOperations.cpp:
- dfg/DFGOperations.h:
- dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch): (JSC::DFG::SpeculativeJIT::compare): (JSC::DFG::SpeculativeJIT::compileStrictEq): (JSC::DFG::SpeculativeJIT::compileStringEquality): (DFG):
- dfg/DFGSpeculativeJIT.h: (SpeculativeJIT):
LayoutTests:
2013-04-08 Filip Pizlo <fpizlo@apple.com>
DFG should be able to inline string equality comparisons
https://bugs.webkit.org/show_bug.cgi?id=114224
Reviewed by Oliver Hunt.
- fast/js/regress/script-tests/string-equality.js: Added. (foo):
- fast/js/regress/string-equality-expected.txt: Added.
- fast/js/regress/string-equality.html: Added.
- 5:40 PM Changeset in webkit [151888] by
-
- 17 edits in trunk/Source
Sort all the Xcode project files
https://bugs.webkit.org/show_bug.cgi?id=117696
Reviewed by Anders Carlsson.
Source/JavaScriptCore:
- JavaScriptCore.xcodeproj/project.pbxproj: Ran the sort-Xcode-project-file script.
Source/ThirdParty:
- gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj: Ran the sort-Xcode-project-file script.
- gtest/xcode/gtest.xcodeproj/project.pbxproj: Ran the sort-Xcode-project-file script.
Source/ThirdParty/ANGLE:
- ANGLE.xcodeproj/project.pbxproj: Ran the sort-Xcode-project-file script.
Source/WebCore:
- WebCore.xcodeproj/project.pbxproj: Ran the sort-Xcode-project-file script.
Source/WebInspectorUI:
- WebInspectorUI.xcodeproj/project.pbxproj: Ran the sort-Xcode-project-file script.
Source/WebKit:
- WebKit.xcodeproj/project.pbxproj: Ran the sort-Xcode-project-file script.
Source/WebKit2:
- WebKit2.xcodeproj/project.pbxproj: Ran the sort-Xcode-project-file script.
Source/WTF:
- WTF.xcodeproj/project.pbxproj: Ran the sort-Xcode-project-file script.
Jun 22, 2013:
- 11:24 PM Changeset in webkit [151887] by
-
- 3 edits in trunk/Source/WebCore
Remove redundant helper from RenderRegion.
https://bugs.webkit.org/show_bug.cgi?id=117915
Patch by Zalan Bujtas <Alan Bujtas> on 2013-06-22
Reviewed by Andreas Kling.
Minor code cleanup.
- rendering/RenderRegion.cpp:
(WebCore::RenderRegion::regionOversetState):
(WebCore::RenderRegion::setRegionOversetState):
- rendering/RenderRegion.h:
- 11:14 PM Changeset in webkit [151886] by
-
- 3 edits in trunk/Tools
[EFL] Add support for MHTML save/load feature to MiniBrowser
https://bugs.webkit.org/show_bug.cgi?id=106620
Patch by Santosh Mahto <santosh.ma@samsung.com> on 2013-06-22
Reviewed by Christophe Dumez.
Enable CTRL + S as save page in mhtml and CTRL + L to load any page
from filesystem.
- MiniBrowser/efl/CMakeLists.txt:
- MiniBrowser/efl/main.c:
(page_contents_callback):
(on_key_down):
(show_file_entry_dialog): generic function to show file enrty
selector dialogue
- 9:57 PM Changeset in webkit [151885] by
-
- 10 edits6 adds in branches/dfgFourthTier
fourthTier: DFG shouldn't exit just because a String GetByVal went out-of-bounds
https://bugs.webkit.org/show_bug.cgi?id=117906
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
This does the obvious thing, but also makes sure that out-of-bounds accesses
don't fall off into a C call, but try to do the fast thing if the prototype
chain is sane. We ought to probably do this for other array accesses in the
future, as well, since it's so darn easy.
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGOperations.cpp:
- dfg/DFGOperations.h:
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
- dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
- runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::objectPrototypeIsSane):
(JSC):
(JSC::JSGlobalObject::arrayPrototypeChainIsSane):
(JSC::JSGlobalObject::stringPrototypeChainIsSane):
- runtime/JSGlobalObject.h:
(JSGlobalObject):
LayoutTests:
Reviewed by Mark Hahnenberg.
The out-of-bounds benchmark that isn't insane speeds up by 22x in this
patch.
- fast/js/regress/script-tests/string-get-by-val-out-of-bounds-insane.js: Added.
(foo):
- fast/js/regress/script-tests/string-get-by-val-out-of-bounds.js: Added.
(foo):
- fast/js/regress/string-get-by-val-out-of-bounds-expected.txt: Added.
- fast/js/regress/string-get-by-val-out-of-bounds-insane-expected.txt: Added.
- fast/js/regress/string-get-by-val-out-of-bounds-insane.html: Added.
- fast/js/regress/string-get-by-val-out-of-bounds.html: Added.
- 8:31 PM Changeset in webkit [151884] by
-
- 5 edits in tags/Safari-537.46.5/Source
“Versioning.”
- 8:28 PM Changeset in webkit [151883] by
-
- 1 copy in tags/Safari-537.46.5
New tag.
- 6:42 PM Changeset in webkit [151882] by
-
- 2 edits in branches/dfgFourthTier/Source/JavaScriptCore
fourthTier: GC's put_by_id transition fixpoint should converge more quickly
https://bugs.webkit.org/show_bug.cgi?id=117912
Reviewed by Mark Hahnenberg.
This was a rookie mistake. The GC does a classic forward data flow fixpoint. These work well so long as you
iterate the program in program order, or at least something close to program order. Because I enjoy reverse
loops ("while (n--) blah"), I ended up iterating in *reverse* of program order which ensured worst-case
pathologies every single time. And unsurprisingly, this slowed down a program, namely pdfjs.
Flipping the loops to iterate forward fixes a 90% regression in Octane/pdfjs and is otherwise neutral.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::propagateTransitions):
- 4:33 PM Changeset in webkit [151881] by
-
- 2 edits in trunk/Source/WebKit2
Slightly reduce width threshold on detection of primary snapshotted Plug-In
https://bugs.webkit.org/show_bug.cgi?id=117914
<rdar://problem/14136687>
Reviewed by Simon Fraser.
We've noticed some content that should be detected as the primary snapshotted plug-in,
but is just a bit smaller than our 450x300 minimum threshold. Reduce the width to 400.
- WebProcess/WebPage/WebPage.cpp: Change primarySnapshottedPlugInMinimumWidth from 450 to 400.
- 4:16 PM Changeset in webkit [151880] by
-
- 2 edits in trunk/Source/WebCore
Build fix after r151878.
- platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
(WebCore::WebCoreAVFResourceLoader::startLoading): Pass the new UseDefaultOriginRestrictionsForType
argument to the ResourceLoaderOptions constructor.
- 1:29 PM Changeset in webkit [151879] by
-
- 2 edits in trunk/Source/WebCore
Followup from r151877 .
Fix crash in fast/frames/iframe-access-screen-of-deleted.html by null-checking the widget.
- platform/mac/PlatformScreenMac.mm:
(WebCore::screenForWidget):
- 12:56 PM Changeset in webkit [151878] by
-
- 14 edits3 adds in trunk
[CSS Shapes] limit shape image values to same origin
https://bugs.webkit.org/show_bug.cgi?id=117610
Reviewed by Alexey Proskuryakov.
Source/WebCore:
Restrict the image URL values for shape-inside and shape-outside to
the same origin as the document. The alpha channel of image shape values
will be thresholded to produce the shape's boundaries (see bug 116643)
so normal image access rules aren't secure enough.
Added a RequestOriginPolicy ResourceLoaderOption which is used by
StyleResolver::loadPendingShapeImage() to request the additional restriction.
The change should have no other effect although it does enable one to apply
the same restriction to other resources which can currently be loaded from
any origin - see CachedResourceLoader::canRequest().
Test: http/tests/security/shape-inside-image-origin.html
- css/CSSImageValue.cpp:
(WebCore::CSSImageValue::cachedImage): Add an effectively optional ResourceLoaderOptions parameter.
- css/CSSImageValue.h:
(WebCore::CSSImageValue::cachedImage): Ditto.
- css/StyleResolver.cpp:
(WebCore::StyleResolver::loadPendingShapeImage): Load the image with the default CachedResourceLoader options plus RestrictToSameOrigin.
(WebCore::StyleResolver::loadPendingImages): Call loadPendingShapeImage().
- css/StyleResolver.h:
- loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::startLoadingMainResource): Update the ResourceLoaderOptions static variable.
- loader/NetscapePlugInStreamLoader.cpp:
(WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Ditto.
- loader/ResourceLoader.h:
(WebCore::ResourceLoader::options):
- loader/ResourceLoaderOptions.h: Add RequestOriginPolicy enum.
(WebCore::ResourceLoaderOptions::ResourceLoaderOptions):
- loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::willSendRequest): Pass ResourceLoaderOptions along to revised CachedResourceLoader::canRequest().
- loader/cache/CachedResourceLoader.cpp:
(WebCore::CachedResourceLoader::requestImage):
(WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Update load() ResourceLoaderOptions.
(WebCore::CachedResourceLoader::canRequest): Replaced ContentSecurityPolicyCheck parameter with ResourceLoaderOptions.
(WebCore::CachedResourceLoader::requestResource): Pass ResourceLoaderOptions along to revised CachedResourceLoader::canRequest().
(WebCore::CachedResourceLoader::defaultCachedResourceOptions): Added UseDefaultOriginRestrictionsForType initializer.
- loader/cache/CachedResourceLoader.h:
- loader/icon/IconLoader.cpp:
(WebCore::IconLoader::startLoading): Added UseDefaultOriginRestrictionsForType intializer.
LayoutTests:
Verify that a non same-origin image URL specified for shape-inside or
shape-outside will not load and the shape property will be reset to "none".
- http/tests/resources/square100.png: Added.
- http/tests/security/shape-inside-image-origin-expected.txt: Added.
- http/tests/security/shape-inside-image-origin.html: Added.
- 12:41 PM Changeset in webkit [151877] by
-
- 11 edits1 add in trunk/Source
screen.availWidth always returns width of primary display
https://bugs.webkit.org/show_bug.cgi?id=117863
Source/WebCore:
Reviewed by Geoffrey Garen.
In WebKit2, Widgets have no platformWidget, so trying to get to the
NSScreen via the platform widget's window never succeeded, and we always
fell back on getting info for the main display.
However, we were already pushing the WKView's displayID down to the
WebProcess for the requestAnimationFrame infrastructure, so use that.
Add a virtual function on Widget windowDisplayID(), that is overridden
in FrameView to return the PlatformDisplayID which Page has.
Fix PlatformScreenMac to fall back to Widget::windowDisplayID() when it fails
to get an NSWindow from the Widget.
Add a utility category on NSScreen to get an NSScreen's displayID, and to
find an NSScreen given a displayID.
- WebCore.exp.in:
- WebCore.xcodeproj/project.pbxproj:
- page/FrameView.cpp:
(WebCore::FrameView::windowDisplayID):
- page/FrameView.h:
- platform/Widget.cpp:
(WebCore::Widget::windowDisplayID):
- platform/Widget.h:
- platform/mac/PlatformScreenMac.h: Added.
- platform/mac/PlatformScreenMac.mm:
(+[NSScreen screenForDislayID:]):
(-[NSScreen displayID]):
(WebCore::screenRect):
(WebCore::screenAvailableRect):
- platform/mac/WidgetMac.mm:
(WebCore::Widget::windowDisplayID):
Source/WebKit2:
Reviewed by Geoffrey Garen.
In WebKit2, Widgets have no platformWidget, so trying to get to the
NSScreen via the platform widget's window never succeeded, and we always
fell back on getting info for the main display.
However, we were already pushing the WKView's displayID down to the
WebProcess for the requestAnimationFrame infrastructure, so use that.
The WebProcess would not receive a displayID for a WKView until the window
was activated; fix by calling -doWindowDidChangeScreen when the view
moves to a window, rather than doing it from -_windowDidBecomeKey:.
- UIProcess/API/mac/WKView.mm:
(-[WKView viewDidMoveToWindow]):
(-[WKView _windowDidBecomeKey:]):
