Timeline


and

07/30/14: Today

00:06 Changeset [171792] by carlosgc@webkit.org

[GTK] Remove WebKitCertificateInfo from WebKit2GTK+ API
https://bugs.webkit.org/show_bug.cgi?id=134830

Reviewed by Gustavo Noronha Silva.

Source/WebKit2:
It was added to make the API more convenient but it has ended up
making it more complicated. WebKitWebView::load-failed-with-tls-errors
now receives a GTlsCertificate + GTlsCertificateFlags and
webkit_web_context_allow_tls_certificate_for_host() receives a GTlsCertificate
since the errors are not actually needed. This makes the API more
consistent with the existing method webkit_web_view_get_tls_info().

  • PlatformGTK.cmake: Remove files from compilation.
  • UIProcess/API/gtk/WebKitCertificateInfo.cpp: Removed.
  • UIProcess/API/gtk/WebKitCertificateInfo.h: Removed.
  • UIProcess/API/gtk/WebKitCertificateInfoPrivate.h: Removed.
  • UIProcess/API/gtk/WebKitWebContext.cpp:

(webkit_web_context_allow_tls_certificate_for_host):

  • UIProcess/API/gtk/WebKitWebContext.h:
  • UIProcess/API/gtk/WebKitWebView.cpp:

(webkit_web_view_class_init):
(webkitWebViewLoadFailedWithTLSErrors):

  • UIProcess/API/gtk/WebKitWebView.h:
  • UIProcess/API/gtk/docs/webkit2gtk-docs.sgml:
  • UIProcess/API/gtk/docs/webkit2gtk-sections.txt:
  • UIProcess/API/gtk/webkit2.h:

Tools:
Update the SSL test for the API changes.

  • TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:

(testLoadFailedWithTLSErrors):

07/29/14: Yesterday

23:16 Changeset [171791] by jinwoo7.song@samsung.com

[EFL] Unreviewed EFL gardening. Rebaseline tests after r170418.

  • platform/efl/mathml/opentype/horizontal-expected.txt:
  • platform/efl/mathml/opentype/horizontal-munderover-expected.txt:
  • platform/efl/mathml/opentype/large-operators-expected.txt:
  • platform/efl/mathml/opentype/vertical-expected.txt:
  • platform/efl/mathml/presentation/menclose-notation-default-longdiv-expected.txt:
  • platform/efl/mathml/presentation/mo-stretch-expected.png:
  • platform/efl/mathml/presentation/mo-stretch-expected.txt:
  • platform/efl/mathml/presentation/roots-expected.png:
  • platform/efl/mathml/presentation/roots-expected.txt:
22:42 Changeset [171790] by commit-queue@webkit.org

Web Inspector: 80% of time during recording is spent creating source code locations for profile nodes
https://bugs.webkit.org/show_bug.cgi?id=135399

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-29
Reviewed by Timothy Hatcher.

Profiling the inspector while recording a timeline, a significant amount of
time was spent creating SourceCodeLocation objects for profiling information
and call frames. A lot of this data was eagerly being processed, even though
it would not immediately be presentable to the user.

This makes two significant changes. We create a LazySourceCodeLocation class
which does as little as possible until display information is requested. We
also lazily convert the profiler payload data to a Profile object, so the
processing is only done if you drill into the Script specific timeline.

This results in a significant performance improvement in the overview view.

  • UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager.prototype.eventRecorded.processRecord):
(WebInspector.TimelineManager.prototype.eventRecorded):
(WebInspector.TimelineManager.prototype._callFramesFromPayload.createCallFrame):
(WebInspector.TimelineManager.prototype._callFramesFromPayload):
(WebInspector.TimelineManager.prototype._profileFromPayload.profileNodeFromPayload): Deleted.
(WebInspector.TimelineManager.prototype._profileFromPayload.profileNodeCallFromPayload): Deleted.
(WebInspector.TimelineManager.prototype._profileFromPayload): Deleted.
Do not eagerly process profile payloads. Instead pass the payload to ScriptTimelineRecords.
Likewise create callframes with lazy source code locations to do the minimum amount of work.

  • UserInterface/Models/ScriptTimelineRecord.js:

(WebInspector.ScriptTimelineRecord):
(WebInspector.ScriptTimelineRecord.prototype.get profile):
(WebInspector.ScriptTimelineRecord.prototype._initializeProfileFromPayload.profileNodeFromPayload):
(WebInspector.ScriptTimelineRecord.prototype._initializeProfileFromPayload.profileNodeCallFromPayload):
(WebInspector.ScriptTimelineRecord.prototype._initializeProfileFromPayload):
Only when the profile is asked do we process the profiler payload information.
This defer the processing until at least the user drills into the Script timeline.

  • UserInterface/Main.html:

Add the new class and ensure SourceCodeLocation is available beforehand.

  • UserInterface/Models/LazySourceCodeLocation.js: Added.

(WebInspector.LazySourceCodeLocation):
(WebInspector.LazySourceCodeLocation.prototype.isEqual):
(WebInspector.LazySourceCodeLocation.prototype.get sourceCode):
(WebInspector.LazySourceCodeLocation.prototype.set sourceCode):
(WebInspector.LazySourceCodeLocation.prototype.get formattedLineNumber):
(WebInspector.LazySourceCodeLocation.prototype.get formattedColumnNumber):
(WebInspector.LazySourceCodeLocation.prototype.formattedPosition):
(WebInspector.LazySourceCodeLocation.prototype.hasFormattedLocation):
(WebInspector.LazySourceCodeLocation.prototype.hasDifferentDisplayLocation):
(WebInspector.LazySourceCodeLocation.prototype.resolveMappedLocation):
(WebInspector.LazySourceCodeLocation.prototype._lazyInitialization):
Only when display information is requested will we perform extra processing.
For basic information we do not need to check for formatted (pretty-printed) info.

  • UserInterface/Models/SourceCode.js:

(WebInspector.SourceCode.prototype.createLazySourceCodeLocation):
Provide an explict create function for lazy source codes.

  • UserInterface/Models/SourceCodeLocation.js:

(WebInspector.SourceCodeLocation.prototype.set sourceCode):
(WebInspector.SourceCodeLocation.prototype.get displaySourceCode):
(WebInspector.SourceCodeLocation.prototype.get displayLineNumber):
(WebInspector.SourceCodeLocation.prototype.get displayColumnNumber):
(WebInspector.SourceCodeLocation.prototype.hasMappedLocation):
(WebInspector.SourceCodeLocation.prototype.setSourceCode):
(WebInspector.SourceCodeLocation.prototype.resolveMappedLocation):
(WebInspector.SourceCodeLocation.prototype._makeChangeAndDispatchChangeEventIfNeeded):
(WebInspector.SourceCodeLocation.prototype._resolveMappedLocation): Deleted.
Include two protected functions which LazySourceCodeLocation overrides.

21:49 Changeset [171789] by dfarler@apple.com

Add knowledge of the iOS Simulator to webkitpy
http://bugs.webkit.org/show_bug.cgi?id=133963

Reviewed by Simon Fraser.

  • Scripts/webkitdirs.pm:

(argumentsForConfiguration): Add --ios-sim*

  • Scripts/webkitpy/layout_tests/run_webkit_tests.py:

--runtime and --device-type args added.

  • Scripts/webkitpy/port/base.py:
  • Scripts/webkitpy/port/driver.py: Add simulator driver.

(IOSSimulatorDriver): Added.

  • Scripts/webkitpy/port/factory.py: Add simulator platform.
  • Scripts/webkitpy/port/ios.py: Added.
21:26 Changeset [171788] by jinwoo7.song@samsung.com

[EFL] Do not initialize g_type system explicitly in the ewk_init()
https://bugs.webkit.org/show_bug.cgi?id=135407

Reviewed by Gyuyoung Kim.

EFL build requires glib version 2.38 but g_type_init() has been deprecated
since version 2.36. As the type system is initialized automatically since
version 2.36, we do not need to call g_type_init() in the ewk_init().

https://developer.gnome.org/gobject/unstable/gobject-Type-Information.html#g-type-init

  • UIProcess/API/efl/ewk_main.cpp:

(ewk_init):

21:17 Changeset [171787] by commit-queue@webkit.org

Web Inspector: Only compute full ProfileNode times if needed - Legacy Profiler
https://bugs.webkit.org/show_bug.cgi?id=135406

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-29
Reviewed by Timothy Hatcher.

Full ProfileNode times are only used by the Legacy Profiler. The new profile
information in the Scripts Timelines currently never uses the pass. We should
avoid calculating it if we never use it.

  • UserInterface/Models/ProfileNode.js:

(WebInspector.ProfileNode.prototype.get startTime):
(WebInspector.ProfileNode.prototype.get endTime):
(WebInspector.ProfileNode.prototype.get selfTime):
(WebInspector.ProfileNode.prototype.get totalTime):
(WebInspector.ProfileNode.prototype.establishRelationships):
(WebInspector.ProfileNode.prototype._computeTotalTimes):

21:00 Changeset [171786] by commit-queue@webkit.org

Web Inspector: Reduce forced layouts in TimelineOverview
https://bugs.webkit.org/show_bug.cgi?id=135405

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-29
Reviewed by Timothy Hatcher.

Remove another forced layout. The scroll container won't
change size unless the ContentView itself resized. Make the
distinction between a layout update due to a resize and
normal events (scale changes, etc) and only calculate
element sizes then.

  • UserInterface/Views/TimelineContentView.js:

(WebInspector.TimelineContentView.prototype.updateLayout):

  • UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):
(WebInspector.TimelineOverview.prototype.get visibleDuration):
(WebInspector.TimelineOverview.prototype.updateLayoutForResize):

20:51 Changeset [171785] by akling@apple.com

Crash when using 'em' units to specify font-size inside animation keyframe.
<https://webkit.org/b/135395>
<rdar://problem/17851910>

Source/WebCore:
We'd forgotten to initialize the "parent style" when resolving keyframe
styles, and this led to a crash in length conversion where the code
assumes a parent style will be present.

To keep this fix minimal, simply make the "parent style" a clone of the
base element style.

Reviewed by Simon Fraser.

Test: fast/animation/keyframe-with-font-size-in-em-units.html

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::styleForKeyframe):

LayoutTests:
Add a reduced test case to cover this bug.

Reviewed by Simon Fraser.

  • fast/animation/keyframe-with-font-size-in-em-units-expected.txt: Added.
  • fast/animation/keyframe-with-font-size-in-em-units.html: Added.
20:48 Changeset [171784] by burg@cs.washington.edu

Web Inspector: breakpoints are always speculatively resolved when restored from local storage
https://bugs.webkit.org/show_bug.cgi?id=135396

Reviewed by Timothy Hatcher.

A longstanding quirk/optimization in the frontend is that we immediately set a breakpoint
as resolved if the breakpoint was successfully set in the backend. This ensures that clicking in
the gutter immediately produces a resolved breakpoint with only one round-trip.

However, not all breakpoints should be speculatively resolved, because the corresponding resource
may not be loaded yet. This situation causes problems for code that assumes a resolved breakpoint
also has a valid sourceCodeLocation.sourceCode.

  • UserInterface/Controllers/DebuggerManager.js:

(WebInspector.DebuggerManager.restoreBreakpointsSoon): Don't leak the variable to global scope.
(WebInspector.DebuggerManager):
(WebInspector.DebuggerManager.prototype.speculativelyResolveBreakpoint):
(WebInspector.DebuggerManager.prototype.addBreakpoint): Speculatively resolve here if requested
using the success callback passed to _setBreakpoint.

(WebInspector.DebuggerManager.prototype.didSetBreakpoint): Emit simulated
Debugger.breakpointResolved events since they are only sent by the backend when a script is parsed.

(WebInspector.DebuggerManager.prototype._setBreakpoint):

  • UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor.prototype.textEditorBreakpointAdded): Request speculative resolve.

17:30 Changeset [171783] by commit-queue@webkit.org

Web Inspector: Eliminate more forced layouts during timeline recordings
https://bugs.webkit.org/show_bug.cgi?id=135397

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-29
Reviewed by Timothy Hatcher.

Instead of computing the secondsPerPixel in each overview graph,
we can ask the overview view itself which has a cached value.
The computation used to force a layout, now it doesn't need to.

  • UserInterface/Views/LayoutTimelineOverviewGraph.js:
  • UserInterface/Views/NetworkTimelineOverviewGraph.js:
  • UserInterface/Views/ScriptTimelineOverviewGraph.js:
  • UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):

  • UserInterface/Views/TimelineOverviewGraph.js:

(WebInspector.TimelineOverviewGraph):
(WebInspector.TimelineOverviewGraph.prototype.get timelineOverview):
(WebInspector.TimelineOverviewGraph.prototype.set timelineOverview):

17:17 Changeset [171782] by enrica@apple.com

REGRESSION [WebKit2 iOS]: Cannot add shortcut to user dictionary from non editable content.
https://bugs.webkit.org/show_bug.cgi?id=135392
<rdar://problem/17760073>

Reviewed by Benjamin Poulain.

Adding a shortcut to the user dictionary needs to be available in non editable content too.

  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _addShortcut:]):

17:15 Changeset [171781] by lforschler@apple.com

Versioning.

17:11 Changeset [171780] by lforschler@apple.com

New Tag.

16:23 Changeset [171779] by bshafiei@apple.com

Merged r171661. <rdar://problem/17315237>

16:16 Changeset [171778] by bshafiei@apple.com

Merged r171647. <rdar://problem/17315168>

16:08 Changeset [171777] by bshafiei@apple.com

Versioning.

16:05 Changeset [171776] by bshafiei@apple.com

New tag.

16:01 Changeset [171775] by timothy_horton@apple.com

WKPDFView paints rotated pages squished
https://bugs.webkit.org/show_bug.cgi?id=135401
<rdar://problem/17173916>

Reviewed by Simon Fraser.

  • UIProcess/ios/WKPDFView.mm:

(-[WKPDFView _computePageAndDocumentFrames]):
[page size] returns the crop box's size, ignoring rotation.
[page cropBoxAccountForRotation] respects rotation, but otherwise returns the same size.
UIPDFPageView will respect rotation when painting, so we
should make sure that it is given an aspect ratio that also
respects rotation, so that the page isn't squished.

15:52 Changeset [171774] by lforschler@apple.com

Versioning.

15:46 Changeset [171773] by matthew_hanson@apple.com

r171675. <rdar://problem/17826572>

15:41 Changeset [171772] by ap@apple.com

fast/borders/border-radius-on-subpixel-position-non-hidpi.html fails on Retina machines
https://bugs.webkit.org/show_bug.cgi?id=135398

Reviewed by Zalan Bujtas.

Tools:

  • WebKitTestRunner/TestController.cpp: (WTR::TestController::updateWindowScaleForTest):

"hidpi-" should be at the start. This allows "hidpi-" in both file and directory names.

  • DumpRenderTree/mac/DumpRenderTree.mm: (changeWindowScaleIfNeeded): Same fix.

For some reason, I wasn't seeing this test fail on WK1 even without the fix, not
sure why.

LayoutTests:

  • platform/mac-wk2/TestExpectations: Let's try to unskip the test, maybe this was

the actual reason for it to appear failing?

15:41 Changeset [171771] by lforschler@apple.com

New Tag.

15:40 Changeset [171770] by matthew_hanson@apple.com

Rollout r171702. <rdar://problem/16828238>

15:38 Changeset [171769] by matthew_hanson@apple.com

Rollout r171703. <rdar://problem/17833422>

15:35 Changeset [171768] by matthew_hanson@apple.com

Rollout r171708. <rdar://problem/17844894>

14:49 Changeset [171767] by mmirman@apple.com

[ftlopt] Added SkipTopScope coverage to FTL

14:41 Changeset [171766] by psolanki@apple.com

[iOS] REGRESSION(r171526): PDF documents fail to load in WebKit1 with disk image caching enabled
https://bugs.webkit.org/show_bug.cgi?id=135359
<rdar://problem/17824645>

Reviewed by Darin Adler.

r171526 broke the case where we have a memory mapped file from the DiskImageCache in the
SharedBuffer. In such a case, m_buffer is empty and createCFData() returned an
WebCoreSharedBufferData with an empty buffer.

Fix this by taking the easy route of bringing back the old code for the disk image cache
file backed case. In the long run we probably want to remove the iOS specific disk image
cache anyway.

Review also uncovered another bug in r171526 where we were balancing an Objective-C alloc
with a CFRelease which is incorrect when running under GC. Fix that by using adoptNS along
with adoptCF which is what the code did before.

No new tests because the bug only occurs on device and we can't run tests on device yet.

  • platform/mac/SharedBufferMac.mm:

(-[WebCoreSharedBufferData initWithDiskImageSharedBuffer:]):
(-[WebCoreSharedBufferData length]):
(-[WebCoreSharedBufferData bytes]):
(WebCore::SharedBuffer::createCFData):

14:25 Changeset [171765] by lforschler@apple.com

Merged r171748. <rdar://problem/17356958>

14:03 Changeset [171764] by matthew_hanson@apple.com

Merge r171711. <rdar://problem/17756281>

14:03 Changeset [171763] by mhahnenberg@apple.com

Support for-in in the FTL
https://bugs.webkit.org/show_bug.cgi?id=134140

Reviewed by Filip Pizlo.

  • dfg/DFGSSALoweringPhase.cpp:

(JSC::DFG::SSALoweringPhase::handleNode):

  • ftl/FTLAbstractHeapRepository.cpp:
  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLIntrinsicRepository.h:
  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileHasIndexedProperty):
(JSC::FTL::LowerDFGToLLVM::compileHasGenericProperty):
(JSC::FTL::LowerDFGToLLVM::compileHasStructureProperty):
(JSC::FTL::LowerDFGToLLVM::compileGetDirectPname):
(JSC::FTL::LowerDFGToLLVM::compileGetEnumerableLength):
(JSC::FTL::LowerDFGToLLVM::compileGetStructurePropertyEnumerator):
(JSC::FTL::LowerDFGToLLVM::compileGetGenericPropertyEnumerator):
(JSC::FTL::LowerDFGToLLVM::compileGetEnumeratorPname):
(JSC::FTL::LowerDFGToLLVM::compileToIndexString):

14:00 Changeset [171762] by matthew_hanson@apple.com

Merge r171709. rdar://problem/16988887>

13:59 Changeset [171761] by matthew_hanson@apple.com

Merge r171708. <rdar://problem/17844894>

13:57 Changeset [171760] by matthew_hanson@apple.com

Merge r171703. <rdar://problem/17833422>

13:56 Changeset [171759] by matthew_hanson@apple.com

Merge r171702. <rdar://problem/16828238>

13:54 Changeset [171758] by matthew_hanson@apple.com

Merge r171700. <rdar://problem/17844901>

13:36 Changeset [171757] by matthew_hanson@apple.com

Merge r171689. <rdar://problem/17844890>

13:33 Changeset [171756] by ap@apple.com

PPT: run-webkit-tests doesn't upload crash logs to bots
https://bugs.webkit.org/show_bug.cgi?id=135391

Reviewed by Joseph Pecoraro.

  • WebKitTestRunner/TestController.cpp: (WTR::TestController::processDidCrash):

Not a fix to be proud of, but better than not having it work at all.

13:32 Changeset [171755] by matthew_hanson@apple.com

Merge r171688. <rdar://problem/17364180>

13:26 Changeset [171754] by matthew_hanson@apple.com

Merge r171675. <rdar://problem/17826572>

13:08 Changeset [171753] by ossy@webkit.org

URTBF for !ENABLE(DATABASE_PROCESS) platforms.

  • WebProcess/OriginData/WebOriginDataManager.cpp:

(WebKit::WebOriginDataManager::getOrigins):
(WebKit::WebOriginDataManager::deleteEntriesForOrigin):
(WebKit::WebOriginDataManager::deleteEntriesModifiedBetweenDates):
(WebKit::WebOriginDataManager::deleteAllEntries):

12:34 Changeset [171752] by benjamin@webkit.org

VisitedLinkState::determineLinkState should take a reference
https://bugs.webkit.org/show_bug.cgi?id=135375

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-29
Reviewed by Sam Weinig.

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::State::initElement):

  • dom/VisitedLinkState.h:

(WebCore::VisitedLinkState::determineLinkState):

12:00 Changeset [171751] by matthew_hanson@apple.com

Versioning.

11:57 Changeset [171750] by matthew_hanson@apple.com

New Branch.

10:37 Changeset [171749] by beidson@apple.com

Make WKOriginDataManager actually operate on IndexedDatabases.
https://bugs.webkit.org/show_bug.cgi?id=135346

Reviewed by Sam Weinig (and David Kilzer and Alex Christensen)

Source/WebCore:

  • WebCore.exp.in:

Source/WebKit2:

  • DatabaseProcess/DatabaseProcess.cpp:

(WebKit::DatabaseProcess::DatabaseProcess):
(WebKit::DatabaseProcess::getIndexedDatabaseOrigins):
(WebKit::DatabaseProcess::doGetIndexedDatabaseOrigins):
(WebKit::removeAllDatabasesForOriginPath): Utility to delete all database files for the given origin path

that have been modified between the given dates.

(WebKit::DatabaseProcess::deleteIndexedDatabaseEntriesForOrigin):
(WebKit::DatabaseProcess::doDeleteIndexedDatabaseEntriesForOrigin):
(WebKit::DatabaseProcess::deleteIndexedDatabaseEntriesModifiedBetweenDates):
(WebKit::DatabaseProcess::doDeleteIndexedDatabaseEntriesModifiedBetweenDates):
(WebKit::DatabaseProcess::deleteAllIndexedDatabaseEntries):
(WebKit::DatabaseProcess::doDeleteAllIndexedDatabaseEntries):

  • DatabaseProcess/DatabaseProcess.h:
  • Shared/WebCrossThreadCopier.cpp:

(WebCore::SecurityOriginData>::copy):

  • Shared/WebCrossThreadCopier.h:
  • UIProcess/WebOriginDataManagerProxy.cpp:

(WebKit::WebOriginDataManagerProxy::getOrigins):
(WebKit::WebOriginDataManagerProxy::didGetOrigins):
(WebKit::WebOriginDataManagerProxy::deleteEntriesForOrigin):
(WebKit::WebOriginDataManagerProxy::deleteEntriesModifiedBetweenDates):
(WebKit::WebOriginDataManagerProxy::deleteAllEntries):

  • WebProcess/OriginData/WebOriginDataManager.cpp:

(WebKit::WebOriginDataManager::getOrigins): Pipe IDB requests through to the DatabaseProcess.
(WebKit::WebOriginDataManager::deleteEntriesForOrigin): Ditto.
(WebKit::WebOriginDataManager::deleteEntriesModifiedBetweenDates): Ditto.
(WebKit::WebOriginDataManager::deleteAllEntries): Ditto.

10:23 Changeset [171748] by commit-queue@webkit.org

Unreviewed, rolling out r171704.
https://bugs.webkit.org/show_bug.cgi?id=135389

Broke two IndexedDB tests (Requested by ap on #webkit).

Reverted changeset:

"IDB transactions never reset if the Web Process ends before
cleaning up"
https://bugs.webkit.org/show_bug.cgi?id=135218
http://trac.webkit.org/changeset/171704

09:40 Changeset [171747] by mitz@apple.com

Moved the Cocoa-specific parts of CredentialBase into a Cocoa-specific Credential class.
Work towards fixing https://bugs.webkit.org/show_bug.cgi?id=135327

Reviewed by Alexey Proskuryakov.

No change in functionality.

  • WebCore.exp.in: Updated for functions moved in the class hierarchy.
  • WebCore.xcodeproj/project.pbxproj: Added CredentialCocoa.{h,mm}.
  • platform/network/Credential.h: For Cocoa, include CredentialCocoa.h instead of the generic

class.
(WebCore::Credential::Credential): Removed #if CERTIFICATE_CREDENTIALS_SUPPORTED code.

  • platform/network/CredentialBase.cpp:

(WebCore::CredentialBase::CredentialBase): Changed to use emptyString instead of "", removed
#if CERTIFICATE_CREDENTIALS_SUPPORTED code.
(WebCore::CredentialBase::isEmpty): Ditto.
(WebCore::CredentialBase::compare): Renamed operator== to this, removed
#if CERTIFICATE_CREDENTIALS_SUPPORTED code, but changed the end to call platformCompare.
(WebCore::CredentialBase::identity): Deleted.
(WebCore::CredentialBase::certificates): Deleted.
(WebCore::CredentialBase::type): Deleted.

  • platform/network/CredentialBase.h: Removed #if CERTIFICATE_CREDENTIALS_SUPPORTED members.

(WebCore::CredentialBase::platformCompare): Added a base implementation that returns true.
(WebCore::operator==): Changed to use CredentialBase::compare.

  • platform/network/cocoa/CredentialCocoa.h: Added.

(WebCore::Credential::Credential):

  • platform/network/cocoa/CredentialCocoa.mm: Added.

(WebCore::Credential::Credential): Moved the constructor that takes an identity and
certificates here.
(WebCore::Credential::isEmpty): Moved here.
(WebCore::Credential::identity): Ditto.
(WebCore::Credential::certificates): Ditto.
(WebCore::Credential::type): Ditto.
(WebCore::Credential::platformCompare): Moved the code that compares client-certificate
credentials here.

  • platform/network/mac/AuthenticationMac.mm:

(WebCore::mac): Removed #if CERTIFICATE_CREDENTIALS_SUPPORTED guards in this Cocoa-only
file.
(WebCore::core): Ditto.

08:47 Changeset [171746] by dbates@webkit.org

Use WTF::move() instead of std::move() to help ensure move semantics
https://bugs.webkit.org/show_bug.cgi?id=135351

Reviewed by Alexey Proskuryakov.

Source/JavaScriptCore:

  • bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeForStubInfo):

  • bytecode/GetByIdVariant.cpp:

(JSC::GetByIdVariant::GetByIdVariant):

Source/WebCore:

  • page/CaptionUserPreferences.cpp:

(WebCore::CaptionUserPreferences::updateCaptionStyleSheetOveride):

Source/WebKit2:

  • UIProcess/API/Cocoa/_WKSessionState.mm:

(-[_WKSessionState _initWithSessionState:]):

  • UIProcess/API/gtk/WebKitUserContent.cpp:

(toStringVector): Remove use of std::move(). It's unnecessary to call std::move() on an rvalue.

  • WebProcess/WebPage/mac/ServicesOverlayController.mm:

(WebKit::ServicesOverlayController::mouseEvent):

Source/WTF:

  • wtf/HashTable.h:

(WTF::KeyTraits>::HashTable):

08:11 Changeset [171745] by mihnea@adobe.com

[CSSRegions] Assertion failure hit testing a region-based multicolumn in a region
https://bugs.webkit.org/show_bug.cgi?id=135385

Reviewed by Andrei Bucur.

Source/WebCore:
When a region-based multicolumn element is displayed and hit tested in a region,
we have to disable the named flow region information not only for painting,
but also for hit-testing. This is a follow-up for https://bugs.webkit.org/show_bug.cgi?id=132121,
which provided the fix for painting.

Test: fast/regions/assert-hit-test-multicol-in-region.html

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::hitTestLayer):

LayoutTests:

  • fast/regions/assert-hit-test-multicol-in-region-expected.txt: Added.
  • fast/regions/assert-hit-test-multicol-in-region.html: Added.
07:51 Changeset [171744] by zalan@apple.com

Cleanup RenderSelectionInfoBase/RenderSelectionInfo/RenderBlockSelectionInfo.
https://bugs.webkit.org/show_bug.cgi?id=135326

Reviewed by Darin Adler.

  1. Move implementation to RenderSelectInfo.cpp
  2. RenderSelectionInfoBase/RenderSelectionInfo/RenderBlockSelectionInfo take Render* reference.
  3. Remove unused functions.
  4. Add RenderSelectionInfoBase::repaintRectangle()

No change in behavior.

  • WebCore.xcodeproj/project.pbxproj:
  • rendering/RenderSelectionInfo.cpp: Added.

(WebCore::RenderSelectionInfoBase::RenderSelectionInfoBase):
(WebCore::RenderSelectionInfoBase::repaintRectangle):
(WebCore::RenderSelectionInfo::RenderSelectionInfo):
(WebCore::RenderSelectionInfo::repaint):
(WebCore::RenderBlockSelectionInfo::RenderBlockSelectionInfo):
(WebCore::RenderBlockSelectionInfo::repaint):

  • rendering/RenderSelectionInfo.h:

(WebCore::RenderSelectionInfo::collectedSelectionRects):
(WebCore::RenderSelectionInfoBase::RenderSelectionInfoBase): Deleted.
(WebCore::RenderSelectionInfoBase::object): Deleted.
(WebCore::RenderSelectionInfo::RenderSelectionInfo): Deleted.
(WebCore::RenderSelectionInfo::repaint): Deleted.
(WebCore::RenderSelectionInfo::rects): Deleted.
(WebCore::RenderBlockSelectionInfo::RenderBlockSelectionInfo): Deleted.
(WebCore::RenderBlockSelectionInfo::repaint): Deleted.
(WebCore::RenderBlockSelectionInfo::block): Deleted.

  • rendering/RenderView.cpp:

(WebCore::RenderView::subtreeSelectionBounds):
(WebCore::RenderView::repaintSubtreeSelection):
(WebCore::RenderView::clearSubtreeSelection):
(WebCore::RenderView::applySubtreeSelection):

07:35 Changeset [171743] by psolanki@apple.com

Get SharedBuffer.h out of ResourceBuffer.h (and a few other places)
https://bugs.webkit.org/show_bug.cgi?id=131782

Original patch by Tim Horton.
Reviewed by Darin Adler.

Source/WebCore:
No new tests because no functional changes.

  • Modules/indexeddb/IDBCallbacks.h:
  • Modules/indexeddb/IDBCursorBackend.h:
  • loader/ios/DiskImageCacheIOS.h:

Forward declare SharedBuffer in headers.

  • Modules/indexeddb/IDBRequest.cpp:
  • loader/cache/CachedImage.cpp:
  • loader/icon/IconLoader.cpp:
  • loader/ios/DiskImageCacheIOS.mm:
  • loader/cache/MemoryCache.cpp:
  • loader/mac/ResourceBuffer.mm:

Include SharedBuffer.h in implementation files.

  • Modules/notifications/Notification.h:
  • loader/appcache/ApplicationCacheGroup.h:

Remove unnecessary includes.

  • loader/ResourceBuffer.cpp:

(WebCore::ResourceBuffer::adoptSharedBuffer):

  • loader/ResourceBuffer.h:

Out-of-line adoptSharedBuffer so that the PassRefPtr doesn't require including SharedBuffer.h.

  • platform/graphics/opentype/OpenTypeMathData.cpp:
  • platform/graphics/opentype/OpenTypeMathData.h:

Out-of-line destructor to avoid requiring SharedBuffer.h for the RefPtr.
Forward-declare SharedBuffer in the header, include in implementation.

Source/WebKit2:

  • NetworkProcess/NetworkResourceLoader.cpp:
  • WebProcess/Network/NetworkProcessConnection.cpp:

Include SharedBuffer.h in implementation files.

  • WebProcess/InjectedBundle/InjectedBundlePageEditorClient.h:

Un-indent namespace and remove SharedBuffer forward-declaration.

05:42 Changeset [171742] by commit-queue@webkit.org

[GTK] Remove WebKitWebViewGroup from WebKit2 GTK+ API
https://bugs.webkit.org/show_bug.cgi?id=133729

Patch by Adrian Perez de Castro <aperez@igalia.com> on 2014-07-29
Reviewed by Carlos Garcia Campos.

Removes WebKitWebViewGroup, effectively reverting the changes
introduced by r149117. The motivation for WebKitWebViewGroup
was using the user style sheet injection API, which has been
moved into WebKitUserContentManager, rendering it unneeded.

Source/WebKit2:

  • PlatformGTK.cmake: Remove WebKitWebViewGroup source files

from the build.

  • UIProcess/API/C/gtk/WKView.cpp:

(WKViewCreate): Accomodate for changes in the signature of
webkitWebViewBaseCreate().

  • UIProcess/API/gtk/WebKitSettings.cpp: Update API documentation.
  • UIProcess/API/gtk/WebKitWebContext.cpp: Remove the default web

view group from WebKitWebContext.
(webkitWebContextCreatePageForWebView): Allow passing a
WebPreferences object at construction.
(webkitWebContextGetDefaultWebViewGroup): Deleted.

  • UIProcess/API/gtk/WebKitWebContextPrivate.h: Ditto.
  • UIProcess/API/gtk/WebKitWebView.cpp:

(webkitWebViewUpdateSettings): Use WebPageProxy::setPreferences()
directly. Handle the case when webkit_web_view_set_settings()
is called on construction by doing an early-return.
(webkitWebViewConstructed): Call webkitWebViewUpdateSettings()
after creating the internal WebPageProxy object.
(webkitWebViewSetProperty): Removed "group" property, added
"settings" property.
(webkitWebViewGetProperty): Ditto.
(webkitWebViewDispose): Do not disconnect signal handler for
the (now unexistant) WebKitWebViewGroup.
(webkit_web_view_class_init): Removed "group" property, added
"settings" property.
(webkitWebViewHandleAuthenticationChallenge): Access the
WebKitWebSettings directly.
(webkit_web_view_new_with_related_view): Make new views share
settings with their related view.
(webkit_web_view_new_with_settings): Added.
(webkit_web_view_set_settings): Access the settings directly in
the WebKitWebView.
(webkit_web_view_get_settings): Ditto.
(webkit_web_view_set_zoom_level): Ditto.
(webkit_web_view_get_zoom_level): Ditto.
(webkitWebViewSettingsChanged): Deleted.
(webkitWebViewDisconnectSettingsChangedSignalHandler): Deleted.
(webkit_web_view_new_with_group): Deleted.
(webkit_web_view_get_group): Deleted.

  • UIProcess/API/gtk/WebKitWebView.h: Removed API methods related

to WebKitWebViewGroup.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseCreate): Allow passing a WebPreferences object
for constructing the WebPageProxy.
(webkitWebViewBaseUpdatePreferences): Instead of going through
the page group, use WebPageProxy::preferences() directly.
(webkitWebViewBaseCreateWebPage): Allow passing a WebPreferences
object for constructing the WebPageProxy.

  • UIProcess/API/gtk/WebKitWebViewBasePrivate.h: Update the

prototypes of the internal functions.

  • UIProcess/API/gtk/WebKitWebViewGroup.cpp: Removed.
  • UIProcess/API/gtk/WebKitWebViewGroup.h: Removed.
  • UIProcess/API/gtk/WebKitWebViewGroupPrivate.h: Removed.
  • UIProcess/API/gtk/docs/webkit2gtk-docs.sgml: Change public API

bits in the documentation.

  • UIProcess/API/gtk/docs/webkit2gtk-sections.txt: Ditto.
  • UIProcess/API/gtk/docs/webkit2gtk.types: Ditto.
  • UIProcess/API/gtk/webkit2.h: Removed WebKitWebViewGroup.h header.
  • UIProcess/gtk/WebInspectorProxyGtk.cpp:

(WebKit::WebInspectorProxy::platformCreateInspectorPage):
Accomodate for changes in the signature of
webkitWebViewBaseCreate().

Tools:

  • TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt: Remove tests

for WebKitWebViewGroup.

  • TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitWebView.cpp:

(testWebViewSettings):
Restore the assertions that check that settings objects are
released. Add test for webkit_web_view_new_with_settings().

  • TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitWebViewGroup.cpp: Removed.
04:41 Changeset [171741] by commit-queue@webkit.org

[EFL][GTK] Remove ACCELERATED_COMPOSITING compile flag
https://bugs.webkit.org/show_bug.cgi?id=135376

Patch by Hunseop Jeong <hs85.jeong@samsung.com> on 2014-07-29
Reviewed by Gyuyoung Kim.

ACCELERATED_COMPOSITING was changed to the mandatory code after r163079.

  • Source/cmake/OptionsEfl.cmake:
  • Source/cmake/OptionsGTK.cmake:
04:35 Changeset [171740] by carlosgc@webkit.org

Implement webkit_web_view_load_string() in WebKit2
https://bugs.webkit.org/show_bug.cgi?id=134735

Reviewed by Sergio Villar Senin.

Source/WebKit2:
Add webkit_web_view_load_bytes() that receives a GBytes to load
random data in the web view using the given MIME-Type, encoding
and base URL.

  • UIProcess/API/gtk/WebKitWebView.cpp:

(releaseGBytes):
(webkit_web_view_load_bytes):

  • UIProcess/API/gtk/WebKitWebView.h:
  • UIProcess/API/gtk/docs/webkit2gtk-docs.sgml:
  • UIProcess/API/gtk/docs/webkit2gtk-sections.txt:

Tools:
Add /webkit2/WebKitWebView/load-bytes test case and simplify
TestDOMXPathNSResolver by using webkit_web_view_load_bytes()
instead of a soup server just to sent the Content-type header.

  • TestWebKitAPI/Tests/WebKit2Gtk/TestDOMXPathNSResolver.cpp:

(testWebKitDOMXPathNSResolverNative):
(testWebKitDOMXPathNSResolverCustom):
(beforeAll):
(afterAll):
(serverCallback): Deleted.

  • TestWebKitAPI/Tests/WebKit2Gtk/TestLoaderClient.cpp:

(testLoadBytes):
(beforeAll):

  • TestWebKitAPI/gtk/WebKit2Gtk/LoadTrackingTest.cpp:

(LoadTrackingTest::loadBytes):

  • TestWebKitAPI/gtk/WebKit2Gtk/LoadTrackingTest.h:
  • TestWebKitAPI/gtk/WebKit2Gtk/WebViewTest.cpp:

(WebViewTest::loadBytes):

  • TestWebKitAPI/gtk/WebKit2Gtk/WebViewTest.h:
01:52 Changeset [171739] by lforschler@apple.com

Merged r171721. <rdar://problem/17836658>

01:50 Changeset [171738] by lforschler@apple.com

Merged r171720. <rdar://problem/17838230>

01:49 Changeset [171737] by lforschler@apple.com

Merged r171716. <rdar://problem/17835401>

01:47 Changeset [171736] by lforschler@apple.com

Merged r171711. <rdar://problem/17756281>

01:45 Changeset [171735] by lforschler@apple.com

Merged r171709. <rdar://problem/16988887>

01:41 Changeset [171734] by lforschler@apple.com

Merged r171708. <rdar://problem/17768371>

01:38 Changeset [171733] by lforschler@apple.com

Merged r171706. <rdar://problem/17295639>

01:36 Changeset [171732] by lforschler@apple.com

Merged r171704. <rdar://problem/17356958>

01:34 Changeset [171731] by lforschler@apple.com

Merged r171703. <rdar://problem/17833422>

01:32 Changeset [171730] by lforschler@apple.com

Merged r171702. <rdar://problem/16828238>

01:29 Changeset [171729] by lforschler@apple.com

Merged r171700. <rdar://problem/15317278>

01:27 Changeset [171728] by lforschler@apple.com

Merged r171689. <rdar://problem/17509889>

01:23 Changeset [171727] by lforschler@apple.com

Merged r171688. <rdar://problem/17364180>

01:18 Changeset [171726] by lforschler@apple.com

Merged r171675. <rdar://problem/17826572>

01:12 Changeset [171725] by zandobersek@gmail.com

[TexMap] GraphicsLayerTextureMapper::addAnimation() box size parameter should be FloatSize
https://bugs.webkit.org/show_bug.cgi?id=135237

Reviewed by Martin Robinson.

  • platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:

(WebCore::GraphicsLayerTextureMapper::addAnimation):

  • platform/graphics/texmap/GraphicsLayerTextureMapper.h: The boxSize parameter of the

addAnimation() method must be of the same type as the parameter in the base class
declaration -- a const FloatSize reference. Only then is the base virtual method
actually overriden.

00:52 Changeset [171724] by ryuan.choi@samsung.com

[EFL] Alpha value of ewk_view_bg_color_set is not working
https://bugs.webkit.org/show_bug.cgi?id=135333

Reviewed by Gyuyoung Kim.

evas_object_image_alpha_set should be called for the transparent evas object.

  • UIProcess/API/efl/EwkView.cpp:

(EwkView::handleEvasObjectColorSet):
(EwkView::setBackgroundColor): Checked the alpha value of object and called evas_object_image_alpha_set.

  • UIProcess/API/efl/EwkView.h:
  • UIProcess/API/efl/ewk_view.cpp:

(ewk_view_bg_color_set): Moved the logic to EwkView.

07/28/14:

23:57 Changeset [171723] by mitz@apple.com

iOS build fix.

  • WebCore.exp.in:
21:22 Changeset [171722] by mitz@apple.com

Introduced CredentialBase and made Credential derive from it
Work towards fixing https://bugs.webkit.org/show_bug.cgi?id=135327

Reviewed by Darin Adler.

No change in functionality.

  • CMakeLists.txt: Updated for source file rename.
  • WebCore.exp.in: Changed to export CredentialBase symbols.
  • WebCore.vcxproj/WebCore.vcxproj: Updated for source file rename and new header.
  • WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
  • WebCore.xcodeproj/project.pbxproj: Ditto.
  • platform/network/Credential.cpp: Renamed to CredentialBase.cpp.
  • platform/network/Credential.h: Defined Credential to derive from CredentialBase.
  • platform/network/CredentialBase.cpp: Renamed Credential.cpp to this. Updated for the new

name.

  • platform/network/CredentialBase.h: Copied from Credential.h, renamed the class to

CredentialBase, and made the constructors protected.

21:17 Changeset [171721] by commit-queue@webkit.org

Web Inspector: Incorrectly sized TimelineDataGrid event bubble
https://bugs.webkit.org/show_bug.cgi?id=135371

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-28
Reviewed by Timothy Hatcher.

Previously the secondsPerPixel calculation was relying on an element
that may not be sized yet. This was resulting in a visibleWidth of 0
and resulted in secondsPerPixel being Infinity. Fortunately, the
graph data source already knows the secondsPerPixel so we can just
ask it. Getting the correct value and eliminating forced layouts.

  • UserInterface/Views/OverviewTimelineView.js:

(WebInspector.OverviewTimelineView.prototype.get secondsPerPixel):

  • UserInterface/Views/TimelineDataGridNode.js:
21:14 Changeset [171720] by commit-queue@webkit.org

Web Inspector: Reduce work creating the initial WebInspector.TimelineRecordBar
https://bugs.webkit.org/show_bug.cgi?id=135373

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-28
Reviewed by Timothy Hatcher.

Eliminate a bit of extra work creating TimelineRecordBars. Previously
the constructor would setup an empty list of records, and then we would
immediately after replace them. Now just set them in the constructor.

  • UserInterface/Views/LayoutTimelineOverviewGraph.js:

(WebInspector.LayoutTimelineOverviewGraph.prototype.updateLayout.createBar):
(WebInspector.LayoutTimelineOverviewGraph.prototype.updateLayout):

  • UserInterface/Views/NetworkTimelineOverviewGraph.js:

(WebInspector.NetworkTimelineOverviewGraph.prototype.updateLayout.createBar):
(WebInspector.NetworkTimelineOverviewGraph.prototype.updateLayout):

  • UserInterface/Views/ScriptTimelineOverviewGraph.js:

(WebInspector.ScriptTimelineOverviewGraph.prototype.updateLayout.createBar):
(WebInspector.ScriptTimelineOverviewGraph.prototype.updateLayout):

  • UserInterface/Views/TimelineDataGridNode.js:

(WebInspector.TimelineDataGridNode.prototype.refreshGraph.createBar):

19:11 Changeset [171719] by tgergely.u-szeged@partner.samsung.com

BuildFix: JavaScriptCore/bytecode/StructureSet.h:262:77: warning.
https://bugs.webkit.org/show_bug.cgi?id=135287

Reviewed by Darin Adler.

The set() method tries to use a part of the old value (the reservedFlag bit) which
was not defined when the constructor is called. Initialize m_pointer to 0 explicitely.

  • bytecode/StructureSet.h:

(JSC::StructureSet::StructureSet):

18:45 Changeset [171718] by zalan@apple.com

REGRESSION(r164133): Selection disappears after scrolling on nytimes.com
https://bugs.webkit.org/show_bug.cgi?id=135361

Reviewed by Ryosuke Niwa.

Ensure that when a RenderElement, part of the current selection is removed,
we recalculate and update the selection soon after layout.

Source/WebCore:
Test: fast/dynamic/selection-gets-cleared-when-part-of-it-gets-removed.html

  • editing/FrameSelection.cpp:

(WebCore::FrameSelection::setNeedsSelectionUpdate):
(WebCore::FrameSelection::didLayout): didLayout name reflects its functionality better.
(WebCore::FrameSelection::layoutDidChange): Deleted.

  • editing/FrameSelection.h: : move some functions to private.
  • page/FrameView.cpp:

(WebCore::FrameView::performPostLayoutTasks):

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::willBeDestroyed):

  • rendering/RenderElement.cpp:

(WebCore::RenderElement::removeChildInternal):

  • rendering/RenderInline.cpp:

(WebCore::RenderInline::willBeDestroyed):

LayoutTests:

  • fast/dynamic/selection-gets-cleared-when-part-of-it-gets-removed-expected.html: Added.
  • fast/dynamic/selection-gets-cleared-when-part-of-it-gets-removed.html: Added.
18:03 Changeset [171717] by matthew_hanson@apple.com

Versioning.

17:58 Changeset [171716] by timothy@apple.com

Web Inspector: Unexpected dark border on selected but window inactive timeline
https://bugs.webkit.org/show_bug.cgi?id=135360

Update the border-top colors for the item adjacent to the selected item.

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/TimelineSidebarPanel.css:

(.sidebar > .panel.navigation.timeline > .timelines-content li.item.selected + li.item):
(.sidebar > .panel.navigation.timeline > .timelines-content :focus li.item.selected + li.item):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .timelines-content li.item.selected + li.item):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .timelines-content :focus li.item.selected + li.item):

17:56 Changeset [171715] by mrowe@apple.com

Web process crash causes UI process to die with an assertion failure in Connection::exceptionSourceEventHandler
https://bugs.webkit.org/show_bug.cgi?id=135366

Reviewed by Dan Bernstein.

  • Platform/IPC/mac/ConnectionMac.mm:

(IPC::Connection::exceptionSourceEventHandler): Remove the assertion since it frequently fires during
normal development with debug builds.

17:51 Changeset [171714] by matthew_hanson@apple.com

Versioning.

17:11 Changeset [171713] by matthew_hanson@apple.com

Merge r171635. <rdar://problem/17782407>

17:02 Changeset [171712] by matthew_hanson@apple.com

New Tag.

16:57 Changeset [171711] by dino@apple.com

[Media iOS] Touching play button feels unresponsive
https://bugs.webkit.org/show_bug.cgi?id=135370
<rdar://problem/17756281>

Reviewed by Simon Fraser.

Add an :active rule that shows a slightly darker button when touched.

  • Modules/mediacontrols/mediaControlsiOS.css:

(audio::-webkit-media-controls-start-playback-button:active):

16:52 Changeset [171710] by commit-queue@webkit.org

Web Inspector: Disable Copy Row in Timelines DataGrids, it does not currently provide value
https://bugs.webkit.org/show_bug.cgi?id=135364

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-28
Reviewed by Timothy Hatcher.

  • UserInterface/Views/DataGrid.js:

(WebInspector.DataGridNode):
(WebInspector.DataGridNode.prototype.get copyable):
(WebInspector.DataGridNode.prototype.set copyable):

  • UserInterface/Views/TimelineDataGridNode.js:

(WebInspector.TimelineDataGridNode):

16:47 Changeset [171709] by benjamin@webkit.org

[iOS WK2] WKWebView sometime tries to change the size of a null DrawingAreaProxy
https://bugs.webkit.org/show_bug.cgi?id=135368
<rdar://problem/16988887>

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-28
Reviewed by Simon Fraser.

We should never assume DrawingAreaProxy exists in the API invoked by the clients
of WKWebView. There are at least two cases where the DrawingAreaProxy is null:
-In some path on initialization.
-After a crash.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _frameOrBoundsChanged]):
(-[WKWebView _beginAnimatedResizeWithUpdates:]):
We can safely null check and skip setting the size. If the call was skipped,
the size is set on DrawingAreaProxy initialization by querying the current
size through the page client.

16:14 Changeset [171708] by beidson@apple.com

REGRESSION(168376): Standalone images pasted to Outlook 2011 don't display
<rdar://problem/17768371> and https://bugs.webkit.org/show_bug.cgi?id=135363

Reviewed by Tim Horton.

Outlook isn’t prepared to handle the resource load callbacks when sent synchronously.

r168376 was an optimization that we no longer need, so the simplest fix is to roll it out.

  • editing/mac/EditorMac.mm:

(WebCore::Editor::WebContentReader::readImage):

  • loader/archive/ArchiveResource.cpp:

(WebCore::ArchiveResource::ArchiveResource):

  • loader/archive/ArchiveResource.h:

(WebCore::ArchiveResource::setShouldLoadImmediately): Deleted.
(WebCore::ArchiveResource::shouldLoadImmediately): Deleted.

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):

15:47 Changeset [171707] by matthew_hanson@apple.com

New Tag.

15:32 Changeset [171706] by roger_fong@apple.com

Disable tagged strings for the plugin process.
https://bugs.webkit.org/show_bug.cgi?id=135354
<rdar://problem/17295639>.

Patch by Alexey Proskuryakov and Roger Fong.

Reviewed by Anders Carlsson.

  • PluginProcess/EntryPoint/mac/XPCService/PluginService.32-64.Info.plist:
  • UIProcess/Launcher/mac/ProcessLauncherMac.mm:

(WebKit::connectToReExecService):

15:29 Changeset [171705] by benjamin@webkit.org

[JSC] JIT::assertStackPointerOffset() crashes on ARM64
https://bugs.webkit.org/show_bug.cgi?id=135316

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-07-28
Reviewed by Geoffrey Garen.

JIT::assertStackPointerOffset() does a compare between an arbitrary register
and the stack pointer. This was not supported by the ARM64 assembler.

There are no variation that can take a stack pointer for Xd. There is one version of subs
that can take a stack pointer, but only for the Xn: the shift+extend one.
To solve the problem, I changed cmp to swap the registers if necessary, and I fixed
the implementation of sub.

  • assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::sub):
In the generic sub(reg, reg), I added assertions to catch the condition that cannot be generated
with either version of sub.

In sub(with shift), I remove the weird special case for SP. First, it was quite misleading because
the Rd case only works if "setflag == false". The other confusing part is going to addSubtractShiftedRegister()
gives you a reduce shift range, which could create subtle bug that only appear when SP is used.

Since I removed the weird case, I need to differentiate between the sub() that support SP, and the one that does
not elsewhere. That is why that branch has moved to the generic sub(reg, reg). Since at that point we know
the shift value must be zero, it is safe to call either variant.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::branch64):
With the changes described above, we can now use SP for the left register. What do we do if the rightmost
register is SP?

For the case of JIT::assertStackPointerOffset(), the comparison is Equal so the order really does not matter,
we just switch the registers before generating the instruction.

For the generic case, just move the value of SP to a GPR before doing the CMP.

15:26 Changeset [171704] by jpfau@apple.com

IDB transactions never reset if the Web Process ends before cleaning up
https://bugs.webkit.org/show_bug.cgi?id=135218

Reviewed by Darin Adler.

  • DatabaseProcess/DatabaseToWebProcessConnection.cpp:

(WebKit::DatabaseToWebProcessConnection::didClose):

  • DatabaseProcess/IndexedDB/UniqueIDBDatabase.cpp:

(WebKit::UniqueIDBDatabase::unregisterConnection):
(WebKit::UniqueIDBDatabase::didCompleteTransactionOperation):
(WebKit::UniqueIDBDatabase::openBackingStoreTransaction):
(WebKit::UniqueIDBDatabase::resetBackingStoreTransaction):
(WebKit::UniqueIDBDatabase::didEstablishTransaction):
(WebKit::UniqueIDBDatabase::didResetTransaction):
(WebKit::UniqueIDBDatabase::resetAllTransactions):
(WebKit::UniqueIDBDatabase::finalizeRollback):
(WebKit::UniqueIDBDatabase::absoluteDatabaseDirectory):

  • DatabaseProcess/IndexedDB/UniqueIDBDatabase.h:
  • DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.cpp:

(WebKit::UniqueIDBDatabaseBackingStoreSQLite::rollbackTransaction):

15:19 Changeset [171703] by mhahnenberg@apple.com

ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock()
https://bugs.webkit.org/show_bug.cgi?id=135352

Reviewed by Oliver Hunt.

  • Modules/plugins/QuickTimePluginReplacement.mm:

(WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected): This should be taking a
JSLock like its sibling methods do (e.g. installReplacement).

15:18 Changeset [171702] by antti@apple.com

<embed> videos flashes constantly while playing inline on iPad, making it unwatchable
https://bugs.webkit.org/show_bug.cgi?id=135356
<rdar://problem/16828238>

Reviewed by Simon Fraser.

The shadow tree for media controls is scheduling style recalc. The general silliness of
HTMLPlugInImageElement::willRecalcStyle/willDetachRenderers is turning those into render
tree reconstructions causing flicker.

  • html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::willRecalcStyle):

Don't do the forced renderer reconstruction if there is no style change for the element
or its ancestors. This way recalcs scheduled by the shadow tree don't trigger the widget
update code path.

14:58 Changeset [171701] by bfulgham@apple.com

[Mac, iOS] Paint-on closed captions get out-of-order in Safari
https://bugs.webkit.org/show_bug.cgi?id=135332
<rdar://problem/15317278>

Reviewed by Jer Noble.

  • html/shadow/MediaControlElements.cpp:

(WebCore::MediaControlTextTrackContainerElement::updateDisplay): If the
number of active cues is greater than the current set of CSS boxes representing
the cues, throw away the CSS boxes and re-layout all the cues.

  • html/track/InbandGenericTextTrack.cpp:

(WebCore::InbandGenericTextTrack::addGenericCue): Add some logging.
(WebCore::InbandGenericTextTrack::removeGenericCue): Ditto.

  • html/track/TextTrackCueGeneric.cpp:

(WebCore::TextTrackCueGeneric::isOrderedBefore): Revise ordering rules so that we put
newer cues earlier in the layout order so they are drawn towards the bottom
of the screen. Only do this for Generic captions.

  • platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:

(WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Adjust logging
messages.
(WebCore::InbandTextTrackPrivateAVF::removeCompletedCues): Add logging.

14:58 Changeset [171700] by bfulgham@apple.com

[Mac, iOS] Paint-on closed captions get out-of-order in Safari
https://bugs.webkit.org/show_bug.cgi?id=135332
<rdar://problem/15317278>

Reviewed by Brent Fulgham.

  • html/shadow/MediaControlElements.cpp:

(WebCore::MediaControlTextTrackContainerElement::updateDisplay): If the
number of active cues is greater than the current set of CSS boxes representing
the cues, throw away the CSS boxes and re-layout all the cues.

  • html/track/InbandGenericTextTrack.cpp:

(WebCore::InbandGenericTextTrack::addGenericCue): Add some logging.
(WebCore::InbandGenericTextTrack::removeGenericCue): Ditto.

  • html/track/TextTrackCueGeneric.cpp:

(WebCore::TextTrackCueGeneric::isOrderedBefore): Revise ordering rules so that we put
newer cues earlier in the layout order so they are drawn towards the bottom
of the screen. Only do this for Generic captions.

  • platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:

(WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Adjust logging
messages.
(WebCore::InbandTextTrackPrivateAVF::removeCompletedCues): Add logging.

14:55 Changeset [171699] by matthew_hanson@apple.com

Merge r171680. <rdar://problem/17830040>

14:50 Changeset [171698] by matthew_hanson@apple.com

New tag.

14:48 Changeset [171697] by matthew_hanson@apple.com

Merge r171680. <rdar://problem/17834136>

14:47 Changeset [171696] by burg@cs.washington.edu

Should not export symbols for base64Encode inline adapter methods
https://bugs.webkit.org/show_bug.cgi?id=135355

Unreviewed build fix.

Fixes the build break introduced by r171682, where a base64Encode
inline adapter method was used in another header, thus creating
multiple definitions of it (and problems with with weak symbols).

  • wtf/text/Base64.h: Remove WTF_EXPORT_PRIVATE for inlined methods.
14:47 Changeset [171695] by andersca@apple.com

Update test expectations.

  • platform/mac/TestExpectations:
14:07 Changeset [171694] by burg@cs.washington.edu

Unreviewed build fix after r171682.

  • replay/EncodedValue.h: Don't mark the inlined Vector<char> specialization

as an exported symbol.

13:48 Changeset [171693] by dbates@webkit.org

Add support for running the Clang static analyzer when building WebKit and JSC
https://bugs.webkit.org/show_bug.cgi?id=134955

Reviewed by Brent Fulgham.

  • Scripts/build-jsc: Added command line options -[no]-analyze (disabled by default).
  • Scripts/build-webkit: Add --analyze command line option to build-webkit to enable

running the Clang static analyzer.

  • Scripts/webkitdirs.pm:

(XcodeStaticAnalyzerOption): Added.

13:44 Changeset [171692] by akling@apple.com

REGRESSION (r160806): CSS zoom property doesn't work on anything inside anchors.
<https://webkit.org/b/135344>
<rdar://problem/17759577>

Source/WebCore:
When DeprecatedStyleBuilder applies the CSS zoom property (ApplyPropertyZoom)
it first resets the "effective zoom" by calling RenderStyle::setEffectiveZoom().

This mechanism was not resistent to being called multiple times, due to the
optimization in RenderStyle::setZoom() to avoid copy-on-writing the shared data
when setting some property to the already-set value.

The bug would happen in this sequence:

ApplyPropertyZoom:

  • setEffectiveZoom(1);
  • setZoom(2); this updates the effective zoom

ApplyPropertyZoom:

  • setEffectiveZoom(1);
  • setZoom(2); this doesn't update the effective zoom

When we run the second setZoom(2); call, the RenderStyle's zoom value is 2
already and we'll early return without updating the effective zoom.

This change moves the updating of the effective zoom in setZoom() to take place
before the early return due to overwriting with the same value.

Note: the fact that we're apply the zoom property twice is an inefficiency that
we should figure out a way to avoid in the future.

Reviewed by Simon Fraser.

Test: fast/css/zoom-inside-link.html

  • rendering/style/RenderStyle.h:

(WebCore::RenderStyle::setZoom):

LayoutTests:
Reviewed by Simon Fraser.

  • fast/css/zoom-inside-link-expected.html: Added.
  • fast/css/zoom-inside-link.html: Added.
13:43 Changeset [171691] by mhahnenberg@apple.com

REGRESSION: JSObjectSetPrototype() does not work on result of JSGetGlobalObject()
https://bugs.webkit.org/show_bug.cgi?id=135322

Reviewed by Oliver Hunt.

The prototype chain of the JSProxy object should match that of the JSGlobalObject.

This is a separate but related issue with JSObjectSetPrototype which doesn't correctly
account for JSProxies. I also audited the rest of the C API to check that we correctly
handle JSProxies in all other situations where we expect a JSCallbackObject of some sort
and found some SPI calls (JSObject*PrivateProperty) that didn't behave correctly when
passed a JSProxy.

I also added some new tests for these cases.

  • API/JSObjectRef.cpp:

(JSObjectSetPrototype):
(JSObjectGetPrivateProperty):
(JSObjectSetPrivateProperty):
(JSObjectDeletePrivateProperty):

  • API/JSWeakObjectMapRefPrivate.cpp:
  • API/tests/CustomGlobalObjectClassTest.c:

(globalObjectSetPrototypeTest):
(globalObjectPrivatePropertyTest):

  • API/tests/CustomGlobalObjectClassTest.h:
  • API/tests/testapi.c:

(main):

13:41 Changeset [171690] by betravis@adobe.com

[CSS Font Loading] Update Font Loading Code
https://bugs.webkit.org/show_bug.cgi?id=135340

Reviewed by Antti Koivisto.

Update the Font Loading code to build again, as trunk has evolved
since the feature was originally written. Mostly, this requires
updating the code to work with the new Font representation.

The original tests were enabled only for the Chromium port.
They will need to be updated when the feature is enabled by default.

  • WebCore.xcodeproj/project.pbxproj: Add missing files.
  • css/FontLoader.cpp: Update to new Font representation.

(WebCore::LoadFontCallback::createFromParams):
(WebCore::LoadFontCallback::~LoadFontCallback):
(WebCore::FontLoader::loadFont):
(WebCore::FontLoader::checkFont):
(WebCore::applyPropertyToCurrentStyle):
(WebCore::FontLoader::resolveFontStyle):

13:41 Changeset [171689] by fpizlo@apple.com

Make sure that we don't use non-speculative BooleanToNumber for a speculative Branch
https://bugs.webkit.org/show_bug.cgi?id=135350
<rdar://problem/17509889>

Reviewed by Mark Hahnenberg and Oliver Hunt.

If we have an exiting node that uses a conversion node, then that exiting node
needs to have a Phantom after it for the the original node. But we can't do that
for Branch because https://bugs.webkit.org/show_bug.cgi?id=126778.

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::clearPhantomsAtEnd):

  • tests/stress/branch-check-int32-on-boolean-to-number-untyped.js: Added.

(foo):
(test):

  • tests/stress/branch-check-number-on-boolean-to-number-untyped.js: Added.

(foo):
(test):

13:38 Changeset [171688] by commit-queue@webkit.org

JSContext Inspector: crash when using step-into
https://bugs.webkit.org/show_bug.cgi?id=135345

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-28
Reviewed by Timothy Hatcher.

  • inspector/agents/InspectorDebuggerAgent.cpp:

(Inspector::InspectorDebuggerAgent::stepInto):
Null check m_listener since it may not be set.

13:03 Changeset [171687] by dfarler@apple.com

Allow for multiple DumpRenderTree and WebKitTestRunner instances in the iOS Simulator
https://bugs.webkit.org/show_bug.cgi?id=135272

Reviewed by Simon Fraser.

  • DumpRenderTree/mac/DumpRenderTree.mm:

(dumpRenderTree): Remove hard-coding of FIFO paths.
(-[DumpRenderTree applicationDidEnterBackground:]): Create background task.
(DumpRenderTreeMain): Set DumpRenderTree as UIApplication delegate.

  • DumpRenderTree/mac/DumpRenderTreeMac.h: bgTask ivar.
  • Scripts/old-run-webkit-tests: Update FIFO paths for ORWT.
  • WebKitTestRunner/TestController.cpp: Remove hard-coding of FIFO paths.
  • WebKitTestRunner/ios/TestControllerIOS.mm: Move dup2 calls to platformInitialize
  • WebKitTestRunner/ios/mainIOS.mm: bgTask ivar.

(-[WebKitTestRunnerApp applicationDidEnterBackground:]): Create background task.
(main): Set WebKitTestRunnerApp as UIApplication delegate.

12:59 Changeset [171686] by dfarler@apple.com

ImageDiff builds for the simulator when running iOS layout tests
https://bugs.webkit.org/show_bug.cgi?id=135270

Reviewed by Simon Fraser.

  • Scripts/build-imagediff: Added.
12:35 Changeset [171685] by commit-queue@webkit.org

Let WheelEvent wrap a PlatformWheelEvent
https://bugs.webkit.org/show_bug.cgi?id=135244

WheelEvent now wraps a PlatformWheelEvent. m_directionInvertedFromDevice, as well as m_phase and m_momentumPhase
have been removed, since the information is redundant in PlatformWheelEvent. Note that deltaX and deltaY have
NOT been replaced, since we need double precision instead of float precision.

Patch by Wenson Hsieh <wenson_hsieh@apple.com> on 2014-07-28
Reviewed by Beth Dakin.

No new tests, since behavior should not have changed.

  • dom/WheelEvent.cpp:

(WebCore::WheelEvent::WheelEvent):
(WebCore::WheelEvent::initWheelEvent):

  • dom/WheelEvent.h:

(WebCore::WheelEvent::wheelEvent): Returns a non-null pointer to the PlatformWheelEvent iff WheelEvent was initialized by PlatformWheelEvent.
(WebCore::WheelEvent::webkitDirectionInvertedFromDevice): Updated to use PlatformWheelEvent.
(WebCore::WheelEvent::phase): Updated to use PlatformWheelEvent.
(WebCore::WheelEvent::momentumPhase): Updated to use PlatformWheelEvent.

12:31 Changeset [171684] by burg@cs.washington.edu

Web Replay: auto-decoding of parameterized vector's elements is incorrect
https://bugs.webkit.org/show_bug.cgi?id=135343

Reviewed by Timothy Hatcher.

Fix an incorrect type argument in EncodingTraits<Vector<T>>::encodeValue
that was using the element's decoded type as the type parameter to
EncodedValue::append<T>. It should instead be the raw type T. This
causes problems when encoding Vector<RefPtr<T>>, as it later tries to
use encoding traits for RefPtr<T> rather than for T.

Fix incorrect generated encoding traits argument for vectors of
RefCounted objects. Updated test to cover this scenario.

  • replay/scripts/CodeGeneratorReplayInputs.py:

(Type.encoding_type_argument):
(VectorType.type_name):
(VectorType):
(VectorType.encoding_type_argument):
(Generator.generate_input_encode_implementation):
(Generator.generate_input_decode_implementation):

  • replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.cpp:
  • replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
  • replay/scripts/tests/generate-input-with-vector-members.json: Updated.
12:22 Changeset [171683] by burg@cs.washington.edu

Web Replay: incorrect serialization code generated for enum classes inside class scope
https://bugs.webkit.org/show_bug.cgi?id=135342

Reviewed by Timothy Hatcher.

If an enum class is defined inside of a class scope, then the enum class
cannot be forward-declared and the relevant header should be included.
Some generated code used incorrectly-scoped enum values in this situation.

  • replay/scripts/CodeGeneratorReplayInputs.py:

(Generator.generate_includes.declaration.is):
(Generator.generate_enum_trait_implementation.is):
(Generator.generate_enum_trait_implementation):

Tests:

  • replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp: Rebaselined.
  • replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h: Rebaselined.
  • replay/scripts/tests/generate-enums-with-same-base-name.json: Add enum

class types to this test case.

12:21 Changeset [171682] by burg@cs.washington.edu

Web Replay: vectors of characters should be base64-encoded
https://bugs.webkit.org/show_bug.cgi?id=135341

Reviewed by Timothy Hatcher.

Without this specialization, encode/decode methods try to create an
array of single characters in JSON, rather than treating the
vector as a binary blob.

  • replay/EncodedValue.cpp:

(JSC::EncodingTraits<Vector<char>>::encodeValue): Added.
(JSC::EncodingTraits<Vector<char>>::decodeValue): Added.

  • replay/EncodedValue.h:
12:02 Changeset [171681] by zoltan@webkit.org

[CSS3-Text] Update text-expectations after r171677

Unreviewed.

  • fast/css3-text/css3-text-justify/getComputedStyle/getComputedStyle-text-justify-expected.txt:
  • fast/css3-text/css3-text-justify/getComputedStyle/getComputedStyle-text-justify-inherited-expected.txt:
10:40 Changeset [171680] by bfulgham@apple.com

[Win] Unreviewed build fix.

  • JavaScriptCore.vcxproj/JavaScriptCore.proj: Switch from the 'Rebuild' target for MSBuild

builds to the 'Build' target to avoid a spurious 'clean' in between build steps.

09:09 Changeset [171679] by matthew_hanson@apple.com

Merge r171645. <rdar://problem/17818693>

09:02 Changeset [171678] by bfulgham@apple.com

Unreviewed 'merge' fix.

  • platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:

Correct line endings to allow EWS merges again.

08:05 Changeset [171677] by zoltan@webkit.org

[CSS3-Text] Adjust text-justify implementation to the latest spec
https://bugs.webkit.org/show_bug.cgi?id=135317

Reviewed by Darin Adler.

Source/WebCore:
Text-justify no longer accepts the following values: Inter-ideograph, inter-
cluster, and kashida. This patch removes them and updates the tests as well.

[1] http://dev.w3.org/csswg/css-text-3/#propdef-text-justify

Updated existing tests.

  • css/CSSParser.cpp:

(WebCore::isValidKeywordPropertyAndValue):

  • css/CSSPrimitiveValueMappings.h:

(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::operator TextJustify):

  • css/CSSValueKeywords.in:
  • rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::changeRequiresLayout):

  • rendering/style/RenderStyleConstants.h:
  • rendering/style/StyleRareInheritedData.h:

LayoutTests:

  • fast/css3-text/css3-text-justify/getComputedStyle/script-tests/getComputedStyle-text-justify-inherited.js:
  • fast/css3-text/css3-text-justify/getComputedStyle/script-tests/getComputedStyle-text-justify.js:
06:19 Changeset [171676] by abucur@adobe.com

REGRESSION (r169105): Crash in selection
https://bugs.webkit.org/show_bug.cgi?id=134303

Patch by Radu Stavila <stavila@adobe.com> on 2014-07-28
Reviewed by Mihnea Ovidenie.

Source/WebCore:

When splitting the selection between different subtrees, all subtrees must have their selection cleared before
starting to apply the new selection. Otherwise, when selecting objects in a named flow thread and going up
its containing block chain, we can end up in the view's selection root, which has not yet been updated and so
we get inconsistent data.

To achieve this goal, the selection update was split into a "clear" and an "apply" method. The updateSelectionForSubtrees
method first iterates through all subtrees and performs the "clear" method and then starts all over again
and performs the "apply" method.

Test: fast/regions/selection/crash-deselect.html

  • WebCore.xcodeproj/project.pbxproj:
  • rendering/RenderSelectionInfo.h:
  • rendering/RenderView.cpp:

(WebCore::RenderView::setSelection):
(WebCore::RenderView::splitSelectionBetweenSubtrees):
(WebCore::RenderView::updateSelectionForSubtrees): Added, clears and re-applies selection for all selection subtrees.
(WebCore::RenderView::clearSubtreeSelection): Added, clears selection and returns previously selected information.
(WebCore::RenderView::applySubtreeSelection): Added, updates the selection status of all objects inside the selection tree, compares old and new data and repaints accordingly.
(WebCore::RenderView::setSubtreeSelection): Deleted.

  • rendering/RenderView.h:
  • rendering/SelectionSubtreeRoot.cpp:

(WebCore::SelectionSubtreeRoot::SelectionSubtreeRoot):

  • rendering/SelectionSubtreeRoot.h:

(WebCore::SelectionSubtreeRoot::OldSelectionData::OldSelectionData):

LayoutTests:

Added test for the crash that occurred in some cases when selecting.

Reviewed by NOBODY (OOPS!).

  • fast/regions/selection/crash-deselect-expected.txt: Added.
  • fast/regions/selection/crash-deselect.html: Added.
02:48 Changeset [171675] by utatane.tea@gmail.com

CSS: Fix :visited behavior for SubSelectors
https://bugs.webkit.org/show_bug.cgi?id=135324

Reviewed by Benjamin Poulain.

Disable :visited match for the selectors that has SubSelectors.

Source/WebCore:

Tests: fast/history/nested-visited-test-complex.html

fast/history/sibling-visited-test-complex.html

  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::matchRecursively):

LayoutTests:
This isSubSelector (context.firstSelectorOfTheFragment == context.selector) is intended to
check relation != CSSSelector::SubSelector.
But since this value belongs to the previous selector and it is tested inside the branch that checks
the next selector isn't SubSelector relation != CSSSelector::SubSelector,
this only matches when the previous selector doesn't has SubSelectors.

  • fast/history/nested-visited-test-complex-expected.txt: Added.
  • fast/history/nested-visited-test-complex.html: Added.
  • fast/history/sibling-visited-test-complex-expected.txt: Added.
  • fast/history/sibling-visited-test-complex.html: Added.
01:41 Changeset [171674] by ossy@webkit.org

Followup fix after r171594
https://bugs.webkit.org/show_bug.cgi?id=135048

Patch by Renato Nagy <nagy.renato@stud.u-szeged.hu> on 2014-07-28
Reviewed by Csaba Osztrogonác.

  • Scripts/sort-export-file: Removed extra newlines from help.

07/27/14:

23:50 Changeset [171673] by psolanki@apple.com

Remove unused preference keys
https://bugs.webkit.org/show_bug.cgi?id=135280

Reviewed by Darin Adler.

Source/WebKit/mac:

  • WebView/WebPreferenceKeysPrivate.h:
  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
(-[WebPreferences _setPageCacheSize:]): Deleted.
(-[WebPreferences _pageCacheSize]): Deleted.
(-[WebPreferences _setObjectCacheSize:]): Deleted.
(-[WebPreferences _objectCacheSize]): Deleted.

  • WebView/WebPreferencesPrivate.h:

Source/WebKit/win:

  • WebPreferenceKeysPrivate.h:
23:47 Changeset [171672] by ryuan.choi@samsung.com

Remove GraphicsSurfaceGLX.cpp
https://bugs.webkit.org/show_bug.cgi?id=135279

Reviewed by Darin Adler.

GraphicsSurfaceGLX.cpp is not used since Qt dropped and Efl port changed at r146458

  • platform/graphics/surfaces/glx/GraphicsSurfaceGLX.cpp: Removed.
19:28 Changeset [171671] by bruno.d@partner.samsung.com

Support for :enabled selector on Anchor & Area elements
https://bugs.webkit.org/show_bug.cgi?id=134826

Reviewed by Darin Adler.

Source/WebCore:
Updates the PseudoClassEnabled selector checker to check for Anchor & Area
elements with a 'href' attribute.

Spec: http://html.spec.whatwg.org/#selector-enabled

Test: fast/css/css-selector-enabled-links.html

  • css/SelectorCheckerTestFunctions.h:

(WebCore::isEnabled): Added check for anchor & area elements.

LayoutTests:
Added tests for :enabled CSS selector on Anchor & Area elements.

  • fast/css/css-selector-enabled-links-expected.txt: Added.
  • fast/css/css-selector-enabled-links.html: Added.
19:24 Changeset [171670] by matthew_hanson@apple.com

Merge r171663. <rdar://problem/17818308>

19:16 Changeset [171669] by matthew_hanson@apple.com

Versioning.

19:09 Changeset [171668] by matthew_hanson@apple.com

New Tag.

19:08 Changeset [171667] by ryuan.choi@samsung.com

[GTK] Keep non-DATABASE_PROCESS build
https://bugs.webkit.org/show_bug.cgi?id=135321

Patch by Yusuke Suzuki <utatane.tea@gmail.com> on 2014-07-27
Reviewed by Gyuyoung Kim.

This is the patch for r171622 in non-DATABASE_PROCESS builds.
Change sendToDatabaseProcessRelaunchingIfNecessary to support non-DATABASE_PROCESS implementation.

  • CMakeLists.txt:
  • UIProcess/WebContext.h:

(WebKit::WebContext::sendToDatabaseProcessRelaunchingIfNecessary):

19:02 Changeset [171666] by ryuan.choi@samsung.com

Unreviewed build fix on the EFL port

Build break because of -Werror=return-type

  • bytecode/PutByIdVariant.cpp:

(JSC::PutByIdVariant::oldStructureForTransition):

  • dfg/DFGValueStrength.h:

(JSC::DFG::merge):

17:48 Changeset [171665] by matthew_hanson@apple.com

Merge r171661. <rdar://problem/17315237>

17:45 Changeset [171664] by matthew_hanson@apple.com

Merge r171663. <rdar://problem/17818308>

16:36 Changeset [171663] by barraclough@apple.com

Don't rely on reading applicationState from within DidEnterBackground/WillEnterForeground
https://bugs.webkit.org/show_bug.cgi?id=135329
rdar://problem/17818308

Reviewed by Sam Weinig.

API may not be stable.

  • UIProcess/ios/PageClientImplIOS.mm:

(WebKit::PageClientImpl::isViewVisible):

  • changed to use -[WKContentView isBackground]
  • UIProcess/ios/ProcessAssertionIOS.mm:

(-[WKProcessAssertionBackgroundTaskManager init]):

  • split notification handlers

(-[WKProcessAssertionBackgroundTaskManager _applicationWillEnterForeground:]):
(-[WKProcessAssertionBackgroundTaskManager _applicationDidEnterBackground:]):
(-[WKProcessAssertionBackgroundTaskManager _applicationDidEnterBackgroundOrWillEnterForeground:]): Deleted.

  • Assume application is background is after DidEnterBackground, and not after WillEnterForeground
  • UIProcess/ios/WKContentView.h:
    • added isBackground.
  • UIProcess/ios/WKContentView.mm:

(-[WKContentView initWithFrame:context:configuration:webView:]):

  • check applicationState at init.

(-[WKContentView isBackground]):

  • accessor

(-[WKContentView _applicationDidEnterBackground:]):
(-[WKContentView _applicationWillEnterForeground:]):

  • update isBackground
16:35 Changeset [171662] by fpizlo@apple.com

[REGRESSION][ftlopt merge][32-bit] stress/prune-multi-put-by-offset-replace-or-transition-variant.js.dfg-eager hits an assertion in SpeculativeJIT::silentSavePlanForGPR
https://bugs.webkit.org/show_bug.cgi?id=135323

Reviewed by Oliver Hunt.

SpeculativeJIT::silentSavePlanForGPR likes to believe that if a node is a constant,
then it's a constant that can be represented using that node's current DataFormat.
This doesn't work if the constant had been filled as a JSValue, and then one of the
fillSpeculateBlah() methods had speculated that it's of some type that the constant
isn't. Unless fillSpeculateBlah() specifically defends against this case, we'll have
a constant that claims to have a contradictory data format.

This patch fixes such a bug in the 32-bit fillSpeculateCell(). The 64-bit
fillSpeculateCell() appears to not have this bug, but I added a similar defense
mechanism anyway just in case, since this is one of those mistakes that keeps
reappearing.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateCell):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateCell):

16:33 Changeset [171661] by dbates@webkit.org

[WK2] Crash when accessing window.localStorage after calling window.close()
https://bugs.webkit.org/show_bug.cgi?id=135328
<rdar://problem/17315237>

Reviewed by Sam Weinig.

Source/WebCore:
Fixes an issue where accessing local storage for the first time after calling window.close()
causes a crash.

For now, we should disallow accessing local storage after calling window.close() regardless of
whether it's the first access to local storage as this seems like a bad idiom to support. Note,
this represents a change in behavior from WebKit1. If such usage of window.localStorage turns
out to be reasonable then we can visit this decision again in <https://bugs.webkit.org/show_bug.cgi?id=135330>.

Tests: storage/domstorage/localstorage/access-storage-after-window-close.html

storage/domstorage/localstorage/access-storage-then-set-value-in-storage-after-window-close.html
storage/domstorage/localstorage/set-value-in-storage-after-window-close.html

  • page/DOMWindow.cpp:

(WebCore::DOMWindow::localStorage): Modified to only return the cached local storage or
create a new local storage so long as the page isn't being closed. Also, substitute nullptr
for 0.
(WebCore::DOMWindow::close): Call Page::setIsClosing() to mark that the page is closing.

  • page/Page.cpp:

(WebCore::Page::Page): Initialize m_isClosing to false.

  • page/Page.h:

(WebCore::Page::setIsClosing): Added.
(WebCore::Page::isClosing): Added.

LayoutTests:
Added test by Andy Estes, LayoutTests/storage/domstorage/localstorage/access-storage-after-window-close.html,
to ensure that we don't crash when accessing local storage for the first time after calling window.close().

Additionally added tests that ensure that updates to local storage are ignored after calling
window.close() regardless of whether local storage was accessed before the call to window.close().

  • storage/domstorage/localstorage/access-storage-after-window-close-expected.txt: Added.
  • storage/domstorage/localstorage/access-storage-after-window-close.html: Added.
  • storage/domstorage/localstorage/access-storage-then-set-value-in-storage-after-window-close-expected.txt: Added.
  • storage/domstorage/localstorage/access-storage-then-set-value-in-storage-after-window-close.html: Added.
  • storage/domstorage/localstorage/resources/access-storage-close-window-and-set-value-in-storage.html: Added.
  • storage/domstorage/localstorage/resources/close-window-and-access-storage.html: Added.
  • storage/domstorage/localstorage/resources/close-window-and-set-value-in-storage.html: Added.
  • storage/domstorage/localstorage/set-value-in-storage-after-window-close-expected.txt: Added.
  • storage/domstorage/localstorage/set-value-in-storage-after-window-close.html: Added.
16:14 Changeset [171660] by fpizlo@apple.com

Merge r170090, r170092, r170129, r170141, r170161, r170215, r170275, r170375, r170376, r170382, r170383, r170399, r170436, r170489, r170490, r170556 from ftlopt.

Source/JavaScriptCore:

This fixes the previous mismerge and adds test coverage for the thing that went wrong.

Additional changes listed here:

  • jsc.cpp:

(functionHasCustomProperties): Expose a way of checking hasCustomProperties(), which the DOM relies on. The regression I previously introduced was because this didn't work right. Now we can test it!

  • runtime/Structure.cpp:

(JSC::Structure::Structure): This was supposed to be setDidTransition(true); the last merge had it set to false.

  • tests/stress/has-custom-properties.js: Added. This test failed with the mismerge.

2014-06-27 Michael Saboff <msaboff@apple.com>


Unreviewed build fix after r169795.


Fixed ASSERT for 32 bit build.


  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):


2014-06-24 Saam Barati <sbarati@apple.com>


Web Inspector: debugger should be able to show variable types
https://bugs.webkit.org/show_bug.cgi?id=133395


Reviewed by Filip Pizlo.


Increase the amount of type information the VM gathers when directed
to do so. This initial commit is working towards the goal of
capturing, and then showing (via the Web Inspector) type information for all
assignment and load operations. This patch doesn't have the feature fully
implemented, but it ensures the VM has no performance regressions
unless the feature is specifically turned on.


  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h: (JSC::computeUsesForBytecodeOffset): (JSC::computeDefsForBytecodeOffset):
  • bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpBytecode): (JSC::CodeBlock::CodeBlock): (JSC::CodeBlock::finalizeUnconditionally):
  • bytecode/CodeBlock.h:
  • bytecode/Instruction.h:
  • bytecode/TypeLocation.h: Added. (JSC::TypeLocation::TypeLocation):
  • bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitMove): (JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity): (JSC::BytecodeGenerator::emitPutToScope): (JSC::BytecodeGenerator::emitPutById): (JSC::BytecodeGenerator::emitPutByVal):
  • bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::isProfilingTypesWithHighFidelity):
  • bytecompiler/NodesCodegen.cpp: (JSC::PostfixNode::emitResolve): (JSC::PrefixNode::emitResolve): (JSC::ReadModifyResolveNode::emitBytecode): (JSC::AssignResolveNode::emitBytecode): (JSC::ConstDeclNode::emitCodeSingle): (JSC::ForInNode::emitBytecode):
  • heap/Heap.cpp: (JSC::Heap::collect):
  • inspector/agents/InspectorRuntimeAgent.cpp: (Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableInTextRange):
  • inspector/agents/InspectorRuntimeAgent.h:
  • inspector/protocol/Runtime.json:
  • jsc.cpp: (GlobalObject::finishCreation): (functionDumpTypesForAllVariables):
  • llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): (JSC::LLInt::putToScopeCommon):
  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:
  • runtime/HighFidelityLog.cpp: Added. (JSC::HighFidelityLog::initializeHighFidelityLog): (JSC::HighFidelityLog::~HighFidelityLog): (JSC::HighFidelityLog::recordTypeInformationForLocation): (JSC::HighFidelityLog::processHighFidelityLog): (JSC::HighFidelityLog::actuallyProcessLogThreadFunction):
  • runtime/HighFidelityLog.h: Added. (JSC::HighFidelityLog::HighFidelityLog):
  • runtime/HighFidelityTypeProfiler.cpp: Added. (JSC::HighFidelityTypeProfiler::getTypesForVariableInRange): (JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableInRange): (JSC::HighFidelityTypeProfiler::getLocalTypesForVariableInRange): (JSC::HighFidelityTypeProfiler::insertNewLocation): (JSC::HighFidelityTypeProfiler::getLocationBasedHash):
  • runtime/HighFidelityTypeProfiler.h: Added.
  • runtime/Options.h:
  • runtime/Structure.cpp: (JSC::Structure::toStructureShape):
  • runtime/Structure.h:
  • runtime/SymbolTable.cpp: (JSC::SymbolTable::SymbolTable): (JSC::SymbolTable::cloneCapturedNames): (JSC::SymbolTable::uniqueIDForVariable): (JSC::SymbolTable::uniqueIDForRegister): (JSC::SymbolTable::globalTypeSetForRegister): (JSC::SymbolTable::globalTypeSetForVariable):
  • runtime/SymbolTable.h: (JSC::SymbolTable::add): (JSC::SymbolTable::set):
  • runtime/TypeSet.cpp: Added. (JSC::TypeSet::TypeSet): (JSC::TypeSet::getRuntimeTypeForValue): (JSC::TypeSet::addTypeForValue): (JSC::TypeSet::removeDuplicatesInStructureHistory): (JSC::TypeSet::seenTypes): (JSC::TypeSet::dumpSeenTypes): (JSC::StructureShape::StructureShape): (JSC::StructureShape::markAsFinal): (JSC::StructureShape::addProperty): (JSC::StructureShape::propertyHash): (JSC::StructureShape::leastUpperBound): (JSC::StructureShape::stringRepresentation):
  • runtime/TypeSet.h: Added. (JSC::StructureShape::create): (JSC::TypeSet::create):
  • runtime/VM.cpp: (JSC::VM::VM): (JSC::VM::getTypesForVariableInRange): (JSC::VM::updateHighFidelityTypeProfileState): (JSC::VM::dumpHighFidelityProfilingTypes):
  • runtime/VM.h: (JSC::VM::isProfilingTypesWithHighFidelity): (JSC::VM::highFidelityLog): (JSC::VM::highFidelityTypeProfiler): (JSC::VM::nextLocation): (JSC::VM::getNextUniqueVariableID):


2014-06-26 Mark Lam <mark.lam@apple.com>


Remove unused instantiation of the WithScope structure.
<https://webkit.org/b/134331>


Reviewed by Oliver Hunt.


The WithScope structure instance is the VM is unused, and is now removed.


  • runtime/VM.cpp: (JSC::VM::VM):
  • runtime/VM.h:


2014-06-25 Mark Hahnenberg <mhahnenberg@apple.com>


Structure bit fields should have a consistent format
https://bugs.webkit.org/show_bug.cgi?id=134307


Reviewed by Filip Pizlo.


Currently we use C-style bit fields for a number of member variables in Structure to save space.
This makes it difficult to load these fields in the JIT. We should instead use our own bitfield
format to make it easy to load and test these variables in JIT code.


  • runtime/JSObject.cpp: (JSC::JSObject::putDirectNonIndexAccessor): (JSC::JSObject::reifyStaticFunctionsForDelete):
  • runtime/Structure.cpp: (JSC::StructureTransitionTable::contains): (JSC::StructureTransitionTable::get): (JSC::StructureTransitionTable::add): (JSC::Structure::Structure): (JSC::Structure::materializePropertyMap): (JSC::Structure::addPropertyTransition): (JSC::Structure::despecifyFunctionTransition): (JSC::Structure::toDictionaryTransition): (JSC::Structure::freezeTransition): (JSC::Structure::preventExtensionsTransition): (JSC::Structure::takePropertyTableOrCloneIfPinned): (JSC::Structure::nonPropertyTransition): (JSC::Structure::flattenDictionaryStructure): (JSC::Structure::addPropertyWithoutTransition): (JSC::Structure::pin): (JSC::Structure::allocateRareData): (JSC::Structure::cloneRareDataFrom): (JSC::Structure::getConcurrently): (JSC::Structure::putSpecificValue): (JSC::Structure::getPropertyNamesFromStructure): (JSC::Structure::visitChildren): (JSC::Structure::checkConsistency):
  • runtime/Structure.h: (JSC::Structure::isExtensible): (JSC::Structure::isDictionary): (JSC::Structure::isUncacheableDictionary): (JSC::Structure::propertyAccessesAreCacheable): (JSC::Structure::previousID): (JSC::Structure::setHasGetterSetterPropertiesWithProtoCheck): (JSC::Structure::setContainsReadOnlyProperties): (JSC::Structure::disableSpecificFunctionTracking): (JSC::Structure::objectToStringValue): (JSC::Structure::setObjectToStringValue): (JSC::Structure::setPreviousID): (JSC::Structure::clearPreviousID): (JSC::Structure::previous): (JSC::Structure::rareData): (JSC::Structure::didTransition): Deleted. (JSC::Structure::hasGetterSetterProperties): Deleted. (JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto): Deleted. (JSC::Structure::setHasGetterSetterProperties): Deleted. (JSC::Structure::hasNonEnumerableProperties): Deleted. (JSC::Structure::staticFunctionsReified): Deleted. (JSC::Structure::setStaticFunctionsReified): Deleted.
  • runtime/StructureInlines.h: (JSC::Structure::setEnumerationCache): (JSC::Structure::enumerationCache): (JSC::Structure::checkOffsetConsistency):


2014-06-24 Mark Lam <mark.lam@apple.com>


[ftlopt] Renamed DebuggerActivation to DebuggerScope.
<https://webkit.org/b/134273>


Reviewed by Michael Saboff.


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • debugger/DebuggerActivation.cpp: Removed.
  • debugger/DebuggerActivation.h: Removed.
  • debugger/DebuggerScope.cpp: Copied from ../../trunk/Source/JavaScriptCore/debugger/DebuggerActivation.cpp. (JSC::DebuggerScope::DebuggerScope): (JSC::DebuggerScope::finishCreation): (JSC::DebuggerScope::visitChildren): (JSC::DebuggerScope::className): (JSC::DebuggerScope::getOwnPropertySlot): (JSC::DebuggerScope::put): (JSC::DebuggerScope::deleteProperty): (JSC::DebuggerScope::getOwnPropertyNames): (JSC::DebuggerScope::defineOwnProperty): (JSC::DebuggerActivation::DebuggerActivation): Deleted. (JSC::DebuggerActivation::finishCreation): Deleted. (JSC::DebuggerActivation::visitChildren): Deleted. (JSC::DebuggerActivation::className): Deleted. (JSC::DebuggerActivation::getOwnPropertySlot): Deleted. (JSC::DebuggerActivation::put): Deleted. (JSC::DebuggerActivation::deleteProperty): Deleted. (JSC::DebuggerActivation::getOwnPropertyNames): Deleted. (JSC::DebuggerActivation::defineOwnProperty): Deleted.
  • debugger/DebuggerScope.h: Copied from ../../trunk/Source/JavaScriptCore/debugger/DebuggerActivation.h. (JSC::DebuggerScope::create): (JSC::DebuggerActivation::create): Deleted.
  • runtime/VM.cpp: (JSC::VM::VM):
  • runtime/VM.h:


2014-06-24 Filip Pizlo <fpizlo@apple.com>


[ftlopt] PutByIdFlush can also be converted to a PutByOffset so don't assert otherwise
https://bugs.webkit.org/show_bug.cgi?id=134265


Reviewed by Geoffrey Garen.


More assertion fallout from the PutById folding work.


  • dfg/DFGNode.h: (JSC::DFG::Node::convertToPutByOffset):


2014-06-24 Filip Pizlo <fpizlo@apple.com>


[ftlopt] GC should notify us if it resets to_this
https://bugs.webkit.org/show_bug.cgi?id=128231


Reviewed by Geoffrey Garen.


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/BytecodeList.json:
  • bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpBytecode): (JSC::CodeBlock::finalizeUnconditionally):
  • bytecode/Instruction.h:
  • bytecode/ToThisStatus.cpp: Added. (JSC::merge): (WTF::printInternal):
  • bytecode/ToThisStatus.h: Added.
  • bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock):
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/CommonSlowPaths.cpp: (JSC::SLOW_PATH_DECL):


2014-06-24 Filip Pizlo <fpizlo@apple.com>


[ftlopt] StructureAbstractValue::onlyStructure() should return nullptr if isClobbered()
https://bugs.webkit.org/show_bug.cgi?id=134256


Reviewed by Michael Saboff.


This isn't testable right now (i.e. it's benign) but we should get it right anyway. The
point is to be able to precisely model what goes on in the snippets of code between a
side-effect and an InvalidationPoint.


This patch also cleans up onlyStructure() by delegating more work to
StructureSet::onlyStructure().


  • dfg/DFGStructureAbstractValue.h: (JSC::DFG::StructureAbstractValue::onlyStructure):


2014-06-24 Filip Pizlo <fpizlo@apple.com>


[ftlopt][REGRESSION] PutById AI is introducing watchable structures without watching them
https://bugs.webkit.org/show_bug.cgi?id=134260


Reviewed by Geoffrey Garen.


This was causing loads of assertion failures in debug builds.


  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):


2014-06-21 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Fold GetById/PutById to MultiGetByOffset/GetByOffset or MultiPutByOffset/PutByOffset, which implies handling non-singleton sets
https://bugs.webkit.org/show_bug.cgi?id=134090


Reviewed by Oliver Hunt.


This pretty much finishes off the work to eliminate the special-casing of singleton
structure sets by making it possible to fold GetById and PutById to various polymorphic
forms of the ByOffset nodes.


  • bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeForStubInfo): (JSC::GetByIdStatus::computeFor):
  • bytecode/GetByIdStatus.h:
  • bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::computeFor):
  • bytecode/PutByIdStatus.h:
  • bytecode/PutByIdVariant.h: (JSC::PutByIdVariant::constantChecks):
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock):
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): (JSC::DFG::ConstantFoldingPhase::emitPutByOffset): (JSC::DFG::ConstantFoldingPhase::addChecks):
  • dfg/DFGNode.h: (JSC::DFG::Node::convertToMultiGetByOffset): (JSC::DFG::Node::convertToMultiPutByOffset):
  • dfg/DFGSpeculativeJIT64.cpp: Also convert all release assertions to DFG assertions in this file, because I was hitting some of them while debugging. (JSC::DFG::SpeculativeJIT::fillJSValue): (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): (JSC::DFG::SpeculativeJIT::emitCall): (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal): (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Strict): (JSC::DFG::SpeculativeJIT::fillSpeculateInt52): (JSC::DFG::SpeculativeJIT::fillSpeculateDouble): (JSC::DFG::SpeculativeJIT::fillSpeculateCell): (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean): (JSC::DFG::SpeculativeJIT::compileLogicalNot): (JSC::DFG::SpeculativeJIT::emitBranch): (JSC::DFG::SpeculativeJIT::compile):
  • dfg/DFGStructureAbstractValue.h: (JSC::DFG::StructureAbstractValue::set):


2014-06-19 Filip Pizlo <fpizlo@apple.com>


[ftlopt] StructureSet::onlyStructure() should return nullptr if it's not a singleton (instead of asserting)
https://bugs.webkit.org/show_bug.cgi?id=134077


Reviewed by Sam Weinig.


This makes StructureSet and StructureAbstractValue more consistent and fixes a debug assert
in the abstract interpreter.


  • bytecode/StructureSet.h: (JSC::StructureSet::onlyStructure):


2014-06-18 Filip Pizlo <fpizlo@apple.com>


DFG AI and constant folder should be able to precisely prune MultiGetByOffset/MultiPutByOffset even if the base structure abstract value is not a singleton
https://bugs.webkit.org/show_bug.cgi?id=133918


Reviewed by Mark Hahnenberg.


This also adds pruning of PutStructure, since I basically had no choice but
to implement such logic within MultiPutByOffset.


Also adds a bunch of PutById cache status dumping to bytecode dumping.


  • bytecode/GetByIdVariant.cpp: (JSC::GetByIdVariant::dumpInContext):
  • bytecode/GetByIdVariant.h: (JSC::GetByIdVariant::structureSet):
  • bytecode/PutByIdVariant.h: (JSC::PutByIdVariant::oldStructure):
  • bytecode/StructureSet.cpp: (JSC::StructureSet::filter): (JSC::StructureSet::filterArrayModes):
  • bytecode/StructureSet.h:
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • dfg/DFGAbstractValue.cpp: (JSC::DFG::AbstractValue::changeStructure): (JSC::DFG::AbstractValue::contains):
  • dfg/DFGAbstractValue.h: (JSC::DFG::AbstractValue::couldBeType): (JSC::DFG::AbstractValue::isType):
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): (JSC::DFG::ConstantFoldingPhase::emitGetByOffset): (JSC::DFG::ConstantFoldingPhase::emitPutByOffset): (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::freezeStrong):
  • dfg/DFGGraph.h:
  • dfg/DFGStructureAbstractValue.h: (JSC::DFG::StructureAbstractValue::operator=):
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
  • tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check.js: Added. (foo): (fu): (bar): (baz): (.bar): (.baz):
  • tests/stress/fold-multi-put-by-offset-to-put-by-offset-without-folding-the-structure-check.js: Added. (foo): (fu): (bar): (baz): (.bar): (.baz):
  • tests/stress/prune-multi-put-by-offset-replace-or-transition-variant.js: Added. (foo): (fu): (bar): (baz): (.bar): (.baz):


2014-06-18 Mark Hahnenberg <mhahnenberg@apple.com>


Remove CompoundType and LeafType
https://bugs.webkit.org/show_bug.cgi?id=134037


Reviewed by Filip Pizlo.


We don't use them for anything. We'll replace them with a generic CellType type for all
the objects that are JSCells, aren't JSObjects, and for which we generally don't care about
their JSType at runtime.


  • llint/LLIntData.cpp: (JSC::LLInt::Data::performAssertions):
  • runtime/ArrayBufferNeuteringWatchpoint.cpp: (JSC::ArrayBufferNeuteringWatchpoint::createStructure):
  • runtime/Executable.h: (JSC::ExecutableBase::createStructure): (JSC::NativeExecutable::createStructure):
  • runtime/JSPromiseDeferred.h: (JSC::JSPromiseDeferred::createStructure):
  • runtime/JSPromiseReaction.h: (JSC::JSPromiseReaction::createStructure):
  • runtime/JSPropertyNameIterator.h: (JSC::JSPropertyNameIterator::createStructure):
  • runtime/JSType.h:
  • runtime/JSTypeInfo.h: (JSC::TypeInfo::TypeInfo):
  • runtime/MapData.h: (JSC::MapData::createStructure):
  • runtime/PropertyMapHashTable.h: (JSC::PropertyTable::createStructure):
  • runtime/RegExp.h: (JSC::RegExp::createStructure):
  • runtime/SparseArrayValueMap.cpp: (JSC::SparseArrayValueMap::createStructure):
  • runtime/Structure.cpp: (JSC::Structure::Structure):
  • runtime/StructureChain.h: (JSC::StructureChain::createStructure):
  • runtime/StructureRareData.cpp: (JSC::StructureRareData::createStructure):
  • runtime/SymbolTable.h: (JSC::SymbolTable::createStructure):
  • runtime/WeakMapData.h: (JSC::WeakMapData::createStructure):


2014-06-17 Filip Pizlo <fpizlo@apple.com>


[ftlopt] PutStructure and PhantomPutStructure shouldn't leave the world in a clobbered state
https://bugs.webkit.org/show_bug.cgi?id=134002


Reviewed by Mark Hahnenberg.


The effect of this bug was that if we had a PutStructure or PhantomPutStructure then any
JSConstants would be in a Clobbered state, so we wouldn't take advantage of our knowledge
of the structure if that structure was watchable.


Also kill PhantomPutStructure.


  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): (JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransition): (JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransitions):
  • dfg/DFGClobberize.h: (JSC::DFG::clobberize):
  • dfg/DFGDoesGC.cpp: (JSC::DFG::doesGC):
  • dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::visitChildren):
  • dfg/DFGNode.h: (JSC::DFG::Node::hasTransition):
  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate):
  • dfg/DFGSafeToExecute.h: (JSC::DFG::safeToExecute):
  • dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile):
  • dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile):
  • dfg/DFGStructureAbstractValue.cpp: (JSC::DFG::StructureAbstractValue::observeTransition): (JSC::DFG::StructureAbstractValue::observeTransitions):
  • dfg/DFGValidate.cpp: (JSC::DFG::Validate::validate):
  • dfg/DFGWatchableStructureWatchingPhase.cpp: (JSC::DFG::WatchableStructureWatchingPhase::run):
  • ftl/FTLCapabilities.cpp: (JSC::FTL::canCompile):
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileNode): (JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure): Deleted.


2014-06-17 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG put_by_id should inline accesses with a slightly polymorphic base
https://bugs.webkit.org/show_bug.cgi?id=133964


Reviewed by Mark Hahnenberg.


  • bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::appendVariant): (JSC::PutByIdStatus::computeForStubInfo):
  • bytecode/PutByIdVariant.cpp: (JSC::PutByIdVariant::oldStructureForTransition): (JSC::PutByIdVariant::writesStructures): (JSC::PutByIdVariant::reallocatesStorage): (JSC::PutByIdVariant::attemptToMerge): (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace): (JSC::PutByIdVariant::dumpInContext):
  • bytecode/PutByIdVariant.h: (JSC::PutByIdVariant::PutByIdVariant): (JSC::PutByIdVariant::replace): (JSC::PutByIdVariant::transition): (JSC::PutByIdVariant::structure): (JSC::PutByIdVariant::oldStructure):
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handlePutById): (JSC::DFG::ByteCodeParser::parseBlock):
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::visitChildren):
  • dfg/DFGNode.cpp: (JSC::DFG::MultiPutByOffsetData::writesStructures): (JSC::DFG::MultiPutByOffsetData::reallocatesStorage):
  • ftl/FTLAbbreviations.h: (JSC::FTL::getLinkage):
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset): (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol):

Source/WebCore:

This fixes the previous mismerge and adds test coverage for the thing that went wrong.
Also, this adds some helpers for making it easier to inspect JavaScript values.

  • testing/Internals.cpp:

(WebCore::Internals::description):

  • testing/Internals.h:
  • testing/Internals.idl:

2014-07-25 Mark Lam <mark.lam@apple.com>


[ftlopt] Renamed DebuggerActivation to DebuggerScope.
<https://webkit.org/b/134273>


Reviewed by Michael Saboff.


No new tests.


  • ForwardingHeaders/debugger/DebuggerActivation.h: Removed.
  • Removed because this is not used.

Source/WebKit/mac:

2014-07-25 Mark Lam <mark.lam@apple.com>


[ftlopt] Renamed DebuggerActivation to DebuggerScope.
<https://webkit.org/b/134273>


Reviewed by Michael Saboff.


  • WebView/WebScriptDebugDelegate.mm:
  • Removed unneeded #include.

Source/WTF:

  • wtf/text/WTFString.h:

LayoutTests:

  • js/regress/fold-get-by-id-to-multi-get-by-offset-expected.txt: Added.
  • js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int-expected.txt: Added.
  • js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int.html: Added.
  • js/regress/fold-get-by-id-to-multi-get-by-offset.html: Added.
  • js/regress/fold-multi-get-by-offset-to-get-by-offset-expected.txt: Added.
  • js/regress/fold-multi-get-by-offset-to-get-by-offset.html: Added.
  • js/regress/fold-multi-get-by-offset-to-poly-get-by-offset-expected.txt: Added.
  • js/regress/fold-multi-get-by-offset-to-poly-get-by-offset.html: Added.
  • js/regress/fold-multi-put-by-offset-to-poly-put-by-offset-expected.txt: Added.
  • js/regress/fold-multi-put-by-offset-to-poly-put-by-offset.html: Added.
  • js/regress/fold-multi-put-by-offset-to-put-by-offset-expected.txt: Added.
  • js/regress/fold-multi-put-by-offset-to-put-by-offset.html: Added.
  • js/regress/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset-expected.txt: Added.
  • js/regress/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset.html: Added.
  • js/regress/fold-put-by-id-to-multi-put-by-offset-expected.txt: Added.
  • js/regress/fold-put-by-id-to-multi-put-by-offset.html: Added.
  • js/regress/fold-put-structure-expected.txt: Added.
  • js/regress/fold-put-structure.html: Added.
  • js/regress/hoist-poly-check-structure-effectful-loop-expected.txt: Added.
  • js/regress/hoist-poly-check-structure-effectful-loop.html: Added.
  • js/regress/hoist-poly-check-structure-expected.txt: Added.
  • js/regress/hoist-poly-check-structure.html: Added.
  • js/regress/put-by-id-replace-and-transition-expected.txt: Added.
  • js/regress/put-by-id-replace-and-transition.html: Added.
  • js/regress/put-by-id-slightly-polymorphic-expected.txt: Added.
  • js/regress/put-by-id-slightly-polymorphic.html: Added.
  • js/regress/script-tests/fold-get-by-id-to-multi-get-by-offset-rare-int.js: Added.

(foo):
(fu):
(bar):
(.bar):
(Number):

  • js/regress/script-tests/fold-get-by-id-to-multi-get-by-offset.js: Added.

(foo):
(fu):
(bar):
(.bar):
(Number):

  • js/regress/script-tests/fold-multi-get-by-offset-to-get-by-offset.js: Added.

(foo):
(fu):
(bar):
(.bar):

  • js/regress/script-tests/fold-multi-get-by-offset-to-poly-get-by-offset.js: Added.

(foo):
(fu):
(bar):
(.bar):

  • js/regress/script-tests/fold-multi-put-by-offset-to-poly-put-by-offset.js: Added.

(foo):
(fu):
(bar):
(.bar):

  • js/regress/script-tests/fold-multi-put-by-offset-to-put-by-offset.js: Added.

(foo):
(fu):
(bar):
(.bar):

  • js/regress/script-tests/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset.js: Added.

(foo):
(fu):
(bar):
(.bar):

  • js/regress/script-tests/fold-put-by-id-to-multi-put-by-offset.js: Added.

(foo):
(fu):
(bar):
(.bar):

  • js/regress/script-tests/fold-put-structure.js: Added.

(foo):
(fu):
(bar):
(.bar):

  • js/regress/script-tests/hoist-poly-check-structure-effectful-loop.js: Added.

(foo):
(test):

  • js/regress/script-tests/hoist-poly-check-structure.js: Added.

(foo):
(test):

  • js/regress/script-tests/put-by-id-replace-and-transition.js: Added.
  • js/regress/script-tests/put-by-id-slightly-polymorphic.js: Added.
14:07 Changeset [171659] by matthew_hanson@apple.com

Merge r171651. <rdar://problem/17682120>

11:45 Changeset [171658] by matthew_hanson@apple.com

Merge r171647. <rdar://problem/17315168>

11:42 Changeset [171657] by matthew_hanson@apple.com

Merge r171640. <rdar://problem/17812921>

11:37 Changeset [171656] by matthew_hanson@apple.com

Merge r171635. <rdar://problem/17782407>

11:33 Changeset [171655] by matthew_hanson@apple.com

Merge r171626. <rdar://problem/17730536>

11:30 Changeset [171654] by matthew_hanson@apple.com

Merge r171624. <rdar://problem/17715503>

11:19 Changeset [171653] by matthew_hanson@apple.com

Merge r171616. <rdar://problem/17736875>

10:58 Changeset [171652] by matthew_hanson@apple.com

Merge r171609. <rdar://problem/17043792>

10:25 Changeset [171651] by enrica@apple.com

[WebKit2 iOS]Add support for caret movement for the 3rd party keyboard protocol.
https://bugs.webkit.org/show_bug.cgi?id=135325
<rdar://problem/17682120>

Reviewed by Sam Weinig.

WKContentView now implements moveByOffset to support the
protocol for 3rd party keyboards.

  • UIProcess/WebPageProxy.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView moveByOffset:]):

  • UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::moveSelectionByOffset):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::moveSelectionByOffset):

07/26/14:

12:48 Changeset [171650] by burg@cs.washington.edu

Web Replay: log and enforce session/segment state machine transitions
https://bugs.webkit.org/show_bug.cgi?id=135224

Reviewed by Timothy Hatcher.

For debugging purposes, log session and segment state transitions.
Assert that segment state transitions are valid.

No new tests. No behavior was changed.

  • replay/ReplayController.cpp:

(WebCore::logDispatchedDOMEvent):
(WebCore::sessionStateToString):
(WebCore::segmentStateToString):
(WebCore::ReplayController::setSessionState):
(WebCore::ReplayController::setSegmentState):
(WebCore::ReplayController::createSegment):
(WebCore::ReplayController::completeSegment): Remove a wrong state transition.
(WebCore::ReplayController::loadSegmentAtIndex):
(WebCore::ReplayController::unloadSegment): Fix a now-erroneous assertion.
(WebCore::ReplayController::startPlayback):
(WebCore::ReplayController::pausePlayback):
(WebCore::ReplayController::willDispatchEvent):
(WebCore::ReplayController::cancelPlayback):

  • replay/ReplayController.h:
12:43 Changeset [171649] by burg@cs.washington.edu

Web Inspector: ReplayManager uses undefined events and inconsistent event data
https://bugs.webkit.org/show_bug.cgi?id=135222

Reviewed by Timothy Hatcher.

  • UserInterface/Controllers/ReplayManager.js:

(WebInspector.ReplayManager.prototype.sessionCreated.this):
(WebInspector.ReplayManager.prototype.sessionCreated):
(WebInspector.ReplayManager.prototype.segmentLoaded):
(WebInspector.ReplayManager.prototype.segmentUnloaded):
(WebInspector.ReplayManager.prototype.stopCapturing):
(WebInspector.ReplayManager.prototype.replayToMarkIndex):
(WebInspector.ReplayManager.prototype.segmentCompleted.set catch):
(WebInspector.ReplayManager.prototype.segmentCompleted):
(WebInspector.ReplayManager.prototype.startCapturing):
(WebInspector.ReplayManager.prototype._changeSessionState):

12:06 Changeset [171648] by fpizlo@apple.com

Unreviewed, roll out r171641-r171644. It broke some tests; will investigate and
reland later.

Source/JavaScriptCore:

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::printPutByIdCacheStatus): Deleted.

  • bytecode/CodeBlock.h:
  • bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeForStubInfo):
(JSC::GetByIdStatus::computeFor):

  • bytecode/GetByIdStatus.h:
  • bytecode/GetByIdVariant.cpp:

(JSC::GetByIdVariant::dumpInContext):

  • bytecode/GetByIdVariant.h:

(JSC::GetByIdVariant::structureSet):

  • bytecode/Instruction.h:
  • bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::appendVariant):
(JSC::PutByIdStatus::computeForStubInfo):
(JSC::PutByIdStatus::computeFor):

  • bytecode/PutByIdStatus.h:
  • bytecode/PutByIdVariant.cpp:

(JSC::PutByIdVariant::dumpInContext):
(JSC::PutByIdVariant::oldStructureForTransition): Deleted.
(JSC::PutByIdVariant::writesStructures): Deleted.
(JSC::PutByIdVariant::reallocatesStorage): Deleted.
(JSC::PutByIdVariant::attemptToMerge): Deleted.
(JSC::PutByIdVariant::attemptToMergeTransitionWithReplace): Deleted.

  • bytecode/PutByIdVariant.h:

(JSC::PutByIdVariant::PutByIdVariant):
(JSC::PutByIdVariant::replace):
(JSC::PutByIdVariant::transition):
(JSC::PutByIdVariant::structure):
(JSC::PutByIdVariant::oldStructure):
(JSC::PutByIdVariant::newStructure):
(JSC::PutByIdVariant::constantChecks):

  • bytecode/StructureSet.cpp:

(JSC::StructureSet::filter): Deleted.
(JSC::StructureSet::filterArrayModes): Deleted.

  • bytecode/StructureSet.h:

(JSC::StructureSet::onlyStructure):

  • bytecode/ToThisStatus.cpp: Removed.
  • bytecode/ToThisStatus.h: Removed.
  • bytecode/TypeLocation.h: Removed.
  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitMove):
(JSC::BytecodeGenerator::emitPutToScope):
(JSC::BytecodeGenerator::emitPutById):
(JSC::BytecodeGenerator::emitPutByVal):
(JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity): Deleted.

  • bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::isProfilingTypesWithHighFidelity): Deleted.

  • bytecompiler/NodesCodegen.cpp:

(JSC::PostfixNode::emitResolve):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::ConstDeclNode::emitCodeSingle):
(JSC::ForInNode::emitBytecode):

  • debugger/DebuggerActivation.cpp: Added.

(JSC::DebuggerActivation::DebuggerActivation):
(JSC::DebuggerActivation::finishCreation):
(JSC::DebuggerActivation::visitChildren):
(JSC::DebuggerActivation::className):
(JSC::DebuggerActivation::getOwnPropertySlot):
(JSC::DebuggerActivation::put):
(JSC::DebuggerActivation::deleteProperty):
(JSC::DebuggerActivation::getOwnPropertyNames):
(JSC::DebuggerActivation::defineOwnProperty):

  • debugger/DebuggerActivation.h: Added.

(JSC::DebuggerActivation::create):
(JSC::DebuggerActivation::createStructure):

  • debugger/DebuggerScope.cpp: Removed.
  • debugger/DebuggerScope.h: Removed.
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransition):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::observeTransitions):

  • dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::changeStructure): Deleted.
(JSC::DFG::AbstractValue::contains): Deleted.

  • dfg/DFGAbstractValue.h:

(JSC::DFG::AbstractValue::couldBeType):
(JSC::DFG::AbstractValue::isType):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handlePutById):
(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):
(JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
(JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
(JSC::DFG::ConstantFoldingPhase::addBaseCheck): Deleted.
(JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::visitChildren):
(JSC::DFG::Graph::freezeStrong):

  • dfg/DFGGraph.h:
  • dfg/DFGNode.cpp:

(JSC::DFG::MultiPutByOffsetData::writesStructures):
(JSC::DFG::MultiPutByOffsetData::reallocatesStorage):

  • dfg/DFGNode.h:

(JSC::DFG::Node::convertToPutByOffset):
(JSC::DFG::Node::hasTransition):
(JSC::DFG::Node::convertToMultiGetByOffset): Deleted.
(JSC::DFG::Node::convertToMultiPutByOffset): Deleted.

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::fillJSValue):
(JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Strict):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGStructureAbstractValue.cpp:

(JSC::DFG::StructureAbstractValue::observeTransition):
(JSC::DFG::StructureAbstractValue::observeTransitions):

  • dfg/DFGStructureAbstractValue.h:

(JSC::DFG::StructureAbstractValue::onlyStructure):
(JSC::DFG::StructureAbstractValue::operator=): Deleted.
(JSC::DFG::StructureAbstractValue::set): Deleted.

  • dfg/DFGValidate.cpp:

(JSC::DFG::Validate::validate):

  • dfg/DFGWatchableStructureWatchingPhase.cpp:

(JSC::DFG::WatchableStructureWatchingPhase::run):

  • ftl/FTLAbbreviations.h:

(JSC::FTL::getLinkage): Deleted.

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure):
(JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
(JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
(JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol):

  • heap/Heap.cpp:

(JSC::Heap::collect):

  • inspector/agents/InspectorRuntimeAgent.cpp:

(Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableInTextRange): Deleted.

  • inspector/agents/InspectorRuntimeAgent.h:
  • inspector/protocol/Runtime.json:
  • jsc.cpp:

(GlobalObject::finishCreation):
(functionDumpTypesForAllVariables): Deleted.

  • llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::putToScopeCommon): Deleted.

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/ArrayBufferNeuteringWatchpoint.cpp:

(JSC::ArrayBufferNeuteringWatchpoint::createStructure):

  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/Executable.h:

(JSC::ExecutableBase::createStructure):
(JSC::NativeExecutable::createStructure):

  • runtime/HighFidelityLog.cpp: Removed.
  • runtime/HighFidelityLog.h: Removed.
  • runtime/HighFidelityTypeProfiler.cpp: Removed.
  • runtime/HighFidelityTypeProfiler.h: Removed.
  • runtime/JSObject.cpp:

(JSC::JSObject::putDirectCustomAccessor):
(JSC::JSObject::putDirectNonIndexAccessor):
(JSC::JSObject::reifyStaticFunctionsForDelete):

  • runtime/JSPromiseDeferred.h:

(JSC::JSPromiseDeferred::createStructure):

  • runtime/JSPromiseReaction.h:

(JSC::JSPromiseReaction::createStructure):

  • runtime/JSPropertyNameIterator.h:

(JSC::JSPropertyNameIterator::createStructure):

  • runtime/JSType.h:
  • runtime/JSTypeInfo.h:

(JSC::TypeInfo::TypeInfo):

  • runtime/MapData.h:

(JSC::MapData::createStructure):

  • runtime/Options.h:
  • runtime/PropertyMapHashTable.h:

(JSC::PropertyTable::createStructure):

  • runtime/RegExp.h:

(JSC::RegExp::createStructure):

  • runtime/SparseArrayValueMap.cpp:

(JSC::SparseArrayValueMap::createStructure):

  • runtime/Structure.cpp:

(JSC::StructureTransitionTable::contains):
(JSC::StructureTransitionTable::get):
(JSC::StructureTransitionTable::add):
(JSC::Structure::Structure):
(JSC::Structure::materializePropertyMap):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::despecifyFunctionTransition):
(JSC::Structure::toDictionaryTransition):
(JSC::Structure::freezeTransition):
(JSC::Structure::preventExtensionsTransition):
(JSC::Structure::takePropertyTableOrCloneIfPinned):
(JSC::Structure::nonPropertyTransition):
(JSC::Structure::flattenDictionaryStructure):
(JSC::Structure::addPropertyWithoutTransition):
(JSC::Structure::pin):
(JSC::Structure::allocateRareData):
(JSC::Structure::cloneRareDataFrom):
(JSC::Structure::getConcurrently):
(JSC::Structure::putSpecificValue):
(JSC::Structure::getPropertyNamesFromStructure):
(JSC::Structure::visitChildren):
(JSC::Structure::checkConsistency):
(JSC::Structure::toStructureShape): Deleted.

  • runtime/Structure.h:

(JSC::Structure::isExtensible):
(JSC::Structure::didTransition):
(JSC::Structure::isDictionary):
(JSC::Structure::isUncacheableDictionary):
(JSC::Structure::hasBeenFlattenedBefore):
(JSC::Structure::propertyAccessesAreCacheable):
(JSC::Structure::previousID):
(JSC::Structure::hasGetterSetterProperties):
(JSC::Structure::hasReadOnlyOrGetterSetterPropertiesExcludingProto):
(JSC::Structure::setHasGetterSetterProperties):
(JSC::Structure::hasCustomGetterSetterProperties):
(JSC::Structure::setHasCustomGetterSetterProperties):
(JSC::Structure::setContainsReadOnlyProperties):
(JSC::Structure::hasNonEnumerableProperties):
(JSC::Structure::disableSpecificFunctionTracking):
(JSC::Structure::objectToStringValue):
(JSC::Structure::setObjectToStringValue):
(JSC::Structure::staticFunctionsReified):
(JSC::Structure::setStaticFunctionsReified):
(JSC::Structure::transitionWatchpointSet):
(JSC::Structure::setPreviousID):
(JSC::Structure::clearPreviousID):
(JSC::Structure::previous):
(JSC::Structure::rareData):
(JSC::Structure::setHasGetterSetterPropertiesWithProtoCheck): Deleted.
(JSC::Structure::setHasCustomGetterSetterPropertiesWithProtoCheck): Deleted.

  • runtime/StructureChain.h:

(JSC::StructureChain::createStructure):

  • runtime/StructureInlines.h:

(JSC::Structure::setEnumerationCache):
(JSC::Structure::enumerationCache):
(JSC::Structure::checkOffsetConsistency):

  • runtime/StructureRareData.cpp:

(JSC::StructureRareData::createStructure):

  • runtime/SymbolTable.cpp:

(JSC::SymbolTable::SymbolTable):
(JSC::SymbolTable::cloneCapturedNames):
(JSC::SymbolTable::uniqueIDForVariable): Deleted.
(JSC::SymbolTable::uniqueIDForRegister): Deleted.
(JSC::SymbolTable::globalTypeSetForRegister): Deleted.
(JSC::SymbolTable::globalTypeSetForVariable): Deleted.

  • runtime/SymbolTable.h:

(JSC::SymbolTable::createStructure):
(JSC::SymbolTable::add):
(JSC::SymbolTable::set):

  • runtime/TypeSet.cpp: Removed.
  • runtime/TypeSet.h: Removed.
  • runtime/VM.cpp:

(JSC::VM::VM):
(JSC::VM::getTypesForVariableInRange): Deleted.
(JSC::VM::updateHighFidelityTypeProfileState): Deleted.
(JSC::VM::dumpHighFidelityProfilingTypes): Deleted.

  • runtime/VM.h:

(JSC::VM::isProfilingTypesWithHighFidelity): Deleted.
(JSC::VM::highFidelityLog): Deleted.
(JSC::VM::highFidelityTypeProfiler): Deleted.
(JSC::VM::nextLocation): Deleted.
(JSC::VM::getNextUniqueVariableID): Deleted.

  • runtime/WeakMapData.h:

(JSC::WeakMapData::createStructure):

  • tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check.js: Removed.
  • tests/stress/fold-multi-put-by-offset-to-put-by-offset-without-folding-the-structure-check.js: Removed.
  • tests/stress/prune-multi-put-by-offset-replace-or-transition-variant.js: Removed.

Source/WebCore:

  • ForwardingHeaders/debugger/DebuggerActivation.h: Added.

Source/WebKit/mac:

  • WebView/WebScriptDebugDelegate.mm:

Source/WTF:

  • wtf/text/WTFString.h:

LayoutTests:

  • js/regress/fold-get-by-id-to-multi-get-by-offset-expected.txt: Removed.
  • js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int-expected.txt: Removed.
  • js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int.html: Removed.
  • js/regress/fold-get-by-id-to-multi-get-by-offset.html: Removed.
  • js/regress/fold-multi-get-by-offset-to-get-by-offset-expected.txt: Removed.
  • js/regress/fold-multi-get-by-offset-to-get-by-offset.html: Removed.
  • js/regress/fold-multi-get-by-offset-to-poly-get-by-offset-expected.txt: Removed.
  • js/regress/fold-multi-get-by-offset-to-poly-get-by-offset.html: Removed.
  • js/regress/fold-multi-put-by-offset-to-poly-put-by-offset-expected.txt: Removed.
  • js/regress/fold-multi-put-by-offset-to-poly-put-by-offset.html: Removed.
  • js/regress/fold-multi-put-by-offset-to-put-by-offset-expected.txt: Removed.
  • js/regress/fold-multi-put-by-offset-to-put-by-offset.html: Removed.
  • js/regress/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset-expected.txt: Removed.
  • js/regress/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset.html: Removed.
  • js/regress/fold-put-by-id-to-multi-put-by-offset-expected.txt: Removed.
  • js/regress/fold-put-by-id-to-multi-put-by-offset.html: Removed.
  • js/regress/fold-put-structure-expected.txt: Removed.
  • js/regress/fold-put-structure.html: Removed.
  • js/regress/hoist-poly-check-structure-effectful-loop-expected.txt: Removed.
  • js/regress/hoist-poly-check-structure-effectful-loop.html: Removed.
  • js/regress/hoist-poly-check-structure-expected.txt: Removed.
  • js/regress/hoist-poly-check-structure.html: Removed.
  • js/regress/put-by-id-replace-and-transition-expected.txt: Removed.
  • js/regress/put-by-id-replace-and-transition.html: Removed.
  • js/regress/put-by-id-slightly-polymorphic-expected.txt: Removed.
  • js/regress/put-by-id-slightly-polymorphic.html: Removed.
  • js/regress/script-tests/fold-get-by-id-to-multi-get-by-offset-rare-int.js: Removed.
  • js/regress/script-tests/fold-get-by-id-to-multi-get-by-offset.js: Removed.
  • js/regress/script-tests/fold-multi-get-by-offset-to-get-by-offset.js: Removed.
  • js/regress/script-tests/fold-multi-get-by-offset-to-poly-get-by-offset.js: Removed.
  • js/regress/script-tests/fold-multi-put-by-offset-to-poly-put-by-offset.js: Removed.
  • js/regress/script-tests/fold-multi-put-by-offset-to-put-by-offset.js: Removed.
  • js/regress/script-tests/fold-multi-put-by-offset-to-replace-or-transition-put-by-offset.js: Removed.
  • js/regress/script-tests/fold-put-by-id-to-multi-put-by-offset.js: Removed.
  • js/regress/script-tests/fold-put-structure.js: Removed.
  • js/regress/script-tests/hoist-poly-check-structure-effectful-loop.js: Removed.
  • js/regress/script-tests/hoist-poly-check-structure.js: Removed.
  • js/regress/script-tests/put-by-id-replace-and-transition.js: Removed.
  • js/regress/script-tests/put-by-id-slightly-polymorphic.js: Removed.
11:45 Changeset [171647] by timothy_horton@apple.com

Crash in Web Content Process under ~PDFDocument under clearTouchEventListeners at topDocument()
https://bugs.webkit.org/show_bug.cgi?id=135319
<rdar://problem/17315168>

Reviewed by Darin Adler and Antti Koivisto.

  • WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::committedLoad):
Allow data through to WebCore for frames with custom content providers;
the only custom content provider currently implemented is main frame PDF
on iOS, which will end up creating a PDFDocument in WebCore, which drops all
data on the floor immediately, so this won't result in WebCore doing anything
with the data, but makes sure that more of the normal document lifecycle is maintained.

In the future, we might want to consider ensuring that all custom content providers
end up creating a SinkDocument or something similarly generic to ensure that
WebCore doesn't try to do anything with their data, but for now, the only client is covered.

  • dom/Document.h:
  • dom/Document.cpp:

(WebCore::Document::Document):
(WebCore::Document::prepareForDestruction):
Add a flag on Document, m_hasPreparedForDestruction, which ensures
that each Document only goes through prepareForDestruction() once.
prepareForDestruction() can be called a number of times during teardown,
but it's only necessary to actually execute it once.

This was previously achieved by virtue of all callers of prepareForDestruction()
first checking hasLivingRenderTree, and prepareForDestruction() tearing down
the render tree, but that meant that prepareForDestruction() was not called
for Documents who never had a render tree in the first place.

The only part of prepareForDestruction() that is now predicated on hasLivingRenderTree()
is the call to destroyRenderTree(); the rest of the function has the potential to be relevant
for non-rendered placeholder documents and can safely deal with them in other ways.

It is important to call prepareForDestruction() on non-rendered placeholder documents
because some of the cleanup (like disconnectFromFrame()) is critical to safe destruction.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::clear):
Call prepareForDestruction() even if we don't have a living render tree.
For the sake of minimizing change, removeFocusedNodeOfSubtree still
depends on having a living render tree before calling prepareForDestruction().

  • page/Frame.cpp:

(WebCore::Frame::setView):
(WebCore::Frame::setDocument):
Call prepareForDestruction() even if we don't have a living render tree.

09:44 Changeset [171646] by commit-queue@webkit.org

Remove accidental debugging console.log
https://bugs.webkit.org/show_bug.cgi?id=135315

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-26
Reviewed by Alexey Proskuryakov.

  • UserInterface/Views/ApplicationCacheFrameContentView.js:

(WebInspector.ApplicationCacheFrameContentView.prototype._sortDataGrid):

09:42 Changeset [171645] by commit-queue@webkit.org

Web Inspector: Timelines performance is very slow, has many forced layouts
https://bugs.webkit.org/show_bug.cgi?id=135313

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2014-07-26
Reviewed by Timothy Hatcher.

  • UserInterface/Views/NavigationItem.js:

(WebInspector.NavigationItem):
(WebInspector.NavigationItem.prototype.get hidden):
(WebInspector.NavigationItem.prototype.set hidden):
Don't have the parent navigation bar update layout if the hidden state did not change.
This greatly reduces the number of forced layouts as timeline nodes are added.

  • UserInterface/Views/NavigationSidebarPanel.js:

(WebInspector.NavigationSidebarPanel.prototype.showEmptyContentPlaceholder):
(WebInspector.NavigationSidebarPanel.prototype.hideEmptyContentPlaceholder):
Don't do any work if this is not changing the view.

(WebInspector.NavigationSidebarPanel.prototype._updateContentOverflowShadowVisibilitySoon):
(WebInspector.NavigationSidebarPanel.prototype._updateContentOverflowShadowVisibility):
(WebInspector.NavigationSidebarPanel.prototype._treeElementAddedOrChanged):
When first selecting a specific timeline (Layout / Scripts) we would have a very long hang
updating the content. Most of this was time spent updating the overflow shadow visibility
because every single tree element addition was causing a layout invalidation and forced layout.
Coalesce all of the tree element adds into a single update at the end.

  • UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview.prototype.updateLayout):
Calculating the visible duration checks offsetLeft. Calculate this once, outside
of a loop down below, to prevent or reduce possible forced layouts.

  • UserInterface/Views/TreeOutline.js:

(TreeElement.prototype.revealed):
Prevent doing any work for timeline tree elements outside of the selected time range.
Previously they were considered revealed if a parent was expanded, even though that
parent was hidden. This greatly reduces the amount of work during a recording, since
previously we were potentially doing a forced layout for hidden nodes.

  • UserInterface/Views/TimelineSidebarPanel.js:

(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject.looselyCompareRepresentedObjects):
Ignore ProfileNode, which may happen here in the Script timeline.

Note: See TracTimeline for information about the timeline view.