Timeline


and

05/30/16: Today

01:14 Changeset [201498] by jfernandez@igalia.com
  • 28 edits
    2 adds in trunk

[CSS Box Alignment] New CSS Value 'normal' for Self Alignment
https://bugs.webkit.org/show_bug.cgi?id=156254

Reviewed by Darin Adler.

Source/WebCore:

The Box Alignment specification defines a new value 'normal' to be used
as default for the different layout models, which will define the
specific behavior for each case. This patch adds a new CSS value in the
parsing logic and adapts the Self Alignment properties to the new
value.

The 'auto' value is no longer valid for the 'align-items' property and
the Computed Value will be always the specified value. Hence, I removed
the StyleResolver logic because is not required now; the specific
behavior of the 'normal' value will be resolved at layout time.

Additionally, this patch updates the layout logic as well, for both
Flexbox and Grid layout models.

Test: css3/parse-alignment-of-root-elements.html

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::resolveLegacyJustifyItems): Added.
(WebCore::resolveJustifyItemsAuto): Added.
(WebCore::resolveJustifySelfAuto): Added.
(WebCore::resolveAlignSelfAuto): Added.
(WebCore::valueForItemPositionWithOverflowAlignment): Using a StyleSelfAlignmentData argument.
(WebCore::ComputedStyleExtractor::propertyValue): Using the new resolving functions.

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseItemPositionOverflowPosition): A new value 'normal' is now valid.

  • css/CSSPrimitiveValueMappings.h:

(WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Mappings for the new value 'normal'.
(WebCore::CSSPrimitiveValue::operator ItemPosition): Mappings for the new value 'normal'.

  • css/CSSPropertyNames.in:
  • css/StyleResolver.cpp:

(WebCore::StyleResolver::adjustRenderStyle): We don't need to resolve 'legacy" keyword.

  • rendering/RenderBox.cpp:

(WebCore::flexItemHasStretchAlignment):
(WebCore::RenderBox::hasStretchedLogicalWidth):

  • rendering/RenderFlexibleBox.cpp:

(WebCore::RenderFlexibleBox::styleDidChange):
(WebCore::RenderFlexibleBox::alignmentForChild):
(WebCore::contentAlignmentNormalBehaviorFlexibleBox):
(WebCore::RenderFlexibleBox::layoutAndPlaceChildren):
(WebCore::RenderFlexibleBox::layoutColumnReverse):
(WebCore::RenderFlexibleBox::alignFlexLines):
(WebCore::RenderFlexibleBox::alignChildren):

  • rendering/RenderGrid.cpp:

(WebCore::defaultAlignmentChangedToStretchInRowAxis):
(WebCore::defaultAlignmentChangedFromStretchInRowAxis):
(WebCore::defaultAlignmentChangedFromStretchInColumnAxis):
(WebCore::selfAlignmentChangedToStretchInRowAxis):
(WebCore::selfAlignmentChangedFromStretchInRowAxis):
(WebCore::selfAlignmentChangedFromStretchInColumnAxis):
(WebCore::contentAlignmentNormalBehaviorGrid):
(WebCore::RenderGrid::applyStretchAlignmentToTracksIfNeeded):
(WebCore::RenderGrid::needToStretchChildLogicalHeight):
(WebCore::RenderGrid::applyStretchAlignmentToChildIfNeeded):
(WebCore::RenderGrid::columnAxisPositionForChild):
(WebCore::RenderGrid::rowAxisPositionForChild):
(WebCore::RenderGrid::columnAxisOffsetForChild):
(WebCore::RenderGrid::rowAxisOffsetForChild):
(WebCore::RenderGrid::computeContentPositionAndDistributionOffset):

  • rendering/style/RenderStyle.cpp:

(WebCore::resolvedSelfAlignment):
(WebCore::RenderStyle::resolvedAlignItems):
(WebCore::RenderStyle::resolvedAlignSelf):
(WebCore::RenderStyle::resolvedJustifyItems):
(WebCore::RenderStyle::resolvedJustifySelf):

  • rendering/style/RenderStyle.h:
  • rendering/style/RenderStyleConstants.h:
  • rendering/style/StyleRareNonInheritedData.cpp:

(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData): align-items uses now a different initial function.

LayoutTests:

Changes in the already defined tests for the alignment properties to
consider the new CSS value 'normal', which is the default for align-items
and the value to resolve 'auto' when there is no parent.

Added a new test to verify the Self-Alignment properties work as expected
with root elements.

  • css3/flexbox/css-properties-expected.txt:
  • css3/flexbox/css-properties.html:
  • css3/parse-align-items-expected.txt:
  • css3/parse-align-items.html:
  • css3/parse-align-self-expected.txt:
  • css3/parse-align-self.html:
  • css3/parse-alignment-of-root-elements-expected.txt: Added.
  • css3/parse-alignment-of-root-elements.html: Added.
  • fast/css/getComputedStyle/computed-style-expected.txt:
  • fast/css/getComputedStyle/computed-style-without-renderer-expected.txt:
  • fast/css/parse-justify-items-expected.txt:
  • fast/css/parse-justify-items.html:
  • fast/css/parse-justify-self-expected.txt:
  • fast/css/parse-justify-self.html:
  • fast/css/resources/alignment-parsing-utils.js:
  • svg/css/getComputedStyle-basic-expected.txt:

(checkBadValues):

  • svg/css/getComputedStyle-basic-expected.txt:

05/29/16: Yesterday

23:53 Changeset [201497] by beidson@apple.com
  • 10 edits in trunk/Source/WebCore

Transition various Task/Function queues from std::function to NoncopyableFunction.
https://bugs.webkit.org/show_bug.cgi?id=158196

Reviewed by Chris Dumez.

No new tests (Refactor, no behavior change).

  • dom/ActiveDOMCallbackMicrotask.cpp:

(WebCore::ActiveDOMCallbackMicrotask::ActiveDOMCallbackMicrotask):

  • dom/ActiveDOMCallbackMicrotask.h:
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::layoutSizeChanged):

  • page/FrameView.cpp:

(WebCore::FrameView::queuePostLayoutCallback):
(WebCore::FrameView::flushPostLayoutTasksQueue):

  • page/FrameView.h:
  • platform/GenericTaskQueue.cpp:

(WebCore::TaskDispatcher<Timer>::postTask):
(WebCore::TaskDispatcher<Timer>::dispatchOneTask):

  • platform/GenericTaskQueue.h:

(WebCore::TaskDispatcher::postTask):
(WebCore::GenericTaskQueue::enqueueTask):

  • style/StyleTreeResolver.cpp:

(WebCore::Style::postResolutionCallbackQueue):
(WebCore::Style::queuePostResolutionCallback):
(WebCore::Style::suspendMemoryCacheClientCalls):

  • style/StyleTreeResolver.h:
23:23 WebKitGTK/Gardening/Calendar edited by carlosgc@webkit.org
(diff)
21:30 Changeset [201496] by beidson@apple.com
  • 7 edits in trunk/Source/WebCore

Make ScriptExecutionContext::Task work in terms of wtf::NoncopyableFunction instead of std::function.
https://bugs.webkit.org/show_bug.cgi?id=158187

Reviewed by Chris Dumez.

No new tests (Refactor, no behavior change).

Also make postTask take an rvalue reference.

  • bindings/js/JSDOMGlobalObjectTask.cpp:

(WebCore::JSGlobalObjectTask::JSGlobalObjectTask):

  • dom/Document.cpp:

(WebCore::Document::postTask):

  • dom/Document.h:
  • dom/ScriptExecutionContext.h:

(WebCore::ScriptExecutionContext::Task::Task):

  • workers/WorkerGlobalScope.cpp:

(WebCore::WorkerGlobalScope::postTask):

  • workers/WorkerGlobalScope.h:
12:01 Changeset [201495] by sbarati@apple.com
  • 9 edits
    1 add in trunk/Source/JavaScriptCore

Stack overflow crashes with deep or cyclic proxy prototype chains
https://bugs.webkit.org/show_bug.cgi?id=157087

Reviewed by Filip Pizlo and Mark Lam.

Because a Proxy can call back into the JS runtime in arbitrary
ways, we may have effectively cyclic prototype chains and property lookups
by using a Proxy. We may also have arbitrarily long Proxy chains
where we call into a C frame for each link in the Proxy chain.
This means that every Proxy hook must be aware that it can stack overflow.
Before, only certain hooks were aware of this fact. That was a bug,
all hooks must assume they can stack overflow.

Also, because we may have effectively cyclic prototype chains, we
compile ProxyObject.cpp with -fno-optimize-sibling-calls. This prevents
tail call optimization from happening on any of the calls from
ProxyObject.cpp. We do this because we rely on the machine stack
growing for throwing a stack overflow error. It's better for developers
to be able to see a stack overflow error than to have their program
infinite loop because the compiler performed TCO.

This patch also fixes a couple call sites of various methods
where we didn't check for an exception.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • interpreter/Interpreter.cpp:

(JSC::sizeOfVarargs):

  • runtime/InternalFunction.cpp:

(JSC::InternalFunction::createSubclassStructure):

  • runtime/JSArray.h:

(JSC::getLength):

  • runtime/ObjectPrototype.cpp:

(JSC::objectProtoFuncToString):

  • runtime/ProxyObject.cpp:

(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::getOwnPropertySlotCommon):
(JSC::ProxyObject::performPut):
(JSC::performProxyCall):
(JSC::performProxyConstruct):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::performPreventExtensions):
(JSC::ProxyObject::performIsExtensible):
(JSC::ProxyObject::performDefineOwnProperty):
(JSC::ProxyObject::performGetOwnPropertyNames):
(JSC::ProxyObject::getOwnPropertyNames):
(JSC::ProxyObject::getPropertyNames):
(JSC::ProxyObject::getOwnNonIndexPropertyNames):
(JSC::ProxyObject::performSetPrototype):
(JSC::ProxyObject::performGetPrototype):

  • runtime/ProxyObject.h:

(JSC::ProxyObject::create):

  • tests/stress/proxy-stack-overflow-exceptions.js: Added.

(shouldThrowStackOverflow):
(const.emptyFunction):
(makeLongProxyChain):
(shouldThrowStackOverflow.longProxyChain):
(shouldThrowStackOverflow.effecivelyCyclicProxyProtoChain1):
(shouldThrowStackOverflow.effecivelyCyclicProxyProtoChain2):
(shouldThrowStackOverflow.effecivelyCyclicProxyProtoChain3):
(shouldThrowStackOverflow.longProxyChainBind):
(shouldThrowStackOverflow.longProxyChainPropertyAccess):
(shouldThrowStackOverflow.longProxyChainReflectConstruct):
(shouldThrowStackOverflow.longProxyChainReflectSet):
(shouldThrowStackOverflow.longProxyChainReflectOwnKeys):
(shouldThrowStackOverflow.longProxyChainGetPrototypeOf):
(shouldThrowStackOverflow.longProxyChainSetPrototypeOf):
(shouldThrowStackOverflow.longProxyChainGetOwnPropertyDescriptor):
(shouldThrowStackOverflow.longProxyChainDefineProperty):
(shouldThrowStackOverflow.longProxyChainIsExtensible):
(shouldThrowStackOverflow.longProxyChainPreventExtensions):
(shouldThrowStackOverflow.longProxyChainDeleteProperty):
(shouldThrowStackOverflow.longProxyChainWithScope):
(shouldThrowStackOverflow.longProxyChainWithScope2):
(shouldThrowStackOverflow.longProxyChainWithScope3):
(shouldThrowStackOverflow.longProxyChainArrayPrototypePush):
(shouldThrowStackOverflow.longProxyChainWithScope4):
(shouldThrowStackOverflow.longProxyChainCall):
(shouldThrowStackOverflow.longProxyChainConstruct):
(shouldThrowStackOverflow.longProxyChainHas):

05/28/16:

21:47 Changeset [201494] by akling@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

JSGlobalLexicalEnvironment leaks SegmentedVector due to lack of destructor.
<https://webkit.org/b/158186>

Reviewed by Saam Barati.

Give JSGlobalLexicalEnvironment a destroy() and set up a finalizer for it
like we do with JSGlobalObject. (This is needed because they don't inherit
from JSDestructibleObjects and thus can't use JSCell::needsDestruction to
ask for allocation in destructor space.)

This stops us from leaking all the SegmentedVector backing stores.

  • runtime/JSGlobalLexicalEnvironment.cpp:

(JSC::JSGlobalLexicalEnvironment::destroy):

  • runtime/JSGlobalLexicalEnvironment.h:

(JSC::JSGlobalLexicalEnvironment::create):

21:20 Changeset [201493] by cdumez@apple.com
  • 37 edits in trunk/Source

Templatize NoncopyableFunction class similarly to std::function
https://bugs.webkit.org/show_bug.cgi?id=158185

Reviewed by Darin Adler.

Templatize NoncopyableFunction class similarly to std::function, so
that it can be used as a std::function replacement in more places.

Previously, NoncopyableFunction could only support "void()" lambdas.

Source/WebCore:

  • Modules/mediastream/MediaEndpointPeerConnection.cpp:

(WebCore::MediaEndpointPeerConnection::runTask):

  • Modules/mediastream/MediaEndpointPeerConnection.h:
  • fileapi/AsyncFileStream.cpp:

(WebCore::callOnFileThread):
(WebCore::AsyncFileStream::perform):
(WebCore::AsyncFileStream::getSize):
(WebCore::AsyncFileStream::openForRead):
(WebCore::AsyncFileStream::openForWrite):
(WebCore::AsyncFileStream::write):

  • fileapi/AsyncFileStream.h:
  • page/scrolling/ScrollingThread.cpp:

(WebCore::ScrollingThread::dispatch):
(WebCore::ScrollingThread::dispatchBarrier):
(WebCore::ScrollingThread::dispatchFunctionsFromScrollingThread):

  • page/scrolling/ScrollingThread.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::scheduleDeferredTask):

  • platform/mediastream/MediaStreamPrivate.cpp:

(WebCore::MediaStreamPrivate::scheduleDeferredTask):

  • platform/mediastream/MediaStreamPrivate.h:
  • platform/mediastream/mac/AVMediaCaptureSource.h:
  • platform/mediastream/mac/AVMediaCaptureSource.mm:

(WebCore::AVMediaCaptureSource::scheduleDeferredTask):

Source/WebKit:

  • Storage/StorageSyncManager.cpp:

(WebCore::StorageSyncManager::dispatch):

  • Storage/StorageSyncManager.h:
  • Storage/StorageThread.cpp:

(WebCore::StorageThread::dispatch):
(WebCore::StorageThread::terminate):

  • Storage/StorageThread.h:

Source/WebKit2:

  • NetworkProcess/cache/NetworkCacheIOChannelSoup.cpp:

(WebKit::NetworkCache::runTaskInQueue):

Source/WTF:

  • wtf/FunctionDispatcher.h:
  • wtf/MainThread.cpp:

(WTF::functionQueue):
(WTF::dispatchFunctionsFromMainThread):
(WTF::callOnMainThread):

  • wtf/MainThread.h:
  • wtf/NoncopyableFunction.h:
  • wtf/RunLoop.cpp:

(WTF::RunLoop::performWork):
(WTF::RunLoop::dispatch):

  • wtf/RunLoop.h:
  • wtf/WorkQueue.h:
  • wtf/cocoa/WorkQueueCocoa.cpp:

(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):

  • wtf/efl/DispatchQueueWorkItemEfl.h:

(WorkItem::WorkItem):
(TimerWorkItem::create):
(TimerWorkItem::TimerWorkItem):

  • wtf/efl/WorkQueueEfl.cpp:

(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):

  • wtf/generic/RunLoopGeneric.cpp:

(WTF::RunLoop::TimerBase::ScheduledTask::create):
(WTF::RunLoop::TimerBase::ScheduledTask::ScheduledTask):
(WTF::RunLoop::dispatchAfter):

  • wtf/generic/WorkQueueGeneric.cpp:

(WorkQueue::dispatch):
(WorkQueue::dispatchAfter):

  • wtf/glib/RunLoopGLib.cpp:

(WTF::DispatchAfterContext::DispatchAfterContext):
(WTF::RunLoop::dispatchAfter):

  • wtf/win/WorkItemWin.cpp:

(WTF::WorkItemWin::WorkItemWin):
(WTF::WorkItemWin::create):
(WTF::HandleWorkItem::HandleWorkItem):
(WTF::HandleWorkItem::createByAdoptingHandle):

  • wtf/win/WorkItemWin.h:

(WTF::WorkItemWin::function):

  • wtf/win/WorkQueueWin.cpp:

(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):

16:16 Changeset [201492] by ap@apple.com
  • 8 edits in trunk/Source

Fix the build with newer clang and other custom configuration options
https://bugs.webkit.org/show_bug.cgi?id=158161

Reviewed by Dan Bernstein.

Source/WebCore:

  • platform/mac/WebVideoFullscreenInterfaceMac.mm:

(WebCore::WebVideoFullscreenInterfaceMac::rateChanged): Added UNUSED_PARAMs for the
case where this function is unimplemented.
(WebCore::WebVideoFullscreenInterfaceMac::setExternalPlayback): Added a non-additions
version of this function.

  • platform/spi/cf/CFNetworkSPI.h: Silence nullability-completeness (and other) warnings.

I doubt that it's practical to get these right for every SDK version at this time. Added
functions for overriding HTTPS certicate behavior that we used to declare in .m files.

  • platform/spi/mac/AVFoundationSPI.h: Define AVAssetCache conditionally.

Source/WebKit2:

  • NetworkProcess/ios/NetworkProcessIOS.mm: -setAllowsSpecificHTTPSCertificate:forHost:

is now in CFNetworkSPI.h

  • NetworkProcess/mac/NetworkProcessMac.mm: Ditto.
  • Shared/mac/CookieStorageShimLibrary.cpp:

(WebKit::WebKitCookieStorageShimInitialize): Use more portable std::call_once.

12:53 Changeset [201491] by youenn.fablet@crf.canon.fr
  • 2 edits in trunk/LayoutTests/imported/w3c

Adding wptserve logging for 404 file-serving responses
https://bugs.webkit.org/show_bug.cgi?id=158183

Reviewed by Alexey Proskuryakov.

  • resources/web-platform-tests-modules.json: Modifying wptserve module to log 404 FileHandler exceptions.
12:18 Changeset [201490] by rniwa@webkit.org
  • 21 edits
    1 copy
    1 move
    3 adds in trunk

Autocorrection makes it hard to type "doesn't" and to type @ in email addresses
https://bugs.webkit.org/show_bug.cgi?id=158177
.:

Reviewed by Darin Adler.

Fixed manual tests for autocorrection panels and added a manual test for . Most of changes are fixing up the path to LayoutTests/editing/editing.js.

Also wrap many steps to type in a space or delete a character inside setTimeout since autocorrection happens on a timer
and the fact WebKit2 communicates with NSSpellChecker via IPC makes the behavior even more indeterministic.

  • ManualTests/autocorrection/autocorrection-at-mark.html: Added.
  • ManualTests/autocorrection/autocorrection-cancelled-by-ESC.html:
  • ManualTests/autocorrection/autocorrection-cancelled-by-typing-1.html:
  • ManualTests/autocorrection/autocorrection-contraction-2.html: Added.
  • ManualTests/autocorrection/autocorrection-contraction.html:
  • ManualTests/autocorrection/autocorrection-in-iframe.html:
  • ManualTests/autocorrection/close-window-when-correction-is-shown.html:
  • ManualTests/autocorrection/continue-typing-to-dismiss-reversion.html:
  • ManualTests/autocorrection/delete-to-dismiss-reversion.html:
  • ManualTests/autocorrection/delete-to-end-of-word-to-show-reversion.html:
  • ManualTests/autocorrection/dismiss-multiple-guesses.html:
  • ManualTests/autocorrection/document-for-iframe-test.html: Removed.
  • ManualTests/autocorrection/move-to-end-of-word-to-show-reversion.html: Type a space and move care in setTimeout as

the reversion panel wouldn't show up otherwise.

  • ManualTests/autocorrection/remove-misspelling-marker-after-appending-letter.html: Delay the typing of a space as well as

deleting letters since autocorrection panel wouldn't show up in time otherwise, and deleting character immediately would
reject the autocorrection instead of accepting it. Also removed the steps to add back the spellchecking marker and extracted
it as a separate test.

  • ManualTests/autocorrection/removing-misspelling-marker-after-appending-letter-2.html: Copied. This test continues the full

scenario in the previous test by typing a space and deleting the character, thereby bringing up spellchecking marker.

  • ManualTests/autocorrection/resources: Added.
  • ManualTests/autocorrection/resources/document-for-iframe-test.html: Moved from ManualTests/autocorrection/.
  • ManualTests/autocorrection/select-from-multiple-guesses.html: Added a missing instruction.
  • ManualTests/autocorrection/spell-checking-after-reversion.html:
  • ManualTests/autocorrection/type-whitespace-to-dismiss-reversion.html: Delay the typing of a space and moving the selection

since the reversion panel wouldn't show up otherwise.

  • ManualTests/autocorrection/undo-autocorrection-2.html: Copied. Automated most of steps in the second test case.
  • ManualTests/autocorrection/undo-autocorrection.html:

Source/WebCore:

<rdar://problem/20490862>
<rdar://problem/24707954>

Reviewed by Darin Adler.

When the user had typed "doesn'", some unified spellchecker may try to autocorrect it to "doesn't" or "does"
but we should ignore this for a moment until the next character is typed by the user. The code to deal with
this situation which checks the existence of an "ambiguous boundary character" was not robust when the
replacement text was longer than the corrected text.

Fixed this bug by fixing the logic to detect this case. Also added '@' as an ambiguous boundary character
since autocorrecting letters that appear right before '@' would not be useful in many cases.

Tests: ManualTests/autocorrection/autocorrection-at-mark.html

ManualTests/autocorrection/autocorrection-contraction-2.html

  • editing/AlternativeTextController.cpp:

(WebCore::AlternativeTextController::timerFired): Fixed a bug that we can show an empty reversion panel.

  • editing/Editor.cpp:

(WebCore::Editor::markAndReplaceFor): When the user had typed "doesn'" and our autocorrection result is
"doesn't", resultEndLocation (the end of "doesn't") is larger than selectionOffset (the end of "doesn'").
When the correction is "does", resultEndLocation (the end of "does") is one less than selectionOffset.
Updated the condition to deal with both of these conditions as well as cases where the correction result
contains more than one letter after '.

  • editing/htmlediting.cpp:

(WebCore::isAmbiguousBoundaryCharacter): Moved from the header file since this is not a hot function and
doesn't need to be inlined everywhere. Added '@' as an ambiguous boundary character.

  • editing/htmlediting.h:

(WebCore::isAmbiguousBoundaryCharacter): Moved to the cpp file.

11:27 Changeset [201489] by aakash_jain@apple.com
  • 2 edits in trunk/Tools

tests fail if display sleeps while run-webkit-tests is running
https://bugs.webkit.org/show_bug.cgi?id=153919

Reviewed by Darin Adler.

  • DumpRenderTree/mac/LayoutTestHelper.m:

(addDisplaySleepAssertion): Use PreventUserIdleSystemSleep flag, same as set by caffeinate tool.

11:26 Changeset [201488] by gskachkov@gmail.com
  • 6 edits
    1 add in trunk

[Next] Trailing commas in function parameters.
https://bugs.webkit.org/show_bug.cgi?id=158020

Reviewed by Keith Miller.

ESNext allow to add trailing commas in function parameters and function arguments.
Link to spec - https://jeffmo.github.io/es-trailing-function-commas
Example of using - (function (a, b,) { return a + b; })(1,2,);

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseFormalParameters):
(JSC::Parser<LexerType>::parseArguments):

  • tests/stress/trailing-comma-in-function-paramters.js: Added.
10:47 Changeset [201487] by utatane.tea@gmail.com
  • 13 edits in trunk/Source/JavaScriptCore

[JSC] op_new_arrow_func_exp is no longer necessary
https://bugs.webkit.org/show_bug.cgi?id=158180

Reviewed by Saam Barati.

This patch removes op_new_arrow_func_exp bytecode since
what op_new_arrow_func_exp is doing is completely the same to op_new_func_exp.

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset): Deleted.
(JSC::computeDefsForBytecodeOffset): Deleted.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode): Deleted.

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel): Deleted.

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass): Deleted.

  • jit/JIT.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::emitNewFuncExprCommon):
(JSC::JIT::emit_op_new_arrow_func_exp): Deleted.

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL): Deleted.

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:
10:05 Changeset [201486] by annulen@yandex.ru
  • 3 edits in trunk/Source/WebCore

FileSystem: use OS(WINDOWS) instead of PLATFORM(WIN).
https://bugs.webkit.org/show_bug.cgi?id=158168

Reviewed by Darin Adler.

No new tests needed.

  • platform/FileSystem.cpp:

(WebCore::lastComponentOfPathIgnoringTrailingSlash):
(WebCore::MappedFileData::~MappedFileData):
(WebCore::MappedFileData::MappedFileData):

  • platform/FileSystem.h: Removed unused PlatformFilePathSeparator

constant.

09:55 Changeset [201485] by annulen@yandex.ru
  • 3 edits in trunk/Source/WebCore

Use COMPILER(MSVC) instead of PLATFORM(WIN) for MSVC-specific workaround
https://bugs.webkit.org/show_bug.cgi?id=158169

Reviewed by NOBODY (OOPS!).

No new tests needed.

  • platform/PlatformMouseEvent.h:
  • platform/win/PlatformMouseEventWin.cpp: Moved operators'

implementations to PlatformMouseEvent.h

09:54 Changeset [201484] by cdumez@apple.com
  • 7 edits in trunk/Source/WebKit2

Modernize lambda captures in the network disk cache implementation
https://bugs.webkit.org/show_bug.cgi?id=158179

Reviewed by Darin Adler.

Modernize lambda captures in the network disk cache implementation.

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::retrieve):
(WebKit::NetworkCache::Cache::store):
(WebKit::NetworkCache::Cache::traverse):

  • NetworkProcess/cache/NetworkCache.h:
  • NetworkProcess/cache/NetworkCacheIOChannelSoup.cpp:

(WebKit::NetworkCache::inputStreamReadReadyCallback):
(WebKit::NetworkCache::outputStreamWriteReadyCallback):

  • NetworkProcess/cache/NetworkCacheStatistics.cpp:

(WebKit::NetworkCache::Statistics::initialize):
(WebKit::NetworkCache::Statistics::shrinkIfNeeded):
(WebKit::NetworkCache::Statistics::queryWasEverRequested):

  • NetworkProcess/cache/NetworkCacheStatistics.h:
  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::Storage::updateFileModificationTime):
(WebKit::NetworkCache::Storage::clear):

09:33 Changeset [201483] by mitz@apple.com
  • 2 edits in trunk/Source/WTF

Build fix for projects that include MainThread.h without including FastMalloc.h.

  • wtf/NoncopyableFunction.h: Include FastMalloc.h from here.

05/27/16:

22:51 Changeset [201482] by cdumez@apple.com
  • 60 edits
    1 copy in trunk/Source

callOnMainThread() should not copy captured lambda variables
https://bugs.webkit.org/show_bug.cgi?id=158166

Reviewed by Brady Eidson.

Source/WebCore:

callOnMainThread() should not copy captured lambda variables. This
function is usually called cross-thread with a lambda and copying
the lambda (and its captured variables) can lead to thread-safety
issues.

This patch updates callOnMainThread() to take a NoncopyableFunction&&
in parameter instead of a std::function. The call sites of
callOnMainThread() have also been updated to use C++14's lambda
capture with initializer.

  • Modules/indexeddb/IDBTransaction.cpp:

(WebCore::IDBTransaction::putOrAddOnServer):

  • Modules/mediastream/MediaDevicesRequest.cpp:

(WebCore::MediaDevicesRequest::didCompletePermissionCheck):
(WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):

  • Modules/mediastream/MediaEndpointPeerConnection.cpp:

(WebCore::MediaEndpointPeerConnection::runTask):

  • Modules/mediastream/MediaEndpointPeerConnection.h:
  • Modules/mediastream/UserMediaRequest.cpp:

(WebCore::UserMediaRequest::constraintsValidated):
(WebCore::UserMediaRequest::userMediaAccessGranted):

  • Modules/webaudio/AudioContext.cpp:

(WebCore::AudioContext::scheduleNodeDeletion):
(WebCore::AudioContext::isPlayingAudioDidChange):

  • dom/Document.cpp:

(WebCore::Document::postTask):
(WebCore::Document::pendingTasksTimerFired): Deleted.

  • dom/ScriptElement.cpp:

(WebCore::ScriptElement::requestScript):

  • fileapi/AsyncFileStream.cpp:

(WebCore::callOnFileThread):
(WebCore::AsyncFileStream::~AsyncFileStream):
(WebCore::AsyncFileStream::perform):

  • fileapi/AsyncFileStream.h:
  • fileapi/ThreadableBlobRegistry.cpp:

(WebCore::ThreadableBlobRegistry::registerFileBlobURL):
(WebCore::ThreadableBlobRegistry::registerBlobURL):
(WebCore::ThreadableBlobRegistry::registerBlobURLForSlice):
(WebCore::ThreadableBlobRegistry::blobSize):
(WebCore::ThreadableBlobRegistry::unregisterBlobURL):
(WebCore::ThreadableBlobRegistry::registerBlobURLOptionallyFileBacked): Deleted.

  • loader/icon/IconDatabase.cpp:

(WebCore::IconDatabase::dispatchDidImportIconURLForPageURLOnMainThread):
(WebCore::IconDatabase::dispatchDidImportIconDataForPageURLOnMainThread):

  • page/ResourceUsageThread.cpp:

(WebCore::ResourceUsageThread::notifyObservers):
(WebCore::ResourceUsageThread::threadBody):

  • page/ResourceUsageThread.h:
  • page/scrolling/ScrollingThread.cpp:

(WebCore::ScrollingThread::dispatch):
(WebCore::ScrollingThread::dispatchBarrier):
(WebCore::ScrollingThread::dispatchFunctionsFromScrollingThread):

  • page/scrolling/ScrollingThread.h:
  • page/scrolling/ios/ScrollingTreeIOS.cpp:

(WebCore::ScrollingTreeIOS::invalidate):
(WebCore::ScrollingTreeIOS::scrollingTreeNodeDidScroll):
(WebCore::ScrollingTreeIOS::currentSnapPointIndicesDidChange):
(WebCore::ScrollingTreeIOS::createScrollingTreeNode): Deleted.

  • page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:

(WebCore::ScrollingTreeFrameScrollingNodeMac::releaseReferencesToScrollerImpsOnTheMainThread):

  • platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::releaseMemory):

  • platform/audio/ios/MediaSessionManagerIOS.mm:

(-[WebMediaSessionHelper dealloc]):
(-[WebMediaSessionHelper startMonitoringAirPlayRoutes]):
(-[WebMediaSessionHelper stopMonitoringAirPlayRoutes]):

  • platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:

(WebCore::AudioSourceProviderAVFObjC::prepare):

  • platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:

(WebCore::MediaPlayerPrivateAVFoundation::scheduleMainThreadNotification):
(WebCore::MediaPlayerPrivateAVFoundation::dispatchNotification):

  • platform/graphics/avfoundation/objc/CDMSessionAVFoundationObjC.mm:

(-[WebCDMSessionAVFoundationObjCListener observeValueForKeyPath:ofObject:change:context:]):

  • platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:

(-[WebAVOutputDeviceMenuControllerHelper observeValueForKeyPath:ofObject:change:context:]):

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoLayer):
(-[WebCoreAVFMovieObserver legibleOutput:didOutputAttributedStrings:nativeSampleBuffers:forItemTime:]):
(-[WebCoreAVFMovieObserver outputSequenceWasFlushed:]):
(-[WebCoreAVFLoaderDelegate resourceLoader:shouldWaitForLoadingOfRequestedResource:]):
(-[WebCoreAVFLoaderDelegate resourceLoader:shouldWaitForResponseToAuthenticationChallenge:]):
(-[WebCoreAVFLoaderDelegate resourceLoader:didCancelLoadingRequest:]):

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::CMTimebaseEffectiveRateChangedCallback):
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::play):
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::pause):

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::scheduleDeferredTask):

  • platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

(-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:]):
(-[WebAVStreamDataParserListener streamDataParser:didParseStreamDataAsAsset:withDiscontinuity:]):
(-[WebAVStreamDataParserListener streamDataParser:didFailToParseStreamDataWithError:]):
(-[WebAVStreamDataParserListener streamDataParser:didProvideMediaData:forTrackID:mediaType:flags:]):
(-[WebAVStreamDataParserListener streamDataParser:didReachEndOfTrackWithTrackID:mediaType:]):
(-[WebAVStreamDataParserListener streamDataParser:didProvideContentKeyRequestInitializationData:forTrackID:]):
(-[WebAVSampleBufferErrorListener observeValueForKeyPath:ofObject:change:context:]):
(-[WebAVSampleBufferErrorListener layerFailedToDecode:]):

  • platform/graphics/cg/GraphicsContextCG.cpp:

(WebCore::patternReleaseCallback):

  • platform/graphics/cg/PatternCG.cpp:

(WebCore::patternReleaseCallback):

  • platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:

(WebCore::MediaPlayerPrivateMediaFoundation::endCreatedMediaSource):
(WebCore::MediaPlayerPrivateMediaFoundation::endGetEvent):
(WebCore::MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::processInputNotify):

  • platform/mediastream/MediaStreamPrivate.cpp:

(WebCore::MediaStreamPrivate::scheduleDeferredTask):

  • platform/mediastream/MediaStreamPrivate.h:
  • platform/mediastream/mac/AVMediaCaptureSource.h:
  • platform/mediastream/mac/AVMediaCaptureSource.mm:

(WebCore::AVMediaCaptureSource::scheduleDeferredTask):

  • platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:

(WebCore::RealtimeMediaSourceCenterMac::getMediaStreamTrackSources):

  • platform/mediastream/mac/WebAudioSourceProviderAVFObjC.mm:

(WebCore::WebAudioSourceProviderAVFObjC::prepare):

  • platform/mock/MockRealtimeMediaSourceCenter.cpp:

(WebCore::MockRealtimeMediaSourceCenter::getMediaStreamTrackSources):

  • platform/network/BlobResourceHandle.cpp:

(WebCore::BlobResourceHandle::start):
(WebCore::BlobResourceHandle::notifyFinish):

  • platform/network/DataURLDecoder.cpp:

(WebCore::DataURLDecoder::decode):

  • platform/network/DataURLDecoder.h:
  • platform/network/cocoa/WebCoreNSURLSession.mm:

(-[WebCoreNSURLSession dealloc]):
(-[WebCoreNSURLSessionDataTask cancel]):
(-[WebCoreNSURLSessionDataTask suspend]):
(-[WebCoreNSURLSessionDataTask resume]):

  • platform/network/curl/CurlDownload.cpp:

(WebCore::CurlDownload::didReceiveHeader):
(WebCore::CurlDownload::didReceiveData): Deleted.

Source/WebKit:

callOnMainThread() should not copy captured lambda variables. This
function is usually called cross-thread with a lambda and copying
the lambda (and its captured variables) can lead to thread-safety
issues.

This patch updates callOnMainThread() to take a NoncopyableFunction&&
in parameter instead of a std::function. The call sites of
callOnMainThread() have also been updated to use C++14's lambda
capture with initializer.

  • Storage/StorageAreaSync.cpp:

(WebCore::StorageAreaSync::deleteEmptyDatabase):

  • Storage/StorageSyncManager.cpp:

(WebCore::StorageSyncManager::dispatch):

  • Storage/StorageSyncManager.h:
  • Storage/StorageThread.cpp:

(WebCore::StorageThread::dispatch):
(WebCore::StorageThread::terminate):
(WebCore::StorageThread::releaseFastMallocFreeMemoryInAllThreads):

  • Storage/StorageThread.h:
  • Storage/StorageTracker.cpp:

(WebCore::StorageTracker::syncFileSystemAndTrackerDatabase):
(WebCore::StorageTracker::setOriginDetails):

Source/WebKit/mac:

callOnMainThread() should not copy captured lambda variables. This
function is usually called cross-thread with a lambda and copying
the lambda (and its captured variables) can lead to thread-safety
issues.

This patch updates callOnMainThread() to take a NoncopyableFunction&&
in parameter instead of a std::function. The call sites of
callOnMainThread() have also been updated to use C++14's lambda
capture with initializer.

  • Storage/WebDatabaseManagerClient.mm:

(DidModifyOriginData::dispatchToMainThread):
(DidModifyOriginData::DidModifyOriginData): Deleted.

  • Storage/WebStorageTrackerClient.mm:

(WebStorageTrackerClient::dispatchDidModifyOrigin):

Source/WTF:

callOnMainThread() should not copy captured lambda variables. This
function is usually called cross-thread with a lambda and copying
the lambda (and its captured variables) can lead to thread-safety
issues.

This patch updates callOnMainThread() to take a NoncopyableFunction&&
in parameter instead of a std::function. The call sites of
callOnMainThread() have also been updated to use C++14's lambda
capture with initializer.

  • WTF.xcodeproj/project.pbxproj:
  • wtf/FunctionDispatcher.h:
  • wtf/NoncopyableFunction.h:
  • Moved NoncopyableFunction from FunctionDispatcher.h to NoncopyableFunction.h.
  • Add a new operator=(nullptr_t) operator to NoncopyableFunction to match std::function, as one of the call sites needed it.
  • wtf/MainThread.cpp:

(WTF::functionQueue):
(WTF::dispatchFunctionsFromMainThread):
(WTF::callOnMainThread):

  • wtf/MainThread.h:
22:44 Changeset [201481] by caitp@igalia.com
  • 54 edits
    15 adds in trunk/Source

[JSC] implement async functions proposal
https://bugs.webkit.org/show_bug.cgi?id=156147

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

Adds support for async functions, proposed in https://tc39.github.io/ecmascript-asyncawait/.

On the front-end side, "await" becomes a contextual keyword when used within an async function,
which triggers parsing an AwaitExpression. "await" becomes an illegal identifier name within
these contexts. The bytecode generated from an "await" expression is identical to that generated
in a "yield" expression in a Generator, as AsyncFunction reuses generator's state machine mechanism.

There are numerous syntactic forms for language features, including a variation on ArrowFunctions,
requiring the keyword async to precede ArrowFormalParameters, and similarly, MethodDefinitions,
which are ordinary MethodDefinitions preceded by the keyword async.

An async function desugars to the following:

`
async function asyncFn() {
}

becomes:

function asyncFn() {

let generator = {

@generatorNext: function(@generator, @generatorState, @generatorValue, @generatorResumeMode) {

generator state machine stuff here

},
@generatorState: 0,
@generatorThis: this,
@generatorFrame: null

};
return @asyncFunctionResume(generator, undefined, GeneratorResumeMode::NormalMode);

}
`

@asyncFunctionResume() is similar to @generatorResume, with the exception that it will wrap the
result of invoking @generatorNext() in a Promise, and will avoid allocating an iterator result
object.

If the generator has yielded (an AwaitExpression has occurred), resumption will occur automatically
once the await-expression operand is finished, via Promise chaining.

  • API/JSScriptRef.cpp:

(parseScript):

  • CMakeLists.txt:
  • DerivedSources.make:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • builtins/AsyncFunctionPrototype.js: Added.

(asyncFunctionResume):

  • builtins/BuiltinExecutables.cpp:

(JSC::BuiltinExecutables::createExecutable):

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finishCreation):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::isArrowFunction):
(JSC::UnlinkedCodeBlock::isOrdinaryArrowFunction):
(JSC::UnlinkedCodeBlock::isAsyncArrowFunction):

  • bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::generateUnlinkedFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::fromGlobalCode):
(JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):

  • bytecode/UnlinkedFunctionExecutable.h:
  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
(JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
(JSC::BytecodeGenerator::emitNewMethodDefinition):
(JSC::BytecodeGenerator::emitNewFunction):
(JSC::BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment):

  • bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::makeFunction):

  • bytecompiler/NodesCodegen.cpp:

(JSC::FunctionNode::emitBytecode):

  • inspector/agents/InspectorRuntimeAgent.cpp:

(Inspector::InspectorRuntimeAgent::parse):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::emitNewFuncCommon):
(JSC::JIT::emit_op_new_async_func):
(JSC::JIT::emitNewFuncExprCommon):
(JSC::JIT::emit_op_new_async_func_exp):

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jsc.cpp:

(runInteractive):
(printUsageStatement):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:
  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createAsyncFunctionBody):

  • parser/Keywords.table:
  • parser/Parser.cpp:

(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::isArrowFunctionParameters):
(JSC::Parser<LexerType>::parseAsyncFunctionSourceElements):
(JSC::Parser<LexerType>::parseStatementListItem):
(JSC::Parser<LexerType>::parseVariableDeclarationList):
(JSC::Parser<LexerType>::parseDestructuringPattern):
(JSC::Parser<LexerType>::parseStatement):
(JSC::Parser<LexerType>::parseFunctionDeclarationStatement):
(JSC::Parser<LexerType>::parseFormalParameters):
(JSC::stringForFunctionMode):
(JSC::Parser<LexerType>::parseFunctionParameters):
(JSC::Parser<LexerType>::parseFunctionInfo):
(JSC::Parser<LexerType>::parseAsyncFunctionDeclaration):
(JSC::Parser<LexerType>::parseClass):
(JSC::Parser<LexerType>::parseExpressionOrLabelStatement):
(JSC::Parser<LexerType>::parseImportClauseItem):
(JSC::Parser<LexerType>::parseImportDeclaration):
(JSC::Parser<LexerType>::parseExportDeclaration):
(JSC::Parser<LexerType>::parseAssignmentExpression):
(JSC::Parser<LexerType>::parseAwaitExpression):
(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parsePropertyMethod):
(JSC::Parser<LexerType>::parseAsyncFunctionExpression):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::parseMemberExpression):
(JSC::Parser<LexerType>::parseArrowFunctionExpression):
(JSC::Parser<LexerType>::parseUnaryExpression):
(JSC::Parser<LexerType>::printUnexpectedTokenText):

  • parser/Parser.h:

(JSC::isIdentifierOrKeyword):
(JSC::Scope::Scope):
(JSC::Scope::setSourceParseMode):
(JSC::Scope::isAsyncFunction):
(JSC::Scope::isAsyncFunctionBoundary):
(JSC::Scope::isModule):
(JSC::Scope::setIsFunction):
(JSC::Scope::setIsAsyncArrowFunction):
(JSC::Scope::setIsAsyncFunction):
(JSC::Scope::setIsAsyncFunctionBody):
(JSC::Scope::setIsAsyncArrowFunctionBody):
(JSC::Parser::ExpressionErrorClassifier::forceClassifyExpressionError):
(JSC::Parser::ExpressionErrorClassifier::propagateExpressionErrorClass):
(JSC::Parser::ExpressionErrorClassifier::indicatesPossibleAsyncArrowFunction):
(JSC::Parser::forceClassifyExpressionError):
(JSC::Parser::declarationTypeToVariableKind):
(JSC::Parser::closestParentOrdinaryFunctionNonLexicalScope):
(JSC::Parser::pushScope):
(JSC::Parser::popScopeInternal):
(JSC::Parser::matchSpecIdentifier):
(JSC::Parser::isDisallowedIdentifierAwait):
(JSC::Parser::disallowedIdentifierAwaitReason):
(JSC::parse):

  • parser/ParserModes.h:

(JSC::isFunctionParseMode):
(JSC::isAsyncFunctionParseMode):
(JSC::isAsyncArrowFunctionParseMode):
(JSC::isAsyncFunctionWrapperParseMode):
(JSC::isAsyncFunctionBodyParseMode):
(JSC::isModuleParseMode):
(JSC::isProgramParseMode):
(JSC::constructAbilityForParseMode):

  • parser/ParserTokens.h:
  • parser/SourceCodeKey.h:

(JSC::SourceCodeKey::SourceCodeKey):
(JSC::SourceCodeKey::runtimeFlags):
(JSC::SourceCodeKey::operator==):

  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createAsyncFunctionBody):

  • runtime/AsyncFunctionConstructor.cpp: Added.

(JSC::AsyncFunctionConstructor::AsyncFunctionConstructor):
(JSC::AsyncFunctionConstructor::finishCreation):
(JSC::callAsyncFunctionConstructor):
(JSC::constructAsyncFunctionConstructor):
(JSC::AsyncFunctionConstructor::getCallData):
(JSC::AsyncFunctionConstructor::getConstructData):

  • runtime/AsyncFunctionConstructor.h: Added.

(JSC::AsyncFunctionConstructor::create):
(JSC::AsyncFunctionConstructor::createStructure):

  • runtime/AsyncFunctionPrototype.cpp: Added.

(JSC::AsyncFunctionPrototype::AsyncFunctionPrototype):
(JSC::AsyncFunctionPrototype::finishCreation):

  • runtime/AsyncFunctionPrototype.h: Added.

(JSC::AsyncFunctionPrototype::create):
(JSC::AsyncFunctionPrototype::createStructure):

  • runtime/CodeCache.cpp:

(JSC::CodeCache::getGlobalCodeBlock):
(JSC::CodeCache::getProgramCodeBlock):
(JSC::CodeCache::getEvalCodeBlock):
(JSC::CodeCache::getModuleProgramCodeBlock):
(JSC::CodeCache::getFunctionExecutableFromGlobalCode):

  • runtime/CodeCache.h:
  • runtime/CommonIdentifiers.h:
  • runtime/Completion.cpp:

(JSC::checkSyntax):
(JSC::checkModuleSyntax):

  • runtime/Completion.h:
  • runtime/Executable.cpp:

(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::ProgramExecutable::checkSyntax):

  • runtime/Executable.h:
  • runtime/FunctionConstructor.cpp:

(JSC::constructFunctionSkippingEvalEnabledCheck):

  • runtime/FunctionConstructor.h:
  • runtime/JSAsyncFunction.cpp: Added.

(JSC::JSAsyncFunction::JSAsyncFunction):
(JSC::JSAsyncFunction::createImpl):
(JSC::JSAsyncFunction::create):
(JSC::JSAsyncFunction::createWithInvalidatedReallocationWatchpoint):

  • runtime/JSAsyncFunction.h: Added.

(JSC::JSAsyncFunction::allocationSize):
(JSC::JSAsyncFunction::createStructure):

  • runtime/JSFunction.cpp:

(JSC::JSFunction::getOwnPropertySlot):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::createProgramCodeBlock):
(JSC::JSGlobalObject::createEvalCodeBlock):
(JSC::JSGlobalObject::createModuleProgramCodeBlock):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::asyncFunctionPrototype):
(JSC::JSGlobalObject::asyncFunctionStructure):

  • runtime/ModuleLoaderObject.cpp:

(JSC::moduleLoaderObjectParseModule):

  • runtime/RuntimeFlags.h:

(JSC::RuntimeFlags::operator==):
(JSC::RuntimeFlags::operator!=):

  • tests/stress/async-await-basic.js: Added.

(shouldBe):
(shouldBeAsync):
(shouldThrow):
(shouldThrowAsync):
(let.AsyncFunction.async):
(async.asyncFunctionForProto):
(Object.getPrototypeOf.async):
(Object.getPrototypeOf.async.method):
(async):
(async.method):
(async.asyncNonConstructorDecl):
(shouldThrow.new.async):
(shouldThrow.new.async.nonConstructor):
(async.asyncDecl):
(async.f):
(MyError):
(async.asyncDeclThrower):
(shouldThrowAsync.async):
(resolveLater):
(rejectLater):
(async.resumeAfterNormal):
(O.async.resumeAfterNormal):
(resumeAfterNormalArrow.async):
(async.resumeAfterThrow):
(O.async.resumeAfterThrow):
(resumeAfterThrowArrow.async):
(catch):

  • tests/stress/async-await-module-reserved-word.js: Added.

(shouldThrow):
(SyntaxError.Canstring_appeared_hereawait.checkModuleSyntaxError.String.raw.await):
(checkModuleSyntaxError.String.raw.await):
(checkModuleSyntaxError.String.raw.async.await):
(SyntaxError.Cannot.declare.named):

  • tests/stress/async-await-mozilla.js: Added.

(shouldBe):
(shouldBeAsync):
(shouldThrow):
(shouldThrowAsync):
(assert):
(shouldThrowSyntaxError):
(mozSemantics.async.empty):
(mozSemantics.async.simpleReturn):
(mozSemantics.async.simpleAwait):
(mozSemantics.async.simpleAwaitAsync):
(mozSemantics.async.returnOtherAsync):
(mozSemantics.async.simpleThrower):
(mozSemantics.async.delegatedThrower):
(mozSemantics.async.tryCatch):
(mozSemantics.async.tryCatchThrow):
(mozSemantics.async.wellFinally):
(mozSemantics.async.finallyMayFail):
(mozSemantics.async.embedded.async.inner):
(mozSemantics.async.embedded):
(mozSemantics.async.fib):
(mozSemantics.async.isOdd.async.isEven):
(mozSemantics.async.isOdd):
(mozSemantics.hardcoreFib.async.fib2):
(mozSemantics.namedAsyncExpr.async.simple):
(mozSemantics.async.executionOrder.async.first):
(mozSemantics.async.executionOrder.async.second):
(mozSemantics.async.executionOrder.async.third):
(mozSemantics.async.executionOrder):
(mozSemantics.async.miscellaneous):
(mozSemantics.thrower):
(mozSemantics.async.defaultArgs):
(mozSemantics.shouldThrow):
(mozSemantics):
(mozMethods.X):
(mozMethods.X.prototype.async.getValue):
(mozMethods.X.prototype.setValue):
(mozMethods.X.prototype.async.increment):
(mozMethods.X.prototype.async.getBaseClassName):
(mozMethods.X.async.getStaticValue):
(mozMethods.Y.prototype.async.getBaseClassName):
(mozMethods.Y):
(mozFunctionNameInferrence.async.test):
(mozSyntaxErrors):

  • tests/stress/async-await-reserved-word.js: Added.

(assert):
(shouldThrowSyntaxError):
(AsyncFunction.async):

  • tests/stress/async_arrow_functions_lexical_arguments_binding.js: Added.

(shouldBe):
(shouldBeAsync):
(shouldThrowAsync):
(noArgumentsArrow2.async):

  • tests/stress/async_arrow_functions_lexical_new.target_binding.js: Added.

(shouldBe):
(shouldBeAsync):
(shouldThrowAsync):
(C1):
(C2):
(shouldThrowAsync.async):

  • tests/stress/async_arrow_functions_lexical_super_binding.js: Added.

(shouldBe):
(shouldBeAsync):
(BaseClass.prototype.baseClassValue):
(BaseClass):
(ChildClass.prototype.asyncSuperProp):
(ChildClass.prototype.asyncSuperProp2):
(ChildClass):

  • tests/stress/async_arrow_functions_lexical_this_binding.js: Added.

(shouldBe):
(shouldBeAsync):
(d.y):

Source/WebKit/mac:

  • WebView/WebPreferencesPrivate.h:

Source/WebKit/win:

  • Interfaces/IWebPreferencesPrivate.idl:

Source/WebKit2:

  • UIProcess/API/C/WKPreferencesRefPrivate.h:
  • UIProcess/API/Cocoa/WKPreferencesPrivate.h:
21:48 Changeset [201480] by cdumez@apple.com
  • 2 edits in trunk/Source/WebKit2

Improve lambda capture in NetworkCache::Storage::synchronize()
https://bugs.webkit.org/show_bug.cgi?id=158176

Reviewed by Brady Eidson.

Improve lambda capture in NetworkCache::Storage::synchronize(). We can
now capture the std::unique_ptr<> variables directly thanks to:

  1. C++14's support for initializer's in lambda captures
  2. RunLoop::dispatch() now takes a NoncopyableFunction in instead of a std::function, allowing us to capture non-copyable variables.
  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::Storage::synchronize):

21:18 Changeset [201479] by utatane.tea@gmail.com
  • 2 edits in trunk/Source/WTF

Unreviewed, build fix for JSCOnly port.
https://bugs.webkit.org/show_bug.cgi?id=158111

Use NoncopyableFunction instead of std::function<>.

  • wtf/generic/RunLoopGeneric.cpp:

(WTF::RunLoop::TimerBase::ScheduledTask::create):
(WTF::RunLoop::TimerBase::ScheduledTask::ScheduledTask):

18:22 Changeset [201478] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION (r190574): Swipe snapshots are always black on iPhone 5
https://bugs.webkit.org/show_bug.cgi?id=158171
<rdar://problem/24639709>

Reviewed by Beth Dakin.

  • platform/graphics/cocoa/IOSurface.mm:

(optionsForBiplanarSurface):
(optionsFor32BitSurface):
(IOSurface::IOSurface):
(IOSurface::format):
We are supposed to be using bi-planar 422f, not yuvf. They're the same
size, but different formats, and 422f is supported in more places.

Clean up the IOSurface constructor so we don't have a switch inside an if
with random ASSERT_NOT_REACHED, making helper functions to build the
options dictionary for arbitrary-size biplanar and 32-bit single-planar
surfaces.

I don't know how to write a test because IOSurface is not supported
in the simulator.

17:44 Changeset [201477] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Not all transitively dominated nodes display their retained size
https://bugs.webkit.org/show_bug.cgi?id=158174

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2016-05-27
Reviewed by Timothy Hatcher.

  • UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:

(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._isDominatedByNonBaseParent):
Use the parent reference changing in the loop instead of always using the same parent.

17:07 Changeset [201476] by zalan@apple.com
  • 5 edits
    2 adds in trunk

EventHandler finds incorrect scrollable container.
https://bugs.webkit.org/show_bug.cgi?id=158132
<rdar://problem/26423126>

Reviewed by Brent Fulgham.

Fix the logic that checks whether we are at the beginning or at the end of the container (horizontally).
While scrolling to the right, deltaX has negative values. So in case of deltaX < 0, we need to check if
the container is not scrolled all the way to the right.

Source/WebCore:

Test: fast/scrolling/scroll-container-horizontally.html

  • page/mac/EventHandlerMac.mm:

(WebCore::findEnclosingScrollableContainer):

LayoutTests:

  • fast/scrolling/scroll-container-horizontally-expected.txt: Added.
  • fast/scrolling/scroll-container-horizontally.html: Added.
  • platform/ios-simulator/TestExpectations:
  • platform/mac-wk1/TestExpectations:
17:06 Changeset [201475] by commit-queue@webkit.org
  • 10 edits
    2 copies
    1 add in trunk/Tools

Display failing JSC stress tests in buildbot dashboard
https://bugs.webkit.org/show_bug.cgi?id=156595

Patch by Srinivasan Vijayaraghavan <svijayaraghavan@apple.com> on 2016-05-27
Reviewed by Alexey Proskuryakov.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/Buildbot.js:

(Buildbot.prototype.javaScriptCoreTestFailuresURLForIteration):
(Buildbot.prototype.javaScriptCoreTestStdioUrlForIteration):

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotCombinedQueueView.js:

(BuildbotCombinedQueueView.prototype.update):

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotIteration.js:

(BuildbotIteration):
(BuildbotIteration.prototype._parseData):
(BuildbotIteration.prototype.loadLayoutTestResults):
(BuildbotIteration.prototype.):
(BuildbotIteration.prototype.loadJavaScriptCoreTestResults):

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotQueueView.js:

(BuildbotQueueView.prototype._createLoadingIndicator):
(BuildbotQueueView.prototype.):
(BuildbotQueueView.prototype._onPopoverCopy):
(BuildbotQueueView.prototype._popoverContentForJavaScriptCoreTestRegressions):
(BuildbotQueueView.prototype._presentPopoverForJavaScriptCoreTestRegressions):
(BuildbotQueueView.prototype._addIterationHeadingToPopover):
(BuildbotQueueView.prototype._testStepFailureDescription):
(BuildbotQueueView.prototype._testStepFailureDescriptionWithCount):

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTestResults.js:

(BuildbotTestResults.prototype.addJavaScriptCoreTestFailures):

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTesterQueueView.js:

(BuildbotTesterQueueView.prototype.appendBuilderQueueStatus):
(BuildbotTesterQueueView.prototype.update):
(BuildbotTesterQueueView.prototype._popoverContentForLayoutTestRegressions):
(BuildbotTesterQueueView.prototype._presentPopoverForLayoutTestRegressions):
(BuildbotTesterQueueView.prototype._testStepFailureDescription): Deleted.
(BuildbotTesterQueueView.prototype._testStepFailureDescriptionWithCount): Deleted.
(BuildbotTesterQueueView.prototype.): Deleted.
(BuildbotTesterQueueView.prototype.content.oncopy): Deleted.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/index.html:
  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/MockBuildbot.js: Copied from Tools/BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/MockBuildbotQueue.js.

(MockBuildbot):
(MockBuildbot.prototype.buildPageURLForIteration):
(MockBuildbot.prototype.javaScriptCoreTestFailuresURLForIteration):
(MockBuildbot.prototype.javaScriptCoreTestStdioUrlForIteration):

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/MockBuildbotQueue.js:

(MockBuildbotQueue):

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/MockBuildbotTestResults.js: Copied from Tools/BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/MockBuildbotQueue.js.

(MockBuildbotTestResults):
(MockBuildbotTestResults.prototype.addJavaScriptCoreTestFailures):

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/test-jsc-results.json: Added.
  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/tests/resources/tests.js:
16:58 Changeset [201474] by commit-queue@webkit.org
  • 23 edits in trunk/Source

Decrease flicker when changing video presentation mode.
https://bugs.webkit.org/show_bug.cgi?id=158148
rdar://problem/24476949

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-05-27
Source/WebCore:

Reviewed by Jer Noble.

No new tests because there is no behavior change. This change is about the timing of
moving AVPlayerLayers between layers to prevent flicker.

1) Moving an AVPlayerLayer between CAContexts can flicker. So always keep two
AVPlayerLayers around and add and remove them from the inline and fullscreen contexts.
2) Wait to show the inline placeholder until the fullscreen video layer has been installed.
3) Wait to remove the fullscreen video layer until the placeholder has been removed.

  • Modules/mediacontrols/MediaControlsHost.cpp:

(WebCore::MediaControlsHost::isVideoLayerInline): Expose isVideoLayerInline to the shadow DOM.
(WebCore::MediaControlsHost::setPreparedForInline): Expose setPreparedForInline to the shadow DOM.

  • Modules/mediacontrols/MediaControlsHost.h: Add setPreparedForInline and isVideoLayerInline
  • Modules/mediacontrols/MediaControlsHost.idl: Add setPreparedForInline and isVideoLayerInline
  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.showInlinePlaybackPlaceholderWhenSafe): Wait to show placeholder when entering fullscreen.
(Controller.prototype.handlePresentationModeChange): Wait to show placeholder, and notify when placeholder is removed.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::setPreparedForInline):
(WebCore::HTMLMediaElement::waitForPreparedForInlineThen): Used to delay fullscreen cleanup until placeholder is removed.
(WebCore::HTMLMediaElement::setVideoFullscreenLayer): Add a callback so we can wait until this completes before continuing.

  • html/HTMLMediaElement.h:

(WebCore::HTMLMediaElement::isVideoLayerInline):
(WebCore::HTMLMediaElement::waitForPreparedForInlineThen):
(WebCore::HTMLMediaElement::setVideoFullscreenLayer): Add completionHandler.

  • platform/cocoa/WebVideoFullscreenModelVideoElement.h:

(WebCore::WebVideoFullscreenModelVideoElement::setVideoFullscreenLayer): Add completionHandler.
(WebCore::WebVideoFullscreenModelVideoElement::waitForPreparedForInlineThen): Added.

  • platform/cocoa/WebVideoFullscreenModelVideoElement.mm:

(WebVideoFullscreenModelVideoElement::setVideoFullscreenLayer): Add completionHandler.
(WebVideoFullscreenModelVideoElement::waitForPreparedForInlineThen):

  • platform/graphics/MediaPlayer.cpp:

(WebCore::MediaPlayer::setVideoFullscreenLayer): Add completionHandler.

  • platform/graphics/MediaPlayer.h:

(WebCore::MediaPlayer::setVideoFullscreenLayer): Add completionHandler.

  • platform/graphics/MediaPlayerPrivate.h:

(WebCore::MediaPlayerPrivateInterface::setVideoFullscreenLayer): Add completionHandler.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer): Create two video layers.
(WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): Allow two video layers.
(WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenLayer): Add completionHandler.
(WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity): Allow two video layers.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): Allow two video layers.
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenLayer): Add completionHandler.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Allow two video layers.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenLayer): Add completionHandler.

  • platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h:
  • platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm:

(WebCore::VideoFullscreenLayerManager::setVideoLayers): Allow two video layers.
(WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer): Add completionHandler.
(WebCore::VideoFullscreenLayerManager::setVideoFullscreenFrame): Allow two video layers.
(WebCore::VideoFullscreenLayerManager::didDestroyVideoLayer): Allow two video layers.
(WebCore::VideoFullscreenLayerManager::setVideoLayer): Deleted.

  • platform/ios/WebVideoFullscreenControllerAVKit.mm:

(WebVideoFullscreenControllerContext::didSetupFullscreen): Use completionHandler.
(WebVideoFullscreenControllerContext::didExitFullscreen): Use completionHandler.

Source/WebKit2:

Reviewed by Tim Horton.

Prevent flicker by using setVideoFullscreenLayer with a completion handler to delay
enter fullscreen and cleanup fullscreen until the video layer has completely been
installed or removed.

  • WebProcess/cocoa/WebVideoFullscreenManager.mm:

(WebKit::WebVideoFullscreenManager::didSetupFullscreen):
(WebKit::WebVideoFullscreenManager::didExitFullscreen):

16:42 Changeset [201473] by sbarati@apple.com
  • 3 edits
    3 adds in trunk

DebuggerCallFrame crashes when updated with the globalExec because neither ShadowChicken's algorithm nor StackVisitor's algorithm reasons about the globalExec
https://bugs.webkit.org/show_bug.cgi?id=158104

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

I think globalExec is a special enough case that it should be handled
at the layers above ShadowChicken and StackVisitor. Those APIs should
deal with real stack frames on the machine stack, not a heap constructed frame.

This patch makes DebuggerCallFrame::create aware that it may be
created with the globalObject->globalExec() by having it construct
a single DebuggerCallFrame that wraps the globalExec.

This fixes a crasher because we will construct a DebuggerCallFrame
with the globalExec when the Inspector is set to pause on all uncaught
exceptions and the JS program has a syntax error. Because the program
hasn't begun execution, there is no machine JS stack frame yet. So
DebuggerCallFrame is created with globalExec, which will cause it
to hit an assertion that dictates that the stack have size greater
than zero.

  • debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::create):

LayoutTests:

  • inspector/debugger/breakpoint-syntax-error-top-level-expected.txt: Added.
  • inspector/debugger/breakpoint-syntax-error-top-level.html: Added.
  • inspector/debugger/resources/file-with-syntax-error.js: Added.
16:34 Changeset [201472] by bfulgham@apple.com
  • 2 edits in trunk/LayoutTests

Unreviewed test fix after r201468.

Correct output handling to reduce flakiness on test bots.

  • http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load.html:
15:31 Changeset [201471] by rniwa@webkit.org
  • 15 edits
    2 adds in trunk

Crash in TreeScope::focusedElement
https://bugs.webkit.org/show_bug.cgi?id=158108

Reviewed by Enrica Casucci.

Source/WebCore:

The bug was caused by a flawed sequence of steps we took to remove an element. When an element is removed,
willRemoveChild and willRemoveChildren fire blur events on removed focused element and its ancestors and
unload event on any removed iframes. However, it was possible to focus an element on which we had fired blur
during an unload event, leaving m_focusedElement point to an element that's not in the document anymore.

Changing the order doesn't help because that would make it possible to insert the removed iframes back into
the document inside a event listener of the blur event, which was specifically fixed by r127534 four years ago.

Instead, fix the bug by not firing blur and change events on removed nodes. New behavior matches Firefox and HTML5
specification: https://html.spec.whatwg.org/multipage/interaction.html#focus-fixup-rule-one

Test: fast/shadow-dom/shadow-root-active-element-crash.html

  • dom/ContainerNode.cpp:

(WebCore::willRemoveChild): Made this function static local since it didn't need to have access to any private
member variables. Call Document::nodeWillBeRemoved after disconnecting iframes since unload event handler could
allocate new Ranges just like mutation events.
(WebCore::willRemoveChildren): Ditto.
(WebCore::ContainerNode::removeChild): Removed the calls to removeFullScreenElementOfSubtree and
removeFocusedNodeOfSubtree as they're now called in Document::nodeWillBeRemoved.
(WebCore::ContainerNode::removeChildren): Ditto.

  • dom/ContainerNode.h:
  • dom/Document.cpp:

(WebCore::Document::removeFocusedNodeOfSubtree): Don't dispatch blur and change events when a node is removed.
(WebCore::Document::setFocusedElement): Added FocusRemovalEventsMode as the third argument. Avoid dispatching blur
and change events when FocusRemovalEventsMode::Dispatch is set.
(WebCore::Document::nodeChildrenWillBeRemoved): Added calls to removeFullScreenElementOfSubtree and
removeFocusedNodeOfSubtree. Also assert that no events are fired within this function. If we ever fire an event here,
"unloaded" iframes can be inserted back into a document before ContainerNode::removeChild actually removes them.
(WebCore::Document::nodeWillBeRemoved): Ditto.

  • dom/Document.h:
  • dom/TreeScope.cpp:

(WebCore::TreeScope::focusedElement): Added a release assertion to make sure the focused element is in the document
of the tree scope, and added an explicit type check just in case.

LayoutTests:

Added a regression test for accessing shadowRoot.activeElement after re-focusing an element
inside DOMNodeRemovedFromDocument event and unload events.

This patch also restores the expected result of fast/events/onblur-remove.html to that of when
the test was in r15720 and updated in r19014. The expected result was changed in r85495 as it was
converted to a eventSender test.

  • fast/dom/Range/range-created-during-remove-children-expected.txt:
  • fast/dom/Range/range-created-during-remove-children.html: Update the test to use unload event

of an iframe since we no longer fire blur event when removing a focused element.

  • fast/dom/adopt-node-prevented-expected.txt:
  • fast/dom/adopt-node-prevented.html: Ditto.
  • fast/dom/remove-body-during-body-replacement2.html: Ditto. Use DOMNodeRemoved instead.
  • fast/events/nested-event-remove-node-crash.html: Ditto. Use DOMNodeRemovedFromDocument instead.
  • fast/events/onblur-remove-expected.txt:
  • fast/events/onblur-remove.html: See above.
  • fast/shadow-dom/shadow-root-active-element-crash-expected.txt: Added.
  • fast/shadow-dom/shadow-root-active-element-crash.html: Added.
15:29 Changeset [201470] by fpizlo@apple.com
  • 3 edits
    1 add in trunk/Source/JavaScriptCore

DFG::LazyJSValue::tryGetStringImpl() crashes for empty values
https://bugs.webkit.org/show_bug.cgi?id=158170

Reviewed by Michael Saboff.

The problem here is that jsDynamicCast<>() is evil! It avoids checking for the empty
value, presumably because this makes it soooper fast. In DFG IR, empty values can appear
anywhere because of TDZ.

This patch doesn't change jsDynamicCast<>(), but it hardens our wrappers for it in the DFG
and it has the affected code use one of those wrappers.

  • dfg/DFGFrozenValue.h:

(JSC::DFG::FrozenValue::dynamicCast): Harden this.
(JSC::DFG::FrozenValue::cast):

  • dfg/DFGLazyJSValue.cpp:

(JSC::DFG::LazyJSValue::tryGetStringImpl): Use the hardened wrapper.

  • tests/stress/strcat-emtpy.js: Added. This used to crash every time.

(foo):
(i.catch):

14:42 Changeset [201469] by matthew_hanson@apple.com
  • 5 edits in tags/Safari-602.1.34.1/Source

Versioning

13:50 Changeset [201468] by bfulgham@apple.com
  • 6 edits in trunk

CSP: Fire 'load' events even when blocking loads via 'frame-src'.
https://bugs.webkit.org/show_bug.cgi?id=153150
<rdar://problem/24383162>

Reviewed by Daniel Bates.

Source/WebCore:

Always fire a load event, even when the load is blocked by CSP rules, so that
attackers cannot gain knowledge about the URL in the frame by blocking the
load and waiting long enough to be sure that a 'load' event would have
fired if the load wasn't blocked.

Inspired by Blink patch:
<https://src.chromium.org/viewvc/blink?view=rev&revision=165743>

Tests: http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load.html

  • loader/PolicyChecker.cpp:

(WebCore::PolicyChecker::checkNavigationPolicy):

LayoutTests:

  • TestExpectations: Unskip the cross-origin load test.
  • http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load-expected.txt: Update to match

our message format.

13:45 Changeset [201467] by fpizlo@apple.com
  • 3 edits
    2 adds in trunk/Source/JavaScriptCore

regExpProtoFuncSplitFast should OOM before it swaps
https://bugs.webkit.org/show_bug.cgi?id=158157

Reviewed by Mark Lam.

This is a huge speed-up on some jsfunfuzz test cases because it makes us realize much
sooner that running a regexp split will result in swapping. It uses the same basic
approach as http://trac.webkit.org/changeset/201451: if the result array crosses a certain
size threshold, we proceed with a dry run to see how big the array will get before
allocating anything else. This way, bogus uses of split that would have OOMed only after
killing the user's machine will now OOM before killing the user's machine.

This is an enormous speed-up on some jsfunfuzz tests: they go from running for a long
time to running instantly.

  • runtime/RegExpPrototype.cpp:

(JSC::advanceStringIndex):
(JSC::genericSplit):
(JSC::regExpProtoFuncSplitFast):

  • runtime/StringObject.h:

(JSC::jsStringWithReuse):
(JSC::jsSubstring):

  • tests/stress/big-split-captures.js: Added.
  • tests/stress/big-split.js: Added.
13:32 Changeset [201466] by akling@apple.com
  • 2 edits in trunk/Source/WebCore

Document abandons its EventTargetData.
<https://webkit.org/b/158158>

Reviewed by Darin Adler.

Node::willBeDeletedFrom() is called when destroying all Node types *except* Document.
If a Document had an associated EventTargetData, it would not get cleaned up.

This patch moves the EventTargetData cleanup to ~Node() where it's guaranteed to run.

  • dom/Node.cpp:

(WebCore::Node::~Node):
(WebCore::Node::willBeDeletedFrom):

13:26 Changeset [201465] by sbarati@apple.com
  • 4 edits
    3 adds in trunk

ShadowChicken/DebuggerCallFrame don't properly handle when the entry stack frame is a tail deleted frame
https://bugs.webkit.org/show_bug.cgi?id=158131

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

There were bugs both in DebuggerCallFrame and ShadowChicken when the entry stack
frame(s) are tail deleted.

DebuggerCallFrame had an assertion saying that the entry frame shouldn't be
tail deleted. This is clearly wrong. The following program proves that this assertion
was misguided:
`
"use strict";
setTimeout(function foo() { return bar(); }, 0);
`

ShadowChicken had a very subtle bug when creating the shadow stack when
the entry frames of the stack were tail deleted. Because it places frames into its shadow
stack by walking the machine frame and looking up entries in the log,
the machine frame doesn't have any notion of those tail deleted frames
at the entry of execution. ShadowChicken would never find those frames
because it would look for tail deleted frames *before* consulting the
current machine frame. This is wrong because if the entry frames
are tail deleted, then there is no machine frame for them because there
is no machine frame before them! Therefore, we must search for tail deleted
frames *after* consulting a machine frame. This is sound because we will always
have at least one machine frame on the stack (when we are using StackVisitor on a valid ExecState).
So when we consult the machine frame that is the entry frame on the machine stack,
we will search for tail deleted frames that come before it in the shadow stack.
This will allow us to find those tail deleted frames that are the entry frames
for the shadow stack.

  • debugger/DebuggerCallFrame.cpp:

(JSC::DebuggerCallFrame::create):

  • interpreter/ShadowChicken.cpp:

(JSC::ShadowChicken::Packet::dump):
(JSC::ShadowChicken::update):
(JSC::ShadowChicken::dump):

LayoutTests:

  • inspector/debugger/resources/tail-deleted-frames-from-vm-entry.js: Added.

(timeout):
(bar):

  • inspector/debugger/tail-deleted-frames-from-vm-entry-expected.txt: Added.
  • inspector/debugger/tail-deleted-frames-from-vm-entry.html: Added.
13:22 Changeset [201464] by cdumez@apple.com
  • 26 edits in trunk

WorkQueue::dispatch() / RunLoop::dispatch() should not copy captured lambda variables
https://bugs.webkit.org/show_bug.cgi?id=158111

Reviewed by Darin Adler.

WorkQueue::dispatch() / RunLoop::dispatch() should not copy captured lambda variables.
These are often used cross-thread and copying the captured lambda variables can be
dangerous (e.g. we do not want to copy a String after calling isolatedCopy() upon
capture).

Source/JavaScriptCore:

  • runtime/Watchdog.cpp:

(JSC::Watchdog::startTimer):
(JSC::Watchdog::Watchdog): Deleted.
(JSC::Watchdog::setTimeLimit): Deleted.

  • runtime/Watchdog.h:

Source/WebKit2:

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::clearDiskCacheEntries):

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::clear):

  • NetworkProcess/cache/NetworkCacheIOChannelSoup.cpp:

(WebKit::NetworkCache::runTaskInQueue):

  • Platform/IPC/Connection.cpp:

(IPC::Connection::processIncomingMessage):

  • UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::getSessionStorageOrigins):
(WebKit::StorageManager::deleteSessionStorageOrigins):
(WebKit::StorageManager::deleteSessionStorageEntriesForOrigins):
(WebKit::StorageManager::getLocalStorageOrigins):
(WebKit::StorageManager::getLocalStorageOriginDetails):
(WebKit::StorageManager::deleteLocalStorageOriginsModifiedSince):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):

  • UIProcess/Storage/StorageManager.h:

Source/WTF:

This patch introduces a new NoncopyableFunction type that behaves similarly to
std::function but guarantees that the passed-in lambda (and its captured variables)
cannot be copied. This new NoncopyableFunction type is now used for
WorkQueue / RunLoop's dispatch() / dispatchAfter() which are commonly used
cross-thread. This should now allow us to call WorkQueue::dispatch() with a lambda
that captures a String like so:
[str = str.isolatedCopy()]() { }

Also note that even though this is not leveraged in this patch, NoncopyableFunction
would allow us to capture move-only types such as std::unique_ptr as so:
[p = WTFMove(p)]() { }
This does not work if we convert the lambda into an std::function because
std::function requires the lambda to be copyable, NoncopyableFunction does not.

  • wtf/FunctionDispatcher.h:

(WTF::CallableWrapperBase::~CallableWrapperBase):
(WTF::NoncopyableFunction::NoncopyableFunction):
(WTF::NoncopyableFunction::operator()):
(WTF::NoncopyableFunction::operator bool):
(WTF::NoncopyableFunction::operator=):

  • wtf/RunLoop.cpp:

(WTF::RunLoop::performWork):
(WTF::RunLoop::dispatch):

  • wtf/RunLoop.h:
  • wtf/WorkQueue.h:
  • wtf/cocoa/WorkQueueCocoa.cpp:

(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):

  • wtf/efl/DispatchQueueWorkItemEfl.h:

(WorkItem::WorkItem):
(TimerWorkItem::create):
(TimerWorkItem::TimerWorkItem):

  • wtf/efl/WorkQueueEfl.cpp:

(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::dispatchAfter):

  • wtf/generic/RunLoopGeneric.cpp:

(WTF::RunLoop::dispatchAfter):

  • wtf/generic/WorkQueueGeneric.cpp:

(WorkQueue::dispatch):
(WorkQueue::dispatchAfter):

  • wtf/glib/RunLoopGLib.cpp:

(WTF::DispatchAfterContext::DispatchAfterContext):
(WTF::RunLoop::dispatchAfter):

  • wtf/win/WorkItemWin.cpp:

(WTF::WorkItemWin::WorkItemWin):
(WTF::WorkItemWin::create):
(WTF::HandleWorkItem::HandleWorkItem):
(WTF::HandleWorkItem::createByAdoptingHandle):

  • wtf/win/WorkItemWin.h:

(WTF::WorkItemWin::function):

  • wtf/win/WorkQueueWin.cpp:

(WTF::WorkQueue::dispatch):
(WTF::WorkQueue::timerCallback):
(WTF::WorkQueue::dispatchAfter):

Tools:

  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::decidePolicyForNavigationAction):

13:14 Changeset [201463] by ryanhaddad@apple.com
  • 3 edits in trunk/Source/WebCore

Attempt to fix the iOS build.

Unreviewed build fix.

  • platform/graphics/cocoa/TextTrackRepresentationCocoa.mm:
  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(-[WebAVPlayerLayer layoutSublayers]):

12:50 Changeset [201462] by annulen@yandex.ru
  • 2 edits in trunk/Source/JavaScriptCore

Removed unused headers from ExecutableAllocatorFixedVMPool.cpp.
https://bugs.webkit.org/show_bug.cgi?id=158159

Reviewed by Darin Adler.

  • jit/ExecutableAllocatorFixedVMPool.cpp:
12:45 Changeset [201461] by beidson@apple.com
  • 5 edits
    3 adds in trunk

Modern IDB: After closing a Netflix video, trying to watch it again fails.
<rdar://problem/25092473> and https://bugs.webkit.org/show_bug.cgi?id=158160

Reviewed by Alex Christensen.

Source/WebCore:

New APITest: IndexedDB.WebProcessKillIDBCleanup

  • Modules/indexeddb/IDBTransaction.cpp:

(WebCore::IDBTransaction::stop):

  • Modules/indexeddb/server/UniqueIDBDatabase.cpp:

(WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient): All active transactions need to be aborted

(without callback, since there's no connection to callback to).

(WebCore::IDBServer::UniqueIDBDatabase::takeNextRunnableTransaction):

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/WebProcessKillIDBCleanup-1.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/WebProcessKillIDBCleanup-2.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/WebProcessKillIDBCleanup.mm: Added.
12:22 Changeset [201460] by matthew_hanson@apple.com
  • 2 edits in tags/Safari-602.1.34.1/Source/WebKit2

Merge r201453. rdar://problem/26502712

12:08 Changeset [201459] by matthew_hanson@apple.com
  • 1 copy in tags/Safari-602.1.34.1

New Tag.

12:08 Changeset [201458] by jdiggs@igalia.com
  • 5 edits in trunk

AX: [ATK] accessibility/gtk/no-notification-for-unrendered-iframe-children.html began failing after r201416
https://bugs.webkit.org/show_bug.cgi?id=158152

Reviewed by Chris Fleizach.

The failure is actually a bug fix because only one child is being added, but two
notifications were being emitted. Now there is only one notification. To verify
this was the case, we really should examine the child reportedly being added. That
child is the ATK event's any_data, so pass along that child to the listener.

Tools:

  • WebKitTestRunner/InjectedBundle/atk/AccessibilityNotificationHandlerAtk.cpp:

LayoutTests:

The failing test and associated expectations were modified to remove the duplicate
notification and include the title of the added child for the notification we get.

  • accessibility/gtk/no-notification-for-unrendered-iframe-children.html: Updated.
  • accessibility/gtk/no-notification-for-unrendered-iframe-children-expected.txt: Updated.
11:50 Changeset [201457] by achristensen@apple.com
  • 8 edits in trunk

Expose content extension failure error codes in SPI
https://bugs.webkit.org/show_bug.cgi?id=158095
rdar://problem/26475651

Reviewed by Anders Carlsson.

Source/WebKit2:

  • UIProcess/API/APIUserContentExtensionStore.cpp:

(API::UserContentExtensionStore::synchronousRemoveAllContentExtensions):
(API::UserContentExtensionStore::invalidateContentExtensionVersion):
Added for testing.
(API::userContentExtensionStoreErrorCategory):

  • UIProcess/API/APIUserContentExtensionStore.h:
  • UIProcess/API/Cocoa/_WKUserContentExtensionStore.h:

Added the new enum, _WKUserContentExtensionStoreErrorCode.

  • UIProcess/API/Cocoa/_WKUserContentExtensionStore.mm:

(-[_WKUserContentExtensionStore compileContentExtensionForIdentifier:encodedContentExtension:completionHandler:]):
Sometimes the error code returned by UserContentExtensionStore::compileContentExtension has the error code from compileRuleList.
When this happens, we want to get the message from the internal compiler error, but we want the NSError's code to always be CompileFailed.
(-[_WKUserContentExtensionStore lookupContentExtensionForIdentifier:completionHandler:]):
(-[_WKUserContentExtensionStore removeContentExtensionForIdentifier:completionHandler:]):
(-[_WKUserContentExtensionStore _removeAllContentExtensions]):
(-[_WKUserContentExtensionStore _invalidateContentExtensionVersionForIdentifier:]):

  • UIProcess/API/Cocoa/_WKUserContentExtensionStorePrivate.h:

Added new invalidator for testing.

Tools:

  • TestWebKitAPI/Tests/WebKit2Cocoa/_WKUserContentExtensionStore.mm:

(checkDomain):
(TEST_F):
Add tests that use the new enum.

11:36 Changeset [201456] by keith_miller@apple.com
  • 12 edits in trunk/Source/JavaScriptCore

get_by_id should support caching unset properties in the LLInt
https://bugs.webkit.org/show_bug.cgi?id=158136

Reviewed by Benjamin Poulain.

Recently, we started supporting prototype load caching for get_by_id
in the LLInt. This patch extends that to caching unset properties.
While it is uncommon in general for a program to see a single structure
without a given property, the Array.prototype.concat function needs to
lookup the Symbol.isConcatSpreadable property. For any existing code
That property will never be set as it did not exist prior to ES6.

Similarly to the get_by_id_proto_load bytecode, this patch adds a new
bytecode, get_by_id_unset that checks the structureID of the base and
assigns undefined to the result.

There are no new tests here since we already have many tests that
incidentally cover this change.

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::printGetByIdOp):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finalizeLLIntInlineCaches):

  • bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeFromLLInt):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::setupGetByIdPrototypeCache):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
11:35 Changeset [201455] by adam.bergkvist@ericsson.com
  • 9 edits
    1 add in trunk

WebRTC: Update RTCPeerConnection overloaded legacy operations to return a Promise
https://bugs.webkit.org/show_bug.cgi?id=158114

Reviewed by Eric Carlson.

Source/WebCore:

Update overloaded operations so that the legacy callback versions also return a promise
and never throw [1].

[1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#legacy-interface-extensions

Updated existing tests.

  • fast/mediastream/RTCPeerConnection-overloaded-operations-params.html
  • fast/mediastream/RTCPeerConnection-overloaded-operations.html
  • Modules/mediastream/RTCPeerConnection.idl:

Updated legacy signatures (just for documentation purposes)

  • Modules/mediastream/RTCPeerConnection.js:

Implements the promise overload and the legacy callbacks overload (using the promise version)
as specified in [1] (above).
(createOffer):
(createAnswer):
(setLocalDescription):
(setRemoteDescription):
(addIceCandidate):
(getStats):

  • Modules/mediastream/RTCPeerConnectionInternals.js:

Added helper functions objectAndCallbacksOverload and callbacksAndDictionaryOverload that
process an argument list and determine which overloaded version to use.
(callbacksAndDictionaryOverload):
(setLocalOrRemoteDescription): Deleted.
(extractCallbackArg): Deleted.

LayoutTests:

Updated existing tests (see below).

  • fast/mediastream/RTCPeerConnection-overloaded-operations-expected.txt:
  • fast/mediastream/RTCPeerConnection-overloaded-operations-params-expected.txt:
  • fast/mediastream/RTCPeerConnection-overloaded-operations-params.html:

Test various combinations of good and bad arguments and verify that no errors are thrown.

  • fast/mediastream/RTCPeerConnection-overloaded-operations.html:

Test that all overloaded versions return a promise.

  • fast/mediastream/resources/promise-utils.js: Added.

Shared utils to make it easier to test async promise APIs.
(ensurePromise):
(promiseShouldReject):
(promiseShouldNotRejectWithTypeError.):

11:33 Changeset [201454] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Add indicators to show nesting levels inside DOM Tree
https://bugs.webkit.org/show_bug.cgi?id=157468
<rdar://problem/26162640>

Patch by Devin Rousso <dcrousso+webkit@gmail.com> on 2016-05-27
Reviewed by Timothy Hatcher.

Add CSS rules to give all expanded node children lists a small line on the
left border indicating that all items under the line are descendants.

  • UserInterface/Views/DOMTreeOutline.css:

(.tree-outline.dom li .selection):
(.tree-outline.dom li > span):
(.tree-outline.dom ol):
(.tree-outline.dom .tree-outline.dom li:matches(.hovered, .selected) + ol.children.expanded):
(.tree-outline.dom li.selected + ol.children.expanded):
(.tree-outline.dom li.parent::before):

10:09 Changeset [201453] by zalan@apple.com
  • 2 edits in trunk/Source/WebKit2

Regression(r200972): Webcore::Range::collectSelectionsRects() asserts in startContainer() while selecting text.
https://bugs.webkit.org/show_bug.cgi?id=158155
<rdar://problem/26502712>

Reviewed by Chris Dumez.

This patch ensures that we still have a valid paragraphRange after returning from enclosingTextUnitOfGranularity().

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::selectTextWithGranularityAtPoint):

09:05 Changeset [201452] by annulen@yandex.ru
  • 2 edits
    2 deletes in trunk/Source/bmalloc

[cmake] Deduplicated bmalloc/Zone.cpp handling.
https://bugs.webkit.org/show_bug.cgi?id=158154

Reviewed by Alex Christensen.

File bmalloc/Zone.cpp is required on Darwin irrespectively from what
port is being built.

Also I removed WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS() because it's
unlikely that bmalloc will ever need port-specific customizations (as
opposed to OS-specific customizations which should be done in
CMakeLists.txt).

  • CMakeLists.txt: Added bmalloc/Zone.cpp for Darwin.
  • PlatformGTK.cmake: Removed.
  • PlatformMac.cmake: Removed.
07:59 Changeset [201451] by fpizlo@apple.com
  • 7 edits
    2 adds in trunk/Source/JavaScriptCore

Bogus uses of regexp matching should realize that they will OOM before they start swapping
https://bugs.webkit.org/show_bug.cgi?id=158142

Reviewed by Michael Saboff.

Refactored the RegExpObject::matchGlobal() code so that there is less duplication. Took
advantage of this to make the code more resilient in case of absurd situations: if the
result array gets large, it proceeds with a dry run to detect how many matches there will
be. This allows it to OOM before it starts swapping.

This also improves the overall performance of the code by using lightweight substrings and
skipping the whole intermediate argument array.

This makes some jsfunfuzz tests run a lot faster and use a lot less memory.

  • builtins/RegExpPrototype.js:
  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • runtime/MatchResult.cpp: Added.

(JSC::MatchResult::dump):

  • runtime/MatchResult.h:

(JSC::MatchResult::empty):
(MatchResult::empty): Deleted.

  • runtime/RegExpObject.cpp:

(JSC::RegExpObject::match):
(JSC::collectMatches):
(JSC::RegExpObject::matchGlobal):

  • runtime/StringObject.h:

(JSC::jsStringWithReuse):
(JSC::jsSubstring):

  • tests/stress/big-match.js: Added. Make sure that this optimization doesn't break big matches.
06:51 Changeset [201450] by commit-queue@webkit.org
  • 3 edits
    3 adds in trunk

Video play glyph not visible if initially invisible when contained in a "-webkit-overflow-scrolling: touch" container
https://bugs.webkit.org/show_bug.cgi?id=158146
<rdar://problem/25816307>

Patch by Antoine Quint <graouts@apple.com> on 2016-05-27
Reviewed by Dean Jackson.

Source/WebCore:

We now force the <video> controls play glyph into being composited due to webkit.org/b/158147. In most scenarios,
this element gets composited anyway, this is just to ensure that this happens in all cases until we get the
general fix for webkit.org/b/158147.

Test: platform/ios-simulator/media/video-play-glyph-composited-outside-overflow-scrolling-touch-container.html

  • Modules/mediacontrols/mediaControlsiOS.css:

(video::-webkit-media-controls-start-playback-button .webkit-media-controls-start-playback-glyph):

LayoutTests:

Testing that on iOS the play glyph for <video> controls when play button would be initially invisible when contained
in a scrollable container is indeed composited.

  • platform/ios-simulator/media/video-play-glyph-composited-outside-overflow-scrolling-touch-container-expected.txt: Added.
  • platform/ios-simulator/media/video-play-glyph-composited-outside-overflow-scrolling-touch-container.html: Added.
00:18 Changeset [201449] by carlosgc@webkit.org
  • 2 edits in trunk/Tools

New intl-numberformat.js test fails on many Linux platforms
https://bugs.webkit.org/show_bug.cgi?id=154530

Reviewed by Darin Adler.

The test is actually failing because of a bug in the icu version installed in the bots, using a newer version of
icu makes the tests pass and explains why it worked for some people. So, let's add icu 55.1 to the internal
jhbuild to ensure JSC tests pass in the bots no matter what the icu version installed is.

  • gtk/jhbuild.modules:
00:09 Changeset [201448] by barraclough@apple.com
  • 68 edits in trunk/Source/JavaScriptCore

Static table property lookup should not require getOwnPropertySlot override.
https://bugs.webkit.org/show_bug.cgi?id=158059

Reviewed by Darin Adler.

Currently JSObject does not handle property lookup of entries in the static
table. Each subclass with static properties mut override getOwnPropertySlot,
and explicitly call the lookup functions. This has the following drawbacks:

  • Performance: for any class with static properties, property acces becomes virtual (via method table).
  • Poor encapsulation: implementation detail of static property access is spread throughout & cross projects, rather than being contained in JSObject.
  • Code size: this results in a great many additional functions.
  • Inconsistency: static table presence has to be be taken into account in many other operations, e.g. presence of read-only properties for put.
  • Memory: in order to avoid the virtual lookup, DOM prototypes eagerly reify all properties. This is likely suboptimal.

Instead, JSObject::getPropertySlot / JSObject::getOwnPropertySlot should be
able to handle static properties.

This is actually a fairly small & simple change.

The common pattern is for subclasses of JObject to override getOwnPropertySlot
to first defer to JSObject for property storage lookup, and only if this fails
consult the static table. They just want the static tables to be consulted after
regular property storgae lookup. So just add a fast flag in TypeInfo for JSObject
to check, and where it is set, do so. Then it's just a question of switching
classes over to start setting this flag, and drop the override.

The new mechanism does change static table lookup order from oldest-ancestor
first to most-derived first. The new ordering makes more sense (means derived
class static tables can now override entries from parents), and shoudn't affect
any existing code (since overriding didn't previously work, there likely aren't
shadowing properties in more derived types).

This patch changes all classes in JavaScriptCore over to using the new mechanism,
except JSGlobalObject. I'll move classes in WebCore over as a separate patch
(this is also why I've not moved JSGlobalObject in this patch - doing so would
move JSDOMWindow, and I'd rather handle that separately).

  • runtime/JSTypeInfo.h:

(JSC::TypeInfo::hasStaticPropertyTable):

  • Add HasStaticPropertyTable flag.
  • runtime/Lookup.cpp:

(JSC::setUpStaticFunctionSlot):

  • Change setUpStaticFunctionSlot to take a VM&.
  • runtime/Lookup.h:

(JSC::getStaticPropertySlotFromTable):

  • Added helper function to perform static lookup alone.

(JSC::getStaticPropertySlot):
(JSC::getStaticFunctionSlot):

  • setUpStaticFunctionSlot changed to take a VM&.
  • runtime/JSObject.cpp:

(JSC::JSObject::getOwnStaticPropertySlot):

  • Added, walks ClassInfo chain looking for static properties.
  • runtime/JSObject.h:

(JSC::JSObject::getOwnNonIndexPropertySlot):

  • getOwnNonIndexPropertySlot is used internally by getPropertySlot & getOwnPropertySlot. If property is not present in storage array then check the static table.
  • runtime/ArrayConstructor.cpp:

(JSC::ArrayConstructor::finishCreation):
(JSC::constructArrayWithSizeQuirk):
(JSC::ArrayConstructor::getOwnPropertySlot): Deleted.

  • runtime/ArrayConstructor.h:

(JSC::ArrayConstructor::create):

  • runtime/ArrayIteratorPrototype.cpp:

(JSC::ArrayIteratorPrototype::finishCreation):
(JSC::ArrayIteratorPrototype::getOwnPropertySlot): Deleted.

  • runtime/ArrayIteratorPrototype.h:

(JSC::ArrayIteratorPrototype::create):
(JSC::ArrayIteratorPrototype::ArrayIteratorPrototype):

  • runtime/BooleanPrototype.cpp:

(JSC::BooleanPrototype::finishCreation):
(JSC::booleanProtoFuncToString):
(JSC::BooleanPrototype::getOwnPropertySlot): Deleted.

  • runtime/BooleanPrototype.h:

(JSC::BooleanPrototype::create):

  • runtime/DateConstructor.cpp:

(JSC::DateConstructor::finishCreation):
(JSC::millisecondsFromComponents):
(JSC::DateConstructor::getOwnPropertySlot): Deleted.

  • runtime/DateConstructor.h:

(JSC::DateConstructor::create):

  • runtime/DatePrototype.cpp:

(JSC::DatePrototype::finishCreation):
(JSC::dateProtoFuncToString):
(JSC::DatePrototype::getOwnPropertySlot): Deleted.

  • runtime/DatePrototype.h:

(JSC::DatePrototype::create):

  • runtime/ErrorPrototype.cpp:

(JSC::ErrorPrototype::finishCreation):
(JSC::ErrorPrototype::getOwnPropertySlot): Deleted.

  • runtime/ErrorPrototype.h:

(JSC::ErrorPrototype::create):

  • runtime/GeneratorPrototype.cpp:

(JSC::GeneratorPrototype::finishCreation):
(JSC::GeneratorPrototype::getOwnPropertySlot): Deleted.

  • runtime/GeneratorPrototype.h:

(JSC::GeneratorPrototype::create):
(JSC::GeneratorPrototype::createStructure):
(JSC::GeneratorPrototype::GeneratorPrototype):

  • runtime/InspectorInstrumentationObject.cpp:

(JSC::InspectorInstrumentationObject::finishCreation):
(JSC::InspectorInstrumentationObject::isEnabled):
(JSC::InspectorInstrumentationObject::getOwnPropertySlot): Deleted.

  • runtime/InspectorInstrumentationObject.h:

(JSC::InspectorInstrumentationObject::create):
(JSC::InspectorInstrumentationObject::createStructure):

  • runtime/IntlCollatorConstructor.cpp:

(JSC::IntlCollatorConstructor::getCallData):
(JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
(JSC::IntlCollatorConstructor::getOwnPropertySlot): Deleted.

  • runtime/IntlCollatorConstructor.h:
  • runtime/IntlCollatorPrototype.cpp:

(JSC::IntlCollatorPrototype::finishCreation):
(JSC::IntlCollatorFuncCompare):
(JSC::IntlCollatorPrototype::getOwnPropertySlot): Deleted.

  • runtime/IntlCollatorPrototype.h:
  • runtime/IntlDateTimeFormatConstructor.cpp:

(JSC::IntlDateTimeFormatConstructor::getCallData):
(JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
(JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot): Deleted.

  • runtime/IntlDateTimeFormatConstructor.h:
  • runtime/IntlDateTimeFormatPrototype.cpp:

(JSC::IntlDateTimeFormatPrototype::finishCreation):
(JSC::IntlDateTimeFormatFuncFormatDateTime):
(JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot): Deleted.

  • runtime/IntlDateTimeFormatPrototype.h:
  • runtime/IntlNumberFormatConstructor.cpp:

(JSC::IntlNumberFormatConstructor::getCallData):
(JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
(JSC::IntlNumberFormatConstructor::getOwnPropertySlot): Deleted.

  • runtime/IntlNumberFormatConstructor.h:
  • runtime/IntlNumberFormatPrototype.cpp:

(JSC::IntlNumberFormatPrototype::finishCreation):
(JSC::IntlNumberFormatFuncFormatNumber):
(JSC::IntlNumberFormatPrototype::getOwnPropertySlot): Deleted.

  • runtime/IntlNumberFormatPrototype.h:
  • runtime/JSDataViewPrototype.cpp:

(JSC::JSDataViewPrototype::createStructure):
(JSC::getData):
(JSC::JSDataViewPrototype::getOwnPropertySlot): Deleted.

  • runtime/JSDataViewPrototype.h:
  • runtime/JSInternalPromiseConstructor.cpp:

(JSC::JSInternalPromiseConstructor::getCallData):
(JSC::JSInternalPromiseConstructor::getOwnPropertySlot): Deleted.

  • runtime/JSInternalPromiseConstructor.h:
  • runtime/JSONObject.cpp:

(JSC::Walker::Walker):
(JSC::JSONObject::getOwnPropertySlot): Deleted.

  • runtime/JSONObject.h:

(JSC::JSONObject::create):

  • runtime/JSPromiseConstructor.cpp:

(JSC::JSPromiseConstructor::getCallData):
(JSC::JSPromiseConstructor::getOwnPropertySlot): Deleted.

  • runtime/JSPromiseConstructor.h:
  • runtime/JSPromisePrototype.cpp:

(JSC::JSPromisePrototype::addOwnInternalSlots):
(JSC::JSPromisePrototype::getOwnPropertySlot): Deleted.

  • runtime/JSPromisePrototype.h:
  • runtime/MapPrototype.cpp:

(JSC::MapPrototype::finishCreation):
(JSC::getMap):
(JSC::MapPrototype::getOwnPropertySlot): Deleted.

  • runtime/MapPrototype.h:

(JSC::MapPrototype::create):
(JSC::MapPrototype::MapPrototype):

  • runtime/ModuleLoaderObject.cpp:

(JSC::ModuleLoaderObject::finishCreation):
(JSC::printableModuleKey):
(JSC::ModuleLoaderObject::getOwnPropertySlot): Deleted.

  • runtime/ModuleLoaderObject.h:
  • runtime/NumberPrototype.cpp:

(JSC::NumberPrototype::finishCreation):
(JSC::toThisNumber):
(JSC::NumberPrototype::getOwnPropertySlot): Deleted.

  • runtime/NumberPrototype.h:

(JSC::NumberPrototype::create):

  • runtime/ObjectConstructor.cpp:

(JSC::ObjectConstructor::addDefineProperty):
(JSC::constructObject):
(JSC::ObjectConstructor::getOwnPropertySlot): Deleted.

  • runtime/ObjectConstructor.h:

(JSC::ObjectConstructor::create):
(JSC::ObjectConstructor::createStructure):

  • runtime/ReflectObject.cpp:

(JSC::ReflectObject::finishCreation):
(JSC::ReflectObject::getOwnPropertySlot): Deleted.

  • runtime/ReflectObject.h:

(JSC::ReflectObject::create):
(JSC::ReflectObject::createStructure):

  • runtime/RegExpConstructor.cpp:

(JSC::RegExpConstructor::getRightContext):
(JSC::regExpConstructorDollar):
(JSC::RegExpConstructor::getOwnPropertySlot): Deleted.

  • runtime/RegExpConstructor.h:

(JSC::RegExpConstructor::create):
(JSC::RegExpConstructor::createStructure):

  • runtime/SetPrototype.cpp:

(JSC::SetPrototype::finishCreation):
(JSC::getSet):
(JSC::SetPrototype::getOwnPropertySlot): Deleted.

  • runtime/SetPrototype.h:

(JSC::SetPrototype::create):
(JSC::SetPrototype::SetPrototype):

  • runtime/StringConstructor.cpp:

(JSC::StringConstructor::finishCreation):
(JSC::stringFromCharCodeSlowCase):
(JSC::StringConstructor::getOwnPropertySlot): Deleted.

  • runtime/StringConstructor.h:

(JSC::StringConstructor::create):

  • runtime/StringIteratorPrototype.cpp:

(JSC::StringIteratorPrototype::finishCreation):
(JSC::StringIteratorPrototype::getOwnPropertySlot): Deleted.

  • runtime/StringIteratorPrototype.h:

(JSC::StringIteratorPrototype::create):
(JSC::StringIteratorPrototype::StringIteratorPrototype):

  • runtime/StringPrototype.cpp:

(JSC::StringPrototype::create):
(JSC::substituteBackreferencesSlow):
(JSC::StringPrototype::getOwnPropertySlot): Deleted.

  • runtime/StringPrototype.h:
  • runtime/SymbolConstructor.cpp:

(JSC::SymbolConstructor::finishCreation):
(JSC::callSymbol):
(JSC::SymbolConstructor::getOwnPropertySlot): Deleted.

  • runtime/SymbolConstructor.h:

(JSC::SymbolConstructor::create):

  • runtime/SymbolPrototype.cpp:

(JSC::SymbolPrototype::finishCreation):
(JSC::SymbolPrototype::getOwnPropertySlot): Deleted.

  • runtime/SymbolPrototype.h:

(JSC::SymbolPrototype::create):

  • remove getOwnPropertySlot, replace OverridesGetOwnPropertySlot flag with HasStaticPropertyTable.

05/26/16:

22:43 Changeset [201447] by yoav@yoav.ws
  • 3 edits
    4 adds in trunk

Preload single download tests.
https://bugs.webkit.org/show_bug.cgi?id=157988

Reviewed by Alex Christensen.

Source/WebCore:

ResourceTiming entries for some subresource weren't registered as resource->response().isHTTP() was false, since
resource->response().url() was empty. I switched the check to use resource->resourceRequest().url() directly instead.

Test: http/tests/preload/single_download_preload_runner.html

  • loader/ResourceTimingInformation.cpp:

(WebCore::ResourceTimingInformation::addResourceTiming):

LayoutTests:

Make sure preload is only downloading a single resource, which is properly reused.

  • http/tests/preload/resources/single_download_preload.html: Added.
  • http/tests/preload/single_download_preload_runner-expected.txt: Added.
  • http/tests/preload/single_download_preload_runner.html: Added.
22:40 Changeset [201446] by gyuyoung.kim@webkit.org
  • 2 edits in trunk/LayoutTests

Unreviewed EFL gardening.
Release some passing tests which have been marked to Crash, Failure.

  • platform/efl/TestExpectations:
20:31 Changeset [201445] by commit-queue@webkit.org
  • 7 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r201436.
https://bugs.webkit.org/show_bug.cgi?id=158143

Caused 30% regression on Dromaeo DOM core tests (Requested by
rniwa on #webkit).

Reverted changeset:

"REGRESSION: JSBench spends a lot of time transitioning
to/from dictionary"
https://bugs.webkit.org/show_bug.cgi?id=158045
http://trac.webkit.org/changeset/201436

20:19 Changeset [201444] by beidson@apple.com
  • 2 edits in trunk/Source/WebKit2

Certain NetworkResourceLoader callbacks can deref a null m_networkLoad.
https://bugs.webkit.org/show_bug.cgi?id=158134

Reviewed by Alex Christensen.

It's legit for m_networkLoad to be null in these callbacks.

We need null checks, just like we have in many other callbacks in this class.

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::continueWillSendRequest):
(WebKit::NetworkResourceLoader::continueCanAuthenticateAgainstProtectionSpace):

18:41 Changeset [201443] by n_wang@apple.com
  • 3 edits
    2 adds in trunk

AX: Wrong CharacterOffset from VisiblePosition with composed characters
https://bugs.webkit.org/show_bug.cgi?id=158138

Reviewed by Chris Fleizach.

Source/WebCore:

The conversion logic is not correct when the text node contains composed characters.
We should use VisiblePosition's offset directly for text nodes so we won't mess things up.

Test: accessibility/mac/character-offset-visible-position-conversion-with-emoji.html

  • accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
(WebCore::AXObjectCache::characterOffsetFromVisiblePosition):

LayoutTests:

  • accessibility/mac/character-offset-visible-position-conversion-with-emoji-expected.txt: Added.
  • accessibility/mac/character-offset-visible-position-conversion-with-emoji.html: Added.
17:40 Changeset [201442] by utatane.tea@gmail.com
  • 29 edits in trunk

[JSC] Allow JSBench to use precise time
https://bugs.webkit.org/show_bug.cgi?id=158050

Reviewed by Geoffrey Garen.

PerformanceTests:

  • JSBench/amazon-chrome-win/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/amazon-chrome/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/amazon-firefox-win/urm.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/amazon-firefox/urm.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/amazon-safari/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/facebook-chrome-win/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/facebook-chrome/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/facebook-firefox-win/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/facebook-firefox/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/facebook-safari/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/google-chrome-win/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/google-chrome/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/google-firefox-win/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/google-firefox/uem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/google-safari/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/harness.js:

(runBenchmark.window.currentTimeInMS):
(runBenchmark.else.window.currentTimeInMS):

  • JSBench/twitter-chrome-win/rem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/twitter-chrome/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/twitter-firefox-win/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/twitter-firefox/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/twitter-safari/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/yahoo-chrome-win/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/yahoo-chrome/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/yahoo-firefox-win/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/yahoo-firefox/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

  • JSBench/yahoo-safari/urem.js:

(else.window.performance.window.performance.now.currentTimeInMS):
(else.else.typeof.preciseTime.string_appeared_here.currentTimeInMS):
(else.else.currentTimeInMS):
(onload.cb):
(onload):

Tools:

JSBench use new Date().getTime() without options and there is no way to use precise time.
This patch modifies the JSBench code to inject the code taking the precise time.
currentTimeInMS is given by the benchmerk harness and JSBench uses it.
run-jsc-benchmark switches this function's implementation between Date.now() and
testRunner's precise time one.

While this patch modifies the code of JSBench, the last release of JSBench is Jan 2013 and
the contents are not changed for a long time. As described in the original paper[1], the
tests can be generated by using JSBench's record & replay system, but in that case, we can
adopt this modification by changing the tool side.

We also add currentTimeInMS implementation in harness.js and u?rem.js directly.
u?rem.js implementation is required when it is executed in u?rem.html without harness.
And harness.js implementation is required when it is executed in the JSBench's harness.
In these implementation, we follow the JetStream's time measuring function: performance.now(),
preciseTime(), or Date.now().

[1]: http://dl.acm.org/citation.cfm?id=2048119

  • Scripts/run-jsc-benchmarks:
17:05 Changeset [201441] by darin@apple.com
  • 59 edits in trunk/Source

Media queries and platform screen modernization and streamlining
https://bugs.webkit.org/show_bug.cgi?id=158067

Reviewed by Alex Christensen.

Source/WebCore:

  • bindings/objc/DOM.mm:

(-[DOMHTMLLinkElement _mediaQueryMatches]): Use references, use fastGetAttribute,
pass a document instead of a frame to the media query evaluator and a reference instead
of a pointer.

  • css/CSSGrammar.y.in: Use "expression" instead of "exp" for media query expressions.

Update vectors and arguments to move media query expressions instead of using unique_ptr.

  • css/CSSImportRule.h: Use pragma once. Removed unneeded forward declarations.

Made more overrides private and marked them final.

  • css/CSSParser.cpp:

(WebCore::CSSParser::SourceSize::SourceSize): Added missing WTFMove to avoid reference
count churn. Changed type of expression to no longer use unique_ptr.
(WebCore::CSSParser::sourceSize): Ditto.

  • css/CSSParser.h: Changed SourceSize::expression to no longer use unique_ptr.

Also changed SourceSize::length to be Ref instead of RefPtr.

  • css/DocumentRuleSets.cpp:

(WebCore::DocumentRuleSets::appendAuthorStyleSheets): Updated for changes to
MediaQueryEvaluator.

  • css/MediaFeatureNames.cpp:

(WebCore::MediaFeatureNames::init): Streamlined a bit. Removed "MediaFeature" suffix from
names of media feature strings.

  • css/MediaFeatureNames.h: Use pragma once. Changed media feature name globals

to use normal WebKit naming style instead of all lowercase with underscores.
Sorted alphabetically. Removed "MediaFeature" suffix from names of media feature strings.

  • css/MediaList.cpp:

(WebCore::MediaQuerySet::MediaQuerySet): Simplified copy constructor since the queries
vector can now be copied normally.
(WebCore::parseMediaDescriptor): Normalized types and changed to use isASCIIAlphanumeric.
The old code was not handling '0' the way the comment said it did.
(WebCore::MediaQuerySet::internalParse): Added. Helper function to cut down on redundant
code in functions below.
(WebCore::MediaQuerySet::parse): Use stripLeadingAndTrailingHTMLSpaces instead of
stripWhiteSpace. Streamlined logic using helper function. Updated to use a vector of
queries instead of a vector of unique_ptr.
(WebCore::MediaQuerySet::add): Use internalParse.
(WebCore::MediaQuerySet::remove): Ditto.
(WebCore::MediaQuerySet::addMediaQuery): Changed argument type to not be unique_ptr.
(WebCore::MediaQuerySet::mediaText): Use modern for loop.
(WebCore::MediaList::MediaList): Initialize pointers to null in the class definition
rather than in these constructors.
(WebCore::MediaList::setMediaText): Removed unhelpful local variable.
(WebCore::MediaList::item): Updated since queries no longer use unique_ptr.
(WebCore::addResolutionWarningMessageToConsole): Changed argument types to references
instead of pointers with assertions.
(WebCore::reportMediaQueryWarningIfNeeded): Updated to modernize.

  • css/MediaList.h: Use pragma once. Removed unneeded includes and forward declarations.

Changed vector to contain media queries instead of unique_ptr. Use nullptr instead of 0.
Initialize pointers to null here.

  • css/MediaQuery.cpp: Deleted now-unneeded copy constructor and destructor. Both are

correctly generated without us writing them explicitly.
(WebCore::MediaQuery::serialize): Rewrote to streamline.
(WebCore::MediaQuery::MediaQuery): Updates since expressions are no longer unique_ptr.
(WebCore::MediaQuery::cssText): Changed return type to reference.

  • css/MediaQuery.h: Use pragma once. Added include since this now includes media query

expressions, not just unique_ptr. Deleted the unneeded copy function.

  • css/MediaQueryEvaluator.cpp:

(WebCore::isViewportDependent): Moved this here. It used to be a member function of
MediaQueryExp, but this file has a lot more functions about specific features and how
they are evaluated, so it really belongs here.
(WebCore::MediaQueryEvaluator::MediaQueryEvaluator): Changed constructor to take a
document instead of a frame. Initialize the fallback result in the class definition.
(WebCore::MediaQueryEvaluator::evaluate): Changed the argument type to a reference.
(WebCore::compareValue): Made both of the arguments separate template types. This
helps us compare an integer to a double without lots of type casts.
(WebCore::compareAspectRatioValue): Changed to use early return style and got rid of
the casts to int so we will do the work in double instead.
(WebCore::doubleValue): Replaced the old numberValue function with this. Since values
are stored as doubles, it's much better to use double rather than float.
(WebCore::zeroEvaluate): Added. Helpful for the many functions that just need to
evaluate as 0.
(WebCore::oneEvaluate): Ditto.
(WebCore::colorEvaluate): Renamed this and all the functions below. Simplified the logic
to use the new doubleValue function.
(WebCore::colorIndexEvaluate): Use zeroEvaluate.
(WebCore::colorGamutEvaluate): No longer use page just to get from the frame to the
main frame.
(WebCore::monochromeEvaluate): Simplify logic using zeroEvaluate.
(WebCore::invertedColorsEvaluate): Use auto for the keyword; easier to read.
(WebCore::orientationEvaluate): Use early return style.
(WebCore::aspectRatioEvaluate): Ditto.
(WebCore::deviceAspectRatioEvaluate): Simplified logic and removed type casts.
(WebCore::evaluateResolution): Added a couple null checks.
(WebCore::devicePixelRatioEvaluate): Renamed. Added missing type check.
(WebCore::resolutionEvaluate): Ditto.
(WebCore::gridEvaluate): Use zeroEvaluate.
(WebCore::computeLength): Added a null check.
(WebCore::deviceHeightEvaluate): Use early return.
(WebCore::deviceWidthEvaluate): Ditto.
(WebCore::heightEvaluate): Ditto.
(WebCore::widthEvaluate): Ditto.
(WebCore::minColorEvaluate): Updated name only.
(WebCore::maxColorEvaluate): Ditto.
(WebCore::minColorIndexEvaluate): Ditto.
(WebCore::maxColorIndexEvaluate): Ditto.
(WebCore::minMonochromeEvaluate): Ditto.
(WebCore::maxMonochromeEvaluate): Ditto.
(WebCore::minAspectRatioEvaluate): Ditto.
(WebCore::maxAspectRatioEvaluate): Ditto.
(WebCore::minDeviceAspectRatioEvaluate): Ditto.
(WebCore::maxDeviceAspectRatioEvaluate): Ditto.
(WebCore::minDevicePixelRatioEvaluate): Ditto.
(WebCore::maxDevicePixelRatioEvaluate): Ditto.
(WebCore::minHeightEvaluate): Ditto.
(WebCore::maxHeightEvaluate): Ditto.
(WebCore::minWidthEvaluate): Ditto.
(WebCore::maxWidthEvaluate): Ditto.
(WebCore::minDeviceHeightEvaluate): Ditto.
(WebCore::maxDeviceHeightEvaluate): Ditto.
(WebCore::minDeviceWidthEvaluate): Ditto.
(WebCore::maxDeviceWidthEvaluate): Ditto.
(WebCore::minResolutionEvaluate): Ditto.
(WebCore::maxResolutionEvaluate): Ditto.
(WebCore::animationEvaluate): Use oneEvaluate.
(WebCore::transitionEvaluate): Ditto.
(WebCore::transform2dEvaluate): Ditto.
(WebCore::transform3dEvaluate): Simplify using zeroEvaluate and oneEvaluate.
(WebCore::viewModeEvaluate): Simplified logic with fewer local variables and the name "keyword".
(WebCore::videoPlayableInlineEvaluate): Use reference.
(WebCore::hoverEvaluate): Simplify using keyword.
(WebCore::anyHoverEvaluate): Just updated name.
(WebCore::pointerEvaluate): Simplify using keyword.
(WebCore::anyPointerEvaluate): Just updated name.
(WebCore::add): Added. Helper for building up the media query function map.
(WebCore::MediaQueryEvaluator::evaluate): Moved code to build the function map in here in
a lambda, rather than having it in a separate global function.

  • css/MediaQueryEvaluator.h: Use pragma once. Removed uneeded includes. Simplified comments and

modernized their style.

  • css/MediaQueryExp.cpp:

(WebCore::isFeatureValidWithIdentifier): Renamed to make it clearer what this does. Updated
to take a reference and use te new feature names.
(WebCore::isFeatureValidWithNonNegativeLengthOrNumber): Ditto.
(WebCore::isFeatureValidWithDensity): Ditto.
(WebCore::isFeatureValidWithNonNegativeInteger): Ditto.
(WebCore::isFeatureValidWithNonNegativeNumber): Ditto.
(WebCore::isFeatureValidWithZeroOrOne): Ditto.
(WebCore::isAspectRatioFeature): Ditto.
(WebCore::isFeatureValidWithoutValue): Ditto.
(WebCore::isFeatureValidWithNumberWithUnit): Added. Helper that calls multiple functions above.
(WebCore::isFeatureValidWithNumber): Ditto.
(WebCore::isSlash): Added. Helper to make aspect ratio code below easier to read.
(WebCore::isPositiveIntegerValue): Ditto.
(WebCore::MediaQueryExpression::MediaQueryExpression): Rearranged code to be much less wordy and
to not use current/next.

  • css/MediaQueryExp.h: Use pragma once. Renamed class to MediaQueryExpression. Removed

the isViewportDependent function, now part of MediaQueryEvaluator. Removed unneeded includes.

  • css/MediaQueryList.cpp:

(WebCore::MediaQueryList::MediaQueryList): Marked this inline. Use a reference and a Ref&&
instead of PassRefPtr.
(WebCore::MediaQueryList::create): Updated argument types.
(WebCore::MediaQueryList::addListener): Updated argument type and use releaseNonNull.
(WebCore::MediaQueryList::removeListener): Updated argument types.
(WebCore::MediaQueryList::evaluate): Ditto.
(WebCore::MediaQueryList::matches): More of the same.

  • css/MediaQueryList.h: Use pragma once. Changed types to use references, RefPtr&& and Ref&&.
  • css/MediaQueryMatcher.cpp:

(WebCore::MediaQueryMatcher::MediaQueryMatcher): Take a reference.
(WebCore::MediaQueryMatcher::documentDestroyed): Use nullptr.
(WebCore::MediaQueryMatcher::documentElementUserAgentStyle): Use auto.
(WebCore::MediaQueryMatcher::evaluate): Take a reference. Updated for changes to MediaQueryEvaluator.
(WebCore::MediaQueryMatcher::matchMedia): Updated for above changes.
(WebCore::MediaQueryMatcher::addListener): Use Ref&& and reference for arguments. Simplify code.
(WebCore::MediaQueryMatcher::removeListener): Ditto.
(WebCore::MediaQueryMatcher::styleResolverChanged): Moved the logic for evaluating each query here.
Updated for changes to MediaQueryEvaluator.

  • css/MediaQueryMatcher.h: Use pragma once. Changed create to take a reference. Tightened argument

types for addListener and removeListener. Made the private Listener a simple struct rather than a
class. Initialized m_evaluationRound.

  • css/RuleSet.cpp:

(WebCore::RuleSet::addChildRules): Updated for changes to MediaQueryEvaluator.
(WebCore::RuleSet::addRulesFromSheet): Ditto.

  • css/SourceSizeList.cpp:

(WebCore::match): Updated to use MediaQueryEvaluator in a simpler way.
(WebCore::defaultLength): Use a reference and simpler syntax.
(WebCore::computeLength): Ditto.
(WebCore::parseSizesAttribute): Changed arguments to take a Document instead of both a
RenderView and a Frame.

  • css/SourceSizeList.h: Use #pragma once. Change parseSizesAttribute to take a Document.
  • css/StyleMedia.cpp:

(WebCore::StyleMedia::matchMedium): Update for changes to MediaQueryEvaluator.

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::StyleResolver): Use a MediaQueryEvaluator instead of a unique_ptr
to one.
(WebCore::StyleResolver::appendAuthorStyleSheets): Ditto.
(WebCore::StyleResolver::styleForElement): Ditto.
(WebCore::StyleResolver::pseudoStyleForElement): Ditto.
(WebCore::StyleResolver::pseudoStyleRulesForElement): Ditto.
(WebCore::StyleResolver::addViewportDependentMediaQueryResult): Use references instead of
ponters, and use a vector of MediaQueryResult instead of unique_ptr.
(WebCore::StyleResolver::hasMediaQueriesAffectedByViewportChange): Use a modern for loop.

  • css/StyleResolver.h: Use a MediaQueryEvaluator instead of a unique_ptr to one.

Use a vector of MediaQueryResult instead of a vector of unique_ptr.

  • dom/Document.cpp:

(WebCore::Document::mediaQueryMatcher): Pass a reference instead of a pointer.

  • dom/InlineStyleSheetOwner.cpp:

(WebCore::InlineStyleSheetOwner::createSheet): Updated for changes to MediaQueryEvaluator.

  • editing/TextIterator.cpp:

(WebCore::SimplifiedBackwardsTextIterator::advance): Removed a stray space (unrelated to
the rest of the patch).

  • html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::bestFitSourceFromPictureElement): Updated for changes to the
MediaQueryEvaluator class. Also use auto a bit more and eliminated a double hash table
lookup in code that used hasAttribute followed by fastGetAttribute.
(WebCore::HTMLImageElement::selectImageSource): Updated for changes to parseSizesAttribute.

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::process): Updated for changes to MediaQueryEvaluator.
(WebCore::HTMLLinkElement::setCSSStyleSheet): Use auto.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::selectNextSourceChild): Updated for changes to MediaQueryEvaluator.

  • html/HTMLPictureElement.cpp:

(WebCore::HTMLPictureElement::viewportChangeAffectedPicture): Updated for changes to
MediaQueryEvaluator.

  • html/HTMLPictureElement.h: Use #pragma once. Changed viewport dependent media query results

vector to be a vector of results, not of unique_ptr.

  • html/parser/HTMLPreloadScanner.cpp:

(WebCore::TokenPreloadScanner::StartTagScanner::processAttributes): Updated for changes to
parseSizesAttribute.
(WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): Updated for changes to
MediaQueryEvaluator.

  • html/parser/HTMLResourcePreloader.cpp:

(WebCore::mediaAttributeMatches): Updated for changes to MediaQueryEvaluator.
(WebCore::HTMLResourcePreloader::preload): Ditto.

  • page/DOMWindow.cpp: Removed unneeded include of PlatformScreen.h.
  • page/mac/EventHandlerMac.mm:

(WebCore::EventHandler::effectiveMousePositionForSelectionAutoscroll): Simplified code and
updated for changes to PlatformScreenMac functions.

  • platform/PlatformScreen.h: Use #pragma once. Use using instad of typedef. Put the typedef

for PlatformDisplayID inside the WebCore namespace. Removed the typedef for ColorProfile.
Renamed the functions that find a screen to just "screen".

  • platform/graphics/DisplayRefreshMonitorClient.cpp:

(WebCore::DisplayRefreshMonitorClient::DisplayRefreshMonitorClient): Moved initialization
of booleans to the class definition.

  • platform/graphics/DisplayRefreshMonitorClient.h: Use pragma once. Removed unneeded

forward declarations. Changed display ID data member to be an Optional instead of a boolean
paired with another data member.

  • platform/graphics/GraphicsLayerUpdater.h: Use pragma once. Removed unneeded include of

PlatformScreen.h.

  • platform/image-decoders/ImageDecoder.h: Use pragma once. Moved ColorProfile here from

PlatformScreen.h, since it's not used there. and is used here.

  • platform/mac/PlatformEventFactoryMac.h: Use parma once. Changed reutrn type of the

globalPoint function to NSPoint. Tweaked comments and formatting a bit.

  • platform/mac/PlatformEventFactoryMac.mm:

(WebCore::globalPoint): Changed return type to NSPoint and so removed the explicit
conversion to IntPoint.
(WebCore::globalPointForEvent): Changed return type to NSPoint.
(WebCore::PlatformMouseEventBuilder::PlatformMouseEventBuilder): Moved conversion to
IntPoint in here. Also got rid of special indenting style and just indented normally.
(WebCore::PlatformWheelEventBuilder::PlatformWheelEventBuilder): Ditto.
(WebCore::PlatformKeyboardEventBuilder::PlatformKeyboardEventBuilder): Ditto.

  • platform/mac/PlatformScreenMac.mm:

(WebCore::displayID): Renamed from displayIDFromScreen and displayFromWidget since this
is C++ and we have overloading to determine the types of arguments. Added a null check
of the how dinwo pointer.
(WebCore::firstScreen): Added. Helper used below.
(WebCore::window): Added. Helper used below.
(WebCore::screen): Renamed from screenForWidget and screenFromWindow and removed the
unneeded window argument from the widget version.
(WebCore::screenDepth): Simplified, using new helpers.
(WebCore::screenDepthPerComponent): Ditto.
(WebCore::screenIsMonochrome): Tweaked comment.
(WebCore::screenHasInvertedColors): Ditto.
(WebCore::screenRect): Simplified using new elpers.
(WebCore::screenAvailableRect): Ditto.
(WebCore::screenSupportsExtendedColor): Streamlined using fewer local variables and
using auto for types of the results of adoptCF.
(WebCore::toUserSpace): Updated for function name changes.
(WebCore::toDeviceSpace): Ditto.

Source/WebKit/mac:

  • WebView/WebFrame.mm:

(-[WebFrame _dragSourceEndedAt:operation:]): Updated to use the new version of
globalPoint, which returns an NSPoint.

Source/WebKit2:

  • Shared/mac/WebEventFactory.mm:

(WebKit::screenForWindow): Deleted.
(WebKit::flipScreenPoint): Deleted.
(WebKit::globalPoint): Deleted.
(WebKit::globalPointForEvent): Use globalPoint function from WebCore so we don't need
copies of everything in here.

  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::windowDidChangeScreen): Removed unneeded type cast.
(WebKit::WebViewImpl::draggedImage): Added type cast since globalPoint now returns an
NSPoint rather than an IntPoint.

  • UIProcess/WebPageProxy.h: Use pragma once. Add a WebCore prefix to a use of

PlatformDisplayID, since that is now inside the WebCore namespace.

  • WebProcess/WebCoreSupport/WebChromeClient.h: Ditto.
  • WebProcess/WebPage/Cocoa/RemoteLayerTreeDisplayRefreshMonitor.h: Ditto.
  • WebProcess/WebPage/DrawingArea.h: Ditto.
  • WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h: Ditto.
16:53 Changeset [201440] by gyuyoung.kim@webkit.org
  • 10 edits in trunk/Source

Purge PassRefPtr in Modules/battery
https://bugs.webkit.org/show_bug.cgi?id=157062

Reviewed by Darin Adler.

Use RefPtr<>& to reduce uses of PassRefPtr in WebKit.

Source/WebCore:

  • Modules/battery/BatteryClient.h:
  • Modules/battery/BatteryController.cpp:

(WebCore::BatteryController::BatteryController):
(WebCore::BatteryController::~BatteryController):
(WebCore::BatteryController::addListener):
(WebCore::BatteryController::removeListener):
(WebCore::BatteryController::updateBatteryStatus):
(WebCore::BatteryController::didChangeBatteryStatus):
(WebCore::provideBatteryTo):

  • Modules/battery/BatteryController.h:
  • Modules/battery/BatteryManager.cpp:

(WebCore::BatteryManager::didChangeBatteryStatus):
(WebCore::BatteryManager::updateBatteryStatus):

  • Modules/battery/BatteryManager.h:
  • Modules/battery/BatteryStatus.h:
  • testing/Internals.cpp:

(WebCore::Internals::setBatteryStatus):

Source/WebKit2:

  • WebProcess/Battery/WebBatteryManager.cpp:

(WebKit::WebBatteryManager::didChangeBatteryStatus):
(WebKit::WebBatteryManager::updateBatteryStatus):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::m_shouldDispatchFakeMouseMoveEvents):

16:40 Changeset [201439] by bfulgham@apple.com
  • 1 edit
    2 adds in trunk/LayoutTests

DOM mutation methods fail to re-check validity of node insertion after removing nodes from old parent
https://bugs.webkit.org/show_bug.cgi?id=81991
<rdar://problem/11120506>

Reviewed by Chris Dumez.

Add a test case for an old DOM mutation bug that was fixed long ago.

  • fast/dom/circular-dom-tree-crash-expected.txt: Added.
  • fast/dom/circular-dom-tree-crash.html: Added.
16:05 Changeset [201438] by mattbaker@apple.com
  • 2 edits in trunk/Source/WebInspectorUI

Uncaught Exception: TypeError: undefined is not an object (evaluating 'records[endIndex].endTime')
https://bugs.webkit.org/show_bug.cgi?id=158057

Reviewed by Timothy Hatcher.

  • UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype._updateTimelineViewTimes):
When the entire recording is selected, rendering frames should use the
record count as its end time instead of the recording's end time.

16:03 Changeset [201437] by ryanhaddad@apple.com
  • 2 edits in trunk/LayoutTests

Marking js/function-apply.html as a flaky timeout on mac debug wk2
https://bugs.webkit.org/show_bug.cgi?id=158133

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
15:30 Changeset [201436] by ggaren@apple.com
  • 7 edits in trunk/Source/JavaScriptCore

REGRESSION: JSBench spends a lot of time transitioning to/from dictionary
https://bugs.webkit.org/show_bug.cgi?id=158045

Reviewed by Saam Barati.

15% speedup on jsbench-amazon-firefox, possibly 5% speedup overall on jsbench.

This regression seems to have two parts:

(1) Transitioning the window object to/from dictionary is more expensive
than it used to be to because the window object has lots more properties.
The window object has more properties because, for WebIDL compatibility,
we reify DOM APIs as properties when you delete.

(2) DOM prototypes transition to/from dictionary upon creation
because, once again for WebIDL compatibility, we reify their static
APIs eagerly.

The solution is to chill out a bit on dictionary transitions.

  • bytecode/ObjectPropertyConditionSet.cpp: Don't flatten a dictionary

if we've already done so before. This avoids pathological churn, and it
is our idiom in other places.

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::execute): Do flatten the global object unconditionally
if it is an uncacheable dictionary because the global object is super
important.

  • runtime/BatchedTransitionOptimizer.h:

(JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
(JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer): Deleted.
Don't transition away from dictionary after a batched set of property
puts because normal dictionaries are cacheable and that's a perfectly
fine state to be in -- and the transition is expensive.

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init): Do start the global object out as a cacheable
dictionary because it will inevitably have enough properties to become
a dictionary.

  • runtime/Operations.h:

(JSC::normalizePrototypeChain): Same as ObjectPropertyConditionSet.cpp.

15:05 Changeset [201435] by adachan@apple.com
  • 6 edits in trunk/Source/WebCore

Add WebKitAdditions extension point in HTMLMediaElement.
https://bugs.webkit.org/show_bug.cgi?id=158097

Reviewed by Eric Carlson.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::shouldOverrideBackgroundLoadingRestriction):
We need to load data in the background if playing to wireless playback target.
(WebCore::HTMLMediaElement::fullscreenModeChanged):
Moved from header file.

  • html/HTMLMediaElement.h:
  • platform/audio/PlatformMediaSession.cpp:

(WebCore::PlatformMediaSession::clientWillPausePlayback):
The code to start m_clientDataBufferingTimer is also in visibilityChanged().
Moved that code to PlatformMediaSession::scheduleClientDataBufferingCheck() and call
that method here.
(WebCore::PlatformMediaSession::visibilityChanged):
Call PlatformMediaSession::scheduleClientDataBufferingCheck().
(WebCore::PlatformMediaSession::scheduleClientDataBufferingCheck):
Start m_clientDataBufferingTimer if it's not already active.
(WebCore::PlatformMediaSession::shouldOverrideBackgroundLoadingRestriction):
Call the client.

  • platform/audio/PlatformMediaSession.h:

(WebCore::PlatformMediaSessionClient::shouldOverrideBackgroundLoadingRestriction):

  • platform/audio/PlatformMediaSessionManager.cpp:

(WebCore::PlatformMediaSessionManager::sessionCanLoadMedia):
Call the new PlatformMediaSession::shouldOverrideBackgroundLoadingRestriction().

15:03 Changeset [201434] by bfulgham@apple.com
  • 2 edits in trunk/Tools

Unreviewed test fix after r201427.
https://bugs.webkit.org/show_bug.cgi?id=157423
<rdar://problem/23751632>

A debug assertion was firing during some test runs due to the Geolocation permission
being turned off during the test. The timer logic was originally written to assert
if the timer fired when permissions were disabled. But this is no longer valid,
because we expect the Geolocation system to be active and become deactivated if the
browsing context violates one of the security criteria.

  • DumpRenderTree/mac/UIDelegate.mm:

(-[UIDelegate timerFired]): Remove invalid assertion.

14:58 Changeset [201433] by fpizlo@apple.com
  • 7 edits
    1 add in trunk

ScopedLambda should have a lifetime story that makes sense to the compiler
https://bugs.webkit.org/show_bug.cgi?id=158118

Reviewed by Mark Lam.
Source/WTF:

Prior to this change, there were two lifetime bugs in ScopedLambda:

  • scopedLambda(Functor&&) would bind Functor to const lambda&, so the resulting ScopedLambdaFunctor would hold a reference to the original lambda. This would have surprising behavior; for example it meant that this code was wrong:


auto l = scopedLambda<things>([&] ...);


The solution is to have explicit copy/move versions of scopedLambda() rather than rely on perfect
forwarding.


  • ScopedLambdaFunctor did not override its copy or move operations, so if the compiler did not RVO scopedLambda(), it would return a ScopedLambdaFunctor whose m_arg points to a dead temporary ScopedLambdaFunctor instance. The solution is to have explicit copy/move constructors and operators, which preserve the invariant that ScopedLambda::m_arg points to this.


One nice side-effect of all of these constructors and operators being explicit is that we can rely
on WTFMove's excellent assertions, which helped catch the first issue.

This reverts ParkingLot to use ScopedLambda again.

  • wtf/ParkingLot.cpp:

(WTF::ParkingLot::parkConditionallyImpl):
(WTF::ParkingLot::unparkOne):
(WTF::ParkingLot::unparkOneImpl):

  • wtf/ParkingLot.h:

(WTF::ParkingLot::parkConditionally):
(WTF::ParkingLot::unparkOne):

  • wtf/ScopedLambda.h:

(WTF::scopedLambda):

Tools:


Added a test case. This test crashes before the fix and now it passes.

  • TestWebKitAPI/CMakeLists.txt:
  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WTF/ScopedLambda.cpp: Added.

(TestWebKitAPI::TEST):

14:57 Changeset [201432] by jer.noble@apple.com
  • 3 edits in trunk/Source/WebCore

Use std::atomic<> rather than OSAtomicIncrement in CARingBuffer.cpp
https://bugs.webkit.org/show_bug.cgi?id=158129

Reviewed by Eric Carlson.

std::atomic is a more portable atomic primitive than OSAtomicIncrement.

  • platform/audio/mac/CARingBuffer.cpp:

(WebCore::CARingBuffer::setCurrentFrameBounds):
(WebCore::CARingBuffer::getCurrentFrameBounds):
(WebCore::CARingBuffer::currentStartFrame):
(WebCore::CARingBuffer::currentEndFrame):

  • platform/audio/mac/CARingBuffer.h:
14:24 Changeset [201431] by mmaxfield@apple.com
  • 3 edits in trunk/Tools

Build fix

Rubber stamped by Lucas Forschler.

  • DumpRenderTree/mac/Configurations/DebugRelease.xcconfig:
  • WebKitTestRunner/Configurations/DebugRelease.xcconfig:
14:21 Changeset [201430] by mmaxfield@apple.com
  • 4 edits in trunk/Source

Build fix

Rubber stamped by Lucas Forschler.

  • Configurations/DebugRelease.xcconfig:
13:37 Changeset [201429] by ryanhaddad@apple.com
  • 2 edits in trunk/Source/WebCore

Rebaseline bindings tests after r201428

Unreviewed test gardening.

  • bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::setJSTestObjReplaceableAttribute):

12:51 Changeset [201428] by ggaren@apple.com
  • 7 edits in trunk

replaceable own properties seem to ignore replacement after property caching
https://bugs.webkit.org/show_bug.cgi?id=158091

Reviewed by Darin Adler.

PerformanceTests:

  • MallocBench/MallocBench.xcodeproj/project.pbxproj:
  • MallocBench/MallocBench/Benchmark.cpp:
  • MallocBench/MallocBench/Interpreter.cpp:

(Interpreter::doMallocOp):

  • MallocBench/MallocBench/Interpreter.h:
  • MallocBench/MallocBench/fastMallocLog.63316.ops: Added.
  • MallocBench/MallocBench/jetstream.cpp: Added.

(benchmark_jetstream):

  • MallocBench/MallocBench/jetstream.h: Added.

Source/JavaScriptCore:

  • runtime/Lookup.h:

(JSC::replaceStaticPropertySlot): New helper function for replacing a
static property with a direct property. We need to do an attribute changed
transition because client code might have cached our static property.

Source/WebCore:

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation): Use our new replacement helper if we're replacing
an own static property with an own direct property. Because we advertise
that our own static properties are cacheable, we need to do a structure
transition to indicate when they change. (Only own properties need this
special treatment because JSC considers it normal to shadow a prototype
property with an own property.)

LayoutTests:

  • js/cached-window-properties.html: Augmneted this test to enter cacheable

dictionary mode in order to demonstrate a bug that is not visible otherwise.

Factored out a helper test function.

12:29 Changeset [201427] by bfulgham@apple.com
  • 1 edit
    3 adds in trunk/LayoutTests

Sites served over insecure connections should not be allowed to use geolocation.
https://bugs.webkit.org/show_bug.cgi?id=157423
<rdar://problem/23751632>

Patch by Pranjal Jumde <pjumde@apple.com> on 2016-05-26
Reviewed by Brent Fulgham.

Add missing test content from r201423.

  • http/tests/security/resources/geolocation-over-insecure-content.html: Added.
  • http/tests/security/resources/geolocation-over-mixed-content-block.html: Added.
  • http/tests/security/resources/geolocation-over-mixed-content.html: Added.
12:12 Changeset [201426] by peavo@outlook.com
  • 2 edits in trunk/LayoutTests

[Win] Update test expectation for imported blink test.
https://bugs.webkit.org/show_bug.cgi?id=158122

Patch by Per Arne Vollan <pvollan@apple.com> on 2016-05-26
Reviewed by Alex Christensen.

The crash on imported/blink/compositing/perspective-origin-overflow-hidden.html
was fixed in https://trac.webkit.org/changeset/192166.

  • platform/win/TestExpectations:
12:06 Changeset [201425] by beidson@apple.com
  • 1 edit
    2 moves
    5 adds
    1 delete in trunk/LayoutTests

Release JSC test test-observegc.js.layout failing.
https://bugs.webkit.org/show_bug.cgi?id=158126

Unreviewed.

Move this test to a directory that is less... "special"

  • fast/misc/resources/test-observegc.js: Renamed from LayoutTests/js/script-tests/test-observegc.js.
  • fast/misc/test-observegc-expected.txt: Renamed from LayoutTests/js/test-observegc-expected.txt.
  • fast/misc/test-observegc.html: Added.
  • js/test-observegc.html: Removed.
11:46 Changeset [201424] by commit-queue@webkit.org
  • 7 edits in trunk/Source/WebCore

BitmapImage::checkForSolidColor() cleanup
https://bugs.webkit.org/show_bug.cgi?id=157750

Patch by Said Abou-Hallawa <sabouhallawa@apple,com> on 2016-05-26
Reviewed by Darin Adler.

Have a single implementation for BitmapImage::checkForSolidColor(). Create
a new function named NativeImage::solidColor() and call it from the former
one. The goal is to have the platform files contain only the platform dependent
code rather than repeating the platform independent code multiple times.

  • platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::destroyMetadataAndNotify): Invalidate m_solidColor.
(WebCore::BitmapImage::singlePixelSolidColor): Combine mayFillWithSolidColor(),
checkForSolidColor() and solidColor() in one function to guarantee the validity
of the returned value. Before, if solidColor() is called without calling
mayFillWithSolidColor() or checkForSolidColor(), the returned value would be
incorrect.

(WebCore::BitmapImage::dump): Use the m_solidColor Optional and Color states.
(WebCore::BitmapImage::mayFillWithSolidColor): Deleted.
(WebCore::BitmapImage::solidColor): Deleted.

  • platform/graphics/BitmapImage.h: Delete m_checkedForSolidColor and

m_isSolidColor and change m_solidColor to be Optional<Color>.

  • platform/graphics/Image.cpp:

(WebCore::Image::drawTiled): Use singlePixelSolidColor() and check the returned
value to know whether the singe pixel solid color optimization applies or not.

  • platform/graphics/Image.h:

(WebCore::Image::singlePixelSolidColor):
(WebCore::Image::mayFillWithSolidColor): Deleted.
(WebCore::Image::solidColor): Deleted.
Replace mayFillWithSolidColor() and solidColor() with a single function named
singlePixelSolidColor(). isValid() of the returned Color can be used to tell
whether the singe pixel solid color optimization applies or not.

  • platform/graphics/cairo/BitmapImageCairo.cpp:

(WebCore::NativeImage::singlePixelSolidColor):
(WebCore::BitmapImage::draw):
(WebCore::BitmapImage::checkForSolidColor): Deleted.
Delete the platform dependent BitmapImage::checkForSolidColor() and add
the new platform dependent function NativeImage::singlePixelSolidColor() and
use to know whether the singe pixel solid color optimization applies or not.

  • platform/graphics/cg/BitmapImageCG.cpp:

(WebCore::NativeImage::singlePixelSolidColor):
(WebCore::BitmapImage::draw):
(WebCore::BitmapImage::checkForSolidColor): Deleted.
Ditto.

11:19 Changeset [201423] by bfulgham@apple.com
  • 8 edits
    6 adds in trunk

Sites served over insecure connections should not be allowed to use geolocation.
https://bugs.webkit.org/show_bug.cgi?id=157423
<rdar://problem/23751632>

Patch by Pranjal Jumde <pjumde@apple.com> on 2016-05-26
Reviewed by Brent Fulgham.

Source/WebCore:

Tests: http/tests/security/insecure-geolocation.html

http/tests/security/mixedcontent-geolocation-block-insecure-content.html
http/tests/security/mixedcontent-geolocation.html

  • Modules/geolocation/Geolocation.cpp:

(WebCore::logError):
Logs an error to the console if geolocation is blocked.
(WebCore::Geolocation::startRequest):
Access to Geolocation will be blocked if site is not secure. An error will be logged when access to Geolocation is blocked.
(WebCore::Geolocation::shouldBlockGeolocationRequests)
Returns true if the access to geolocation should be blocked.

  • Modules/geolocation/Geolocation.h:
  • dom/SecurityContext.h:

(WebCore::SecurityContext::foundMixedContent):
Returns true if insecure content was accessed over secure connection.
(WebCore::SecurityContext::setFoundMixedContent):
Sets m_foundMixedContent to true if insecure content is accessed over secure connection.
(WebCore::SecurityContext::geolocationAccessed):
Returns true if geolocation was accessed
(WebCore::SecurityContext::setGeolocationAccessed):
Sets m_geolocationAccessed to true if geolocation was accessed.

  • loader/MixedContentChecker.cpp:

(WebCore::MixedContentChecker::canDisplayInsecureContent):
Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.
(WebCore::MixedContentChecker::canRunInsecureContent):
Insecure content will be blocked if geolocation was accessed by the page. Updates document to keep track of mixed content.

LayoutTests:

  • http/tests/security/geolocation-over-insecure-content.html: Added.
  • http/tests/security/geolocation-over-mixed-content-block.html: Added.
  • http/tests/security/geolocation-over-mixed-content.html: Added.
  • http/tests/security/insecure-geolocation-expected.txt: Added.
  • http/tests/security/insecure-geolocation.html: Added.
  • http/tests/security/mixedcontent-geolocation-block-insecure-content-expected.txt: Added.
  • http/tests/security/mixedcontent-geolocation-block-insecure-content.html: Added.
  • http/tests/security/mixedcontent-geolocation-expected.txt: Added.
  • http/tests/security/mixedcontent-geolocation.html: Added.
  • http/tests/security/sandboxed-iframe-geolocation-watchPosition.html: iframe is loaded over secure connection to avoid geolocation failures
  • http/tests/security/sandboxed-iframe-geolocation-getCurrentPosition.html: iframe is loaded over secure connection to avoid geolocation failures
10:23 Changeset [201422] by beidson@apple.com
  • 8 edits
    6 adds in trunk

Implement internals.observeGC to get called back when a Javascript object is GC'ed.
https://bugs.webkit.org/show_bug.cgi?id=158093

Reviewed by Geoffrey Garen.

Source/WebCore:

Test: js/test-observegc.html

  • CMakeLists.txt:
  • DerivedSources.make:
  • WebCore.xcodeproj/project.pbxproj:
  • testing/GCObservation.cpp: Added.

(WebCore::GCObservation::GCObservation):

  • testing/GCObservation.h: Added.
  • testing/GCObservation.idl: Added.
  • testing/Internals.cpp:

(WebCore::Internals::observeGC):

  • testing/Internals.h:
  • testing/Internals.idl:

LayoutTests:

  • js/script-tests/test-observegc.js: Added.
  • js/test-observegc-expected.txt: Added.
  • js/test-observegc.html: Added.
10:08 Changeset [201421] by mmaxfield@apple.com
  • 3 edits
    2 adds in trunk

[Font Loading] Allow empty strings in FontFace constructor
https://bugs.webkit.org/show_bug.cgi?id=158112

Reviewed by Darin Adler.

Source/WebCore:

Other browsers accept empty strings and parse them as if they are omitted.
We should do the same. However, this is only true for the constructor. Setting
an attribute to an empty string should still throw an exception.

Test: fast/text/font-face-empty-string.html

  • css/FontFace.cpp:

(WebCore::FontFace::create):
(WebCore::FontFace::setFamily):
(WebCore::FontFace::setStyle):
(WebCore::FontFace::setWeight):
(WebCore::FontFace::setUnicodeRange):
(WebCore::FontFace::setVariant):
(WebCore::FontFace::setFeatureSettings):

LayoutTests:

  • fast/text/font-face-empty-string-expected.txt: Added.
  • fast/text/font-face-empty-string.html: Added.
09:24 Changeset [201420] by adam.bergkvist@ericsson.com
  • 10 edits
    1 delete in trunk

WebRTC: RTCSessionDescription: Make attributes readonly (and remove custom binding)
https://bugs.webkit.org/show_bug.cgi?id=157858

Reviewed by Eric Carlson.

Source/WebCore:

Align RTCSessionDescription type with WebRTC 1.0 specification [1].

  • Make constructor dictionary member mandatory
  • Align constructor dictionary argument (RTCSessionDescriptionInit) with [1]
  • Use RTCSdpType enum for the type attribute
  • Remove custom binding

[1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html

Updated existing test.

  • CMakeLists.txt:
  • Modules/mediastream/MediaEndpointPeerConnection.cpp:

(WebCore::MediaEndpointPeerConnection::createOfferTask):

  • Modules/mediastream/RTCSessionDescription.cpp:

(WebCore::parseTypeString):
(WebCore::RTCSessionDescription::create):
(WebCore::RTCSessionDescription::RTCSessionDescription):
(WebCore::verifyType): Deleted.
(WebCore::RTCSessionDescription::setType): Deleted.

  • Modules/mediastream/RTCSessionDescription.h:

(WebCore::RTCSessionDescription::type):

  • Modules/mediastream/RTCSessionDescription.idl:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/JSRTCSessionDescriptionCustom.cpp: Removed.

(WebCore::constructJSRTCSessionDescription): Deleted.

LayoutTests:

  • fast/mediastream/RTCSessionDescription-expected.txt:
  • fast/mediastream/RTCSessionDescription.html:

Add tests for mandatory constructor dictionary argument and required 'type' member (also
check its value). Verify that attributes are read-only.

09:10 Changeset [201419] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebCore

NativeToJSValue is harcoding the $thisValue in some strings
https://bugs.webkit.org/show_bug.cgi?id=158113

Patch by Alejandro G. Castro <alex@igalia.com> on 2016-05-26
Reviewed by Darin Adler.

Replaced the string with the variable value.

Updated the tests results in the bindings.

  • bindings/scripts/CodeGeneratorJS.pm:

(NativeToJSValue): Replaced the hardcoded string with the variable
value.

  • bindings/scripts/test/JS/JSTestCallback.cpp:

(WebCore::JSTestCallback::callbackWithSerializedScriptValueParam):

  • bindings/scripts/test/JS/JSTestCallbackFunction.cpp:

(WebCore::JSTestCallbackFunction::callbackWithSerializedScriptValueParam):

07:28 WebKitGTK/2.12.x edited by jdiggs@igalia.com
Added r200371 for annulen who lacks edit privs (diff)
02:14 Changeset [201418] by fred.wang@free.fr
  • 4 edits in trunk/Source/WebCore

Small improvements to RenderBox/LayoutUnit casting in MathML
https://bugs.webkit.org/show_bug.cgi?id=157943

Patch by Frederic Wang <fwang@igalia.com> on 2016-05-26
Reviewed by Darin Adler.

This is a small follow-up of the RenderMathMLRow/RenderMathMLUnderOver/RenderMathMLFraction
refactoring. Since these MathML renderers can only contain other MathML renderers, we can
just considerer RenderBox children and avoid unnecessary casts. Similarly, when the two
arguments of std::max are LayoutUnit's, we do not need to specialize to std::max<LayoutUnit>.

No new tests, behavior is not changed.

  • rendering/mathml/RenderMathMLFraction.cpp:

(WebCore::RenderMathMLFraction::layoutBlock): Do not to specialize to std::max<LayoutUnit>.

  • rendering/mathml/RenderMathMLRow.cpp:

(WebCore::RenderMathMLRow::updateOperatorProperties): Browse the list of RenderBox children
and use auto*.
(WebCore::RenderMathMLRow::computeLineVerticalStretch): Do not to specialize to std::max<LayoutUnit>.

  • rendering/mathml/RenderMathMLUnderOver.cpp:

(WebCore::RenderMathMLUnderOver::unembellishedOperator): Get the RenderBox child and use auto*.
(WebCore::RenderMathMLUnderOver::computeOperatorsHorizontalStretch): Browse the list of
RenderBox children, use auto* and remove unnecessary casts. Do not to specialize to
std::max<LayoutUnit>.

00:54 Changeset [201417] by cfleizach@apple.com
  • 3 edits in trunk/Source/WebCore

AX: crash at AccessibilityRenderObject::remoteSVGRootElement const
https://bugs.webkit.org/show_bug.cgi?id=158098

Reviewed by Joanmarie Diggs.

What looks like happens here is that when a document is torn down and we try to detach, we end up creating an accessibility element during detachment phase.
So instead of just clearing the callback pointer on an existing AXObject, we make a new object and access properties of an object being deallocated.

I tried very hard to make a test but it looks like this can really only be triggered during document tear down which also tears down the AXObjectCache. I didn't
have luck reproducing because of that.

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::remoteSVGElementHitTest):
(WebCore::AccessibilityRenderObject::isSVGImage):
(WebCore::AccessibilityRenderObject::detachRemoteSVGRoot):
(WebCore::AccessibilityRenderObject::remoteSVGRootElement):
(WebCore::AccessibilityRenderObject::addRemoteSVGChildren):

  • accessibility/AccessibilityRenderObject.h:
Note: See TracTimeline for information about the timeline view.