Timeline



May 29, 2017: Today

11:20 AM Changeset in webkit [217540] by Claudio Saavedra
  • 2 edits in trunk/LayoutTests

[WPE] Mark a couple of tests as slow/timing out

Unreviewed gardening. These are all known ones.

  • platform/wpe/TestExpectations:
10:35 AM Changeset in webkit [217539] by Claudio Saavedra
  • 2 edits in trunk/LayoutTests

[WPE] Marking workers/bomb.html test as slow.

Unreviewed gardening.

  • platform/wpe/TestExpectations:
9:17 AM Changeset in webkit [217538] by Claudio Saavedra
  • 2 edits in trunk/Source/WebKit2

[GTK] Remove unneeded forward declaration

Rubber-stamped by Zan Dobersek.

  • UIProcess/API/C/gtk/WKAPICastGtk.h: Remove WebGrammarDetail as

its header is included in the same file.

9:05 AM Changeset in webkit [217537] by zandobersek@gmail.com
  • 2 edits in trunk/Tools

Unreviewed. Bumping the WPEBackend-mesa dependency version.

  • wpe/jhbuild.modules: Use the latest version that uses proper GLib

priorities for IPC communication.

7:09 AM Changeset in webkit [217536] by commit-queue@webkit.org
  • 4 edits in trunk

Use the parent box style to adjust RenderStyle for alignment.
https://bugs.webkit.org/show_bug.cgi?id=172215

Patch by Emilio Cobos Álvarez <ecobos@igalia.com> on 2017-05-29
Reviewed by Antti Koivisto.

Source/WebCore:

The css-flexbox spec defined align-self in terms of the parent
element, which is what this code did.

The css-align spec defines these properties in terms of the style of
the containing box instead, which means display: contents styles
should not be used for this adjustment, but the parent box style
instead.

For example, align-items is defined as:

This property specifies the default align-self for all of the boxes
(including anonymous boxes) participating in this box’s formatting
context.

Note that the css-align spec was recently updated to align (no pun
intended) with Gecko, and make the |auto| value compute to itself.
This patch puts us in a more recent spec than before, but not totally
up-to-date.

Tests: imported/w3c/web-platform-tests/css/css-display-3/display-contents-alignment-001.html

imported/w3c/web-platform-tests/css/css-display-3/display-contents-alignment-002.html

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::adjustRenderStyle):
(WebCore::StyleResolver::adjustStyleForAlignment):

LayoutTests:

3:37 AM Changeset in webkit [217535] by Yusuke Suzuki
  • 2 edits in trunk/Source/WTF

Unreviewed, disable faster Interpreter::getOpcodeID for ARM_THUMB2 with non-Darwin OSes
https://bugs.webkit.org/show_bug.cgi?id=172686

Because of test failures.

  • wtf/Platform.h:
2:03 AM Changeset in webkit [217534] by pvollan@apple.com
  • 2 edits in trunk/LayoutTests

Unreviewed Windows test gardening, update expected results after r217418.

  • platform/win/fast/block/float/032-expected.txt:
1:41 AM Changeset in webkit [217533] by Claudio Saavedra
  • 2 edits in trunk/Source/WebKit2

[WPE] Build fix after r217531

Unreviewed.

  • UIProcess/API/C/wpe/WKAPICastWPE.h:

(WebKit::toAPI): Add missing WebGrammarDetail API cast.

12:15 AM Changeset in webkit [217532] by pvollan@apple.com
  • 7 edits in trunk/LayoutTests

Unreviewed Windows test gardening, update expected results after r217418.

  • platform/win/fast/forms/input-appearance-spinbutton-expected.txt:
  • platform/win/fast/forms/input-appearance-spinbutton-up-expected.txt:
  • platform/win/fast/forms/number/number-appearance-rtl-expected.txt:
  • platform/win/fast/forms/number/number-appearance-spinbutton-disabled-readonly-expected.txt:
  • platform/win/fast/forms/number/number-appearance-spinbutton-layer-expected.txt:
  • platform/win/fast/forms/search-vertical-alignment-expected.txt:

May 28, 2017: Yesterday

10:30 PM Changeset in webkit [217531] by mitz@apple.com
  • 39 edits in trunk/Source

[Xcode] ALWAYS_SEARCH_USER_PATHS is set to YES
https://bugs.webkit.org/show_bug.cgi?id=172691

Reviewed by Tim Horton.

  • Configurations/Base.xcconfig: Set ALWAYS_SEARCH_USER_PATHS to NO.

Source/JavaScriptCore:

Source/WebCore:

  • WebCore.xcodeproj/project.pbxproj: Added DateTimeChooser.h, DateTimeChooserClient.h, PerformanceMark.h, PerformanceMeasure.h, SVGUnknownElement.h, and MathMLUnknownElement.h to the WebCore target.

Source/WebKit2:

  • UIProcess/API/C/WKAPICast.h: Moved GTK-only definitions that used WebGrammarDetail.h to WKAPICastGtk.h. This had the effect of no longer including APIArray.h from this header.
  • UIProcess/API/C/gtk/WKAPICastGtk.h: Moved GTK-only definitions to here.

(WebKit::toAPI):

  • UIProcess/WebGrammarDetail.h: Replaced include of APIArray.h with a forward declaration.
  • Shared/API/c/WKRenderLayer.cpp:
  • Shared/API/c/WKRenderObject.cpp:
  • UIProcess/API/C/WKApplicationCacheManager.cpp:
  • UIProcess/API/C/WKContext.cpp:
  • UIProcess/API/C/WKContextConfigurationRef.cpp:
  • UIProcess/API/C/WKCookieManager.cpp:
  • UIProcess/API/C/WKKeyValueStorageManager.cpp:
  • UIProcess/API/C/WKNotificationManager.cpp:
  • UIProcess/API/C/WKOpenPanelResultListener.cpp:
  • UIProcess/API/C/WKPageGroup.cpp:
  • UIProcess/API/C/WKResourceCacheManager.cpp:
  • UIProcess/API/C/WKUserContentControllerRef.cpp:
  • UIProcess/API/gtk/WebKitBackForwardList.cpp:
  • UIProcess/WebContextMenuListenerProxy.cpp:

Added #include "APIArray.h" to these files now that WKAPICast.h does not include it.

10:09 PM Changeset in webkit [217530] by Yusuke Suzuki
  • 2 edits in trunk/Source/JavaScriptCore

[JSC] Provide better type information of toLength and tighten bytecode
https://bugs.webkit.org/show_bug.cgi?id=172690

Reviewed by Sam Weinig.

In this patch, we carefully leverage operator + in order to

  1. tighten bytecode

operator+ emits to_number bytecode. What this bytecode does is the same
to @Number() call. It is more efficient, and it is smaller bytecode
than @Number() call (load global variable @Number, set up arguments, and
call it).

  1. offer better type prediction data

Now, we have code like

length > 0 ? (length < @MAX_SAFE_INTEGER ? length : @MAX_SAFE_INTEGER) : 0

This is not good because DFG prediction propagation phase predicts as Double
since @MAX_SAFE_INTEGER is double. But actually it rarely becomes Double.
Usually, the result becomes Int32. This patch leverages to_number in a bit
interesting way: to_number has value profiling to offer better type prediction.
This value profiling can offer a chance to change the prediction to Int32 efficiently.
It is a bit tricky. But it is worth doing to speed up our builtin functions,
which should leverage all the JSC's tricky things to be optimized.

Related microbenchmarks show performance improvement.

baseline patched

array-prototype-forEach 50.2348+-2.2331 49.7568+-2.3507
array-prototype-map 51.0574+-1.8166 47.9531+-2.1653 might be 1.0647x faster
array-prototype-some 52.3926+-1.8882 48.3632+-2.0852 definitely 1.0833x faster
array-prototype-every 52.7394+-2.0712 50.2896+-2.1480 might be 1.0487x faster
array-prototype-reduce 54.9994+-2.3638 51.8716+-2.6253 might be 1.0603x faster
array-prototype-reduceRight 209.7594+-9.2594 51.5867+-2.5745 definitely 4.0662x faster

  • builtins/GlobalOperations.js:

(globalPrivate.toInteger):
(globalPrivate.toLength):

6:30 PM Changeset in webkit [217529] by commit-queue@webkit.org
  • 7 edits
    2 adds in trunk

[WebIDL] @@iterator should only be accessed once when disambiguating a union type
https://bugs.webkit.org/show_bug.cgi?id=172684

Patch by Sam Weinig <sam@webkit.org> on 2017-05-28
Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

  • runtime/IteratorOperations.cpp:

(JSC::iteratorMethod):
(JSC::iteratorForIterable):

  • runtime/IteratorOperations.h:

(JSC::forEachInIterable):
Add additional iterator helpers to allow union + sequence conversion code
to check for iterability by getting the iterator method, and iterate using
that method later on.

Source/WebCore:

WebIDL specifies that when determining if the value you are converting to a union
is a sequence, you must get the @@iterator property and, should it exist, use it
to iterate the sequence. While we correctly accessing the property to make the
determination, we were not passing it into the sequence conversion code, and thus
the sequence conversion code re-accessed it, which is observable and wrong.

This patch pipes the @@iterator method through the sequence conversion code to avoid
this.

Test: js/dom/sequence-in-union-iterator-access.html

  • bindings/js/JSDOMConvertSequences.h:

(WebCore::Detail::GenericSequenceConverter::convert):
(WebCore::Detail::NumericSequenceConverter::convertArray):
(WebCore::Detail::NumericSequenceConverter::convert):
(WebCore::Detail::SequenceConverter::convertArray):
(WebCore::Detail::SequenceConverter::convert):
(WebCore::Detail::SequenceConverter<IDLLong>::convert):
(WebCore::Detail::SequenceConverter<IDLFloat>::convert):
(WebCore::Detail::SequenceConverter<IDLUnrestrictedFloat>::convert):
(WebCore::Detail::SequenceConverter<IDLDouble>::convert):
(WebCore::Detail::SequenceConverter<IDLUnrestrictedDouble>::convert):
(WebCore::Converter<IDLSequence<T>>::convert):
(WebCore::Converter<IDLFrozenArray<T>>::convert):
Add variants of convert that take a JSObject* (sequence) / JSValue (iterator method)
rather than just the JSValue (sequence). To avoid too much duplication, split some
parts of SequenceConverter and NumericSequenceConverter up so they could be reused.

  • bindings/js/JSDOMConvertUnion.h:
  • Fix incorrect step 3 (WebIDL got updated at some point and we didn't notice) to remove records.
  • Update sequence and FrozenArray checking/conversion to get the iterator method and pass it along, using the new ConditionalSequenceConverter helper which forwards to the new sequence converters that accept the iterator method.

LayoutTests:

  • js/dom/sequence-in-union-iterator-access-expected.txt: Added.
  • js/dom/sequence-in-union-iterator-access.html: Added.

Add test case showing that @@iterator is only accessed once when converting a sequence
as part of a union.

7:11 AM Changeset in webkit [217528] by Yusuke Suzuki
  • 2 edits in trunk/Source/WTF

[JSC][Linux][FreeBSD] Use faster Interpreter::getOpcodeID()
https://bugs.webkit.org/show_bug.cgi?id=172686

Reviewed by Mark Lam.

As of r217526, JSC gets faster Interpreter::getOpcodeID() by
embedding OpcodeID value just before the LLInt machine code
handler pointer. By doing so, we can retrieve OpcodeID from
the LLInt machine code handler by dereferencing the code
pointer. *((int*)ptr - 1).

This patch allows Linux and FreeBSD environments to use this
optimization.

  • wtf/Platform.h:
4:33 AM Changeset in webkit [217527] by Yusuke Suzuki
  • 5 edits in trunk/Source/JavaScriptCore

Unreviewed, build fix for Windows
https://bugs.webkit.org/show_bug.cgi?id=172413

Optimized jsDynamicCast for JSMap and JSSet will be handled in [1].

[1]: https://bugs.webkit.org/show_bug.cgi?id=172685

  • runtime/JSMap.h:

(JSC::isJSMap):
(JSC::jsDynamicCast): Deleted.
(JSC::>): Deleted.

  • runtime/JSSet.h:

(JSC::isJSSet):
(JSC::jsDynamicCast): Deleted.
(JSC::>): Deleted.

  • runtime/MapConstructor.cpp:

(JSC::constructMap):

  • runtime/SetConstructor.cpp:

(JSC::constructSet):

1:12 AM Changeset in webkit [217526] by mark.lam@apple.com
  • 9 edits in trunk/Source

Implement a faster Interpreter::getOpcodeID().
https://bugs.webkit.org/show_bug.cgi?id=172669

Reviewed by Saam Barati.

Source/JavaScriptCore:

We can implement Interpreter::getOpcodeID() without a hash table lookup by always
embedding the OpcodeID in the 32-bit word just before the start of the LLInt
handler code that executes each opcode. getOpcodeID() can therefore just read
the 32-bits before the opcode address to get its OpcodeID.

This is currently only enabled for CPU(X86), CPU(X86_64), CPU(ARM64),
CPU(ARM_THUMB2), and only for OS(DARWIN). It'll probably just work for linux as
well, but I'll let the Linux folks turn that on after they have verified that it
works on linux too.

I'll also take this opportunity to clean up how we initialize the opcodeIDTable:

  1. we only need to initialize it once per process, not once per VM / interpreter instance.
  2. we can initialize it in the Interpreter constructor instead of requiring a separate call to an initialize() function.

On debug builds, the Interpreter constructor will also verify that getOpcodeID()
is working correctly for each opcode when USE(LLINT_EMBEDDED_OPCODE_ID).

  • bytecode/BytecodeList.json:
  • generate-bytecode-files:
  • interpreter/Interpreter.cpp:

(JSC::Interpreter::Interpreter):
(JSC::Interpreter::opcodeIDTable):
(JSC::Interpreter::initialize): Deleted.

  • interpreter/Interpreter.h:

(JSC::Interpreter::getOpcode):
(JSC::Interpreter::getOpcodeID):

  • llint/LowLevelInterpreter.cpp:
  • runtime/VM.cpp:

(JSC::VM::VM):

Source/WTF:

Added the USE(LLINT_EMBEDDED_OPCODE_ID) configuration.

  • wtf/Platform.h:

May 27, 2017:

4:21 PM Changeset in webkit [217525] by Yusuke Suzuki
  • 18 edits
    1 move
    10 adds
    1 delete in trunk

[JSC] Map and Set constructors should have fast path for cloning
https://bugs.webkit.org/show_bug.cgi?id=172413

Reviewed by Saam Barati.

JSTests:

  • stress/map-clone-instance-iterator-change.js: Added.

(shouldBe):
(map.Symbol.iterator):

  • stress/map-clone-iterator-change.js: Added.

(shouldBe):
(Map.prototype.Symbol.iterator):

  • stress/map-clone-next-change.js: Added.

(shouldBe):
(map.Symbol.iterator.proto.next):

  • stress/map-clone.js: Added.

(shouldBe):
(Map.prototype):

  • stress/map-inherit-set.js: Added.

(shouldBe):
(DerivedMap):
(set for):

  • stress/set-clone-instance-iterator-change.js: Added.

(shouldBe):
(set Symbol.iterator):

  • stress/set-clone-iterator-change.js: Added.

(shouldBe):
(set Set.prototype.Symbol.iterator):

  • stress/set-clone-next-change.js: Added.

(shouldBe):
(set Symbol.iterator.proto.next):

  • stress/set-clone.js: Added.

(shouldBe):
(set Set.prototype.add):

  • stress/set-inherit-add.js: Added.

(shouldBe):
(DerivedSet.set add):

Source/JavaScriptCore:

In this patch, we add a fast path for cloning in Set and Map constructors.

In ARES-6 Air, we have code like new Set(set) to clone the given set.
At that time, our generic path just iterates the given set object and add
it to the newly created one. It is quite slow because we need to follow
the iterator protocol inside C++ and we need to call set.add() repeatedly
while the given set guarantees the elements are unique.

This patch implements clone() function to JSMap and JSSet. Cloning JSMap
and JSSet are done really fast without invoking any observable JS functions.
To check whether we can use this clone() function in Set and Map constructors,
we set several watchpoints.

In the case of Set,

  1. Set.prototype[Symbol.iterator] is not changed.
  2. SetIterator.prototype.next is not changed.
  3. Set.prototype.add is not changed.
  4. The given Set does not have [Symbol.iterator] function in its instance.
  5. The given Set's Prototype? is Set.prototype.
  6. Newly created set's Prototype? is Set.prototype.

If the above requirements are met, cloning the given Set is not observable to users.
Thus we can take a fast path.

Currently, we do not integrate this optimization into DFG and FTL.
And we do not optimize other iterables. For example, we can optimize Set
constructor taking Int32 Array. And we should optimize generic iterator cases too.
They are planned as part of a separate bug[1].

This change improves ARES-6 Air by 5.3% in steady state.

Baseline:

Running... Air ( 1 to go)
firstIteration: 76.41 +- 15.60 ms
averageWorstCase: 40.63 +- 7.54 ms
steadyState: 9.13 +- 0.51 ms

Patched:

Running... Air ( 1 to go)
firstIteration: 75.00 +- 22.54 ms
averageWorstCase: 39.18 +- 8.45 ms
steadyState: 8.67 +- 0.28 ms

[1]: https://bugs.webkit.org/show_bug.cgi?id=172419

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • runtime/ArrayIteratorAdaptiveWatchpoint.cpp: Removed.
  • runtime/HashMapImpl.h:

(JSC::HashMapBucket::extractValue):
(JSC::HashMapImpl::finishCreation):
(JSC::HashMapImpl::add):
(JSC::HashMapImpl::setUpHeadAndTail):
(JSC::HashMapImpl::addNormalizedNonExistingForCloning):
(JSC::HashMapImpl::addNormalizedInternal):

  • runtime/InternalFunction.cpp:

(JSC::InternalFunction::createSubclassStructureSlow):
(JSC::InternalFunction::createSubclassStructure): Deleted.

  • runtime/InternalFunction.h:

(JSC::InternalFunction::createSubclassStructure):

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::mapIteratorProtocolWatchpoint):
(JSC::JSGlobalObject::setIteratorProtocolWatchpoint):
(JSC::JSGlobalObject::mapSetWatchpoint):
(JSC::JSGlobalObject::setAddWatchpoint):
(JSC::JSGlobalObject::mapPrototype):
(JSC::JSGlobalObject::jsSetPrototype):
(JSC::JSGlobalObject::setStructure):

  • runtime/JSGlobalObjectInlines.h:

(JSC::JSGlobalObject::isMapPrototypeIteratorProtocolFastAndNonObservable):
(JSC::JSGlobalObject::isSetPrototypeIteratorProtocolFastAndNonObservable):
(JSC::JSGlobalObject::isMapPrototypeSetFastAndNonObservable):
(JSC::JSGlobalObject::isSetPrototypeAddFastAndNonObservable):

  • runtime/JSMap.cpp:

(JSC::JSMap::clone):
(JSC::JSMap::canCloneFastAndNonObservable):

  • runtime/JSMap.h:

(JSC::jsDynamicCast):
(JSC::>):
(JSC::JSMap::createStructure): Deleted.
(JSC::JSMap::create): Deleted.
(JSC::JSMap::set): Deleted.
(JSC::JSMap::JSMap): Deleted.

  • runtime/JSSet.cpp:

(JSC::JSSet::clone):
(JSC::JSSet::canCloneFastAndNonObservable):

  • runtime/JSSet.h:

(JSC::jsDynamicCast):
(JSC::>):
(JSC::JSSet::createStructure): Deleted.
(JSC::JSSet::create): Deleted.
(JSC::JSSet::JSSet): Deleted.

  • runtime/MapConstructor.cpp:

(JSC::constructMap):

  • runtime/ObjectPropertyChangeAdaptiveWatchpoint.h: Renamed from Source/JavaScriptCore/runtime/ArrayIteratorAdaptiveWatchpoint.h.

(JSC::ObjectPropertyChangeAdaptiveWatchpoint::ObjectPropertyChangeAdaptiveWatchpoint):

  • runtime/SetConstructor.cpp:

(JSC::constructSet):

Tools:

  • TestWebKitAPI/Tests/WTF/MathExtras.cpp:

(TestWebKitAPI::TEST):

1:15 PM Changeset in webkit [217524] by Chris Dumez
  • 11 edits
    2 adds in trunk

imported/w3c/web-platform-tests/html/semantics/forms/form-control-infrastructure/form_attribute.html is crashing
https://bugs.webkit.org/show_bug.cgi?id=172472
<rdar://problem/32334831>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

  • web-platform-tests/html/semantics/forms/form-control-infrastructure/form_attribute-expected.txt:

Rebaseline test now that more checks are passing. We were previously wrongly resetting the input form owner
to null when removing the form from the document and the input had a form attribute set and was a descendant
of the form.

Source/WebCore:

Fix assertion hit when running imported/w3c/web-platform-tests/html/semantics/forms/form-control-infrastructure/form_attribute.html.

When the form was removed from the document, A descendant would try to find a new form owner in the document. If the descendant had
a form content attribute and there was another form in the document with this ID, then we would erroneously associate the descendant with
that other form, even though that descendant is being disconnected. This is because when the form with the given id is removed, we
notify the IdTargetObservers of the change. In this case, the form control is an IdTargetObserver and gets notified after
removedFrom() has been called on the form but *before* removedFrom() has been called on its descendant form control. As a result, the
form control still thinks it is in the tree (i.e. isConnected() wrongly returns true) and we make the wrong decision and try to
associate it with another form in the document.

To address the problem, we leverage the fact that when a form element is being removed, it already notifies its associated form
controls that it is being removed. When it does, we make sure to clear the control's id observer if the form is its ancestor.
The ID observer is no longer needed beyond this point since the control is now disconnected from the document, and the ID observer
callback would erroneously associate it with another form element in the document of the same ID because isConnected() still returns
true at that point.
As a result, the control's form owner is kept unchanged, which is the right thing to do here, since it is its ancestor, even
though both are detached.

Test: fast/dom/HTMLFormElement/form-removal-duplicate-id-crash.html

  • dom/ContainerNode.h:

(WebCore::Node::rootNode):
Inline rootNode to avoid an extra function call in the fast path case. For the slow path, we now
call traverseToRootNode() to avoid duolicating logic.

  • dom/Node.cpp:

(WebCore::Node::traverseToRootNode):
Add a traverseToRootNode() method which gets the root node by traversing the ancestors. This logic was duplicated in 3 places:

  • Slow path in Node::rootNode()
  • computeRootNode() in FormAssociatedElement.cpp
  • findRoot() in HTMLFormElement.cpp

They are now consolidated in a single place to avoid duplication.

  • dom/Node.h:
  • html/FormAssociatedElement.cpp:

(WebCore::FormAssociatedElement::removedFrom):
Just simplify the logic a bit:

  • Clear the id observer (i.e. m_formAttributeTargetObserver) no matter what. Since the element is no longer part of the document, it is no longer needed. We would previously have checks that would basically avoid resetting m_formAttributeTargetObserver to null if it is already null. Settign m_formAttributeTargetObserver to null is cheap so there is no reason for those checks. Those checks were also confusing because they made it look like we would sometimes keep on id observer after being removed from the document.
  • Use new traverseToRootNode() utility function (no behavior change)
  • Drop unnecessary |element| local variable

(WebCore::FormAssociatedElement::formOwnerRemovedFromTree):

  • Rename to formOwnerRemovedFromTree() to make it clear that it is the element's form owner that is removed, and not just any form.
  • As we traverse the tree up to find the root, also check if we find the form owner. If we do, clear the id observer since we are effectively detached from the document and return early since there is no need to reset our form owner in this case.
  • html/FormAssociatedElement.h:
  • html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::removedFrom):

  • Use new traverseToRootNode() utility function (no behavior change)

LayoutTests:

Unskip test that is no longer crashing in Debug builds.

  • fast/dom/HTMLFormElement/form-removal-duplicate-id-crash-expected.txt: Added.
  • fast/dom/HTMLFormElement/form-removal-duplicate-id-crash.html: Added.

Add reduced test case reproducing the crash.

12:03 PM Changeset in webkit [217523] by Yusuke Suzuki
  • 26 edits
    13 moves
    1 delete in trunk/Source

[DOMJIT] Move DOMJIT patchpoint infrastructure out of domjit
https://bugs.webkit.org/show_bug.cgi?id=172260

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

DOMJIT::Patchpoint is now used for generalized CheckSubClass. And it becomes mature enough
to be used as a general-purpose injectable compiler over all the JIT tiers.

We extract DOMJIT::Patchpoint to jit/ and rename it JSC::Snippet.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/AccessCaseSnippetParams.cpp: Renamed from Source/JavaScriptCore/bytecode/DOMJITAccessCasePatchpointParams.cpp.

(JSC::SlowPathCallGeneratorWithArguments::generateImpl):
(JSC::AccessCaseSnippetParams::emitSlowPathCalls):

  • bytecode/AccessCaseSnippetParams.h: Renamed from Source/JavaScriptCore/bytecode/DOMJITAccessCasePatchpointParams.h.

(JSC::AccessCaseSnippetParams::AccessCaseSnippetParams):

  • bytecode/GetterSetterAccessCase.cpp:

(JSC::GetterSetterAccessCase::emitDOMJITGetter):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::blessCallDOMGetter):
(JSC::DFG::ByteCodeParser::handleDOMJITGetter):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGGraph.h:
  • dfg/DFGNode.h:
  • dfg/DFGSnippetParams.cpp: Renamed from Source/JavaScriptCore/dfg/DFGDOMJITPatchpointParams.cpp.
  • dfg/DFGSnippetParams.h: Renamed from Source/JavaScriptCore/dfg/DFGDOMJITPatchpointParams.h.

(JSC::DFG::SnippetParams::SnippetParams):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::allocateTemporaryRegistersForSnippet):
(JSC::DFG::SpeculativeJIT::compileCallDOMGetter):
(JSC::DFG::SpeculativeJIT::compileCheckSubClass):
(JSC::DFG::allocateTemporaryRegistersForPatchpoint): Deleted.

  • domjit/DOMJITCallDOMGetterSnippet.h: Renamed from Source/JavaScriptCore/domjit/DOMJITCallDOMGetterPatchpoint.h.

(JSC::DOMJIT::CallDOMGetterSnippet::create):

  • domjit/DOMJITGetterSetter.h:
  • domjit/DOMJITSignature.h:
  • domjit/DOMJITValue.h: Removed.
  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
(JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):

  • ftl/FTLSnippetParams.cpp: Renamed from Source/JavaScriptCore/ftl/FTLDOMJITPatchpointParams.cpp.
  • ftl/FTLSnippetParams.h: Renamed from Source/JavaScriptCore/ftl/FTLDOMJITPatchpointParams.h.

(JSC::FTL::SnippetParams::SnippetParams):

  • jit/Snippet.h: Renamed from Source/JavaScriptCore/domjit/DOMJITPatchpoint.h.

(JSC::Snippet::create):
(JSC::Snippet::setGenerator):
(JSC::Snippet::generator):

  • jit/SnippetParams.h: Renamed from Source/JavaScriptCore/domjit/DOMJITPatchpointParams.h.

(JSC::SnippetParams::~SnippetParams):
(JSC::SnippetParams::Value::Value):
(JSC::SnippetParams::Value::isGPR):
(JSC::SnippetParams::Value::isFPR):
(JSC::SnippetParams::Value::isJSValueRegs):
(JSC::SnippetParams::Value::gpr):
(JSC::SnippetParams::Value::fpr):
(JSC::SnippetParams::Value::jsValueRegs):
(JSC::SnippetParams::Value::reg):
(JSC::SnippetParams::Value::value):
(JSC::SnippetParams::SnippetParams):

  • jit/SnippetReg.h: Renamed from Source/JavaScriptCore/domjit/DOMJITReg.h.

(JSC::SnippetReg::SnippetReg):

  • jit/SnippetSlowPathCalls.h: Renamed from Source/JavaScriptCore/domjit/DOMJITSlowPathCalls.h.
  • jsc.cpp:

(WTF::DOMJITNode::checkSubClassSnippet):
(WTF::DOMJITFunctionObject::checkSubClassSnippet):
(WTF::DOMJITNode::checkSubClassPatchpoint): Deleted.
(WTF::DOMJITFunctionObject::checkSubClassPatchpoint): Deleted.

  • runtime/ClassInfo.h:

Source/WebCore:

  • ForwardingHeaders/jit/Snippet.h: Renamed from Source/WebCore/ForwardingHeaders/domjit/DOMJITPatchpoint.h.
  • ForwardingHeaders/jit/SnippetParams.h: Renamed from Source/WebCore/ForwardingHeaders/domjit/DOMJITPatchpointParams.h.
  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GenerateImplementation):

  • bindings/scripts/test/JS/JSTestDOMJIT.h:
  • domjit/DOMJITCheckDOM.h:

(WebCore::DOMJIT::checkDOM):

  • domjit/DOMJITHelpers.h:

(WebCore::DOMJIT::toWrapper):

  • domjit/JSDocumentDOMJIT.cpp:

(WebCore::checkSubClassSnippetForJSDocument):
(WebCore::DocumentDocumentElementDOMJIT::callDOMGetter):
(WebCore::DocumentBodyDOMJIT::callDOMGetter):
(WebCore::checkSubClassPatchpointForJSDocument): Deleted.

  • domjit/JSDocumentFragmentDOMJIT.cpp:

(WebCore::checkSubClassSnippetForJSDocumentFragment):
(WebCore::checkSubClassPatchpointForJSDocumentFragment): Deleted.

  • domjit/JSElementDOMJIT.cpp:

(WebCore::checkSubClassSnippetForJSElement):
(WebCore::checkSubClassPatchpointForJSElement): Deleted.

  • domjit/JSEventDOMJIT.cpp:

(WebCore::checkSubClassSnippetForJSEvent):
(WebCore::checkSubClassPatchpointForJSEvent): Deleted.

  • domjit/JSNodeDOMJIT.cpp:

(WebCore::checkSubClassSnippetForJSNode):
(WebCore::createCallDOMGetterForOffsetAccess):
(WebCore::NodeFirstChildDOMJIT::callDOMGetter):
(WebCore::NodeLastChildDOMJIT::callDOMGetter):
(WebCore::NodeNextSiblingDOMJIT::callDOMGetter):
(WebCore::NodePreviousSiblingDOMJIT::callDOMGetter):
(WebCore::NodeParentNodeDOMJIT::callDOMGetter):
(WebCore::NodeNodeTypeDOMJIT::callDOMGetter):
(WebCore::NodeOwnerDocumentDOMJIT::callDOMGetter):
(WebCore::checkSubClassPatchpointForJSNode): Deleted.

10:13 AM Changeset in webkit [217522] by simon.fraser@apple.com
  • 22 edits
    1 copy
    4 adds in trunk

getComputedStyle returns percentage values for left / right / top / bottom
https://bugs.webkit.org/show_bug.cgi?id=29084

Reviewed by Zalan Bujtas.
LayoutTests/imported/w3c:

New baselines (still failing).

  • web-platform-tests/css-timing-1/frames-timing-functions-output-expected.txt:
  • web-platform-tests/html/semantics/interactive-elements/the-dialog-element/centering-expected.txt:

Source/WebCore:

Fix getComputedStyle() to return pixel values for left / right / top / bottom, per spec.

This is mostly a merge of https://codereview.chromium.org/13871003/.

Behavior now matches Chrome and Firefox.

Test: fast/css/getComputedStyle/getComputedStyle-offsets.html

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::getOffsetComputedLength):
(WebCore::getOffsetUsedStyleRelative):
(WebCore::getOffsetUsedStyleAbsolute):
(WebCore::positionOffsetValue):
(WebCore::positionOffsetValueIsRendererDependent):
(WebCore::isNonReplacedInline):
(WebCore::isLayoutDependent):
(WebCore::ComputedStyleExtractor::propertyValue):

LayoutTests:

Some new baselines, a new test, and an improved test.

  • animations/trigger-container-scroll-boundaries-expected.txt:
  • animations/trigger-container-scroll-boundaries.html:
  • animations/trigger-container-scroll-empty-expected.txt:
  • animations/trigger-container-scroll-empty.html:
  • animations/trigger-container-scroll-simple-expected.txt:
  • animations/trigger-container-scroll-simple.html:
  • fast/css/getComputedStyle/computed-style-expected.txt:
  • fast/css/getComputedStyle/computed-style-negative-top-expected.txt:
  • fast/css/getComputedStyle/computed-style-negative-top.html: Convert to a real JS test, add more cases.
  • fast/css/getComputedStyle/getComputedStyle-offsets-expected.txt: Added.
  • fast/css/getComputedStyle/getComputedStyle-offsets.html: Added.
  • fast/css/getComputedStyle/getComputedStyle-zoom-and-background-size-expected.txt:
  • fast/css/getComputedStyle/getComputedStyle-zoom-and-background-size.html: It doesn't make any sense to test right/bottom.
  • fast/css/hover-affects-child-expected.txt:
  • fast/css/hover-affects-child.html:
  • platform/mac-elcapitan/fast/css/getComputedStyle/computed-style-expected.txt:
  • transitions/transition-to-from-auto-expected.txt:
  • transitions/transition-to-from-auto.html:
9:23 AM Changeset in webkit [217521] by zalan@apple.com
  • 4 edits in trunk

enclosingIntRect returns a rect with -1 width/height when the input FloatRect overflows integer.
https://bugs.webkit.org/show_bug.cgi?id=172676

Reviewed by Simon Fraser.

Source/WebCore:

Clamp integer values soon after the enclosing rectangle is resolved.

  • platform/graphics/FloatRect.cpp:

(WebCore::enclosingIntRect):

Tools:

  • TestWebKitAPI/Tests/WebCore/FloatRect.cpp:

(TestWebKitAPI::TEST):

May 26, 2017:

10:25 PM Changeset in webkit [217520] by commit-queue@webkit.org
  • 11 edits in trunk/Source

Simply some NSNumber usage
https://bugs.webkit.org/show_bug.cgi?id=172677

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-05-26
Reviewed by Sam Weinig.

Source/WebCore:

  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper _addAccessibilityObject:toTextMarkerArray:]):
(AXAttributeStringSetFont):
(AXAttributeStringSetStyle):

  • accessibility/mac/AXObjectCacheMac.mm:

(WebCore::AXObjectCache::postTextStateChangePlatformNotification):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(AXAttributeStringSetStyle):
(AXAttributeStringSetSpelling):

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):

  • platform/graphics/ca/cocoa/PlatformCAFiltersCocoa.mm:
  • rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::levelIndicatorFor):

Source/WebKit2:

  • PluginProcess/mac/PluginControllerProxyMac.mm:

(WebKit::PluginControllerProxy::platformGeometryDidChange):

  • UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::registerUserDefaultsIfNeeded):

  • WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm:

(-[WKAccessibilityWebPageObject accessibilityAttributeValue:]):

8:27 PM Changeset in webkit [217519] by commit-queue@webkit.org
  • 7 edits in trunk

WebRTC stats should be in milliseconds
https://bugs.webkit.org/show_bug.cgi?id=172644

Patch by Youenn Fablet <youenn@apple.com> on 2017-05-26
Reviewed by Eric Carlson.

Source/WebCore:

Covered by updated tests.

  • Modules/mediastream/RTCStatsReport.h:
  • Modules/mediastream/RTCStatsReport.idl:
  • Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:

(WebCore::fillRTCStats):

LayoutTests:

7:54 PM Changeset in webkit [217518] by weinig@apple.com
  • 25 edits
    2 adds in trunk

[WebIDL] Overloaded functions should throw this object check exception before argument check exception
https://bugs.webkit.org/show_bug.cgi?id=172480

Reviewed by Chris Dumez.

Source/WebCore:

  • Codifies naming for both parts of the operation/attribute function implementation:
    • The 'trampoline' which is the actual host function and simply calls IDLOperation, IDLOperationReturningPromise or IDLAttribute.
    • The 'body' which is where argument checking and calling into the implementation takes place.
  • Made it so all operations, including static ones, use the trampoline / body model, simplifying code generation. The one exception is for overloaded operations, which now have a trampoline and body for the dispatcher, and only bodies for all the overloads. This is what fixes the bug, since now that the dispatcher has a trampoline, it can do the correct this object checking via IDLOperation / IDLOperationReturningPromise.
  • Split out code generation for trampoline and body into separate subroutines and simplified their implementations.
  • Changed GenerateOverloadDispatcher to only generate the body of the function, leaving it up to the caller to generate the signature, braces and conditionals if needed.
  • Made more subroutines take an output array and indent, in support of future endeavors that will need that support.
  • Remove unnecessary #includes of <runtime/Error.h>, which gets included already by virtue of JSDOMExceptionHandling.h

Test: js/dom/overloaded-operation-exception-order.html

  • bindings/js/JSDOMOperation.h:
  • bindings/js/JSDOMOperationReturningPromise.h:

Add no-op static versions of the bouncer functions.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateOverloadDispatcher):
(GenerateOperationTrampolineDefinition):
(GenerateOperationBodyDefinition):
(GenerateOperationDefinition):
(GenerateSerializerDefinition):
(GenerateLegacyCallerDefinitions):
(GenerateLegacyCallerDefinition):
(GenerateArgumentsCountCheck):
(GenerateParametersCheck):
(GenerateImplementationFunctionCall):
(GenerateImplementationCustomFunctionCall):
(GenerateConstructorDefinitions):
(GenerateConstructorDefinition):

  • bindings/scripts/test/JS/JSInterfaceName.cpp:
  • bindings/scripts/test/JS/JSMapLike.cpp:
  • bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
  • bindings/scripts/test/JS/JSTestCEReactions.cpp:
  • bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
  • bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
  • bindings/scripts/test/JS/JSTestDOMJIT.cpp:
  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:
  • bindings/scripts/test/JS/JSTestException.cpp:
  • bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
  • bindings/scripts/test/JS/JSTestGlobalObject.cpp:
  • bindings/scripts/test/JS/JSTestInterface.cpp:
  • bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
  • bindings/scripts/test/JS/JSTestIterable.cpp:
  • bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
  • bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
  • bindings/scripts/test/JS/JSTestNode.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
  • bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
  • bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
  • bindings/scripts/test/JS/JSTestSerialization.cpp:
  • bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
  • bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:

Update test results.

LayoutTests:

Add test case that shows that using the wrong this object on an overloaded function,
even if you are passing the wrong number of arguments, results in an invalid this
object exception.

  • js/dom/overloaded-operation-exception-order-expected.txt: Added.
  • js/dom/overloaded-operation-exception-order.html: Added.
7:33 PM Changeset in webkit [217517] by keith_miller@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

REEGRESSION(r217459): testapi fails in JSExportTest's wrapperForNSObjectisObject().
https://bugs.webkit.org/show_bug.cgi?id=172654

Reviewed by Mark Lam.

The test's intent is to assert that an exception has not been
thrown (as indicated by the message string), but the test was
erroneously checking for ! the right condition. This is now fixed.

  • API/tests/JSExportTests.mm:

(wrapperForNSObjectisObject):

6:32 PM Changeset in webkit [217516] by zalan@apple.com
  • 2 edits in trunk/Tools

TestWebKitAPI: EnclosingIntRect and RoundedIntRect should use EXPECT_EQ.
https://bugs.webkit.org/show_bug.cgi?id=172674

Reviewed by Simon Fraser.

  • TestWebKitAPI/Tests/WebCore/FloatRect.cpp:

(TestWebKitAPI::TEST):

5:38 PM Changeset in webkit [217515] by bfulgham@apple.com
  • 14 edits in trunk/Source

[WK2] Address thread safety issues with ResourceLoadStatistics
https://bugs.webkit.org/show_bug.cgi?id=172519
<rdar://problem/31707642>

Reviewed by Chris Dumez.

Source/WebCore:

  • loader/ResourceLoadObserver.cpp:

(WebCore::ResourceLoadObserver::setStatisticsQueue): Added.
(WebCore::ResourceLoadObserver::clearInMemoryStore): Only interact with the HashTable on the statistics queue.
(WebCore::ResourceLoadObserver::clearInMemoryAndPersistentStore): Ditto.
(WebCore::ResourceLoadObserver::logFrameNavigation): Ditto.
(WebCore::ResourceLoadObserver::logSubresourceLoading): Ditto.
(WebCore::ResourceLoadObserver::logWebSocketLoading): Ditto.
(WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution): Ditto.
(WebCore::ResourceLoadObserver::logUserInteraction): Ditto.
(WebCore::ResourceLoadObserver::clearUserInteraction): Protect HashTable while reading.
(WebCore::ResourceLoadObserver::hasHadUserInteraction): Ditto.
(WebCore::ResourceLoadObserver::setPrevalentResource): Ditto.
(WebCore::ResourceLoadObserver::isPrevalentResource): Ditto.
(WebCore::ResourceLoadObserver::clearPrevalentResource): Ditto.
(WebCore::ResourceLoadObserver::setGrandfathered): Ditto.
(WebCore::ResourceLoadObserver::isGrandfathered): Ditto.
(WebCore::ResourceLoadObserver::setSubframeUnderTopFrameOrigin): Only interact with the HashTable on the statistics queue.
(WebCore::ResourceLoadObserver::setSubresourceUnderTopFrameOrigin): Ditto.
(WebCore::ResourceLoadObserver::setSubresourceUniqueRedirectTo): Ditto.
(WebCore::ResourceLoadObserver::fireDataModificationHandler): ASSERT this is only called from the main thread, since this is
only meant to be used as part of the testing harness.
(WebCore::ResourceLoadObserver::fireShouldPartitionCookiesHandler): Ditto.
(WebCore::ResourceLoadObserver::fireShouldPartitionCookiesHandler): Ditto.

  • loader/ResourceLoadObserver.h:
  • loader/ResourceLoadStatisticsStore.cpp:

(WebCore::ResourceLoadStatisticsStore::isPrevalentResource): Protect HashTable while using it.
(WebCore::ResourceLoadStatisticsStore::ensureResourceStatisticsForPrimaryDomain): Ditto.
(WebCore::ResourceLoadStatisticsStore::setResourceStatisticsForPrimaryDomain): Ditto.
(WebCore::ResourceLoadStatisticsStore::createEncoderFromData): ASSERT this isn't being done on the main thread, and
protect HashTable while using it.
(WebCore::ResourceLoadStatisticsStore::readDataFromDecoder): Ditto.
(WebCore::ResourceLoadStatisticsStore::clearInMemory): Ditto.
(WebCore::ResourceLoadStatisticsStore::clearInMemoryAndPersistent): Ditto.
(WebCore::ResourceLoadStatisticsStore::statisticsForOrigin): Protect HashTable while using it.
(WebCore::ResourceLoadStatisticsStore::takeStatistics): Ditto.
(WebCore::ResourceLoadStatisticsStore::mergeStatistics): Ditto.
(WebCore::ResourceLoadStatisticsStore::setNotificationCallback): Use WTF::Function.
(WebCore::ResourceLoadStatisticsStore::setShouldPartitionCookiesCallback): Ditto.
(WebCore::ResourceLoadStatisticsStore::setWritePersistentStoreCallback): Ditto.
(WebCore::ResourceLoadStatisticsStore::setGrandfatherExistingWebsiteDataCallback): Ditto.
(WebCore::ResourceLoadStatisticsStore::fireDataModificationHandler): ASSERT this is not called on the main thread,
but dispatch the registered handler on the main thread.
(WebCore::ResourceLoadStatisticsStore::fireShouldPartitionCookiesHandler): Ditto.
(WebCore::ResourceLoadStatisticsStore::processStatistics): ASSERT this isn't being done on the main thread, and
protect the HashTable while using it. Also switch to WTF::Function.
(WebCore::ResourceLoadStatisticsStore::hasHadRecentUserInteraction): Make const correct.
(WebCore::ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor): Protect HashTable while using it.
(WebCore::ResourceLoadStatisticsStore::updateStatisticsForRemovedDataRecords): Ditto.
(WebCore::ResourceLoadStatisticsStore::handleFreshStartWithEmptyOrNoStore): Ditto.
(WebCore::ResourceLoadStatisticsStore::shouldRemoveDataRecords): Make const correct. ASSERT this is not being called
on the main thread.
(WebCore::ResourceLoadStatisticsStore::dataRecordsBeingRemoved): ASSERT this is not being called on the main thread.
(WebCore::ResourceLoadStatisticsStore::dataRecordsWereRemoved): Ditto.
(WebCore::ResourceLoadStatisticsStore::statisticsLock): Added.

  • loader/ResourceLoadStatisticsStore.h:

Source/WebKit/mac:

Create a new WorkQueue for the ResourceLoadStatistics store to use for processing data.

  • WebView/WebView.mm:

(WebKitInitializeApplicationStatisticsStoragePathIfNecessary): Pass WorkQueue to the observer.

Source/WebKit2:

Address some thread safety issues with the ResourceLoadStatistics architecture.

  • UIProcess/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::removeDataRecords): Assert that this is never called on the main thread. Also
ensure that coreStore is only accessed on the statistics queue, not the main thread.
(WebKit::WebResourceLoadStatisticsStore::processStatisticsAndDataRecords): Dispatch coreStore-accessing code
on the statistics queue.
(WebKit::WebResourceLoadStatisticsStore::resourceLoadStatisticsUpdated): Assert we do not hit this method
on the main thread.
(WebKit::WebResourceLoadStatisticsStore::registerSharedResourceLoadObserver): Assert that this is being called on the
main thread. Also ensure that coreStore is only accessed on the statistics queue, not the main thread.
(WebKit::WebResourceLoadStatisticsStore::grandfatherExistingWebsiteData): Dispatch coreStore-accessing code
on the statistics queue.
(WebKit::WebResourceLoadStatisticsStore::readDataFromDiskIfNeeded): Lock data before operating on it.
(WebKit::WebResourceLoadStatisticsStore::writeStoreToDisk): Assert we do not hit this method on the main thread.
(WebKit::WebResourceLoadStatisticsStore::writeEncoderToDisk): Ditto.

  • UIProcess/WebResourceLoadStatisticsStore.h:
  • WebProcess/WebProcess.cpp: Add a queue for the local WebProcess ResourceLoadStatisticsStore to use while processing data.

(WebKit::m_statisticsQueue): Added.

  • WebProcess/WebProcess.h:

Source/WTF:

Add a new specialization for HashSet.

  • wtf/CrossThreadCopier.h:
5:22 PM Changeset in webkit [217514] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip fast/events/before-unload-returnValue.html on iOS.
https://bugs.webkit.org/show_bug.cgi?id=172672

Unreviewed test gardening.

  • platform/ios/TestExpectations:
5:22 PM Changeset in webkit [217513] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark workers/wasm-long-compile-many.html as flaky on mac-wk1.
https://bugs.webkit.org/show_bug.cgi?id=172331

Unreviewed test gardening.

  • platform/mac-wk1/TestExpectations:
5:05 PM Changeset in webkit [217512] by Ryan Haddad
  • 2 edits in branches/safari-603-branch/LayoutTests

Merge r217217.

4:00 PM Changeset in webkit [217511] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebKit2

[Cocoa] Simplify some WebViewImpl pasteboard code
https://bugs.webkit.org/show_bug.cgi?id=172668

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-05-26
Reviewed by Tim Horton.

  • Shared/mac/PasteboardTypes.mm:
  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::setFileAndURLTypes):
(WebKit::WebViewImpl::setPromisedDataForAttachment):

3:57 PM Changeset in webkit [217510] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.1.21.10

Tag Safari-604.1.21.10.

3:56 PM Changeset in webkit [217509] by commit-queue@webkit.org
  • 17 edits in trunk/Source

JSContext Inspector: Improve the reliability of automatically pausing in auto-attach
https://bugs.webkit.org/show_bug.cgi?id=172664
<rdar://problem/32362933>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-05-26
Reviewed by Matt Baker.

Source/JavaScriptCore:

Automatically pause on connection was triggering a pause before the
frontend may have initialized. Often during frontend initialization
the frontend may perform an action that clears the pause state requested
by the developer. This change defers the pause until after the frontend
has initialized, right before returning to the application's code.

  • inspector/remote/RemoteControllableTarget.h:
  • inspector/remote/RemoteInspectionTarget.h:
  • inspector/remote/cocoa/RemoteConnectionToTargetCocoa.mm:

(Inspector::RemoteConnectionToTarget::setup):

  • inspector/remote/glib/RemoteConnectionToTargetGlib.cpp:

(Inspector::RemoteConnectionToTarget::setup):

  • runtime/JSGlobalObjectDebuggable.cpp:

(JSC::JSGlobalObjectDebuggable::connect):
(JSC::JSGlobalObjectDebuggable::pause): Deleted.

  • runtime/JSGlobalObjectDebuggable.h:

Pass an immediatelyPause boolean on to the controller. Remove
the current path that invokes a pause before initialization.

  • inspector/JSGlobalObjectInspectorController.h:
  • inspector/JSGlobalObjectInspectorController.cpp:

(Inspector::JSGlobalObjectInspectorController::connectFrontend):
(Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
Manage should immediately pause state.

(Inspector::JSGlobalObjectInspectorController::frontendInitialized):
(Inspector::JSGlobalObjectInspectorController::pause): Deleted.
When initialized, trigger a pause if requested.

Source/WebCore:

  • inspector/InspectorController.h:
  • page/PageDebuggable.cpp:

(WebCore::PageDebuggable::connect):

  • page/PageDebuggable.h:

Pass an immediatelyPause boolean on to the controller.

  • inspector/InspectorController.cpp:

(WebCore::InspectorController::connectFrontend):
(WebCore::InspectorController::disconnectFrontend):
(WebCore::InspectorController::disconnectAllFrontends):
Manage should immediately pause state.

(WebCore::InspectorController::frontendInitialized):
When initialized, trigger a pause if requested.

Source/WebKit2:

  • UIProcess/Automation/WebAutomationSession.cpp:

(WebKit::WebAutomationSession::connect):

  • UIProcess/Automation/WebAutomationSession.h:

Special connection options are ignored in automation sessions.

2:41 PM Changeset in webkit [217508] by commit-queue@webkit.org
  • 3 edits
    1 add in trunk/Source/WebCore

[CMake] Consolidate CMake code related to FreeType
https://bugs.webkit.org/show_bug.cgi?id=172656

Patch by Don Olmstead <don.olmstead@am.sony.com> on 2017-05-26
Reviewed by Michael Catanzaro.

No new tests. No change in behavior.

  • PlatformGTK.cmake:
  • PlatformWPE.cmake:
  • platform/FreeType.cmake: Added.
2:33 PM Changeset in webkit [217507] by commit-queue@webkit.org
  • 34 edits in trunk/Source/WebCore

[WebIDL] Another bindings cleanup pass, this time focusing on attributes
https://bugs.webkit.org/show_bug.cgi?id=172619

Patch by Sam Weinig <sam@webkit.org> on 2017-05-26
Reviewed by Chris Dumez.

  • Moved attribute getter / setter generation into their own subroutines.
  • As was done for operations, moved trampoline functions for attributes below their implementation functions to avoid unseemly forward declaration.
  • Changed to place the getter and setter for an attribute next to each other, rather than having all the getters and then all the setters.
  • Moved JSFoo::getConstructor and JSFoo::getNamedConstructor up to be with other member functions.
  • Fix an issue where we were generating a setJSFooConstructor function and not installing it anywhere. Now we always generate either both the getter and setter or neither for the constructor property. Also moved their definition to just above all the attributes, rather than the odd placements of between the getters and setters which is where they had been.
  • Made InstanceNeedsVisitChildren a complete answer, rather than relying on some loop of the attributes to update needsVisitChildren bit.
  • Move use of passing conditionals when adding headers.
  • bindings/scripts/CodeGeneratorJS.pm:

(InstanceNeedsVisitChildren):
(GenerateHeader):
(GenerateImplementation):
(GenerateAttributeGetterDefinition):
(GenerateAttributeSetterDefinition):
(NeedsConstructorProperty):

  • bindings/scripts/test/JS/JSInterfaceName.cpp:
  • bindings/scripts/test/JS/JSMapLike.cpp:
  • bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
  • bindings/scripts/test/JS/JSTestCEReactions.cpp:
  • bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
  • bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
  • bindings/scripts/test/JS/JSTestDOMJIT.cpp:
  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:
  • bindings/scripts/test/JS/JSTestException.cpp:
  • bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
  • bindings/scripts/test/JS/JSTestGlobalObject.cpp:
  • bindings/scripts/test/JS/JSTestInterface.cpp:
  • bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
  • bindings/scripts/test/JS/JSTestIterable.cpp:
  • bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
  • bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
  • bindings/scripts/test/JS/JSTestNode.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
  • bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
  • bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
  • bindings/scripts/test/JS/JSTestSerialization.cpp:
  • bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
  • bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:

Update test results.

2:28 PM Changeset in webkit [217506] by commit-queue@webkit.org
  • 4 edits in trunk

[CMake] Wrap CODE_GENERATOR_PREPROCESSOR_EXECUTABLE on Windows hosts
https://bugs.webkit.org/show_bug.cgi?id=172553

Patch by Don Olmstead <don.olmstead@am.sony.com> on 2017-05-26
Reviewed by Brent Fulgham.

.:

  • Source/cmake/OptionsCommon.cmake:

Source/WebCore:

No new tests. No change in behavior.

  • bindings/scripts/preprocessor.pm:

(applyPreprocessor): Use shellwords() instead of splitting
preprocessor command by space. Combine it back in open3() call on
Windows to work around Cygwin-specific issue.

2:14 PM Changeset in webkit [217505] by Devin Rousso
  • 4 edits in trunk/Source/WebInspectorUI

Web Inspector: Reloading the page after switching from the Resource tab switches back
https://bugs.webkit.org/show_bug.cgi?id=172622

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/DebuggerSidebarPanel.js:

(WebInspector.DebuggerSidebarPanel.prototype._treeSelectionDidChange):

  • UserInterface/Views/ResourceSidebarPanel.js:

(WebInspector.ResourceSidebarPanel.prototype._treeSelectionDidChange):

  • UserInterface/Views/SearchSidebarPanel.js:

(WebInspector.SearchSidebarPanel.prototype._treeSelectionDidChange):
Don't show the newly selected tree element's represented object if the sidebar is not visible.

1:59 PM Changeset in webkit [217504] by Devin Rousso
  • 2 edits in trunk/Websites/bugs.webkit.org

Provide bug information when https://webkit.org/b/# URLs are added in comments
https://bugs.webkit.org/show_bug.cgi?id=169707

Reviewed by David Kilzer.

  • Bugzilla/Template.pm:

(quoteUrls):

1:47 PM Changeset in webkit [217503] by Devin Rousso
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: New Tab contents have extra vertical spacing when wrapped
https://bugs.webkit.org/show_bug.cgi?id=172530

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/NewTabContentView.css:

(.new-tab.tab.content-view):

1:40 PM Changeset in webkit [217502] by Ryan Haddad
  • 2 edits in branches/safari-603-branch/LayoutTests

Unreviewed, land TestExpectations for rdar://problem/30555012.

  • platform/ios-simulator/TestExpectations:
1:22 PM Changeset in webkit [217501] by wenson_hsieh@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed, fix the build using the latest SDK

Add deprecation guards around newly introduced (and deprecated) SPI.

  • platform/ios/WebItemProviderPasteboard.mm:

(-[WebItemProviderPasteboard setItemsUsingRegistrationInfoLists:]):

12:45 PM Changeset in webkit [217500] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Temporarily commenting out a JSExportTest test until webkit.org/b/172654 is fixed.
https://bugs.webkit.org/show_bug.cgi?id=172655

Reviewed by Saam Barati.

  • API/tests/JSExportTests.mm:

(wrapperForNSObjectisObject):

12:27 PM Changeset in webkit [217499] by Ryan Haddad
  • 10 edits
    3 adds in trunk

Unreviewed, rolling out r217458.

This change caused 55 JSC test failures.

Reverted changeset:

"Date should use historical data if it's available."
https://bugs.webkit.org/show_bug.cgi?id=172592
http://trac.webkit.org/changeset/217458

11:45 AM Changeset in webkit [217498] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

REGRESSION(216914): testCFStrings encounters an invalid ExecState callee pointer.
https://bugs.webkit.org/show_bug.cgi?id=172651

Reviewed by Saam Barati.

This is because the assertion utility functions used in testCFStrings() expects
to get the JSGlobalContextRef from the global context variable. However,
testCFStrings() creates its own JSGlobalContextRef but does not set the global
context variable to it.

The fix is to make testCFStrings() initialize the global context variable properly.

  • API/tests/testapi.c:

(testCFStrings):

11:20 AM Changeset in webkit [217497] by wenson_hsieh@apple.com
  • 2 edits in trunk/Tools

Add test resources back into TestWebKitAPI Copy Resources phase

Rubber-stamped by Beth Dakin.

Add two files back into the Copy Resources phase after they were unintentionally
removed in r217447 and r217496.

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
10:18 AM Changeset in webkit [217496] by bdakin@apple.com
  • 5 edits
    1 add in trunk

Media documents inside iframes should not get controls in the TouchBar unless the
video is playing
https://bugs.webkit.org/show_bug.cgi?id=172620
-and corresponding-
rdar://problem/32165477

Reviewed by Jon Lee.

Source/WebCore:

Media documents get to return early with true, but that should only apply to
mainframe media documents.

  • html/MediaElementSession.cpp:

(WebCore::MediaElementSession::canShowControlsManager):

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/VideoControlsManager.mm:

(TestWebKitAPI::TEST):

  • TestWebKitAPI/Tests/WebKit2Cocoa/offscreen-iframe-of-media-document.html: Added.
10:12 AM Changeset in webkit [217495] by Yusuke Suzuki
  • 7 edits
    1 add in trunk

Give ModuleProgram the same treatment that we did for ProgramCode in bug#167725
https://bugs.webkit.org/show_bug.cgi?id=167805

Reviewed by Saam Barati.

JSTests:

  • modules/module-jit-reachability.js: Added.

Source/JavaScriptCore:

Since ModuleProgramExecutable is executed only once, we can skip compiling
code unreachable from the current program count. This can skip massive
initialization code.

We already do this for global code in bug#167725. This patch extends it to
module code.

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::executeModuleProgram):

  • interpreter/Interpreter.h:
  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • runtime/JSModuleRecord.cpp:

(JSC::JSModuleRecord::evaluate):

  • runtime/JSModuleRecord.h:

(JSC::JSModuleRecord::moduleProgramExecutable): Deleted.

10:08 AM Changeset in webkit [217494] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebCore

Minor clean-up related to DocumentThreadableLoader redirections
https://bugs.webkit.org/show_bug.cgi?id=172647

Patch by Youenn Fablet <youenn@apple.com> on 2017-05-26
Reviewed by Chris Dumez.

No change of behavior.

Decrementing m_options redirect count directly instead of using an
additional counter.

To compare whether two URLs are same-origin, use scheme+host+port check
as per the spec.
This is fine as only the initial origin may have specific rules and we
are using the scheme+host+port checks when already being gone to
another origin.

  • loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::redirectReceived):

  • loader/DocumentThreadableLoader.h:
  • loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::checkRedirectionCrossOriginAccessControl):

10:03 AM Changeset in webkit [217493] by matthew_hanson@apple.com
  • 5 edits in branches/safari-604.1.21-branch/Source/WebKit2

Cherry-pick r217475. rdar://problem/32414363

10:03 AM Changeset in webkit [217492] by matthew_hanson@apple.com
  • 61 edits
    1 add in branches/safari-604.1.21-branch

Cherry-pick r217296. rdar://problem/32414363

9:13 AM Changeset in webkit [217491] by Ryan Haddad
  • 4 edits in trunk/LayoutTests

Rebaseline js/dom/global-constructors-attributes.html.

Unreviewed test gardening.

  • platform/mac-elcapitan/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac-wk1/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac/js/dom/global-constructors-attributes-expected.txt:
9:03 AM Changeset in webkit [217490] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Skip two LayoutTests that are failing due missing results.

Unreviewed test gardening.

7:36 AM Changeset in webkit [217489] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Fix memory leaks in MediaSampleAVFObjC::create
https://bugs.webkit.org/show_bug.cgi?id=172600

Patch by Youenn Fablet <youenn@apple.com> on 2017-05-26
Reviewed by Eric Carlson.

No change of behavior.

  • platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm:

(WebCore::MediaSampleAVFObjC::createImageSample):

6:28 AM Changeset in webkit [217488] by commit-queue@webkit.org
  • 8 edits
    2 copies
    2 adds in trunk/Source/WebKit2

Unreviewed, rolling out r217479.
https://bugs.webkit.org/show_bug.cgi?id=172642

Exposes an underlying bug in WPEBackend-mesa that we have to
resolve separately (Requested by zdobersek on #webkit).

Reverted changeset:

"[WPE] Use AcceleratedDrawingArea instead of its fork"
https://bugs.webkit.org/show_bug.cgi?id=172496
http://trac.webkit.org/changeset/217479

5:02 AM Changeset in webkit [217487] by Claudio Saavedra
  • 2 edits in trunk/LayoutTests

[WPE] Mark animations/animation-delay-changed.htm as flaky

Unreviewed gardening. It's flaky on all platforms so why bother.

  • platform/wpe/TestExpectations:
3:18 AM Changeset in webkit [217486] by Manuel Rego Casasnovas
  • 7 edits
    34 adds in trunk

[css-grid] Add support for orthogonal positioned grid items
https://bugs.webkit.org/show_bug.cgi?id=172591

Reviewed by Sergio Villar Senin.

LayoutTests/imported/w3c:

Imported new tests for this feature from WPT repository.

  • resources/import-expectations.json:
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-001-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-001.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-002-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-002.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-003-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-003.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-004-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-004.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-005-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-005.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-006-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-006.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-007-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-007.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-008-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-008.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-009-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-009.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-010-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-010.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-011-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-011.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-012-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-012.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-013-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-013.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-014-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-014.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-015-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-015.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-016-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-016.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-017-expected.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-017.html: Added.
  • web-platform-tests/css/css-grid-1/abspos/w3c-import.log:

Source/WebCore:

This patch adds support for positioned grid items with orthogonal flows.
Basically it just needs to check if the item is orthogonal to use
the column or row offset as logical left or top depending on the case.

Tests: imported/w3c/web-platform-tests/css/css-grid-1/abspos/orthogonal-positioned-grid-items-*.html

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::layoutPositionedObject):

LayoutTests:

Two of the new imported tests are failing due to an issue with margins
and orthogonal items, which is unrelated to this patch (see bug #172590).

3:16 AM Changeset in webkit [217485] by Adrian Perez de Castro
  • 2 edits in trunk

[CMake] Pass -fdiagnostics-color=always to GCC when building with Ninja
https://bugs.webkit.org/show_bug.cgi?id=172638

Reviewed by Yusuke Suzuki.

The oldest version of GCC supported for building WebKit is 4.9, which already accepts
-fdiagnostics-color=, therefore it is not needed to check the compiler version.

  • Source/cmake/OptionsCommon.cmake:
2:50 AM Changeset in webkit [217484] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebKit2

Unreviewed Mac cmake buildfix after r217137, just for fun.
https://bugs.webkit.org/show_bug.cgi?id=172362

  • PlatformMac.cmake:
2:33 AM Changeset in webkit [217483] by Carlos Garcia Campos
  • 7 edits
    11 adds in releases/WebKitGTK/webkit-2.16

Merge r214378 - Handle recursive calls to ProcessingInstruction::checkStyleSheet
https://bugs.webkit.org/show_bug.cgi?id=169982
<rdar://problem/31083051>

Reviewed by Antti Koivisto.

Source/WebCore:

See if we triggered a recursive load of the stylesheet during the 'beforeload'
event handler. If so, reset to a valid state before completing the load.

We should also check after 'beforeload' that we were not disconnected from (or
moved to a new) document.

I also looked for other cases of this pattern and fixed them, too.

Tests: fast/dom/beforeload/image-removed-during-before-load.html
fast/dom/beforeload/recursive-css-pi-before-load.html
fast/dom/beforeload/recursive-link-before-load.html
fast/dom/beforeload/recursive-xsl-pi-before-load.html

  • dom/ProcessingInstruction.cpp:

(WebCore::ProcessingInstruction::clearExistingCachedSheet): Added.
(WebCore::ProcessingInstruction::checkStyleSheet): Prevent recursive calls into
this function during 'beforeload' handling. Also, safely handle the case where
the element was disconnected in the 'beforeload' handler (similar to what
we do in HTMLLinkElement).
(WebCore::ProcessingInstruction::setCSSStyleSheet): Drive-by Fix: Protect the
current document to match what we do in setXSLStyleSheet.

  • dom/ProcessingInstruction.h:
  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::process): Prevent recursive calls into
this function during 'beforeload' handling.

  • html/HTMLLinkElement.h:
  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::dispatchPendingBeforeLoadEvent): safely handle the case where
the element was disconnected in the 'beforeload' handler (similar to what
we do in HTMLLinkElement).

  • style/StyleScope.cpp:

(WebCore::Style::Scope::hasPendingSheet): Added.

  • style/StyleScope.h:

LayoutTests:

  • fast/dom/beforeload/image-removed-during-before-load-expected.txt: Copied from LayoutTests/fast/dom/beforeload/image-removed-during-before-load-expected.txt.
  • fast/dom/beforeload/image-removed-during-before-load.html: Copied from LayoutTests/fast/dom/beforeload/image-removed-during-before-load.html.
  • fast/dom/beforeload/recursive-css-pi-before-load-expected.txt: Copied from LayoutTests/fast/dom/beforeload/recursive-css-pi-before-load-expected.txt.
  • fast/dom/beforeload/recursive-css-pi-before-load.html: Copied from LayoutTests/fast/dom/beforeload/recursive-css-pi-before-load.html.
  • fast/dom/beforeload/recursive-link-before-load-expected.txt: Copied from LayoutTests/fast/dom/beforeload/recursive-link-before-load-expected.txt.
  • fast/dom/beforeload/recursive-link-before-load.html: Copied from LayoutTests/fast/dom/beforeload/recursive-link-before-load.html.
  • fast/dom/beforeload/recursive-xsl-pi-before-load-expected.txt: Copied from LayoutTests/fast/dom/beforeload/recursive-xsl-pi-before-load-expected.txt.
  • fast/dom/beforeload/recursive-xsl-pi-before-load.html: Copied from LayoutTests/fast/dom/beforeload/recursive-xsl-pi-before-load.html.
  • fast/dom/beforeload/resources/content.xhtml: Copied from LayoutTests/fast/dom/beforeload/resources/content.xhtml.
  • fast/dom/beforeload/resources/pass.css: Copied from LayoutTests/fast/dom/beforeload/resources/pass.css.
  • fast/dom/beforeload/resources/test.xsl: Copied from LayoutTests/fast/dom/beforeload/resources/test.xsl.
1:17 AM Changeset in webkit [217482] by commit-queue@webkit.org
  • 2 edits
    4 adds in trunk/Source/WebInspectorUI

[GTK] Web Inspector: Add new GTK+ icons for Web Sockets
https://bugs.webkit.org/show_bug.cgi?id=172296

Patch by Fujii Hironori <Fujii Hironori> on 2017-05-26
Reviewed by Carlos Garcia Campos.

Add more free icons for the Web Inspector of GTK+ port.

  • UserInterface/Images/gtk/WebSocket.png: Added.
  • UserInterface/Images/gtk/WebSocket@2x.png: Added.
  • UserInterface/Images/gtk/WebSocketLarge.png: Added.
  • UserInterface/Images/gtk/WebSocketLarge@2x.png: Added.
  • UserInterface/Views/ResourceIcons.css:

(.resource-icon.resource-type-websocket .icon):
(.large .resource-icon.resource-type-websocket .icon):
(body:matches(.mac-platform, .windows-platform) .resource-icon.resource-type-websocket .icon): Deleted.
(body:matches(.mac-platform, .windows-platform) .large .resource-icon.resource-type-websocket .icon): Deleted.

1:16 AM Changeset in webkit [217481] by rniwa@webkit.org
  • 2 edits in trunk/Websites/perf.webkit.org

Show patches applied in each A/B testing build requests
https://bugs.webkit.org/show_bug.cgi?id=172636

Reviewed by Antti Koivisto.

List patches applied along side revisions inn the list of revisions for an A/B tesing build requests if there
are any patches applied.

  • public/v3/components/test-group-revision-table.js:

(TestGroupRevisionTable.prototype._renderTable): Indicate which request is to build a patch and which one is
to run tests.
(TestGroupRevisionTable.prototype._buildCommitCell): Include the patch file's information when there is one.
We need to use the requested commit set instead of the one reported by testers or builders since they don't
include patch or root information.
(TestGroupRevisionTable.prototype._buildCustomRootsCell):
(TestGroupRevisionTable.prototype._buildFileInfo): Extracted from _buildCustomRootsCell.

1:15 AM Changeset in webkit [217480] by rniwa@webkit.org
  • 3 edits in trunk/Websites/perf.webkit.org

The queue page is broke when there is a custom analysis task
https://bugs.webkit.org/show_bug.cgi?id=172631

Reviewed by Antti Koivisto.

Fix the bug that we were always assuming each build request to have a test associated.

  • public/v3/models/test-group.js:

(TestGroup.createAndRefetchTestGroups): Fixed the bug that we were referring to a non-existent variable task.

  • public/v3/pages/build-request-queue-page.js:

(BuildRequestQueuePage.prototype._constructBuildRequestTable): Fixed the bug. Collect every request in the group
and then find the first test request's test name. Make it clear that we're waiting for a build as needed.

1:07 AM Changeset in webkit [217479] by Carlos Garcia Campos
  • 8 edits
    4 deletes in trunk/Source/WebKit2

[WPE] Use AcceleratedDrawingArea instead of its fork
https://bugs.webkit.org/show_bug.cgi?id=172496

Reviewed by Žan Doberšek.

WPE uses its own drawing area implementation, which is actually a fork of AcceleratedDrawingArea, but simplified
for the case of compositing being always forced. AcceleratedDrawingArea already handles the case of compositing
being forced, so now that WPE is upstream we could simply use AcceleratedDrawingArea instead.

  • PlatformWPE.cmake:
  • Shared/DrawingAreaInfo.h: Remove DrawingAreaTypeWPE type.
  • UIProcess/API/wpe/DrawingAreaProxyWPE.cpp: Removed.
  • UIProcess/API/wpe/DrawingAreaProxyWPE.h: Removed.
  • UIProcess/API/wpe/PageClientImpl.cpp:

(WebKit::PageClientImpl::createDrawingAreaProxy): Create an AcceleratedDrawingAreaProxy.

  • WebProcess/WebPage/AcceleratedDrawingArea.cpp:

(WebKit::AcceleratedDrawingArea::mainFrameContentSizeChanged): Moved from DrawingAreaImpl since it actually
belongs here.

  • WebProcess/WebPage/DrawingArea.cpp:

(WebKit::DrawingArea::create): Create an AcceleratedDrawingArea for WPE port.

  • WebProcess/WebPage/DrawingAreaImpl.cpp: Remove mainFrameContentSizeChanged() that doesn't belong here.
  • WebProcess/WebPage/DrawingAreaImpl.h:
  • WebProcess/WebPage/wpe/DrawingAreaWPE.cpp: Removed.
  • WebProcess/WebPage/wpe/DrawingAreaWPE.h: Removed.
12:00 AM Changeset in webkit [217478] by gskachkov@gmail.com
  • 4 edits in trunk

Prevent async methods named 'function'
https://bugs.webkit.org/show_bug.cgi?id=172598

Reviewed by Mark Lam.

JSTests:

  • stress/async-await-syntax.js:

(testTopLevelAsyncAwaitSyntaxSloppyMode.testSyntax):
(testTopLevelAsyncAwaitSyntaxSloppyMode):
(prototype.testTopLevelAsyncAwaitSyntaxStrictMode.testSyntax):
(prototype.testTopLevelAsyncAwaitSyntaxStrictMode):
(testTopLevelAsyncAwaitSyntaxSloppyMode.testSyntaxError):

Source/JavaScriptCore:

Prevent async method named 'function' in class.
Link to change in ecma262 specification
https://github.com/tc39/ecma262/pull/884

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseClass):

May 25, 2017:

11:46 PM Changeset in webkit [217477] by commit-queue@webkit.org
  • 4 edits in trunk

Don't reset m_hasDisplayContents on ElementRareData::resetComputedStyle.
https://bugs.webkit.org/show_bug.cgi?id=172503

Patch by Emilio Cobos Álvarez <ecobos@igalia.com> on 2017-05-25
Reviewed by Antti Koivisto.

Source/WebCore:

We use that bit of information to determine whether we need to tear
down the renderers of a display: contents subtree, so better for it to
not change until the render tree is updated.

In practice, we may want to remove that bit and use ElementRareData's
RenderStyle instead (keeping it around as appropriate), to ensure they
don't go out of sync, but that's out of scope of this patch for now.

Tests: imported/w3c/web-platform-tests/css/css-display-3

  • dom/ElementRareData.h:

(WebCore::ElementRareData::resetComputedStyle):

LayoutTests:

10:39 PM Changeset in webkit [217476] by commit-queue@webkit.org
  • 3 edits
    2 adds in trunk

Fix MediaDeviceInfo's extended attributes so they make sense
https://bugs.webkit.org/show_bug.cgi?id=172629

Patch by Sam Weinig <sam@webkit.org> on 2017-05-25
Reviewed by Daniel Bates.

Source/WebCore:

MediaDeviceInfo.idl had both a Constructor and NoInterfaceObject, which
doesn't really make sense. Either way, the spec says it should have
neither, so remove both. And, while were there, add missing serializer.

Test: fast/mediastream/media-device-info.html

  • Modules/mediastream/MediaDeviceInfo.idl:

LayoutTests:

  • fast/mediastream/media-device-info-expected.txt: Added.
  • fast/mediastream/media-device-info.html: Added.

Test that MediaDeviceInfo has the expected properties and that
the serializer works.

9:41 PM Changeset in webkit [217475] by commit-queue@webkit.org
  • 5 edits in trunk/Source/WebKit2

[iOS] Disbale async image decoding when synchronously painting a newly parented WebView
https://bugs.webkit.org/show_bug.cgi?id=172626

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2017-05-25
Reviewed by Simon Fraser.

Large images have to be synchronously decoded when bringing a WebView to
the foreground because the whole page will be painted when we unblock the
UI process.

  • Shared/mac/RemoteLayerBackingStore.mm:

(WebKit::RemoteLayerBackingStore::drawInContext): Get nextFlushIsForImmediatePaint
from RemoteLayerTreeContext and pass the correct GraphicsLayerPaintFlags
to drawLayerContents().

  • WebProcess/WebPage/mac/RemoteLayerTreeContext.h:

(WebKit::RemoteLayerTreeContext::setNextFlushIsForImmediatePaint):
(WebKit::RemoteLayerTreeContext::nextFlushIsForImmediatePaint):

  • WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h:
  • WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:

(WebKit::RemoteLayerTreeDrawingArea::flushLayers): Pass
m_nextFlushIsForImmediatePaint to RemoteLayerTreeContext and then reset it.
(WebKit::RemoteLayerTreeDrawingArea::activityStateDidChange):
Set m_nextFlushIsForImmediatePaint to true to say that in the next flush,
large images have to be synchronously decoded.

9:24 PM Changeset in webkit [217474] by commit-queue@webkit.org
  • 7 edits in trunk

_WKUserStyleSheet and WKUserScript leak string data
https://bugs.webkit.org/show_bug.cgi?id=172583
<rdar://problem/32395209>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-05-25
Reviewed by Sam Weinig.

Source/WebKit2:

  • UIProcess/API/Cocoa/WKUserScript.mm:

(-[WKUserScript dealloc]):

  • UIProcess/API/Cocoa/_WKUserStyleSheet.mm:

(-[_WKUserStyleSheet dealloc]):
Follow the pattern of destructing the internal API object.

  • UIProcess/API/Cocoa/WKUserScriptInternal.h:
  • UIProcess/API/Cocoa/_WKUserStyleSheetInternal.h:

Remove unnecessary includes.

Tools:

  • TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:

We should not have been adopting an autoreleased object.

9:19 PM Changeset in webkit [217473] by Chris Dumez
  • 4 edits
    2 adds in trunk

imported/w3c/web-platform-tests/html/semantics/forms/form-control-infrastructure/form_owner_and_table_2.html is crashing
https://bugs.webkit.org/show_bug.cgi?id=172628
<rdar://problem/32418707>

Reviewed by Sam Weinig.

Source/WebCore:

In the event where a form is removed synchronously by a script during parsing,
FormAssociatedElement::m_formSetByParser may end up referring to a form that
is no longer in the document. As a result, we should make sure m_formSetByParser
is still connected in FormAssociatedElement::insertedInto() before we call
FormAssociatedElement::setForm(m_formSetByParser).

Test: fast/dom/HTMLFormElement/form-removed-during-parsing-crash.html

  • html/FormAssociatedElement.cpp:

(WebCore::FormAssociatedElement::insertedInto):

LayoutTests:

Add reduced test case.

Unskip test that is no longer crashing in debug builds.

  • fast/dom/HTMLFormElement/form-removed-during-parsing-crash-expected.txt: Added.
  • fast/dom/HTMLFormElement/form-removed-during-parsing-crash.html: Added.
8:53 PM Changeset in webkit [217472] by zalan@apple.com
  • 3 edits
    7 adds in trunk

Frame's composited content is visible when the frame has visibility: hidden.
https://bugs.webkit.org/show_bug.cgi?id=125565
<rdar://problem/32196849>

Reviewed by Simon Fraser.

Source/WebCore:

Do not construct composited layers for hidden RenderWidgets (frameset, iframe, object).
Note that we still construct layers for the associated renderers as usual.

Tests: compositing/visibility/frameset-visibility-hidden.html

compositing/visibility/iframe-visibility-hidden.html
compositing/visibility/object-visibility-hidden.html

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::requiresCompositingForPlugin):
(WebCore::RenderLayerCompositor::requiresCompositingForFrame):

LayoutTests:

  • compositing/resources/visibility.html: Added.
  • compositing/visibility/frameset-visibility-hidden-expected.html: Added.
  • compositing/visibility/frameset-visibility-hidden.html: Added.
  • compositing/visibility/iframe-visibility-hidden-expected.html: Added.
  • compositing/visibility/iframe-visibility-hidden.html: Added.
  • compositing/visibility/object-visibility-hidden-expected.html: Added.
  • compositing/visibility/object-visibility-hidden.html: Added.
7:58 PM Changeset in webkit [217471] by jmarcell@apple.com
  • 7 edits in tags/Safari-604.1.23.0.1/Source

Versioning.

7:56 PM Changeset in webkit [217470] by bfulgham@apple.com
  • 2 edits in trunk/LayoutTests

Gracefully handle missing localStorage support in results.html
https://bugs.webkit.org/show_bug.cgi?id=172625
<rdar://problem/32118243>

Reviewed by Alexey Proskuryakov.

Handle the case where localStorage generates a SecurityError DOMException, treating this
as a non-fatal error.

  • fast/harness/results.html:

(OptionWriter.save): Treat "SecurityError" as an expected condition.
(OptionWriter.apply): Ditto.

7:54 PM Changeset in webkit [217469] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.1.23.0.1

New tag.

7:40 PM Changeset in webkit [217468] by Yusuke Suzuki
  • 2 edits in trunk/Source/WebCore

Unreviewed, build fix in GTK and WPE ports
https://bugs.webkit.org/show_bug.cgi?id=172580

Missing RenderSVGResourceMode declaration in SVGInlineTextBox.h.

  • rendering/svg/SVGInlineTextBox.h:
7:14 PM Changeset in webkit [217467] by Yusuke Suzuki
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, build fix for GCC

std::tuple does not have implicit constructor.
Thus, we cannot use implicit construction with initializer brace.
We should specify the name like GetInst { }.

  • bytecompiler/BytecodeGenerator.h:

(JSC::StructureForInContext::addGetInst):

7:10 PM Changeset in webkit [217466] by ap@apple.com
  • 23 edits
    2 copies
    8 deletes in trunk/LayoutTests

Merge split script tests, part 2
https://bugs.webkit.org/show_bug.cgi?id=172423

Reviewed by Tim Horton.

Fix the few remaining special cases of split tests.

  • editing/pasteboard/drop-text-events-sideeffect-crash.html:
  • editing/pasteboard/script-tests/drop-text-events-sideeffect.js: Removed.

This JS file used to be shared between this test and editing/pasteboard/drop-text-events-sideeffect.html.
Now it's inlined in both.

  • fast/canvas/canvas-ellipse-connecting-line-expected.html:
  • fast/canvas/script-tests/js-ellipse-implementation.js: Removed.

This was really a resource, not a scrip test, and it was only only used in one test.

  • fast/dom/HTMLElement/class-list-quirks.html:
  • fast/dom/HTMLElement/script-tests/class-list.js: Removed.

Another JS that used to be shared (with fast/dom/HTMLElement/class-list.html).

  • fast/dom/Window/resources/postmessage-test.js: Copied from LayoutTests/fast/dom/Window/script-tests/postmessage-test.js.
  • fast/dom/Window/script-tests/postmessage-test.js: Removed.

Moved a shared resource to its proper location.

  • fast/dom/Window/script-tests/postmessage-clone-deep-array.js: Removed.
  • fast/dom/Window/script-tests/postmessage-clone-really-deep-array.js: Removed.
  • fast/dom/Window/script-tests/postmessage-clone.js: Removed.
  • fast/dom/Window/window-postmessage-clone-deep-array.html:
  • fast/dom/Window/window-postmessage-clone-really-deep-array.html:
  • fast/dom/Window/window-postmessage-clone.html:

Straightforward js-tests with file names that didn't match.

  • fast/table/resources/min-width-helpers.js: Copied from LayoutTests/fast/table/script-tests/min-width-helpers.js.
  • fast/table/script-tests/min-width-helpers.js: Removed.

Moved a shared resource to its proper location.

  • fast/table/min-width-css-block-table.html:
  • fast/table/min-width-css-inline-table.html:
  • fast/table/min-width-html-block-table.html:
  • fast/table/min-width-html-inline-table.html:
  • fast/table/script-tests/min-width-css-block-table.js: Removed.
  • fast/table/script-tests/min-width-css-inline-table.js: Removed.
  • fast/table/script-tests/min-width-html-block-table.js: Removed.
  • fast/table/script-tests/min-width-html-inline-table.js: Removed.

Straightforward JS tests, weren't moved previously because my script was confused by min-width-helpers.js.

  • printing/break-after-avoid-expected.txt:
  • printing/break-after-avoid-page-expected.txt:
  • printing/break-after-avoid-page.html:
  • printing/break-after-avoid.html:
  • printing/script-tests/break-after-avoid-page.js: Removed.
  • printing/script-tests/break-after-avoid.js: Removed.
  • printing/script-tests/page-break-after-avoid.js: Removed.
  • printing/script-tests/page-break-always-for-overflow.js: Removed.

These had a number of copy/paste mistakes, so the tests werent's actually testing what they said they did.

  • svg/dom/SVGAnimatedEnumeration-SVGMaskElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGMaskElement.html:
  • svg/dom/SVGAnimatedEnumeration-SVGPatternElement-expected.txt:
  • svg/dom/SVGAnimatedEnumeration-SVGPatternElement.html:
  • svg/dom/script-tests/SVGAnimatedEnumeration-SVGMaskElement.js: Removed.
  • svg/dom/script-tests/SVGAnimatedEnumeration-SVGPatternElement.js: Removed.

These tests were mixed up - pattern was being tested instead of mask, and vice versa.

  • svg/dom/script-tests/SVGColor.js: Removed.
  • svg/dom/script-tests/SVGPaint.js: Removed.

Removed unused files.

  • svg/dynamic-updates/SVGFEFloodElement-inherit-flood-color.html:
  • svg/dynamic-updates/SVGFEGaussianBlurElement-dom-stdDeviation-call.html:
  • svg/dynamic-updates/SVGFESpecularLightingElement-dom-suraceScale-attr.html:
  • svg/dynamic-updates/SVGFESpecularLightingElement-svgdom-suraceScale-prop.html:
  • svg/dynamic-updates/script-tests/SVGFEFloodElement-inherit-flood-color-css-prop.js: Removed.
  • svg/dynamic-updates/script-tests/SVGFEGaussianBlurElement-svgdom-stdDeviation-call.js: Removed.
  • svg/dynamic-updates/script-tests/SVGFESpecularLightingElement-dom-surfaceScale-attr.js: Removed.
  • svg/dynamic-updates/script-tests/SVGFESpecularLightingElement-svgdom-surfaceScale-prop.js: Removed.

Straightforward js-tests with mismatching names.

7:04 PM Changeset in webkit [217465] by jmarcell@apple.com
  • 5 edits in branches/safari-603-branch/Source

Versioning.

6:56 PM Changeset in webkit [217464] by jmarcell@apple.com
  • 1 copy in tags/Safari-603.3.3

Tag Safari-603.3.3.

6:31 PM Changeset in webkit [217463] by simon.fraser@apple.com
  • 20 edits in trunk/Source/WebCore

Use a typedef for SVG resource mode flags union
https://bugs.webkit.org/show_bug.cgi?id=172580

Reviewed by Sam Weinig.

Use an OptionSet<> for RenderSVGResourceModes flags, and use it in render
SVG resource classes.

  • rendering/svg/RenderSVGResource.cpp:

(WebCore::requestPaintingResource):
(WebCore::RenderSVGResource::fillPaintingResource):
(WebCore::RenderSVGResource::strokePaintingResource):

  • rendering/svg/RenderSVGResource.h:

(WebCore::RenderSVGResource::postApplyResource):

  • rendering/svg/RenderSVGResourceClipper.cpp:

(WebCore::RenderSVGResourceClipper::applyResource):

  • rendering/svg/RenderSVGResourceClipper.h:
  • rendering/svg/RenderSVGResourceFilter.cpp:

(WebCore::RenderSVGResourceFilter::applyResource):
(WebCore::RenderSVGResourceFilter::postApplyResource):

  • rendering/svg/RenderSVGResourceFilter.h:
  • rendering/svg/RenderSVGResourceGradient.cpp:

(WebCore::RenderSVGResourceGradient::applyResource):

  • rendering/svg/RenderSVGResourceGradient.h:
  • rendering/svg/RenderSVGResourceMarker.h:
  • rendering/svg/RenderSVGResourceMasker.cpp:

(WebCore::RenderSVGResourceMasker::applyResource):

  • rendering/svg/RenderSVGResourceMasker.h:
  • rendering/svg/RenderSVGResourcePattern.cpp:

(WebCore::RenderSVGResourcePattern::buildPattern):
(WebCore::RenderSVGResourcePattern::applyResource):
(WebCore::RenderSVGResourcePattern::postApplyResource):

  • rendering/svg/RenderSVGResourcePattern.h:
  • rendering/svg/RenderSVGResourceSolidColor.cpp:

(WebCore::RenderSVGResourceSolidColor::applyResource):
(WebCore::RenderSVGResourceSolidColor::postApplyResource):

  • rendering/svg/RenderSVGResourceSolidColor.h:
  • rendering/svg/RenderSVGShape.cpp:

(WebCore::RenderSVGShape::fillShape):
(WebCore::RenderSVGShape::strokeShape):

  • rendering/svg/SVGInlineTextBox.cpp:

(WebCore::SVGInlineTextBox::SVGInlineTextBox):
(WebCore::SVGInlineTextBox::paintSelectionBackground):
(WebCore::SVGInlineTextBox::paint):
(WebCore::SVGInlineTextBox::acquirePaintingResource):
(WebCore::SVGInlineTextBox::releasePaintingResource):
(WebCore::SVGInlineTextBox::paintDecoration):
(WebCore::SVGInlineTextBox::paintDecorationWithStyle):

  • rendering/svg/SVGInlineTextBox.h:
  • rendering/svg/SVGRenderingContext.cpp:

(WebCore::SVGRenderingContext::~SVGRenderingContext):
(WebCore::SVGRenderingContext::prepareToRenderSVGContent):
(WebCore::SVGRenderingContext::renderSubtreeToImageBuffer): Avoid needless IntPoint -> LayoutPoint
conversion.

5:43 PM Changeset in webkit [217462] by jmarcell@apple.com
  • 13 edits
    1 add in branches/safari-603-branch

Cherry-pick r217438. rdar://problem/32385704

Patch by Saam Barati <sbarati@apple.com> on 2017-05-25

JSTests:

  • stress/for-in-invalidation-for-any-write.js: Added.

(assert):
(test):
(test.i):

Source/JavaScriptCore:

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitGetByVal):
(JSC::BytecodeGenerator::popIndexedForInScope):
(JSC::BytecodeGenerator::popStructureForInScope):
(JSC::BytecodeGenerator::invalidateForInContextForLocal):
(JSC::StructureForInContext::finalize):
(JSC::IndexedForInContext::finalize):

  • bytecompiler/BytecodeGenerator.h:

(JSC::StructureForInContext::addGetInst):
(JSC::IndexedForInContext::addGetInst):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_nop):

  • llint/LowLevelInterpreter.asm:
5:42 PM Changeset in webkit [217461] by mmaxfield@apple.com
  • 7 edits
    2 adds in trunk

[WK1] iframes in layer-backed NSViews are not cleared between successive draws
https://bugs.webkit.org/show_bug.cgi?id=172554
<rdar://problem/31247133>

Reviewed by Simon Fraser.

Source/WebKit/mac:

Update an overridden internal AppKit function to the new signature.

  • WebView/WebHTMLView.mm:

(-[WebHTMLView _recursive:displayRectIgnoringOpacity:inContext:shouldChangeFontReferenceColor:_recursive:displayRectIgnoringOpacity:inContext:topView:]):
(-[WebHTMLView _recursive:displayRectIgnoringOpacity:inGraphicsContext:CGContext:shouldChangeFontReferenceColor:_recursive:displayRectIgnoringOpacity:inGraphicsContext:CGContext:topView:shouldChangeFontReferenceColor:]):
(-[WebHTMLView _recursive:displayRectIgnoringOpacity:inContext:topView:]): Deleted.
(-[WebHTMLView _recursive:displayRectIgnoringOpacity:inGraphicsContext:CGContext:topView:shouldChangeFontReferenceColor:]): Deleted.

Tools:

Previously, there was no way to make DumpRenderTree's views layer-backed. Unfortunately,
simply setting [WebView setWantsLayer:] is insufficient; turning it on and then off again
leaves some state around inside the NSWindow which isn't easily cleaned up. Instead,
we should just tear down and rebuild the window whenever we need a layer-backed WebView.
We can also use the "webkit-test-runner" header comment to trigger this new layer-backed
codepath.

  • DumpRenderTree/TestOptions.h:
  • DumpRenderTree/TestOptions.mm:

(TestOptions::TestOptions):
(TestOptions::webViewIsCompatibleWithOptions):

  • DumpRenderTree/mac/DumpRenderTree.mm:

(shouldIgnoreWebCoreNodeLeaks):
(allowedFontFamilySet):
(-[DRTMockScroller rectForPart:]):
(-[DRTMockScroller drawKnob]):
(-[DRTMockScroller drawRect:]):
(createWebViewAndOffscreenWindow):
(initializeGlobalsFromCommandLineOptions):
(prepareConsistentTestingEnvironment):
(dumpRenderTree):
(dumpAudio):
(dumpHistoryItem):
(dumpBackForwardListForWebView):
(resetWebViewToConsistentStateBeforeTesting):
(WebThreadLockAfterDelegateCallbacksHaveCompleted):
(runTest):

LayoutTests:

Cause two successive paints, and compare it against 0 paints.

  • fast/frames/iframe-translucent-background-expected.html: Added.
  • fast/frames/iframe-translucent-background.html: Added.
5:29 PM Changeset in webkit [217460] by Devin Rousso
  • 11 edits in trunk/Source/WebInspectorUI

Web Inspector: Don't create DetailsSidebarPanel classes until they are needed by a Tab
https://bugs.webkit.org/show_bug.cgi?id=172393

Reviewed by Joseph Pecoraro.

  • UserInterface/Base/Main.js:

(WebInspector.contentLoaded):
Remove global instantiation of all DetailsSidebarPanel objects.

(WebInspector.instanceForClass):
Utility function for creating and accessing an instance of a given class.

  • UserInterface/Views/ContentBrowserTabContentView.js:

(WebInspector.ContentBrowserTabContentView):

  • UserInterface/Views/DebuggerTabContentView.js:

(WebInspector.DebuggerTabContentView):
(WebInspector.DebuggerTabContentView.prototype.showDetailsSidebarPanels):

  • UserInterface/Views/ElementsTabContentView.js:

(WebInspector.ElementsTabContentView):

  • UserInterface/Views/NetworkTabContentView.js:

(WebInspector.NetworkTabContentView):

  • UserInterface/Views/ResourcesTabContentView.js:

(WebInspector.ResourcesTabContentView):

  • UserInterface/Views/SearchTabContentView.js:

(WebInspector.SearchTabContentView):

  • UserInterface/Views/StorageTabContentView.js:

(WebInspector.StorageTabContentView):

  • UserInterface/Views/TabContentView.js:

(WebInspector.TabContentView):
(WebInspector.TabContentView.prototype.get detailsSidebarPanels):

  • UserInterface/Views/TimelineTabContentView.js:

(WebInspector.TimelineTabContentView):
Now accepts an array of DetailsSidebarPanel classes that are all instantiated when they are
about to be added to the DetailsSidebar.

5:18 PM Changeset in webkit [217459] by keith_miller@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Cleanup tests after r217240
https://bugs.webkit.org/show_bug.cgi?id=172466

Reviewed by Mark Lam.

I forgot to make my test an actual test. Also, remove second call runJSExportTests()

  • API/tests/JSExportTests.mm:

(wrapperForNSObjectisObject):

  • API/tests/testapi.mm:

(testObjectiveCAPIMain):

5:06 PM Changeset in webkit [217458] by keith_miller@apple.com
  • 10 edits
    3 deletes in trunk

Date should use historical data if it's available.
https://bugs.webkit.org/show_bug.cgi?id=172592

Reviewed by Mark Lam.

JSTests:

Remove parts of the date tests that rely on the absence of
historical data in Date.

  • mozilla/ecma/Date/15.9.5.31-1.js:

(getTestCases):

  • mozilla/ecma/Date/15.9.5.35-1.js:

(getTestCases):

Source/WTF:

The spec previously disallowed using historical data for Dates.
This is no longer the case. Additionally, not using historical
data, when available, seems unfortunate for users. This patch
removes the code dropping historical data.

  • wtf/DateMath.cpp:

(WTF::calculateLocalTimeOffset):
(WTF::msToMilliseconds): Deleted.

LayoutTests:

Fix tests to work with historically accurate dates.

  • js/dom/date-big-setdate-expected.txt: Removed.
  • js/dom/date-big-setdate.html: Removed.
  • js/dom/script-tests/date-big-setdate.js: Removed.
  • storage/indexeddb/modern/date-basic-expected.txt:
  • storage/indexeddb/modern/date-basic-private-expected.txt:
  • storage/indexeddb/modern/get-keyrange-expected.txt:
  • storage/indexeddb/modern/get-keyrange-private-expected.txt:
5:03 PM Changeset in webkit [217457] by msaboff@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

The default setting of Option::criticalGCMemoryThreshold is too high for iOS
https://bugs.webkit.org/show_bug.cgi?id=172617

Reviewed by Mark Lam.

Reducing criticalGCMemoryThreshold to 0.80 eliminated jetsam on iOS devices
when tested running JetStream.

  • runtime/Options.h:
4:11 PM Changeset in webkit [217456] by msaboff@apple.com
  • 7 edits in trunk/Source/bmalloc

bmalloc: scavenger runs too much on JetStream
https://bugs.webkit.org/show_bug.cgi?id=172373

Reviewed by Geoffrey Garen.

Instruments says that JetStream on macOS spends about 3% of its time in
madvise.

In <https://bugs.webkit.org/show_bug.cgi?id=160098>, Ben saw some
evidence that madvise was the reason that switching to bmalloc for
DFG::Node allocations was a slowdown the first time around.

In <https://bugs.webkit.org/show_bug.cgi?id=172124>, Michael saw that
scavening policy can affect JetStream.

Intuitively, it seems wrong for the heap to idle shrink during hardcore
benchmarking.

The strategy here is to back off in response to any heap growth event,
and to wait 2s instead of 0.5s for heap growth to take place -- but we
scavenge immediately in response to critical memory pressure, to avoid
jetsam.

One hole in this strategy is that a workload with a perfectly
unfragmented heap that allocates and deallocates ~16kB every 2s will
never shrink its heap. This doesn't seem to be a problem in practice.

This looks like a 2% - 4% speedup on JetStream on Mac Pro and MacBook Air.

  • bmalloc/AsyncTask.h:

(bmalloc::AsyncTask::willRun):
(bmalloc::AsyncTask::willRunSoon):
(bmalloc::Function>::AsyncTask):
(bmalloc::Function>::run):
(bmalloc::Function>::runSoon):
(bmalloc::Function>::threadRunLoop):
(bmalloc::Function>::runSlowCase): Deleted. Added a "run soon" state
so that execution delay is modeled directly instead of implicitly
through sleep events. This enables the Heap to issue a "run now" event
at any moment in response ot memory pressure.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::Heap): Don't call into our own API -- that's a layering
violation.

(bmalloc::Heap::updateMemoryInUseParameters): No need for
m_scavengeSleepDuration anymore.

(bmalloc::Heap::concurrentScavenge): Added a back-off policy when the
heap is growing.
(bmalloc::Heap::scavenge):

(bmalloc::Heap::scavengeSmallPages):
(bmalloc::Heap::scavengeLargeObjects): Don't try to give up in the middle
of a scavenge event. Our new backoff policy supplants that design. Also,
it's easier to profile and understand scavenging behavior if it always
runs to completion once started.

(bmalloc::Heap::scheduleScavenger):
(bmalloc::Heap::scheduleScavengerIfUnderMemoryPressure): Added a
synchronous amortized check for memory pressure. This check has the
benefit that it runs immediately during high rates of heap activity,
so we can detect memory pressure right away and wake the scavenger
instead of waiting for the scavenger to wake up.

(bmalloc::Heap::allocateSmallPage):
(bmalloc::Heap::deallocateSmallLine):
(bmalloc::Heap::splitAndAllocate):
(bmalloc::Heap::tryAllocateLarge):
(bmalloc::Heap::shrinkLarge):
(bmalloc::Heap::deallocateLarge):

  • bmalloc/Heap.h:

(bmalloc::Heap::isUnderMemoryPressure):

  • bmalloc/Sizes.h:
  • bmalloc/VMHeap.h:

(bmalloc::VMHeap::deallocateSmallPage):

  • bmalloc/bmalloc.h:

(bmalloc::api::scavenge): Updated for API changes above.

3:33 PM Changeset in webkit [217455] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

ASSERT(m_websiteDataStore->websiteDataStore().sessionID() == m_sessionID) in PageConfiguration::sessionID()
https://bugs.webkit.org/show_bug.cgi?id=172615
<rdar://problem/32277488>

Reviewed by Brady Eidson.

Fix assertion added in r215923 to take into account the fact that the PageConfiguration's sessionID
is SessionID::legacyPrivateSessionID() when private browsing is enabled, instead of being the
WebsiteDataStore's sessionID.

See code in WebProcessPool::createWebPage():
"""
pageConfiguration->setSessionID(pageConfiguration->preferences()->privateBrowsingEnabled() ? SessionID::legacyPrivateSessionID() : m_websiteDataStore->websiteDataStore().sessionID());
"""

  • UIProcess/API/APIPageConfiguration.cpp:

(API::PageConfiguration::sessionID):

3:29 PM Changeset in webkit [217454] by jmarcell@apple.com
  • 3 edits
    3 adds in branches/safari-603-branch

Cherry-pick r217439. rdar://problem/32089229

3:20 PM Changeset in webkit [217453] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Regression(r215686): Videos sometimes do not load in iBooks
https://bugs.webkit.org/show_bug.cgi?id=172604
<rdar://problem/32003717>

Reviewed by Geoffrey Garen.

Before r215686, the loop would have a check at the beginning to check if the
dataRequest's currentOffset was greater than the buffer length and would
cause the function to return early.

This check was dropped in r215686, which caused us in some cases to call
finishLoading / stopLoading() after the loop, even though we did not have
enough data in the buffer to satisfy the data request.

To address the issue, we now return early after the loop if remainingLength
is greater than 0, meaning that we could not satisfy the request. This makes
sure we do not call finishLoading / stopLoading() prematurely.

Note that before r215686, the condition of the while loop was
"while (remainingLength)" so the only way to get out of the loop was to:

  1. Get remainingLength to 0, in which case we would fall through and potentially call finishLoading / stopLoading() after the loop.
  2. Fail the "(data->size() <= [dataRequest currentOffset] - responseOffset)" check at the beginning of the loop, meaning that we ran out of data in the buffer. This would cause us to return from the function, not fall through, so we would not call finishLoading / stopLoading().

No new tests, I do not know how to write a test for this.

  • platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:

(WebCore::WebCoreAVFResourceLoader::fulfillRequestWithResource):

3:12 PM Changeset in webkit [217452] by Devin Rousso
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Changing the width of a Sidebar when it's collapsed shouldn't trigger a layout
https://bugs.webkit.org/show_bug.cgi?id=172606

Reviewed by Matt Baker.

  • UserInterface/Views/Sidebar.js:

(WebInspector.Sidebar.prototype._recalculateWidth):

2:35 PM Changeset in webkit [217451] by weinig@apple.com
  • 8 edits in trunk

[WebIDL] Use the term 'operation' more consistently
https://bugs.webkit.org/show_bug.cgi?id=172601

Reviewed by Chris Dumez.

We were using the term 'operation', a WebIDL term for function-like
constructs, inconsistently in the code generator. Now, when we use
'operation' when referring to the IDL concept (usually the object the
parser produces) and 'function' when referring to code being generated.

Source/WebCore:

  • bindings/scripts/CodeGenerator.pm:
  • bindings/scripts/IDLParser.pm:
  • bindings/scripts/generate-bindings.pl:

Tools:

  • DumpRenderTree/Bindings/CodeGeneratorDumpRenderTree.pm:
  • WebKitTestRunner/InjectedBundle/Bindings/CodeGeneratorTestRunner.pm:
2:31 PM Changeset in webkit [217450] by bfulgham@apple.com
  • 2 edits in trunk/Source/WebKit2

[WK2][iOS] Add a mach-lookup exception for 'com.apple.lsd.mapdb' to Network sandbox
https://bugs.webkit.org/show_bug.cgi?id=172465
<rdar://problem/32332836>

Reviewed by Alex Christensen.

Expand sandbox to allow lookup of the mapdb that contains UTI information used
by the Network process.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
2:26 PM Changeset in webkit [217449] by jer.noble@apple.com
  • 2 edits in trunk/Tools

Unreviewed build fix after r217447; only run test where JSC's ObjC API is available.

  • TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.mm:
2:10 PM Changeset in webkit [217448] by rniwa@webkit.org
  • 4 edits in trunk/Websites/perf.webkit.org

Syncing script shouldn't schedule a build request when there is a build from another test group in progress
https://bugs.webkit.org/show_bug.cgi?id=172577
<rdar://problem/32395049>

Reviewed by Chris Dumez.

When a buildbot master gets restarted while there is an in-progress build and a pending build, the master will
re-schedule the currently running build, and this can result in multiple build requests from different test
groups being scheduled simultaneously.

sync-buildbot.js was supposed to recover from this state by only processing build requests from one test group
at a time and eventually come back to a state where only a single test group is running per buildbot slave.

We had a test for this particular case but it wasn't testing what it claimed to test. Rewriten the test case
and fixed the bug by explicitly checking this condition and treating it as if there is a pending build already
scheduled in the builder in this case.

  • public/api/test-groups.php:

(main): Fixed a regression from r217397. Return the platform ID of the first request when none of the requets
have been processed yet or all of them had failed.

  • server-tests/tools-buildbot-triggerable-tests.js: Rewritten a test case intended to cover this bug.

(.assertRequestAndResolve): Added.

  • tools/js/buildbot-syncer.js:

(BuildbotSyncer.prototype.scheduleRequestInGroupIfAvailable): Fixed the bug. Avoid scheduling a new request on
this syncer if there is a build in progress for a test group different from that of the new request. Reuse the
code we had to deal with a pending build for this purpose.

2:05 PM Changeset in webkit [217447] by jer.noble@apple.com
  • 11 edits
    2 adds in trunk

System sleeps while playing to wireless target, ending stream.
https://bugs.webkit.org/show_bug.cgi?id=172541

Reviewed by Eric Carlson.

Source/WebCore:

API test: Tests/mac/MediaPlaybackSleepAssertion.mm

Keep the system from sleeping (but allow the display to sleep) while playing media to a wireless target.

Give the SleepDisabler a Type, either System or Display, which indicates what kind of sleep to disable.
Update HTMLMediaElement::shouldDisableSleep() to differentiate between a video which is playing locally,
one that is playing but not visible, and one that is playing remotely.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged):
(WebCore::HTMLMediaElement::updateSleepDisabling):
(WebCore::HTMLMediaElement::shouldDisableSleep):

  • html/HTMLMediaElement.h:
  • platform/SleepDisabler.cpp:

(WebCore::SleepDisabler::create):
(WebCore::SleepDisabler::SleepDisabler):

  • platform/SleepDisabler.h:

(WebCore::SleepDisabler::type):

  • platform/cocoa/SleepDisablerCocoa.cpp:

(WebCore::SleepDisabler::create):
(WebCore::SleepDisablerCocoa::SleepDisablerCocoa):
(WebCore::SleepDisablerCocoa::~SleepDisablerCocoa):

  • platform/cocoa/SleepDisablerCocoa.h:
  • platform/mac/WebVideoFullscreenController.mm:

(-[WebVideoFullscreenController updatePowerAssertions]):

  • platform/spi/cocoa/IOPMLibSPI.h:

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.html: Added.
  • TestWebKitAPI/Tests/mac/MediaPlaybackSleepAssertion.mm: Added.

(-[MediaPlaybackSleepAssertionLoadDelegate webView:didCreateJavaScriptContext:forFrame:]):
(-[MediaPlaybackSleepAssertionPolicyDelegate webView:decidePolicyForNavigationAction:request:frame:decisionListener:]):
(TestWebKitAPI::simulateKeyDown):
(TestWebKitAPI::hasAssertionType):
(TestWebKitAPI::TEST):

1:58 PM Changeset in webkit [217446] by jlewis3@apple.com
  • 2 edits in trunk/Tools

Unreviewed, rolling out r217423 and r217424.
https://bugs.webkit.org/show_bug.cgi?id=172607

These caused an api failure on all testers. (Requested by
mlewis13 on #webkit).

Reverted changesets:

"REGRESSION (r216977): 4 leaks introduced in new
WebKit2_WKHTTPCookieStoreWithoutProcessPool_Test"
https://bugs.webkit.org/show_bug.cgi?id=172558
http://trac.webkit.org/changeset/217423

"REGRESSION (r217423): Fix last-second typo in 'auto'"
http://trac.webkit.org/changeset/217424

Patch by Commit Queue <commit-queue@webkit.org> on 2017-05-25

1:53 PM Changeset in webkit [217445] by Chris Dumez
  • 4 edits
    2 adds in trunk

DocumentThreadableLoader::redirectReceived() should not rely on the resource's loader
https://bugs.webkit.org/show_bug.cgi?id=172578
<rdar://problem/30754582>

Reviewed by Youenn Fablet.

Source/WebCore:

DocumentThreadableLoader::redirectReceived() should not rely on the resource's loader. The rest of the methods do not.
It is unsafe for it to rely on the resource's loader because it gets cleared when the load completes. A CachedRawresource
may be reused from the memory cache once its load has completed.

This would cause crashes in CachedRawResource::didAddClient() when replaying the redirects because it would call
DocumentThreadableLoader::redirectReceived() and potentially not have a loader anymore. To hit this exact code path,
you would need to make repeated XHR to a cacheable simple cross-origin resource that has cacheable redirect.

Test: http/tests/xmlhttprequest/cacheable-cross-origin-redirect-crash.html

  • loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::redirectReceived):

  • loader/DocumentThreadableLoader.h:

LayoutTests:

Add layout test coverage.

  • http/tests/xmlhttprequest/cacheable-cross-origin-redirect-crash-expected.txt: Added.
  • http/tests/xmlhttprequest/cacheable-cross-origin-redirect-crash.html: Added.
1:22 PM Changeset in webkit [217444] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

com.apple.coremedia.videoencoder XPC service should be allowed by WebProcess sandbox
https://bugs.webkit.org/show_bug.cgi?id=172599

Patch by Youenn Fablet <youenn@apple.com> on 2017-05-25
Reviewed by Alex Christensen.

  • WebProcess/com.apple.WebProcess.sb.in:
1:07 PM Changeset in webkit [217443] by matthew_hanson@apple.com
  • 7 edits in trunk/Source

Versioning.

12:34 PM Changeset in webkit [217442] by simon.fraser@apple.com
  • 2 edits in trunk/Source/WebKit2

[iOS WK2] Avoid setting contentsScale and rasterizationScale on CATransformLayers
https://bugs.webkit.org/show_bug.cgi?id=172569

Reviewed by Dean Jackson.

Setting contentsScale and rasterizationScale on CATransformLayers is a waste of CPU time,
and triggers unwanted logging, so don't do it.

  • WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:

(WebKit::PlatformCALayerRemote::PlatformCALayerRemote):

12:22 PM Changeset in webkit [217441] by zalan@apple.com
  • 2 edits in trunk/Source/WebCore
ASSERTION FAILED: !needsStyleRecalc()
!document().childNeedsStyleRecalc()

https://bugs.webkit.org/show_bug.cgi?id=172576
<rdar://problem/32181979>

Reviewed by Brent Fulgham.

Ensure that we clean the subframe's document before start searching for a focusable element.

Covered by existing test.

  • page/FocusController.cpp:

(WebCore::FocusController::findFocusableElementDescendingDownIntoFrameDocument):

12:13 PM Changeset in webkit [217440] by matthew_hanson@apple.com
  • 1 copy in tags/Safari-604.1.23

Tag Safari-604.1.23.

11:50 AM Changeset in webkit [217439] by jiewen_tan@apple.com
  • 3 edits
    3 adds in trunk

Crash on WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance + 1195
https://bugs.webkit.org/show_bug.cgi?id=172555
<rdar://problem/32004724>

Reviewed by Ryosuke Niwa.

Source/WebCore:

setSelectionWithoutUpdatingAppearance could dispatch a synchronous focusin event,
which could invoke an event handler that deteles the frame. Therefore, add a
protector before the call.

Test: editing/selection/select-iframe-focusin-document-crash.html

  • editing/FrameSelection.cpp:

(WebCore::FrameSelection::setSelection):

LayoutTests:

  • editing/selection/resources/select-iframe-focusin-document-crash-frame.html: Added.
  • editing/selection/select-iframe-focusin-document-crash-expected.txt: Added.
  • editing/selection/select-iframe-focusin-document-crash.html: Added.
11:47 AM Changeset in webkit [217438] by sbarati@apple.com
  • 13 edits
    1 add in trunk

Our for-in optimization in the bytecode generator does its static analysis incorrectly
https://bugs.webkit.org/show_bug.cgi?id=172532
<rdar://problem/32369452>

Reviewed by Mark Lam.

JSTests:

  • stress/for-in-invalidation-for-any-write.js: Added.

(assert):
(test):
(test.i):

Source/JavaScriptCore:

Our static analysis for when a for-in induction variable
is written to tried to its analysis as we generate
bytecode. This has issues, since it does not account for
the dynamic execution path of the program. Let's consider
a program where our old analysis worked:

`
for (let p in o) {

o[p]; We can transform this into a fast get_direct_pname
p = 20;
o[p];
We cannot transform this since p has been changed.

}
`

However, our static analysis did not account for loops, which exist
in JavaScript. e.g, it would incorrectly compile this program as:
`
for (let p in o) {

for (let i = 0; i < 20; ++i) {

o[p]; It transforms this to use get_direct_pname even though p will be over-written if we get here from the inner loop back edge!
p = 20;
o[p];
We correctly do not transform this.

}

}
`

Because of this flaw, I've made the optimization more conservative.
We now optimistically emit code for the optimized access. However,
if a for-in context is *ever* invalidated, before we pop it off
the stack, we rewrite the program's optimized accesses to no longer
be optimized. To do this, each context keeps track of its optimized
accesses.

This patch also adds a new bytecode, op_nop, which is just a no-op.
It was helpful to add this because reverting get_direct_pname to get_by_val
will leave us with an extra instruction word because get_direct_pname is
has a length of 7 where get_by_val has a length of 6. This leaves us with
an extra slot that we fill with an op_nop.

  • bytecode/BytecodeDumper.cpp:

(JSC::BytecodeDumper<Block>::dumpBytecode):

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitGetByVal):
(JSC::BytecodeGenerator::popIndexedForInScope):
(JSC::BytecodeGenerator::popStructureForInScope):
(JSC::BytecodeGenerator::invalidateForInContextForLocal):
(JSC::StructureForInContext::pop):
(JSC::IndexedForInContext::pop):

  • bytecompiler/BytecodeGenerator.h:

(JSC::StructureForInContext::addGetInst):
(JSC::IndexedForInContext::addGetInst):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_nop):

  • llint/LowLevelInterpreter.asm:
11:22 AM Changeset in webkit [217437] by commit-queue@webkit.org
  • 6 edits in trunk/Source/WebCore

Ensure ImageFrameCache does not access its BitmapImage after it is deleted
https://bugs.webkit.org/show_bug.cgi?id=172563

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2017-05-25
Reviewed by Simon Fraser.

A crash may happen if the BitmapImage is deleted while the decoding thread
is still active. Once the current frame finishes decoding, the decoding
thread will make a callOnMainThread() which will access the deleted BitmapImage.

We need to ensure if BitmapImage is deleted, the raw pointer which references
it in ImageFrameCache is cleared. If this is done, nothing else is needed.
All all the accesses to container BitmapImage in ImageFrameCache are guarded
by checking m_image is not null.

  • platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::~BitmapImage): Make sure the decoding thread will
not have access to the deleted BitmapImage when it finishes decoding and
make its callOnMainThread().
(WebCore::BitmapImage::destroyDecodedData): Use the function new name.
(WebCore::BitmapImage::internalStartAnimation): Ditto.

  • platform/graphics/ImageFrameCache.cpp:

(WebCore::ImageFrameCache::startAsyncDecodingQueue): Protect the sourceURL
for the decoding thread. ImageFrameCache::sourceURL() checks for the value
of m_image which now may change from the main thread.

  • platform/graphics/ImageFrameCache.h:

(WebCore::ImageFrameCache::clearImage): Add a new function to clear the
raw pointer m_image when its is deleted.

  • platform/graphics/ImageSource.cpp:

(WebCore::ImageSource::resetData): Rename clear() to resetData() for better
code readability. This function deletes the ImageDecoder and creates a new
one if data is not null. The purpose is to delete the decoder raster data.
(WebCore::ImageSource::clear): Deleted.

  • platform/graphics/ImageSource.h:

(WebCore::ImageSource::clearImage): Wrapper for the ImageFrameCache function.

10:49 AM Changeset in webkit [217436] by commit-queue@webkit.org
  • 9 edits in trunk/Source/WebCore

Add some release logging for media elements
https://bugs.webkit.org/show_bug.cgi?id=172581

Patch by youenn fablet <youenn@apple.com> on 2017-05-25
Reviewed by Eric Carlson.

No change of behavior.

Adding logging for getUserMedia, video autoplay and incoming/outgoing webrtc video tracks.

  • Modules/mediastream/UserMediaRequest.cpp:

(WebCore::UserMediaRequest::allow):
(WebCore::UserMediaRequest::deny):

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::canTransitionFromAutoplayToPlay):

  • html/MediaElementSession.cpp:

(WebCore::MediaElementSession::playbackPermitted):

  • platform/Logging.h:
  • platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:

(WebCore::RealtimeIncomingVideoSource::OnFrame):

  • platform/mediastream/mac/RealtimeIncomingVideoSource.h:
  • platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:

(WebCore::RealtimeOutgoingVideoSource::sendOneBlackFrame):
(WebCore::RealtimeOutgoingVideoSource::videoSampleAvailable):

  • platform/mediastream/mac/RealtimeOutgoingVideoSource.h:
10:40 AM Changeset in webkit [217435] by jfernandez@igalia.com
  • 4 edits in trunk/LayoutTests

[css-align] Fixed errors in the CSS parsing tests of the "place-XXX" shorthands
https://bugs.webkit.org/show_bug.cgi?id=172593

Reviewed by Manuel Rego Casasnovas.

  • css3/parse-place-content.html:
  • css3/parse-place-items.html:
  • css3/parse-place-self.html:
10:40 AM Changeset in webkit [217434] by commit-queue@webkit.org
  • 2 edits in trunk

[CMake][Win] Use WTF_CPU not MSCV_CXX_ARCHITECTURE_ID when determining lib directories
https://bugs.webkit.org/show_bug.cgi?id=172570

Patch by Don Olmstead <don.olmstead@am.sony.com> on 2017-05-25
Reviewed by Per Arne Vollan.

  • Source/cmake/OptionsWin.cmake:
10:39 AM Changeset in webkit [217433] by weinig@apple.com
  • 45 edits
    4 adds
    1 delete in trunk/Source/WebCore

[WebIDL] Do a pass of cleanup in the bindings generator
https://bugs.webkit.org/show_bug.cgi?id=172566

Reviewed by Chris Dumez.

  • Split JSDOMBindingCaller.h into four new files to allow for less header inclusion (one includes a bunch of promise stuff that usually isn't needed):
    • JSDOMCastedThisErrorBehavior (with shared casting enum)
    • JSDOMAttribute (for attribute getting / setting)
    • JSDOMOperation (for normal operations)
    • JSDOMOperationReturningPromise (for operations returning promises, obviously).

In addition to separating the files, rename to be more consistent with modern
bindings conventions (new classes are IDLAttribute, IDLOperation, and
IDLOperationReturningPromise) and simplify function names

  • 'callOperation' becomes 'call'
  • 'attribute' becomes 'get'
  • 'setAttribute' becomes 'set'
  • Remove extra generated trampoline function for operations returning promises by making JSDOMOperationReturningPromise handle all the promise related overhead.
  • Make [Custom] operations returning promises go through the normal IDLOperationReturningPromise code path (simplifying JSReadableStreamSource and JSSubtleCrypto). Added [ReturnsOwnPromise] extended attribute to allow some functions that want to retain specialized behavior to do so
  • Swap order of trampoline and implementation of operation, to avoid the need for a forward declaration and make reading more straightforward.
  • WebCore.xcodeproj/project.pbxproj:

Add / remove files.

  • bindings/js/JSDOMBindingCaller.h: Removed.
  • bindings/js/JSDOMCastedThisErrorBehavior.h: Added.

Shared header for enum needed by JSDOMAttribute, JSDOMOperation and JSDOMOperationReturningPromise.

  • bindings/js/JSDOMAttribute.h: Added.
  • bindings/js/JSDOMOperation.h: Added.
  • bindings/js/JSDOMOperationReturningPromise.h: Added.

Split out JSDOMBindingCaller implementations into own classes / files. Simplify
naming.

  • bindings/js/JSDOMPromiseDeferred.h:

(WebCore::callPromiseFunction):
Add a variant of callPromiseFunction that takes a lambda.

  • bindings/js/JSEventTargetCustom.h:

(WebCore::IDLOperation<JSEventTarget>::call):
Update operation specialization to use new class.

  • bindings/js/JSReadableStreamSourceCustom.cpp:
  • bindings/js/JSSubtleCryptoCustom.cpp:

Simplify now that the callPromiseFunction is called for us.

  • crypto/WebKitSubtleCrypto.idl:
  • css/FontFace.idl:
  • dom/CustomElementRegistry.idl:

Add [ReturnsOwnPromise] to retain custom promise behavior.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
Update header generation to account for custom functions that return promises now
having a Ref<DeferredPromise>&& parameter.

(GenerateImplementation):

  • Update for new naming of cast functions.
  • Use AddToImplIncludes (and pass in conditional) rather than using $implIncludes directly, #includes to be grouped correctly.
  • Remove dead $inAppleCopyright code (it was moved to GenerateOperationDefinition earlier).

(GenerateOperationDefinition):

  • Use $codeGenerator->IsPromiseType() rather than directly comparing to "Promise" string.
  • Restructure code to allow trampoline (the code that calls IDLOperation) to come after the main operation implementation (the part that calls into the impl).
  • Support custom functions returning promises (and the [ReturnsOwnPromise] variant).

(GenerateImplementationIterableFunctions):
Update for name change to IDLOperation.

  • bindings/scripts/IDLAttributes.json:

Add [ReturnsOwnPromise].

  • bindings/scripts/test/JS/JSInterfaceName.cpp:
  • bindings/scripts/test/JS/JSMapLike.cpp:
  • bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
  • bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
  • bindings/scripts/test/JS/JSTestCEReactions.cpp:
  • bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
  • bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
  • bindings/scripts/test/JS/JSTestDOMJIT.cpp:
  • bindings/scripts/test/JS/JSTestEventConstructor.cpp:
  • bindings/scripts/test/JS/JSTestEventTarget.cpp:
  • bindings/scripts/test/JS/JSTestException.cpp:
  • bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
  • bindings/scripts/test/JS/JSTestGlobalObject.cpp:
  • bindings/scripts/test/JS/JSTestInterface.cpp:
  • bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
  • bindings/scripts/test/JS/JSTestIterable.cpp:
  • bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
  • bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
  • bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
  • bindings/scripts/test/JS/JSTestNode.cpp:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
  • bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
  • bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
  • bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
  • bindings/scripts/test/JS/JSTestSerialization.cpp:
  • bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
  • bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
  • bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
  • bindings/scripts/test/JS/JSTestTypedefs.cpp:

Update test results.

  • bindings/scripts/test/TestObj.idl:

Add additional test cases for operations returning promises.

10:18 AM Changeset in webkit [217432] by Yusuke Suzuki
  • 6 edits in trunk/Source/WTF

[Win] ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key)
https://bugs.webkit.org/show_bug.cgi?id=172586

Reviewed by Brent Fulgham.

In ThreadHolder for Windows, we need to construct HashMap<ThreadIdentifier, ThreadHolder*>.
The problem is that ThreadHolder::platformInitialize touches Thread::id() even before Thread
is not established. In that case, id() returns incorrect value.

But, calling ThreadHolder::initialize() after waiting for completion of Thread::establish() is
not a good idea. Since we already have NewThreadContext->creationMutex, we can wait for completion
of Thread::establish() easily. However, if we do so, Thread::create() returns RefPtr<Thread> that
may not call ThreadHolder::initialize() in its thread yet. In that case, ThreadHolder::get() fails.
Thus, Windows WTF::waitForThreadCompletion implementation becomes broken. We can add a new mutex
to wait for completion of ThreadHolder::initialize in the creator of the thread (like a ping-pong!).
But it overly complicates the implementation.

The following is overly complicated initialization phase.

Creator -> AC mutex(1) -------> establishment -> RL mutex(1) ----------------------> AC mutex(2) ->

Thread -----------------> AC mutex(1) -> ThreadHolder init -> RL mutex(2) ->

So, instead, in this patch, we just use Thread::currentID(). When calling ThreadHolder::initialize(),
we pass ThreadIdentifier by using Thread::currentID(). This implementation works great because,

  1. ThreadHolder::initialize requires ThreadIdentifier only in Windows environment because Pthread ThreadHolder does not create HashMap<>. And this is used for obsolete Threading APIs. Thus this hack will be removed in the near future.
  1. In Windows, Thread::currentID() can return a valid value without using ThreadHolder. And it does not require Thread establishment. So, calling currentID() to initialize ThreadHolder is ok in Windows.
  • wtf/ThreadHolder.cpp:

(WTF::ThreadHolder::initialize): Deleted.

  • wtf/ThreadHolder.h:
  • wtf/ThreadHolderPthreads.cpp:

(WTF::ThreadHolder::initialize):

  • wtf/ThreadHolderWin.cpp:

(WTF::ThreadHolder::initialize):
(WTF::ThreadHolder::platformInitialize): Deleted.

  • wtf/ThreadingWin.cpp:

(WTF::wtfThreadEntryPoint):

10:07 AM Changeset in webkit [217431] by Adrian Perez de Castro
  • 2 edits in trunk/Source/WTF

Clang warns about (intended) returning pointer to stack location in WTF/wtf/ThreadingPthreads.cpp
https://bugs.webkit.org/show_bug.cgi?id=172595

Reviewed by Mark Lam.

  • wtf/ThreadingPthreads.cpp: Use a #pragma to silence Clang warning about returning a

pointer to the stack (which is intended)

10:06 AM Changeset in webkit [217430] by jlewis3@apple.com
  • 2 edits in trunk/Source/WebKit2

Unreviewed, rolling out r217409.

The revision caused api failures

Reverted changeset:

"_WKUserStyleSheet leaks string data"
https://bugs.webkit.org/show_bug.cgi?id=172583
http://trac.webkit.org/changeset/217409

10:03 AM Changeset in webkit [217429] by mark.lam@apple.com
  • 12 edits
    1 add in trunk

ObjectToStringAdaptiveInferredPropertyValueWatchpoint should not reinstall itself nor handleFire if it's dying shortly.
https://bugs.webkit.org/show_bug.cgi?id=172548
<rdar://problem/31458393>

Reviewed by Filip Pizlo.

JSTests:

  • stress/regress-172548.patch: Added.

Source/JavaScriptCore:

Consider the following scenario:

  1. A ObjectToStringAdaptiveInferredPropertyValueWatchpoint O1, watches for structure transitions, e.g. structure S2 transitioning to structure S3. In this case, O1 would be installed in S2's watchpoint set.
  2. When the structure transition happens, structure S2 will fire watchpoint O1.
  3. O1's handler will normally re-install itself in the watchpoint set of the new "transitioned to" structure S3.
  4. "Installation" here requires writing into the StructureRareData SD3 of the new structure S3. If SD3 does not exist yet, the installation process will trigger the allocation of StructureRareData SD3.
  5. It is possible that the Structure S1, and StructureRareData SD1 that owns the ObjectToStringAdaptiveInferredPropertyValueWatchpoint O1 is no longer reachable by the GC, and therefore will be collected soon.
  6. The allocation of SD3 in (4) may trigger the sweeping of the StructureRareData SD1. This, in turn, triggers the deletion of the ObjectToStringAdaptiveInferredPropertyValueWatchpoint O1.

After O1 is deleted in (6) and SD3 is allocated in (4), execution continues in
AdaptiveInferredPropertyValueWatchpointBase::fire() where O1 gets installed in
structure S3's watchpoint set. This is obviously incorrect because O1 is already
deleted. The result is that badness happens later when S3's watchpoint set fires
its watchpoints and accesses the deleted O1.

The fix is to enhance AdaptiveInferredPropertyValueWatchpointBase::fire() to
check if "this" is still valid before proceeding to re-install itself or to
invoke its handleFire() method.

ObjectToStringAdaptiveInferredPropertyValueWatchpoint (which extends
AdaptiveInferredPropertyValueWatchpointBase) will override its isValid() method,
and return false its owner StructureRareData is no longer reachable by the GC.
This ensures that it won't be deleted while it's installed to any watchpoint set.

Additional considerations and notes:

  1. In the above, I talked about the ObjectToStringAdaptiveInferredPropertyValueWatchpoint being installed in watchpoint sets. What actually happens is that ObjectToStringAdaptiveInferredPropertyValueWatchpoint has 2 members (m_structureWatchpoint and m_propertyWatchpoint) which may be installed in watchpoint sets. The ObjectToStringAdaptiveInferredPropertyValueWatchpoint is not itself a Watchpoint object.

But for brevity, in the above, I refer to the ObjectToStringAdaptiveInferredPropertyValueWatchpoint
instead of its Watchpoint members. The description of the issue is still
accurate given the life-cycle of the Watchpoint members are embedded in the
enclosing ObjectToStringAdaptiveInferredPropertyValueWatchpoint object, and
hence, they share the same life-cycle.

  1. The top of AdaptiveInferredPropertyValueWatchpointBase::fire() removes its m_structureWatchpoint and m_propertyWatchpoint if they have been added to any watchpoint sets. This is safe to do even if the owner StructureRareData is no longer reachable by the GC.

This is because the only way we can get to AdaptiveInferredPropertyValueWatchpointBase::fire()
is if its Watchpoint members are still installed in some watchpoint set that
fired. This means that the AdaptiveInferredPropertyValueWatchpointBase
instance has not been deleted yet, because its destructor will automatically
remove the Watchpoint members from any watchpoint sets.

  • bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp:

(JSC::AdaptiveInferredPropertyValueWatchpointBase::fire):
(JSC::AdaptiveInferredPropertyValueWatchpointBase::isValid):

  • bytecode/AdaptiveInferredPropertyValueWatchpointBase.h:
  • heap/FreeList.cpp:

(JSC::FreeList::contains):

  • heap/FreeList.h:
  • heap/HeapCell.h:
  • heap/HeapCellInlines.h:

(JSC::HeapCell::isLive):

  • heap/MarkedAllocator.h:

(JSC::MarkedAllocator::isFreeListedCell):

  • heap/MarkedBlock.h:
  • heap/MarkedBlockInlines.h:

(JSC::MarkedBlock::Handle::isFreeListedCell):

  • runtime/StructureRareData.cpp:

(JSC::ObjectToStringAdaptiveInferredPropertyValueWatchpoint::isValid):

9:55 AM Changeset in webkit [217428] by Claudio Saavedra
  • 1 edit
    2 adds in trunk/LayoutTests

[ATK] Expose doc-footnote ARIA role with ATK_ROLE_FOOTNOTE
https://bugs.webkit.org/show_bug.cgi?id=172355

Patch by Joanmarie Diggs <jdiggs@igalia.com> on 2017-05-25
Reviewed by Chris Fleizach.

  • accessibility/gtk/xml-roles-exposed-expected.txt: Updated.
  • platform/gtk/accessibility/roles-exposed-expected.txt: Updated.
9:54 AM Changeset in webkit [217427] by simon.fraser@apple.com
  • 10 edits in trunk/Source/WebCore

Some <chrono> and ProgressTracker cleanup
https://bugs.webkit.org/show_bug.cgi?id=172582

Reviewed by Sam Weinig.

Remove some unnecessary <chrono> includes.
Convert some std::chrono to use MonotonicTime/Seconds.
Clean up ProgressTracker.
Some #pragma once.

  • dom/Document.h:
  • loader/ProgressTracker.cpp:

(WebCore::ProgressTracker::ProgressTracker):
(WebCore::ProgressTracker::reset):
(WebCore::ProgressTracker::progressStarted):
(WebCore::ProgressTracker::finalProgressComplete):
(WebCore::ProgressTracker::incrementProgress):

  • loader/ProgressTracker.h:
  • page/Settings.h:
  • platform/SearchPopupMenu.h:
  • platform/Timer.h:
  • platform/graphics/cg/IOSurfacePool.cpp:

(WebCore::IOSurfacePool::markOlderSurfacesPurgeable):

  • platform/graphics/cg/IOSurfacePool.h:

(WebCore::IOSurfacePool::CachedSurfaceDetails::resetLastUseTime):

  • platform/network/PlatformCookieJar.h:
9:43 AM Changeset in webkit [217426] by jdiggs@igalia.com
  • 12 edits in trunk

[ATK] Expose doc-footnote ARIA role with ATK_ROLE_FOOTNOTE
https://bugs.webkit.org/show_bug.cgi?id=172355

Reviewed by Chris Fleizach.

Source/WebCore:

Add a new FootnoteRole accessibility role to WebCore and map it to
ATK_ROLE_FOOTNOTE for WebKitGtk and NSAccessibilityGroupRole with
a subrole of AXApplicationGroup for the Mac port.

No new tests because we already have coverage for this role.
The existing test expectations were updated to reflect the
new mapping of doc-footnote to ATK_ROLE_FOOTNOTE.

  • accessibility/AccessibilityObject.cpp:

(WebCore::initializeRoleMap):
(WebCore::AccessibilityObject::computedRoleString):

  • accessibility/AccessibilityObject.h:
  • accessibility/atk/WebKitAccessibleWrapperAtk.cpp:

(atkRole):

  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(createAccessibilityRoleMap):
(-[WebAccessibilityObjectWrapper subrole]):

Tools:

Add map ATK_ROLE_FOOTNOTE to "AXFootnote" and bump jhbuild minimum
versions of atk, at-spi2-core, and at-spi2-atk to 2.25.2 (the earliest
releases which support the new platform footnote accessibility role.

  • WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:
  • gtk/jhbuild.modules:

LayoutTests:

  • accessibility/gtk/xml-roles-exposed-expected.txt: Updated.
  • platform/gtk/accessibility/roles-exposed-expected.txt: Updated.
9:24 AM Changeset in webkit [217425] by clopez@igalia.com
  • 2 edits in trunk/LayoutTests

[GTK] [WebCrypto] Mark new WebCryptoAPI test failures after last WPT sync

Unreviewed GTK gardening.

  • platform/gtk/TestExpectations:
8:57 AM Changeset in webkit [217424] by ddkilzer@apple.com
  • 2 edits in trunk/Tools

REGRESSION (r217423): Fix last-second typo in 'auto'

  • TestWebKitAPI/Tests/WebKit2Cocoa/WKHTTPCookieStore.mm:

(WebKit2_WKHTTPCookieStoreWithoutProcessPool_Test): Fix typo.

8:54 AM Changeset in webkit [217423] by ddkilzer@apple.com
  • 2 edits in trunk/Tools

REGRESSION (r216977): 4 leaks introduced in new WebKit2_WKHTTPCookieStoreWithoutProcessPool_Test
<https://webkit.org/b/172558>

Reviewed by Sam Weinig.

  • TestWebKitAPI/Tests/WebKit2Cocoa/WKHTTPCookieStore.mm:

(WebKit2_WKHTTPCookieStoreWithoutProcessPool_Test): Fix the leaks.

8:50 AM Changeset in webkit [217422] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebCore

[macOS WK2 Debug] Layout Test webrtc/video.html is crashing.
https://bugs.webkit.org/show_bug.cgi?id=172560
<rdar://problem/32392611>

Patch by youenn fablet <youenn@apple.com> on 2017-05-25
Reviewed by Eric Carlson.

webrtc/multiple-video.html is no longer crashing.

Allow autoplay only from going to not capture to capture, and not the reverse.
Renamed HTMLMediaElement::mediaStreamCaptureStateChanged to mediaStreamCaptureStarted.

  • dom/Document.cpp:

(WebCore::Document::mediaStreamCaptureStateChanged):

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaStreamCaptureStateChanged): Deleted.

  • html/HTMLMediaElement.h:

(WebCore::HTMLMediaElement::mediaStreamCaptureStarted):

8:43 AM Changeset in webkit [217421] by Claudio Saavedra
  • 2 edits in trunk/LayoutTests

[GTK] Update baseline

Unreviewed gardening. Update after r217272.

  • platform/gtk/fast/text/font-style-parse-expected.txt:
8:38 AM Changeset in webkit [217420] by matthew_hanson@apple.com
  • 2 edits in branches/safari-603-branch/Source/WebCore

Cherry-pick r217392. rdar://problem/32391206

8:22 AM Changeset in webkit [217419] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WTF

REGRESSION (r217416): Using #pragma once in WTFString.h broke the build

  • wtf/text/WTFString.h: Switch back to #ifndef/#define/#endif.
7:56 AM Changeset in webkit [217418] by hyatt@apple.com
  • 17 edits
    3 adds in trunk

Baseline of number inputs not right.
https://bugs.webkit.org/show_bug.cgi?id=172237

Reviewed by Dean Jackson.

Source/WebCore:

Added fast/forms/baseline-of-number-inputs.html

  • css/html.css:

(input::-webkit-inner-spin-button):

  • rendering/RenderSearchField.cpp:

(WebCore::RenderSearchField::computeLogicalHeightLimit): Deleted.
(WebCore::RenderSearchField::centerContainerIfNeeded): Deleted.

  • rendering/RenderSearchField.h:
  • rendering/RenderTextControlSingleLine.cpp:

(WebCore::RenderTextControlSingleLine::centerRenderer):
(WebCore::RenderTextControlSingleLine::layout):
(WebCore::RenderTextControlSingleLine::computeLogicalHeightLimit): Deleted.

  • rendering/RenderTextControlSingleLine.h:

(WebCore::RenderTextControlSingleLine::centerContainerIfNeeded): Deleted.

LayoutTests:

  • fast/forms/baseline-of-number-inputs-expected.html: Added.
  • fast/forms/baseline-of-number-inputs.html: Added.
7:37 AM Changeset in webkit [217417] by pvollan@apple.com
  • 2 edits in trunk/LayoutTests

[Win] Update expectations for layout tests.
https://bugs.webkit.org/show_bug.cgi?id=172437

Unreviewed test gardening, update test expectations for failing tests.

  • platform/win/TestExpectations:
6:46 AM Changeset in webkit [217416] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WTF

Make a change to force a build on the Apple bots

  • wtf/text/WTFString.h: Use #pragma once.
6:36 AM Changeset in webkit [217415] by Claudio Saavedra
  • 2 edits in trunk/LayoutTests

[WPE] Unreviewed gardening

Update rebaseline after r216817.

  • platform/wpe/fast/transforms/bounding-rect-zoom-expected.txt:
5:26 AM Changeset in webkit [217414] by commit-queue@webkit.org
  • 1 edit
    2 adds in trunk/Source/WebInspectorUI

[GTK] Web Inspector: Add ListStylePositionInside.svg and ListStylePositionOutside.svg
https://bugs.webkit.org/show_bug.cgi?id=172574

Patch by Fujii Hironori <Fujii Hironori> on 2017-05-25
Reviewed by Michael Catanzaro.

Add more free icons for the Web Inspector of GTK+ port.

  • UserInterface/Images/gtk/ListStylePositionInside.svg: Added.
  • UserInterface/Images/gtk/ListStylePositionOutside.svg: Added.
5:24 AM Changeset in webkit [217413] by commit-queue@webkit.org
  • 1 edit
    2 adds in trunk/Source/WebInspectorUI

[GTK] Web Inspector: Add new icons AnimationPlayStatePaused.svg and AnimationPlayStateRunning.svg
https://bugs.webkit.org/show_bug.cgi?id=172579

Patch by Fujii Hironori <Fujii Hironori> on 2017-05-25
Reviewed by Michael Catanzaro.

Add more free icons for the Web Inspector of GTK+ port.

  • UserInterface/Images/gtk/AnimationPlayStatePaused.svg: Added.
  • UserInterface/Images/gtk/AnimationPlayStateRunning.svg: Added.
4:45 AM Changeset in webkit [217412] by pvollan@apple.com
  • 2 edits in trunk/LayoutTests

[Win] Update expectations for layout tests.
https://bugs.webkit.org/show_bug.cgi?id=172437

Unreviewed test gardening, update test expectations for failing tests.

  • platform/win/TestExpectations:
3:06 AM Changeset in webkit [217411] by Manuel Rego Casasnovas
  • 5 edits
    2 adds in trunk

[css-grid] Fix behavior of positioned items without specific dimensions
https://bugs.webkit.org/show_bug.cgi?id=172117

Reviewed by Sergio Villar Senin.

Source/WebCore:

Currently positioned items that doesn't have specific dimensions
are not properly sized. This patch fixes the issues with them.

The patch removes the extraInline|BlockOffsets from RenderBox,
so now RenderGrid is responsible of setting the location of the positioned item.
This will be useful to add alignment support for positioned items later.
It also removes grid specific logic from RenderBox.

RenderBox::computeInlineStaticDistance() was modified too.
The problem here was that the containing block of the positioned gird items
is the grid area (and not the grid container). The method didn't know
anything about grid, so it was using the grid container causing wrong values
when resolving "auto" in both left and right offset properties.

Note that after this patch we match Chrome and Firefox behavior on these cases.

Test: fast/css-grid-layout/positioned-grid-items-sizing.html

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::willBeDestroyed):
(WebCore::computeInlineStaticDistance):
(WebCore::RenderBox::computePositionedLogicalWidth):
(WebCore::RenderBox::computePositionedLogicalHeight):

  • rendering/RenderBox.h:
  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::layoutPositionedObject):
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):

LayoutTests:

  • fast/css-grid-layout/positioned-grid-items-sizing-expected.html: Added.
  • fast/css-grid-layout/positioned-grid-items-sizing.html: Added.
2:57 AM Changeset in webkit [217410] by Claudio Saavedra
  • 2 edits in trunk/Source/WebCore

[WPE] Build fix after r217404

Unreviewed

  • PlatformWPE.cmake: Include missing cairo cmake file.
2:04 AM Changeset in webkit [217409] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

_WKUserStyleSheet leaks string data
https://bugs.webkit.org/show_bug.cgi?id=172583
<rdar://problem/32395209>

Patch by Joseph Pecoraro <pecoraro@apple.com> on 2017-05-25
Reviewed by Dan Bernstein.

  • UIProcess/API/Cocoa/_WKUserStyleSheet.mm:

(-[_WKUserStyleSheet dealloc]):

12:40 AM Changeset in webkit [217408] by ddkilzer@apple.com
  • 21 edits
    19 copies
    3 adds in trunk/LayoutTests

REGRESSION(r217390): "Broke internal Production builds that ran run-jsc-stress-tests" (Requested by ddkilzer on #webkit).
<https://bugs.webkit.org/show_bug.cgi?id=172584>

  • fast/regex/:
  • fast/regex/script-tests:
  • Rollback changes in r217390 for Bug 172423 to these directories.
Note: See TracTimeline for information about the timeline view.