Timeline



Aug 5, 2014:

11:53 PM Changeset in webkit [172137] by Csaba Osztrogonác
  • 2 edits in trunk/Source/JavaScriptCore

URTBF after r172129. (ftlopt branch merge)

Remove the duplicated friend declaration to fix this build failure:
"error: ‘JSC::Structure’ is already a friend of ‘JSC::StructureRareData’ [-Werror]"

  • runtime/StructureRareData.h:
11:21 PM Changeset in webkit [172136] by jcraig@apple.com
  • 8 edits in trunk

Web Inspector: AXI: Add label string once AccessibilityObject::computedLabel() is available
https://bugs.webkit.org/show_bug.cgi?id=129940

Reviewed by Chris Fleizach.

Source/WebCore:

Test: inspector-protocol/dom/getAccessibilityPropertiesForNode-expected.txt

  • accessibility/AccessibilityObject.cpp: Fixed crash.

(WebCore::AccessibilityObject::accessibilityComputedLabel):

  • accessibility/AccessibilityObject.h: Method name update.
  • inspector/InspectorDOMAgent.cpp: New support for getting Node label from AccessibilityObject.

(WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

Source/WebInspectorUI:

  • UserInterface/Views/DOMNodeDetailsSidebarPanel.js: UI update for label field in Node Inspector.

(WebInspector.DOMNodeDetailsSidebarPanel.prototype._refreshAccessibility):

LayoutTests:

  • inspector-protocol/dom/getAccessibilityPropertiesForNode-expected.txt: LayoutTest expectation update.
11:14 PM Changeset in webkit [172135] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Attempt to fix CMake-based builds, part 3.

  • CMakeLists.txt:
11:09 PM Changeset in webkit [172134] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Attempt to fix CMake-based builds, part 2.

  • CMakeLists.txt:
11:06 PM Changeset in webkit [172133] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Attempt to fix Windows build, part 2.

11:03 PM Changeset in webkit [172132] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Attempt to fix CMake-based builds.

  • CMakeLists.txt:
11:02 PM Changeset in webkit [172131] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Attempt to fix Windows build.

10:55 PM Changeset in webkit [172130] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Fix cloop build.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::jettison):

10:27 PM Changeset in webkit [172129] by fpizlo@apple.com
  • 145 edits
    42 adds
    5 deletes in trunk

Merge r170564, r170571, r170604, r170628, r170672, r170680, r170724, r170728, r170729, r170819, r170821, r170836, r170855, r170860, r170890, r170907, r170929, r171052, r171106, r171152, r171153, r171214 from ftlopt.

Source/JavaScriptCore:

This part of the merge delivers roughly a 2% across-the-board performance
improvement, mostly due to immutable property inference and DFG-side GCSE. It also
almost completely resolves accessor performance issues; in the common case the DFG
will compile a getter/setter access into code that is just as efficient as a normal
property access.

Another major highlight of this part of the merge is the work to add a type profiler
to the inspector. This work is still on-going but this greatly increases coverage.

Note that this merge fixes a minor bug in the GetterSetter refactoring from
http://trac.webkit.org/changeset/170729 (https://bugs.webkit.org/show_bug.cgi?id=134518).
It also adds a new tests to tests/stress to cover that bug. That bug was previously only
covered by layout tests.

2014-07-17 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG Flush(SetLocal) store elimination is overzealous for captured variables in the presence of nodes that have no effects but may throw (merge trunk r171190)
https://bugs.webkit.org/show_bug.cgi?id=135019


Reviewed by Oliver Hunt.


Behaviorally, this is just a merge of trunk r171190, except that the relevant functionality
has moved to StrengthReductionPhase and is written in a different style. Same algorithm,
different code.


  • dfg/DFGNodeType.h:
  • dfg/DFGStrengthReductionPhase.cpp: (JSC::DFG::StrengthReductionPhase::handleNode):
  • tests/stress/capture-escape-and-throw.js: Added. (foo.f): (foo):
  • tests/stress/new-array-with-size-throw-exception-and-tear-off-arguments.js: Added. (foo): (bar):


2014-07-15 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Constant fold GetGetter and GetSetter if the GetterSetter is a constant
https://bugs.webkit.org/show_bug.cgi?id=134962


Reviewed by Oliver Hunt.


This removes yet another steady-state-throughput implication of using getters and setters:
if your accessor call is monomorphic then you'll just get a structure check, nothing more.
No more loads to get to the GetterSetter object or the accessor function object.


  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • runtime/GetterSetter.h: (JSC::GetterSetter::getterConcurrently): (JSC::GetterSetter::setGetter): (JSC::GetterSetter::setterConcurrently): (JSC::GetterSetter::setSetter):


2014-07-15 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Identity replacement in CSE shouldn't create a Phantom over the Identity's children
https://bugs.webkit.org/show_bug.cgi?id=134893


Reviewed by Oliver Hunt.


Replace Identity with Check instead of Phantom. Phantom means that the child of the
Identity should be unconditionally live. The liveness semantics of Identity are such that
if the parents of Identity are live then the child is live. Removing the Identity entirely
preserves such liveness semantics. So, the only thing that should be left behind is the
type check on the child, which is what Check means: do the check but don't keep the child
alive if the check isn't needed.


  • dfg/DFGCSEPhase.cpp:
  • dfg/DFGNode.h: (JSC::DFG::Node::convertToCheck):


2014-07-13 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG should be able to do GCSE in SSA and this should be unified with the CSE in CPS, and both of these things should use abstract heaps for reasoning about effects
https://bugs.webkit.org/show_bug.cgi?id=134677


Reviewed by Sam Weinig.


This removes the old local CSE phase, which was based on manually written backward-search
rules for all of the different kinds of things we cared about, and adds a new local/global
CSE (local for CPS and global for SSA) that leaves the node semantics almost entirely up to
clobberize(). Thus, the CSE phase itself just worries about the algorithms and data
structures used for storing sets of available values. This results in a large reduction in
code size in CSEPhase.cpp while greatly increasing the phase's power (since it now does
global CSE) and reducing compile time (since local CSE is now rewritten to use smarter data
structures). Even though LLVM was already running GVN, the extra GCSE at DFG IR level means
that this is a significant (~0.7%) throughput improvement.


This work is based on the concept of "def" to clobberize(). If clobberize() calls def(), it
means that the node being analyzed makes available some value in some DFG node, and that
future attempts to compute that value can simply use that node. In other words, it
establishes an available value mapping of the form value=>node. There are two kinds of
values that can be passed to def():


PureValue. This captures everything needed to determine whether two pure nodes - nodes that

neither read nor write, and produce a value that is a CSE candidate - are identical. It
carries the NodeType, an AdjacencyList, and one word of meta-data. The meta-data is
usually used for things like the arithmetic mode or constant pointer. Passing a
PureValue to def() means that the node produces a value that is valid anywhere that the
node dominates.


HeapLocation. This describes a location in the heap that could be written to or read from.

Both stores and loads can def() a HeapLocation. HeapLocation carries around an abstract
heap that both serves as part of the "name" of the heap location (together with the
other fields of HeapLocation) and also tells us what write()'s to watch for. If someone
write()'s to an abstract heap that overlaps the heap associated with the HeapLocation,
then it means that the values for that location are no longer available.


This approach is sufficiently clever that the CSEPhase itself can focus on the mechanism of
tracking the PureValue=>node and HeapLocation=>node maps, without having to worry about
interpreting the semantics of different DFG node types - that is now almost entirely in
clobberize(). The only things we special-case inside CSEPhase are the Identity node, which
CSE is traditionally responsible for eliminating even though it has nothing to do with CSE,
and the LocalCSE rule for turning PutByVal into PutByValAlias.


This is a slight Octane, SunSpider, and Kraken speed-up - all somewhere arond 0.7% . It's
not a bigger win because LLVM was already giving us most of what we needed in its GVN.
Also, the SunSpider speed-up isn't from GCSE as much as it's a clean-up of local CSE - that
is no longer O(n2). Basically this is purely good: it reduces the amount of LLVM IR we
generate, it removes the old CSE's heap modeling (which was a constant source of bugs), and
it improves both the quality of the code we generate and the speed with which we generate
it. Also, any future optimizations that depend on GCSE will now be easier to implement.


During the development of this patch I also rationalized some other stuff, like Graph's
ordered traversals - we now have preorder and postorder rather than just "depth first".


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGAbstractHeap.h:
  • dfg/DFGAdjacencyList.h: (JSC::DFG::AdjacencyList::hash): (JSC::DFG::AdjacencyList::operator==):
  • dfg/DFGBasicBlock.h:
  • dfg/DFGCSEPhase.cpp: (JSC::DFG::performLocalCSE): (JSC::DFG::performGlobalCSE): (JSC::DFG::CSEPhase::CSEPhase): Deleted. (JSC::DFG::CSEPhase::run): Deleted. (JSC::DFG::CSEPhase::endIndexForPureCSE): Deleted. (JSC::DFG::CSEPhase::pureCSE): Deleted. (JSC::DFG::CSEPhase::constantCSE): Deleted. (JSC::DFG::CSEPhase::constantStoragePointerCSE): Deleted. (JSC::DFG::CSEPhase::getCalleeLoadElimination): Deleted. (JSC::DFG::CSEPhase::getArrayLengthElimination): Deleted. (JSC::DFG::CSEPhase::globalVarLoadElimination): Deleted. (JSC::DFG::CSEPhase::scopedVarLoadElimination): Deleted. (JSC::DFG::CSEPhase::varInjectionWatchpointElimination): Deleted. (JSC::DFG::CSEPhase::getByValLoadElimination): Deleted. (JSC::DFG::CSEPhase::checkFunctionElimination): Deleted. (JSC::DFG::CSEPhase::checkExecutableElimination): Deleted. (JSC::DFG::CSEPhase::checkStructureElimination): Deleted. (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination): Deleted. (JSC::DFG::CSEPhase::getByOffsetLoadElimination): Deleted. (JSC::DFG::CSEPhase::getGetterSetterByOffsetLoadElimination): Deleted. (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): Deleted. (JSC::DFG::CSEPhase::checkArrayElimination): Deleted. (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination): Deleted. (JSC::DFG::CSEPhase::getInternalFieldLoadElimination): Deleted. (JSC::DFG::CSEPhase::getMyScopeLoadElimination): Deleted. (JSC::DFG::CSEPhase::getLocalLoadElimination): Deleted. (JSC::DFG::CSEPhase::invalidationPointElimination): Deleted. (JSC::DFG::CSEPhase::setReplacement): Deleted. (JSC::DFG::CSEPhase::eliminate): Deleted. (JSC::DFG::CSEPhase::performNodeCSE): Deleted. (JSC::DFG::CSEPhase::performBlockCSE): Deleted. (JSC::DFG::performCSE): Deleted.
  • dfg/DFGCSEPhase.h:
  • dfg/DFGClobberSet.cpp: (JSC::DFG::addReads): (JSC::DFG::addWrites): (JSC::DFG::addReadsAndWrites): (JSC::DFG::readsOverlap): (JSC::DFG::writesOverlap):
  • dfg/DFGClobberize.cpp: (JSC::DFG::doesWrites): (JSC::DFG::accessesOverlap): (JSC::DFG::writesOverlap):
  • dfg/DFGClobberize.h: (JSC::DFG::clobberize): (JSC::DFG::NoOpClobberize::operator()): (JSC::DFG::CheckClobberize::operator()): (JSC::DFG::ReadMethodClobberize::ReadMethodClobberize): (JSC::DFG::ReadMethodClobberize::operator()): (JSC::DFG::WriteMethodClobberize::WriteMethodClobberize): (JSC::DFG::WriteMethodClobberize::operator()): (JSC::DFG::DefMethodClobberize::DefMethodClobberize): (JSC::DFG::DefMethodClobberize::operator()):
  • dfg/DFGDCEPhase.cpp: (JSC::DFG::DCEPhase::run): (JSC::DFG::DCEPhase::fixupBlock):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::getBlocksInPreOrder): (JSC::DFG::Graph::getBlocksInPostOrder): (JSC::DFG::Graph::addForDepthFirstSort): Deleted. (JSC::DFG::Graph::getBlocksInDepthFirstOrder): Deleted.
  • dfg/DFGGraph.h:
  • dfg/DFGHeapLocation.cpp: Added. (JSC::DFG::HeapLocation::dump): (WTF::printInternal):
  • dfg/DFGHeapLocation.h: Added. (JSC::DFG::HeapLocation::HeapLocation): (JSC::DFG::HeapLocation::operator!): (JSC::DFG::HeapLocation::kind): (JSC::DFG::HeapLocation::heap): (JSC::DFG::HeapLocation::base): (JSC::DFG::HeapLocation::index): (JSC::DFG::HeapLocation::hash): (JSC::DFG::HeapLocation::operator==): (JSC::DFG::HeapLocation::isHashTableDeletedValue): (JSC::DFG::HeapLocationHash::hash): (JSC::DFG::HeapLocationHash::equal):
  • dfg/DFGLICMPhase.cpp: (JSC::DFG::LICMPhase::run):
  • dfg/DFGNode.h: (JSC::DFG::Node::replaceWith): (JSC::DFG::Node::convertToPhantomUnchecked): Deleted.
  • dfg/DFGPlan.cpp: (JSC::DFG::Plan::compileInThreadImpl):
  • dfg/DFGPureValue.cpp: Added. (JSC::DFG::PureValue::dump):
  • dfg/DFGPureValue.h: Added. (JSC::DFG::PureValue::PureValue): (JSC::DFG::PureValue::operator!): (JSC::DFG::PureValue::op): (JSC::DFG::PureValue::children): (JSC::DFG::PureValue::info): (JSC::DFG::PureValue::hash): (JSC::DFG::PureValue::operator==): (JSC::DFG::PureValue::isHashTableDeletedValue): (JSC::DFG::PureValueHash::hash): (JSC::DFG::PureValueHash::equal):
  • dfg/DFGSSAConversionPhase.cpp: (JSC::DFG::SSAConversionPhase::run):
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::lower):


2014-07-13 Filip Pizlo <fpizlo@apple.com>


Unreviewed, revert unintended change in r171051.


  • dfg/DFGCSEPhase.cpp:


2014-07-08 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Move Flush(SetLocal) store elimination to StrengthReductionPhase
https://bugs.webkit.org/show_bug.cgi?id=134739


Reviewed by Mark Hahnenberg.


I'm going to streamline CSE around clobberize() as part of
https://bugs.webkit.org/show_bug.cgi?id=134677, and so Flush(SetLocal) store
elimination wouldn't belong in CSE anymore. It doesn't quite belong anywhere, which
means that it belongs in StrengthReductionPhase, since that's intended to be our
dumping ground.


To do this I had to add some missing smarts to clobberize(). Previously clobberize()
could play a bit loose with reads of Variables because it wasn't used for store
elimination. The main client of read() was LICM, but it would only use it to
determine hoistability and anything that did a write() was not hoistable - so, we had
benign (but still wrong) missing read() calls in places that did write()s. This fixes
a bunch of those cases.


  • dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::performNodeCSE): (JSC::DFG::CSEPhase::setLocalStoreElimination): Deleted.
  • dfg/DFGClobberize.cpp: (JSC::DFG::accessesOverlap):
  • dfg/DFGClobberize.h: (JSC::DFG::clobberize): Make clobberize() smart enough for detecting when this store elimination would be sound.
  • dfg/DFGStrengthReductionPhase.cpp: (JSC::DFG::StrengthReductionPhase::handleNode): Implement the store elimination in terms of clobberize().


2014-07-08 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Phantom simplification should be in its own phase
https://bugs.webkit.org/show_bug.cgi?id=134742


Reviewed by Geoffrey Garen.


This moves Phantom simplification out of CSE, which greatly simplifies CSE and gives it
more focus. Also this finally adds a phase that removes empty Phantoms. We sort of had
this in CPSRethreading, but that phase runs too infrequently and doesn't run at all for
SSA.


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGAdjacencyList.h:
  • dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::run): (JSC::DFG::CSEPhase::setReplacement): (JSC::DFG::CSEPhase::eliminate): (JSC::DFG::CSEPhase::performNodeCSE): (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren): Deleted.
  • dfg/DFGPhantomRemovalPhase.cpp: Added. (JSC::DFG::PhantomRemovalPhase::PhantomRemovalPhase): (JSC::DFG::PhantomRemovalPhase::run): (JSC::DFG::performCleanUp):
  • dfg/DFGPhantomRemovalPhase.h: Added.
  • dfg/DFGPlan.cpp: (JSC::DFG::Plan::compileInThreadImpl):


2014-07-08 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Get rid of Node::misc by moving the fields out of the union so that you can use replacement and owner simultaneously
https://bugs.webkit.org/show_bug.cgi?id=134730


Reviewed by Mark Lam.


This will allow for a better GCSE implementation.


  • dfg/DFGCPSRethreadingPhase.cpp: (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
  • dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::setReplacement):
  • dfg/DFGEdgeDominates.h: (JSC::DFG::EdgeDominates::operator()):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::clearReplacements): (JSC::DFG::Graph::initializeNodeOwners):
  • dfg/DFGGraph.h: (JSC::DFG::Graph::performSubstitutionForEdge):
  • dfg/DFGLICMPhase.cpp: (JSC::DFG::LICMPhase::attemptHoist):
  • dfg/DFGNode.h: (JSC::DFG::Node::Node):
  • dfg/DFGSSAConversionPhase.cpp: (JSC::DFG::SSAConversionPhase::run):


2014-07-04 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Infer immutable object properties
https://bugs.webkit.org/show_bug.cgi?id=134567


Reviewed by Mark Hahnenberg.


This introduces a new way of inferring immutable object properties. A property is said to
be immutable if after its creation (i.e. the transition that creates it), we never
overwrite it (i.e. replace it) or delete it. Immutability is a property of an "own
property" - so if we say that "f" is immutable at "o" then we are implying that "o" has "f"
directly and not on a prototype. More specifically, the immutability inference will prove
that a property on some structure is immutable. This means that, for example, we may have a
structure S1 with property "f" where we claim that "f" at S1 is immutable, but S1 has a
transition to S2 that adds a new property "g" and we may claim that "f" at S2 is actually
mutable. This is mainly for convenience; it allows us to decouple immutability logic from
transition logic. Immutability can be used to constant-fold accesses to objects at
DFG-time. The DFG needs to prove the following to constant-fold the access:


  • The base of the access must be a constant object pointer. We prove that a property at a structure is immutable, but that says nothing of its value; each actual instance of that property may have a different value. So, a constant object pointer is needed to get an actual constant instance of the immutable value.


  • A check (or watchpoint) must have been emitted proving that the object has a structure that allows loading the property in question.


  • The replacement watchpoint set of the property in the structure that we've proven the object to have is still valid and we add a watchpoint to it lazily. The replacement watchpoint set is the key new mechanism that this change adds. It's possible that we have proven that the object has one of many structures, in which case each of those structures needs a valid replacement watchpoint set.


The replacement watchpoint set is created the first time that any access to the property is
cached. A put replace cache will create, and immediately invalidate, the watchpoint set. A
get cache will create the watchpoint set and make it start watching. Any non-cached put
access will invalidate the watchpoint set if one had been created; the underlying algorithm
ensures that checking for the existence of a replacement watchpoint set is very fast in the
common case. This algorithm ensures that no cached access needs to ever do any work to
invalidate, or check the validity of, any replacement watchpoint sets. It also has some
other nice properties:


  • It's very robust in its definition of immutability. The strictest that it will ever be is that for any instance of the object, the property must be written to only once, specifically at the time that the property is created. But it's looser than this in practice. For example, the property may be written to any number of times before we add the final property that the object will have before anyone reads the property; this works since for optimization purposes we only care if we detect immutability on the structure that the object will have when it is most frequently read from, not any previous structure that the object had. Also, we may write to the property any number of times before anyone caches accesses to it.


  • It is mostly orthogonal to structure transitions. No new structures need to be created to track the immutability of a property. Hence, there is no risk from this feature causing more polymorphism. This is different from the previous "specificValue" constant inference, which did cause additional structures to be created and sometimes those structures led to fake polymorphism. This feature does leverage existing transitions to do some of the watchpointing: property deletions don't fire the replacement watchpoint set because that would cause a new structure and so the mandatory structure check would fail. Also, this feature is guaranteed to never kick in for uncacheable dictionaries because those wouldn't allow for cacheable accesses - and it takes a cacheable access for this feature to be enabled.


  • No memory overhead is incurred except when accesses to the property are cached. Dictionary properties will typically have no meta-data for immutability. The number of replacement watchpoint sets we allocate is proportional to the number of inline caches in the program, which is typically must smaller than the number of structures or even the number of objects.


This inference is far more powerful than the previous "specificValue" inference, so this
change also removes all of that code. It's interesting that the amount of code that is
changed to remove that feature is almost as big as the amount of code added to support the
new inference - and that's if you include the new tests in the tally. Without new tests,
it appears that the new feature actually touches less code!


There is one corner case where the previous "specificValue" inference was more powerful.
You can imagine someone creating objects with functions as self properties on those
objects, such that each object instance had the same function pointers - essentially,
someone might be trying to create a vtable but failing at the whole "one vtable for many
instances" concept. The "specificValue" inference would do very well for such programs,
because a structure check would be sufficient to prove a constant value for all of the
function properties. This new inference will fail because it doesn't track the constant
values of constant properties; instead it detects the immutability of otherwise variable
properties (in the sense that each instance of the property may have a different value).
So, the new inference requires having a particular object instance to actually get the
constant value. I think it's OK to lose this antifeature. It took a lot of code to support
and was a constant source of grief in our transition logic, and there doesn't appear to be
any real evidence that programs benefited from that particular kind of inference since
usually it's the singleton prototype instance that has all of the functions.


This change is a speed-up on everything. date-format-xparb and both SunSpider/raytrace and
V8/raytrace seem to be the biggest winners among the macrobenchmarks; they see >5%
speed-ups. Many of our microbenchmarks see very large performance improvements, even 80% in
one case.


  • bytecode/ComplexGetStatus.cpp: (JSC::ComplexGetStatus::computeFor):
  • bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeFromLLInt): (JSC::GetByIdStatus::computeForStubInfo): (JSC::GetByIdStatus::computeFor):
  • bytecode/GetByIdVariant.cpp: (JSC::GetByIdVariant::GetByIdVariant): (JSC::GetByIdVariant::operator=): (JSC::GetByIdVariant::attemptToMerge): (JSC::GetByIdVariant::dumpInContext):
  • bytecode/GetByIdVariant.h: (JSC::GetByIdVariant::alternateBase): (JSC::GetByIdVariant::specificValue): Deleted.
  • bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::computeForStubInfo): (JSC::PutByIdStatus::computeFor):
  • bytecode/PutByIdVariant.cpp: (JSC::PutByIdVariant::operator=): (JSC::PutByIdVariant::setter): (JSC::PutByIdVariant::dumpInContext):
  • bytecode/PutByIdVariant.h: (JSC::PutByIdVariant::specificValue): Deleted.
  • bytecode/Watchpoint.cpp: (JSC::WatchpointSet::fireAllSlow): (JSC::WatchpointSet::fireAll): Deleted.
  • bytecode/Watchpoint.h: (JSC::WatchpointSet::fireAll):
  • dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleGetByOffset): (JSC::DFG::ByteCodeParser::handleGetById): (JSC::DFG::ByteCodeParser::handlePutById): (JSC::DFG::ByteCodeParser::parseBlock):
  • dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
  • dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::isStringPrototypeMethodSane): (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
  • dfg/DFGGraph.cpp: (JSC::DFG::Graph::tryGetConstantProperty): (JSC::DFG::Graph::visitChildren):
  • dfg/DFGGraph.h:
  • dfg/DFGWatchableStructureWatchingPhase.cpp: (JSC::DFG::WatchableStructureWatchingPhase::run):
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
  • jit/JITOperations.cpp:
  • jit/Repatch.cpp: (JSC::repatchByIdSelfAccess): (JSC::generateByIdStub): (JSC::tryCacheGetByID): (JSC::tryCachePutByID): (JSC::tryBuildPutByIdList):
  • llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): (JSC::LLInt::putToScopeCommon):
  • runtime/CommonSlowPaths.h: (JSC::CommonSlowPaths::tryCachePutToScopeGlobal):
  • runtime/IntendedStructureChain.cpp: (JSC::IntendedStructureChain::mayInterceptStoreTo):
  • runtime/JSCJSValue.cpp: (JSC::JSValue::putToPrimitive):
  • runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset):
  • runtime/JSObject.cpp: (JSC::JSObject::put): (JSC::JSObject::putDirectNonIndexAccessor): (JSC::JSObject::deleteProperty): (JSC::JSObject::defaultValue): (JSC::getCallableObjectSlow): Deleted. (JSC::JSObject::getPropertySpecificValue): Deleted.
  • runtime/JSObject.h: (JSC::JSObject::getDirect): (JSC::JSObject::getDirectOffset): (JSC::JSObject::inlineGetOwnPropertySlot): (JSC::JSObject::putDirectInternal): (JSC::JSObject::putOwnDataProperty): (JSC::JSObject::putDirect): (JSC::JSObject::putDirectWithoutTransition): (JSC::getCallableObject): Deleted.
  • runtime/JSScope.cpp: (JSC::abstractAccess):
  • runtime/PropertyMapHashTable.h: (JSC::PropertyMapEntry::PropertyMapEntry): (JSC::PropertyTable::copy):
  • runtime/PropertyTable.cpp: (JSC::PropertyTable::clone): (JSC::PropertyTable::PropertyTable): (JSC::PropertyTable::visitChildren): Deleted.
  • runtime/Structure.cpp: (JSC::Structure::Structure): (JSC::Structure::materializePropertyMap): (JSC::Structure::addPropertyTransitionToExistingStructureImpl): (JSC::Structure::addPropertyTransitionToExistingStructure): (JSC::Structure::addPropertyTransitionToExistingStructureConcurrently): (JSC::Structure::addPropertyTransition): (JSC::Structure::changePrototypeTransition): (JSC::Structure::attributeChangeTransition): (JSC::Structure::toDictionaryTransition): (JSC::Structure::preventExtensionsTransition): (JSC::Structure::takePropertyTableOrCloneIfPinned): (JSC::Structure::nonPropertyTransition): (JSC::Structure::addPropertyWithoutTransition): (JSC::Structure::allocateRareData): (JSC::Structure::ensurePropertyReplacementWatchpointSet): (JSC::Structure::startWatchingPropertyForReplacements): (JSC::Structure::didCachePropertyReplacement): (JSC::Structure::startWatchingInternalProperties): (JSC::Structure::copyPropertyTable): (JSC::Structure::copyPropertyTableForPinning): (JSC::Structure::getConcurrently): (JSC::Structure::get): (JSC::Structure::add): (JSC::Structure::visitChildren): (JSC::Structure::prototypeChainMayInterceptStoreTo): (JSC::Structure::dump): (JSC::Structure::despecifyDictionaryFunction): Deleted. (JSC::Structure::despecifyFunctionTransition): Deleted. (JSC::Structure::despecifyFunction): Deleted. (JSC::Structure::despecifyAllFunctions): Deleted. (JSC::Structure::putSpecificValue): Deleted.
  • runtime/Structure.h: (JSC::Structure::startWatchingPropertyForReplacements): (JSC::Structure::startWatchingInternalPropertiesIfNecessary): (JSC::Structure::startWatchingInternalPropertiesIfNecessaryForEntireChain): (JSC::Structure::transitionDidInvolveSpecificValue): Deleted. (JSC::Structure::disableSpecificFunctionTracking): Deleted.
  • runtime/StructureInlines.h: (JSC::Structure::getConcurrently): (JSC::Structure::didReplaceProperty): (JSC::Structure::propertyReplacementWatchpointSet):
  • runtime/StructureRareData.cpp: (JSC::StructureRareData::destroy):
  • runtime/StructureRareData.h:
  • tests/stress/infer-constant-global-property.js: Added. (foo.Math.sin): (foo):
  • tests/stress/infer-constant-property.js: Added. (foo):
  • tests/stress/jit-cache-poly-replace-then-cache-get-and-fold-then-invalidate.js: Added. (foo): (bar):
  • tests/stress/jit-cache-replace-then-cache-get-and-fold-then-invalidate.js: Added. (foo): (bar):
  • tests/stress/jit-put-to-scope-global-cache-watchpoint-invalidate.js: Added. (foo): (bar):
  • tests/stress/llint-cache-replace-then-cache-get-and-fold-then-invalidate.js: Added. (foo): (bar):
  • tests/stress/llint-put-to-scope-global-cache-watchpoint-invalidate.js: Added. (foo): (bar):
  • tests/stress/repeat-put-to-scope-global-with-same-value-watchpoint-invalidate.js: Added. (foo): (bar):


2014-07-03 Saam Barati <sbarati@apple.com>


Add more coverage for the profile_types_with_high_fidelity op code.
https://bugs.webkit.org/show_bug.cgi?id=134616


Reviewed by Filip Pizlo.


More operations are now being recorded by the profile_types_with_high_fidelity
opcode. Specifically: function parameters, function return values,
function 'this' value, get_by_id, get_by_value, resolve nodes, function return
values at the call site. Added more flags to the profile_types_with_high_fidelity
opcode so more focused tasks can take place when the instruction is
being linked in CodeBlock. Re-worked the type profiler to search
through character offset ranges when asked for the type of an expression
at a given offset. Removed redundant calls to Structure::toStructureShape
in HighFidelityLog and TypeSet by caching calls based on StructureID.


  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h: (JSC::computeUsesForBytecodeOffset): (JSC::computeDefsForBytecodeOffset):
  • bytecode/CodeBlock.cpp: (JSC::CodeBlock::CodeBlock): (JSC::CodeBlock::finalizeUnconditionally): (JSC::CodeBlock::scopeDependentProfile):
  • bytecode/CodeBlock.h: (JSC::CodeBlock::returnStatementTypeSet):
  • bytecode/TypeLocation.h:
  • bytecode/UnlinkedCodeBlock.cpp: (JSC::UnlinkedCodeBlock::highFidelityTypeProfileExpressionInfoForBytecodeOffset): (JSC::UnlinkedCodeBlock::addHighFidelityTypeProfileExpressionInfo):
  • bytecode/UnlinkedCodeBlock.h:
  • bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitMove): (JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity): (JSC::BytecodeGenerator::emitGetFromScopeWithProfile): (JSC::BytecodeGenerator::emitPutToScope): (JSC::BytecodeGenerator::emitPutToScopeWithProfile): (JSC::BytecodeGenerator::emitPutById): (JSC::BytecodeGenerator::emitPutByVal):
  • bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::emitHighFidelityTypeProfilingExpressionInfo):
  • bytecompiler/NodesCodegen.cpp: (JSC::ResolveNode::emitBytecode): (JSC::BracketAccessorNode::emitBytecode): (JSC::DotAccessorNode::emitBytecode): (JSC::FunctionCallValueNode::emitBytecode): (JSC::FunctionCallResolveNode::emitBytecode): (JSC::FunctionCallBracketNode::emitBytecode): (JSC::FunctionCallDotNode::emitBytecode): (JSC::CallFunctionCallDotNode::emitBytecode): (JSC::ApplyFunctionCallDotNode::emitBytecode): (JSC::PostfixNode::emitResolve): (JSC::PostfixNode::emitBracket): (JSC::PostfixNode::emitDot): (JSC::PrefixNode::emitResolve): (JSC::PrefixNode::emitBracket): (JSC::PrefixNode::emitDot): (JSC::ReadModifyResolveNode::emitBytecode): (JSC::AssignResolveNode::emitBytecode): (JSC::AssignDotNode::emitBytecode): (JSC::ReadModifyDotNode::emitBytecode): (JSC::AssignBracketNode::emitBytecode): (JSC::ReadModifyBracketNode::emitBytecode): (JSC::ReturnNode::emitBytecode): (JSC::FunctionBodyNode::emitBytecode):
  • inspector/agents/InspectorRuntimeAgent.cpp: (Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableAtOffset): (Inspector::InspectorRuntimeAgent::getRuntimeTypeForVariableInTextRange): Deleted.
  • inspector/agents/InspectorRuntimeAgent.h:
  • inspector/protocol/Runtime.json:
  • llint/LLIntSlowPaths.cpp: (JSC::LLInt::getFromScopeCommon): (JSC::LLInt::LLINT_SLOW_PATH_DECL):
  • llint/LLIntSlowPaths.h:
  • llint/LowLevelInterpreter.asm:
  • runtime/HighFidelityLog.cpp: (JSC::HighFidelityLog::processHighFidelityLog): (JSC::HighFidelityLog::actuallyProcessLogThreadFunction): (JSC::HighFidelityLog::recordTypeInformationForLocation): Deleted.
  • runtime/HighFidelityLog.h: (JSC::HighFidelityLog::recordTypeInformationForLocation):
  • runtime/HighFidelityTypeProfiler.cpp: (JSC::HighFidelityTypeProfiler::getTypesForVariableInAtOffset): (JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableAtOffset): (JSC::HighFidelityTypeProfiler::getLocalTypesForVariableAtOffset): (JSC::HighFidelityTypeProfiler::insertNewLocation): (JSC::HighFidelityTypeProfiler::findLocation): (JSC::HighFidelityTypeProfiler::getTypesForVariableInRange): Deleted. (JSC::HighFidelityTypeProfiler::getGlobalTypesForVariableInRange): Deleted. (JSC::HighFidelityTypeProfiler::getLocalTypesForVariableInRange): Deleted. (JSC::HighFidelityTypeProfiler::getLocationBasedHash): Deleted.
  • runtime/HighFidelityTypeProfiler.h: (JSC::LocationKey::LocationKey): Deleted. (JSC::LocationKey::hash): Deleted. (JSC::LocationKey::operator==): Deleted.
  • runtime/Structure.cpp: (JSC::Structure::toStructureShape):
  • runtime/Structure.h:
  • runtime/TypeSet.cpp: (JSC::TypeSet::TypeSet): (JSC::TypeSet::addTypeForValue): (JSC::TypeSet::seenTypes): (JSC::TypeSet::removeDuplicatesInStructureHistory): Deleted.
  • runtime/TypeSet.h: (JSC::StructureShape::setConstructorName):
  • runtime/VM.cpp: (JSC::VM::getTypesForVariableAtOffset): (JSC::VM::dumpHighFidelityProfilingTypes): (JSC::VM::getTypesForVariableInRange): Deleted.
  • runtime/VM.h:


2014-07-04 Filip Pizlo <fpizlo@apple.com>


[ftlopt][REGRESSION] debug tests fail because PutByIdDirect is now implemented in terms of In
https://bugs.webkit.org/show_bug.cgi?id=134642


Rubber stamped by Andreas Kling.


  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileNode):


2014-07-01 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Allocate a new GetterSetter if we change the value of any of its entries other than when they were previously null, so that if we constant-infer an accessor slot then we immediately get the function constant for free
https://bugs.webkit.org/show_bug.cgi?id=134518


Reviewed by Mark Hahnenberg.


This has no real effect right now, particularly since almost all uses of
setSetter/setGetter were already allocating a branch new GetterSetter. But once we start
doing more aggressive constant property inference, this change will allow us to remove
all runtime checks from getter/setter calls.


  • runtime/GetterSetter.cpp: (JSC::GetterSetter::withGetter): (JSC::GetterSetter::withSetter):
  • runtime/GetterSetter.h: (JSC::GetterSetter::setGetter): (JSC::GetterSetter::setSetter):
  • runtime/JSObject.cpp: (JSC::JSObject::defineOwnNonIndexProperty):


2014-07-02 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Rename notifyTransitionFromThisStructure to didTransitionFromThisStructure


Rubber stamped by Mark Hahnenberg.


  • runtime/Structure.cpp: (JSC::Structure::Structure): (JSC::Structure::nonPropertyTransition): (JSC::Structure::didTransitionFromThisStructure): (JSC::Structure::notifyTransitionFromThisStructure): Deleted.
  • runtime/Structure.h:


2014-07-02 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Remove the functionality for cloning StructureRareData since we never do that anymore.


Rubber stamped by Mark Hahnenberg.


  • runtime/Structure.cpp: (JSC::Structure::Structure): (JSC::Structure::cloneRareDataFrom): Deleted.
  • runtime/Structure.h:
  • runtime/StructureRareData.cpp: (JSC::StructureRareData::clone): Deleted. (JSC::StructureRareData::StructureRareData): Deleted.
  • runtime/StructureRareData.h: (JSC::StructureRareData::needsCloning): Deleted.


2014-07-01 Mark Lam <mark.lam@apple.com>


[ftlopt] DebuggerCallFrame::scope() should return a DebuggerScope.
<https://webkit.org/b/134420>


Reviewed by Geoffrey Garen.


Previously, DebuggerCallFrame::scope() returns a JSActivation (and relevant
peers) which the WebInspector will use to introspect CallFrame variables.
Instead, we should be returning a DebuggerScope as an abstraction layer that
provides the introspection functionality that the WebInspector needs. This
is the first step towards not forcing every frame to have a JSActivation
object just because the debugger is enabled.


  1. Instantiate the debuggerScopeStructure as a member of the JSGlobalObject instead of the VM. This allows JSObject::globalObject() to be able to return the global object for the DebuggerScope.


  1. On the DebuggerScope's life-cycle management:


The DebuggerCallFrame is designed to be "valid" only during a debugging session
(while the debugger is broken) through the use of a DebuggerCallFrameScope in
Debugger::pauseIfNeeded(). Once the debugger resumes from the break, the
DebuggerCallFrameScope destructs, and the DebuggerCallFrame will be invalidated.
We can't guarantee (from this code alone) that the Inspector code isn't still
holding a ref to the DebuggerCallFrame (though they shouldn't), but by contract,
the frame will be invalidated, and any attempt to query it will return null values.
This is pre-existing behavior.


Now, we're adding the DebuggerScope into the picture. While a single debugger
pause session is in progress, the Inspector may request the scope from the
DebuggerCallFrame. While the DebuggerCallFrame is still valid, we want
DebuggerCallFrame::scope() to always return the same DebuggerScope object.
This is why we hold on to the DebuggerScope with a strong ref.


If we use a weak ref instead, the following cooky behavior can manifest:

  1. The Inspector calls Debugger::scope() to get the top scope.
  2. The Inspector iterates down the scope chain and is now only holding a reference to a parent scope. It is no longer referencing the top scope.
  3. A GC occurs, and the DebuggerCallFrame's weak m_scope ref to the top scope gets cleared.
  4. The Inspector calls DebuggerCallFrame::scope() to get the top scope again but gets a different DebuggerScope instance.
  5. The Inspector iterates down the scope chain but never sees the parent scope instance that retained a ref to in step 2 above. This is because when iterating this new DebuggerScope instance (which has no knowledge of the previous parent DebuggerScope instance), a new DebuggerScope instance will get created for the same parent scope.


Since the DebuggerScope is a JSObject, it's liveness is determined by its reachability.
However, it's "validity" is determined by the life-cycle of its owner DebuggerCallFrame.
When the owner DebuggerCallFrame gets invalidated, its debugger scope chain (if
instantiated) will also get invalidated. This is why we need the
DebuggerScope::invalidateChain() method. The Inspector should not be using the
DebuggerScope instance after its owner DebuggerCallFrame is invalidated. If it does,
those methods will do nothing or returned a failed status.


  • debugger/Debugger.h:
  • debugger/DebuggerCallFrame.cpp: (JSC::DebuggerCallFrame::scope): (JSC::DebuggerCallFrame::evaluate): (JSC::DebuggerCallFrame::invalidate): (JSC::DebuggerCallFrame::vm): (JSC::DebuggerCallFrame::lexicalGlobalObject):
  • debugger/DebuggerCallFrame.h:
  • debugger/DebuggerScope.cpp: (JSC::DebuggerScope::DebuggerScope): (JSC::DebuggerScope::finishCreation): (JSC::DebuggerScope::visitChildren): (JSC::DebuggerScope::className): (JSC::DebuggerScope::getOwnPropertySlot): (JSC::DebuggerScope::put): (JSC::DebuggerScope::deleteProperty): (JSC::DebuggerScope::getOwnPropertyNames): (JSC::DebuggerScope::defineOwnProperty): (JSC::DebuggerScope::next): (JSC::DebuggerScope::invalidateChain): (JSC::DebuggerScope::isWithScope): (JSC::DebuggerScope::isGlobalScope): (JSC::DebuggerScope::isFunctionScope):
  • debugger/DebuggerScope.h: (JSC::DebuggerScope::create): (JSC::DebuggerScope::Iterator::Iterator): (JSC::DebuggerScope::Iterator::get): (JSC::DebuggerScope::Iterator::operator++): (JSC::DebuggerScope::Iterator::operator==): (JSC::DebuggerScope::Iterator::operator!=): (JSC::DebuggerScope::isValid): (JSC::DebuggerScope::jsScope): (JSC::DebuggerScope::begin): (JSC::DebuggerScope::end):
  • inspector/JSJavaScriptCallFrame.cpp: (Inspector::JSJavaScriptCallFrame::scopeType): (Inspector::JSJavaScriptCallFrame::scopeChain):
  • inspector/JavaScriptCallFrame.h: (Inspector::JavaScriptCallFrame::scopeChain):
  • inspector/ScriptDebugServer.cpp:
  • runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::reset): (JSC::JSGlobalObject::visitChildren):
  • runtime/JSGlobalObject.h: (JSC::JSGlobalObject::debuggerScopeStructure):
  • runtime/JSObject.h: (JSC::JSObject::isWithScope):
  • runtime/JSScope.h:
  • runtime/VM.cpp: (JSC::VM::VM):
  • runtime/VM.h:


2014-07-01 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG bytecode parser should turn PutById with nothing but a Setter stub as stuff+handleCall, and handleCall should be allowed to inline if it wants to
https://bugs.webkit.org/show_bug.cgi?id=130756


Reviewed by Oliver Hunt.


The enables exposing the call to setters in the DFG, and then inlining it. Previously we
already supproted inlined-cached calls to setters from within put_by_id inline caches,
and the DFG could certainly emit such IC's. Now, if an IC had a setter call, then the DFG
will either emit the GetGetterSetterByOffset/GetSetter/Call combo, or it will do one
better and inline the call.


A lot of the core functionality was already available from the previous work to inline
getters. So, there are some refactorings in this patch that move preexisting
functionality around. For example, the work to figure out how the DFG should go about
getting to what we call the "loaded value" - i.e. the GetterSetter object reference in
the case of accessors - is now shared in ComplexGetStatus, and both GetByIdStatus and
PutByIdStatus use it. This means that we can keep the safety checks common. This patch
also does additional refactorings in DFG::ByteCodeParser so that we can continue to reuse
handleCall() for all of the various kinds of calls we can now emit.


83% speed-up on getter-richards, 2% speed-up on box2d.


  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/ComplexGetStatus.cpp: Added. (JSC::ComplexGetStatus::computeFor):
  • bytecode/ComplexGetStatus.h: Added. (JSC::ComplexGetStatus::ComplexGetStatus): (JSC::ComplexGetStatus::skip): (JSC::ComplexGetStatus::takesSlowPath): (JSC::ComplexGetStatus::kind): (JSC::ComplexGetStatus::attributes): (JSC::ComplexGetStatus::specificValue): (JSC::ComplexGetStatus::offset): (JSC::ComplexGetStatus::chain):
  • bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeForStubInfo):
  • bytecode/GetByIdVariant.cpp: (JSC::GetByIdVariant::GetByIdVariant):
  • bytecode/PolymorphicPutByIdList.h: (JSC::PutByIdAccess::PutByIdAccess): (JSC::PutByIdAccess::setter): (JSC::PutByIdAccess::structure): (JSC::PutByIdAccess::chainCount):
  • bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::computeFromLLInt): (JSC::PutByIdStatus::computeFor): (JSC::PutByIdStatus::computeForStubInfo): (JSC::PutByIdStatus::makesCalls):
  • bytecode/PutByIdStatus.h: (JSC::PutByIdStatus::makesCalls): Deleted.
  • bytecode/PutByIdVariant.cpp: (JSC::PutByIdVariant::PutByIdVariant): (JSC::PutByIdVariant::operator=): (JSC::PutByIdVariant::replace): (JSC::PutByIdVariant::transition): (JSC::PutByIdVariant::setter): (JSC::PutByIdVariant::writesStructures): (JSC::PutByIdVariant::reallocatesStorage): (JSC::PutByIdVariant::makesCalls): (JSC::PutByIdVariant::dumpInContext):
  • bytecode/PutByIdVariant.h: (JSC::PutByIdVariant::PutByIdVariant): (JSC::PutByIdVariant::structure): (JSC::PutByIdVariant::oldStructure): (JSC::PutByIdVariant::alternateBase): (JSC::PutByIdVariant::specificValue): (JSC::PutByIdVariant::callLinkStatus): (JSC::PutByIdVariant::replace): Deleted. (JSC::PutByIdVariant::transition): Deleted.
  • dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult): (JSC::DFG::ByteCodeParser::addCall): (JSC::DFG::ByteCodeParser::handleCall): (JSC::DFG::ByteCodeParser::handleInlining): (JSC::DFG::ByteCodeParser::handleGetById): (JSC::DFG::ByteCodeParser::handlePutById): (JSC::DFG::ByteCodeParser::parseBlock):
  • jit/Repatch.cpp: (JSC::tryCachePutByID): (JSC::tryBuildPutByIdList):
  • runtime/IntendedStructureChain.cpp: (JSC::IntendedStructureChain::takesSlowPathInDFGForImpureProperty):
  • runtime/IntendedStructureChain.h:
  • tests/stress/exit-from-setter.js: Added.
  • tests/stress/poly-chain-setter.js: Added. (Cons): (foo): (test):
  • tests/stress/poly-chain-then-setter.js: Added. (Cons1): (Cons2): (foo): (test):
  • tests/stress/poly-setter-combo.js: Added. (Cons1): (Cons2): (foo): (test): (.test):
  • tests/stress/poly-setter-then-self.js: Added. (foo): (test): (.test):
  • tests/stress/weird-setter-counter.js: Added. (foo): (test):
  • tests/stress/weird-setter-counter-syntactic.js: Added. (foo): (test):


2014-07-01 Matthew Mirman <mmirman@apple.com>


Added an implementation of the "in" check to FTL.
https://bugs.webkit.org/show_bug.cgi?id=134508


Reviewed by Filip Pizlo.


  • ftl/FTLCapabilities.cpp: enabled compilation for "in" (JSC::FTL::canCompile): ditto
  • ftl/FTLCompile.cpp: (JSC::FTL::generateCheckInICFastPath): added. (JSC::FTL::fixFunctionBasedOnStackMaps): added case for CheckIn descriptors.
  • ftl/FTLInlineCacheDescriptor.h: (JSC::FTL::CheckInGenerator::CheckInGenerator): added. (JSC::FTL::CheckInDescriptor::CheckInDescriptor): added.
  • ftl/FTLInlineCacheSize.cpp: (JSC::FTL::sizeOfCheckIn): added. Currently larger than necessary.
  • ftl/FTLInlineCacheSize.h: ditto
  • ftl/FTLIntrinsicRepository.h: Added function type for operationInGeneric
  • ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileNode): added case for In. (JSC::FTL::LowerDFGToLLVM::compileIn): added.
  • ftl/FTLSlowPathCall.cpp: Added a callOperation for operationIn (JSC::FTL::callOperation): ditto
  • ftl/FTLSlowPathCall.h: ditto
  • ftl/FTLState.h: Added a vector to hold CheckIn descriptors.
  • jit/JITOperations.h: made operationIns internal.
  • tests/stress/ftl-checkin.js: Added.
  • tests/stress/ftl-checkin-variable.js: Added.


2014-06-30 Mark Hahnenberg <mhahnenberg@apple.com>


CodeBlock::stronglyVisitWeakReferences should mark DFG::CommonData::weakStructureReferences
https://bugs.webkit.org/show_bug.cgi?id=134455


Reviewed by Geoffrey Garen.


Otherwise we get hanging pointers which can cause us to die later.


  • bytecode/CodeBlock.cpp: (JSC::CodeBlock::stronglyVisitWeakReferences):


2014-06-27 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Reduce the GC's influence on optimization decisions
https://bugs.webkit.org/show_bug.cgi?id=134427


Reviewed by Oliver Hunt.


This is a slight speed-up on some platforms, that arises from a bunch of fixes that I made
while trying to make the GC keep more structures alive
(https://bugs.webkit.org/show_bug.cgi?id=128072).


The fixes are, roughly:


  • If the GC clears an inline cache, then this no longer causes the IC to be forever polymorphic.


  • If we exit in inlined code into a function that tries to OSR enter, then we jettison sooner.


  • Some variables being uninitialized led to rage-recompilations.


This is a pretty strong step in the direction of keeping more Structures alive and not
blowing away code just because a Structure died. But, it seems like there is still a slight
speed-up to be had from blowing away code that references dead Structures.


  • bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpAssumingJITType): (JSC::shouldMarkTransition): (JSC::CodeBlock::propagateTransitions): (JSC::CodeBlock::determineLiveness):
  • bytecode/GetByIdStatus.cpp: (JSC::GetByIdStatus::computeForStubInfo):
  • bytecode/PutByIdStatus.cpp: (JSC::PutByIdStatus::computeForStubInfo):
  • dfg/DFGCapabilities.cpp: (JSC::DFG::isSupportedForInlining): (JSC::DFG::mightInlineFunctionForCall): (JSC::DFG::mightInlineFunctionForClosureCall): (JSC::DFG::mightInlineFunctionForConstruct):
  • dfg/DFGCapabilities.h:
  • dfg/DFGCommonData.h:
  • dfg/DFGDesiredWeakReferences.cpp: (JSC::DFG::DesiredWeakReferences::reallyAdd):
  • dfg/DFGOSREntry.cpp: (JSC::DFG::prepareOSREntry):
  • dfg/DFGOSRExitCompilerCommon.cpp: (JSC::DFG::handleExitCounts):
  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • ftl/FTLForOSREntryJITCode.cpp: (JSC::FTL::ForOSREntryJITCode::ForOSREntryJITCode): These variables being uninitialized is benign in terms of correctness but can sometimes cause rage-recompilations. For some reason it took this patch to reveal this.
  • ftl/FTLOSREntry.cpp: (JSC::FTL::prepareOSREntry):
  • runtime/Executable.cpp: (JSC::ExecutableBase::destroy): (JSC::NativeExecutable::destroy): (JSC::ScriptExecutable::ScriptExecutable): (JSC::ScriptExecutable::destroy): (JSC::ScriptExecutable::installCode): (JSC::EvalExecutable::EvalExecutable): (JSC::ProgramExecutable::ProgramExecutable):
  • runtime/Executable.h: (JSC::ScriptExecutable::setDidTryToEnterInLoop): (JSC::ScriptExecutable::didTryToEnterInLoop): (JSC::ScriptExecutable::addressOfDidTryToEnterInLoop): (JSC::ScriptExecutable::ScriptExecutable): Deleted.
  • runtime/StructureInlines.h: (JSC::Structure::storedPrototypeObject): (JSC::Structure::storedPrototypeStructure):


2014-06-25 Filip Pizlo <fpizlo@apple.com>


[ftlopt] If a CodeBlock is jettisoned due to a watchpoint then it should be possible to figure out something about that watchpoint
https://bugs.webkit.org/show_bug.cgi?id=134333


Reviewed by Geoffrey Garen.


This is engineered to provide loads of information to the profiler without incurring any
costs when the profiler is disabled. It's the oldest trick in the book: the thing that
fires the watchpoint doesn't actually create anything to describe the reason why it was
fired; instead it creates a stack-allocated FireDetail subclass instance. Only if the
FireDetail::dump() virtual method is called does anything happen.


Currently we use this to produce very fine-grained data for Structure watchpoints and
some cases of variable watchpoints. For all other situations, the given reason is just a
string constant, by using StringFireDetail. If we find a situation where that string
constant is insufficient to diagnose an issue then we can change it to provide more
fine-grained information.


  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/CodeBlock.cpp: (JSC::CodeBlock::CodeBlock): (JSC::CodeBlock::jettison):
  • bytecode/CodeBlock.h:
  • bytecode/CodeBlockJettisoningWatchpoint.cpp: (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
  • bytecode/CodeBlockJettisoningWatchpoint.h:
  • bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp: Removed.
  • bytecode/ProfiledCodeBlockJettisoningWatchpoint.h: Removed.
  • bytecode/StructureStubClearingWatchpoint.cpp: (JSC::StructureStubClearingWatchpoint::fireInternal):
  • bytecode/StructureStubClearingWatchpoint.h:
  • bytecode/VariableWatchpointSet.h: (JSC::VariableWatchpointSet::invalidate): (JSC::VariableWatchpointSet::finalizeUnconditionally):
  • bytecode/VariableWatchpointSetInlines.h: (JSC::VariableWatchpointSet::notifyWrite):
  • bytecode/Watchpoint.cpp: (JSC::StringFireDetail::dump): (JSC::WatchpointSet::fireAll): (JSC::WatchpointSet::fireAllSlow): (JSC::WatchpointSet::fireAllWatchpoints): (JSC::InlineWatchpointSet::fireAll):
  • bytecode/Watchpoint.h: (JSC::FireDetail::FireDetail): (JSC::FireDetail::~FireDetail): (JSC::StringFireDetail::StringFireDetail): (JSC::Watchpoint::fire): (JSC::WatchpointSet::fireAll): (JSC::WatchpointSet::touch): (JSC::WatchpointSet::invalidate): (JSC::InlineWatchpointSet::fireAll): (JSC::InlineWatchpointSet::touch):
  • dfg/DFGCommonData.h:
  • dfg/DFGOperations.cpp:
  • interpreter/Interpreter.cpp: (JSC::Interpreter::execute):
  • jsc.cpp: (WTF::Masquerader::create):
  • profiler/ProfilerCompilation.cpp: (JSC::Profiler::Compilation::setJettisonReason): (JSC::Profiler::Compilation::toJS):
  • profiler/ProfilerCompilation.h: (JSC::Profiler::Compilation::setJettisonReason): Deleted.
  • runtime/ArrayBuffer.cpp: (JSC::ArrayBuffer::transfer):
  • runtime/ArrayBufferNeuteringWatchpoint.cpp: (JSC::ArrayBufferNeuteringWatchpoint::fireAll):
  • runtime/ArrayBufferNeuteringWatchpoint.h:
  • runtime/CommonIdentifiers.h:
  • runtime/CommonSlowPaths.cpp: (JSC::SLOW_PATH_DECL):
  • runtime/Identifier.cpp: (JSC::Identifier::dump):
  • runtime/Identifier.h:
  • runtime/JSFunction.cpp: (JSC::JSFunction::put): (JSC::JSFunction::defineOwnProperty):
  • runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::addFunction): (JSC::JSGlobalObject::haveABadTime):
  • runtime/JSSymbolTableObject.cpp: (JSC::VariableWriteFireDetail::dump):
  • runtime/JSSymbolTableObject.h: (JSC::VariableWriteFireDetail::VariableWriteFireDetail): (JSC::symbolTablePut): (JSC::symbolTablePutWithAttributes):
  • runtime/PropertyName.h: (JSC::PropertyName::dump):
  • runtime/Structure.cpp: (JSC::Structure::notifyTransitionFromThisStructure):
  • runtime/Structure.h: (JSC::Structure::notifyTransitionFromThisStructure): Deleted.
  • runtime/SymbolTable.cpp: (JSC::SymbolTableEntry::notifyWriteSlow): (JSC::SymbolTable::WatchpointCleanup::finalizeUnconditionally):
  • runtime/SymbolTable.h: (JSC::SymbolTableEntry::notifyWrite):
  • runtime/VM.cpp: (JSC::VM::addImpureProperty):

Source/WebCore:

2014-07-01 Mark Lam <mark.lam@apple.com>


[ftlopt] DebuggerCallFrame::scope() should return a DebuggerScope.
<https://webkit.org/b/134420>


Reviewed by Geoffrey Garen.


No new tests.


  • ForwardingHeaders/debugger/DebuggerCallFrame.h: Removed.
  • This is not in use. Hence, we can remove it.
  • bindings/js/ScriptController.cpp: (WebCore::ScriptController::attachDebugger):
  • We should acquire the JSLock before modifying a JS global object.


2014-06-25 Filip Pizlo <fpizlo@apple.com>


[ftlopt] If a CodeBlock is jettisoned due to a watchpoint then it should be possible to figure out something about that watchpoint
https://bugs.webkit.org/show_bug.cgi?id=134333


Reviewed by Geoffrey Garen.


No new tests because no change in behavior.


  • bindings/scripts/CodeGeneratorJS.pm: (GenerateHeader):

Tools:

2014-06-25 Filip Pizlo <fpizlo@apple.com>


[ftlopt] If a CodeBlock is jettisoned due to a watchpoint then it should be possible to figure out something about that watchpoint
https://bugs.webkit.org/show_bug.cgi?id=134333


Reviewed by Geoffrey Garen.


  • Scripts/display-profiler-output:

LayoutTests:

2014-07-16 Mark Hahnenberg <mhahnenberg@apple.com>


sputnik/Implementation_Diagnostics/S12.6.4_D1.html depends on undefined behavior
https://bugs.webkit.org/show_bug.cgi?id=135007


Reviewed by Filip Pizlo.


EcmaScript 5.1 specifies that during for-in enumeration newly added properties may or may not be
visited during the current enumeration. Specifically, in section 12.6.4 the spec states:


"If new properties are added to the object being enumerated during enumeration, the newly added properties
are not guaranteed to be visited in the active enumeration."


The sputnik/Implementation_Diagnostics/S12.6.4_D1.html layout test is from before sputnik was added
to the test262 suite. I believe it has since been removed, so it would probably be okay to remove it
from our layout test suite.


  • sputnik/Implementation_Diagnostics/S12.6.4_D1-expected.txt: Removed.
  • sputnik/Implementation_Diagnostics/S12.6.4_D1.html: Removed.


2014-07-13 Filip Pizlo <fpizlo@apple.com>


[ftlopt] DFG should be able to do GCSE in SSA and this should be unified with the CSE in CPS, and both of these things should use abstract heaps for reasoning about effects
https://bugs.webkit.org/show_bug.cgi?id=134677


Reviewed by Sam Weinig.


  • js/regress/gcse-expected.txt: Added.
  • js/regress/gcse-poly-get-expected.txt: Added.
  • js/regress/gcse-poly-get-less-obvious-expected.txt: Added.
  • js/regress/gcse-poly-get-less-obvious.html: Added.
  • js/regress/gcse-poly-get.html: Added.
  • js/regress/gcse.html: Added.
  • js/regress/script-tests/gcse-poly-get-less-obvious.js: Added.
  • js/regress/script-tests/gcse-poly-get.js: Added.
  • js/regress/script-tests/gcse.js: Added.


2014-07-04 Filip Pizlo <fpizlo@apple.com>


[ftlopt] Infer immutable object properties
https://bugs.webkit.org/show_bug.cgi?id=134567


Reviewed by Mark Hahnenberg.


  • js/regress/infer-constant-global-property-expected.txt: Added.
  • js/regress/infer-constant-global-property.html: Added.
  • js/regress/infer-constant-property-expected.txt: Added.
  • js/regress/infer-constant-property.html: Added.
  • js/regress/script-tests/infer-constant-global-property.js: Added.
  • js/regress/script-tests/infer-constant-property.js: Added.
10:20 PM Changeset in webkit [172128] by ryuan.choi@samsung.com
  • 2 edits in trunk/Source/WebCore

Build break since r172093
https://bugs.webkit.org/show_bug.cgi?id=135636

Reviewed by Gyuyoung Kim.

Since r172093, AbstractView.idl is added in CMake Build but CodeGeneratorJS.pm does not take care of it.

No new tests required, no new functionality.

  • bindings/scripts/CodeGeneratorJS.pm:

(ShouldGenerateToJSDeclaration):
(ShouldGenerateToJSImplementation):
(GetImplClassName): Added to rename implClassName to DOMWindow if interface name is AbstractView.
(GenerateHeader):
(GenerateImplementation):

10:13 PM Changeset in webkit [172127] by Lucas Forschler
  • 5 edits in branches/safari-600.1-branch/Source

Versioning.

10:09 PM Changeset in webkit [172126] by Lucas Forschler
  • 1 copy in tags/Safari-600.1.7

New Tag.

9:53 PM Changeset in webkit [172125] by dburkart@apple.com
  • 5 edits in tags/Safari-600.1.2.7/Source

Versioning.

9:25 PM Changeset in webkit [172124] by dburkart@apple.com
  • 2 edits in tags/Safari-600.1.2.7/Source/WebCore

Merge r172114 <rdar://problem/17925495>.

9:21 PM Changeset in webkit [172123] by dburkart@apple.com
  • 2 edits in tags/Safari-600.1.2.7/WebKitLibraries

Merge Patch for <rdar://problem/17923227>.

9:18 PM Changeset in webkit [172122] by dburkart@apple.com
  • 1 copy in tags/Safari-600.1.2.7

New Tag

8:27 PM Changeset in webkit [172121] by dburkart@apple.com
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merge r172114

7:30 PM Changeset in webkit [172120] by commit-queue@webkit.org
  • 4 edits
    3 deletes in trunk

Unreviewed, rolling out r172099.
https://bugs.webkit.org/show_bug.cgi?id=135635

Needs a do-over. (Requested by kling on #webkit).

Reverted changeset:

"The JIT should cache property lookup misses."
https://bugs.webkit.org/show_bug.cgi?id=135578
http://trac.webkit.org/changeset/172099

7:19 PM Changeset in webkit [172119] by commit-queue@webkit.org
  • 3 edits
    4 adds
    1 delete in trunk

[CG] strokeRect does not honor lineJoin
https://bugs.webkit.org/show_bug.cgi?id=132948

Patch by Nikos Andronikos <nikos.andronikos-webkit@cisra.canon.com.au> on 2014-08-05
Reviewed by Darin Adler.

Source/WebCore:

Replaced use of CGContextStrokeRectWithWidth convenience function with explicit
call to CGContextAddRect and CGContextStrokePath. The convenience functions
CGContextStrokeRect and CGContextStrokeRectWithWidth fail to apply some attributes
(e.g. stroke join) of the graphics state in certain cases.

Test: fast/canvas/canvas-strokeRect-lineJoin.html

  • platform/graphics/cg/GraphicsContextCG.cpp:

(WebCore::GraphicsContext::strokeRect):

LayoutTests:

Test behavior of canvas with stroke rect with line join

  • fast/canvas/canvas-strokeRect-lineJoin-expected.txt: Added.
  • fast/canvas/canvas-strokeRect-lineJoin.html: Added.
  • fast/canvas/script-tests/canvas-strokeRect-lineJoin.js: Added.
  • platform/mac-mountainlion/canvas/philip/tests/2d.strokeRect.zero.5-expected.txt: Added.
  • platform/mac/fast/canvas/canvas-strokeRect-alpha-shadow-expected.txt: Removed.
6:39 PM Changeset in webkit [172118] by dfarler@apple.com
  • 3 edits in trunk/Tools

[iOS] Run ImageDiff in the sim bootstrap
https://bugs.webkit.org/show_bug.cgi?id=135624

Reviewed by David Kilzer.

  • Scripts/webkitpy/port/image_diff.py:

(ImageDiffer.stop):
(IOSSimulatorImageDiffer):
(IOSSimulatorImageDiffer._start):

  • Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.diff_image):

6:38 PM Changeset in webkit [172117] by dfarler@apple.com
  • 2 edits
    3 adds in trunk/Tools

[iOS] run-webkit-tests: defaults for --runtime and --device-type flags
https://bugs.webkit.org/show_bug.cgi?id=135441

Reviewed by Tim Horton.

  • Scripts/webkitpy/layout_tests/run_webkit_tests.py:

(parse_args):
(_set_up_derived_options):
If using the ios-simulator platform and runtime or device-type
aren't defined, get the latest runtime from the active Xcode.app
and pick a default device type based on the desired architecture:
iPhone 5 for i386 and iPhone 5s for x86_64.

  • Scripts/webkitpy/xcode/init.py: Added.
  • Scripts/webkitpy/xcode/simulator.py: Added.
6:30 PM Changeset in webkit [172116] by Bem Jones-Bey
  • 4 edits in trunk/LayoutTests

[GTK] [CSS Shapes] Layout test fast/shapes/shape-outside-floats/shape-outside-image-shape-margin.html fails
https://bugs.webkit.org/show_bug.cgi?id=135585

Reviewed by Zoltan Horvath.

The positioning was dependent on the font metrics of the <p> tag,
which differs between platforms. This fixes that, which should make
the test pass on all platforms.

  • fast/shapes/shape-outside-floats/shape-outside-image-shape-margin-expected.html:
  • fast/shapes/shape-outside-floats/shape-outside-image-shape-margin.html:
  • platform/gtk/TestExpectations:
6:07 PM Changeset in webkit [172115] by dfarler@apple.com
  • 2 edits in trunk/Tools

[iOS] simctl can hang if run quickly after shutting down CoreSimulator services
https://bugs.webkit.org/show_bug.cgi?id=135626

Reviewed by Dan Bernstein.

  • Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.setup_test_run):
Remove call to simctl shutdown <device> - telling the simulator app to quit
will shut down all booted devices.

6:06 PM Changeset in webkit [172114] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

[Win] Build attempts to use ANGLE when not building WebGL.
https://bugs.webkit.org/show_bug.cgi?id=135630
<rdar://problem/135630>

Unreviewed build fix.

  • platform/graphics/win/GraphicsContext3DWin.cpp: Move #include of GraphicsContext3D.h

inside USE(3D_GRAPHICS) guard.

6:02 PM Changeset in webkit [172113] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Fix resource leak of unclosed file descriptor.
https://bugs.webkit.org/show_bug.cgi?id=135417

Patch by Przemyslaw Kuczynski <p.kuczynski@samsung.com> on 2014-08-05
Reviewed by Darin Adler.

When open returns zero, fd handle leaks. Checking (fd > 0) needs to be replaced
with (fd != -1).

  • assembler/MacroAssemblerARM.cpp:

(JSC::isVFPPresent):

5:54 PM Changeset in webkit [172112] by Simon Fraser
  • 3 edits
    4 adds in trunk

[iOS WK2] Crash going back on a specific tumblr blog (under ScrollingStateTree::removeNodeAndAllDescendants)
https://bugs.webkit.org/show_bug.cgi?id=135629
<rdar://problem/17802174>

Reviewed by Tim Horton.

Source/WebCore:

In r170198 I added an "orphan scrolling nodes" code path that sets aside subtrees
of scrolling nodes into an m_orphanedSubframeNodes map, which keeps them alive until
they get reparented or destroyed. The nodes in that subtree remain in m_stateNodeMap,
which holds raw pointers to them.

However, ScrollingStateTree::commit() can clear m_orphanedSubframeNodes, which is
sometimes non-empty at this point. When that happened, we would destroy nodes which
were still referenced by m_stateNodeMap, with the result that a later query for the
same nodeID would hand back a pointer to a deleted object.

Fix by calling recursiveNodeWillBeRemoved() on nodes in the m_orphanedSubframeNodes
before clearing it, which removes them and all their descendants from the state node map.

Test: platform/mac-wk2/tiled-drawing/scrolling/frames/orphaned-subtree.html

  • page/scrolling/ScrollingStateTree.cpp:

(WebCore::ScrollingStateTree::clear):
(WebCore::ScrollingStateTree::commit):

LayoutTests:

Testcase with nesting of frames inside fixed inside frames, where a subframe disconnects
part of the scrolling tree.

  • platform/mac-wk2/tiled-drawing/scrolling/frames/orphaned-subtree-expected.txt: Added.
  • platform/mac-wk2/tiled-drawing/scrolling/frames/orphaned-subtree.html: Added.
  • platform/mac-wk2/tiled-drawing/scrolling/frames/resources/leaf-frame.html: Added.
  • platform/mac-wk2/tiled-drawing/scrolling/frames/resources/subframe-inside-fixed.html: Added.
4:44 PM Changeset in webkit [172111] by Lucas Forschler
  • 14 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r172104. <rdar://problem/17202556>

4:40 PM Changeset in webkit [172110] by commit-queue@webkit.org
  • 8 edits in trunk/Source/WebCore

Add the ability to force text to render in white, not just black
https://bugs.webkit.org/show_bug.cgi?id=135625

Patch by Peyton Randolph <prandolph@apple.com> on 2014-08-05
Reviewed by Beth Dakin.

This patch introduces PaintBehaviorForceWhiteText, a complement to PaintBehaviorForceBlackText. If
a client specifies both PaintBehaviorForceWhiteText and PaintBehaviorForceBlackText, the text will be
painted black.

No new tests.

  • rendering/EllipsisBox.cpp:

(WebCore::EllipsisBox::paint): Use the forced text color to paint the text if requested.

  • rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paint): Disable the text shadow if a text color has been forced.

  • rendering/PaintInfo.h:

(WebCore::PaintInfo::forceTextColor):
Return true iff the client has requested to force a black or white text color.
(WebCore::PaintInfo::forceWhiteText):
Return true iff forcing white text has been requested.
(WebCore::PaintInfo::forcedTextColor):
Return the forced text color. Currently only white and black are supported.

  • rendering/PaintPhase.h:
  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::paintLayerContents): Remove the forceBlackText-related code as it is redundant.
(WebCore::RenderLayer::paintForegroundForFragments):
Remove forceBlackText parameter and infer the correct behavior from the given paint behavior.

  • rendering/RenderLayer.h:
  • rendering/TextPaintStyle.cpp:

(WebCore::computeTextPaintStyle): Use the forced text color if available.
(WebCore::computeTextSelectionPaintStyle): Use the forced text color if available.

4:39 PM Changeset in webkit [172109] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172083. <rdar://problem/17849206>

4:38 PM Changeset in webkit [172108] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172053. <rdar://problem/17876385>

4:36 PM Changeset in webkit [172107] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172039. <rdar://problem/17876385>

4:34 PM Changeset in webkit [172106] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r172034. <rdar://problem/17864079>

4:32 PM Changeset in webkit [172105] by Lucas Forschler
  • 8 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r172031. <rdar://problem/17864079>

4:32 PM Changeset in webkit [172104] by timothy_horton@apple.com
  • 14 edits in trunk/Source/WebKit2

REGRESSION (r164337): Pages are sometimes cut off/oriented incorrectly after using WKThumbnailView
https://bugs.webkit.org/show_bug.cgi?id=135622
<rdar://problem/17202556>

Reviewed by Dan Bernstein.

In some cases (when the page changed scroll offset while thumbnailed),
when transitioning back to thumbnail scale = 1, we would get the math
wrong and end up with a non-identity sublayerTransform on the DrawingArea.

Luckily, none of this code is necessary anymore, as the only client
of WKThumbnailView only uses its snapshotting mode.

  • Shared/ImageOptions.h:

Remove SnapshotOptionsRespectDrawingAreaTransform; DrawingArea no longer
has a rootLayerTransform().

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::setThumbnailScale): Deleted.

  • UIProcess/WebPageProxy.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::scaledSnapshotWithOptions):
(WebKit::WebPage::snapshotAtSize):

(WebKit::WebPage::setThumbnailScale): Deleted.

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:

Remove setThumbnailScale and SnapshotOptionsRespectDrawingAreaTransform.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::didCommitLoad):
Revert this to its state before r164337, as we no longer have "thumbnail scale".

  • UIProcess/API/Cocoa/_WKThumbnailView.h:
  • UIProcess/API/Cocoa/_WKThumbnailView.mm:

(-[_WKThumbnailView initWithFrame:fromWKView:]):
(-[_WKThumbnailView _viewWasUnparented]):
(-[_WKThumbnailView _viewWasParented]):
(-[_WKThumbnailView _requestSnapshotIfNeeded]):
(-[_WKThumbnailView setScale:]):
Clean up code assuming _shouldApplyThumbnailScale = NO, _usesSnapshot = YES.

(-[_WKThumbnailView setUsesSnapshot:]):
(-[_WKThumbnailView usesSnapshot]):
Always return YES from usesSnapshot; we only support snapshotting WKThumbnailViews.
Ignore setUsesSnapshot.

  • UIProcess/API/mac/WKView.mm:

(-[WKView _setThumbnailView:]):
(-[WKView _updateThumbnailViewLayer]):
Stop checking usesSnapshot; it's always true.

  • WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
  • WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::setRootLayerTransform): Deleted.

  • WebProcess/WebPage/DrawingArea.cpp:

(WebKit::DrawingArea::rootLayerTransform): Deleted.

  • WebProcess/WebPage/DrawingArea.h:

(WebKit::DrawingArea::setRootLayerTransform): Deleted.
Remove rootLayerTransform() and setRootLayerTransform().

4:29 PM Changeset in webkit [172103] by Lucas Forschler
  • 4 edits in branches/safari-600.1-branch/Source

Merged r172016. <rdar://problem/17896295>

4:27 PM Changeset in webkit [172102] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/WebKitLibraries

Merge Patch for <rdar://problem/17923227>.

4:15 PM Changeset in webkit [172101] by matthew_hanson@apple.com
  • 5 edits in branches/safari-600.1.4-branch/Source

Versioning.

4:13 PM Changeset in webkit [172100] by matthew_hanson@apple.com
  • 1 copy in tags/Safari-600.1.4.6

New Tag.

4:10 PM Changeset in webkit [172099] by akling@apple.com
  • 4 edits
    3 adds in trunk

The JIT should cache property lookup misses.
<https://webkit.org/b/135578>

Source/JavaScriptCore:

Add support for inline caching of object properties that don't exist.
Previously we'd fall back to the C++ slow-path whenever a property was missing.

It's implemented as a simple GetById-style stub that returns jsUndefined() as
long as the Structure chain check passes.

10x speedup on the included microbenchmark.

Reviewed by Geoffrey Garen.

  • jit/Repatch.cpp:

(JSC::toString):
(JSC::kindFor):
(JSC::generateByIdStub):
(JSC::tryCacheGetByID):
(JSC::patchJumpToGetByIdStub):

  • runtime/PropertySlot.h:

(JSC::PropertySlot::isUnset):

LayoutTests:

Add a JS microbenchmark that accesses an undefined property in a hot loop.

Reviewed by Geoffrey Garen.

  • js/regress/script-tests/undefined-property-access.js: Added.

(foo):

  • js/regress/undefined-property-access-expected.txt: Added.
  • js/regress/undefined-property-access.html: Added.
4:06 PM Changeset in webkit [172098] by commit-queue@webkit.org
  • 4 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r172009.
https://bugs.webkit.org/show_bug.cgi?id=135627

"Commit landed on trunk instead of ftlopt branch." (Requested
by saamyjoon on #webkit).

Reverted changeset:

"Create a more generic way for VMEntryScope to notify those
interested that it will be destroyed"
https://bugs.webkit.org/show_bug.cgi?id=135358
http://trac.webkit.org/changeset/172009

4:00 PM Changeset in webkit [172097] by ap@apple.com
  • 2 edits in trunk/Tools

Remove an unused argument from BuildbotQueue.update()
https://bugs.webkit.org/show_bug.cgi?id=135623

Reviewed by Timothy Hatcher.

Also remaned a constant to better match what it means.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotQueue.js:
3:43 PM Changeset in webkit [172096] by Lucas Forschler
  • 3 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172032. <rdar://problem/17856763>

3:41 PM Changeset in webkit [172095] by Lucas Forschler
  • 5 edits in branches/safari-600.1-branch

Merged r172028. <rdar://problem/17072113>

3:32 PM Changeset in webkit [172094] by Brian Burg
  • 19 edits in trunk/Source/WebInspectorUI

Web Inspector: support storing multiple timeline recordings in the manager
https://bugs.webkit.org/show_bug.cgi?id=132875

Reviewed by Timothy Hatcher.

This patch adds support for capturing multiple timeline recordings and switching
between them in the user interface using hierarchical path components.

  • Localizations/en.lproj/localizedStrings.js:
  • UserInterface/Base/Main.js:

(WebInspector.contentLoaded): Remove hard-coded priming of the timeline sidebar panel.
Instead, load the first recording in the timeline manager after the initial load.

(WebInspector._revealAndSelectRepresentedObjectInNavigationSidebar): Don't suppress
onselect events when selecting the tree element for a newly shown content view. This
allows the sidebar to sync the current content view and timeline tree element selection
with what is displayed in the content browser.

  • UserInterface/Controllers/TimelineManager.js: Add two new events, RecordingCreated and

RecordingLoaded. A recording is considered active when any new records recieved will be
appended to that recording. The user interface is not necessarily viewing the active
recording.

(WebInspector.TimelineManager.delayedWork):
(WebInspector.TimelineManager): Keep a list of recordings, and load the first recording
asynchronously so that everyone can add an event listener for it.

(WebInspector.TimelineManager.prototype.get activeRecording):
(WebInspector.TimelineManager.prototype.get recordings):
(WebInspector.TimelineManager.prototype.startCapturing):
(WebInspector.TimelineManager.prototype.stopCapturing): Use promises to make the iOS 7
fallback path better match the async semantics of the non-fallback path.

(WebInspector.TimelineManager.prototype.unloadRecording):
(WebInspector.TimelineManager.prototype._loadNewRecording): Stop capturing and unload
any existing recording before creating and loading a new recording.

(WebInspector.TimelineManager.prototype._startAutoCapturing): Create a new recording
rather than resetting the current recording.

  • UserInterface/Models/NetworkTimeline.js:

(WebInspector.NetworkTimeline):

  • UserInterface/Models/Timeline.js:

(WebInspector.Timeline):
(WebInspector.Timeline.prototype.get type): Each timeline stores its TimelineRecord.Type
so that other code can create type-specific views using the Timeline as a representedObject.

  • UserInterface/Models/TimelineRecording.js: For each recording, add new state for a unique identifier,

display string, and an isWritable flag. Once a recording is unloaded, it becomes read-only.
(WebInspector.TimelineRecording.prototype.get displayName):
(WebInspector.TimelineRecording.prototype.get identifier):
(WebInspector.TimelineRecording.prototype.isWritable):
(WebInspector.TimelineRecording.prototype.unloaded):
(WebInspector.TimelineRecording.prototype.reset): A recording can only be reset if it is writable.

  • UserInterface/Protocol/InspectorFrontendAPI.js:

(InspectorFrontendAPI.setTimelineProfilingEnabled): Don't make redundant start/stop capturing calls.

  • UserInterface/Views/LayoutTimelineOverviewGraph.js: Use a timeline as the representedObject for all

timeline-specific graphs and views. Otherwise, use the recording.
(WebInspector.LayoutTimelineOverviewGraph):

  • UserInterface/Views/LayoutTimelineView.js:

(WebInspector.LayoutTimelineView):
(WebInspector.LayoutTimelineView.prototype._treeElementSelected):

  • UserInterface/Views/NetworkTimelineOverviewGraph.js:

(WebInspector.NetworkTimelineOverviewGraph):

  • UserInterface/Views/NetworkTimelineView.js:

(WebInspector.NetworkTimelineView):

  • UserInterface/Views/OverviewTimelineView.js:

(WebInspector.OverviewTimelineView.prototype._networkTimelineRecordAdded):

  • UserInterface/Views/ScriptTimelineOverviewGraph.js:

(WebInspector.ScriptTimelineOverviewGraph):

  • UserInterface/Views/ScriptTimelineView.js:

(WebInspector.ScriptTimelineView):
(WebInspector.ScriptTimelineView.prototype._treeElementSelected):

  • UserInterface/Views/TimelineContentView.js: Iterate over timeline objects when setting up maps. Use timelines

as keys rather than their type identifiers.
(WebInspector.TimelineContentView.prototype.showTimelineViewForTimeline): Renamed from showTimelineView. This
function takes a Timeline instance rather than an identifier, since the conten view is specific to one recording.
(WebInspector.TimelineContentView.prototype.get selectionPathComponents): Match types against the currently
visible timeline's representedObject.
(WebInspector.TimelineContentView.prototype.get currentTimelineView): Used by the sidebar panel to sync timeline
tree element selections to TimelineView shown by the TimelineContentView.
(WebInspector.TimelineContentView.prototype.shown): Sync enablement of the "Clear Timelines" button to recording
read-only state.

(WebInspector.TimelineContentView.prototype.saveToCookie):
(WebInspector.TimelineContentView.prototype.restoreFromCookie): Added. Only handle saving/restoring the subview.

(WebInspector.TimelineContentView.prototype._pathComponentSelected):
(WebInspector.TimelineContentView.prototype._showTimelineView): Relax the early return so that timeline views
and content tree outlines are reattached when re-navigating to the same timeline view via back-forward entries.
(WebInspector.TimelineContentView.prototype.showTimelineView): Deleted.

  • UserInterface/Views/TimelineOverviewGraph.js:

(WebInspector.TimelineOverviewGraph):

  • UserInterface/Views/TimelineSidebarPanel.js:

(WebInspector.TimelineSidebarPanel): Keep a tree outline and tree element map for storing available recordings.
(WebInspector.TimelineSidebarPanel.createTimelineTreeElement):
(WebInspector.TimelineSidebarPanel.prototype.shown): Added.
(WebInspector.TimelineSidebarPanel.prototype.showDefaultContentView): Add a guard.
(WebInspector.TimelineSidebarPanel.prototype.get hasSelectedElement): Added. Selected recording tree elements
should be considered when deciding whether a represented object has been selected in the sidebar panel.

(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject.looselyCompareRepresentedObjects):
(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject.get if):
(WebInspector.TimelineSidebarPanel.prototype.treeElementForRepresentedObject):
(WebInspector.TimelineSidebarPanel.prototype.showTimelineOverview):
(WebInspector.TimelineSidebarPanel.prototype.showTimelineViewForType): Renamed to explicit take a type identifier.
Delegate the actual showing of the timeline view to the onselect handler for the timelines tree outline.

(WebInspector.TimelineSidebarPanel.prototype.matchTreeElementAgainstCustomFilters):
(WebInspector.TimelineSidebarPanel.prototype.saveStateToCookie): Fix a typo.
(WebInspector.TimelineSidebarPanel.prototype.restoreStateFromCookie): Fix a typo.
(WebInspector.TimelineSidebarPanel.prototype._recordingsTreeElementSelected): Sync the currently displayed
recording object and content view, and sync the selected tree element to the displayed timeline subview.

(WebInspector.TimelineSidebarPanel.prototype._timelinesTreeElementSelected): If this is a user action, show the timeline.
(WebInspector.TimelineSidebarPanel.prototype._contentBrowserCurrentContentViewDidChange): Use classList.toggle().
(WebInspector.TimelineSidebarPanel.prototype._recordingCreated): Dynamically add new recordings to the interface.
(WebInspector.TimelineSidebarPanel.prototype._recordingLoaded): Automatically show recordings when they are loaded.
(WebInspector.TimelineSidebarPanel.prototype._recordGlyphClicked): Shift+click will force-create a new recording.
(WebInspector.TimelineSidebarPanel.prototype.initialize): Deleted.

  • UserInterface/Views/TimelineView.js:

(WebInspector.TimelineView):
(WebInspector.TimelineView.prototype.get representedObject):

3:28 PM Changeset in webkit [172093] by achristensen@apple.com
  • 13 edits in trunk

More work on CMake.
https://bugs.webkit.org/show_bug.cgi?id=135620

.:
Reviewed by Laszlo Gombos.

  • Source/cmake/OptionsMac.cmake:

Use UDIS86 by default on Mac.

Source/JavaScriptCore:
Reviewed by Laszlo Gombos.

  • CMakeLists.txt:

Added missing source files.

  • PlatformEfl.cmake:
  • PlatformGTK.cmake:

Include glib directories and libraries to find glib.h in EventLoop.cpp.

  • PlatformMac.cmake:

Moved STATICALLY_LINKED_WITH_WTF definition away from the common CMakeLists
because it should not be defined on Windows.
Added remote inspector source files.

Source/WebCore:
Reviewed by Reviewed by Laszlo Gombos.

  • CMakeLists.txt:

Added missing idls.

  • PlatformMac.cmake:

Added additional include directories and source files.

  • css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
  • css/makeSelectorPseudoElementsMap.py:

The Windows distribution of gperf doesn't like single quotes for its key-positions parameters.

  • page/Chrome.h:

Compile fix.

3:27 PM Changeset in webkit [172092] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172026. <rdar://problem/17810998>

3:24 PM Changeset in webkit [172091] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172018. <rdar://problem/17837636>

3:18 PM Changeset in webkit [172090] by Lucas Forschler
  • 4 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172013. <rdar://problem/17837636>

3:15 PM Changeset in webkit [172089] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merge r172083. <rdar://problem/17849206>

3:12 PM Changeset in webkit [172088] by matthew_hanson@apple.com
  • 4 edits in branches/safari-600.1.4-branch/Source

Roll out r172035. <rdar://problem/17869353>

2:56 PM Changeset in webkit [172087] by Brian Burg
  • 7 edits in trunk/Source

Web Inspector: ReplayManager shouldn't assume replay status when the inspector is opened
https://bugs.webkit.org/show_bug.cgi?id=135212

Reviewed by Timothy Hatcher.

Source/WebCore:

The frontend should be able to introspect the session and segment state machines,
currently loaded segment and session identifiers, and replay position.

  • inspector/InspectorReplayAgent.cpp:

(WebCore::buildInspectorObjectForSessionState): Added.
(WebCore::buildInspectorObjectForSegmentState): Added.
(WebCore::InspectorReplayAgent::currentReplayState): Added.

  • inspector/InspectorReplayAgent.h:
  • inspector/protocol/Replay.json: Add currentReplayState query command.
  • replay/ReplayController.h: Add some accessors.

Source/WebInspectorUI:

The inspector could be closed and reopened at any point during capturing or replaying.
ReplayManager should query the current state on initialization rather than assuming
that the replay controller is still in its initial state.

ReplayManager's initialization code requires querying the backend for the current replay
state. This could race with replay protocol events that mutate the manager's state before
it is fully initialized, leading to undefined behavior.

To mitigate this, all protocol event handlers (called by ReplayObserver) are wrapped
with a guard that enqueues the callback if initialization is not yet complete. This
queue is implemented via multiple then-chaining of a shared 'initialization' promise
which resolves when initialization completes.

  • UserInterface/Controllers/ReplayManager.js:

(WebInspector.ReplayManager.then):
(WebInspector.ReplayManager.catch):
(WebInspector.ReplayManager): Rewrite the initialization code to first query the replay
state, set the initialization flag to true, and then request and update session records.
The sessions must be loaded after querying initial state because ReplayManager.sessionCreated
requires replay state to be initialized.

(WebInspector.ReplayManager.prototype.get sessionState):
(WebInspector.ReplayManager.prototype.get segmentState):
(WebInspector.ReplayManager.prototype.get activeSessionIdentifier):
(WebInspector.ReplayManager.prototype.get activeSegmentIdentifier):
(WebInspector.ReplayManager.prototype.get playbackSpeed):
(WebInspector.ReplayManager.prototype.set playbackSpeed):
(WebInspector.ReplayManager.prototype.get currentPosition): Add assertions to catch uses of
manager state before the manager is fully initialized.

(WebInspector.ReplayManager.prototype.waitUntilInitialized): Added. It returns a shared promise
that is fulfilled when initialization is complete.

(WebInspector.ReplayManager.prototype.captureStarted):
(WebInspector.ReplayManager.prototype.captureStopped):
(WebInspector.ReplayManager.prototype.playbackStarted):
(WebInspector.ReplayManager.prototype.playbackHitPosition):
(WebInspector.ReplayManager.prototype.playbackPaused):
(WebInspector.ReplayManager.prototype.playbackFinished):
(WebInspector.ReplayManager.prototype.sessionModified):
(WebInspector.ReplayManager.prototype.sessionLoaded):
(WebInspector.ReplayManager.prototype.segmentCompleted.set catch):
(WebInspector.ReplayManager.prototype.segmentCompleted):
(WebInspector.ReplayManager.prototype.segmentRemoved.then):
(WebInspector.ReplayManager.prototype.segmentRemoved):
(WebInspector.ReplayManager.prototype.segmentLoaded): Add initialization guards.

2:41 PM Changeset in webkit [172086] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172006. <rdar://problem/17856494>

2:39 PM Changeset in webkit [172085] by Lucas Forschler
  • 12 edits in branches/safari-600.1-branch/Source

Merged r171973. <rdar://problem/17834694>

2:37 PM Changeset in webkit [172084] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171959. <rdar://problem/17671574>

2:33 PM Changeset in webkit [172083] by dino@apple.com
  • 2 edits in trunk/Source/WebCore

[iOS] Media controls layout incorrectly in RTL content
https://bugs.webkit.org/show_bug.cgi?id=135621
<rdar://problem/17849206>

Reviewed by Eric Carlson.

Media controls should always layout in LTR mode, even when the
page content is RTL. There already was a rule to do this on
non-iOS systems, but it wasn't getting included for iOS.
In this case I put the rule on the composited parent of the
controls in order to maintain the padding of the control panel.
This should still leave the captions unaffected.

  • Modules/mediacontrols/mediaControlsiOS.css:

(video::-webkit-media-controls-panel-composited-parent): Add direction: ltr.

2:33 PM Changeset in webkit [172082] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171952. <rdar://problem/17850323>

2:31 PM Changeset in webkit [172081] by Lucas Forschler
  • 7 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171951. <rdar://problem/17850323>

2:28 PM Changeset in webkit [172080] by Brian Burg
  • 7 edits in trunk/Source

Web Replay: rename protocol methods for getting replay session/segment data
https://bugs.webkit.org/show_bug.cgi?id=135618

Reviewed by Timothy Hatcher.

Source/WebCore:

  • inspector/InspectorReplayAgent.cpp:

(WebCore::InspectorReplayAgent::getSessionData):
(WebCore::InspectorReplayAgent::getSegmentData):
(WebCore::InspectorReplayAgent::getSerializedSession): Deleted.
(WebCore::InspectorReplayAgent::getSerializedSegment): Deleted.

  • inspector/InspectorReplayAgent.h:
  • inspector/protocol/Replay.json:

Source/WebInspectorUI:

  • UserInterface/Controllers/ReplayManager.js:

(WebInspector.ReplayManager.prototype.getSession.get var):
(WebInspector.ReplayManager.prototype.getSegment.get var):

  • UserInterface/Models/ReplaySession.js:

(WebInspector.ReplaySession.prototype.segmentsChanged):

2:21 PM Changeset in webkit [172079] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171949. <rdar://problem/17474290>

2:19 PM Changeset in webkit [172078] by Lucas Forschler
  • 5 edits in branches/safari-600.1-branch/Source/JavaScriptCore

Merged r171946. <rdar://problem/17474290>

2:14 PM Changeset in webkit [172077] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r172047. <rdar://problem/17879156>

2:12 PM Changeset in webkit [172076] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171944. <rdar://problem/17879156>

2:10 PM Changeset in webkit [172075] by Lucas Forschler
  • 9 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171943. <rdar://problem/17869279>

2:08 PM Changeset in webkit [172074] by Lucas Forschler
  • 5 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merged r171940. <rdar://problem/17886998>

2:06 PM Changeset in webkit [172073] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171937. <rdar://problem/17876699>

2:05 PM Changeset in webkit [172072] by Lucas Forschler
  • 6 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171928. <rdar://problem/17862013>

2:02 PM Changeset in webkit [172071] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171920. <rdar://problem/17628212>

2:00 PM Changeset in webkit [172070] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merged r171908. <rdar://problem/17872655>

1:58 PM Changeset in webkit [172069] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171895. <rdar://problem/17835345>

1:56 PM Changeset in webkit [172068] by Lucas Forschler
  • 3 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merged r171894. <rdar://problem/17874096>

1:54 PM Changeset in webkit [172067] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171932. <rdar://problem/17850323>

1:52 PM Changeset in webkit [172066] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171905. <rdar://problem/17850323>

1:50 PM Changeset in webkit [172065] by Lucas Forschler
  • 1 edit
    1 copy in branches/safari-600.1-branch/LayoutTests

Merged r171892. <rdar://problem/17850323>

1:47 PM Changeset in webkit [172064] by Lucas Forschler
  • 15 edits
    5 copies
    5 deletes in branches/safari-600.1-branch

Merged r171891. <rdar://problem/17850323>

1:43 PM Changeset in webkit [172063] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171889. <rdar://problem/17614632>

1:37 PM Changeset in webkit [172062] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebKit2

Merged r171887. <rdar://problem/17864139>

1:34 PM Changeset in webkit [172061] by Lucas Forschler
  • 15 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merged r171885. <rdar://problem/17865310>

1:31 PM Changeset in webkit [172060] by Lucas Forschler
  • 4 edits
    2 copies in branches/safari-600.1-branch

Merged r171882. <rdar://problem/17802531>

1:29 PM Changeset in webkit [172059] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merge r172053. <rdar://problem/17876385>

1:25 PM Changeset in webkit [172058] by Lucas Forschler
  • 3 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merged r171881. <rdar://problem/17874168>

1:23 PM Changeset in webkit [172057] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebInspectorUI

Merged r171869. <rdar://problem/17865147>

1:22 PM Changeset in webkit [172056] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1.4-branch/Source/WebKit2

Merge r172034. <rdar://problem/17864079>

1:20 PM Changeset in webkit [172055] by matthew_hanson@apple.com
  • 8 edits in branches/safari-600.1.4-branch/Source/WebKit2

Merge r172031. <rdar://problem/17864079>

1:19 PM Changeset in webkit [172054] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source

Merged r171866. <rdar://problem/17872676>

1:15 PM Changeset in webkit [172053] by Antti Koivisto
  • 2 edits in trunk/Source/WebCore

REGRESSION: Extremely flashy scrolling while a page is still loading (because of flush throttling)
https://bugs.webkit.org/show_bug.cgi?id=135603
<rdar://problem/17876385>

This hit ASSERT(frame().isMainFrame()) in FrameView::updateLayerFlushThrottling
running scrollbars/scrollbar-iframe-click-does-not-blur-content.html and a few other tests.

  • page/FrameView.cpp:

(WebCore::FrameView::setWasScrolledByUser): Only invoke updateLayerFlushThrottling for the main frame.

1:07 PM Changeset in webkit [172052] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merge r172039. <rdar://problem/17876385>

1:07 PM Changeset in webkit [172051] by Lucas Forschler
  • 6 edits in branches/safari-600.1-branch/Source

Merged r171866. <rdar://problem/17872082>

1:01 PM Changeset in webkit [172050] by matthew_hanson@apple.com
  • 4 edits in branches/safari-600.1.4-branch/Source

Merge r172016. <rdar://problem/17896295>

12:55 PM Changeset in webkit [172049] by matthew_hanson@apple.com
  • 4 edits in branches/safari-600.1.4-branch/Source

Merge r172035. <rdar://problem/17869353>

12:53 PM Changeset in webkit [172048] by commit-queue@webkit.org
  • 8 edits in trunk/Source

Rename MAC_LONG_PRESS feature flag to LONG_MOUSE_PRESS.
https://bugs.webkit.org/show_bug.cgi?id=135276

Patch by Peyton Randolph <prandolph@apple.com> on 2014-08-05
Reviewed by Beth Dakin.

Source/JavaScriptCore:

  • Configurations/FeatureDefines.xcconfig:

Source/WebCore:

No new tests. Just a compiler flag.

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

  • Configurations/FeatureDefines.xcconfig:
12:36 PM Changeset in webkit [172047] by dino@apple.com
  • 2 edits in trunk/Source/WebCore

[Media iOS] Ensure there is a nice default fallback for missing wireless target names
https://bugs.webkit.org/show_bug.cgi?id=135488
<rdar://problem/17879156>

Reviewed by Antoine Quint.

Antoine found me on iMessage to tell me I'm an idiot and that I've
forgotten how to write JavaScript. Embarrassingly, this code is what
I originally had, but then second-guessed myself.

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.updateWirelessPlaybackStatus): No need for the local
variable or conditional statement, since null and "" both evaluate as false.

12:35 PM Changeset in webkit [172046] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171851. <rdar://problem/17719026>

12:32 PM Changeset in webkit [172045] by Lucas Forschler
  • 3 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171292. <rdar://problem/17843592>

12:25 PM Changeset in webkit [172044] by Brian Burg
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: cannot navigate between multiple applicable dashboards
https://bugs.webkit.org/show_bug.cgi?id=135130

Reviewed by Timothy Hatcher.

Add navigation arrows between dashboards when multiple dashboards are applicable.
For example, the user should be able to go back to the default dashboard while paused
at a breakpoint. Dashboards form a stack based on when they are first introduced.

  • UserInterface/Views/DashboardContainerView.css:

(.toolbar .dashboard): Increase padding-right a bit to make room for arrows.
(.toolbar .dashboard:not(.visible)): Fix a bug where higher dashboards in the dashboard stack
can shine through when animating between two lower dashboards that have transparent background.
This ensures that at most two dashboards (namely, the ones being animated) are displayed.

(.dashboard-container .advance-arrow): Main style class for navigation arrows.
(.dashboard-container .advance-arrow:hover):
(.dashboard-container .advance-arrow:active):
(.dashboard-container .advance-arrow.inactive):
(.toolbar.label-only .dashboard-container .advance-arrow): Make arrows slightly smaller when
the dashboards get shorter.

(.dashboard-container .advance-arrow.advance-forward):
(.dashboard-container .advance-arrow.advance-backward):

  • UserInterface/Views/DashboardContainerView.js:

(WebInspector.DashboardContainerView): Arrow styles are updated when a dashboard is shown,
hidden, or closed. When moving away, we dismiss (i.e., set zero opacity) arrows at animation
start. When the animation finishes, redisplay arrows that are applicable for the new dashboard.

(WebInspector.DashboardContainerView.prototype._advanceForwardArrowClicked):
(WebInspector.DashboardContainerView.prototype._advanceBackwardArrowClicked):
(WebInspector.DashboardContainerView.prototype._dismissAdvanceArrows):
(WebInspector.DashboardContainerView.prototype._updateAdvanceArrowVisibility):
(WebInspector.DashboardContainerView.prototype._showDashboardAtIndex): There was a bug here
where it would unconditionally use the same animation direction when showing a dashboard, but
it was hard to spot without arrows that must correlate with the animation direction.

(WebInspector.DashboardContainerView.prototype.animationEnded):
(WebInspector.DashboardContainerView.prototype._showDashboardView):
(WebInspector.DashboardContainerView.prototype._hideDashboardView):
(WebInspector.DashboardContainerView.prototype._closeDashboardView):

12:16 PM Changeset in webkit [172043] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171279. <rdar://problem/17718984>

12:15 PM Changeset in webkit [172042] by Lucas Forschler
  • 2 edits in branches/safari-600.1-branch/Source/WebCore

Merged r171259. <rdar://problem/17718984>

12:13 PM Changeset in webkit [172041] by Lucas Forschler
  • 2 edits
    1 add in branches/safari-600.1-branch/Source/JavaScriptCore

Merge patch for <rdar://problem/17887398>

11:48 AM Changeset in webkit [172040] by dburkart@apple.com
  • 1 copy in branches/safari-537.78-branch/LayoutTests/fast/js/resources/plugin.js

Fix for layout tests

11:34 AM Changeset in webkit [172039] by Antti Koivisto
  • 2 edits in trunk/Source/WebCore

REGRESSION: Extremely flashy scrolling while a page is still loading (because of flush throttling)
https://bugs.webkit.org/show_bug.cgi?id=135603
<rdar://problem/17876385>

Reviewed by Andreas Kling.

  • page/FrameView.cpp:

(WebCore::determineLayerFlushThrottleState):

Disable throttling after user has scrolled the page.
This is consistent with the speculative tiling. It also gets enabled on first scroll.

(WebCore::FrameView::setWasScrolledByUser):

11:29 AM Changeset in webkit [172038] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: shown() called on a content view when stepping over an instruction in the debugger
https://bugs.webkit.org/show_bug.cgi?id=135311

Patch by Saam Barati <sbarati@apple.com> on 2014-08-05
Reviewed by Timothy Hatcher.

ContentViewContainer should not repeatedly call ContentView.prototype.shown
on ContentViews that are already visible. ContentViewContainer now passes
a flag to BackForwardEntry.prototype.prepareToShow indicating whether it should
call the shown function on the ContentView it is about to display.
ContentViewContainer.prototype.showBackForwardEntryForIndex passes in this
flag based on its ContentView being visible.

  • UserInterface/Models/BackForwardEntry.js:

(WebInspector.BackForwardEntry.prototype.prepareToShow):

  • UserInterface/Views/ContentViewContainer.js:

(WebInspector.ContentViewContainer.prototype.showBackForwardEntryForIndex):
(WebInspector.ContentViewContainer.prototype.replaceContentView):
(WebInspector.ContentViewContainer.prototype.closeAllContentViewsOfPrototype):
(WebInspector.ContentViewContainer.prototype.shown):
(WebInspector.ContentViewContainer.prototype._showEntry):

11:27 AM Changeset in webkit [172037] by Lucas Forschler
  • 1 edit in branches/safari-537.78-branch/LayoutTests/fast/viewport/viewport-warnings-7.html

Update test for branch.

11:14 AM Changeset in webkit [172036] by commit-queue@webkit.org
  • 3 edits
    2 adds in trunk

ASSERTION FAILED: name[0] == '@' && length >= 2 in WebCore::CSSParser::detectAtToken
https://bugs.webkit.org/show_bug.cgi?id=134632

Source/WebCore:

At-rules must consist of at least two characters: the '@' symbol followed by
an identifier name. The failure of this condition makes the assertion fail.

The length of an at-rule is currently calculated by pointer arithmetic on
the 'result' pointer, which is expected to be set to the end of the at-rule
identifier by the WebCore::*CSSTokenizer::parseIdentifier method.
If the at-rule token is a sequence of 8-bit-only characters then
'result' will point correctly at the end of the identifier. However, if
the at-rule contains a 16-bit Unicode escape then 'result' will not be
updated correctly anymore, hence it cannot be used for length calculation.
The patch makes the parseIdentifier bump the result pointer even in the 16-bit slow case.

Patch by Renata Hodovan, backported from Chromium: https://codereview.chromium.org/241053002

Patch by Martin Hodovan <mhodovan.u-szeged@partner.samsung.com> on 2014-08-05
Reviewed by Darin Adler.

Test: fast/css/atrule-with-escape-character-crash.html

  • css/CSSParser.cpp:

(WebCore::CSSParser::realLex):

LayoutTests:

Added test demonstrates that at-rules containing 16-bit Unicode characters
can be handled properly.

Patch by Martin Hodovan <mhodovan.u-szeged@partner.samsung.com> on 2014-08-05
Reviewed by Darin Adler.

  • fast/css/atrule-with-escape-character-crash-expected.txt: Added.
  • fast/css/atrule-with-escape-character-crash.html: Added.
10:49 AM Changeset in webkit [172035] by aestes@apple.com
  • 4 edits in trunk/Source

[iOS] The raw bytes of an iWork document's PDF preview are displayed rather than the PDF itself
https://bugs.webkit.org/show_bug.cgi?id=135596

Reviewed by David Kilzer.

Source/WebCore:

Some iWork documents contain pre-rendered PDF previews. When WebKit asks QuickLook to convert such a document,
QuickLook will return this PDF as the converted response. However, until WebKit has sent the document's data to
QuickLook, -[QLPreviewConverter previewResponse] will misleadingly tell WebKit that the converted resource will
be of type 'text/html'. This leads WebKit to render the PDF preview as HTML.

Instead of querying QLPreviewConverter for the previewResponse before we've sent it any data, postpone calling
ResourceLoader::didReceiveResponse until we've begun to receive data via the QLPreviewConverter delegate. At
that point -[QLPreviewConverter previewResponse] will have the correct MIME type and we can call didReceiveResponse.

No new tests. QuickLook is not testable from WebKit.

  • platform/network/ios/QuickLook.mm:

(-[WebResourceLoaderQuickLookDelegate connection:didReceiveDataArray:]): If didReceiveResponse has yet to be
called, call it now with QuickLookHandle::nsResponse().
(-[WebResourceLoaderQuickLookDelegate connection:didReceiveData:lengthReceived:]): Ditto.
(-[WebResourceLoaderQuickLookDelegate connection:didFailWithError:]): Ditto.
(-[WebResourceLoaderQuickLookDelegate connectionDidFinishLoading:]): Assert that didReceiveResponse has been called.
(-[WebResourceLoaderQuickLookDelegate clearHandle]): Cleared the raw pointer to QuickLookHandle.
(WebCore::QuickLookHandle::create): Pointed WebResourceLoaderQuickLookDelegate's quickLookHandle property to
the newly created QuickLookHandle.

Source/WebKit2:

  • WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::didReceiveResponseWithCertificateInfo): If the response will be handled by
QuickLook, do not call ResourceLoader::didReceiveResponse. It will be called later by
WebResourceLoaderQuickLookDelegate once converted data is received.

10:03 AM Changeset in webkit [172034] by ap@apple.com
  • 2 edits in trunk/Source/WebKit2

Build fix.

  • UIProcess/WebContext.h:
9:46 AM Changeset in webkit [172033] by commit-queue@webkit.org
  • 3 edits
    2 adds in trunk

Fixing calc() parameter parsing in cubic-bezier functions
https://bugs.webkit.org/show_bug.cgi?id=135605

Patch by Renata Hodovan <rhodovan.u-szeged@partner.samsung.com> on 2014-08-05
Reviewed by Andreas Kling.

Source/WebCore:

Before this patch, calc values in cubic-bezier functions weren't being read correctly
since they were handled as simple floats.

This is a backport of my fix in Blink: https://codereview.chromium.org/369313002/

Test: css3/calc/cubic-bezier-with-multiple-calcs-crash.html.html

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseCubicBezierTimingFunctionValue):

LayoutTests:

  • css3/calc/cubic-bezier-with-multiple-calcs-crash.html-expected.txt: Added.
  • css3/calc/cubic-bezier-with-multiple-calcs-crash.html.html: Added.
9:42 AM Changeset in webkit [172032] by jer.noble@apple.com
  • 3 edits in trunk/Source/WebCore

[MSE] Seeking occasionally causes many frames to be displayed in "fast forward" mode
https://bugs.webkit.org/show_bug.cgi?id=135422

Reviewed by Eric Carlson.

Three related fixes:

In reenqueueMediaForTime(), update TrackBuffer.lastEnqueuedPresentationTime when we flush
samples, so that the next time samples are re-enqueued, the starting point for re-enqueueing
is correct.

In sourceBufferPrivateDidReceiveSample(), do not add samples to the decode queue
if they are before the current media time.

When a seek is pending, but samples for the new time is not yet present in the SourceBuffer,
the SourceBufferPrivate may signal that it's ready for new samples through the
sourceBufferPrivateDidBecomeReadyForMoreSamples() method. In this situation, we should not
continue to provideMediaData(), as that will append samples from the prior-to-seeking media
timeline. Since the timeline may have moved forward due to the seek, a decoder may decide to
display those frames as quickly as possible (the "fast forward" behavior) in order to catch
up to the new current time.

If a re-enqueue is pending, don't provide media data in response to being notified that the
SourceBufferPrivate is ready for more samples. Wait until samples for the new current time
are appended.

Also, don't provide media data if we are waiting for a seek to complete.

  • Modules/mediasource/MediaSource.h:

(WebCore::MediaSource::isSeeking): Convenience method.

  • Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
(WebCore::SourceBuffer::sourceBufferPrivateDidBecomeReadyForMoreSamples):
(WebCore::SourceBuffer::reenqueueMediaForTime):

9:41 AM Changeset in webkit [172031] by oliver@apple.com
  • 8 edits in trunk/Source/WebKit2

SSO expects to be able to walk parent application's bundle
https://bugs.webkit.org/show_bug.cgi?id=135581
<rdar://problem/17864079>

Reviewed by Alexey Proskuryakov.

SSO expects to be able to walk the parent application's
bundle looking for Info plists. To allow this to actually
work we provide an extension from the ui process that
covers the bundle directory, and then in the profile
restrict access to the ability to read directories and
files named Info.plist.

  • NetworkProcess/cocoa/NetworkProcessCocoa.mm:

(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa):

  • Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
  • Shared/Network/NetworkProcessCreationParameters.cpp:

(WebKit::NetworkProcessCreationParameters::encode):
(WebKit::NetworkProcessCreationParameters::decode):

  • Shared/Network/NetworkProcessCreationParameters.h:
  • UIProcess/WebContext.cpp:

(WebKit::WebContext::ensureNetworkProcess):
(WebKit::WebContext::parentBundleDirectory):

  • UIProcess/WebContext.h:
  • UIProcess/mac/WebContextMac.mm:

(WebKit::WebContext::parentBundleDirectory):

9:38 AM Changeset in webkit [172030] by vivek.vg@samsung.com
  • 2 edits in trunk/Tools

[gtk] Include llvm-dev(el) package to satisfy mesa build configuration
https://bugs.webkit.org/show_bug.cgi?id=135555

Reviewed by Philippe Normand.

Initial setup of gtk on linux requires this package to be installed.
This is required during the build configuration of mesa through jhbuild.

  • gtk/install-dependencies:
8:56 AM Performance Tests edited by clopez@igalia.com
Rename PerfTestRunner.runPerSecond to … (diff)
8:16 AM Changeset in webkit [172029] by commit-queue@webkit.org
  • 3 edits in trunk/Tools

Fix the commit-log-editor after r167243 and add more unit tests
https://bugs.webkit.org/show_bug.cgi?id=131727

Patch by Eva Balazsfalvi <evab.u-szeged@partner.samsung.com> on 2014-08-05
Reviewed by Csaba Osztrogonác.

  • Scripts/commit-log-editor:

(createCommitMessage):
(removeLongestCommonPrefixEndingInNewline):

  • Scripts/webkitpy/common/checkout/checkout_unittest.py:

(CommitMessageForThisCommitTest):
(CommitMessageForThisCommitTest.mock_changelog):
(CommitMessageForThisCommitTest.mock_checkout_for_test):
(CommitMessageForThisCommitTest.test_commit_message_for_unreviewed_changelogs_with_different_messages):
(test_commit_message_for_one_reviewed_changelog):
(test_commit_message_for_changelogs_with_same_messages):
(test_commit_message_for_changelogs_with_different_messages):
(test_commit_message_for_one_rollout_changelog):
(test_commit_message_for_rollout_changelogs_with_different_directories):
(setUp): Deleted.
(test_commit_message_for_this_commit): Deleted.

8:15 AM Changeset in webkit [172028] by Chris Fleizach
  • 5 edits in trunk

AX: Select text activity should return replaced text instead of previously selected text
https://bugs.webkit.org/show_bug.cgi?id=135595

Reviewed by Mario Sanchez Prada.

Source/WebCore:
When the select activity API is used to replace text, the replacement string should be returned instead of the old selected text.

Updated existing test: platform/mac/accessibility/select-text.html

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::selectText):

LayoutTests:

  • platform/mac/accessibility/select-text-expected.txt:
  • platform/mac/accessibility/select-text.html:

Aug 4, 2014:

10:09 PM Changeset in webkit [172027] by Chris Fleizach
  • 5 edits in trunk

AX: Select activity behavior does not work when an existing range is already selected
https://bugs.webkit.org/show_bug.cgi?id=135579

Reviewed by Mario Sanchez Prada.

Source/WebCore:
If you have an existing range selected, and try to apply a select and replace operation, like capitalize,
searching for that range will fail because it skips the currently selected range.

For these cases, it seems the best way is to start the search from the start position, rather than relying on the
entire range.

Updated existing test: platform/mac/accessibility/select-text.html

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::selectText):

LayoutTests:

  • platform/mac/accessibility/select-text-expected.txt:
  • platform/mac/accessibility/select-text.html:
8:58 PM Changeset in webkit [172026] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[MSE][Mac] Seeking past buffered range will not resume playback when seek completes.
https://bugs.webkit.org/show_bug.cgi?id=135591

Reviewed by Eric Carlson.

If a seek is delayed due to seeking into an unbuffered area, playback will not be restarted
at that point. Instead, playback must resume when enough media data has been added, and
the MediaSource indicates the seek should complete.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::seekCompleted):

8:57 PM Changeset in webkit [172025] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[MSE] Videos will report a stall when within 1 frame-duration before the end of a movie.
https://bugs.webkit.org/show_bug.cgi?id=135586

Reviewed by Eric Carlson.

Under certain circumstances, videos which are within 1/24 seconds before the end of a media stream when
monitorSourceBuffers() is called will fail the hasFutureTime() check. This is because hasFutureTime()
checks whether enough media is buffered to play back at least some time in the future, but when the
current time is close to the duration, not enough data is buffered to satisfy that check.

Add some logic which will break out early when the SourceBuffer has buffered up to and including the
media's duration, and return that the buffer indeed hasFutureTime() available.

  • Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::hasFutureTime):

8:40 PM Changeset in webkit [172024] by benjamin@webkit.org
  • 5 edits
    2 adds in trunk

Simplify the StyleInvalidation mode of rule collection
https://bugs.webkit.org/show_bug.cgi?id=135521

Reviewed by Antti Koivisto.

Source/WebCore:
There are two branches where StyleInvalidation code is removed:
-Pseudo elements for shadow dom elements.
-Pseudo elements without dom tree counterpart.

The first can never be hit because StyleInvalidationAnalysis does a complete invalidation
when there is any shadow dom styling involved in the stylesheets.

Even if that branch was hit, not failing on custom pseudo elements would be equivalent
to ignoring those pseudo elements from the Selector. By doing so, we would match elements
that do not have shadow dom and invalidate pretty much everything.

Unlike pseudo elements without real elements, shadow dom elements are not matched separately with a different
context, thus we could generalize StyleInvalidationAnalysis to handle this case.

The second case handle pseudo elements that do not have a real element. That case no longer need to be handled
separately at the filter time, it has become a special case of SelectorChecker::match() after everything else
has matched.

The only condition for this to work is that the Context's pseudoId must be NOPSEUDO. This is the case
in practice since matching specific pseudo types would be a waste of time. ElementRuleCollector::collectMatchingRules()
has a new assertion to enforce that.

Test: fast/css/stylesheet-change-updates-pseudo-elements.html

  • css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::collectMatchingRules):

  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::matchRecursively):

  • cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::SelectorCodeGenerator::generateRequestedPseudoElementEqualsToSelectorPseudoElement):

LayoutTests:
This test by:
1) Forcing the recalc of the user-agent stylesheet.
2) Wait for the page to finish loading.
3) Add a style changing only pseudo elements without corresponding shadow element.

  • fast/css/stylesheet-change-updates-pseudo-elements-expected.html: Added.
  • fast/css/stylesheet-change-updates-pseudo-elements.html: Added.
8:25 PM Changeset in webkit [172023] by benjamin@webkit.org
  • 15 edits in trunk

Add a flag for the CSS Selectors level 4 implementation
https://bugs.webkit.org/show_bug.cgi?id=135535

Reviewed by Andreas Kling.

.:

  • Source/cmake/OptionsEfl.cmake:
  • Source/cmake/OptionsGTK.cmake:
  • Source/cmake/WebKitFeatures.cmake:
  • Source/cmakeconfig.h.cmake:

Source/JavaScriptCore:

  • Configurations/FeatureDefines.xcconfig:

Source/WebCore:

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

  • Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

  • Configurations/FeatureDefines.xcconfig:

WebKitLibraries:

  • win/tools/vsprops/FeatureDefines.props:
7:51 PM Changeset in webkit [172022] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

[GTK] run-launcher --gtk is broken
https://bugs.webkit.org/show_bug.cgi?id=135571

Patch by Michael Catanzaro <Michael Catanzaro> on 2014-08-04
Reviewed by Martin Robinson.

  • Scripts/webkitdirs.pm:

(builtDylibPathForName): Search for libwebkit2gtk-4.0

7:47 PM Changeset in webkit [172021] by Chris Fleizach
  • 3 edits in trunk/Source/WebCore

AX: add AccessibilityObject::computedLabelString() for WebAXI
https://bugs.webkit.org/show_bug.cgi?id=129939

Reviewed by Mario Sanchez Prada.

Provide a method that the WebKit Inspector can call in order to
display an accessible name for an AX node.

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::accessibilityComputedLabel):

  • accessibility/AccessibilityObject.h:
7:01 PM Changeset in webkit [172020] by matthew_hanson@apple.com
  • 5 edits in tags/Safari-600.1.2.6/Source

Versioning.

6:54 PM Changeset in webkit [172019] by matthew_hanson@apple.com
  • 6 edits in tags/Safari-600.1.2.6

Apply custom patch from https://bugs.webkit.org/show_bug.cgi?id=135543

6:39 PM Changeset in webkit [172018] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

Lots of crashes in WebKit1 after r172013.
https://bugs.webkit.org/show_bug.cgi?id=135582
<rdar://problem/17837636>

Reviewed by Enrica Casucci.

  • editing/SelectionRectGatherer.cpp:

(WebCore::SelectionRectGatherer::addRect):
(WebCore::SelectionRectGatherer::addGapRects):
Don't try to do local-to-absolute coordinate conversion if we don't have
a repaint container, which happens a lot in WebKit1.

6:31 PM WebKitGTK/KeepingTheTreeGreen edited by clopez@igalia.com
(diff)
6:28 PM WebKitGTK/KeepingTheTreeGreen edited by clopez@igalia.com
(diff)
6:22 PM Changeset in webkit [172017] by clopez@igalia.com
  • 2 edits in trunk/LayoutTests

[GTK] Unreviewed GTK gardening.

  • platform/gtk/TestExpectations: Report and mark new failures after 172008 and r172010.

Remove expectations for test that now pass after r171964 (revert of r171957).
Update expectations for new flaky tests.

6:04 PM Changeset in webkit [172016] by benjamin@webkit.org
  • 4 edits in trunk/Source

Check for null frame when processing geolocation authorization request
https://bugs.webkit.org/show_bug.cgi?id=135577
<rdar://problem/17896295>

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-08-04
Reviewed by Geoffrey Garen.

Source/WebKit/mac:

  • WebCoreSupport/WebGeolocationClient.mm:

(WebGeolocationClient::requestPermission):

Source/WebKit2:
I could have put the null check in GeolocationController instead of the WebKit layer,
but that would be a little weird as GeolocationController knows nothing about how
the WebKit layer decides what to do with requests.

  • WebProcess/Geolocation/GeolocationPermissionRequestManager.cpp:

(WebKit::GeolocationPermissionRequestManager::startRequestForGeolocation):

5:58 PM Changeset in webkit [172015] by matthew_hanson@apple.com
  • 1 copy in tags/Safari-600.1.2.6

New Tag.

5:30 PM Changeset in webkit [172014] by achristensen@apple.com
  • 8 edits
    3 adds in trunk

Progress towards CMake on Mac.
https://bugs.webkit.org/show_bug.cgi?id=135528

Reviewed by Gyuyoung Kim.

.:

  • Source/cmake/OptionsMac.cmake:

Made options list based on FeatureDefines.xcconfig files.

Source/JavaScriptCore:

  • CMakeLists.txt:

Include necessary directories and copy all necessary forwarding headers.
Only compile UDis86Disassembler.cpp if we're using UDIS86.

  • PlatformMac.cmake: Added.
  • tools/CodeProfiling.cpp:

Compile fix. Include sys/time.h on darwin, too.

Source/WebCore:

  • PlatformMac.cmake: Added.

Source/WTF:

  • wtf/CMakeLists.txt:

Include text directory.

  • wtf/PlatformMac.cmake: Added.
5:28 PM Changeset in webkit [172013] by timothy_horton@apple.com
  • 4 edits in trunk/Source/WebCore

Selection services menu dropdown is in the wrong place when selecting some text on Yelp
https://bugs.webkit.org/show_bug.cgi?id=135582
<rdar://problem/17837636>

Reviewed by Simon Fraser.

  • editing/SelectionRectGatherer.cpp:

(WebCore::SelectionRectGatherer::addRect):
(WebCore::SelectionRectGatherer::addGapRects):
(WebCore::SelectionRectGatherer::addRects): Deleted.
Rename addRects to addGapRects for clarity.
Map rects and gapRects to absolute RenderView coordinates so that
they are in a form WebKit2 can use. Previously they were sometimes
relative to a different repaint container, but that information was
lost when moving through SelectionRectGatherer.

Ideally we would keep selection rects as full quads instead of rects
for more of their life, but that problem is much deeper than just SelectionRectGatherer.

  • editing/SelectionRectGatherer.h:

Add a comment clarifying the coordinate space of the stored selection rects.

  • rendering/RenderView.cpp:

(WebCore::RenderView::applySubtreeSelection):
Rename addRects to addGapRects for clarity.

4:06 PM Changeset in webkit [172012] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

lldb_webkit.py throws exception when generating summary of null StringImpl
https://bugs.webkit.org/show_bug.cgi?id=129448

Patch by Matt Baker <Matt Baker> on 2014-08-04
Reviewed by Jer Noble.

Added checks for null StringImpl and 0 byte ReadMemory calls.

  • lldb/lldb_webkit.py:

(WTFStringImpl_SummaryProvider):
(ustring_to_string):
(lstring_to_string):
(WTFStringImplProvider.to_string):
(WTFStringImplProvider.is_initialized):

3:25 PM Changeset in webkit [172011] by Lucas Forschler
  • 5 edits in branches/safari-600.1.4-branch/Source

Versioning.

3:17 PM Changeset in webkit [172010] by Bem Jones-Bey
  • 3 edits
    3 adds in trunk

[CSS Shapes] shape-margin not respected when it extends beyond an explicitly set margin
https://bugs.webkit.org/show_bug.cgi?id=135308

Reviewed by Dean Jackson.

Source/WebCore:
When a zero height line is supplied and the image shape extends into
the margin box (only possible when a shape-margin is supplied), then
only an empty interval was being returned. This patch makes it
properly return the interval for the line in question.

Test: fast/shapes/shape-outside-floats/shape-outside-image-shape-margin.html

  • rendering/shapes/RasterShape.cpp:

(WebCore::RasterShape::getExcludedIntervals): Handle the zero height
line case.

LayoutTests:
Test case based on the one supplied by Rebecca Hauck in the bug
report.

  • fast/shapes/resources/square.png: Added.
  • fast/shapes/shape-outside-floats/shape-outside-image-shape-margin-expected.html: Added.
  • fast/shapes/shape-outside-floats/shape-outside-image-shape-margin.html: Added.
3:04 PM Changeset in webkit [172009] by commit-queue@webkit.org
  • 4 edits in trunk/Source/JavaScriptCore

Create a more generic way for VMEntryScope to notify those interested that it will be destroyed
https://bugs.webkit.org/show_bug.cgi?id=135358

Patch by Saam Barati <sbarati@apple.com> on 2014-08-04
Reviewed by Geoffrey Garen.

When VMEntryScope is destroyed, and it has a flag set indicating that the
Debugger needs to recompile all functions, it calls Debugger::recompileAllJSFunctions.
This flag is only used by Debugger to have VMEntryScope notify it when the
Debugger is safe to recompile all functions. This patch will substitute this
Debugger-specific recompilation flag with a list of callbacks that are notified
when the outermost VMEntryScope dies. This creates a general purpose interface
for being notified when the VM stops executing code via the event of the outermost
VMEntryScope dying.

  • debugger/Debugger.cpp:

(JSC::Debugger::recompileAllJSFunctions):

  • runtime/VMEntryScope.cpp:

(JSC::VMEntryScope::VMEntryScope):
(JSC::VMEntryScope::addEntryScopeDidPopListener):
(JSC::VMEntryScope::~VMEntryScope):

  • runtime/VMEntryScope.h:

(JSC::VMEntryScope::setRecompilationNeeded): Deleted.

3:01 PM Changeset in webkit [172008] by Alan Bujtas
  • 7 edits
    2 adds in trunk

Subpixel rendering: InlineTextBox mistakenly rounds offset value before painting.
https://bugs.webkit.org/show_bug.cgi?id=135470

Reviewed by Simon Fraser.

This patch removes the premature paint offset adjustment for inlines. Premature snapping
could alter the final painting coordinates and push content to wrong positions.

This patch also enforces WebCore's pixel snapping strategy (round) on text painting.
It ensures that text positioning is in sync with other painting related operations including
clipping, box decorations etc. Underlying graphics libraries can take different directions on
text snapping, for example CG ceils text coordinates vertically (in horizontal context,
with the current settings). It can lead to undesired side effects.

Source/WebCore:
Test: fast/inline/hidpi-inline-selection-leaves-gap.html

  • rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paint):

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects): wrong direction used at r171896.

  • rendering/SimpleLineLayoutFunctions.cpp: we don't paint vertical content here.

(WebCore::SimpleLineLayout::paintFlow):

LayoutTests:

  • fast/inline/hidpi-inline-selection-leaves-gap-expected.html: Added.
  • fast/inline/hidpi-inline-selection-leaves-gap.html: Added.
  • fast/multicol/newmulticol/multicol-clip-rounded-corners-expected.html:
  • fast/multicol/newmulticol/multicol-clip-rounded-corners.html: pixels are distributed properly.

No need to have the special 122px shortened width for col2.

2:58 PM Changeset in webkit [172007] by jer.noble@apple.com
  • 3 edits in trunk/Source/WebCore

Unreviewed, rolling out r171992, r171995, & r172000.

The cumulative effect of those revisions was to cause decoding errors when switching resolutions on YouTube.

Reverted changesets:

https://bugs.webkit.org/show_bug.cgi?id=135422 / http://trac.webkit.org/changeset/171992
https://bugs.webkit.org/show_bug.cgi?id=135424 / http://trac.webkit.org/changeset/171995
https://bugs.webkit.org/show_bug.cgi?id=135572 / http://trac.webkit.org/changeset/172000

2:57 PM Changeset in webkit [172006] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Always clear ConsoleClient when Page/WindowShell is destroyed
https://bugs.webkit.org/show_bug.cgi?id=135569

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2014-08-04
Reviewed by Mark Lam.

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::~ScriptController):
Whenever a window shell goes away, clear the console client.
We did this in clearWindowShell but not before destroying.

2:56 PM Changeset in webkit [172005] by Chris Fleizach
  • 5 edits in trunk

AX: isWordEndMatch should allow for multiple word selections
https://bugs.webkit.org/show_bug.cgi?id=135573

Reviewed by Mario Sanchez Prada.

Source/WebCore:
isWordEndMatch was searching from the beginning of the selected range, which meant
that if the result was multiple words, we'd reject the result.
Instead, we should search from the end of the range, so that we encompass all words.

Modified existing test: platform/mac/accessibility/select-text-should-match-whole-words.html

  • editing/TextIterator.cpp:

(WebCore::SearchBuffer::isWordEndMatch):

LayoutTests:

  • platform/mac/accessibility/select-text-should-match-whole-words-expected.txt:
  • platform/mac/accessibility/select-text-should-match-whole-words.html:
2:25 PM Changeset in webkit [172004] by Lucas Forschler
  • 1 delete in tags/Safari-600.1.2.5/safari-600.1.4-branch

Delete incorrect Tag.

2:18 PM Changeset in webkit [172003] by Lucas Forschler
  • 1 copy in tags/Safari-600.1.4.5

New Tag.

2:17 PM Changeset in webkit [172002] by Chris Fleizach
  • 3 edits
    2 adds in trunk

AX: Secure text fields need to support Search parameterized attributes
https://bugs.webkit.org/show_bug.cgi?id=135568

Reviewed by Mario Sanchez Prada.

Source/WebCore:

Secure text fields still need to support the fast searching that WebKit exposes, even though they don't support
other parameterized attributes.

Test: platform/mac/accessibility/secure-text-field-supports-fast-search.html

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper accessibilityParameterizedAttributeNames]):

LayoutTests:

  • platform/mac/accessibility/secure-text-field-supports-fast-search-expected.txt: Added.
  • platform/mac/accessibility/secure-text-field-supports-fast-search.html: Added.
2:13 PM Changeset in webkit [172001] by Lucas Forschler
  • 1 copy in tags/Safari-600.1.2.5/safari-600.1.4-branch

New Tag.

1:54 PM Changeset in webkit [172000] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[MSE] Further fixes for "fast forward" playback after seeking in YouTube behavior.
https://bugs.webkit.org/show_bug.cgi?id=135572

Reviewed by Eric Carlson.

Two related fixes:

In reenqueueMediaForTime(), update TrackBuffer.lastEnqueuedPresentationTime when we flush samples, so that
the next time samples are re-enqueued, the starting point for re-enqueueing is correct.

In sourceBufferPrivateDidReceiveSample(), do not add samples to the decode queue if they are before the
current media time.

  • Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
(WebCore::SourceBuffer::reenqueueMediaForTime):

1:50 PM Changeset in webkit [171999] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Web Inspector: All-caps CSS properties are not shown in Computed pane
https://bugs.webkit.org/show_bug.cgi?id=133700

Patch by Matt Baker <Matt Baker> on 2014-08-04
Reviewed by Timothy Hatcher.

  • inspector/InspectorStyleSheet.cpp:

(WebCore::InspectorStyle::styleWithProperties):

1:32 PM Changeset in webkit [171998] by Lucas Forschler
  • 4 edits
    2 copies in branches/safari-600.1.4-branch

Merged r171882. <rdar://problem/17802531>

10:42 AM Changeset in webkit [171997] by Chris Fleizach
  • 5 edits in trunk

AX: SelectText functionality always selects text after current selection even if closer selection is behind it
https://bugs.webkit.org/show_bug.cgi?id=135546

Reviewed by Mario Sanchez Prada.

Source/WebCore:
Logic was incorrect for comparing ranges found before the current selection.
ASSERT was incorrect for allowed ranges. We need to allow ranges that are right at the boundaries of our found ranges.

Extended existing test: platform/mac/accessibility/select-text.html

  • accessibility/AccessibilityObject.cpp:

(WebCore::rangeClosestToRange):

LayoutTests:

  • platform/mac/accessibility/select-text-expected.txt:
  • platform/mac/accessibility/select-text.html:
10:32 AM Changeset in webkit [171996] by Chris Fleizach
  • 5 edits
    2 adds in trunk

AX: AXSelectTextWithCriteriaParameterizedAttribute incorrectly selects the beginning letters of a word
https://bugs.webkit.org/show_bug.cgi?id=135547

Reviewed by Mario Sanchez Prada.

Source/WebCore:
Allow text search to specify that it wants to match end of words as well as start of words.
This allows select text criteria to match on whole words only.

Test: platform/mac/accessibility/select-text-should-match-whole-words.html

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::rangeOfStringClosestToRangeInDirection):

  • editing/FindOptions.h:
  • editing/TextIterator.cpp:

(WebCore::SearchBuffer::isWordEndMatch):
(WebCore::SearchBuffer::search):

LayoutTests:

  • platform/mac/accessibility/select-text-should-match-whole-words-expected.txt: Added.
  • platform/mac/accessibility/select-text-should-match-whole-words.html: Added.
10:26 AM Changeset in webkit [171995] by jer.noble@apple.com
  • 3 edits in trunk/Source/WebCore

[MSE] Re-enqueing due to overlapping appended samples can cause stuttering playback
https://bugs.webkit.org/show_bug.cgi?id=135424

Reviewed by Eric Carlson.

If it become necessary to re-enqueue samples (due to appending overlapping samples which cause
existing samples to be removed), the previous behavior was to flush and re-enqueue the new
samples dependencies; i.e., everything up to and including the previous sync sample. This causes
the decoder to visibly stall while it decodes those non-displaying samples, which could be
a second or more worth of encoded video samples, depending on the frequency of sync samples.

Instead, when we are asked to re-enqueue, we will look for the next occurring sync sample.
If found, we can switch over to the replacement samples at that point in the decode queue.
This limits the overhead of a stream switch, and should allow for a visually seamless switch,
at the cost of having to wait for the next sync sample to occur to affect the switch.

  • Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::seekToTime): Clear the decode queue when seeking.
(WebCore::SourceBuffer::sourceBufferPrivateAppendComplete): Call reenqueueMediaForCurrentTime.
(WebCore::SourceBuffer::reenqueueMediaForCurrentTime): Switch over to the new stream only

at the next sync sample.

10:23 AM Changeset in webkit [171994] by Chris Fleizach
  • 3 edits
    2 adds in trunk

AX: The Dictation command "Replace <phrase> with <phrase>" always capitalizes the replacement string
https://bugs.webkit.org/show_bug.cgi?id=135557

Reviewed by Mario Sanchez Prada.

Source/WebCore:
When replacing text, we should match the capitalization of the word being replaced
(unless the replacement looks like an abbreviation).

Test: platform/mac/accessibility/find-and-replace-match-capitalization.html

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::selectText):

LayoutTests:

  • platform/mac/accessibility/find-and-replace-match-capitalization-expected.txt: Added.
  • platform/mac/accessibility/find-and-replace-match-capitalization.html: Added.
10:19 AM Changeset in webkit [171993] by psolanki@apple.com
  • 5 edits in trunk/Source/WebCore

QuickLook resources are cache-replaced with their original binary data causing ASSERT(m_data->size() == newBuffer->size()) in CachedResource.cpp
https://bugs.webkit.org/show_bug.cgi?id=135548
<rdar://problem/17891321>

Reviewed by David Kilzer.

When loading QuickLook resources, the SharedBuffer in the CachedResource is actually a
converted representation of the real QuickLook resource. Replacing this with the actual
network resource (which is what tryReplaceEncodedData() tried to do) is wrong and triggered
asserts in the code.

Fix this by having CachedRawResource::mayTryReplaceEncodedData() return false if we are
loading a QuickLook resource.

No new tests because we don't have a way to test QuickLook documents.

  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::ResourceLoader):
(WebCore::ResourceLoader::didCreateQuickLookHandle):

Set a flag to indicate that we are loading a QuickLook document.

  • loader/ResourceLoader.h:

(WebCore::ResourceLoader::isQuickLookResource):

  • loader/cache/CachedRawResource.cpp:

(WebCore::CachedRawResource::CachedRawResource):
(WebCore::CachedRawResource::finishLoading):

Check if we were loading a QuickLook document and if so disable encoded data
replacement.

  • loader/cache/CachedRawResource.h:

Add a new bool field returned by mayTryReplaceEncodedData(). Default is true but it is
set to false in finishLoading() if we were loading QuickLook document.

10:17 AM Changeset in webkit [171992] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[MSE] Seeking occasionally causes many frames to be displayed in "fast forward" mode
https://bugs.webkit.org/show_bug.cgi?id=135422

Reviewed by Eric Carlson.

When a seek is pending, but samples for the new time is not yet present in the SourceBuffer,
the SourceBufferPrivate may signal that it's ready for new samples through the
sourceBufferPrivateDidBecomeReadyForMoreSamples() method. In this situation, we should not
continue to provideMediaData(), as that will append samples from the prior-to-seeking media
timeline. Since the timeline may have moved forward due to the seek, a decoder may decide to
display those frames as quickly as possible (the "fast forward" behavior) in order to catch
up to the new current time.

If a re-enqueue is pending, don't provide media data in response to being notified that the
SourceBufferPrivate is ready for more samples. Wait until samples for the new current time
are appended.

  • Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::sourceBufferPrivateDidBecomeReadyForMoreSamples):

  • dom/Document.cpp:

(WebCore::Document::unregisterCollection):

8:08 AM Changeset in webkit [171991] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebCore

[GTK] Install all unstable webkitdom headers
https://bugs.webkit.org/show_bug.cgi?id=135544

Reviewed by Gustavo Noronha Silva.

We were checking whether generated file existed before they had
been generated.

  • PlatformGTK.cmake: Add Unstable.h header for all stable classes

to GObjectDOMBindingsUnstable_INSTALLED_HEADERS and split the
install command for stable and unstable headers making unstable
headers optional.

6:31 AM Changeset in webkit [171990] by Michał Pakuła vel Rutka
  • 6 edits
    6 adds in trunk/LayoutTests

Unreviewed EFL gardening

  • platform/efl/TestExpectations: Add or update test expectations for failing tests.
  • platform/efl/fast/text/international/cjk-segmentation-expected.txt: Added.
  • platform/efl/js/dom/global-constructors-attributes-expected.txt: Rebaseline after r167632.
  • platform/efl/sputnik/Unicode/Unicode_320/S7.6_A2.2_T2-expected.txt: Added.
  • platform/efl/sputnik/Unicode/Unicode_320/S7.6_A5.2_T8-expected.txt: Added.
  • platform/efl/svg/text/non-bmp-positioning-lists-expected.png: Rebaseline after r168350 and r168543.
  • platform/efl/svg/text/non-bmp-positioning-lists-expected.txt: Ditto.
  • platform/efl/transforms/2d/hindi-rotated-expected.txt: Fix baseline.
1:47 AM Changeset in webkit [171989] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[WinCairo] Compile error in OpenTypeMathData.cpp.
https://bugs.webkit.org/show_bug.cgi?id=135541

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-08-04
Reviewed by Brent Fulgham.

The SharedBuffer class needs to be defined.
Also, the OpenTypeMathData constructor should be implemented when OPENTYPE_MATH is not enabled.

  • platform/graphics/opentype/OpenTypeMathData.cpp:
12:17 AM Changeset in webkit [171988] by zandobersek@gmail.com
  • 2 edits in trunk

[GTK] Windowing target support should reflect the support in the GTK+ dependency
https://bugs.webkit.org/show_bug.cgi?id=134736

Reviewed by Martin Robinson.

  • Source/cmake/FindGTK3.cmake: Don't error out if the GTK+ dependency doesn't

support the X11 or Wayland windowing targets -- instead, if there's no support
the specific target is disabled, and an error is thrown only if neither of the
backends is enabled at the end..
For now the X11 target remains enabled by default, and the Wayland target is
kept disabled. Once it's possible to have both targets enabled at runtime in
WebKit, the Wayland target will be enabled as well and we'll leave it to the
GTK+ dependency to determine which targets can be enabled.

12:10 AM Changeset in webkit [171987] by zandobersek@gmail.com
  • 1 edit
    1 add in trunk

[CMake] Add FindWayland.cmake
https://bugs.webkit.org/show_bug.cgi?id=135540

Reviewed by Martin Robinson.

  • Source/cmake/FindWayland.cmake: Added. Enables finding the Wayland

dependency. For now bundles the wayland-client, wayland-server and
wayland-egl pkg-config targets into one dependency, but these could
be split in the future if necessary.

12:00 AM Changeset in webkit [171986] by Carlos Garcia Campos
  • 2 edits in trunk/Tools

[GTK] Do not include JavaScriptCore stress tests in release tarballs
https://bugs.webkit.org/show_bug.cgi?id=135503

Reviewed by Martin Robinson.

  • gtk/manifest.txt: Exclude Source/JavaScriptCore/tests dir.

Aug 3, 2014:

7:12 PM Changeset in webkit [171985] by ryuan.choi@samsung.com
  • 2 edits in trunk

[EFL] Move DATA_INSTALL_DIR to ewebkit2-0
https://bugs.webkit.org/show_bug.cgi?id=135553

Reviewed by Gyuyoung Kim.

Since WebKit1/Efl is dropped, we don't need to use ewebkit-1 and ewebkit2-1.
And removed WebKit_OUTPUT_NAME variable which is not used anymore on the EFL port.

  • Source/cmake/OptionsEfl.cmake:
12:21 PM Changeset in webkit [171984] by mitz@apple.com
  • 2 edits in trunk/Source/WebCore

<rdar://problem/17782529> REGRESSION: OS marketing version in iOS Simulator user-agent string is the host OS’s
https://bugs.webkit.org/show_bug.cgi?id=135549

Reviewed by Mark Rowe.

  • platform/cocoa/SystemVersion.mm:

(WebCore::createSystemMarketingVersion): On the iOS Simulator, locate the system Library
directory relative to the Simulator root.

1:16 AM Changeset in webkit [171983] by bshafiei@apple.com
  • 5 edits in branches/safari-600.1.4-branch/Source

Versioning.

1:12 AM Changeset in webkit [171982] by bshafiei@apple.com
  • 1 copy in tags/Safari-600.1.4.4

New tag.

1:03 AM Changeset in webkit [171981] by bshafiei@apple.com
  • 2 edits
    1 add in branches/safari-600.1.4-branch/Source/JavaScriptCore

Merged patch for <rdar://problem/17887398>.

12:56 AM Changeset in webkit [171980] by bshafiei@apple.com
  • 12 edits in branches/safari-600.1.4-branch/Source

Merged r171973. <rdar://problem/17834694>

12:45 AM Changeset in webkit [171979] by bshafiei@apple.com
  • 2 edits in branches/safari-600.1.4-branch/Source/WebKit2

Merged r171959. <rdar://problem/17671574>

12:43 AM Changeset in webkit [171978] by bshafiei@apple.com
  • 2 edits in branches/safari-600.1.4-branch/Source/JavaScriptCore

Merged r171949. <rdar://problem/17888408>

12:40 AM Changeset in webkit [171977] by bshafiei@apple.com
  • 5 edits in branches/safari-600.1.4-branch/Source/JavaScriptCore

Merged r171946. <rdar://problem/17888408>

12:37 AM Changeset in webkit [171976] by bshafiei@apple.com
  • 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merged r171944. <rdar://problem/17879156>

12:34 AM Changeset in webkit [171975] by bshafiei@apple.com
  • 9 edits in branches/safari-600.1.4-branch/Source/WebKit2

Merged r171943. <rdar://problem/17869279>

12:28 AM Changeset in webkit [171974] by bshafiei@apple.com
  • 2 edits in branches/safari-600.1.4-branch/Source/WebKit2

Merged r171887. <rdar://problem/17864139>

Aug 2, 2014:

5:03 PM Changeset in webkit [171973] by commit-queue@webkit.org
  • 12 edits in trunk/Source

Support both window and view based video fullscreen.
https://bugs.webkit.org/show_bug.cgi?id=135525

Patch by Jeremy Jones <jeremyj@apple.com> on 2014-08-02
Reviewed by Simon Fraser.

Source/WebCore:
Presenting in a separate window gives greater flexibility for rotation separately from the app.
Presenting in the same window works better if the interface is rehosted in another process.

  • platform/ios/WebVideoFullscreenControllerAVKit.mm:

(-[WebVideoFullscreenController enterFullscreen:]): Use clientRect instead of screenRect.

  • platform/ios/WebVideoFullscreenInterfaceAVKit.h: Add m_window and m_parentView.
  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(-[WebAVVideoLayer setBounds:]): Parent view might not be fullscreen; use window instead.
(WebVideoFullscreenInterfaceAVKit::setupFullscreen): Conditionally create UIWindow and UIViewController for fullscreen.
(WebVideoFullscreenInterfaceAVKit::enterFullscreen): Video, not the container should have black background.
(WebVideoFullscreenInterfaceAVKit::exitFullscreen): Conditionally translate finalRect.
(WebVideoFullscreenInterfaceAVKit::cleanupFullscreen): Clean up UIWindow and force status bar to correct orientation.
(WebVideoFullscreenInterfaceAVKit::invalidate): Clean up UIWindow.
(WebVideoFullscreenInterfaceAVKit::requestHideAndExitFullscreen): Hide window and exit without animation.

  • platform/ios/WebVideoFullscreenModelMediaElement.mm:

(WebVideoFullscreenModelMediaElement::setVideoFullscreenLayer): Apply frame, because it may have been set before the layer.

Source/WebKit/mac:
Parenting in the view instead of the window gives the fullscreen implementation more latitude
in how it implements the animation.

  • WebView/WebView.mm:

(-[WebView _enterFullscreenForNode:]): Use view instead of window.

Source/WebKit2:
Parenting in the view instead of the window gives the fullscreen implementation more latitude
in how it implements the animation.

  • UIProcess/ios/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::setupFullscreenWithID): Use view instead of window.

  • WebProcess/ios/WebVideoFullscreenManager.mm:

(WebKit::clientRectForNode): Use client rect instead of screen rect.
(WebKit::WebVideoFullscreenManager::enterFullscreenForNode): ditto
(WebKit::WebVideoFullscreenManager::exitFullscreenForNode): ditto
(WebKit::screenRectForNode): Deleted.

1:51 PM Changeset in webkit [171972] by benjamin@webkit.org
  • 8 edits in trunk/Source/WebCore

Update the SearchFieldResultsButtonElement shadow Pseudo Id when HTMLInputElement's maxResults change
https://bugs.webkit.org/show_bug.cgi?id=135491

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-08-02
Reviewed by Ryosuke Niwa.

Replace the shadowPseudoId() override + manual style invalidation by the generic pseudo ID update.

  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::parseAttribute):

  • html/InputType.cpp:

(WebCore::InputType::maxResultsAttributeChanged):

  • html/InputType.h:
  • html/SearchInputType.cpp:

(WebCore::SearchInputType::SearchInputType):
(WebCore::updateResultButtonPseudoType):
(WebCore::SearchInputType::maxResultsAttributeChanged):
(WebCore::SearchInputType::createShadowSubtree):
(WebCore::SearchInputType::destroyShadowSubtree):

  • html/SearchInputType.h:
  • html/shadow/TextControlInnerElements.cpp:

(WebCore::SearchFieldResultsButtonElement::shadowPseudoId): Deleted.

  • html/shadow/TextControlInnerElements.h:
1:47 PM Changeset in webkit [171971] by benjamin@webkit.org
  • 3 edits in trunk/Source/WebCore

Add warnings for the buggy implementations of shadowPseudoId()
https://bugs.webkit.org/show_bug.cgi?id=135477

Patch by Benjamin Poulain <bpoulain@apple.com> on 2014-08-02
Reviewed by Ryosuke Niwa.

Dean is going to look into fixing media element styling.
In the meantime, add warnings to prevent this from spreading.

  • dom/Element.h:
  • html/shadow/SliderThumbElement.cpp:

(WebCore::SliderThumbElement::shadowPseudoId):
(WebCore::SliderContainerElement::shadowPseudoId):

11:35 AM Changeset in webkit [171970] by Brent Fulgham
  • 2 edits in trunk/Source/ThirdParty/ANGLE

[Win] Unreviewed build fix.

  • src/libGLESv2/renderer/d3d11/BufferStorage11.cpp:

(rx::BufferStorage11::copyData): Help compiler make
decision about types.

11:04 AM Changeset in webkit [171969] by dfarler@apple.com
  • 5 edits in trunk/Tools

build-webkittestrunner doesn't build the app target for iOS SDKs
https://bugs.webkit.org/show_bug.cgi?id=135433

Reviewed by Dan Bernstein.

  • Scripts/build-dumprendertree: Build the app target on iOS.
  • Scripts/build-webkittestrunner: Build the app target on iOS.
  • Scripts/webkitdirs.pm: Add -sdk flags when building for iOS.

(buildXCodeProject):

  • Scripts/webkitpy/port/ios.py: Use --sdk flags instead of SDKROOT.

(IOSSimulatorPort._build_driver_flags):

11:03 AM Changeset in webkit [171968] by dfarler@apple.com
  • 2 edits
    1 delete in trunk/Tools

Remove iOS Perl DumpRenderTree support target
https://bugs.webkit.org/show_bug.cgi?id=135271

Reviewed by Dan Bernstein.

  • DumpRenderTree/DumpRenderTree.xcodeproj/project.pbxproj: Remove the target.
  • DumpRenderTree/ios/PerlSupport/DumpRenderTreeSupport.c: Removed.
  • DumpRenderTree/ios/PerlSupport/DumpRenderTreeSupportPregenerated.pm: Removed.
  • DumpRenderTree/ios/PerlSupport/DumpRenderTreeSupport_wrapPregenerated.c: Removed.
  • DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/Changes: Removed.
  • DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/IPhoneSimulatorNotification.xs: Removed.
  • DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/MANIFEST: Removed.
  • DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/Makefile.PL: Removed.
  • DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/README: Removed.
  • DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/lib/IPhoneSimulatorNotification.pm: Removed.
  • DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/ppport.h: Removed.
  • DumpRenderTree/ios/PerlSupport/IPhoneSimulatorNotification/t/IPhoneSimulatorNotification.t: Removed.
  • DumpRenderTree/ios/PerlSupport/Makefile: Removed.
11:01 AM Changeset in webkit [171967] by dfarler@apple.com
  • 1 edit
    1 delete in trunk/Tools

Remove old-run-webkit-tests
https://bugs.webkit.org/show_bug.cgi?id=135374

Reviewed by Csaba Osztrogonác.

  • Scripts/old-run-webkit-tests: Removed.
10:34 AM Changeset in webkit [171966] by mitz@apple.com
  • 2 edits in trunk/Tools

prepare-ChangeLog --no-write shouldn’t require ChangeLog to exist
https://bugs.webkit.org/show_bug.cgi?id=135542

Reviewed by Tim Horton.

  • Scripts/prepare-ChangeLog:

(main): Pass $writeChangeLogs for the new requireChangeLogToExist parameter of
findChangeLogs.
(findChangeLogs): Don’t require a ChangeLog file to exist if unless the
requireChangeLogToExist argument is true.

Aug 1, 2014:

11:06 PM Changeset in webkit [171965] by mitz@apple.com
  • 4 edits in trunk/Source

<rdar://problem/17891752> [iOS] WebKit links against libraries it doesn’t use
https://bugs.webkit.org/show_bug.cgi?id=135536

Reviewed by Tim Horton.

Source/WebKit/mac:

  • Configurations/WebKitLegacy.xcconfig: Removed -framework MobileAsset from

OTHER_LDFLAGS_iphoneos.

Source/WebKit2:

  • Configurations/WebKit.xcconfig: Removed -lassertion_extension and -framework MobileAsset

from FRAMEWORK_AND_LIBRARY_LDFLAGS_iphonesimulator.

10:10 PM Changeset in webkit [171964] by commit-queue@webkit.org
  • 20 edits in trunk/Source/WebCore

Unreviewed, rolling out r171957.
https://bugs.webkit.org/show_bug.cgi?id=135538

Caused GTK assertions and test failures (Requested by smfr on
#webkit).

Reverted changeset:

"Clean up image subsampling code, make it less iOS-specific"
https://bugs.webkit.org/show_bug.cgi?id=134916
http://trac.webkit.org/changeset/171957

9:13 PM WebKitGTK/KeepingTheTreeGreen edited by clopez@igalia.com
(diff)
9:00 PM Changeset in webkit [171963] by clopez@igalia.com
  • 3 edits
    2 adds in trunk/LayoutTests

[GTK] Unreviewed GTK gardening.

  • platform/gtk/TestExpectations: Report and mark new failures and flaky tests after 171341, r171591, r171567 and others.
  • platform/gtk/fast/css/viewport-units-dynamic-expected.txt: Added. Rebaseline after r171567.
  • platform/gtk/fast/multicol/pagination/RightToLeft-max-width-expected.txt: Added. Rebaseline after r171609.
  • platform/gtk/svg/zoom/page/zoom-foreignObject-expected.txt: Rebaseline after 171341.
5:46 PM Changeset in webkit [171962] by commit-queue@webkit.org
  • 2 edits in trunk/Source

[CMake] Allow CMake to find GLib on FreeBSD
https://bugs.webkit.org/show_bug.cgi?id=132530

Patch by Myles C. Maxfield <litherum@gmail.com> on 2014-08-01
Reviewed by Gustavo Noronha Silva.

On FreeBSD, glibconfig.h is at /usr/local/include/glib-2.0/glibconfig.h.

  • Source/cmake/FindGLIB.cmake:
5:10 PM Changeset in webkit [171961] by clopez@igalia.com
  • 4 edits in trunk/Source

REGRESSION(r171942): [CMAKE] [GTK] build broken (clean build).
https://bugs.webkit.org/show_bug.cgi?id=135522

Reviewed by Martin Robinson.

Source/JavaScriptCore:

  • CMakeLists.txt: Output the inspector headers inside inspector

subdirectory.

Source/WebCore:
No new tests required, no new functionality.

  • CMakeLists.txt: Add missing include to the inspector headers

and fix the path to InspectorJSTypeBuilders.h

5:00 PM Changeset in webkit [171960] by Simon Fraser
  • 2 edits in trunk/Source/WebCore

Fix resource leak in FillLayersPropertyWrapper object member
https://bugs.webkit.org/show_bug.cgi?id=135462

Reviewed by Andreas Kling.

Fix leak of m_fillLayerPropertyWrapper by using unique_ptr<>.
Based on patch by Przemyslaw Kuczynski.

  • page/animation/CSSPropertyAnimation.cpp:

(WebCore::FillLayersPropertyWrapper::FillLayersPropertyWrapper):

4:57 PM Changeset in webkit [171959] by Joseph Pecoraro
  • 2 edits in trunk/Source/WebKit2

[iOS WK2] Add extension read permission to network sandbox profile
<rdar://problem/17671574>

Reviewed by Alexey Proskuryakov and Oliver Hunt.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
4:55 PM Changeset in webkit [171958] by mmaxfield@apple.com
  • 2 edits in trunk/LayoutTests

Unreviewed post-review test fixup

  • editing/pasteboard/img-srcset-copy-paste-canonicalization.html:
4:22 PM Changeset in webkit [171957] by Simon Fraser
  • 20 edits in trunk/Source/WebCore

Clean up image subsampling code, make it less iOS-specific
https://bugs.webkit.org/show_bug.cgi?id=134916

Reviewed by Dean Jackson.

Compile the image subsampling code on both Mac and iOS, and make it more platform
neutral in general. Add a setting to allow it to be enabled on Mac for testing.

The most significant changes are in ImageSourceCG and BitmapImageCG. CG's ImageSource
is no longer stateful with respect to subsampling; its functions take a SubsamplingLevel
when appropriate. CG's BitmapImage now determines which level of subsampling to use
for a given frame, storing the subsampling level in the frame data. It can replace
an aggressively subsampled frame with a less subsampled frame if necessary.

To reduce the chances of subsampling affecting rendering, BitmapImage::size() now
always returns the non-subsampled size; subsampling is strictly internal to BitmapImage.
BitmapImage::draw() takes care of scaling the srcRect for subsampled images.

iOS had a code path that enabled caching of frame metadata in BitmapImage without
actually decoding the frame; make this cross-platform.

  • WebCore.exp.in: Changed signature for GraphicsContext::drawNativeImage().
  • WebCore.xcodeproj/project.pbxproj: Added ImageSource.cpp, which is not built

for Cocoa but useful for reference.

  • loader/cache/CachedImage.cpp:

(WebCore::CachedImage::imageSizeForRenderer): Remove iOS-specific subsampling code.
(WebCore::CachedImage::createImage): Call setAllowSubsampling() on the image if we
can get to Settings (m_loader is null for image documents).
(WebCore::CachedImage::currentFrameKnownToBeOpaque): This forced decode always
caused creation of the non-subsampled image, so remove it. There's no reason to
eagerly decode the frame here.

  • loader/cache/CachedImage.h: Fix comment.
  • page/Settings.cpp: Add defaultImageSubsamplingEnabled, true for iOS and false for Mac.
  • page/Settings.in: Added imageSubsamplingEnabled.
  • platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::BitmapImage): Init some more things. Default m_allowSubsampling to
true for iOS to catch images created in code paths where we can't get to Settings.
(WebCore::BitmapImage::haveFrameAtIndex): Handy helper.
(WebCore::BitmapImage::cacheFrame): Now takes the subsampling level and whether to cache
just metadata, or also the frame.
(WebCore::BitmapImage::didDecodeProperties): No need to store originalSize.
(WebCore::BitmapImage::updateSize): When we get the size for the first time, call
determineMinimumSubsamplingLevel() to choose a reasonable subsampling level which takes
platform-specific limits into account.
(WebCore::BitmapImage::dataChanged): Comment.
(WebCore::BitmapImage::ensureFrameIsCached): Take ImageFrameCaching into account.
(WebCore::BitmapImage::frameAtIndex): Choose a subsampling level given the scale,
then determine if we can use the currently cached frame, or whether we should resample.
(WebCore::BitmapImage::frameIsCompleteAtIndex): Caching m_isComplete is now done when caching
frame metadata.
(WebCore::BitmapImage::frameDurationAtIndex):
(WebCore::BitmapImage::frameHasAlphaAtIndex): The 'true' return is the safe return value.
(WebCore::BitmapImage::frameOrientationAtIndex): Caching m_orientation is now done when caching
frame metadata.
(WebCore::BitmapImage::cacheFrameInfo): Deleted.
(WebCore::BitmapImage::originalSize): Deleted.
(WebCore::BitmapImage::originalSizeRespectingOrientation): Deleted.
(WebCore::BitmapImage::currentFrameSize): Deleted.
(WebCore::BitmapImage::ensureFrameInfoIsCached): Deleted.

  • platform/graphics/BitmapImage.h:

(WebCore::FrameData::FrameData):

  • platform/graphics/GraphicsContext.h: No need to pass a scale param now.
  • platform/graphics/ImageSource.cpp: Non-Cocoa changes.

(WebCore::ImageSource::subsamplingLevelForScale):
(WebCore::ImageSource::allowSubsamplingOfFrameAtIndex):
(WebCore::ImageSource::size):
(WebCore::ImageSource::frameSizeAtIndex):
(WebCore::ImageSource::createFrameAtIndex):
(WebCore::ImageSource::frameBytesAtIndex):

  • platform/graphics/ImageSource.h: No longer stores subsampling state.

(WebCore::ImageSource::isSubsampled): Deleted.

  • platform/graphics/cairo/BitmapImageCairo.cpp:

(WebCore::BitmapImage::determineMinimumSubsamplingLevel):

  • platform/graphics/cg/BitmapImageCG.cpp:

(WebCore::FrameData::clear):
(WebCore::BitmapImage::BitmapImage): Init more members.
(WebCore::BitmapImage::determineMinimumSubsamplingLevel): Choose a minimum subsampling
level for the platform (subsample until the image area falls under a threshold).
(WebCore::BitmapImage::checkForSolidColor): Don't bother decoding frames if the image
is not 1x1. Also take care not to decode a non-subsampled image.
(WebCore::BitmapImage::draw): The actual bug fix is here; remove logic that
computed srcRectForCurrentFrame from m_size and m_originalSize; for some callers
srcRect was computed using the pre-subsampled size, and for others it was the subsampled size.
Instead, scale srcRect by mapping between the non-subsampled size, and the size of the CGImageRef
which is affected by subsampling.
(WebCore::BitmapImage::copyUnscaledFrameAtIndex):

  • platform/graphics/cg/GraphicsContext3DCG.cpp:

(WebCore::GraphicsContext3D::ImageExtractor::extractImage): Remove #ifdeffed code.
(WebCore::GraphicsContext3D::paintToCanvas):

  • platform/graphics/cg/GraphicsContextCG.cpp:

(WebCore::GraphicsContext::drawNativeImage): No more weird scaling!

  • platform/graphics/cg/ImageBufferCG.cpp:

(WebCore::ImageBuffer::draw):

  • platform/graphics/cg/ImageSourceCG.cpp:

(WebCore::ImageSource::ImageSource):
(WebCore::createImageSourceOptions): Helper that always returns a new CFDictionaryRef.
(WebCore::imageSourceOptions): If not subsampling, return the cached CFDictionaryRef, otherwise
make a new options dict and return it.
(WebCore::ImageSource::subsamplingLevelForScale): Helper that returns a subsampling level
between 0 and 3 given a scale.
(WebCore::ImageSource::isSizeAvailable): SkipMetadata is a default value for the param now.
(WebCore::ImageSource::allowSubsamplingOfFrameAtIndex): We turn off subsampling for progressive
JPEGs because of a bug, so need this to know if a frame should be subsampled.
(WebCore::ImageSource::frameSizeAtIndex): The looping to find a subsampling level is now in BitmapImageCG.
(WebCore::ImageSource::orientationAtIndex):
(WebCore::ImageSource::size): Always use a subsampling level of 0 for size().
(WebCore::ImageSource::getHotSpot):
(WebCore::ImageSource::repetitionCount):
(WebCore::ImageSource::createFrameAtIndex): The caller mapped a scale to a level.
(WebCore::ImageSource::frameDurationAtIndex):
(WebCore::ImageSource::frameBytesAtIndex):
(WebCore::ImageSource::imageSourceOptions): Deleted.
(WebCore::ImageSource::originalSize): Deleted.

  • platform/graphics/mac/ImageMac.mm:

(WebCore::BitmapImage::invalidatePlatformData): 0 -> nullptr

  • platform/graphics/wince/ImageWinCE.cpp:

(WebCore::BitmapImage::determineMinimumSubsamplingLevel):

4:20 PM Changeset in webkit [171956] by akling@apple.com
  • 7 edits in trunk/Source/WebCore

Many DOM objects have InterceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero for no reason.
<https://webkit.org/b/135519>

Don't set this structure flag unless the object actually has an override
for getOwnPropertySlotByIndex().

Reviewed by Geoffrey Garen.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):

  • bindings/scripts/test/JS/JSTestActiveDOMObject.h:
  • bindings/scripts/test/JS/JSTestException.h:
  • bindings/scripts/test/JS/JSTestInterface.h:
  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestTypedefs.h:
4:14 PM Changeset in webkit [171955] by mmaxfield@apple.com
  • 3 edits in trunk/Source/WebCore

SVG Font kerning can take an early out if the font has no kerning information
https://bugs.webkit.org/show_bug.cgi?id=135524

Reviewed by Dean Jackson.

Rather than calling SVGFontElement::horizontalKerningForPairOfStringsAndGlyphs() again
and again, skip the iteration entirely if every call would return 0.

No new tests because there is no behavior change.

  • rendering/svg/SVGTextRunRenderingContext.cpp:

(WebCore::SVGTextRunRenderingContext::applySVGKerning):

  • svg/SVGFontElement.h:
4:10 PM Changeset in webkit [171954] by mitz@apple.com
  • 3 edits in trunk/Tools

commit-log-editor uses a non-standard message format when git index contains no ChangeLog changes
https://bugs.webkit.org/show_bug.cgi?id=135527

Reviewed by Tim Horton.

  • Scripts/commit-log-editor:

In the case of a git repository when there are no changed ChangeLog files, changed to pass
the --delimiters option to prepare-ChangeLog, then process each entry in the output using
commitMessageFromChangeLogEntry.
(commitMessageFromChangeLogEntry): Factored out from createCommitMessage.
(sortKey): Factored out from createCommitMessage.
(createCommitMessage): Changed to use new sortKey and commitMessageFromChangeLogEntry
subroutines.

  • Scripts/prepare-ChangeLog:

(main): Parse new --delimiters option.
(generateNewChangeLogs): When --no-write and --delimiters are both specified, always print
the label before each change log entry, and a "~" delimiter on a new line after each entry.

3:49 PM Changeset in webkit [171953] by mark.lam@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Add some structure related assertions.
<https://webkit.org/b/135523>

Reviewed by Geoffrey Garen.

Adding 2 assertions:

  1. assert that we don't index pass the end of the StructureIDTable. This should never happen, but this assertion will help catch bugs where a bad structureID gets passed in.
  2. assert that cells in MarkedBlock::callDestructor() that are not zapped should have a non-null StructureID. This will help us catch bugs where the other cell header flag bits get set after the cell is zapped, thereby making the cell look like an unzapped cell but has a null structureID.
  • heap/MarkedBlock.cpp:

(JSC::MarkedBlock::callDestructor):

  • runtime/StructureIDTable.h:

(JSC::StructureIDTable::get):

3:47 PM Changeset in webkit [171952] by Beth Dakin
  • 2 edits in trunk/Source/WebCore

Inspector highlights clipped at the bottom on the page in WK1 views with
contentInsets
https://bugs.webkit.org/show_bug.cgi?id=135480
-and corresponding-
<rdar://problem/17850323>

Forgot to commit this one very critical part with
http://trac.webkit.org/changeset/171951

  • platform/ScrollView.cpp:

(WebCore::ScrollView::unscaledVisibleContentSizeIncludingObscuredArea):

3:39 PM Changeset in webkit [171951] by Beth Dakin
  • 7 edits in trunk/Source/WebCore

Inspector highlights clipped at the bottom on the page in WK1 views with
contentInsets
https://bugs.webkit.org/show_bug.cgi?id=135480
-and corresponding-
<rdar://problem/17850323>

Reviewed by Simon Fraser.

unscaledTotalVisibleContentSize() was the main function on Mac that was expected
to return the rect representing ALL visible content, including content that might
be in an inset area and obscured by UI elements. This patch re-names that function
to unscaledVisibleContentSizeIncludingObscuredArea(), and that patch makes that
function return the right thing in the platformWidget() case.

Re-name.

  • inspector/InspectorOverlay.cpp:

(WebCore::InspectorOverlay::update):

Return platformVisibleContentSizeIncludingObscuredArea() for the platformWidget()
case and re-name.

  • platform/ScrollView.cpp:

(WebCore::ScrollView::unscaledVisibleContentSizeIncludingObscuredArea):

This was just wrong. It was returning the big rectangle instead of the small one
for platformWidget().
(WebCore::ScrollView::unscaledUnobscuredVisibleContentSize):

New platform functions.
(WebCore::ScrollView::platformVisibleContentRectIncludingObscuredArea):
(WebCore::ScrollView::platformVisibleContentSizeIncludingObscuredArea):
(WebCore::ScrollView::unscaledTotalVisibleContentSize): Deleted.

  • platform/ScrollView.h:
  • platform/ios/ScrollViewIOS.mm:

(WebCore::ScrollView::platformVisibleContentRectIncludingObscuredArea):
(WebCore::ScrollView::platformVisibleContentSizeIncludingObscuredArea):

  • platform/mac/ScrollViewMac.mm:

(WebCore::ScrollView::platformVisibleContentRect):
(WebCore::ScrollView::platformVisibleContentSize):
(WebCore::ScrollView::platformVisibleContentRectIncludingObscuredArea):
(WebCore::ScrollView::platformVisibleContentSizeIncludingObscuredArea):

Re-name.

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::flushPendingLayerChanges):
(WebCore::RenderLayerCompositor::frameViewDidChangeSize):
(WebCore::RenderLayerCompositor::updateRootLayerPosition):
(WebCore::RenderLayerCompositor::ensureRootLayer):

3:33 PM Changeset in webkit [171950] by mmaxfield@apple.com
  • 2 edits in trunk/Source/WebCore

SVGGlyph wastes space due to padding
https://bugs.webkit.org/show_bug.cgi?id=135520

Reviewed by Dean Jackson.

Rearrange members in SVGGlyph so there is no wasted padding space.

No new tests because there is no behavior change.

  • platform/graphics/SVGGlyph.h:

(WebCore::SVGGlyph::SVGGlyph):

1:58 PM Changeset in webkit [171949] by Csaba Osztrogonác
  • 2 edits in trunk/Source/JavaScriptCore

URTBF after r171946 to fix non-Apple builds.

  • bytecode/InlineCallFrameSet.cpp:
1:46 PM Changeset in webkit [171948] by Beth Dakin
  • 3 edits in trunk/LayoutTests

REGRESSION (r171891): platform/mac/fast/scrolling/scroll-select-bottom-test.html
failing
https://bugs.webkit.org/show_bug.cgi?id=135485

Now that WK1 really tests contentInset, this test no longer works on platforms
that do not support the real contentInset

  • platform/mac-wk1/TestExpectations:
  • platform/mac/TestExpectations:
1:43 PM Changeset in webkit [171947] by betravis@adobe.com
  • 8 edits in trunk

[Feature Queries] Enable Feature Queries on EFL/GTK
https://bugs.webkit.org/show_bug.cgi?id=134902

Reviewed by Benjamin Poulain.

.:
Enable CSS Feature Queries by default on the EFL and GTK
platforms.

  • Source/cmake/OptionsEfl.cmake:
  • Source/cmake/OptionsGTK.cmake:

Tools:
Turn the feature on by default for the build script.

  • Scripts/webkitperl/FeatureList.pm:

LayoutTests:
Resume running the CSS Feature Query tests on the EFL and GTK platforms.

  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:
1:17 PM Changeset in webkit [171946] by ggaren@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

CodeBlock fails to visit the Executables of its InlineCallFrames
https://bugs.webkit.org/show_bug.cgi?id=135471

Patch by Mark Hahnenberg <mhahnenberg@apple.com> on 2014-08-01
Reviewed by Geoffrey Garen.

CodeBlock needs to visit its InlineCallFrames' owner Executables. If it doesn't, they
can be prematurely collected and cause crashes.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::stronglyVisitStrongReferences):

  • bytecode/CodeOrigin.h:

(JSC::InlineCallFrame::visitAggregate):

  • bytecode/InlineCallFrameSet.cpp:

(JSC::InlineCallFrameSet::visitAggregate):

  • bytecode/InlineCallFrameSet.h:
1:01 PM Changeset in webkit [171945] by timothy_horton@apple.com
  • 3 edits in trunk/Tools

Build fix for 32-bit after r171926.

  • MiniBrowser/mac/SettingsController.h:
  • MiniBrowser/mac/SettingsController.m:
12:42 PM Changeset in webkit [171944] by dino@apple.com
  • 2 edits in trunk/Source/WebCore

[Media iOS] Ensure there is a nice default fallback for missing wireless target names
https://bugs.webkit.org/show_bug.cgi?id=135488
<rdar://problem/17879156>

Reviewed by Eric Carlson.

We occasionally run into cases where this.host.externalDeviceDisplayName
is empty or null, creating a pretty ugly/confusing string in the
wireless playback status screen.

If this happens, we should default to using "Apple TV".

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.updateWirelessPlaybackStatus): Check if the externalDeviceDisplayName
is empty or null, and fall back to "Apple TV" if so.

12:19 PM Changeset in webkit [171943] by oliver@apple.com
  • 9 edits in trunk/Source/WebKit2

Various frameworks may want to use the container temp directory, so our current restrictions are too tight
https://bugs.webkit.org/show_bug.cgi?id=135518
<rdar://17869279>

Reviewed by Anders Carlsson.

We don't (and can't) have complete knowledge of what different frameworks
will want to use the container temporary directory for, and so our
current attempt to heavily restrict access is simply too tight.

This patch recognises this by simply giving read-write access to the
entire NSTemporary() directory (e.g. $container/tmp in the general case),
rather than the single sub directory we wishfully thought that we would
be able to get away with.

  • Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode):
(WebKit::WebProcessCreationParameters::decode):

  • Shared/WebProcessCreationParameters.h:
  • UIProcess/WebContext.cpp:

(WebKit::WebContext::createNewWebProcess):
(WebKit::WebContext::mediaCacheDirectory): Deleted.

  • UIProcess/WebContext.h:
  • UIProcess/efl/WebContextEfl.cpp:

(WebKit::WebContext::containerTemporaryDirectory):
(WebKit::WebContext::platformMediaCacheDirectory): Deleted.

  • UIProcess/gtk/WebContextGtk.cpp:

(WebKit::WebContext::containerTemporaryDirectory):
(WebKit::WebContext::platformMediaCacheDirectory): Deleted.

  • UIProcess/mac/WebContextMac.mm:

(WebKit::WebContext::containerTemporaryDirectory):
(WebKit::WebContext::platformMediaCacheDirectory): Deleted.

  • WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess):

12:19 PM Changeset in webkit [171942] by achristensen@apple.com
  • 11 edits
    2 adds in trunk

Progress towards cmake on Windows.
https://bugs.webkit.org/show_bug.cgi?id=135484

Reviewed by Martin Robinson.

.:

  • CMakeLists.txt:

Added Mac to list of ports, even though it is not done yet.
Changed minimum bison version to version installed on Macs.

  • Source/cmake/OptionsAppleWin.cmake:

Added some definitions.

  • Source/cmake/OptionsEfl.cmake:
  • Source/cmake/OptionsGTK.cmake:

Set WTF_LIBRARY_TYPE to STATIC to not change WTF linking on EFL or GTK ports.

  • Source/cmake/OptionsMac.cmake: Added blank for now.
  • Source/cmake/OptionsWinCairo.cmake:
  • Source/cmake/OptionsWindows.cmake:

Added some definitions.
Removed /WX (warnings treated as error while compiling).
Copied warnings to ignore from WebKitLibraries/win/tools/vsprops/common.props.

Source/JavaScriptCore:

  • CMakeLists.txt:

Generate code directly to inspector directory to avoid using the cp command
which is not available on Windows.

  • PlatformWin.cmake: Added.

Source/WTF:

  • wtf/CMakeLists.txt:

Added WTF_LIBRARY_TYPE because Windows needs WTF to be a shared library.

12:08 PM Changeset in webkit [171941] by mmaxfield@apple.com
  • 9 edits
    3 adds in trunk

URLs in srcset attributes are not made absolute upon copy and paste
https://bugs.webkit.org/show_bug.cgi?id=135448

Reviewed by Ryosuke Niwa.

Source/WebCore:
When pasting, canonicalize URLs in srcset the same way we do with src.

Test: editing/pasteboard/img-srcset-copy-paste-canonicalization.html

  • dom/Element.cpp:

(WebCore::Element::completeURLsInAttributeValue): Initial implemention, moved from markup.cpp.

  • dom/Element.h:

(WebCore::Element::attributeContainsURL): New function for completeURLs to call.
(WebCore::Element::completeURLsInAttributeValue): Only called if attributeContainsURL returns
true. Default implementation simply calls isURLAttribute().

  • editing/markup.cpp:

(WebCore::completeURLs): Call attributeContainsURL() and completeURLsInAttributeValue() to
complete the URL, so nodes can perform their own behavior.

  • html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::attributeContainsURL): Return true for srcset.
(WebCore::HTMLImageElement::completeUrlAttributeValue): Use our existing srcset parser to
parse the srcset attribute, then use its output to canonicalize URLs, and build it back up
into a string.

  • html/HTMLImageElement.h:

(WebCore::HTMLImageElement::attributeContainsURL):
(WebCore::HTMLImageElement::completeUrlAttributeValue):

  • html/parser/HTMLSrcsetParser.cpp: Make parseImageCandidatesFromSrcsetAttribute() public

and change its signature to return its result.
(WebCore::parseImageCandidatesFromSrcsetAttribute):

  • html/parser/HTMLSrcsetParser.h: Ditto.

LayoutTests:
Copy and paste a srcset image with relative URLs, and make sure that the
pasted srcset attribute doesn't match what it was before. I can't actually
dump the new srcset because it will include a full path of the file on the
user's system, and would therefore be machine-specific.

  • editing/pasteboard/img-srcset-copy-paste-canonicalization-expected.txt:
  • editing/pasteboard/img-srcset-copy-paste-canonicalization.html: Paste and check.
  • editing/pasteboard/resources/img-srcset-copy-paste-canonicalization-iframe.html:

This has to be an iframe because we don't perform any url canonicalization if we
are copying and pasting from a document into itself.

12:06 PM Changeset in webkit [171940] by jonowells@apple.com
  • 5 edits in trunk/Source/WebInspectorUI

Web Inspector: Timeline header height doesn't match style updates.
https://bugs.webkit.org/show_bug.cgi?id=135516

Reviewed by Timothy Hatcher.

Update the timeline header height to match the updates
to the navigation bars in other panels made in
https://bugs.webkit.org/show_bug.cgi?id=135445. Also
update the shadows on some of the search bars.

  • UserInterface/Views/FilterBar.css:

(.filter-bar > input[type="search"]):
(body.mac-platform.legacy .filter-bar > input[type="search"]):

  • UserInterface/Views/FindBanner.css:

(.find-banner > input[type="search"]):
(body.mac-platform.legacy .find-banner > input[type="search"]):

  • UserInterface/Views/LogContentView.css:

(.search-bar.log-search-bar > input[type="search"]):
(body.mac-platform.legacy .search-bar.log-search-bar > input[type="search"]):
Remove inset shadows on search bars.

  • UserInterface/Views/TimelineSidebarPanel.css:

(.sidebar > .panel.navigation.timeline > .status-bar):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .status-bar):
(.sidebar > .panel.navigation.timeline > .status-bar > .record-glyph):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .status-bar > .record-glyph):
(.sidebar > .panel.navigation.timeline > .status-bar > .record-status):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .status-bar > .record-status):
(.sidebar > .panel.navigation.timeline > .title-bar.timelines):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .title-bar.timelines):
(.sidebar > .panel.navigation.timeline > .title-bar.timeline-events):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .title-bar.timeline-events):
(.sidebar > .panel.navigation.timeline > .timelines-content):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .timelines-content):
(.sidebar > .panel.navigation.timeline > .empty-content-placeholder):
(body.mac-platform.legacy .sidebar > .panel.navigation.timeline > .empty-content-placeholder):
Update the height of the timeline status bar.

11:57 AM Changeset in webkit [171939] by akling@apple.com
  • 87 edits in trunk/Source

Remove the JSC::OverridesVisitChildren flag.
<https://webkit.org/b/135489>

Source/JavaScriptCore:
Except for 3 special classes, the visitChildren() call is always
dispatched through the method table (see SlotVisitor.cpp.)

The OverridesVisitChildren flag doesn't actually do anything.
It could be used to implement a non-virtual direct call to
JSCell::visitChildren, bypassing the method table for some objects,
but such a micro-optimization seems like a weak trade for all this
code complexity. Instead, just remove the flag.

This change frees up an inline flag bit in JSCell.

Reviewed by Geoffrey Garen.

  • API/JSAPIWrapperObject.h:
  • API/JSAPIWrapperObject.mm:

(JSC::JSAPIWrapperObject::visitChildren):

  • API/JSCallbackObject.h:

(JSC::JSCallbackObject::visitChildren):

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedFunctionExecutable::visitChildren):
(JSC::UnlinkedCodeBlock::visitChildren):
(JSC::UnlinkedProgramCodeBlock::visitChildren):

  • bytecode/UnlinkedCodeBlock.h:
  • debugger/DebuggerScope.cpp:

(JSC::DebuggerScope::visitChildren):

  • debugger/DebuggerScope.h:
  • jsc.cpp:
  • runtime/Arguments.cpp:

(JSC::Arguments::visitChildren):

  • runtime/Arguments.h:
  • runtime/Executable.cpp:

(JSC::EvalExecutable::visitChildren):
(JSC::ProgramExecutable::visitChildren):
(JSC::FunctionExecutable::visitChildren):

  • runtime/Executable.h:
  • runtime/GetterSetter.cpp:

(JSC::GetterSetter::visitChildren):

  • runtime/GetterSetter.h:

(JSC::GetterSetter::createStructure):

  • runtime/JSAPIValueWrapper.h:

(JSC::JSAPIValueWrapper::createStructure):

  • runtime/JSActivation.cpp:

(JSC::JSActivation::visitChildren):

  • runtime/JSActivation.h:
  • runtime/JSArrayIterator.cpp:

(JSC::JSArrayIterator::visitChildren):

  • runtime/JSArrayIterator.h:
  • runtime/JSBoundFunction.cpp:

(JSC::JSBoundFunction::visitChildren):

  • runtime/JSBoundFunction.h:
  • runtime/JSCellInlines.h:

(JSC::JSCell::setStructure):

  • runtime/JSFunction.cpp:

(JSC::JSFunction::visitChildren):

  • runtime/JSFunction.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::visitChildren):

  • runtime/JSGlobalObject.h:
  • runtime/JSMap.h:
  • runtime/JSMapIterator.cpp:

(JSC::JSMapIterator::visitChildren):

  • runtime/JSMapIterator.h:
  • runtime/JSNameScope.cpp:

(JSC::JSNameScope::visitChildren):

  • runtime/JSNameScope.h:
  • runtime/JSPromise.cpp:

(JSC::JSPromise::visitChildren):

  • runtime/JSPromise.h:
  • runtime/JSPromiseDeferred.cpp:

(JSC::JSPromiseDeferred::visitChildren):

  • runtime/JSPromiseDeferred.h:
  • runtime/JSPromiseReaction.cpp:

(JSC::JSPromiseReaction::visitChildren):

  • runtime/JSPromiseReaction.h:
  • runtime/JSPropertyNameIterator.cpp:

(JSC::JSPropertyNameIterator::visitChildren):

  • runtime/JSPropertyNameIterator.h:
  • runtime/JSProxy.cpp:

(JSC::JSProxy::visitChildren):

  • runtime/JSProxy.h:
  • runtime/JSScope.cpp:

(JSC::JSScope::visitChildren):

  • runtime/JSScope.h:
  • runtime/JSSegmentedVariableObject.cpp:

(JSC::JSSegmentedVariableObject::visitChildren):

  • runtime/JSSegmentedVariableObject.h:
  • runtime/JSSet.h:
  • runtime/JSSetIterator.cpp:

(JSC::JSSetIterator::visitChildren):

  • runtime/JSSetIterator.h:
  • runtime/JSSymbolTableObject.cpp:

(JSC::JSSymbolTableObject::visitChildren):

  • runtime/JSSymbolTableObject.h:
  • runtime/JSTypeInfo.h:

(JSC::TypeInfo::overridesVisitChildren): Deleted.

  • runtime/JSWeakMap.h:
  • runtime/JSWithScope.cpp:

(JSC::JSWithScope::visitChildren):

  • runtime/JSWithScope.h:
  • runtime/JSWrapperObject.cpp:

(JSC::JSWrapperObject::visitChildren):

  • runtime/JSWrapperObject.h:
  • runtime/MapData.h:
  • runtime/NativeErrorConstructor.cpp:

(JSC::NativeErrorConstructor::visitChildren):

  • runtime/NativeErrorConstructor.h:
  • runtime/PropertyMapHashTable.h:
  • runtime/PropertyTable.cpp:

(JSC::PropertyTable::visitChildren):

  • runtime/RegExpConstructor.cpp:

(JSC::RegExpConstructor::visitChildren):

  • runtime/RegExpConstructor.h:
  • runtime/RegExpMatchesArray.cpp:

(JSC::RegExpMatchesArray::visitChildren):

  • runtime/RegExpMatchesArray.h:
  • runtime/RegExpObject.cpp:

(JSC::RegExpObject::visitChildren):

  • runtime/RegExpObject.h:
  • runtime/SparseArrayValueMap.h:
  • runtime/Structure.cpp:

(JSC::Structure::Structure):
(JSC::Structure::visitChildren):

  • runtime/StructureChain.cpp:

(JSC::StructureChain::visitChildren):

  • runtime/StructureChain.h:
  • runtime/StructureRareData.cpp:

(JSC::StructureRareData::visitChildren):

  • runtime/StructureRareData.h:
  • runtime/WeakMapData.h:

Source/WebCore:
Tweak the bindings code generator to stop spitting out the flag.

Reviewed by Geoffrey Garen.

  • bindings/js/JSDOMBinding.h:
  • bindings/js/JSDOMGlobalObject.cpp:

(WebCore::JSDOMGlobalObject::visitChildren):

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GenerateImplementation):

11:54 AM Changeset in webkit [171938] by matthew_hanson@apple.com
  • 1 delete in tags/Safari-600.1.2.5/Safari-600.1.2.4

Remove extraneous tag.

11:53 AM Changeset in webkit [171937] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[MSE][Mac] Volume is not remembered between items in a YouTube playlist
https://bugs.webkit.org/show_bug.cgi?id=135479

Reviewed by Eric Carlson.

When an AVSampleBufferAudioRenderer is added to the player, set its -volume and -muted
properties with the current values from the HTMLMediaElement.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addAudioRenderer):

11:50 AM Changeset in webkit [171936] by matthew_hanson@apple.com
  • 3 edits
    1 copy in tags/Safari-600.1.2.5

Merge r171903. <rdar://problem/17877481>

11:44 AM Changeset in webkit [171935] by timothy_horton@apple.com
  • 4 edits in trunk/Tools

Confusing build fix after r171926.

  • MiniBrowser/mac/AppDelegate.h:
  • MiniBrowser/mac/AppDelegate.m:
  • MiniBrowser/mac/SettingsController.m:
11:33 AM Changeset in webkit [171934] by matthew_hanson@apple.com
  • 2 edits in tags/Safari-600.1.4.3/Source/WebCore

Merge r171259. <rdar://problem/17718984>

11:32 AM Changeset in webkit [171933] by matthew_hanson@apple.com
  • 2 edits in tags/Safari-600.1.4.3/Source/WebCore

Merge r171259. <rdar://problem/17718984>

11:30 AM Changeset in webkit [171932] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

Fix the iOS build after r171891

  • platform/ios/ScrollViewIOS.mm:

(WebCore::ScrollView::platformTopContentInset):
(WebCore::ScrollView::platformSetTopContentInset):

11:29 AM Changeset in webkit [171931] by psolanki@apple.com
  • 15 edits in trunk/Source/WebCore

Remove EventNames.h include from header files
https://bugs.webkit.org/show_bug.cgi?id=135486

Reviewed by Alexey Proskuryakov.

No new tests because no functional changes.

  • Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.h:
  • Modules/gamepad/GamepadEvent.h:
  • Modules/indexeddb/IDBRequest.h:
  • Modules/indexeddb/IDBTransaction.h:
  • Modules/mediastream/RTCStatsResponse.h:
  • Modules/websockets/WebSocket.h:
  • css/FontLoader.h:
  • dom/SecurityPolicyViolationEvent.h:
  • loader/appcache/DOMApplicationCache.h:
  • workers/AbstractWorker.h:
  • workers/Worker.h:
  • workers/WorkerGlobalScope.h:
  • xml/XMLHttpRequest.h:
  • xml/XMLHttpRequestProgressEvent.h:
11:28 AM Changeset in webkit [171930] by matthew_hanson@apple.com
  • 5 edits in tags/Safari-600.1.4.3/Source

Versioning.

11:26 AM Changeset in webkit [171929] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merge r171259. <rdar://problem/17718984>

11:22 AM Changeset in webkit [171928] by mitz@apple.com
  • 6 edits in trunk/Source/WebKit2

<rdar://problem/17862013> REGRESSION (r169357): Disabling "allow plug-ins" doesn't stick on quit/relaunch
https://bugs.webkit.org/show_bug.cgi?id=135511

Reviewed by Alexey Proskuryakov.

Since the values map in the preferences store doesn’t include values that are equal to the
defaults, we need to update it when a new default is registered.

  • UIProcess/WebPreferences.cpp:

(WebKit::WebPreferences::createWithLegacyDefaults): Changed to use new member functions
for registering defaults.
(WebKit::WebPreferences::registerDefaultBoolValueForKey): Added. Sets an override default
in the store, and sets the user default, if there is one, on top of it.
(WebKit::WebPreferences::registerDefaultUInt32ValueForKey): Ditto.

  • UIProcess/WebPreferences.h: Declared new member functions for getting the user default

value for a key.

  • UIProcess/efl/WebPreferencesEfl.cpp:

(WebKit::WebPreferences::platformGetStringUserValueForKey): Added an implementation that
returns false, because the EFL port doesn’t support persistent user defaults.
(WebKit::WebPreferences::platformGetBoolUserValueForKey): Ditto.
(WebKit::WebPreferences::platformGetUInt32UserValueForKey): Ditto.
(WebKit::WebPreferences::platformGetDoubleUserValueForKey): Ditto.

  • UIProcess/gtk/WebPreferencesGtk.cpp:

(WebKit::WebPreferences::platformGetStringUserValueForKey): Ditto for the GTK port.
(WebKit::WebPreferences::platformGetBoolUserValueForKey): Ditto.
(WebKit::WebPreferences::platformGetUInt32UserValueForKey): Ditto.
(WebKit::WebPreferences::platformGetDoubleUserValueForKey): Ditto.

  • UIProcess/mac/WebPreferencesMac.mm:

(WebKit::WebPreferences::platformGetStringUserValueForKey): Added. Replaces
setStringValueIfInUserDefaults, on which it is based.
(WebKit::WebPreferences::platformGetBoolUserValueForKey): Similarly for booleans.
(WebKit::WebPreferences::platformGetUInt32UserValueForKey): Similarly for integers.
(WebKit::WebPreferences::platformGetDoubleUserValueForKey): Similarly for doubles.
(WebKit::WebPreferences::platformInitializeStore): Changed to use the above functions.

11:21 AM Changeset in webkit [171927] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merge r171259. <rdar://problem/17718984>

11:21 AM Changeset in webkit [171926] by timothy_horton@apple.com
  • 8 edits
    2 adds in trunk/Tools

Make it easer to add switches to MiniBrowser
https://bugs.webkit.org/show_bug.cgi?id=135499

Reviewed by Simon Fraser.

Add a single class to manage a set of persistent, global settings for MiniBrowser.
Add a new menu that contains items to toggle the aforementioned settings (moving them out of the Debug menu).

  • MiniBrowser/MiniBrowser.xcodeproj/project.pbxproj:

Add SettingsController.{m, h}.

  • MiniBrowser/mac/AppDelegate.h:

Move _browserWindowControllers to the implementation.
Get rid of toggleUseWebKit2ByDefault, because SettingsController now takes care
of that; instead, we'll receive didChangeSettings.

  • MiniBrowser/mac/AppDelegate.m:

Move the default URL, default URL preference key, and use-WebKit2-by-default
preference key into SettingsController.

(-[BrowserAppDelegate awakeFromNib]):
Add the dynamically-generated SettingsController menu just to the left of the Debug menu.

(-[BrowserAppDelegate newWindow:]):
Ask SettingsController if we should use WebKit2 by default, and what the initial URL to load is.

(-[BrowserAppDelegate applicationDidFinishLaunching:]):
SettingsController now takes care of reading the default URL preference.
WK1BrowserWindowController now takes care of enabling the developer extras, via WebPreferences.

(-[BrowserAppDelegate didChangeSettings]):
When settings change, update the key equivalents for the new-window menu items, as they
might have changed (as use-WebKit2-by-default is one of the settings).

Dispatch settings change notifications to all live BrowserControllers.

(-[BrowserAppDelegate _updateNewWindowKeyEquivalents]):
(-[BrowserAppDelegate toggleUseWebKit2ByDefault:]): Deleted.
(-[BrowserAppDelegate _useWebKit2ByDefault]): Deleted.
(-[BrowserAppDelegate validateMenuItem:]): Deleted.
All menu item validation for settings is moved into SettingsController.

  • MiniBrowser/mac/BrowserWindowController.h:

Simplify the BrowserWindowController interface; "toggling" settings will happen inside SettingsController,
the BrowserWindowController subclasses will be able to a) know when any setting changes, b) query the current setting state.

  • MiniBrowser/mac/MainMenu.xib:

Remove the settings menu items from the "Debug" menu.

  • MiniBrowser/mac/SettingsController.h: Added.
  • MiniBrowser/mac/SettingsController.m: Added.

(+[SettingsController shared]):
(-[SettingsController menu]):

(-[SettingsController _addItemWithTitle:action:indented:]):
(-[SettingsController _addHeaderWithTitle:]):
NSMenuItem-creating helpers.

(-[SettingsController _populateMenu]):
Build the menu. Ideally this and the validation step would eventually be made more dynamic.

(-[SettingsController validateMenuItem:]):
Validate menu items; since they can be used to toggle the default state of a setting,
we'll always return YES. However, we will use this opportunity to set the 'checked' state
of each item.

(-[SettingsController _toggleBooleanDefault:]):
Toggle the given boolean default, and notify BrowserAppDelegate that something changed.

(-[SettingsController toggleUseWebKit2ByDefault:]):
(-[SettingsController useWebKit2ByDefault]):
(-[SettingsController toggleUseTransparentWindows:]):
(-[SettingsController useTransparentWindows]):
(-[SettingsController toggleUsePaginatedMode:]):
(-[SettingsController usePaginatedMode]):
(-[SettingsController toggleUseUISideCompositing:]):
(-[SettingsController useUISideCompositing]):
(-[SettingsController toggleShowLayerBorders:]):
(-[SettingsController layerBordersVisible]):
(-[SettingsController toggleShowTiledScrollingIndicator:]):
(-[SettingsController tiledScrollingIndicatorVisible]):
(-[SettingsController toggleEnableSubPixelCSSOMMetrics:]):
(-[SettingsController subPixelCSSOMMetricsEnabled]):
(-[SettingsController defaultURL]):
Toggle or return the current state of each preference.

  • MiniBrowser/mac/WK1BrowserWindowController.m:

(-[WK1BrowserWindowController awakeFromNib]):
(-[WK1BrowserWindowController validateMenuItem:]):
(-[WK1BrowserWindowController windowWillClose:]):
(-[WK1BrowserWindowController find:]):
(-[WK1BrowserWindowController dumpSourceToConsole:]):
(-[WK1BrowserWindowController didChangeSettings]):
(-[WK1BrowserWindowController webView:didReceiveTitle:forFrame:]):
(-[WK1BrowserWindowController isPaginated]): Deleted.
(-[WK1BrowserWindowController togglePaginationMode:]): Deleted.
(-[WK1BrowserWindowController toggleTransparentWindow:]): Deleted.
(-[WK1BrowserWindowController isSubpixelCSSOMElementMetricsEnabled]): Deleted.
(-[WK1BrowserWindowController toggleSubpixelCSSOMElementMetricsEnabled:]): Deleted.
(-[WK1BrowserWindowController layerBordersVisible]): Deleted.
(-[WK1BrowserWindowController toggleLayerBordersVisibility:]): Deleted.

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController awakeFromNib]):
(-[WK2BrowserWindowController validateMenuItem:]):
(-[WK2BrowserWindowController forceRepaint:]):
(-[WK2BrowserWindowController windowWillClose:]):
(-[WK2BrowserWindowController didChangeSettings]):
(-[WK2BrowserWindowController isPaginated]): Deleted.
(-[WK2BrowserWindowController togglePaginationMode:]): Deleted.
(-[WK2BrowserWindowController toggleTransparentWindow:]): Deleted.
(-[WK2BrowserWindowController isUISideCompositingEnabled]): Deleted.
(-[WK2BrowserWindowController toggleUISideCompositing:]): Deleted.
(-[WK2BrowserWindowController layerBordersVisible]): Deleted.
(-[WK2BrowserWindowController toggleLayerBordersVisibility:]): Deleted.
(-[WK2BrowserWindowController tiledScrollingIndicatorVisible]): Deleted.
(-[WK2BrowserWindowController toggleTiledScrollingIndicatorVisibility:]): Deleted.

11:20 AM Changeset in webkit [171925] by Simon Fraser
  • 2 edits in trunk/Source/WebCore

nullptr goodness in RenderLayer
https://bugs.webkit.org/show_bug.cgi?id=135512

Reviewed by Brent Fulgham.

Use nullptr in RenderLayer.

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::RenderLayer):
(WebCore::RenderLayer::updateDescendantDependentFlags):
(WebCore::accumulateOffsetTowardsAncestor):
(WebCore::RenderLayer::scrollRectToVisible):
(WebCore::RenderLayer::destroyScrollbar):
(WebCore::RenderLayer::paintLayerContents):
(WebCore::RenderLayer::hitTestFixedLayersInNamedFlows):
(WebCore::RenderLayer::hitTestLayer):
(WebCore::RenderLayer::hitTestList):
(WebCore::RenderLayer::calculateClipRects):

11:19 AM Changeset in webkit [171924] by timothy_horton@apple.com
  • 3 edits in trunk/Tools

MiniBrowser doesn't support data URLs
https://bugs.webkit.org/show_bug.cgi?id=135492

Reviewed by Simon Fraser.

  • MiniBrowser/mac/BrowserWindowController.m:

(-[BrowserWindowController addProtocolIfNecessary:]):
Don't add http:// to data: URLs.

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController fetch:]):
(-[WK2BrowserWindowController updateTextFieldFromURL:]):
Percent-escape the contents of the address field before trying to make a URL.
Percent-unescape the URL when displaying it in the address field.
This is not great, but trivial and good-enough-for-Minibrowser.

11:16 AM Changeset in webkit [171923] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

Build fix for iOS

  • bindings/objc/DOM.mm:

(-[DOMRange renderedImageForcingBlackText:renderedImageForcingBlackText:]):
We use CGImageRef instead of NSImage here on iOS.

11:13 AM WebKitGTK/KeepingTheTreeGreen edited by clopez@igalia.com
(diff)
10:46 AM Changeset in webkit [171922] by matthew_hanson@apple.com
  • 5 edits in branches/safari-600.1.4-branch/Source

Versioning.

10:44 AM Changeset in webkit [171921] by matthew_hanson@apple.com
  • 1 copy in tags/Safari-600.1.4.3

New Tag.

10:38 AM Changeset in webkit [171920] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit2

[Mac] Fullscreen mode for some applications shows only a black screen.
https://bugs.webkit.org/show_bug.cgi?id=135493
<rdar://problem/17628212>

Reviewed by Jer Noble.

In some applications, the window hosting the WKView is an InProcess layer hosting mode.
The fullscreen window created by the WKFullScreenWindowController defaults to an
OutOfProcess mode.

When this kind of mismatch is encountered, the WK2 layer in the UI process is supposed
to send a message back to the WebProcess indicating that the layer hosting mode of the
containing window is different, so that the WebProcess can adjust its logic accordingly.
Unfortunately, the notification that this had happened was not getting sent to the
WebProcess due to an optimization in window state change logic (see Bug 135509 for
details).

The fix is to check layer hosting mode state when a WKView is added to a window, and
notify the WebProcess when it needs to change state to match.

  • UIProcess/API/mac/WKView.mm:

(-[WKView viewDidMoveToWindow]): When moving to a new window, always call
'layerHostingModeDidChange' to pick up any changes in the layer hosting mode.

10:32 AM Changeset in webkit [171919] by matthew_hanson@apple.com
  • 2 edits in branches/safari-600.1.4-branch/Source/WebCore

Merge r171895. <rdar://problem/17835345>

10:02 AM Changeset in webkit [171918] by matthew_hanson@apple.com
  • 1 copy in tags/Safari-600.1.2.5/Safari-600.1.2.4

New Tag.

9:15 AM Changeset in webkit [171917] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

ASSERTION FAILED: listNode in WebCore::RenderListItem::updateListMarkerNumbers
https://bugs.webkit.org/show_bug.cgi?id=134970

Patch by Renato Nagy <nagy.renato@stud.u-szeged.hu> on 2014-08-01
Reviewed by Zalan Bujtas.

Removed an unnecessary assert, because the null return value of enclosingList() is
handled properly after this assert.

  • rendering/RenderListItem.cpp:

(WebCore::RenderListItem::updateListMarkerNumbers):

6:42 AM Changeset in webkit [171916] by Michał Pakuła vel Rutka
  • 4 edits in trunk/LayoutTests

Unreviewed EFL gardening

Add test expectations for failing tests. Remove flaky test expectations that are
no longer correct.

  • platform/efl/TestExpectations:
  • platform/efl/fast/text/khmer-lao-font-expected.txt: Update expected result.
  • svg/W3C-SVG-1.1/shapes-rect-02-t-expected.txt: Update after r171046.
6:34 AM Changeset in webkit [171915] by Carlos Garcia Campos
  • 7 edits in trunk

[CMake] GTK and EFL are using PROJECT_VERSION_PATCH to define the micro version
https://bugs.webkit.org/show_bug.cgi?id=135501

Reviewed by Gyuyoung Kim.

Use PROJECT_VERSION_MICRO instead.

.:

  • Source/cmake/OptionsEfl.cmake:
  • Source/cmake/OptionsGTK.cmake:
  • Source/cmake/WebKitHelpers.cmake:

Source/WebKit2:

  • UIProcess/API/efl/EWebKit2.h.in:
  • UIProcess/API/gtk/WebKitVersion.h.in:
3:48 AM Changeset in webkit [171914] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

Unreviewed. Add missing sections to documentation.

  • UIProcess/API/gtk/docs/webkit2gtk-docs.sgml: Add

WebKitUserContent and WebKitUserContentManager sections to the
documentation.

2:59 AM Changeset in webkit [171913] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.5.1

WebKitGTK+ 2.5.1

1:14 AM Changeset in webkit [171912] by Michał Pakuła vel Rutka
  • 2 edits in trunk/LayoutTests

Unreviewed EFL gardening

Update test expectations for crashing webgl tests.

  • platform/efl/TestExpectations:
12:26 AM Changeset in webkit [171911] by gyuyoung.kim@samsung.com
  • 2 edits in trunk/Source/WebCore

Replace DEPRECATED_DEFINE_STATIC_LOCAL with NeverDestroyed<T> in NavigatorContentUtils
https://bugs.webkit.org/show_bug.cgi?id=135494

Reviewed by Andrei Bucur.

Use static NeverDestroyed<T> variables instead of the DEPRECATED_DEFINE_STATIC_LOCAL macro.

No new tests, no behavior changes.

  • Modules/navigatorcontentutils/NavigatorContentUtils.cpp:

(WebCore::customHandlersStateString):
(WebCore::NavigatorContentUtils::isProtocolHandlerRegistered):

12:24 AM Changeset in webkit [171910] by ryuan.choi@samsung.com
  • 2 edits in trunk/Source/WebKit2

[EFL] Unable to do make install since r171901
https://bugs.webkit.org/show_bug.cgi?id=135497

Reviewed by Gyuyoung Kim.

  • PlatformEfl.cmake: Removed ewk_defins.h from the installation list.
Note: See TracTimeline for information about the timeline view.