Context Navigation

← Previous Period
Next Period →

Timeline

Mar 3, 2015:

11:55 PM Changeset in webkit [180996] by yoav@yoav.ws

14 edits
10 adds in trunk

Add a microtask abstraction
https://bugs.webkit.org/show_bug.cgi?id=137496

Reviewed by Sam Weinig.

Source/WebCore:

This patch adds a microtask abstraction: https://html.spec.whatwg.org/multipage/webappapis.html#microtask
That abstraction is required in order to enable async loading of images,
which is in turn required to enable support for the picture element, as well as
to make sure that the order of properties set on HTMLImageElement has no implications.

A similar patch was rolled back in r180914. This patch is an improved version.

WebCore.vcxproj/WebCore.vcxproj: Add MicroTask.{h,cpp} to the project.
WebCore.vcxproj/WebCoreTestSupport.vcxproj: Add MicroTaskTest.{h,cpp} to the project.
WebCore.vcxproj/WebCore.vcxproj.filters: Add MicroTask.{h,cpp} to the project.
WebCore.vcxproj/WebCoreTestSupport.vcxproj.filters: Add MicroTaskTest.{h,cpp} to the project.
WebCore.xcodeproj/project.pbxproj: Add MicroTask{,Test}.{h,cpp} to the project.
dom/Document.h: Add WEBCORE_EXPORT to addConsoleMessage, so it can be used in MicroTaskTest that's in WebCoreTestSupport..
dom/MicroTask.h: Add a MicroTask interface class. Add a MicroTaskQueue singleton.

(WebCore::MicroTask::~MicroTask):
(WebCore::MicroTask::run): Run the microtask.

dom/MicroTask.cpp: Implement the MicroTaskQueue singleton.

(WebCore::MicroTaskQueue::singleton): Get a singleton instance of MicroTaskQueue.
(WebCore::MicroTaskQueue::queueMicroTask): Add a microtask to the queue.
(WebCore::MicroTaskQueue::runMicroTasks): Run all the microtasks in the queue and clear it.

dom/ScriptRunner.cpp: Trigger running of all microtasks in queue.

(WebCore::ScriptRunner::timerFired):

html/parser/HTMLScriptRunner.cpp: Trigger running of all microtasks in queue.

(WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent):
(WebCore::HTMLScriptRunner::executeScriptsWaitingForParsing):
(WebCore::HTMLScriptRunner::runScript):

testing/Internals.cpp: Add a method to queue a test microtask.

(WebCore::Internals::queueMicroTask):

testing/Internals.h: Add a method to queue a test microtask.

(WebCore::Internals::queueMicroTask):

testing/Internals.idl: Expose test microtask queueing to test JS.
testing/MicroTaskTest.cpp: Add a test class that implements a microtask and prints to the console when it runs.

(WebCore::MicroTaskTest::run): Run the microtask
(WebCore::MicroTaskTest::create): Create a test microtask.

testing/MicroTaskTest.h: Add a test class that implements a microtask.

(WebCore::MicroTaskTest::run):
(WebCore::MicroTaskTest::create):

LayoutTests:

Adding a test for microtask abstraction.
A similar patch was rolled back in r180914.

fast/dom/microtask-detach.html: Added.
fast/dom/microtask-detach-expected.txt: Added.
fast/dom/microtask-inorder.html: Added.
fast/dom/microtask-inorder-expected.txt: Added.
fast/dom/microtask-reverse.html: Added.
fast/dom/microtask-reverse-expected.txt: Added.

11:52 PM Changeset in webkit [180995] by bshafiei@apple.com

5 edits in trunk/Source

Versioning.

11:51 PM Changeset in webkit [180994] by bshafiei@apple.com

1 copy in tags/Safari-601.1.21

New tag.

10:55 PM Changeset in webkit [180993] by fpizlo@apple.com

13 edits in trunk/Source/JavaScriptCore

DFG IR should refer to FunctionExecutables directly and not via the CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=142229

Reviewed by Mark Lam and Benjamin Poulain.

Anytime a DFG IR node refers to something in CodeBlock, it has three effects:

Cumbersome API for accessing the thing that the node refers to.

Not obvious how to create a new such node after bytecode parsing, especially if the thing it refers to isn't already in the CodeBlock. We have done this in the past, but it usually involves subtle changes to CodeBlock.

Not obvious how to inline code that ends up using such nodes. Again, when we have done this, it involved subtle changes to CodeBlock.

Prior to this change, the NewFunction* node types used an index into tables in CodeBlock.
For this reason, those operations were not inlineable. But the functin tables in CodeBlock
just point to FunctionExecutables, which are cells; this means that we can just abstract
these operands in DFG IR as cellOperands. cellOperands use DFG::FrozenValue, which means
that GC registration happens automagically. Even better, our dumping for cellOperand
already did FunctionExecutable dumping - so that functionality gets to be deduplicated.

Because this change increases the number of users of cellOperand, it also adds some
convenience methods for using it. For example, whereas before you'd say things like:

jsCast<Foo*>(node->cellOperand()->value())

you can now just say:

node->castOperand<Foo*>()

This change also changes existing cellOperand users to use the new conveniance API when
applicable.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::jettisonFunctionDeclsAndExprs):

bytecode/CodeBlock.h:
dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

dfg/DFGFrozenValue.h:

(JSC::DFG::FrozenValue::cell):
(JSC::DFG::FrozenValue::dynamicCast):
(JSC::DFG::FrozenValue::cast):

dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::registerFrozenValues):

dfg/DFGNode.h:

(JSC::DFG::Node::hasCellOperand):
(JSC::DFG::Node::castOperand):
(JSC::DFG::Node::hasFunctionDeclIndex): Deleted.
(JSC::DFG::Node::functionDeclIndex): Deleted.
(JSC::DFG::Node::hasFunctionExprIndex): Deleted.
(JSC::DFG::Node::functionExprIndex): Deleted.

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
(JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGWatchpointCollectionPhase.cpp:

(JSC::DFG::WatchpointCollectionPhase::handle):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileCheckCell):
(JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):

9:33 PM Changeset in webkit [180992] by msaboff@apple.com

5 edits
2 adds in trunk/Source/JavaScriptCore

DelayedReleaseScope drops locks during GC which can cause a thread switch and code reentry
https://bugs.webkit.org/show_bug.cgi?id=141275

Reviewed by Geoffrey Garen.

The original issue is that the CodeCache uses an unsafe method to add new UnlinkedCodeBlocks.
It basically adds a null UnlinkedCodeBlock if there isn't a cached entry and then later
updates the null entry to the result of the compilation. If during that compilation and
related processing we need to garbage collect, the DelayedReleaseScope would drop locks
possibly allowing another thread to try to get the same source out of the CodeCache.
This second thread would find the null entry and crash. The fix is to move the processing of
DelayedReleaseScope to when we drop locks and not drop locks during GC. That was done in
the original patch with the new function releaseDelayedReleasedObjects().

Updated releaseDelayedReleasedObjects() so that objects are released with all locks
dropped. Now its processing follows these steps

Increment recursion counter and do recursion check and exit if recursing
While there are objects to release

ASSERT that lock is held by current thread
Take all items from delayed release Vector and put into temporary Vector
Release API lock
Release and clear items from temporary vector
Reaquire API lock

This meets the requirement that we release while the API lock is released and it is
safer processing of the delayed release Vector.

Added new regression test to testapi.

Also added comment describing how recursion into releaseDelayedReleasedObjects() is
prevented.

API/tests/Regress141275.h: Added.
API/tests/Regress141275.mm: Added.

(+[JSTEvaluatorTask evaluatorTaskWithEvaluateBlock:completionHandler:]):
(-[JSTEvaluator init]):
(-[JSTEvaluator initWithScript:]):
(-[JSTEvaluator _accessPendingTasksWithBlock:]):
(-[JSTEvaluator insertSignPostWithCompletion:]):
(-[JSTEvaluator evaluateScript:completion:]):
(-[JSTEvaluator evaluateBlock:completion:]):
(-[JSTEvaluator waitForTasksDoneAndReportResults]):
(JSTRunLoopSourceScheduleCallBack):
(JSTRunLoopSourcePerformCallBack):
(JSTRunLoopSourceCancelCallBack):
(-[JSTEvaluator _jsThreadMain]):
(-[JSTEvaluator _sourceScheduledOnRunLoop:]):
(-[JSTEvaluator _setupEvaluatorThreadContextIfNeeded]):
(-[JSTEvaluator _callCompletionHandler:ifNeededWithError:]):
(-[JSTEvaluator _sourcePerform]):
(-[JSTEvaluator _sourceCanceledOnRunLoop:]):
(runRegress141275):

API/tests/testapi.mm:

(testObjectiveCAPI):

JavaScriptCore.xcodeproj/project.pbxproj:
heap/Heap.cpp:

(JSC::Heap::releaseDelayedReleasedObjects):

runtime/JSLock.cpp:

(JSC::JSLock::unlock):

9:31 PM Changeset in webkit [180991] by Simon Fraser

2 edits in trunk/LayoutTests

Mark fast/css/object-fit/object-fit-canvas.html as a flakey
image failure, since it keeps breaking EWS.

platform/mac/TestExpectations:

9:29 PM Changeset in webkit [180990] by Brent Fulgham

6 edits in trunk

[Win] [Attachment] New Tests fail on Windows
https://bugs.webkit.org/show_bug.cgi?id=142017

WebKitLibraries:

Unreviewed test fix. Just activate the feature.

win/tools/vsprops/FeatureDefines.props:
win/tools/vsprops/FeatureDefinesCairo.props:

LayoutTests:

Unreviewed. Rebaseline tests for Windows display metrics.

platform/win/fast/attachment/attachment-disabled-rendering-expected.txt:
platform/win/fast/attachment/attachment-rendering-expected.txt:

9:26 PM Changeset in webkit [180989] by fpizlo@apple.com

19 edits
3 adds in trunk/Source/JavaScriptCore

DFG should constant fold GetScope, and accesses to the scope register in the ByteCodeParser should not pretend that it's a constant as that breaks OSR exit liveness tracking
https://bugs.webkit.org/show_bug.cgi?id=106202

Rubber stamped by Benjamin Poulain.

This fixes a bug discovered by working on https://bugs.webkit.org/show_bug.cgi?id=142229,
which was in turn discovered by working on https://bugs.webkit.org/show_bug.cgi?id=141174.
Our way of dealing with scopes known to be constant is very sketchy, and only really works
when a function is inlined. When it is, we pretend that every load of the scopeRegister sees
a constant. But this breaks the DFG's tracking of the liveness of the scopeRegister. The way
this worked made us miss oppportunities for optimizing based on a constant scope, and it also
meant that in some cases - particularly like when we inline code that uses NewFuction and
friends, as I do in bug 142229 - it makes OSR exit think that the scope is dead even though
it's most definitely alive and it's a constant.

The problem here is that we were doing too many optimizations in the ByteCodeParser, and not
later. Later optimization phases know how to preserve OSR exit liveness. They're actually
really good at it. Also, later phases know how to infer that any variable is a constant no
matter how that constant arose - rather than the inlining-specific thing in ByteCodeParser.

This changes the ByteCodeParser to largely avoid doing constant folding on the scope, except
making the GetScope operation itself a constant. This is a compilation-time hack for small
functions, and it doesn't break the loads of local variables - so OSR exit liveness still
sees that the scopeRegister is in use. This then adds a vastly more powerful GetScope and
GetClosureVar constant folder in the AbstractInterpreter. This handles most general cases
including those that arise in complex control flow. This will catch cases where the scope
is constant for any number of reasons. Basically anytime that the callee is inferred constant
this will give us a constant scope. Also, we still have the parse-time constant folding of
ResolveScope based on the reentry watchpoint, which luckily did the right thing with respect
to OSR exit liveness (it splats a Phantom on its inputs, and it produces a constant result
which is then set() normally).

This appears to be a broad speed-up, albeit a small one. But mainly it unblocks bug 142229,
which then should unblock bug 141174.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::parse):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGGraph.cpp:

(JSC::DFG::Graph::tryGetConstantClosureVar):
(JSC::DFG::Graph::tryGetRegisters):
(JSC::DFG::Graph::tryGetActivation): Deleted.

dfg/DFGGraph.h:
dfg/DFGNode.h:

(JSC::DFG::Node::hasVariableWatchpointSet):
(JSC::DFG::Node::hasSymbolTable): Deleted.
(JSC::DFG::Node::symbolTable): Deleted.

dfg/DFGNodeType.h:
dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGWatchpointCollectionPhase.cpp:

(JSC::DFG::WatchpointCollectionPhase::handle):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileGetClosureVar):

runtime/SymbolTable.cpp:

(JSC::SymbolTable::visitChildren):
(JSC::SymbolTable::localToEntry):
(JSC::SymbolTable::entryFor):

runtime/SymbolTable.h:

(JSC::SymbolTable::add):
(JSC::SymbolTable::set):

tests/stress/function-expression-exit.js: Added.
tests/stress/function-reentry-infer-on-self.js: Added.

(thingy):

tests/stress/goofy-function-reentry-incorrect-inference.js: Added.

9:25 PM Changeset in webkit [180988] by shiva.jm@samsung.com

2 edits in trunk/Source/WebKit2

Fix build warning in WebKit2/Shared module.
https://bugs.webkit.org/show_bug.cgi?id=142213

Reviewed by Simon Fraser.

Fix build warning by removing argument name from function.

Shared/WebCoreArgumentCoders.cpp:

(IPC::pathPointCountApplierFunction):

8:56 PM Changeset in webkit [180987] by Brent Fulgham

6 edits in trunk/Source/WebCore

Scroll snap points are not supported on the main frame
https://bugs.webkit.org/show_bug.cgi?id=141973
<rdar://problem/19938393>

Reviewed by Simon Fraser.

No new tests. Tests will be added when the animation behavior is finalized. Manual tests are attached to the bug.

Update the ScrollingTreeFrameScrollingNodeMac class to implement the delegate interface needed by the
ScrollController. This involves the following:

Implement scrollOffsetOnAxis: Used by the AxisScrollAnimator to determine the current position of the ScrollableArea.
Implement immediateScrollOnAxis: Used by the AxisScrollAnimator to scroll the ScrollableArea

We also need to hold a copy of the snap points vector to send to the scrolling thread.

page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:

(WebCore::convertToLayoutUnits): Added helper function to match Scroll Snap Points API.
(WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren): Recognize and react to changes to
Scroll Snap Points on top-level frames.
(WebCore::ScrollingTreeFrameScrollingNodeMac::scrollOffsetOnAxis): Implement delegate method needed by the ScrollController.
(WebCore::ScrollingTreeFrameScrollingNodeMac::immediateScrollOnAxis): Ditto.

platform/cocoa/ScrollController.h:
platform/cocoa/ScrollController.mm:

(WebCore::ScrollController::updateScrollAnimatorsAndTimers): Pass snap offsets to AxisScrollSnapAnimator constructor as references.
(WebCore::ScrollController::updateScrollSnapPoints): Added. Used by ScrollingTreeFrameScrollingNodeMac to update scroll snap point
settings in the scrolling thread.

platform/mac/AxisScrollSnapAnimator.h:
platform/mac/AxisScrollSnapAnimator.mm:

(WebCore::toWheelEventStatus): Don't ignore the "MayBegin" or "Cancelled" event phases.
(WebCore::AxisScrollSnapAnimator::AxisScrollSnapAnimator): Revise signature to take a reference to the layout units.
(WebCore::AxisScrollSnapAnimator::scrollSnapAnimationUpdate): Handle the case where this method gets called from a thread
when the scrollable area has already reached its final destination.
(WebCore::AxisScrollSnapAnimator::beginScrollSnapAnimation): Handle the possibility that the snap offset point vector might be
empty. Update method to account for m_snapOffsets being a value, instead of a pointer.

8:47 PM Changeset in webkit [180986] by Stephanie Lewis

2 edits in trunk/LayoutTests

Update TestExpectations after http://trac.webkit.org/changeset/180965 to skip new test on Mavericks.

Unreviewed.

platform/mac/TestExpectations:

7:36 PM Changeset in webkit [180985] by aestes@apple.com

21 edits
1 copy
1 move in trunk/Source

[Content Filtering] Separate unblock handling into its own class
https://bugs.webkit.org/show_bug.cgi?id=142251

Reviewed by Andreas Kling.
Source/WebCore:

Unblock handling is currently supported only for one type of content filter (WebFilterEvaluator) on one
platform (iOS). Having its implementation in ContentFilter is making it difficult to support other filters and
platforms, so let's separate unblock handling into its own class called ContentFilterUnblockHandler.

WebCore.xcodeproj/project.pbxproj:
loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::finishedLoading): Passed a ContentFilterUnblockHandler to FrameLoaderClient::contentFilterDidBlockLoad.
(WebCore::DocumentLoader::dataReceived): Ditto.

loader/FrameLoaderClient.h:
platform/ContentFilter.h:
platform/ContentFilterUnblockHandler.h: Copied from Source/WebCore/platform/ios/ContentFilterIOS.mm.

(WebCore::ContentFilterUnblockHandler::clear):

platform/cocoa/ContentFilterUnblockHandlerCocoa.mm: Renamed from Source/WebCore/platform/ios/ContentFilterIOS.mm.

(WebCore::ContentFilterUnblockHandler::ContentFilterUnblockHandler):
(WebCore::ContentFilterUnblockHandler::encode):
(WebCore::ContentFilterUnblockHandler::decode):
(WebCore::scheme):
(WebCore::ContentFilterUnblockHandler::handleUnblockRequestAndDispatchIfSuccessful):

platform/mac/ContentFilterMac.mm:

(WebCore::ContentFilter::unblockHandler):
(WebCore::ContentFilter::ContentFilter): Deleted.
(WebCore::ContentFilter::encode): Deleted.
(WebCore::ContentFilter::decode): Deleted.

Source/WebKit/mac:

Adopted ContentFilterUnblockHandler.

WebCoreSupport/WebFrameLoaderClient.h:
WebCoreSupport/WebFrameLoaderClient.mm:

(WebFrameLoaderClient::dispatchDidStartProvisionalLoad):

WebView/WebFrame.mm:

(-[WebFrame _contentFilterDidHandleNavigationAction:]):

WebView/WebFrameInternal.h:

Source/WebKit2:

Adopted ContentFilterUnblockHandler.

Shared/WebCoreArgumentCoders.h:
Shared/mac/WebCoreArgumentCodersMac.mm:

(IPC::ArgumentCoder<ContentFilterUnblockHandler>::encode):
(IPC::ArgumentCoder<ContentFilterUnblockHandler>::decode):
(IPC::ArgumentCoder<ContentFilter>::encode): Deleted.
(IPC::ArgumentCoder<ContentFilter>::decode): Deleted.

UIProcess/Cocoa/WebPageProxyCocoa.mm:

(WebKit::WebPageProxy::contentFilterDidBlockLoadForFrame):

UIProcess/WebFrameProxy.cpp:

(WebKit::WebFrameProxy::didStartProvisionalLoad):
(WebKit::WebFrameProxy::contentFilterDidHandleNavigationAction):

UIProcess/WebFrameProxy.h:

(WebKit::WebFrameProxy::setContentFilterUnblockHandler):
(WebKit::WebFrameProxy::setContentFilterForBlockedLoad): Deleted.

UIProcess/WebPageProxy.h:
UIProcess/WebPageProxy.messages.in:
WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::contentFilterDidBlockLoad):

WebProcess/WebCoreSupport/WebFrameLoaderClient.h:

7:33 PM Changeset in webkit [180984] by ap@apple.com

4 edits in trunk

[Mac] Track localized name follows locale instead of primary language
https://bugs.webkit.org/show_bug.cgi?id=142242
rdar://problem/20000365

Reviewed by Eric Carlson.

Source/WebCore:

page/CaptionUserPreferencesMediaAF.cpp: (WebCore::trackDisplayName): Use the

language for localization, as CFBundle does.

LayoutTests:

platform/mac/media/video-controls-captions-trackmenu-sorted-expected.txt: This

test now successfully switches to Japanese, as originally intended.

6:51 PM Changeset in webkit [180983] by ddkilzer@apple.com

2 edits in trunk/Tools

[iOS] Crash logs can't be found on ios-simulator because WebKitTestRunner returns the wrong process name
<http://webkit.org/b/142243>

Reviewed by Alexey Proskuryakov.

WebKitTestRunner/TestController.cpp:

(WTR::TestController::webProcessName):
(WTR::TestController::networkProcessName):

Return the same process name on iOS and Mac because they both use the same process name for local engineering builds.

6:51 PM Changeset in webkit [180982] by Chris Dumez

2 edits in trunk/Source/WebKit2

[WK2] Fix memory leak in _getCookieHeadersForTask
https://bugs.webkit.org/show_bug.cgi?id=142245

Reviewed by Alexey Proskuryakov.

Fix memory leak in _getCookieHeadersForTask. We are leaking the CFDictionary
returned by webKitCookieStorageCopyRequestHeaderFieldsForURL().

This patch addresses the issue by storing the return CFDictionary in a
RetainPtr<CFDictionaryRef>.

Shared/mac/CookieStorageShim.mm:

(-[WKNSURLSessionLocal _getCookieHeadersForTask:completionHandler:]):

6:47 PM Changeset in webkit [180981] by ddkilzer@apple.com

3 edits in trunk/Tools

check-webkit-style: Add exception for FrameworkSoftLink.h header order
<http://webkit.org/b/141872>

Reviewed by Alex Christensen.

Scripts/webkitpy/style/checkers/cpp.py: Remove unneeded

semi-colons in various places and fix whitespace.
(_IncludeState): Add _SOFT_LINK_HEADER and _SOFT_LINK_SECTION
constants.
(_IncludeState.init): Add self._visited_soft_link_section
boolean state variable.
(_IncludeState.visited_soft_link_section): Getter for
self._visited_soft_link_section.
(_IncludeState.check_next_include_order): Update state machine
for soft-link headers. Add check that soft-link headers always
appear last.
(_classify_include): Add check for soft-link header type.
(check_include_line): Return early if there is a soft-link
header error.

Scripts/webkitpy/style/checkers/cpp_unittest.py:

(OrderOfIncludesTest.test_public_primary_header): Add tests for
including soft-link headers.
(OrderOfIncludesTest.test_classify_include): Add test for
_SOFT_LINK_HEADER type.

6:37 PM Changeset in webkit [180980] by bshafiei@apple.com

5 edits in branches/safari-600.1.4.15-branch/Source

Versioning.

6:09 PM Changeset in webkit [180979] by achristensen@apple.com

2 edits in trunk/Source/WebCore

[Win] Unreviewed build fix.

WebCore.vcxproj/WebCoreIncludeCommon.props:

Include contentextensions subdirectory.

5:57 PM Changeset in webkit [180978] by achristensen@apple.com

12 edits
4 adds in trunk

Prepare to use CSS selectors in content extensions.
https://bugs.webkit.org/show_bug.cgi?id=142227

Reviewed by Benjamin Poulain.

Source/WebCore:

Test: http/tests/usercontentfilter/css-display-none.html

CMakeLists.txt:
WebCore.xcodeproj/project.pbxproj:
contentextensions/ContentExtensionActions.h: Added.
contentextensions/ContentExtensionRule.cpp:

(WebCore::ContentExtensions::Action::deserialize):

contentextensions/ContentExtensionRule.h:

(WebCore::ContentExtensions::Action::Action):
(WebCore::ContentExtensions::Action::type):
(WebCore::ContentExtensions::Action::cssSelector):

contentextensions/ContentExtensionsBackend.cpp:

(WebCore::ContentExtensions::ContentExtensionsBackend::serializeActions):
Put action descriptions into a compact format in a Vector
to be able to be put into one block of shared read-only memory.
(WebCore::ContentExtensions::ContentExtensionsBackend::setRuleList):
Put an index of the beginning of the description into the NFA instead of the index of the rule
because we will be sharing the descriptions of the actions and not the rules.
(WebCore::ContentExtensions::ContentExtensionsBackend::actionsForURL):
(WebCore::ContentExtensions::ContentExtensionsBackend::actionForURL): Deleted.
Return a vector of actions to be able to do multiple actions for one URL.

contentextensions/ContentExtensionsBackend.h:
contentextensions/ContentExtensionsManager.cpp:

(WebCore::ContentExtensions::ExtensionsManager::loadTrigger):
(WebCore::ContentExtensions::ExtensionsManager::loadAction):
Added the css-display-none action type, which requires a selector.
(WebCore::ContentExtensions::ExtensionsManager::loadRule):

loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):

page/UserContentController.cpp:

(WebCore::UserContentController::actionsForURL):
(WebCore::UserContentController::actionForURL): Deleted.

page/UserContentController.h:

LayoutTests:

http/tests/usercontentfilter/css-display-none-expected.txt: Added.
http/tests/usercontentfilter/css-display-none.html: Added.
http/tests/usercontentfilter/css-display-none.html.json: Added.

5:55 PM Changeset in webkit [180977] by Brian Burg

2 edits in trunk/Source/WebInspectorUI

Web Inspector: selecting overview timeline tree elements without source locations doesn't update selection components
https://bugs.webkit.org/show_bug.cgi?id=142248

Reviewed by Timothy Hatcher.

Add a missing event dispatch to trigger recalculation of path components when showing the overview timeline view.

UserInterface/Views/OverviewTimelineView.js:

(WebInspector.OverviewTimelineView.prototype._treeElementSelected):

5:51 PM Changeset in webkit [180976] by Brent Fulgham

1 edit
1 add in trunk/LayoutTests

[Win] Add baseline for new legacy-event-handler test.

platform/win/fast/dom/legacy-event-handler-attributes-expected.txt: Added.

5:46 PM Changeset in webkit [180975] by timothy_horton@apple.com

1 edit
2 adds in trunk/LayoutTests

<attachment> label can get very wide, doesn't wrap/truncate
https://bugs.webkit.org/show_bug.cgi?id=142214
<rdar://problem/19982499>

fast/attachment/attachment-label-highlight-expected.png: Added.
fast/attachment/attachment-label-highlight-expected.txt: Added.

Add (empty) platform independent baselines.

5:36 PM Changeset in webkit [180974] by Brent Fulgham

12 edits
2 moves
2 adds in trunk

Move scroll animating functions from ScrollAnimator to ScrollController
https://bugs.webkit.org/show_bug.cgi?id=142102
<rdar://problem/20007161>

Reviewed by Simon Fraser.

Source/WebCore:

Tested by platform/mac-wk2/tiled-drawing/scrolling/fast-scroll-mainframe-zoom.html.

Do some refactoring of the various scrolling classes:

Consolidate animation times to RunLoop::Timer instead of a combination of WebCore::Timer and CFRunLoopTimers. Do this for Scroll Snap Point and Rubberband animations.
Move ScrollController from platform/mac to platform/cocoa to enable sharing with iOS.
Move code from ScrollAnimator{Mac} -> ScrollController.
Rename scrollOffsetInAxis -> scrollOffsetOnAxis
Rename immediateScrollInAxis -> immediateScrollOnAxis

WebCore.xcodeproj/project.pbxproj: Move ScrollController to 'platform/cocoa'
page/mac/EventHandlerMac.mm: Make sure the scroll controller is notified of end-of-scroll

events, just as is done for the "event not handled" case in EventHandler.cpp.
(WebCore::EventHandler::platformCompleteWheelEvent):

page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h: Remove timer and some delegate

methods, now that ScrollController is controlling this state.

page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:

(WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac): We no longer
need to clean up the CFRunLoopTimer.
(WebCore::ScrollingTreeFrameScrollingNodeMac::stopSnapRubberbandTimer): Make sure scroll
state is updated after rubber band snap.
(WebCore::ScrollingTreeFrameScrollingNodeMac::scrollOffsetOnAxis): Add temporary stub needed
until Bug1973 is completed.).
(WebCore::ScrollingTreeFrameScrollingNodeMac::immediateScrollOnAxis): Ditto.
(WebCore::ScrollingTreeFrameScrollingNodeMac::startSnapRubberbandTimer): Deleted.

platform/ScrollAnimator.cpp:

(WebCore::ScrollAnimator::ScrollAnimator):
(WebCore::ScrollAnimator::processWheelEventForScrollSnap): Just call the ScrollController method.
(WebCore::ScrollAnimator::handleWheelEvent): Ditto.
(WebCore::ScrollAnimator::updateScrollAnimatorsAndTimers): Ditto.
(WebCore::ScrollAnimator::scrollOffsetOnAxis): Renamed from scrollOffsetInAxis.
(WebCore::ScrollAnimator::immediateScrollOnAxis): Renamed from immediateScrollInAxis.
(WebCore::ScrollAnimator::scrollOffsetInAxis): Deleted.
(WebCore::ScrollAnimator::immediateScrollInAxis): Deleted.
(WebCore::ScrollAnimator::startScrollSnapTimer): Deleted.
(WebCore::ScrollAnimator::stopScrollSnapTimer): Deleted.
(WebCore::ScrollAnimator::horizontalScrollSnapTimerFired): Deleted.
(WebCore::ScrollAnimator::verticalScrollSnapTimerFired): Deleted.

platform/ScrollAnimator.h:
platform/cocoa/ScrollController.h: Copied from platform/mac/ScrollController.h.

(WebCore::ScrollControllerClient::startSnapRubberbandTimer):
(WebCore::ScrollControllerClient::stopSnapRubberbandTimer):
(WebCore::ScrollControllerClient::startScrollSnapTimer):
(WebCore::ScrollControllerClient::stopScrollSnapTimer):

platform/cocoa/ScrollController.mm: Copied from platform/mac/ScrollController.mm.

(WebCore::ScrollController::ScrollController): Update to initialize new timers.
(WebCore::ScrollController::handleWheelEvent): Update to handle Scroll Snap Point events.
(WebCore::ScrollController::startSnapRubberbandTimer): Added.
(WebCore::ScrollController::stopSnapRubberbandTimer): Manage animation timers locally, do not
require client to maintain timers.
(WebCore::ScrollController::snapRubberBand): Ditto.
(WebCore::ScrollController::processWheelEventForScrollSnap): Added. (Moved from ScrollAnimatorMac)
(WebCore::ScrollController::updateScrollAnimatorsAndTimers): Ditto. Also updated to use RunLoop::Timer.
(WebCore::ScrollController::startScrollSnapTimer): Ditto. Also updated to use RunLoop::Timer.
(WebCore::ScrollController::stopScrollSnapTimer): Ditto. Also updated to use RunLoop::Timer.
(WebCore::ScrollController::horizontalScrollSnapTimerFired): Ditto.
(WebCore::ScrollController::verticalScrollSnapTimerFired): Ditto.
(WebCore::ScrollController::scrollOffsetOnAxis): Moved from ScrollAnimatorMac.
(WebCore::ScrollController::immediateScrollOnAxis): Ditto.

platform/mac/AxisScrollSnapAnimator.h: Rename methods from 'InAxis' to 'OnAxis'
platform/mac/AxisScrollSnapAnimator.mm:

(WebCore::AxisScrollSnapAnimator::handleWheelEvent): Update for 'InAxis' to 'OnAxis' renaming.
(WebCore::AxisScrollSnapAnimator::scrollSnapAnimationUpdate): Ditto.
(WebCore::AxisScrollSnapAnimator::beginScrollSnapAnimation): Ditto.
(WebCore::AxisScrollSnapAnimator::computeSnapDelta): Ditto.
(WebCore::AxisScrollSnapAnimator::computeGlideDelta): Ditto.

platform/mac/ScrollAnimatorMac.h:
platform/mac/ScrollAnimatorMac.mm:

(WebCore::ScrollAnimatorMac::ScrollAnimatorMac): Remove unused Rubberband timers (now that this is
controlled in the ScrollController)
(WebCore::ScrollAnimatorMac::startSnapRubberbandTimer): Deleted.
(WebCore::ScrollAnimatorMac::stopSnapRubberbandTimer): Deleted.
(WebCore::ScrollAnimatorMac::snapRubberBandTimerFired): Deleted.

platform/mac/ScrollController.h: Removed.
platform/mac/ScrollController.mm: Removed.

LayoutTests:

Add a new test that confirms that rubberband snap animations work properly when combined
with text zooming.

platform/mac-wk2/tiled-drawing/scrolling/fast-scroll-mainframe-zoom-expected.txt: Added.
platform/mac-wk2/tiled-drawing/scrolling/fast-scroll-mainframe-zoom.html: Added.

5:32 PM Changeset in webkit [180973] by bshafiei@apple.com

1 copy in tags/Safari-600.1.4.15.10

New tag.

5:31 PM Changeset in webkit [180972] by bshafiei@apple.com

2 edits in tags/Safari-601.1.20.1/Source/WebKit2

Merged r180967. rdar://problem/19933387

5:25 PM Changeset in webkit [180971] by bshafiei@apple.com

2 edits in branches/safari-600.1.4.15-branch/Source/WebKit2

Merged r180967. rdar://problem/19953432

5:19 PM Changeset in webkit [180970] by bshafiei@apple.com

5 edits in tags/Safari-601.1.20.1/Source

Versioning.

5:17 PM Changeset in webkit [180969] by bshafiei@apple.com

1 copy in tags/Safari-601.1.20.1

New tag.

5:15 PM Changeset in webkit [180968] by andersca@apple.com

7 edits
2 deletes in trunk/Source

Remove unused compression code
https://bugs.webkit.org/show_bug.cgi?id=142237

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

bytecode/UnlinkedCodeBlock.h:

Source/WTF:

WTF.vcxproj/WTF.vcxproj:
WTF.vcxproj/WTF.vcxproj.filters:
WTF.xcodeproj/project.pbxproj:
wtf/CMakeLists.txt:
wtf/Compression.cpp: Removed.
wtf/Compression.h: Removed.

5:14 PM Changeset in webkit [180967] by enrica@apple.com

2 edits in trunk/Source/WebKit2

Incomplete dictation results in text fields in a web page.
https://bugs.webkit.org/show_bug.cgi?id=142240
rdar://problem/19953432

Reviewed by Tim Horton.

The empty stub for insertDictationResult:withCorrectionIdentifier
must be removed. This way UIKit will call insertText and do the right thing.

UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView insertDictationResult:withCorrectionIdentifier:]): Deleted.

5:03 PM Changeset in webkit [180966] by commit-queue@webkit.org

6 edits
6 deletes in trunk

Unreviewed, rolling out r180683.
https://bugs.webkit.org/show_bug.cgi?id=142249

Broke fast/css/acid2-pixel.html (Requested by ap on #webkit).

Reverted changeset:

"Setting any of the <object> element plugin controlling
attributes does not have any affect."
https://bugs.webkit.org/show_bug.cgi?id=141936
http://trac.webkit.org/changeset/180683

4:39 PM Changeset in webkit [180965] by dino@apple.com

19 edits
2 adds in trunk

Controls panel should have system blurry background
https://bugs.webkit.org/show_bug.cgi?id=142154
<rdar://problem/20000964>

Reviewed by Simon Fraser.

Source/WebCore:

In order to replicate the system style of media controls
on OS X and iOS, we need to expose a special -webkit-appearance.
This patch adds the new property value, and implements
the iOS part of the appearance, which is a blurry shaded
background.

Test: compositing/media-controls-bar-appearance.html

css/CSSPrimitiveValueMappings.h:

(WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Map the new
keywords from ControlParts.

css/CSSValueKeywords.in: Add media-controls-light-bar-background

and media-controls-dark-bar-background. Darin suggested they
be sorted, so I did this at the same time.

platform/ThemeTypes.h: New ControlParts for the values, and

sort the values since they need to be in sync with
CSSValueKeywords.in.

platform/graphics/GraphicsLayer.h: Expose two new custom appearance

values.

platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::GraphicsLayerCA):
(WebCore::layerTypeForCustomBackdropAppearance): Helper function.
(WebCore::isCustomBackdropLayerType): Ditto.
(WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers): Merge setting
a system backdrop layer in with the code that swaps to/from tiled layers.
(WebCore::GraphicsLayerCA::changeLayerTypeTo): New method that does what
swapFromOrToTiledLayer implemented, but also allows us to change to a
system backdrop layer.
(WebCore::GraphicsLayerCA::swapFromOrToTiledLayer): Deleted.

platform/graphics/ca/GraphicsLayerCA.h:

platform/graphics/ca/PlatformCALayer.h: New layer types.
platform/graphics/ca/mac/PlatformCALayerMac.mm: For now expose these

as regular backdrop layers.
(PlatformCALayerMac::PlatformCALayerMac):
(PlatformCALayerMac::updateCustomAppearance):

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): Make sure to update
custom appearance,
(WebCore::RenderLayerBacking::updateCustomAppearance): New method.

rendering/RenderLayerBacking.h:

Source/WebKit2:

Shared/mac/RemoteLayerBackingStore.mm:

(WebKit::RemoteLayerBackingStore::drawInContext): Add entries for
the new layer types, even though they are not correct yet.

Shared/mac/RemoteLayerTreePropertyApplier.mm:

(WebKit::updateCustomAppearance):
(WebKit::RemoteLayerTreePropertyApplier::applyProperties): UIBackdropViews
have a defined hierarchy that we don't create. We need to make sure we add our
children to the right subview.

Shared/mac/RemoteLayerTreeTransaction.mm:

(WebKit::RemoteLayerTreeTransaction::description): Logging.

UIProcess/ios/RemoteLayerTreeHostIOS.mm: Rename existing WKBackdropView

to WKSimpleBackdropView, and add a new WKBackdropView that inherits
from UIBackdropView.
(-[WKBackdropView hitTest:withEvent:]):
(-[WKBackdropView description]):
(WebKit::RemoteLayerTreeHost::createLayer): Handle the new LayerTypes.

UIProcess/mac/RemoteLayerTreeHost.mm:

(WebKit::RemoteLayerTreeHost::createLayer):

LayoutTests:

Make sure content with a -webkit-appearance of
media-controls-light-bar-background or
media-controls-dark-bar-background doesn't get composited
unless explicitly requested. This avoids a
performance hit for a rarely used feature.

compositing/media-controls-bar-appearance-expected.txt: Added.
compositing/media-controls-bar-appearance.html: Added.

4:30 PM Changeset in webkit [180964] by ggaren@apple.com

2 edits in trunk/Source/bmalloc

bmalloc: Don't branch when setting the owner of a large object
https://bugs.webkit.org/show_bug.cgi?id=142241

Reviewed by Andreas Kling.

bmalloc/BoundaryTag.h:

(bmalloc::BoundaryTag::owner):
(bmalloc::BoundaryTag::setOwner):

4:10 PM Changeset in webkit [180963] by Chris Dumez

21 edits in trunk/Source

Access ApplicationCacheStorage global instance via singleton() static member function
https://bugs.webkit.org/show_bug.cgi?id=142239

Reviewed by Anders Carlsson.

Access ApplicationCacheStorage global instance via singleton() static
member function as per WebKit coding style.

4:08 PM Changeset in webkit [180962] by Joseph Pecoraro

2 edits in trunk/Source/WebKit2

Build Fix: Add fall back handling in postprocess script for missing/unknown platform name.

Rubber-stamped by David Kilzer.

mac/postprocess-framework-headers.sh:

3:36 PM Changeset in webkit [180961] by enrica@apple.com

2 edits in trunk/Source/WebKit2

Build fix for iOS.

Unreviewed.

UIProcess/ios/WKContentViewInteraction.mm: Adding forward declaration.

3:27 PM Changeset in webkit [180960] by ggaren@apple.com

3 edits in trunk/Source/bmalloc

bmalloc should implement malloc introspection (to stop false-positive leaks when MallocStackLogging is off)
https://bugs.webkit.org/show_bug.cgi?id=141802

Reviewed by Andreas Kling.

Re-enabled this feature on iOS, now that the iOS crash should be fixed.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow):

bmalloc/VMHeap.h:

3:22 PM Changeset in webkit [180959] by ap@apple.com

6 edits in trunk/Tools

build.webkit.org/dashboard: Don't repeatedly handle each test type
https://bugs.webkit.org/show_bug.cgi?id=142211

Reviewed by Tim Horton and Matt Hanson.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/Buildbot.js:

(Buildbot.prototype.javascriptTestResultsURLForIteration): Deleted.
(Buildbot.prototype.apiTestResultsURLForIteration): Deleted.
(Buildbot.prototype.platformAPITestResultsURLForIteration): Deleted.
(Buildbot.prototype.webkitpyTestResultsURLForIteration): Deleted.
(Buildbot.prototype.webkitperlTestResultsURLForIteration): Deleted.
(Buildbot.prototype.bindingsTestResultsURLForIteration): Deleted.
Removed functions that build a link to test step results. The buildbot provides
these links in JSON.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotIteration.js:

(BuildbotIteration): Put failing tests into an array, instead of named variables.
(BuildbotIteration.ProductiveSteps): Removed step names that are not used on build.webkit.org.
We can easily add them to the map as needed.
(BuildbotIteration.TestSteps): Added a list of test steps to be displayed by test queues.
(BuildbotIteration.prototype._parseData): Moved code for parsing step results away
to BuildbotTestResults class. We used to parse here, build an intermediate data structure,
and then build a BuildbotTestResults object, which was strange.
(BuildbotIteration.prototype.loadLayoutTestResults): Ditto.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotQueueView.js:

Corrected an unrelated assertion that was buggy, and kept firing.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTestResults.js:

(BuildbotTestResults):
(BuildbotTestResults.prototype._parseResults.resultSummarizer):
(BuildbotTestResults.prototype._parseResults):
(BuildbotTestResults.prototype.addFullLayoutTestResults):
Moved the code for parsing JSON results for a single step here.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTesterQueueView.js:

(BuildbotTesterQueueView.prototype._testStepFailureDescription):
(BuildbotTesterQueueView.prototype._testStepFailureDescriptionWithCount):
(BuildbotTesterQueueView.prototype._presentPopoverForGenericTestFailures):
(BuildbotTesterQueueView.prototype.update.appendBuilderQueueStatus): Deleted.
(BuildbotTesterQueueView.prototype.update): Deleted.
(BuildbotTesterQueueView.prototype._presentPopoverForMultipleFailureKinds): Deleted.
Updated for the new data structures. One behavior change is that we now display individual
counts when multiple test kinds fail, e.g. "1Â javascript test failure, 83+Â layout
test failures, 3Â platform api test failures".

2:45 PM Changeset in webkit [180958] by ggaren@apple.com

3 edits in trunk/Source/bmalloc

bmalloc: Added missing features to the malloc zone introspection API
https://bugs.webkit.org/show_bug.cgi?id=142235

Reviewed by Andreas Kling.

This should fix the crash we saw on the iOS PLT bot
(c.f. http://trac.webkit.org/changeset/180604).

bmalloc/Zone.cpp:

(bmalloc::good_size):
(bmalloc::check):
(bmalloc::print):
(bmalloc::log):
(bmalloc::force_lock):
(bmalloc::force_unlock):
(bmalloc::statistics):
(bmalloc::size):
(bmalloc::enumerator): Provide all of these functions since they are called
indiscriminately on all zones.

(bmalloc::Zone::Zone):
(bmalloc::Zone::size): Deleted.
(bmalloc::Zone::enumerator): Deleted. Moved these functions out of the
Zone class since they can stand alone.

bmalloc/Zone.h:

2:43 PM Changeset in webkit [180957] by commit-queue@webkit.org

2 edits
2 adds
1 delete in trunk

Convert ManualTests/svg-tooltip.svg to a DRT test
https://bugs.webkit.org/show_bug.cgi?id=140480

Patch by Daniel Bates <dabates@apple.com> on 2015-03-03
Reviewed by Alex Christensen.

ManualTests/svg-tooltip.svg: Removed.

LayoutTests:

svg/hittest/svg-tooltip-expected.txt: Added.
svg/hittest/svg-tooltip.svg: Added.

2:35 PM Changeset in webkit [180956] by fpizlo@apple.com

4 edits in trunk/Source/JavaScriptCore

JIT debugging features that selectively disable the JITs for code blocks need to stay out of the way of the critical path of JIT management
https://bugs.webkit.org/show_bug.cgi?id=142234

Reviewed by Mark Lam and Benjamin Poulain.

Long ago, we used to selectively disable compilation of CodeBlocks for debugging purposes by
adding hacks to DFGDriver.cpp. This was all well and good. It used the existing
CompilationFailed mode of the DFG driver to signal failure of CodeBlocks that we didn't want
to compile. That's great because CompilationFailed is a well-supported return value on the
critical path, usually used for when we run out of JIT memory.

Later, this was moved into DFGCapabilities. This was basically incorrect. It introduced a bug
where disabling compiling of a CodeBlock meant that we stopped inlining it as well. So if
you had a compiler bug that arose if foo was inlined into bar, and you bisected down to bar,
then foo would no longer get inlined and you wouldn't see the bug. That's busted.

So then we changed the code in DFGCapabilities to mark bar as CanCompile and foo as
CanInline. Now, foo wouldn't get compiled alone but it would get inlined.

But then we removed CanCompile because that capability mode only existed for the purpose of
our old varargs hacks. After that removal, "CanInline" became CannotCompile. This means
that if you bisect down on bar in the "foo inlined into bar" case, you'll crash in the DFG
because the baseline JIT wouldn't have known to insert profiling on foo.

We could fix this by bringing back CanInline.

But this is all a pile of nonsense. The debug support to selectively disable compilation of
some CodeBlocks shouldn't cross-cut our entire engine and should most certainly never involve
adding new capability modes. This support is a hack at best and is for use by JSC hackers
only. It should be as unintrusive as possible.

So, as in the ancient times, the only proper place to put this hack is in DFGDriver.cpp, and
return CompilationFailed. This is correct not just because it takes capability modes out of
the picture (and obviates the need to introduce new ones), but also because it means that
disabling compilation doesn't change the profiling mode of other CodeBlocks in the Baseline
JIT. Capability mode influences profiling mode which in turn influences code generation in
the Baseline JIT, sometimes in very significant ways - like, we sometimes do additional
double-to-int conversions in Baseline if we know that we might tier-up into the DFG, since
this buys us more precise profiling.

This change reduces the intrusiveness of debugging hacks by making them use the very simple
CompilationFailed mechanism rather than trying to influence capability modes. Capability
modes have very subtle effects on the whole engine, while CompilationFailed just makes the
engine pretend like the DFG compilation will happen at timelike infinity. That makes these
hacks much more likely to continue working as we make other changes to the system.

This brings back the ability to bisect down onto a function bar when bar inlines foo. Prior
to this change, we would crash in that case.

dfg/DFGCapabilities.cpp:

(JSC::DFG::isSupported):
(JSC::DFG::mightCompileEval):
(JSC::DFG::mightCompileProgram):
(JSC::DFG::mightCompileFunctionForCall):
(JSC::DFG::mightCompileFunctionForConstruct):

dfg/DFGCapabilities.h:
dfg/DFGDriver.cpp:

(JSC::DFG::compileImpl):

2:12 PM Changeset in webkit [180955] by timothy_horton@apple.com

1 edit
2 adds in trunk/LayoutTests

<attachment> label can get very wide, doesn't wrap/truncate
https://bugs.webkit.org/show_bug.cgi?id=142214
<rdar://problem/19982499>

platform/mac-mavericks/fast/attachment: Added.
platform/mac-mavericks/fast/attachment/attachment-label-highlight-expected.txt: Added.

Add a Mavericks result because text metrics differ.

1:58 PM Changeset in webkit [180954] by ggaren@apple.com

5 edits in trunk/Source/bmalloc

bmalloc should implement malloc introspection (to stop false-positive leaks when MallocStackLogging is off)
https://bugs.webkit.org/show_bug.cgi?id=141802

Reviewed by Andreas Kling.

Rolling back in but disabled on iOS until I can debug why the iOS PLT crashes.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow):

bmalloc/VMHeap.h:
bmalloc/Zone.cpp:

(bmalloc::Zone::size):
(bmalloc::Zone::Zone):

bmalloc/Zone.h:

1:47 PM Changeset in webkit [180953] by ggaren@apple.com

6 edits in trunk/Source/bmalloc

bmalloc: Miscellaneous cleanup
https://bugs.webkit.org/show_bug.cgi?id=142231

Reviewed by Andreas Kling.

No performance change -- maybe a tiny reduction in memory use.

bmalloc/Heap.cpp: Moved the sleep function into StaticMutex, since

it's a helper for working with mutexes.

(bmalloc::Heap::scavenge): Make sure to wait before we start any
scavenging, since individual scavenging functions now always scavenge
at least one page before waiting themselves.

(bmalloc::Heap::scavengeSmallPages):
(bmalloc::Heap::scavengeMediumPages):
(bmalloc::Heap::scavengeLargeObjects): Use the new wait helper to
simplify this code. Also, we now require our caller to wait until at
least one deallocation is desirable. This simplifies our loop.

(bmalloc::Heap::allocateSmallPage):
(bmalloc::Heap::allocateMediumPage):
(bmalloc::Heap::allocateXLarge):
(bmalloc::Heap::allocateLarge): Don't freak out any time the heap does
an allocation. Only consider the heap to be growing if it actually needs
to allocate new VM. This allows us to shrink the heap back down from a
high water mark more reliably even if heap activity continues.

(bmalloc::sleep): Deleted.
(bmalloc::Heap::scavengeLargeRanges): Renamed to match our use of
"LargeObject".

bmalloc/Heap.h:

bmalloc/LargeObject.h:

(bmalloc::LargeObject::operator bool): Added to simplify a while loop.

bmalloc/StaticMutex.h:

(bmalloc::sleep):
(bmalloc::waitUntilFalse): New helper for waiting until a condition
becomes reliably false.

bmalloc/Vector.h:

(bmalloc::Vector<T>::~Vector): Oops! Don't deallocate the null pointer.
We don't actually run any Vector destructors, but an iteration of this
patch did, and then crashed. So, let's fix that.

1:20 PM Changeset in webkit [180952] by Darin Adler

1 edit
2 adds in trunk/LayoutTests

Test legacy event handler attributes (ones with names like "onclick")
https://bugs.webkit.org/show_bug.cgi?id=142221

Reviewed by Anders Carlsson.

fast/dom/legacy-event-handler-attributes-expected.txt: Added.
fast/dom/legacy-event-handler-attributes.html: Added.

1:13 PM Changeset in webkit [180951] by andersca@apple.com

2 edits in trunk/Source/WebCore

Try to fix the build.

platform/spi/cf/CFNetworkSPI.h:

12:29 PM March 2015 Meeting edited by Simon Fraser

(diff)

12:16 PM Changeset in webkit [180950] by timothy_horton@apple.com

5 edits
3 adds in trunk

<attachment> label can get very wide, doesn't wrap/truncate
https://bugs.webkit.org/show_bug.cgi?id=142214
<rdar://problem/19982499>

Reviewed by Simon Fraser.

Test: fast/attachment/attachment-label-highlight.html

rendering/RenderThemeMac.h:
rendering/RenderThemeMac.mm:

(WebCore::labelTextColorForAttachment):
(WebCore::AttachmentLayout::addLine):
(WebCore::AttachmentLayout::layOutText):
(WebCore::AttachmentLayout::AttachmentLayout):
Make it possible to lay out multiple lines of label text.
We lay out the whole string normally, but then only draw N (where N=1 for now,
but is adjustable) of the lines. The remainder of the string is then
merged into a single line, which is middle-truncated with an ellipsis
and drawn in place of the N+1 line.

(WebCore::addAttachmentLabelBackgroundRightCorner):
(WebCore::addAttachmentLabelBackgroundLeftCorner):
(WebCore::paintAttachmentLabelBackground):
Wrap the label background around the multiple lines of text with curved edges.
We run first down the right side of the label, determining whether to use
concave or convex arcs based on the relative widths of adjacent lines.
Then, we run back up the left side of the label doing the same thing.

If the background rects of two lines are very similar (within the rounded rect radius),
they will be expanded to the larger of the two, because otherwise the arcs
look quite wrong.

(WebCore::paintAttachmentLabel):
Draw the label with CoreText directly instead of bothering with WebCore
text layout primitives. There's no need, and it makes wrapping much more complicated.

(WebCore::RenderThemeMac::paintAttachment):
(WebCore::RenderThemeMac::paintAttachmentLabelBackground): Deleted.
(WebCore::RenderThemeMac::paintAttachmentLabel): Deleted.

fast/attachment/attachment-label-highlight.html: Added.
platform/mac/fast/attachment/attachment-label-highlight-expected.png: Added.
platform/mac/fast/attachment/attachment-label-highlight-expected.txt: Added.

Add a test for various <attachment> highlight cases.

platform/mac/fast/attachment/attachment-rendering-expected.txt:

Update expected result for attachment-rendering, which changed size
because we now bail from text layout if we don't have any text.

12:13 PM Changeset in webkit [180949] by Antti Koivisto

6 edits in trunk/Source/WebKit2

Include key to NetworkCacheStorage::Entry
https://bugs.webkit.org/show_bug.cgi?id=142215

Reviewed by Chris Dumez.

This simplified code. The key is saved as part of the entry so it makes logical sense too.

NetworkProcess/cache/NetworkCache.cpp:

(WebKit::makeCacheKey):
(WebKit::encodeStorageEntry):
(WebKit::NetworkCache::retrieve):
(WebKit::NetworkCache::store):
(WebKit::NetworkCache::update):
(WebKit::NetworkCache::traverse):
(WebKit::entryAsJSON):
(WebKit::NetworkCache::dumpContentsToFile):

NetworkProcess/cache/NetworkCacheKey.cpp:

(WebKit::NetworkCacheKey::operator=):

NetworkProcess/cache/NetworkCacheKey.h:

(WebKit::NetworkCacheKey::isNull):

NetworkProcess/cache/NetworkCacheStorage.h:
NetworkProcess/cache/NetworkCacheStorageCocoa.mm:

(WebKit::decodeEntry):
(WebKit::encodeEntryHeader):
(WebKit::retrieveFromMemory):
(WebKit::NetworkCacheStorage::retrieve):
(WebKit::NetworkCacheStorage::store):
(WebKit::NetworkCacheStorage::update):
(WebKit::NetworkCacheStorage::traverse):
(WebKit::NetworkCacheStorage::dispatchPendingWriteOperations):
(WebKit::NetworkCacheStorage::dispatchFullWriteOperation):
(WebKit::NetworkCacheStorage::dispatchHeaderWriteOperation):

12:12 PM Changeset in webkit [180948] by Simon Fraser

4 edits in trunk/Source/WebCore

Avoid applying the clip-path when painting, if a layer also has a shape layer mask
https://bugs.webkit.org/show_bug.cgi?id=142212

Reviewed by Zalan Bujtas.

After r180882 we translate clip-path into a composited shape mask when the layer
is composited. However, we were also still applying the clip-path when painting
the layer contents.

Now, we set the GraphicsLayer bits GraphicsLayerPaintClipPath and GraphicsLayerPaintMask
only for the m_maskLayer's painting. This translate into setting PaintLayerPaintingCompositingMaskPhase
and PaintLayerPaintingCompositingClipPathPhase only when painting that same mask layer,
rather than always. To ensure that masks and clip-path get applied for software paints,
add shouldPaintMask() and shouldApplyClipPath() that return true for non-composited layers,
and when doing a flattening paint.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::paintLayerContents): Use shouldApplyClipPath().
Pull three chunks of code under a single "if (shouldPaintContent && !selectionOnly)" condition.
The condition for paintChildClippingMaskForFragments() is changed slightly; we need to call this
only when painting the clip-path/mask layer contents, but also only when there is no mask to fill
the clipped area for us.
(WebCore::RenderLayer::calculateClipRects):
(WebCore::RenderLayer::paintsWithClipPath): Deleted.

rendering/RenderLayer.h:
rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateMaskingLayer): Be sure to set the GraphicsLayerPaintClipPath bit
when having a mask forces us onto the painting path.

12:10 PM Changeset in webkit [180947] by Antti Koivisto

3 edits in trunk/Source/WebKit2

Cache shrink leaves behind empty partition directories
https://bugs.webkit.org/show_bug.cgi?id=142217

Reviewed by Andreas Kling.

NetworkProcess/cache/NetworkCacheFileSystemPosix.h:

(WebKit::traverseCacheFiles):

No need for std::function.

NetworkProcess/cache/NetworkCacheStorageCocoa.mm:

(WebKit::NetworkCacheStorage::shrinkIfNeeded):

After shrink traverse through the partition directories and try to delete them.
System knows if they are actually empty.

11:56 AM Changeset in webkit [180946] by andersca@apple.com

5 edits in trunk/Source

Use the correct display name for website data for local files
https://bugs.webkit.org/show_bug.cgi?id=142228

Reviewed by Dan Bernstein.

Source/WebCore:

English.lproj/Localizable.strings:

Add local file display name.

platform/spi/cf/CFNetworkSPI.h:

Add kCFHTTPCookieLocalFileDomain declaration.

Source/WebKit2:

UIProcess/WebsiteData/WebsiteDataRecord.cpp:

(displayNameForLocalFiles):
Add new helper function.

(WebKit::WebsiteDataRecord::displayNameForCookieHostName):
Check if the hostname is kCFHTTPCookieLocalFileDomain.

(WebKit::WebsiteDataRecord::displayNameForOrigin):
Handle file URLs as well.

11:31 AM March 2015 Meeting edited by Simon Fraser

(diff)

11:29 AM March 2015 Meeting edited by Simon Fraser

(diff)

11:14 AM Changeset in webkit [180945] by mmirman@apple.com

3 edits in trunk/Tools

JSC tests should not be repeated twice for each branch builder, and should if possible have their own queue.
https://bugs.webkit.org/show_bug.cgi?id=142094

Reviewed by Csaba Osztrogonác.

BuildSlaveSupport/build.webkit.org-config/config.json: Added bots 155 and 157
BuildSlaveSupport/build.webkit.org-config/master.cfg:

(TestFactory):
(TestFactory.init): Made running of JSC tests conditional.
(TestAllButJSCFactory):
(TestJSCFactory): Added.
(TestJSCFactory.init):
(TestWebKit2AndJSCFactory): Added factory to not run JSC tests on WebKit2.

11:13 AM Changeset in webkit [180944] by mmaxfield@apple.com

5 edits in trunk/Source/WebCore

BreakingContext cleanup
https://bugs.webkit.org/show_bug.cgi?id=142146

Reviewed by Dean Jackson.

Use commitLineBreakAtCurrentWidth() instead of directly

updating m_width and m_lineBreak, because the name makes the
intent clearer.

Remove duplicate function LineBreaker::nextSegmentBreak().
lineStyle() takes care of inspecting RenderText's parent's

style.

Add FIXME to BreakingContext::initializeForCurrentObject()

because it seems like we are ignoring first-line style for
some properties.

No new tests because there is no behavior change.

rendering/line/BreakingContextInlineHeaders.h:

(WebCore::BreakingContext::BreakingContext):
(WebCore::BreakingContext::initializeForCurrentObject):
(WebCore::BreakingContext::handleReplaced):
(WebCore::BreakingContext::handleText):
(WebCore::BreakingContext::commitAndUpdateLineBreakIfNeeded):
(WebCore::BreakingContext::handleEndOfLine):

rendering/line/LineBreaker.cpp:

(WebCore::LineBreaker::nextLineBreak): Deleted.
(WebCore::LineBreaker::nextSegmentBreak): Deleted.

rendering/line/LineBreaker.h:
rendering/line/LineInlineHeaders.h:

(WebCore::lineStyle):

10:52 AM Changeset in webkit [180943] by enrica@apple.com

2 edits in trunk/Source/WebKit2

Fixed typo in platform guard in http://trac.webkit.org/changeset/180939.

Unreviewed.

UIProcess/ios/WKContentViewInteraction.mm:

10:50 AM Changeset in webkit [180942] by ddkilzer@apple.com

2 edits in trunk/Tools

build-webkit --help is wrong about how to build for the iOS simulator
<http://webkit.org/b/142223>

Reviewed by Csaba Osztrogonác.

Scripts/build-webkit: Fix help.

10:10 AM Changeset in webkit [180941] by Nikita Vasilyev

5 edits
1 add in trunk/Source/WebInspectorUI

Web Inspector: Refactoring: separate ConsoleSession from ConsoleGroup
https://bugs.webkit.org/show_bug.cgi?id=142141

ConsoleSession doesn't have a title and it's not collapsible either.
Simplify ConsoleSession by removing excessive markup.

Reviewed by Timothy Hatcher.

UserInterface/Controllers/JavaScriptLogViewController.js:

(WebInspector.JavaScriptLogViewController):
(WebInspector.JavaScriptLogViewController.prototype.startNewSession):
(WebInspector.JavaScriptLogViewController.prototype._appendConsoleMessage):
(WebInspector.JavaScriptLogViewController.prototype.get topConsoleGroup): Deleted.

UserInterface/Main.html:
UserInterface/Views/ConsoleGroup.js:

(WebInspector.ConsoleGroup):
(WebInspector.ConsoleGroup.prototype.render):
(WebInspector.ConsoleGroup.prototype.addMessage):
(WebInspector.ConsoleGroup.prototype.append):
(WebInspector.ConsoleGroup.prototype.hasMessages): Deleted.

UserInterface/Views/ConsoleSession.js: Added.

(WebInspector.ConsoleSession):
(WebInspector.ConsoleSession.prototype.addMessage):
(WebInspector.ConsoleSession.prototype.append):
(WebInspector.ConsoleSession.prototype.hasMessages):

UserInterface/Views/LogContentView.css:

(.console-session + .console-session):
(.console-group.new-session .console-group-messages .console-item:first-child): Deleted.
(.console-group.new-session): Deleted.

10:05 AM Changeset in webkit [180940] by Carlos Garcia Campos

2 edits in trunk/Tools

Unreviewed. Bump libsoup version to 2.49.91.1 to fix 32 bit build.

gtk/jhbuild.modules:

9:46 AM Changeset in webkit [180939] by enrica@apple.com

2 edits in trunk/Source/WebKit2

Adopt new API for keyboard interaction.
https://bugs.webkit.org/show_bug.cgi?id=142201
rdar://problem/19924949

Reviewed by Joseph Pecoraro.

UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView inputAssistantItem]):
(-[WKContentView _inputAssistantItem]):

9:32 AM Changeset in webkit [180938] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

[Win64] JSC compile error.
https://bugs.webkit.org/show_bug.cgi?id=142216

Patch by peavo@outlook.com <peavo@outlook.com> on 2015-03-03
Reviewed by Mark Lam.

There is missing a version of setupArgumentsWithExecState when NUMBER_OF_ARGUMENT_REGISTERS == 4.

jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

9:13 AM Changeset in webkit [180937] by Brian Burg

2 edits in trunk/Source/WebInspectorUI

Web Inspector: popover should use requestAnimationFrame to drive move/resize animations
https://bugs.webkit.org/show_bug.cgi?id=142218

Reviewed by Timothy Hatcher.

Remove setTimeout workaround now that Inspector runs in its own process.

UserInterface/Views/Popover.js:

(WebInspector.Popover.prototype.drawBackground):
(WebInspector.Popover.prototype._animateFrame):

9:08 AM Changeset in webkit [180936] by Brent Fulgham

2 edits in trunk/LayoutTests

[Win] Document more debug assertions.

platform/win/TestExpectations:

8:52 AM Changeset in webkit [180935] by Brian Burg

3 edits in trunk/Source/WebInspectorUI

Web Inspector: Console log level selector loses selection on reload
https://bugs.webkit.org/show_bug.cgi?id=142199

Reviewed by Timothy Hatcher.

The selected items in the console scope bar were being saved as settings,
but the "All" scope is forcibly selected on reload due to a logic bug.

UserInterface/Base/Main.js:

(WebInspector.showFullHeightConsole):
The scope bar may already have selected items restored from WebInspector.Settings.
Don't select a scope unless explicitly requested (i.e., clicking on dashboard buttons)
or if no scopes are selected at all. (In the latter case, "All" is the default scope.)

UserInterface/Views/LogContentView.js:

(WebInspector.LogContentView): Don't specify a default value here to avoid trampling
settings. The "All" scope is selected by default in showFullHeightConsole if
nothing else is selected.

7:58 AM Changeset in webkit [180934] by Chris Dumez

6 edits
6 adds in trunk

Make AudioContext suspendable when it is not rendering
https://bugs.webkit.org/show_bug.cgi?id=142210
<rdar://problem/19923085>

Reviewed by Eric Carlson.

Source/WebCore:

Make AudioContext suspendable when it is not rendering to increase the
likelihood of entering the PageCache for pages using WebAudio.

This patch adds a state member to AudioContext with 3 possible states:
Suspended / Running / Closed, as defined in the specification:
http://webaudio.github.io/web-audio-api/#widl-AudioContext-state

This state is used to decide if we can suspend the page or not. We
can safely suspend if the AudioContext's state is suspended (did not
start rendering) or closed (Stopped rendering).

Note that this patch does not expose the AudioContext's state to the
Web yet, even though it is exposed in the latest specification.

Tests: fast/history/page-cache-closed-audiocontext.html

fast/history/page-cache-running-audiocontext.html
fast/history/page-cache-suspended-audiocontext.html

Modules/webaudio/AudioContext.cpp:

(WebCore::AudioContext::AudioContext):
(WebCore::AudioContext::uninitialize):
(WebCore::AudioContext::canSuspend):
(WebCore::AudioContext::startRendering):
(WebCore::AudioContext::fireCompletionEvent):

Modules/webaudio/AudioContext.h:

LayoutTests:

Add layout tests to check cases where an AudioContext should or should
not prevent pages from entering the page cache.

fast/history/page-cache-closed-audiocontext-expected.txt: Added.
fast/history/page-cache-closed-audiocontext.html: Added.
fast/history/page-cache-running-audiocontext-expected.txt: Added.
fast/history/page-cache-running-audiocontext.html: Added.
fast/history/page-cache-suspended-audiocontext-expected.txt: Added.
fast/history/page-cache-suspended-audiocontext.html: Added.

7:10 AM Changeset in webkit [180933] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.7.91

WebKitGTK+ 2.7.91

7:09 AM Changeset in webkit [180932] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.8

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.7.91 release.

Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

gtk/NEWS: Add release notes for 2.7.91.

2:53 AM Changeset in webkit [180931] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r180928 - [SOUP] Use SoupMessage::starting instead of SoupSession::request-started
https://bugs.webkit.org/show_bug.cgi?id=142164

Reviewed by Sergio Villar Senin.

SoupSession::request-started is deprecated in libsoup 2.50. Both
signals are equivalent, but SoupMessage::starting is also emitted
for resources loaded from the disk cache. This fixes web timing
calculations for cached resources, since we were not initializing
m_requestStart.

platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::startingCallback):
(WebCore::createSoupMessageForHandleAndRequest):

platform/network/soup/SoupNetworkSession.cpp:

(WebCore::SoupNetworkSession::SoupNetworkSession):

2:52 AM Changeset in webkit [180930] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.8

Merge r180927 - [SOUP] Synchronous XMLHttpRequests can time out when we reach the max connections limit
https://bugs.webkit.org/show_bug.cgi?id=141508

Reviewed by Sergio Villar Senin.

Source/WebCore:

Use SOUP_MESSAGE_IGNORE_CONNECTION_LIMITS flag when loading a
synchronous message instead of increasing the maximum number of
connections allowed if the soup version is recent enough.
The current solution of increasing/decreasing the limits doesn't
always work, because connections are not marked as IDLE in libsoup
until the message is unqueued, but we don't wait for the message
to be unqueued to finish our loads in WebKit, we finish them as
soon as we have finished reading the stream. This causes that
synchronous loads keep blocked in the nested main loop until the
timeout of 10 seconds is fired and the load fails.
Also marked WebCoreSynchronousLoader class as final, the virtual
methods as override and removed the unsused method isSynchronousClient.

platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::createSoupMessageForHandleAndRequest):
(WebCore::WebCoreSynchronousLoader::WebCoreSynchronousLoader):
(WebCore::WebCoreSynchronousLoader::isSynchronousClient): Deleted.
(WebCore::WebCoreSynchronousLoader::didReceiveResponse):
(WebCore::WebCoreSynchronousLoader::didReceiveData):
(WebCore::WebCoreSynchronousLoader::didReceiveBuffer):
(WebCore::WebCoreSynchronousLoader::didFinishLoading):
(WebCore::WebCoreSynchronousLoader::didFail):
(WebCore::WebCoreSynchronousLoader::didReceiveAuthenticationChallenge):
(WebCore::WebCoreSynchronousLoader::shouldUseCredentialStorage):

Tools:

Add a unit test to check that synchronous XHRs load even if the
maximum connection limits are reached.

TestWebKitAPI/Tests/WebKit2Gtk/TestResources.cpp:

(testWebViewSyncRequestOnMaxConns):
(serverCallback):
(beforeAll):

gtk/jhbuild.modules: Bump libsoup version to 2.49.91.

2:51 AM Changeset in webkit [180929] by Carlos Garcia Campos

6 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r180924 - REGRESSION(r177075): WebProcess crashes when entering accelerating compositing mode before the WebView is realized
https://bugs.webkit.org/show_bug.cgi?id=142079

Reviewed by Žan Doberšek.

The problem is that the texture mapper and native window handler
are initialized when the LayerTreeHost is initialized, assuming
the UI process has already sent the native window handler to the
web process, but that doesn't always happen since we moved the
redirected window creation to realize in r177075.

WebProcess/WebPage/DrawingArea.h:

(WebKit::DrawingArea::nativeSurfaceHandleForCompositing): Deleted.

WebProcess/WebPage/DrawingAreaImpl.cpp:

(WebKit::DrawingAreaImpl::enterAcceleratedCompositingMode): Call
LayerTreeHost::setNativeSurfaceHandleForCompositing if we
already have a native window handle at this point.
(WebKit::DrawingAreaImpl::setNativeSurfaceHandleForCompositing):
Call LayerTreeHost::setNativeSurfaceHandleForCompositing also when
not using threaded compositing.

WebProcess/WebPage/LayerTreeHost.h:
WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:

(WebKit::LayerTreeHostGtk::makeContextCurrent): Helper function to
ensure a context and making it current.
(WebKit::LayerTreeHostGtk::ensureTextureMapper): Ensure a texture
is created for the current context.
(WebKit::LayerTreeHostGtk::initialize): Use makeContextCurrent()
and ensureTextureMapper(), and remove the LayerTreeContext
initialization since that's is now always initialized in
setNativeSurfaceHandleForCompositing().
(WebKit::LayerTreeHostGtk::compositeLayersToContext): Use
makeContextCurrent() helper function and also call
ensureTextureMapper() just in case the texture could not be
created during initialization because the native window handle was
not yet available.
(WebKit::LayerTreeHostGtk::flushAndRenderLayers): Use makeContextCurrent().
(WebKit::LayerTreeHostGtk::setNativeSurfaceHandleForCompositing):
Initialize the LayerTreeContext.
(WebKit::LayerTreeHostGtk::glContext): Deleted.

WebProcess/WebPage/gtk/LayerTreeHostGtk.h:

2:24 AM Changeset in webkit [180928] by Carlos Garcia Campos

3 edits in trunk/Source/WebCore

[SOUP] Use SoupMessage::starting instead of SoupSession::request-started
https://bugs.webkit.org/show_bug.cgi?id=142164

Reviewed by Sergio Villar Senin.

platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::startingCallback):
(WebCore::createSoupMessageForHandleAndRequest):

platform/network/soup/SoupNetworkSession.cpp:

(WebCore::SoupNetworkSession::SoupNetworkSession):

1:17 AM Changeset in webkit [180927] by Carlos Garcia Campos

5 edits in trunk

[SOUP] Synchronous XMLHttpRequests can time out when we reach the max connections limit
https://bugs.webkit.org/show_bug.cgi?id=141508

Reviewed by Sergio Villar Senin.

Source/WebCore:

platform/network/soup/ResourceHandleSoup.cpp:

Tools:

Add a unit test to check that synchronous XHRs load even if the
maximum connection limits are reached.

TestWebKitAPI/Tests/WebKit2Gtk/TestResources.cpp:

(testWebViewSyncRequestOnMaxConns):
(serverCallback):
(beforeAll):

gtk/jhbuild.modules: Bump libsoup version to 2.49.91.

12:55 AM Changeset in webkit [180926] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r180908 - bmalloc: Eagerly remove allocated objects from the free list
https://bugs.webkit.org/show_bug.cgi?id=142194

Reviewed by Andreas Kling.

This reduces the pressure to garbage collect the free list.

Might be a 1% speedup on MallocBench.

bmalloc/FreeList.cpp: Put this comment at the top of the file instead

of repeating it inside of each function. Tried to clarify the details.

(bmalloc::FreeList::takeGreedy): Matched the other iteration code in this
file for consistency -- even though either direction works fine in this
function.

(bmalloc::FreeList::take): Change to iterate from low to high so that we
can maintain an index into the vector that is not disturbed even if we
pop from the middle (which invalidates the last index in the vector).

Decrement i when popping from the middle to make sure that we don't
skip the next item after popping.

(bmalloc::FreeList::removeInvalidAndDuplicateEntries): Ditto.

12:47 AM Changeset in webkit [180925] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8

Merge r180884 - REGRESSION(r179409): [GTK] Undefined symbol prevents web extensions from being loaded
https://bugs.webkit.org/show_bug.cgi?id=142165

Patch by Debarshi Ray <debarshir@gnome.org> on 2015-03-02
Reviewed by Carlos Garcia Campos.

Source/cmake/gtksymbols.filter:

12:10 AM Changeset in webkit [180924] by Carlos Garcia Campos

6 edits in trunk/Source/WebKit2

REGRESSION(r177075): WebProcess crashes when entering accelerating compositing mode before the WebView is realized
https://bugs.webkit.org/show_bug.cgi?id=142079

Reviewed by Žan Doberšek.

WebProcess/WebPage/DrawingArea.h:

(WebKit::DrawingArea::nativeSurfaceHandleForCompositing): Deleted.

WebProcess/WebPage/DrawingAreaImpl.cpp:

WebProcess/WebPage/LayerTreeHost.h:
WebProcess/WebPage/gtk/LayerTreeHostGtk.cpp:

WebProcess/WebPage/gtk/LayerTreeHostGtk.h:

Mar 2, 2015:

11:20 PM Changeset in webkit [180923] by ddkilzer@apple.com

2 edits in trunk/Source/WebCore

[iOS] Disable -Wdeprecated-declaration warnings in WebVideoFullscreenInterfaceAVKit.mm

Fixing the deprecations is tracked by: <rdar://problem/20018692>

platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(WebVideoFullscreenInterfaceAVKit::enterFullscreenOptimized):
Ignore -Wdeprecated-declaration warnings via clang pragmas.

10:57 PM Changeset in webkit [180922] by mark.lam@apple.com

3 edits in trunk/LayoutTests

Gardening: skipping inspector/timeline tests since they are still flaky.
<https://webkit.org/b/142208>

Not reviewed.

TestExpectations:
Restore skipping of inspector/timeline tests.
platform/win/TestExpectations:
Removing the skipping here since the general TestExpectations has it covered.

10:55 PM Changeset in webkit [180921] by gyuyoung.kim@samsung.com

10 edits in trunk/Source

[WK2] Remove unnecessary create() factory functions.
https://bugs.webkit.org/show_bug.cgi?id=142161

Reviewed by Chris Dumez.

We can replace some create() factory functions with std::make_unique(). Because
it just returns new instance. Even some of those functions have used std::unique_ptr<>
instead of std::make_unique<>. Fixed all.

Source/WebKit2:

DatabaseProcess/IndexedDB/sqlite/SQLiteIDBTransaction.h:

(WebKit::SQLiteIDBTransaction::create): Deleted.

DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.cpp:

(WebKit::UniqueIDBDatabaseBackingStoreSQLite::establishTransaction):

Platform/efl/DispatchQueueWorkItemEfl.h:

(WorkItem::dispatch):
(WorkItem::create): Deleted.

UIProcess/API/gtk/PageClientImpl.h:

(WebKit::PageClientImpl::create): Deleted.

UIProcess/API/gtk/WebKitTextChecker.h:

(WebKitTextChecker::create): Deleted.

UIProcess/API/gtk/WebKitWebContext.cpp:

(webkitWebContextConstructed):

UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseConstructed):

Source/WTF:

wtf/efl/WorkQueueEfl.cpp:

(WorkQueue::dispatch):

8:38 PM Changeset in webkit [180920] by ap@apple.com

2 edits in trunk/Tools

Update the name of ASan build step.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotIteration.js:

8:33 PM Changeset in webkit [180919] by fpizlo@apple.com

4 edits in trunk/Source

DFG compile time measurements should really report milliseconds
https://bugs.webkit.org/show_bug.cgi?id=142209

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Fix this to record milliseconds instead of seconds.

dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThread):
(JSC::DFG::Plan::compileInThreadImpl):

Source/WTF:

This bug was introduced because currentTimeMS() calls were converted to
monotonicallyIncreasingTime() calls. Perhaps this bug would be less likely if there was a
monotonicallyIncreasingTimeMS() function available, so this patch adds it.

wtf/CurrentTime.h:

(WTF::monotonicallyIncreasingTimeMS):

8:12 PM Changeset in webkit [180918] by Brent Fulgham

2 edits in trunk/LayoutTests

[Win] inspector/timeline always times out.
https://bugs.webkit.org/show_bug.cgi?id=142208

platform/win/TestExpectations: Skipping.)

8:05 PM Changeset in webkit [180917] by fpizlo@apple.com

13 edits in trunk/Source/JavaScriptCore

Remove op_get_callee, it's unused
https://bugs.webkit.org/show_bug.cgi?id=142206

Reviewed by Andreas Kling.

It's a bit of a shame that we stopped using this opcode since it gives us same-callee
profiling. But, if we were to add this functionality back in, we would almost certainly do
it by adding a JSFunction allocation watchpoint on FunctionExecutable.

bytecode/BytecodeList.json:
bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::finalizeUnconditionally):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

jit/JIT.h:
jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_get_callee): Deleted.
(JSC::JIT::emitSlow_op_get_callee): Deleted.

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_get_callee): Deleted.
(JSC::JIT::emitSlow_op_get_callee): Deleted.

llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL): Deleted.

7:58 PM Changeset in webkit [180916] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Remove native extensions now built-in
https://bugs.webkit.org/show_bug.cgi?id=142203

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-03-02
Reviewed by Timothy Hatcher.

UserInterface/Base/Utilities.js:

7:29 PM Changeset in webkit [180915] by commit-queue@webkit.org

11 edits
2 moves in trunk/Source/WebCore

Unreviewed, rolling out r180902.
https://bugs.webkit.org/show_bug.cgi?id=142205

It broke scrolling in some cases. See bug 142202 for details.
(Requested by bdash on #webkit).

Reverted changeset:

"Move scroll animating functions from ScrollAnimator to
ScrollController"
https://bugs.webkit.org/show_bug.cgi?id=142102
http://trac.webkit.org/changeset/180902

7:25 PM Changeset in webkit [180914] by commit-queue@webkit.org

14 edits
10 deletes in trunk

Unreviewed, rolling out r180911.
https://bugs.webkit.org/show_bug.cgi?id=142204

The tests it added are crashing (Requested by bdash on
#webkit).

Reverted changeset:

"Add a microtask abstraction"
https://bugs.webkit.org/show_bug.cgi?id=137496
http://trac.webkit.org/changeset/180911

6:24 PM Changeset in webkit [180913] by Joseph Pecoraro

17 edits in trunk/Source

Web Inspector: Context Menu to Log a Particular Object
https://bugs.webkit.org/show_bug.cgi?id=142198

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

Add a protocol method to assign a $n index to a value. For an object
use the injected script context for that object. For a value, use
the execution context to know where to save the value.

inspector/InjectedScript.cpp:

(Inspector::InjectedScript::saveResult):

inspector/InjectedScript.h:
inspector/InjectedScriptSource.js:
inspector/agents/InspectorRuntimeAgent.cpp:

(Inspector::InspectorRuntimeAgent::saveResult):

inspector/agents/InspectorRuntimeAgent.h:
inspector/protocol/Debugger.json:
inspector/protocol/Runtime.json:

Source/WebInspectorUI:

UserInterface/Controllers/JavaScriptLogViewController.js:

(WebInspector.JavaScriptLogViewController.prototype.saveResultCallback):
(WebInspector.JavaScriptLogViewController.prototype.appendImmediateExecutionWithResult):
Add a way to show an execution and result immediately in the Log View.

UserInterface/Views/ConsolePrompt.js:

(WebInspector.ConsolePrompt.prototype.pushHistoryItem):
(WebInspector.ConsolePrompt.prototype.commitTextOrInsertNewLine):
(WebInspector.ConsolePrompt.prototype._handleEnterKey):
(WebInspector.ConsolePrompt.prototype._commitHistoryEntry):
Add a way to append a history item to the console prompt history.

UserInterface/Views/ObjectTreePropertyTreeElement.js:

(WebInspector.ObjectTreePropertyTreeElement.prototype):
Add a context menu item to object tree properties to log the value.

UserInterface/Protocol/RemoteObject.js:

(WebInspector.RemoteObject.createCallArgument):
(WebInspector.RemoteObject.prototype.callFunction):
(WebInspector.RemoteObject.prototype.asCallArgument):
Simplify CallArgument creation.

UserInterface/Controllers/RuntimeManager.js:

(WebInspector.RuntimeManager.prototype.mycallback):
(WebInspector.RuntimeManager.prototype.saveResult):
Wrap RuntimeAgent.saveResult. If supported, run the backend command
and fetch a saved result index from the backend for the given value.

Localizations/en.lproj/localizedStrings.js:
UserInterface/Base/Main.js:

(WebInspector.contentLoaded):

UserInterface/Views/LogContentView.js:

(WebInspector.LogContentView.prototype.get logViewController):
Misc.

5:37 PM Changeset in webkit [180912] by beidson@apple.com

2 edits in trunk/Source/WebKit2

Lots of: ERROR: Unhandled web process message WebPageGroupProxy:RemoveAllUserContentFilters
https://bugs.webkit.org/show_bug.cgi?id=142155

Reviewed by Simon Fraser.

WebProcess/WebProcess.cpp:

(WebKit::WebProcess::didReceiveMessage): Return after handling WebPageGroupProxy messages

instead of logging an error.

5:04 PM Changeset in webkit [180911] by yoav@yoav.ws

14 edits
10 adds in trunk

Add a microtask abstraction
https://bugs.webkit.org/show_bug.cgi?id=137496

Reviewed by Sam Weinig.

Source/WebCore:

WebCore.vcxproj/WebCore.vcxproj: Add MicroTask.{h,cpp} to the project.
WebCore.vcxproj/WebCoreTestSupport.vcxproj: Add MicroTaskTest.{h,cpp} to the project.
WebCore.vcxproj/WebCore.vcxproj.filters: Add MicroTask.{h,cpp} to the project.
WebCore.vcxproj/WebCoreTestSupport.vcxproj.filters: Add MicroTaskTest.{h,cpp} to the project.
WebCore.xcodeproj/project.pbxproj: Add MicroTask{,Test}.{h,cpp} to the project.
dom/Document.h: Add WEBCORE_EXPORT to addConsoleMessage, so it can be used in MicroTaskTest that's in WebCoreTestSupport..
dom/MicroTask.h: Add a MicroTask interface class. Add a MicroTaskQueue singleton.

(WebCore::MicroTask::~MicroTask):
(WebCore::MicroTask::run): Run the microtask.

dom/MicroTask.cpp: Implement the MicroTaskQueue singleton.

dom/ScriptRunner.cpp: Trigger running of all microtasks in queue.

(WebCore::ScriptRunner::timerFired):

html/parser/HTMLScriptRunner.cpp: Trigger running of all microtasks in queue.

(WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent):
(WebCore::HTMLScriptRunner::executeScriptsWaitingForParsing):
(WebCore::HTMLScriptRunner::runScript):

testing/Internals.cpp: Add a method to queue a test microtask.

(WebCore::Internals::queueMicroTask):

testing/Internals.h: Add a method to queue a test microtask.

(WebCore::Internals::queueMicroTask):

testing/Internals.idl: Expose test microtask queueing to test JS.
testing/MicroTaskTest.cpp: Add a test class that implements a microtask and prints to the console when it runs.

(WebCore::MicroTaskTest::run): Run the microtask
(WebCore::MicroTaskTest::create): Create a test microtask.

testing/MicroTaskTest.h: Add a test class that implements a microtask.

(WebCore::MicroTaskTest::run):
(WebCore::MicroTaskTest::create):

LayoutTests:

Adding a test for microtask abstraction.

fast/dom/microtask-detach.html: Added.
fast/dom/microtask-detach-expected.txt: Added.
fast/dom/microtask-inorder.html: Added.
fast/dom/microtask-inorder-expected.txt: Added.
fast/dom/microtask-reverse.html: Added.
fast/dom/microtask-reverse-expected.txt: Added.

4:58 PM Changeset in webkit [180910] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

RenderVideo should not paint the video frame when video is fullscreen.
https://bugs.webkit.org/show_bug.cgi?id=142097

Patch by Jeremy Jones <jeremyj@apple.com> on 2015-03-02
Reviewed by Eric Carlson.

For performance and correctness, RenderVideo should not paint the current video frame
inline when video is fullscreen. This happens when snapshots are taken and can have a
negative performance impact.

rendering/RenderVideo.cpp:

(WebCore::RenderVideo::paintReplaced):

4:45 PM Changeset in webkit [180909] by fpizlo@apple.com

3 edits in trunk/Source/JavaScriptCore

SpeculativeJIT::emitAllocateArguments() should be a bit faster, and shouldn't do destructor initialization
https://bugs.webkit.org/show_bug.cgi?id=142197

Reviewed by Geoffrey Garen.

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::emitAllocateArguments): Use shift instead of mul, since mul doesn't automatically strength-reduce to shift. Also pass the structure as a TrustedImmPtr.

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject): Rationalize this a bit. The other emitAllocate... methods take a templated structure so that it can be either a TrustedImmPtr or a register. Also don't do destructor initialization, since its one client doesn't need it, and it's actually probably wrong.

4:38 PM Changeset in webkit [180908] by ggaren@apple.com

2 edits in trunk/Source/bmalloc

bmalloc: Eagerly remove allocated objects from the free list
https://bugs.webkit.org/show_bug.cgi?id=142194

Reviewed by Andreas Kling.

This reduces the pressure to garbage collect the free list.

Might be a 1% speedup on MallocBench.

bmalloc/FreeList.cpp: Put this comment at the top of the file instead

of repeating it inside of each function. Tried to clarify the details.

(bmalloc::FreeList::takeGreedy): Matched the other iteration code in this
file for consistency -- even though either direction works fine in this
function.

Decrement i when popping from the middle to make sure that we don't
skip the next item after popping.

(bmalloc::FreeList::removeInvalidAndDuplicateEntries): Ditto.

4:24 PM Changeset in webkit [180907] by mark.lam@apple.com

3 edits
2 adds in trunk

Source/JavaScriptCore:
Exception stack unwinding in JSC hangs while the Timeline Profiler is enabled.
<https://webkit.org/b/142191>

Reviewed by Geoffrey Garen.

Imagine a scenario where the Inspector is paused / suspended at a breakpoint or
while the user is stepping through JS code. The user then tries to evaluate an
expression in the console, and that evaluation results in an exception being
thrown. Currently, if the Timeline Profiler is enabled while this exception is
being thrown, the WebProcess will hang while trying to handle that exception.

The issue is that the Timeline Profiler's ProfileGenerator::didExecute() will
return early and decline to process ProfileNodes if the Inspector is paused.
This is proper because it does not want to count work done for injected scripts
(e.g. from the console) towards the timeline profile of the webpage being run.
However, this is in conflict with ProfileGenerator::exceptionUnwind()'s
expectation that didExecute() will process ProfileNodes in order to do the stack
unwinding for the exception handling. As a result,
ProfileGenerator::exceptionUnwind() hangs.

ProfileGenerator::exceptionUnwind() is in error. While the Inspector is paused,
there will not be any ProfileNodes that it needs to "unwind". Hence, the fix is
simply to return early also in ProfileGenerator::exceptionUnwind() if the
Inspector is paused.

profiler/ProfileGenerator.cpp:

(JSC::ProfileGenerator::exceptionUnwind):

LayoutTests:
Last gardening after r177774

Unreviewed.

Patch by Myles C. Maxfield <mmaxfield@apple.com> on 2015-03-02

fast/text/font-kerning-expected.html:
fast/text/font-variant-ligatures-expected.html:
fast/text/whitespace/inline-whitespace-wrapping-7-expected.html:
fast/text/whitespace/inline-whitespace-wrapping-7.html:
mathml/presentation/scripts-subsup-expected.html:
mathml/presentation/scripts-subsup.html:
platform/mac/TestExpectations:
platform/mac/fast/text/multiple-codeunit-vertical-upright-expected.html:
platform/mac/fast/text/multiple-codeunit-vertical-upright.html:
platform/mac/fast/text/resources/multiple-codeunit-vertical-upright.otf: Removed.
svg/text/svg-font-word-rounding-hacks-spaces-expected.html:
svg/text/svg-font-word-rounding-hacks-spaces.html:
svg/text/tspan-outline-expected.svg:
svg/text/tspan-outline.html:

3:57 PM Changeset in webkit [180906] by dino@apple.com

3 edits in trunk/Source/WebCore

[iOS Media] Airplay button should be blue when active
https://bugs.webkit.org/show_bug.cgi?id=142193

Reviewed by Brent Fulgham.

Add a blue form of the Airplay button that is used
when we are actively displaying on another screen.

Modules/mediacontrols/mediaControlsiOS.css:

(video::-webkit-media-controls-wireless-playback-picker-button):
(video::-webkit-media-controls-wireless-playback-picker-button:active):
(video::-webkit-media-controls-wireless-playback-picker-button.playing):

Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.updateWirelessPlaybackStatus):

3:52 PM Changeset in webkit [180905] by Antti Koivisto

2 edits in trunk/Source/WebKit2

Add way to dump cache meta data to file
https://bugs.webkit.org/show_bug.cgi?id=142183

Add a missing return so we don't try to decode a null entry.

NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::dumpContentsToFile):

3:51 PM Changeset in webkit [180904] by mmaxfield@apple.com

15 edits
1 delete in trunk/LayoutTests

Last gardening after r177774

Unreviewed.

fast/text/font-kerning-expected.html:
fast/text/font-variant-ligatures-expected.html:
fast/text/whitespace/inline-whitespace-wrapping-7-expected.html:
fast/text/whitespace/inline-whitespace-wrapping-7.html:
mathml/presentation/scripts-subsup-expected.html:
mathml/presentation/scripts-subsup.html:
platform/mac/TestExpectations:
platform/mac/fast/text/multiple-codeunit-vertical-upright-expected.html:
platform/mac/fast/text/multiple-codeunit-vertical-upright.html:
platform/mac/fast/text/resources/multiple-codeunit-vertical-upright.otf: Removed.
svg/text/svg-font-word-rounding-hacks-spaces-expected.html:
svg/text/svg-font-word-rounding-hacks-spaces.html:
svg/text/tspan-outline-expected.svg:
svg/text/tspan-outline.html:

3:49 PM Changeset in webkit [180903] by fpizlo@apple.com

2 edits
1 add in trunk/Source/JavaScriptCore

FTL should correctly document where it puts the argument count for inlined varargs frames
https://bugs.webkit.org/show_bug.cgi?id=142187

Reviewed by Geoffrey Garn.

After LLVM tells us where the captured variables alloca landed in the frame, we need to
tell all of our meta-data about it. We were forgetting to do so for the argument count
register, which is used by inlined varargs calls.

ftl/FTLCompile.cpp:

(JSC::FTL::mmAllocateDataSection):

tests/stress/inline-varargs-get-arguments.js: Added.

(foo):
(bar):
(baz):

3:49 PM Changeset in webkit [180902] by Brent Fulgham

11 edits
2 moves in trunk/Source/WebCore

Move scroll animating functions from ScrollAnimator to ScrollController
https://bugs.webkit.org/show_bug.cgi?id=142102
<rdar://problem/20007161>

Reviewed by Simon Fraser.

No change in functionality.

Do some refactoring of the various scrolling classes:

Consolidate animation times to RunLoop::Timer instead of a combination of WebCore::Timer and CFRunLoopTimers. Do this for Scroll Snap Point and Rubberband animations.
Move ScrollController from platform/mac to platform/cocoa to enable sharing with iOS.
Move code from ScrollAnimator{Mac} -> ScrollController.
Rename scrollOffsetInAxis -> scrollOffsetOnAxis
Rename immediateScrollInAxis -> immediateScrollOnAxis

WebCore.xcodeproj/project.pbxproj: Move ScrollController to 'platform/cocoa'
page/mac/EventHandlerMac.mm: Make sure the scroll controller is notified of end-of-scroll

events, just as is done for the "event not handled" case in EventHandler.cpp.
(WebCore::EventHandler::platformCompleteWheelEvent):

page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h: Remove timer and some delegate

methods, now that ScrollController is controlling this state.

page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:

(WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac): We no longer
need to clean up the CFRunLoopTimer.
(WebCore::ScrollingTreeFrameScrollingNodeMac::scrollOffsetOnAxis): Add temporary stub needed
until Bug 141973 is completed.).
(WebCore::ScrollingTreeFrameScrollingNodeMac::immediateScrollOnAxis): Ditto.
(WebCore::ScrollingTreeFrameScrollingNodeMac::startSnapRubberbandTimer): Deleted.
(WebCore::ScrollingTreeFrameScrollingNodeMac::stopSnapRubberbandTimer): Deleted.

platform/ScrollAnimator.cpp:

(WebCore::ScrollAnimator::ScrollAnimator):
(WebCore::ScrollAnimator::processWheelEventForScrollSnap): Just call the ScrollController method.
(WebCore::ScrollAnimator::handleWheelEvent): Ditto.
(WebCore::ScrollAnimator::updateScrollAnimatorsAndTimers): Ditto.
(WebCore::ScrollAnimator::scrollOffsetOnAxis): Renamed from scrollOffsetInAxis.
(WebCore::ScrollAnimator::scrollOffsetInAxis): Deleted.
(WebCore::ScrollAnimator::immediateScrollOnAxis): Renamed from immediateScrollInAxis.
(WebCore::ScrollAnimator::immediateScrollInAxis): Deleted.
(WebCore::ScrollAnimator::startScrollSnapTimer): Deleted.
(WebCore::ScrollAnimator::stopScrollSnapTimer): Deleted.
(WebCore::ScrollAnimator::horizontalScrollSnapTimerFired): Deleted.
(WebCore::ScrollAnimator::verticalScrollSnapTimerFired): Deleted.

platform/ScrollAnimator.h:
platform/cocoa/ScrollController.h: Copied from platform/mac/ScrollController.h.
platform/cocoa/ScrollController.mm: Copied from platform/mac/ScrollController.mm.

platform/mac/AxisScrollSnapAnimator.h: Rename methods from 'InAxis' to 'OnAxis'
platform/mac/AxisScrollSnapAnimator.mm: Ditto.
platform/mac/ScrollAnimatorMac.h:
platform/mac/ScrollAnimatorMac.mm:

platform/mac/ScrollController.h: Removed.
platform/mac/ScrollController.mm: Removed.

3:39 PM Changeset in webkit [180901] by mark.lam@apple.com

4 edits in trunk

The InspectorTimelineAgent should gracefully handle attempts to start more than once.
<https://webkit.org/b/142189>

Reviewed by Joseph Pecoraro.

Source/WebCore:

No new tests. Unskipped an existing test that already asserts this.

InspectorTimelineAgent::internalStop() already checks for redundant calls to it in
case the InspectorTimelineAgent is already disabled. Similarly,
InspectorTimelineAgent::internalStart() should check if the InspectorTimelineAgent
is already enabled before proceeding to do work to enable it. Though wasteful,
it is legal for clients of the InspectorTimelineAgent to invoke start on it more
than once. Hence, this check is needed.

This check fixes the debug assertion failure when running the
inspector/timeline/debugger-paused-while-recording.html test. The test can now
be unskipped.

inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::internalStart):

LayoutTests:

TestExpectations:
Unskipped inspector/timeline tests.

3:35 PM Changeset in webkit [180900] by Brent Fulgham

2 edits in trunk/LayoutTests

[Win] Skip media control test after r180893.

platform/win/TestExpectations:

3:25 PM Changeset in webkit [180899] by andersca@apple.com

4 edits in trunk/Source/WebKit2

Return disk cache entries from the new disk cache
https://bugs.webkit.org/show_bug.cgi?id=142190

Reviewed by Antti Koivisto.

NetworkProcess/NetworkProcess.cpp:

(WebKit::fetchDiskCacheEntries):
Call NetworkCache::traverse() to get all the cache entries, unique their origins and pass them back with the completion handler.

NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::traverse):
New helper function that traverses network cache entries.

NetworkProcess/cache/NetworkCache.h:

2:54 PM Changeset in webkit [180898] by roger_fong@apple.com

4 edits in trunk/Source/WebCore

Update backgrounds of sliders for inline media controls on OS X.
https://bugs.webkit.org/show_bug.cgi?id=142188.
<rdar://problem/20012413>
Reviewed by Dean Jackson.
Don’t use CSS to draw volume and timeline slider backgrounds.

Modules/mediacontrols/mediaControlsApple.css:

(video::-webkit-media-controls-volume-slider):
(audio::-webkit-media-controls-volume-slider::-webkit-slider-thumb):
(audio::-webkit-media-controls-timeline):
(audio::-webkit-media-controls-timeline::-webkit-slider-thumb):
(audio::-webkit-media-controls-panel .thumbnail-track):
(audio::-webkit-media-controls-volume-slider::-webkit-slider-thumb:active::-webkit-slider-thumb): Deleted.
(audio::-webkit-media-controls-timeline:active::-webkit-slider-thumb,): Deleted.
Draw volume and timeline slider backgrounds using 2d canvases.

Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.createControls):
(Controller.prototype.handleVolumeSliderInput):
(Controller.prototype.addRoundedRect):
(Controller.prototype.drawTimelineBackground):
(Controller.prototype.drawVolumeBackground):
(Controller.prototype.showControls):

Modules/mediacontrols/mediaControlsiOS.js:

2:52 PM Changeset in webkit [180897] by fpizlo@apple.com

3 edits in trunk/Source/JavaScriptCore

Deduplicate slow path calling code in JITOpcodes.cpp/JITOpcodes32_64.cpp
https://bugs.webkit.org/show_bug.cgi?id=142184

Reviewed by Michael Saboff.

jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_get_enumerable_length):
(JSC::JIT::emitSlow_op_has_structure_property):
(JSC::JIT::emit_op_has_generic_property):
(JSC::JIT::emit_op_get_structure_property_enumerator):
(JSC::JIT::emit_op_get_generic_property_enumerator):
(JSC::JIT::emit_op_to_index_string):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_get_enumerable_length): Deleted.
(JSC::JIT::emitSlow_op_has_structure_property): Deleted.
(JSC::JIT::emit_op_has_generic_property): Deleted.
(JSC::JIT::emit_op_get_structure_property_enumerator): Deleted.
(JSC::JIT::emit_op_get_generic_property_enumerator): Deleted.
(JSC::JIT::emit_op_to_index_string): Deleted.
(JSC::JIT::emit_op_profile_control_flow): Deleted.

2:28 PM Changeset in webkit [180896] by Brent Fulgham

2 edits in trunk/LayoutTests

[Win] Document more debug assertions.

platform/win/TestExpectations:

2:10 PM Changeset in webkit [180895] by Brent Fulgham

2 edits
1 add in trunk/LayoutTests

Skip media control tests for now while new look is being finalized.
https://bugs.webkit.org/show_bug.cgi?id=142138.

Patch by Roger Fong <roger_fong@apple.com> on 2015-02-28
Reviewed by Dean Jackson.

platform/mac/TestExpectations:

1:51 PM Changeset in webkit [180894] by Antti Koivisto

9 edits in trunk/Source

Add way to dump cache meta data to file
https://bugs.webkit.org/show_bug.cgi?id=142183

Reviewed by Andreas Kling.

Source/JavaScriptCore:

Export appendQuotedJSONStringToBuilder.

bytecompiler/NodesCodegen.cpp:

(JSC::ObjectPatternNode::toString):

runtime/JSONObject.cpp:

(JSC::appendQuotedJSONStringToBuilder):
(JSC::Stringifier::appendQuotedString):
(JSC::escapeStringToBuilder): Deleted.

runtime/JSONObject.h:

Source/WebKit2:

Dump goes to WebKitCache/dump.json. On OSX it can be triggered with

notifyutil -p com.apple.WebKit.Cache.dump

NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::initialize):
(WebKit::NetworkCache::dumpFilePath):
(WebKit::entryAsJSON):
(WebKit::NetworkCache::dumpContentsToFile):
(WebKit::NetworkCache::clear):

Also clear any dumps.

NetworkProcess/cache/NetworkCache.h:
NetworkProcess/cache/NetworkCacheStorage.h:

(WebKit::NetworkCacheStorage::baseDirectoryPath):

NetworkProcess/cache/NetworkCacheStorageCocoa.mm:

(WebKit::fileNameForKey):
(WebKit::filePathForKey):
(WebKit::openFile):
(WebKit::openFileForKey):
(WebKit::decodeEntryHeader):

Separate header decoding.

(WebKit::decodeEntry):
(WebKit::NetworkCacheStorage::traverse):

Add asynchronous cache traversal inteface.

1:07 PM Changeset in webkit [180893] by roger_fong@apple.com

4 edits in trunk

Update inline media element controls appearance Part 1.
https://bugs.webkit.org/show_bug.cgi?id=142138.
<rdar://problem/19997384>

Reviewed by Dean Jackson.

Update positioning, sizes, and background colors media control elements.
Volume and timeline sliders will be drawn in a separate patch via 2d canvases.

Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-panel):
(video::-webkit-media-controls-panel):
(audio::-webkit-media-controls-rewind-button):
(audio::-webkit-media-controls-play-button):
(audio::-webkit-media-controls-panel .mute-box):
(video::-webkit-media-controls-volume-max-button):
(audio::-webkit-media-controls-panel .volume-box):
(audio::-webkit-media-controls-panel .volume-box:active):
(video::-webkit-media-controls-volume-slider):
(audio::-webkit-media-controls-toggle-closed-captions-button):
(audio::-webkit-media-controls-fullscreen-button):
(audio::-webkit-media-controls-current-time-display):
(audio::-webkit-media-controls-time-remaining-display):
(audio::-webkit-media-controls-timeline-container .hour-long-time): Deleted.

Skip media control tests for now while new look is being finalized.

platform/mac/TestExpectations:

12:45 PM Changeset in webkit [180892] by andersca@apple.com

7 edits in trunk/Source/WebKit2

WebsiteDataStore should handle deleting cookies
https://bugs.webkit.org/show_bug.cgi?id=142185

Reviewed by Beth Dakin.

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::deleteWebsiteDataForOrigins):
When asked to delete cookies, do so.

NetworkProcess/NetworkProcess.h:

Update the deleteWebsiteDataForOrigins signature.

NetworkProcess/NetworkProcess.messages.in:

Add cookieHostNames to DeleteWebsiteDataForOrigins.

UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::deleteWebsiteDataForOrigins):

UIProcess/Network/NetworkProcessProxy.h:

Update to take a vector of cookie host names.

UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::removeData):
Figure out if we need to ask the network process to delete data.

11:32 AM Changeset in webkit [180891] by Joseph Pecoraro

7 edits in trunk/Source

Web Inspector: Add Context Menus to Object Tree properties
https://bugs.webkit.org/show_bug.cgi?id=142125

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::functionDetails):
Update to include columnNumber.

Source/WebInspectorUI:

Localizations/en.lproj/localizedStrings.js:
UserInterface/Views/ObjectPropertiesSection.js:

(WebInspector.ObjectPropertyTreeElement.prototype._functionContextMenuEventFired):
(WebInspector.ObjectPropertyTreeElement.prototype._functionContextMenuEventFired.revealFunction):
Fix legacy implementation.

UserInterface/Views/ObjectTreeArrayIndexTreeElement.js:
UserInterface/Views/ObjectTreePropertyTreeElement.js:

(WebInspector.ObjectTreePropertyTreeElement.prototype._createTitlePrototype):
Give prototype buttons a tooltip.

(WebInspector.ObjectTreePropertyTreeElement.prototype.oncontextmenu):
(WebInspector.ObjectTreePropertyTreeElement.prototype._contextMenuHandler):
(WebInspector.ObjectTreePropertyTreeElement.prototype._appendMenusItemsForObject):
Context Menus based on the selected object.

11:08 AM Changeset in webkit [180890] by Brent Fulgham

2 edits in trunk/LayoutTests

[Win] Document more debug assertions.

platform/win/TestExpectations:

10:42 AM Changeset in webkit [180889] by andersca@apple.com

7 edits in trunk/Source/WebKit2

WebsiteDataStore should support getting cookie host names
https://bugs.webkit.org/show_bug.cgi?id=142178

Reviewed by Dan Bernstein.

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::fetchWebsiteData):
Assert that we're destroyed from the main thread since we end up copying the website data struct.

Shared/WebsiteData/WebsiteData.cpp:

(WebKit::WebsiteData::encode):
(WebKit::WebsiteData::decode):

Shared/WebsiteData/WebsiteData.h:

Add a hostnamesWithCookies member.

UIProcess/WebsiteData/WebsiteDataRecord.cpp:

(WebKit::WebsiteDataRecord::displayNameForCookieHostName):
Add a new function that will return the display name for a cookie host name.

(WebKit::WebsiteDataRecord::addCookieHostName):

UIProcess/WebsiteData/WebsiteDataRecord.h:

Add a hash set of cookie host names.

UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):
Create data records for each host name with cookies.

10:18 AM Changeset in webkit [180888] by ap@apple.com

2 edits in trunk/LayoutTests

Fix a typo in TestExpectations.

platform/mac/TestExpectations: Faiure - > Failure.

9:52 AM Changeset in webkit [180887] by ap@apple.com

2 edits in trunk/LayoutTests

js/promises-tests/promises-tests-2-1-2.html sometimes times out
https://bugs.webkit.org/show_bug.cgi?id=142175

TestExpectations: Marking as flaky.

9:39 AM Changeset in webkit [180886] by jer.noble@apple.com

3 edits in trunk/Source/WebKit2

[WK2][Mac] WebPageProxy::supressVisibilityUpdates() should suppress visibility updates.
https://bugs.webkit.org/show_bug.cgi?id=141907

Reviewed by Tim Horton.

At some point, the window/view/page visibility update code was refactored such that setting
WebPageProxy::setSuppressVisibilityUpdate() no longer suppressed visibility updates. This causes
full screen animations to become "flashy" when moving the WebView between the regular and full
screen window, as a HTMLMediaElement in the full screen animation will receive a "!visible"
notification and disconnect its rendering pipeline.

In WebPageProxy::viewStateDidChange(), respect m_suppressVisibilityUpdates and bail out early
if set. In WebPageProxy::setSuppressVisibilityUpdates(), trigger an explicit update after
clearing m_suppressVisibilityUpdates.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::setSuppressVisibilityUpdates):
(WebKit::WebPageProxy::viewStateDidChange):

UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::setSuppressVisibilityUpdates): Deleted.

9:37 AM Changeset in webkit [180885] by jer.noble@apple.com

9 edits
2 adds in trunk

[WK1][WK2][Mac] Fullscreen animation is incorrect when page is scaled.
https://bugs.webkit.org/show_bug.cgi?id=142121

Reviewed by Simon Fraser.

Source/WebKit/mac:

Fullscreening a page with a non-1 scale would result in that scale being applied to the
fullscreen content, breaking fullscreen mode. Set the page scale to 1 when entering
fullscreen and reset it to the original value when exiting fullscreen.

WebView/WebFullScreenController.h:
WebView/WebFullScreenController.mm:

(-[WebFullScreenController enterFullScreen:]): Set the page scale to 1.
(-[WebFullScreenController finishedExitFullScreenAnimation:]): Reset the page

scale to the original value.

WebView/WebView.mm:

(-[WebView _supportsFullScreenForElement:withKeyboard:]): Drive-by fix. Check the

WebView's own preferences to see if fullscreen mode is enabled, rather than
the global object's.

Source/WebKit2:

Change the order of operations when entering or exiting fullscreen. Change the page scale to
1 before entering, so the final screen rect takes that scale into account, and vice-versa on
exiting.

UIProcess/mac/WKFullScreenWindowController.mm:

(-[WKFullScreenWindowController enterFullScreen:]):
(-[WKFullScreenWindowController exitFullScreen]):

Tools:

Add a test which changes the WebView's page scale, then enters fullscreen mode, and verifies
that the initial and final screen rects for the web content are as expected.

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/mac/FullscreenZoomInitialFrame.html: Added.
TestWebKitAPI/Tests/mac/FullscreenZoomInitialFrame.mm: Added.

(-[FullscreenStateDelegate webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:]):
(runJavaScriptAlert):
(TestWebKitAPI::FullscreenZoomInitialFrame::initializeView):
(TestWebKitAPI::FullscreenZoomInitialFrame::teardownView):
(TestWebKitAPI::FullscreenZoomInitialFrame::setPageScale):
(TestWebKitAPI::FullscreenZoomInitialFrame::sendMouseDownEvent):
(TestWebKitAPI::FullscreenZoomInitialFrame::runTest):
(TestWebKitAPI::TEST_F):

7:34 AM Changeset in webkit [180884] by commit-queue@webkit.org

2 edits in trunk

REGRESSION(r179409): [GTK] Undefined symbol prevents web extensions from being loaded
https://bugs.webkit.org/show_bug.cgi?id=142165

Patch by Debarshi Ray <debarshir@gnome.org> on 2015-03-02
Reviewed by Carlos Garcia Campos.

Source/cmake/gtksymbols.filter:

7:30 AM Changeset in webkit [180883] by ddkilzer@apple.com

2 edits in trunk/Source/WebCore

REGRESSION (r180882): Build failure: Methods not marked override in GraphicsLayerCA.h
<http://webkit.org/b/138684>

Fixes the following build failures:

In file included from WebKit2/WebProcess/WebPage/DrawingArea.cpp:39:
In file included from WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h:30:
In file included from WebKit2/WebProcess/WebPage/mac/GraphicsLayerCARemote.h:29:
WebCore.framework/PrivateHeaders/GraphicsLayerCA.h:123:33: error: 'setShapeLayerPath' overrides a member function but is not marked 'override' [-Werror,-Winconsistent-missing-override]

WEBCORE_EXPORT virtual void setShapeLayerPath(const Path&);

In file included from WebKit2/WebProcess/WebPage/DrawingArea.cpp:30:
In file included from WebKit2/WebProcess/WebPage/WebPage.h:46:
In file included from WebKit2/WebProcess/Plugins/Plugin.h:31:
WebCore.framework/PrivateHeaders/GraphicsLayer.h:390:18: note: overridden virtual function is here

virtual void setShapeLayerPath(const Path&);

In file included from WebKit2/WebProcess/WebPage/DrawingArea.cpp:39:
In file included from WebKit2/WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h:30:
In file included from WebKit2/WebProcess/WebPage/mac/GraphicsLayerCARemote.h:29:
WebCore.framework/PrivateHeaders/GraphicsLayerCA.h:124:33: error: 'setShapeLayerWindRule' overrides a member function but is not marked 'override' [-Werror,-Winconsistent-missing-override]

WEBCORE_EXPORT virtual void setShapeLayerWindRule(WindRule);

In file included from WebKit2/WebProcess/WebPage/DrawingArea.cpp:30:
In file included from WebKit2/WebProcess/WebPage/WebPage.h:46:
In file included from WebKit2/WebProcess/Plugins/Plugin.h:31:
WebCore.framework/PrivateHeaders/GraphicsLayer.h:393:18: note: overridden virtual function is here

virtual void setShapeLayerWindRule(WindRule);

2 errors generated.

platform/graphics/ca/GraphicsLayerCA.h:

(WebCore::GraphicsLayer::setShapeLayerPath): Mark as override.
(WebCore::GraphicsLayer::setShapeLayerWindRule): Ditto.

Mar 1, 2015:

10:35 PM Changeset in webkit [180882] by Simon Fraser

26 edits
8 adds in trunk

Make clip-path work on <video>, <canvas> etc.
https://bugs.webkit.org/show_bug.cgi?id=138684

Reviewed by Darin Adler.

Source/WebCore:

clip-path only worked in compositing layers on the painted contents of the layer,
and failed to clip children. Fix this by translating the clip path into a Path
which is set on a CA shape layer (for Mac and iOS), or painted into the
RenderLayerBacking's mask layer. There are two code paths:

clip-path which is a <basic-shape> or <geometry-box>, and no mask.

Here we can use the optimal code path of converting the clip into a path
that is put onto a CAShapeLayer, which is then used as a mask. There is no
additional backing store.

clip-path with an SVG reference, or clip-path combined with -webkit-mask:

Here we have to allocate backing store for the mask layer, and paint the
clip path (possibly with the mask).

We add GraphicsLayer::Type::Shape, and add a getter for the layer type.

Tests: compositing/masks/compositing-clip-path-and-mask.html

compositing/masks/compositing-clip-path-mask-change.html
compositing/masks/compositing-clip-path.html
compositing/masks/reference-clip-path-on-composited.html

platform/graphics/GraphicsLayer.cpp:

(WebCore::GraphicsLayer::GraphicsLayer): Store the type in the layer so the getter can return it.
(WebCore::GraphicsLayer::shapeLayerPath): Get and set the shape layer path.
(WebCore::GraphicsLayer::setShapeLayerPath): Ditto.
(WebCore::GraphicsLayer::shapeLayerWindRule): Get and set the shape layer wind rule.
(WebCore::GraphicsLayer::setShapeLayerWindRule): Ditto.

platform/graphics/GraphicsLayer.h:

(WebCore::GraphicsLayer::type): Expose the type.
(WebCore::GraphicsLayer::supportsLayerType): Allow the cross-platform code to use
shape layers when it knows they are available.
(WebCore::GraphicsLayer::needsClippingMaskLayer): Deleted. This was never used.

platform/graphics/GraphicsLayerClient.h: Align the bits (helps avoid typos). Add a

GraphicsLayerPaintClipPath phase.

platform/graphics/Path.h: Some exports since WK2 needs to encode Paths now.
platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::initialize): Make shape layers.
(WebCore::GraphicsLayerCA::setShapeLayerPath): Setter for the shape path. Sadly we
can't early return on unchanged paths yet.
(WebCore::GraphicsLayerCA::setShapeLayerWindRule):
(WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers): Updates for shape path
and wind rule.
(WebCore::GraphicsLayerCA::updateShape):
(WebCore::GraphicsLayerCA::updateWindRule):

platform/graphics/ca/GraphicsLayerCA.h: Some new dirty bits for shape path and wind rule.
platform/graphics/ca/PlatformCALayer.h:
platform/graphics/ca/mac/PlatformCALayerMac.h:
platform/graphics/ca/mac/PlatformCALayerMac.mm: Got rid of lots of m_layer.get().

(PlatformCALayerMac::~PlatformCALayerMac):
(PlatformCALayerMac::setNeedsDisplay):
(PlatformCALayerMac::setNeedsDisplayInRect):
(PlatformCALayerMac::removeFromSuperlayer):
(PlatformCALayerMac::setSublayers):
(PlatformCALayerMac::removeAllSublayers):
(PlatformCALayerMac::appendSublayer):
(PlatformCALayerMac::insertSublayer):
(PlatformCALayerMac::replaceSublayer):
(PlatformCALayerMac::adoptSublayers):
(PlatformCALayerMac::addAnimationForKey):
(PlatformCALayerMac::removeAnimationForKey):
(PlatformCALayerMac::animationForKey):
(PlatformCALayerMac::setMask):
(PlatformCALayerMac::isOpaque):
(PlatformCALayerMac::setOpaque):
(PlatformCALayerMac::bounds):
(PlatformCALayerMac::setBounds):
(PlatformCALayerMac::position):
(PlatformCALayerMac::setPosition):
(PlatformCALayerMac::anchorPoint):
(PlatformCALayerMac::setAnchorPoint):
(PlatformCALayerMac::transform):
(PlatformCALayerMac::setTransform):
(PlatformCALayerMac::sublayerTransform):
(PlatformCALayerMac::setSublayerTransform):
(PlatformCALayerMac::setHidden):
(PlatformCALayerMac::setGeometryFlipped):
(PlatformCALayerMac::isDoubleSided):
(PlatformCALayerMac::setDoubleSided):
(PlatformCALayerMac::masksToBounds):
(PlatformCALayerMac::setMasksToBounds):
(PlatformCALayerMac::acceleratesDrawing):
(PlatformCALayerMac::setAcceleratesDrawing):
(PlatformCALayerMac::contents):
(PlatformCALayerMac::setContents):
(PlatformCALayerMac::setContentsRect):
(PlatformCALayerMac::setMinificationFilter):
(PlatformCALayerMac::setMagnificationFilter):
(PlatformCALayerMac::backgroundColor):
(PlatformCALayerMac::setBackgroundColor):
(PlatformCALayerMac::setBorderWidth):
(PlatformCALayerMac::setBorderColor):
(PlatformCALayerMac::opacity):
(PlatformCALayerMac::setOpacity):
(PlatformCALayerMac::copyFiltersFrom):
(PlatformCALayerMac::setName):
(PlatformCALayerMac::setSpeed):
(PlatformCALayerMac::setTimeOffset):
(PlatformCALayerMac::contentsScale):
(PlatformCALayerMac::setContentsScale):
(PlatformCALayerMac::cornerRadius):
(PlatformCALayerMac::setCornerRadius):
(PlatformCALayerMac::setEdgeAntialiasingMask):
(PlatformCALayerMac::shapeWindRule): New function.
(PlatformCALayerMac::setShapeWindRule): Ditto.
(PlatformCALayerMac::shapePath): Ditto.
(PlatformCALayerMac::setShapePath): Ditto.
(PlatformCALayer::isWebLayer):

platform/graphics/cg/PathCG.cpp:

(WebCore::Path::Path): nullptr.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::paintsWithClipPath): Return true if the clip path is painted.
(WebCore::RenderLayer::computeClipPath): Factor code that computes the clip path into this
function, so we can call it from RenderLayerBacking too.
(WebCore::RenderLayer::setupClipPath):
(WebCore::RenderLayer::paintLayerContents): We only want to apply the clip path
for painting when we're either painting a non-composited layer, or we're painting the
mask layer of a composited layer. We in the latter case, we just want to fill the clip
path with black, so re-use the paintChildClippingMaskForFragments() which does this.

rendering/RenderLayer.h: Align the bits, add PaintLayerPaintingCompositingClipPathPhase.
rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::~RenderLayerBacking):
(WebCore::RenderLayerBacking::updateConfiguration):
(WebCore::RenderLayerBacking::updateGeometry): Move mask updating into its own function.
(WebCore::RenderLayerBacking::updateMaskingLayerGeometry): If we're using the shape layer
code path, compute the Path and set it and the wind rule on the mask layer.
(WebCore::RenderLayerBacking::updateMaskingLayer): This is now more complex, as it has
to deal with combinations of clip-path and mask, some of which allow for the shape layer
mask, and we handle dynamic changes between these and painted masks.
(WebCore::RenderLayerBacking::paintingPhaseForPrimaryLayer): Include the GraphicsLayerPaintClipPath phase.
(WebCore::RenderLayerBacking::paintIntoLayer): Map GraphicsLayerPaintClipPath to PaintLayerPaintingCompositingClipPathPhase.
(WebCore::RenderLayerBacking::updateMaskLayer): Deleted.

rendering/RenderLayerBacking.h:

Source/WebKit2:

Support encode/decode for WebCore Path objects, which is done by traversing
the path.

Shared/WebCoreArgumentCoders.cpp:

(IPC::pathPointCountApplierFunction):
(IPC::pathEncodeApplierFunction):
(IPC::ArgumentCoder<Path>::encode):
(IPC::ArgumentCoder<Path>::decode):

Shared/WebCoreArgumentCoders.h:
Shared/mac/RemoteLayerTreePropertyApplier.mm:

(WebKit::applyPropertiesToLayer): Actually apply the path and wind rule to the shape layer.

Shared/mac/RemoteLayerTreeTransaction.h: Include path and wind rule in the layer properties.
Shared/mac/RemoteLayerTreeTransaction.mm:

(WebKit::RemoteLayerTreeTransaction::LayerProperties::LayerProperties):
(WebKit::RemoteLayerTreeTransaction::LayerProperties::encode): Encode shape and wind rule.
(WebKit::RemoteLayerTreeTransaction::LayerProperties::decode): Decode shape and wind rule.

WebProcess/WebPage/mac/PlatformCALayerRemote.cpp:

(WebKit::PlatformCALayerRemote::shapePath):
(WebKit::PlatformCALayerRemote::setShapePath):
(WebKit::PlatformCALayerRemote::shapeWindRule):
(WebKit::PlatformCALayerRemote::setShapeWindRule):

WebProcess/WebPage/mac/PlatformCALayerRemote.h:

LayoutTests:

Tests for various combinations of clip-path and mask, and dynamic changes
thereof.

compositing/masks/compositing-clip-path-and-mask-expected.html: Added.
compositing/masks/compositing-clip-path-and-mask.html: Added.
compositing/masks/compositing-clip-path-expected.html: Added.
compositing/masks/compositing-clip-path-mask-change-expected.html: Added.
compositing/masks/compositing-clip-path-mask-change.html: Added.
compositing/masks/compositing-clip-path.html: Added.
compositing/masks/reference-clip-path-on-composited-expected.html: Added.
compositing/masks/reference-clip-path-on-composited.html: Added.

8:33 PM Changeset in webkit [180881] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

[Cairo] Implement Path::addEllipse
https://bugs.webkit.org/show_bug.cgi?id=142144

Patch by Hunseop Jeong <Hunseop Jeong> on 2015-03-01
Reviewed by Gyuyoung Kim.

Add support for addEllipse method for platforms using cairo.

platform/graphics/cairo/PathCairo.cpp:

(WebCore::Path::addEllipse):

7:58 PM Changeset in webkit [180880] by bshafiei@apple.com

5 edits in branches/safari-600.4.10-branch/Source

Versioning.

7:56 PM Changeset in webkit [180879] by gyuyoung.kim@samsung.com

2 edits in trunk/LayoutTests

Unreviewed EFL gardening. Mark crash tests of webgl to CRASH.
WebGL isn't supported by EFL port now.

platform/efl/TestExpectations:

7:40 PM Changeset in webkit [180878] by bshafiei@apple.com

1 copy in tags/Safari-600.4.10.6

New tag.

7:26 PM Changeset in webkit [180877] by bshafiei@apple.com

30 edits in branches/safari-600.4.10-branch/Source/WebCore

Merged r180839. rdar://problem/20001723

6:59 PM Changeset in webkit [180876] by mitz@apple.com

2 edits in trunk/Source/WebKit

Silence non-fatal errors about failing to create WebKitPluginHost.app and WebKitPluginAgent symlinks.

Rubber-stamped by Alexey Proskuryakov.

WebKit.xcodeproj/project.pbxproj: If a link already exist, don’t try to create it.

6:08 PM Changeset in webkit [180875] by fpizlo@apple.com

5 edits in trunk/Source/JavaScriptCore

BytecodeGenerator shouldn't emit op_resolve_scope as a roundabout way of returning the scopeRegister
https://bugs.webkit.org/show_bug.cgi?id=142153

Reviewed by Michael Saboff.

We don't need a op_resolve_scope if we know that it will simply return the scope register.
This changes the BytecodeGenerator to use the scope register directly in those cases where
we know statically that we would just have returned that from op_resolve_scope.

This doesn't appear to have a significant impact on performance.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::CodeBlock):

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitReturn):
(JSC::BytecodeGenerator::emitGetOwnScope): Deleted.

bytecompiler/BytecodeGenerator.h:
bytecompiler/NodesCodegen.cpp:

(JSC::ResolveNode::emitBytecode):
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::DeleteResolveNode::emitBytecode):
(JSC::TypeOfResolveNode::emitBytecode):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::ConstDeclNode::emitCodeSingle):
(JSC::EmptyVarExpression::emitBytecode):
(JSC::ForInNode::emitLoopHeader):
(JSC::ForOfNode::emitBytecode):
(JSC::BindingNode::bindValue):

5:53 PM Changeset in webkit [180874] by gyuyoung.kim@samsung.com

2 edits in trunk/LayoutTests

Unreviewed EFL gardening on 2nd March.

Mark css3 shape tests to flaky. Unskip passing tests and so on.

platform/efl/TestExpectations:

5:48 PM Changeset in webkit [180873] by commit-queue@webkit.org

7 edits in trunk/Source/WebCore

Use std::unique_ptr instead of PassOwnPtr|OwnPtr for ScrollAnimator
https://bugs.webkit.org/show_bug.cgi?id=142143

Patch by Joonghun Park <jh718.park@samsung.com> on 2015-03-01
Reviewed by Darin Adler.

No new tests, no behavior changes.

platform/ScrollAnimator.cpp:

(WebCore::ScrollAnimator::create):

platform/ScrollAnimator.h:
platform/ScrollAnimatorNone.cpp:

(WebCore::ScrollAnimator::create):

platform/ScrollableArea.h:
platform/ios/ScrollAnimatorIOS.mm:

(WebCore::ScrollAnimator::create):

platform/mac/ScrollAnimatorMac.mm:

(WebCore::ScrollAnimator::create):

5:46 PM Changeset in webkit [180872] by aestes@apple.com

3 edits in trunk/Source/WebCore

[Content Filtering] Move another declaration to WebFilterEvaluatorSPI.h
https://bugs.webkit.org/show_bug.cgi?id=142066

Reviewed by Andreas Kling.

platform/ios/ContentFilterIOS.mm:
platform/spi/cocoa/WebFilterEvaluatorSPI.h:

4:08 PM Changeset in webkit [180871] by Chris Dumez

21 edits
4 adds in trunk

Make NotificationCenter / Notification suspendable
https://bugs.webkit.org/show_bug.cgi?id=142117
<rdar://problem/19923085>

Reviewed by Andreas Kling.

Source/WebCore:

Make NotificationCenter / Notification suspendable so that pages using
them can enter the PageCache.

NotificationCenter can safely be suspended if there are no pending
permission requests. This required adding an
"hasPendingPermissionRequests()" callback to the NotificationClient.

Notification can safely be suspended if it is either idle (not showing
yet) or closed.

Tests: fast/history/page-cache-notification-non-suspendable.html

fast/history/page-cache-notification-suspendable.html

Modules/notifications/Notification.cpp:

(WebCore::Notification::canSuspend):

Modules/notifications/NotificationCenter.cpp:

(WebCore::NotificationCenter::canSuspend):

Modules/notifications/NotificationClient.h:

Source/WebKit/mac:

Provide implementation for NotificationClient::hasPendingPermissionRequests().
The implementation is very simplistic. it will only return false if no
request for permission for ever made. This is because there is currently no
easy way to figure out if a permission request is pending or not.

WebCoreSupport/WebNotificationClient.h:
WebCoreSupport/WebNotificationClient.mm:

(WebNotificationClient::requestPermission):
(WebNotificationClient::hasPendingPermissionRequests):

Source/WebKit/win:

Provide implementation for NotificationClient::hasPendingPermissionRequests().

WebCoreSupport/WebDesktopNotificationsDelegate.cpp:

(WebDesktopNotificationsDelegate::requestPermission):
(hasPendingPermissionRequests):

WebCoreSupport/WebDesktopNotificationsDelegate.h:

Source/WebKit2:

Provide implementation for NotificationClient::hasPendingPermissionRequests().

WebProcess/Notifications/NotificationPermissionRequestManager.cpp:

(WebKit::NotificationPermissionRequestManager::hasPendingPermissionRequests):

WebProcess/Notifications/NotificationPermissionRequestManager.h:
WebProcess/WebCoreSupport/WebNotificationClient.cpp:

(WebKit::WebNotificationClient::hasPendingPermissionRequests):

WebProcess/WebCoreSupport/WebNotificationClient.h:

LayoutTests:

Add layout tests to cover cases where notifications should prevent
entering the PageCache or not.

fast/history/page-cache-notification-non-suspendable-expected.txt: Added.
fast/history/page-cache-notification-non-suspendable.html: Added.
fast/history/page-cache-notification-suspendable-expected.txt: Added.
fast/history/page-cache-notification-suspendable.html: Added.
platform/efl/TestExpectations:
platform/gtk/TestExpectations:
platform/ios-simulator/TestExpectations:
platform/win/TestExpectations:
platform/wincairo/TestExpectations:

2:34 PM Changeset in webkit [180870] by rniwa@webkit.org

11 edits in trunk/LayoutTests

EFL, GTK+, and Windows rebaselines after r180867.

platform/efl/TestExpectations:
platform/efl/editing/execCommand/5142012-1-expected.txt:
platform/efl/editing/execCommand/nsresponder-outdent-expected.txt:
platform/efl/editing/inserting/insert-at-end-02-expected.txt:
platform/gtk/editing/execCommand/5142012-1-expected.txt:
platform/gtk/editing/execCommand/nsresponder-outdent-expected.txt:
platform/gtk/editing/inserting/insert-at-end-02-expected.txt:
platform/gtk/editing/pasteboard/4989774-expected.txt:
platform/win/editing/execCommand/5142012-1-expected.txt:
platform/win/editing/execCommand/nsresponder-outdent-expected.txt:
platform/win/editing/inserting/insert-at-end-02-expected.txt:

1:56 PM Changeset in webkit [180869] by Antti Koivisto

4 edits in trunk/Source/WebKit2

Enable new disk cache on iOS
https://bugs.webkit.org/show_bug.cgi?id=142148

Reviewed by Sam Weinig.

NetworkProcess/cache/NetworkCacheStorageCocoa.mm:

iOS build fix.

UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::registerUserDefaultsIfNeeded):

Disable the efficacy logging by default for now. It has significant performance impact.

config.h:

Enable it.

12:43 PM Changeset in webkit [180868] by ap@apple.com

2 edits in trunk/LayoutTests

media/track/track-in-band-cues-added-once.html flakily fails
https://bugs.webkit.org/show_bug.cgi?id=142152

platform/mac/TestExpectations: Marked it as such.

11:52 AM Changeset in webkit [180867] by rniwa@webkit.org

17 edits
2 adds in trunk

isContentEditable shouldn't trigger synchronous style recalc in most cases
https://bugs.webkit.org/show_bug.cgi?id=129034

Reviewed by Antti Koivisto.

Source/WebCore:

Avoid style recalc inside isContentEditable when the document doesn't contain -webkit-user-modify or
-webkit-user-select: all. Instead, compute the value from contenteditable attributes in ancestors.
However, still compute the editability from the style tree when it's up-to-date in order to avoid
repeatedly walking up the DOM tree in a hot code path inside editing.

Test: fast/dom/HTMLElement/dynamic-editability-change.html

css/CSSGrammar.y.in: No need to pass in "true" as we never call this function with false.
css/CSSParser.cpp:

(WebCore::isValidKeywordPropertyAndValue): Calls parserSetUsesStyleBasedEditability as needed.
(WebCore::parseKeywordValue): Passes around StyleSheetContents*.
(WebCore::CSSParser::parseValue): Ditto.
(WebCore::CSSParser::parseFont): Ditto.

css/StyleSheetContents.cpp:

(WebCore::StyleSheetContents::StyleSheetContents): Initializes and copies m_usesStyleBasedEditability.

css/StyleSheetContents.h:

(WebCore::StyleSheetContents::parserSetUsesRemUnits): Removed the argument since it was always true.
(WebCore::StyleSheetContents::parserSetUsesStyleBasedEditability): Added.
(WebCore::StyleSheetContents::usesStyleBasedEditability): Added.

dom/Document.cpp:

(WebCore::Document::recalcStyle): Added a FIXME as well as a comment explaining why we don't call
setUsesStyleBasedEditability. Since Node::computeEditability triggers style recalc only when the flag
is set to true, it's too late to update the flag here.
(WebCore::Document::updateStyleIfNeeded): Uses a newly extracted needsStyleRecalc.
(WebCore::Document::updateBaseURL): Preserves m_usesStyleBasedEditability as well as m_usesRemUnit.
(WebCore::Document::usesStyleBasedEditability): Added. Returns true when inline style declarations or
any active stylesheet uses -webkit-user-modify or -webkit-user-select: all. Flushing pending stylesheet
changes here is fine because the alternative is to trigger a full blown style recalc.

dom/Document.h:

(WebCore::Document::needsStyleRecalc): Added. Extracted from updateStyleIfNeeded.

dom/DocumentStyleSheetCollection.cpp:

(WebCore::DocumentStyleSheetCollection::DocumentStyleSheetCollection):
(WebCore::styleSheetsUseRemUnits): Deleted.
(WebCore::DocumentStyleSheetCollection::updateActiveStyleSheets): Updates m_usesStyleBasedEditability
as well as m_usesRemUnit.

dom/DocumentStyleSheetCollection.h:

(WebCore::DocumentStyleSheetCollection::usesStyleBasedEditability): Added.
(WebCore::DocumentStyleSheetCollection::setUsesStyleBasedEditability): Added.

dom/Node.cpp:

(WebCore::computeEditabilityFromComputedStyle): Extracted from computeEditability.
(WebCore::Node::computeEditability): When the style recalc is requested and the render tree is dirty,
check if the document uses any CSS property that can affect the editability of elements. If it doesn't,
compute the editability from contenteditable attributes in the anchors via matchesReadWritePseudoClass.
Continue to use the style-based computation when the render tree isn't dirty to avoid the tree walk.

html/HTMLElement.cpp:

(WebCore::HTMLElement::editabilityFromContentEditableAttr): Extracted from matchesReadWritePseudoClass
to be called in Node::computeEditability. Also made it return Editability instead of boolean.
(WebCore::HTMLElement::matchesReadWritePseudoClass):

html/HTMLElement.h:

LayoutTests:

Added a regression test to update the editability of elements dynamically. Also rebaselined
tests per style recalc timing changes.

fast/dom/HTMLElement/dynamic-editability-change-expected.txt: Added.
fast/dom/HTMLElement/dynamic-editability-change.html: Added.
platform/mac/editing/execCommand/5142012-1-expected.txt: anonymous render block differences.
platform/mac/editing/execCommand/nsresponder-outdent-expected.txt: Ditto.
platform/mac/editing/inserting/insert-at-end-02-expected.txt: Empty render text differences.
platform/mac/editing/pasteboard/4989774-expected.txt: Ditto.

11:48 AM Changeset in webkit [180866] by ddkilzer@apple.com

2 edits in trunk/Tools

LayoutTestRealy: Prepend XPC_ to the key, not the value!

Follow-up fix for:

LayoutTestRelay: App environment variables not set for --guard-malloc or --leaks
<http://webkit.org/b/142145>

LayoutTestRelay/LayoutTestRelay/LTRelayController.m:

(-[LTRelayController _environmentVariables]): Fix think-o.

11:12 AM Changeset in webkit [180865] by Brent Fulgham

2 edits in trunk/Source/WebCore

[Win] Unreviewed build fix.

WebCorePrefix.h: Provide some default definitions to help build on Windows

machines with different application support libraries.

10:57 AM Changeset in webkit [180864] by ddkilzer@apple.com

2 edits in trunk/Tools

LayoutTestRelay: App environment variables not set for --guard-malloc or --leaks
<http://webkit.org/b/142145>

Reviewed by Simon Fraser.

LayoutTestRelay/LayoutTestRelay/LTRelayController.m:

(-[LTRelayController _environmentVariables]): Add.
(-[LTRelayController launchApp]): Use -_environmentVariables.

10:28 AM Changeset in webkit [180863] by Brent Fulgham

2 edits in trunk/LayoutTests

[Win] Document some more debug assertions.

platform/win/TestExpectations:

1:52 AM Changeset in webkit [180862] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r180846 - FrameView::layoutTimerFired() should update style if needed before doing layout
https://bugs.webkit.org/show_bug.cgi?id=141688

Reviewed by Andreas Kling.

If the style recalc timer has been scheduled to fire after the layout timer,
when the layout timer fires, we might as well just do the style recalc
too. The call to updateStyleIfNeeded() will cancel the pending style
recalc timer.

This doesn't have much impact on the number of layouts (measured via PLT)
but seems like a reasonable thing to do.

page/FrameView.cpp:

(WebCore::FrameView::layoutTimerFired):

1:48 AM Changeset in webkit [180861] by Carlos Garcia Campos

14 edits
1 copy in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r180797 - bmalloc: Pathological madvise churn on the free(malloc(x)) benchmark
https://bugs.webkit.org/show_bug.cgi?id=142058

Reviewed by Andreas Kling.

The churn was caused by repeatedly splitting an object with physical
pages from an object without, and then merging them back together again.
The merge would conservatively forget that we had physical pages, forcing
a new call to madvise on the next allocation.

This patch more strictly segregates objects in the heap from objects in
the VM heap, with these changes:

(1) Objects in the heap are not allowed to merge with objects in the VM
heap, and vice versa -- since that would erase our precise knowledge of
which physical pages had been allocated.

(2) The VM heap is exclusively responsible for allocating and deallocating
physical pages.

(3) The heap free list must consider entries for objects that are in the
VM heap to be invalid, and vice versa. (This condition can arise
because the free list does not eagerly remove items.)

With these changes, we can know that any valid object in the heap's free
list already has physical pages, and does not need to call madvise.

Note that the VM heap -- as before -- might sometimes contain ranges
or pieces of ranges that have physical pages, since we allow splitting
of ranges at granularities smaller than the VM page size. These ranges
can eventually merge with ranges in the heap during scavenging.

bmalloc.xcodeproj/project.pbxproj:

bmalloc/BoundaryTag.h:

(bmalloc::BoundaryTag::owner):
(bmalloc::BoundaryTag::setOwner):
(bmalloc::BoundaryTag::initSentinel):
(bmalloc::BoundaryTag::hasPhysicalPages): Deleted.
(bmalloc::BoundaryTag::setHasPhysicalPages): Deleted. Replaced the concept
of "has physical pages" with a bit indicating which heap owns the large
object. This is a more precise concept, since the old bit was really a
Yes / Maybe bit.

bmalloc/Deallocator.cpp:

bmalloc/FreeList.cpp: Adopt

(bmalloc::FreeList::takeGreedy):
(bmalloc::FreeList::take):
(bmalloc::FreeList::removeInvalidAndDuplicateEntries):

bmalloc/FreeList.h:

(bmalloc::FreeList::push): Added API for considering the owner when
deciding if a free list entry is valid.

bmalloc/Heap.cpp:

(bmalloc::Heap::Heap): Adopt new API.

(bmalloc::Heap::scavengeLargeRanges): Scavenge all ranges with no minimum,
since some ranges might be able to merge with ranges in the VM heap, and
they won't be allowed to until we scavenge them.

(bmalloc::Heap::allocateSmallPage):
(bmalloc::Heap::allocateMediumPage):
(bmalloc::Heap::allocateLarge): New VM heap API makes this function
simpler, since we always get back physical pages now.

bmalloc/Heap.h:
bmalloc/LargeObject.h:

(bmalloc::LargeObject::end):
(bmalloc::LargeObject::owner):
(bmalloc::LargeObject::setOwner):
(bmalloc::LargeObject::isValidAndFree):
(bmalloc::LargeObject::merge): Do not merge objects across heaps since
that causes madvise churn.
(bmalloc::LargeObject::validateSelf):
(bmalloc::LargeObject::init):
(bmalloc::LargeObject::hasPhysicalPages): Deleted.
(bmalloc::LargeObject::setHasPhysicalPages): Deleted. Propogate the Owner API.

bmalloc/Owner.h: Added.

bmalloc/SegregatedFreeList.cpp:

(bmalloc::SegregatedFreeList::SegregatedFreeList):
(bmalloc::SegregatedFreeList::insert):
(bmalloc::SegregatedFreeList::takeGreedy):
(bmalloc::SegregatedFreeList::take):

bmalloc/SegregatedFreeList.h: Propogate the owner API.

bmalloc/VMAllocate.h:

(bmalloc::vmDeallocatePhysicalPagesSloppy):
(bmalloc::vmAllocatePhysicalPagesSloppy): Clarified these functions and
removed an edge case.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::VMHeap):

bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateSmallPage):
(bmalloc::VMHeap::allocateMediumPage):
(bmalloc::VMHeap::allocateLargeObject):
(bmalloc::VMHeap::deallocateLargeObject): Be sure to give each object
a new chance to merge, since it might have been prohibited from merging
before by virtue of not being in the VM heap.

(bmalloc::VMHeap::allocateLargeRange): Deleted.
(bmalloc::VMHeap::deallocateLargeRange): Deleted.

1:43 AM Changeset in webkit [180860] by Carlos Garcia Campos

18 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r180772 - Use NeverDestroyed for JS wrapper owners.
<https://webkit.org/b/142090>

Reviewed by Chris Dumez.

Using NeverDestroyed puts these objects in BSS which is preferable
since that prevents them from pinning down entire malloc pages forever.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader): Use NeverDestroyed instead of DEPRECATED_DEFINE_STATIC_LOCAL.

bindings/scripts/test/JS/*: Rebaseline bindings tests for this change.

1:21 AM Changeset in webkit [180859] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r180767 - Use after free in WebCore::RenderNamedFlowFragment::restoreRegionObjectsOriginalStyle
https://bugs.webkit.org/show_bug.cgi?id=138366

Reviewed by Dave Hyatt.

This patch ensures that we clean up RenderNamedFlowFragment::m_renderObjectRegionStyle when embedded flow content is getting destroyed.

In m_renderObjectRegionStyle hash map, we store style information about the named flow's descendant children.
When a child is being detached from the tree, it removes itself from this hashmap.
We do it by traversing up on the ancestor chain and call removeFlowChildInfo() on the parent flow.
However in case of embedded flows (for example multicolumn content inside a region), we need to check whether the parent flow
is inside a flow too and continue the cleanup accordingly.

Source/WebCore:

Test: fast/regions/region-with-multicolumn-embedded-crash.html

rendering/RenderObject.cpp:

(WebCore::RenderObject::removeFromRenderFlowThreadIncludingDescendants):

LayoutTests:

fast/regions/region-with-multicolumn-embedded-crash-expected.txt: Added.
fast/regions/region-with-multicolumn-embedded-crash.html: Added.

1:18 AM Changeset in webkit [180858] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r180716 - MachineThreads::Thread clean up has a use after free race condition.
<https://webkit.org/b/141990>

Reviewed by Filip Pizlo.

MachineThreads::Thread clean up relies on the clean up mechanism
implemented in _pthread_tsd_cleanup_key(), which looks like this:

void _pthread_tsd_cleanup_key(pthread_t self, pthread_key_t key)
{

void (*destructor)(void *);
if (_pthread_key_get_destructor(key, &destructor)) {

void ptr = &self->tsd[key];
void *value = *ptr;

=== Start of window for the bug to manifest =================

At this point, this thread has cached "destructor" and "value"
(which is a MachineThreads*). If the VM gets destructed (along
with its MachineThreads registry) by another thread, then this
thread will have no way of knowing that the MachineThreads* is
now pointing to freed memory. Calling the destructor below will
therefore result in a use after free scenario when it tries to
access the MachineThreads' data members.

if (value) {

*ptr = NULL;
if (destructor) {

=== End of window for the bug to manifest ==================

destructor(value);

}

}

}

The fix is to add each active MachineThreads to an ActiveMachineThreadsManager,
and always check if the manager still contains that MachineThreads object
before we call removeCurrentThread() on it. When MachineThreads is destructed,
it will remove itself from the manager. The add, remove, and checking
operations are all synchronized on the manager's lock, thereby ensuring that
the MachineThreads object, if found in the manager, will remain alive for the
duration of time we call removeCurrentThread() on it.

There's also possible for the MachineThreads object to already be destructed
and another one happened to have been instantiated at the same address.
Hence, we should only remove the exiting thread if it is found in the
MachineThreads object.

There is no test for this issue because this bug requires a race condition
between 2 threads where:

Thread B, which had previously used the VM, exiting and getting to the bug window shown in _pthread_tsd_cleanup_key() above.
Thread A destructing the VM (and its MachineThreads object) within that window of time before Thread B calls the destructor.

It is not possible to get a reliable test case without invasively
instrumenting _pthread_tsd_cleanup_key() or MachineThreads::removeCurrentThread()
to significantly increase that window of opportunity.

heap/MachineStackMarker.cpp:

(JSC::ActiveMachineThreadsManager::Locker::Locker):
(JSC::ActiveMachineThreadsManager::add):
(JSC::ActiveMachineThreadsManager::remove):
(JSC::ActiveMachineThreadsManager::contains):
(JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
(JSC::activeMachineThreadsManager):
(JSC::MachineThreads::MachineThreads):
(JSC::MachineThreads::~MachineThreads):
(JSC::MachineThreads::removeThread):
(JSC::MachineThreads::removeThreadIfFound):
(JSC::MachineThreads::removeCurrentThread): Deleted.

heap/MachineStackMarker.h:

12:56 AM Changeset in webkit [180857] by Carlos Garcia Campos

6 edits in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r180701 - bmalloc: Large object free list can grow infinitely
https://bugs.webkit.org/show_bug.cgi?id=142055

Reviewed by Andreas Kling.

By design, we don't eagerly remove large objects from the free list.
This creates two simple pathologies:

(1) If you free and then allocate the same object repeatedly, it will
duplicate itself in the free list repeatedly. Since it is never
invalid at the time of allocation, it will never be removed.

(2) If you split and then merge the same object repeatedly, it will
duplicate its split sibling in the free list repeatedly. If its
sibling is in a separate free list size class, it will never be
consulted at the time of allocation, so it will never be removed.

So, a simple "while (1) { free(malloc(x)); }" causes infinite memory
use in the free list.

The solution in this patch is a simple helper to remove garbage from the
free list if it grows too large. This pathology is not common, so the
cost is OK.

Long-term, perhaps we should rethink the laziness of these free lists.

bmalloc/BoundaryTag.h:

(bmalloc::BoundaryTag::isMarked):
(bmalloc::BoundaryTag::setMarked): New bit, used by free list GC.

bmalloc/FreeList.cpp:

(bmalloc::FreeList::removeInvalidAndDuplicateEntries): The GC algorithm.

bmalloc/FreeList.h:

(bmalloc::FreeList::FreeList):
(bmalloc::FreeList::push): Invoke the GC if we're getting huge.

bmalloc/LargeObject.h:

(bmalloc::LargeObject::isMarked):
(bmalloc::LargeObject::setMarked):
(bmalloc::LargeObject::validateSelf): Expose the new bit.

bmalloc/Sizes.h: New constant to control GC frequency.

12:51 AM Changeset in webkit [180856] by Carlos Garcia Campos

8 edits
1 copy
1 move in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r180693 - bmalloc: Refactored SegregatedFreeList and BoundaryTag::init
https://bugs.webkit.org/show_bug.cgi?id=142049

Reviewed by Anders Carlsson.

Split out a FreeList class from SegregatedFreeList. This will make it
easier to add behaviors on free list insertion and removal -- and it's
probably how I should have designed things at the start.

Moved BoundaryTag::init into LargeObject, since all the related logic
lives in LargeObject now too, and this allows us to remove BoundaryTagInlines.h.

bmalloc.xcodeproj/project.pbxproj:
bmalloc/BoundaryTagInlines.h: Removed.
bmalloc/FreeList.cpp: Copied from Source/bmalloc/bmalloc/SegregatedFreeList.cpp.

(bmalloc::FreeList::takeGreedy):
(bmalloc::FreeList::take):
(bmalloc::SegregatedFreeList::SegregatedFreeList): Deleted.
(bmalloc::SegregatedFreeList::insert): Deleted.
(bmalloc::SegregatedFreeList::takeGreedy): Deleted.
(bmalloc::SegregatedFreeList::take): Deleted.

bmalloc/FreeList.h: Copied from Source/bmalloc/bmalloc/SegregatedFreeList.h.

(bmalloc::FreeList::push):

bmalloc/LargeObject.h:

(bmalloc::LargeObject::init):

bmalloc/SegregatedFreeList.cpp:

(bmalloc::SegregatedFreeList::SegregatedFreeList):
(bmalloc::SegregatedFreeList::insert):
(bmalloc::SegregatedFreeList::takeGreedy):
(bmalloc::SegregatedFreeList::take):

bmalloc/SegregatedFreeList.h:
bmalloc/Sizes.h:
bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow):

12:45 AM Changeset in webkit [180855] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r180688 - bmalloc: free up a bit in BoundaryTag
https://bugs.webkit.org/show_bug.cgi?id=142048

Reviewed by Brady Eidson.

We were wasting a bit by accident, and I need one now.

bmalloc/Algorithm.h:

(bmalloc::rightShift): Deleted. Not needed, now that I've simplified
the math.

bmalloc/BoundaryTag.h: Since each boundary tag bucket is 1024 bytes

long, the maximum offset into a bucket is 1023.

You need 5 bits to count up to 1024, but only 4 to count up to 1023.

Math is hard.

(bmalloc::BoundaryTag::compactBegin): Switched to division because it
is simpler, and easier to match up with our ASSERT. The compiler will
turn division by constant power of two into a shift for us.

(bmalloc::BoundaryTag::setRange): Added an ASSERT for compactBegin
because we do encode it, so we should ASSERT that encoding did not
lose information.

bmalloc/Sizes.h: Shifting is no longer used since we use division

instead.

12:43 AM Changeset in webkit [180854] by Carlos Garcia Campos

6 edits
6 adds in releases/WebKitGTK/webkit-2.8

Merge r180683 - Setting any of the <object> element plugin controlling attributes does not have any affect.
https://bugs.webkit.org/show_bug.cgi?id=141936.

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-02-26
Reviewed by Zalan Bujtas.

Source/WebCore:

When setting any of the <object> element plugin controlling attributes
dynamically we need to mark the the element to be dirty by calling
setNeedsStyleRecalc(), so it has to recreate its renderer when needed.

Test: svg/as-object/svg-in-object-dynamic-attribute-change.html

dom/Element.h: Delete unimplemented function.

html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::parseAttribute): Dirty the element by calling
setNeedsStyleRecalc() when one of the plugin controlling attributes gets
changed. We have to clear the m_useFallbackContent because the attribute's
new value might fix the object rendering.

html/HTMLObjectElement.h: Add a function to clear m_useFallbackContent.

html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::willRecalcStyle): We might need to
reconstruct the object renderer in the image case. This can happen if the
image was rendering fallback content and the attribute's new value fixes
the object rendering.

LayoutTests:

svg/as-object/resources/lime100x100.html: Added.
svg/as-object/resources/lime100x100.png: Added.
svg/as-object/resources/lime100x100.svg: Added.
svg/as-object/resources/red100x100.svg: Added.
svg/as-object/svg-in-object-dynamic-attribute-change-expected.html: Added.
svg/as-object/svg-in-object-dynamic-attribute-change.html: Added.

Ensure that changing the 'type' and the 'data' attributes of the <object>
element will have the expected outcome. Also make sure that the <object>
element renderer falls back correctly when setting any of the attributes
to some unexpected value.

12:36 AM WebKitGTK/2.8.x edited by Carlos Garcia Campos

(diff)

12:28 AM Changeset in webkit [180853] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r180667 - Add calleeSaveRegisters() implementation for ARM Traditional
https://bugs.webkit.org/show_bug.cgi?id=141903

Reviewed by Darin Adler.

jit/RegisterSet.cpp:

(JSC::RegisterSet::calleeSaveRegisters):

12:24 AM Changeset in webkit [180852] by Carlos Garcia Campos

7 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r180643 - Horizontal and vertical lines are clipped completely if clip-path is included in the tag but the referenced element is defined later.
https://bugs.webkit.org/show_bug.cgi?id=141776.

Reviewed by Dean Jackson.
Source/WebCore:

Tests: svg/clip-path/clip-path-line-use-before-defined-expected.svg

svg/clip-path/clip-path-line-use-before-defined.svg

rendering/svg/RenderSVGResourceClipper.cpp:

(WebCore::RenderSVGResourceClipper::applyClippingToContext): Ensure the renderer
is added to m_clipper if it does not exist. The same renderer might have been
added to m_clipper in resourceBoundingBox().

(WebCore::RenderSVGResourceClipper::addRendererToClipper): Add the renderer to
m_clipper if it does not exist. Return the associated ClipperData.

(WebCore::RenderSVGResourceClipper::resourceBoundingBox): If the clipper is
referenced before it is defined, add the renderer to m_clipper. While doing the
layout() for the clipper, we can check if m_clipper has values or not. If it does
have, we are going to mark the clipper for client invalidation which is done by
the SVG root.

rendering/svg/RenderSVGResourceClipper.h:
rendering/svg/RenderSVGResourceContainer.h:

(WebCore::RenderSVGResourceContainer::selfNeedsClientInvalidation): Define a
new function selfNeedsClientInvalidation() which controls marking the clipper
for client invalidation. In RenderSVGResourceClipper, override it so it checks
m_clipper to force clients validation even if it the first time we do layout
for this clipper.

rendering/svg/RenderSVGResourceContainer.cpp:

(WebCore::RenderSVGResourceContainer::layout): Call the virtual function
selfNeedsClientInvalidation() to check whether we need to mark the clipper for
client invalidation.

svg/SVGElement.cpp: Delete unneeded header file.

LayoutTests:

New test cases for SVG lines which are clipped to a <clipPath>. The <clipPath>
is referenced before it is defined.

svg/clip-path/clip-path-line-use-before-defined-expected.svg: Added.
svg/clip-path/clip-path-line-use-before-defined.svg: Added.

12:21 AM Changeset in webkit [180851] by Carlos Garcia Campos

6 edits
1 add in releases/WebKitGTK/webkit-2.8

Merge r180639 - CodeBlock crashes when dumping op_push_name_scope
https://bugs.webkit.org/show_bug.cgi?id=141953

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-02-25
PerformanceTests/SunSpider:

Reviewed by Filip Pizlo.

profiler-test.yaml:

Source/JavaScriptCore:

Reviewed by Filip Pizlo and Csaba Osztrogonác.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

tests/stress/op-push-name-scope-crashes-profiler.js: Added.

Tools:

Reviewed by Filip Pizlo.

Scripts/run-jsc-stress-tests:

12:17 AM Changeset in webkit [180850] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r180634 - REGRESSION (r180018 ): Holding a rubber-band in place can get stuck
https://bugs.webkit.org/show_bug.cgi?id=142020
-and corresponding-
rdar://problem/19945216

Reviewed by Tom Horton.

It was a mistaken assumption that it was necessary to return false in the zero-
delta case. That is clearly conceptually wrong since false represents the DOM
doing something special with the event, which is clearly not the case if we never
even send the event to the DOM. Returning true will allow the rest of the
scrolling machinery the ability to handle the event.

dom/Element.cpp:

(WebCore::Element::dispatchWheelEvent):

12:15 AM Changeset in webkit [180849] by Carlos Garcia Campos

16 edits in releases/WebKitGTK/webkit-2.8

Merge r180621 - AX: Implement support for ARIA 1.1 'searchbox' role
https://bugs.webkit.org/show_bug.cgi?id=142004

Reviewed by Chris Fleizach.

Source/WebCore:

Add a new accessible SearchFieldRole to handle both the ARIA role
and the "search" input type.

No new tests. Instead, added a new test case to roles-exposed.html
for the mapping, and updated roles-computedRoleString.html because
there is now a one-to-one mapping between the "search" input type
and an ARIA role.

accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::determineAccessibilityRole):
(WebCore::AccessibilityNodeObject::isSearchField):

accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::isARIATextControl):
(WebCore::AccessibilityObject::isARIAInput):
(WebCore::initializeRoleMap):

accessibility/AccessibilityObject.h:
accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::determineAccessibilityRole):

accessibility/atk/WebKitAccessibleWrapperAtk.cpp:

(atkRole):

accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper accessibilityCanFuzzyHitTest]):
(-[WebAccessibilityObjectWrapper accessibilityTraits]):
(-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):

accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(createAccessibilityRoleMap):

LayoutTests:

accessibility/roles-computedRoleString-expected.txt: Updated for new role.
accessibility/roles-computedRoleString.html: Updated for new role.
accessibility/roles-exposed.html: New test case added.
platform/efl/accessibility/roles-exposed-expected.txt: Updated for new test case.
platform/gtk/accessibility/roles-exposed-expected.txt: Updated for new test case.
platform/mac-mavericks/accessibility/roles-exposed-expected.txt: Updated for new test case.
platform/mac/accessibility/roles-exposed-expected.txt: Updated for new test case.

Feb 28, 2015:

8:36 PM Changeset in webkit [180848] by Simon Fraser

6 edits in trunk/Source

Viewport units should not dirty style just before we do layout
https://bugs.webkit.org/show_bug.cgi?id=141682

Reviewed by Zalan Bujtas.
Source/WebCore:

In documents using viewport units, we dirtied style every time layout changed
the size of the document. This is nonsensical, because viewport units depend on the
viewport size, not the document size.

Move the style dirtying from layout() into availableContentSizeChanged(). Hook
this up for WebKit1 by calling from -[WebFrameView _frameSizeChanged], and,
since that causes availableContentSizeChanged() to be called for WK1 for the first
time, protect the call to updateScrollbars() with a !platformWidget check.

Covered by existing viewport unit tests.

page/FrameView.cpp:

(WebCore::FrameView::layout):
(WebCore::FrameView::availableContentSizeChanged):
(WebCore::FrameView::viewportSizeForCSSViewportUnits): Add a FIXME comment. Whether
scrollbars are ignored depends on the value of the overflow property on the root element.

page/FrameView.h:
platform/ScrollView.cpp:

(WebCore::ScrollView::availableContentSizeChanged):

Source/WebKit/mac:

WebView/WebFrameView.mm:

(-[WebFrameView _frameSizeChanged]):

6:31 PM Changeset in webkit [180847] by akling@apple.com

2 edits in trunk/Source/WebCore

[Cocoa] Purge SQLite page cache when under memory pressure.
<https://webkit.org/b/142139>
<rdar://problem/19997739>

Reviewed by Pratik Solanki.

Call out to sqlite3 cache purging SPI on Cocoa platforms when
we need to free up some extra memory.

platform/cocoa/MemoryPressureHandlerCocoa.mm:

(WebCore::MemoryPressureHandler::platformReleaseMemory):

5:04 PM Changeset in webkit [180846] by Simon Fraser

2 edits in trunk/Source/WebCore

FrameView::layoutTimerFired() should update style if needed before doing layout
https://bugs.webkit.org/show_bug.cgi?id=141688

Reviewed by Andreas Kling.

This doesn't have much impact on the number of layouts (measured via PLT)
but seems like a reasonable thing to do.

page/FrameView.cpp:

(WebCore::FrameView::layoutTimerFired):

3:06 PM Changeset in webkit [180845] by ddkilzer@apple.com

2 edits in trunk/Tools

[iOS] Stop running webkit-build-directory on every layout test

This was originally fixed by David Farler for Bug 135409 in
r172602.

Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.relay_path): Mark as @memoized so it doesn't
run webkit-build-directory every time it's called.

2:47 PM Changeset in webkit [180844] by youenn.fablet@crf.canon.fr

2 edits in trunk/Tools

W3C importer should use filesystem instead of shutil/host
https://bugs.webkit.org/show_bug.cgi?id=142012

Reviewed by Bem Jones-Bey.

Removed direct use of python shutil and os, except for os.walk which will require its own fix.

Scripts/webkitpy/w3c/test_importer.py:

(main):
(TestImporter.do_import):
(TestImporter.find_importable_tests):
(TestImporter.import_tests):
(TestImporter.remove_deleted_files):
(TestImporter.write_import_log):

2:33 PM Changeset in webkit [180843] by Csaba Osztrogonác

2 edits in trunk/LayoutTests

REGRESSION(r85798): Lists of crashing/timeouting/stderr tests aren't sorted
https://bugs.webkit.org/show_bug.cgi?id=142081

Reviewed by Ryosuke Niwa.

fast/harness/results.html:

2:20 PM Changeset in webkit [180842] by andersca@apple.com

4 edits in trunk/Source/WebKit2

WebsiteDataStore should handle fetching and deleting local storage data
https://bugs.webkit.org/show_bug.cgi?id=142137

Reviewed by Sam Weinig.

UIProcess/Storage/StorageManager.cpp:

(WebKit::StorageManager::deleteEntriesForOrigins):
Add a new function that deletes entries from multiple origins.

UIProcess/Storage/StorageManager.h:

Add new members.

UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):
Fetch local storage data as well.

(WebKit::WebsiteDataStore::removeData):
Delete local storage data as well.

1:52 PM Changeset in webkit [180841] by andersca@apple.com

3 edits in trunk/Source/WebKit2

Fetch cache origins from the network process
https://bugs.webkit.org/show_bug.cgi?id=142135

Reviewed by Dan Bernstein.

NetworkProcess/NetworkProcess.cpp:

(WebKit::cfURLCacheOrigins):
Add a new helper function that returns a vector of CFURL cache origins.

(WebKit::fetchDiskCacheOrigins):
Fetch the disk cache origins and pass them along to the completion handler. Currently we don't handle the new disk cache.

(WebKit::NetworkProcess::fetchWebsiteData):
Create a callback aggregator and fetch disk cache origins if we're asked for it.

UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::computeNetworkProcessAccessTypeForDataFetch):
New helper function that computes if we need to launch the network process in order to fetch data.

(WebKit::WebsiteDataStore::fetchData):
Fetch website data from the network process as well.

1:41 PM Changeset in webkit [180840] by youenn.fablet@crf.canon.fr

3 edits in trunk/LayoutTests/imported/w3c/web-platform-tests

Unreviewed - set svn:ignore for generated web-platform-tests files - see bug 142110

12:58 PM Changeset in webkit [180839] by Simon Fraser

31 edits in trunk/Source/WebCore

Fullscreen video layers are off by one sometimes
https://bugs.webkit.org/show_bug.cgi?id=142122
rdar://problem/19878821

Reviewed by Eric Carlson.

Convert MediaPlayer::naturalSize() to return a FloatSize, since the natural size
isn't always integral (because of preserving pixel aspect ratio etc). Fix all the media
backends to use FloatSizes for natural size. Convert the video image drawing code
paths to FloatSize, since naturalSize is used on the destination rect computation,
and painting should be floating point anyway.

Give the layer created by SourceBufferPrivateAVFObjC a name in debug builds.

html/HTMLVideoElement.cpp:

(WebCore::HTMLVideoElement::videoWidth):
(WebCore::HTMLVideoElement::videoHeight):
(WebCore::HTMLVideoElement::paintCurrentFrameInContext):

html/HTMLVideoElement.h:
html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::size):
(WebCore::CanvasRenderingContext2D::drawImage):

html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::videoFrameToImage):

platform/graphics/MediaPlayer.cpp:

(WebCore::NullMediaPlayerPrivate::naturalSize):
(WebCore::MediaPlayer::naturalSize):
(WebCore::MediaPlayer::paint):
(WebCore::MediaPlayer::paintCurrentFrameInContext):
(WebCore::NullMediaPlayerPrivate::paint): Deleted.

platform/graphics/MediaPlayer.h:
platform/graphics/MediaPlayerPrivate.h:

(WebCore::MediaPlayerPrivateInterface::paintCurrentFrameInContext):

platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:

(WebCore::MediaPlayerPrivateAVFoundation::naturalSize):
(WebCore::MediaPlayerPrivateAVFoundation::setNaturalSize):

platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::paintCurrentFrameInContext):
(WebCore::MediaPlayerPrivateAVFoundationObjC::paint):
(WebCore::MediaPlayerPrivateAVFoundationObjC::paintWithImageGenerator):
(WebCore::MediaPlayerPrivateAVFoundationObjC::createImageForTimeInRect):
(WebCore::MediaPlayerPrivateAVFoundationObjC::tracksChanged):
(WebCore::MediaPlayerPrivateAVFoundationObjC::sizeChanged):
(WebCore::MediaPlayerPrivateAVFoundationObjC::paintWithVideoOutput):

platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::naturalSize):
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::paint):
(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::paintCurrentFrameInContext):

platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.h:
platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:

(WebCore::MediaSourcePrivateAVFObjC::naturalSize):

platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

(WebCore::SourceBufferPrivateAVFObjC::trackDidChangeEnabled):
(WebCore::SourceBufferPrivateAVFObjC::naturalSize):

platform/graphics/avfoundation/objc/VideoTrackPrivateMediaSourceAVFObjC.h:
platform/graphics/avfoundation/objc/VideoTrackPrivateMediaSourceAVFObjC.mm:

(WebCore::VideoTrackPrivateMediaSourceAVFObjC::naturalSize):

platform/graphics/mac/MediaPlayerPrivateQTKit.h:
platform/graphics/mac/MediaPlayerPrivateQTKit.mm:

(WebCore::MediaPlayerPrivateQTKit::naturalSize):
(WebCore::MediaPlayerPrivateQTKit::paintCurrentFrameInContext):
(WebCore::MediaPlayerPrivateQTKit::paint):

platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:

(WebCore::MockMediaPlayerMediaSource::naturalSize):
(WebCore::MockMediaPlayerMediaSource::paint):

platform/mock/mediasource/MockMediaPlayerMediaSource.h:
rendering/RenderVideo.cpp:

(WebCore::RenderVideo::calculateIntrinsicSize):
(WebCore::RenderVideo::paintReplaced):

12:20 PM Changeset in webkit [180838] by andersca@apple.com

4 edits in trunk/Source/WebKit2

Simplify WebResourceCacheManagerCFNet.mm code
https://bugs.webkit.org/show_bug.cgi?id=142134

Reviewed by Dan Bernstein.

ENABLE(CACHE_PARTITIONING) is always true on Mac and iOS, so remove those #ifdefs.
Make cfURLCacheHostNamesWithCallback and clearCFURLCacheForHostNames public so they can be used by the new WebsiteDataStore code in an upcoming patch.
Change cfURLCacheHostNamesWithCallback to take an std::function instead of a block.

WebProcess/ResourceCache/WebResourceCacheManager.cpp:

(WebKit::WebResourceCacheManager::getCacheOrigins):

WebProcess/ResourceCache/WebResourceCacheManager.h:
WebProcess/ResourceCache/cf/WebResourceCacheManagerCFNet.mm:

(WebKit::partitionName):
(WebKit::WebResourceCacheManager::cfURLCacheHostNamesWithCallback):
(WebKit::WebResourceCacheManager::clearCFURLCacheForHostNames):
(WebKit::WebResourceCacheManager::cfURLCacheHostNames): Deleted.

10:45 AM Changeset in webkit [180837] by commit-queue@webkit.org

10 edits
1 copy
1 move
2 adds in trunk/Source/WebKit2

Unreviewed, rolling out r180804.
https://bugs.webkit.org/show_bug.cgi?id=142131

Broke nightlies (Requested by ap on #webkit).

Reverted changeset:

"[WK2] Drop legacy WKBundlePageDiagnosticLoggingClient API"
https://bugs.webkit.org/show_bug.cgi?id=141176
http://trac.webkit.org/changeset/180804

7:05 AM Changeset in webkit [180836] by gyuyoung.kim@samsung.com

2 edits in trunk/LayoutTests

Unreviewed EFL gardening 1st Mar.

platform/efl/TestExpectations:
Unskip tests which have been passed since r180672.
Skip compositing/webgl.

5:22 AM WebKitGTK/2.8.x edited by Carlos Garcia Campos

(diff)

5:20 AM Changeset in webkit [180835] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WTF

Merge r180620 - Enable concurrent JIT on GTK
https://bugs.webkit.org/show_bug.cgi?id=142007

Reviewed by Benjamin Poulain.

Seems weird that GTK keeps it off. No good reason for that as far as I can tell.

wtf/Platform.h:

5:20 AM Changeset in webkit [180834] by Carlos Garcia Campos

2 edits
1 add in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

CMake build of libllvmForJSC.so should limit its export list like the Xcode build does
https://bugs.webkit.org/show_bug.cgi?id=141989

Reviewed by Gyuyoung Kim.

CMakeLists.txt:
llvm/library/libllvmForJSC.version: Added.

3:59 AM Changeset in webkit [180833] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r180604 - Rolling out http://trac.webkit.org/changeset/180430 as it causes the PLT to crash.
<rdar://problem/19948015>

Unreviewed.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow):

bmalloc/VMHeap.h:
bmalloc/Zone.cpp:

(bmalloc::Zone::Zone):
(bmalloc::Zone::size): Deleted.

bmalloc/Zone.h:

3:55 AM Changeset in webkit [180832] by Carlos Garcia Campos

15 edits
10 adds in releases/WebKitGTK/webkit-2.8

Merge r180600 - AX: Implement support for ARIA 1.1 'switch' role
https://bugs.webkit.org/show_bug.cgi?id=141986

Reviewed by Chris Fleizach.

Source/WebCore:

Map the role to ATK_ROLE_TOGGLE_BUTTON for Gtk and Efl; on the Mac, to
AXCheckBox with a subrole of AXSwitch. Ensure it looks and acts like a
widget to accessibility APIs (supports and emits notifications when
toggled, doesn't have children, exposes a name and description when
provided).

Tests: accessibility/aria-switch-checked.html

accessibility/aria-switch-sends-notification.html
accessibility/aria-switch-text.html

accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::canHaveChildren):
(WebCore::AccessibilityNodeObject::isChecked):
(WebCore::AccessibilityNodeObject::visibleText):
(WebCore::AccessibilityNodeObject::title):

accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::isARIAInput):
(WebCore::AccessibilityObject::actionVerb):
(WebCore::initializeRoleMap):
(WebCore::AccessibilityObject::supportsChecked):
(WebCore::AccessibilityObject::checkboxOrRadioValue):

accessibility/AccessibilityObject.h:

(WebCore::AccessibilityObject::isSwitch):

accessibility/atk/AXObjectCacheAtk.cpp:

(WebCore::AXObjectCache::postPlatformNotification):

accessibility/atk/WebKitAccessibleWrapperAtk.cpp:

(atkRole):

accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper accessibilityCanFuzzyHitTest]):
(-[WebAccessibilityObjectWrapper accessibilityTraits]):
(-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):

accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(createAccessibilityRoleMap):
(-[WebAccessibilityObjectWrapper subrole]):
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

LayoutTests:

accessibility/aria-switch-checked-expected.txt: Added.
accessibility/aria-switch-checked.html: Added.
accessibility/aria-switch-sends-notification-expected.txt: Added.
accessibility/aria-switch-sends-notification.html: Added.
accessibility/aria-switch-text.html: Added.
accessibility/roles-exposed.html: Added a test case for the new role.
platform/efl/accessibility/aria-fallback-roles-expected.txt: Added.
platform/efl/accessibility/aria-switch-text-expected.txt: Added.
platform/efl/accessibility/roles-exposed-expected.txt: Updated for the new role.
platform/gtk/accessibility/aria-fallback-roles-expected.txt: Added.
platform/gtk/accessibility/aria-switch-text-expected.txt: Added.
platform/gtk/accessibility/roles-exposed-expected.txt: Updated for the new role.
platform/mac-mavericks/accessibility/roles-exposed-expected.txt: Updated for the new role.
platform/mac/TestExpectations: Skip the 'checked' notifcation as the Mac doesn't have it.
platform/mac/accessibility/aria-switch-text-expected.txt: Added.
platform/mac/accessibility/roles-exposed-expected.txt: Updated for the new role.

3:52 AM Changeset in webkit [180831] by Carlos Garcia Campos

6 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r180591 - Rolling out r179753. The fix was invalid.
<https://webkit.org/b/141990>

Not reviewed.

API/tests/testapi.mm:

(threadMain):
(useVMFromOtherThread): Deleted.
(useVMFromOtherThreadAndOutliveVM): Deleted.

heap/Heap.cpp:

(JSC::Heap::Heap):
(JSC::Heap::~Heap):
(JSC::Heap::gatherStackRoots):

heap/Heap.h:

(JSC::Heap::machineThreads):

heap/MachineStackMarker.cpp:

(JSC::MachineThreads::Thread::Thread):
(JSC::MachineThreads::MachineThreads):
(JSC::MachineThreads::~MachineThreads):
(JSC::MachineThreads::addCurrentThread):
(JSC::MachineThreads::removeThread):
(JSC::MachineThreads::removeCurrentThread):

heap/MachineStackMarker.h:

3:49 AM Changeset in webkit [180830] by youenn.fablet@crf.canon.fr

2 edits in trunk/Tools

W3C test importer should use filesystem to read and write files
https://bugs.webkit.org/show_bug.cgi?id=142084

Reviewed by Bem Jones-Bey.

Use of FileSystem.write_binary_file, read_text_file and write_text_file in lieu of open().

Scripts/webkitpy/w3c/test_importer.py:

(TestImporter.import_tests):
(TestImporter.remove_deleted_files):
(TestImporter.write_import_log):

3:31 AM Changeset in webkit [180829] by Carlos Garcia Campos

13 edits
1 add in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r180576 - bmalloc: Added a little more abstraction for large objects
https://bugs.webkit.org/show_bug.cgi?id=141978

Reviewed by Sam Weinig.

Previously, each client needed to manage the boundary tags of
a large object using free functions. This patch introduces a LargeObject
class that does things a little more automatically.

bmalloc.xcodeproj/project.pbxproj:

bmalloc/Allocator.cpp:

(bmalloc::Allocator::reallocate): Use the new LargeObject class.

bmalloc/BeginTag.h:

(bmalloc::BeginTag::isInFreeList): Deleted. Moved this logic into the
LargeObject class.

bmalloc/BoundaryTag.h:

(bmalloc::BoundaryTag::isSentinel):
(bmalloc::BoundaryTag::compactBegin):
(bmalloc::BoundaryTag::setRange):
(bmalloc::BoundaryTag::initSentinel): Added an explicit API for sentinels,
which we used to create and test for implicitly.

bmalloc/BoundaryTagInlines.h:

(bmalloc::BoundaryTag::init):
(bmalloc::validate): Deleted.
(bmalloc::validatePrev): Deleted.
(bmalloc::validateNext): Deleted.
(bmalloc::BoundaryTag::mergeLeft): Deleted.
(bmalloc::BoundaryTag::mergeRight): Deleted.
(bmalloc::BoundaryTag::merge): Deleted.
(bmalloc::BoundaryTag::deallocate): Deleted.
(bmalloc::BoundaryTag::split): Deleted.
(bmalloc::BoundaryTag::allocate): Deleted. Moved this logic into the
LargeObject class.

bmalloc/EndTag.h:

(bmalloc::EndTag::init):
(bmalloc::EndTag::operator=): Deleted. Re-reading this code, I found
special behavior in the assignment operator to be a surprising API.
So, I replaced the assignment operation with an explicit initializing
function.

bmalloc/Heap.cpp:

(bmalloc::Heap::scavengeLargeRanges):
(bmalloc::Heap::allocateXLarge):
(bmalloc::Heap::findXLarge):
(bmalloc::Heap::deallocateXLarge):
(bmalloc::Heap::allocateLarge):
(bmalloc::Heap::deallocateLarge):

bmalloc/Heap.h: No behavior changes here -- just adopting the

LargeObject interface.

bmalloc/LargeObject.h: Added.

(bmalloc::LargeObject::operator!):
(bmalloc::LargeObject::begin):
(bmalloc::LargeObject::size):
(bmalloc::LargeObject::range):
(bmalloc::LargeObject::LargeObject):
(bmalloc::LargeObject::setFree):
(bmalloc::LargeObject::isFree):
(bmalloc::LargeObject::hasPhysicalPages):
(bmalloc::LargeObject::setHasPhysicalPages):
(bmalloc::LargeObject::isValidAndFree):
(bmalloc::LargeObject::merge):
(bmalloc::LargeObject::split):
(bmalloc::LargeObject::validateSelf):
(bmalloc::LargeObject::validate): Moved this code into a class, out of
BoundaryTag free functions.

New to the class are these features:

(1) Every reference to an object is validated upon creation and use.

(2) There's an explicit API for "This is a reference to an object
that might be stale (the DoNotValidate API)".

(3) The begin and end tags are kept in sync automatically.

bmalloc/SegregatedFreeList.cpp:

(bmalloc::SegregatedFreeList::insert):
(bmalloc::SegregatedFreeList::takeGreedy):
(bmalloc::SegregatedFreeList::take):

bmalloc/SegregatedFreeList.h: Adopt the LargeObject interface.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow):

bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateLargeRange):
(bmalloc::VMHeap::deallocateLargeRange): Adopt the LargeObject interface.

3:29 AM Changeset in webkit [180828] by Carlos Garcia Campos

50 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r180570 - REGRESSION(r179429): Can't type comments in Facebook
https://bugs.webkit.org/show_bug.cgi?id=141859

Reviewed by Brent Fulgham.

Source/JavaScriptCore:

When window.Symbol is exposed to user-space pages,
Facebook's JavaScript use it (maybe, for immutable-js and React.js's unique key).
However, to work with Symbols completely, it also requires
1) Object.getOwnPropertySymbols (for mixin including Symbols)
2) the latest ES6 Iterator interface that uses Iterator.next and it returns { done: boolean, value: value }.
Since they are not landed yet, comments in Facebook don't work.

This patch introduces RuntimeFlags for JavaScriptCore.
Specifying SymbolEnabled flag under test runner and inspector to continue to work with Symbol.
And drop JavaScriptExperimentsEnabled flag
because it is no longer used and use case of this is duplicated to runtime flags.

JavaScriptCore.order:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
jsc.cpp:

(GlobalObject::javaScriptRuntimeFlags):
(GlobalObject::javaScriptExperimentsEnabled): Deleted.

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::init):

runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::finishCreation):
(JSC::JSGlobalObject::javaScriptRuntimeFlags):
(JSC::JSGlobalObject::javaScriptExperimentsEnabled): Deleted.

runtime/RuntimeFlags.h: Added.

(JSC::RuntimeFlags::RuntimeFlags):
(JSC::RuntimeFlags::createAllEnabled):

Source/WebCore:

Enable SymbolEnabled runtime flag in inspector context.

ForwardingHeaders/runtime/RuntimeFlags.h: Added.
WebCore.order:
WebCore.vcxproj/WebCore.vcxproj:
WebCore.vcxproj/WebCore.vcxproj.filters:
bindings/js/JSDOMWindowBase.cpp:

(WebCore::JSDOMWindowBase::javaScriptRuntimeFlags):
(WebCore::JSDOMWindowBase::javaScriptExperimentsEnabled): Deleted.

bindings/js/JSDOMWindowBase.h:
bindings/js/JSWorkerGlobalScopeBase.cpp:

(WebCore::JSWorkerGlobalScopeBase::javaScriptRuntimeFlags):
(WebCore::JSWorkerGlobalScopeBase::javaScriptExperimentsEnabled): Deleted.

bindings/js/JSWorkerGlobalScopeBase.h:
inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::InspectorFrontendClientLocal):

page/Settings.h:
page/Settings.in:

Source/WebKit/mac:

Introduce SymbolEnabled and drop javaScriptExperimentsEnabled.
Private API, javaScriptExperimentsEnabled is dropped.

Misc/WebNSDictionaryExtras.h:
Misc/WebNSDictionaryExtras.m:

(-[NSMutableDictionary _webkit_setUnsignedInt:forKey:]):

WebKit.order:
WebView/WebPreferenceKeysPrivate.h:
WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
(-[WebPreferences _setUnsignedIntValue:forKey:]):
(-[WebPreferences javaScriptRuntimeFlags]):
(-[WebPreferences setJavaScriptRuntimeFlags:]):
(-[WebPreferences setJavaScriptExperimentsEnabled:]): Deleted.
(-[WebPreferences javaScriptExperimentsEnabled]): Deleted.

WebView/WebPreferencesPrivate.h:
WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

Source/WebKit/win:

Added Windows support.

Interfaces/IWebPreferences.idl:
Interfaces/IWebPreferencesPrivate.idl:
WebPreferenceKeysPrivate.h:
WebPreferences.cpp:

(WebPreferences::initializeDefaultSettings):
(WebPreferences::javaScriptRuntimeFlags):
(WebPreferences::setJavaScriptRuntimeFlags):
(WebPreferences::isWebSecurityEnabled):

WebPreferences.h:
WebView.cpp:

(WebView::notifyPreferencesChanged):

Source/WebKit2:

Enable SymbolEnabled in inspector context.

Shared/WebPreferencesDefinitions.h:
UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetJavaScriptRuntimeFlags):
(WKPreferencesGetJavaScriptRuntimeFlags):
(WKPreferencesSetJavaScriptExperimentsEnabled): Deleted.
(WKPreferencesGetJavaScriptExperimentsEnabled): Deleted.

UIProcess/API/C/WKPreferencesRef.h:
UIProcess/API/C/WKPreferencesRefPrivate.h:
UIProcess/API/Cocoa/WKPreferences.mm:

(-[WKPreferences _javaScriptRuntimeFlags]):
(-[WKPreferences _setJavaScriptRuntimeFlags:]):

UIProcess/API/Cocoa/WKPreferencesPrivate.h:
UIProcess/efl/WebInspectorProxyEfl.cpp:

(WebKit::WebInspectorProxy::platformCreateInspectorPage):

UIProcess/gtk/WebInspectorProxyGtk.cpp:

(WebKit::WebInspectorProxy::platformCreateInspectorPage):

UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::WebInspectorProxy::platformCreateInspectorPage):

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences):

mac/WebKit2.order:

Tools:

Drop javaScriptExperimentsEnabled and specify JavaScriptRuntimeFlagsAllEnabled as KJavaScriptRuntimeFlags.

DumpRenderTree/mac/DumpRenderTree.mm:

(resetWebPreferencesToConsistentValues):

DumpRenderTree/win/DumpRenderTree.cpp:

(resetWebPreferencesToConsistentValues):

WebKitTestRunner/TestController.cpp:

(WTR::TestController::resetPreferencesToConsistentValues):

3:16 AM WebKitGTK/2.8.x edited by Carlos Garcia Campos

(diff)

3:14 AM WebKitGTK/2.8.x edited by Carlos Garcia Campos

(diff)

3:13 AM WebKitGTK/2.8.x edited by Carlos Garcia Campos

(diff)

3:05 AM Changeset in webkit [180827] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.8

Merge r180566 - [GTK] Layout Test accessibility/roles-exposed.html is failing
https://bugs.webkit.org/show_bug.cgi?id=141960

Reviewed by Martin Robinson.

Source/WebCore:

The test was failing because Gtk now uses GtkColorChooserDialog for the
color input, making the input field a button which results in the color
chooser dialog appearing. As a side effect of this change, the input now
has an accessible role of ColorWell, which is currently mapped to
ATK_ROLE_COLOR_CHOOSER (which is by definition the dialog which results
upon activating the button input field). Changed the Gtk platform mapping
to ATK_ROLE_BUTTON, leaving the Efl mapping as-is.

No new tests. Instead, updated and unskipped failing test.

accessibility/atk/WebKitAccessibleWrapperAtk.cpp:

(atkRole):

LayoutTests:

platform/gtk/TestExpectations: Unskip the failing test.
platform/gtk/accessibility/roles-exposed-expected.txt: Update the expectations.

3:03 AM Changeset in webkit [180826] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.8

Merge r180565 - Crash loading local file with WebPageProxy::loadAlternateHTMLString
https://bugs.webkit.org/show_bug.cgi?id=141867

Patch by Michael Catanzaro <Michael Catanzaro> on 2015-02-24
Reviewed by Anders Carlsson.

Source/WebKit2:

WebPageProxy::loadAlternateHTMLString needs to assume read access to unreachableURL as well
as baseURL, because unreachableURL will get added to the back/forward list, causing us to
crash later on when we notice the unexpected URL received in checkURLReceivedFromWebProcess.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::loadAlternateHTMLString):

Tools:

TestWebKitAPI/Tests/WebKit2/LoadAlternateHTMLStringWithNonDirectoryURL.cpp:

(TestWebKitAPI::loadAlternateHTMLString): Split most of this test into a function so it can
be shared with the new test.
(TestWebKitAPI::TEST): Add a cross-platform test for this crash.

TestWebKitAPI/Tests/WebKit2Gtk/TestLoaderClient.cpp: Add a GTK+ test for this crash.

(testLoadAlternateHTMLForLocalPage):
(beforeAll):

3:00 AM Changeset in webkit [180825] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r180563 - [GTK] Fonts loaded via @font-face look bad
https://bugs.webkit.org/show_bug.cgi?id=140994

Patch by Michael Catanzaro <Michael Catanzaro> on 2015-02-24
Reviewed by Martin Robinson.

We've had several complaints that woff fonts look bad on some websites. This seems to be a
combination of multiple issues. For one, we don't look at Fontconfig settings at all when
creating a web font. This commit changes FontPlatformData::initializeWithFontFace to instead
use sane default settings from Fontconfig when loading a web font, rather than accepting the
default settings from GTK+, which are normally overridden by Fontconfig when loading system
fonts. However, we will hardcode the hinting setting for web fonts to always force use of
the light autohinter, so that we do not use a font's native hints. This avoids compatibility
issues when fonts with poor native hinting are only tested in browsers that do not use the
native hints. It also allows us to sidestep future security vulnerabilities in FreeType's
bytecode interpreter.

The net result of this is that there should be little noticable difference if you have GTK+
set to use slight hinting (which forces use of the autohinter) unless you have customized
Fontconfig configuration, but a dramatic improvement with particular fonts if you use medium
or full hinting. This should reduce complaints about our font rendering on "fancy sites."

No new tests, since the affected fonts we've found are not freely redistributable.

platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:

(WebCore::FontCustomPlatformData::FontCustomPlatformData): Force web fonts to be autohinted.

platform/graphics/freetype/FontPlatformDataFreeType.cpp:

(WebCore::getDefaultCairoFontOptions): Renamed to disambiguate.
(WebCore::getDefaultFontconfigOptions): Added.
(WebCore::FontPlatformData::initializeWithFontFace): Always call
FontPlatformData::setCairoOptionsFromFontConfigPattern. If the FontPlatformData was not
created with an FcPattern (e.g. because this is a web font), call
getDefaultFontconfigOptions to get a sane default FcPattern.
(WebCore::FontPlatformData::setOrientation): Renamed call to getDefaultCairoFontOptions.
(WebCore::getDefaultFontOptions): Deleted.

2:56 AM Changeset in webkit [180824] by Carlos Garcia Campos

18 edits in releases/WebKitGTK/webkit-2.8

Merge r180558 - Always serialize :lang()'s arguments to strings
https://bugs.webkit.org/show_bug.cgi?id=141944

Reviewed by Benjamin Poulain.

Source/WebCore:

As specified in [1] :lang()'s arguments are always serialized to strings.

[1] http://dev.w3.org/csswg/cssom/#serializing-selectors

Related tests are updated.

css/CSSGrammar.y.in:
css/CSSParserValues.cpp:

(WebCore::CSSParserSelector::setLangArgumentList):

css/CSSParserValues.h:

(WebCore::CSSParserString::init):
(WebCore::CSSParserString::clear):
(WebCore::CSSParserString::tokenType): Deleted.
(WebCore::CSSParserString::setTokenType): Deleted.

css/CSSSelector.cpp:

(WebCore::appendLangArgumentList):
(WebCore::CSSSelector::setLangArgumentList):

css/CSSSelector.h:

(WebCore::CSSSelector::langArgumentList):

css/SelectorCheckerTestFunctions.h:

(WebCore::matchesLangPseudoClass):

cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::addPseudoClassType):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsInLanguage):

LayoutTests:

Some tests results are updated to reflect the always serialize
:lang()'s arguments to strings.

fast/css/css-lang-selector-with-string-arguments-text-expected.txt:
fast/css/css-lang-selector-with-string-arguments-text.html:
fast/css/parsing-css-lang-expected.txt:
fast/css/parsing-css-lang.html:
fast/css/css-selector-text-expected.txt:
fast/css/css-selector-text.html:
fast/css/css-set-selector-text-expected.txt:
fast/css/css-set-selector-text.html:
fast/dom/css-selectorText-expected.txt:

2:51 AM Changeset in webkit [180823] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r180554 - Give TemporaryChange for m_inLoadPendingImages assertion a name so it actually does something.

css/StyleResolver.cpp:

(WebCore::StyleResolver::loadPendingImages):

1:31 AM Changeset in webkit [180822] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r180548 - EventHandler references deleted Scrollbar
https://bugs.webkit.org/show_bug.cgi?id=141931
<rdar://problem/19915210>

Reviewed by Tim Horton.

Tested by scrollbars/overflow-custom-scrollbar-crash.html

Update the EventHandler class to use a WeakPtr to reference the
last used Scrollbar, rather than retaining the Scrollbar and
artificially extending its life. This keeps the EventHandler
state in proper sync with the state of the render tree, and
avoids cases where we have destroyed a ScrollableArea (and
Scrollbar) but are still sending messages to a fake zombie
version of the element.

page/EventHandler.cpp:

(WebCore::EventHandler::clear):
(WebCore::EventHandler::handleMousePressEvent):
(WebCore::EventHandler::updateMouseEventTargetNode):
(WebCore::EventHandler::updateLastScrollbarUnderMouse):

page/EventHandler.h:
platform/Scrollbar.cpp:

(WebCore::Scrollbar::Scrollbar): Initialize WeakPtrFactory.

platform/Scrollbar.h:

(WebCore::Scrollbar::createWeakPtr): Added,

1:26 AM Changeset in webkit [180821] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.8

Merge r180535 - WTF::WeakPtr should rename 'forgot' to 'clear' and support nullptr assignment
https://bugs.webkit.org/show_bug.cgi?id=141935

Reviewed by Myles C. Maxfield.

Source/WTF:

wtf/WeakPtr.h:

(WTF::WeakPtr::operator=): Added 'nullptr_t' overload.
(WTF::WeakPtr::clear): Renamed from 'forget'
(WTF::WeakPtr::forget): Deleted.

Tools:

TestWebKitAPI/Tests/WTF/WeakPtr.cpp:

(TestWebKitAPI::TEST): Updated for 'clear' method rename, and added a few
tests for assigning from nullptr.

1:08 AM Changeset in webkit [180820] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.8

Merge r180528 - Source/WTF:
WTF::WeakPtr should have a 'forget' method
https://bugs.webkit.org/show_bug.cgi?id=141923

Reviewed by Myles C. Maxfield.

wtf/WeakPtr.h:

(WTF::WeakPtr::forget): Added.

Tools:
WTF::WeakPtr should have a 'forget' method.
https://bugs.webkit.org/show_bug.cgi?id=141923

Reviewed by Myles C. Maxfield.

TestWebKitAPI/Tests/WTF/WeakPtr.cpp:

(TestWebKitAPI::TEST): Added 'Forget' tests case.

12:41 AM Changeset in webkit [180819] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r180530 - Default value of HTMLSelectElement size IDL attribute should be 0.
https://bugs.webkit.org/show_bug.cgi?id=141795

Reviewed by Andreas Kling.

Source/WebCore:

Default value of HTMLSelectElement size IDL attribute should be 0.
As in spec: http://www.w3.org/html/wg/drafts/html/master/forms.html#the-select-element, also this matches the behavior of Chrome, IE and
Gecko.

Test: fast/dom/select-size.html

html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::parseAttribute):

LayoutTests:

fast/dom/select-size-expected.txt: Added.
fast/dom/select-size.html: Added.

12:38 AM Changeset in webkit [180818] by Carlos Garcia Campos

2 edits
1 add in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r180516 - r9 is volatile on ARMv7 for iOS 3 and up.
https://bugs.webkit.org/show_bug.cgi?id=141489
rdar://problem/19432916

Reviewed by Michael Saboff.

jit/RegisterSet.cpp:

(JSC::RegisterSet::calleeSaveRegisters): removed r9 from the list of ARMv7 callee save registers.

tests/stress/regress-141489.js: Added.

(foo):

Feb 27, 2015:

11:26 PM Changeset in webkit [180817] by Csaba Osztrogonác

4 edits in trunk/Source

Source/WebCore:
[EFL][GTK] Fix build break after r180790,180798
https://bugs.webkit.org/show_bug.cgi?id=142127

Patch by Hunseop Jeong <Hunseop Jeong> on 2015-02-27
Reviewed by Gyuyoung Kim.

platform/graphics/cairo/PathCairo.cpp:

(WebCore::Path::addEllipse):

Source/WebKit2:
[EFL][GTK] Fix build break after r180790,180798
https://bugs.webkit.org/show_bug.cgi?id=142127

Patch by Hunseop Jeong <Hunseop Jeong> on 2015-02-27
Reviewed by Gyuyoung Kim.

CMakeLists.txt:

11:12 PM Changeset in webkit [180816] by Brent Fulgham

2 edits in trunk/Source/WebKit

[Win] Unreviewed build fix.

Adjust project dependencies to ensure a consistent build order.

WebKit.vcxproj/WebKit.sln:

10:21 PM Changeset in webkit [180815] by Alan Bujtas

18 edits in trunk

Subpixel-layout: width: max-content; property might cause unnecessary scrollbar.
https://bugs.webkit.org/show_bug.cgi?id=142065

Reviewed by Simon Fraser.

Source/WebCore:

We should not pixelsnap (ceil in this case) logical coordinates during layout.
Should this cause content to be partially cut off, we need to
find the broken piece in the computation logic.

Covered by the unskipped test.

rendering/RootInlineBox.cpp:

(WebCore::RootInlineBox::paddedLayoutOverflowRect):

LayoutTests:

Rebaseline. Scroll layer shrinks in certain cases.

platform/mac-mavericks/editing/input/caret-at-the-edge-of-input-expected.txt:
platform/mac-mavericks/fast/css/text-overflow-input-expected.txt:
platform/mac-mavericks/fast/forms/basic-inputs-expected.txt:
platform/mac-mavericks/fast/forms/control-restrict-line-height-expected.txt:
platform/mac-mavericks/fast/forms/input-disabled-color-expected.txt:
platform/mac-mavericks/fast/forms/search/search-size-with-decorations-expected.txt:
platform/mac-mavericks/http/tests/navigation/javascriptlink-frames-expected.txt:
platform/mac/TestExpectations:
platform/mac/fast/forms/control-restrict-line-height-expected.txt:
platform/mac/fast/forms/input-appearance-selection-expected.txt:
platform/mac/fast/forms/input-text-scroll-left-on-blur-expected.txt:
platform/mac/fast/forms/input-type-text-min-width-expected.txt:
platform/mac/fast/forms/minWidthPercent-expected.txt:
platform/mac/fast/forms/search/search-size-with-decorations-expected.txt:
platform/mac/tables/mozilla/bugs/bug96334-expected.txt:

10:02 PM Changeset in webkit [180814] by Darin Adler

6 edits
1 delete in trunk/Source/WTF

Remove unused PossiblyNull
https://bugs.webkit.org/show_bug.cgi?id=142124

Reviewed by Andreas Kling.

WTF.vcxproj/WTF.vcxproj: Removed the file.
WTF.vcxproj/WTF.vcxproj.filters: Ditto.
WTF.xcodeproj/project.pbxproj: Ditto.
wtf/CMakeLists.txt: Ditto.
wtf/PossiblyNull.h: Removed.

wtf/FastMalloc.h: Moved everything to the left.

Moved member functions out of the TryMallocReturnValue class definition.
(WTF::TryMallocReturnValue::operator PossiblyNull<T>): Deleted.
(WTF::TryMallocReturnValue::getValue): Marked inline, changed to work
only with pointer types, not arbitrary non-pointer types.

7:21 PM Changeset in webkit [180813] by benjamin@webkit.org

23 edits
2 adds in trunk/Source/JavaScriptCore

[JSC] Use the way number constants are written to help type speculation
https://bugs.webkit.org/show_bug.cgi?id=142072

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-02-27
Reviewed by Filip Pizlo.

This patch changes how we interpret numeric constant based on how they appear
in the source.

Constants that are integers but written with a decimal point now carry that information
to the optimizating tiers. From there, we use that to be more aggressive about typing
math operations toward double operations.

For example, in:

var a = x + 1.0;
var b = y + 1;

The Add for a would be biased toward doubles, the Add for b would speculate
integer as usual.

The gains are tiny but this is a prerequisite to make my next patch useful:
-SunSpider's access-fannkuch: definitely 1.0661x faster
-SunSpider's math-cordic: definitely 1.0266x slower

overal: might be 1.0066x slower.

-Kraken's imaging-darkroom: definitely 1.0333x faster.

parser/Lexer.cpp:

(JSC::tokenTypeForIntegerLikeToken):
(JSC::Lexer<T>::lex):
The lexer now create two types of tokens for number: INTEGER and DOUBLE.
Those token types only carry information about how the values were
entered, an INTEGER does not have to be an integer, it is only written like one.
Large integer still end up represented as double in memory.

One trap I fell into was typing numbers like 12e3 as double. This kind of literal
is frequently used in integer-typed code, while 12.e3 would appear in double-typed
code.
Because of that, the only signals for double are: decimal point, negative zero,
and ridiculously large values.

parser/NodeConstructors.h:

(JSC::DoubleNode::DoubleNode):
(JSC::IntegerNode::IntegerNode):

parser/Nodes.h:

(JSC::NumberNode::value):
(JSC::NumberNode::setValue): Deleted.
Number get specialized in two new kind of nodes in the AST: IntegerNode and DoubleNode.

bytecompiler/NodesCodegen.cpp:

(JSC::NumberNode::emitBytecode):

parser/ASTBuilder.h:

(JSC::ASTBuilder::createDoubleExpr):
(JSC::ASTBuilder::createIntegerExpr):
(JSC::ASTBuilder::createIntegerLikeNumber):
(JSC::ASTBuilder::createDoubleLikeNumber):
(JSC::ASTBuilder::createNumberFromBinaryOperation):
(JSC::ASTBuilder::createNumberFromUnaryOperation):
(JSC::ASTBuilder::makeNegateNode):
(JSC::ASTBuilder::makeBitwiseNotNode):
(JSC::ASTBuilder::makeMultNode):
(JSC::ASTBuilder::makeDivNode):
(JSC::ASTBuilder::makeModNode):
(JSC::ASTBuilder::makeAddNode):
(JSC::ASTBuilder::makeSubNode):
(JSC::ASTBuilder::makeLeftShiftNode):
(JSC::ASTBuilder::makeRightShiftNode):
(JSC::ASTBuilder::makeURightShiftNode):
(JSC::ASTBuilder::makeBitOrNode):
(JSC::ASTBuilder::makeBitAndNode):
(JSC::ASTBuilder::makeBitXOrNode):
(JSC::ASTBuilder::createNumberExpr): Deleted.
(JSC::ASTBuilder::createNumber): Deleted.
The AST has some optimization to resolve constants before emitting bytecode.
In the new code, the intger representation is kept if both operands where
also represented as integers.

parser/Parser.cpp:

(JSC::Parser<LexerType>::parseDeconstructionPattern):
(JSC::Parser<LexerType>::parseProperty):
(JSC::Parser<LexerType>::parseGetterSetter):
(JSC::Parser<LexerType>::parsePrimaryExpression):
(JSC::Parser<LexerType>::printUnexpectedTokenText):

parser/ParserTokens.h:
parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createDoubleExpr):
(JSC::SyntaxChecker::createIntegerExpr):
(JSC::SyntaxChecker::createNumberExpr): Deleted.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::registerName):
(JSC::CodeBlock::constantName):
Change constantName(r, getConstant(r)) -> constantName(r) to simplify
the dump code.

(JSC::CodeBlock::dumpBytecode):
Dump thre soure representation information we have with each constant.

(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::shrinkToFit):
(JSC::constantName): Deleted.

bytecode/CodeBlock.h:

(JSC::CodeBlock::constantsSourceCodeRepresentation):
(JSC::CodeBlock::addConstant):
(JSC::CodeBlock::addConstantLazily):
(JSC::CodeBlock::constantSourceCodeRepresentation):
(JSC::CodeBlock::setConstantRegisters):

bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::addConstant):
(JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation):
(JSC::UnlinkedCodeBlock::shrinkToFit):

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::addConstantValue):
(JSC::BytecodeGenerator::emitLoad):

bytecompiler/BytecodeGenerator.h:

We have to differentiate between constants that have the same values but are
represented differently in the source. Values like 1.0 and 1 now end up
as different constants.

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::addConstantToGraph):

dfg/DFGGraph.cpp:

(JSC::DFG::Graph::registerFrozenValues):

dfg/DFGGraph.h:

(JSC::DFG::Graph::addSpeculationMode):
(JSC::DFG::Graph::addImmediateShouldSpeculateInt32):
ArithAdd is very aggressive toward using Int52, which is quite useful
in many benchmarks.

Here we need to specialize to make sure we don't force our literals
to Int52 if there were represented as double.

There is one exception to that rule: when the other operand is guaranteed
to come from a NodeResultInt32. This is because there is some weird code
doing stuff like:

var b = a|0;
var c = b*2.0;

dfg/DFGNode.h:

(JSC::DFG::Node::Node):
(JSC::DFG::Node::setOpAndDefaultFlags):
(JSC::DFG::Node::sourceCodeRepresentation):

dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

runtime/JSCJSValue.h:

(JSC::EncodedJSValueWithRepresentationHashTraits::emptyValue):
(JSC::EncodedJSValueWithRepresentationHashTraits::constructDeletedValue):
(JSC::EncodedJSValueWithRepresentationHashTraits::isDeletedValue):
(JSC::EncodedJSValueWithRepresentationHash::hash):
(JSC::EncodedJSValueWithRepresentationHash::equal):

tests/stress/arith-add-with-constants.js: Added.
tests/stress/arith-mul-with-constants.js: Added.

7:16 PM Changeset in webkit [180812] by ddkilzer@apple.com

3 edits
2 adds in trunk/LayoutTests

[iOS] Gardening: rebaseline fast/attachment results

platform/ios-simulator/fast/attachment/attachment-disabled-dom-expected.txt: Add.
platform/ios-simulator/fast/attachment/attachment-disabled-rendering-expected.txt: Update.
platform/ios-simulator/fast/attachment/attachment-dom-expected.txt: Add.
platform/ios-simulator/fast/attachment/attachment-rendering-expected.txt: Update.

6:51 PM Changeset in webkit [180811] by ddkilzer@apple.com

2 edits in trunk/LayoutTests

[iOS] Gardening: Unskip fast/history/page-cache-webdatabase-opened-db.html

platform/ios-simulator/TestExpectations: Unskip test. It

passes on iOS WK1 and WK2 because WebSQL != IndexedDB.

6:51 PM Changeset in webkit [180810] by ddkilzer@apple.com

2 edits in trunk/LayoutTests

[iOS] Gardening: Skip some new page-cache tests

platform/ios-simulator/TestExpectations:
Skip MediaSource tests: fast/history/page-cache-media-source-closed-2.html fast/history/page-cache-media-source-closed.html fast/history/page-cache-media-source-opened.html
Skip test that uses drag-and-drop: fast/history/page-cache-createObjectURL.html

6:41 PM Changeset in webkit [180809] by rniwa@webkit.org

14 edits in trunk/Source/WebCore

Node::hasEditableStyle and isEditablePosition have too many options
https://bugs.webkit.org/show_bug.cgi?id=142078

Reviewed by Andreas Kling.

Moved the code that dealt with accessibility to htmlediting.cpp from Node. This patch introduces
new editing helper functions hasEditableStyle and isEditableNode for this purpose.

Also removed UserSelectAllTreatment from isContentEditable's arguments in the favor of using
newly extracted computeEditability in call sites that specify this option since isContentEditable
is a public DOM API.

No new tests since there should be no observable behavior changes.

accessibility/AXObjectCache.h: Removed the declaration of an undefined function.

dom/Element.cpp:

(WebCore::Element::shouldUseInputMethod): Uses newly added computeEditability.

dom/Node.cpp:

(WebCore::Node::isContentEditable): Ditto. No longer takes UserSelectAllTreatment as an argument.
(WebCore::Node::isContentRichlyEditable): Ditto.
(WebCore::Node::computeEditability): Renamed from hasEditableStyle to avoid the confusion with
a helper function of the same name. Added ShouldUpdateStyle as an argument to optionally update
style tree. Also returns tri-state Editability enum instead of returning a boolean based on
the value of EditableLevel argument.
(WebCore::Node::isEditableToAccessibility): Moved to htmlediting.cpp.
(WebCore::Node::willRespondToMouseClickEvents): Uses newly added computeEditability.
(WebCore::Node::rootEditableElement): Moved to htmlediting.cpp.

dom/Node.h: No longer includes EditingBoundary.h.

(WebCore::Node::isContentEditable):
(WebCore::Node::hasEditableStyle): No longer takes EditableType as an argument.
(WebCore::Node::hasRichlyEditableStyle): Ditto.

editing/ApplyStyleCommand.cpp:

(WebCore::ApplyStyleCommand::removeInlineStyleFromElement): Uses newly added isEditableNode.
(WebCore::ApplyStyleCommand::surroundNodeRangeWithElement): Ditto.

editing/DeleteFromTextNodeCommand.cpp:

(WebCore::DeleteFromTextNodeCommand::doApply): Ditto.

editing/FrameSelection.cpp:

(WebCore::CaretBase::invalidateCaretRect): Ditto.

editing/InsertNodeBeforeCommand.cpp:

(WebCore::InsertNodeBeforeCommand::doApply): Ditto.
(WebCore::InsertNodeBeforeCommand::doUnapply): Ditto.

editing/RemoveNodeCommand.cpp:

(WebCore::RemoveNodeCommand::doApply): Ditto.

editing/VisibleSelection.cpp:

(WebCore::VisibleSelection::hasEditableStyle): Since this is the only caller of isEditablePosition
which sets DoNotUpdateStyle, directly call hasEditableStyle on the container node instead. This was
not possible prior to r180726 because isEditablePosition had to move out of tables.

editing/VisibleUnits.cpp:

(WebCore::previousLeafWithSameEditability): Uses newly added hasEditableStyle.
(WebCore::nextLeafWithSameEditability): Ditto.
(WebCore::rootEditableOrDocumentElement): Extracted from previousLinePosition. Use helper functions
in htmlediting.cpp instead of member functions of Node since they no longer support EditableType.
(WebCore::previousLinePosition):
(WebCore::nextLinePosition):

editing/htmlediting.cpp:

(WebCore::highestEditableRoot): Uses newly added hasEditableStyle.
(WebCore::isEditableToAccessibility): Moved from Node.
(WebCore::computeEditability): Extracted from isEditablePosition.
(WebCore::hasEditableStyle): Added.
(WebCore::isEditableNode): Added.
(WebCore::isEditablePosition): Now calls computeEditability.
(WebCore::isRichlyEditablePosition): No longer takes EditableType since that variant was never used.
(WebCore::editableRootForPosition): Moved the code from Node::rootEditableElement.

editing/htmlediting.h:

6:14 PM Changeset in webkit [180808] by mmaxfield@apple.com

2 edits in trunk/LayoutTests

Test gardening for Windows after r180796.

Unreviewed.

Patch by Myles C. Maxfield <mmaxfield@apple.com> on 2015-02-27

platform/win/TestExpectations:

5:57 PM Changeset in webkit [180807] by dino@apple.com

2 edits in trunk/LayoutTests

https://bugs.webkit.org/show_bug.cgi?id=142119

Unreviewed. Add fast/canvas/canvas-ellipse-zero-lineto.html
to list of failing tests on Windows.

platform/win/TestExpectations:

5:52 PM Changeset in webkit [180806] by rniwa@webkit.org

2 edits in trunk/Source/bmalloc

Fixed a typo in the previous commit.

bmalloc/BoundaryTag.h:

(bmalloc::BoundaryTag::setOwner):

5:46 PM Changeset in webkit [180805] by rniwa@webkit.org

2 edits in trunk/Source/bmalloc

EFL build fix after r180797.

bmalloc/BoundaryTag.h:

(bmalloc::BoundaryTag::owner):
(bmalloc::BoundaryTag::setOwner):

5:43 PM Changeset in webkit [180804] by Chris Dumez

10 edits
1 move
3 deletes in trunk/Source/WebKit2

[WK2] Drop legacy WKBundlePageDiagnosticLoggingClient API
https://bugs.webkit.org/show_bug.cgi?id=141176

Reviewed by Sam Weinig.

Drop legacy WKBundlePageDiagnosticLoggingClient WK2 API as we are now
exposing this functionality via WKPageDiagnosticLoggingClient.h on
UIProcess side. The client-side has already been ported over.

CMakeLists.txt:
Shared/API/c/WKSharedAPICast.h:

(WebKit::toAPI): Deleted.
(WebKit::toDiagnosticLoggingResultType): Deleted.

UIProcess/API/C/WKAPICast.h:

(WebKit::toAPI):

UIProcess/API/C/WKDiagnosticLoggingResultType.h: Renamed from Source/WebKit2/Shared/API/c/WKDiagnosticLoggingResultType.h.
WebKit2.xcodeproj/project.pbxproj:
WebProcess/InjectedBundle/API/c/WKBundlePage.cpp:

(WKBundlePageSetDiagnosticLoggingClient): Deleted.

WebProcess/InjectedBundle/API/c/WKBundlePage.h:
WebProcess/InjectedBundle/API/c/WKBundlePageDiagnosticLoggingClient.h: Removed.
WebProcess/InjectedBundle/InjectedBundlePageDiagnosticLoggingClient.cpp: Removed.
WebProcess/InjectedBundle/InjectedBundlePageDiagnosticLoggingClient.h: Removed.
WebProcess/WebCoreSupport/WebDiagnosticLoggingClient.cpp:

(WebKit::WebDiagnosticLoggingClient::logDiagnosticMessage):
(WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithResult):
(WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithValue):

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::WebPage::close):
(WebKit::WebPage::initializeInjectedBundleDiagnosticLoggingClient): Deleted.

WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::injectedBundleDiagnosticLoggingClient): Deleted.

5:33 PM Changeset in webkit [180803] by bshafiei@apple.com

5 edits in branches/safari-600.1.4.15-branch/Source

Versioning.

5:19 PM Changeset in webkit [180802] by andersca@apple.com

2 edits
1 move in trunk/Source/WebKit2

Rename WebResourceCacheManagerCFNet.cpp to WebResourceCacheManagerCFNet.mm

Rubber-stamped by Dan Bernstein.

This will let us use lambda to block conversion in a subsequent patch.

WebKit2.xcodeproj/project.pbxproj:
WebProcess/ResourceCache/cf/WebResourceCacheManagerCFNet.mm: Renamed from Source/WebKit2/WebProcess/ResourceCache/cf/WebResourceCacheManagerCFNet.cpp.

5:13 PM March 2015 Meeting edited by dino@apple.com

(diff)

5:05 PM Changeset in webkit [180801] by Chris Dumez

63 edits in trunk/Source

Make ActiveDOMObject::canSuspend() pure virtual
https://bugs.webkit.org/show_bug.cgi?id=142096
<rdar://problem/19923085>

Reviewed by Andreas Kling.

Make ActiveDOMObject::canSuspend() pure virtual so that people at least
try to provide an implementation for it. The default implementation was
returning false unconditionally and thus was preventing pages from
entering the PageCache.

4:48 PM Changeset in webkit [180800] by bshafiei@apple.com

1 copy in tags/Safari-600.1.4.15.9

New tag.

4:46 PM Changeset in webkit [180799] by commit-queue@webkit.org

6 edits in trunk/Source

Unreviewed, rolling out r180203 and r180210.
https://bugs.webkit.org/show_bug.cgi?id=142116

broke process suspension and tile map (Requested by thorton on
#webkit).

Reverted changesets:

"Adopt CAMachPort-as-layer-contents"
https://bugs.webkit.org/show_bug.cgi?id=141687
http://trac.webkit.org/changeset/180203

"Fix the !USE(IOSURFACE) build"
http://trac.webkit.org/changeset/180210

4:42 PM Changeset in webkit [180798] by commit-queue@webkit.org

13 edits
7 adds in trunk

Add WebKit2 SPI to create a DOM File object
https://bugs.webkit.org/show_bug.cgi?id=142109

Patch by Sam Weinig <sam@webkit.org> on 2015-02-27
Reviewed by Tim Horton.

Source/WebCore:

WebCore.xcodeproj/project.pbxproj:

Make <WebCore/File.h> (and associated files) available to WebKit2.

Source/WebKit2:

Add a new handle type for exposing a DOM File object to script. Follow
the pattern of WKBundleNodeHandleRef and WKBundleRangeHandleRef with the
new class WKBundleFileHandleRef. It can be created for a specific path,
and then the JS wrapper can be obtained via WKBundleFrameGetJavaScriptWrapperForFileForWorld.

Shared/API/APIObject.h:
Shared/API/c/WKBase.h:
WebKit2.xcodeproj/project.pbxproj:
WebProcess/InjectedBundle/API/c/WKBundleAPICast.h:
WebProcess/InjectedBundle/API/c/WKBundleFileHandleRef.cpp: Added.

(WKBundleFileHandleGetTypeID):
(WKBundleFileHandleCreateWithPath):

WebProcess/InjectedBundle/API/c/WKBundleFileHandleRef.h: Added.
WebProcess/InjectedBundle/API/c/WKBundleFrame.cpp:

(WKBundleFrameGetJavaScriptWrapperForFileForWorld):

WebProcess/InjectedBundle/API/c/WKBundleFrame.h:
WebProcess/InjectedBundle/DOM/InjectedBundleFileHandle.cpp: Added.

(WebKit::domHandleCache):
(WebKit::InjectedBundleFileHandle::create):
(WebKit::InjectedBundleFileHandle::getOrCreate):
(WebKit::InjectedBundleFileHandle::InjectedBundleFileHandle):
(WebKit::InjectedBundleFileHandle::~InjectedBundleFileHandle):
(WebKit::InjectedBundleFileHandle::coreFile):

WebProcess/InjectedBundle/DOM/InjectedBundleFileHandle.h: Added.
WebProcess/WebPage/WebFrame.cpp:

(WebKit::WebFrame::jsWrapperForWorld):

WebProcess/WebPage/WebFrame.h:

Tools:

Add a test for WKBundleFileHandleRef.

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit2/WKBundleFileHandle.cpp: Added.

(TestWebKitAPI::didReceiveMessageFromInjectedBundle):
(TestWebKitAPI::didFinishLoadForFrame):
(TestWebKitAPI::TEST):

TestWebKitAPI/Tests/WebKit2/WKBundleFileHandle_Bundle.cpp: Added.

(TestWebKitAPI::WKBundleFileHandleTest::WKBundleFileHandleTest):

TestWebKitAPI/Tests/WebKit2/bundle-file.html: Added.

4:29 PM Changeset in webkit [180797] by ggaren@apple.com

14 edits
1 add in trunk/Source/bmalloc

bmalloc: Pathological madvise churn on the free(malloc(x)) benchmark
https://bugs.webkit.org/show_bug.cgi?id=142058

Reviewed by Andreas Kling.

This patch more strictly segregates objects in the heap from objects in
the VM heap, with these changes:

(1) Objects in the heap are not allowed to merge with objects in the VM
heap, and vice versa -- since that would erase our precise knowledge of
which physical pages had been allocated.

(2) The VM heap is exclusively responsible for allocating and deallocating
physical pages.

(3) The heap free list must consider entries for objects that are in the
VM heap to be invalid, and vice versa. (This condition can arise
because the free list does not eagerly remove items.)

With these changes, we can know that any valid object in the heap's free
list already has physical pages, and does not need to call madvise.

bmalloc.xcodeproj/project.pbxproj:

bmalloc/BoundaryTag.h:

bmalloc/Deallocator.cpp:

bmalloc/FreeList.cpp: Adopt

(bmalloc::FreeList::takeGreedy):
(bmalloc::FreeList::take):
(bmalloc::FreeList::removeInvalidAndDuplicateEntries):

bmalloc/FreeList.h:

(bmalloc::FreeList::push): Added API for considering the owner when
deciding if a free list entry is valid.

bmalloc/Heap.cpp:

(bmalloc::Heap::Heap): Adopt new API.

(bmalloc::Heap::scavengeLargeRanges): Scavenge all ranges with no minimum,
since some ranges might be able to merge with ranges in the VM heap, and
they won't be allowed to until we scavenge them.

(bmalloc::Heap::allocateSmallPage):
(bmalloc::Heap::allocateMediumPage):
(bmalloc::Heap::allocateLarge): New VM heap API makes this function
simpler, since we always get back physical pages now.

bmalloc/Heap.h:
bmalloc/LargeObject.h:

bmalloc/Owner.h: Added.

bmalloc/SegregatedFreeList.cpp:

(bmalloc::SegregatedFreeList::SegregatedFreeList):
(bmalloc::SegregatedFreeList::insert):
(bmalloc::SegregatedFreeList::takeGreedy):
(bmalloc::SegregatedFreeList::take):

bmalloc/SegregatedFreeList.h: Propogate the owner API.

bmalloc/VMAllocate.h:

(bmalloc::vmDeallocatePhysicalPagesSloppy):
(bmalloc::vmAllocatePhysicalPagesSloppy): Clarified these functions and
removed an edge case.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::VMHeap):

bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateLargeRange): Deleted.
(bmalloc::VMHeap::deallocateLargeRange): Deleted.

4:28 PM Changeset in webkit [180796] by mmaxfield@apple.com

26 edits in trunk/LayoutTests

Updating more tests after r177774

Unreviewed.

Most of these tests simply need to be updated. However, I found two real bugs while
going through these!

fast/css-generated-content/after-with-inline-continuation-expected.html:
fast/css-generated-content/after-with-inline-continuation.html:
fast/inline/hidpi-pixel-gap-between-adjacent-selection-inlines-expected.html:
fast/inline/hidpi-select-inline-on-subpixel-position-expected.html:
fast/inline/hidpi-select-inline-on-subpixel-position.html:
fast/lists/rtl-marker-expected.html:
fast/lists/rtl-marker.html:
fast/multicol/cell-shrinkback-expected.html:
fast/multicol/cell-shrinkback.html:
fast/multicol/newmulticol/breaks-3-columns-3-expected.html:
fast/multicol/newmulticol/breaks-3-columns-3.html:
fast/regions/last-region-border-radius-expected.html:
fast/regions/last-region-border-radius.html:
fast/regions/overflow/overflow-first-and-last-regions.html:
fast/regions/overflow/overflow-in-uniform-regions-dynamic-expected.html:
fast/regions/overflow/overflow-in-uniform-regions-dynamic.html:
fast/shapes/shape-outside-floats/shape-outside-floats-inset-rounded-large-radius-expected.html:
fast/shapes/shape-outside-floats/shape-outside-floats-inset-rounded-large-radius.html:
fast/shapes/shape-outside-floats/shape-outside-rounded-inset-expected.html:
fast/shapes/shape-outside-floats/shape-outside-rounded-inset.html:
fast/table/td-width-fifty-percent-regression-expected.html:
fast/table/td-width-fifty-percent-regression.html:
fast/text/complex-initial-advance-expected.html:
fast/text/complex-initial-advance.html:
platform/mac/TestExpectations:

4:23 PM Changeset in webkit [180795] by mmaxfield@apple.com

5 edits in trunk

[Subpixel] Subpixelize RenderListMarker
https://bugs.webkit.org/show_bug.cgi?id=142093

Reviewed by Zalan Bujtas.

Source/WebCore:

Use floats instead of ints.

Test: fast/lists/rtl-marker.html

rendering/RenderListMarker.cpp:

(WebCore::RenderListMarker::paint):
(WebCore::RenderListMarker::updateContent):
(WebCore::RenderListMarker::getRelativeMarkerRect):

rendering/RenderListMarker.h:

LayoutTests:

platform/mac/TestExpectations: Unskip fast/lists/rtl-marker.html

4:09 PM Changeset in webkit [180794] by timothy_horton@apple.com

7 edits in trunk/Source/WebCore

<attachment> should be selected immediately upon click, and be drag/copyable upon click
https://bugs.webkit.org/show_bug.cgi?id=142114
<rdar://problem/19982520>

Reviewed by Enrica Casucci.

css/html.css:

(attachment):
Make attachment use 'user-select: all' to act as a single click-to-select unit.

html/HTMLAttachmentElement.cpp:

(WebCore::HTMLAttachmentElement::setFocus): Deleted.

html/HTMLAttachmentElement.h:
rendering/RenderAttachment.cpp:

(WebCore::RenderAttachment::isFocused): Deleted.
(WebCore::RenderAttachment::focusChanged): Deleted.

rendering/RenderAttachment.h:
rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::paintAttachment):
Remove focus-related code; instead of focusing the element upon click,
we get a selection including just the <attachment>, and everything
behaves much more consistently (copy works, drag works, etc.).

4:06 PM Changeset in webkit [180793] by ap@apple.com

4 edits in trunk/LayoutTests

Test gardening, unmark now passing tests.

TestExpectations:
platform/mac-wk2/TestExpectations:
platform/mac/TestExpectations:

4:02 PM Changeset in webkit [180792] by mmaxfield@apple.com

7 edits in trunk

[iOS] Some MathML tests crash in RenderMathMLOperator::advanceForGlyph() or boundsForGlyph()
https://bugs.webkit.org/show_bug.cgi?id=141371

Reviewed by David Kilzer.

Source/WebCore:

Null checks.

Covered by existing mathml tests.

rendering/mathml/RenderMathMLOperator.cpp:

(WebCore::RenderMathMLOperator::boundsForGlyph):
(WebCore::RenderMathMLOperator::advanceForGlyph):
(WebCore::RenderMathMLOperator::getDisplayStyleLargeOperator):

LayoutTests:

Updating expected results and TestExpectations

platform/ios-simulator-wk2/TestExpectations:
platform/ios-simulator/mathml/opentype/horizontal-munderover-expected.txt:
platform/ios-simulator/mathml/opentype/large-operators-expected.txt:
platform/ios-simulator/mathml/opentype/vertical-expected.txt:

3:46 PM Changeset in webkit [180791] by Chris Dumez

8 edits
2 adds in trunk

Make SourceBuffer ActiveDOMObject suspendable
https://bugs.webkit.org/show_bug.cgi?id=142108
<rdar://problem/19923085>

Reviewed by Jer Noble.

Source/WebCore:

Make SourceBuffer ActiveDOMObject suspendable if it is removed from its
MediaSource and does not have any pending events. This makes it more
likely for pages using SourceBuffer objects to go into the PageCache.

Test: fast/history/page-cache-removed-source-buffer.html

Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::canSuspend):

Modules/mediasource/SourceBuffer.h:

LayoutTests:

Add a layout tests to check that a SourceBuffer removed from its
MediaSource does not prevent a Page from entering PageCache.

fast/history/page-cache-removed-source-buffer-expected.txt: Added.
fast/history/page-cache-removed-source-buffer.html: Added.

3:40 PM Changeset in webkit [180790] by dino@apple.com

8 edits
19 adds in trunk

Add support for canvas ellipse method
https://bugs.webkit.org/show_bug.cgi?id=82791
<rdar://problem/11159172>

Patch by Sam Weinig <sam@webkit.org> on 2015-02-26
Reviewed by Dirk Schulze.

Source/WebCore:

Tests: fast/canvas/canvas-ellipse-360-winding.html

fast/canvas/canvas-ellipse-circumference-fill.html
fast/canvas/canvas-ellipse-circumference.html
fast/canvas/canvas-ellipse-connecting-line.html
fast/canvas/canvas-ellipse-negative-radius.html
fast/canvas/canvas-ellipse-zero-lineto.html
fast/canvas/canvas-ellipse.html

html/canvas/CanvasPathMethods.h:
html/canvas/CanvasPathMethods.cpp:

(WebCore::CanvasPathMethods::lineTo):
Convenience for passing a FloatPoint instead of two floats.

(WebCore::normalizeAngles):
Normalizes the angles as described in the HTML spec. Ensuring the startAngle
is greater than 0 and less than 2pi, and the the endAngle is at most 2pi
from the start angle.

(WebCore::CanvasPathMethods::arc):

Renames some of the parameters to be clearer.
Normalizes the angles for consistency with ellipse.
Moves hasInvertibleTransform() higher in the function for consistency.

(WebCore::CanvasPathMethods::ellipse): Added.

html/canvas/CanvasRenderingContext2D.idl:
html/canvas/DOMPath.idl:

Add ellipse(...).

platform/graphics/Path.h:
platform/graphics/cg/PathCG.cpp:

(WebCore::Path::addArc):
Rename parameters for clarity and use a nullptr.

(WebCore::Path::addEllipse):
Added. Constructs an ellipse via a transformed arc.

LayoutTests:

fast/canvas/canvas-ellipse-360-winding-expected.txt: Added.
fast/canvas/canvas-ellipse-360-winding.html: Added.
fast/canvas/canvas-ellipse-circumference-expected.txt: Added.
fast/canvas/canvas-ellipse-circumference-fill-expected.txt: Added.
fast/canvas/canvas-ellipse-circumference-fill.html: Added.
fast/canvas/canvas-ellipse-circumference.html: Added.
fast/canvas/canvas-ellipse-connecting-line-expected.html: Added.
fast/canvas/canvas-ellipse-connecting-line.html: Added.
fast/canvas/canvas-ellipse-expected.txt: Added.
fast/canvas/canvas-ellipse-negative-radius-expected.txt: Added.
fast/canvas/canvas-ellipse-negative-radius.html: Added.
fast/canvas/canvas-ellipse-zero-lineto-expected.txt: Added.
fast/canvas/canvas-ellipse-zero-lineto.html: Added.
fast/canvas/canvas-ellipse.html: Added.
fast/canvas/script-tests/canvas-ellipse-360-winding.js: Added.
fast/canvas/script-tests/canvas-ellipse.js: Added.
fast/canvas/script-tests/js-ellipse-implementation.js: Added.
platform/mac/fast/canvas/canvas-ellipse-circumference-expected.png: Added.
platform/mac/fast/canvas/canvas-ellipse-circumference-fill-expected.png: Added.

3:37 PM Changeset in webkit [180789] by commit-queue@webkit.org

4 edits in trunk/LayoutTests

Test more features of content extensions.
https://bugs.webkit.org/show_bug.cgi?id=142100

Patch by Alex Christensen <achristensen@webkit.org> on 2015-02-27
Reviewed by Brady Eidson.

http/tests/usercontentfilter/basic-filter.html:
http/tests/usercontentfilter/basic-filter.html.json:
platform/mac/http/tests/usercontentfilter/basic-filter-expected.txt:

3:35 PM Changeset in webkit [180788] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Use Maps in ResourceCollection instead of objects
https://bugs.webkit.org/show_bug.cgi?id=142101

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-02-27
Reviewed by Timothy Hatcher.

UserInterface/Models/ResourceCollection.js:

(WebInspector.ResourceCollection):
(WebInspector.ResourceCollection.prototype.resourcesWithType):
(WebInspector.ResourceCollection.prototype.removeAllResources):
(WebInspector.ResourceCollection.prototype.resourceForURL):
(WebInspector.ResourceCollection.prototype._associateWithResource):
(WebInspector.ResourceCollection.prototype._disassociateWithResource):
(WebInspector.ResourceCollection.prototype._resourceURLDidChange):
(WebInspector.ResourceCollection.prototype._resourceTypeDidChange):
Use Maps instead of objects.

3:32 PM Changeset in webkit [180787] by msaboff@apple.com

2 edits in trunk/Tools

Add ability for run-jsc-benchmarks to set library path from test binary when run on a build bot
https://bugs.webkit.org/show_bug.cgi?id=142112

Reviewed by Filip Pizlo.

Added check for VMs in the form of <someDir>/{DumpRenderTree,webkitTestRunner,jsc} and use
<someDir> as the library path.

Scripts/run-jsc-benchmarks:

3:31 PM Changeset in webkit [180786] by ap@apple.com

2 edits in trunk/LayoutTests

Some WebGL tests fail on ATI hardware
https://bugs.webkit.org/show_bug.cgi?id=93560
rdar://problem/19991477

platform/mac/TestExpectations: Updating expectations, as this is not limited to

Mavericks.

3:07 PM Changeset in webkit [180785] by enrica@apple.com

7 edits
2 adds in trunk

Adding support for serializing HTMLAttachment elements.
https://bugs.webkit.org/show_bug.cgi?id=142026

Reviewed by Tim Horton.

Source/WebCore:

Test: editing/pasteboard/copy-paste-attachment.html

Adding support to serialize the attachment element
and properly handle it when converting a DOM range
to NSAttributedString.

editing/cocoa/HTMLConverter.mm:

(HTMLConverter::_processElement):

editing/markup.cpp:

(WebCore::StyledMarkupAccumulator::appendCustomAttributes): Create new attribute
for attachment element when serializating.
(WebCore::StyledMarkupAccumulator::appendElement):
(WebCore::createFragmentFromMarkup): Remove the attribute from the attachment element
when creating the fragment.

html/HTMLAttachmentElement.cpp:

(WebCore::HTMLAttachmentElement::file): Added const to file() to
use it in appendCustonAttributes where the element is a const reference.

html/HTMLAttachmentElement.h:
html/HTMLAttributeNames.in:

LayoutTests:

editing/pasteboard/copy-paste-attachment-expected.txt: Added.
editing/pasteboard/copy-paste-attachment.html: Added.

3:00 PM Changeset in webkit [180784] by timothy_horton@apple.com

2 edits in trunk/Source/WebCore

<attachment> should have an inactive style (gray in background)
https://bugs.webkit.org/show_bug.cgi?id=142103
<rdar://problem/19982486>

Reviewed by Dan Bernstein.

rendering/RenderThemeMac.mm:

(WebCore::attachmentLabelInactiveBackgroundColor):
(WebCore::attachmentLabelInactiveTextColor):
(WebCore::RenderThemeMac::paintAttachmentLabelBackground):
(WebCore::RenderThemeMac::paintAttachmentLabel):
Use a gray background and gray text when the selection containing the
attachment isn't focused and active.

2:50 PM Changeset in webkit [180783] by beidson@apple.com

9 edits
7 adds in trunk

Add a "block-cookies" rule to the user content filter.
https://bugs.webkit.org/show_bug.cgi?id=142105

Reviewed by Alex Christensen.

Source/WebCore:

Tests: http/tests/usercontentfilter/block-cookies-basic.html

http/tests/usercontentfilter/block-cookies-send.html

contentextensions/ContentExtensionRule.h:

contentextensions/ContentExtensionsBackend.cpp:

(WebCore::ContentExtensions::ContentExtensionsBackend::actionForURL):
(WebCore::ContentExtensions::ContentExtensionsBackend::shouldBlockURL): Deleted.

contentextensions/ContentExtensionsBackend.h:

contentextensions/ContentExtensionsManager.cpp:

(WebCore::ContentExtensions::ExtensionsManager::loadAction):

loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):

page/UserContentController.cpp:

(WebCore::UserContentController::actionForURL):
(WebCore::UserContentController::contentFilterBlocksURL): Deleted.

page/UserContentController.h:

LayoutTests:

http/tests/cookies/resources/echo-cookies.php: Added.
http/tests/usercontentfilter/block-cookies-basic-expected.txt: Added.
http/tests/usercontentfilter/block-cookies-basic.html: Added.
http/tests/usercontentfilter/block-cookies-basic.html.json: Added.
http/tests/usercontentfilter/block-cookies-send-expected.txt: Added.
http/tests/usercontentfilter/block-cookies-send.html: Added.
http/tests/usercontentfilter/block-cookies-send.html.json: Added.

2:45 PM Changeset in webkit [180782] by Beth Dakin

2 edits in trunk/Source/WebKit2

Lookup panel dismisses when pages are loading in other tabs/windows
https://bugs.webkit.org/show_bug.cgi?id=142104
-and corresponding-
rdar://problem/19882137

Reviewed by Tim Horton.

Until rdar://problem/13875766 is resolved, we should only call into Lookup and
DataDetectors for key windows.

UIProcess/API/mac/WKView.mm:

(-[WKView _dismissContentRelativeChildWindows]):

2:17 PM Changeset in webkit [180781] by achristensen@apple.com

5 edits in trunk

[WinCairo] Unreviewed build fix.

Source/WebCore:

platform/graphics/BitmapImage.h:
platform/win/BitmapInfo.h:

Added WEBCORE_EXPORT.

Tools:

TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPICommonWinCairo.props:

Use TestWebKitAPIPrefix.h like in TestWebKitAPICommon.props.

1:56 PM Changeset in webkit [180780] by timothy_horton@apple.com

6 edits in trunk/Source/WebCore

<attachment>'s label baseline should match that of the surrounding text
https://bugs.webkit.org/show_bug.cgi?id=142099
rdar://problem/19982495

Reviewed by Dan Bernstein.

rendering/RenderAttachment.cpp:

(WebCore::RenderAttachment::baselinePosition):

rendering/RenderAttachment.h:

Override baselinePosition and retrieve it from RenderTheme.

rendering/RenderTheme.h:

(WebCore::RenderTheme::attachmentBaseline):

rendering/RenderThemeMac.h:
rendering/RenderThemeMac.mm:

(WebCore::AttachmentLayout::AttachmentLayout):
(WebCore::RenderThemeMac::attachmentBaseline):
Plumb the label baseline from AttachmentLayout to RenderAttachment.

1:42 PM Changeset in webkit [180779] by commit-queue@webkit.org

12 edits in trunk/Source/WebCore

Unreviewed, rolling out r180752.
https://bugs.webkit.org/show_bug.cgi?id=142098

Causes 10 SVG test failures on Windows. (Requested by
bfulgham_ on #webkit).

Reverted changeset:

"Cache glyph widths to GlyphPages"
https://bugs.webkit.org/show_bug.cgi?id=142028
http://trac.webkit.org/changeset/180752

1:40 PM Changeset in webkit [180778] by rniwa@webkit.org

4 edits in trunk/LayoutTests

iOS, GTK, and EFL rebaselines after r180726.

platform/efl/editing/inserting/5058163-1-expected.txt:
platform/gtk/editing/inserting/5058163-1-expected.txt:
platform/ios-simulator-wk2/editing/inserting/5058163-1-expected.txt:

1:39 PM Changeset in webkit [180777] by ddkilzer@apple.com

2 edits in trunk/Source/WebCore

[iOS] Fix build by defining EAGL_IOSURFACE macro before including <OpenGLES/EAGLPrivate.h>

platform/spi/ios/OpenGLESSPI.h: Define EAGL_IOSURFACE macro

until header refactoring is completed.

1:34 PM Changeset in webkit [180776] by Chris Dumez

6 edits in trunk/LayoutTests

Unreviewed, skip tests added in r180771 on platforms that don't support IndexedDB.

platform/efl/TestExpectations:
platform/gtk/TestExpectations:
platform/ios-simulator/TestExpectations:
platform/win/TestExpectations:
platform/wincairo/TestExpectations:

1:27 PM Changeset in webkit [180775] by Brent Fulgham

2 edits in trunk/LayoutTests

[Win] Skip IndexDB tests on Windows since it's not implemented.

platform/win/TestExpectations:

1:18 PM Changeset in webkit [180774] by Chris Dumez

8 edits
6 adds in trunk

MediaSource should be suspendable when closed
https://bugs.webkit.org/show_bug.cgi?id=142089
<rdar://problem/19923085>

Reviewed by Jer Noble.

Source/WebCore:

Make MediaSource ActiveDOMObject suspendable when it is in closed state
and it has no pending events. This increases the likelihood of pages
using MediaSource to enter the PageCache.

Tests: fast/history/page-cache-media-source-closed-2.html

fast/history/page-cache-media-source-closed.html
fast/history/page-cache-media-source-opened.html

LayoutTests:

Add layout tests to check that:

Pages with an open MediaSource do not enter the PageCache
Pages with an initially closed MediaSource enter the PageCache
Pages with a MediaSource that changed state from opened to closed enter the PageCache.

12:14 PM Changeset in webkit [180773] by andersca@apple.com

11 edits in trunk

Add infrastructure for handling website data in the network process
https://bugs.webkit.org/show_bug.cgi?id=142092

Reviewed by Andreas Kling.

Source/WebKit2:

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::fetchWebsiteData):
(WebKit::NetworkProcess::deleteWebsiteDataForOrigins):
Send back "Did" messages without actually doing anything for now.

NetworkProcess/NetworkProcess.h:

Add new members.

NetworkProcess/NetworkProcess.messages.in:

Add FetchWebsiteData and DeleteWebsiteDataForOrigins messages.

UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::~NetworkProcessProxy):
Assert that all maps are empty.

(WebKit::NetworkProcessProxy::fetchWebsiteData):
(WebKit::NetworkProcessProxy::deleteWebsiteDataForOrigins):
Add callbacks and send fetch and delete messages respectively.

(WebKit::NetworkProcessProxy::networkProcessCrashedOrFailedToLaunch):
Make sure to invoke all callbacks.

(WebKit::NetworkProcessProxy::didFetchWebsiteData):
Find the callback and invoke it.

(WebKit::NetworkProcessProxy::didDeleteWebsiteDataForOrigins):
Ditto.

UIProcess/Network/NetworkProcessProxy.h:

Add new members.

UIProcess/Network/NetworkProcessProxy.messages.in:

Add DidFetchWebsiteData and DidDeleteWebsiteDataForOrigins messages.

UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::connectionDidClose):
Just pass an empty WebsiteData object.

Tools:

Add a menu item that will fetch all website data, delete the returned data records, and
fetch all website data again so we can confirm that it's all empty.

MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController fetchAndClearWebsiteData:]):

11:52 AM Changeset in webkit [180772] by akling@apple.com

18 edits in trunk/Source/WebCore

Use NeverDestroyed for JS wrapper owners.
<https://webkit.org/b/142090>

Reviewed by Chris Dumez.

Using NeverDestroyed puts these objects in BSS which is preferable
since that prevents them from pinning down entire malloc pages forever.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader): Use NeverDestroyed instead of DEPRECATED_DEFINE_STATIC_LOCAL.

bindings/scripts/test/JS/*: Rebaseline bindings tests for this change.

11:24 AM Changeset in webkit [180771] by Chris Dumez

7 edits
4 adds in trunk

Make IDBDatabase / IDBRequest suspendable
https://bugs.webkit.org/show_bug.cgi?id=142076
<rdar://problem/19923085>

Reviewed by Andreas Kling.

Source/WebCore:

Make IDBDatabase / IDBRequest suspendable under certain conditions to
make it more likely for pages using indexeddb to enter the PageCache.

IDBDatabase is safely suspendable if the database is closed. IDBRequest
is safely suspendable if the request no longer has any pending activity
(i.e. state is DONE and success / failure handler was called). We may
be able to do better later but this is the bare minimum for now.

Tests: fast/history/page-cache-indexed-closed-db.html

fast/history/page-cache-indexed-opened-db.html

Modules/indexeddb/IDBDatabase.cpp:

(WebCore::IDBDatabase::IDBDatabase):
(WebCore::IDBDatabase::closeConnection):
(WebCore::IDBDatabase::enqueueEvent):
(WebCore::IDBDatabase::canSuspend):

Modules/indexeddb/IDBDatabase.h:
Modules/indexeddb/IDBRequest.cpp:

(WebCore::IDBRequest::canSuspend):

Modules/indexeddb/IDBRequest.h:

LayoutTests:

Add layout tests to make sure that:

A page with an open indexeddb database is not page-cacheable
A page with a closed indexeddb database is page-cacheable

fast/history/page-cache-indexed-closed-db-expected.txt: Added.
fast/history/page-cache-indexed-closed-db.html: Added.
fast/history/page-cache-indexed-opened-db-expected.txt: Added.
fast/history/page-cache-indexed-opened-db.html: Added.

11:22 AM Changeset in webkit [180770] by Chris Dumez

7 edits
2 adds in trunk

Drop unnecessary DatabaseManager::hasOpenDatabases() in PageCache::canCachePageContainingThisFrame()
https://bugs.webkit.org/show_bug.cgi?id=142052

Reviewed by Andreas Kling.

Source/WebCore:

Drop WebDatabase special-handling from PageCache::canCachePageContainingThisFrame().
DatabaseContext is already an ActiveDOMObject and DatabaseContext::canSuspend() was
returning false so pages using WebDatabase would never enter the PageCache anyway.

This patch also overrides ActiveDOMObject::canSuspend() in DatabaseContext to only
return false when there are open databases. This check is now equivalent to the one
that was in PageCache.

An issue that remains is that DatabaseContext::m_hasOpenDatabases is never reset
to false so once a page opened a database, it will never be page-cacheable. This
will be taken care of separately though.

Test: fast/history/page-cache-webdatabase-opened-db.html

Modules/webdatabase/DatabaseContext.cpp:

(WebCore::DatabaseContext::canSuspend):

Modules/webdatabase/DatabaseContext.h:
history/PageCache.cpp:

(WebCore::logCanCacheFrameDecision):
(WebCore::PageCache::canCachePageContainingThisFrame):

page/DiagnosticLoggingKeys.cpp:

(WebCore::DiagnosticLoggingKeys::hasOpenDatabasesKey): Deleted.

page/DiagnosticLoggingKeys.h:

LayoutTests:

Add a layout test to check that a page with an open WebDatabase does
not enter the PageCache.

fast/history/page-cache-webdatabase-opened-db-expected.txt: Added.
fast/history/page-cache-webdatabase-opened-db.html: Added.

11:20 AM Changeset in webkit [180769] by achristensen@apple.com

6 edits
5 adds in trunk/Source/WebCore

Compile DFA to bytecode.
https://bugs.webkit.org/show_bug.cgi?id=142031

Reviewed by Benjamin Poulain.

WebCore.xcodeproj/project.pbxproj:
contentextensions/ContentExtensionsBackend.cpp:

(WebCore::ContentExtensions::ContentExtensionsBackend::setRuleList):
(WebCore::ContentExtensions::ContentExtensionsBackend::shouldBlockURL):

contentextensions/ContentExtensionsBackend.h:
contentextensions/DFA.cpp:

(WebCore::ContentExtensions::DFA::nextState): Deleted.
(WebCore::ContentExtensions::DFA::actions): Deleted.

contentextensions/DFA.h:

(WebCore::ContentExtensions::DFA::size):
(WebCore::ContentExtensions::DFA::nodeAt):

contentextensions/DFABytecode.h: Added.

(WebCore::ContentExtensions::instructionSizeWithArguments):

contentextensions/DFABytecodeCompiler.cpp: Added.

(WebCore::ContentExtensions::append):
(WebCore::ContentExtensions::set32Bits):
(WebCore::ContentExtensions::DFABytecodeCompiler::emitAppendAction):
(WebCore::ContentExtensions::DFABytecodeCompiler::emitJump):
(WebCore::ContentExtensions::DFABytecodeCompiler::emitCheckValue):
(WebCore::ContentExtensions::DFABytecodeCompiler::emitTerminate):
(WebCore::ContentExtensions::DFABytecodeCompiler::reserveBufferCapacity):
(WebCore::ContentExtensions::DFABytecodeCompiler::compileNode):
(WebCore::ContentExtensions::DFABytecodeCompiler::compile):

contentextensions/DFABytecodeCompiler.h: Added.

(WebCore::ContentExtensions::DFABytecodeCompiler::DFABytecodeCompiler):

contentextensions/DFABytecodeInterpreter.cpp: Added.

(WebCore::ContentExtensions::getBits):
(WebCore::ContentExtensions::DFABytecodeInterpreter::interpret):

contentextensions/DFABytecodeInterpreter.h: Added.

(WebCore::ContentExtensions::DFABytecodeInterpreter::DFABytecodeInterpreter):

10:50 AM Changeset in webkit [180768] by enrica@apple.com

10 edits in trunk/Source/WebKit2

[WK2] REGRESSION(r180465): WebKit::WebPage::editorState() triggers a layout.
https://bugs.webkit.org/show_bug.cgi?id=142015

Reviewed by Alexey Proskuryakov.

We no longer compute the font information at selection
when we update the editor state.
Instead, we request the font information only when the selection
changes and the font panel is visible.
I added an observer to be notified of the font panel visibility
changes to update NSFontManager to reflect the font at the
current selection.

Shared/EditorState.cpp:

(WebKit::EditorState::encode):
(WebKit::EditorState::decode):

Shared/EditorState.h:

(WebKit::EditorState::EditorState):

UIProcess/API/mac/WKView.mm:

(-[WKView updateFontPanelIfNeeded]):
(-[WKView _selectionChanged]):
(-[WKView addWindowObserversForWindow:]):
(-[WKView removeWindowObservers]):
(-[WKView observeValueForKeyPath:ofObject:change:context:]):

UIProcess/WebPageProxy.h:
UIProcess/WebPageProxy.messages.in:
UIProcess/mac/WebPageProxyMac.mm:

(WebKit::WebPageProxy::fontAtSelection):
(WebKit::WebPageProxy::fontAtSelectionCallback):

WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/WebPage.messages.in:
WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::platformEditorState):
(WebKit::WebPage::fontAtSelection):

10:43 AM Changeset in webkit [180767] by Alan Bujtas

3 edits
2 adds in trunk

Use after free in WebCore::RenderNamedFlowFragment::restoreRegionObjectsOriginalStyle
https://bugs.webkit.org/show_bug.cgi?id=138366

Reviewed by Dave Hyatt.

This patch ensures that we clean up RenderNamedFlowFragment::m_renderObjectRegionStyle when embedded flow content is getting destroyed.

Source/WebCore:

Test: fast/regions/region-with-multicolumn-embedded-crash.html

rendering/RenderObject.cpp:

(WebCore::RenderObject::removeFromRenderFlowThreadIncludingDescendants):

LayoutTests:

fast/regions/region-with-multicolumn-embedded-crash-expected.txt: Added.
fast/regions/region-with-multicolumn-embedded-crash.html: Added.

10:33 AM Changeset in webkit [180766] by beidson@apple.com

19 edits in trunk/Source

Add API to remove a single content filter.
<rdar://problem/19977764> and https://bugs.webkit.org/show_bug.cgi?id=142088

Reviewed by Sam Weinig.

Source/WebCore:

page/UserContentController.cpp:

(WebCore::UserContentController::removeUserContentFilter):

page/UserContentController.h:

Source/WebKit2:

Shared/WebPageGroupData.h:

UIProcess/API/C/WKPageGroup.cpp:

(WKPageGroupRemoveUserContentFilter):

UIProcess/API/C/WKPageGroup.h:
UIProcess/API/Cocoa/WKUserContentController.mm:

(-[WKUserContentController _removeUserContentFilter:]):

UIProcess/API/Cocoa/WKUserContentControllerPrivate.h:
UIProcess/UserContent/WebUserContentControllerProxy.cpp:

(WebKit::WebUserContentControllerProxy::WebUserContentControllerProxy):
(WebKit::WebUserContentControllerProxy::addProcess):
(WebKit::WebUserContentControllerProxy::addUserContentFilter):
(WebKit::WebUserContentControllerProxy::removeUserContentFilter):
(WebKit::WebUserContentControllerProxy::removeAllUserContentFilters):

UIProcess/UserContent/WebUserContentControllerProxy.h:

UIProcess/WebPageGroup.cpp:

(WebKit::WebPageGroup::addUserContentFilter):
(WebKit::WebPageGroup::removeUserContentFilter):

UIProcess/WebPageGroup.h:

WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::WebUserContentController::removeUserContentFilter):

WebProcess/UserContent/WebUserContentController.h:
WebProcess/UserContent/WebUserContentController.messages.in:

WebProcess/WebPage/WebPageGroupProxy.cpp:

(WebKit::WebPageGroupProxy::WebPageGroupProxy):
(WebKit::WebPageGroupProxy::removeUserContentFilter):

WebProcess/WebPage/WebPageGroupProxy.h:
WebProcess/WebPage/WebPageGroupProxy.messages.in:

10:09 AM Changeset in webkit [180765] by Brent Fulgham

16 edits in trunk

[Win] Remove remaining SafariTheme cruft
https://bugs.webkit.org/show_bug.cgi?id=142075

Reviewed by Anders Carlsson.

Remove reference to SafariTheme-switching preference.

Source/WebCore:

Tested by existing layout tests.

WebCore.vcxproj/WebCore.vcxproj:
WebCore.vcxproj/WebCore.vcxproj.filters:
config.h:
page/Settings.cpp:

(WebCore::Settings::fontRenderingMode):
(WebCore::Settings::setShouldPaintNativeControls): Deleted.

page/Settings.h:

(WebCore::Settings::shouldPaintNativeControls): Deleted.

platform/win/ScrollbarThemeWin.cpp:

(WebCore::ScrollbarTheme::nativeTheme):

rendering/RenderThemeWin.cpp:

(WebCore::RenderTheme::themeForPage):

Source/WebKit/win:

Interfaces/IWebPreferencesPrivate.idl:
WebKitClassFactory.cpp:

(WebKitClassFactory::WebKitClassFactory):
(WebKitClassFactory::QueryInterface):
(WebKitClassFactory::AddRef):
(WebKitClassFactory::Release):
(WebKitClassFactory::CreateInstance):
(WebKitClassFactory::LockServer):

WebPreferences.cpp:

(WebPreferences::shouldPaintNativeControls): Deleted.
(WebPreferences::setShouldPaintNativeControls): Deleted.

WebPreferences.h:
WebView.cpp:

(WebView::initWithFrame):
(WebView::notifyPreferencesChanged):

Tools:

DumpRenderTree/win/DumpRenderTree.cpp:

(resetWebPreferencesToConsistentValues):
(prepareConsistentTestingEnvironment):

9:49 AM Changeset in webkit [180764] by Carlos Garcia Campos

7 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r180511 - Drawing an SVG image into a canvas using drawImage() ignores globalAlpha.
https://bugs.webkit.org/show_bug.cgi?id=141729.

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-02-23
Reviewed by Simon Fraser.

Source/WebCore:

When drawing an SVG image and the drawing context is set to be transparent,
make sure this transparency is applied to the compositing layer.

Test: svg/canvas/canvas-global-alpha-svg.html

platform/graphics/GraphicsContext.cpp:

(WebCore::GraphicsContext::setAlpha): Make setAlpha() calls the platform
function and sets 'm_state.alpha' to the input value.

(WebCore::GraphicsContext::alpha): Add a new function 'alpha()' which
returns the value of the global alpha.

platform/graphics/GraphicsContext.h:

(WebCore::GraphicsContextState::GraphicsContextState): Add a new member
'alpha' to the context state since the getter function CGContextGetAlpha
is defined only in a private header file. Also move single line functions
from the source file to the header file.

platform/graphics/cairo/GraphicsContextCairo.cpp:

(WebCore::GraphicsContext::setPlatformAlpha):
(WebCore::GraphicsContext::setAlpha): Deleted.

platform/graphics/cg/GraphicsContextCG.cpp:

(WebCore::GraphicsContext::setPlatformAlpha):
(WebCore::GraphicsContext::setAlpha): Deleted.
Rename setAlpha() to setPlatformAlpha() in the platform files. Add setAlpha()
to the core file. setAlpha() will set the value of 'm_state.alpha' and call
setPlatformAlpha().

svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::draw): If the drawing context is transparent, apply its
global alpha value to the compositing layer.

LayoutTests:

Add a new test which draws an SVG image on a canvas after setting its
globalAlpha to a value less than 1.

svg/canvas/canvas-global-alpha-svg-expected.html: Added.
svg/canvas/canvas-global-alpha-svg.html: Added.

9:35 AM Changeset in webkit [180763] by Carlos Garcia Campos

2 edits
1 add in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r180505 - Crash in DFGFrozenValue
https://bugs.webkit.org/show_bug.cgi?id=141883

Reviewed by Benjamin Poulain.

If a value might be a cell, then we have to have Graph freeze it rather than trying to
create the FrozenValue directly. Creating it directly is just an optimization for when you
know for sure that it cannot be a cell.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

tests/stress/regress-141883.js: Added. Hacked the original test to be faster while still crashing before this fix.

9:34 AM Changeset in webkit [180762] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r180503 - [GStreamer] Redundant track language notifications
https://bugs.webkit.org/show_bug.cgi?id=141908

Reviewed by Žan Doberšek.

Invoke languageChanged only if the language code actually
changed.

platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:

(WebCore::TrackPrivateBaseGStreamer::notifyTrackOfTagsChanged):

9:32 AM Changeset in webkit [180761] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8

Merge r180502 - [GTK] Fails to compile with cmake 3.2.x
https://bugs.webkit.org/show_bug.cgi?id=141796

With cmake 3.2.x we have to explicitly ask for X11 otherwise the
X11_X11_LIB variable won't be set thus the X11 linker flags won't be
added and the build will fail.

Patch by Tomas Popela <tpopela@redhat.com> on 2015-02-23
Reviewed by Martin Robinson.

Source/cmake/OptionsGTK.cmake:

9:31 AM Changeset in webkit [180760] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.8

Merge r180492 - Print a console warning when HTMLCanvasElement exceeds the maximum size
https://bugs.webkit.org/show_bug.cgi?id=141861
<rdar://problem/19729145>

Reviewed by Simon Fraser.

Source/WebCore:

Add a warning if we ever try to create a canvas that is
too big.

No test because:

We can't ref-test against console messages.
The output is platform specific.

html/HTMLCanvasElement.cpp:

(WebCore::HTMLCanvasElement::createImageBuffer):

LayoutTests:

Add error message to expected results.

fast/canvas/canvas-toDataURL-crash-expected.txt:
fast/canvas/pattern-too-large-to-create-expected.txt:

9:27 AM Changeset in webkit [180759] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r180464 - Invalid assert in CompositeEditCommand::insertNodeAfter/insertNodeBefore
https://bugs.webkit.org/show_bug.cgi?id=141854

Reviewed by Ryosuke Niwa.

Inserting content before/after the body as the result of editing is a valid operation.
This assert was originally introduced to cover cases where edited content would get moved
out of body. However, asserting such operation properly is not possible atm.

Source/WebCore:

Test: editing/inserting/insert-as-body-sibling.html

editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::insertNodeBefore):
(WebCore::CompositeEditCommand::insertNodeAfter):

LayoutTests:

editing/inserting/insert-as-body-sibling-expected.txt: Added.
editing/inserting/insert-as-body-sibling.html: Added.

9:22 AM Changeset in webkit [180758] by Brent Fulgham

2 edits in trunk/LayoutTests

[Win] Add another batch of debug assert failures.

platform/win/TestExpectations:

9:21 AM Changeset in webkit [180757] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WTF

Merge r180434 - RunLoop::dispatch() should drop the mutex before calling wakeUp().
https://bugs.webkit.org/show_bug.cgi?id=141820

Reviewed by Alexey Proskuryakov.

RunLoop::wakeUp() calls into CoreFoundation which could take time,
so scope the mutex just to protect m_functionQueue.

wtf/RunLoop.cpp:

(WTF::RunLoop::dispatch):

9:16 AM Changeset in webkit [180756] by Carlos Garcia Campos

9 edits in releases/WebKitGTK/webkit-2.8

Merge r180423 - DFG JIT needs to check for stack overflow at the start of Program and Eval execution
https://bugs.webkit.org/show_bug.cgi?id=141676

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Added stack check to the beginning of the code the DFG copmiler emits for Program and Eval nodes.
To aid in testing the code, I replaced the EvalCodeCache::maxCacheableSourceLength const
a options in runtime/Options.h. The test script, run-jsc-stress-tests, sets that option
to a huge value when running with the "Eager" options. This allows the updated test to
reliably exercise the code in questions.

dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compile):
Added stack check.

bytecode/EvalCodeCache.h:

(JSC::EvalCodeCache::tryGet):
(JSC::EvalCodeCache::getSlow):

runtime/Options.h:

Replaced EvalCodeCache::imaxCacheableSourceLength with Options::maximumEvalCacheableSourceLength
so that it can be configured when running the related test.

Tools:

Set the newly added --maximumEvalCacheableSourceLength option for eager test runs. This is needed
to allow the eval out of stack tests to tier up. Without this option, we don't cache the likely
large string expression that we want to eval.

Scripts/run-jsc-stress-tests:

LayoutTests:

Updated the check for out of stack at eval entry test from using a fixed number of frame to
back track to now adjust the amount of back tracking up the stack based on where we can run a
simple eval(). At that point in the stack we try to cause an out of stack exception.

Also added a second pass of the test that takes the originally failing eval and tiers that
eval expression up to the DFG when used with the agreessive options of run-jsc-stress-tests.
This was done to reduce the amount of time the test takes to run in debug builds.

js/regress-141098-expected.txt:
js/script-tests/regress-141098.js:

(testEval):
(probeAndRecurse):

9:02 AM Changeset in webkit [180755] by Brent Fulgham

3 edits in trunk/LayoutTests

[Win] Rebaseline test after r180726.

platform/win/TestExpectations: Mark a flaky test.
platform/win/editing/inserting/5058163-1-expected.txt:

8:59 AM Changeset in webkit [180754] by mmaxfield@apple.com

2 edits in trunk/Source/WebCore

Add comment about CSS value name mangling

Unreviewed

css/CSSParser.cpp:

(WebCore::cssValueKeywordID):

8:50 AM Changeset in webkit [180753] by Carlos Garcia Campos

12 edits in releases/WebKitGTK/webkit-2.8

Merge r180413 - Language ranges containing asterisks must be quoted as strings
https://bugs.webkit.org/show_bug.cgi?id=141659

Reviewed by Benjamin Poulain.

Source/WebCore:

As specified in [1], the language ranges containing asterisks must be quoted as strings.

[1] http://dev.w3.org/csswg/selectors-4/#the-lang-pseudo.

css/CSSGrammar.y.in:
css/CSSParser.cpp:

(WebCore::CSSParser::realLex):

LayoutTests:

Ensure language ranges containing asterisks are quoted as strings.

fast/css/css-selector-text-expected.txt:
fast/css/css-selector-text.html:
fast/css/parsing-css-lang-expected.txt:
fast/css/parsing-css-lang.html:
fast/selectors/lang-extended-filtering-expected.txt:
fast/selectors/lang-extended-filtering.html:
fast/selectors/lang-valid-extended-filtering-expected.txt:
fast/selectors/lang-valid-extended-filtering.html:

8:12 AM Changeset in webkit [180752] by Antti Koivisto

12 edits in trunk/Source/WebCore

Cache glyph widths to GlyphPages
https://bugs.webkit.org/show_bug.cgi?id=142028

Reviewed by Andreas Kling.

Currently we have a separate cache in Font for glyph widths. In practice we always need
the widths so we can just cache them in GlyphPages. This simplifies the code and removes
a per-character hash lookup from WidthIterator.

platform/graphics/Font.cpp:

(WebCore::Font::Font):
(WebCore::Font::initCharWidths):
(WebCore::Font::platformGlyphInit):
(WebCore::createAndFillGlyphPage):
(WebCore::Font::computeWidthForGlyph):

Rename to make it clear this doesn't cache.

(WebCore::GlyphPage::setGlyphDataForIndex):

Initialize the width.
This could go to GlyphPage.cpp if we had one.

platform/graphics/Font.h:

(WebCore::Font::glyphZeroWidth):
(WebCore::Font::isZeroWidthSpaceGlyph):
(WebCore::Font::zeroGlyph): Deleted.
(WebCore::Font::setZeroGlyph): Deleted.
(WebCore::Font::widthForGlyph): Deleted.

platform/graphics/FontCascade.cpp:

(WebCore::offsetToMiddleOfGlyph):

platform/graphics/FontCascadeFonts.cpp:

(WebCore::FontCascadeFonts::glyphDataForCharacter):

platform/graphics/GlyphPage.h:

(WebCore::GlyphData::GlyphData):

Return width too as part of GlyphData.

(WebCore::GlyphPage::glyphDataForIndex):
(WebCore::GlyphPage::setGlyphDataForCharacter):
(WebCore::GlyphPage::setGlyphDataForIndex):
(WebCore::GlyphPage::GlyphPage):

platform/graphics/WidthIterator.cpp:

(WebCore::WidthIterator::advanceInternal):

No need to lookup width separately now.

platform/graphics/mac/ComplexTextController.cpp:

(WebCore::ComplexTextController::adjustGlyphsAndAdvances):

platform/graphics/mac/ComplexTextControllerCoreText.mm:

(WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun):

rendering/mathml/RenderMathMLOperator.cpp:

(WebCore::RenderMathMLOperator::advanceForGlyph):

rendering/svg/SVGTextRunRenderingContext.cpp:

(WebCore::missingGlyphForFont):

svg/SVGFontData.cpp:

(WebCore::SVGFontData::initializeFont):

6:57 AM Changeset in webkit [180751] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r180430 - bmalloc should implement malloc introspection (to stop false-positive leaks when MallocStackLogging is off)
https://bugs.webkit.org/show_bug.cgi?id=141802

Reviewed by Andreas Kling.

Rolling back in with a fix for a crash seen while using GuardMalloc.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow):

bmalloc/VMHeap.h:
bmalloc/Zone.cpp: Re-land the old patch.

(bmalloc::Zone::size): Be sure to implement the size() function since
it's accessible indirectly via the malloc_zone_from_ptr public API --
and GuardMalloc calls it all the time.

(bmalloc::Zone::Zone):

bmalloc/Zone.h: Re-land the old patch.

6:51 AM Changeset in webkit [180750] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r180363 - bmalloc should implement malloc introspection (to stop false-positive leaks when MallocStackLogging is off)
https://bugs.webkit.org/show_bug.cgi?id=141802

Reviewed by Andreas Kling.

Fixed a last-minute type.

The macro is OS, not PLATFORM.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow):

bmalloc/VMHeap.h:
bmalloc/Zone.h:

6:48 AM Changeset in webkit [180749] by Carlos Garcia Campos

5 edits
2 adds in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r180359 - bmalloc should implement malloc introspection (to stop false-positive leaks when MallocStackLogging is off)
https://bugs.webkit.org/show_bug.cgi?id=141802

Reviewed by Andreas Kling.

This patch does the bare minimum to stop false positive leaks from
being reported by the Darwin leaks tool. We register each super chunk
as a single object, and then request that the leaks tool scan it.

bmalloc.xcodeproj/project.pbxproj: Added an abstraction for the malloc

zone introspection API.

bmalloc/Algorithm.h: Missing #include.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow):

bmalloc/VMHeap.h: Adopt the new abstraction.

bmalloc/Zone.cpp: Added.

(bmalloc::remoteRead): Helper for reading an object out of another process.
(bmalloc::Zone::enumerator):
(bmalloc::Zone::Zone): Register a malloc zone so that we will participate
in introspection.

bmalloc/Zone.h: Added.

(bmalloc::Zone::superChunks):
(bmalloc::Zone::addSuperChunk): Use a non-dynamically-allocated vector
since our dynamic allocations will not be scanned by leaks since they
will have the malloc VM tag.

6:43 AM Changeset in webkit [180748] by Carlos Garcia Campos

6 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r180337 - REGRESSION(r179347): Clearing the PageCache no longer clears the PageCache.
<https://webkit.org/b/141788>

Reviewed by Anders Carlsson.

Source/WebCore:

Once again we've fallen into the TemporaryChange trap:

TemporaryChange<unsigned>(m_member, temporaryValue);

The code above doesn't actually do anything. Since the TemporaryChange local is not named,
it immediately goes out of scope and restores the original value of m_member.

Unless someone knows a C++ trick to prevent these, we'll need to add a style checker pass
to catch bugs like this. Whatever we do will be done separately from this bug.

Test: fast/history/page-cache-clearing.html

history/PageCache.cpp:

(WebCore::PageCache::pruneToSizeNow): Name the local so it lives longer.

testing/Internals.cpp:

(WebCore::Internals::clearPageCache):
(WebCore::Internals::pageCacheSize):

testing/Internals.h:
testing/Internals.idl: Add a way to clear the page cache and query its size from

window.internals to facilitate writing a simple test for this bug.

LayoutTests:

Add a simple test that navigates to a temporary page which immediately does a history.back
navigation. Upon returning to the first page, check that the page cache now has 1 entry,
and that clearing the page cache makes that entry go away.

fast/history/page-cache-clearing-expected.txt: Added.
fast/history/page-cache-clearing.html: Added.

6:35 AM Changeset in webkit [180747] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r180336 - Roll out r180280.

Crashes under IDBDatabase::closeConnection.
https://bugs.webkit.org/show_bug.cgi?id=141745
rdar://problem/19816412

Modules/indexeddb/IDBDatabase.cpp: (WebCore::IDBDatabase::closeConnection):

6:31 AM Changeset in webkit [180746] by Carlos Garcia Campos

4 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r180328 - REGRESSION(r174761) Dangling spanner pointer in RenderMultiColumnSpannerPlaceholder.
https://bugs.webkit.org/show_bug.cgi?id=138224

Reviewed by Dave Hyatt.

It's wrong to call flowThreadRelativeWillBeRemoved(child).
RenderMultiColumnFlowThread::removeFlowChildInfo() does not mean that the child is actually about to be removed.
Should this introduce any regressions, we need to deal with those separately.

Source/WebCore:

Test: fast/multicol/crash-when-spanner-gets-moved-around.html

rendering/RenderMultiColumnFlowThread.cpp:

(WebCore::RenderMultiColumnFlowThread::removeFlowChildInfo): Deleted.

rendering/RenderMultiColumnFlowThread.h:

LayoutTests:

fast/multicol/crash-when-spanner-gets-moved-around-expected.txt: Added.
fast/multicol/crash-when-spanner-gets-moved-around.html: Added.

6:26 AM Changeset in webkit [180745] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r180280 - Crashes under IDBDatabase::closeConnection.
https://bugs.webkit.org/show_bug.cgi?id=141745
rdar://problem/19816412

Reviewed by David Kilzer.

Modules/indexeddb/IDBDatabase.cpp: (WebCore::IDBDatabase::closeConnection):

Add a missing protector.

6:25 AM Changeset in webkit [180744] by Carlos Garcia Campos

4 edits
2 adds in releases/WebKitGTK/webkit-2.8

Merge r180278 - Justified ruby can cause lines to grow beyond their container
https://bugs.webkit.org/show_bug.cgi?id=141732

Reviewed by David Hyatt.

Source/WebCore:

After we re-layout RenderRubyRuns, this can change the environment upon which
ruby's overhang calculation is sensitive to. Before this patch, we would recalculate
the overhang after the RenderRubyRun gets relaid out. However, doing such causes the
effective width of the RenderRubyRun to change, which causes out subsequent
justification calculations to be off.

Therefore, we have a cycle; the amount of ruby overhang can change the justification
in a line, and the layout of the line affects the ruby overhang calculation. Instead
of performing a layout in a loop until it converges, this patch simply observes that
having a flush right edge is more valuable than having a perfectly correct overhang.
It therefore simply removes the secondary overhang calculation.

Test: fast/text/ruby-justification-flush.html

rendering/RenderBlockFlow.h:
rendering/RenderBlockLineLayout.cpp:

(WebCore::RenderBlockFlow::updateRubyForJustifiedText):
(WebCore::RenderBlockFlow::computeExpansionForJustifiedText):
(WebCore::RenderBlockFlow::computeInlineDirectionPositionsForSegment):

LayoutTests:

Make sure that the right edge of a justified ruby line matches up with
the same line without ruby.

fast/text/ruby-justification-flush-expected.html: Added.
fast/text/ruby-justification-flush.html: Added.

6:19 AM Changeset in webkit [180743] by Carlos Garcia Campos

4 edits
1 copy in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r180272 - bmalloc: VMHeap should keep a record of all of its VM ranges (for malloc introspection)
https://bugs.webkit.org/show_bug.cgi?id=141759

Reviewed by Andreas Kling.

bmalloc.xcodeproj/project.pbxproj:
bmalloc/SuperChunk.h: Added.

(bmalloc::SuperChunk::create):
(bmalloc::SuperChunk::SuperChunk):
(bmalloc::SuperChunk::smallChunk):
(bmalloc::SuperChunk::mediumChunk):
(bmalloc::SuperChunk::largeChunk): Factored out super chunk creation
into a separate class, for clarity and type safety.

bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow):
(bmalloc::VMHeap::allocateSuperChunk): Renamed "allocateSuperChunk" to
"grow" because Andreas found "allocateSuperChunk" to be unclear.

bmalloc/VMHeap.h: Track all our VM ranges. We will use this information

for malloc introspection.

(bmalloc::VMHeap::allocateSmallPage):
(bmalloc::VMHeap::allocateMediumPage):
(bmalloc::VMHeap::allocateLargeRange): Updated for renames.

4:20 AM Changeset in webkit [180742] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/bmalloc

Merge r180264 - Build bmalloc through CMake as a static library. It's then linked either
into the WTF library (if built as a shared library) or into the JSC and
WebKit2 libraries. There's no need to build it as a standalone shared library.

Rubber-stamped by Carlos Garcia Campos.

CMakeLists.txt:

4:16 AM Changeset in webkit [180741] by Carlos Garcia Campos

9 edits
2 adds in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r180258 - Fix the C-Loop LLInt build
https://bugs.webkit.org/show_bug.cgi?id=141618

Reviewed by Filip Pizlo.

I broke C-Loop when moving the common code of pow()
to JITOperations because that file is #ifdefed out
when the JITs are disabled.

It would be weird to move it back to MathObject since
the function needs to know about the calling conventions.

To avoid making a mess, I just gave the function its own file
that is used by both the runtime and the JIT.

CMakeLists.txt:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
dfg/DFGAbstractInterpreterInlines.h:
jit/JITOperations.cpp:
jit/JITOperations.h:
runtime/MathCommon.cpp: Added.

(JSC::fdlibmScalbn):
(JSC::fdlibmPow):
(JSC::isDenormal):
(JSC::isEdgeCase):
(JSC::mathPowInternal):
(JSC::operationMathPow):

runtime/MathCommon.h: Added.
runtime/MathObject.cpp:

4:15 AM BadContent edited by Csaba Osztrogonác

add one more spammer (diff)

4:13 AM Changeset in webkit [180740] by Carlos Garcia Campos

6 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r180257 - Clean up OSRExit's considerAddingAsFrequentExitSite()
https://bugs.webkit.org/show_bug.cgi?id=141690

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-02-17
Reviewed by Anders Carlsson.

Looks like some code was removed from CodeBlock::tallyFrequentExitSites()
and the OSRExit were left untouched.

This patch cleans up the two loops and remove the boolean return
on considerAddingAsFrequentExitSite().

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::tallyFrequentExitSites):

dfg/DFGOSRExit.h:

(JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):

dfg/DFGOSRExitBase.cpp:

(JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSiteSlow):

dfg/DFGOSRExitBase.h:

(JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSite):

ftl/FTLOSRExit.h:

(JSC::FTL::OSRExit::considerAddingAsFrequentExitSite):

4:09 AM Changeset in webkit [180739] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r180248 - Unreviewed, rolling out r180184.
https://bugs.webkit.org/show_bug.cgi?id=141733

Caused infinite recursion on js/function-apply-aliased.html
(Requested by ap_ on #webkit).

Reverted changeset:

"REGRESSION(r180060): C Loop crashes"
https://bugs.webkit.org/show_bug.cgi?id=141671
http://trac.webkit.org/changeset/180184

Unreviewed, Restoring the C LOOP insta-crash fix in r180184.

Fixed a typo that only affected the C Loop in the prologue() macro in LowLevelInterpreter.asm.
After the stackHeightOKGetCodeBlock label, codeBlockSetter(t1) should be codeBlockGetter(t1).

llint/LowLevelInterpreter.asm: Fixed a typo.

4:08 AM BadContent edited by Csaba Osztrogonác

add one more spammer (diff)

4:03 AM Changeset in webkit [180738] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r180244 - Slight CachedPage class clean up
https://bugs.webkit.org/show_bug.cgi?id=141693

Reviewed by Andreas Kling.

Slight CachedPage class clean up:

Drop unnecessary m_timeStamp data member
Protect m_needsCaptionPreferencesChanged data member with #if ENABLE(VIDEO_TRACK)
Merge destroy() method into the destructor as this is the only caller
Update clear() to reset 2 data members that were missing

4:00 AM Changeset in webkit [180737] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r180237 - StackLayoutPhase should use CodeBlock::usesArguments rather than FunctionExecutable::usesArguments
https://bugs.webkit.org/show_bug.cgi?id=141721
rdar://problem/17198633

Reviewed by Michael Saboff.

I've seen cases where the two are out of sync. We know we can trust the CodeBlock::usesArguments because
we use it everywhere else.

No test because I could never reproduce the crash.

dfg/DFGGraph.h:

(JSC::DFG::Graph::usesArguments):

dfg/DFGStackLayoutPhase.cpp:

(JSC::DFG::StackLayoutPhase::run):

3:57 AM Changeset in webkit [180736] by Carlos Garcia Campos

4 edits
3 adds in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r180234 - Throwing from an FTL call IC slow path may result in tag registers being clobbered on 64-bit CPUs
https://bugs.webkit.org/show_bug.cgi?id=141717
rdar://problem/19863382

Reviewed by Geoffrey Garen.

The best solution is to ensure that the engine catching an exception restores tag registers.

Each of these new test cases reliably crashed prior to this patch and they don't crash at all now.

jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_catch):

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter64.asm:
tests/stress/throw-from-ftl-call-ic-slow-path-cells.js: Added.
tests/stress/throw-from-ftl-call-ic-slow-path-undefined.js: Added.
tests/stress/throw-from-ftl-call-ic-slow-path.js: Added.

3:54 AM Changeset in webkit [180735] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r180232 - [ARM] Add the necessary setupArgumentsWithExecState after bug141332
https://bugs.webkit.org/show_bug.cgi?id=141714

Reviewed by Michael Saboff.

jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgumentsWithExecState):

3:51 AM Changeset in webkit [180734] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.8

Merge r180649 - ASan does not like JSC::MachineThreads::tryCopyOtherThreadStack.
<https://webkit.org/b/141672>

Reviewed by Alexey Proskuryakov.

ASan does not like the fact that we memcpy the stack for GC scans. So,
we're working around this by using our own memcpy (asanUnsafeMemcpy)
implementation that we can tell ASan to ignore.

Source/JavaScriptCore:

heap/MachineStackMarker.cpp:

(JSC::asanUnsafeMemcpy):

Tools:

Also removed the previous added directive to ignore *tryCopyOtherThreadStack*
which isn't effective for working around this issue.

asan/webkit-asan-ignore.txt:

12:03 AM Changeset in webkit [180733] by bshafiei@apple.com

6 edits
2 copies in branches/safari-600.1.4.15-branch

Merged r173806. rdar://problem/19871063

12:00 AM WebKitGTK/2.6.x edited by sergio@webkit.org

Readded the fonts changes with the regression fix (diff)

Note: See TracTimeline for information about the timeline view.

Download in other formats:

RSS Feed