Timeline



Mar 26, 2015:

11:48 PM Changeset in webkit [182053] by Nikita Vasilyev
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: clicking on console record while REPL is focused does not select a new record
https://bugs.webkit.org/show_bug.cgi?id=142171

Reviewed by Timothy Hatcher.

  • UserInterface/Views/LogContentView.js:

(WebInspector.LogContentView.prototype._mousedown):

11:36 PM Changeset in webkit [182052] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Optimized Fullscreen fails to cleanup because of no longer necessary release of m_playerController in exitFullscreen()
https://bugs.webkit.org/show_bug.cgi?id=143120

Patch by Jeremy Jones <jeremyj@apple.com> on 2015-03-26
Reviewed by Eric Carlson.

We used to release m_playerController in WebVideoFullscreenInterfaceAVKit::exitFullscreen() in order to make sure
media state was reset. This is no longer necessary as we now have a way the model can explicitly request resetting the
media state via resetMediaState(). m_playerController is already released in
WebVideoFullscreenInterfaceAVKit::cleanupFullscreenInternal(). Releasing it prematurely can actually prevent the exit
fullscreen process from completing successfully.

  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(WebVideoFullscreenInterfaceAVKit::exitFullscreen):

9:41 PM Changeset in webkit [182051] by Alan Bujtas
  • 3 edits
    2 adds in trunk

Inline continuation code should not take anonymous containing wrapper granted.
https://bugs.webkit.org/show_bug.cgi?id=133312

Reviewed by Dave Hyatt.

It's wrong to assume that when RenderInline is part of an inline continuation, its containing block
is an anonymous wrapper and its sibling might be a block level renderer.
When the inline continuation is no longer needed, for example when the block level renderer that initiated the continuation
is detached from the render tree, the inline renderes still continue to form continuation.(however they no longer require
anonymous wrappers)

Source/WebCore:

Test: fast/inline/crash-when-position-property-is-changed-and-no-longer-in-continuation.html

  • rendering/RenderInline.cpp:

(WebCore::updateStyleOfAnonymousBlockContinuations):
(WebCore::RenderInline::styleDidChange):

LayoutTests:

  • fast/inline/crash-when-position-property-is-changed-and-no-longer-in-continuation-expected.txt: Added.
  • fast/inline/crash-when-position-property-is-changed-and-no-longer-in-continuation.html: Added.
7:55 PM Changeset in webkit [182050] by Joseph Pecoraro
  • 3 edits
    1 add in trunk/Source/JavaScriptCore

WebContent Crash when instantiating class with Type Profiling enabled
https://bugs.webkit.org/show_bug.cgi?id=143037

Reviewed by Ryosuke Niwa.

  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitMoveEmptyValue):
We cannot profile the type of an uninitialized empty JSValue.
Nor do we expect this to be necessary, since it is effectively
an unseen undefined value. So add a way to put the empty value
without profiling.

(JSC::BytecodeGenerator::emitMove):
Add an assert to try to catch this issue early on, and force
callers to explicitly use emitMoveEmptyValue instead.

  • tests/typeProfiler/classes.js: Added.

(wrapper.Base):
(wrapper.Derived):
(wrapper):
Add test coverage both for this case and classes in general.

7:24 PM Changeset in webkit [182049] by jhoneycutt@apple.com
  • 3 edits in trunk/Source/WebKit2

iOS file upload panel menu items need icons
<https://bugs.webkit.org/show_bug.cgi?id=143042>
<rdar://problem/20178678>

Reviewed by Andy Estes.

  • Platform/spi/ios/UIKitSPI.h:

Declare new SPI methods _UIImageGetWebKitTakePhotoOrVideoIcon and
_UIImageGetWebKitPhotoLibraryIcon().

  • UIProcess/ios/forms/WKFileUploadPanel.mm:

(photoLibraryIcon):
(cameraIcon):
If UIKit SPI exists, use it. Otherwise, return nil.

(-[WKFileUploadPanel _showDocumentPickerMenu]):
Use icons.

6:53 PM Changeset in webkit [182048] by Andres Gomez
  • 2 edits
    14 adds in trunk/Source/WebInspectorUI

[GTK] Web Inspector: New Images for Console Types
https://bugs.webkit.org/show_bug.cgi?id=142301

Reviewed by Joseph Pecoraro.

Add more free icons and for the Web Inspector in GTK+.

  • UserInterface/Images/gtk/Eye.svg: Added.
  • UserInterface/Images/gtk/Frames.png: Added.
  • UserInterface/Images/gtk/Frames@2x.png: Added.
  • UserInterface/Images/gtk/FramesLarge.png: Added.
  • UserInterface/Images/gtk/FramesLarge@2x.png: Added.
  • UserInterface/Images/gtk/Reload.svg:
  • UserInterface/Images/gtk/ReloadFull.svg: Added.
  • UserInterface/Images/gtk/TypeBoolean.svg: Added.
  • UserInterface/Images/gtk/TypeNull.svg: Added.
  • UserInterface/Images/gtk/TypeNumber.svg: Added.
  • UserInterface/Images/gtk/TypeObject.svg: Added.
  • UserInterface/Images/gtk/TypeRegex.svg: Added.
  • UserInterface/Images/gtk/TypeString.svg: Added.
  • UserInterface/Images/gtk/TypeSymbol.svg: Added.
  • UserInterface/Images/gtk/TypeUndefined.svg: Added.
6:42 PM Changeset in webkit [182047] by Joseph Pecoraro
  • 22 edits in trunk

Web Inspector: ES6: Provide a better view for Classes in the console
https://bugs.webkit.org/show_bug.cgi?id=142999

Reviewed by Timothy Hatcher.

Source/JavaScriptCore:

  • inspector/protocol/Runtime.json:

Provide a new subtype enum "class". This is a subtype of type
"function", all other subtypes are subtypes of object types.
For a class, the frontend will immediately want to get the prototype
to enumerate its methods, so include the classPrototype.

  • inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::subtype):
Denote class construction functions as "class" subtypes.

  • inspector/InjectedScriptSource.js:

Handling for the new "class" type.

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedFunctionExecutable::isClassConstructorFunction):

  • runtime/Executable.h:

(JSC::FunctionExecutable::isClassConstructorFunction):

  • runtime/JSFunction.h:
  • runtime/JSFunctionInlines.h:

(JSC::JSFunction::isClassConstructorFunction):
Check if this function is a class constructor function. That information
is on the UnlinkedFunctionExecutable, so plumb it through to JSFunction.

Source/WebInspectorUI:

  • UserInterface/Protocol/RemoteObject.js:

(WebInspector.RemoteObject):
(WebInspector.RemoteObject.fromPrimitiveValue):
(WebInspector.RemoteObject.fromPayload):
(WebInspector.RemoteObject.prototype.get classPrototype):
(WebInspector.RemoteObject.prototype.isClass):
Update our RemoteObject model object for the new subtype
and its unique properties.

  • UserInterface/Views/FormattedValue.js:

(WebInspector.FormattedValue.createElementForTypesAndValue):
(WebInspector.FormattedValue.createObjectTreeOrFormattedValueForRemoteObject):
Better handle "class", as it is a new function subtype.

  • UserInterface/Views/LegacyConsoleMessageImpl.js:

(WebInspector.LegacyConsoleMessageImpl):
(WebInspector.LegacyConsoleMessageImpl.prototype._formatParameterAsObject):
Format a "class" with ObjectTreeView.

  • UserInterface/Views/ObjectTreeArrayIndexTreeElement.js:
  • UserInterface/Views/ObjectTreeBaseTreeElement.js:
  • UserInterface/Views/ObjectTreePropertyTreeElement.css:

(.object-tree-property .getter.disabled):
(.object-tree-property .getter:not(.disabled):hover):
(.object-tree-property .getter:hover): Deleted.

  • UserInterface/Views/ObjectTreePropertyTreeElement.js:

In ClassAPI mode, you cannot invoke a getter since we don't have
an instance to invoke it on. So disable interactivity with getters.

  • UserInterface/Views/ObjectTreeView.js:

(WebInspector.ObjectTreeView):
Update the modes to include an API mode for instances and classes.

(WebInspector.ObjectTreeView.defaultModeForObject):

  • UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor.prototype._showPopoverForObject):
Simplify ObjectTree construction to automatically determine mode based
on the RemoteObject that was provided.

  • Localizations/en.lproj/localizedStrings.js:

"Getter" tooltip.

LayoutTests:

  • inspector/model/remote-object-expected.txt:
  • inspector/model/remote-object.html:

Update the test to include coverage of the new "class" subtype of "function".

6:02 PM Changeset in webkit [182046] by timothy_horton@apple.com
  • 11 edits in trunk

REGRESSION (r181358 and r181507): Lots of sites think that we support touch events on OS X
https://bugs.webkit.org/show_bug.cgi?id=142888
<rdar://problem/20227304>

Reviewed by Beth Dakin.

  • dom/Document.idl:
  • dom/Element.idl:
  • html/HTMLBodyElement.idl:
  • html/HTMLFrameSetElement.idl:
  • page/DOMWindow.idl:

Re-conditionalize a lot of event listeners; sites test ("ontouchstart" in window), which
is not covered by NotEnumerable, and so r181358 and r181507 broke a bunch of sites
(apple.com, blaze.com, anything using nicescroll.js, etc.) by causing them to think
that (Mac) Safari was touch-enabled.

  • fast/dom/event-handler-attributes-expected.txt:
  • fast/dom/event-handler-attributes.html:
  • fast/events/event-attribute-expected.txt:
  • platform/win/fast/events/event-attribute-expected.txt:

Revert some changes to these tests and their results.

5:13 PM Changeset in webkit [182045] by enrica@apple.com
  • 2 edits in trunk/Source/WebKit2

OS X build fix after r182037.

Unreviewed.

  • UIProcess/API/mac/WKView.mm:

(-[WKView _addFontPanelObserver]):
(-[WKView removeWindowObservers]):
(-[WKView observeValueForKeyPath:ofObject:change:context:]):

5:08 PM Changeset in webkit [182044] by enrica@apple.com
  • 2 edits in trunk/Source/WebKit2

iOS build fix after r182037.

Unreviewed.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _setEditable:]):

4:41 PM Changeset in webkit [182043] by ggaren@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Function.prototype.toString should not decompile the AST
https://bugs.webkit.org/show_bug.cgi?id=142853

Reviewed by Darin Adler.

Following up on Darin's review comments.

  • runtime/FunctionConstructor.cpp:

(JSC::constructFunctionSkippingEvalEnabledCheck):

4:38 PM Changeset in webkit [182042] by timothy@apple.com
  • 45 edits in trunk/Source/WebInspectorUI

Web Inspector: Convert TreeElement classes to ES6
https://bugs.webkit.org/show_bug.cgi?id=143111

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/ApplicationCacheFrameTreeElement.js:
  • UserInterface/Views/ApplicationCacheManifestTreeElement.js:
  • UserInterface/Views/BreakpointTreeElement.js:
  • UserInterface/Views/CallFrameTreeElement.js:
  • UserInterface/Views/ContentFlowTreeElement.js:
  • UserInterface/Views/CookieStorageTreeElement.js:
  • UserInterface/Views/DOMStorageTreeElement.js:
  • UserInterface/Views/DOMTreeElement.js:
  • UserInterface/Views/DOMTreeOutline.js:
  • UserInterface/Views/DatabaseHostTreeElement.js:
  • UserInterface/Views/DatabaseTableTreeElement.js:
  • UserInterface/Views/DatabaseTreeElement.js:
  • UserInterface/Views/FolderTreeElement.js:
  • UserInterface/Views/FolderizedTreeElement.js:
  • UserInterface/Views/FrameTreeElement.js:
  • UserInterface/Views/GeneralTreeElement.js:
  • UserInterface/Views/IndexedDatabaseHostTreeElement.js:
  • UserInterface/Views/IndexedDatabaseObjectStoreIndexTreeElement.js:
  • UserInterface/Views/IndexedDatabaseObjectStoreTreeElement.js:
  • UserInterface/Views/IndexedDatabaseTreeElement.js:
  • UserInterface/Views/LegacyConsoleMessageImpl.js:
  • UserInterface/Views/LogTreeElement.js:
  • UserInterface/Views/NavigationSidebarPanel.js:
  • UserInterface/Views/ObjectTreeArrayIndexTreeElement.js:
  • UserInterface/Views/ObjectTreeBaseTreeElement.js:
  • UserInterface/Views/ObjectTreeMapEntryTreeElement.js:
  • UserInterface/Views/ObjectTreePropertyTreeElement.js:
  • UserInterface/Views/ObjectTreeSetIndexTreeElement.js:
  • UserInterface/Views/ObjectTreeView.js:
  • UserInterface/Views/ProfileNodeTreeElement.js:
  • UserInterface/Views/PropertiesSection.js:
  • UserInterface/Views/ResourceTreeElement.js:
  • UserInterface/Views/ScriptTreeElement.js:
  • UserInterface/Views/SearchResultTreeElement.js:
  • UserInterface/Views/SourceCodeTimelineTreeElement.js:
  • UserInterface/Views/SourceCodeTreeElement.js:
  • UserInterface/Views/SourceMapResourceTreeElement.js:
  • UserInterface/Views/StorageTreeElement.js:
  • UserInterface/Views/TimelineDataGrid.js:
  • UserInterface/Views/TimelineRecordTreeElement.js:
  • UserInterface/Views/TreeElementStatusButton.js:
  • UserInterface/Views/TreeOutline.js:
  • UserInterface/Views/TreeOutlineDataGridSynchronizer.js:
  • UserInterface/Views/TypePropertiesSection.js:

Converted to ES6 classes where possible.

4:37 PM Changeset in webkit [182041] by timothy@apple.com
  • 17 edits in trunk/Source/WebInspectorUI

Web Inspector: Convert sidebar classes to ES6
https://bugs.webkit.org/show_bug.cgi?id=143108

Reviewed by Joseph Pecoraro.

  • UserInterface/Models/KeyboardShortcut.js:

(WebInspector.KeyboardShortcut._handleKeyDown): Continue if callback is null.
(WebInspector.KeyboardShortcut.prototype.set callback): Added.

  • UserInterface/Views/ApplicationCacheDetailsSidebarPanel.js:
  • UserInterface/Views/CSSStyleDetailsSidebarPanel.js:
  • UserInterface/Views/DOMDetailsSidebarPanel.js:
  • UserInterface/Views/DOMNodeDetailsSidebarPanel.js:
  • UserInterface/Views/DebuggerSidebarPanel.js:
  • UserInterface/Views/DetailsSidebarPanel.js:
  • UserInterface/Views/LayerTreeDetailsSidebarPanel.js:
  • UserInterface/Views/NavigationSidebarPanel.js:
  • UserInterface/Views/ProbeDetailsSidebarPanel.js:
  • UserInterface/Views/ResourceDetailsSidebarPanel.js:
  • UserInterface/Views/ResourceSidebarPanel.js:
  • UserInterface/Views/ScopeChainDetailsSidebarPanel.js:
  • UserInterface/Views/Sidebar.js:
  • UserInterface/Views/SidebarPanel.js:
  • UserInterface/Views/TimelineSidebarPanel.js:

Converted to ES6 classes.

4:37 PM Changeset in webkit [182040] by timothy@apple.com
  • 37 edits in trunk/Source/WebInspectorUI

Web Inspector: Convert some View classes to ES6 classes
https://bugs.webkit.org/show_bug.cgi?id=143107

Reviewed by Joseph Pecoraro.

  • UserInterface/Protocol/InspectorBackend.js:
  • UserInterface/Protocol/InspectorFrontendAPI.js:

(InspectorFrontendAPI.contextMenuItemSelected): Updated to the right function path.

  • UserInterface/Views/BoxModelDetailsSectionRow.js:
  • UserInterface/Views/BreakpointActionView.js:
  • UserInterface/Views/CodeMirrorAdditions.js:
  • UserInterface/Views/ColorPicker.js:
  • UserInterface/Views/ColorWheel.js:
  • UserInterface/Views/ContextMenu.js:
  • UserInterface/Views/DOMTreeElementPathComponent.js:
  • UserInterface/Views/DetailsSection.js:
  • UserInterface/Views/DetailsSectionDataGridRow.js:
  • UserInterface/Views/DetailsSectionGroup.js:
  • UserInterface/Views/DetailsSectionPropertiesRow.js:
  • UserInterface/Views/DetailsSectionRow.js:
  • UserInterface/Views/DetailsSectionSimpleRow.js:
  • UserInterface/Views/DetailsSectionTextRow.js:
  • UserInterface/Views/EditingSupport.js:
  • UserInterface/Views/EventListenerSection.js:
  • UserInterface/Views/EventListenerSectionGroup.js:
  • UserInterface/Views/FilterBar.js:
  • UserInterface/Views/FindBanner.js:
  • UserInterface/Views/GeneralTreeElementPathComponent.js:
  • UserInterface/Views/GoToLineDialog.js:
  • UserInterface/Views/GradientSlider.js:
  • UserInterface/Views/HierarchicalPathComponent.js:
  • UserInterface/Views/HierarchicalPathNavigationItem.js:
  • UserInterface/Views/HoverMenu.js:
  • UserInterface/Views/Popover.js:
  • UserInterface/Views/ProbeSetDetailsSection.js:
  • UserInterface/Views/ResourceTimelineDataGridNodePathComponent.js:
  • UserInterface/Views/SearchBar.js:
  • UserInterface/Views/Slider.js:

Converted to ES6 ckasses.

4:37 PM Changeset in webkit [182039] by timothy@apple.com
  • 20 edits in trunk/Source/WebInspectorUI

Web Inspector: Convert Base and Protocol files to ES6 classes
https://bugs.webkit.org/show_bug.cgi?id=143106

Reviewed by Joseph Pecoraro.

  • UserInterface/Base/EventListener.js:
  • UserInterface/Base/EventListenerSet.js:
  • UserInterface/Protocol/ApplicationCacheObserver.js:
  • UserInterface/Protocol/CSSObserver.js:
  • UserInterface/Protocol/ConsoleObserver.js:
  • UserInterface/Protocol/DOMObserver.js:
  • UserInterface/Protocol/DOMStorageObserver.js:
  • UserInterface/Protocol/DatabaseObserver.js:
  • UserInterface/Protocol/DebuggerObserver.js:
  • UserInterface/Protocol/InspectorBackend.js:
  • UserInterface/Protocol/InspectorObserver.js:
  • UserInterface/Protocol/LayerTreeObserver.js:
  • UserInterface/Protocol/MessageDispatcher.js:
  • UserInterface/Protocol/NetworkObserver.js:
  • UserInterface/Protocol/PageObserver.js:
  • UserInterface/Protocol/RemoteObject.js:
  • UserInterface/Protocol/ReplayObserver.js:
  • UserInterface/Protocol/RuntimeObserver.js:
  • UserInterface/Protocol/TimelineObserver.js:

Converted to ES6 classes where possible.

4:35 PM Changeset in webkit [182038] by ggaren@apple.com
  • 23 edits in trunk/Source

"lineNo" does not match WebKit coding style guidelines
https://bugs.webkit.org/show_bug.cgi?id=143119

Reviewed by Michael Saboff.

We can afford to use whole words.

Source/JavaScriptCore:

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::lineNumberForBytecodeOffset):
(JSC::CodeBlock::expressionRangeForBytecodeOffset):

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedFunctionExecutable::link):
(JSC::UnlinkedFunctionExecutable::fromGlobalCode):

  • bytecode/UnlinkedCodeBlock.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::WhileNode::emitBytecode):

  • debugger/Debugger.cpp:

(JSC::Debugger::toggleBreakpoint):

  • interpreter/Interpreter.cpp:

(JSC::StackFrame::computeLineAndColumn):
(JSC::GetStackTraceFunctor::operator()):
(JSC::Interpreter::execute):

  • interpreter/StackVisitor.cpp:

(JSC::StackVisitor::Frame::computeLineAndColumn):

  • parser/Nodes.h:

(JSC::Node::firstLine):
(JSC::Node::lineNo): Deleted.
(JSC::StatementNode::firstLine): Deleted.

  • parser/ParserError.h:

(JSC::ParserError::toErrorObject):

  • profiler/LegacyProfiler.cpp:

(JSC::createCallIdentifierFromFunctionImp):

  • runtime/CodeCache.cpp:

(JSC::CodeCache::getGlobalCodeBlock):

  • runtime/Executable.cpp:

(JSC::ScriptExecutable::ScriptExecutable):
(JSC::ScriptExecutable::newCodeBlockFor):
(JSC::FunctionExecutable::fromGlobalCode):

  • runtime/Executable.h:

(JSC::ScriptExecutable::firstLine):
(JSC::ScriptExecutable::setOverrideLineNumber):
(JSC::ScriptExecutable::hasOverrideLineNumber):
(JSC::ScriptExecutable::overrideLineNumber):
(JSC::ScriptExecutable::lineNo): Deleted.
(JSC::ScriptExecutable::setOverrideLineNo): Deleted.
(JSC::ScriptExecutable::hasOverrideLineNo): Deleted.
(JSC::ScriptExecutable::overrideLineNo): Deleted.

  • runtime/FunctionConstructor.cpp:

(JSC::constructFunctionSkippingEvalEnabledCheck):

  • runtime/FunctionConstructor.h:
  • tools/CodeProfile.cpp:

(JSC::CodeProfile::report):

  • tools/CodeProfile.h:

(JSC::CodeProfile::CodeProfile):

Source/WebCore:

  • bindings/js/JSLazyEventListener.cpp:

(WebCore::JSLazyEventListener::initializeJSFunction):

  • bindings/js/JSMainThreadExecStateInstrumentation.h:

(WebCore::JSMainThreadExecState::instrumentFunctionCall):

  • inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::buildObjectForEventListener):

  • testing/Internals.cpp:

(WebCore::Internals::parserMetaData):

4:24 PM Changeset in webkit [182037] by enrica@apple.com
  • 4 edits in trunk/Source/WebKit2

REGRESSION(r1807689): Slower startup time for WKWebView.
https://bugs.webkit.org/show_bug.cgi?id=143115
rdar://problem/20233711

Reviewed by Anders Carlsson.

In http://trac.webkit.org/changeset/180768 we added an observer to
track visibility of the NSFontPanel to ensure we could fetch the font
information for the current selection when the panel first becomes visible.
It turns out that adding the observer requires the shared font panel
object to be created.
That is apparently a very expensive operation that is regressing
the initialization time for the WKWebView.
We should initialize the NSFontPanel lazily, only when we make the entire
view editable.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _setEditable:]):

  • UIProcess/API/mac/WKView.mm:

(-[WKView addWindowObserversForWindow:]):
(-[WKView _addFontPanelObserver]):
(-[WKView removeWindowObservers]):
(-[WKView observeValueForKeyPath:ofObject:change:context:]):

  • UIProcess/API/mac/WKViewInternal.h:
4:23 PM Changeset in webkit [182036] by roger_fong@apple.com
  • 5 edits in trunk

Apply blur effect to media control background.
https://bugs.webkit.org/show_bug.cgi?id=143116.
<rdar://problem/20316964>.

Reviewed by Brent Fulgham.

There are still a few issues, like the borders of the controls being blurred with black,
and the volume slider background not showing the blur effect. Will fix those separately.
Add CSS for new divs to create blur effect using back drop filters and blend modes.

  • Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-panel):
(audio::-webkit-media-controls-panel-tint):
(audio::-webkit-media-controls-panel-background):
(audio::-webkit-media-controls-panel .volume-box):
(audio::-webkit-media-controls-volume-slider-container-background):
(audio::-webkit-media-controls-volume-slider-container-tint):
(audio::-webkit-media-controls-toggle-closed-captions-button): Adjust fill.
(audio::-webkit-media-controls-fullscreen-button): Adjust fill.
(audio::-webkit-media-controls-fullscreen-button.exit): Adjust fill.
(video:-webkit-full-screen::-webkit-media-controls-panel):
(audio:-webkit-full-screen::-webkit-media-controls-panel-tint):
(audio:-webkit-full-screen::-webkit-media-controls-panel-background):
(video:-webkit-full-screen::-webkit-media-controls-panel .volume-box):
(video:-webkit-full-screen::-webkit-media-controls-play-button):
(video:-webkit-full-screen::-webkit-media-controls-seek-back-button):
(video:-webkit-full-screen::-webkit-media-controls-seek-forward-button):
(video:-webkit-full-screen::-webkit-media-controls-timeline-container):
(video:-webkit-full-screen::-webkit-media-controls-status-display):
(audio::-webkit-media-controls-panel .volume-box:active): Deleted.

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.createControls):
(Controller.prototype.configureInlineControls): Add new divs for blurred background effect.
(Controller.prototype.configureFullScreenControls): Ditto.
(Controller.prototype.handlePanelMouseDown): The tint div is now in front.
(Controller.prototype.drawTimelineBackground): Adjust colors to make border look better with new background.
(Controller.prototype.drawVolumeBackground): Ditto.

4:22 PM Changeset in webkit [182035] by bshafiei@apple.com
  • 5 edits in branches/safari-600.5-branch/Source

Versioning.

4:12 PM Changeset in webkit [182034] by ggaren@apple.com
  • 19 edits
    2 adds in trunk

Assertion firing in JavaScriptCore/parser/parser.h for statesman.com site
https://bugs.webkit.org/show_bug.cgi?id=142974

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

This patch does two things:

(1) Restore JavaScriptCore's sanitization of line and column numbers to
one-based values.

We need this because WebCore sometimes provides huge negative column
numbers.

(2) Solve the attribute event listener line numbering problem a different
way: Rather than offseting all line numbers by -1 in an attribute event
listener in order to arrange for a custom result, instead use an explicit
feature for saying "all errors in this code should map to this line number".

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedFunctionExecutable::link):
(JSC::UnlinkedFunctionExecutable::fromGlobalCode):

  • bytecode/UnlinkedCodeBlock.h:
  • interpreter/Interpreter.cpp:

(JSC::StackFrame::computeLineAndColumn):
(JSC::GetStackTraceFunctor::operator()):

  • interpreter/Interpreter.h:
  • interpreter/StackVisitor.cpp:

(JSC::StackVisitor::Frame::computeLineAndColumn):

  • parser/ParserError.h:

(JSC::ParserError::toErrorObject): Plumb through an override line number.
When a function has an override line number, all syntax and runtime
errors in the function will map to it. This is useful for attribute event
listeners.

  • parser/SourceCode.h:

(JSC::SourceCode::SourceCode): Restore the old sanitization of line and
column numbers to one-based integers. It was kind of a hack to remove this.

  • runtime/Executable.cpp:

(JSC::ScriptExecutable::ScriptExecutable):
(JSC::FunctionExecutable::fromGlobalCode):

  • runtime/Executable.h:

(JSC::ScriptExecutable::setOverrideLineNo):
(JSC::ScriptExecutable::hasOverrideLineNo):
(JSC::ScriptExecutable::overrideLineNo):

  • runtime/FunctionConstructor.cpp:

(JSC::constructFunctionSkippingEvalEnabledCheck):

  • runtime/FunctionConstructor.h: Plumb through an override line number.

Source/WebCore:

  • bindings/js/JSLazyEventListener.cpp:

(WebCore::JSLazyEventListener::initializeJSFunction): Use the new override
line number API to guarantee that errors will map to the .html file locations
that we like.

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::eventHandlerPosition): Added a FIXME to cover
some cases where our line and column numbers are still nonsense.

LayoutTests:

No test covering this ASSERT because I couldn't design a way to reproduce
it after trying for a few hours. Simply loading the original ASSERTing
content from disk is not enough to reproduce this bug.

  • fast/profiler/dead-time-expected.txt:
  • fast/profiler/inline-event-handler-expected.txt:
  • fast/profiler/stop-profiling-after-setTimeout-expected.txt: These are

progressions, where we used to get the line number wrong.

  • fast/dom/attribute-event-listener-errors-expected.txt: Added.
  • fast/dom/attribute-event-listener-errors.html: Added. This test covers

a subtle way in which the new mechanism for attribute event listener
line numbers is more accurate than the old one.

4:06 PM Changeset in webkit [182033] by Beth Dakin
  • 4 edits in trunk/Source/WebCore

Relevant repainted objects callback is inaccurate and inconsistent for PDF
documents
https://bugs.webkit.org/show_bug.cgi?id=143118
-and corresponding-
rdar://problem/13371582

Reviewed by Tim Horton.

Investigating this bug resulted in finding two things that should change for the
relevant repainted objects heuristic. First, we should not count any objects
painted while updating control tints. And secondly, we should not use it at all
for plugin documents. In other documents, we count the plugin area as “painted”
when we get to paint whether or not the plugin has actually loaded. This is
intentional because it allows us to account for chunks of the page that will be
filled in by possibly slow-loading ads. However, if the plugin is the whole
document, then the heuristic just doesn’t make any sense and it leads to
inconsistent behavior at different window sizes. So we’ll only count plugins when
the document is not a plugin document.

Don’t count objects during this paint!

  • page/FrameView.cpp:

(WebCore::FrameView::updateControlTints):

  • page/Page.h:

(WebCore::Page::setIsCountingRelevantRepaintedObjects):

Make sure the document is not a plugin document.

  • rendering/RenderEmbeddedObject.cpp:

(WebCore::RenderEmbeddedObject::paint):

3:53 PM Changeset in webkit [182032] by commit-queue@webkit.org
  • 18 edits in trunk

Progress towards CMake on Mac.
https://bugs.webkit.org/show_bug.cgi?id=143112

Patch by Alex Christensen <achristensen@webkit.org> on 2015-03-26
Reviewed by Chris Dumez.

.:

  • Source/cmake/OptionsMac.cmake:

Source/WebCore:

  • CMakeLists.txt:
  • PlatformEfl.cmake:
  • PlatformGTK.cmake:
  • PlatformMac.cmake:
  • platform/graphics/mac/IconMac.mm:

Source/WebKit:

  • PlatformMac.cmake:

Source/WebKit/mac:

  • WebCoreSupport/WebFrameLoaderClient.h:

Source/WebKit2:

  • CMakeLists.txt:
  • PlatformMac.cmake:
  • UIProcess/Cocoa/WebPageProxyCocoa.mm:

Source/WTF:

  • wtf/PlatformMac.cmake:
3:52 PM Changeset in webkit [182031] by Chris Dumez
  • 12 edits in trunk/Source/WebKit2

[WK2][Cocoa] Add private API to override the network disk cache size
https://bugs.webkit.org/show_bug.cgi?id=143113
<rdar://problem/20315669>

Reviewed by Antti Koivisto.

Add private API to let the client override the network disk cache size.
By default, the network disk cache is automatically determined based on
the CacheModel and the available disk space. However, for testing
purposes, it can be used for the client-side to be able to override
the disk cache size.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::initializeNetworkProcess):

  • NetworkProcess/NetworkProcess.h:
  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::setMaximumSize):

  • NetworkProcess/cocoa/NetworkProcessCocoa.mm:

(WebKit::NetworkProcess::platformSetCacheModel):

  • Shared/Network/NetworkProcessCreationParameters.cpp:

(WebKit::NetworkProcessCreationParameters::encode):
(WebKit::NetworkProcessCreationParameters::decode):

  • Shared/Network/NetworkProcessCreationParameters.h:
  • UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::copy):

  • UIProcess/API/APIProcessPoolConfiguration.h:
  • UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h:
  • UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm:

(-[_WKProcessPoolConfiguration diskCacheSizeOverride]):
(-[_WKProcessPoolConfiguration setDiskCacheSizeOverride:]):

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::WebProcessPool):
(WebKit::WebProcessPool::ensureNetworkProcess):

  • UIProcess/WebProcessPool.h:
3:35 PM Changeset in webkit [182030] by ap@apple.com
  • 2 edits in trunk/Tools

Layout test results URL loads in WK1 but not WK2 minibrowser
https://bugs.webkit.org/show_bug.cgi?id=143117

Reviewed by Tim Horton.

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController fetch:]): Fix this, international domain names, and
everything.
(-[WK2BrowserWindowController updateTextFieldFromURL:]): Ditto.

3:31 PM Changeset in webkit [182029] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[iOS] Accessibility crashing because MediaPlayer is laying out UI off the main thread
https://bugs.webkit.org/show_bug.cgi?id=142970

Reviewed by Eric Carlson.

isMainThread() will (ironically) return true if called from the web thread. Rather than dispatch
synchronously to the main thread to allocate the _volumeView, dispatch asynchronously and handle
the case where the MPVolumeView has not yet been created.

  • platform/audio/ios/MediaSessionManagerIOS.mm:

(-[WebMediaSessionHelper allocateVolumeView]): Dispatch to the main thread to allocate. Move notification

registration to -setVolumeView:.

(-[WebMediaSessionHelper setVolumeView:]): Added. Register/Unregister for route availablitiy notifications.
(-[WebMediaSessionHelper hasWirelessTargetsAvailable]): Handle the possibility of a nil _volumeView.

3:20 PM Changeset in webkit [182028] by akling@apple.com
  • 6 edits in trunk/Source/WebKit2

[Darwin] Boost the web process QoS level while handling a synchronous IPC message.
<https://webkit.org/b/142988>
<rdar://problem/20264346>

Reviewed by Antti Koivisto and Anders Carlsson.

Add a mechanism for IPC::Connection to boost the main thread for the duration
of processing a synchronous message.

This fixes an issue where the UI process would block on a synchronous request
to the web process that was being carried out at a lower QoS level.

  • Platform/IPC/Connection.cpp:

(IPC::Connection::Connection): Save the main thread's pthread_t while we have
a chance to retreive it.

(IPC::Connection::processIncomingMessage): Optionally boost the main thread when
processing an incoming message with the IsSyncMessage flag set.

  • Platform/IPC/Connection.h:

(IPC::Connection::setShouldBoostMainThreadOnSyncMessage): Added. When this mode is
enabled, Connection will give a temporary QoS override to the main thread when
receiving a synchronous message. Ownership of the override is handed to the
MessageDecoder, which resets the main thread QoS in its destructor.

  • Platform/IPC/MessageDecoder.cpp:

(IPC::MessageDecoder::~MessageDecoder): Remove any QoS override owned by this message.

  • Platform/IPC/MessageDecoder.h:

(IPC::MessageDecoder::setQOSClassOverride): Added. Takes ownership of a QoS override
to make sure it stays in effect until this message has been dispatched.

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeConnection): Set up main thread QoS boosting for the
web process's connection to the UI process.

3:09 PM Changeset in webkit [182027] by bshafiei@apple.com
  • 1 copy in tags/Safari-600.5.16

New tag.

2:43 PM Changeset in webkit [182026] by rniwa@webkit.org
  • 5 edits in trunk/Source

Cursor doesn't change back to pointer when leaving Mail
https://bugs.webkit.org/show_bug.cgi?id=132038

Reviewed by Anders Carlsson.

Fixed the bug by adding a cursor rect and making the primary tracking area update the cursor so that
AppKit will reset the cursor as it leaves the WebView.

We use nil cursor here since we manually update the cursor by calling [NSCursor set].

Source/WebKit/mac:

  • WebView/WebHTMLView.mm:

(-[WebHTMLView setDataSource:]): Use NSTrackingCursorUpdate option in creating the primary tracking area.

Source/WebKit2:

  • UIProcess/API/mac/WKView.mm:

(-[WKView initWithFrame:processPool:configuration:webView:]):

  • UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::recommendedScrollbarStyleDidChange):

2:30 PM Changeset in webkit [182025] by bshafiei@apple.com
  • 2 edits in branches/safari-600.5-branch/Source/WebCore

Merged r182014. rdar://problem/20313011

2:02 PM Changeset in webkit [182024] by benjamin@webkit.org
  • 2 edits in trunk/Source/WebCore

Fix state maching debugging after r181964
https://bugs.webkit.org/show_bug.cgi?id=143082

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-03-26
Reviewed by Alex Christensen.

  • contentextensions/ContentExtensionCompiler.cpp:

(WebCore::ContentExtensions::compileRuleList):

1:48 PM Changeset in webkit [182023] by fpizlo@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

If we're in code for accessing scoped arguments, we should probably check if the object is a scoped arguments rather than checking if it's a direct arguments.

Reviewed by Michael Saboff.

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emitScopedArgumentsGetByVal):

  • tests/stress/scoped-then-direct-arguments-get-by-val-in-baseline.js: Added.
12:09 PM Changeset in webkit [182022] by hyatt@apple.com
  • 4 edits in trunk/Source/WebCore

Improve the offsetWidth/Height layout optimization
https://bugs.webkit.org/show_bug.cgi?id=143008

Reviewed by Zalan Bujtas.

  • dom/Document.cpp:

(WebCore::Document::updateLayoutIfDimensionsOutOfDate):

  • dom/Document.h:

Change Element* to Element&. Clean up the dimension bits to use shifting. Remove both the inline and
the positioning restrictions on the optimization check.

  • dom/Element.cpp:

(WebCore::Element::offsetWidth):
(WebCore::Element::offsetHeight):
Change to use Element& instead of Element*.

(WebCore::Element::clientWidth):
(WebCore::Element::clientHeight):
(WebCore::Element::scrollWidth):
(WebCore::Element::scrollHeight):
Turn on the optimization for clientWidth/Height and scrollWidth/Height.

12:00 PM Changeset in webkit [182021] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

[Linux] SeccompFilters: improve the port-agnostic whitelist
https://bugs.webkit.org/show_bug.cgi?id=140064

Patch by Michael Catanzaro <Michael Catanzaro> on 2015-03-26
Reviewed by Žan Doberšek.

Allow the web process to access several files and directories that it
was previously prohibited from accessing. This makes the web process
much less likely to break.

  • Shared/linux/SeccompFilters/SyscallPolicy.cpp:

(WebKit::SyscallPolicy::addDefaultWebProcessPolicy):

11:49 AM Changeset in webkit [182020] by Antti Koivisto
  • 2 edits in trunk/Source/WebKit2

Remove unneeded isConditionalRequest check from NetworkResourceLoader
https://bugs.webkit.org/show_bug.cgi?id=143096

Reviewed by Anders Carlsson.

This check is leftover from implementation that allowed disk cache to validate conditional
request itself. The case can't happen as NetworkCache canRetrieve test does not allow
conditional requests in the first place.

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::didReceiveResponseAsync):
(WebKit::isConditionalRequest): Deleted.

11:39 AM Changeset in webkit [182019] by Antti Koivisto
  • 6 edits in trunk/Source/WebKit2

Rename Storage::Entry to Storage::Record
https://bugs.webkit.org/show_bug.cgi?id=143101

Reviewed by Chris Dumez.

Lets have just one type called Entry in the cache code.

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::retrieve):
(WebKit::NetworkCache::Cache::store):
(WebKit::NetworkCache::Cache::update):
(WebKit::NetworkCache::Cache::traverse):
(WebKit::NetworkCache::Cache::dumpContentsToFile):

  • NetworkProcess/cache/NetworkCacheEntry.cpp:

(WebKit::NetworkCache::Entry::Entry):
(WebKit::NetworkCache::Entry::encodeAsStorageRecord):
(WebKit::NetworkCache::Entry::decodeStorageRecord):
(WebKit::NetworkCache::Entry::initializeBufferFromStorageRecord):
(WebKit::NetworkCache::Entry::buffer):
(WebKit::NetworkCache::Entry::shareableResourceHandle):
(WebKit::NetworkCache::Entry::encode): Deleted.
(WebKit::NetworkCache::Entry::decode): Deleted.
(WebKit::NetworkCache::Entry::initializeBufferFromStorageEntry): Deleted.

  • NetworkProcess/cache/NetworkCacheEntry.h:

(WebKit::NetworkCache::Entry::sourceStorageRecord):
(WebKit::NetworkCache::Entry::sourceStorageEntry): Deleted.

  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::RecordMetaData::RecordMetaData):
(WebKit::NetworkCache::decodeRecordMetaData):
(WebKit::NetworkCache::decodeRecordHeader):
(WebKit::NetworkCache::decodeRecord):
(WebKit::NetworkCache::encodeRecordMetaData):
(WebKit::NetworkCache::encodeRecordHeader):
(WebKit::NetworkCache::Storage::dispatchReadOperation):
(WebKit::NetworkCache::retrieveFromMemory):
(WebKit::NetworkCache::Storage::store):
(WebKit::NetworkCache::Storage::update):
(WebKit::NetworkCache::Storage::traverse):
(WebKit::NetworkCache::Storage::dispatchPendingWriteOperations):
(WebKit::NetworkCache::Storage::dispatchFullWriteOperation):
(WebKit::NetworkCache::Storage::dispatchHeaderWriteOperation):
(WebKit::NetworkCache::EntryMetaData::EntryMetaData): Deleted.
(WebKit::NetworkCache::decodeEntryMetaData): Deleted.
(WebKit::NetworkCache::decodeEntryHeader): Deleted.
(WebKit::NetworkCache::decodeEntry): Deleted.
(WebKit::NetworkCache::encodeEntryMetaData): Deleted.
(WebKit::NetworkCache::encodeEntryHeader): Deleted.

  • NetworkProcess/cache/NetworkCacheStorage.h:
11:16 AM Changeset in webkit [182018] by jer.noble@apple.com
  • 4 edits in trunk/Tools

Add --allowed-host support to run-webkit-tests
https://bugs.webkit.org/show_bug.cgi?id=142938

Reviewed by Brent Fulgham.

Accept --allowed-host arguments from run-webkit-tests and pass them through to
DumpRenderTree and WebKitTestRunner.

Drive-by fix: Depending on the value of the --layout-test-dir parameter, layout test results
are placed in the wrong location. The argument is compared with each tests's path, and if a
relative path or a path with '..' was used, results are placed alongside the test. Take the
absolute path of the --layout-test-dir argument, collapsing path components like '..'.

  • Scripts/webkitpy/layout_tests/run_webkit_tests.py:

(parse_args):

  • Scripts/webkitpy/port/base.py:

(Port.init):
(Port.allowed_hosts):

  • Scripts/webkitpy/port/driver.py:

(Driver.cmd_line):

11:12 AM Changeset in webkit [182017] by jer.noble@apple.com
  • 12 edits in trunk/Tools

[Mac] Add an --allowed-host argument to DRT and WKTR to allow tests to connect to non-localhost servers
https://bugs.webkit.org/show_bug.cgi?id=142931

Reviewed by Brent Fulgham.

Currently, both DRT and WKTR will refuse to allow network connections to non-localhost servers
over HTTP/HTTPS. For certain testing scenarios, however, it would be useful if both DRT and
WKTR could be allowed to make HTTP/HTTPS connections to certain, specific servers defined at
runtime.

To allow this, add an optional argument to DRT and WKTR, --allowed-host, which will add the specified
hostname to a whitelist; requests to these hosts will allowed to proceed normally.

Drive-by fix: in InjectedBundlePage::willSendRequestForFrame, we get the top loading frame from the
injected bundle. But after the main resource load completes, the bundle nulls out it's pointer to the
top loading frame, which causes a subsequent crash when further resources are requested. Instead, get
the top loading frame from the page, as we do elsewhere in this class.

  • DumpRenderTree/TestRunner.h:

(TestRunner::allowedHosts):
(TestRunner::setAllowedHosts):

  • DumpRenderTree/mac/DumpRenderTree.mm:

(initializeGlobalsFromCommandLineOptions):
(runTest):

  • DumpRenderTree/mac/ResourceLoadDelegate.mm:

(isAllowedHost):
(-[ResourceLoadDelegate webView:resource:willSendRequest:redirectResponse:fromDataSource:]):

  • WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::didReceiveMessage):
(WTR::InjectedBundle::isAllowedHost):

  • WebKitTestRunner/InjectedBundle/InjectedBundle.h:
  • WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:

(WTR::isAllowedHost):
(WTR::InjectedBundlePage::willSendRequestForFrame):

  • WebKitTestRunner/InjectedBundle/TestRunner.h:
  • WebKitTestRunner/Options.cpp:

(WTR::handleOptionAllowedHost):
(WTR::OptionsHandler::OptionsHandler):

  • WebKitTestRunner/Options.h:
  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::initialize):
(WTR::TestController::resetStateToConsistentValues):

  • WebKitTestRunner/TestController.h:
10:45 AM Changeset in webkit [182016] by beidson@apple.com
  • 15 edits
    10 adds in trunk

Apply ContentExtension actions after redirects.
<rdar://problem/20062613> and https://bugs.webkit.org/show_bug.cgi?id=143055

Reviewed by Alex Christensen.

Source/WebCore:

Tests: http/tests/contentextensions/loading/main-resource-redirect-blocked.php

http/tests/contentextensions/subresource-redirect-blocked.html

This patch moves the "run a URL against the content extension" code from CachedResourceLoader to
the ContentExtensionsBackend.

That allows it to be shared between the CachedResourceLoader where loads are initiated and
ResourceLoader where redirects are handled.

  • contentextensions/ContentExtension.cpp:

(WebCore::ContentExtensions::ContentExtension::globalDisplayNoneStyleSheet):

  • contentextensions/ContentExtensionsBackend.cpp:

(WebCore::ContentExtensions::ContentExtensionsBackend::processContentExtensionRulesForLoad):
(WebCore::ContentExtensions::ContentExtensionsBackend::displayNoneCSSRule):

  • contentextensions/ContentExtensionsBackend.h:
  • loader/NetscapePlugInStreamLoader.cpp:

(WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader):

  • loader/ResourceLoadInfo.h:
  • loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::ResourceLoader):
(WebCore::ResourceLoader::willSendRequest):

  • loader/ResourceLoader.h:
  • loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::SubresourceLoader):

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):

  • page/UserContentController.cpp:

(WebCore::UserContentController::processContentExtensionRulesForLoad):
(WebCore::UserContentController::actionsForResourceLoad): Deleted.
(WebCore::UserContentController::globalDisplayNoneStyleSheet): Deleted.
(WebCore::UserContentController::displayNoneCSSRule): Deleted.

  • page/UserContentController.h:

Tools:

  • WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:

(WTR::InjectedBundlePage::didFailProvisionalLoadWithErrorForFrame): Dump the fact that the load error is kWKErrorCodeCannotShowURL

which is specifically interesting to a new test.

LayoutTests:

  • http/tests/contentextensions/loading/main-resource-redirect-blocked-expected.txt: Added.
  • http/tests/contentextensions/loading/main-resource-redirect-blocked.php: Added.
  • http/tests/contentextensions/loading/main-resource-redirect-blocked.php.json: Added.
  • http/tests/contentextensions/loading/resources/main-resource-redirect-blocked-target.html: Added.
  • http/tests/contentextensions/resources/subresource-redirect.php: Added.
  • http/tests/contentextensions/subresource-redirect-blocked-expected.txt: Added.
  • http/tests/contentextensions/subresource-redirect-blocked.html: Added.
  • http/tests/contentextensions/subresource-redirect-blocked.html.json: Added.
10:29 AM Changeset in webkit [182015] by mmaxfield@apple.com
  • 2 edits in trunk/Source/WebCore

Crash when laying out (char)0
https://bugs.webkit.org/show_bug.cgi?id=143103

Reviewed by Dean Jackson.

We currently cache a character -> Font mapping in a HashMap.
However, keys in Hashmaps can't be 0. This patch simply skips
the cache in this case.

No new tests, for now. I'm having trouble creating a test because
the site that causes this bug generates their page using script,
and the script is all minified, and difficult to understand. I
will contact the owner of the site and ask for and unminified
version of their sources. However, I don't want to that to block
this tiny fix from going in.

  • platform/graphics/Font.cpp:

(WebCore::Font::systemFallbackFontForCharacter):

10:24 AM Changeset in webkit [182014] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[Mac][EME] Crash at com.apple.WebCore: WebCore::CDMSessionMediaSourceAVFObjC::releaseKeys + 177
https://bugs.webkit.org/show_bug.cgi?id=143080

Reviewed by Eric Carlson.

Null-check m_certificate before dereferencing.

  • platform/graphics/avfoundation/objc/CDMSessionMediaSourceAVFObjC.mm:

(WebCore::CDMSessionMediaSourceAVFObjC::releaseKeys):

10:04 AM Changeset in webkit [182013] by msaboff@apple.com
  • 2 edits in trunk/LayoutTests

js/promises-tests/promises-tests-2-3-3.html sometimes crashes under DFG::SpeculativeJIT::compile
https://bugs.webkit.org/show_bug.cgi?id=139865

Reviewed by Alexey Proskuryakov.

It appears that r181993 fixed this test as it removed the code where the crash occurred.

  • TestExpectations: Re-enabled js/promises-tests/promises-tests-2-3-3 including marking it as Slow.
9:35 AM Changeset in webkit [182012] by Chris Fleizach
  • 7 edits
    2 adds in trunk

AX: [role="button"][aria-pressed] should be exposed as AXCheckbox:AXToggleButton, with role description of "toggle button"
https://bugs.webkit.org/show_bug.cgi?id=115298

Reviewed by Mario Sanchez Prada.

Source/WebCore:

A role=button + aria-pressed object should be exposed as AXCheckbox on Mac now. It should also convert the
aria-pressed state into a 0, 1, 2 number value for the Mac.

Test: platform/mac/accessibility/aria-pressed-button-attributes.html

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::checkboxOrRadioValue):

  • accessibility/AccessibilityObject.h:

(WebCore::AccessibilityObject::isToggleButton):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper additionalAccessibilityAttributeNames]):
(createAccessibilityRoleMap):
(-[WebAccessibilityObjectWrapper subrole]):
(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

LayoutTests:

  • accessibility/aria-toggle-button-with-title.html:

Bad path for post test resources file, so that is fixed.

  • platform/mac/accessibility/aria-pressed-button-attributes-expected.txt: Added.
  • platform/mac/accessibility/aria-pressed-button-attributes.html: Added.
  • platform/mac/accessibility/aria-toggle-button-with-title-expected.txt:

Updated to reflect the new role of this object.

9:24 AM Changeset in webkit [182011] by Chris Dumez
  • 3 edits in trunk/Source/WebKit2

[WK2] Let the compiler generate the NetworkCache::Key move constructor
https://bugs.webkit.org/show_bug.cgi?id=143079

Reviewed by Antti Koivisto.

Let the compiler generate the NetworkCache::Key move constructor. The
generated one will do exactly the same thing as the one we had except
that it will move the m_hash member as well. I don't see any reason why
we weren't moving this member before (it is an std::array<uint8_t, 16>).

Also have the compiler generate a move assignment operator for
consistency. Although it is not currently useful, it could be at some
point.

  • NetworkProcess/cache/NetworkCacheKey.cpp:

(WebKit::NetworkCache::Key::Key): Deleted.

  • NetworkProcess/cache/NetworkCacheKey.h:
9:21 AM Changeset in webkit [182010] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

[WK2][NetworkCache] Compute if a cached response has expired only when actually needed
https://bugs.webkit.org/show_bug.cgi?id=143070

Reviewed by Antti Koivisto.

Compute if a cached response has expired only when actually needed:

  • This is not a history navigation

and

  • It does not have "Cache-Control: no-cache" header

Previously, we would always determine if the response has expired and
we often end up not using this information.

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::responseHasExpired):
(WebKit::NetworkCache::canUse):

8:29 AM Changeset in webkit [182009] by fpizlo@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

FTL ScopedArguments GetArrayLength generates incorrect code and crashes in LLVM
https://bugs.webkit.org/show_bug.cgi?id=143098

Reviewed by Csaba Osztrogonác.

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileGetArrayLength): Fix a typo.

  • tests/stress/scoped-arguments-array-length.js: Added. This test previously always crashed in ftl-no-cjit mode.
5:23 AM Changeset in webkit [182008] by Csaba Osztrogonác
  • 2 edits in trunk/Tools

[EFL] Disable building libseccomp on AArch64
https://bugs.webkit.org/show_bug.cgi?id=143094

Reviewed by Gyuyoung Kim.

  • efl/jhbuildrc:
5:21 AM Changeset in webkit [182007] by Csaba Osztrogonác
  • 2 edits in trunk/Tools

[jhbuild] git should use only 1 thread for cloning jhbuild
https://bugs.webkit.org/show_bug.cgi?id=143095

Reviewed by Gyuyoung Kim.

  • jhbuild/jhbuild-wrapper:

(clone_jhbuild):

3:47 AM Changeset in webkit [182006] by Csaba Osztrogonác
  • 8 edits in trunk

Unreviewed gardening, skip failing tests on AArch64 Linux.

Source/JavaScriptCore:

  • tests/mozilla/mozilla-tests.yaml:
  • tests/stress/cached-prototype-setter.js:

LayoutTests:

  • js/script-tests/array-from.js:
  • js/script-tests/array-length-shortening.js:
  • js/script-tests/dfg-int16array.js:
  • js/script-tests/dfg-int8array.js:
12:51 AM Changeset in webkit [182005] by zandobersek@gmail.com
  • 9 edits in trunk/Source/WebKit2

Avoid the Vector<> copy in WebTouchEvent constructor
https://bugs.webkit.org/show_bug.cgi?id=143043

Reviewed by Carlos Garcia Campos.

Have the WebTouchEvent accept a Vector<> rvalue.
The relevant code is updated so the Vector<> object is moved
through the call chain and finally into the WebTouchEvent constructor.

  • Shared/NativeWebTouchEvent.h:
  • Shared/WebEvent.h:
  • Shared/WebTouchEvent.cpp:

(WebKit::WebTouchEvent::WebTouchEvent):

  • Shared/efl/WebEventFactory.cpp:

(WebKit::WebEventFactory::createWebTouchEvent):

  • Shared/gtk/NativeWebTouchEventGtk.cpp:

(WebKit::NativeWebTouchEvent::NativeWebTouchEvent):

  • Shared/gtk/WebEventFactory.cpp:

(WebKit::WebEventFactory::createWebTouchEvent):

  • Shared/gtk/WebEventFactory.h:
  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseTouchEvent):

12:17 AM Changeset in webkit [182004] by fpizlo@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

Unreviewed, fixes to silly things. While landing fixes to r181993, I introduced crashes. This fixes them.

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants): I landed a fix for a VS warning. It broke this. Now I'm fixing it.

  • ftl/FTLCompile.cpp:

(JSC::FTL::compile): Make sure we pass the module when dumping. This makes FTL debugging possible again.

  • ftl/FTLState.cpp:

(JSC::FTL::State::dumpState): New overload that takes a module, so that we can call this after FTL::compile() clears State's module.

  • ftl/FTLState.h:
12:00 AM Changeset in webkit [182003] by ap@apple.com
  • 2 edits in trunk/LayoutTests

media/track/track-mode.html flakily times out
https://bugs.webkit.org/show_bug.cgi?id=143085

Mar 25, 2015:

11:01 PM Changeset in webkit [182002] by Chris Fleizach
  • 4 edits in trunk/LayoutTests

AX: table cells that use display:block render the table inaccessible to VoiceOver
https://bugs.webkit.org/show_bug.cgi?id=143007

Unreviewed, layout test fix.

Skip associated accessibility/table-cell-display-block.html on failing platforms.

  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:

Specific platform changes in children ordering need to be updated to make this test pass.

  • platform/win/TestExpectations:

Need to implement cellForRowAndColumn.

10:32 PM Changeset in webkit [182001] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix obvious goof that was causing 32-bit debug crashes. The 64-bit version did it
right, so this just makes 32-bit do the same.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):

10:23 PM Changeset in webkit [182000] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Fix a typo that ggaren found but that I didn't fix before.

  • runtime/DirectArgumentsOffset.h:
9:58 PM Changeset in webkit [181999] by fpizlo@apple.com
  • 2 edits in trunk/Source/WTF

Unreviewed, we have edited this file in 2015.

  • wtf/Platform.h:
9:52 PM Changeset in webkit [181998] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, VC found a bug. This fixes the bug.

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

9:50 PM Changeset in webkit [181997] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, try to fix Windows build.

  • runtime/ClonedArguments.cpp:

(JSC::ClonedArguments::createWithInlineFrame):

9:37 PM Changeset in webkit [181996] by commit-queue@webkit.org
  • 4 edits in trunk/Tools

Update prepare-ChangeLog to work with ES6 Class syntax
https://bugs.webkit.org/show_bug.cgi?id=143069

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-03-25
Reviewed by Timothy Hatcher.

  • Scripts/prepare-ChangeLog:

(get_function_line_ranges_for_javascript):
Better handle ES6 Class syntax.

  • Scripts/webkitperl/prepare-ChangeLog_unittest/resources/javascript_unittests-expected.txt:
  • Scripts/webkitperl/prepare-ChangeLog_unittest/resources/javascript_unittests.js:

(BaseClass):
(DerivedClass):
(DerivedClass.staticMethod):
(DerivedClass.prototype.method.nestedFunctionInsideMethod):
(DerivedClass.prototype.method):
(DerivedClass.prototype.get getter):
(namespace.MyClass):
(namespace.MyClass.staticMethod):
(namespace.MyClass.prototype.method.nestedFunctionInsideMethod):
(namespace.MyClass.prototype.method):
(namespace.MyClass.prototype.get getter):
Proof!

9:35 PM Changeset in webkit [181995] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix debug build.

  • bytecompiler/NodesCodegen.cpp:

(JSC::ConstDeclNode::emitCodeSingle):

9:34 PM Changeset in webkit [181994] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix CLOOP build.

  • dfg/DFGMinifiedID.h:
9:28 PM Changeset in webkit [181993] by fpizlo@apple.com
  • 181 edits
    88 adds
    4 deletes in trunk

Heap variables shouldn't end up in the stack frame
https://bugs.webkit.org/show_bug.cgi?id=141174

Reviewed by Geoffrey Garen.
Source/JavaScriptCore:


This is a major change to how JavaScriptCore handles declared variables (i.e. "var"). It removes
any ambiguity about whether a variable should be in the heap or on the stack. A variable will no
longer move between heap and stack during its lifetime. This enables a bunch of optimizations and
simplifications:

  • Accesses to variables no longer need checks or indirections to determine where the variable is at that moment in time. For example, loading a closure variable now takes just one load instead of two. Loading an argument by index now takes a bounds check and a load in the fastest case (when no arguments object allocation is required) while previously that same operation required a "did I allocate arguments yet" check, a bounds check, and then the load.


  • Reasoning about the allocation of an activation or arguments object now follows the same simple logic as the allocation of any other kind of object. Previously, those objects were lazily allocated - so an allocation instruction wasn't the actual allocation site, since it might not allocate anything at all. This made the implementation of traditional escape analyses really awkward, and ultimately it meant that we missed important cases. Now, we can reason about the arguments object using the usual SSA tricks which allows for more comprehensive removal.


  • The allocations of arguments objects, functions, and activations are now much faster. While this patch generally expands our ability to eliminate arguments object allocations, an earlier version of the patch - which lacked that functionality - was a progression on some arguments- and closure-happy benchmarks because although no allocations were eliminated, all allocations were faster.


  • There is no tear-off. The runtime no loner needs to know about where on the stack a frame keeps its arguments objects or activations. The runtime doesn't have to do things to the arguments objects and activations that a frame allocated, when the frame is unwound. We always had horrid bugs in that code, so it's good to see it go. This removes *a ton* of machinery from the DFG, FTL, CodeBlock, and other places. All of the things having to do with "captured variables" is now gone. This also enables implementing block-scoping. Without this change, block-scope support would require telling CodeBlock and all of the rest of the runtime about all of the variables that store currently-live scopes. That would have been so disastrously hard that it might as well be impossible. With this change, it's fair game for the bytecode generator to simply allocate whatever activations it wants, wherever it wants, and to keep them live for however long it wants. This all works, because after bytecode generation, an activation is just an object and variables that refer to it are just normal variables.


  • SymbolTable can now tell you explicitly where a variable lives. The answer is in the form of a VarOffset object, which has methods like isStack(), isScope(), etc. VirtualRegister is never used for offsets of non-stack variables anymore. We now have shiny new objects for other kinds of offsets - ScopeOffset for offsets into scopes, and DirectArgumentsOffset for offsets into an arguments object.


  • Functions that create activations can now tier-up into the FTL. Previously they couldn't. Also, using activations used to prevent inlining; now functions that use activations can be inlined just fine.


This is a >1% speed-up on Octane. This is a >2% speed-up on CompressionBench. This is a tiny
speed-up on AsmBench (~0.4% or something). This looks like it might be a speed-up on SunSpider.
It's only a slow-down on very short-running microbenchmarks we had previously written for our old
style of tear-off-based arguments optimization. Those benchmarks are not part of any major suite.

The easiest way of understanding this change is to start by looking at the changes in runtime/,
and then the changes in bytecompiler/, and then sort of work your way up the compiler tiers.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • assembler/AbortReason.h:
  • assembler/AbstractMacroAssembler.h:

(JSC::AbstractMacroAssembler::BaseIndex::withOffset):

  • bytecode/ByValInfo.h:

(JSC::hasOptimizableIndexingForJSType):
(JSC::hasOptimizableIndexing):
(JSC::jitArrayModeForJSType):
(JSC::jitArrayModePermitsPut):
(JSC::jitArrayModeForStructure):

  • bytecode/BytecodeKills.h: Added.

(JSC::BytecodeKills::BytecodeKills):
(JSC::BytecodeKills::operandIsKilled):
(JSC::BytecodeKills::forEachOperandKilledAt):
(JSC::BytecodeKills::KillSet::KillSet):
(JSC::BytecodeKills::KillSet::add):
(JSC::BytecodeKills::KillSet::forEachLocal):
(JSC::BytecodeKills::KillSet::contains):

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeLivenessAnalysis.cpp:

(JSC::isValidRegisterForLiveness):
(JSC::stepOverInstruction):
(JSC::BytecodeLivenessAnalysis::runLivenessFixpoint):
(JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset):
(JSC::BytecodeLivenessAnalysis::operandIsLiveAtBytecodeOffset):
(JSC::BytecodeLivenessAnalysis::computeFullLiveness):
(JSC::BytecodeLivenessAnalysis::computeKills):
(JSC::indexForOperand): Deleted.
(JSC::BytecodeLivenessAnalysis::getLivenessInfoForNonCapturedVarsAtBytecodeOffset): Deleted.
(JSC::getLivenessInfo): Deleted.

  • bytecode/BytecodeLivenessAnalysis.h:
  • bytecode/BytecodeLivenessAnalysisInlines.h:

(JSC::operandIsAlwaysLive):
(JSC::operandThatIsNotAlwaysLiveIsLive):
(JSC::operandIsLive):

  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::nameForRegister):
(JSC::CodeBlock::validate):
(JSC::CodeBlock::isCaptured): Deleted.
(JSC::CodeBlock::framePointerOffsetToGetActivationRegisters): Deleted.
(JSC::CodeBlock::machineSlowArguments): Deleted.

  • bytecode/CodeBlock.h:

(JSC::unmodifiedArgumentsRegister): Deleted.
(JSC::CodeBlock::setArgumentsRegister): Deleted.
(JSC::CodeBlock::argumentsRegister): Deleted.
(JSC::CodeBlock::uncheckedArgumentsRegister): Deleted.
(JSC::CodeBlock::usesArguments): Deleted.
(JSC::CodeBlock::captureCount): Deleted.
(JSC::CodeBlock::captureStart): Deleted.
(JSC::CodeBlock::captureEnd): Deleted.
(JSC::CodeBlock::argumentIndexAfterCapture): Deleted.
(JSC::CodeBlock::hasSlowArguments): Deleted.
(JSC::ExecState::argumentAfterCapture): Deleted.

  • bytecode/CodeOrigin.h:
  • bytecode/DataFormat.h:

(JSC::dataFormatToString):

  • bytecode/FullBytecodeLiveness.h:

(JSC::FullBytecodeLiveness::getLiveness):
(JSC::FullBytecodeLiveness::operandIsLive):
(JSC::FullBytecodeLiveness::FullBytecodeLiveness): Deleted.
(JSC::FullBytecodeLiveness::getOut): Deleted.

  • bytecode/Instruction.h:

(JSC::Instruction::Instruction):

  • bytecode/Operands.h:

(JSC::Operands::virtualRegisterForIndex):

  • bytecode/SpeculatedType.cpp:

(JSC::dumpSpeculation):
(JSC::speculationToAbbreviatedString):
(JSC::speculationFromClassInfo):

  • bytecode/SpeculatedType.h:

(JSC::isDirectArgumentsSpeculation):
(JSC::isScopedArgumentsSpeculation):
(JSC::isActionableMutableArraySpeculation):
(JSC::isActionableArraySpeculation):
(JSC::isArgumentsSpeculation): Deleted.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::setArgumentsRegister): Deleted.
(JSC::UnlinkedCodeBlock::usesArguments): Deleted.
(JSC::UnlinkedCodeBlock::argumentsRegister): Deleted.

  • bytecode/ValueRecovery.cpp:

(JSC::ValueRecovery::dumpInContext):

  • bytecode/ValueRecovery.h:

(JSC::ValueRecovery::directArgumentsThatWereNotCreated):
(JSC::ValueRecovery::outOfBandArgumentsThatWereNotCreated):
(JSC::ValueRecovery::nodeID):
(JSC::ValueRecovery::argumentsThatWereNotCreated): Deleted.

  • bytecode/VirtualRegister.h:

(JSC::VirtualRegister::operator==):
(JSC::VirtualRegister::operator!=):
(JSC::VirtualRegister::operator<):
(JSC::VirtualRegister::operator>):
(JSC::VirtualRegister::operator<=):
(JSC::VirtualRegister::operator>=):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::initializeNextParameter):
(JSC::BytecodeGenerator::visibleNameForParameter):
(JSC::BytecodeGenerator::emitMove):
(JSC::BytecodeGenerator::variable):
(JSC::BytecodeGenerator::createVariable):
(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitGetFromScope):
(JSC::BytecodeGenerator::emitPutToScope):
(JSC::BytecodeGenerator::initializeVariable):
(JSC::BytecodeGenerator::emitInstanceOf):
(JSC::BytecodeGenerator::emitNewFunction):
(JSC::BytecodeGenerator::emitNewFunctionInternal):
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitReturn):
(JSC::BytecodeGenerator::emitConstruct):
(JSC::BytecodeGenerator::isArgumentNumber):
(JSC::BytecodeGenerator::emitEnumeration):
(JSC::BytecodeGenerator::addVar): Deleted.
(JSC::BytecodeGenerator::emitInitLazyRegister): Deleted.
(JSC::BytecodeGenerator::initializeCapturedVariable): Deleted.
(JSC::BytecodeGenerator::resolveCallee): Deleted.
(JSC::BytecodeGenerator::addCallee): Deleted.
(JSC::BytecodeGenerator::addParameter): Deleted.
(JSC::BytecodeGenerator::willResolveToArgumentsRegister): Deleted.
(JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister): Deleted.
(JSC::BytecodeGenerator::createLazyRegisterIfNecessary): Deleted.
(JSC::BytecodeGenerator::isCaptured): Deleted.
(JSC::BytecodeGenerator::local): Deleted.
(JSC::BytecodeGenerator::constLocal): Deleted.
(JSC::BytecodeGenerator::emitResolveConstantLocal): Deleted.
(JSC::BytecodeGenerator::emitGetArgumentsLength): Deleted.
(JSC::BytecodeGenerator::emitGetArgumentByVal): Deleted.
(JSC::BytecodeGenerator::emitLazyNewFunction): Deleted.
(JSC::BytecodeGenerator::createArgumentsIfNecessary): Deleted.

  • bytecompiler/BytecodeGenerator.h:

(JSC::Variable::Variable):
(JSC::Variable::isResolved):
(JSC::Variable::ident):
(JSC::Variable::offset):
(JSC::Variable::isLocal):
(JSC::Variable::local):
(JSC::Variable::isSpecial):
(JSC::BytecodeGenerator::argumentsRegister):
(JSC::BytecodeGenerator::emitNode):
(JSC::BytecodeGenerator::registerFor):
(JSC::Local::Local): Deleted.
(JSC::Local::operator bool): Deleted.
(JSC::Local::get): Deleted.
(JSC::Local::isSpecial): Deleted.
(JSC::ResolveScopeInfo::ResolveScopeInfo): Deleted.
(JSC::ResolveScopeInfo::isLocal): Deleted.
(JSC::ResolveScopeInfo::localIndex): Deleted.
(JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister): Deleted.
(JSC::BytecodeGenerator::captureMode): Deleted.
(JSC::BytecodeGenerator::shouldTearOffArgumentsEagerly): Deleted.
(JSC::BytecodeGenerator::shouldCreateArgumentsEagerly): Deleted.
(JSC::BytecodeGenerator::hasWatchableVariable): Deleted.
(JSC::BytecodeGenerator::watchableVariableIdentifier): Deleted.

  • bytecompiler/NodesCodegen.cpp:

(JSC::ResolveNode::isPure):
(JSC::ResolveNode::emitBytecode):
(JSC::BracketAccessorNode::emitBytecode):
(JSC::DotAccessorNode::emitBytecode):
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::CallFunctionCallDotNode::emitBytecode):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::DeleteResolveNode::emitBytecode):
(JSC::TypeOfResolveNode::emitBytecode):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::ConstDeclNode::emitCodeSingle):
(JSC::EmptyVarExpression::emitBytecode):
(JSC::ForInNode::tryGetBoundLocal):
(JSC::ForInNode::emitLoopHeader):
(JSC::ForOfNode::emitBytecode):
(JSC::ArrayPatternNode::emitDirectBinding):
(JSC::BindingNode::bindValue):
(JSC::getArgumentByVal): Deleted.

  • dfg/DFGAbstractHeap.h:
  • dfg/DFGAbstractInterpreter.h:
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::clobberWorld):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::clobberCapturedVars): Deleted.

  • dfg/DFGAbstractValue.h:
  • dfg/DFGArgumentPosition.h:

(JSC::DFG::ArgumentPosition::addVariable):

  • dfg/DFGArgumentsEliminationPhase.cpp: Added.

(JSC::DFG::performArgumentsElimination):

  • dfg/DFGArgumentsEliminationPhase.h: Added.
  • dfg/DFGArgumentsSimplificationPhase.cpp: Removed.
  • dfg/DFGArgumentsSimplificationPhase.h: Removed.
  • dfg/DFGArgumentsUtilities.cpp: Added.

(JSC::DFG::argumentsInvolveStackSlot):
(JSC::DFG::emitCodeToGetArgumentsArrayLength):

  • dfg/DFGArgumentsUtilities.h: Added.
  • dfg/DFGArrayMode.cpp:

(JSC::DFG::ArrayMode::refine):
(JSC::DFG::ArrayMode::alreadyChecked):
(JSC::DFG::arrayTypeToString):

  • dfg/DFGArrayMode.h:

(JSC::DFG::ArrayMode::canCSEStorage):
(JSC::DFG::ArrayMode::modeForPut):

  • dfg/DFGAvailabilityMap.cpp:

(JSC::DFG::AvailabilityMap::prune):

  • dfg/DFGAvailabilityMap.h:

(JSC::DFG::AvailabilityMap::closeOverNodes):
(JSC::DFG::AvailabilityMap::closeStartingWithLocal):

  • dfg/DFGBackwardsPropagationPhase.cpp:

(JSC::DFG::BackwardsPropagationPhase::propagate):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::newVariableAccessData):
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::setArgument):
(JSC::DFG::ByteCodeParser::flushDirect):
(JSC::DFG::ByteCodeParser::flush):
(JSC::DFG::ByteCodeParser::noticeArgumentsUse):
(JSC::DFG::ByteCodeParser::handleVarargsCall):
(JSC::DFG::ByteCodeParser::attemptToInlineCall):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
(JSC::DFG::ByteCodeParser::parseCodeBlock):

  • dfg/DFGCPSRethreadingPhase.cpp:

(JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
(JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):

  • dfg/DFGCSEPhase.cpp:
  • dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h: Added.

(JSC::DFG::CallCreateDirectArgumentsSlowPathGenerator::CallCreateDirectArgumentsSlowPathGenerator):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::isSupportedForInlining):
(JSC::DFG::capabilityLevel):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGCommon.h:
  • dfg/DFGCommonData.h:

(JSC::DFG::CommonData::CommonData):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

  • dfg/DFGDCEPhase.cpp:

(JSC::DFG::DCEPhase::cleanVariables):

  • dfg/DFGDisassembler.h:
  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGFlushFormat.cpp:

(WTF::printInternal):

  • dfg/DFGFlushFormat.h:

(JSC::DFG::resultFor):
(JSC::DFG::useKindFor):
(JSC::DFG::dataFormatFor):

  • dfg/DFGForAllKills.h: Added.

(JSC::DFG::forAllLiveNodesAtTail):
(JSC::DFG::forAllDirectlyKilledOperands):
(JSC::DFG::forAllKilledOperands):
(JSC::DFG::forAllKilledNodesAtNodeIndex):
(JSC::DFG::forAllKillsInBlock):

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::Graph):
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::substituteGetLocal):
(JSC::DFG::Graph::livenessFor):
(JSC::DFG::Graph::killsFor):
(JSC::DFG::Graph::tryGetConstantClosureVar):
(JSC::DFG::Graph::tryGetRegisters): Deleted.

  • dfg/DFGGraph.h:

(JSC::DFG::Graph::symbolTableFor):
(JSC::DFG::Graph::uses):
(JSC::DFG::Graph::bytecodeRegisterForArgument): Deleted.
(JSC::DFG::Graph::capturedVarsFor): Deleted.
(JSC::DFG::Graph::usesArguments): Deleted.
(JSC::DFG::Graph::argumentsRegisterFor): Deleted.
(JSC::DFG::Graph::machineArgumentsRegisterFor): Deleted.
(JSC::DFG::Graph::uncheckedArgumentsRegisterFor): Deleted.

  • dfg/DFGHeapLocation.cpp:

(WTF::printInternal):

  • dfg/DFGHeapLocation.h:
  • dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::initialize):
(JSC::DFG::InPlaceAbstractState::mergeStateAtTail):

  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::link):

  • dfg/DFGMayExit.cpp:

(JSC::DFG::mayExit):

  • dfg/DFGMinifiedID.h:
  • dfg/DFGMinifiedNode.cpp:

(JSC::DFG::MinifiedNode::fromNode):

  • dfg/DFGMinifiedNode.h:

(JSC::DFG::belongsInMinifiedGraph):
(JSC::DFG::MinifiedNode::hasInlineCallFrame):
(JSC::DFG::MinifiedNode::inlineCallFrame):

  • dfg/DFGNode.cpp:

(JSC::DFG::Node::convertToIdentityOn):

  • dfg/DFGNode.h:

(JSC::DFG::Node::hasConstant):
(JSC::DFG::Node::constant):
(JSC::DFG::Node::hasScopeOffset):
(JSC::DFG::Node::scopeOffset):
(JSC::DFG::Node::hasDirectArgumentsOffset):
(JSC::DFG::Node::capturedArgumentsOffset):
(JSC::DFG::Node::variablePointer):
(JSC::DFG::Node::hasCallVarargsData):
(JSC::DFG::Node::hasLoadVarargsData):
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::hasCellOperand):
(JSC::DFG::Node::objectMaterializationData):
(JSC::DFG::Node::isPhantomAllocation):
(JSC::DFG::Node::willHaveCodeGenOrOSR):
(JSC::DFG::Node::shouldSpeculateDirectArguments):
(JSC::DFG::Node::shouldSpeculateScopedArguments):
(JSC::DFG::Node::isPhantomArguments): Deleted.
(JSC::DFG::Node::hasVarNumber): Deleted.
(JSC::DFG::Node::varNumber): Deleted.
(JSC::DFG::Node::registerPointer): Deleted.
(JSC::DFG::Node::shouldSpeculateArguments): Deleted.

  • dfg/DFGNodeType.h:
  • dfg/DFGOSRAvailabilityAnalysisPhase.cpp:

(JSC::DFG::OSRAvailabilityAnalysisPhase::run):
(JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):

  • dfg/DFGOSRExitCompiler.cpp:

(JSC::DFG::OSRExitCompiler::emitRestoreArguments):

  • dfg/DFGOSRExitCompiler.h:

(JSC::DFG::OSRExitCompiler::badIndex): Deleted.
(JSC::DFG::OSRExitCompiler::initializePoisoned): Deleted.
(JSC::DFG::OSRExitCompiler::poisonIndex): Deleted.

  • dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::ArgumentsRecoveryGenerator::ArgumentsRecoveryGenerator): Deleted.
(JSC::DFG::ArgumentsRecoveryGenerator::~ArgumentsRecoveryGenerator): Deleted.
(JSC::DFG::ArgumentsRecoveryGenerator::generateFor): Deleted.

  • dfg/DFGOSRExitCompilerCommon.h:
  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

  • dfg/DFGPreciseLocalClobberize.h:

(JSC::DFG::PreciseLocalClobberizeAdaptor::read):
(JSC::DFG::PreciseLocalClobberizeAdaptor::write):
(JSC::DFG::PreciseLocalClobberizeAdaptor::def):
(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
(JSC::DFG::preciseLocalClobberize):
(JSC::DFG::PreciseLocalClobberizeAdaptor::writeTop): Deleted.
(JSC::DFG::forEachLocalReadByUnwind): Deleted.

  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::run):
(JSC::DFG::PredictionPropagationPhase::propagate):
(JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
(JSC::DFG::PredictionPropagationPhase::propagateThroughArgumentPositions):

  • dfg/DFGPromoteHeapAccess.h:

(JSC::DFG::promoteHeapAccess):

  • dfg/DFGPromotedHeapLocation.cpp:

(WTF::printInternal):

  • dfg/DFGPromotedHeapLocation.h:
  • dfg/DFGSSAConversionPhase.cpp:

(JSC::DFG::SSAConversionPhase::run):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
(JSC::DFG::SpeculativeJIT::emitGetLength):
(JSC::DFG::SpeculativeJIT::emitGetCallee):
(JSC::DFG::SpeculativeJIT::emitGetArgumentStart):
(JSC::DFG::SpeculativeJIT::checkArray):
(JSC::DFG::SpeculativeJIT::compileGetByValOnDirectArguments):
(JSC::DFG::SpeculativeJIT::compileGetByValOnScopedArguments):
(JSC::DFG::SpeculativeJIT::compileGetArrayLength):
(JSC::DFG::SpeculativeJIT::compileNewFunction):
(JSC::DFG::SpeculativeJIT::compileForwardVarargs):
(JSC::DFG::SpeculativeJIT::compileCreateActivation):
(JSC::DFG::SpeculativeJIT::compileCreateDirectArguments):
(JSC::DFG::SpeculativeJIT::compileGetFromArguments):
(JSC::DFG::SpeculativeJIT::compilePutToArguments):
(JSC::DFG::SpeculativeJIT::compileCreateScopedArguments):
(JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
(JSC::DFG::SpeculativeJIT::emitAllocateArguments): Deleted.
(JSC::DFG::SpeculativeJIT::compileGetByValOnArguments): Deleted.
(JSC::DFG::SpeculativeJIT::compileGetArgumentsLength): Deleted.
(JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck): Deleted.
(JSC::DFG::SpeculativeJIT::compileNewFunctionExpression): Deleted.

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):
(JSC::DFG::SpeculativeJIT::emitAllocateJSObjectWithKnownSize):
(JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
(JSC::DFG::SpeculativeJIT::framePointerOffsetToGetActivationRegisters): Deleted.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGStackLayoutPhase.cpp:

(JSC::DFG::StackLayoutPhase::run):

  • dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

  • dfg/DFGStructureRegistrationPhase.cpp:

(JSC::DFG::StructureRegistrationPhase::run):

  • dfg/DFGUnificationPhase.cpp:

(JSC::DFG::UnificationPhase::run):

  • dfg/DFGValidate.cpp:

(JSC::DFG::Validate::validateCPS):

  • dfg/DFGValueSource.cpp:

(JSC::DFG::ValueSource::dump):

  • dfg/DFGValueSource.h:

(JSC::DFG::dataFormatToValueSourceKind):
(JSC::DFG::valueSourceKindToDataFormat):
(JSC::DFG::ValueSource::ValueSource):
(JSC::DFG::ValueSource::forFlushFormat):
(JSC::DFG::ValueSource::valueRecovery):

  • dfg/DFGVarargsForwardingPhase.cpp: Added.

(JSC::DFG::performVarargsForwarding):

  • dfg/DFGVarargsForwardingPhase.h: Added.
  • dfg/DFGVariableAccessData.cpp:

(JSC::DFG::VariableAccessData::VariableAccessData):
(JSC::DFG::VariableAccessData::flushFormat):
(JSC::DFG::VariableAccessData::mergeIsCaptured): Deleted.

  • dfg/DFGVariableAccessData.h:

(JSC::DFG::VariableAccessData::shouldNeverUnbox):
(JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
(JSC::DFG::VariableAccessData::isCaptured): Deleted.
(JSC::DFG::VariableAccessData::mergeIsArgumentsAlias): Deleted.
(JSC::DFG::VariableAccessData::isArgumentsAlias): Deleted.

  • dfg/DFGVariableAccessDataDump.cpp:

(JSC::DFG::VariableAccessDataDump::dump):

  • dfg/DFGVariableAccessDataDump.h:
  • dfg/DFGVariableEventStream.cpp:

(JSC::DFG::VariableEventStream::tryToSetConstantRecovery):

  • dfg/DFGVariableEventStream.h:
  • ftl/FTLAbstractHeap.cpp:

(JSC::FTL::AbstractHeap::dump):
(JSC::FTL::AbstractField::dump):
(JSC::FTL::IndexedAbstractHeap::dump):
(JSC::FTL::NumberedAbstractHeap::dump):
(JSC::FTL::AbsoluteAbstractHeap::dump):

  • ftl/FTLAbstractHeap.h:
  • ftl/FTLAbstractHeapRepository.cpp:
  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLCompile.cpp:

(JSC::FTL::mmAllocateDataSection):

  • ftl/FTLExitArgument.cpp:

(JSC::FTL::ExitArgument::dump):

  • ftl/FTLExitPropertyValue.cpp:

(JSC::FTL::ExitPropertyValue::withLocalsOffset):

  • ftl/FTLExitPropertyValue.h:
  • ftl/FTLExitTimeObjectMaterialization.cpp:

(JSC::FTL::ExitTimeObjectMaterialization::ExitTimeObjectMaterialization):
(JSC::FTL::ExitTimeObjectMaterialization::accountForLocalsOffset):

  • ftl/FTLExitTimeObjectMaterialization.h:

(JSC::FTL::ExitTimeObjectMaterialization::origin):

  • ftl/FTLExitValue.cpp:

(JSC::FTL::ExitValue::withLocalsOffset):
(JSC::FTL::ExitValue::valueFormat):
(JSC::FTL::ExitValue::dumpInContext):

  • ftl/FTLExitValue.h:

(JSC::FTL::ExitValue::isArgument):
(JSC::FTL::ExitValue::argumentsObjectThatWasNotCreated): Deleted.
(JSC::FTL::ExitValue::isArgumentsObjectThatWasNotCreated): Deleted.
(JSC::FTL::ExitValue::valueFormat): Deleted.

  • ftl/FTLInlineCacheSize.cpp:

(JSC::FTL::sizeOfCallForwardVarargs):
(JSC::FTL::sizeOfConstructForwardVarargs):
(JSC::FTL::sizeOfICFor):

  • ftl/FTLInlineCacheSize.h:
  • ftl/FTLIntrinsicRepository.h:
  • ftl/FTLJSCallVarargs.cpp:

(JSC::FTL::JSCallVarargs::JSCallVarargs):
(JSC::FTL::JSCallVarargs::emit):

  • ftl/FTLJSCallVarargs.h:
  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::lower):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compilePutStack):
(JSC::FTL::LowerDFGToLLVM::compileGetArrayLength):
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):
(JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentByVal):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::compileArrayPush):
(JSC::FTL::LowerDFGToLLVM::compileArrayPop):
(JSC::FTL::LowerDFGToLLVM::compileCreateActivation):
(JSC::FTL::LowerDFGToLLVM::compileNewFunction):
(JSC::FTL::LowerDFGToLLVM::compileCreateDirectArguments):
(JSC::FTL::LowerDFGToLLVM::compileCreateScopedArguments):
(JSC::FTL::LowerDFGToLLVM::compileCreateClonedArguments):
(JSC::FTL::LowerDFGToLLVM::compileStringCharAt):
(JSC::FTL::LowerDFGToLLVM::compileStringCharCodeAt):
(JSC::FTL::LowerDFGToLLVM::compileGetGlobalVar):
(JSC::FTL::LowerDFGToLLVM::compilePutGlobalVar):
(JSC::FTL::LowerDFGToLLVM::compileGetArgumentCount):
(JSC::FTL::LowerDFGToLLVM::compileGetClosureVar):
(JSC::FTL::LowerDFGToLLVM::compilePutClosureVar):
(JSC::FTL::LowerDFGToLLVM::compileGetFromArguments):
(JSC::FTL::LowerDFGToLLVM::compilePutToArguments):
(JSC::FTL::LowerDFGToLLVM::compileCallOrConstructVarargs):
(JSC::FTL::LowerDFGToLLVM::compileForwardVarargs):
(JSC::FTL::LowerDFGToLLVM::compileGetEnumeratorPname):
(JSC::FTL::LowerDFGToLLVM::ArgumentsLength::ArgumentsLength):
(JSC::FTL::LowerDFGToLLVM::getArgumentsLength):
(JSC::FTL::LowerDFGToLLVM::getCurrentCallee):
(JSC::FTL::LowerDFGToLLVM::getArgumentsStart):
(JSC::FTL::LowerDFGToLLVM::baseIndex):
(JSC::FTL::LowerDFGToLLVM::allocateObject):
(JSC::FTL::LowerDFGToLLVM::allocateVariableSizedObject):
(JSC::FTL::LowerDFGToLLVM::isArrayType):
(JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
(JSC::FTL::LowerDFGToLLVM::buildExitArguments):
(JSC::FTL::LowerDFGToLLVM::exitValueForAvailability):
(JSC::FTL::LowerDFGToLLVM::exitValueForNode):
(JSC::FTL::LowerDFGToLLVM::loadStructure):
(JSC::FTL::LowerDFGToLLVM::compilePhantomArguments): Deleted.
(JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength): Deleted.
(JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters): Deleted.
(JSC::FTL::LowerDFGToLLVM::compileCheckArgumentsNotCreated): Deleted.
(JSC::FTL::LowerDFGToLLVM::checkArgumentsNotCreated): Deleted.

  • ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileRecovery):
(JSC::FTL::compileStub):

  • ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::aShr):
(JSC::FTL::Output::lShr):
(JSC::FTL::Output::zeroExtPtr):

  • heap/CopyToken.h:
  • interpreter/CallFrame.h:

(JSC::ExecState::getArgumentUnsafe):

  • interpreter/Interpreter.cpp:

(JSC::sizeOfVarargs):
(JSC::sizeFrameForVarargs):
(JSC::loadVarargs):
(JSC::unwindCallFrame):

  • interpreter/Interpreter.h:
  • interpreter/StackVisitor.cpp:

(JSC::StackVisitor::Frame::createArguments):
(JSC::StackVisitor::Frame::existingArguments): Deleted.

  • interpreter/StackVisitor.h:
  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::storeValue):
(JSC::AssemblyHelpers::loadValue):
(JSC::AssemblyHelpers::storeTrustedValue):
(JSC::AssemblyHelpers::branchIfNotCell):
(JSC::AssemblyHelpers::branchIsEmpty):
(JSC::AssemblyHelpers::argumentsStart):
(JSC::AssemblyHelpers::baselineArgumentsRegisterFor): Deleted.
(JSC::AssemblyHelpers::offsetOfLocals): Deleted.
(JSC::AssemblyHelpers::offsetOfArguments): Deleted.

  • jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArgument):

  • jit/GPRInfo.h:

(JSC::JSValueRegs::withTwoAvailableRegs):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

  • jit/JIT.h:
  • jit/JITCall.cpp:

(JSC::JIT::compileSetupVarargsFrame):

  • jit/JITCall32_64.cpp:

(JSC::JIT::compileSetupVarargsFrame):

  • jit/JITInlines.h:

(JSC::JIT::callOperation):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_create_lexical_environment):
(JSC::JIT::emit_op_new_func):
(JSC::JIT::emit_op_create_direct_arguments):
(JSC::JIT::emit_op_create_scoped_arguments):
(JSC::JIT::emit_op_create_out_of_band_arguments):
(JSC::JIT::emit_op_tear_off_arguments): Deleted.
(JSC::JIT::emit_op_create_arguments): Deleted.
(JSC::JIT::emit_op_init_lazy_reg): Deleted.
(JSC::JIT::emit_op_get_arguments_length): Deleted.
(JSC::JIT::emitSlow_op_get_arguments_length): Deleted.
(JSC::JIT::emit_op_get_argument_by_val): Deleted.
(JSC::JIT::emitSlow_op_get_argument_by_val): Deleted.

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_create_lexical_environment):
(JSC::JIT::emit_op_tear_off_arguments): Deleted.
(JSC::JIT::emit_op_create_arguments): Deleted.
(JSC::JIT::emit_op_init_lazy_reg): Deleted.
(JSC::JIT::emit_op_get_arguments_length): Deleted.
(JSC::JIT::emitSlow_op_get_arguments_length): Deleted.
(JSC::JIT::emit_op_get_argument_by_val): Deleted.
(JSC::JIT::emitSlow_op_get_argument_by_val): Deleted.

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emitGetClosureVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_get_from_arguments):
(JSC::JIT::emit_op_put_to_arguments):
(JSC::JIT::emit_op_init_global_const):
(JSC::JIT::privateCompileGetByVal):
(JSC::JIT::emitDirectArgumentsGetByVal):
(JSC::JIT::emitScopedArgumentsGetByVal):

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emitGetClosureVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_get_from_arguments):
(JSC::JIT::emit_op_put_to_arguments):
(JSC::JIT::emit_op_init_global_const):

  • jit/SetupVarargsFrame.cpp:

(JSC::emitSetupVarargsFrameFastCase):

  • llint/LLIntOffsetsExtractor.cpp:
  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • parser/Nodes.h:

(JSC::ScopeNode::captures):

  • runtime/Arguments.cpp: Removed.
  • runtime/Arguments.h: Removed.
  • runtime/ArgumentsMode.h: Added.
  • runtime/DirectArgumentsOffset.cpp: Added.

(JSC::DirectArgumentsOffset::dump):

  • runtime/DirectArgumentsOffset.h: Added.

(JSC::DirectArgumentsOffset::DirectArgumentsOffset):

  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.h:
  • runtime/ConstantMode.cpp: Added.

(WTF::printInternal):

  • runtime/ConstantMode.h:

(JSC::modeForIsConstant):

  • runtime/DirectArguments.cpp: Added.

(JSC::DirectArguments::DirectArguments):
(JSC::DirectArguments::createUninitialized):
(JSC::DirectArguments::create):
(JSC::DirectArguments::createByCopying):
(JSC::DirectArguments::visitChildren):
(JSC::DirectArguments::copyBackingStore):
(JSC::DirectArguments::createStructure):
(JSC::DirectArguments::overrideThings):
(JSC::DirectArguments::overrideThingsIfNecessary):
(JSC::DirectArguments::overrideArgument):
(JSC::DirectArguments::copyToArguments):
(JSC::DirectArguments::overridesSize):

  • runtime/DirectArguments.h: Added.

(JSC::DirectArguments::internalLength):
(JSC::DirectArguments::length):
(JSC::DirectArguments::canAccessIndexQuickly):
(JSC::DirectArguments::getIndexQuickly):
(JSC::DirectArguments::setIndexQuickly):
(JSC::DirectArguments::callee):
(JSC::DirectArguments::argument):
(JSC::DirectArguments::overrodeThings):
(JSC::DirectArguments::offsetOfCallee):
(JSC::DirectArguments::offsetOfLength):
(JSC::DirectArguments::offsetOfMinCapacity):
(JSC::DirectArguments::offsetOfOverrides):
(JSC::DirectArguments::storageOffset):
(JSC::DirectArguments::offsetOfSlot):
(JSC::DirectArguments::allocationSize):
(JSC::DirectArguments::storage):

  • runtime/FunctionPrototype.cpp:
  • runtime/GenericArguments.h: Added.

(JSC::GenericArguments::GenericArguments):

  • runtime/GenericArgumentsInlines.h: Added.

(JSC::GenericArguments<Type>::getOwnPropertySlot):
(JSC::GenericArguments<Type>::getOwnPropertySlotByIndex):
(JSC::GenericArguments<Type>::getOwnPropertyNames):
(JSC::GenericArguments<Type>::put):
(JSC::GenericArguments<Type>::putByIndex):
(JSC::GenericArguments<Type>::deleteProperty):
(JSC::GenericArguments<Type>::deletePropertyByIndex):
(JSC::GenericArguments<Type>::defineOwnProperty):
(JSC::GenericArguments<Type>::copyToArguments):

  • runtime/GenericOffset.h: Added.

(JSC::GenericOffset::GenericOffset):
(JSC::GenericOffset::operator!):
(JSC::GenericOffset::offsetUnchecked):
(JSC::GenericOffset::offset):
(JSC::GenericOffset::operator==):
(JSC::GenericOffset::operator!=):
(JSC::GenericOffset::operator<):
(JSC::GenericOffset::operator>):
(JSC::GenericOffset::operator<=):
(JSC::GenericOffset::operator>=):
(JSC::GenericOffset::operator+):
(JSC::GenericOffset::operator-):
(JSC::GenericOffset::operator+=):
(JSC::GenericOffset::operator-=):

  • runtime/JSArgumentsIterator.cpp:

(JSC::JSArgumentsIterator::finishCreation):
(JSC::argumentsFuncIterator):

  • runtime/JSArgumentsIterator.h:

(JSC::JSArgumentsIterator::create):
(JSC::JSArgumentsIterator::next):

  • runtime/JSEnvironmentRecord.cpp:

(JSC::JSEnvironmentRecord::visitChildren):

  • runtime/JSEnvironmentRecord.h:

(JSC::JSEnvironmentRecord::variables):
(JSC::JSEnvironmentRecord::isValid):
(JSC::JSEnvironmentRecord::variableAt):
(JSC::JSEnvironmentRecord::offsetOfVariables):
(JSC::JSEnvironmentRecord::offsetOfVariable):
(JSC::JSEnvironmentRecord::allocationSizeForScopeSize):
(JSC::JSEnvironmentRecord::allocationSize):
(JSC::JSEnvironmentRecord::JSEnvironmentRecord):
(JSC::JSEnvironmentRecord::finishCreationUninitialized):
(JSC::JSEnvironmentRecord::finishCreation):
(JSC::JSEnvironmentRecord::registers): Deleted.
(JSC::JSEnvironmentRecord::registerAt): Deleted.
(JSC::JSEnvironmentRecord::addressOfRegisters): Deleted.
(JSC::JSEnvironmentRecord::offsetOfRegisters): Deleted.

  • runtime/JSFunction.cpp:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::addGlobalVar):
(JSC::JSGlobalObject::addFunction):
(JSC::JSGlobalObject::visitChildren):
(JSC::JSGlobalObject::addStaticGlobals):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::directArgumentsStructure):
(JSC::JSGlobalObject::scopedArgumentsStructure):
(JSC::JSGlobalObject::outOfBandArgumentsStructure):
(JSC::JSGlobalObject::argumentsStructure): Deleted.

  • runtime/JSLexicalEnvironment.cpp:

(JSC::JSLexicalEnvironment::symbolTableGet):
(JSC::JSLexicalEnvironment::symbolTablePut):
(JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
(JSC::JSLexicalEnvironment::symbolTablePutWithAttributes):
(JSC::JSLexicalEnvironment::visitChildren): Deleted.

  • runtime/JSLexicalEnvironment.h:

(JSC::JSLexicalEnvironment::create):
(JSC::JSLexicalEnvironment::JSLexicalEnvironment):
(JSC::JSLexicalEnvironment::registersOffset): Deleted.
(JSC::JSLexicalEnvironment::storageOffset): Deleted.
(JSC::JSLexicalEnvironment::storage): Deleted.
(JSC::JSLexicalEnvironment::allocationSize): Deleted.
(JSC::JSLexicalEnvironment::isValidIndex): Deleted.
(JSC::JSLexicalEnvironment::isValid): Deleted.
(JSC::JSLexicalEnvironment::registerAt): Deleted.

  • runtime/JSNameScope.cpp:

(JSC::JSNameScope::visitChildren): Deleted.

  • runtime/JSNameScope.h:

(JSC::JSNameScope::create):
(JSC::JSNameScope::value):
(JSC::JSNameScope::finishCreation):
(JSC::JSNameScope::JSNameScope):

  • runtime/JSScope.cpp:

(JSC::abstractAccess):

  • runtime/JSSegmentedVariableObject.cpp:

(JSC::JSSegmentedVariableObject::findVariableIndex):
(JSC::JSSegmentedVariableObject::addVariables):
(JSC::JSSegmentedVariableObject::visitChildren):
(JSC::JSSegmentedVariableObject::findRegisterIndex): Deleted.
(JSC::JSSegmentedVariableObject::addRegisters): Deleted.

  • runtime/JSSegmentedVariableObject.h:

(JSC::JSSegmentedVariableObject::variableAt):
(JSC::JSSegmentedVariableObject::assertVariableIsInThisObject):
(JSC::JSSegmentedVariableObject::registerAt): Deleted.
(JSC::JSSegmentedVariableObject::assertRegisterIsInThisObject): Deleted.

  • runtime/JSSymbolTableObject.h:

(JSC::JSSymbolTableObject::offsetOfSymbolTable):
(JSC::symbolTableGet):
(JSC::symbolTablePut):
(JSC::symbolTablePutWithAttributes):

  • runtime/JSType.h:
  • runtime/Options.h:
  • runtime/ClonedArguments.cpp: Added.

(JSC::ClonedArguments::ClonedArguments):
(JSC::ClonedArguments::createEmpty):
(JSC::ClonedArguments::createWithInlineFrame):
(JSC::ClonedArguments::createWithMachineFrame):
(JSC::ClonedArguments::createByCopyingFrom):
(JSC::ClonedArguments::createStructure):
(JSC::ClonedArguments::getOwnPropertySlot):
(JSC::ClonedArguments::getOwnPropertyNames):
(JSC::ClonedArguments::put):
(JSC::ClonedArguments::deleteProperty):
(JSC::ClonedArguments::defineOwnProperty):
(JSC::ClonedArguments::materializeSpecials):
(JSC::ClonedArguments::materializeSpecialsIfNecessary):

  • runtime/ClonedArguments.h: Added.

(JSC::ClonedArguments::specialsMaterialized):

  • runtime/ScopeOffset.cpp: Added.

(JSC::ScopeOffset::dump):

  • runtime/ScopeOffset.h: Added.

(JSC::ScopeOffset::ScopeOffset):

  • runtime/ScopedArguments.cpp: Added.

(JSC::ScopedArguments::ScopedArguments):
(JSC::ScopedArguments::finishCreation):
(JSC::ScopedArguments::createUninitialized):
(JSC::ScopedArguments::create):
(JSC::ScopedArguments::createByCopying):
(JSC::ScopedArguments::createByCopyingFrom):
(JSC::ScopedArguments::visitChildren):
(JSC::ScopedArguments::createStructure):
(JSC::ScopedArguments::overrideThings):
(JSC::ScopedArguments::overrideThingsIfNecessary):
(JSC::ScopedArguments::overrideArgument):
(JSC::ScopedArguments::copyToArguments):

  • runtime/ScopedArguments.h: Added.

(JSC::ScopedArguments::internalLength):
(JSC::ScopedArguments::length):
(JSC::ScopedArguments::canAccessIndexQuickly):
(JSC::ScopedArguments::getIndexQuickly):
(JSC::ScopedArguments::setIndexQuickly):
(JSC::ScopedArguments::callee):
(JSC::ScopedArguments::overrodeThings):
(JSC::ScopedArguments::offsetOfOverrodeThings):
(JSC::ScopedArguments::offsetOfTotalLength):
(JSC::ScopedArguments::offsetOfTable):
(JSC::ScopedArguments::offsetOfScope):
(JSC::ScopedArguments::overflowStorageOffset):
(JSC::ScopedArguments::allocationSize):
(JSC::ScopedArguments::overflowStorage):

  • runtime/ScopedArgumentsTable.cpp: Added.

(JSC::ScopedArgumentsTable::ScopedArgumentsTable):
(JSC::ScopedArgumentsTable::~ScopedArgumentsTable):
(JSC::ScopedArgumentsTable::destroy):
(JSC::ScopedArgumentsTable::create):
(JSC::ScopedArgumentsTable::clone):
(JSC::ScopedArgumentsTable::setLength):
(JSC::ScopedArgumentsTable::set):
(JSC::ScopedArgumentsTable::createStructure):

  • runtime/ScopedArgumentsTable.h: Added.

(JSC::ScopedArgumentsTable::length):
(JSC::ScopedArgumentsTable::get):
(JSC::ScopedArgumentsTable::lock):
(JSC::ScopedArgumentsTable::offsetOfLength):
(JSC::ScopedArgumentsTable::offsetOfArguments):
(JSC::ScopedArgumentsTable::at):

  • runtime/SymbolTable.cpp:

(JSC::SymbolTableEntry::prepareToWatch):
(JSC::SymbolTable::SymbolTable):
(JSC::SymbolTable::visitChildren):
(JSC::SymbolTable::localToEntry):
(JSC::SymbolTable::entryFor):
(JSC::SymbolTable::cloneScopePart):
(JSC::SymbolTable::prepareForTypeProfiling):
(JSC::SymbolTable::uniqueIDForOffset):
(JSC::SymbolTable::globalTypeSetForOffset):
(JSC::SymbolTable::cloneCapturedNames): Deleted.
(JSC::SymbolTable::uniqueIDForRegister): Deleted.
(JSC::SymbolTable::globalTypeSetForRegister): Deleted.

  • runtime/SymbolTable.h:

(JSC::SymbolTableEntry::varOffsetFromBits):
(JSC::SymbolTableEntry::scopeOffsetFromBits):
(JSC::SymbolTableEntry::Fast::varOffset):
(JSC::SymbolTableEntry::Fast::scopeOffset):
(JSC::SymbolTableEntry::Fast::isDontEnum):
(JSC::SymbolTableEntry::Fast::getAttributes):
(JSC::SymbolTableEntry::SymbolTableEntry):
(JSC::SymbolTableEntry::varOffset):
(JSC::SymbolTableEntry::isWatchable):
(JSC::SymbolTableEntry::scopeOffset):
(JSC::SymbolTableEntry::setAttributes):
(JSC::SymbolTableEntry::constantMode):
(JSC::SymbolTableEntry::isDontEnum):
(JSC::SymbolTableEntry::disableWatching):
(JSC::SymbolTableEntry::pack):
(JSC::SymbolTableEntry::isValidVarOffset):
(JSC::SymbolTable::createNameScopeTable):
(JSC::SymbolTable::maxScopeOffset):
(JSC::SymbolTable::didUseScopeOffset):
(JSC::SymbolTable::didUseVarOffset):
(JSC::SymbolTable::scopeSize):
(JSC::SymbolTable::nextScopeOffset):
(JSC::SymbolTable::takeNextScopeOffset):
(JSC::SymbolTable::add):
(JSC::SymbolTable::set):
(JSC::SymbolTable::argumentsLength):
(JSC::SymbolTable::setArgumentsLength):
(JSC::SymbolTable::argumentOffset):
(JSC::SymbolTable::setArgumentOffset):
(JSC::SymbolTable::arguments):
(JSC::SlowArgument::SlowArgument): Deleted.
(JSC::SymbolTableEntry::Fast::getIndex): Deleted.
(JSC::SymbolTableEntry::getIndex): Deleted.
(JSC::SymbolTableEntry::isValidIndex): Deleted.
(JSC::SymbolTable::captureStart): Deleted.
(JSC::SymbolTable::setCaptureStart): Deleted.
(JSC::SymbolTable::captureEnd): Deleted.
(JSC::SymbolTable::setCaptureEnd): Deleted.
(JSC::SymbolTable::captureCount): Deleted.
(JSC::SymbolTable::isCaptured): Deleted.
(JSC::SymbolTable::parameterCount): Deleted.
(JSC::SymbolTable::parameterCountIncludingThis): Deleted.
(JSC::SymbolTable::setParameterCountIncludingThis): Deleted.
(JSC::SymbolTable::slowArguments): Deleted.
(JSC::SymbolTable::setSlowArguments): Deleted.

  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:
  • runtime/VarOffset.cpp: Added.

(JSC::VarOffset::dump):
(WTF::printInternal):

  • runtime/VarOffset.h: Added.

(JSC::VarOffset::VarOffset):
(JSC::VarOffset::assemble):
(JSC::VarOffset::isValid):
(JSC::VarOffset::operator!):
(JSC::VarOffset::kind):
(JSC::VarOffset::isStack):
(JSC::VarOffset::isScope):
(JSC::VarOffset::isDirectArgument):
(JSC::VarOffset::stackOffsetUnchecked):
(JSC::VarOffset::scopeOffsetUnchecked):
(JSC::VarOffset::capturedArgumentsOffsetUnchecked):
(JSC::VarOffset::stackOffset):
(JSC::VarOffset::scopeOffset):
(JSC::VarOffset::capturedArgumentsOffset):
(JSC::VarOffset::rawOffset):
(JSC::VarOffset::checkSanity):
(JSC::VarOffset::operator==):
(JSC::VarOffset::operator!=):
(JSC::VarOffset::hash):
(JSC::VarOffset::isHashTableDeletedValue):
(JSC::VarOffsetHash::hash):
(JSC::VarOffsetHash::equal):

  • tests/stress/arguments-exit-strict-mode.js: Added.
  • tests/stress/arguments-exit.js: Added.
  • tests/stress/arguments-inlined-exit-strict-mode-fixed.js: Added.
  • tests/stress/arguments-inlined-exit-strict-mode.js: Added.
  • tests/stress/arguments-inlined-exit.js: Added.
  • tests/stress/arguments-interference.js: Added.
  • tests/stress/arguments-interference-cfg.js: Added.
  • tests/stress/dead-get-closure-var.js: Added.
  • tests/stress/get-declared-unpassed-argument-in-direct-arguments.js: Added.
  • tests/stress/get-declared-unpassed-argument-in-scoped-arguments.js: Added.
  • tests/stress/varargs-closure-inlined-exit-strict-mode.js: Added.
  • tests/stress/varargs-closure-inlined-exit.js: Added.
  • tests/stress/varargs-exit.js: Added.
  • tests/stress/varargs-inlined-exit.js: Added.
  • tests/stress/varargs-inlined-simple-exit-aliasing-weird-reversed-args.js: Added.
  • tests/stress/varargs-inlined-simple-exit-aliasing-weird.js: Added.
  • tests/stress/varargs-inlined-simple-exit-aliasing.js: Added.
  • tests/stress/varargs-inlined-simple-exit.js: Added.
  • tests/stress/varargs-too-few-arguments.js: Added.
  • tests/stress/varargs-varargs-closure-inlined-exit.js: Added.
  • tests/stress/varargs-varargs-inlined-exit-strict-mode.js: Added.
  • tests/stress/varargs-varargs-inlined-exit.js: Added.

Source/WTF:

  • wtf/FastBitVector.h:

(WTF::FastBitVector::resize): Small change: don't resize if you don't have to resize.

LayoutTests:

  • js/function-apply-aliased-expected.txt:
  • js/function-dot-arguments-expected.txt:
  • js/regress/arguments-expected.txt: Added.
  • js/regress/arguments-named-and-reflective-expected.txt: Added.
  • js/regress/arguments-named-and-reflective.html: Added.
  • js/regress/arguments-strict-mode-expected.txt: Added.
  • js/regress/arguments-strict-mode.html: Added.
  • js/regress/arguments.html: Added.
  • js/regress/script-tests/arguments-named-and-reflective.js: Added.
  • js/regress/script-tests/arguments-strict-mode.js: Added.
  • js/regress/script-tests/arguments.js: Added.
  • js/regress/script-tests/try-catch-get-by-val-cloned-arguments.js: Added.
  • js/regress/script-tests/try-catch-get-by-val-direct-arguments.js: Added.
  • js/regress/script-tests/try-catch-get-by-val-scoped-arguments.js: Added.
  • js/regress/script-tests/varargs-call.js: Added.
  • js/regress/script-tests/varargs-construct-inline.js: Added.
  • js/regress/script-tests/varargs-construct.js: Added.
  • js/regress/script-tests/varargs-inline.js: Added.
  • js/regress/script-tests/varargs-strict-mode.js: Added.
  • js/regress/script-tests/varargs.js: Added.
  • js/regress/try-catch-get-by-val-cloned-arguments-expected.txt: Added.
  • js/regress/try-catch-get-by-val-cloned-arguments.html: Added.
  • js/regress/try-catch-get-by-val-direct-arguments-expected.txt: Added.
  • js/regress/try-catch-get-by-val-direct-arguments.html: Added.
  • js/regress/try-catch-get-by-val-scoped-arguments-expected.txt: Added.
  • js/regress/try-catch-get-by-val-scoped-arguments.html: Added.
  • js/regress/varargs-call-expected.txt: Added.
  • js/regress/varargs-call.html: Added.
  • js/regress/varargs-construct-expected.txt: Added.
  • js/regress/varargs-construct-inline-expected.txt: Added.
  • js/regress/varargs-construct-inline.html: Added.
  • js/regress/varargs-construct.html: Added.
  • js/regress/varargs-expected.txt: Added.
  • js/regress/varargs-inline-expected.txt: Added.
  • js/regress/varargs-inline.html: Added.
  • js/regress/varargs-strict-mode-expected.txt: Added.
  • js/regress/varargs-strict-mode.html: Added.
  • js/regress/varargs.html: Added.
  • js/script-tests/function-apply-aliased.js:
  • js/script-tests/function-dot-arguments.js:
8:11 PM Changeset in webkit [181992] by aestes@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

[Cocoa] RemoteInspectorXPCConnection::deserializeMessage() leaks a NSDictionary under Objective-C GC
https://bugs.webkit.org/show_bug.cgi?id=143068

Reviewed by Dan Bernstein.

  • inspector/remote/RemoteInspectorXPCConnection.mm:

(Inspector::RemoteInspectorXPCConnection::deserializeMessage): Used RetainPtr::autorelease(), which does the right thing under GC.

7:36 PM Changeset in webkit [181991] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

[WK2] WebFrameLoaderClient::dispatchDecidePolicyForResponse() should always call the FramePolicyFunction
https://bugs.webkit.org/show_bug.cgi?id=143036
<rdar://problem/20252438>
<rdar://problem/13811738>

Reviewed by Alexey Proskuryakov.

WebFrameLoaderClient::dispatchDecidePolicyForResponse() should always
call the FramePolicyFunction. Previously, it would fail to do in 2
cases:

  • m_frame->page() returns null

or

  • webPage->sendSync() returns false

If the FramePolicyFunction is not called, we will fail to clear the
callback in the PolicyChecker and
DocumentLoader::continueAfterContentPolicy() will not be called.

DocumentLoader::continueAfterContentPolicy() is in charge of resetting
m_waitingForContentPolicy flag to false. This could therefore explain
the following assertion being hit in DocumentLoader::detachFromFrame()
(see <rdar://problem/20252438>):
RELEASE_ASSERT(!m_waitingForContentPolicy)

Also, as the PolicyChecker callback is not cleared, it could make it
possible for DocumentLoader::continueAfterContentPolicy() to be called
*after* the load is finished, when later canceling the PolicyCallback:
FrameLoader::stopAllLoaders()

-> PolicyChecker::stopCheck()

-> PolicyCallback::cancel()

-> DocumentLoader::continueAfterContentPolicy(PolicyIgnore)

Calling continueAfterContentPolicy(PolicyIgnore) after the load is
finished would be bad and could explain some of the crashes we've seen
in DocumentLoader::continueAfterContentPolicy() ->
DocumentLoader:: stopLoadingForPolicyChange() (see
<rdar://problem/13811738>).

This patch also applies the same fix to
dispatchDecidePolicyForNewWindowAction() and
dispatchDecidePolicyForNavigationAction() as they use the same pattern.

  • WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNewWindowAction):
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):

6:26 PM Changeset in webkit [181990] by fpizlo@apple.com
  • 22 edits
    6 adds in trunk

Use JITCompilationCanFail in more places, and make the fail path of JITCompilationMustSucceed a crash instead of attempting GC
https://bugs.webkit.org/show_bug.cgi?id=142993

Source/JavaScriptCore:

Reviewed by Geoffrey Garen and Mark Lam.

This changes the most commonly invoked paths that relied on JITCompilationMustSucceed
into using JITCompilationCanFail and having a legit fallback path. This mostly involves
having the FTL JIT do the same trick as the DFG JIT in case of any memory allocation
failure, but also involves adding the same kind of thing to the stub generators in
Repatch.

Because of that change, there are relatively few uses of JITCompilationMustSucceed. Most
of those uses cannot handle a GC, and so cannot do releaseExecutableMemory(). Only a few,
like host call stub generation, could handle a GC, but those get invoked very rarely. So,
this patch changes the releaseExecutableMemory() call into a crash with some diagnostic
printout.

Also add a way of inducing executable allocation failure, so that we can test this.

(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
(JSC::DFG::JITCompiler::link): Deleted.
(JSC::DFG::JITCompiler::linkFunction): Deleted.

  • dfg/DFGJITCompiler.h:
  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

  • ftl/FTLCompile.cpp:

(JSC::FTL::mmAllocateCodeSection):
(JSC::FTL::mmAllocateDataSection):

  • ftl/FTLLink.cpp:

(JSC::FTL::link):

  • ftl/FTLState.h:
  • jit/ArityCheckFailReturnThunks.cpp:

(JSC::ArityCheckFailReturnThunks::returnPCsFor):

  • jit/ExecutableAllocationFuzz.cpp: Added.

(JSC::numberOfExecutableAllocationFuzzChecks):
(JSC::doExecutableAllocationFuzzing):

  • jit/ExecutableAllocationFuzz.h: Added.

(JSC::doExecutableAllocationFuzzingIfEnabled):

  • jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::ExecutableAllocator::allocate):

  • jit/JIT.cpp:

(JSC::JIT::privateCompile):

  • jit/JITCompilationEffort.h:
  • jit/Repatch.cpp:

(JSC::generateByIdStub):
(JSC::tryCacheGetByID):
(JSC::tryBuildGetByIDList):
(JSC::emitPutReplaceStub):
(JSC::emitPutTransitionStubAndGetOldStructure):
(JSC::tryCachePutByID):
(JSC::tryBuildPutByIdList):
(JSC::tryRepatchIn):
(JSC::linkPolymorphicCall):

  • jsc.cpp:

(jscmain):

  • runtime/Options.h:
  • runtime/TestRunnerUtils.h:
  • runtime/VM.cpp:
  • tests/executableAllocationFuzz: Added.
  • tests/executableAllocationFuzz.yaml: Added.
  • tests/executableAllocationFuzz/v8-raytrace.js: Added.

Tools:

Reviewed by Mark Lam.

Bunch of support for testing executable allocation failure.

  • Scripts/jsc-stress-test-helpers/js-executable-allocation-fuzz: Added.

(fail):

  • Scripts/run-javascriptcore-tests:

(runJSCStressTests):

  • Scripts/run-jsc-stress-tests:
6:05 PM Changeset in webkit [181989] by dino@apple.com
  • 2 edits in trunk/Source/WebCore

CSS blend modes do not parse when in the shadow tree
https://bugs.webkit.org/show_bug.cgi?id=143067
<rdar://problem/20302662>

Reviewed by Anders Carlson.

The media controls style sheets are injected as UA stylesheets
when we come across a <video> or <audio> element. These stylesheets
have a different parsing context than the document stylesheets -
one that uses the default constructor, which initializes some
features like cssCompositingEnabled to false without checking
the runtime state.

The easy fix is to use the global state to initialize the context.

Unfortunately we can't test this since it only occurs in the shadow
tree.

  • css/CSSParser.cpp:

(WebCore::CSSParserContext::CSSParserContext): Check the state
of RuntimeEnabledFeatures to initialize CSS Regions and
CSS Compositing (Blending).

5:53 PM Changeset in webkit [181988] by Chris Fleizach
  • 3 edits
    2 adds in trunk

AX: table cells that use display:block render the table inaccessible to VoiceOver
https://bugs.webkit.org/show_bug.cgi?id=143007

Reviewed by Mario Sanchez Prada.

Source/WebCore:

When display:block is used on a table cell, it was being ignored because it was anonymous.
This is still a valid scenario however if it's still inside of a valid table.

Test: accessibility/table-cell-display-block.html

  • accessibility/AccessibilityTableCell.cpp:

(WebCore::AccessibilityTableCell::computeAccessibilityIsIgnored):

LayoutTests:

  • accessibility/table-cell-display-block-expected.txt: Added.
  • accessibility/table-cell-display-block.html: Added.
5:46 PM Changeset in webkit [181987] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Add ESLint "Disallow Undeclared Variables" rule and enable ES6 env
https://bugs.webkit.org/show_bug.cgi?id=143062

Patch by Tobias Reiss <tobi+webkit@basecode.de> on 2015-03-25
Reviewed by Joseph Pecoraro.

ESLint: Add support for es6 environment and "no-undef" rule which disallows
use of undeclared variables unless mentioned in a /*global */ block.

  • .eslintrc:
5:03 PM Changeset in webkit [181986] by timothy_horton@apple.com
  • 6 edits in trunk/Source

Add a preference to prevent "user-scalable=no" from having any effect
https://bugs.webkit.org/show_bug.cgi?id=143032

Reviewed by Sam Weinig.

  • Shared/WebPreferencesDefinitions.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences):
Add a preference and push it to the ViewportConfiguration.

  • page/ViewportConfiguration.cpp:

(WebCore::ViewportConfiguration::ViewportConfiguration):
(WebCore::ViewportConfiguration::allowsUserScaling):

  • page/ViewportConfiguration.h:

(WebCore::ViewportConfiguration::setForceAlwaysUserScalable):
If forceAlwaysUserScalable is set to true, force "user-scalable=yes".

4:37 PM Changeset in webkit [181985] by Beth Dakin
  • 2 edits in trunk/Source/WebKit2

REGRESSION (r181660): Force click url preview doesn't have a TextIndicator in Mail
https://bugs.webkit.org/show_bug.cgi?id=143064
-and corresponding-
rdar://problem/20251440

Reviewed by Tim Horton.

The TextIndicator was getting set to nil by the call to
_dismissContentRelativeChildWindows in mouseDown. That line of code was added by
http://trac.webkit.org/changeset/177242 to work around a bug in another component
that has now been resolved, so it no longer appears to be necessary.

  • UIProcess/API/mac/WKView.mm:

(-[WKView mouseDown:]):

4:37 PM Changeset in webkit [181984] by andersca@apple.com
  • 6 edits
    1 add in trunk

Add network and application cache directories to WebsiteDataStore
https://bugs.webkit.org/show_bug.cgi?id=143063

Reviewed by Sam Weinig.

Create a WebKit directory under ~/Library/Caches/<Bundle ID> for non-sandboxed applications,
and ~/Library/Caches for sandboxed applications. Create NetworkCache and OfflineWebApplicationCache
subdirectories. These directories will be used with the modern WebKit API.

  • UIProcess/API/APIWebsiteDataStore.h:
  • UIProcess/API/Cocoa/APIWebsiteDataStoreCocoa.mm:

(API::WebsiteDataStore::cacheDirectoryFileSystemRepresentation):
(API::WebsiteDataStore::defaultDataStoreConfiguration):

  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::WebsiteDataStore):

  • UIProcess/WebsiteData/WebsiteDataStore.h:
4:33 PM Changeset in webkit [181983] by mitz@apple.com
  • 2 edits in trunk/Source/WebCore

Another attempt to get the iOS EWS building again.

  • WebCore.xcodeproj/project.pbxproj:
4:25 PM Changeset in webkit [181982] by mmaxfield@apple.com
  • 2 edits in trunk/Tools

Fix Windows build from r181977.

Unreviewed.

  • Scripts/update-webkit-dependency:
4:15 PM Changeset in webkit [181981] by mark.lam@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

REGRESSION(169139): LLINT intermittently fails JSC testapi tests.
<https://webkit.org/b/135719>

Reviewed by Geoffrey Garen.

This is a regression introduced in http://trac.webkit.org/changeset/169139 which
changed VM::watchdog from an embedded field into a std::unique_ptr, but did not
update the LLINT to access it as such.

The issue has only manifested so far on the CLoop tests because those are LLINT
only. In the non-CLoop cases, the JIT kicks in and does the right thing, thereby
hiding the bug in the LLINT.

  • API/JSContextRef.cpp:

(createWatchdogIfNeeded):
(JSContextGroupSetExecutionTimeLimit):
(JSContextGroupClearExecutionTimeLimit):

  • llint/LowLevelInterpreter.asm:
4:05 PM Changeset in webkit [181980] by achristensen@apple.com
  • 5 edits in trunk/Source/WebCore

Add case-insensitive checks to DFA bytecode.
https://bugs.webkit.org/show_bug.cgi?id=142977

Reviewed by Benjamin Poulain.

  • contentextensions/DFABytecode.h:

(WebCore::ContentExtensions::instructionSizeWithArguments):

  • contentextensions/DFABytecodeCompiler.cpp:

(WebCore::ContentExtensions::DFABytecodeCompiler::emitCheckValue):
(WebCore::ContentExtensions::DFABytecodeCompiler::emitCheckValueRange):
Add case-insensitive bytecode.
(WebCore::ContentExtensions::DFABytecodeCompiler::compileNodeTransitions):
Check to see if case-insensitive bytecodes can be used.
(WebCore::ContentExtensions::DFABytecodeCompiler::compileCheckForRange):

  • contentextensions/DFABytecodeCompiler.h:

(WebCore::ContentExtensions::DFABytecodeCompiler::Range::Range):
Added Range structure to be able to count the ranges in a future patch deciding if we want to use jump tables.

  • contentextensions/DFABytecodeInterpreter.cpp:

(WebCore::ContentExtensions::DFABytecodeInterpreter::interpret):
Interpret case-insensitive bytecodes.

3:56 PM Changeset in webkit [181979] by fpizlo@apple.com
  • 6 edits in trunk/Source

Change Atomic methods from using the_wrong_naming_conventions to using theRightNamingConventions. Also make seq_cst the default.

Rubber stamped by Geoffrey Garen.

Source/JavaScriptCore:

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::visitAggregate):

Source/WTF:

  • wtf/Atomics.h:

(WTF::Atomic::load):
(WTF::Atomic::store):
(WTF::Atomic::compareExchangeWeak):
(WTF::Atomic::compareExchangeStrong):
(WTF::Atomic::compare_exchange_weak): Deleted.
(WTF::Atomic::compare_exchange_strong): Deleted.

  • wtf/ByteSpinLock.h:

(WTF::ByteSpinLock::lock):

  • wtf/SpinLock.h:

(WTF::SpinLockBase::lock):

3:56 PM Changeset in webkit [181978] by weinig@apple.com
  • 10 edits in trunk

Address additional review feedback from https://bugs.webkit.org/show_bug.cgi?id=143059.

Source/WebCore:

  • contentextensions/ContentExtensionCompiler.cpp:

(WebCore::ContentExtensions::compileRuleList):

  • contentextensions/ContentExtensionCompiler.h:
  • contentextensions/ContentExtensionParser.cpp:

(WebCore::ContentExtensions::getTypeFlags):

Source/WebKit2:

  • Shared/WebCompiledContentExtension.cpp:

(WebKit::WebCompiledContentExtension::createFromCompiledContentExtensionData):

  • UIProcess/API/C/WKUserContentFilterRef.cpp:

(WKUserContentFilterCreate):

  • UIProcess/API/Cocoa/_WKUserContentFilter.mm:

(-[_WKUserContentFilter initWithName:serializedRules:]):

Tools:

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:

(TestWebKitAPI::InMemoryCompiledContentExtension::createFromFilter):

3:46 PM Changeset in webkit [181977] by mmaxfield@apple.com
  • 3 edits in trunk/Tools

Migrate update-webkit for Windows to not require Cygwin
https://bugs.webkit.org/show_bug.cgi?id=143040

Reviewed by Brent Fulgham.

  • Scripts/update-webkit-dependency:

(wanted):
(toUnixPath): Deleted.

  • Scripts/webkitdirs.pm:

(fontExists):
(checkInstalledTools):
(setupAppleWinEnv):

3:42 PM Changeset in webkit [181976] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Fix formatting in BuiltinExecutables
https://bugs.webkit.org/show_bug.cgi?id=143061

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-03-25
Reviewed by Ryosuke Niwa.

  • builtins/BuiltinExecutables.cpp:

(JSC::BuiltinExecutables::createExecutableInternal):

3:41 PM Changeset in webkit [181975] by commit-queue@webkit.org
  • 3 edits in trunk/LayoutTests

Add a few more tests for Class names
https://bugs.webkit.org/show_bug.cgi?id=143060

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-03-25
Reviewed by Ryosuke Niwa.

Add a few more class name tests:

  • const class name binding inside class expression
  • mutable class name binding from class statement
  • js/script-tests/class-syntax-name.js:
3:38 PM Changeset in webkit [181974] by weinig@apple.com
  • 13 edits
    2 adds in trunk

[Content Extensions] Convert content extension compiling to return error codes and write its output using a client
https://bugs.webkit.org/show_bug.cgi?id=143059

Reviewed by Alex Christensen.

Source/WebCore:

  • WebCore.xcodeproj/project.pbxproj:

Add ContentExtensionError.h/cpp.

  • contentextensions/ContentExtensionError.cpp: Added.

(WebCore::ContentExtensions::contentExtensionErrorCategory):

  • contentextensions/ContentExtensionError.h: Added.

(WebCore::ContentExtensions::make_error_code):
Add ContentExtensionError enum and std::error_code adaptor.

  • contentextensions/ContentExtensionCompiler.h:

Instead of returning CompiledContentExtensionData, use a client interface
to pass data. Eventually, this should be turned into a direct streaming
interface so we can write directly to a file.

  • contentextensions/ContentExtensionCompiler.cpp:

(WebCore::ContentExtensions::compileRuleList):

  • contentextensions/ContentExtensionParser.cpp:

(WebCore::ContentExtensions::getTypeFlags):
(WebCore::ContentExtensions::loadTrigger):
(WebCore::ContentExtensions::loadAction):
(WebCore::ContentExtensions::loadRule):
(WebCore::ContentExtensions::loadEncodedRules):
(WebCore::ContentExtensions::parseRuleList):

  • contentextensions/ContentExtensionParser.h:

Convert to return an error.

Source/WebKit2:

  • Shared/WebCompiledContentExtension.cpp:
  • Shared/WebCompiledContentExtension.h:

(WebKit::LegacyContentExtensionCompilationClient::LegacyContentExtensionCompilationClient):
(WebKit::LegacyContentExtensionCompilationClient::writeBytecode):
(WebKit::LegacyContentExtensionCompilationClient::writeActions):
Add subclass of ContentExtensionCompilationClient for use with the non-file backed content
extensions.

  • UIProcess/API/C/WKUserContentFilterRef.cpp:

(WKUserContentFilterCreate):

  • UIProcess/API/Cocoa/_WKUserContentFilter.mm:

(-[_WKUserContentFilter initWithName:serializedRules:]):
Update to use the new interface of compileRuleList().

Tools:

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:

(TestWebKitAPI::InMemoryCompiledContentExtension::createFromFilter):
Update for new interface of compileRuleList().

2:33 PM Changeset in webkit [181973] by Joseph Pecoraro
  • 11 edits
    3 adds in trunk

ES6: Classes: Program level class statement throws exception in strict mode
https://bugs.webkit.org/show_bug.cgi?id=143038

Reviewed by Ryosuke Niwa.

Source/JavaScriptCore:

Classes expose a name to the current lexical environment. This treats
"class X {}" like "var X = class X {}". Ideally it would be "let X = class X {}".
Also, improve error messages for class statements where the class is missing a name.

  • parser/Parser.h:
  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseClass):
Fill name in info parameter if needed. Better error message if name is needed and missing.

(JSC::Parser<LexerType>::parseClassDeclaration):
Pass info parameter to get name, and expose the name as a variable name.

(JSC::Parser<LexerType>::parsePrimaryExpression):
Pass info parameter that is ignored.

  • parser/ParserFunctionInfo.h:

Add a parser info for class, to extract the name.

LayoutTests:

This updates a number of existing tests that were relying on
poor behavior. shouldBe and friends use eval within a function
not at the global scope. This means shouldBe('class X { ... }')
behaves like shouldBe('var x = ...') not shouldBe('x = ...').
This means x will not be available in the next shouldBe call.

Add a test specifically to cover the scoping of the class name
in regular and strict mode code. Currently we treat it like var
with one failing test that would pass when we treat it like let.

  • js/class-syntax-name.html: Added.
  • js/script-tests/class-syntax-name.js: Added.

(runTestShouldBe):
(runTestShouldBeTrue):
(runTestShouldThrow):
(runTestShouldNotThrow):
Test class name scoping.

  • js/class-syntax-call-expected.txt:
  • js/class-syntax-declaration-expected.txt:
  • js/class-syntax-default-constructor-expected.txt:
  • js/class-syntax-name-expected.txt: Added.
  • js/script-tests/class-syntax-call.js:
  • js/script-tests/class-syntax-declaration.js:
  • js/script-tests/class-syntax-default-constructor.js:
2:19 PM Changeset in webkit [181972] by rniwa@webkit.org
  • 7 edits in trunk/Source/WebKit2

Web Inspector: Switching tabs to window with inspector open prohibits typing into console
https://bugs.webkit.org/show_bug.cgi?id=126800

Reviewed by Anders Carlsson.

This is a regression from r85356 and r83814. These two patches made WKWebView clear its selection
when WKView resigns the first responder without ever restoring it even if WKView later becomes
the first responder again. This is problematic when a text field or a editing host element had been
focused and selected prior to the resignation since the editing code uses the selection to determine
the editability of the element.

Fixed the bug by restoring selection in [WKView becomeFirstResponder] if the selection is empty.

  • UIProcess/API/mac/WKView.mm:

(-[WKView becomeFirstResponder]):

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::restoreSelectionInFocusedEditableElement):

  • UIProcess/WebPageProxy.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::restoreSelectionInFocusedEditableElement):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
2:09 PM Changeset in webkit [181971] by Beth Dakin
  • 6 edits in trunk/Source

REGRESSION (r181660): Safari navigates to link after a starting and canceling a
force preview
https://bugs.webkit.org/show_bug.cgi?id=143057
-and corresponding-
rdar://problem/20251436

Reviewed by Tim Horton.

Source/WebCore:

This patch adds a value for ActionUpdated to the ImmediateActionStage enum. Now if
m_immediateActionStage indicates that an immediate action has either begun or
completed then we can have the same behavior.

  • page/EventHandler.cpp:

(WebCore::EventHandler::handleMouseReleaseEvent):

  • page/EventHandler.h:

Source/WebKit2:

Always call _page->immediateActionDidUpdate() so that the EventHandler’s
ImmediateActionStage is appropriately updated.

  • UIProcess/mac/WKImmediateActionController.mm:

(-[WKImmediateActionController immediateActionRecognizerDidUpdateAnimation:]):

Update the EventHandler’s ImmediateActionStage.

  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::immediateActionDidUpdate):

1:59 PM Changeset in webkit [181970] by Antti Koivisto
  • 9 edits
    2 adds in trunk/Source/WebKit2

Separate entry decoding from validation
https://bugs.webkit.org/show_bug.cgi?id=143052

Reviewed by Chris Dumez.

Make NetworkCache::Cache a class and move it to a file of its own.
Move the encoding/decoding code there.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::fetchDiskCacheEntries):
(WebKit::clearDiskCacheEntries):

  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::sendReplyToSynchronousRequest):
(WebKit::NetworkResourceLoader::start):
(WebKit::NetworkResourceLoader::sendBufferMaybeAborting):
(WebKit::NetworkResourceLoader::didRetrieveCacheEntry):
(WebKit::NetworkResourceLoader::validateCacheEntry):

  • NetworkProcess/NetworkResourceLoader.h:
  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::collectVaryingRequestHeaders):
(WebKit::NetworkCache::canUse):

Focused function for deciding if we can use a cache entry and if it needs validation.

(WebKit::NetworkCache::Cache::retrieve):
(WebKit::NetworkCache::Cache::store):
(WebKit::NetworkCache::Cache::update):
(WebKit::NetworkCache::Cache::traverse):
(WebKit::NetworkCache::encodeStorageEntry): Deleted.
(WebKit::NetworkCache::decodeStorageEntry): Deleted.

  • NetworkProcess/cache/NetworkCache.h:
  • NetworkProcess/cache/NetworkCacheEntry.cpp: Added.

(WebKit::NetworkCache::Entry::Entry):
(WebKit::NetworkCache::Entry::encode):
(WebKit::NetworkCache::Entry::decode):
(WebKit::NetworkCache::Entry::initializeBufferFromStorageEntry):
(WebKit::NetworkCache::Entry::buffer):
(WebKit::NetworkCache::Entry::shareableResourceHandle):
(WebKit::NetworkCache::Entry::needsValidation):
(WebKit::NetworkCache::Entry::setNeedsValidation):

  • NetworkProcess/cache/NetworkCacheEntry.h: Added.

(WebKit::NetworkCache::Entry::key):
(WebKit::NetworkCache::Entry::timeStamp):
(WebKit::NetworkCache::Entry::response):
(WebKit::NetworkCache::Entry::varyingRequestHeaders):
(WebKit::NetworkCache::Entry::sourceStorageEntry):

  • NetworkProcess/cache/NetworkCacheStatistics.h:
  • NetworkProcess/cache/NetworkCacheStatisticsCocoa.mm:

(WebKit::NetworkCache::cachedEntryReuseFailureToDiagnosticKey):
(WebKit::NetworkCache::Statistics::recordRetrievedCachedEntry):

  • WebKit2.xcodeproj/project.pbxproj:
12:35 PM Changeset in webkit [181969] by mark.lam@apple.com
  • 2 edits in trunk/LayoutTests

Gardening: rebaseline after r181907.

Not reviewed.

  • platform/win/js/dom/global-constructors-attributes-expected.txt:
11:37 AM Changeset in webkit [181968] by ggaren@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

New map and set modification tests in r181922 fails
https://bugs.webkit.org/show_bug.cgi?id=143031

Reviewed and tweaked by Geoffrey Garen.

When packing Map/Set backing store, we need to decrement Map/Set iterator's m_index
to adjust for the packed backing store.

Consider the following map data.

x: deleted, o: exists
0 1 2 3 4
x x x x o

And iterator with m_index 3.

When packing the map data, map data will become,

0
o

At that time, we perfom didRemoveEntry 4 times on iterators.
times => m_index/index/result
1 => 3/0/dec
2 => 2/1/dec
3 => 1/2/nothing
4 => 1/3/nothing

After iteration, iterator's m_index becomes 1. But we expected that becomes 0.
This is because if we use decremented m_index for comparison,
while provided deletedIndex is the index in old storage, m_index is the index in partially packed storage.

In this patch, we compare against the packed index instead.
times => m_index/packedIndex/result
1 => 3/0/dec
2 => 2/0/dec
3 => 1/0/dec
4 => 0/0/nothing

So m_index becomes 0 as expected.

And according to the spec, once the iterator is closed (becomes done: true),
its internal Map?/Set? is set to undefined.
So after the iterator is finished, we don't revive the iterator (e.g. by clearing m_index = 0).

In this patch, we change 2 things.
1.
Compare an iterator's index against the packed index when removing an entry.

2.
If the iterator is closed (isFinished()), we don't apply adjustment to the iterator.

Patch by Yusuke Suzuki <Yusuke Suzuki> on 2015-03-25

  • runtime/MapData.h:

(JSC::MapDataImpl::IteratorData::finish):
(JSC::MapDataImpl::IteratorData::isFinished):
(JSC::MapDataImpl::IteratorData::didRemoveEntry):
(JSC::MapDataImpl::IteratorData::didRemoveAllEntries):
(JSC::MapDataImpl::IteratorData::startPackBackingStore):

  • runtime/MapDataInlines.h:

(JSC::JSIterator>::replaceAndPackBackingStore):

  • tests/stress/modify-map-during-iteration.js:
  • tests/stress/modify-set-during-iteration.js:
11:29 AM Changeset in webkit [181967] by bshafiei@apple.com
  • 2 edits in tags/Safari-601.1.24/Source/WebCore

Merged r181958.

10:55 AM Changeset in webkit [181966] by peavo@outlook.com
  • 3 edits in trunk/Source/WebKit/win

[WinCairo] Crash when plugin window is destroyed.
https://bugs.webkit.org/show_bug.cgi?id=142905

Reviewed by Alex Christensen.

When a plugin window is destroyed with the Win32 api function DestroyWindow,
the system will send a synchronous WM_PARENTNOTIFY message to the WebView.
The WebView window procedure will, when processing the WM_PARENTNOTIFY message,
call UpdateWindow to paint synchronously. This will cause reentrancy problems,
since we're already called from WebCore code, and then reenter WebCore painting code.
We should avoid calling UpdateWindow when handling the WM_PARENTNOTIFY message.

  • WebView.cpp:

(WebView::WebViewWndProc):
(WebView::updateWindowIfNeeded):

  • WebView.h:
10:43 AM Changeset in webkit [181965] by dino@apple.com
  • 9 edits in trunk

MediaControls: Use font with fixed number width
https://bugs.webkit.org/show_bug.cgi?id=143018
<rdar://problem/20245415>

Reviewed by Eric Carlson.

Source/WebCore:

Add a new font-family, specific to Apple platforms,
called -apple-system-font-monospaced-numbers. This is
a special variant of the system font which uses monospaced
forms for the number glyphs - allowing a time reading that
doesn't bounce around as the time changes.

  • Modules/mediacontrols/mediaControlsApple.css: Media controls should

use the new font.
(audio::-webkit-media-controls-time-remaining-display):

  • Modules/mediacontrols/mediaControlsiOS.css:

(audio::-webkit-media-controls-time-remaining-display):

  • platform/graphics/ios/FontCacheIOS.mm: Request a new CTFontRef with

the appropriate attributes.
(WebCore::createCTFontWithFamilyNameAndWeight):

  • platform/graphics/mac/FontCacheMac.mm: Ditto, but NSFont.

(WebCore::fontWithFamily):

  • platform/spi/cocoa/CoreTextSPI.h: Expose the constants for

the new form so that the public SDK can build.

LayoutTests:

Add some results for the new font family "-apple-system-font-monospaced-numbers".

  • platform/mac/fast/text/systemFont.html:
  • platform/mac/fast/text/systemFont-expected.txt:
10:31 AM Changeset in webkit [181964] by achristensen@apple.com
  • 7 edits in trunk

[Content Extensions] Add multi-DFA compiling and interpreting.
https://bugs.webkit.org/show_bug.cgi?id=143010

Reviewed by Benjamin Poulain.

Source/WebCore:

  • contentextensions/ContentExtensionCompiler.cpp:

(WebCore::ContentExtensions::compileRuleList):
Compile multiple NFAs to DFAs.

  • contentextensions/ContentExtensionsBackend.cpp:

(WebCore::ContentExtensions::ContentExtensionsBackend::actionsForResourceLoad):
Fixed a bug when there are no non-universal actions.
We still need to report that no ignore-previous-rules was hit to apply the
universal actions which are now accessed through DFABytecodeInterpreter::actionsFromDFARoot
and skipped in DFABytecodeInterpreter::interpret.

  • contentextensions/DFABytecodeCompiler.cpp:

(WebCore::ContentExtensions::DFABytecodeCompiler::compile):
Add a header for each DFA.

  • contentextensions/DFABytecodeInterpreter.cpp:

(WebCore::ContentExtensions::DFABytecodeInterpreter::actionsFromDFARoot):
(WebCore::ContentExtensions::DFABytecodeInterpreter::interpret):
Interpret as many DFAs as there are in the bytecode.

Tools:

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:

(TestWebKitAPI::testRequest):
(TestWebKitAPI::TEST_F):
Add some tests for ignore-previous-rules and large rulesets.

10:18 AM Changeset in webkit [181963] by peavo@outlook.com
  • 2 edits in trunk/Source/WebCore

[Win] Illegal character in project file.
https://bugs.webkit.org/show_bug.cgi?id=143051

Reviewed by Brent Fulgham.

There is an illegal character in the WebCore project filter.
WebCore files are shown unfiltered.

  • WebCore.vcxproj/WebCore.vcxproj.filters:
10:00 AM Changeset in webkit [181962] by ap@apple.com
  • 3 edits in trunk/Tools

Mavericks WK1 still runs JSC tests
https://bugs.webkit.org/show_bug.cgi?id=143035

Reviewed by Csaba Osztrogonác.

  • BuildSlaveSupport/build.webkit.org-config/config.json: Bring Mavericks WK1 in line

with other bots.

  • BuildSlaveSupport/build.webkit.org-config/mastercfg_unittest.py: Updated the tests

accordingly.

9:49 AM Changeset in webkit [181961] by Nikita Vasilyev
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: console.table with source code location look poor
https://bugs.webkit.org/show_bug.cgi?id=142068

Reviewed by Timothy Hatcher.

  • UserInterface/Views/LegacyConsoleMessageImpl.js:

(WebInspector.LegacyConsoleMessageImpl.prototype._formatParameterAsTable):
Remove dataGridContainer as it is an unnecessary span element.

  • UserInterface/Views/LogContentView.css:

(.console-messages .data-grid):

9:45 AM Changeset in webkit [181960] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.24

New tag.

9:28 AM Changeset in webkit [181959] by hyatt@apple.com
  • 7 edits in trunk/Source

Add a pref to enable the new block-inside-inline model
https://bugs.webkit.org/show_bug.cgi?id=143050

Reviewed by Sam Weinig.

Source/WebCore:

  • page/Settings.in:

Source/WebKit2:

  • Shared/WebPreferencesDefinitions.h:
  • UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetNewBlockInsideInlineModelEnabled):
(WKPreferencesGetNewBlockInsideInlineModelEnabled):

  • UIProcess/API/C/WKPreferencesRefPrivate.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences):

6:51 AM Changeset in webkit [181958] by mitz@apple.com
  • 2 edits in trunk/Source/WebCore

iOS Simulator build fix.

  • platform/spi/cocoa/IOSurfaceSPI.h:
5:56 AM Changeset in webkit [181957] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r181943 - [WK2] WebUserMediaClient::pageDestroyed() virtual method should be marked as override
https://bugs.webkit.org/show_bug.cgi?id=143046

Reviewed by Carlos Garcia Campos.

  • WebProcess/WebCoreSupport/WebUserMediaClient.h: Mark the WebUserMediaClient::pageDestroyed()

method, inherited from the WebCore::UserMediaClient, as an override.

5:55 AM Changeset in webkit [181956] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r181938 - [GTK][WK2] WebPageProxy::failedToShowPopupMenu() virtual method should be marked as override
https://bugs.webkit.org/show_bug.cgi?id=143045

Reviewed by Carlos Garcia Campos.

  • UIProcess/WebPageProxy.h: Mark the failedToShowPopupMenu(), inherited from

the WebPopupMenuProxy::Client class, as overridden.

5:53 AM Changeset in webkit [181955] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r181937 - [WK2] Clean up DrawingAreaImpl vtable overrides
https://bugs.webkit.org/show_bug.cgi?id=143044

Reviewed by Carlos Garcia Campos.

Declare virtual methods of the DrawingAreaImpl class as overridden where necessary.

  • WebProcess/WebPage/DrawingAreaImpl.h:

(WebKit::DrawingAreaImpl::layerTreeStateIsFrozen): Deleted.
(WebKit::DrawingAreaImpl::layerTreeHost): Deleted.

5:48 AM Changeset in webkit [181954] by Carlos Garcia Campos
  • 4 edits
    8 adds
    1 delete in releases/WebKitGTK/webkit-2.8

Merge r181897 - Stop image from displaying when src attribute is removed or emptied
https://bugs.webkit.org/show_bug.cgi?id=142677

Reviewed by Chris Dumez.

Source/WebCore:

Previously, we ignored empty attribute as failed URL, and didn't update the
renderer when an image was removed. This patch fixes that.

Tests: fast/dom/HTMLImageElement/image-empty-src.html

fast/dom/HTMLImageElement/image-remove-src.html

  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::updateFromElement):

LayoutTests:

  • fast/dom/HTMLImageElement/image-empty-src-expected.html: Added.
  • fast/dom/HTMLImageElement/image-empty-src.html: Added.
  • fast/dom/HTMLImageElement/image-remove-src-expected.html: Added.
  • fast/dom/HTMLImageElement/image-remove-src.html: Added.
  • fast/dom/HTMLImageElement/image-empty-srcset-expected.html: Added.
  • fast/dom/HTMLImageElement/image-empty-srcset.html: Added.
  • fast/dom/HTMLImageElement/image-remove-srcset-expected.html: Added.
  • fast/dom/HTMLImageElement/image-remove-srcset.html: Added.
4:53 AM Changeset in webkit [181953] by commit-queue@webkit.org
  • 6 edits in trunk/LayoutTests

GTK+ Gardening 24th March
https://bugs.webkit.org/show_bug.cgi?id=143003

Unreviewed.

Patch by Marcos Chavarría Teijeiro <chavarria1991@gmail.com> on 2015-03-25

  • platform/gtk/TestExpectations:
  • platform/gtk/css3/selectors3/xhtml/css3-modsel-15c-expected.txt: Rebaselined after r181889.
  • platform/gtk/css3/selectors3/xml/css3-modsel-15c-expected.txt: Rebaselined after r181889.
  • platform/gtk/plugins/npruntime/object-from-destroyed-plugin-expected.txt: Rebaselined after r181889.
  • platform/gtk/plugins/npruntime/object-from-destroyed-plugin-in-subframe-expected.txt: Rebaselined after r181889.
4:40 AM Changeset in webkit [181952] by Carlos Garcia Campos
  • 5 edits
    10 adds
    9 deletes in releases/WebKitGTK/webkit-2.8

Merge r181888 - Update empty image canvas tests and fix a related bug
https://bugs.webkit.org/show_bug.cgi?id=142694

Reviewed by Chris Dumez.

Source/WebCore:

During the work on https://bugs.webkit.org/show_bug.cgi?id=142677
we encountered an issue with canvas tests related to empty image handling
when drawn or used as a pattern. After updating these tests, an issue with
pattern handling was encountered.

The spec, as well as Chrome's implementation, say that when an empty image
is used as a pattern, createPattern should return null. See
https://html.spec.whatwg.org/multipage/scripting.html#fill-and-stroke-styles:check-the-usability-of-the-image-argument
Instead, createPattern returned an exception in this case.
This patch fixes that and makes sure that it returns a null when image loading hasn't started.

Tests: canvas/philip/tests/2d.drawImage.incomplete.emptysrc.html

canvas/philip/tests/2d.drawImage.incomplete.nosrc.html
canvas/philip/tests/2d.drawImage.incomplete.removedsrc.html
canvas/philip/tests/2d.pattern.image.incomplete.emptysrc.html
canvas/philip/tests/2d.pattern.image.incomplete.removedsrc.html

  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::createPattern): Return "null" if image is not fully decodeable.

LayoutTests:

Tests below imported from https://github.com/w3c/web-platform-tests/tree/master/2dcontext/drawing-images-to-the-canvas

  • canvas/philip/tests/2d.drawImage.incomplete-expected.txt: Removed.
  • canvas/philip/tests/2d.drawImage.incomplete.emptysrc-expected.txt: Added.
  • canvas/philip/tests/2d.drawImage.incomplete.emptysrc.html: Added.
  • canvas/philip/tests/2d.drawImage.incomplete.html: Removed.
  • canvas/philip/tests/2d.drawImage.incomplete.nosrc-expected.txt: Added.
  • canvas/philip/tests/2d.drawImage.incomplete.nosrc.html: Added.
  • canvas/philip/tests/2d.drawImage.incomplete.removedsrc-expected.txt: Added.
  • canvas/philip/tests/2d.drawImage.incomplete.removedsrc.html: Added.

Tests below imported from https://github.com/w3c/web-platform-tests/tree/master/2dcontext/fill-and-stroke-styles

  • canvas/philip/tests/2d.pattern.image.incomplete-expected.txt: Removed.
  • canvas/philip/tests/2d.pattern.image.incomplete.empty-expected.txt: Removed.
  • canvas/philip/tests/2d.pattern.image.incomplete.empty.html: Removed.
  • canvas/philip/tests/2d.pattern.image.incomplete.emptysrc-expected.txt: Added.
  • canvas/philip/tests/2d.pattern.image.incomplete.emptysrc.html: Added.
  • canvas/philip/tests/2d.pattern.image.incomplete.html: Removed.
  • canvas/philip/tests/2d.pattern.image.incomplete.omitted-expected.txt: Removed.
  • canvas/philip/tests/2d.pattern.image.incomplete.omitted.html: Removed.
  • canvas/philip/tests/2d.pattern.image.incomplete.removedsrc-expected.txt: Added.

This test currently fails and will be fixed in https://bugs.webkit.org/show_bug.cgi?id=142677

  • canvas/philip/tests/2d.pattern.image.incomplete.removedsrc.html: Added.

Test below imported from https://chromium.googlesource.com/chromium/blink/+/master/LayoutTests/fast/canvas/

  • fast/canvas/canvas-empty-image-pattern.html: Aligned with spec/Chrome.
  • fast/canvas/canvas-empty-image-pattern-expected.txt: Aligned with spec/Chrome.
  • TestExpectations: Added 2d.pattern.image.incomplete.removedsrc.html as an expected failure.
4:32 AM Changeset in webkit [181951] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.8

Merge r181864 - Source/WebKit2:
Make platform/mac-wk2/plugins/destroy-during-async-npp-new.html work again.
https://bugs.webkit.org/show_bug.cgi?id=133692
rdar://problem/17255947

Reviewed by Alexey Proskuryakov.

Add plug-in destruction protectors around message receiver code that can call out to NPObjects or JavaScript
where we need the plug-in to stay around after the call.

  • Shared/Plugins/NPObjectMessageReceiver.cpp:

(WebKit::NPObjectMessageReceiver::invoke):
(WebKit::NPObjectMessageReceiver::invokeDefault):
(WebKit::NPObjectMessageReceiver::getProperty):
(WebKit::NPObjectMessageReceiver::setProperty):
(WebKit::NPObjectMessageReceiver::construct):

LayoutTests:
Make platform/mac-wk2/plugins/destroy-during-async-npp-new.html work again
https://bugs.webkit.org/show_bug.cgi?id=133692
rdar://problem/17255947

Reviewed by Alexey Proskuryakov.

  • platform/mac-wk2/TestExpectations:

Unskip test.

4:27 AM Changeset in webkit [181950] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r181851 - [GTK] Use std::abs() in ClickCounter::currentClickCountForGdkButtonEvent()
https://bugs.webkit.org/show_bug.cgi?id=142964

Reviewed by Carlos Garcia Campos.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(ClickCounter::currentClickCountForGdkButtonEvent): Use the STL's std::abs()
instead of C's abs(). The templated nature of std::abs() ensures the proper
computation that matches the types of the passed-in values, and shuts down
a warning when compiling with Clang.

4:25 AM Changeset in webkit [181949] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r181850 - [GTK][WK2] webkitBackForwardListChanged() should operate on a Vector reference
https://bugs.webkit.org/show_bug.cgi?id=142963

Reviewed by Carlos Garcia Campos.

  • UIProcess/API/gtk/WebKitBackForwardList.cpp:

(webkitBackForwardListChanged): This function only reads from the passed-in
Vector of removed items, so only a const lvalue reference to the Vector
is needed.

  • UIProcess/API/gtk/WebKitBackForwardListPrivate.h:
4:23 AM Changeset in webkit [181948] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r181835 - DFG OSR exit shouldn't assume that the frame count for exit is greater than the frame count in DFG
https://bugs.webkit.org/show_bug.cgi?id=142948

Reviewed by Sam Weinig.

It's necessary to ensure that the stack pointer accounts for the extent of our stack usage
since a signal may clobber the area below the stack pointer. When the DFG is executing,
the stack pointer accounts for the DFG's worst-case stack usage. When we OSR exit back to
baseline, we will use a different amount of stack. This is because baseline is a different
compiler. It will make different decisions. So it will use a different amount of stack.

This gets tricky when we are in the process of doing an OSR exit, because we are sort of
incrementally transforming the stack from how it looked in the DFG to how it will look in
baseline. The most conservative approach would be to set the stack pointer to the max of
DFG and baseline.

When this code was written, a reckless assumption was made: that the stack usage in
baseline is always at least as large as the stack usage in DFG. Based on this incorrect
assumption, the code first adjusts the stack pointer to account for the baseline stack
usage. This sort of usually works, because usually baseline does happen to use more stack.
But that's not an invariant. Nobody guarantees this. We will never make any changes that
would make this be guaranteed, because that would be antithetical to how optimizing
compilers work. The DFG should be allowed to use however much stack it decides that it
should use in order to get good performance, and it shouldn't try to guarantee that it
always uses less stack than baseline.

As such, we must always assume that the frame size for DFG execution (i.e.
frameRegisterCount) and the frame size in baseline once we exit (i.e.
requiredRegisterCountForExit) are two independent quantities and they have no
relationship.

Fortunately, though, this code can be made correct by just moving the stack adjustment to
just before we do conversions. This is because we have since changed the OSR exit
algorithm to first lift up all state from the DFG state into a scratch buffer, and then to
drop it out of the scratch buffer and into the stack according to the baseline layout. The
point just before conversions is the point where we have finished reading the DFG frame
and will not read it anymore, and we haven't started writing the baseline frame. So, at
this point it is safe to set the stack pointer to account for the frame size at exit.

This is benign because baseline happens to create larger frames than DFG.

  • dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::adjustAndJumpToTarget):

4:19 AM Changeset in webkit [181947] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r181828 - Make UnlinkedFunctionExecutable fit in a 128-byte cell.
<https://webkit.org/b/142939>

Reviewed by Mark Hahnenberg.

Re-arrange the members of UnlinkedFunctionExecutable so it can fit inside
a 128-byte heap cell instead of requiring a 256-byte one.

Threw in a static_assert to catch anyone pushing it over the limit again.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedFunctionExecutable::functionMode):

4:06 AM Changeset in webkit [181946] by Carlos Garcia Campos
  • 16 edits in releases/WebKitGTK/webkit-2.8/Source

Merge r181814 - REGRESSION (r179429): Potential Use after free in JavaScriptCore`WTF::StringImpl::ref + 83
https://bugs.webkit.org/show_bug.cgi?id=142410

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Before this patch, added function JSValue::toPropertyKey returns PropertyName.
Since PropertyName doesn't have AtomicStringImpl ownership,
if Identifier is implicitly converted to PropertyName and Identifier is destructed,
PropertyName may refer freed AtomicStringImpl*.

This patch changes the result type of JSValue::toPropertyName from PropertyName to Identifier,
to keep AtomicStringImpl* ownership after the toPropertyName call is done.
And receive the result value as Identifier type to keep ownership in the caller side.

To catch the result of toPropertyKey as is, we catch the result of toPropertyName as auto.

However, now we don't need to have both Identifier and PropertyName.
So we'll merge PropertyName to Identifier in the subsequent patch.

  • dfg/DFGOperations.cpp:

(JSC::DFG::operationPutByValInternal):

  • jit/JITOperations.cpp:

(JSC::getByVal):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::getByVal):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::opIn):

  • runtime/JSCJSValue.h:
  • runtime/JSCJSValueInlines.h:

(JSC::JSValue::toPropertyKey):

  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorGetOwnPropertyDescriptor):
(JSC::objectConstructorDefineProperty):

  • runtime/ObjectPrototype.cpp:

(JSC::objectProtoFuncPropertyIsEnumerable):

Source/WebCore:

The same issues are found in the existing code; PropertyName does not have ownership.
This patch rewrite the point that should have ownership to Identifier.

  • bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
(WebCore::JSDOMWindow::putByIndex):

  • bindings/js/ReadableStreamJSSource.cpp:

(WebCore::getInternalSlotFromObject):

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

  • bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:

(WebCore::JSTestCustomNamedGetter::getOwnPropertySlotByIndex):

  • bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::JSTestEventTarget::getOwnPropertySlotByIndex):

  • bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::JSTestInterface::putByIndex):

3:36 AM Changeset in webkit [181945] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r181773 - Source/WebCore:
REGRESSION (r109593): Clicking after last inline element could cause a crash.
https://bugs.webkit.org/show_bug.cgi?id=142880
rdar://problem/17222294

Reviewed by Ryosuke Niwa.

Test: editing/selection/click-after-last-inline-crash.html

  • rendering/RootInlineBox.cpp:

(WebCore::RootInlineBox::closestLeafChildForLogicalLeftPosition):

LayoutTests:
Web Inspector: Adopt ES6 Class Syntax for all Model Objects
https://bugs.webkit.org/show_bug.cgi?id=142858

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-03-19
Reviewed by Timothy Hatcher.

  • inspector/model/parse-script-syntax-tree.html:

This test was calling a constructor without "new". Class
syntax enforces "new" and threw an exception.

3:34 AM Changeset in webkit [181944] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r181765 - JSCallee unnecessarily overrides a bunch of things in the method table.
<https://webkit.org/b/142855>

Reviewed by Geoffrey Garen.

Remove JSCallee method table overrides that simply call to base class.
This makes JSFunction property slot lookups slightly more efficient since
they can take the fast path when passing over JSCallee in the base class chain.

  • runtime/JSCallee.cpp:

(JSC::JSCallee::getOwnPropertySlot): Deleted.
(JSC::JSCallee::getOwnNonIndexPropertyNames): Deleted.
(JSC::JSCallee::put): Deleted.
(JSC::JSCallee::deleteProperty): Deleted.
(JSC::JSCallee::defineOwnProperty): Deleted.

  • runtime/JSCallee.h:
3:09 AM Changeset in webkit [181943] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebKit2

[WK2] WebUserMediaClient::pageDestroyed() virtual method should be marked as override
https://bugs.webkit.org/show_bug.cgi?id=143046

Reviewed by Carlos Garcia Campos.

  • WebProcess/WebCoreSupport/WebUserMediaClient.h: Mark the WebUserMediaClient::pageDestroyed()

method, inherited from the WebCore::UserMediaClient, as an override.

3:05 AM Changeset in webkit [181942] by Carlos Garcia Campos
  • 5 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r181720 - Switching between two SVG images with no intrinsic sizes causes them to get the default SVG size instead of the container size.
https://bugs.webkit.org/show_bug.cgi?id=142805.

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-03-18
Reviewed by Darin Adler.
Source/WebCore:

The bug happens due to wrong logic in RenderImage::imageDimensionsChanged().
This function decides to setNeedsLayout() if the intrinsic size of the image
changes. If the size does not change, it only repaints the image rectangle.
When switching the src of the an image between two SVG images and both of
them have no intrinsic size, we do not updateInnerContentRect() and this
means an SVGImageForContainer is not going to be created for this image.
When the image is drawn, it is drawn directly from the SVGImage. And this
means the drawing has to be scaled by container_size / SVG_default_intrinsic_size

After figuring out that I need to updateInnerContentRect() to fix this bug,
I found out Blink has already changed this code to do the same thing. But
they also did more clean-up in this function. Here is the link
https://codereview.chromium.org/114323004. I think their change seems correct
although they did not say what exactly they were trying to fix.

The plan for repaintOrMarkForLayout(), which is the new name of this function,
is the following:

-- setNeedLayout() if the intrinsic size changes and it affects the size

of the image.

-- updateInnerContentRect() if the intrinsic size did not change but the

image has exiting layout.

-- repaint the image rectangle if layout is not needed.

This change also removes the call to computeLogicalWidthInRegion(), which is
almost running a layout for the image. This call figures out whether the image
needs to setNeedsLayout(). This call is unnecessary; the image needs to run a
layout if the intrinsic size has changed and it affects the size of the image.

Test: svg/as-image/svg-no-intrinsic-size-switching.html

  • rendering/RenderImage.cpp:

(WebCore::RenderImage::styleDidChange): Change the function call.
(WebCore::RenderImage::imageChanged): Rename local variable and change the
function call.

(WebCore::RenderImage::updateIntrinsicSizeIfNeeded): Simplify this function.
Call setIntrinsicSize() with the new size unless the image is in error state.

(WebCore::RenderImage::repaintOrMarkForLayout): This a better name for this
function since it is called even if the intrinsic size was not changed.
(WebCore::RenderImage::imageDimensionsChanged): Deleted.

  • rendering/RenderImage.h: Rename imageDimensionsChanged() and change the

updateIntrinsicSizeIfNeeded() to return void.

  • rendering/svg/RenderSVGForeignObject.cpp:

(WebCore::RenderSVGForeignObject::paint): Code cleanup. This function can
only handle the paint phases PaintPhaseForeground and PaintPhaseSelection.
Use this information to simplify the logic and order of painting there.

LayoutTests:

  • svg/as-image/svg-no-intrinsic-size-switching-expected.html: Added.
  • svg/as-image/svg-no-intrinsic-size-switching.html: Added.

Ensure that switching the source of an <img> element between two SVG images,
which have no intrinsic sizes, gets the image the size of the container and
not the default SVG intrinsic size which is 300x150 pixels.

3:02 AM Changeset in webkit [181941] by Carlos Garcia Campos
  • 5 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r181710 - Avoid repaints when changing transform on an element with multiple background images
https://bugs.webkit.org/show_bug.cgi?id=142841

Reviewed by Zalan Bujtas.

Source/WebCore:

Replace the cheap test for changed images in RenderElement::updateFillImages()
with an exhaustive test that walks the entire list of background images,
since any ensuing repaint is way more expensive than a slightly more expensive check here.

Test: fast/repaint/multiple-backgrounds-style-change.html

  • rendering/RenderElement.cpp:

(WebCore::RenderElement::updateFillImages):

  • rendering/style/FillLayer.cpp:

(WebCore::layerImagesIdentical): See if both images are the same (either none
or both mask images, and same image pointer).
(WebCore::FillLayer::imagesIdentical): Walk the two FillLayer lists, checking the images
on each one. Returns false if we reach the end of one list before the other, or the images
are different.

  • rendering/style/FillLayer.h: New static function; static because

it compares two FillLayer lists, and I think that makes more sense than
a member function.

LayoutTests:

Test that changes transform on a composited element with 2 background images,
and tests for no repaints.

  • fast/repaint/multiple-backgrounds-style-change-expected.txt: Added.
  • fast/repaint/multiple-backgrounds-style-change.html: Added.
2:53 AM Changeset in webkit [181940] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r181709 - Pass cookies by reference in CookieHash functions
https://bugs.webkit.org/show_bug.cgi?id=142839

Reviewed by Sam Weinig.

  • platform/Cookie.h:

(WebCore::CookieHash::hash):
(WebCore::CookieHash::equal):

2:50 AM Changeset in webkit [181939] by Carlos Garcia Campos
  • 11 edits
    4 adds in releases/WebKitGTK/webkit-2.8

Merge r181691 - Flex and grid items should be painted as inline-blocks
https://bugs.webkit.org/show_bug.cgi?id=142266

Reviewed by Darin Adler.

Source/WebCore:

Based on Blink r157004 by <cbiesinger@chromium.org>.
https://src.chromium.org/viewvc/blink?revision=157004&view=revision

Both flexbox and grid specs define that the painting order of flex/grid
items is the same as inline blocks. See
http://dev.w3.org/csswg/css-flexbox/#painting and
http://dev.w3.org/csswg/css-grid/#z-order.

Extracted inline blocks painting code from InlineElementBox and moved to
a helper method that will be reused for flexboxes and grids.

Tests: css3/flexbox/flex-item-text-background-not-interleaved.html

fast/css-grid-layout/grid-item-text-background-not-interleaved.html

  • rendering/InlineElementBox.cpp:

(WebCore::InlineElementBox::paint): Move code to
RenderElement::paintAsInlineBlock().

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::paintChild): Add new argument to paint children
as inline blocks.

  • rendering/RenderBlock.h: Define PaintType enmu and modify paintChild()

signature to add the new argument.

  • rendering/RenderElement.cpp:

(WebCore::paintPhase): Paint element in a phase.
(WebCore::RenderElement::paintAsInlineBlock): Code extracted from
InlineElementBox::paint().

  • rendering/RenderElement.h: Add new method signature.
  • rendering/RenderFlexibleBox.cpp:

(WebCore::RenderFlexibleBox::paintChildren): Call
RenderBlock::paintChild() with the new argument.

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::paintChildren): Ditto.

LayoutTests:

  • css3/flexbox/flex-item-text-background-not-interleaved-expected.html: Added.
  • css3/flexbox/flex-item-text-background-not-interleaved.html: Added.
  • fast/css-grid-layout/float-not-protruding-into-next-grid-item-expected.html:

Add some vertical space to avoid issues with backgrounds.

  • fast/css-grid-layout/float-not-protruding-into-next-grid-item.html:

Ditto.

  • fast/css-grid-layout/grid-item-text-background-not-interleaved-expected.html: Added.
  • fast/css-grid-layout/grid-item-text-background-not-interleaved.html: Added.
2:38 AM Changeset in webkit [181938] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebKit2

[GTK][WK2] WebPageProxy::failedToShowPopupMenu() virtual method should be marked as override
https://bugs.webkit.org/show_bug.cgi?id=143045

Reviewed by Carlos Garcia Campos.

  • UIProcess/WebPageProxy.h: Mark the failedToShowPopupMenu(), inherited from

the WebPopupMenuProxy::Client class, as overridden.

2:32 AM Changeset in webkit [181937] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebKit2

[WK2] Clean up DrawingAreaImpl vtable overrides
https://bugs.webkit.org/show_bug.cgi?id=143044

Reviewed by Carlos Garcia Campos.

Declare virtual methods of the DrawingAreaImpl class as overridden where necessary.

  • WebProcess/WebPage/DrawingAreaImpl.h:

(WebKit::DrawingAreaImpl::layerTreeStateIsFrozen): Deleted.
(WebKit::DrawingAreaImpl::layerTreeHost): Deleted.

12:45 AM Changeset in webkit [181936] by bshafiei@apple.com
  • 5 edits in trunk/Source

Versioning.

12:40 AM Changeset in webkit [181935] by commit-queue@webkit.org
  • 7 edits in trunk

Unreviewed, rolling out r181932.
https://bugs.webkit.org/show_bug.cgi?id=143041

The test fails most of the time on bots (Requested by ap on
#webkit).

Reverted changeset:

"[Content Extensions] Add multi-DFA compiling and
interpreting."
https://bugs.webkit.org/show_bug.cgi?id=143010
http://trac.webkit.org/changeset/181932

Mar 24, 2015:

11:06 PM Changeset in webkit [181934] by dino@apple.com
  • 2 edits in trunk/Source/WebCore

Source/WebCore/rendering/RenderThemeMac.mm:2181:118: error: null passed to a callee that requires a non-null argument [-Werror,-Wnonnull]
https://bugs.webkit.org/show_bug.cgi?id=143039

Unreviewed build fix for newer versions of OS X.

  • rendering/RenderThemeMac.mm: Define a null language parameter. This

seemed better than turning the clang warning off for just that
function.
(WebCore::AttachmentLayout::layOutTitle):
(WebCore::AttachmentLayout::layOutSubtitle):

10:29 PM Changeset in webkit [181933] by mitz@apple.com
  • 3 edits in trunk/Source/WebCore

Another attempt to fix the build.

  • WebCore.xcodeproj/project.pbxproj:
  • platform/spi/cocoa/QuartzCoreSPI.h:
10:19 PM Changeset in webkit [181932] by achristensen@apple.com
  • 7 edits in trunk

[Content Extensions] Add multi-DFA compiling and interpreting.
https://bugs.webkit.org/show_bug.cgi?id=143010

Reviewed by Benjamin Poulain.

Source/WebCore:

  • contentextensions/ContentExtensionCompiler.cpp:

(WebCore::ContentExtensions::compileRuleList):
Compile multiple NFAs to DFAs.

  • contentextensions/ContentExtensionsBackend.cpp:

(WebCore::ContentExtensions::ContentExtensionsBackend::actionsForResourceLoad):
Fixed a bug when there are no non-universal actions.
We still need to report that no ignore-previous-rules was hit to apply the
universal actions which are now accessed through DFABytecodeInterpreter::actionsFromDFARoot
and skipped in DFABytecodeInterpreter::interpret.

  • contentextensions/DFABytecodeCompiler.cpp:

(WebCore::ContentExtensions::DFABytecodeCompiler::compile):
Add a header for each DFA.

  • contentextensions/DFABytecodeInterpreter.cpp:

(WebCore::ContentExtensions::DFABytecodeInterpreter::actionsFromDFARoot):
(WebCore::ContentExtensions::DFABytecodeInterpreter::interpret):
Interpret as many DFAs as there are in the bytecode.

Tools:

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:

(TestWebKitAPI::testRequest):
(TestWebKitAPI::TEST_F):
Add some tests for ignore-previous-rules and large rulesets.

10:12 PM Changeset in webkit [181931] by mitz@apple.com
  • 2 edits in trunk/Source/WebCore

Tried to fix the EWS build.

  • platform/spi/cocoa/QuartzCoreSPI.h:
9:27 PM Changeset in webkit [181930] by Joseph Pecoraro
  • 5 edits
    1 add in trunk/Source/WebInspectorUI

Web Inspector: IndexedDB / Databases ContentViews should have refresh button
https://bugs.webkit.org/show_bug.cgi?id=142996

Reviewed by Timothy Hatcher.

  • Localizations/en.lproj/localizedStrings.js:

Remove unused strings.

  • UserInterface/Images/ReloadFull.svg: Added.

This is the same as Reload.svg but adjusted to fill the viewbox edge to edge.
The only change is to the viewbox.

  • UserInterface/Protocol/RemoteObject.js:

(WebInspector.RemoteObject.prototype.release):
Some clients would call release not knowing if this was an object or not.
Act gracefully in the case that this was not an object that needs a
remote release.

  • UserInterface/Views/DatabaseTableContentView.js:

(WebInspector.DatabaseTableContentView):
(WebInspector.DatabaseTableContentView.prototype.get navigationItems):
(WebInspector.DatabaseTableContentView.prototype._queryError):
(WebInspector.DatabaseTableContentView.prototype._refreshButtonClicked):

  • UserInterface/Views/IndexedDatabaseObjectStoreContentView.js:

(WebInspector.IndexedDatabaseObjectStoreContentView):
(WebInspector.IndexedDatabaseObjectStoreContentView.prototype.get navigationItems):
(WebInspector.IndexedDatabaseObjectStoreContentView.prototype._fetchMoreData):
(WebInspector.IndexedDatabaseObjectStoreContentView.prototype._refreshButtonClicked):
Give the storage content views a refresh button to reload the content.

9:20 PM Changeset in webkit [181929] by Joseph Pecoraro
  • 20 edits in trunk

Setter should have a single formal parameter, Getter no parameters
https://bugs.webkit.org/show_bug.cgi?id=142903

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parseFunctionInfo):
Enforce no parameters for getters and a single parameter
for setters, with informational error messages.

Source/WebInspectorUI:

  • UserInterface/Views/GradientSlider.js:

(WebInspector.GradientSliderKnob.prototype.get wellColor):
Fix a getter that was incorrectly taking a parameter.

LayoutTests:

Correct a bunch of setters in existing tests and add
tests for good/bad getter and setter syntax.

  • js/class-syntax-declaration-expected.txt:
  • js/dom/exception-sequencing.html:
  • js/dom/reserved-words-as-property-expected.txt:
  • js/dom/script-tests/implicit-call-with-global-reentry.js:

(testObject.set setterTest):

  • js/dom/script-tests/reserved-words-as-property.js:

(testWord):

  • js/for-in-cached-expected.txt:
  • js/object-literal-direct-put-expected.txt:
  • js/object-literal-syntax-expected.txt:
  • js/parser-syntax-check-expected.txt:
  • js/script-tests/class-syntax-declaration.js:
  • js/script-tests/class-syntax-super.js:

(class.Derived.extends.Base.set callBaseMethodInSetter):
(class.Derived.extends.Base.set baseMethodInGetterSetter):

  • js/script-tests/for-in-cached.js:
  • js/script-tests/object-literal-direct-put.js:
  • js/script-tests/object-literal-syntax.js:
  • js/script-tests/parser-syntax-check.js:
8:52 PM Changeset in webkit [181928] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebCore

Unreviewed, rolling out r181898 and r181909.
https://bugs.webkit.org/show_bug.cgi?id=143034

Broke fast/regions/auto-size/autoheight-two-pass-layout-
complex-002.html (Requested by ap on #webkit).

Reverted changesets:

"Improve the offsetWidth/Height layout optimization"
https://bugs.webkit.org/show_bug.cgi?id=143008
http://trac.webkit.org/changeset/181898

"Disable layout dimensions optimization for RenderRegions"
https://bugs.webkit.org/show_bug.cgi?id=143017
http://trac.webkit.org/changeset/181909

8:17 PM WindowsWithoutCygwin edited by mmaxfield@apple.com
(diff)
8:05 PM WindowsWithoutCygwin edited by mmaxfield@apple.com
(diff)
7:37 PM Changeset in webkit [181927] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebKit2

Inspector doesn't get focused when opened in dock mode
https://bugs.webkit.org/show_bug.cgi?id=143030

Reviewed by Anders Carlsson.

The bug was caused by platformBringToFront and platformAttach calling makeFirstResponder on WKWebView,
which aren't intended to become the first responder. Fixed the bug by calling makeFirstResponder on the WKView
subview of the WKWebView, which is intended to be used as the first responder on behalf of the web view.

  • UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::WebInspectorProxy::platformBringToFront):
(WebKit::WebInspectorProxy::platformAttach):

7:26 PM WindowsWithoutCygwin edited by mmaxfield@apple.com
(diff)
7:18 PM Changeset in webkit [181926] by Chris Dumez
  • 3 edits
    2 adds in trunk

[WK2] Responses with 302 HTTP Status Code should not be cached
https://bugs.webkit.org/show_bug.cgi?id=143028
<rdar://problem/19714040>

Reviewed by Antti Koivisto.

Source/WebKit2:

Responses with 302 HTTP Status Code should not be cached as per
RFC 7231:
http://tools.ietf.org/html/rfc7231#section-6.1

This patch updates our disk cache policy accordingly.

Test: http/tests/cache/disk-cache/disk-cache-302-status-code.html

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::canStore):

LayoutTests:

Add layout test to check that responses with 302 HTTP Status Code
are not cached.

  • http/tests/cache/disk-cache/disk-cache-302-status-code-expected.txt: Added.
  • http/tests/cache/disk-cache/disk-cache-302-status-code.html: Added.
7:17 PM WindowsWithoutCygwin created by mmaxfield@apple.com
6:28 PM Changeset in webkit [181925] by commit-queue@webkit.org
  • 5 edits in trunk

Scripts running in isolated world should not subject to a page's CSP about 'eval'.
https://bugs.webkit.org/show_bug.cgi?id=141316.

Patch by Zhuo Li <zachli@apple.com> on 2015-03-24
Reviewed by Geoffrey Garen.

Source/WebCore:

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::initScript):
We should not impose the main world Content Security Policy onto the isolated world.

LayoutTests:

I added a new Content Security Policy directive, "script-src", so that we do not
allow 'unsafe-eval' in the main world.

Also I have to copy the whole function instead of using eval because
eval is subject to the main world Content Security Policy now.

  • http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt:
  • http/tests/security/isolatedWorld/bypass-main-world-csp.html:
6:18 PM Changeset in webkit [181924] by Joseph Pecoraro
  • 5 edits
    3 adds in trunk

ES6: Classes: Early return in sub-class constructor results in returning undefined instead of instance
https://bugs.webkit.org/show_bug.cgi?id=143012

Reviewed by Ryosuke Niwa.

Source/JavaScriptCore:

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitReturn):
Fix handling of "undefined" when returned from a Derived class. It was
returning "undefined" when it should have returned "this".

LayoutTests:

  • js/class-constructor-return-expected.txt: Added.
  • js/class-constructor-return.html: Added.
  • js/script-tests/class-constructor-return.js: Added.

New test covering different return values from constructors.

  • js/class-syntax-super-expected.txt:
  • js/script-tests/class-syntax-super.js:

Fix test. Returning undefined is the same as an implicit return
and should return this.

5:55 PM Changeset in webkit [181923] by Chris Dumez
  • 2 edits
    2 moves in trunk/Source/WebCore

[Mac] Use .cpp file extension instead of .mm for SharedTimerCF and PowerObserverMac
https://bugs.webkit.org/show_bug.cgi?id=143026

Reviewed by Andy Estes.

Use .cpp file extension instead of .mm for SharedTimerCF and
PowerObserverMac.

  • WebCore.xcodeproj/project.pbxproj:
  • platform/cf/SharedTimerCF.cpp: Renamed from Source/WebCore/platform/cf/SharedTimerCF.mm.

(WebCore::timerFired):
Use WTF::AutodrainedPool instead of @autoreleasepool {}.

  • platform/mac/PowerObserverMac.cpp: Renamed from Source/WebCore/platform/mac/PowerObserverMac.mm.
5:19 PM Changeset in webkit [181922] by ggaren@apple.com
  • 17 edits
    4 adds in trunk/Source

REGRESSION (r181458): Heap use-after-free in JSSetIterator destructor
https://bugs.webkit.org/show_bug.cgi?id=142696

Reviewed and tweaked by Geoffrey Garen.

Source/JavaScriptCore:

Before r142556, JSSetIterator::destroy was not defined.
So accidentally MapData::const_iterator in JSSet was never destroyed.
But it had non trivial destructor, decrementing MapData->m_iteratorCount.

After r142556, JSSetIterator::destroy works.
It correctly destruct MapData::const_iterator and m_iteratorCount partially works.
But JSSetIterator::~JSSetIterator requires owned JSSet since it mutates MapData->m_iteratorCount.

It is guaranteed that JSSet is live since JSSetIterator has a reference to JSSet
and marks it in visitChildren (WriteBarrier<Unknown>).
However, the order of destructions is not guaranteed in GC-ed system.

Consider the following case,
allocate JSSet and subsequently allocate JSSetIterator.
And they resides in the separated MarkedBlock, <1> and <2>.

JSSet<1> <- JSSetIterator<2>

And after that, when performing GC, Marker decides that the above 2 objects are not marked.
And Marker also decides MarkedBlocks <1> and <2> can be sweeped.

First Sweeper sweep <1>, destruct JSSet<1> and free MarkedBlock<1>.
Second Sweeper sweep <2>, attempt to destruct JSSetIterator<2>.
However, JSSetIterator<2>'s destructor,
JSSetIterator::~JSSetIterator requires live JSSet<1>, it causes use-after-free.

In this patch, we introduce WeakGCMap into JSMap/JSSet to track live iterators.
When packing the removed elements in JSSet/JSMap, we apply the change to all live
iterators tracked by WeakGCMap.

WeakGCMap can only track JSCell since they are managed by GC.
So we drop JSSet/JSMap C++ style iterators. Instead of C++ style iterator, this patch
introduces JS style iterator signatures into C++ class IteratorData.
If we need to iterate over JSMap/JSSet, use JSSetIterator/JSMapIterator instead of using
IteratorData directly.

Patch by Yusuke Suzuki <Yusuke Suzuki> on 2015-03-24

  • runtime/JSMap.cpp:

(JSC::JSMap::destroy):

  • runtime/JSMap.h:

(JSC::JSMap::JSMap):
(JSC::JSMap::begin): Deleted.
(JSC::JSMap::end): Deleted.

  • runtime/JSMapIterator.cpp:

(JSC::JSMapIterator::destroy):

  • runtime/JSMapIterator.h:

(JSC::JSMapIterator::next):
(JSC::JSMapIterator::nextKeyValue):
(JSC::JSMapIterator::iteratorData):
(JSC::JSMapIterator::JSMapIterator):

  • runtime/JSSet.cpp:

(JSC::JSSet::destroy):

  • runtime/JSSet.h:

(JSC::JSSet::JSSet):
(JSC::JSSet::begin): Deleted.
(JSC::JSSet::end): Deleted.

  • runtime/JSSetIterator.cpp:

(JSC::JSSetIterator::destroy):

  • runtime/JSSetIterator.h:

(JSC::JSSetIterator::next):
(JSC::JSSetIterator::iteratorData):
(JSC::JSSetIterator::JSSetIterator):

  • runtime/MapData.h:

(JSC::MapDataImpl::IteratorData::finish):
(JSC::MapDataImpl::IteratorData::isFinished):
(JSC::MapDataImpl::shouldPack):
(JSC::JSIterator>::MapDataImpl):
(JSC::JSIterator>::KeyType::KeyType):
(JSC::JSIterator>::IteratorData::IteratorData):
(JSC::JSIterator>::IteratorData::next):
(JSC::JSIterator>::IteratorData::ensureSlot):
(JSC::JSIterator>::IteratorData::applyMapDataPatch):
(JSC::JSIterator>::IteratorData::refreshCursor):
(JSC::MapDataImpl::const_iterator::key): Deleted.
(JSC::MapDataImpl::const_iterator::value): Deleted.
(JSC::MapDataImpl::const_iterator::operator++): Deleted.
(JSC::MapDataImpl::const_iterator::finish): Deleted.
(JSC::MapDataImpl::const_iterator::atEnd): Deleted.
(JSC::MapDataImpl::begin): Deleted.
(JSC::MapDataImpl::end): Deleted.
(JSC::MapDataImpl<Entry>::MapDataImpl): Deleted.
(JSC::MapDataImpl<Entry>::clear): Deleted.
(JSC::MapDataImpl<Entry>::KeyType::KeyType): Deleted.
(JSC::MapDataImpl<Entry>::const_iterator::internalIncrement): Deleted.
(JSC::MapDataImpl<Entry>::const_iterator::ensureSlot): Deleted.
(JSC::MapDataImpl<Entry>::const_iterator::const_iterator): Deleted.
(JSC::MapDataImpl<Entry>::const_iterator::~const_iterator): Deleted.
(JSC::MapDataImpl<Entry>::const_iterator::operator): Deleted.
(JSC::=): Deleted.

  • runtime/MapDataInlines.h:

(JSC::JSIterator>::clear):
(JSC::JSIterator>::find):
(JSC::JSIterator>::contains):
(JSC::JSIterator>::add):
(JSC::JSIterator>::set):
(JSC::JSIterator>::get):
(JSC::JSIterator>::remove):
(JSC::JSIterator>::replaceAndPackBackingStore):
(JSC::JSIterator>::replaceBackingStore):
(JSC::JSIterator>::ensureSpaceForAppend):
(JSC::JSIterator>::visitChildren):
(JSC::JSIterator>::copyBackingStore):
(JSC::JSIterator>::applyMapDataPatch):
(JSC::MapDataImpl<Entry>::find): Deleted.
(JSC::MapDataImpl<Entry>::contains): Deleted.
(JSC::MapDataImpl<Entry>::add): Deleted.
(JSC::MapDataImpl<Entry>::set): Deleted.
(JSC::MapDataImpl<Entry>::get): Deleted.
(JSC::MapDataImpl<Entry>::remove): Deleted.
(JSC::MapDataImpl<Entry>::replaceAndPackBackingStore): Deleted.
(JSC::MapDataImpl<Entry>::replaceBackingStore): Deleted.
(JSC::MapDataImpl<Entry>::ensureSpaceForAppend): Deleted.
(JSC::MapDataImpl<Entry>::visitChildren): Deleted.
(JSC::MapDataImpl<Entry>::copyBackingStore): Deleted.

  • runtime/MapPrototype.cpp:

(JSC::mapProtoFuncForEach):

  • runtime/SetPrototype.cpp:

(JSC::setProtoFuncForEach):

  • runtime/WeakGCMap.h:

(JSC::WeakGCMap::forEach):

  • tests/stress/modify-map-during-iteration.js: Added.

(testValue):
(identityPairs):
(.set if):
(var):
(set map):

  • tests/stress/modify-set-during-iteration.js: Added.

(testValue):
(set forEach):
(set delete):

Source/WebCore:

Use JSSetIterator/JSMapIterator to iterate over JSSet and JSMap.

Patch by Yusuke Suzuki <Yusuke Suzuki> on 2015-03-24

  • ForwardingHeaders/runtime/JSMapIterator.h: Added.
  • ForwardingHeaders/runtime/JSSetIterator.h: Added.
  • bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneSerializer::serialize):

4:54 PM Changeset in webkit [181921] by andersca@apple.com
  • 2 edits in trunk/Source/WebKit2

Fix crash in WebKit::RemoteObjectRegistry::sendInvocation
https://bugs.webkit.org/show_bug.cgi?id=143027
rdar://problem/20208674

Reviewed by Sam Weinig.

  • WebProcess/InjectedBundle/API/mac/WKWebProcessPlugInBrowserContextController.mm:

(-[WKWebProcessPlugInBrowserContextController dealloc]):
Make sure to invalidate the _WKRemoteObjectRegistry like we do in the UI process.

4:46 PM Changeset in webkit [181920] by Chris Dumez
  • 6 edits
    2 adds
    1 delete in trunk

[WK2] Responses with 204 HTTP Status Code should be cacheable by default
https://bugs.webkit.org/show_bug.cgi?id=143020
<rdar://problem/20281529>

Reviewed by Antti Koivisto.

Source/WebKit2:

Make responses with 204 HTTP Status Code cacheable by default, as
per RFC 7231:
http://tools.ietf.org/html/rfc7231#section-6.3.5

Test: http/tests/cache/disk-cache/disk-cache-204-status-code.html

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::canStore):

LayoutTests:

Add test to make sure that responses with 204 HTTP Status Code are
cacheable by default.

  • http/tests/cache/disk-cache/disk-cache-204-status-code-expected.txt: Added.
  • http/tests/cache/disk-cache/disk-cache-204-status-code.html: Added.
  • http/tests/cache/disk-cache/resources/cache-test.js:

Re-introduce support for generating responses with only headers (no body).
This was mistakenly dropped when I rebased my patch for r181895.

4:37 PM Changeset in webkit [181919] by enrica@apple.com
  • 2 edits in trunk/Source/WebKit2

[iOS] Remove unused keyboard code in WKSelectPopover class.
https://bugs.webkit.org/show_bug.cgi?id=143021

Reviewed by Joseph Pecoraro.

WKSelectPopover created an instance of UIKeyboard that was
initialized in initWithView but never used. Removing the
obsolete code.

  • UIProcess/ios/forms/WKFormSelectPopover.mm:

(-[WKSelectPopover initWithView:hasGroups:]):

4:25 PM Changeset in webkit [181918] by mitz@apple.com
  • 2 edits in trunk/Source/WebCore

Tried to fix the iOS Simulator build.

  • platform/spi/cocoa/QuartzCoreSPI.h:
4:24 PM Changeset in webkit [181917] by benjamin@webkit.org
  • 4 edits in trunk

Make URL filter patterns matching consistent and add a simple canonicalization step
https://bugs.webkit.org/show_bug.cgi?id=142998

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-03-24
Reviewed by Alex Christensen.

Source/WebCore:

This patch makes two changes to the url filter input:
-Make the matching "Search" by default, the pattern can now appear anywhere

in the URL by default.

-Make the input a little less fragile: do not explode on valid input

that is not formatted in a certain way.

To implement the search behavior, I simply add an implict ".*" in front of the patterns
when that make sense.

To make the input more solid, we do some little modification on the input:
-Remove duplicated ".*".
-Remove matching suffixes that do not bring new information.
-Unify all the ".*" in the same format.

Why do that here? That should be done through a graph analysis on the machine.

The reason is this is incredibly cheap compared to the graph analysis. Any state
removed upfront will save the handling of several hundred nodes in the deterministic
graph.

  • contentextensions/URLFilterParser.cpp:

(WebCore::ContentExtensions::Term::isKnownToMatchAnyString):
(WebCore::ContentExtensions::Term::isUniversalTransition):
(WebCore::ContentExtensions::GraphBuilder::finalize):
(WebCore::ContentExtensions::GraphBuilder::assertionBOL):
(WebCore::ContentExtensions::GraphBuilder::fail):
(WebCore::ContentExtensions::GraphBuilder::simplifySunkTerms):

Tools:

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:
4:10 PM Changeset in webkit [181916] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: REGRESSION (r179286): ReferenceError: Can't find variable: selector
https://bugs.webkit.org/show_bug.cgi?id=143022

Patch by Tobias Reiss <tobi+webkit@basecode.de> on 2015-03-24
Reviewed by Timothy Hatcher.

Fix a regression where a missing variable statement causes a ReferenceError.

  • UserInterface/Models/DOMNodeStyles.js:
4:10 PM Changeset in webkit [181915] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Regression(r181671): Caused Timer-related crashes on iOS / WK1
https://bugs.webkit.org/show_bug.cgi?id=143025

Reviewed by Andy Estes.

Call CFRunLoopAddTimer() on WebThreadRunLoop() instead of
CFRunLoopGetCurrent() for iOS, as we did before r181671.

I inadvertently changed this in r181671 when merging the Mac
and iOS implementations.

No new tests, already covered by existing tests.

  • platform/cf/SharedTimerCF.mm:

(WebCore::setSharedTimerFireInterval):

3:56 PM Changeset in webkit [181914] by mark.lam@apple.com
  • 4 edits in trunk/Source/JavaScriptCore

The ExecutionTimeLimit test should use its own JSGlobalContextRef.
<https://webkit.org/b/143024>

Reviewed by Geoffrey Garen.

Currently, the ExecutionTimeLimit test is using a JSGlobalContextRef
passed in from testapi.c. It should create its own for better
encapsulation of the test.

  • API/tests/ExecutionTimeLimitTest.cpp:

(currentCPUTimeAsJSFunctionCallback):
(testExecutionTimeLimit):

  • API/tests/ExecutionTimeLimitTest.h:
  • API/tests/testapi.c:

(main):

3:55 PM Changeset in webkit [181913] by Beth Dakin
  • 2 edits in trunk/LayoutTests

Another attempted test fix after http://trac.webkit.org/changeset/181907

  • platform/mac/js/dom/global-constructors-attributes-expected.txt:
3:54 PM Changeset in webkit [181912] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Adopt ES6 Class Syntax for CSSStyleDeclarationTextEditor
https://bugs.webkit.org/show_bug.cgi?id=143019

Patch by Tobias Reiss <tobi+webkit@basecode.de> on 2015-03-24
Reviewed by Timothy Hatcher.

  • Convert CSSStyleDeclarationTextEditor to use class syntax
  • Convert constructor functions to constructor methods
  • Convert "constructor.method" to class static methods where possible
  • Convert all methods to method syntax, eliminate commas between methods
  • Convert all superclass calls in classes to use "super"
  • Removed FIXME from WebInspector.Object subclasses, added calls to super.
  • Fixed strict mode issues now that classes enforce strict mode (see below).
  • UserInterface/Views/CSSStyleDeclarationTextEditor.js:

Many function declarations modified.

3:47 PM Changeset in webkit [181911] by Beth Dakin
  • 2 edits in trunk/LayoutTests

Attempted test fix after http://trac.webkit.org/changeset/181907

  • platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
3:47 PM Changeset in webkit [181910] by mitz@apple.com
  • 4 edits in trunk/Source

Source/WebCore:
WebCore part of <rdar://problem/20282863> Transforms are flattened in snapshots of on-screen WKWebViews
https://bugs.webkit.org/show_bug.cgi?id=143023

Reviewed by Tim Horton.

  • platform/spi/cocoa/QuartzCoreSPI.h: Added the declaration of

CARenderServerRenderLayerWithTransform.

Source/WebKit2:
WebKit2 part of <rdar://problem/20282863> Transforms are flattened in snapshots of on-screen WKWebViews
https://bugs.webkit.org/show_bug.cgi?id=143023

Reviewed by Tim Horton.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _snapshotRect:intoImageOfWidth:completionHandler:]): If the view is in a
window, use CARenderServerRenderLayerWithTransform to synchronously capture a snapshot of
its layer tree into an IOSurfcae, then call the completion handler with an image created
from the IOSurface.

2:50 PM Changeset in webkit [181909] by hyatt@apple.com
  • 2 edits in trunk/Source/WebCore

Disable layout dimensions optimization for RenderRegions
https://bugs.webkit.org/show_bug.cgi?id=143017

Reviewed by Dean Jackson.

  • dom/Document.cpp:

(WebCore::Document::updateLayoutIfDimensionsOutOfDate):
Turn off the optimization for regions, since auto height regions can change size
without needing a layout.

2:39 PM Changeset in webkit [181908] by Joseph Pecoraro
  • 2 edits in trunk/LayoutTests

Unreviewed gardening after r181901.

  • platform/mac/http/tests/media/media-source/mediasource-sourcebuffer-mode-expected.txt:

Update the expected results for platform specific results that include
a stringified function.

2:31 PM Changeset in webkit [181907] by Beth Dakin
  • 37 edits
    3 adds in trunk

Add events related to force click gesture
https://bugs.webkit.org/show_bug.cgi?id=142836
-and corresponding-
rdar://problem/20210239

Reviewed by Dean Jackson.

Source/WebCore:

This patch adds six new events for the force click gesture:

webkitmouseforcewillbegin -> Event is sent just before mousedown to indicate that
force can be perceived if the user presses any harder. The author should prevent
default on this event to both prevent the user agent’s default force click
features and to receive the other 5 events.

webkitmouseforcechanged -> This event fires whenever force changes between the
mousedown and mouseup. It is a new type of mouse event that includes a force
variable which is a normalized number between 0 (corresponds to click) and 1
(corresponds to force click). In this patch, I have only added code to send this
event between mousedown and mouseforcedown, but as a followup patch, we plan to
send it through mouseup.

webkitmouseforcecancelled -> If the user releases their finger from the trackpad
after pressing hard enough to send webkitmouseforcewillbegin events but not hard
enough to force click, this event will be sent to indicate that the user bailed
out on the gesture.

webkitmouseforcedown -> The down part of the force click.

webkitmouseforceup -> The up part of the force click. This event is added in this
patch, but does not yet fire. That is work for a follow-up patch.

webkitmouseforceclick -> The equivalent of the click event for the force click.
Should fire just after webkitmouseforceup. This event is added in this patch, but
does not yet fire. That is work for a follow-up patch.

Add new files for WebKitMouseForceEvent to build systems.

  • DerivedSources.cpp:
  • DerivedSources.make:
  • WebCore.vcxproj/WebCore.vcxproj:
  • WebCore.vcxproj/WebCore.vcxproj.filters:
  • WebCore.xcodeproj/project.pbxproj:
  • WebCore.xcodeproj/project.pbxproj:

Plumbing for new events.

  • dom/Document.idl:

Code to dispatch the new events. Currently the code that calls these functions is
in WebKit2.

  • dom/Element.cpp:

(WebCore::Element::dispatchMouseForceWillBegin):
(WebCore::Element::dispatchMouseForceChanged):
(WebCore::Element::dispatchMouseForceDown):
(WebCore::Element::dispatchMouseForceUp):
(WebCore::Element::dispatchMouseForceClick):
(WebCore::Element::dispatchMouseForceCancelled):

  • dom/Element.h:

More plumbing.

  • dom/Element.idl:
  • dom/EventNames.h:
  • dom/EventNames.in:

Our new type of mouse event that includes force.

  • dom/WebKitMouseForceEvent.cpp: Added.

(WebCore::WebKitMouseForceEventInit::WebKitMouseForceEventInit):
(WebCore::WebKitMouseForceEvent::WebKitMouseForceEvent):
(WebCore::WebKitMouseForceEvent::~WebKitMouseForceEvent):
(WebCore::WebKitMouseForceEvent::eventInterface):

  • dom/WebKitMouseForceEvent.h: Added.
  • dom/WebKitMouseForceEvent.idl: Added.

More plumbing.

  • html/HTMLAttributeNames.in:
  • html/HTMLBodyElement.cpp:

(WebCore::HTMLBodyElement::createWindowEventHandlerNameMap):

  • html/HTMLBodyElement.idl:
  • html/HTMLElement.cpp:

(WebCore::HTMLElement::createEventHandlerNameMap):

  • page/DOMWindow.idl:
  • page/EventHandler.h:

(WebCore::EventHandler::lastMouseDownEvent):

Source/WebKit2:

ActionMenuHitTestResult has a new bool indicating whether to not the HitTestResult
will prevent default.

  • Shared/mac/ActionMenuHitTestResult.h:
  • Shared/mac/ActionMenuHitTestResult.mm:

(WebKit::ActionMenuHitTestResult::encode):
(WebKit::ActionMenuHitTestResult::decode):

Send immediateActionDidUpdate and the normalized force over the the WebProcess.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::immediateActionDidUpdate):

  • UIProcess/WebPageProxy.h:

We need a dummy animation controller when web content is overriding the default
behavior.

  • UIProcess/mac/WKImmediateActionController.mm:

Send along the update information.
(-[WKImmediateActionController immediateActionRecognizerDidUpdateAnimation:]):

Use the dummy animation controller if default has been prevented.
(-[WKImmediateActionController _defaultAnimationController]):
(-[WKImmediateActionController _updateImmediateActionItem]):

Keep track of whether m_lastActionMenuHitTes prevented the default immediate
action behavior.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:

Call dispatchMouseForceMayBegin() at hit test time.

  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::performActionMenuHitTestAtLocation):

Call dispatchMouseForceChanged() if appropriate.
(WebKit::WebPage::immediateActionDidUpdate):

Call dispatchMouseForceCancelled() if appropriate.
(WebKit::WebPage::immediateActionDidCancel):

Call dispatchMouseForceDown() if appropriate.
(WebKit::WebPage::immediateActionDidComplete):

Source/WTF:

New enable flag for the events.

  • wtf/FeatureDefines.h:

LayoutTests:

  • fast/dom/event-handler-attributes-expected.txt:
  • fast/dom/event-handler-attributes.html:
  • platform/mac/js/dom/global-constructors-attributes-expected.txt:
2:17 PM Changeset in webkit [181906] by andersca@apple.com
  • 9 edits in trunk/Source

Fix designated initializer violations
https://bugs.webkit.org/show_bug.cgi?id=143016
rdar://problem/20268858

Reviewed by Dan Bernstein.

Source/WebCore:

Mark -[DOMObject init] as unavailable.

  • bindings/objc/DOMObject.h:
  • bindings/objc/DOMObject.mm:

(-[DOMObject init]):

Source/WebKit/mac:

Move -[WebBackForwardList initWithBackForwardList:] to the implementation instead of a category since
nobody calls it outside of WebBackForwardList.mm.

  • History/WebBackForwardList.mm:
  • History/WebBackForwardListInternal.h:

Source/WebKit2:

Move -[WKProcessPool _initWithConfiguration:] to a class extension so we can make it the designated initializer.

  • UIProcess/API/Cocoa/WKProcessPool.mm:

(-[WKProcessPool _initWithConfiguration:]):

  • UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
2:16 PM Changeset in webkit [181905] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Workaround issue causing uncaught exception in Inspector
https://bugs.webkit.org/show_bug.cgi?id=143015

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-03-24
Reviewed by Timothy Hatcher.

Workaround <https://webkit.org/b/143012> and avoid early returning in constructors.

  • UserInterface/Controllers/ReplayManager.js:

(WebInspector.ReplayManager.class.ReplayManager):

1:42 PM Changeset in webkit [181904] by Chris Dumez
  • 4 edits
    2 adds in trunk

[WK2] Responses with 404 HTTP Status Code should be cacheable by default
https://bugs.webkit.org/show_bug.cgi?id=143014
<rdar://problem/20280310>

Reviewed by Antti Koivisto.

Source/WebKit2:

Make responses with 404 HTTP Status Code cacheable by default, as
per RFC 7231:
http://tools.ietf.org/html/rfc7231#section-6.5.4

Test: http/tests/cache/disk-cache/disk-cache-404-status-code.html

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::canStore):

LayoutTests:

Add test to make sure that responses with 404 HTTP Status Code are
cacheable by default.

  • http/tests/cache/disk-cache/disk-cache-404-status-code-expected.txt: Added.
  • http/tests/cache/disk-cache/disk-cache-404-status-code.html: Added.
  • http/tests/cache/disk-cache/resources/generate-response.cgi:
1:41 PM Changeset in webkit [181903] by Brian Burg
  • 6 edits
    1 copy
    1 add in trunk/Source/WebInspectorUI

Web Inspector: unify resizer implementations used by DataGrid and Sidebar
https://bugs.webkit.org/show_bug.cgi?id=142407

Reviewed by Timothy Hatcher.

Both of these implementations do the same thing slightly differently. Unify the code
and use the "glass pane" technique to preserve cursor while dragging over links or text.

This patch implements vertical and horizontal rule orientations. Further refactorings
to use this class may need to add "Indeterminate" orientation to support moving the inspector
window by its fake toolbar element.

  • UserInterface/Main.html:
  • UserInterface/Views/DataGrid.css:

(.data-grid .resizer):
(.data-grid-resizer): Deleted.

  • UserInterface/Views/DataGrid.js: Store Resizer instances rather than resizer elements.

Use symbols to secretly store neighbor column ids on the resizer objects. Stop using
WebInspector.elementDragStart, as I would like to deprecate it in favor of Resizer instances.

(WebInspector.DataGrid):
(WebInspector.DataGrid.prototype._positionResizerElements):
(WebInspector.DataGrid.prototype.resizerDragStarted):
(WebInspector.DataGrid.prototype.resizerDragging):
(WebInspector.DataGrid.prototype.resizerDragEnded):
(WebInspector.DataGrid.prototype._startResizerDragging): Deleted.
(WebInspector.DataGrid.prototype._resizerDragging): Deleted.
(WebInspector.DataGrid.prototype._endResizerDragging): Deleted.

  • UserInterface/Views/Resizer.css:

(.resizer):
(.resizer.vertical-rule):
(.resizer.horizontal-rule):
(.glass-pane-for-drag):

  • UserInterface/Views/Resizer.js: Added.

(WebInspector.Resizer):
(WebInspector.Resizer.prototype.get element):
(WebInspector.Resizer.prototype.get orientation):
(WebInspector.Resizer.prototype.get initialPosition):
(WebInspector.Resizer.prototype._currentPosition):
(WebInspector.Resizer.prototype._resizerMouseDown):
(WebInspector.Resizer.prototype._resizerMouseMoved):
(WebInspector.Resizer.prototype._resizerMouseUp):

  • UserInterface/Views/Sidebar.css:

(.sidebar > .resizer): Deleted.

  • UserInterface/Views/Sidebar.js:

(WebInspector.Sidebar):
(WebInspector.Sidebar.prototype.resizerDragStarted):
(WebInspector.Sidebar.prototype.resizerDragging):
(WebInspector.Sidebar.prototype.resizerDragEnded):
(WebInspector.Sidebar.prototype._navigationItemSelected):
(WebInspector.Sidebar.prototype._resizerMouseDown): Deleted.
(WebInspector.Sidebar.prototype._resizerMouseMoved): Deleted.
(WebInspector.Sidebar.prototype._resizerMouseUp): Deleted.

1:11 PM Changeset in webkit [181902] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

[WK2] Remove NetworkCache FIXME comment about caching responses to OPTIONS requests
https://bugs.webkit.org/show_bug.cgi?id=143009

Reviewed by Andreas Kling.

Remove NetworkCache FIXME comment about caching responses to OPTIONS
method as RFC 7234 says "Responses to the OPTIONS method are not
cacheable" [1].

[1] http://tools.ietf.org/html/rfc7231#page-31

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::canRetrieve):

1:07 PM Changeset in webkit [181901] by commit-queue@webkit.org
  • 28 edits in trunk

ES6: Object Literal Methods toString is missing method name
https://bugs.webkit.org/show_bug.cgi?id=142992

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-03-24
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Always stringify functions in the pattern:

"function " + <function name> + <text from opening parenthesis to closing brace>.

  • runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncToString):
Update the path that was not stringifying in this pattern.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedFunctionExecutable::parametersStartOffset):

  • parser/Nodes.h:
  • runtime/Executable.cpp:

(JSC::FunctionExecutable::FunctionExecutable):

  • runtime/Executable.h:

(JSC::FunctionExecutable::parametersStartOffset):
Pass the already known function parameter opening parenthesis
start offset through to the FunctionExecutable.

  • tests/mozilla/js1_5/Scope/regress-185485.js:

(with.g):
Add back original space in this test that was removed by r181810
now that we have the space again in stringification.

LayoutTests:

  • js/class-syntax-default-constructor-expected.txt:

This test was already failing, it now fails in a different way.

  • js/object-literal-computed-methods-expected.txt:
  • js/object-literal-methods-expected.txt:

These tests now pass.

  • fast/dom/TreeWalker/acceptNode-filter-expected.txt:
  • js/destructuring-assignment-expected.txt:
  • js/dfg-redundant-load-of-captured-variable-proven-constant-expected.txt:
  • js/dfg-resolve-global-specific-dictionary-expected.txt:
  • js/dom/JSON-parse-expected.txt:
  • js/dom/JSON-stringify-expected.txt:
  • js/dom/dfg-strcat-over-objects-then-exit-on-it-expected.txt:
  • js/dom/function-prototype-expected.txt:
  • js/dom/toString-and-valueOf-override-expected.txt:
  • js/kde/lval-exceptions-expected.txt:
  • storage/domstorage/localstorage/string-conversion-expected.txt:
  • storage/domstorage/sessionstorage/string-conversion-expected.txt:
  • js/dom/script-tests/dfg-strcat-over-objects-then-exit-on-it.js:
  • js/script-tests/dfg-redundant-load-of-captured-variable-proven-constant.js:
  • js/script-tests/dfg-resolve-global-specific-dictionary.js:
  • js/dom/function-prototype.html:

Update tests to add expected whitespace for stringifying a function
with no name.

12:56 PM Changeset in webkit [181900] by benjamin@webkit.org
  • 3 edits
    2 adds in trunk

CSS Selectors Level 4: enable case-insensitive attribute matching by default
https://bugs.webkit.org/show_bug.cgi?id=142960

Reviewed by Andreas Kling.

Source/WebCore:

All open issues have been resolved, enable the feature by default.

Test: fast/css/attribute-selector-case-insensitive.html

  • css/CSSGrammar.y.in:

LayoutTests:

This test is imported from blink. That's the only test
they have for this feature.

  • fast/css/attribute-selector-case-insensitive-expected.txt: Added.
  • fast/css/attribute-selector-case-insensitive.html: Added.
12:53 PM Changeset in webkit [181899] by dino@apple.com
  • 3 edits in trunk/Source/WebCore

MediaControls: Scrubber and Time displays have the incorrect blending
https://bugs.webkit.org/show_bug.cgi?id=143011
<rdar://problem/20245251>

Reviewed by Eric Carlson.

The scrubber in media controls should use plus-darker blending. Then
the scrubber itself should use a slightly transparent black (55% opacity)
when drawing.

  • Modules/mediacontrols/mediaControlsiOS.css:

(audio::-webkit-media-controls-timeline): Add the blend mode.

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS.prototype.drawTimelineBackground): Start drawing with
transparency. I changed the order of rendering to make it
more clear we draw the three parts in left to right order.

12:13 PM Changeset in webkit [181898] by hyatt@apple.com
  • 4 edits in trunk/Source/WebCore

Improve the offsetWidth/Height layout optimization
https://bugs.webkit.org/show_bug.cgi?id=143008

Reviewed by Dean Jackson.

  • dom/Document.cpp:

(WebCore::Document::updateLayoutIfDimensionsOutOfDate):

  • dom/Document.h:

Change Element* to Element&. Clean up the dimension bits to use shifting. Remove both the inline and
the positioning restrictions on the optimization check.

  • dom/Element.cpp:

(WebCore::Element::offsetWidth):
(WebCore::Element::offsetHeight):
Change to use Element& instead of Element*.

(WebCore::Element::clientWidth):
(WebCore::Element::clientHeight):
(WebCore::Element::scrollWidth):
(WebCore::Element::scrollHeight):
Turn on the optimization for clientWidth/Height and scrollWidth/Height.

10:25 AM Changeset in webkit [181897] by yoav@yoav.ws
  • 5 edits
    8 adds
    1 delete in trunk

Stop image from displaying when src attribute is removed or emptied
https://bugs.webkit.org/show_bug.cgi?id=142677

Reviewed by Chris Dumez.

Source/WebCore:

Previously, we ignored empty attribute as failed URL, and didn't update the
renderer when an image was removed. This patch fixes that.

Tests: fast/dom/HTMLImageElement/image-empty-src.html

fast/dom/HTMLImageElement/image-remove-src.html

  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::updateFromElement):

LayoutTests:

  • fast/dom/HTMLImageElement/image-empty-src-expected.html: Added.
  • fast/dom/HTMLImageElement/image-empty-src.html: Added.
  • fast/dom/HTMLImageElement/image-remove-src-expected.html: Added.
  • fast/dom/HTMLImageElement/image-remove-src.html: Added.
  • fast/dom/HTMLImageElement/image-empty-srcset-expected.html: Added.
  • fast/dom/HTMLImageElement/image-empty-srcset.html: Added.
  • fast/dom/HTMLImageElement/image-remove-srcset-expected.html: Added.
  • fast/dom/HTMLImageElement/image-remove-srcset.html: Added.
10:06 AM Changeset in webkit [181896] by Brent Fulgham
  • 4 edits in trunk/LayoutTests

[Win] Update baselines after r181889.
https://bugs.webkit.org/show_bug.cgi?id=141869

  • platform/win/css3/selectors3/xhtml/css3-modsel-15c-expected.txt:
  • platform/win/css3/selectors3/xml/css3-modsel-15c-expected.txt:
  • platform/win/fast/dom/NavigatorContentUtils/is-protocol-handler-registered-expected.txt:
9:50 AM Changeset in webkit [181895] by Chris Dumez
  • 4 edits
    3 adds in trunk

[WK2] NetworkCache retrievals fail for entries with no body
https://bugs.webkit.org/show_bug.cgi?id=142979
<rdar://problem/20264100>

Reviewed by Antti Koivisto.

Source/WebKit2:

NetworkCache retrievals were failing for entries with no body because
decodeEntry() doesn't correctly handle this case. In particular, the
following check fails:
"metaData.bodyOffset + metaData.bodySize == fileData.size()".
This is because bodyOffset is pageSize-aligned.

As a result, the following resource on apple.com is stored in the cache
but we fail to reuse it and reload it from the network every time:
http://images.apple.com/home/styles/promos.css

This patch updates decodeEntry() to create a null Data object for the
body if bodySize is 0.

  • NetworkProcess/cache/NetworkCacheDataCocoa.mm:

(WebKit::NetworkCache::Data::data):
Do not attempt to initialize m_data if m_dispatchData is null as the
call to dispatch_data_create_map() would then crash. We now return
null in this case. This is needed as decodeStorageEntry() in
NetworkCache.cpp constructs a SharedBuffer from
storageEntry.body.data() and the body may be null.

  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::decodeEntry):

LayoutTests:

Add network disk cache validation test for resources that have no body
(only headers).

  • http/tests/cache/disk-cache/disk-cache-validation-no-body-expected.txt: Added.
  • http/tests/cache/disk-cache/disk-cache-validation-no-body.html: Added.
  • http/tests/cache/disk-cache/resources/generate-response-no-body.cgi: Added.
9:44 AM Changeset in webkit [181894] by Chris Dumez
  • 7 edits
    13 moves
    4 adds in trunk

[WK2] The WebKit network cache does not cache responses with "Content-Disposition: attachment" header
https://bugs.webkit.org/show_bug.cgi?id=142989
<rdar://problem/20265992>

Reviewed by Antti Koivisto.

Source/WebKit2:

Update our WebKit network cache policy to cache responses with
"Content-Disposition: attachment" header. There is no reason we cannot
cache these and our memory cache already does.

This was causing a decent amount of cache misses in the wild. I have
noticed for example that when loading disney.com, we fail to cache the
following resources because of this policy:
http://pagead2.googlesyndication.com/pagead/osd.js
http://pagead2.googlesyndication.com/pagead/show_companion_ad.js

Those resources have Cache-Control headers that indicate they are meant
to be cacheable.

Test: http/tests/cache/disk-cache-validation-attachment.html

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::canStore):

LayoutTests:

Add layout test to check that resources whose response has the
"Content-Disposition: attachment" header are cacheable.

Also move all disk cache layout tests to a disk-cache sub-folder to
facilitate skipping on platforms that don't have the WebKit network
disk cache.

  • http/tests/cache/disk-cache/disk-cache-disable-expected.txt: Renamed from LayoutTests/http/tests/cache/disk-cache-disable-expected.txt.
  • http/tests/cache/disk-cache/disk-cache-disable.html: Renamed from LayoutTests/http/tests/cache/disk-cache-disable.html.
  • http/tests/cache/disk-cache/disk-cache-redirect-to-data-expected.txt: Renamed from LayoutTests/http/tests/cache/disk-cache-redirect-to-data-expected.txt.
  • http/tests/cache/disk-cache/disk-cache-redirect-to-data.html: Renamed from LayoutTests/http/tests/cache/disk-cache-redirect-to-data.html.
  • http/tests/cache/disk-cache/disk-cache-validation-attachment-expected.txt: Added.
  • http/tests/cache/disk-cache/disk-cache-validation-attachment.html: Added.
  • http/tests/cache/disk-cache/disk-cache-validation-back-navigation-policy-expected.txt: Renamed from LayoutTests/http/tests/cache/disk-cache-validation-back-navigation-policy-expected.txt.
  • http/tests/cache/disk-cache/disk-cache-validation-back-navigation-policy.html: Renamed from LayoutTests/http/tests/cache/disk-cache-validation-back-navigation-policy.html.
  • http/tests/cache/disk-cache/disk-cache-validation-expected.txt: Renamed from LayoutTests/http/tests/cache/disk-cache-validation-expected.txt.
  • http/tests/cache/disk-cache/disk-cache-validation.html: Renamed from LayoutTests/http/tests/cache/disk-cache-validation.html.
  • http/tests/cache/disk-cache/disk-cache-vary-cookie-expected.txt: Renamed from LayoutTests/http/tests/cache/disk-cache-vary-cookie-expected.txt.
  • http/tests/cache/disk-cache/disk-cache-vary-cookie.html: Renamed from LayoutTests/http/tests/cache/disk-cache-vary-cookie.html.
  • http/tests/cache/disk-cache/resources/cache-test.js: Renamed from LayoutTests/http/tests/cache/resources/cache-test.js.
  • http/tests/cache/disk-cache/resources/generate-response.cgi: Renamed from LayoutTests/http/tests/cache/resources/generate-response.cgi.
  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:
  • platform/mac-wk1/TestExpectations:
  • platform/win/TestExpectations:
8:18 AM Changeset in webkit [181893] by Philippe Normand
  • 3 edits
    1 move
    5 adds
    1 delete in trunk/Source/WebCore

[OpenWebRTC] RealtimeMediaSourceCenter implementation
https://bugs.webkit.org/show_bug.cgi?id=142476

Reviewed by Eric Carlson.

The old GStreamer MediaStreamCenter is replaced by the OpenWebRTC
RealtimeMediaSourceCenter. It is not yet able to correctly assess
MediaConstraints so it selects the first audio/video sources
available through OpenWebRTC.

  • PlatformEfl.cmake: Add new files to the build.
  • PlatformGTK.cmake: Ditto.
  • platform/mediastream/gstreamer/MediaStreamCenterGStreamer.cpp: Removed.
  • platform/mediastream/openwebrtc/OpenWebRTCUtilities.cpp: Added.

(WebCore::initializeOpenWebRTC): Simple function to initialize the
framework, it is going to be used by the PeerConnection backend as well.

  • platform/mediastream/openwebrtc/OpenWebRTCUtilities.h: Added.
  • platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp: Added.

(WebCore::mediaSourcesAvailableCallback): Function invoked once
the media sources discovery succeeded within OpenWebRTC.
(WebCore::RealtimeMediaSourceCenter::platformCenter): Instantiate
the OpenWebRTC RealtimeMediaSourceCenter.
(WebCore::RealtimeMediaSourceCenterOwr::RealtimeMediaSourceCenterOwr):
(WebCore::RealtimeMediaSourceCenterOwr::~RealtimeMediaSourceCenterOwr):
(WebCore::RealtimeMediaSourceCenterOwr::validateRequestConstraints):
Schedule a discovery process for the capture sources.
(WebCore::RealtimeMediaSourceCenterOwr::createMediaStream): Pick
the first audio/video sources and create a MediaStream accordingly.
(WebCore::RealtimeMediaSourceCenterOwr::getMediaStreamTrackSources):
Not yet implemented.
(WebCore::RealtimeMediaSourceCenterOwr::mediaSourcesAvailable):
Method invoked once the capture sources process succeeded. Parse
them and create an internal cache of RealtimeMediaSources accordingly.
(WebCore::RealtimeMediaSourceCenterOwr::firstSource): Utility
function to fetch the first source of the given type from the
RealtimeMediaSources cache.

  • platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.h: Renamed from Source/WebCore/platform/mediastream/gstreamer/MediaStreamCenterGStreamer.h.
  • platform/mediastream/openwebrtc/RealtimeMediaSourceOwr.h: Added.
8:11 AM Changeset in webkit [181892] by Csaba Osztrogonác
  • 7 edits in trunk

[EFL] Add OpenWebRTC in jhbuild
https://bugs.webkit.org/show_bug.cgi?id=142778

Reviewed by Gyuyoung Kim.

Original patch by Philippe Normand <pnormand@igalia.com>

.:

  • Source/cmake/OptionsEfl.cmake: Look for OpenWebRTC library if

mediastream build is enabled.

Source/WebCore:

  • PlatformEfl.cmake: Add OpenWebRTC CFLAGS and LDFLAGS.

Tools:

  • efl/install-dependencies: Dependencies for OpenWebRTC.
  • efl/jhbuild.modules: build OpenWebRTC, libusrsctp, libnice and

the openwebrtc gst plugins.

3:05 AM Changeset in webkit [181891] by msaboff@apple.com
  • 39 edits
    3 adds in trunk

REGRESSION (172175-172177): Change in for...in processing causes properties added in loop to be enumerated
https://bugs.webkit.org/show_bug.cgi?id=142856

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Refactored the way the for .. in enumeration over objects is done. We used to make three C++ calls to
get info for three loops to iterate over indexed properties, structure properties and other properties,
respectively. We still have the three loops, but now we make one C++ call to get all the info needed
for all loops before we exectue any enumeration.

The JSPropertyEnumerator has a count of the indexed properties and a list of named properties.
The named properties are one list, with structured properties in the range [0,m_endStructurePropertyIndex)
and the generic properties in the range [m_endStructurePropertyIndex, m_endGenericPropertyIndex);

Eliminated the bytecodes op_get_structure_property_enumerator, op_get_generic_property_enumerator and
op_next_enumerator_pname.
Added the bytecodes op_get_property_enumerator, op_enumerator_structure_pname and op_enumerator_generic_pname.
The bytecodes op_enumerator_structure_pname and op_enumerator_generic_pname are similar except for what
end value we stop iterating on.

Made corresponding node changes to the DFG and FTL for the bytecode changes.

  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitGetPropertyEnumerator):
(JSC::BytecodeGenerator::emitEnumeratorStructurePropertyName):
(JSC::BytecodeGenerator::emitEnumeratorGenericPropertyName):
(JSC::BytecodeGenerator::emitGetStructurePropertyEnumerator): Deleted.
(JSC::BytecodeGenerator::emitGetGenericPropertyEnumerator): Deleted.
(JSC::BytecodeGenerator::emitNextEnumeratorPropertyName): Deleted.

  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::ForInNode::emitMultiLoopBytecode):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileGetEnumerableLength):
(JSC::FTL::LowerDFGToLLVM::compileGetPropertyEnumerator):
(JSC::FTL::LowerDFGToLLVM::compileGetEnumeratorStructurePname):
(JSC::FTL::LowerDFGToLLVM::compileGetEnumeratorGenericPname):
(JSC::FTL::LowerDFGToLLVM::compileGetStructurePropertyEnumerator): Deleted.
(JSC::FTL::LowerDFGToLLVM::compileGetGenericPropertyEnumerator): Deleted.
(JSC::FTL::LowerDFGToLLVM::compileGetEnumeratorPname): Deleted.

  • jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_enumerator_structure_pname):
(JSC::JIT::emit_op_enumerator_generic_pname):
(JSC::JIT::emit_op_get_property_enumerator):
(JSC::JIT::emit_op_next_enumerator_pname): Deleted.
(JSC::JIT::emit_op_get_structure_property_enumerator): Deleted.
(JSC::JIT::emit_op_get_generic_property_enumerator): Deleted.

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_enumerator_structure_pname):
(JSC::JIT::emit_op_enumerator_generic_pname):
(JSC::JIT::emit_op_next_enumerator_pname): Deleted.

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • llint/LowLevelInterpreter.asm:
  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.h:
  • runtime/JSPropertyNameEnumerator.cpp:

(JSC::JSPropertyNameEnumerator::create):
(JSC::JSPropertyNameEnumerator::finishCreation):

  • runtime/JSPropertyNameEnumerator.h:

(JSC::JSPropertyNameEnumerator::indexedLength):
(JSC::JSPropertyNameEnumerator::endStructurePropertyIndex):
(JSC::JSPropertyNameEnumerator::endGenericPropertyIndex):
(JSC::JSPropertyNameEnumerator::indexedLengthOffset):
(JSC::JSPropertyNameEnumerator::endStructurePropertyIndexOffset):
(JSC::JSPropertyNameEnumerator::endGenericPropertyIndexOffset):
(JSC::JSPropertyNameEnumerator::cachedInlineCapacityOffset):
(JSC::propertyNameEnumerator):
(JSC::JSPropertyNameEnumerator::cachedPropertyNamesLengthOffset): Deleted.
(JSC::structurePropertyNameEnumerator): Deleted.
(JSC::genericPropertyNameEnumerator): Deleted.

  • runtime/Structure.cpp:

(JSC::Structure::setCachedPropertyNameEnumerator):
(JSC::Structure::cachedPropertyNameEnumerator):
(JSC::Structure::canCachePropertyNameEnumerator):
(JSC::Structure::setCachedStructurePropertyNameEnumerator): Deleted.
(JSC::Structure::cachedStructurePropertyNameEnumerator): Deleted.
(JSC::Structure::setCachedGenericPropertyNameEnumerator): Deleted.
(JSC::Structure::cachedGenericPropertyNameEnumerator): Deleted.
(JSC::Structure::canCacheStructurePropertyNameEnumerator): Deleted.
(JSC::Structure::canCacheGenericPropertyNameEnumerator): Deleted.

  • runtime/Structure.h:
  • runtime/StructureRareData.cpp:

(JSC::StructureRareData::visitChildren):
(JSC::StructureRareData::cachedPropertyNameEnumerator):
(JSC::StructureRareData::setCachedPropertyNameEnumerator):
(JSC::StructureRareData::cachedStructurePropertyNameEnumerator): Deleted.
(JSC::StructureRareData::setCachedStructurePropertyNameEnumerator): Deleted.
(JSC::StructureRareData::cachedGenericPropertyNameEnumerator): Deleted.
(JSC::StructureRareData::setCachedGenericPropertyNameEnumerator): Deleted.

  • runtime/StructureRareData.h:
  • tests/stress/for-in-delete-during-iteration.js:

LayoutTests:

New tests and rebased one test.

  • js/for-in-modify-in-loop-expected.txt: Added.
  • js/for-in-modify-in-loop.html: Added.
  • js/script-tests/for-in-modify-in-loop.js: Added.

(haveSameProperties):
(each):
(testAdd):
(testAddDelete):

  • http/tests/security/cross-frame-access-enumeration-expected.txt: Rebased.
2:31 AM WebKitGTK/Gardening/Calendar edited by chavarria1991@gmail.com
(diff)
2:22 AM Changeset in webkit [181890] by msaboff@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed build fix for debug builds.

  • runtime/ExceptionHelpers.cpp:

(JSC::invalidParameterInSourceAppender):

12:30 AM Changeset in webkit [181889] by saambarati1@gmail.com
  • 40 edits
    11 adds in trunk

Improve error messages in JSC
https://bugs.webkit.org/show_bug.cgi?id=141869

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

JavaScriptCore has some unintuitive error messages associated
with certain common errors. This patch changes some specific
error messages to be more understandable and also creates a
mechanism that will allow for easy modification of error messages
in the future. The specific errors we change are not a function
errors and invalid parameter errors.

(JSC::sizeOfVarargs):

  • jit/JITOperations.cpp:

op_throw_static_error always has a JSString as its argument.
There is no need to dance around this, and we should assert
that this always holds. This JSString represents the error
message we want to display to the user, so there is no need
to pass it into errorDescriptionForValue which will now place
quotes around the string.

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • runtime/CommonSlowPaths.h:

(JSC::CommonSlowPaths::opIn):

  • runtime/ErrorInstance.cpp:

(JSC::ErrorInstance::ErrorInstance):

  • runtime/ErrorInstance.h:

(JSC::ErrorInstance::hasSourceAppender):
(JSC::ErrorInstance::sourceAppender):
(JSC::ErrorInstance::setSourceAppender):
(JSC::ErrorInstance::clearSourceAppender):
(JSC::ErrorInstance::setRuntimeTypeForCause):
(JSC::ErrorInstance::runtimeTypeForCause):
(JSC::ErrorInstance::clearRuntimeTypeForCause):
(JSC::ErrorInstance::appendSourceToMessage): Deleted.
(JSC::ErrorInstance::setAppendSourceToMessage): Deleted.
(JSC::ErrorInstance::clearAppendSourceToMessage): Deleted.

  • runtime/ExceptionHelpers.cpp:

(JSC::errorDescriptionForValue):
(JSC::defaultApproximateSourceError):
(JSC::defaultSourceAppender):
(JSC::functionCallBase):
(JSC::notAFunctionSourceAppender):
(JSC::invalidParameterInSourceAppender):
(JSC::invalidParameterInstanceofSourceAppender):
(JSC::createError):
(JSC::createInvalidFunctionApplyParameterError):
(JSC::createInvalidInParameterError):
(JSC::createInvalidInstanceofParameterError):
(JSC::createNotAConstructorError):
(JSC::createNotAFunctionError):
(JSC::createNotAnObjectError):
(JSC::createInvalidParameterError): Deleted.

  • runtime/ExceptionHelpers.h:
  • runtime/JSObject.cpp:

(JSC::JSObject::hasInstance):

  • runtime/RuntimeType.cpp: Added.

(JSC::runtimeTypeForValue):
(JSC::runtimeTypeAsString):

  • runtime/RuntimeType.h: Added.
  • runtime/TypeProfilerLog.cpp:

(JSC::TypeProfilerLog::processLogEntries):

  • runtime/TypeSet.cpp:

(JSC::TypeSet::getRuntimeTypeForValue): Deleted.

  • runtime/TypeSet.h:
  • runtime/VM.cpp:

(JSC::appendSourceToError):
(JSC::VM::throwException):

LayoutTests:

  • fast/dom/NodeList/nodelist-item-call-as-function-expected.txt:
  • fast/dom/call-a-constructor-as-a-function-expected.txt:
  • fast/regex/dom/cross-frame-callable-expected.txt:
  • fast/selectors/closest-general-expected.txt:
  • http/tests/security/xss-DENIED-window-index-assign-expected.txt:
  • js/dom/exception-thrown-from-new-expected.txt:
  • js/exception-for-nonobject-expected.txt:
  • js/exception-function-apply-expected.txt: Added.
  • js/exception-function-apply.html: Added.
  • js/exception-in-expected.txt: Added.
  • js/exception-in.html: Added.
  • js/exception-instanceof-expected.txt: Added.
  • js/exception-instanceof.html: Added.
  • js/instance-of-immediates-expected.txt:
  • js/script-tests/exception-function-apply.js: Added.
  • js/script-tests/exception-in.js: Added.
  • js/script-tests/exception-instanceof.js: Added.
  • js/typedarray-constructors-expected.txt:
  • platform/mac-wk2/plugins/npruntime/object-from-destroyed-plugin-expected.txt:
  • platform/mac-wk2/plugins/npruntime/object-from-destroyed-plugin-in-subframe-expected.txt:
  • platform/mac/css3/selectors3/xhtml/css3-modsel-15c-expected.txt:
  • platform/mac/css3/selectors3/xml/css3-modsel-15c-expected.txt:
  • plugins/npruntime/object-from-destroyed-plugin-expected.txt:
  • plugins/npruntime/object-from-destroyed-plugin-in-subframe-expected.txt:
  • plugins/npruntime/plugin-scriptable-object-invoke-default-expected.txt:
  • sputnik/Conformance/12_Statement/12.1_Block/S12.1_A4_T1-expected.txt:
  • sputnik/Conformance/13_Function_Definition/S13_A17_T2-expected.txt:
  • sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/S15.1_A2_T1-expected.txt:
  • sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/S15.2.4_A3-expected.txt:
  • svg/dom/svgpath-out-of-bounds-getPathSeg-expected.txt:

Mar 23, 2015:

11:47 PM Changeset in webkit [181888] by yoav@yoav.ws
  • 6 edits
    10 adds
    9 deletes in trunk

Update empty image canvas tests and fix a related bug
https://bugs.webkit.org/show_bug.cgi?id=142694

Reviewed by Chris Dumez.

Source/WebCore:

During the work on https://bugs.webkit.org/show_bug.cgi?id=142677
we encountered an issue with canvas tests related to empty image handling
when drawn or used as a pattern. After updating these tests, an issue with
pattern handling was encountered.

The spec, as well as Chrome's implementation, say that when an empty image
is used as a pattern, createPattern should return null. See
https://html.spec.whatwg.org/multipage/scripting.html#fill-and-stroke-styles:check-the-usability-of-the-image-argument
Instead, createPattern returned an exception in this case.
This patch fixes that and makes sure that it returns a null when image loading hasn't started.

Tests: canvas/philip/tests/2d.drawImage.incomplete.emptysrc.html

canvas/philip/tests/2d.drawImage.incomplete.nosrc.html
canvas/philip/tests/2d.drawImage.incomplete.removedsrc.html
canvas/philip/tests/2d.pattern.image.incomplete.emptysrc.html
canvas/philip/tests/2d.pattern.image.incomplete.removedsrc.html

  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::createPattern): Return "null" if image is not fully decodeable.

LayoutTests:

Tests below imported from https://github.com/w3c/web-platform-tests/tree/master/2dcontext/drawing-images-to-the-canvas

  • canvas/philip/tests/2d.drawImage.incomplete-expected.txt: Removed.
  • canvas/philip/tests/2d.drawImage.incomplete.emptysrc-expected.txt: Added.
  • canvas/philip/tests/2d.drawImage.incomplete.emptysrc.html: Added.
  • canvas/philip/tests/2d.drawImage.incomplete.html: Removed.
  • canvas/philip/tests/2d.drawImage.incomplete.nosrc-expected.txt: Added.
  • canvas/philip/tests/2d.drawImage.incomplete.nosrc.html: Added.
  • canvas/philip/tests/2d.drawImage.incomplete.removedsrc-expected.txt: Added.
  • canvas/philip/tests/2d.drawImage.incomplete.removedsrc.html: Added.

Tests below imported from https://github.com/w3c/web-platform-tests/tree/master/2dcontext/fill-and-stroke-styles

  • canvas/philip/tests/2d.pattern.image.incomplete-expected.txt: Removed.
  • canvas/philip/tests/2d.pattern.image.incomplete.empty-expected.txt: Removed.
  • canvas/philip/tests/2d.pattern.image.incomplete.empty.html: Removed.
  • canvas/philip/tests/2d.pattern.image.incomplete.emptysrc-expected.txt: Added.
  • canvas/philip/tests/2d.pattern.image.incomplete.emptysrc.html: Added.
  • canvas/philip/tests/2d.pattern.image.incomplete.html: Removed.
  • canvas/philip/tests/2d.pattern.image.incomplete.omitted-expected.txt: Removed.
  • canvas/philip/tests/2d.pattern.image.incomplete.omitted.html: Removed.
  • canvas/philip/tests/2d.pattern.image.incomplete.removedsrc-expected.txt: Added.

This test currently fails and will be fixed in https://bugs.webkit.org/show_bug.cgi?id=142677

  • canvas/philip/tests/2d.pattern.image.incomplete.removedsrc.html: Added.

Test below imported from https://chromium.googlesource.com/chromium/blink/+/master/LayoutTests/fast/canvas/

  • fast/canvas/canvas-empty-image-pattern.html: Aligned with spec/Chrome.
  • fast/canvas/canvas-empty-image-pattern-expected.txt: Aligned with spec/Chrome.
  • TestExpectations: Added 2d.pattern.image.incomplete.removedsrc.html as an expected failure.
10:37 PM Changeset in webkit [181887] by fpizlo@apple.com
  • 15 edits in trunk/Source

JSC should have a low-cost asynchronous disassembler
https://bugs.webkit.org/show_bug.cgi?id=142997

Reviewed by Mark Lam.
Source/JavaScriptCore:


This adds a JSC_asyncDisassembly option that disassembles on a thread. Disassembly
doesn't block execution. Some code will live a little longer because of this, since the
work tasks hold a ref to the code, but other than that there is basically no overhead.

At present, this isn't really a replacement for JSC_showDisassembly, since it doesn't
provide contextual IR information for Baseline and DFG disassemblies, and it doesn't do
the separate IR dumps for FTL. Using JSC_showDisassembly and friends along with
JSC_asyncDisassembly has bizarre behavior - so just choose one.

A simple way of understanding how great this is, is to run a small benchmark like
V8Spider/earley-boyer.

Performance without any disassembly flags: 60ms
Performance with JSC_showDisassembly=true: 477ms
Performance with JSC_asyncDisassembly=true: 65ms

So, the overhead of disassembly goes from 8x to 8%.

Note that JSC_asyncDisassembly=true does make it incorrect to run "time" as a way of
measuring benchmark performance. This is because at VM exit, we wait for all async
disassembly requests to finish. For example, for earley-boyer, we spend an extra ~130ms
after the benchmark completely finishes to finish the disassemblies. This small weirdness
should be OK for the intended use-cases, since all you have to do to get around it is to
measure the execution time of the benchmark payload rather than the end-to-end time of
launching the VM.

  • assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::finalizeCodeWithDisassembly):

  • assembler/LinkBuffer.h:

(JSC::LinkBuffer::wasAlreadyDisassembled):
(JSC::LinkBuffer::didAlreadyDisassemble):

  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::disassemble):

  • dfg/DFGJITFinalizer.cpp:

(JSC::DFG::JITFinalizer::finalize):
(JSC::DFG::JITFinalizer::finalizeFunction):

  • disassembler/Disassembler.cpp:

(JSC::disassembleAsynchronously):
(JSC::waitForAsynchronousDisassembly):

  • disassembler/Disassembler.h:
  • ftl/FTLCompile.cpp:

(JSC::FTL::mmAllocateDataSection):

  • ftl/FTLLink.cpp:

(JSC::FTL::link):

  • jit/JIT.cpp:

(JSC::JIT::privateCompile):

  • jsc.cpp:
  • runtime/Options.h:
  • runtime/VM.cpp:

(JSC::VM::~VM):

Source/WTF:

  • wtf/StringPrintStream.h:
6:48 PM Changeset in webkit [181886] by fpizlo@apple.com
  • 1 edit
    2 copies
    1 move
    2 adds in trunk/LayoutTests

Move the bulk of the js/dom/const test into js/const, so that run-jsc-stress-tests runs it.

Rubber stamped by Andreas Kling and Michael Saboff.

  • js/const-expected.txt: Copied from LayoutTests/js/dom/const-expected.txt.
  • js/const.html: Copied from LayoutTests/js/dom/const.html.
  • js/dom/const-expected.txt: Replaced.
  • js/dom/const.html: Replaced.
  • js/resources/const.js: Removed.
  • js/script-tests/const.js: Copied from LayoutTests/js/resources/const.js.
6:28 PM Changeset in webkit [181885] by Joseph Pecoraro
  • 2 edits in trunk/Source/WebKit2

Unreviewed, another attempt to fix 32-bit build after r181881.

  • UIProcess/WebInspectorProxy.h:
6:12 PM Changeset in webkit [181884] by Joseph Pecoraro
  • 3 edits in trunk/Source/WebKit2

Unreviewed, attempt to fix 32-bit build after r181881.

  • UIProcess/API/Cocoa/WKViewPrivate.h:
  • UIProcess/API/mac/WKView.mm:
6:01 PM Changeset in webkit [181883] by achristensen@apple.com
  • 3 edits in trunk/Source/WebCore

Fix api tests after r181876.

  • contentextensions/ContentExtensionsBackend.cpp:

(WebCore::ContentExtensions::ContentExtensionsBackend::actionsForResourceLoad):
Always append a CSSDisplayNoneStyleSheet action if no ignore-previous-rules is seen.

  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):
Changed an assertion to a null check.

5:44 PM Changeset in webkit [181882] by dino@apple.com
  • 6 edits in trunk/Source/WebCore

Timelines are sharing the same canvas background
https://bugs.webkit.org/show_bug.cgi?id=142994
<rdar://problem/20209466>

Reviewed by Brent Fulgham.

Since each MediaControl lives in an isolated world, we
can't rely on a global variable to provide a unique
identifier for a named canvas. The fix is to expose
WebCore's UUID generator, and have each canvas use
that for a name.

  • Modules/mediacontrols/MediaControlsHost.cpp:

(WebCore::MediaControlsHost::generateUUID): New method on the
MediaControlsHost that generates a UUID.

  • Modules/mediacontrols/MediaControlsHost.h:
  • Modules/mediacontrols/MediaControlsHost.idl:
  • Modules/mediacontrols/mediaControlsApple.js: Remove the global

variable unique ID that wasn't working, and instead get
an ID from the MediaControlsHost.
(Controller.prototype.createControls):

  • Modules/mediacontrols/mediaControlsiOS.js:

(ControllerIOS):

4:42 PM Changeset in webkit [181881] by timothy@apple.com
  • 7 edits in trunk/Source/WebKit2

Web Inspector: Support attaching to another view other than the WKView
https://bugs.webkit.org/show_bug.cgi?id=142892

Reviewed by Tim Horton.

  • UIProcess/API/C/WKInspector.cpp:

(WKInspectorAttach): Drive by fix so it used the last attachment side.

  • UIProcess/API/Cocoa/WKViewPrivate.h:
  • UIProcess/API/mac/WKView.mm:

(-[WKView _inspectorAttachmentView]): Added.
(-[WKView _setInspectorAttachmentView:]): Added.

  • UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::createInspectorPage):
(WebKit::WebInspectorProxy::attachAvailabilityChanged):
Use platformCanAttach as a final check incase there is a different
attachment view that the platform knows about.

  • UIProcess/WebInspectorProxy.h:

(WebKit::WebInspectorProxy::attachmentSide): Added.
(WebKit::WebInspectorProxy::platformCanAttach): Added.

  • UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::WebInspectorProxy::attachmentViewDidChange): Added.
(WebKit::WebInspectorProxy::closeTimerFired):
(WebKit::WebInspectorProxy::platformCreateInspectorPage):
(WebKit::WebInspectorProxy::platformCanAttach):
(WebKit::WebInspectorProxy::inspectedViewFrameDidChange):
(WebKit::WebInspectorProxy::platformInspectedWindowHeight):
(WebKit::WebInspectorProxy::platformInspectedWindowWidth):
(WebKit::WebInspectorProxy::platformAttach):
(WebKit::WebInspectorProxy::platformDetach):
Use the _inspectorAttachmentView and change how the frame change notification
is observed and follow the attachment view as it changes.

3:56 PM Changeset in webkit [181880] by Brent Fulgham
  • 2 edits in trunk/Tools

Regression(r181257): WTF_WorkQueue.Simple is flaky
https://bugs.webkit.org/show_bug.cgi?id=142560

Remove the check that the refCount has returned to one after the
individual tasks have completed. It's too nondeterministic when
the reference count will be reduced.

Reviewed by Alexey Proskuryakov

  • TestWebKitAPI/Tests/WTF/WorkQueue.cpp:

(TestWebKitAPI::TEST): Remove test that refCount is back to 1.

3:52 PM Changeset in webkit [181879] by Brent Fulgham
  • 7 edits in trunk/Source/WebCore

Scroll latching logic can get stuck in 'scrollable="no"' iframes
https://bugs.webkit.org/show_bug.cgi?id=142789
<rdar://problem/20129494>

Reviewed by Dean Jackson.

Clean up the EventHandler and latching code as follows:
(1) Do not handle iframe elements as part of the normal latching logic. Instead, iframes should

be evaluated during the 'platformCompleteWheelEvent' phase of processing as top-level scrolling
frames.

(2) Get rid of the ill-conceived notation that we should process non-mainframe and main-frame frames

different.

(3) Modify code to reflect that the scroll latching code really deals with overflow scrolling. Consequently,

the 'findEnclosingScrollableContainer' was renamed to 'findEnclosingOverflowScroll' and does not
treat iframe as a suitable target.

(4) Do not create a latching state object when the container being evaluated is already scrolled to the

extreme position in the direction of the mouse gesture. In this case, we want the enclosing frame
to be the latching target.

(5) Do not treat the state where the mouse wheel gesture has ended manual scrolling, but has not ended

momentum scrolling, as an appropriate time to select a latching target.

  • page/EventHandler.cpp:

(WebCore::EventHandler::platformCompleteWheelEvent): Modify signature to remove unneeded argument.
(WebCore::EventHandler::handleWheelEvent): Modify call to 'platformCompleteWheelEvent' to remove unused argument.

  • page/EventHandler.h:
  • page/mac/EventHandlerMac.mm:

(WebCore::findEnclosingOverflowScroll): Renamed from 'findEnclosingScrollableContainer' and revised per the
notes above.
(WebCore::EventHandler::platformPrepareForWheelEvents): Remove mainFrame vs. non-mainFrame code paths and
consolidate logic.
(WebCore::EventHandler::platformCompleteWheelEvent): Remove unused argument. The wheel event target is no
longer needed here, now that iframes are not processed by this code.
(WebCore::findEnclosingScrollableContainer): Deleted.

  • page/scrolling/ScrollLatchingState.cpp:

(WebCore::ScrollLatchingState::setPreviousWheelScrolledElement:) Switch to move operator for passing
a temporary RefPtr to the the function.

  • page/scrolling/ScrollLatchingState.h:
  • platform/PlatformWheelEvent.h:

(WebCore::PlatformWheelEvent::useLatchedEventElement): Recognize 'phase=ended, momentum=none' as a state
that should not cause latching state to be revised.

3:50 PM Changeset in webkit [181878] by andersca@apple.com
  • 2 edits in trunk/Source/WebCore

Try to fix the iOS build.

  • platform/network/mac/CookieJarMac.mm:
3:49 PM Changeset in webkit [181877] by aestes@apple.com
  • 10 edits in trunk/LayoutTests

[Content Filtering] Fix up a few mistakes in LayoutTests/contentfiltering/
https://bugs.webkit.org/show_bug.cgi?id=142991

Reviewed by Andreas Kling.

  • contentfiltering/allow-after-add-data-expected.html: Added HTML5 doctype.
  • contentfiltering/allow-after-finished-adding-data-expected.html: Ditto.
  • contentfiltering/allow-after-response-expected.html: Ditto.
  • contentfiltering/allow-after-unblock-request-expected.html: Ditto.
  • contentfiltering/block-after-add-data-expected.html: Ditto.
  • contentfiltering/block-after-finished-adding-data-expected.html: Ditto.
  • contentfiltering/block-after-response-expected.html: Ditto.
  • contentfiltering/block-after-unblock-request-expected.html: Ditto.
  • contentfiltering/resources/contentfiltering.js: Added a newline at the end of the file.
3:36 PM WebKitGTK/2.6.x edited by Michael Catanzaro
add two notes (diff)
3:34 PM Changeset in webkit [181876] by beidson@apple.com
  • 18 edits
    1 copy
    1 add in trunk

Content extensions should apply css selectors
https://bugs.webkit.org/show_bug.cgi?id=142604

Reviewed by Alex Christensen.

Source/WebCore:

Tests: http/tests/contentextensions/css-display-none.html

  • WebCore.xcodeproj/project.pbxproj:
  • contentextensions/ContentExtension.cpp:

(WebCore::ContentExtensions::ContentExtension::create):
(WebCore::ContentExtensions::ContentExtension::ContentExtension):
(WebCore::ContentExtensions::ContentExtension::globalDisplayNoneStyleSheet):

  • contentextensions/ContentExtension.h:

(WebCore::ContentExtensions::ContentExtension::identifier):
(WebCore::ContentExtensions::ContentExtension::compiledExtension):

  • contentextensions/ContentExtensionsBackend.cpp:

(WebCore::ContentExtensions::ContentExtensionsBackend::addContentExtension):
(WebCore::ContentExtensions::ContentExtensionsBackend::actionsForResourceLoad):
(WebCore::ContentExtensions::ContentExtensionsBackend::globalDisplayNoneStyleSheet):

  • contentextensions/ContentExtensionsBackend.h:
  • contentextensions/DFABytecodeInterpreter.cpp:

(WebCore::ContentExtensions::DFABytecodeInterpreter::interpret):

  • dom/DocumentStyleSheetCollection.cpp:

(WebCore::DocumentStyleSheetCollection::maybeAddContentExtensionSheet):

  • dom/DocumentStyleSheetCollection.h:
  • loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::commitData):
(WebCore::DocumentLoader::startLoadingMainResource):
(WebCore::DocumentLoader::addPendingContentExtensionSheet):

  • loader/DocumentLoader.h:
  • loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):

  • loader/cache/CachedResourceRequest.cpp:

(WebCore::CachedResourceRequest::setInitiator):

  • loader/cache/CachedResourceRequest.h:

(WebCore::CachedResourceRequest::initiatingDocumentLoader):

  • page/UserContentController.cpp:

(WebCore::UserContentController::globalDisplayNoneStyleSheet):
(WebCore::UserContentController::displayNoneCSSRule):

  • page/UserContentController.h:

LayoutTests:

  • http/tests/contentextensions/css-display-none-expected.txt:
  • http/tests/contentextensions/css-display-none.html:
  • http/tests/contentextensions/css-display-none.html.json:
3:31 PM Changeset in webkit [181875] by andersca@apple.com
  • 3 edits in trunk/Source/WebCore

-[_WKWebsiteDataStore removeDataOfTypes:modifiedSince:completionHandler:] doesn't remove cookies
https://bugs.webkit.org/show_bug.cgi?id=142990
rdar://problem/20241645

Reviewed by Andreas Kling.

Use the Mac version of deleteAllCookiesModifiedSince on iOS as well.

  • platform/network/cf/CookieJarCFNet.cpp:
  • platform/network/mac/CookieJarMac.mm:
3:05 PM Changeset in webkit [181874] by timothy_horton@apple.com
  • 5 edits in trunk/Source/WebKit2

Images shared to photos via action menu are padded with zeroes at the end
https://bugs.webkit.org/show_bug.cgi?id=142985

Reviewed by Anders Carlsson.

  • Shared/mac/ActionMenuHitTestResult.h:
  • Shared/mac/ActionMenuHitTestResult.mm:

(WebKit::ActionMenuHitTestResult::encode):
(WebKit::ActionMenuHitTestResult::decode):

  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::performActionMenuHitTestAtLocation):
Send the size of the image separately from the SharedMemory.
The SharedMemory's size can be rounded up, so we need to keep the original
size around in order to write the data to disk.

  • UIProcess/mac/WKActionMenuController.mm:

(-[WKActionMenuController _hitTestResultImage]):
(-[WKActionMenuController _addImageToPhotos:]):
Use the image size instead of the SharedMemory size.

3:04 PM Changeset in webkit [181873] by Conrad Shultz
  • 2 edits in trunk/Source/WebCore

Replace uses of kCTFontSystemFontType
https://bugs.webkit.org/show_bug.cgi?id=142984

Reviewed by Tim Horton.

  • rendering/RenderThemeMac.mm:

(WebCore::AttachmentLayout::layOutTitle):
(WebCore::AttachmentLayout::layOutSubtitle):

3:00 PM Changeset in webkit [181872] by jonowells@apple.com
  • 7 edits
    4 adds in trunk/Source/WebInspectorUI

Web Inspector: Debugger sidebar should have a filter button for breakpoints
https://bugs.webkit.org/show_bug.cgi?id=142779

Reviewed by Timothy Hatcher.

Add the infrastructure for activation filter buttons that can appear next to the text filters at the bottom
of any navigation sidebar panel. These filter bar buttons have defined within them a function that returns
a boolean value that indicates whether the input, typically a tree element, should be filtered or not.

This infrastructure is then used to create a filter for the debugger sidebar that, when applied, only shows
scripts that have breakpoints set on them.

  • Localizations/en.lproj/localizedStrings.js: Updated.
  • UserInterface/Main.html: Files added.
  • UserInterface/Views/DebuggerSidebarPanel.js:

(WebInspector.DebuggerSidebarPanel.showResourcesWithChildrenOnlyFilterFunction):
(WebInspector.DebuggerSidebarPanel):
(WebInspector.DebuggerSidebarPanel.prototype._addBreakpoint): Drive-by fix.
Add filter button to filter bar.

  • UserInterface/Views/FilterBar.css:

(.filter-bar > .navigation-bar > .item):
Style filter button.

  • UserInterface/Views/FilterBar.js:

(WebInspector.FilterBar):
(WebInspector.FilterBar.prototype.get filters):
(WebInspector.FilterBar.prototype.set filters):
(WebInspector.FilterBar.prototype.hasActiveFilters):
(WebInspector.FilterBar.prototype._handleFilterChanged):
(WebInspector.FilterBar.prototype._inputFieldChanged): Deleted.
Create space for filter bar buttons and set up event handlers to deal with them.

  • UserInterface/Views/FilterBarButton.js: Copied from Source/WebInspectorUI/UserInterface/Views/FilterBar.css.

(WebInspector.FilterBarButton):
(WebInspector.FilterBarButton.prototype.get filterFunction):
(WebInspector.FilterBarButton.prototype.toggle):
Create class for a filter bar button that stores a filter function.

  • UserInterface/Views/NavigationSidebarPanel.js:

(WebInspector.NavigationSidebarPanel):
(WebInspector.NavigationSidebarPanel.prototype.matchTreeElementAgainstFilterFunctions):
(WebInspector.NavigationSidebarPanel.prototype.applyFiltersToTreeElement):
(WebInspector.NavigationSidebarPanel.prototype._filterDidChange):
(WebInspector.NavigationSidebarPanel.prototype._updateFilter):
(WebInspector.NavigationSidebarPanel.prototype._textFilterDidChange): Deleted.
Add functionality to support button filters and process their corresponding functions correctly when filtering.

2:37 PM Changeset in webkit [181871] by dino@apple.com
  • 6 edits
    3 adds in trunk

ES7: Implement Array.prototype.includes
https://bugs.webkit.org/show_bug.cgi?id=142707

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Add support for the ES7 includes method on Arrays.
https://github.com/tc39/Array.prototype.includes

  • builtins/Array.prototype.js:

(includes): Implementation in JS.

  • runtime/ArrayPrototype.cpp: Add 'includes' to the lookup table.

LayoutTests:

  • js/array-includes-expected.txt: Added.
  • js/array-includes.html: Added.
  • js/script-tests/array-includes.js: Added.
  • js/script-tests/Object-getOwnPropertyNames.js: Add 'includes'.
  • js/Object-getOwnPropertyNames-expected.txt: Add 'includes'.
2:32 PM Changeset in webkit [181870] by dino@apple.com
  • 2 edits in trunk/Source/WebCore

kCTFontSystemFontType is deprecated in CoreText
https://bugs.webkit.org/show_bug.cgi?id=142981
<rdar://problem/20261171>

Reviewed by Beth Dakin.

Update to the non-deprecated version.

  • rendering/RenderThemeIOS.mm: kCTFontSystemFontType -> kCTFontUIFontSystem

(WebCore::RenderThemeIOS::updateCachedSystemFontDescription):

1:52 PM Changeset in webkit [181869] by enrica@apple.com
  • 2 edits in trunk/Source/WebKit2

[iOS] WebContent crash attempting to select text with a gesture at RenderObject::absoluteBoundingBoxRect.
https://bugs.webkit.org/show_bug.cgi?id=142913
rdar://problem/16400033

Reviewed by Sam Weinig.

When looking for the best candidate range at the given position,
we should skip nodes that don't have a renderer.
This is a speculative fix.

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::rangeForWebSelectionAtPosition):

1:48 PM Changeset in webkit [181868] by Joseph Pecoraro
  • 5 edits in trunk

defineGetter/defineSetter should throw exceptions
https://bugs.webkit.org/show_bug.cgi?id=142934

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

  • runtime/ObjectPrototype.cpp:

(JSC::objectProtoFuncDefineGetter):
(JSC::objectProtoFuncDefineSetter):
Throw exceptions when these functions are used directly.

LayoutTests:

  • js/property-getters-and-setters-expected.txt:
  • js/script-tests/property-getters-and-setters.js:
1:48 PM Changeset in webkit [181867] by Joseph Pecoraro
  • 2 edits in trunk/Source/JavaScriptCore

Fix DO_PROPERTYMAP_CONSTENCY_CHECK enabled build
https://bugs.webkit.org/show_bug.cgi?id=142952

Reviewed by Geoffrey Garen.

  • runtime/Structure.cpp:

(JSC::PropertyTable::checkConsistency):
The check offset method doesn't exist in PropertyTable, it exists in Structure.

(JSC::Structure::checkConsistency):
So move it here, and always put it at the start to match normal behavior.

1:42 PM Changeset in webkit [181866] by ap@apple.com
  • 7 edits in trunk/Source

REGRESSION (Yosemite): WKView visibility notifications are messed up
https://bugs.webkit.org/show_bug.cgi?id=142945

Reviewed by Tim Horton.

As these notifications cannot be used by NSView subclasses, create a separate
object for observing them.

Source/WebKit/mac:

  • WebView/WebView.mm:

(-[WebView _commonInitializationWithFrameName:groupName:]):
(-[WebView initSimpleHTMLDocumentWithStyle:frame:preferences:groupName:]):
(-[WebView addWindowObserversForWindow:]):
(-[WebView removeWindowObservers]):
(-[WebView viewWillMoveToWindow:]): Make sure that observers are removed even
if -[WebView close] is called manually.

  • WebView/WebViewData.h:
  • WebView/WebViewData.mm:

(-[WebWindowVisibilityObserver initWithView:]):
(-[WebWindowVisibilityObserver startObserving:]):
(-[WebWindowVisibilityObserver stopObserving:]):
(-[WebWindowVisibilityObserver _windowVisibilityChanged:]):

Source/WebKit2:

  • UIProcess/API/mac/WKView.mm:

(-[WKWindowVisibilityObserver initWithView:]):
(-[WKWindowVisibilityObserver startObserving:]):
(-[WKWindowVisibilityObserver stopObserving:]):
(-[WKWindowVisibilityObserver _windowDidOrderOnScreen:]):
(-[WKWindowVisibilityObserver _windowDidOrderOffScreen:]):
(-[WKView addWindowObserversForWindow:]):
(-[WKView removeWindowObservers]): Also, don't try to remove NSWindowWillOrderOffScreenNotification,
which we never start to observe.
(-[WKView initWithFrame:processPool:configuration:webView:]):

  • UIProcess/API/mac/WKViewInternal.h:
1:35 PM Changeset in webkit [181865] by eric.carlson@apple.com
  • 2 edits in trunk/Source/WebCore

[Mac] Enable fullscreen for MSE-based videos
https://bugs.webkit.org/show_bug.cgi?id=142971

Reviewed by Jer Noble.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::supportsFullscreen): Return true;

1:34 PM Changeset in webkit [181864] by andersca@apple.com
  • 4 edits in trunk

Source/WebKit2:
Make platform/mac-wk2/plugins/destroy-during-async-npp-new.html work again.
https://bugs.webkit.org/show_bug.cgi?id=133692
rdar://problem/17255947

Reviewed by Alexey Proskuryakov.

Add plug-in destruction protectors around message receiver code that can call out to NPObjects or JavaScript
where we need the plug-in to stay around after the call.

  • Shared/Plugins/NPObjectMessageReceiver.cpp:

(WebKit::NPObjectMessageReceiver::invoke):
(WebKit::NPObjectMessageReceiver::invokeDefault):
(WebKit::NPObjectMessageReceiver::getProperty):
(WebKit::NPObjectMessageReceiver::setProperty):
(WebKit::NPObjectMessageReceiver::construct):

LayoutTests:
Make platform/mac-wk2/plugins/destroy-during-async-npp-new.html work again
https://bugs.webkit.org/show_bug.cgi?id=133692
rdar://problem/17255947

Reviewed by Alexey Proskuryakov.

  • platform/mac-wk2/TestExpectations:

Unskip test.

1:31 PM Changeset in webkit [181863] by achristensen@apple.com
  • 3 edits in trunk/Source/WebCore

[MediaFoundation] Implement seek.
https://bugs.webkit.org/show_bug.cgi?id=142594

Reviewed by Darin Adler.

  • platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:

(WebCore::MediaPlayerPrivateMediaFoundation::seeking):
(WebCore::MediaPlayerPrivateMediaFoundation::seekDouble):
(WebCore::MediaPlayerPrivateMediaFoundation::durationDouble):

  • platform/graphics/win/MediaPlayerPrivateMediaFoundation.h:
1:17 PM Changeset in webkit [181862] by mitz@apple.com
  • 2 edits in trunk/Source/WebCore

Fixed the build.

  • platform/graphics/cocoa/FontCocoa.mm:

(WebCore::Font::platformBoundsForGlyph): Switched to non-deprecated CTFontOrientation values.
(WebCore::Font::platformWidthForGlyph): Ditto.

1:06 PM Changeset in webkit [181861] by ap@apple.com
  • 2 edits in trunk/LayoutTests

accessibility/textarea-selected-text-range.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=142976

  • platform/mac/TestExpectations: Marking as such.
12:20 PM Changeset in webkit [181860] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[iOS] Accessibility crashing because MediaPlayer is laying out UI off the main thread
https://bugs.webkit.org/show_bug.cgi?id=142970

Reviewed by Eric Carlson.

Return early after synchronously calling to the main thread to allocate the volume
view, to avoid re-allocating the volume view again on the web thread.

  • platform/audio/ios/MediaSessionManagerIOS.mm:

(-[WebMediaSessionHelper allocateVolumeView]):

12:13 PM Changeset in webkit [181859] by andersca@apple.com
  • 4 edits in trunk/Source/WebKit2

Put the WK_NULLABLE_SPECIFIER in the right place for block parameters
https://bugs.webkit.org/show_bug.cgi?id=142975
rdar://problem/19863930

Reviewed by Dan Bernstein.

  • UIProcess/API/Cocoa/WKNavigationDelegate.h:
  • UIProcess/API/Cocoa/WKUIDelegate.h:
  • UIProcess/API/Cocoa/WKWebView.h:
11:39 AM Changeset in webkit [181858] by timothy_horton@apple.com
  • 9 edits in trunk/Source

Add a share item to the link action menu
https://bugs.webkit.org/show_bug.cgi?id=142961
<rdar://problem/19198374>

Reviewed by Beth Dakin.

  • UIProcess/mac/WKActionMenuController.mm:

(-[WKActionMenuController _hitLinkURL]):
Factor out _hitLinkURL from various places.

(-[WKActionMenuController _openURLFromActionMenu:]):
(-[WKActionMenuController _addToReadingListFromActionMenu:]):
(-[WKActionMenuController _defaultMenuItemsForVideo]):
(-[WKActionMenuController _defaultMenuItemsForImage]):
(-[WKActionMenuController _createActionMenuItemForTag:]):
(-[WKActionMenuController _createShareActionMenuItemForTag:withItems:]):
Adopt -[NSMenuItem standardShareMenuItemWithItems].
All of the null-checking is unnecessary as it's impossible to enter
these functions with a null image/etc.

(-[WKActionMenuController _defaultMenuItemsForLink]):

  • Shared/API/c/WKActionMenuItemTypes.h:

Add a 'Share' item to the link menu.

  • WebView/WebActionMenuController.mm:

(-[WebActionMenuController _defaultMenuItemsForImage]):
(-[WebActionMenuController _defaultMenuItemsForVideo]):
(-[WebActionMenuController _createActionMenuItemForTag:]):
(-[WebActionMenuController _createShareActionMenuItemForTag:withItems:]):
Adopt -[NSMenuItem standardShareMenuItemWithItems].
All of the null-checking is unnecessary as it's impossible to enter
these functions with a null image/etc.
Also, remove a duplicate isDownloadableMedia check for the 'save to downloads' item.

(-[WebActionMenuController _defaultMenuItemsForLink]):

  • WebView/WebUIDelegatePrivate.h:

Add a 'Share' item to the link menu.

  • English.lproj/Localizable.strings:

Remove some now-unused strings.

  • platform/spi/mac/NSMenuSPI.h:

Add some SPI.

11:18 AM Changeset in webkit [181857] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebCore

[iOS] Build fix: CoreText deprecated kCTFontSystemFontType

Fix tracked by: <rdar://problem/20261171>

  • rendering/RenderThemeIOS.mm:

(WebCore::RenderThemeIOS::updateCachedSystemFontDescription):
Add clang pragmas.

11:07 AM Changeset in webkit [181856] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

Unreviewed test fix.

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseScrollSnapDestination): Remove new assertion.

9:57 AM Changeset in webkit [181855] by Brent Fulgham
  • 3 edits in trunk/Source/WebCore

scroll-snap-destination and scroll-snap-coordinate do not seem to work together properly
https://bugs.webkit.org/show_bug.cgi?id=142552
<rdar://problem/20114743>

Reviewed by Dean Jackson.

Revise the snap point logic as follows:
(1) Put the snap point destination handling in a helper function to make the rest of the code

easier to read.

(2) Make sure we always have a left-hand snap point (i.e., position 0), but don't add multiple

left-hand snap points.

(3) Create a helper function to determine if we should be working with the scroll snap 'elements'

behavior. We want to use this for scroll-snap-destination/scroll-snap-coordinate markup.

(4) Create per-element snap point offsets when using scroll-snap-destination/scroll-snap-coordinate.

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseScrollSnapDestination): Add assertion to try to catch bad parser state.

  • page/scrolling/AxisScrollSnapOffsets.cpp:

(WebCore::destinationOffsetForViewSize): Added helper function to consolidate logic for handling
destination coordinates.
(WebCore::updateFromStyle): Make sure a left-hand snap point is always provided.
(WebCore::styleUsesElements): Added helper function.
(WebCore::updateSnapOffsetsForScrollableArea): Revise logic to generate 'per-element' snap point
offsets.

4:47 AM Changeset in webkit [181854] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.8.0

WebKitGTK+ 2.8.0

4:17 AM Changeset in webkit [181853] by gyuyoung.kim@samsung.com
  • 3 edits in trunk/Tools

[CMake][EFL] Put failure API test excutables into failure directory
https://bugs.webkit.org/show_bug.cgi?id=142965

Reviewed by Csaba Osztrogonác.

Move failing WK2 API test executables to *bin/TestWebKitAPI/WebKit2/failure* directory.

  • TestWebKitAPI/CMakeLists.txt: Fix a typo. Change *testBaseName* with *testName*.
  • TestWebKitAPI/PlatformEfl.cmake: Additionally remove unnecessary SHARED_CORE and comment for SeccompFilters test.
3:59 AM WebKitGTK/Roadmap edited by philn@igalia.com
(diff)
3:41 AM Changeset in webkit [181852] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.8

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.8.0 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.8.0.
3:05 AM Changeset in webkit [181851] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebKit2

[GTK] Use std::abs() in ClickCounter::currentClickCountForGdkButtonEvent()
https://bugs.webkit.org/show_bug.cgi?id=142964

Reviewed by Carlos Garcia Campos.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(ClickCounter::currentClickCountForGdkButtonEvent): Use the STL's std::abs()
instead of C's abs(). The templated nature of std::abs() ensures the proper
computation that matches the types of the passed-in values, and shuts down
a warning when compiling with Clang.

3:02 AM Changeset in webkit [181850] by zandobersek@gmail.com
  • 3 edits in trunk/Source/WebKit2

[GTK][WK2] webkitBackForwardListChanged() should operate on a Vector reference
https://bugs.webkit.org/show_bug.cgi?id=142963

Reviewed by Carlos Garcia Campos.

  • UIProcess/API/gtk/WebKitBackForwardList.cpp:

(webkitBackForwardListChanged): This function only reads from the passed-in
Vector of removed items, so only a const lvalue reference to the Vector
is needed.

  • UIProcess/API/gtk/WebKitBackForwardListPrivate.h:
2:14 AM Changeset in webkit [181849] by yoav@yoav.ws
  • 4 edits in trunk/Source/WebCore

Refactor ImageLoader's setting of CachedImage
https://bugs.webkit.org/show_bug.cgi?id=142825

Reviewed by Chris Dumez.

No new tests, since there's no functional change.

setImage and setImageWithoutConsideringPendingLoadEvent were not called with new
CachedImages and were not used as originally intended. That resulted in some dead code,
and confusion when going over the code.
This patch renames these methods into equivalent clearImage* methods, and deletes resulting dead code.

  • html/HTMLObjectElement.cpp:

(WebCore::HTMLObjectElement::renderFallbackContent): Changed setImage call to clearImage.

  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::clearImage):
(WebCore::ImageLoader::clearImageWithoutConsideringPendingLoadEvent):
(WebCore::ImageLoader::notifyFinished):
(WebCore::ImageLoader::elementDidMoveToNewDocument):
(WebCore::ImageLoader::setImage): Deleted.
(WebCore::ImageLoader::setImageWithoutConsideringPendingLoadEvent): Deleted.

  • loader/ImageLoader.h:
2:12 AM Changeset in webkit [181848] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.8

Merge r181847 - [GTK] Add a configure option to build without Redirected XComposite Window
https://bugs.webkit.org/show_bug.cgi?id=142865

Reviewed by Žan Doberšek.

.:

The Redirected XComposite Window was added to support some
features like GtkOverlay, but in cases where we don't need such
features, it's more efficient to use the XID of the WebKitWebView
window as the native surface handle for the accelerated
compositing. This patch adds USE_REDIRECTED_XCOMPOSITE_WINDOW,
that is enabled by default for X11 target when OpenGL is enabled.

  • Source/cmake/OptionsGTK.cmake:

Source/WebKit2:

Use USE(REDIRECTED_XCOMPOSITE_WINDOW) instead of
USE(TEXTURE_MAPPER_GL) && PLATFORM(X11).

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseRealize): Use the XID of the WebKitWebView
window as native surface handle when REDIRECTED_XCOMPOSITE_WINDOW
is disabled.
(webkitWebViewRenderAcceleratedCompositingResults):
(resizeWebKitWebViewBaseFromAllocation):
(webkitWebViewBaseEnterAcceleratedCompositingMode):
(webkitWebViewBaseExitAcceleratedCompositingMode):

  • UIProcess/gtk/RedirectedXCompositeWindow.cpp:
  • UIProcess/gtk/RedirectedXCompositeWindow.h:
1:06 AM Changeset in webkit [181847] by Carlos Garcia Campos
  • 6 edits in trunk

[GTK] Add a configure option to build without Redirected XComposite Window
https://bugs.webkit.org/show_bug.cgi?id=142865

Reviewed by Žan Doberšek.

.:

The Redirected XComposite Window was added to support some
features like GtkOverlay, but in cases where we don't need such
features, it's more efficient to use the XID of the WebKitWebView
window as the native surface handle for the accelerated
compositing. This patch adds USE_REDIRECTED_XCOMPOSITE_WINDOW,
that is enabled by default for X11 target when OpenGL is enabled.

  • Source/cmake/OptionsGTK.cmake:

Source/WebKit2:

Use USE(REDIRECTED_XCOMPOSITE_WINDOW) instead of
USE(TEXTURE_MAPPER_GL) && PLATFORM(X11).

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseRealize): Use the XID of the WebKitWebView
window as native surface handle when REDIRECTED_XCOMPOSITE_WINDOW
is disabled.
(webkitWebViewRenderAcceleratedCompositingResults):
(resizeWebKitWebViewBaseFromAllocation):
(webkitWebViewBaseEnterAcceleratedCompositingMode):
(webkitWebViewBaseExitAcceleratedCompositingMode):

  • UIProcess/gtk/RedirectedXCompositeWindow.cpp:
  • UIProcess/gtk/RedirectedXCompositeWindow.h:

Mar 22, 2015:

11:58 PM Changeset in webkit [181846] by ap@apple.com
  • 2 edits in trunk/Source/WebKit/mac

Build fix.

  • WebView/WebView.mm: (-[WebView _showPlaybackTargetPicker:hasVideo:]):
10:04 PM Changeset in webkit [181845] by benjamin@webkit.org
  • 15 edits
    4 adds in trunk

CSS Selectors: fix attribute case-insensitive matching of Contain and List
https://bugs.webkit.org/show_bug.cgi?id=142932

Reviewed by Darin Adler.

Source/WebCore:

Fix the last two attribute selectors that were using full case-insensitive
match:

-Contain ([foo*=bar]).
-List (foo~=bar]).

Tests: fast/selectors/attribute-contains-value-matching-is-ascii-case-insensitive.html

fast/selectors/attribute-list-value-matching-is-ascii-case-insensitive.html

  • css/SelectorChecker.cpp:

(WebCore::attributeValueMatches):

  • cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::attributeValueContains):
(WebCore::SelectorCompiler::attributeValueSpaceSeparetedListContains):

Source/WTF:

Add some utility functions to the string classes to find substrings
using ASCII case-insensitive comparisons.

  • wtf/text/AtomicString.h:

(WTF::AtomicString::contains):
Add the light version that only lock one register.

(WTF::AtomicString::containsIgnoringASCIICase):
(WTF::AtomicString::findIgnoringASCIICase):

  • wtf/text/StringCommon.h:

(WTF::findIgnoringASCIICase):
This is the common implementation used by StringView and StringImpl.

  • wtf/text/StringImpl.cpp:

(WTF::StringImpl::findIgnoringASCIICase):

  • wtf/text/StringImpl.h:
  • wtf/text/StringView.cpp:

(WTF::StringView::containsIgnoringASCIICase):
(WTF::StringView::findIgnoringASCIICase):

  • wtf/text/StringView.h:
  • wtf/text/WTFString.h:

(WTF::String::findIgnoringASCIICase):
(WTF::String::contains):
(WTF::String::containsIgnoringASCIICase):

Tools:

Add tests for the new features and fix some existing tests using the
stringFromUTF8() utility recently added by Dhi.

  • TestWebKitAPI/Tests/WTF/StringImpl.cpp:

(TestWebKitAPI::stringFromUTF8):

  • TestWebKitAPI/Tests/WTF/StringView.cpp:

LayoutTests:

  • fast/selectors/attribute-contains-value-matching-is-ascii-case-insensitive-expected.txt: Added.
  • fast/selectors/attribute-contains-value-matching-is-ascii-case-insensitive.html: Added.
  • fast/selectors/attribute-list-value-matching-is-ascii-case-insensitive-expected.txt: Added.
  • fast/selectors/attribute-list-value-matching-is-ascii-case-insensitive.html: Added.
10:02 PM Changeset in webkit [181844] by commit-queue@webkit.org
  • 35 edits in trunk/Source/WebInspectorUI

Web Inspector: Adopt ES6 Class Syntax for all Controller Objects
https://bugs.webkit.org/show_bug.cgi?id=142890

Patch by Matt Baker <Matt Baker> on 2015-03-22
Reviewed by Joseph Pecoraro.

  • Convert all UserInterface/Controllers objects to classes
  • Convert constructor functions to constructor methods
  • Convert "constructor.method" to class static methods where possible
  • Convert all methods to method syntax, eliminate commas between methods
  • Convert all superclass calls in classes to use "super"
  • Removed FIXME from WebInspector.Object subclasses, added calls to super.
  • Fixed strict mode issues now that classes enforce strict mode (see below).
  • Tools/PrettyPrinting/Formatter.js:
  • Tools/PrettyPrinting/FormatterContentBuilder.js:

Updated to match corresponding files in UserInterface/Controllers.

  • UserInterface/Controllers/*.js:

Many files modified mostly mechanically (regex find-replace).

  • UserInterface/Controllers/CodeMirrorCompletionController.js:
  • UserInterface/Controllers/FormatterContentBuilder.js:

Replaced const usage with var. Use of const is prohibited in strict mode, which is implicit within a class.

  • UserInterface/Controllers/CodeMirrorTokenTrackingController.js:
  • UserInterface/Controllers/DOMTreeManager.js:

Moved function declarations out of if statements. Strict mode does not allow function declarations in a lexically nested statement.

9:16 PM Feature Status created by benjamin@webkit.org
Bucnh of ideas for the status page.
8:41 PM Changeset in webkit [181843] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

[GTK] install-dependencies should install orc
https://bugs.webkit.org/show_bug.cgi?id=142955

Patch by Michael Catanzaro <Michael Catanzaro> on 2015-03-22
Reviewed by Martin Robinson.

Install orc, needed by openwebrtc

  • gtk/install-dependencies:
7:47 PM Changeset in webkit [181842] by gyuyoung.kim@samsung.com
  • 2 edits in trunk/LayoutTests

[EFL] Update new flaky tests and remove duplicated failure test.

Unreviewed EFL gardening.

  • platform/efl/TestExpectations:

Remove duplicted attachment tests, and add new flaky tests regarding svg clip-path, pattern scale.

7:18 PM Changeset in webkit [181841] by fpizlo@apple.com
  • 5 edits
    1 delete in trunk/Source/JavaScriptCore

Remove DFG::ValueRecoveryOverride; it's been dead since we removed forward speculations
https://bugs.webkit.org/show_bug.cgi?id=142956

Rubber stamped by Gyuyoung Kim.

Just removing dead code.

  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGOSRExit.h:
  • dfg/DFGOSRExitCompiler.cpp:
  • dfg/DFGValueRecoveryOverride.h: Removed.
7:04 PM Changeset in webkit [181840] by benjamin@webkit.org
  • 4 edits in trunk

Detect when url filter pattern with groups match the empty string
https://bugs.webkit.org/show_bug.cgi?id=142930

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-03-22
Reviewed by Sam Weinig.

Source/WebCore:

The previous test was only accounting for simple atoms. This patch extends
it to groups.

  • contentextensions/URLFilterParser.cpp:

(WebCore::ContentExtensions::Term::quantify):
(WebCore::ContentExtensions::Term::matchesAtLeastOneCharacter):
(WebCore::ContentExtensions::GraphBuilder::finalize):
(WebCore::ContentExtensions::Term::quantifier): Deleted.

Tools:

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:
6:28 PM Changeset in webkit [181839] by gyuyoung.kim@samsung.com
  • 2 edits in trunk/LayoutTests

[EFL] Unreviewed EFL gradening on 23th Mar.

Skip attachment tests, unskip passing tests related with writing, webaudio.
Add new flaky tests.

  • platform/efl/TestExpectations:
6:15 PM WebKitGTK/Dependencies edited by Michael Catanzaro
typo fix (diff)
6:11 PM WebKitGTK/Dependencies edited by Michael Catanzaro
Add license warning for gnutls, since LGPLv3+ patent giveaway is … (diff)
6:08 PM Changeset in webkit [181838] by eric.carlson@apple.com
  • 20 edits
    2 adds in trunk/Source

[Mac] Enable WIRELESS_PLAYBACK_TARGET for WK1
https://bugs.webkit.org/show_bug.cgi?id=142940

Reviewed by Sam Weinig.

Source/WebCore:

  • dom/Document.cpp:

(WebCore::Document::didChoosePlaybackTarget): const-ify the didChoosePlaybackTarget argument.

  • dom/Document.h:
  • html/HTMLMediaSession.cpp:

(WebCore::HTMLMediaSession::didChoosePlaybackTarget): Ditto.

  • html/HTMLMediaSession.h:
  • page/Page.cpp:

(WebCore::Page::didChoosePlaybackTarget): Ditto.

  • page/Page.h:
  • platform/audio/MediaSession.h:
  • platform/graphics/MediaPlaybackTargetPickerClient.h:
  • platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:

(WebCore::MediaPlaybackTargetPickerMac::devicePicker): Ditto.

Source/WebKit/mac:

  • WebCoreSupport/WebChromeClient.h:
  • WebCoreSupport/WebChromeClient.mm:

(WebChromeClient::showPlaybackTargetPicker): New.
(WebChromeClient::startingMonitoringPlaybackTargets): New.
(WebChromeClient::stopMonitoringPlaybackTargets): New.

  • WebView/WebView.mm:

(-[WebView _close]): Invalidate and free the target picker.
(-[WebView _devicePicker]): New.
(-[WebView _showPlaybackTargetPicker:hasVideo:]): New.
(-[WebView _startingMonitoringPlaybackTargets]): New.
(-[WebView _stopMonitoringPlaybackTargets]): New.

  • WebView/WebMediaPlaybackTargetPicker.h:
  • WebView/WebMediaPlaybackTargetPicker.mm:

(WebMediaPlaybackTargetPicker::create): New.
(WebMediaPlaybackTargetPicker::WebMediaPlaybackTargetPicker): New.
(WebMediaPlaybackTargetPicker::showPlaybackTargetPicker): New.
(WebMediaPlaybackTargetPicker::startingMonitoringPlaybackTargets): New.
(WebMediaPlaybackTargetPicker::stopMonitoringPlaybackTargets): New.
(WebMediaPlaybackTargetPicker::didChoosePlaybackTarget): New.
(WebMediaPlaybackTargetPicker::externalOutputDeviceAvailableDidChange): New.
(WebMediaPlaybackTargetPicker::invalidate): New.
(WebMediaPlaybackTargetPicker::targetPicker): New.

  • WebView/WebViewData.h:

(WebMediaPlaybackTargetPicker::~WebMediaPlaybackTargetPicker):

  • WebView/WebViewData.mm:
  • WebView/WebViewInternal.h:

Source/WebKit2:

  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::playbackTargetSelected): Argument to didChoosePlaybackTarget is now const.

3:50 PM Changeset in webkit [181837] by andersca@apple.com
  • 14 edits in trunk

_WKWebsiteDataStore should clear WebSQL databases
https://bugs.webkit.org/show_bug.cgi?id=142947
Source/WebCore:

Reviewed by Sam Weinig.

  • Modules/webdatabase/DatabaseTracker.cpp:

(WebCore::DatabaseTracker::trackerWithDatabasePath):
Add a hack so we can get at a tracker from the UI process.

(WebCore::DatabaseTracker::deleteDatabasesModifiedSince):
New function that deletes all databases modified after a given time.

  • Modules/webdatabase/DatabaseTracker.h:

Add new members and export the ones we want to call from WebKit2.

  • Modules/webdatabase/OriginLock.h:

Export the destructor.

Source/WebKit2:

rdar://problem/20242174

Reviewed by Sam Weinig.

  • Shared/WebsiteData/WebsiteDataTypes.h:

Add WebsiteDataTypeWebSQLDatabases.

  • UIProcess/API/Cocoa/APIWebsiteDataStoreCocoa.mm:

(API::WebsiteDataStore::defaultDataStoreConfiguration):
Initialize configuration.webSQLDatabaseDirectory.

  • UIProcess/API/Cocoa/_WKWebsiteDataRecord.h:

Add WKWebsiteDataTypeWebSQLDatabases.

  • UIProcess/API/Cocoa/_WKWebsiteDataRecord.mm:

(dataTypesToString):
Handle WKWebsiteDataTypeWebSQLDatabases.

  • UIProcess/API/Cocoa/_WKWebsiteDataRecordInternal.h:

(WebKit::toWebsiteDataTypes):
(WebKit::toWKWebsiteDataTypes):
Handle WKWebsiteDataTypeWebSQLDatabases and WebsiteDataTypes::WebsiteDataTypeWebSQLDatabases.

  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::WebsiteDataStore):
Initialize m_webSQLDatabaseDirectory and add a queue member variable.

(WebKit::WebsiteDataStore::fetchData):
Fetch database origins.

(WebKit::WebsiteDataStore::removeData):
Remove databases.

  • UIProcess/WebsiteData/WebsiteDataStore.h:

Add new members.

Tools:

Reviewed by Sam Weinig.

Add a variable that keeps track of the types of data we want to operate on, for easier debugging.

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController fetchWebsiteData:]):
(-[WK2BrowserWindowController fetchAndClearWebsiteData:]):
(-[WK2BrowserWindowController clearWebsiteData:]):

2:44 PM Changeset in webkit [181836] by mitz@apple.com
  • 11 edits in trunk/Source/WebKit2

[iOS] Expose WebPageProxy::setInitialFocus as SPI
https://bugs.webkit.org/show_bug.cgi?id=142951

Reviewed by Anders Carlsson.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _becomeFirstResponderWithSelectionMovingForward:completionHandler:]): New SPI.
Just calls through to WKWebContentView, but allows a nil completion handler.

  • UIProcess/API/Cocoa/WKWebViewPrivate.h:
  • UIProcess/API/mac/WKView.mm:

(-[WKView becomeFirstResponder]): Pass an empty lambda for the new callback parameter to
WebPageProxy::setInitialFocus.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::setInitialFocus): Added a void callback parameter and made sure to
call it.

  • UIProcess/WebPageProxy.h:
  • UIProcess/ios/WKContentViewInteraction.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _becomeFirstResponderWithSelectionMovingForward:completionHandler:]):
Added. Calls WebPageProxy::setInitialFocus, and once that completes, checks if anything was
focused and if so, becomes first responder, then calls the completion handler.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::setInitialFocus): Added a callbackID parameter, and made sure to send the
callback message. Added a temporary change of m_userIsInteracting to true, so that the UI
process won’t ignore any StartAssistingNode message resulting from the focus change.

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in: Added a callbackID parameter to SetInitialFocus.
12:35 PM Changeset in webkit [181835] by fpizlo@apple.com
  • 4 edits in trunk/Source/JavaScriptCore

DFG OSR exit shouldn't assume that the frame count for exit is greater than the frame count in DFG
https://bugs.webkit.org/show_bug.cgi?id=142948

Reviewed by Sam Weinig.

It's necessary to ensure that the stack pointer accounts for the extent of our stack usage
since a signal may clobber the area below the stack pointer. When the DFG is executing,
the stack pointer accounts for the DFG's worst-case stack usage. When we OSR exit back to
baseline, we will use a different amount of stack. This is because baseline is a different
compiler. It will make different decisions. So it will use a different amount of stack.

This gets tricky when we are in the process of doing an OSR exit, because we are sort of
incrementally transforming the stack from how it looked in the DFG to how it will look in
baseline. The most conservative approach would be to set the stack pointer to the max of
DFG and baseline.

When this code was written, a reckless assumption was made: that the stack usage in
baseline is always at least as large as the stack usage in DFG. Based on this incorrect
assumption, the code first adjusts the stack pointer to account for the baseline stack
usage. This sort of usually works, because usually baseline does happen to use more stack.
But that's not an invariant. Nobody guarantees this. We will never make any changes that
would make this be guaranteed, because that would be antithetical to how optimizing
compilers work. The DFG should be allowed to use however much stack it decides that it
should use in order to get good performance, and it shouldn't try to guarantee that it
always uses less stack than baseline.

As such, we must always assume that the frame size for DFG execution (i.e.
frameRegisterCount) and the frame size in baseline once we exit (i.e.
requiredRegisterCountForExit) are two independent quantities and they have no
relationship.

Fortunately, though, this code can be made correct by just moving the stack adjustment to
just before we do conversions. This is because we have since changed the OSR exit
algorithm to first lift up all state from the DFG state into a scratch buffer, and then to
drop it out of the scratch buffer and into the stack according to the baseline layout. The
point just before conversions is the point where we have finished reading the DFG frame
and will not read it anymore, and we haven't started writing the baseline frame. So, at
this point it is safe to set the stack pointer to account for the frame size at exit.

This is benign because baseline happens to create larger frames than DFG.

  • dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

  • dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::adjustAndJumpToTarget):

12:09 PM Changeset in webkit [181834] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Shorten the number of iterations to 10,000 since that's enough to test all tiers.

Rubber stamped by Sam Weinig.

  • tests/stress/equals-masquerader.js:
11:25 AM Changeset in webkit [181833] by fpizlo@apple.com
  • 11 edits in trunk/Source/JavaScriptCore

tests/stress/*tdz* tests do 10x more iterations than necessary
https://bugs.webkit.org/show_bug.cgi?id=142946

Reviewed by Ryosuke Niwa.

The stress test harness runs all of these tests in various configurations. This includes
no-cjit, which has tier-up heuristics locked in such a way that 10,000 iterations is
enough to get to the highest tier. The only exceptions are very large functions or
functions that have some reoptimizations. That happens rarely, and when it does happen,
usually 20,000 iterations is enough.

Therefore, these tests use 10x too many iterations. This is bad, since these tests
allocate on each iteration, and so they run very slowly in debug mode.

  • tests/stress/class-syntax-no-loop-tdz.js:
  • tests/stress/class-syntax-no-tdz-in-catch.js:
  • tests/stress/class-syntax-no-tdz-in-conditional.js:
  • tests/stress/class-syntax-no-tdz-in-loop-no-inline-super.js:
  • tests/stress/class-syntax-no-tdz-in-loop.js:
  • tests/stress/class-syntax-no-tdz.js:
  • tests/stress/class-syntax-tdz-in-catch.js:
  • tests/stress/class-syntax-tdz-in-conditional.js:
  • tests/stress/class-syntax-tdz-in-loop.js:
  • tests/stress/class-syntax-tdz.js:
Note: See TracTimeline for information about the timeline view.