Timeline



Apr 17, 2015:

9:04 PM Changeset in webkit [182982] by jonowells@apple.com
  • 5 edits in trunk/Source/WebInspectorUI

Web Inspector: All sans-serif font family rules should be set the same way.
https://bugs.webkit.org/show_bug.cgi?id=143909

Reviewed by Timothy Hatcher.

Update styles so that all uses of sans-serif font use -webkit-system-font consistently.

  • UserInterface/Views/DefaultDashboardView.css:

(body.mac-platform.legacy .toolbar .dashboard.default > .item):

  • UserInterface/Views/ObjectTreePropertyTreeElement.css:

(.object-tree-property .prototype-name):

  • UserInterface/Views/ObjectTreeView.css:

(.object-tree-outline li .empty-message):

  • UserInterface/Views/RenderingFrameTimelineOverviewGraph.css:

(.timeline-overview-graph.rendering-frame > .divider > .label):

7:55 PM Changeset in webkit [182981] by aestes@apple.com
  • 2 edits in branches/safari-600.6-branch/Source/WebCore

Merged r181409. rdar://problem/20540512

6:04 PM Changeset in webkit [182980] by timothy_horton@apple.com
  • 3 edits in trunk/Source/WebKit2

Clients sometimes block for 500ms in waitForPossibleGeometryUpdates
https://bugs.webkit.org/show_bug.cgi?id=143901
<rdar://problem/20488655>

Reviewed by Anders Carlsson.

  • Platform/IPC/Connection.cpp:

(IPC::Connection::waitForMessage):
InterruptWaitingIfSyncMessageArrives already cancels waitForMessage if
a sync message arrives while waiting, but it should also avoid waiting
if there's a sync message already in the queue when the waiting starts,
as that will have the same nasty effect.

  • UIProcess/mac/TiledCoreAnimationDrawingAreaProxy.mm:

(WebKit::TiledCoreAnimationDrawingAreaProxy::waitForPossibleGeometryUpdate):
If a synchronous message comes in from the Web process while we're waiting,
cancel our synchronous wait for DidUpdateGeometry. This will cause the size
change to not synchronize with the Web process' painting, but that is better
than pointlessly blocking for 500ms.

5:46 PM Changeset in webkit [182979] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

Possible null pointer dereference in WebDiagnosticLoggingClient::logDiagnosticMessageWithValue()
https://bugs.webkit.org/show_bug.cgi?id=143899
<rdar://problem/20584215>

Reviewed by Anders Carlsson.

WebDiagnosticLoggingClient::logDiagnosticMessage*() methods failed to
check that m_page.corePage() was non-null before dereferencing, thus
causing crashes when it is null.

  • WebProcess/WebCoreSupport/WebDiagnosticLoggingClient.cpp:

(WebKit::WebDiagnosticLoggingClient::logDiagnosticMessage):
(WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithResult):
(WebKit::WebDiagnosticLoggingClient::logDiagnosticMessageWithValue):

5:12 PM Changeset in webkit [182978] by Lucas Forschler
  • 3 edits in branches/safari-600.6-branch

Rollout r182965.

3:45 PM Changeset in webkit [182977] by ap@apple.com
  • 2 edits in trunk/Source/WTF

Use ASan poisoning to taint moved-out-of Refs
https://bugs.webkit.org/show_bug.cgi?id=143894
rdar://problem/19443723

Reviewed by Darin Adler.

  • wtf/Ref.h: (WTF::Ref::~Ref):
3:29 PM Changeset in webkit [182976] by timothy@apple.com
  • 6 edits in trunk/Source/WebInspectorUI

Web Inspector: Have better inactive window color for pixel borders
https://bugs.webkit.org/show_bug.cgi?id=143888

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/FindBanner.css:

(body.window-inactive .find-banner):

  • UserInterface/Views/Main.css:

(body.window-inactive.docked.bottom):
(body.window-inactive.docked.right):
(body.window-inactive #split-content-browser):

  • UserInterface/Views/NavigationBar.css:

(body.window-inactive .navigation-bar):

  • UserInterface/Views/QuickConsole.css:

(body.window-inactive .quick-console):
(.quick-console.showing-log):

  • UserInterface/Views/Sidebar.css:

(body.window-inactive .sidebar.left):
(body.window-inactive .sidebar.right):

3:28 PM Changeset in webkit [182975] by commit-queue@webkit.org
  • 6 edits in trunk/Source/WebKit2

WebKit client should be able to add view controller for link preview.
https://bugs.webkit.org/show_bug.cgi?id=143686

Add delegate methods to WKUIDelegatePrivate so that a WebKit client can prepare a view controller
for link preview and react to the dismissal of this view controller. Also connect WKContentView to
preview gesture recognizer and forwards the delegate callbacks to corresponding delegate methods
in WKUIDelegatePrivate.

Patch by Yongjun Zhang <yongjun_zhang@apple.com> on 2015-04-17
Reviewed by Beth Dakin.

  • Platform/spi/ios/UIKitSPI.h:
  • UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
  • UIProcess/ios/WKContentView.mm:

(-[WKContentView willMoveToWindow:]):

  • UIProcess/ios/WKContentViewInteraction.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView cleanupInteraction]):
(-[WKContentView gestureRecognizer:canPreventGestureRecognizer:]):
(-[WKContentView gestureRecognizer:shouldRecognizeSimultaneouslyWithGestureRecognizer:]):
(-[WKContentView gestureRecognizerShouldBegin:]):
(-[WKContentView previewViewControllerForPosition:inSourceView:]):
(-[WKContentView commitPreviewViewController:]):
(-[WKContentView willPresentPreviewViewController:forPosition:inSourceView:]):
(-[WKContentView didDismissPreviewViewController:committing:]):

3:25 PM Changeset in webkit [182974] by Bem Jones-Bey
  • 3 edits
    2 adds in trunk

Large values for line-height cause integer overflow in RenderStyle::computedLineHeight
https://bugs.webkit.org/show_bug.cgi?id=143863

Reviewed by Rob Buis.

Source/WebCore:

When we compute huge values for line-height through percentage or CSS
calc, we'll overflow the integer and later on
ShapeOutsideInfo::computeDeltasForContainingBlockLine will ASSERT
because it expects non-negative line height. So for the computed
line-height, clamp to an integer range to avoid overflow. Note that
the code path for percentages here is safe because LayoutUnit clamps
to an int on conversion.

This is based on a Blink patch by Rob Buis.

Test: fast/shapes/shape-outside-floats/shape-outside-negative-line-height-crash.html

  • rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::computedLineHeight): Clamp line-height to an

int to avoid overflow.

LayoutTests:

Simplified test from a fuzzer.

  • fast/shapes/shape-outside-floats/shape-outside-negative-line-height-crash-expected.txt: Added.
  • fast/shapes/shape-outside-floats/shape-outside-negative-line-height-crash.html: Added.
3:22 PM Changeset in webkit [182973] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Unexpected background at top of console when rubber-banding with selection
https://bugs.webkit.org/show_bug.cgi?id=140710

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-04-17
Reviewed by Timothy Hatcher.

  • UserInterface/Views/LogContentView.css:

(.console-messages):
Remove the focus ring on the console's log view, only visible when rubber-banding.

2:59 PM Changeset in webkit [182972] by Lucas Forschler
  • 2 edits in branches/safari-600.6-branch/LayoutTests

Merged r182299. rdar://problem/20540450

2:58 PM Changeset in webkit [182971] by ap@apple.com
  • 7 edits
    1 delete in trunk/Source

Remove unused BoundsCheckedPointer
https://bugs.webkit.org/show_bug.cgi?id=143896

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

  • bytecode/SpeculatedType.cpp: The header was included here.

Source/WTF:

  • WTF.vcxproj/WTF.vcxproj:
  • WTF.vcxproj/WTF.vcxproj.filters:
  • WTF.xcodeproj/project.pbxproj:
  • wtf/BoundsCheckedPointer.h: Removed.
  • wtf/CMakeLists.txt:
2:55 PM Changeset in webkit [182970] by Lucas Forschler
  • 2 edits in branches/safari-600.6-branch/Source/WebKit2

Merged r182285. rdar://problem/20540450

2:52 PM Changeset in webkit [182969] by Lucas Forschler
  • 5 edits in branches/safari-600.6-branch

Merged r182284. rdar://problem/20540450

2:46 PM Changeset in webkit [182968] by Lucas Forschler
  • 3 edits
    2 copies in branches/safari-600.6-branch

Merged r182051. rdar://problem/20540237

2:22 PM Changeset in webkit [182967] by Yusuke Suzuki
  • 5 edits in trunk

[ES6] Fix name enumeration of static functions for Symbol constructor
https://bugs.webkit.org/show_bug.cgi?id=143891

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Fix missing symbolPrototypeTable registration to the js class object.
This patch fixes name enumeration of static functions (Symbol.key, Symbol.keyFor) for Symbol constructor.

  • runtime/SymbolConstructor.cpp:

LayoutTests:

Add property names tests for Symbol constructor, Symbol object and Symbol.prototype.

  • js/Object-getOwnPropertyNames-expected.txt: Removed.
  • js/script-tests/Object-getOwnPropertyNames.js:
2:21 PM Changeset in webkit [182966] by Lucas Forschler
  • 4 edits in branches/safari-600.6-branch

Merged r181864. rdar://problem/20540342

2:18 PM Changeset in webkit [182965] by Lucas Forschler
  • 3 edits in branches/safari-600.6-branch

Merged r181409. rdar://problem/20540512

1:13 PM Changeset in webkit [182964] by dbates@webkit.org
  • 3 edits
    2 adds in trunk

Not able to build WebKit against iOS Simulator 8.3 SDK
https://bugs.webkit.org/show_bug.cgi?id=143883

Reviewed by David Kilzer.

Tools:

Copy libraries libWebKitSystemInterfaceIOS{Device, Simulator}8.3.a to the built product directory
so that Xcode uses them.

  • Scripts/copy-webkitlibraries-to-product-directory:

WebKitLibraries:

Add WebKitSystemInterface for iOS 8.3.

  • libWebKitSystemInterfaceIOSDevice8.3.a: Added.
  • libWebKitSystemInterfaceIOSSimulator8.3.a: Added.
12:55 PM Changeset in webkit [182963] by Beth Dakin
  • 39 edits
    6 adds in trunk

Force mouse events should go through normal mouse event handling code paths
https://bugs.webkit.org/show_bug.cgi?id=143749
-and corresponding-
rdar://problem/20472895

Reviewed by Dean Jackson.

Source/WebCore:

This patch moves all of the code to dispatch mouseforcedown, mouseforceup, and
mouseforcechanged into normal mouse event dispatching code. This patch leaves
behind the cancel and click events because we plan to remove those, and it also
leaves mouseforcewillbegin because that is necessarily a very different event more
tied to the NSImmediateActionGestureRecognizer than these other events which are
tied to NSResponder’s pressureChangeWithEvent.

New helper functions.

  • dom/Document.cpp:

(WebCore::Document::hasListenerTypeForEventType):

  • dom/Document.h:
  • dom/Element.cpp:

(WebCore::isForceEvent):

Move the code to ensure the force events have listeners in order to fire to
dispatchMouseEvent, and delete the old implementations.
(WebCore::Element::dispatchMouseEvent):
(WebCore::Element::dispatchMouseForceChanged): Deleted.
(WebCore::Element::dispatchMouseForceDown): Deleted.
(WebCore::Element::dispatchMouseForceUp): Deleted.

  • dom/Element.h:

Perform a hit test and pipe the events through dispatchMouseEvent().

  • page/EventHandler.cpp:

(WebCore::EventHandler::handleMouseForceEvent):

  • page/EventHandler.h:

New types for the new events.

  • platform/PlatformEvent.h:

Forward to EventHandler.

  • replay/UserInputBridge.cpp:

(WebCore::UserInputBridge::handleMouseForceEvent):

  • replay/UserInputBridge.h:

Source/WebKit2:

This patch makes pressureChangeWithEvent create NativeWebMouseEvents with the
NSEventTypePressures that is gets and sends those down to the web process.

Re-name pressureEvent to lastPressureEvent. Now that event can sometimes be an
NSEventTypePressure, the new name makes it clear how the second parameter differs
from the first.

  • Shared/NativeWebMouseEvent.h:

New event types for the new types of events.

  • Shared/WebEvent.h:
  • Shared/WebEventConversion.cpp:

(WebKit::WebKit2PlatformMouseEvent::WebKit2PlatformMouseEvent):

  • Shared/mac/NativeWebMouseEventMac.mm:

(WebKit::NativeWebMouseEvent::NativeWebMouseEvent):

  • Shared/mac/WebEventFactory.h:

All of the square-peg, round-hole problems of massaging the NSEventTypePressures
events into WebMouseEvents is taken care of here.

  • Shared/mac/WebEventFactory.mm:

(WebKit::mouseButtonForEvent):
(WebKit::globalPointForEvent):
(WebKit::pointForEvent):
(WebKit::WebEventFactory::createWebMouseEvent):

Instead of calling the old inputDeviceForceDidChange, create a NativeWebMouseEvent
and handle it.

  • UIProcess/API/mac/WKView.mm:

(-[WKView pressureChangeWithEvent:]):

Handle the new types.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didReceiveEvent):

Can delete inputDeviceForceDidChange since it’s no longer used.
(WebKit::WebPageProxy::inputDeviceForceDidChange): Deleted.

  • UIProcess/WebPageProxy.h:

Handle the new types of mouse events properly.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::handleMouseEvent):

Delete inputDeviceForceDidChange() and m_lastForceStage.

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::inputDeviceForceDidChange): Deleted.

Handle new WebEvent types.

  • WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp:

Tools:

Add mouseForceDown/mouseForceUp/mouseForceChanged support to WebKitTestRunner.
Since there is not a way to create an NSEventTypePressure from scratch, we
subclass NSEvent and override all of the critical methods.

  • WebKitTestRunner/EventSenderProxy.h:
  • WebKitTestRunner/InjectedBundle/Bindings/EventSendingController.idl:
  • WebKitTestRunner/InjectedBundle/EventSendingController.cpp:

(WTR::EventSendingController::mouseForceDown):
(WTR::EventSendingController::mouseForceUp):
(WTR::EventSendingController::mouseForceChanged):

  • WebKitTestRunner/InjectedBundle/EventSendingController.h:
  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::didReceiveSynchronousMessageFromInjectedBundle):

  • WebKitTestRunner/mac/EventSenderProxy.mm:

(-[EventSenderPressureEvent initAtLocation:globalLocation:stage:pressure:phase:time:eventNumber:]):
(-[EventSenderPressureEvent timestamp]):
(-[EventSenderPressureEvent type]):
(-[EventSenderPressureEvent locationInWindow]):
(-[EventSenderPressureEvent location]):
(-[EventSenderPressureEvent stage]):
(-[EventSenderPressureEvent pressure]):
(-[EventSenderPressureEvent phase]):
(-[EventSenderPressureEvent eventNumber]):
(WTR::EventSenderProxy::mouseForceDown):
(WTR::EventSenderProxy::mouseForceUp):
(WTR::EventSenderProxy::mouseForceChanged):

LayoutTests:

Just a few new tests. More to come.

  • fast/events/mouse-force-changed-expected.txt: Added.
  • fast/events/mouse-force-changed.html: Added.
  • fast/events/mouse-force-down-expected.txt: Added.
  • fast/events/mouse-force-down.html: Added.
  • fast/events/mouse-force-up-expected.txt: Added.
  • fast/events/mouse-force-up.html: Added.

Right now the new tests will only work on Mac 10.10.3 and beyond.

  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:
  • platform/ios-simulator/TestExpectations:
  • platform/mac-mavericks/TestExpectations:
  • platform/win/TestExpectations:
12:53 PM Changeset in webkit [182962] by Alan Bujtas
  • 2 edits in trunk/Source/WebCore

RenderTableCell::computeCollapsed*Border() should check if the cell is still attached to the render tree.
https://bugs.webkit.org/show_bug.cgi?id=143887
rdar://problem/20568989

Reviewed by Simon Fraser.

Detached table cell has no access to its parent table. This is a speculative fix to
avoid dereferencing the invalid table pointer.

  • rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::computeCollapsedStartBorder):
(WebCore::RenderTableCell::computeCollapsedEndBorder):
(WebCore::RenderTableCell::computeCollapsedBeforeBorder):
(WebCore::RenderTableCell::computeCollapsedAfterBorder):

12:08 PM Changeset in webkit [182961] by Lucas Forschler
  • 12 edits
    6 copies in branches/safari-600.6-branch

Merged r180110. rdar://problem/20540540

12:08 PM Changeset in webkit [182960] by ap@apple.com
  • 2 edits in trunk/Tools

build.webkit.org/dashboard still shows obsolete results for out of order builds sometimes
https://bugs.webkit.org/show_bug.cgi?id=143885

Reviewed by Tim Horton.

Fixed a case where we have two builds with the same revision(s). An in order build
is one for which the revision is strictly higher.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotQueue.js:

(BuildbotQueue.prototype._checkForInOrderResult):
(BuildbotQueue.prototype.compareIterationsByRevisions):

11:50 AM Changeset in webkit [182959] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Inline JSFunction allocation in DFG
https://bugs.webkit.org/show_bug.cgi?id=143858

Patch by Basile Clement <basile_clement@apple.com> on 2015-04-17
Reviewed by Filip Pizlo.

Followup to my previous patch which inlines JSFunction allocation when
using FTL, now also enabled in DFG.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewFunction):

11:35 AM Changeset in webkit [182958] by roger_fong@apple.com
  • 2 edits in trunk/Source/WebCore

Update fullscreen button visibility on fullscreen change.
https://bugs.webkit.org/show_bug.cgi?id=143861.
<rdar://problem/20143218>

Reviewed by Eric Carlson.

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller): There is no need for hasVisualMedia to be a class variable.
(Controller.prototype.handleReadyStateChange):
(Controller.prototype.handleFullscreenChange):
(Controller.prototype.updateFullscreenButtons):

11:21 AM Changeset in webkit [182957] by dbates@webkit.org
  • 13 edits
    2 adds in trunk

REGRESSION: SVG does not support link dragging
https://bugs.webkit.org/show_bug.cgi?id=141597

Reviewed by Darin Adler.

Source/WebCore:

Fixes an issue where a SVG hyperlink cannot be dragged. We should support
dragging an SVG A element just as we support dragging an HTML A element.

Test: fast/events/drag-and-drop-link.html

  • page/DragController.cpp: Removed explicit include of header Element.h as it will

be ultimately included by HTMLAnchorElement.h, among other headers.
(WebCore::isDraggableLink): Added. Extracted code from HitTestResult::isLiveLink().
(WebCore::DragController::draggableElement): Call WebCore::isDraggableLink() to
determine whether a element is a hyperlink that can be dragged.

  • page/DragController.h:
  • page/EventHandler.cpp:

(WebCore::EventHandler::selectClosestWordOrLinkFromMouseEvent): Write code in terms of

WebCore::isDraggableLink().

  • rendering/HitTestResult.cpp:

(WebCore::HitTestResult::isLiveLink): Deleted.

  • rendering/HitTestResult.h:

Source/WebKit/mac:

Write -[WebElementDictionary _isLiveLink] in terms of WebCore::isDraggableLink().

  • Misc/WebElementDictionary.mm:

(-[WebElementDictionary _isLiveLink]):

LayoutTests:

Add a test to ensure we do not regress dragging of a HTML hyperlink or a SVG hyperlink.

  • fast/events/drag-and-drop-link-expected.txt: Added.
  • fast/events/drag-and-drop-link.html: Added.
  • platform/efl/TestExpectations: Mark the test as "failure" since EFL does not support drag-and-drop.
  • platform/gtk/TestExpectations: Mark the test as "failure" until we implement drag-and-drop support for

GTK+ as part of fixing <https://bugs.webkit.org/show_bug.cgi?id=42194>.

  • platform/ios-simulator/TestExpectations: Skip the test since iOS does not implement

drag-and-drop support.

  • platform/mac-wk2/TestExpectations: Skip the test until we implement drag-and-drop support in EventSender

for Mac as part of fixing <https://bugs.webkit.org/show_bug.cgi?id=42194>.

10:33 AM Changeset in webkit [182956] by commit-queue@webkit.org
  • 38 edits
    6 deletes in trunk

Unreviewed, rolling out r182912 and r182920.
https://bugs.webkit.org/show_bug.cgi?id=143881

Build breakage in some configurations (Requested by ap on
#webkit).

Reverted changesets:

"Force mouse events should go through normal mouse event
handling code paths"
https://bugs.webkit.org/show_bug.cgi?id=143749
http://trac.webkit.org/changeset/182912

http://trac.webkit.org/changeset/182920

10:30 AM Changeset in webkit [182955] by Said Abou-Hallawa
  • 2 edits in trunk/Source/WebCore

Fix review comments for https://bugs.webkit.org/show_bug.cgi?id=143590
following http://trac.webkit.org/changeset/182876.

Reviewed by Daniel Bates.

  • ChangeLog:

Fixed typo.

  • style/StyleFontSizeFunctions.cpp:

(WebCore::Style::computedFontSizeFromSpecifiedSize):
Fixed a typo in an enum definition and changed the name of an argument.

10:07 AM Changeset in webkit [182954] by Antti Koivisto
  • 4 edits in trunk/Source/WebKit2

Network Cache: Read resource record and body in parallel
https://bugs.webkit.org/show_bug.cgi?id=143879

Reviewed by Chris Dumez.

We currently first fetch the record file and then fetch the body blob if needed.
We can do both operations in parallel to reduce latency.

  • NetworkProcess/cache/NetworkCacheFileSystemPosix.h:

(WebKit::NetworkCache::traverseCacheFiles):

Do all validation in the client.

  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::Storage::synchronize):

Maintain a bloom filter that contains the body blobs to avoid unnecessary IO attempts.
Delete any unknown file in cache directory.

(WebKit::NetworkCache::Storage::addToRecordFilter):

More informative name for record filter.

(WebKit::NetworkCache::Storage::mayContain):
(WebKit::NetworkCache::Storage::readRecord):
(WebKit::NetworkCache::Storage::storeBodyAsBlob):
(WebKit::NetworkCache::Storage::dispatchReadOperation):

Start record read IO and body blob read IO in parallel.

(WebKit::NetworkCache::Storage::finishReadOperation):

The read is finished when we have both the record and the blob.

(WebKit::NetworkCache::Storage::dispatchWriteOperation):
(WebKit::NetworkCache::Storage::retrieve):
(WebKit::NetworkCache::Storage::store):
(WebKit::NetworkCache::Storage::traverse):
(WebKit::NetworkCache::Storage::clear):
(WebKit::NetworkCache::Storage::shrink):
(WebKit::NetworkCache::Storage::addToContentsFilter): Deleted.
(WebKit::NetworkCache::Storage::decodeRecord): Deleted.

  • NetworkProcess/cache/NetworkCacheStorage.h:

(WebKit::NetworkCache::Storage::ReadOperation::ReadOperation):

ReadOperation is now mutable and gathers the read result.

9:49 AM Changeset in webkit [182953] by bshafiei@apple.com
  • 5 edits in tags/Safari-601.1.27.2/Source

Versioning.

9:45 AM Changeset in webkit [182952] by andersca@apple.com
  • 2 edits in trunk/Source/WebKit2

Stop installing WebKit2.framework
https://bugs.webkit.org/show_bug.cgi?id=143860
rdar://problem/18298491

Reviewed by Dan Bernstein.

  • Configurations/WebKit2.xcconfig:

Set SKIP_INSTALL=YES for all SDKs except 10.9 where we still need it.

9:44 AM Changeset in webkit [182951] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.27.2

New tag.

8:32 AM Changeset in webkit [182950] by commit-queue@webkit.org
  • 2 edits in trunk/LayoutTests

[GTK] Gardening 17th April.
https://bugs.webkit.org/show_bug.cgi?id=143870

Unreviewed.

Patch by Marcos Chavarría Teijeiro <chavarria1991@gmail.com> on 2015-04-17

  • platform/gtk/TestExpectations:
5:53 AM Changeset in webkit [182949] by Gyuyoung Kim
  • 2 edits in trunk/LayoutTests

[EFL] Unreviewed EFL gardening on 17 April.

Mark 5 form tests and 3 navigation tests to failure.

  • platform/efl/TestExpectations:
5:00 AM WebKitGTK/Gardening/Calendar edited by chavarria1991@gmail.com
(diff)
4:58 AM WebKitGTK/Gardening/Calendar edited by chavarria1991@gmail.com
(diff)
4:14 AM Changeset in webkit [182948] by Csaba Osztrogonác
  • 2 edits in trunk/Tools

[GTK] One more unreviewed fix after r182882.

  • TestWebKitAPI/PlatformGTK.cmake: Added back the WebKit2's forwarding header generator dependency.
3:43 AM Changeset in webkit [182947] by Philippe Normand
  • 2 edits in trunk/Source/WebCore

[GStreamer] Silent WebAudio buffers support
https://bugs.webkit.org/show_bug.cgi?id=143869

Reviewed by Carlos Garcia Campos.

  • platform/audio/gstreamer/WebKitWebAudioSourceGStreamer.cpp:

(webKitWebAudioSrcLoop): Set gap flag on silent buffers. The audio
sink can then drop them and avoid un-necessary buffer processing.

3:22 AM Changeset in webkit [182946] by Carlos Garcia Campos
  • 3 edits in trunk/Source/WebKit2

Unreviewed. Fix the build with ENABLE(NETWORK_CACHE) and !ENABLE(SHAREABLE_RESOURCE).

  • NetworkProcess/cache/NetworkCacheEntry.cpp:
  • NetworkProcess/cache/NetworkCacheFileSystemPosix.h:

(WebKit::NetworkCache::fileTimes): There's no st_birthtime in Linux.

3:19 AM Changeset in webkit [182945] by Csaba Osztrogonác
  • 3 edits in trunk/Tools

[GTK] Unreviewed speculative clean build fix after r182882.

TestWebKitAPI's forwarding header generator depended on WeKit2's
which generated SOUP related forwarding headers too.

This dependency isn't necessary and was removed by r182882 to make
forwarding header generators parallelizable. But in this case
TestWebKitAPI's and WebKitTestRunner's forwarding header generator
should generate SOUP related forwarding headers too similar to EFL.

  • TestWebKitAPI/PlatformGTK.cmake:
  • WebKitTestRunner/PlatformGTK.cmake:
3:16 AM Changeset in webkit [182944] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

[SOUP] ResourceRequest cache policy is not encoded/decoded in IPC messages
https://bugs.webkit.org/show_bug.cgi?id=143867

Reviewed by Sergio Villar Senin.

Encode/Decode the ResourceRequest cache policy.

  • Shared/soup/WebCoreArgumentCodersSoup.cpp:

(IPC::ArgumentCoder<ResourceRequest>::encodePlatformData):
(IPC::ArgumentCoder<ResourceRequest>::decodePlatformData):

3:13 AM Changeset in webkit [182943] by Carlos Garcia Campos
  • 4 edits in trunk

[SOUP] Redirect to non HTTP destination is broken
https://bugs.webkit.org/show_bug.cgi?id=143866

Reviewed by Sergio Villar Senin.

Source/WebCore:

This is because we are passing true unconditionally as
isHTTPFamilyRequest parameter of
createSoupRequestAndMessageForHandle in continueAfterWillSendRequest.
We don't actually need to pass isHTTPFamilyRequest parameter to
createSoupRequestAndMessageForHandle, since it can simply check
that from the given request.

Covered by unit tets and also cache/disk-cache/disk-cache-redirect-to-data.html.

  • platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::continueAfterWillSendRequest):
(WebCore::createSoupRequestAndMessageForHandle):
(WebCore::ResourceHandle::start):

Tools:

Add a unit test to check that redirect to a data URI works.

  • TestWebKitAPI/Tests/WebKit2Gtk/TestLoaderClient.cpp:

(testRedirectToDataURI):
(serverCallback):
(beforeAll):

3:03 AM Changeset in webkit [182942] by calvaris@igalia.com
  • 7 edits in trunk/LayoutTests

streams/reference-implementation/readable-stream.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=143778

Unreviewed.

Comment out flaky subtests while working on a more complete
solution.

The problem with these tests is that they set a timeout before the
calling done() and this causes some tests to behave
undeterministically, specilly code related to promise
resolution. This could even cause indetermination if the tests
were expected to run correctly.

We think it is better to comment them out and find a more long
term solution that could involve submitting change requests to the
reference tests in the spec. This will be tackled in bug 143774.

  • streams/reference-implementation/readable-stream-expected.txt:
  • streams/reference-implementation/readable-stream-reader-expected.txt:
  • streams/reference-implementation/readable-stream-reader.html:
  • streams/reference-implementation/readable-stream-templated-expected.txt:
  • streams/reference-implementation/readable-stream-templated.html:
  • streams/reference-implementation/readable-stream.html:

Apr 16, 2015:

11:50 PM Changeset in webkit [182941] by youenn.fablet@crf.canon.fr
  • 2 edits in trunk/LayoutTests

streams/readablestream-reader.html test should really test collected stream case.
https://bugs.webkit.org/show_bug.cgi?id=143818

Reviewed by Darin Adler.

Making the test async so that the stream start async callback is made and the stream be collected.

  • streams/readable-stream-reader.html:
11:06 PM Changeset in webkit [182940] by ap@apple.com
  • 3 edits in trunk/LayoutTests

http/tests/misc/DOMContentLoaded-event.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=143382

Reviewed by Chris Dumez.

  • http/tests/misc/DOMContentLoaded-event-expected.txt:
  • http/tests/misc/DOMContentLoaded-event.html:

Don't race with a timer, just check if some time passes between DOMContentLoaded and load events.

7:10 PM Changeset in webkit [182939] by jonowells@apple.com
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Breakpoint icons should not get pushed off of debugger sidebar due to long resource names
https://bugs.webkit.org/show_bug.cgi?id=142714

Reviewed by Timothy Hatcher.

Modify the styles for content and group containers inside the debugger sidebar panel's detail sections
such that the rules "display: table" and "display: table-row-group" no longer apply. This will make
the file names which use the rule "text-overflow: ellipsis" truncate as expected.

  • UserInterface/Views/DebuggerSidebarPanel.css:

(.sidebar > .panel.navigation.debugger .details-section > .content):
(.sidebar > .panel.navigation.debugger .details-section.collapsed > .content):
(.sidebar > .panel.navigation.debugger .details-section > .content > .group):
(.sidebar > .panel.navigation.debugger .details-section.scripts):
(.sidebar > .panel.navigation.debugger .details-section.scripts .header):
(.sidebar > .panel.navigation.debugger .details-section.scripts.collapsed > .content):

6:36 PM Changeset in webkit [182938] by commit-queue@webkit.org
  • 10 edits in trunk

Number.parseInt is not === global parseInt in nightly r182673
https://bugs.webkit.org/show_bug.cgi?id=143799

Patch by Jordan Harband <ljharb@gmail.com> on 2015-04-16
Reviewed by Darin Adler.

Source/JavaScriptCore:

Ensuring parseInt === Number.parseInt, per spec
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-number.parseint

  • runtime/CommonIdentifiers.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::parseIntFunction):

  • runtime/NumberConstructor.cpp:

(JSC::NumberConstructor::finishCreation):

LayoutTests:

  • js/number-constructor-expected.txt:
  • js/parseInt-expected.txt:
  • js/script-tests/number-constructor.js:
  • js/script-tests/parseInt.js:
6:28 PM Changeset in webkit [182937] by jacob_nielsen@apple.com
  • 3 edits in trunk/Tools

Changes method of quitting iOS Simulator to be more correct.
https://bugs.webkit.org/show_bug.cgi?id=143847
<rdar://problem/20530344>

Reviewed by Darin Adler.

Fixes by addressing the app by ID rather than by name.

  • Scripts/webkitdirs.pm:

(quitIOSSimulator):

  • Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.check_sys_deps):

6:25 PM Changeset in webkit [182936] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Use UNUSED_PARAM instead of the void casting to suppress unused parameter warnings.
https://bugs.webkit.org/show_bug.cgi?id=143750

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-04-16
Reviewed by Darin Adler.

No new tests, no behavior change.

  • WebProcess/Notifications/NotificationPermissionRequestManager.cpp:

(WebKit::NotificationPermissionRequestManager::NotificationPermissionRequestManager):

6:12 PM Changeset in webkit [182935] by achristensen@apple.com
  • 4 edits in trunk/Source/WebCore

Use less memory when compiling content extensions
https://bugs.webkit.org/show_bug.cgi?id=143857

Reviewed by Benjamin Poulain.

When compiling a content extension, we convert the rule list into several intermediate forms:

1) A String.
2) A JSValue from JSONParse in loadEncodedRules.
3) A Vector of ContentExtensionRules.
4) A CombinedURLFilters object representing the pieces of the regular expressions from the triggers.
5) A Vector of NFAs.
6) A DFA for each NFA.
7) A Vector of DFABytecode.

Each one of these contains all the information contained in the content extension,
so we do not need to keep them all in memory at the same time like we are doing now.
When we are done with one, we can free that memory to greatly reduce the maximum memory usage while compiling.
The next step will be to reduce the copies of the original JSON String and to generate NFAs one at a time.

  • contentextensions/CombinedURLFilters.cpp:

(WebCore::ContentExtensions::CombinedURLFilters::clear):

  • contentextensions/CombinedURLFilters.h:
  • contentextensions/ContentExtensionCompiler.cpp:

(WebCore::ContentExtensions::compileRuleList):
Clear structures when finished using them.

6:03 PM Changeset in webkit [182934] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Gardening: fix CLOOP build after r182927.

Not reviewed.

  • interpreter/StackVisitor.cpp:

(JSC::StackVisitor::Frame::print):

6:00 PM Changeset in webkit [182933] by Joseph Pecoraro
  • 5 edits in trunk/Source/WebInspectorUI

Web Inspector: Should include "Log Value" context menu item in Preview and Collapsed ObjectTree
https://bugs.webkit.org/show_bug.cgi?id=143845

Reviewed by Timothy Hatcher.

Give previews the same "Log Value" context menu so that if you just log
a bunch of objects to the console you can quickly turn that entire object
into a $n reference in the console to interact with.

  • UserInterface/Views/ObjectPreviewView.js:

(WebInspector.ObjectPreviewView.prototype.setOriginatingObjectInfo):
(WebInspector.ObjectPreviewView.prototype._contextMenuHandler):
Provide API to refer to a RemoteObject and optional PropertyPath
that can be used to give the preview a "Log Value" context menu.

  • UserInterface/Views/ConsoleMessageView.js:

(WebInspector.ConsoleMessageView.prototype._appendFormattedArguments):
Include the RemoteObject without a path for a preview context menu.

  • UserInterface/Views/ObjectTreeView.js:

(WebInspector.ObjectTreeView):
Include the RemoteObject with a path if we knew it for a preview context menu.

  • UserInterface/Views/ObjectTreeBaseTreeElement.js:

(WebInspector.ObjectTreeBaseTreeElement.prototype.createGetterElement):
The context menu can never be empty, since we always added at least one item above.

5:53 PM Changeset in webkit [182932] by beidson@apple.com
  • 8 edits in trunk/Source

Compiling a content extension fails when user's home directory is on a different volume from /var/tmp.
https://bugs.webkit.org/show_bug.cgi?id=143834

Reviewed by Anders Carlsson.

Source/WebCore:

  • Add moveFile() for a WK2 call site to use.
  • Remove renameFile() as it is now dead code.
  • platform/FileSystem.h:
  • platform/gtk/FileSystemGtk.cpp:

(WebCore::renameFile): Deleted.

  • platform/mac/FileSystemMac.mm:

(WebCore::moveFile):

  • platform/posix/FileSystemPOSIX.cpp:

(WebCore::renameFile): Deleted.

  • platform/win/FileSystemWin.cpp:

(WebCore::renameFile): Deleted.

Source/WebKit2:

  • UIProcess/API/APIUserContentExtensionStore.cpp:

(API::compiledToFile): Use moveFile() instead of renameFile()

5:49 PM Changeset in webkit [182931] by timothy_horton@apple.com
  • 4 edits in trunk/LayoutTests

Rebaseline mouse-cursor-image-set results after r182869

  • fast/events/mouse-cursor-image-set-expected.txt:
  • platform/win/fast/events/mouse-cursor-image-set-expected.txt:
  • platform/mac/TestExpectations:

Un-skip and land new results.

5:46 PM Changeset in webkit [182930] by andersca@apple.com
  • 11 edits in trunk

Deprecate _WKWebsiteDataStore in favor of WKWebsiteDataStore
https://bugs.webkit.org/show_bug.cgi?id=143844

Reviewed by Dan Bernstein.

Source/WebKit2:

  • Shared/API/Cocoa/WKFoundation.h:
  • UIProcess/API/Cocoa/WKWebViewConfiguration.mm:

(-[WKWebViewConfiguration _validate]):

  • UIProcess/API/Cocoa/WKWebViewConfigurationPrivate.h:
  • UIProcess/API/Cocoa/_WKWebsiteDataRecord.h:
  • UIProcess/API/Cocoa/_WKWebsiteDataStore.h:
  • mac/postprocess-framework-headers.sh:

Tools:

  • MiniBrowser/mac/AppDelegate.m:

(-[BrowserAppDelegate newPrivateWindow:]):

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController initWithConfiguration:]):
(-[WK2BrowserWindowController fetchWebsiteData:]):
(-[WK2BrowserWindowController fetchAndClearWebsiteData:]):
(-[WK2BrowserWindowController clearWebsiteData:]):

5:44 PM Changeset in webkit [182929] by commit-queue@webkit.org
  • 4 edits in trunk/Source/JavaScriptCore

Inline JSFunction allocation in FTL
https://bugs.webkit.org/show_bug.cgi?id=143851

Patch by Basile Clement <basile_clement@apple.com> on 2015-04-16
Reviewed by Filip Pizlo.

JSFunction allocation is a simple operation that should be inlined when possible.

  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileNewFunction):

  • runtime/JSFunction.h:

(JSC::JSFunction::allocationSize):

5:28 PM Changeset in webkit [182928] by weinig@apple.com
  • 5 edits in trunk/Source/WebKit/mac

Expose JavaScriptMarkupEnabled preference for WebKit1
<rdar://problem/19939450>
https://bugs.webkit.org/show_bug.cgi?id=143855

Reviewed by Dan Bernstein.

  • WebView/WebPreferenceKeysPrivate.h:

Add new key, WebKitJavaScriptMarkupEnabledPreferenceKey

  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
Initialize WebKitJavaScriptMarkupEnabledPreferenceKey to YES.

(-[WebPreferences isJavaScriptMarkupEnabled]):
(-[WebPreferences setJavaScriptMarkupEnabled:]):
Implement getter/setter.

  • WebView/WebPreferencesPrivate.h:

Add new property, javaScriptMarkupEnabled.

  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]):
Map the new preference to WebCore's scriptMarkupEnabled setting.

5:25 PM Changeset in webkit [182927] by mark.lam@apple.com
  • 13 edits
    4 adds in trunk/Source/JavaScriptCore

Add $vm debugging tool.
https://bugs.webkit.org/show_bug.cgi?id=143809

Reviewed by Geoffrey Garen.

For debugging VM bugs, it would be useful to be able to dump VM data structures
from JS code that we instrument. To this end, let's introduce a
JS_enableDollarVM option that, if true, installs an $vm property into each JS
global object at creation time. The $vm property refers to an object that
provides a collection of useful utility functions. For this initial
implementation, $vm will have the following:

crash() - trigger an intentional crash.

dfgTrue() - returns true if the current function is DFG compiled, else returns false.
jitTrue() - returns true if the current function is compiled by the baseline JIT, else returns false.
llintTrue() - returns true if the current function is interpreted by the LLINT, else returns false.

gc() - runs a full GC.
edenGC() - runs an eden GC.

codeBlockForFrame(frameNumber) - gets the codeBlock at the specified frame (0 = current, 1 = caller, etc).
printSourceFor(codeBlock) - prints the source code for the codeBlock.
printByteCodeFor(codeBlock) - prints the bytecode for the codeBlock.

print(str) - prints a string to dataLog output.
printCallFrame() - prints the current CallFrame.
printStack() - prints the JS stack.
printInternal(value) - prints the JSC internal info for the specified value.

With JS_enableDollarVM=true, JS code can use the above functions like so:

$vm.print("Using $vm features\n");

(JSC::CodeBlock::printCallOp):

  • FTL compiled functions don't like it when we try to compute the CallLinkStatus. Hence, we skip this step if we're dumping an FTL codeBlock.
  • heap/Heap.cpp:

(JSC::Heap::collectAndSweep):
(JSC::Heap::collectAllGarbage): Deleted.

  • heap/Heap.h:

(JSC::Heap::collectAllGarbage):

  • Add ability to do an Eden collection and sweep.
  • interpreter/StackVisitor.cpp:

(JSC::printIndents):
(JSC::log):
(JSC::logF):
(JSC::StackVisitor::Frame::print):
(JSC::jitTypeName): Deleted.
(JSC::printif): Deleted.

  • Modernize the implementation of StackVisitor::Frame::print(), and remove some now redundant code.
  • Also fix it so that it downgrades gracefully when encountering inlined DFG and compiled FTL functions.

(DebugPrintFrameFunctor::DebugPrintFrameFunctor): Deleted.
(DebugPrintFrameFunctor::operator()): Deleted.
(debugPrintCallFrame): Deleted.
(debugPrintStack): Deleted.

  • these have been moved into JSDollarVMPrototype.cpp.
  • interpreter/StackVisitor.h:
  • StackVisitor::Frame::print() is now enabled for release builds as well so that we can call it from $vm.
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

  • runtime/JSGlobalObject.h:
  • Added the $vm instance to global objects conditional on the JSC_enableDollarVM option.
  • runtime/Options.h:
  • Added the JSC_enableDollarVM option.
  • tools/JSDollarVM.cpp: Added.
  • tools/JSDollarVM.h: Added.

(JSC::JSDollarVM::createStructure):
(JSC::JSDollarVM::create):
(JSC::JSDollarVM::JSDollarVM):

  • tools/JSDollarVMPrototype.cpp: Added.
  • This file contains 2 sets of functions:
  1. a C++ implementation of debugging utility functions that are callable when doing debugging from lldb. To the extent possible, these functions try to be cautious and not cause unintended crashes should the user call them with the wrong info. Hence, they are designed to be robust rather than speedy.
  1. the native implementations of JS functions in the $vm object. Where there is overlapping functionality, these are built on top of the C++ functions above to do the work.

Note: it does not make sense for all of the $vm functions to have a C++
counterpart for lldb debugging. For example, the $vm.dfgTrue() function is
only useful for JS code, and works via the DFG intrinsics mechanism.
When doing debugging via lldb, the optimization level of the currently
executing JS function can be gotten by dumping the current CallFrame instead.

(JSC::currentThreadOwnsJSLock):
(JSC::ensureCurrentThreadOwnsJSLock):
(JSC::JSDollarVMPrototype::addFunction):
(JSC::functionCrash): - $vm.crash()
(JSC::functionDFGTrue): - $vm.dfgTrue()
(JSC::CallerFrameJITTypeFunctor::CallerFrameJITTypeFunctor):
(JSC::CallerFrameJITTypeFunctor::operator()):
(JSC::CallerFrameJITTypeFunctor::jitType):
(JSC::functionLLintTrue): - $vm.llintTrue()
(JSC::functionJITTrue): - $vm.jitTrue()
(JSC::gc):
(JSC::functionGC): - $vm.gc()
(JSC::edenGC):
(JSC::functionEdenGC): - $vm.edenGC()
(JSC::isValidCodeBlock):
(JSC::codeBlockForFrame):
(JSC::functionCodeBlockForFrame): - $vm.codeBlockForFrame(frameNumber)
(JSC::codeBlockFromArg):
(JSC::functionPrintSourceFor): - $vm.printSourceFor(codeBlock)
(JSC::functionPrintByteCodeFor): - $vm.printBytecodeFor(codeBlock)
(JSC::functionPrint): - $vm.print(str)
(JSC::PrintFrameFunctor::PrintFrameFunctor):
(JSC::PrintFrameFunctor::operator()):
(JSC::printCallFrame):
(JSC::printStack):
(JSC::functionPrintCallFrame): - $vm.printCallFrame()
(JSC::functionPrintStack): - $vm.printStack()
(JSC::printValue):
(JSC::functionPrintValue): - $vm.printValue()
(JSC::JSDollarVMPrototype::finishCreation):

  • tools/JSDollarVMPrototype.h: Added.

(JSC::JSDollarVMPrototype::create):
(JSC::JSDollarVMPrototype::createStructure):
(JSC::JSDollarVMPrototype::JSDollarVMPrototype):

5:09 PM Changeset in webkit [182926] by achristensen@apple.com
  • 2 edits in trunk/Tools

32-bit build fix.

  • WebKitTestRunner/mac/TestControllerMac.mm:

(WTR::TestController::platformResetPreferencesToConsistentValues):
(WTR::TestController::platformConfigureViewForTest):
Added WK_API_ENABLED.

4:52 PM Changeset in webkit [182925] by Beth Dakin
  • 2 edits in trunk/LayoutTests

I will be investigating this in the short term, but skip these failing test for
now.

  • platform/mac-wk2/TestExpectations:
4:45 PM Changeset in webkit [182924] by roger_fong@apple.com
  • 2 edits in trunk/Source/WebCore

Media element time displays shouldn't wrap.
https://bugs.webkit.org/show_bug.cgi?id=143854.
<rdar://problem/20284766>

Reviewed by Brent Fulgham.

  • Modules/mediacontrols/mediaControlsApple.css:

(::-webkit-media-controls): Don't wrap any text.
(audio::-webkit-media-controls-time-remaining-display): Also increase remaining time display width by 1.
(audio::-webkit-media-controls-time-remaining-display.five-digit-time): Ditto.
(audio::-webkit-media-controls-time-remaining-display.six-digit-time): Ditto.

4:41 PM Changeset in webkit [182923] by Chris Dumez
  • 4 edits in trunk/Source/WebCore

Add assertions to make sure ActiveDOMObject::suspend() / resume() / stop() overrides don't fire events
https://bugs.webkit.org/show_bug.cgi?id=143850

Reviewed by Alexey Proskuryakov.

Add assertions to make sure ActiveDOMObject::suspend() / resume() / stop()
overrides don't fire events as this is not allowed. This would cause
arbitrary JS execution which would be very dangerous in these stages.

Firing JS events from these functions is a common source of crashes.

  • Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::suspend):
(WebCore::WebSocket::resume):

  • dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::suspendActiveDOMObjects):
(WebCore::ScriptExecutionContext::resumeActiveDOMObjects):
(WebCore::ScriptExecutionContext::stopActiveDOMObjects):

  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::suspend):
(WebCore::XMLHttpRequest::resume):
(WebCore::XMLHttpRequest::stop):

4:41 PM Changeset in webkit [182922] by achristensen@apple.com
  • 10 edits
    2 deletes in trunk

Removed unused WKUserContentFilterRef.
https://bugs.webkit.org/show_bug.cgi?id=143852

Reviewed by Sam Weinig.

Source/WebKit2:

  • Shared/WebCompiledContentExtension.cpp:

(WebKit::LegacyContentExtensionCompilationClient::LegacyContentExtensionCompilationClient): Deleted.
(WebKit::LegacyContentExtensionCompilationClient::writeBytecode): Deleted.
(WebKit::LegacyContentExtensionCompilationClient::writeActions): Deleted.
(WebKit::WebCompiledContentExtension::createFromCompiledContentExtensionData): Deleted.

  • Shared/WebCompiledContentExtension.h:
  • UIProcess/API/C/WKUserContentFilterRef.cpp: Removed.
  • UIProcess/API/C/WKUserContentFilterRef.h: Removed.
  • UIProcess/API/C/WebKit2_C.h:
  • UIProcess/API/Cocoa/_WKUserContentFilter.h:
  • UIProcess/API/Cocoa/_WKUserContentFilter.mm:

(-[_WKUserContentFilter initWithName:serializedRules:]): Deleted.

  • WebKit2.xcodeproj/project.pbxproj:

Tools:

  • TestWebKitAPI/Tests/WebKit2Cocoa/_WKUserContentExtensionStore.mm:
  • WebKitTestRunner/mac/TestControllerMac.mm:

(WTR::TestController::platformResetPreferencesToConsistentValues):
(WTR::TestController::platformConfigureViewForTest):

4:28 PM Changeset in webkit [182921] by benjamin@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Speculative fix after r182915
https://bugs.webkit.org/show_bug.cgi?id=143404

Patch by Geoffrey Garen <ggaren@apple.com> on 2015-04-16
Reviewed by Alexey Proskuryakov.

  • runtime/SymbolConstructor.h:
4:22 PM Changeset in webkit [182920] by Beth Dakin
  • 2 edits in trunk/Source/WebKit2

Rubber-stamped by Tim Horton.

Fixing a small mistake in http://trac.webkit.org/changeset/182912 which should
make sure to use the most up-to-date pressure information when setting the force
on a WebMouseEvent.

  • Shared/mac/WebEventFactory.mm:

(WebKit::WebEventFactory::createWebMouseEvent):

4:21 PM Changeset in webkit [182919] by mark.lam@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Fixed some typos in a comment.

Not reviewed.

  • dfg/DFGGenerationInfo.h:
4:04 PM Changeset in webkit [182918] by ap@apple.com
  • 2 edits in trunk/Source/WebCore

Media element can manipulate DOM during Document destruction.
rdar://problem/20553898 and https://bugs.webkit.org/show_bug.cgi?id=143780

Patch by Brady Eidson <beidson@apple.com> on 2015-04-16
Reviewed by Jer Noble.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::configureMediaControls): Bail if the element has no active document.

3:58 PM Changeset in webkit [182917] by jacob_nielsen@apple.com
  • 2 edits in trunk/Tools

Unreviewed. Adding myself as a commiter in contributers.json.

  • Scripts/webkitpy/common/config/contributors.json:
3:54 PM Changeset in webkit [182916] by ap@apple.com
  • 3 edits in trunk/Tools

It is very hard to attach a debugger to WebProcess to debug tests
https://bugs.webkit.org/show_bug.cgi?id=143837

Reviewed by Chris Dumez.

--no-timeout used to only affect waitUntilDone timeout, but not IPC timeout in
WebKitTestRunner, and not pipe reading timeout in run-webkit-tests.

Now it disables all timeouts in tools, as is best for debugging tests.

  • Scripts/webkitpy/port/driver.py: (Driver.run_test): Respect --no-timeout, so

that the script doesn't terminate DRT/WKTR when there is no output for a long time.

  • WebKitTestRunner/Options.cpp: Removed --no-timeout-at-all, as --no-timeout

now has the same functionality.

3:46 PM Changeset in webkit [182915] by Yusuke Suzuki
  • 17 edits
    1 copy
    5 adds in trunk

[ES6] Implement Symbol.for and Symbol.keyFor
https://bugs.webkit.org/show_bug.cgi?id=143404

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This patch implements Symbol.for and Symbol.keyFor.
SymbolRegistry maintains registered StringImpl* symbols.
And to make this mapping enabled over realms,
VM owns this mapping (not JSGlobalObject).

While there's Default AtomicStringTable per thread,
SymbolRegistry should not exist over VMs.
So everytime VM is created, SymbolRegistry is also created.

In SymbolRegistry implementation, we don't leverage WeakGCMap (or weak reference design).
Theres are several reasons.

  1. StringImpl* which represents identity of Symbols is not GC-managed object. So we cannot use WeakGCMap directly. While Symbol* is GC-managed object, holding weak reference to Symbol* doesn't maintain JS symbols (exposed primitive values to users) liveness, because distinct Symbol* can exist. Distinct Symbol* means the Symbol* object that pointer value (Symbol*) is different from weakly referenced Symbol* but held StringImpl* is the same.
  1. We don't use WTF::WeakPtr. If we add WeakPtrFactory into StringImpl's member, we can track StringImpl*'s liveness by WeakPtr. However there's problem about when we prune staled entries in SymbolRegistry. Since the memory allocated for the Symbol is typically occupied by allocated symbolized StringImpl*'s content, and it is not in GC-heap. While heavily registering Symbols and storing StringImpl* into SymbolRegistry, Heap's EdenSpace is not so occupied. So GC typically attempt to perform EdenCollection, and it doesn't call WeakGCMap's pruleStaleEntries callback. As a result, before pruning staled entries in SymbolRegistry, fast malloc-ed memory fills up the system memory.

So instead of using Weak reference, we take relatively easy design.
When we register symbolized StringImpl* into SymbolRegistry, symbolized StringImpl* is aware of that.
And when destructing it, it removes its reference from SymbolRegistry as if atomic StringImpl do so with AtomicStringTable.

  • CMakeLists.txt:
  • DerivedSources.make:
  • runtime/SymbolConstructor.cpp:

(JSC::SymbolConstructor::getOwnPropertySlot):
(JSC::symbolConstructorFor):
(JSC::symbolConstructorKeyFor):

  • runtime/SymbolConstructor.h:
  • runtime/VM.cpp:
  • runtime/VM.h:

(JSC::VM::symbolRegistry):

  • tests/stress/symbol-registry.js: Added.

(test):

Source/WTF:

When we register symbolized StringImpl* into SymbolRegistry, symbolized StringImpl* is aware of that.
And when destructing it, it removes its reference from SymbolRegistry as if atomic StringImpl do so with AtomicStringTable.
While AtomicStringTable (in WebCore case) exists in thread local storage,
SymbolRegistry exists per VM and StringImpl* has a reference to the registered SymbolRegistry.

Since StringImpl has isSymbol etc. members, it's class is aware of Symbol use cases.
So introduce SymbolRegistry in WTF layers as if AtomicStringTable.

  • WTF.vcxproj/WTF.vcxproj:
  • WTF.vcxproj/WTF.vcxproj.filters:
  • WTF.xcodeproj/project.pbxproj:
  • wtf/CMakeLists.txt:
  • wtf/text/AtomicString.cpp:

(WTF::AtomicString::addSlowCase):
(WTF::AtomicString::findSlowCase):
(WTF::AtomicString::findInternal):
(WTF::AtomicString::find): Deleted.

  • wtf/text/AtomicString.h:

(WTF::AtomicString::find):

  • wtf/text/StringImpl.cpp:

(WTF::StringImpl::~StringImpl):
(WTF::StringImpl::createSymbol):
(WTF::StringImpl::createSymbolEmpty):

  • wtf/text/StringImpl.h:

(WTF::StringImpl::StringImpl):
(WTF::StringImpl::extractFoldedStringInSymbol):
(WTF::StringImpl::symbolRegistry):
(WTF::StringImpl::createSymbolEmpty): Deleted.

  • wtf/text/SymbolRegistry.cpp: Copied from Source/JavaScriptCore/runtime/SymbolConstructor.h.

(WTF::SymbolRegistry::~SymbolRegistry):
(WTF::SymbolRegistry::symbolForKey):
(WTF::SymbolRegistry::keyForSymbol):
(WTF::SymbolRegistry::remove):

  • wtf/text/SymbolRegistry.h: Added.

(WTF::SymbolRegistryKey::hash):
(WTF::SymbolRegistryKey::impl):
(WTF::SymbolRegistryKey::isHashTableDeletedValue):
(WTF::SymbolRegistryKey::hashTableDeletedValue):
(WTF::DefaultHash<SymbolRegistryKey>::Hash::hash):
(WTF::DefaultHash<SymbolRegistryKey>::Hash::equal):
(WTF::HashTraits<SymbolRegistryKey>::isEmptyValue):
(WTF::SymbolRegistryKey::SymbolRegistryKey):

LayoutTests:

Add tests to check Symbol's identity over different realms.

  • js/dom/cross-frame-symbols-expected.txt: Added.
  • js/dom/cross-frame-symbols.html: Added.
  • js/dom/script-tests/cross-frame-symbols.js: Added.
3:42 PM Changeset in webkit [182914] by jer.noble@apple.com
  • 15 edits in trunk/Source

[iOS] When simultaneously exiting-and-entering fullscreen, WebVideoFullscreenManager/Proxy becomes confused about what video element it represents.
https://bugs.webkit.org/show_bug.cgi?id=143680

Reviewed by Simon Fraser.

Source/WebCore:

Add getters for the video's fullscreen layer, and be more tolerant about the order in which setVideoElement() and
setWebVideoFullscreenInterface are called.

  • html/HTMLMediaElement.h:

(WebCore::HTMLMediaElement::videoFullscreenLayer): Added simple getter.

  • platform/ios/WebVideoFullscreenInterfaceAVKit.h:
  • platform/ios/WebVideoFullscreenModelVideoElement.h:

(WebCore::WebVideoFullscreenModelVideoElement::videoElement): Added simple getter.
(WebCore::WebVideoFullscreenModelVideoElement::setWebVideoFullscreenInterface): Deleted. Moved to .mm file.

  • platform/ios/WebVideoFullscreenModelVideoElement.mm:

(WebVideoFullscreenModelVideoElement::WebVideoFullscreenModelVideoElement): Initialize ivars in the .h file.
(WebVideoFullscreenModelVideoElement::setWebVideoFullscreenInterface): Call those methods skipped in setVideoElement()

if m_videoFullscreenInterface had not yet been set.

(WebVideoFullscreenModelVideoElement::setVideoElement): Null-check m_videoFullscreenInterface.

Source/WebKit2:

The original assumption of WebVideoFullscreenManager and -Proxy was that the two classes would represent a
single video element and its full screen state. With multiple animations in and out of fullscreen combined with
multiple fullscreen modes, this assumption no longer holds true.

Rather than having a WebVideoFullscreenManager which /isa/ WebVideoFullscreenModelVideoElement, the manager now
/hasa/ WebVideoFullscreenModelVideoElement (or has many such models). Ditto for WebVideoFullscreenManager and
WebVideoFullscreenInterfaceAVKit. The WebVideoFullscreenInterfaceAVKit still needs a WebVideoFullscreenModel to
communicate with, so a new wrapper class is used for that purpose, WebVideoFullscreenModelContext. Ditto for
WebVideoFullscreenModelVideoElement and the new class WebVideoFullscreenInterfaceContext. These context classes
are paired and share a contextId, allowing the manager and its proxy to route messages between the UIProcess's
WebVideoFullscreenInterfaceAVKit to-and-from the WebProcess's WebVideoFullscreenModelVideoElement.

Both the WebVideoFullscreenModelContext and the WebVideoFullscreenInterfaceContext take a back-pointer to their
manager or manager proxy, and each method on the context simply calls the matching method on the manager and
passes its contextId as a parameter.

Both the WebVideoFullscreenManager and the WebVideoFullscreenManagerProxy pass that contextId in each of their
cross-process messages.

On the other side, the manager and proxy also have a map between contextIds and their matching
WebVideoFullscreenModelVideoElement (in the case of WebVideoFullscreenManager) or
WebVideoFullscreenInterfaceAVKit (in the case of WebVideoFullscreenManagerProxy).

While this change is large by LoC, it is almost entirely boilerplate. The new and interesting pieces are these:

  • UIProcess/ios/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::WebVideoFullscreenManagerProxy): No longer a WebVideoFullscreenInterfaceAVKit.
(WebKit::WebVideoFullscreenManagerProxy::invalidate): Walk through the models and interfaces, invalidating each.
(WebKit::WebVideoFullscreenManagerProxy::createModelAndInterface): Added. Return a new model and interface tuple.
(WebKit::WebVideoFullscreenManagerProxy::ensureModelAndInterface): Added. Lazily create, and add to the m_contextMap

a new model and interface object.

(WebKit::WebVideoFullscreenManagerProxy::ensureModel): Return the model half of ensureModelAndInterface().
(WebKit::WebVideoFullscreenManagerProxy::ensureInterface): Return the interface half of ensureModelAndInterface().
(WebKit::WebVideoFullscreenManagerProxy::enterFullscreen): Walk through the outstanding interface objects, and if

any have a fullscreen mode which matches the about-to-be-fullscreen interface, request that that other interface
exit fullscreen.

  • WebProcess/ios/WebVideoFullscreenManager.mm:

(WebKit::nextContextId): Static, incrementing counter used as a contextId source.
(WebKit::WebVideoFullscreenManager::WebVideoFullscreenManager): No longer a WebVideoFullscreenModelVideoElement.
(WebKit::WebVideoFullscreenManager::~WebVideoFullscreenManager): Walk through the models and interfaces, invalidating each.
(WebKit::WebVideoFullscreenManager::ensureModelAndInterface): Added. Return a new model and interface tuple.
(WebKit::WebVideoFullscreenManager::ensureModelAndInterface): Added. Lazily create, and add to the m_contextMap

a new model and interface object.

(WebKit::WebVideoFullscreenManager::ensureModel): Return the model half of ensureModelAndInterface().
(WebKit::WebVideoFullscreenManager::ensureInterface): Return the interface half of ensureModelAndInterface().

New classes and methods which just forward on to their owning objects:

  • UIProcess/ios/WebVideoFullscreenManagerProxy.h:

(WebKit::WebVideoFullscreenModelContext::create):
(WebKit::WebVideoFullscreenModelContext::~WebVideoFullscreenModelContext):
(WebKit::WebVideoFullscreenModelContext::invalidate):
(WebKit::WebVideoFullscreenModelContext::layerHost):
(WebKit::WebVideoFullscreenModelContext::setLayerHost):
(WebKit::WebVideoFullscreenModelContext::setInitialVideoLayerFrame):
(WebKit::WebVideoFullscreenModelContext::WebVideoFullscreenModelContext):

  • UIProcess/ios/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenModelContext::play):
(WebKit::WebVideoFullscreenModelContext::pause):
(WebKit::WebVideoFullscreenModelContext::togglePlayState):
(WebKit::WebVideoFullscreenModelContext::beginScrubbing):
(WebKit::WebVideoFullscreenModelContext::endScrubbing):
(WebKit::WebVideoFullscreenModelContext::seekToTime):
(WebKit::WebVideoFullscreenModelContext::fastSeek):
(WebKit::WebVideoFullscreenModelContext::beginScanningForward):
(WebKit::WebVideoFullscreenModelContext::beginScanningBackward):
(WebKit::WebVideoFullscreenModelContext::endScanning):
(WebKit::WebVideoFullscreenModelContext::requestExitFullscreen):
(WebKit::WebVideoFullscreenModelContext::setVideoLayerFrame):
(WebKit::WebVideoFullscreenModelContext::videoLayerFrame):
(WebKit::WebVideoFullscreenModelContext::setVideoLayerGravity):
(WebKit::WebVideoFullscreenModelContext::videoLayerGravity):
(WebKit::WebVideoFullscreenModelContext::selectAudioMediaOption):
(WebKit::WebVideoFullscreenModelContext::selectLegibleMediaOption):
(WebKit::WebVideoFullscreenModelContext::fullscreenModeChanged):
(WebKit::WebVideoFullscreenModelContext::didSetupFullscreen):
(WebKit::WebVideoFullscreenModelContext::didEnterFullscreen):
(WebKit::WebVideoFullscreenModelContext::didExitFullscreen):
(WebKit::WebVideoFullscreenModelContext::didCleanupFullscreen):
(WebKit::WebVideoFullscreenModelContext::fullscreenMayReturnToInline):

  • WebProcess/ios/WebVideoFullscreenManager.h:

(WebKit::WebVideoFullscreenInterfaceContext::create):
(WebKit::WebVideoFullscreenInterfaceContext::invalidate):
(WebKit::WebVideoFullscreenInterfaceContext::layerHostingContext):
(WebKit::WebVideoFullscreenInterfaceContext::isAnimating):
(WebKit::WebVideoFullscreenInterfaceContext::setIsAnimating):
(WebKit::WebVideoFullscreenInterfaceContext::targetIsFullscreen):
(WebKit::WebVideoFullscreenInterfaceContext::setTargetIsFullscreen):
(WebKit::WebVideoFullscreenInterfaceContext::fullscreenMode):
(WebKit::WebVideoFullscreenInterfaceContext::setFullscreenMode):
(WebKit::WebVideoFullscreenInterfaceContext::isFullscreen):
(WebKit::WebVideoFullscreenInterfaceContext::setIsFullscreen):

  • WebProcess/ios/WebVideoFullscreenManager.mm:

(WebKit::WebVideoFullscreenInterfaceContext::WebVideoFullscreenInterfaceContext):
(WebKit::WebVideoFullscreenInterfaceContext::~WebVideoFullscreenInterfaceContext):
(WebKit::WebVideoFullscreenInterfaceContext::setLayerHostingContext):
(WebKit::WebVideoFullscreenInterfaceContext::resetMediaState):
(WebKit::WebVideoFullscreenInterfaceContext::setDuration):
(WebKit::WebVideoFullscreenInterfaceContext::setCurrentTime):
(WebKit::WebVideoFullscreenInterfaceContext::setBufferedTime):
(WebKit::WebVideoFullscreenInterfaceContext::setRate):
(WebKit::WebVideoFullscreenInterfaceContext::setVideoDimensions):
(WebKit::WebVideoFullscreenInterfaceContext::setSeekableRanges):
(WebKit::WebVideoFullscreenInterfaceContext::setCanPlayFastReverse):
(WebKit::WebVideoFullscreenInterfaceContext::setAudioMediaSelectionOptions):
(WebKit::WebVideoFullscreenInterfaceContext::setLegibleMediaSelectionOptions):
(WebKit::WebVideoFullscreenInterfaceContext::setExternalPlayback):

Cross-process methods which now take a contextId parameter:

  • UIProcess/ios/WebVideoFullscreenManagerProxy.messages.in:
  • UIProcess/ios/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::setupFullscreenWithID):
(WebKit::WebVideoFullscreenManagerProxy::resetMediaState):
(WebKit::WebVideoFullscreenManagerProxy::setCurrentTime):
(WebKit::WebVideoFullscreenManagerProxy::setBufferedTime):
(WebKit::WebVideoFullscreenManagerProxy::setVideoDimensions):
(WebKit::WebVideoFullscreenManagerProxy::setSeekableRangesVector):
(WebKit::WebVideoFullscreenManagerProxy::setCanPlayFastReverse):
(WebKit::WebVideoFullscreenManagerProxy::setAudioMediaSelectionOptions):
(WebKit::WebVideoFullscreenManagerProxy::setLegibleMediaSelectionOptions):
(WebKit::WebVideoFullscreenManagerProxy::setExternalPlaybackProperties):
(WebKit::WebVideoFullscreenManagerProxy::setDuration):
(WebKit::WebVideoFullscreenManagerProxy::setRate):
(WebKit::WebVideoFullscreenManagerProxy::exitFullscreen):
(WebKit::WebVideoFullscreenManagerProxy::cleanupFullscreen):
(WebKit::WebVideoFullscreenManagerProxy::preparedToReturnToInline):
(WebKit::WebVideoFullscreenManagerProxy::play):
(WebKit::WebVideoFullscreenManagerProxy::pause):
(WebKit::WebVideoFullscreenManagerProxy::togglePlayState):
(WebKit::WebVideoFullscreenManagerProxy::beginScrubbing):
(WebKit::WebVideoFullscreenManagerProxy::endScrubbing):
(WebKit::WebVideoFullscreenManagerProxy::seekToTime):
(WebKit::WebVideoFullscreenManagerProxy::fastSeek):
(WebKit::WebVideoFullscreenManagerProxy::beginScanningForward):
(WebKit::WebVideoFullscreenManagerProxy::beginScanningBackward):
(WebKit::WebVideoFullscreenManagerProxy::endScanning):
(WebKit::WebVideoFullscreenManagerProxy::requestExitFullscreen):
(WebKit::WebVideoFullscreenManagerProxy::didSetupFullscreen):
(WebKit::WebVideoFullscreenManagerProxy::didExitFullscreen):
(WebKit::WebVideoFullscreenManagerProxy::didEnterFullscreen):
(WebKit::WebVideoFullscreenManagerProxy::didCleanupFullscreen):
(WebKit::WebVideoFullscreenManagerProxy::setVideoLayerFrame):
(WebKit::WebVideoFullscreenManagerProxy::setVideoLayerGravity):
(WebKit::WebVideoFullscreenManagerProxy::selectAudioMediaOption):
(WebKit::WebVideoFullscreenManagerProxy::selectLegibleMediaOption):
(WebKit::WebVideoFullscreenManagerProxy::fullscreenModeChanged):
(WebKit::WebVideoFullscreenManagerProxy::fullscreenMayReturnToInline):
(WebKit::WebVideoFullscreenManagerProxy::videoLayerFrame): Deleted.
(WebKit::WebVideoFullscreenManagerProxy::videoLayerGravity): Deleted.

  • WebProcess/ios/WebVideoFullscreenManager.messages.in:
  • WebProcess/ios/WebVideoFullscreenManager.mm:

(WebKit::WebVideoFullscreenManager::enterVideoFullscreenForVideoElement):
(WebKit::WebVideoFullscreenManager::exitVideoFullscreenForVideoElement):
(WebKit::WebVideoFullscreenManager::resetMediaState):
(WebKit::WebVideoFullscreenManager::setDuration):
(WebKit::WebVideoFullscreenManager::setCurrentTime):
(WebKit::WebVideoFullscreenManager::setBufferedTime):
(WebKit::WebVideoFullscreenManager::setRate):
(WebKit::WebVideoFullscreenManager::setVideoDimensions):
(WebKit::WebVideoFullscreenManager::setSeekableRanges):
(WebKit::WebVideoFullscreenManager::setCanPlayFastReverse):
(WebKit::WebVideoFullscreenManager::setAudioMediaSelectionOptions):
(WebKit::WebVideoFullscreenManager::setLegibleMediaSelectionOptions):
(WebKit::WebVideoFullscreenManager::setExternalPlayback):
(WebKit::WebVideoFullscreenManager::play):
(WebKit::WebVideoFullscreenManager::pause):
(WebKit::WebVideoFullscreenManager::togglePlayState):
(WebKit::WebVideoFullscreenManager::beginScrubbing):
(WebKit::WebVideoFullscreenManager::endScrubbing):
(WebKit::WebVideoFullscreenManager::seekToTime):
(WebKit::WebVideoFullscreenManager::fastSeek):
(WebKit::WebVideoFullscreenManager::beginScanningForward):
(WebKit::WebVideoFullscreenManager::beginScanningBackward):
(WebKit::WebVideoFullscreenManager::endScanning):
(WebKit::WebVideoFullscreenManager::requestExitFullscreen):
(WebKit::WebVideoFullscreenManager::selectAudioMediaOption):
(WebKit::WebVideoFullscreenManager::selectLegibleMediaOption):
(WebKit::WebVideoFullscreenManager::fullscreenModeChanged):
(WebKit::WebVideoFullscreenManager::didSetupFullscreen):
(WebKit::WebVideoFullscreenManager::didEnterFullscreen):
(WebKit::WebVideoFullscreenManager::didExitFullscreen):
(WebKit::WebVideoFullscreenManager::didCleanupFullscreen):
(WebKit::WebVideoFullscreenManager::setVideoLayerGravityEnum):
(WebKit::WebVideoFullscreenManager::fullscreenMayReturnToInline):
(WebKit::WebVideoFullscreenManager::setVideoLayerFrameFenced):
(WebKit::WebVideoFullscreenManager::exitVideoFullscreen): Deleted.

3:29 PM Changeset in webkit [182913] by Beth Dakin
  • 2 edits in trunk/LayoutTests

Forgot to edit this TestExpectation file for
http://trac.webkit.org/changeset/182912

  • platform/mac-wk1/TestExpectations:
3:18 PM Changeset in webkit [182912] by Beth Dakin
  • 38 edits
    6 adds in trunk

Force mouse events should go through normal mouse event handling code paths
https://bugs.webkit.org/show_bug.cgi?id=143749
-and corresponding-
rdar://problem/20472895

Reviewed by Dean Jackson.

Source/WebCore:

This patch moves all of the code to dispatch mouseforcedown, mouseforceup, and
mouseforcechanged into normal mouse event dispatching code. This patch leaves
behind the cancel and click events because we plan to remove those, and it also
leaves mouseforcewillbegin because that is necessarily a very different event more
tied to the NSImmediateActionGestureRecognizer than these other events which are
tied to NSResponder’s pressureChangeWithEvent.

New helper functions.

  • dom/Document.cpp:

(WebCore::Document::hasListenerTypeForEventType):

  • dom/Document.h:
  • dom/Element.cpp:

(WebCore::isForceEvent):

Move the code to ensure the force events have listeners in order to fire to
dispatchMouseEvent, and delete the old implementations.
(WebCore::Element::dispatchMouseEvent):
(WebCore::Element::dispatchMouseForceChanged): Deleted.
(WebCore::Element::dispatchMouseForceDown): Deleted.
(WebCore::Element::dispatchMouseForceUp): Deleted.

  • dom/Element.h:

Perform a hit test and pipe the events through dispatchMouseEvent().

  • page/EventHandler.cpp:

(WebCore::EventHandler::handleMouseForceEvent):

  • page/EventHandler.h:

New types for the new events.

  • platform/PlatformEvent.h:

Forward to EventHandler.

  • replay/UserInputBridge.cpp:

(WebCore::UserInputBridge::handleMouseForceEvent):

  • replay/UserInputBridge.h:

Source/WebKit2:

This patch makes pressureChangeWithEvent create NativeWebMouseEvents with the
NSEventTypePressures that is gets and sends those down to the web process.

Re-name pressureEvent to lastPressureEvent. Now that event can sometimes be an
NSEventTypePressure, the new name makes it clear how the second parameter differs
from the first.

  • Shared/NativeWebMouseEvent.h:

New event types for the new types of events.

  • Shared/WebEvent.h:
  • Shared/WebEventConversion.cpp:

(WebKit::WebKit2PlatformMouseEvent::WebKit2PlatformMouseEvent):

  • Shared/mac/NativeWebMouseEventMac.mm:

(WebKit::NativeWebMouseEvent::NativeWebMouseEvent):

  • Shared/mac/WebEventFactory.h:

All of the square-peg, round-hole problems of massaging the NSEventTypePressures
events into WebMouseEvents is taken care of here.

  • Shared/mac/WebEventFactory.mm:

(WebKit::mouseButtonForEvent):
(WebKit::globalPointForEvent):
(WebKit::pointForEvent):
(WebKit::WebEventFactory::createWebMouseEvent):

Instead of calling the old inputDeviceForceDidChange, create a NativeWebMouseEvent
and handle it.

  • UIProcess/API/mac/WKView.mm:

(-[WKView pressureChangeWithEvent:]):

Handle the new types.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didReceiveEvent):

Can delete inputDeviceForceDidChange since it’s no longer used.
(WebKit::WebPageProxy::inputDeviceForceDidChange): Deleted.

  • UIProcess/WebPageProxy.h:

Handle the new types of mouse events properly.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::handleMouseEvent):

Delete inputDeviceForceDidChange() and m_lastForceStage.

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::inputDeviceForceDidChange): Deleted.

Handle new WebEvent types.

  • WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp:

Tools:

Add mouseForceDown/mouseForceUp/mouseForceChanged support to WebKitTestRunner.
Since there is not a way to create an NSEventTypePressure from scratch, we
subclass NSEvent and override all of the critical methods.

  • WebKitTestRunner/EventSenderProxy.h:
  • WebKitTestRunner/InjectedBundle/Bindings/EventSendingController.idl:
  • WebKitTestRunner/InjectedBundle/EventSendingController.cpp:

(WTR::EventSendingController::mouseForceDown):
(WTR::EventSendingController::mouseForceUp):
(WTR::EventSendingController::mouseForceChanged):

  • WebKitTestRunner/InjectedBundle/EventSendingController.h:
  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::didReceiveSynchronousMessageFromInjectedBundle):

  • WebKitTestRunner/mac/EventSenderProxy.mm:

(-[EventSenderPressureEvent initAtLocation:globalLocation:stage:pressure:phase:time:eventNumber:]):
(-[EventSenderPressureEvent timestamp]):
(-[EventSenderPressureEvent type]):
(-[EventSenderPressureEvent locationInWindow]):
(-[EventSenderPressureEvent location]):
(-[EventSenderPressureEvent stage]):
(-[EventSenderPressureEvent pressure]):
(-[EventSenderPressureEvent phase]):
(-[EventSenderPressureEvent eventNumber]):
(WTR::EventSenderProxy::mouseForceDown):
(WTR::EventSenderProxy::mouseForceUp):
(WTR::EventSenderProxy::mouseForceChanged):

LayoutTests:

Just a few new tests. More to come.

  • fast/events/mouse-force-changed-expected.txt: Added.
  • fast/events/mouse-force-changed.html: Added.
  • fast/events/mouse-force-down-expected.txt: Added.
  • fast/events/mouse-force-down.html: Added.
  • fast/events/mouse-force-up-expected.txt: Added.
  • fast/events/mouse-force-up.html: Added.

Right now the new tests will only work on Mac 10.10.3 and beyond.

  • platform/efl/TestExpectations:
  • platform/gtk/TestExpectations:
  • platform/ios-simulator/TestExpectations:
  • platform/mac-mavericks/TestExpectations:
  • platform/win/TestExpectations:
2:35 PM Changeset in webkit [182911] by Yusuke Suzuki
  • 18 edits
    2 adds
    6 deletes in trunk/Source/JavaScriptCore

[ES6] Use specific functions for @@iterator functions
https://bugs.webkit.org/show_bug.cgi?id=143838

Reviewed by Geoffrey Garen.

In ES6, some methods are defined with the different names.

For example,

Map.prototype[Symbol.iterator] === Map.prototype.entries
Set.prototype[Symbol.iterator] === Set.prototype.values
Array.prototype[Symbol.iterator] === Array.prototype.values
%Arguments%[Symbol.iterator] === Array.prototype.values

However, current implementation creates different function objects per name.
This patch fixes it by setting the object that is used for the other method to @@iterator.
e.g. Setting Array.prototype.values function object to Array.prototype[Symbol.iterator].

And we drop Arguments' iterator implementation and replace Argument[@@iterator] implementation
with Array.prototype.values to conform to the spec.

(Inspector::JSInjectedScriptHost::subtype):
(Inspector::JSInjectedScriptHost::getInternalProperties):
(Inspector::JSInjectedScriptHost::iteratorEntries):

  • runtime/ArgumentsIteratorConstructor.cpp: Removed.
  • runtime/ArgumentsIteratorConstructor.h: Removed.
  • runtime/ArgumentsIteratorPrototype.cpp: Removed.
  • runtime/ArgumentsIteratorPrototype.h: Removed.
  • runtime/ArrayPrototype.cpp:

(JSC::ArrayPrototype::finishCreation):

  • runtime/ArrayPrototype.h:
  • runtime/ClonedArguments.cpp:

(JSC::ClonedArguments::getOwnPropertySlot):
(JSC::ClonedArguments::put):
(JSC::ClonedArguments::deleteProperty):
(JSC::ClonedArguments::defineOwnProperty):
(JSC::ClonedArguments::materializeSpecials):

  • runtime/ClonedArguments.h:
  • runtime/CommonIdentifiers.h:
  • runtime/DirectArguments.cpp:

(JSC::DirectArguments::overrideThings):

  • runtime/GenericArgumentsInlines.h:

(JSC::GenericArguments<Type>::getOwnPropertySlot):
(JSC::GenericArguments<Type>::getOwnPropertyNames):
(JSC::GenericArguments<Type>::put):
(JSC::GenericArguments<Type>::deleteProperty):
(JSC::GenericArguments<Type>::defineOwnProperty):

  • runtime/JSArgumentsIterator.cpp: Removed.
  • runtime/JSArgumentsIterator.h: Removed.
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::arrayProtoValuesFunction):

  • runtime/MapPrototype.cpp:

(JSC::MapPrototype::finishCreation):

  • runtime/ScopedArguments.cpp:

(JSC::ScopedArguments::overrideThings):

  • runtime/SetPrototype.cpp:

(JSC::SetPrototype::finishCreation):

  • tests/stress/arguments-iterator.js: Added.

(test):
(testArguments):

  • tests/stress/iterator-functions.js: Added.

(test):
(argumentsTests):

2:24 PM Changeset in webkit [182910] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebCore

Sites with both width=device-width and height=device-height load zoomed out
https://bugs.webkit.org/show_bug.cgi?id=143795
<rdar://problem/20369671>

Reviewed by Ben Poulain.

  • page/ViewportConfiguration.cpp:

(WebCore::ViewportConfiguration::shouldIgnoreVerticalScalingConstraints):
Some sites specify both width=device-width and height=device-height, and
then lay out to device width but with a large amount of vertically scrollable content
(so, height=device-height was a lie).

In all other cases where we use device-width and device-height, we prefer
width=device-width over height=device-height, but in the code to ignore scaling constraints,
the two paths were completely separate. On sites that specify both, this
resulted in us attempting to zoom out to fit the entire height of the very tall page,
which isn't at all what we wanted. So, ignore height=device-height if a width is specified.

1:54 PM Changeset in webkit [182909] by Joseph Pecoraro
  • 4 edits in trunk/Source/WebInspectorUI

Web Inspector: "Log Value" of a value inside of an array, does not log the innermost value
https://bugs.webkit.org/show_bug.cgi?id=143793

Reviewed by Brian Burg.

Context menu handlers were being handled in the capturing event phase, so
the outer most handler, instead of the inner most handler, was getting
first access. Change this so the events happen in the bubbling phase.

DOM Nodes may appear inside of Object Trees, for instance when shown
in a collection like an array or set. In an effort to standardize on
"inner most" behavior, change the DOMTreeOutline context handler
to also be in bubbling.

In the rare instances where a node object is in the console but
not displayed in an outline (console.dir(node)), then include a
Copy as HTML context menu like you would expect in a DOM tree.

  • UserInterface/Views/DOMTreeOutline.js:

(WebInspector.DOMTreeOutline):

  • UserInterface/Views/GeneralTreeElement.js:

(WebInspector.GeneralTreeElement.prototype.onattach):
(WebInspector.GeneralTreeElement.prototype.ondetach):

  • UserInterface/Views/ObjectTreeBaseTreeElement.js:

(WebInspector.ObjectTreeBaseTreeElement.prototype._appendMenusItemsForObject):
(WebInspector.ObjectTreeBaseTreeElement):

1:40 PM Changeset in webkit [182908] by bshafiei@apple.com
  • 2 edits in tags/Safari-601.1.27.1/Source/WebKit2

Merged r182904. rdar://problem/20575744

1:37 PM Changeset in webkit [182907] by bshafiei@apple.com
  • 5 edits in tags/Safari-601.1.27.1/Source

Versioning.

1:35 PM Changeset in webkit [182906] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.27.1

New tag.

1:32 PM Changeset in webkit [182905] by Joseph Pecoraro
  • 5 edits in trunk/Source/WebInspectorUI

Web Inspector: Allow toggling the edibility of a DOMTreeOutline
https://bugs.webkit.org/show_bug.cgi?id=143814

Reviewed by Brian Burg.

By default a DOMTreeOutline will not be editable, but it will
provide a setter to enable editability for DOMTreeContentViews.

  • UserInterface/Views/DOMTreeContentView.js:

(WebInspector.DOMTreeContentView):
Content Views always have editable DOM trees.

  • UserInterface/Views/DOMTreeElement.js:

(WebInspector.DOMTreeElement.prototype.get editable):
(WebInspector.DOMTreeElement.prototype.onattach):
(WebInspector.DOMTreeElement.prototype.ondelete):
(WebInspector.DOMTreeElement.prototype.onenter):
(WebInspector.DOMTreeElement.prototype.ondblclick):
(WebInspector.DOMTreeElement.prototype._populateTagContextMenu):
(WebInspector.DOMTreeElement.prototype._populateTextContextMenu):
(WebInspector.DOMTreeElement.prototype._populateNodeContextMenu):
(WebInspector.DOMTreeElement.prototype._startEditing):
Do not provide editability options for shadow DOM or non-editable DOM tree.

  • UserInterface/Views/DOMTreeOutline.js:

(WebInspector.DOMTreeOutline):
(WebInspector.DOMTreeOutline.prototype.get editable):
(WebInspector.DOMTreeOutline.prototype.set editable):
New state.

  • UserInterface/Views/FormattedValue.css:

(.formatted-node > .dom-tree-outline li):
Nodes inside object trees were showing text selection when you right
clicked them. Normal selection is not possible. So force no selection.

1:32 PM Changeset in webkit [182904] by mitz@apple.com
  • 2 edits in trunk/Source/WebKit2

<rdar://problem/20575744> Also include a definition of NSd_{current deployment target} in WKFoundation.h.

Reviewed by Tim Horton.

  • WebKit2.xcodeproj/project.pbxproj:
12:59 PM Changeset in webkit [182903] by mark.lam@apple.com
  • 8 edits
    2 adds in trunk/Source/JavaScriptCore

Add JSC_functionOverrides=<overrides file> debugging tool.
https://bugs.webkit.org/show_bug.cgi?id=143717

Reviewed by Geoffrey Garen.

This tool allows us to do runtime replacement of function bodies with alternatives
for debugging purposes. For example, this is useful when we need to debug VM bugs
which manifest in scripts executing in webpages downloaded from remote servers
that we don't control. The tool allows us to augment those scripts with logging
or test code to help isolate the bugs.

This tool works by substituting the SourceCode at FunctionExecutable creation
time. It identifies which SourceCode to substitute by comparing the source
string against keys in a set of key value pairs.

The keys are function body strings defined by 'override' clauses in the overrides
file specified by in the JSC_functionOverrides option. The values are function
body strings defines by 'with' clauses in the overrides file.
See comment blob at top of FunctionOverrides.cpp on the formatting
of the overrides file.

At FunctionExecutable creation time, if the SourceCode string matches one of the
'override' keys from the overrides file, the tool will replace the SourceCode with
a new one based on the corresponding 'with' value string. The FunctionExecutable
will then be created with the new SourceCode instead.

Some design decisions:

  1. We opted to require that the 'with' clause appear on a separate line than the 'override' clause because this makes it easier to read and write when the 'override' clause's function body is single lined and long.
  1. The user can use any sequence of characters for the delimiter (except for '{', '}' and white space characters) because this ensures that there can always be some delimiter pattern that does not appear in the function body in the clause e.g. in the body of strings in the JS code.

'{' and '}' are disallowed because they are used to mark the boundaries of the
function body string. White space characters are disallowed because they can
be error prone (the user may not be able to tell between spaces and tabs).

  1. The start and end delimiter must be an identical sequence of characters.

I had considered allowing the use of complementary characters like <>, [], and
() for making delimiter pairs like:

[[ ... ?]]
<[([( ... )])]>

But in the end, decided against it because:

  1. These sequences of complementary characters can exists in JS code. In contrast, a repeating delimiter like %%%% is unlikely to appear in JS code.
  2. It can be error prone for the user to have to type the exact complement character for the end delimiter in reverse order. In contrast, a repeating delimiter like %%%% is much easier to type and less error prone. Even a sequence like @#$% is less error prone than a complementary sequence because it can be copy-pasted, and need not be typed in reverse order.
  3. It is easier to parse for the same delimiter string for both start and end.
  1. The tool does a lot of checks for syntax errors in the overrides file because we don't want any overrides to fail silently. If a syntax error is detected, the tool will print an error message and call exit(). This avoids the user wasting time doing debugging only to be surprised later that their specified overrides did not take effect because of some unnoticed typo.

(JSC::UnlinkedFunctionExecutable::link):

  • runtime/Executable.h:
  • runtime/Options.h:
  • tools/FunctionOverrides.cpp: Added.

(JSC::FunctionOverrides::overrides):
(JSC::FunctionOverrides::FunctionOverrides):
(JSC::initializeOverrideInfo):
(JSC::FunctionOverrides::initializeOverrideFor):
(JSC::hasDisallowedCharacters):
(JSC::parseClause):
(JSC::FunctionOverrides::parseOverridesInFile):

  • tools/FunctionOverrides.h: Added.
12:47 PM Changeset in webkit [182902] by Joseph Pecoraro
  • 5 edits in trunk/Source/WebInspectorUI

Web Inspector: Give DOM Nodes a Context Menu to Log Element to the console
https://bugs.webkit.org/show_bug.cgi?id=143813

Reviewed by Brian Burg.

Always give DOM Nodes a "Log Element" context menu to log it to the console.
This will give a $n reference, and is a convenient alternative to $0 or
the now removed $1-$9.

  • Localizations/en.lproj/localizedStrings.js:

New "Log Element" and "Selected Element" strings.

  • UserInterface/Views/DOMTreeOutline.js:

(WebInspector.DOMTreeOutline):
(WebInspector.DOMTreeOutline.prototype._contextMenuEventFired):
(WebInspector.DOMTreeOutline.prototype._updateModifiedNodes):
(WebInspector.DOMTreeOutline.prototype._populateContextMenu.revealElement):
(WebInspector.DOMTreeOutline.prototype._populateContextMenu.logElement):
(WebInspector.DOMTreeOutline.prototype._populateContextMenu):
Always include the "Log Element" context menu/

  • UserInterface/Views/FormattedValue.js:

(WebInspector.FormattedValue.createElementForNode):
This uses all the defaults.

  • UserInterface/Views/DOMTreeContentView.js:

(WebInspector.DOMTreeContentView):
This enables all the extra behavior.

12:39 PM Changeset in webkit [182901] by Chris Dumez
  • 6 edits
    2 copies
    1 add in trunk

Regression(r182517): WebSocket::suspend() causes error event to be fired
https://bugs.webkit.org/show_bug.cgi?id=143806
<rdar://problem/20559812>

Reviewed by Alexey Proskuryakov.

Source/WebCore:

WebSocket::suspend() causes an error event to be fired after r182517.
This is not allowed as firing the event could trigger arbitrary JS
execution, which is no longer allowed at this point.

This patch delays the error event firing until after
WebSocket::resume() is called, similarly to what we already do for
the close event.

Also add assertions in WebSocket::suspend() / WebSocket::resume()
that will be hit if JS events are fired from within these functions.
The pre-existing closed-when-entering-page-cache.html test is hitting
one of these assertions without the fix above.

Tests:

  • http/tests/websocket/tests/hybi/closed-when-entering-page-cache.html
  • http/tests/websocket/tests/hybi/stop-on-resume-in-error-handler.html
  • Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::suspend):
(WebCore::WebSocket::resume):
(WebCore::WebSocket::resumeTimerFired):
(WebCore::WebSocket::stop):
(WebCore::WebSocket::didReceiveMessageError):
(WebCore::WebSocket::didClose):
(WebCore::WebSocket::dispatchOrQueueEvent):

  • Modules/websockets/WebSocket.h:

LayoutTests:

  • http/tests/websocket/tests/hybi/closed-when-entering-page-cache-expected.txt:
  • http/tests/websocket/tests/hybi/closed-when-entering-page-cache.html:

Extend WebSocket PageCache test to make sure that the error event is
fired after restoring the page from the PageCache and before the close
Event is fired.

  • http/tests/websocket/tests/hybi/resources/page-cache-websocket.html: Added.
  • http/tests/websocket/tests/hybi/stop-on-resume-in-error-handler-expected.txt: Copied from LayoutTests/http/tests/websocket/tests/hybi/closed-when-entering-page-cache-expected.txt.
  • http/tests/websocket/tests/hybi/stop-on-resume-in-error-handler.html: Copied from LayoutTests/http/tests/websocket/tests/hybi/closed-when-entering-page-cache.html.

Add layout test to cover the case where WebSocket::stop() is called
while firing the pending events upon restoring the page from PageCache.

12:20 PM Changeset in webkit [182900] by roger_fong@apple.com
  • 3 edits in trunk/Source/WebCore

Adjustments to button graphics for media controls.
https://bugs.webkit.org/show_bug.cgi?id=143797.
<rdar://problem/20083708>

Reviewed by Dean Jackson.

These changes are visual in nature and mainly affect the buttons.
I've gotten rid of the text-shadow for all the buttons,
used plus-lighter blending mode and changed the button opacity to reflect the specs,
and made all the buttons turn opaque white when active.

  • Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-panel button):
(audio::-webkit-media-controls-rewind-button):
(audio::-webkit-media-controls-play-button):
(audio::-webkit-media-controls-play-button.paused):
(video::-webkit-media-controls-volume-max-button):
(video::-webkit-media-controls-volume-slider):
(video::-webkit-media-controls-volume-min-button):
(audio::-webkit-media-controls-wireless-playback-picker-button):
(audio::-webkit-media-controls-toggle-closed-captions-button):
(audio::-webkit-media-controls-closed-captions-container li.selected:hover::before):
(audio::-webkit-media-controls-fullscreen-button):
(audio::-webkit-media-controls-fullscreen-button.exit):
(audio::-webkit-media-controls-status-display):
(audio::-webkit-media-controls-timeline):
(audio::-webkit-media-controls-time-remaining-display):
(video:-webkit-full-screen::-webkit-media-controls-volume-max-button):
(video:-webkit-full-screen::-webkit-media-controls-volume-min-button):
(video:-webkit-full-screen::-webkit-media-controls-play-button):
(video:-webkit-full-screen::-webkit-media-controls-play-button.paused):
(video:-webkit-full-screen::-webkit-media-controls-seek-back-button):
(video:-webkit-full-screen::-webkit-media-controls-seek-forward-button):
(video::-webkit-media-controls-volume-max-button:active):
(video::-webkit-media-controls-volume-min-button:active):
(audio::-webkit-media-controls-toggle-closed-captions-button:active):
(audio::-webkit-media-controls-rewind-button:active):
(audio::-webkit-media-controls-play-button:active):
(video:-webkit-full-screen::-webkit-media-controls-volume-max-button:active):
(video:-webkit-full-screen::-webkit-media-controls-volume-min-button:active):
(video:-webkit-full-screen::-webkit-media-controls-play-button:active):
(video:-webkit-full-screen::-webkit-media-controls-seek-back-button:active):
(video:-webkit-full-screen::-webkit-media-controls-seek-forward-button:active):
(audio::-webkit-media-controls-fullscreen-button:active):

Using the pseudo id itself here currently does not work, which is why we rely on the button.* selector for these.
(video:-webkit-full-screen::-webkit-media-controls-panel button.paused:active):
(audio::-webkit-media-controls-panel button.paused:active):
(audio::-webkit-media-controls-panel button.exit:active):

Draw volume slider knob as opaque white when active.
Adjust colors of timeline and volume sliders now that we are using plus-lighter blending.

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller):
(Controller.prototype.createControls):
(Controller.prototype.handleVolumeSliderMouseDown):
(Controller.prototype.handleVolumeSliderMouseUp):
(Controller.prototype.drawTimelineBackground):
(Controller.prototype.drawVolumeBackground):

12:15 PM Changeset in webkit [182899] by commit-queue@webkit.org
  • 24 edits
    2 adds in trunk

Extract the allocation profile from JSFunction into a rare object
https://bugs.webkit.org/show_bug.cgi?id=143807
.:

Patch by Basile Clement <basile_clement@apple.com> on 2015-04-16
Reviewed by Filip Pizlo.

  • WebKit.xcworkspace/contents.xcworkspacedata:

Source/JavaScriptCore:

Patch by Basile Clement <basile_clement@apple.com> on 2015-04-16
Reviewed by Filip Pizlo.

The allocation profile is only needed for those functions that are used
to create objects with [new].
Extracting it into its own JSCell removes the need for JSFunction and
JSCallee to be JSDestructibleObjects, which should improve performances in most
cases at the cost of an extra pointer dereference when the allocation profile
is actually needed.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGOperations.cpp:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_create_this):

  • jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_create_this):

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/FunctionRareData.cpp: Added.

(JSC::FunctionRareData::create):
(JSC::FunctionRareData::destroy):
(JSC::FunctionRareData::createStructure):
(JSC::FunctionRareData::visitChildren):
(JSC::FunctionRareData::FunctionRareData):
(JSC::FunctionRareData::~FunctionRareData):
(JSC::FunctionRareData::finishCreation):

  • runtime/FunctionRareData.h: Added.

(JSC::FunctionRareData::offsetOfAllocationProfile):
(JSC::FunctionRareData::allocationProfile):
(JSC::FunctionRareData::allocationStructure):
(JSC::FunctionRareData::allocationProfileWatchpointSet):

  • runtime/JSBoundFunction.cpp:

(JSC::JSBoundFunction::destroy): Deleted.

  • runtime/JSBoundFunction.h:
  • runtime/JSCallee.cpp:

(JSC::JSCallee::destroy): Deleted.

  • runtime/JSCallee.h:
  • runtime/JSFunction.cpp:

(JSC::JSFunction::JSFunction):
(JSC::JSFunction::createRareData):
(JSC::JSFunction::visitChildren):
(JSC::JSFunction::put):
(JSC::JSFunction::defineOwnProperty):
(JSC::JSFunction::destroy): Deleted.
(JSC::JSFunction::createAllocationProfile): Deleted.

  • runtime/JSFunction.h:

(JSC::JSFunction::offsetOfRareData):
(JSC::JSFunction::rareData):
(JSC::JSFunction::allocationStructure):
(JSC::JSFunction::allocationProfileWatchpointSet):
(JSC::JSFunction::offsetOfAllocationProfile): Deleted.
(JSC::JSFunction::allocationProfile): Deleted.

  • runtime/JSFunctionInlines.h:

(JSC::JSFunction::JSFunction):

  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:
11:47 AM Changeset in webkit [182898] by Simon Fraser
  • 2 edits in trunk/Source/WebCore

Pull emoji-position adjustment code into its own function
https://bugs.webkit.org/show_bug.cgi?id=143592

Reviewed by Myles C. Maxfield.

First step to cleaning up FontCascade::drawGlyphs(). Pull iOS-only code related to
emoji positioning into its own function.

  • platform/graphics/cocoa/FontCascadeCocoa.mm:

(WebCore::pointAdjustedForEmoji):
(WebCore::FontCascade::drawGlyphs):

11:31 AM Changeset in webkit [182897] by timothy_horton@apple.com
  • 7 edits in trunk/Source/WebKit2

Provide a mechanism through the legacy SPI to know when swipe gestures begin and end
https://bugs.webkit.org/show_bug.cgi?id=143740
<rdar://problem/20468540>

Reviewed by Dan Bernstein.

In the C SPI, add three WKPageLoaderClient callbacks for the three
navigation gesture events (did begin, will end, did end).

  • UIProcess/API/C/WKPageLoaderClient.h:

Add the callbacks.

  • UIProcess/API/APILoaderClient.h:

(API::LoaderClient::navigationGestureDidBegin):
(API::LoaderClient::navigationGestureWillEnd):
(API::LoaderClient::navigationGestureDidEnd):

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::navigationGestureDidBegin):
(WebKit::WebPageProxy::navigationGestureWillEnd):
(WebKit::WebPageProxy::navigationGestureDidEnd):
Dispatch navigation gesture events to the loader client as well as
(after a bounce through the PageClient) the navigation delegate.

  • UIProcess/API/C/WKPage.cpp:

(WKPageSetPageLoaderClient):
Call the callbacks.

  • UIProcess/mac/ViewGestureController.h:
  • UIProcess/mac/ViewGestureControllerMac.mm:

(WebKit::ViewGestureController::trackSwipeGesture):
(WebKit::ViewGestureController::willEndSwipeGesture):
While we were already informing WebPageProxy of 'did begin' and 'did end'
navigation gesture events, we were missing 'will end'. Add it.

11:25 AM Changeset in webkit [182896] by timothy_horton@apple.com
  • 8 edits in trunk/Source/WebKit2

Dispatching multiple asynchronous animated resizes in parallel causes page scale to detach from reality
https://bugs.webkit.org/show_bug.cgi?id=143812
<rdar://problem/19866038>

Reviewed by Simon Fraser.

  • Shared/VisibleContentRectUpdateInfo.h:

(WebKit::VisibleContentRectUpdateInfo::VisibleContentRectUpdateInfo):
No cats in transaction (more of these below, too).

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in:
  • UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::dynamicViewportSizeUpdate):
(WebKit::WebPageProxy::dynamicViewportUpdateChangedTarget):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::handleTap):
(WebKit::WebPage::commitPotentialTap):
(WebKit::WebPage::dynamicViewportSizeUpdate):
Add an incrementing ID to dynamicViewportSizeUpdates. The UI process keeps
the current ID, and it is bounced through the Web process (dynamicViewportSizeUpdates)
back to the UI process (dynamicViewportUpdateChangedTarget). If we have
dispatched another dynamicViewportSizeUpdate in the interim, ignore
the intermediate target.

10:44 AM Changeset in webkit [182895] by Antti Koivisto
  • 5 edits in trunk/Source/WTF

Use CommonCrypto for SHA1 and MD5
https://bugs.webkit.org/show_bug.cgi?id=143826

Reviewed by Anders Carlsson.

CommonCrypto SHA1 implementation is ~4x faster than the naive WTF one. Use it when available.

These are covered by existing API tests.

  • wtf/MD5.cpp:

(WTF::MD5::MD5):
(WTF::MD5::addBytes):
(WTF::MD5::checksum):

  • wtf/MD5.h:
  • wtf/SHA1.cpp:

(WTF::SHA1::SHA1):
(WTF::SHA1::addBytes):
(WTF::SHA1::computeHash):

Remove the side effect where computeHash resets the state. No one relies on it.

(WTF::SHA1::hexDigest):
(WTF::SHA1::computeHexDigest):

  • wtf/SHA1.h:
10:32 AM Changeset in webkit [182894] by mmaxfield@apple.com
  • 10 edits in trunk

[iOS] Delete hardcoded font fallback tables
https://bugs.webkit.org/show_bug.cgi?id=143583

Reviewed by Darin Adler

Source/WebCore:

Instead of hardcoding which font to use for a particular character, use
CTFontCreatePhysicalFontDescriptorForCharactersWithLanguage().

Updated test expected results:

editing/selection/vertical-rl-rtl-extend-line-backward-br.html
editing/selection/vertical-rl-rtl-extend-line-backward-p.html
editing/selection/vertical-rl-rtl-extend-line-forward-br.html
editing/selection/vertical-rl-rtl-extend-line-forward-p.html
fast/text/international/danda-space.html
fast/text/international/thai-baht-space.html

  • platform/graphics/ios/FontCacheIOS.mm:

(WebCore::FontCache::getSystemFontFallbackForCharacters):
(WebCore::FontCache::systemFallbackForCharacters):

  • platform/spi/cocoa/CoreTextSPI.h:

LayoutTests:

Updating expected results.

  • editing/selection/vertical-rl-rtl-extend-line-backward-br.html: Updating expected results
  • editing/selection/vertical-rl-rtl-extend-line-backward-p.html: Updating expected results
  • editing/selection/vertical-rl-rtl-extend-line-forward-br.html: Updating expected results
  • editing/selection/vertical-rl-rtl-extend-line-forward-p.html: Updating expected results
  • fast/text/international/danda-space.html: Updating expected results
  • fast/text/international/thai-baht-space.html: Updating expected results
10:30 AM Changeset in webkit [182893] by ap@apple.com
  • 12 edits in trunk/LayoutTests

More flaky tests in http/tests/security/mixedContent
https://bugs.webkit.org/show_bug.cgi?id=143804

Reviewed by Csaba Osztrogonác.

Start secondary window loading in onload, so that it doesn't race with main document
finishing to load.

  • http/tests/security/mixedContent/about-blank-iframe-in-main-frame-expected.txt:
  • http/tests/security/mixedContent/about-blank-iframe-in-main-frame.html:
  • http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html:
  • http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt:
  • http/tests/security/mixedContent/insecure-iframe-in-main-frame.html:
  • http/tests/security/mixedContent/insecure-image-in-main-frame.html:
  • http/tests/security/mixedContent/insecure-xhr-in-main-frame.html:
  • http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt:
  • http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame.html:
  • http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt:
  • http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html:
10:28 AM Changeset in webkit [182892] by commit-queue@webkit.org
  • 6 edits in trunk/Source/WebKit2

Remove PluginController::isPluginVisible().
https://bugs.webkit.org/show_bug.cgi?id=143830

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-04-16
Reviewed by Darin Adler.

PluginController::isPluginVisible() was introduced by http://webkit.org/b/60285.
This method had been used only for WebKit2 on Windows, and no one uses it now.
So we can remove it.

No new tests, no behavior change.

  • PluginProcess/PluginControllerProxy.cpp:

(WebKit::PluginControllerProxy::isPluginVisible): Deleted.

  • PluginProcess/PluginControllerProxy.h:
  • WebProcess/Plugins/PluginController.h:
  • WebProcess/Plugins/PluginView.cpp:

(WebKit::PluginView::isPluginVisible): Deleted.

  • WebProcess/Plugins/PluginView.h:
10:03 AM Changeset in webkit [182891] by peavo@outlook.com
  • 2 edits in trunk/Source/WebCore

[WinCairo] Compile error when environment variable WEBKITLIBRARIESDIR is not defined.
https://bugs.webkit.org/show_bug.cgi?id=143828

Reviewed by Brent Fulgham.

Python throws an exception when calling os.environWEBKITLIBRARIESDIR? and
WEBKITLIBRARIESDIR is not defined. WEBKITLIBRARIESDIR is obsolete, we can remove it.

  • AVFoundationSupport.py:

(lookFor):

9:53 AM Changeset in webkit [182890] by Csaba Osztrogonác
  • 4 edits in trunk/Source

Remove the unnecessary WTF_CHANGES define
https://bugs.webkit.org/show_bug.cgi?id=143825

Reviewed by Andreas Kling.

  • config.h:
9:19 AM Changeset in webkit [182889] by ap@apple.com
  • 4 edits in trunk/Source/WebCore

Minor AudioContext cleanup
https://bugs.webkit.org/show_bug.cgi?id=143816

Reviewed by Jer Noble.

  • Modules/webaudio/AudioContext.cpp:

(WebCore::AudioContext::~AudioContext):
(WebCore::AudioContext::lazyInitialize):
(WebCore::AudioContext::stop):
(WebCore::AudioContext::derefNode):
(WebCore::AudioContext::scheduleNodeDeletion):
(WebCore::AudioContext::deleteMarkedNodes):
(WebCore::AudioContext::stopDispatch): Deleted.
(WebCore::AudioContext::deleteMarkedNodesDispatch): Deleted.

  • Modules/webaudio/AudioContext.h:
  • Modules/webaudio/AudioNode.cpp: (WebCore::AudioNode::~AudioNode):
8:43 AM Changeset in webkit [182888] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Remove unnecessary intermediate object from DOMTreeOutline
https://bugs.webkit.org/show_bug.cgi?id=143811

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-04-16
Reviewed by Brian Burg.

  • UserInterface/Views/DOMTreeOutline.js:

(WebInspector.DOMTreeOutline):
(WebInspector.DOMTreeOutline.prototype._selectedNodeChanged):
(WebInspector.DOMTreeOutline.prototype.addEventListener): Deleted.
(WebInspector.DOMTreeOutline.prototype.removeEventListener): Deleted.
This object used to be used to handle event dispatching, but
TreeOutlines themselves are now WebInspector.Objects so we
can remove the intermediary.

8:18 AM Changeset in webkit [182887] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Unreviewed attempt to fix Windows build after r182881.

Add missing header include.

  • page/PageConsoleClient.h:
6:55 AM Changeset in webkit [182886] by Gyuyoung Kim
  • 2 edits in trunk/Source/WebKit2

[EFL] Disable a flaky ewk_context_network_process_model() API test
https://bugs.webkit.org/show_bug.cgi?id=143824

Reviewed by Csaba Osztrogonác.

ewk_context_network_process_model has been often failed. Though Bug 142967
was filed to fix this issue, it is not solved yet. To maintain EFL bot, this patch
disables it until fixing it.

  • UIProcess/API/efl/tests/test_ewk2_context.cpp:

(TEST_F):

6:39 AM Changeset in webkit [182885] by Csaba Osztrogonác
  • 6 edits
    1 add
    2 deletes in trunk

[EFL] Bump LLVM to version 3.6.0 on X86_64
https://bugs.webkit.org/show_bug.cgi?id=143604

Reviewed by Gyuyoung Kim.

.:

  • Source/cmake/FindLLVM.cmake: Added version handling.
  • Source/cmake/OptionsEfl.cmake: Require LLVM 3.6.0 on X86_64 and patched LLVM 3.5.0 on AArch64.

Tools:

  • efl/jhbuild.modules:
  • efl/patches/llvm-elf-add-stackmaps-arm64.patch: Added the necessary part of llvm-elf-add-stackmaps.patch.
  • efl/patches/llvm-elf-add-stackmaps.patch: Removed, it is included in LLVM 3.6.0 release.
  • efl/patches/llvm-elf-allow-fde-references-outside-the-2gb-range.patch: Removed, it is included in LLVM 3.6.0 release.
  • efl/patches/llvm-version-arm64.patch: Added. Set PACKAGE_VERSION to "3.5.0ftl" to be able to ensure we use patched LLVM on AArch64.
6:37 AM Changeset in webkit [182884] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebKit2

[WK2] Forwarding headers generator shouldn't generate unnecessary headers
https://bugs.webkit.org/show_bug.cgi?id=143820

Reviewed by Carlos Garcia Campos.

  • Scripts/generate-forwarding-headers.pl:

(collectNeededHeaders):

6:27 AM Changeset in webkit [182883] by Csaba Osztrogonác
  • 2 edits in trunk/Tools

[EFL] Remove an unnecessary workaround from jhbuildrc
https://bugs.webkit.org/show_bug.cgi?id=143823

Reviewed by Gyuyoung Kim.

  • efl/jhbuildrc:
4:46 AM Changeset in webkit [182882] by Csaba Osztrogonác
  • 5 edits in trunk

[GTK] Run forwarding headers generator unconditionally
https://bugs.webkit.org/show_bug.cgi?id=143819

Reviewed by Carlos Garcia Campos.

Source/WebKit2:

  • PlatformGTK.cmake:

Tools:

  • TestWebKitAPI/PlatformGTK.cmake:
  • WebKitTestRunner/PlatformGTK.cmake:
12:47 AM Changeset in webkit [182881] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Tests introduced in r182877 are flaky
https://bugs.webkit.org/show_bug.cgi?id=143784

Reviewed by Alexey Proskuryakov.

Tests introduced in r182877 are flaky as the line number sometimes
appears in the console messages. This patch updates the console
logging code so that no Document is provided when logging. Therefore,
no line number will ever be displayed. In this case, I don't think
having the line number is terribly useful anyway.

  • css/StyleSheetContents.cpp:

(WebCore::StyleSheetContents::parseAuthorStyleSheet):

Apr 15, 2015:

10:59 PM Changeset in webkit [182880] by Simon Fraser
  • 3 edits in trunk/Source/WebCore

We should dump GraphicsLayer's anchorPoint z component
https://bugs.webkit.org/show_bug.cgi?id=143815

Reviewed by Tim Horton.

We didn't include the z component of a layer's anchor point when dumping.
Dump if it's non-zero (to avoid having to change lots of test output).
No test with non-zero z appears to dump layers.

  • platform/graphics/GraphicsLayer.cpp:

(WebCore::GraphicsLayer::dumpProperties):

  • rendering/style/RenderStyle.cpp:

(WebCore::requireTransformOrigin): Remove a FIXME which, on further consideration,
is wrong.

8:57 PM Changeset in webkit [182879] by Brent Fulgham
  • 6 edits in trunk/Source

[Mac] Disable "Save to Downloads" option for local files
https://bugs.webkit.org/show_bug.cgi?id=143794

Reviewed by Tim Horton.

Disable the Image and Media download options if the download
target is a local file. We can only download web resources;
anything else is actually a no-op.

Source/WebCore:

  • page/ContextMenuController.cpp:

(WebCore::ContextMenuController::checkOrEnableIfNeeded): Disable
menu item if appropriate.

Source/WebKit/mac:

  • WebView/WebActionMenuController.mm:

(-[WebActionMenuController _defaultMenuItemsForImage]):
(-[WebActionMenuController _defaultMenuItemsForVideo]):

Source/WebKit2:

  • UIProcess/mac/WKActionMenuController.mm:

(-[WKActionMenuController _defaultMenuItemsForVideo]):
(-[WKActionMenuController _defaultMenuItemsForImage]):

8:40 PM Changeset in webkit [182878] by akling@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

Make MarkedBlock and WeakBlock 4x smaller.
<https://webkit.org/b/143802>

Reviewed by Mark Hahnenberg.

To reduce GC heap fragmentation and generally use less memory, reduce the size of MarkedBlock
and its buddy WeakBlock by 4x, bringing them from 64kB+4kB to 16kB+1kB.

In a sampling of cool web sites, I'm seeing ~8% average reduction in overall GC heap size.
Some examples:

apple.com: 6.3MB -> 5.5MB (14.5% smaller)

reddit.com: 4.5MB -> 4.1MB ( 9.7% smaller)

twitter.com: 23.2MB -> 21.4MB ( 8.4% smaller)

cuteoverload.com: 24.5MB -> 23.6MB ( 3.8% smaller)

Benchmarks look mostly neutral.
Some small slowdowns on Octane, some slightly bigger speedups on Kraken and SunSpider.

  • heap/MarkedBlock.h:
  • heap/WeakBlock.h:
  • llint/LLIntData.cpp:

(JSC::LLInt::Data::performAssertions):

  • llint/LowLevelInterpreter.asm:
7:53 PM Changeset in webkit [182877] by Chris Dumez
  • 12 edits
    16 adds
    2 deletes in trunk

Add a console message when a stylesheet is not parsed due to invalid MIME type
https://bugs.webkit.org/show_bug.cgi?id=143784

Reviewed by Joseph Pecoraro.

Source/WebCore:

After r180020, we no longer have a quirks mode exception for CSS MIME
types. This means that we'll start rejecting stylesheets that were
previously accepted due to this quirk. In this case we log a console
message to help Web developers understand why their stylesheet is being
rejected.

  • css/StyleRuleImport.cpp:

(WebCore::StyleRuleImport::setCSSStyleSheet):

  • css/StyleSheetContents.cpp:

(WebCore::StyleSheetContents::parseAuthorStyleSheet):

  • Initialize hasValidMIMEType to true so that it ends up being false only when canUseSheet(hasValidMIMEType) is called and we've determined the MIME type is indeed invalid. Otherwise, hasValidMIMEType would also be false when m_data is null or empty in CachedCSSStyleSheet::sheetText() and we don't want to display the MIME type error in this case.
  • If hasValidMIMEType is false, display the console message and abort early. We don't need to execute the rest of the function in this case as sheetText is a null String and there is no point in trying to parse it.
  • Drop handling of !hasValidMIMEType && !hasSyntacticallyValidCSSHeader() as this can no longer be reached. This handling no longer makes sense after r180020 as sheetText() will now always return a null String if the MIME type is invalid (as we no longer support the CSS MIME type quirks mode).
  • css/StyleSheetContents.h:
  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::setCSSStyleSheet):

LayoutTests:

Update expectations for tests that are using stylesheets served with wrong
MIME type as we now display a console message in this case.

  • http/tests/inspector/css/bad-mime-type-expected.txt:
  • http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-and-css-extension-expected.txt:
  • http/tests/mime/standard-mode-does-not-load-stylesheet-with-text-plain-expected.txt:
  • http/tests/misc/css-accept-any-type-expected.txt:
  • http/tests/misc/css-reject-any-type-in-strict-mode-expected.txt:
  • http/tests/security/cross-origin-css-1-expected.txt: Added.
  • http/tests/security/cross-origin-css-1.html: Added.
  • http/tests/security/cross-origin-css-2-expected.txt: Added.
  • http/tests/security/cross-origin-css-2.html: Added.
  • http/tests/security/cross-origin-css-3-expected.txt: Added.
  • http/tests/security/cross-origin-css-3.html: Added.
  • http/tests/security/cross-origin-css-4-expected.txt: Added.
  • http/tests/security/cross-origin-css-4.html: Added.
  • http/tests/security/cross-origin-css-5-expected.txt: Added.
  • http/tests/security/cross-origin-css-5.html: Added.
  • http/tests/security/cross-origin-css-6-expected.txt: Added.
  • http/tests/security/cross-origin-css-6.html: Added.
  • http/tests/security/cross-origin-css-7-expected.txt: Added.
  • http/tests/security/cross-origin-css-7.html: Added.
  • http/tests/security/cross-origin-css-8-expected.txt: Added.
  • http/tests/security/cross-origin-css-8.html: Added.
  • http/tests/security/cross-origin-css-expected.txt: Removed.
  • http/tests/security/cross-origin-css.html: Removed.

Split http/tests/security/cross-origin-css.html into several tests. The
test would be flaky otherwise as console messages could appear in
different order for every run.

  • platform/mac/http/tests/misc/acid3-expected.txt:
7:50 PM Changeset in webkit [182876] by Said Abou-Hallawa
  • 4 edits
    4 adds in trunk

Minimum font size pref breaks SVG text very badly.
https://bugs.webkit.org/show_bug.cgi?id=143590.

Reviewed by Simon Fraser.

Source/WebCore:

When enabling the minimum font size perf, the computed font size is set
to the minimum font size if the computed value is smaller than the minimum.
The bug happens because the SVG text element applies its scaling on the
computed value after applying the minimum fort size rule. This means the
final computed value for the font size will be the scaling of the minimum
font size and not minimum font size itself. What we need is to postpone
applying the minimum font size rules, till the SVG scaling is applied.

Tests: svg/text/font-small-enlarged-minimum-larger.svg

svg/text/font-small-enlarged-minimum-smaller.svg

  • rendering/svg/RenderSVGInlineText.cpp:

(WebCore::RenderSVGInlineText::computeNewScaledFontForStyle): Call
computedFontSizeFromSpecifiedSizeForSVGInlineText() even if scalingFactor
is 1. We need to make sure the minimum font size rules are applied. This
function was assuming the mininum font size rule was applied when resolving
the style. This is not true anymore for the SVG text.

  • style/StyleFontSizeFunctions.cpp:

(WebCore::Style::computedFontSizeFromSpecifiedSize): Do not apply the
minimum size rules for the SVG element until it applies its scaling to
the font size.

LayoutTests:

When enabling the minimum font size perf, the SVG text element should
apply the minimum font size rules on the scaled font.

  • svg/text/font-small-enlarged-minimum-larger-expected.svg: Added.
  • svg/text/font-small-enlarged-minimum-larger.svg: Added.

Minimum font size is larger than the scaled font size. Also the expected
file makes sure the minimum font size rules are still applied if no scaling
is applied.

  • svg/text/font-small-enlarged-minimum-smaller-expected.svg: Added.
  • svg/text/font-small-enlarged-minimum-smaller.svg: Added.

Minimum font size is smaller than the scaled font size. So the minimim font
size rule should not have any effect on the final computed font size.

7:25 PM Changeset in webkit [182875] by andersca@apple.com
  • 4 edits in trunk/Source/WebKit2

Make websiteDataStore on WKWebViewConfiguration public
https://bugs.webkit.org/show_bug.cgi?id=143810

Reviewed by Dan Bernstein.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView initWithFrame:configuration:]):

  • UIProcess/API/Cocoa/WKWebViewConfiguration.h:
  • UIProcess/API/Cocoa/WKWebViewConfiguration.mm:

(-[WKWebViewConfiguration copyWithZone:]):
(-[WKWebViewConfiguration websiteDataStore]):
(-[WKWebViewConfiguration setWebsiteDataStore:]):
(-[WKWebViewConfiguration _websiteDataStore]):
(-[WKWebViewConfiguration _setWebsiteDataStore:]):

5:45 PM Changeset in webkit [182874] by Gyuyoung Kim
  • 3 edits in trunk/Tools

[EFL] Add gnutls to jhbuild.module
https://bugs.webkit.org/show_bug.cgi?id=143777

Reviewed by Csaba Osztrogonác.

EFL port has required at least 3.0.0 version of gnutls since r176712.
However some old linux distributions don't support 3.0.0 version. Besides
other projects sometimes need to use lower version of gnutls.

This patch supports to download gnutls through jhbuild, and use it.

  • efl/install-dependencies: Add nettle-dev dependency and remove libgnutls28-dev.
  • efl/jhbuild.modules: Download 3.3 version because 3.3 version is stable version.
5:45 PM Changeset in webkit [182873] by andersca@apple.com
  • 8 edits
    2 copies
    1 move in trunk/Source/WebKit2

Make WKWebsiteDataStore public
https://bugs.webkit.org/show_bug.cgi?id=143805

Reviewed by Dan Bernstein.

Rename the current _WKWebsiteDataStore to WKWebsiteDataStore. Make init unavailable and tighten up the
types of the defaultDataStore and nonPersistentDataStore class methods.

Add a new _WKWebsiteDataStore @interface and @implementation that derives from WKWebsiteDataStore
and forwards the defaultDataStore and nonPersistentDataStore method calls.

  • Shared/API/Cocoa/WebKit.h:
  • Shared/Cocoa/APIObject.mm:

(API::Object::newObject):

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView initWithFrame:configuration:]):

  • UIProcess/API/Cocoa/WKWebViewConfiguration.mm:

(-[WKWebViewConfiguration _websiteDataStore]):

  • UIProcess/API/Cocoa/WKWebsiteDataStore.h: Copied from Source/WebKit2/UIProcess/API/Cocoa/_WKWebsiteDataStore.h.
  • UIProcess/API/Cocoa/WKWebsiteDataStore.mm: Copied from Source/WebKit2/UIProcess/API/Cocoa/_WKWebsiteDataStore.mm.

(+[WKWebsiteDataStore defaultDataStore]):
(+[WKWebsiteDataStore nonPersistentDataStore]):
(-[WKWebsiteDataStore dealloc]):
(-[WKWebsiteDataStore isNonPersistent]):
(toSystemClockTime):
(-[WKWebsiteDataStore fetchDataRecordsOfTypes:completionHandler:]):
(-[WKWebsiteDataStore removeDataOfTypes:modifiedSince:completionHandler:]):
(toWebsiteDataRecords):
(-[WKWebsiteDataStore removeDataOfTypes:forDataRecords:completionHandler:]):
(-[WKWebsiteDataStore _apiObject]):

  • UIProcess/API/Cocoa/WKWebsiteDataStoreInternal.h: Renamed from Source/WebKit2/UIProcess/API/Cocoa/_WKWebsiteDataStoreInternal.h.

(WebKit::wrapper):

  • UIProcess/API/Cocoa/_WKWebsiteDataStore.h:
  • UIProcess/API/Cocoa/_WKWebsiteDataStore.mm:

(+[_WKWebsiteDataStore defaultDataStore]):
(+[_WKWebsiteDataStore nonPersistentDataStore]):
(-[_WKWebsiteDataStore dealloc]): Deleted.
(-[_WKWebsiteDataStore isNonPersistent]): Deleted.
(toWebsiteDataTypes): Deleted.
(toSystemClockTime): Deleted.
(-[_WKWebsiteDataStore removeDataOfTypes:modifiedSince:completionHandler:]): Deleted.
(-[_WKWebsiteDataStore _apiObject]): Deleted.

  • WebKit2.xcodeproj/project.pbxproj:
5:15 PM Changeset in webkit [182872] by commit-queue@webkit.org
  • 5 edits in trunk

String.prototype.startsWith/endsWith/includes have wrong length in r182673
https://bugs.webkit.org/show_bug.cgi?id=143659

Patch by Jordan Harband <ljharb@gmail.com> on 2015-04-15
Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Fix lengths of String.prototype.{includes,startsWith,endsWith} per spec
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-string.prototype.includes
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-string.prototype.startswith
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-string.prototype.endswith

  • runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):

LayoutTests:

  • js/script-tests/string-includes.js:
  • js/string-includes-expected.txt:
5:10 PM Changeset in webkit [182871] by mark.lam@apple.com
  • 13 edits
    4 deletes in trunk

Remove obsolete VMInspector debugging tool.
https://bugs.webkit.org/show_bug.cgi?id=143798

Reviewed by Michael Saboff.

Source/JavaScriptCore:

I added the VMInspector tool 3 years ago to aid in VM hacking work. Some of it
has bit rotted, and now the VM also has better ways to achieve its functionality.
Hence this code is now obsolete and should be removed.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • interpreter/CallFrame.h:
  • interpreter/VMInspector.cpp: Removed.
  • interpreter/VMInspector.h: Removed.
  • llint/LowLevelInterpreter.cpp:

Source/WebCore:

No new tests needed. Just removing obsolete code.

  • ForwardingHeaders/interpreter/VMInspector.h: Removed.

Tools:

  • TestWebKitAPI/CMakeLists.txt:
  • TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.vcxproj:
  • TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.vcxproj.filters:
  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/JavaScriptCore/VMInspector.cpp: Removed.
4:21 PM Changeset in webkit [182870] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: InspectorTest frontend console methods redirected to the frontend are wrong
https://bugs.webkit.org/show_bug.cgi?id=143801

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-04-15
Reviewed by Brian Burg.

  • UserInterface/Base/Test.js:

(InspectorTest.evaluateInPage):
Properly if check for the existence of an agent.

(global):
Properly hook up console redirect handlers so they
will output the right type and arguments strings.

4:21 PM Changeset in webkit [182869] by timothy_horton@apple.com
  • 7 edits
    1 add in trunk

Custom CSS cursors do not use -webkit-image-set on retina displays
https://bugs.webkit.org/show_bug.cgi?id=120783
.:

Reviewed by Beth Dakin.

Add a manual test for custom CSS cursors on retina displays.

  • ManualTests/retina-cursors.html: Added.

Source/WebCore:

<rdar://problem/14921432>

Reviewed by Beth Dakin.

Scale NSCursor images correctly so custom CSS cursors work with
-webkit-image-set on retina displays.

  • WebCore.exp.in:
  • page/EventHandler.cpp:

(WebCore::EventHandler::selectCursor):

  • platform/mac/CursorMac.mm:

(WebCore::createCustomCursor):
(WebCore::Cursor::ensurePlatformCursor):

Source/WebKit2:

Reviewed by Beth Dakin.

Serialize the cursor image scale for SetCursor messages so custom
CSS cursors work with -webkit-image-set on retina displays.

  • Shared/WebCoreArgumentCoders.cpp:

(CoreIPC::ArgumentCoder<Cursor>::encode):
(CoreIPC::ArgumentCoder<Cursor>::decode):

4:14 PM Changeset in webkit [182868] by commit-queue@webkit.org
  • 5 edits in trunk

Math.imul has wrong length in Safari 8.0.4
https://bugs.webkit.org/show_bug.cgi?id=143658

Patch by Jordan Harband <ljharb@gmail.com> on 2015-04-15
Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Correcting function length from 1, to 2, to match spec
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-math.imul

  • runtime/MathObject.cpp:

(JSC::MathObject::finishCreation):

LayoutTests:

  • js/script-tests/math.js:
4:09 PM Changeset in webkit [182867] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Handle all possible Console message Source types in IssueMessage
https://bugs.webkit.org/show_bug.cgi?id=143803

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-04-15
Reviewed by Brian Burg.

  • UserInterface/Models/IssueMessage.js:

(WebInspector.IssueMessage):
Update the switch to handle all possible console message sources.
"wml" was legacy and no longer supported.

3:56 PM Changeset in webkit [182866] by ap@apple.com
  • 5 edits in trunk/Source/WebCore

No thread safety when passing ThreadableLoaderOptions from a worker thread
https://bugs.webkit.org/show_bug.cgi?id=143790

Reviewed by Geoffrey Garen.

  • loader/ThreadableLoader.h:
  • loader/ThreadableLoader.cpp: (WebCore::ThreadableLoaderOptions::isolatedCopy): Added.
  • loader/WorkerThreadableLoader.cpp:

(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Don't just send
a structure with strings to a different thread, that's bad.

  • platform/CrossThreadCopier.h: I think that this is dead code, but for this bug,

just removing a clearly wrong specialization.

3:45 PM Changeset in webkit [182865] by achristensen@apple.com
  • 16 edits in trunk

Progress towards CMake on Mac.
https://bugs.webkit.org/show_bug.cgi?id=143785

Reviewed by Csaba Osztrogonác.

.:

  • CMakeLists.txt:
  • Source/cmake/OptionsMac.cmake:
  • Source/cmake/WebKitFS.cmake:

Source/WebCore:

  • CMakeLists.txt:
  • PlatformMac.cmake:

Source/WebKit:

  • PlatformMac.cmake:

Source/WebKit/mac:

  • WebView/WebPDFDocumentExtras.mm:
  • WebView/WebPDFView.mm:

Source/WebKit2:

  • CMakeLists.txt:
  • PlatformEfl.cmake:
  • PlatformGTK.cmake:
3:35 PM Changeset in webkit [182864] by dbates@webkit.org
  • 4 edits in trunk/Source/WebCore

Clean up: Have SVGTextLayoutEngine::beginTextPathLayout() take a reference to a
RenderSVGTextPath instead of a pointer
https://bugs.webkit.org/show_bug.cgi?id=143787

Reviewed by Andreas Kling.

SVGTextLayoutEngine::beginTextPathLayout() assumes that the passed RenderObject is a
non-null pointer to a RenderSVGTextPath object. Instead we should have this function take a
reference to a RenderSVGTextPath object to help callers catch bad usage and better document
the expectation of a valid RenderSVGTextPath object.

  • rendering/svg/SVGRootInlineBox.cpp:

(WebCore::SVGRootInlineBox::layoutCharactersInTextBoxes): Downcast the renderer of the
inline box to a RenderSVGTextPath object and pass it to SVGTextLayoutEngine::beginTextPathLayout().
We ensured that this cast is safe earlier in this function.
SVGTextLayoutEngine::beginTextPathLayout().

  • rendering/svg/SVGTextLayoutEngine.cpp:

(WebCore::SVGTextLayoutEngine::beginTextPathLayout): Change type of first parameter from
RenderObject* to RenderSVGTextPath. Remove ASSERT() that was checking for a non-null
RenderObject pointer since we are passing the renderer by reference and a well-formed
reference must refer to a valid object.

  • rendering/svg/SVGTextLayoutEngine.h: Substitute RenderSVGTextPath& for RenderObject*.
2:49 PM Changeset in webkit [182863] by commit-queue@webkit.org
  • 5 edits in trunk

Number.parseInt in nightly r182673 has wrong length
https://bugs.webkit.org/show_bug.cgi?id=143657

Patch by Jordan Harband <ljharb@gmail.com> on 2015-04-15
Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Correcting funciton length from 1, to 2, to match spec
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-number.parseint

  • runtime/NumberConstructor.cpp:

(JSC::NumberConstructor::finishCreation):

LayoutTests:

  • js/number-constructor-expected.txt:
  • js/script-tests/number-constructor.js:
2:48 PM Changeset in webkit [182862] by andersca@apple.com
  • 6 edits
    1 copy
    2 moves in trunk/Source/WebKit2

Make WKWebsiteDataRecord public
https://bugs.webkit.org/show_bug.cgi?id=143796

Reviewed by Dan Bernstein.

Rename _WKWebsiteDataRecord and associated files to WKWebsiteDataRecord and
add a new _WKWebsiteDataRecord.h with a class @interface declaration that just
inherits from WKWebsiteDataRecord. We don't need an @implementation since nobody is expected
to allocate _WKWebsiteDataRecord objects.

  • Shared/API/Cocoa/WebKit.h:
  • Shared/Cocoa/APIObject.mm:

(API::Object::newObject):

  • UIProcess/API/Cocoa/WKWebsiteDataRecord.h: Copied from Source/WebKit2/UIProcess/API/Cocoa/_WKWebsiteDataRecord.h.
  • UIProcess/API/Cocoa/WKWebsiteDataRecord.mm: Renamed from Source/WebKit2/UIProcess/API/Cocoa/_WKWebsiteDataRecord.mm.

(-[WKWebsiteDataRecord dealloc]):
(dataTypesToString):
(-[WKWebsiteDataRecord description]):
(-[WKWebsiteDataRecord displayName]):
(-[WKWebsiteDataRecord dataTypes]):
(-[WKWebsiteDataRecord _apiObject]):

  • UIProcess/API/Cocoa/WKWebsiteDataRecordInternal.h: Renamed from Source/WebKit2/UIProcess/API/Cocoa/_WKWebsiteDataRecordInternal.h.

(WebKit::wrapper):
(WebKit::toWebsiteDataTypes):
(WebKit::toWKWebsiteDataTypes):

  • UIProcess/API/Cocoa/_WKWebsiteDataRecord.h:
  • UIProcess/API/Cocoa/_WKWebsiteDataStore.mm:

(toWebsiteDataRecords):

  • WebKit2.xcodeproj/project.pbxproj:
2:38 PM Changeset in webkit [182861] by bshafiei@apple.com
  • 3 edits in tags/Safari-601.1.27/Source/WebKit2

Merged r182846. rdar://problem/20549298

1:59 PM Changeset in webkit [182860] by jer.noble@apple.com
  • 16 edits in trunk/Source

[Fullscreen] ChromeClient::exitVideoFullscreen() should take a pointer to a HTMLVideoElement.
https://bugs.webkit.org/show_bug.cgi?id=143674

Reviewed by Darin Adler.

Source/WebCore:

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::enterFullscreen): Pass a reference.
(WebCore::HTMLMediaElement::exitFullscreen): exitVideoFullscreen() -> exitVideoFullscreenForVideoElement(...).

  • page/ChromeClient.h:

Source/WebKit/mac:

  • WebCoreSupport/WebChromeClient.h:
  • WebCoreSupport/WebChromeClient.mm:

(WebChromeClient::enterVideoFullscreenForVideoElement): Takes a reference.
(WebChromeClient::exitVideoFullscreenForVideoElement): Renamed from exitVideoFullscreen().
(WebChromeClient::exitVideoFullscreen): Deleted.

Source/WebKit/win:

  • WebCoreSupport/WebChromeClient.cpp:

(WebChromeClient::enterVideoFullscreenForVideoElement): Takes a reference.
(WebChromeClient::exitVideoFullscreenForVideoElement): Renamed from exitVideoFullscreen().
(WebChromeClient::exitVideoFullscreen): Deleted.

  • WebCoreSupport/WebChromeClient.h:
  • WebView.cpp:

(WebView::enterVideoFullscreenForVideoElement): Takes a reference.
(WebView::exitVideoFullscreenForVideoElement): Renamed from exitVideoFullscreen().
(WebView::exitVideoFullscreen): Deleted.

  • WebView.h:

Source/WebKit2:

  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::enterVideoFullscreenForVideoElement): Takes a reference.
(WebKit::WebChromeClient::exitVideoFullscreenForVideoElement): Renamed from exitVideoFullscreen().
(WebKit::WebChromeClient::exitVideoFullscreen): Deleted.

  • WebProcess/WebCoreSupport/WebChromeClient.h:
  • WebProcess/ios/WebVideoFullscreenManager.h:
  • WebProcess/ios/WebVideoFullscreenManager.mm:

(WebKit::WebVideoFullscreenManager::enterVideoFullscreenForVideoElement): Ditto.
(WebKit::WebVideoFullscreenManager::exitVideoFullscreenForVideoElement): Renamed from exitVideoFullscreen().
(WebKit::WebVideoFullscreenManager::didEnterFullscreen): Pass a reference.
(WebKit::WebVideoFullscreenManager::didCleanupFullscreen): Ditto.
(WebKit::WebVideoFullscreenManager::exitVideoFullscreen): Deleted.

1:54 PM Changeset in webkit [182859] by jer.noble@apple.com
  • 2 edits in trunk/Tools

Unreviewed gardening; Make the previous commit apply only _post_ Yosemite.

  • TestWebKitAPI/Tests/mac/FullscreenZoomInitialFrame.mm:
1:50 PM Changeset in webkit [182858] by jer.noble@apple.com
  • 2 edits in trunk/Tools

Unreviewed gardening; disable FullscreenZoomInitialFrame.WebKit2 API test post-Yosemite.

  • TestWebKitAPI/Tests/mac/FullscreenZoomInitialFrame.mm:

(TestWebKitAPI::TEST_F):

1:32 PM Changeset in webkit [182857] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Harden DFGForAllKills
https://bugs.webkit.org/show_bug.cgi?id=143792

Reviewed by Geoffrey Garen.

Unfortunately, we don't have a good way to test this yet - but it will be needed to prevent
bugs in https://bugs.webkit.org/show_bug.cgi?id=143734.

Previously ForAllKills used the bytecode kill analysis. That seemed like a good idea because
that analysis is cheaper than the full liveness analysis. Unfortunately, it's probably wrong:

  • It looks for kill sites at forExit origin boundaries. But, something might have been killed by an operation that was logically in between the forExit origins at the boundary, but was removed from the DFG for whatever reason. The DFG is allowed to have bytecode instruction gaps.


  • It overlooked the fact that a MovHint that addresses a local that is always live kills that local. For example, storing to an argument means that the prior value of the argument is killed.


This fixes the analysis by making it handle MovHints directly, and making it define kills in
the most conservative way possible: it asks if you were live before but dead after. If we
have the compile time budget to afford this more direct approach, then it's definitel a good
idea since it's so fool-proof.

  • dfg/DFGArgumentsEliminationPhase.cpp:
  • dfg/DFGForAllKills.h:

(JSC::DFG::forAllKilledOperands):
(JSC::DFG::forAllKilledNodesAtNodeIndex):
(JSC::DFG::forAllDirectlyKilledOperands): Deleted.

12:54 PM Changeset in webkit [182856] by Antti Koivisto
  • 5 edits in trunk/Source/WebKit2

Network Cache: Inline small body data to record file
https://bugs.webkit.org/show_bug.cgi?id=143783

Reviewed by Chris Dumez.

We currently save all body data as separate files. We can improve space efficiency and do less reads and writes
by inlining smaller resource bodies with the header.

  • NetworkProcess/cache/NetworkCacheIOChannel.h:
  • NetworkProcess/cache/NetworkCacheIOChannelCocoa.mm:

(WebKit::NetworkCache::IOChannel::read):
(WebKit::NetworkCache::IOChannel::readSync):
(WebKit::NetworkCache::IOChannel::write):

Add WorkQueue argument to allow specifying which queue the result is submitted to.

  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::decodeRecordMetaData):

Add a boolean indicating whether the body is inlined.

(WebKit::NetworkCache::decodeRecordHeader):
(WebKit::NetworkCache::Storage::decodeRecord):
(WebKit::NetworkCache::encodeRecordMetaData):
(WebKit::NetworkCache::Storage::storeBodyAsBlob):
(WebKit::NetworkCache::Storage::encodeRecord):
(WebKit::NetworkCache::Storage::dispatchReadOperation):

Read the record first, then read the blob if needed.
Submit the read operation directly from the main queue. Only thing we do is opening an IO channel
and that uses O_NONBLOCK.
Process the read results in the IO work queue where we now do the blob retrieval.

(WebKit::NetworkCache::shouldStoreBodyAsBlob):

The current threshold for saving a separate blob is 16KB.

(WebKit::NetworkCache::Storage::dispatchWriteOperation):
(WebKit::NetworkCache::Storage::traverse):
(WebKit::NetworkCache::createRecord): Deleted.
(WebKit::NetworkCache::encodeRecordHeader): Deleted.

  • NetworkProcess/cache/NetworkCacheStorage.h:
12:43 PM Changeset in webkit [182855] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit2

Non-local keyboards don't update scroll view parameters
https://bugs.webkit.org/show_bug.cgi?id=143791
<rdar://problem/18974020>

  • Platform/spi/ios/UIKitSPI.h:

Fix the build.

12:41 PM Changeset in webkit [182854] by bshafiei@apple.com
  • 3 edits in tags/Safari-601.1.26.1/Source/WebKit2

Merged r182846. rdar://problem/20549298

12:30 PM Changeset in webkit [182853] by bshafiei@apple.com
  • 5 edits in tags/Safari-601.1.26.1/Source

Versioning.

12:26 PM Changeset in webkit [182852] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.26.1

New tag.

12:18 PM Changeset in webkit [182851] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit2

Non-local keyboards don't update scroll view parameters
https://bugs.webkit.org/show_bug.cgi?id=143791
<rdar://problem/18974020>

Reviewed by Enrica Casucci.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _shouldUpdateKeyboardWithInfo:]):
(-[WKWebView _keyboardWillChangeFrame:]):
(-[WKWebView _keyboardWillShow:]):
Make sure that we update scroll view parameters (obscured insets, etc.)
if we have a non-local keyboard, in addition to the cases where we have an assisted node.

12:10 PM Changeset in webkit [182850] by Chris Dumez
  • 2 edits in trunk/LayoutTests

Unreviewed, skip http/tests/inspector/css/bad-mime-type.html on Windows

Skip http/tests/inspector/css/bad-mime-type.html on Windows as it times
out. This is already the case for a lot of inspector tests on Windows.

  • platform/win/TestExpectations:
12:03 PM Changeset in webkit [182849] by Joseph Pecoraro
  • 4 edits in trunk/Source/JavaScriptCore

Provide SPI to allow changing whether JSContexts are remote debuggable by default
https://bugs.webkit.org/show_bug.cgi?id=143681

Reviewed by Darin Adler.

  • API/JSRemoteInspector.h:
  • API/JSRemoteInspector.cpp:

(JSRemoteInspectorGetInspectionEnabledByDefault):
(JSRemoteInspectorSetInspectionEnabledByDefault):
Provide SPI to toggle the default enabled inspection state of debuggables.

  • API/JSContextRef.cpp:

(JSGlobalContextCreateInGroup):
Respect the default setting.

11:22 AM Changeset in webkit [182848] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WTF

Harmonize binary semaphore ifdefs

They should be either OS(WINDOWS) (in which case we'd need
BinarySemaphoreWin.cpp, which is not shipped by WebKitGTK)
or PLATFORM(WIN) (in which case Mutex/ThreadCondition-based
implementation is used).

This fixes errors like:

CXX Source/WTF/wtf/threads/libWTF_la-BinarySemaphore.lo

../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp: In constructor 'WTF::BinarySemaphore::BinarySemaphore()':
../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:34:7: error: class 'WTF::BinarySemaphore' does not have any field named 'm_isSet'

: m_isSet(false)


../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp: In member function 'void WTF::BinarySemaphore::signal()':
../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:44:24: error: 'm_mutex' was not declared in this scope

MutexLocker locker(m_mutex);


../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:46:5: error: 'm_isSet' was not declared in this scope

m_isSet = true;

../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:47:5: error: 'm_condition' was not declared in this scope

m_condition.signal();

../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp: In member function 'bool WTF::BinarySemaphore::wait(double)':
../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:52:24: error: 'm_mutex' was not declared in this scope

MutexLocker locker(m_mutex);


../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:55:13: error: 'm_isSet' was not declared in this scope

while (!m_isSet) {


../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:56:21: error: 'm_condition' was not declared in this scope

timedOut = !m_condition.timedWait(m_mutex, absoluteTime);


../webkitgtk-2.4.8/Source/WTF/wtf/threads/BinarySemaphore.cpp:62:5: error: 'm_isSet' was not declared in this scope

m_isSet = false;

GNUmakefile:52762: recipe for target 'Source/WTF/wtf/threads/libWTF_la-BinarySemaphore.lo' failed

[W32] Inconsistent ifdefs in BinarySemaphore.h and BinarySemaphore.cpp
https://bugs.webkit.org/show_bug.cgi?id=143756

Patch by Руслан Ижбулатов <lrn1986@gmail.com> on 2015-04-15
Reviewed by Darin Adler.

  • wtf/threads/BinarySemaphore.h:
10:55 AM Changeset in webkit [182847] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

JavaScriptCore: Use kCFAllocatorDefault where possible
https://bugs.webkit.org/show_bug.cgi?id=143747

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-04-15
Reviewed by Darin Adler.

  • heap/HeapTimer.cpp:

(JSC::HeapTimer::HeapTimer):

  • inspector/remote/RemoteInspectorDebuggableConnection.mm:

(Inspector::RemoteInspectorInitializeGlobalQueue):
(Inspector::RemoteInspectorDebuggableConnection::setupRunLoop):
For consistency and readability use the constant instead of
different representations of null.

10:50 AM Changeset in webkit [182846] by mitz@apple.com
  • 3 edits in trunk/Source/WebKit2

<rdar://problem/20549298> No matching NSi_ definition for postprocessed value of WK_{MAC,IOS}_TBA
https://bugs.webkit.org/show_bug.cgi?id=143786

Reviewed by Anders Carlsson.

  • Shared/API/Cocoa/WKFoundation.h: Added a placeholder for the postprocessing script to

insert a definition of NSi_* for the current deployment target. Import CoreFoundation.h so
that we can check if the macro is already defined.

  • WebKit2.xcodeproj/project.pbxproj: In the Postprocess WKFoundation.h script build phase,

replace the placeholder with a definition of NSi_{current deployment target} if not
already defined.

10:32 AM Changeset in webkit [182845] by andersca@apple.com
  • 5 edits in trunk/Source

Make creating send rights from shared memory more robust
https://bugs.webkit.org/show_bug.cgi?id=143730
rdar://problem/16595870

Reviewed by Darin Adler.

Source/WebCore:

Add a bool conversion operator to MachSendRight and tidy up the default constructor.

  • platform/cocoa/MachSendRight.h:

(WebCore::MachSendRight::operator bool):
(WebCore::MachSendRight::MachSendRight): Deleted.

Source/WebKit2:

This cleans up creation of handles and send rights and also fixes a bug where it would be impossible
to send more than 128 MB of shared memory in a single object.

  • Platform/SharedMemory.h:
  • Platform/mac/SharedMemoryMac.cpp:

(WebKit::makeMemoryEntry):
New helper function that creates a memory entry send right. This uses MAP_MEM_VM_SHARE which ensures
that memory objects larger than 128 MB will be handled correctly.

(WebKit::SharedMemory::create):
Call makeMemoryEntry.

(WebKit::SharedMemory::createHandle):
Call createSendRight.

(WebKit::SharedMemory::createSendRight):
Call makeMemoryEntry and add the necessary assertions.

9:54 AM Changeset in webkit [182844] by Chris Dumez
  • 2 edits in trunk/Tools

[Win] DRT does not seem to reset the 'UsesPageCache' setting between tests
https://bugs.webkit.org/show_bug.cgi?id=143779

Reviewed by Brent Fulgham.

Reset the 'UsesPageCache' setting to FALSE between tests on Windows,
similarly to what is done on Mac / WK1. Without this, PageCache could
stay enabled after page cache tests and cause weird behaviors.

  • DumpRenderTree/win/DumpRenderTree.cpp:

(resetWebPreferencesToConsistentValues):

9:36 AM Changeset in webkit [182843] by ap@apple.com
  • 2 edits in trunk/LayoutTests

streams/reference-implementation/readable-stream.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=143778

9:19 AM Changeset in webkit [182842] by eric.carlson@apple.com
  • 22 edits in trunk/Source

Generalize "isPlayingAudio" to include other media characteristics
https://bugs.webkit.org/show_bug.cgi?id=143713

Reviewed by Jer Noble.

Source/WebCore:

No new functionality.

  • Modules/webaudio/AudioContext.cpp:

(WebCore::AudioContext::stop): updateIsPlayingAudio -> updateIsPlayingMedia.
(WebCore::AudioContext::isPlayingAudioDidChange): Ditto.

  • dom/Document.cpp:

(WebCore::Document::addAudioProducer): Ditto.
(WebCore::Document::removeAudioProducer): Ditto.
(WebCore::Document::updateIsPlayingMedia): Renamed.
(WebCore::Document::updateIsPlayingAudio): Deleted.

  • dom/Document.h:
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::setMuted): updateIsPlayingAudio -> updateIsPlayingMedia.
(WebCore::HTMLMediaElement::setPlaying): Ditto.

  • page/ChromeClient.h:
  • page/Page.cpp:

(WebCore::Page::updateIsPlayingMedia): Renamed.
(WebCore::Page::updateIsPlayingAudio): Deleted.

  • page/Page.h:

Source/WebKit2:

  • UIProcess/API/C/WKPage.cpp:

(toGenericCallbackFunction): Scope CallbackBase.
(WKPageForceRepaint): Ditto.
(WKPageValidateCommand): Ditto.
(WKPageComputePagesForPrinting): Ditto.

  • UIProcess/API/Cocoa/_WKThumbnailView.mm:

(-[_WKThumbnailView _requestSnapshotIfNeeded]): Ditto.

  • UIProcess/API/mac/WKView.mm:

(-[WKView becomeFirstResponder]): Ditto.
(-[WKView updateFontPanelIfNeeded]): Ditto.
(-[WKView validateUserInterfaceItem:]): Ditto.
(-[WKView startSpeaking:]): Ditto.
(-[WKView selectedRangeWithCompletionHandler:]): Ditto.
(-[WKView markedRangeWithCompletionHandler:]): Ditto.
(-[WKView hasMarkedTextWithCompletionHandler:]): Ditto.
(-[WKView attributedSubstringForProposedRange:completionHandler:]): Ditto.
(-[WKView firstRectForCharacterRange:completionHandler:]): Ditto.
(-[WKView characterIndexForPoint:completionHandler:]): Ditto.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::isPlayingMediaDidChange): Rename from isPlayingAudioDidChange.
(WebKit::WebPageProxy::isPlayingAudioDidChange): Deleted.

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in:
  • UIProcess/mac/WKFullScreenWindowController.mm:

(-[WKFullScreenWindowController dealloc]): Scope CallbackBase.
(-[WKFullScreenWindowController finishedExitFullScreenAnimation:]): Ditto.

  • UIProcess/mac/WKPrintingView.mm:

(-[WKPrintingView _preparePDFDataForPrintingOnSecondaryThread]): Ditto.
(-[WKPrintingView _askPageToComputePageRects]): Ditto.
(-[WKPrintingView _drawPreview:]): Ditto.

  • WebProcess/Plugins/PluginView.cpp:

(WebKit::PluginView::setPluginIsPlayingAudio):

  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::isPlayingMediaDidChange):
(WebKit::WebChromeClient::isPlayingAudioDidChange): Deleted.

  • WebProcess/WebCoreSupport/WebChromeClient.h:
4:19 AM Changeset in webkit [182841] by Antti Koivisto
  • 4 edits in trunk/Source/WebKit2

Network Cache: Add thread-safe accessors for storage paths
https://bugs.webkit.org/show_bug.cgi?id=143668

Reviewed by Darin Adler.

Less need to use StringCapture.

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::dumpFilePath):
(WebKit::NetworkCache::Cache::storagePath):

  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::makeRecordsDirectoryPath):
(WebKit::NetworkCache::Storage::Storage):
(WebKit::NetworkCache::Storage::basePath):
(WebKit::NetworkCache::Storage::versionPath):
(WebKit::NetworkCache::Storage::recordsPath):
(WebKit::NetworkCache::Storage::synchronize):
(WebKit::NetworkCache::Storage::remove):
(WebKit::NetworkCache::Storage::dispatchReadOperation):
(WebKit::NetworkCache::Storage::finishReadOperation):
(WebKit::NetworkCache::Storage::dispatchWriteOperation):
(WebKit::NetworkCache::Storage::traverse):
(WebKit::NetworkCache::Storage::clear):
(WebKit::NetworkCache::Storage::shrink):
(WebKit::NetworkCache::Storage::deleteOldVersions):
(WebKit::NetworkCache::makeRecordDirectoryPath): Deleted.

  • NetworkProcess/cache/NetworkCacheStorage.h:

(WebKit::NetworkCache::Storage::baseDirectoryPath): Deleted.
(WebKit::NetworkCache::Storage::directoryPath): Deleted.

2:52 AM Changeset in webkit [182840] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Fix Debug build error 'comparison of unsigned expression >= 0 is always true [-Werror=type-limits]'
https://bugs.webkit.org/show_bug.cgi?id=143751

Patch by Joonghun Park <jh718.park@samsung.com> on 2015-04-15
Reviewed by Csaba Osztrogonác.

No new tests, no new behaviors.

  • rendering/svg/SVGTextChunk.cpp:

(WebCore::SVGTextChunk::SVGTextChunk):

Apr 14, 2015:

10:44 PM Changeset in webkit [182839] by ap@apple.com
  • 2 edits in trunk/LayoutTests

inspector/console/console-api.html is very slow, frequently timing out
https://bugs.webkit.org/show_bug.cgi?id=143719

10:28 PM Changeset in webkit [182838] by ap@apple.com
  • 2 edits in trunk/LayoutTests

fast/dom/Window/timer-resume-on-navigation-back.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=33685

Reviewed by Brady Eidson.

If the timer fired before navigation, the test passed without going down the code
path that it was supposed to test. If it fired when navigation was in provisional
state, then dumping results was delayed until the navigation was finished, and
thus the intermediate page got dumped, and the test failed.

  • fast/dom/Window/timer-resume-on-navigation-back.html:
9:43 PM Changeset in webkit [182837] by Lucas Forschler
  • 5 edits in branches/safari-600.6-branch/Source

Versioning.

9:37 PM Changeset in webkit [182836] by Lucas Forschler
  • 1 copy in branches/safari-600.6-branch

New branch.

9:24 PM Changeset in webkit [182835] by Alan Bujtas
  • 3 edits
    2 adds in trunk

Make inline continuation style change logic consistent.
https://bugs.webkit.org/show_bug.cgi?id=143737
rdar://problem/20486596

Reviewed by Simon Fraser.

Do not force RenderBlock type-casting on the first sibling of the continuation's container.
The first sibling of the container of a continuation should be handled as the rest of the siblings.

Source/WebCore:

Test: fast/inline/inline-with-column-span-and-remove-block-child-crash.html

  • rendering/RenderInline.cpp:

(WebCore::updateStyleOfAnonymousBlockContinuations):
(WebCore::RenderInline::styleDidChange):

LayoutTests:

  • fast/inline/inline-with-column-span-and-remove-block-child-crash-expected.txt: Added.
  • fast/inline/inline-with-column-span-and-remove-block-child-crash.html: Added.
8:57 PM Changeset in webkit [182834] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Uncaught exception in JSContext inspector when opening
https://bugs.webkit.org/show_bug.cgi?id=143741

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-04-14
Reviewed by Timothy Hatcher.

  • UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager.shouldShowViewForTimeline):
(WebInspector.TimelineManager.prototype._loadNewRecording):
Before using TimelineAgent, check for its existence first. It may
not exist in JSContext inspection.

7:29 PM Changeset in webkit [182833] by bshafiei@apple.com
  • 5 edits in trunk/Source

Versioning.

7:27 PM Changeset in webkit [182832] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.1.27

New tag.

7:16 PM Changeset in webkit [182831] by msaboff@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Remove JavaScriptCoreUseJIT default from JavaScriptCore
https://bugs.webkit.org/show_bug.cgi?id=143746

Reviewed by Mark Lam.

  • runtime/VM.cpp:

(JSC::enableAssembler):

6:59 PM Changeset in webkit [182830] by dbates@webkit.org
  • 5 edits
    2 moves in trunk/LayoutTests

Rename test LayoutTests/fast/events/drag-link.html to drag-and-drop-link-into-focused-contenteditable.html
https://bugs.webkit.org/show_bug.cgi?id=143683

Reviewed by Alexey Proskuryakov.

The name of the test LayoutTests/fast/events/drag-link.html is too generic given its purpose, which is
to test that we do not cause an assertion failure when dragging and dropping an HTML hyperlink into
a focused content editable element. We should come up with a more descriptive name for this test that
better describes what it tests.

  • fast/events/drag-and-drop-link-into-focused-contenteditable-expected.txt: Renamed from LayoutTests/fast/events/drag-link-expected.txt.
  • fast/events/drag-and-drop-link-into-focused-contenteditable.html: Renamed from LayoutTests/fast/events/drag-link.html.
  • platform/efl/TestExpectations: Update file because of the rename.
  • platform/gtk/TestExpectations: Ditto.
  • platform/ios-simulator/TestExpectations: Ditto.
  • platform/mac-wk2/TestExpectations: Ditto.
6:39 PM Changeset in webkit [182829] by Chris Dumez
  • 7 edits
    1 move
    3 adds in trunk

Regression(r180020): Web Inspector crashes on pages that have a stylesheet with an invalid MIME type
https://bugs.webkit.org/show_bug.cgi?id=143745
<rdar://problem/20243916>

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

Add assertion in ContentSearchUtilities::findMagicComment() to make
sure the content String is not null or we would crash in
JSC::Yarr::interpret() later.

  • inspector/ContentSearchUtilities.cpp:

(Inspector::ContentSearchUtilities::findMagicComment):

Source/WebCore:

After r180020, we are stricter and no longer accept CSS resources that
are not served with a CSS MIME type. Showing Web inspector on a page
with such bad resource would crash because
InspectorPageAgent::cachedResourceContent() would return true but
the result String would be null. This null String would then later
be passed to the Yarr interpreter and crash on a String::is8Bit()
call.

cachedResourceContent() calls CachedCSSStyleSheet::sheetText(). Before
r180020, it would return the text, even if the MIME type was incorrect.
However, this is no longer the case and we now need to make sure that
cachedResourceContent() returns false if sheetText() returns a null
String.

Test: http/tests/inspector/css/bad-mime-type.html

  • inspector/InspectorPageAgent.cpp:

(WebCore::InspectorPageAgent::cachedResourceContent):

LayoutTests:

Add layout test that shows the Web inspector on a page that has
a stylesheet with an invalid MIME type, to make sure we don't
crash.

  • http/tests/inspector/css/bad-mime-type-expected.txt: Added.
  • http/tests/inspector/css/bad-mime-type.html: Added.
  • http/tests/misc/css-accept-any-type.html:
  • http/tests/misc/css-reject-any-type-in-strict-mode.html:
  • http/tests/misc/resources/stylesheet-bad-mime-type.php: Renamed from LayoutTests/http/tests/misc/resources/stylesheet.php.
6:34 PM Changeset in webkit [182828] by commit-queue@webkit.org
  • 15 edits
    2 adds in trunk

textPath layout performance improvement.
https://bugs.webkit.org/show_bug.cgi?id=141570.

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-04-14
Reviewed by Darin Adler.

PerformanceTests:

Cut down the time spent in traversing the path for text by 50%. Instead
of traversing the path twice at a certain length: one time for the position
and the second time for the angle, we can merge these two passes into one.

  • SVG/TextOnPathSimple.html: Added.
  • SVG/resources/TextOnPathSimple.svg: Added.

Source/WebCore:

The bottleneck of the text-on-path performance is the position and angle
calculations for every single character. If the number of characters is
'n' and the number of path elements is 'm', the total number of processing
the path elements is O(2 x n x m). What makes it really worse is, for every
curve we keep splitting the curve till the split curve is almost a straight
line. The changes we need to do are:

  1. Merge the position and the angle traversals in one pass since they are returning info for the same length on the path. There is a degenerate case for the starting point when calculating the angle. The original code was solving this problem by passing an epsilon instead of zero but because traversing the path for position and angle are now merged, we will pass zero for the starting point as is. All we need is to move one step ahead without moving the position. We need the extra step forward to calculate the slope of the path at the starting point.
  2. We need to add a new mode to traversing a path. The new mode will take a vector of lengths and returns a vector of arrow vectors. Every arrow vector represents a position and an angle on the path at a certain length. This requires changing the SVGTextLayoutEngine to calculate the lengths of the characters on the curve first and then passing all of them to the path traversal function. Instead of traversing the path for every length, we are going to get the required point and angle from the vector of arrow vectors.

This patch is addressing the first fix only. The second one will require
refactoring the SVGTextLayoutEngine so I am going to address it in a
different patch.

  • platform/graphics/Path.cpp:

(WebCore::pathLengthApplierFunction): It is cleaner to move the function
of this method to PathTraversalState::processPathElement().

(WebCore::Path::length): Use new enum Action value and access methods.

(WebCore::Path::traversalStateAtLength): New function which returns the
traversalState at a certain length on a path.

(WebCore::Path::pointAtLength):
(WebCore::Path::normalAngleAtLength): Use traversalStateAtLength() to get
the traversalState and from it return either the position or the angle.

  • platform/graphics/Path.h: Define traversalStateAtLength().
  • platform/graphics/PathTraversalState.cpp:

(WebCore::distanceLine): Code clean up.

(WebCore::curveLength): Make the setting of m_previous and m_current happens
only in this function.

(WebCore::PathTraversalState::PathTraversalState): Add an optional parameter
for the desired length and move the initialization of the other members to
the class definition.

(WebCore::PathTraversalState::closeSubpath):
(WebCore::PathTraversalState::moveTo):
(WebCore::PathTraversalState::lineTo): Add the distance to the m_totalLength
instead of returning it since this is what all the callers were doing.

(WebCore::PathTraversalState::quadraticBezierTo):
(WebCore::PathTraversalState::cubicBezierTo): Add the distance to the
m_totalLength. Move the setting of m_previous and m_current to curveLength().
Remove unused members m_control1 and m_control2.

(WebCore::PathTraversalState::processSegment): Deleted.
(WebCore::PathTraversalState::finalizeAppendPathElement): Create a new
name for the function. Handle the case of the angle at the starting point
where m_desiredLength is set to zero. The new flag m_isZeroVector will be
set to notify the caller that the next iteration will be the last one and
it is only needed for the calculating the angle of a zero vector. m_current
should not change by this last iteration.

(WebCore::PathTraversalState::appendPathElement): This code is moved from
pathLengthApplierFunction().

(WebCore::PathTraversalState::processPathElement): This function is used
by the class Path. It is a wrapper for appendPathElement(). If m_isZeroVector
is set we append the new element to a copy for the PathTraversalState just
to get the angle for the zero vector.

  • platform/graphics/PathTraversalState.h: Change the enum values to not

not include the class or the enum class. Make the data members private and
expose the needed ones through access methods. Make all the internal methods
to be private.

(WebCore::PathTraversalState::processPathElement): Another wrapper for
appendPathElement() which is used by SVGPathTraversalStateBuilder.

(WebCore::PathTraversalState::action):
(WebCore::PathTraversalState::setAction):
(WebCore::PathTraversalState::desiredLength):
(WebCore::PathTraversalState::setDesiredLength):
(WebCore::PathTraversalState::success):
(WebCore::PathTraversalState::totalLength):
(WebCore::PathTraversalState::current):
(WebCore::PathTraversalState::normalAngle): New access methods which are now
needed after making the data members private.

  • rendering/svg/SVGRootInlineBox.cpp:

(WebCore::SVGRootInlineBox::layoutCharactersInTextBoxes): Make the casting
of the renderer on the caller side.

  • rendering/svg/SVGTextChunk.cpp:

(WebCore::SVGTextChunk::SVGTextChunk): The constructor should append the
elements of m_boxes instead of making this from outside the class.

(WebCore::SVGTextChunk::totalCharacters):
(WebCore::SVGTextChunk::totalLength):
(WebCore::SVGTextChunk::calculateLength): Deleted.
Replace calculateLength() by totalCharacters() and totalLength() to make
the interface cleaner.

(WebCore::SVGTextChunk::totalAnchorShift):
(WebCore::SVGTextChunk::calculateTextAnchorShift): Deleted.
Rename the function name.

(WebCore::SVGTextChunk::layout):
(WebCore::SVGTextChunk::processTextLengthSpacingCorrection):
(WebCore::SVGTextChunk::buildBoxTransformations):
(WebCore::SVGTextChunk::boxSpacingAndGlyphsTransform):
(WebCore::SVGTextChunk::processTextAnchorCorrection):
Move the chunk layout code from SVGTextChunkBuilder::layoutTextChunks()
to the SVGTextChunk::layout(). Move all the helper functions as well.

  • rendering/svg/SVGTextChunk.h:

(WebCore::SVGTextChunk::hasTextAnchor):
(WebCore::SVGTextChunk::boxes): Deleted.
Add the new methods and change most of the public methods to be private.

  • rendering/svg/SVGTextChunkBuilder.cpp:

(WebCore::SVGTextChunkBuilder::totalCharacters):
(WebCore::SVGTextChunkBuilder::totalLength):
(WebCore::SVGTextChunkBuilder::totalAnchorShift): This code is moved from
SVGTextLayoutEngine. It scans the boxes stored in the SVGTextChunkBuilder
and sums up the total values.

(WebCore::SVGTextChunkBuilder::transformationForTextBox):
(WebCore::SVGTextChunkBuilder::buildTextChunks):
(WebCore::SVGTextChunkBuilder::layoutTextChunks): Code clean up.

(WebCore::SVGTextChunkBuilder::addTextChunk): Deleted.
(WebCore::SVGTextChunkBuilder::processTextChunk): Deleted.
(WebCore::SVGTextChunkBuilder::processTextLengthSpacingCorrection): Deleted.
(WebCore::SVGTextChunkBuilder::processTextAnchorCorrection): Deleted.
(WebCore::SVGTextChunkBuilder::buildSpacingAndGlyphsTransform): Deleted.
This code now lives in SVGTextChunk.

  • rendering/svg/SVGTextChunkBuilder.h: Add new methods for code which was

moved from SVGTextLayoutEngine and remove methods for code which was removed
to SVGTextChunk.

  • rendering/svg/SVGTextLayoutEngine.cpp:

(WebCore::SVGTextLayoutEngine::beginTextPathLayout): Use the sum up methods
from SVGTextChunkBuilder instead of looping through the chunks. Also get a
clean order for defining variables and doing the calculations.

(WebCore::SVGTextLayoutEngine::finalizeTransformMatrices): Code clean up.

(WebCore::SVGTextLayoutEngine::layoutTextOnLineOrPath): Do a single path
traversal to get the position and the angle for a length on a path.

  • svg/SVGAnimateMotionElement.cpp:

(WebCore::SVGAnimateMotionElement::buildTransformForProgress): Do a single
path traversal to get the position and the angle at a length on a path.

  • svg/SVGPathTraversalStateBuilder.cpp:

(WebCore::SVGPathTraversalStateBuilder::SVGPathTraversalStateBuilder):
(WebCore::SVGPathTraversalStateBuilder::moveTo):
(WebCore::SVGPathTraversalStateBuilder::lineTo):
(WebCore::SVGPathTraversalStateBuilder::curveToCubic):
(WebCore::SVGPathTraversalStateBuilder::closePath):
(WebCore::SVGPathTraversalStateBuilder::setDesiredLength):
(WebCore::SVGPathTraversalStateBuilder::continueConsuming):
(WebCore::SVGPathTraversalStateBuilder::totalLength):
(WebCore::SVGPathTraversalStateBuilder::currentPoint):
(WebCore::SVGPathTraversalStateBuilder::incrementPathSegmentCount): Deleted.
(WebCore::SVGPathTraversalStateBuilder::pathSegmentIndex): Deleted.

  • svg/SVGPathTraversalStateBuilder.h:

(WebCore::SVGPathTraversalStateBuilder::pathSegmentIndex):
Code clean up.

  • svg/SVGPathUtilities.cpp:

(WebCore::getSVGPathSegAtLengthFromSVGPathByteStream):
(WebCore::getTotalLengthOfSVGPathByteStream):
(WebCore::getPointAtLengthOfSVGPathByteStream): Use new TraversalState::Action
enum values.

5:49 PM Changeset in webkit [182827] by msaboff@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

DFG register fillSpeculate*() functions should validate incoming spill format is compatible with requested fill format
https://bugs.webkit.org/show_bug.cgi?id=143727

Reviewed by Geoffrey Garen.

Used the result of AbstractInterpreter<>::filter() to check that the current spill format is compatible
with the requested fill format. If filter() reports a contradiction, then we force an OSR exit.
Removed individual checks made redundant by the new check.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
(JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):

5:47 PM Changeset in webkit [182826] by Joseph Pecoraro
  • 5 edits in trunk/Source/JavaScriptCore

Replace JavaScriptCoreOutputConsoleMessagesToSystemConsole default with an SPI
https://bugs.webkit.org/show_bug.cgi?id=143691

Reviewed by Geoffrey Garen.

  • API/JSRemoteInspector.h:
  • API/JSRemoteInspector.cpp:

(JSRemoteInspectorSetLogToSystemConsole):
Add SPI to enable/disable logging to the system console.
This only affects JSContext console logs and warnings.

  • inspector/JSGlobalObjectConsoleClient.h:
  • inspector/JSGlobalObjectConsoleClient.cpp:

(Inspector::JSGlobalObjectConsoleClient::logToSystemConsole):
(Inspector::JSGlobalObjectConsoleClient::setLogToSystemConsole):
(Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
(Inspector::JSGlobalObjectConsoleClient::initializeLogToSystemConsole): Deleted.
Simplify access to the setting now that it doesn't need to
initialize its value from preferences.

5:27 PM Changeset in webkit [182825] by Joseph Pecoraro
  • 2 edits in trunk/Source/JavaScriptCore

Web Inspector: Auto-attach fails after r179562, initialization too late after dispatch
https://bugs.webkit.org/show_bug.cgi?id=143682

Reviewed by Timothy Hatcher.

  • inspector/remote/RemoteInspector.mm:

(Inspector::RemoteInspector::singleton):
If we are on the main thread, run the initialization immediately.
Otherwise dispatch to the main thread. This way if the first JSContext
was created on the main thread it can get auto-attached if applicable.

5:26 PM Changeset in webkit [182824] by Simon Fraser
  • 10 edits in trunk

Re-enable custom dilation for antialiased fonts
https://bugs.webkit.org/show_bug.cgi?id=143738

Reviewed by Tim Horton.

Enabling custom dilation for antialised fonts broke layout tests, so re-land it,
but disable in WebKitTestRunner and DumpRenderTree. The latter requires adding
a private WebKit pref. This pref defaults to YES, enabling the feature by default
in WK1 as we do for WK2.

Source/WebCore:

  • platform/graphics/cocoa/FontCascadeCocoa.mm:

(WebCore::dilationSizeForTextColor):
(WebCore::FontCascade::drawGlyphs):

Source/WebKit/mac:

  • WebView/WebPreferenceKeysPrivate.h:
  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]):
(-[WebPreferences setAntialiasedFontDilationEnabled:]):
(-[WebPreferences antialiasedFontDilationEnabled]):

  • WebView/WebPreferencesPrivate.h:
  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]):

Tools:

  • DumpRenderTree/mac/DumpRenderTree.mm:

(resetWebPreferencesToConsistentValues):

  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::resetPreferencesToConsistentValues):

5:20 PM Changeset in webkit [182823] by aestes@apple.com
  • 2 edits in trunk/Source/WebCore

[Content Filtering] Use ASSERT_WITH_SECURITY_IMPLICATION for verifying types from NEFilterSource
https://bugs.webkit.org/show_bug.cgi?id=143742

Reviewed by David Kilzer.

  • platform/cocoa/NetworkExtensionContentFilter.mm:

(replacementDataFromDecisionInfo): ASSERT_WITH_SECURITY_IMPLICATION that decisionInfo is really a NSDictionary.
(WebCore::NetworkExtensionContentFilter::handleDecision): ASSERT_WITH_SECURITY_IMPLICATION that replacementData is really a NSData.

5:02 PM Changeset in webkit [182822] by timothy_horton@apple.com
  • 4 edits
    2 adds in trunk/Source/WebKit2

Update gesture swipe shadow style
https://bugs.webkit.org/show_bug.cgi?id=143616
<rdar://problem/19295843>

Reviewed by Darin Adler.

  • UIProcess/mac/ViewGestureController.h:
  • UIProcess/mac/ViewGestureControllerMac.mm:

(WebKit::ViewGestureController::beginSwipeGesture):
For the modern shadow style, use a layer stretched along the edge of the swiping content
with the newly added PNGs as the layer contents.

Add a dimming layer over the lower layer of content which fades in/out
during the swipe.

(WebKit::ViewGestureController::handleSwipeGesture):
Fade the dimming layer in and out during the entire swipe.
Fade the shadow layer out during the last few pixels of the swipe.

(WebKit::ViewGestureController::removeSwipeSnapshot):
Unparent the new layers.

  • WebKit2.xcodeproj/project.pbxproj:
  • Resources/SwipeShadow.png:
  • Resources/SwipeShadow@2x.png:

Add the new resources.

4:48 PM Changeset in webkit [182821] by Brent Fulgham
  • 5 edits in trunk

Correct layering violation in DumpRenderTree Build
https://bugs.webkit.org/show_bug.cgi?id=143732

Reviewed by Simon Fraser.

Source/WebCore:

  • testing/js/WebCoreTestSupport.cpp:

(WebCoreTestSupport::monitorWheelEvents): Added. Provides a wrapper around
the internal WebCore objects needed to implement this function.
(WebCoreTestSupport::setTestCallbackAndStartNotificationTimer): Ditto.

  • testing/js/WebCoreTestSupport.h:

Tools:

Correct a layering violation in DumpRenderTree by calling functions on the
WebCoreTestSupport library, rather than attempting to work with WebCore
types directly.

  • DumpRenderTree/mac/EventSendingController.mm:

(-[EventSendingController monitorWheelEvents]): Call methods on WebCoreTestSupport, rather
than WebCore itself.,
(-[EventSendingController callAfterScrollingCompletes:]): Ditto.

4:47 PM Changeset in webkit [182820] by beidson@apple.com
  • 3 edits
    6 adds in trunk

Make sure media element loads hit content filter extensions.
<rdar://problem/20014012> and https://bugs.webkit.org/show_bug.cgi?id=143731

Reviewed by Jer Noble.

Source/WebCore:

Tests: http/tests/contentextensions/media-filtered.html

http/tests/contentextensions/text-track-blocked.html

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::parseAttribute): Skip loads that are filtered.

LayoutTests:

  • http/tests/contentextensions/media-filtered-expected.txt: Added.
  • http/tests/contentextensions/media-filtered.html: Added.
  • http/tests/contentextensions/media-filtered.html.json: Added.
  • http/tests/contentextensions/text-track-blocked-expected.txt: Added.
  • http/tests/contentextensions/text-track-blocked.html: Added.
  • http/tests/contentextensions/text-track-blocked.html.json: Added.
4:45 PM Changeset in webkit [182819] by Joseph Pecoraro
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed build fix for Mavericks.

Mavericks includes this file but does not enable ENABLE_REMOTE_INSPECTOR
so the Inspector namespace is not available when compiling this file.

  • API/JSRemoteInspector.cpp:
4:36 PM Changeset in webkit [182818] by Brent Fulgham
  • 2 edits in trunk/LayoutTests

[Win] Skip failling test due to list box scroll behavior.
https://bugs.webkit.org/show_bug.cgi?id=143739

  • platform/win/TestExpectations:
4:34 PM Changeset in webkit [182817] by Brent Fulgham
  • 2 edits in trunk/LayoutTests

[Win] Unreviewed test correction after r182737.

New test expectation was missing a newline at the end of the file.

  • platform/win/printing/single-line-must-not-be-split-into-two-pages-expected.txt:
4:26 PM Changeset in webkit [182816] by Joseph Pecoraro
  • 2 edits
    2 adds in trunk/Source/JavaScriptCore

Web Inspector: Expose private APIs to interact with RemoteInspector instead of going through WebKit
https://bugs.webkit.org/show_bug.cgi?id=143729

Reviewed by Timothy Hatcher.

  • API/JSRemoteInspector.h: Added.
  • API/JSRemoteInspector.cpp: Added.

(JSRemoteInspectorDisableAutoStart):
(JSRemoteInspectorStart):
(JSRemoteInspectorSetParentProcessInformation):
Add the new SPIs for basic remote inspection behavior.

Add the new files to Mac only, since remote inspection is only
enabled there anyways.

3:56 PM Changeset in webkit [182815] by bweinstein@apple.com
  • 7 edits in trunk/Source

Add SPI to clear HSTS hosts added since a date.
https://bugs.webkit.org/show_bug.cgi?id=143726
and
rdar://problem/16664597

Source/WebCore:

Declare _CFNetworkResetHSTSHostsSinceDate in CFNetworkSPI.h.

Reviewed by Anders Carlsson.

  • platform/spi/cf/CFNetworkSPI.h:

Source/WebKit2:

Reviewed by Anders Carlsson.

  • UIProcess/API/C/mac/WKContextPrivateMac.h:
  • UIProcess/API/C/mac/WKContextPrivateMac.mm:

(WKContextResetHSTSHostsAddedAfterDate): Call into the WebProcessPool.

  • UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::resetHSTSHostsAddedAfterDate): Call CFNetwork SPI to clear HSTS hosts added
after the given date.

  • UIProcess/WebProcessPool.h:
2:55 PM Changeset in webkit [182814] by Simon Fraser
  • 2 edits in trunk/LayoutTests

Set the font size to 11px explicitly to try to fix this test on Windows.

  • fast/forms/listbox-visible-size.html:
2:42 PM Changeset in webkit [182813] by roger_fong@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed. Time numbers on media controls move as they update on OSX.
<rdar://problem/20141790>.

  • Modules/mediacontrols/mediaControlsApple.css:

(audio::-webkit-media-controls-current-time-display):
(audio::-webkit-media-controls-time-remaining-display):
Don't bother justifying content to end. We size the box to fit the time displays exactly anyways.

2:35 PM Changeset in webkit [182812] by roger_fong@apple.com
  • 2 edits in trunk/Source/WebCore

Insert volume control in correct place after exiting wireless play.

https://bugs.webkit.org/show_bug.cgi?id=143721.
<rdar://problem/20526106>

Reviewed by Darin Adler.

  • Modules/mediacontrols/mediaControlsApple.js: (Controller.prototype.updateWirelessPlaybackStatus):
2:25 PM Changeset in webkit [182811] by mark.lam@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Rename JSC_dfgFunctionWhitelistFile to JSC_dfgWhitelist.
https://bugs.webkit.org/show_bug.cgi?id=143722

Reviewed by Michael Saboff.

Renaming JSC_dfgFunctionWhitelistFile to JSC_dfgWhitelist so that it is
shorter, and easier to remember (without having to look it up) and to
type. JSC options now support descriptions, and one can always look up
the description if the option's purpose is not already obvious.

  • dfg/DFGFunctionWhitelist.cpp:

(JSC::DFG::FunctionWhitelist::ensureGlobalWhitelist):
(JSC::DFG::FunctionWhitelist::contains):

  • runtime/Options.h:
2:24 PM Changeset in webkit [182810] by beidson@apple.com
  • 2 edits in trunk/Source/WebCore

Media elements not in a page shouldn't load.
https://bugs.webkit.org/show_bug.cgi?id=143720

Reviewed by Jer Noble.

No new tests (Theoretical problem noticed in code review).

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::loadResource): Make sure the frame is in a page.

2:14 PM Changeset in webkit [182809] by Simon Fraser
  • 7 edits in trunk/Source/WebCore

[iOS] Clean up registration of layers with the ScrollingCoordinator
https://bugs.webkit.org/show_bug.cgi?id=143725

Reviewed by Tim Horton.

Simplify a couple of bits of code related to the registration of layers with
the ScrollingCoordinator in RenderLayerCompositor.

First, RenderLayerBacking was using ScrollingNodeTypes to choose which scrolling
roles a layer has, which let to ambiguous code where we hardcoded a ScrollingNodeType
with knowledge of what RenderLayerBacking did with it. Clean up by using LayerScrollCoordinationRole,
which is moved to RenderLayer.h so that RenderLayerCompositor.h and RenderLayerBacking.h
both see it.

Secondly, avoid having both detachFromScrollingCoordinator() and detachFromScrollingCoordinatorForRole()
by passing in the bitmask of roles.

  • page/FrameView.cpp:

(WebCore::FrameView::scrollLayerID):

  • rendering/RenderLayer.h:
  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::~RenderLayerBacking):
(WebCore::RenderLayerBacking::detachFromScrollingCoordinator):
(WebCore::RenderLayerBacking::detachFromScrollingCoordinatorForRole): Deleted.

  • rendering/RenderLayerBacking.h:
  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::updateScrollCoordinatedStatus):
(WebCore::RenderLayerCompositor::removeFromScrollCoordinatedLayers):
(WebCore::scrollCoordinationRoleForNodeType):
(WebCore::RenderLayerCompositor::attachScrollingNode):
(WebCore::RenderLayerCompositor::detachScrollCoordinatedLayer):
(WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):
(WebCore::RenderLayerCompositor::willRemoveScrollingLayerWithBacking):
(WebCore::RenderLayerCompositor::detachScrollCoordinatedLayerForRole): Deleted.

  • rendering/RenderLayerCompositor.h:
2:08 PM Changeset in webkit [182808] by benjamin@webkit.org
  • 12 edits
    3 adds in trunk

Add a conservative DFA minimizer for the content extension matcher
https://bugs.webkit.org/show_bug.cgi?id=143501

Reviewed by Alex Christensen.

Source/WebCore:

This patch adds a simple minimizer for DFA graphs. It is not a perfect minimizer:
some indistinguishable are not merged, but no two distinguishable are merged.

The general idea of the algorithm is to put all the state into a single set
and partition iteratively until it is impossible to split any subset by using
a transition to distinguish two states.

Let's ignore fallback transition for now, and I'll explain later how they fit in
the big picture.

The first thing we do is create a partition of the transition by grouping every
transition by the same character in the same subset. This partition of transitions
is the base by which we will partition the states.

Each subset in the transition partition is a "distinguisher" by which we can
separate the state partition.

We also create a second partition, the state partition. This is where we keep
all the subsets of states that have been split so far.

Let say we have the following graph.

1 --a--> 2
1 --b--> 3
2 --c--> 4 (final)
3 --c--> 4 (final)

The partition of transition would start with:
Set 0:

1 --a--> 2

Set 1:

1 --b--> 3

Set 2:

2 --c--> 4
3 --c--> 4

The state partition would have a single set with { 1, 2, 3, 4 }.

Next, we split the state partition by distinguishable final states. In this case,
we would split it into { 1, 2, 3 }, { 4 }.

We then refine the transition partition by splitting it by the states that have
been distinguished. Here, the only transitions to 4 are both is the same set (set 2),
so the transition partition remains the same.

We can now execute the main loop of the algorithm:
1) Split the states by the transitions.
2) Split the transitions that are now reaching two different sets of the state partition.
3) Add any newly discovered "distinguisher" (the ones we split) to the list of "distinguisher"

to process.

In this case, we just iterate over the partition set in order, and add newly split transitions
to the end of the list.

In the example, we would first visit set 0. We have that state 1 is distinguishable
by "a", and the state partition would become { 1 }, { 2, 3 }, { 4 }.

We then visit transition set 1, it distinguishes state 1 which is already alone -> nothing to do.

Finally, we process the transition set 2, it distinguishes 2 and 3, they are already in the same
set -> nothing to do.

There is no more transition to process, we have 3 unique subsets and we should merge 2 and 3.

---

Okay, now how to we fit fallback transition in this model. In this patch, I take the conservative
approach: we split everything assuming fallback transition do not exist, then we refine
by the fallback transitions.

Let's take the following example:

1 --a--> 3
2 --a--> 3
1 -[f]-> 4
2 -[f]-> 5

and at this stage in the algorithm, we have the sets { 1, 2 }, { 3 }, { 4 }, { 5 }.
The states 1 and 2 are together because they cannot be distinguished by 'a', but
the fallback transition distinguishes them.

Since we have done every other split, we have one useful property: we know that every
state in every set transition with the exact set of characters within that set.
If that was not true, there would be one "distinguisher" 'x' that could spit the set
into two subsets: the one with the transition 'x' and the ones without.

Since all the transitions are the same, there is no overlap between the defined transition
and the fallback transition. Consequently, we can use the fallback transition as a whole
transition and use it to distinguish the states.

The fallback transitions are handled like any other transition, we have a partition of such
transitions and split by each of them. BUT, we can only use them after every unique transition
has been covered.

This trick is also what makes the minimization imperfect: it should be possible to merge
states with overlap in their fallback transitions but we would split them.

---

Antti Valmari, Petri Lehtinen, Marie-Pierre Béal and Maxime Crochemore deserve credit for their indirect
work on this patch. Thanks for your wonderful papers about DFA minimization.

  • WebCore.xcodeproj/project.pbxproj:
  • contentextensions/ContentExtensionCompiler.cpp:

(WebCore::ContentExtensions::compileRuleList):

  • contentextensions/DFA.cpp:

(WebCore::ContentExtensions::DFA::minimize):
(WebCore::ContentExtensions::DFA::debugPrintDot):

  • contentextensions/DFA.h:
  • contentextensions/DFABytecodeCompiler.cpp:

(WebCore::ContentExtensions::DFABytecodeCompiler::compileNode):

  • contentextensions/DFAMinimizer.cpp: Added.

(WebCore::ContentExtensions::DFAMinimizer::simplifyTransitions):
(WebCore::ContentExtensions::DFAMinimizer::Partition::initialize):
(WebCore::ContentExtensions::DFAMinimizer::Partition::markElementInCurrentGeneration):
(WebCore::ContentExtensions::DFAMinimizer::Partition::refineGeneration):
(WebCore::ContentExtensions::DFAMinimizer::Partition::iterateSet):
(WebCore::ContentExtensions::DFAMinimizer::Partition::setIndex):
(WebCore::ContentExtensions::DFAMinimizer::Partition::firstElementInSet):
(WebCore::ContentExtensions::DFAMinimizer::Partition::size):
(WebCore::ContentExtensions::DFAMinimizer::Partition::SetDescriptor::indexAfterMarkedElements):
(WebCore::ContentExtensions::DFAMinimizer::Partition::SetDescriptor::end):
(WebCore::ContentExtensions::DFAMinimizer::FullGraphPartition::FullGraphPartition):
(WebCore::ContentExtensions::DFAMinimizer::FullGraphPartition::markNode):
(WebCore::ContentExtensions::DFAMinimizer::FullGraphPartition::refinePartitions):
(WebCore::ContentExtensions::DFAMinimizer::FullGraphPartition::splitByUniqueTransitions):
(WebCore::ContentExtensions::DFAMinimizer::FullGraphPartition::splitByFallbackTransitions):
(WebCore::ContentExtensions::DFAMinimizer::FullGraphPartition::nodeReplacement):
(WebCore::ContentExtensions::DFAMinimizer::ActionKey::ActionKey):
(WebCore::ContentExtensions::DFAMinimizer::ActionKey::isEmptyValue):
(WebCore::ContentExtensions::DFAMinimizer::ActionKey::isDeletedValue):
(WebCore::ContentExtensions::DFAMinimizer::ActionKeyHash::hash):
(WebCore::ContentExtensions::DFAMinimizer::ActionKeyHash::equal):
(WebCore::ContentExtensions::DFAMinimizer::minimize):

  • contentextensions/DFAMinimizer.h: Copied from Source/WebCore/contentextensions/DFA.h.
  • contentextensions/DFANode.h:
  • contentextensions/NFAToDFA.cpp:

(WebCore::ContentExtensions::NFAToDFA::convert):
(WebCore::ContentExtensions::simplifyTransitions): Deleted.

Tools:

  • TestWebKitAPI/Tests/WebCore/ContentExtensions.cpp:
  • TestWebKitAPI/Tests/WebCore/DFAMinimizer.cpp:
1:54 PM Changeset in webkit [182807] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

ASSERT(frame().view() == this) assertion hit in FrameView::windowClipRect() on Windows bots
https://bugs.webkit.org/show_bug.cgi?id=143723

Reviewed by Brent Fulgham.

ASSERT(frame().view() == this) in FrameView::windowClipRect() can be hit
if the post layout timer timer fires after the page has entered page
cache. Upon entering page cache, we call FrameView::unscheduleRelayout()
to stop the layout timer if it is active, however, we don't stop the
post-layout timer. Therefore, there was nothing preventing the
post-layout timer from firing after entering page cache.

In this patch, we unschedule the post-layout timer in
FrameView::unscheduleRelayout() to protect ourselves against this.

I think we were only seeing the assertion hit on Windows because this
timer probably gets scheduled more frequently on Windows. On Mac, I
rarely see it getting scheduled.

No new tests, should fix crashing tests on the bots.

  • page/FrameView.cpp:

(WebCore::FrameView::unscheduleRelayout):

12:35 PM Changeset in webkit [182806] by ap@apple.com
  • 2 edits in trunk/LayoutTests

inspector/console/console-api.html is very slow, frequently timing out
https://bugs.webkit.org/show_bug.cgi?id=143719

12:22 PM Changeset in webkit [182805] by Chris Dumez
  • 3 edits in trunk/Source/WebCore

FrameView::m_frame should be a Ref<Frame>
https://bugs.webkit.org/show_bug.cgi?id=143716

Reviewed by Andreas Kling.

FrameView::m_frame should be a Ref<Frame> instead of a RefPtr<Frame> as
it can never be null.

  • page/FrameView.cpp:

(WebCore::FrameView::FrameView):
(WebCore::FrameView::flushCompositingStateForThisFrame):
(WebCore::FrameView::hasCompositedContentIncludingDescendants):
(WebCore::FrameView::flushCompositingStateIncludingSubframes):
(WebCore::FrameView::updateCanBlitOnScrollRecursively):
(WebCore::FrameView::setIsOverlapped):
(WebCore::FrameView::shouldUpdateCompositingLayersAfterScrolling):
(WebCore::FrameView::renderedCharactersExceed):
(WebCore::FrameView::updateLayerFlushThrottling):
(WebCore::FrameView::serviceScriptedAnimations):
(WebCore::FrameView::updateBackgroundRecursively):
(WebCore::FrameView::adjustScrollStepForFixedContent):
(WebCore::FrameView::paintContentsForSnapshot):
(WebCore::FrameView::notifyWidgetsInAllFrames):
(WebCore::FrameView::setExposedRect):
(WebCore::FrameView::setViewportSizeForCSSViewportUnits):

  • page/FrameView.h:
12:15 PM Changeset in webkit [182804] by andersca@apple.com
  • 3 edits in trunk/Source/WebKit2

More work on making the SharedMemory interface more sane
https://bugs.webkit.org/show_bug.cgi?id=143718

Reviewed by Andreas Kling.

Get rid of m_shouldVMDeallocateData. The idea is that shared memory created by calling
SharedMemory::allocate has a non-null m_data pointer, and a null m_port. Shared memory created
by calling SharedMemory::create with a pointer and a length has a non-null port but a null m_data
since the data can be unmapped by the caller and we don't want to hold on to dangling pointers.

  • Platform/SharedMemory.h:

(WebKit::SharedMemory::data):

  • Platform/mac/SharedMemoryMac.cpp:

(WebKit::SharedMemory::allocate):
(WebKit::SharedMemory::create):
(WebKit::SharedMemory::map):
(WebKit::SharedMemory::~SharedMemory):
(WebKit::SharedMemory::createHandle):

11:40 AM Changeset in webkit [182803] by Antti Koivisto
  • 10 edits
    2 adds in trunk/Source/WebKit2

Network Cache: Deduplicate body data
https://bugs.webkit.org/show_bug.cgi?id=143652

Reviewed by Darin Adler.

It is common to have cache entries with identical body data. This happens when the same resource is loaded from
a different URL (https vs http, slash vs no-slash at end, etc.). It also happens when the same URL is
referenced from different cache partitions.

We can improve disk space efficiency and use less memory by sharing identical body data between cache entries.

This patch splits the body data out from the record file. The new record file contains meta data and response
headers only. Body data is stored using the new BlobStorage interface. Files are deduplicated by computing
SHA1 hash over the data and looking for an existing blob with the same hash. If found the existing entry
is reused by creating a hard link to it.

The new disk structure looks like this:

WebKitCache/

Version 3/

Blobs/

0A3C9A970ADA27FAE9BD7BC630BAD0B929C293C0
0A6B8060BA77DF92C82A2FD7AF58F79524D8F34C
...

Records/

apple.com/

0B8645B04E7EC78C178B7460052601C2
0B8645B04E7EC78C178B7460052601C2-body
0CB1A3638D1C5A09C5E3283A74FA040B
0CB1A3638D1C5A09C5E3283A74FA040B-body
...

Each record file has an associated -body which is a hard link to a file in the Blobs directory.

The patch increases effective capacity by 10-20% with a typical cache. It also saves memory especially when identical
resources are used in multiple tabs.

Currently all >0 sized resources are stored as shared blobs. In future small resources should be integrated into record
files and blobs used for larger files only.

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::store):
(WebKit::NetworkCache::Cache::update):

Adopt the new storage interface.

(WebKit::NetworkCache::Cache::dumpContentsToFile):

  • NetworkProcess/cache/NetworkCacheBlobStorage.cpp: Added.

(WebKit::NetworkCache::BlobStorage::BlobStorage):
(WebKit::NetworkCache::BlobStorage::synchronize):

Compute size and delete unused files from the Blobs directory (link count == 1).

(WebKit::NetworkCache::BlobStorage::blobPath):
(WebKit::NetworkCache::BlobStorage::add):
(WebKit::NetworkCache::BlobStorage::get):

Interface for storing and retrieving data blobs. Blobs are deduplicated on add.

(WebKit::NetworkCache::BlobStorage::remove):

Removes the link but doesn't remove the blob even if there are no other clients. That happens on next synchronize().

(WebKit::NetworkCache::BlobStorage::shareCount):

Checks the link count to get the number of clients.

  • NetworkProcess/cache/NetworkCacheBlobStorage.h: Added.

(WebKit::NetworkCache::BlobStorage::approximateSize):

  • NetworkProcess/cache/NetworkCacheCoders.cpp:

(WebKit::NetworkCache::Coder<SHA1::Digest>::encode):
(WebKit::NetworkCache::Coder<SHA1::Digest>::decode):

  • NetworkProcess/cache/NetworkCacheCoders.h:
  • NetworkProcess/cache/NetworkCacheData.h:

(WebKit::NetworkCache::Data::isEmpty):

  • NetworkProcess/cache/NetworkCacheDataCocoa.mm:

(WebKit::NetworkCache::Data::empty):
(WebKit::NetworkCache::Data::fromMap):
(WebKit::NetworkCache::mapFile):
(WebKit::NetworkCache::computeSHA1):
(WebKit::NetworkCache::bytesEqual):

Add some helpers.

  • NetworkProcess/cache/NetworkCacheEntry.cpp:

(WebKit::NetworkCache::Entry::asJSON):

  • NetworkProcess/cache/NetworkCacheIOChannelCocoa.mm:

(WebKit::NetworkCache::IOChannel::IOChannel):

  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::makeRecordDirectoryPath):
(WebKit::NetworkCache::makeBlobDirectoryPath):
(WebKit::NetworkCache::Storage::Storage):
(WebKit::NetworkCache::Storage::approximateSize):
(WebKit::NetworkCache::Storage::synchronize):
(WebKit::NetworkCache::partitionPathForKey):
(WebKit::NetworkCache::recordPathForKey):
(WebKit::NetworkCache::bodyPath):
(WebKit::NetworkCache::decodeRecordMetaData):
(WebKit::NetworkCache::decodeRecordHeader):
(WebKit::NetworkCache::createRecord):
(WebKit::NetworkCache::encodeRecordMetaData):
(WebKit::NetworkCache::encodeRecordHeader):
(WebKit::NetworkCache::Storage::remove):
(WebKit::NetworkCache::Storage::updateFileModificationTime):
(WebKit::NetworkCache::Storage::dispatchReadOperation):

Read both the blob and the record entry.

(WebKit::NetworkCache::Storage::finishReadOperation):

Factor to a function.

(WebKit::NetworkCache::Storage::store):
(WebKit::NetworkCache::Storage::traverse):
(WebKit::NetworkCache::Storage::dispatchPendingWriteOperations):
(WebKit::NetworkCache::Storage::dispatchWriteOperation):

We don't need separate full write and header write paths anymore. Everything is treated
as a full write and deduplication stops us writing the body again.

This simplifies the code and data structures.

(WebKit::NetworkCache::Storage::finishWriteOperation):

Factor to a function.

(WebKit::NetworkCache::Storage::clear):
(WebKit::NetworkCache::deletionProbability):

Take the sharing count into account when computing deletion probability.
It is less useful to delete a record that shares its body with others as data won't get deleted.

(WebKit::NetworkCache::Storage::shrinkIfNeeded):
(WebKit::NetworkCache::Storage::shrink):
(WebKit::NetworkCache::Storage::deleteOldVersions):
(WebKit::NetworkCache::directoryPathForKey): Deleted.
(WebKit::NetworkCache::filePathForKey): Deleted.
(WebKit::NetworkCache::openFileForKey): Deleted.
(WebKit::NetworkCache::decodeRecord): Deleted.
(WebKit::NetworkCache::Storage::update): Deleted.

No need for separate update interface anymore. Regular store() avoids unnecessary body write.

(WebKit::NetworkCache::Storage::dispatchFullWriteOperation): Deleted.
(WebKit::NetworkCache::Storage::dispatchHeaderWriteOperation): Deleted.

  • NetworkProcess/cache/NetworkCacheStorage.h:
  • WebKit2.xcodeproj/project.pbxproj:
10:57 AM Changeset in webkit [182802] by dbates@webkit.org
  • 2 edits in trunk/Tools

Skip failing test Tests/WebKit2Cocoa/FixedLayoutSize.mm on iOS
https://bugs.webkit.org/show_bug.cgi?id=143693
<rdar://problem/20530316>

Reviewed by Tim Horton.

Skip the test Tests/WebKit2Cocoa/FixedLayoutSize.mm as we do not plan
to use the fixed layout code on iOS at this time.

  • TestWebKitAPI/Tests/WebKit2Cocoa/FixedLayoutSize.mm: Add !PLATFORM(IOS)-guard.
10:34 AM Changeset in webkit [182801] by ap@apple.com
  • 2 edits in trunk/LayoutTests

fast/sub-pixel/input-caret-on-subpixel-bound.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=143697

Reviewed by Anders Carlsson.

  • fast/sub-pixel/input-caret-on-subpixel-bound.html: Don't wait for a timer to fire

after removing the last character.

10:30 AM Changeset in webkit [182800] by ap@apple.com
  • 5 edits in trunk/LayoutTests

Two flaky tests in http/tests/security/mixedContent
https://bugs.webkit.org/show_bug.cgi?id=143695

Reviewed by Csaba Osztrogonác.

Speculative fix. Do not start opening a secondary window until fully done with the
main document.

  • http/tests/security/mixedContent/data-url-iframe-in-main-frame-expected.txt:
  • http/tests/security/mixedContent/data-url-iframe-in-main-frame.html:
  • http/tests/security/mixedContent/insecure-css-in-main-frame-expected.txt:
  • http/tests/security/mixedContent/insecure-css-in-main-frame.html:
10:25 AM Changeset in webkit [182799] by Simon Fraser
  • 6 edits
    3 adds in trunk

[iOS WK2] Interactive elements of developer.apple.com are broken
https://bugs.webkit.org/show_bug.cgi?id=143692
Source/WebCore:

rdar://problem/19320087

Reviewed by Sam Weinig.

When a composited RenderLayer had nodes in the scrolling tree by virtue of
both position and overflow:scroll, and one of those reasons disappeared,
we'd fail to remove the corresponding node from the scrolling tree. This
could leave an overflow:scroll element behaving as if it were position:fixed.

Fix by having RenderLayerCompositor::updateScrollCoordinationForThisFrame()
detach the layer on a per-role basis.

Test: platform/ios-simulator-wk2/scrolling/remove-scrolling-role.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::detachFromScrollingCoordinatorForRole):

  • rendering/RenderLayerBacking.h:
  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::detachScrollCoordinatedLayerForRole):
(WebCore::RenderLayerCompositor::detachScrollCoordinatedLayer): Just moved.
(WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer): Call detachScrollCoordinatedLayerForRole()
if the layer doesn't have the relevant scrolling reasons.

  • rendering/RenderLayerCompositor.h:

LayoutTests:

Reviewed by Sam Weinig.

  • platform/ios-simulator-wk2/scrolling/remove-scrolling-role-expected.txt: Added.
  • platform/ios-simulator-wk2/scrolling/remove-scrolling-role.html: Added.
10:07 AM Changeset in webkit [182798] by Chris Dumez
  • 2 edits in trunk/Source/WebKit2

REGRESSION(r182603): [GTK] More than 500 crashes on the layout tests with the debug build.
https://bugs.webkit.org/show_bug.cgi?id=143715

Reviewed by Darin Adler.

Enable assertions checking that calling editorState() does not cause a
synchronous layout only on Mac and iOS. This assertion does not
necessarily hold true on other ports as each one as its own
platformEditorState() implementation. In particular, this assertion
was being hit on GTK.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::didChangeSelection):

9:54 AM WebKitGTK/SpeedUpBuild edited by calvaris@igalia.com
(diff)
9:13 AM Changeset in webkit [182797] by commit-queue@webkit.org
  • 11 edits in trunk

Unreviewed, rolling out r182794.
https://bugs.webkit.org/show_bug.cgi?id=143714

readable-stream-templated.html fails on Debug bots (Requested
by youenn on #webkit).

Reverted changeset:

"[Streams API] ReadableStream constructor start function
should be able to close the stream"
https://bugs.webkit.org/show_bug.cgi?id=143363
http://trac.webkit.org/changeset/182794

8:15 AM Changeset in webkit [182796] by Nikita Vasilyev
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Align array's indices and set's bullet points under the property icon
https://bugs.webkit.org/show_bug.cgi?id=143698

Reviewed by Timothy Hatcher.

  • UserInterface/Views/ObjectTreeMapEntryTreeElement.css:

(.object-tree-array-index.object-tree-map-entry > .titles > .title > .index-name):

  • UserInterface/Views/ObjectTreeArrayIndexTreeElement.css:

(.object-tree-array-index .index-name):
Right align array's and set's indices.

(.object-tree-map-entry):
Overwrite left property from .object-tree-array-index.

(.object-tree-property + ol .object-tree-map-entry):
Overwrite left property from .object-tree-property + ol .object-tree-array-index.

6:59 AM Changeset in webkit [182795] by peavo@outlook.com
  • 2 edits in trunk/Source/WebCore

[WinCairo] Unreviewed build fix after r182707.

  • platform/network/curl/MultipartHandle.cpp:

(WebCore::MultipartHandle::didReceiveResponse):

6:52 AM Changeset in webkit [182794] by youenn.fablet@crf.canon.fr
  • 11 edits in trunk

[Streams API] ReadableStream constructor start function should be able to close the stream
https://bugs.webkit.org/show_bug.cgi?id=143363

Reviewed by Benjamin Poulain.

Source/WebCore:

Implements https://streams.spec.whatwg.org/#close-readable-stream.
When the "close" JS function is called, the stream is getting closed.
The stream state is changed to close and if it has a reader, the reader gets closed as well:
The reader resolves the closed promise and release the stream.

Enabled the possibility to resolve a promise with any JS value.
This is used to resolve closed promise with jsUndefined and will be used for read promises.

Covered by reference tests that are now passing.

  • Modules/streams/ReadableStream.cpp:

(WebCore::ReadableStream::changeStateToClosed): Called by the JS function 'close'.

  • Modules/streams/ReadableStream.h:
  • Modules/streams/ReadableStreamReader.cpp:

(WebCore::ReadableStreamReader::ReadableStreamReader):
(WebCore::ReadableStreamReader::initialize): Added to handle state change at constructor time (in particular closed/errored state).
(WebCore::ReadableStreamReader::releaseStream):
(WebCore::ReadableStreamReader::closed): Storing the closed promise callbacks.
(WebCore::ReadableStreamReader::changeStateToClosed): Resolution of closed promise.

  • Modules/streams/ReadableStreamReader.h:
  • bindings/js/JSDOMPromise.h:

(WebCore::DeferredWrapper::resolve<JSC::JSValue>):

  • bindings/js/JSReadableStreamReaderCustom.cpp:

(WebCore::JSReadableStreamReader::closed):

  • bindings/js/ReadableStreamJSSource.cpp:

(WebCore::readableStreamSlotName):
(WebCore::getReadableJSStream): Helper function to retrieve the stream from the exec state.
(WebCore::closeReadableStreamFunction):
(WebCore::createReadableStreamCloseFunction):
(WebCore::createReadableStreamController):
(WebCore::ReadableStreamJSSource::start):
(WebCore::ReadableJSStreamReader::ReadableJSStreamReader): Deleted.

LayoutTests:

Rebased tests as some are now passing.

  • streams/reference-implementation/readable-stream-reader-expected.txt:
  • streams/reference-implementation/readable-stream-templated-expected.txt:
6:10 AM Changeset in webkit [182793] by commit-queue@webkit.org
  • 3 edits in trunk/LayoutTests

[GTK] Gardening 14th April
https://bugs.webkit.org/show_bug.cgi?id=143701

Unreviewed.

Patch by Marcos Chavarría Teijeiro <chavarria1991@gmail.com> on 2015-04-14

  • platform/gtk/TestExpectations:
  • platform/gtk/http/tests/w3c/webperf/approved/navigation-timing/html/test_timing_xserver_redirect-expected.txt:
6:08 AM Changeset in webkit [182792] by commit-queue@webkit.org
  • 30 edits in trunk/LayoutTests

[GTK] Gardening: Rebaseline tests after r182620
https://bugs.webkit.org/show_bug.cgi?id=143700

Unreviewed.

This revision updates some tests after changing the way <br> is
rendered. We need to change the GTK+ expectations for these tests.

Patch by Marcos Chavarría Teijeiro <chavarria1991@gmail.com> on 2015-04-14

  • platform/gtk/fast/css/text-overflow-ellipsis-bidi-expected.txt:
  • platform/gtk/fast/dom/focus-contenteditable-expected.txt:
  • platform/gtk/fast/forms/listbox-hit-test-zoomed-expected.png:
  • platform/gtk/fast/forms/listbox-hit-test-zoomed-expected.txt:
  • platform/gtk/fast/forms/range/slider-padding-expected.txt:
  • platform/gtk/fast/forms/textarea-scroll-height-expected.txt:
  • platform/gtk/fast/parser/open-comment-in-textarea-expected.txt:
  • platform/gtk/fast/text/international/bidi-layout-across-linebreak-expected.txt:
  • platform/gtk/http/tests/navigation/javascriptlink-frames-expected.txt:
  • platform/gtk/http/tests/navigation/postredirect-basic-expected.txt:
  • platform/gtk/http/tests/navigation/postredirect-goback1-expected.txt:
  • platform/gtk/svg/wicd/test-rightsizing-b-expected.txt:
  • platform/gtk/tables/mozilla/bugs/bug106795-expected.txt:
  • platform/gtk/tables/mozilla/bugs/bug1224-expected.txt:
  • platform/gtk/tables/mozilla/bugs/bug131020-expected.txt:
  • platform/gtk/tables/mozilla/bugs/bug131020_iframe-expected.txt:
  • platform/gtk/tables/mozilla/bugs/bug1430-expected.txt:
  • platform/gtk/tables/mozilla/bugs/bug16252-expected.txt:
  • platform/gtk/tables/mozilla/bugs/bug19599-expected.txt:
  • platform/gtk/tables/mozilla/bugs/bug20579-expected.txt:
  • platform/gtk/tables/mozilla/bugs/bug32205-3-expected.txt:
  • platform/gtk/tables/mozilla/bugs/bug82946-2-expected.txt:
  • platform/gtk/tables/mozilla/bugs/bug92143-expected.txt:
  • platform/gtk/tables/mozilla/marvin/tables_cellpadding-expected.txt:
  • platform/gtk/tables/mozilla/marvin/tables_cellspacing-expected.txt:
  • platform/gtk/tables/mozilla/other/wa_table_thtd_rowspan-expected.txt:
  • platform/gtk/tables/mozilla_expected_failures/bugs/bug1262-expected.txt:
  • platform/gtk/tables/mozilla_expected_failures/bugs/bug56024-expected.txt:
  • platform/gtk/tables/mozilla_expected_failures/other/test4-expected.txt:
5:14 AM WebKitGTK/Gardening/Calendar edited by chavarria1991@gmail.com
(diff)
4:27 AM Changeset in webkit [182791] by dominik.rottsches@intel.com
  • 2 edits in trunk/Tools

Remove myself from watchlist, remove empty Cairo and HarfBuzz watchlists
https://bugs.webkit.org/show_bug.cgi?id=143705

Unreviewed change to watchlist file.

  • Scripts/webkitpy/common/config/watchlist:
4:01 AM Changeset in webkit [182790] by hyuki.kim@samsung.com
  • 2 edits in trunk/Tools

[EFL] favicon wasn't updated for google.com sometimes.
https://bugs.webkit.org/show_bug.cgi?id=141940

Reviewed by Gyuyoung Kim.

As elm_entry_utf8_to_markup can include additional characters, parameter for the
on_icon_changed_cb was just set by using url string retrieved by ewk_view_url_get().

  • MiniBrowser/efl/main.c:

(on_url_changed):

3:21 AM Changeset in webkit [182789] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.8.1

WebKitGTK+ 2.8.1

3:20 AM Changeset in webkit [182788] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.8

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.8.1 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.8.1.
2:01 AM Changeset in webkit [182787] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182773 - Regression: Scrolling on popsci.com spends too much time in FrameView::viewportsContentsChanged()
https://bugs.webkit.org/show_bug.cgi?id=143675

Reviewed by Simon Fraser.

Optimize resumeVisibleImageAnimationsIncludingSubframes() so that the FrameViews'
windowClipRect gets computed less often:

  • Cache the FrameView's windowClipRect before resuming image animations in subframes as calling windowClipRect() on those subframes' view is going to call windowClipRect() on their ancestors. This avoids a lot of unnecessary windowClipRect recomputations in deep frame trees.
  • Stop traversing the Frame tree if the current frame does not have a content renderer, as this means the subframes won't have one either.
  • Stop traversing the Frame tree if the current frame's view has an empty windowClipRect() as this means the windowClipRect will be empty for those subframes as well.

On popsci.com, this cuts down the number of uncached windowClipRect() calls by
approximately half. I see viewportsContentsChanged() at ~0.4% when scrolling
on popsci.com after this change.

  • page/FrameView.cpp:

(WebCore::FrameView::resumeVisibleImageAnimationsIncludingSubframes):
(WebCore::FrameView::windowClipRect):

  • page/FrameView.h:
  • rendering/RenderView.cpp:

(WebCore::RenderView::resumePausedImageAnimationsIfNeeded):

  • rendering/RenderView.h:
1:40 AM Changeset in webkit [182786] by Carlos Garcia Campos
  • 3 edits
    4 adds in releases/WebKitGTK/webkit-2.8

Merge r182750 - Canvas drawImage() has a security hole when the image isn't yet fully loaded.
https://bugs.webkit.org/show_bug.cgi?id=58681.

Reviewed by Darin Adler.

Source/WebCore:

There is a race condition which may happen if an image from a different
origin is drawn on a canvas before it finishes loading. The check to taint
the canvas comes before drawing it. This check returns false if the image
is not completely loaded because we check the URL of the resource response.
If after this check and before the drawing, the image finishes loading, the
canvas will not be tainted but the image will be drawn.

The fix is to move the check to taint the canvas after drawing the image.
The only problem with this solution is basically the opposite of this bug:
we will become stricter than before with images which are from a different
origin and before they finish loading. The image has not finished loading,
so we do not draw it. Before we check for tainting, the image finishes
loading. So we decide to taint the canvas even the image is not drawn.

But this should not be a security issue anymore. I personally do not know
if it is even a correctness issue or not.

Test: http/tests/canvas/canvas-tainted-after-draw-image.html

  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::drawImage):

LayoutTests:

This test confirms when we load an image from a different origin and try
drawing it on a canvas, the canvas is tainted if the image is completely
loaded and drawn. Otherwise the image is not drawn.

  • http/tests/canvas/canvas-tainted-after-draw-image-expected.txt: Added.
  • http/tests/canvas/canvas-tainted-after-draw-image.html: Added.
  • http/tests/canvas/resources: Added.
  • http/tests/canvas/resources/100x100-lime-rect.svg: Added.
1:37 AM Changeset in webkit [182785] by Carlos Garcia Campos
  • 4 edits
    1 add in releases/WebKitGTK/webkit-2.8

Merge r182743 - Fixed position element is truncated if moved onscreen by a transform
https://bugs.webkit.org/show_bug.cgi?id=143655
Source/WebCore:

rdar://problem/15020044

Reviewed by Darin Adler.

Our "don't do layout if transform changes" code was too aggressive.
If an element changes between having a transform and not having one, we
really need to do a layout since so much else depends on transforms. In
this particular case, we clip position:fixed elements to the viewport if
they are not transformed, and were failing to re-evaluate this when a
transform was added. Doing a layout fixes this.

Test: compositing/geometry/fixed-transformed.html

  • rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::changeRequiresLayout):

  • rendering/style/StyleTransformData.h:

(WebCore::StyleTransformData::hasTransform):

LayoutTests:

Reviewed by Darin Adler.

Test that moves a position:fixed element on-screen using a transform.

  • compositing/geometry/fixed-transformed.html: Added.
1:27 AM Changeset in webkit [182784] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182734 - Remove needless recreation of URL in NavigationScheduler::scheduleLocationChange
https://bugs.webkit.org/show_bug.cgi?id=143662

Reviewed by Sam Weinig.

  • loader/NavigationScheduler.cpp:

(WebCore::NavigationScheduler::scheduleLocationChange): Removed unnecessary code
to convert a URL to a String and then back into a URL.

1:20 AM Changeset in webkit [182783] by calvaris@igalia.com
  • 5 edits
    4 adds in trunk/LayoutTests

Sync Streams API tests with spec
https://bugs.webkit.org/show_bug.cgi?id=143669

Reviewed by Darin Adler.

Some tests were moved from the spec tests to our custom ones
because they were not approved (yet, or they won't be).

Some nuances from the spec tests were also fixed.

  • streams/readable-stream-expected.txt: Added.
  • streams/readable-stream-reader-expected.txt: Added.
  • streams/readable-stream-reader.html: Added.
  • streams/readable-stream.html: Added.
  • streams/reference-implementation/readable-stream-expected.txt:
  • streams/reference-implementation/readable-stream-reader-expected.txt:
  • streams/reference-implementation/readable-stream-reader.html:
  • streams/reference-implementation/readable-stream.html: Nuances

fixed and tests moved to custom.

1:06 AM WebKitGTK/Gardening/Calendar edited by chavarria1991@gmail.com
(diff)

Apr 13, 2015:

10:48 PM Changeset in webkit [182782] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Use modern for-loops in Document
https://bugs.webkit.org/show_bug.cgi?id=143600

Patch by Joonghun Park <jh718.park@samsung.com> on 2015-04-13
Reviewed by Darin Adler.

No new tests, no behavior changes.

  • dom/Document.cpp:

(WebCore::Document::visibilityStateChanged):
(WebCore::Document::processBaseElement):
(WebCore::Document::moveNodeIteratorsToNewDocument):
(WebCore::Document::updateRangesAfterChildrenChanged):
(WebCore::Document::nodeChildrenWillBeRemoved):
(WebCore::Document::nodeWillBeRemoved):
(WebCore::Document::textInserted):
(WebCore::Document::textRemoved):
(WebCore::Document::textNodesMerged):
(WebCore::Document::textNodeSplit):
(WebCore::Document::documentWillSuspendForPageCache):
(WebCore::Document::documentDidResumeFromPageCache):
(WebCore::Document::mediaVolumeDidChange):
(WebCore::Document::privateBrowsingStateDidChange):
(WebCore::Document::captionPreferencesChanged):
(WebCore::Document::validateAutoSizingNodes):
(WebCore::Document::resetAutoSizingNodes):
(WebCore::Document::webkitExitFullscreen):
(WebCore::Document::absoluteRegionForEventTargets):

10:10 PM Changeset in webkit [182781] by ap@apple.com
  • 2 edits in trunk/Source/WebKit2

Build fixes after r182772.

  • UIProcess/API/mac/WKView.mm:

(-[WKView _updateAutomaticallyComputedFixedLayoutSize]): Make a CGSize, not an NSSize.
(-[WKView _setAutomaticallyComputesFixedLayoutSizeFromViewScale:]): Moved implementation
to the correct place.
(-[WKView _automaticallyComputesFixedLayoutSizeFromViewScale]): Ditto.
(-[WKView _layoutMode]): Use a memeber from _data directly, not via a method.

9:59 PM Changeset in webkit [182780] by Manuel Rego Casasnovas
  • 8 edits
    4 adds in trunk

[CSS Grid Layout] Columns set in percentages collapse to auto width
https://bugs.webkit.org/show_bug.cgi?id=141435

Reviewed by David Hyatt.

Source/WebCore:

Based on a patch by Sergio Villar Senin <svillar@igalia.com>.

This patch adds 2 new new methods in RenderBox to determine if the grid
has a definite size or not.

RenderGrid::gridTrackSize() was not checking properly if the grid has or
not an indefinite size.
The condition was including auto which is not indefinite per se. For
example, auto is definite if the containing block is definite.
As the new method is more expensive, we just call it when it's really
needed to avoid performance regressions.

Finally we were setting the override logical width/height to -1 (no
possible resolution) for all the items regardless if they've a relative
width/height or a fixed one.
Added the condition, including not only items with percentage logical
width/height but also relative, to avoid overriding the value for items
with fixed width/height as it's not needed.

Tests: fast/css-grid-layout/grid-item-with-percent-height-in-auto-height-grid-resolution.html

fast/css-grid-layout/percent-intrinsic-track-breadth.html
fast/css-grid-layout/percent-track-breadths-regarding-container-size.html

  • rendering/RenderBox.cpp:

(WebCore::logicalWidthIsResolvable):
(WebCore::RenderBox::hasDefiniteLogicalWidth):
(WebCore::RenderBox::percentageLogicalHeightIsResolvableFromBlock):
(WebCore::RenderBox::hasRelativeLogicalWidth):

  • rendering/RenderBox.h:
  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::hasDefiniteLogicalSize):
(WebCore::RenderGrid::gridTrackSize):
(WebCore::RenderGrid::logicalContentHeightForChild):
(WebCore::RenderGrid::minContentForChild):
(WebCore::RenderGrid::maxContentForChild):

  • rendering/RenderGrid.h:

LayoutTests:

Added new tests to check that percentage track breadths are properly
calculated under different sizing conditions.
Modified one test to include relative sizes too.

  • fast/css-grid-layout/grid-item-with-percent-height-in-auto-height-grid-resolution-expected.txt:
  • fast/css-grid-layout/grid-item-with-percent-height-in-auto-height-grid-resolution.html:
  • fast/css-grid-layout/percent-intrinsic-track-breadth-expected.txt: Added.
  • fast/css-grid-layout/percent-intrinsic-track-breadth.html: Added.
  • fast/css-grid-layout/percent-track-breadths-regarding-container-size-expected.txt: Added.
  • fast/css-grid-layout/percent-track-breadths-regarding-container-size.html: Added.
8:24 PM Changeset in webkit [182779] by ap@apple.com
  • 2 edits in trunk/Source/WebKit2

More build fix.

  • UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::setDragImage):

8:02 PM Changeset in webkit [182778] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Expanding window.navigator.mimeTypes in ObjectTree shows no native properties
https://bugs.webkit.org/show_bug.cgi?id=143690

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-04-13
Reviewed by Timothy Hatcher.

  • UserInterface/Views/ObjectTreePropertyTreeElement.js:

(WebInspector.ObjectTreePropertyTreeElement):
Fix a typo that resulted in hiding properties of native objects
in the Properties section of an Object Tree.

8:00 PM Changeset in webkit [182777] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Remove unnecessary 3 second delay when archiving page
https://bugs.webkit.org/show_bug.cgi?id=143688

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2015-04-13
Reviewed by Timothy Hatcher.

  • UserInterface/Base/Main.js:

(WebInspector.archiveMainFrame):
The delay is unnecessary and was probably just debugging code.

7:44 PM Changeset in webkit [182776] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebKit2

[EFL][GTK] Fix build break after r182753
https://bugs.webkit.org/show_bug.cgi?id=143689

Patch by Hunseop Jeong <Hunseop Jeong> on 2015-04-13
Reviewed by Anders Carlsson.

  • Platform/IPC/unix/ConnectionUnix.cpp:

(IPC::Connection::processMessage):
(IPC::Connection::sendOutgoingMessage):

  • Platform/unix/SharedMemoryUnix.cpp:

(WebKit::SharedMemory::allocate):
(WebKit::accessModeMMap):
(WebKit::SharedMemory::map):
(WebKit::SharedMemory::create): Deleted.

6:36 PM Changeset in webkit [182775] by ap@apple.com
  • 2 edits in trunk/Source/WebKit2

Build fix.

  • UIProcess/mac/PageClientImpl.mm: (WebKit::PageClientImpl::setDragImage):
6:33 PM Changeset in webkit [182774] by andersca@apple.com
  • 3 edits in trunk/Source/WebKit2

Keep track of each shared memory object's protection when deciding whether to return our existing port
https://bugs.webkit.org/show_bug.cgi?id=143687

Reviewed by Tim Horton.

  • Platform/SharedMemory.h:
  • Platform/mac/SharedMemoryMac.cpp:

(WebKit::machProtection):
(WebKit::SharedMemory::create):
(WebKit::SharedMemory::map):
(WebKit::SharedMemory::createHandle):

5:45 PM Changeset in webkit [182773] by Chris Dumez
  • 5 edits in trunk/Source/WebCore

Regression: Scrolling on popsci.com spends too much time in FrameView::viewportsContentsChanged()
https://bugs.webkit.org/show_bug.cgi?id=143675

Reviewed by Simon Fraser.

Optimize resumeVisibleImageAnimationsIncludingSubframes() so that the FrameViews'
windowClipRect gets computed less often:

  • Cache the FrameView's windowClipRect before resuming image animations in subframes as calling windowClipRect() on those subframes' view is going to call windowClipRect() on their ancestors. This avoids a lot of unnecessary windowClipRect recomputations in deep frame trees.
  • Stop traversing the Frame tree if the current frame does not have a content renderer, as this means the subframes won't have one either.
  • Stop traversing the Frame tree if the current frame's view has an empty windowClipRect() as this means the windowClipRect will be empty for those subframes as well.

On popsci.com, this cuts down the number of uncached windowClipRect() calls by
approximately half. I see viewportsContentsChanged() at ~0.4% when scrolling
on popsci.com after this change.

  • page/FrameView.cpp:

(WebCore::FrameView::resumeVisibleImageAnimationsIncludingSubframes):
(WebCore::FrameView::windowClipRect):

  • page/FrameView.h:
  • rendering/RenderView.cpp:

(WebCore::RenderView::resumePausedImageAnimationsIfNeeded):

  • rendering/RenderView.h:
5:27 PM Changeset in webkit [182772] by timothy_horton@apple.com
  • 21 edits in trunk

Add a persistent, fixed scale factor to make it easy to scale down WK(Web)Views
https://bugs.webkit.org/show_bug.cgi?id=143560
<rdar://problem/16302047>

Reviewed by Darin Adler.

Add a new "view" scale factor to WKView and WKWebView.

Unlike page scale (or "magnification" in the API), view scale:

  • persists between page loads
  • persists between Web process crashes
  • is not user adjustable
  • can reliably be < 1

The page scale and view scale are multiplied together whenever we push
a new page scale down into WebCore, so the implementation of view scale
is transparent to WebCore, and acts effectively as a constant multiplier
for the (user-adjustable) page scale factor.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::scaleView):
Add scaleView, which updates our cached viewScaleFactor and pushes it to the Web process.

(WebKit::WebPageProxy::creationParameters):
Plumb viewScaleFactor through the page creation parameters.

  • UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::viewScaleFactor): Added.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
If the viewScaleFactor is not 1 at creation time, call scalePage with a page scale of 1.
Internally, scalePage will multiply in the viewScaleFactor and push it all to the Web process.

(WebKit::WebPage::scalePage):
Multiply the page scale factor by the view scale factor before passing it to WebCore.

(WebKit::WebPage::scalePageInViewCoordinates):
Early returns need to check the total scale, not just the new page scale.

(WebKit::WebPage::totalScaleFactor):
The scale that we get back from WebCore::Page::pageScaleFactor is the product
of WebKit2's view and page scales. So, here we'll call that the totalScaleFactor.
(Might need a different name because it seems like "total" should include deviceScale too).

(WebKit::WebPage::pageScaleFactor):
WebKit2's notion of the pageScaleFactor does not include the view scale, so
divide it out of WebCore's page scale.

(WebKit::WebPage::scaleView):
Apply a new view scale, maintaining the current scroll position.

  • WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::viewScaleFactor):

  • WebProcess/WebPage/WebPage.messages.in:
  • Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

  • Shared/WebPageCreationParameters.h:

Plumb viewScaleFactor through the page creation parameters.

  • UIProcess/API/Cocoa/WKViewPrivate.h:
  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _viewScale]):
(-[WKWebView _setViewScale:]):

  • UIProcess/API/mac/WKView.mm:

(-[WKView _viewScale]):
(-[WKView _setViewScale:]):
Push the new view scale to WebPage.

  • UIProcess/API/Cocoa/WKWebViewPrivate.h:
  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _setAutomaticallyComputesFixedLayoutSizeFromViewScale:]):
(-[WKWebView _automaticallyComputesFixedLayoutSizeFromViewScale]):

  • UIProcess/API/mac/WKView.mm:

(-[WKView setFrameSize:]):
(-[WKView _updateAutomaticallyComputedFixedLayoutSize]):
(-[WKView _setAutomaticallyComputesFixedLayoutSizeFromViewScale:]):
(-[WKView _automaticallyComputesFixedLayoutSizeFromViewScale]):

  • UIProcess/API/mac/WKViewInternal.h:

Add a new layout mode, "DynamicSizeComputedFromViewScale",
which turns on fixed layout size mode, and sets the fixed layout size
based on the view's frame and view scale. The fixed layout size is maintained
as the frame of the view scaled by the inverse of the view scale. This
makes it very easy to maintain a WK(Web)View that is scaled down by
a constant amount, but is laid out as if it were not.

  • WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:

(WebKit::TiledCoreAnimationDrawingArea::adjustTransientZoom):
(WebKit::TiledCoreAnimationDrawingArea::commitTransientZoom):
(WebKit::TiledCoreAnimationDrawingArea::applyTransientZoomToPage):
Because the transient zoom mechanism touches layers that WebCore owns,
it mostly need to operate with totalScaleFactor, because that is what WebCore sees.

  • MiniBrowser/mac/BrowserWindowController.h:
  • MiniBrowser/mac/MainMenu.xib:
  • MiniBrowser/mac/WK1BrowserWindowController.m:

(-[WK1BrowserWindowController setScale:]):

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(viewScaleForMenuItemTag):
(-[WK2BrowserWindowController setScale:]):
(-[WK2BrowserWindowController validateMenuItem:]):
Add a submenu with four view scale options: 100%, 75%, 50%, and 25%.
When in use, we resize the window so that the view fits correctly, and
use automaticallyComputesFixedlayoutSizeFromViewScale so that the page's
layout size will not change when scaling down (but will update appropriately
when the view is resized).

5:11 PM Changeset in webkit [182771] by roger_fong@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed. Set the title text of the placard added in r182631.
https://bugs.webkit.org/show_bug.cgi?id=143585.
<rdar://problem/12067439>

  • Modules/mediacontrols/mediaControlsApple.js:

(Controller.prototype.updateWirelessPlaybackStatus):

5:08 PM Changeset in webkit [182770] by ap@apple.com
  • 2 edits in trunk/Tools

build.webkit.org/dashboard shows obsolete results when builds are substantially out of order
https://bugs.webkit.org/show_bug.cgi?id=138630

Reviewed by Tim Horton.

Make sure that we always load at least one in order productive iteration.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotQueue.js:

(BuildbotQueue): Added _hasLoadedIterationForInOrderResult to track whether the queue
is done loading at least one iteration that wasn't an out of order build.
(BuildbotQueue.prototype.loadMoreHistoricalIterations): Listen for iteration load
when that's needed to check for out of order builds.
(BuildbotQueue.prototype.update): Ditto.
(BuildbotQueue.prototype._checkForInOrderResult): Check if the queue has an in order
result, and if it does not, load more iterations.
(BuildbotQueue.prototype.loadAll): We have everything loaded, so we certainly have
an in order iteration loaded too.
(BuildbotQueue.prototype.compareIterations): Extracted from sortIterations(), and
corrected to always sort loaded iterations before unloaded ones.

5:07 PM Changeset in webkit [182769] by ap@apple.com
  • 3 edits
    2 adds in trunk/LayoutTests/imported/w3c

imported/w3c/canvas/2d.text.measure.width.empty.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=143671

Reviewed by Tim Horton.

  • canvas/2d.text.measure.width.empty.html:
  • canvas/2d.text.measure.width.empty-expected.txt:

Updated the test to trunk, where it uses testharness, which knows about waitUntilDone.

  • fonts: Added.
  • fonts/CanvasTest.ttf: Added.

While at it, added a font that this test includes (probably for no good reason).
This avoids hitting a sandbox violation.

5:05 PM Changeset in webkit [182768] by Brent Fulgham
  • 21 edits
    4 adds in trunk

Expand test infrastructure to support scrolling tests
https://bugs.webkit.org/show_bug.cgi?id=143286
<rdar://problem/20375516>

Reviewed by Simon Fraser.

Source/WebCore:

No new functionality.

This series of changes adds a new singleton class, 'WheelEventTestTrigger', which encapsulates a
function object to be fired when scroll events are finished. The object also keeps track of reasons
why the test should not yet fire (e.g., 'rubberbanding' is active) so that tests do not incorrectly
check rendering state in the middle of an animation.

This code is not yet hooked up to the rendering system, and so does not have any effect on behavior.

  • CMakeLists.txt: Add new WheelEventTestTrigger files.
  • WebCore.vcxproj/WebCore.vcxproj: Ditto.
  • WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
  • WebCore.xcodeproj/project.pbxproj: Ditto.
  • page/MainFrame.cpp:

(WebCore::MainFrame::MainFrame): Add new member to constructor.
(WebCore::MainFrame::testTrigger): Added.
(WebCore::MainFrame::ensureTestTrigger): Added.
(WebCore::MainFrame::clearTrigger): Added.

  • page/MainFrame.h:
  • page/WheelEventTestTrigger.cpp: Added.

(WebCore::WheelEventTestTrigger::WheelEventTestTrigger):
(WebCore::WheelEventTestTrigger::createWeakPtr):
(WebCore::WheelEventTestTrigger::clearAllTestDeferrals):
(WebCore::WheelEventTestTrigger::setTestNotificationCallback):
(WebCore::WheelEventTestTrigger::deferTestsForReason):
(WebCore::WheelEventTestTrigger::removeTestDeferralForReason):
(WebCore::WheelEventTestTrigger::triggerTestTimerFired):

  • page/WheelEventTestTrigger.h: Added.

Source/WebKit2:

Extend the WK2 testing API to include a method for setting a JSC callback function to be triggered
by the new WebCore::WheelEventTestTrigger singleton.

  • WebProcess/InjectedBundle/API/c/WKBundlePage.cpp:

(WKBundlePageStartMonitoringScrollOperations): WK2 method that causes the testing system to begin tracking wheel events.
(WKBundlePageRegisterScrollOperationCompletionCallback): WK2 method to set the callback function for testing.

  • WebProcess/InjectedBundle/API/c/WKBundlePage.h:

Tools:

Extend the WK1 and WK2 test programs to support two new EventSender commands:
(1) monitorWheelEvents: Tells DRT and WKTR to track the wheel event and animation state, so that we can
block executing tests until WebKit has completed any rubberband, scroll, or scroll-snap animations.
(2) callAfterScrollingCompletes: Provide a callback method to be executed when WebKit determines that
relevant rubberband, scroll, and scroll-snap animations are finished.

  • DumpRenderTree/mac/EventSendingController.mm:

(+[EventSendingController isSelectorExcludedFromWebScript:]): Update to recognize 'callAfterScrollingCompletes:'
and 'monitorWheelEvents'.
(+[EventSendingController webScriptNameForSelector:]): Ditto.
(-[EventSendingController mouseScrollByX:andY:continuously:]): Add some stderr logging to help when
debugging test failures.
(-[EventSendingController mouseScrollByX:andY:withWheel:andMomentumPhases:]): Ditto.
(-[EventSendingController callAfterScrollingCompletes:]): Added. Protects the JSObject representing the callback
function, then passes it to WebCore to be called once the test deferrals have been cleared.
(-[EventSendingController monitorWheelEvents:]): Added. Activates the wheel event tracking used by the
'callAfterScrollingCompletes' method.

  • WebKitTestRunner/InjectedBundle/Bindings/EventSendingController.idl: Added signatures for 'callAfterScrollingCompletes'

and 'monitorWheelEvents'.

  • WebKitTestRunner/InjectedBundle/EventSendingController.cpp:

(WTR::EventSendingController::callAfterScrollingCompletes): Added. Protects the JSObject representing the
callback function, then passes it to WebCore to be called once the test deferrals have been cleared
(WTR::EventSendingController::monitorWheelEvents): Added. Activates the wheel event tracking used by the
'callAfterScrollingComplates' method.

  • WebKitTestRunner/InjectedBundle/EventSendingController.h:

LayoutTests:

Correct a scrolling test that had not been issuing wheel events to a valid
view. This was found by some new logging in this patch.

  • platform/mac/fast/scrolling/scroll-div-latched-div-expected.txt:
  • platform/mac/fast/scrolling/scroll-div-latched-div.html:
  • platform/mac-wk1/scrollbars/scrollevent-iframe-no-scrolling-wheel-expected.txt: Added.*
4:51 PM Changeset in webkit [182767] by Said Abou-Hallawa
  • 3 edits in trunk/LayoutTests

Fix LayoutTests/http/tests/canvas/canvas-tainted-after-draw-image.html on all bots
following http://trac.webkit.org/changeset/182750.

Reviewed by Daniel Bates.

  • http/tests/canvas/canvas-tainted-after-draw-image-expected.txt:
  • http/tests/canvas/canvas-tainted-after-draw-image.html:

Set window.jsTestIsAsync true and call finishJSTest() to make the test
asynchronous, so the "TEST COMPLETE" message will be output after all the
test messages. Also delete the synchronous tests for data url image and
same-domain image since they can't be reliably tested.

4:41 PM Changeset in webkit [182766] by jer.noble@apple.com
  • 4 edits in trunk/Source/WebCore

[iOS] When entering optimized fullscreen, standard fullscreen view should exit.
https://bugs.webkit.org/show_bug.cgi?id=143615

Reviewed by Simon Fraser.

When entering optimized fullscreen from standard fullscreen, the original fullscreen
view should animate out.

The original method for entering optimized fullscreen is deprecated, so replace it with
the new method (which doesn't take completion blocks) and use delegate methods to detect
when the animation transition completes.

  • platform/Logging.h:
  • platform/ios/WebVideoFullscreenInterfaceAVKit.h:
  • platform/ios/WebVideoFullscreenInterfaceAVKit.mm:

(boolString): Added; use for logging boolean parameters.
(-[WebAVPlayerController playerViewControllerWillStartOptimizedFullscreen:]): Pass to WebVideoFullscreenInterfaceAVKit.
(-[WebAVPlayerController playerViewControllerDidStartOptimizedFullscreen:]): Ditto.
(-[WebAVPlayerController playerViewControllerWillStopOptimizedFullscreen:]): Ditto.
(-[WebAVPlayerController playerViewControllerDidStopOptimizedFullscreen:]): Ditto.
(-[WebAVPlayerController playerViewControllerWillCancelOptimizedFullscreen:]): Ditto.
(-[WebAVPlayerController playerViewControllerDidCancelOptimizedFullscreen:]): Ditto.
(-[WebAVPlayerController playerViewController:restoreUserInterfaceForOptimizedFullscreenStopWithCompletionHandler:]): Ditto.
(-[WebAVVideoLayer setPlayerViewController:]): Remove the KVO registration; now handled by above delegate methods.
(WebVideoFullscreenInterfaceAVKit::setupFullscreenInternal): Add logging.
(WebVideoFullscreenInterfaceAVKit::enterFullscreen): Ditto.
(WebVideoFullscreenInterfaceAVKit::enterFullscreenOptimized): Use new -startOptimizedFullscreen method.
(WebVideoFullscreenInterfaceAVKit::enterFullscreenStandard): Add logging.
(WebVideoFullscreenInterfaceAVKit::exitFullscreenInternal): Ditto.
(WebVideoFullscreenInterfaceAVKit::cleanupFullscreenInternal): Use hasMode() & isMode() rather than checking m_mode directly.
(WebVideoFullscreenInterfaceAVKit::requestHideAndExitFullscreen): Ditto.
(WebVideoFullscreenInterfaceAVKit::preparedToReturnToInline): Callback now stored on this object rather than the WebAVPlayerController.
(WebVideoFullscreenInterfaceAVKit::mayAutomaticallyShowVideoOptimized): Moved.
(WebVideoFullscreenInterfaceAVKit::fullscreenMayReturnToInline): Added; store the passed callback.
(WebVideoFullscreenInterfaceAVKit::willStartOptimizedFullscreen): Exit out of standard fullscreen mode if necessary.
(WebVideoFullscreenInterfaceAVKit::didStartOptimizedFullscreen): Moved from the start lambda in enterFullscreenOptimized().
(WebVideoFullscreenInterfaceAVKit::willStopOptimizedFullscreen): Call the model's requestExitFullscreen() method.
(WebVideoFullscreenInterfaceAVKit::didStopOptimizedFullscreen): Moved from the stop lambda in enterFullscreenOptimized().
(WebVideoFullscreenInterfaceAVKit::willCancelOptimizedFullscreen): Call the model's requestExitFullscreen() method.
(WebVideoFullscreenInterfaceAVKit::didCancelOptimizedFullscreen): Moved from the stop lambda in enterFullscreenOptimized().
(WebVideoFullscreenInterfaceAVKit::prepareForOptimizedFullscreenStopWithCompletionHandler): Moved from -playerViewController:shouldExitFullScreenWithReason:.
(WebVideoFullscreenInterfaceAVKit::setMode): Added; Call fullscreenModeChanged() if necessary.
(WebVideoFullscreenInterfaceAVKit::clearMode): Ditto.
(-[WebAVVideoLayer observeValueForKeyPath:ofObject:change:context:]): Deleted.
(WebVideoFullscreenInterfaceAVKit::setIsOptimized): Deleted.

4:23 PM Changeset in webkit [182765] by enrica@apple.com
  • 5 edits in trunk/Source/WebKit2

Clients of WKWebView should be able to override drag functions.
https://bugs.webkit.org/show_bug.cgi?id=143618

Reviewed by Darin Adler.

WKWebView now implements the drag protocol functions and
forwards the calls to the inner WKView.
In the page client, when we receive a request to start drag
from the WebProcess, we call _dragImageForView in WKView with
the target view. The function calls dragImage on the given view,
so that its clients can override the dragImage function.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView draggingEntered:]):
(-[WKWebView draggingUpdated:]):
(-[WKWebView draggingExited:]):
(-[WKWebView prepareForDragOperation:]):
(-[WKWebView performDragOperation:]):

  • UIProcess/API/mac/WKView.mm:

(-[WKView _dragImageForView:withImage:at:linkDrag:]):
(-[WKView _setDragImage:at:linkDrag:]): Deleted.

  • UIProcess/API/mac/WKViewInternal.h:
  • UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::setDragImage):

4:20 PM Changeset in webkit [182764] by achristensen@apple.com
  • 2 edits in trunk/Source/WebKit2

[iOS] Unreviewed build fix after r182760.

  • Shared/WebCoreArgumentCoders.cpp:

(IPC::encodeSharedBuffer):
(IPC::decodeSharedBuffer):
Update SharedMemory function names.

3:57 PM Changeset in webkit [182763] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix Windows build. Windows doesn't take kindly to private classes that use FAST_ALLOCATED.

  • runtime/InferredValue.h:
3:33 PM Changeset in webkit [182762] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix build. I introduced a new cell type at the same time as kling changed how new cell types are written.

  • runtime/InferredValue.h:
3:31 PM Changeset in webkit [182761] by Simon Fraser
  • 2 edits in trunk/LayoutTests

Fix compositing/geometry/fixed-transformed.html on Mavericks.

To get consistent results on Mavericks, call
internals.settings.setAcceleratedCompositingForFixedPositionEnabled(true);

  • compositing/geometry/fixed-transformed.html:
3:26 PM Changeset in webkit [182760] by andersca@apple.com
  • 19 edits in trunk/Source/WebKit2

Rename SharedMemory::create overloads
https://bugs.webkit.org/show_bug.cgi?id=143679

Reviewed by Beth Dakin.

Rename the SharedMemory::create overload that allocates memory to SharedMemory::allocate,
and the SharedMemory::create overload that maps in a handle to SharedMemory::map.

  • Platform/SharedMemory.h:
  • Platform/mac/SharedMemoryMac.cpp:

(WebKit::SharedMemory::allocate):
(WebKit::SharedMemory::map):
(WebKit::SharedMemory::create): Deleted.

  • Shared/ShareableBitmap.cpp:

(WebKit::ShareableBitmap::createShareable):
(WebKit::ShareableBitmap::create):

  • Shared/ShareableResource.cpp:

(WebKit::ShareableResource::create):

  • Shared/ShareableResource.h:
  • Shared/WebCompiledContentExtension.cpp:

(WebKit::WebCompiledContentExtension::createFromCompiledContentExtensionData):

  • Shared/WebCompiledContentExtensionData.cpp:

(WebKit::WebCompiledContentExtensionData::decode):

  • Shared/WebHitTestResult.cpp:

(WebKit::WebHitTestResult::Data::Data):
(WebKit::WebHitTestResult::Data::decode):

  • UIProcess/Cocoa/WebPasteboardProxyCocoa.mm:

(WebKit::WebPasteboardProxy::getPasteboardBufferForType):
(WebKit::WebPasteboardProxy::setPasteboardBufferForType):

  • UIProcess/VisitedLinkProvider.cpp:

(WebKit::VisitedLinkProvider::resizeTable):

  • UIProcess/mac/WebPageProxyMac.mm:

(WebKit::WebPageProxy::dataSelectionForPasteboard):
(WebKit::WebPageProxy::setPromisedDataForImage):

  • WebProcess/Plugins/PDF/PDFPlugin.mm:

(WebKit::PDFPlugin::writeItemsToPasteboard):

  • WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:

(WebKit::WebPlatformStrategies::bufferForType):
(WebKit::WebPlatformStrategies::setBufferForType):

  • WebProcess/WebCoreSupport/mac/WebDragClientMac.mm:

(WebKit::WebDragClient::declareAndWriteDragImage):

  • WebProcess/WebPage/VisitedLinkTableController.cpp:

(WebKit::VisitedLinkTableController::setVisitedLinkTable):

  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::getDataSelectionForPasteboard):

3:13 PM Changeset in webkit [182759] by fpizlo@apple.com
  • 65 edits
    17 adds
    3 deletes in trunk

JSC should detect singleton functions
https://bugs.webkit.org/show_bug.cgi?id=143232

Source/JavaScriptCore:

Reviewed by Geoffrey Garen.

This started out as an attempt to make constructors faster by detecting when a constructor is a
singleton. The idea is that each FunctionExecutable has a VariableWatchpointSet - a watchpoint
along with an inferred value - that detects if only one JSFunction has been allocated for that
executable, and if so, what that JSFunction is. Then, inside the code for the FunctionExecutable,
if the watchpoint set has an inferred value (i.e. it's been initialized and it is still valid),
we can constant-fold GetCallee.

Unfortunately, constructors don't use GetCallee anymore, so that didn't pan out. But in the
process I realized a bunch of things:

  • This allows us to completely eliminate the GetCallee/GetScope sequence that we still sometimes had even in code where our singleton-closure detection worked. That's because singleton-closure inference worked at the op_resolve_scope, and that op_resolve_scope still needed to keep alive the incoming scope in case we OSR exit. But by constant-folding GetCallee, that sequence disappears. OSR exit can rematerialize the callee or the scope by just knowing their constant values.


  • Singleton detection should be a reusable thing. So, I got rid of VariableWatchpointSet and created InferredValue. InferredValue is a cell, so it can handle its own GC magic. FunctionExecutable uses an InferredValue to tell you about singleton JSFunctions.


  • The old singleton-scope detection in op_resolve_scope is better abstracted as a SymbolTable detecting a singleton JSSymbolTableObject. So, SymbolTable uses an InferredValue to tell you about singleton JSSymbolTableObjects. It's curious that we want to have singleton detection in SymbolTable if we already have it in FunctionExecutable. This comes into play in two ways. First, it means that the DFG can realize sooner that a resolve_scope resolves to a constant scope. Ths saves compile times and it allows prediction propagation to benefit from the constant folding. Second, it means that we will detect a singleton scope even if it is referenced from a non-singleton scope that is nearer to us in the scope chain. This refactoring allows us to eliminate the function reentry watchpoint.


  • This allows us to use a normal WatchpointSet, instead of a VariableWatchpointSet, for inferring constant values in scopes. Previously when the DFG inferred that a closure variable was constant, it wouldn't know which closure that variable was in and so it couldn't just load that value. But now we are first inferring that the function is a singleton, which means that we know exactly what scope it points to, and we can load the value from the scope. Using a WatchpointSet instead of a VariableWatchpointSet saves some memory and simplifies a bunch of code. This also means that now, the only user of VariableWatchpointSet is FunctionExecutable. I've tweaked the code of VariableWatchpointSet to reduce its power to just be what FunctionExecutable wants.


This also has the effect of simplifying the implementation of block scoping. Prior to this
change, block scoping would have needed to have some story for the function reentry watchpoint on
any nested symbol table. That's totally weird to think about; it's not really a function reentry
but a scope reentry. Now we don't have to think about this. Constant inference on nested scopes
will "just work": if we prove that we know the constant value of the scope then the machinery
kicks in, otherwise it doesn't.

This is a small Octane and AsmBench speed-up. AsmBench sees 1% while Octane sees sub-1%.

  • CMakeLists.txt:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/BytecodeList.json:
  • bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::valueProfileForBytecodeOffset):

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::valueProfileForBytecodeOffset): Deleted.

  • bytecode/CodeOrigin.cpp:

(JSC::InlineCallFrame::calleeConstant):
(JSC::InlineCallFrame::visitAggregate):

  • bytecode/CodeOrigin.h:

(JSC::InlineCallFrame::calleeConstant): Deleted.
(JSC::InlineCallFrame::visitAggregate): Deleted.

  • bytecode/Instruction.h:
  • bytecode/VariableWatchpointSet.cpp: Removed.
  • bytecode/VariableWatchpointSet.h: Removed.
  • bytecode/VariableWatchpointSetInlines.h: Removed.
  • bytecode/VariableWriteFireDetail.cpp: Added.

(JSC::VariableWriteFireDetail::dump):
(JSC::VariableWriteFireDetail::touch):

  • bytecode/VariableWriteFireDetail.h: Added.

(JSC::VariableWriteFireDetail::VariableWriteFireDetail):

  • bytecode/Watchpoint.h:

(JSC::WatchpointSet::stateOnJSThread):
(JSC::WatchpointSet::startWatching):
(JSC::WatchpointSet::fireAll):
(JSC::WatchpointSet::touch):
(JSC::WatchpointSet::invalidate):
(JSC::InlineWatchpointSet::stateOnJSThread):
(JSC::InlineWatchpointSet::state):
(JSC::InlineWatchpointSet::hasBeenInvalidated):
(JSC::InlineWatchpointSet::invalidate):
(JSC::InlineWatchpointSet::touch):

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::get):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::getScope): Deleted.

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDesiredWatchpoints.cpp:

(JSC::DFG::InferredValueAdaptor::add):
(JSC::DFG::DesiredWatchpoints::addLazily):
(JSC::DFG::DesiredWatchpoints::reallyAdd):
(JSC::DFG::DesiredWatchpoints::areStillValid):

  • dfg/DFGDesiredWatchpoints.h:

(JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
(JSC::DFG::DesiredWatchpoints::isWatched):

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::tryGetConstantClosureVar):

  • dfg/DFGNode.h:

(JSC::DFG::Node::hasWatchpointSet):
(JSC::DFG::Node::watchpointSet):
(JSC::DFG::Node::hasVariableWatchpointSet): Deleted.
(JSC::DFG::Node::variableWatchpointSet): Deleted.

  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewFunction):
(JSC::DFG::SpeculativeJIT::compileCreateActivation):
(JSC::DFG::SpeculativeJIT::compileNotifyWrite):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGVarargsForwardingPhase.cpp:
  • ftl/FTLIntrinsicRepository.h:
  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileCreateActivation):
(JSC::FTL::LowerDFGToLLVM::compileNewFunction):
(JSC::FTL::LowerDFGToLLVM::compileNotifyWrite):

  • interpreter/Interpreter.cpp:

(JSC::StackFrame::friendlySourceURL):
(JSC::StackFrame::friendlyFunctionName):

  • interpreter/Interpreter.h:

(JSC::StackFrame::friendlySourceURL): Deleted.
(JSC::StackFrame::friendlyFunctionName): Deleted.

  • jit/JIT.cpp:

(JSC::JIT::emitNotifyWrite):
(JSC::JIT::privateCompileMainPass):

  • jit/JIT.h:
  • jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_touch_entry): Deleted.

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emitPutGlobalVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emitNotifyWrite): Deleted.

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emitPutGlobalVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emitNotifyWrite): Deleted.

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL): Deleted.

  • runtime/CommonSlowPaths.h:
  • runtime/Executable.cpp:

(JSC::FunctionExecutable::finishCreation):
(JSC::FunctionExecutable::visitChildren):

  • runtime/Executable.h:

(JSC::FunctionExecutable::singletonFunction):

  • runtime/InferredValue.cpp: Added.

(JSC::InferredValue::create):
(JSC::InferredValue::destroy):
(JSC::InferredValue::createStructure):
(JSC::InferredValue::visitChildren):
(JSC::InferredValue::InferredValue):
(JSC::InferredValue::~InferredValue):
(JSC::InferredValue::notifyWriteSlow):
(JSC::InferredValue::ValueCleanup::ValueCleanup):
(JSC::InferredValue::ValueCleanup::~ValueCleanup):
(JSC::InferredValue::ValueCleanup::finalizeUnconditionally):

  • runtime/InferredValue.h: Added.

(JSC::InferredValue::inferredValue):
(JSC::InferredValue::state):
(JSC::InferredValue::isStillValid):
(JSC::InferredValue::hasBeenInvalidated):
(JSC::InferredValue::add):
(JSC::InferredValue::notifyWrite):
(JSC::InferredValue::invalidate):

  • runtime/JSEnvironmentRecord.cpp:

(JSC::JSEnvironmentRecord::visitChildren):

  • runtime/JSEnvironmentRecord.h:

(JSC::JSEnvironmentRecord::isValid):
(JSC::JSEnvironmentRecord::finishCreation):

  • runtime/JSFunction.cpp:

(JSC::JSFunction::create):

  • runtime/JSFunction.h:

(JSC::JSFunction::createWithInvalidatedReallocationWatchpoint):
(JSC::JSFunction::createImpl):
(JSC::JSFunction::create): Deleted.

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::addGlobalVar):
(JSC::JSGlobalObject::addFunction):

  • runtime/JSGlobalObject.h:
  • runtime/JSLexicalEnvironment.cpp:

(JSC::JSLexicalEnvironment::symbolTablePut):

  • runtime/JSScope.h:

(JSC::ResolveOp::ResolveOp):

  • runtime/JSSegmentedVariableObject.h:

(JSC::JSSegmentedVariableObject::finishCreation):

  • runtime/JSSymbolTableObject.h:

(JSC::JSSymbolTableObject::JSSymbolTableObject):
(JSC::JSSymbolTableObject::setSymbolTable):
(JSC::symbolTablePut):
(JSC::symbolTablePutWithAttributes):

  • runtime/PutPropertySlot.h:
  • runtime/SymbolTable.cpp:

(JSC::SymbolTableEntry::prepareToWatch):
(JSC::SymbolTable::SymbolTable):
(JSC::SymbolTable::finishCreation):
(JSC::SymbolTable::visitChildren):
(JSC::SymbolTableEntry::inferredValue): Deleted.
(JSC::SymbolTableEntry::notifyWriteSlow): Deleted.
(JSC::SymbolTable::WatchpointCleanup::WatchpointCleanup): Deleted.
(JSC::SymbolTable::WatchpointCleanup::~WatchpointCleanup): Deleted.
(JSC::SymbolTable::WatchpointCleanup::finalizeUnconditionally): Deleted.

  • runtime/SymbolTable.h:

(JSC::SymbolTableEntry::disableWatching):
(JSC::SymbolTableEntry::watchpointSet):
(JSC::SymbolTable::singletonScope):
(JSC::SymbolTableEntry::notifyWrite): Deleted.

  • runtime/TypeProfiler.cpp:
  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:
  • tests/stress/infer-uninitialized-closure-var.js: Added.

(foo.f):
(foo):

  • tests/stress/singleton-scope-then-overwrite.js: Added.

(foo.f):
(foo):

  • tests/stress/singleton-scope-then-realloc-and-overwrite.js: Added.

(foo):

  • tests/stress/singleton-scope-then-realloc.js: Added.

(foo):

LayoutTests:

Reviewed by Geoffrey Garen and Michael Saboff.

  • js/regress/create-lots-of-functions-expected.txt: Added.
  • js/regress/create-lots-of-functions.html: Added.
  • js/regress/no-inline-constructor-expected.txt: Added.
  • js/regress/no-inline-constructor.html: Added.
  • js/regress/script-tests/create-lots-of-functions.js: Added.
  • js/regress/script-tests/no-inline-constructor.js: Added.
  • js/regress/script-tests/singleton-scope.js: Added.
  • js/regress/singleton-scope-expected.txt: Added.
  • js/regress/singleton-scope.html: Added.
2:42 PM Changeset in webkit [182758] by Brent Fulgham
  • 2 edits in trunk/Source/WebCore

[Win] Unreviewed fix after r182757.

  • platform/win/FileSystemWin.cpp:

(WebCore::renameFile): Checked in wrong version.

2:37 PM Changeset in webkit [182757] by Brent Fulgham
  • 3 edits in trunk/Source/WebCore

[Win] Unreviewed fix after r182161.

The change caused Windows to lose Media UI, since the new 'getFileSize'
signature was being improperly used for a 'UInt8'-based string.

Fix was to provide implementations for the two new methods, and to make
sure RenderThemeWin was using the proper signature.

This should actually be a little more efficient, since we have the file
handle when we call this new method. Previously, a Windows 'find file' was
being done with the requested path, which was unnecessary work.

  • platform/win/FileSystemWin.cpp:

(WebCore::getFileSizeFromByHandleFileInformationStructure): Added helper function.
(WebCore::getFileSize): Provide implementation.
(WebCore::renameFile):

  • rendering/RenderThemeWin.cpp:

(WebCore::RenderThemeWin::stringWithContentsOfFile): Use the file handle to
get the file size, rather than using the path-based size lookup (which involves
performing an unnecessary file search.

2:23 PM Changeset in webkit [182756] by beidson@apple.com
  • 17 edits
    2 adds in trunk/Source

Share sheets from Share menus appear outside the browser window.
<rdar://problem/20455592> and https://bugs.webkit.org/show_bug.cgi?id=143620

Reviewed by Darin Adler.

Source/WebCore:

  • page/ContextMenuController.h:

(WebCore::ContextMenuController::client):

Source/WebKit/mac:

Refactor existing Sharing Service Picker code to also be used for the Share menu NSMenuItem.

  • Misc/WebSharingServicePickerController.h:

(WebSharingServicePickerClient::webView):

  • Misc/WebSharingServicePickerController.mm:

(WebSharingServicePickerClient::WebSharingServicePickerClient):
(WebSharingServicePickerClient::sharingServicePickerWillBeDestroyed):
(WebSharingServicePickerClient::pageForSharingServicePicker):
(WebSharingServicePickerClient::windowForSharingServicePicker):
(WebSharingServicePickerClient::screenRectForCurrentSharingServicePickerItem):
(WebSharingServicePickerClient::imageForCurrentSharingServicePickerItem):
(-[WebSharingServicePickerController initWithItems:includeEditorServices:client:style:]):
(-[WebSharingServicePickerController initWithSharingServicePicker:client:]):
(-[WebSharingServicePickerController sharingService:didShareItems:]):

  • WebCoreSupport/WebContextMenuClient.h:

(WebContextMenuClient::webView): Deleted.

  • WebCoreSupport/WebContextMenuClient.mm:

(WebContextMenuClient::WebContextMenuClient):
(WebContextMenuClient::pageForSharingServicePicker): Deleted.
(WebContextMenuClient::windowForSharingServicePicker): Deleted.

  • WebCoreSupport/WebSelectionServiceController.h:
  • WebCoreSupport/WebSelectionServiceController.mm:

(WebSelectionServiceController::WebSelectionServiceController):
(WebSelectionServiceController::handleSelectionServiceClick):
(WebSelectionServiceController::pageForSharingServicePicker): Deleted.
(WebSelectionServiceController::windowForSharingServicePicker): Deleted.
(WebSelectionServiceController::screenRectForCurrentSharingServicePickerItem): Deleted.
(WebSelectionServiceController::imageForCurrentSharingServicePickerItem): Deleted.

  • WebView/WebHTMLView.mm:

(-[WebHTMLView menuForEvent:]):

  • WebView/WebViewData.h:

Source/WebKit2:

Refactor existing Sharing Service Picker code to also be used for the Share menu NSMenuItem.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::internalShowContextMenu):
(WebKit::WebPageProxy::platformInitializeShareMenuItem):

  • UIProcess/WebPageProxy.h:
  • UIProcess/mac/WKSharingServicePickerDelegate.h: Added.
  • UIProcess/mac/WKSharingServicePickerDelegate.mm: Added.

(+[WKSharingServicePickerDelegate sharedSharingServicePickerDelegate]):
(-[WKSharingServicePickerDelegate menuProxy]):
(-[WKSharingServicePickerDelegate setMenuProxy:]):
(-[WKSharingServicePickerDelegate setPicker:]):
(-[WKSharingServicePickerDelegate setFiltersEditingServices:]):
(-[WKSharingServicePickerDelegate setHandlesEditingReplacement:]):
(-[WKSharingServicePickerDelegate sharingServicePicker:sharingServicesForItems:mask:proposedSharingServices:]):
(-[WKSharingServicePickerDelegate sharingServicePicker:delegateForSharingService:]):
(-[WKSharingServicePickerDelegate sharingService:willShareItems:]):
(-[WKSharingServicePickerDelegate sharingService:didShareItems:]):
(-[WKSharingServicePickerDelegate sharingService:sourceWindowForShareItems:sharingContentScope:]):

  • UIProcess/mac/WebContextMenuProxyMac.mm:

(WebKit::WebContextMenuProxyMac::setupServicesMenu):
(+[WKSharingServicePickerDelegate sharedSharingServicePickerDelegate]): Deleted.
(-[WKSharingServicePickerDelegate menuProxy]): Deleted.
(-[WKSharingServicePickerDelegate setMenuProxy:]): Deleted.
(-[WKSharingServicePickerDelegate setPicker:]): Deleted.
(-[WKSharingServicePickerDelegate setIncludeEditorServices:]): Deleted.
(-[WKSharingServicePickerDelegate sharingServicePicker:sharingServicesForItems:mask:proposedSharingServices:]): Deleted.
(-[WKSharingServicePickerDelegate sharingServicePicker:delegateForSharingService:]): Deleted.
(-[WKSharingServicePickerDelegate sharingService:willShareItems:]): Deleted.
(-[WKSharingServicePickerDelegate sharingService:didShareItems:]): Deleted.
(-[WKSharingServicePickerDelegate sharingService:sourceWindowForShareItems:sharingContentScope:]): Deleted.

  • UIProcess/mac/WebPageProxyMac.mm:

(WebKit::WebPageProxy::platformInitializeShareMenuItem):

  • WebKit2.xcodeproj/project.pbxproj:
2:18 PM Changeset in webkit [182755] by Simon Fraser
  • 1 edit
    1 add in trunk/LayoutTests

Add missing layout test result.

  • compositing/geometry/fixed-transformed-expected.txt: Added.
1:53 PM Changeset in webkit [182754] by akling@apple.com
  • 8 edits in trunk/Source/WebCore

Rebaseline bindings tests.

  • bindings/scripts/test/JS/JSTestActiveDOMObject.h:
  • bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
  • bindings/scripts/test/JS/JSTestEventTarget.h:
  • bindings/scripts/test/JS/JSTestException.h:
  • bindings/scripts/test/JS/JSTestInterface.h:
  • bindings/scripts/test/JS/JSTestObj.h:
  • bindings/scripts/test/JS/JSTestTypedefs.h:
1:26 PM Changeset in webkit [182753] by andersca@apple.com
  • 28 edits in trunk/Source/WebKit2

Begin cleaning up the shared memory interface
https://bugs.webkit.org/show_bug.cgi?id=143677

Reviewed by Andreas Kling.

Rename createFromVMBuffer to create and add a protection parameter (which is currently unused).
Also, turn SharedMemory::Protection into a proper enum class.

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::store):

  • NetworkProcess/cache/NetworkCacheEntry.cpp:

(WebKit::NetworkCache::Entry::initializeBufferFromStorageRecord):

  • NetworkProcess/mac/NetworkResourceLoaderMac.mm:

(WebKit::tryGetShareableHandleFromCFData):

  • Platform/SharedMemory.h:
  • Platform/mac/SharedMemoryMac.cpp:

(WebKit::SharedMemory::create):
(WebKit::machProtection):
(WebKit::SharedMemory::createHandle):
(WebKit::SharedMemory::createFromVMBuffer): Deleted.

  • Shared/ContextMenuContextData.cpp:

(WebKit::ContextMenuContextData::encode):
(WebKit::ContextMenuContextData::decode):

  • Shared/ShareableBitmap.h:
  • Shared/ShareableResource.cpp:

(WebKit::ShareableResource::create):
(WebKit::ShareableResource::createHandle):

  • Shared/WebCompiledContentExtensionData.cpp:

(WebKit::WebCompiledContentExtensionData::encode):
(WebKit::WebCompiledContentExtensionData::decode):

  • Shared/WebHitTestResult.cpp:

(WebKit::WebHitTestResult::Data::encode):
(WebKit::WebHitTestResult::Data::decode):

  • UIProcess/API/APIUserContentExtensionStore.cpp:

(API::createExtension):

  • UIProcess/Cocoa/WebPasteboardProxyCocoa.mm:

(WebKit::WebPasteboardProxy::getPasteboardBufferForType):
(WebKit::WebPasteboardProxy::setPasteboardBufferForType):
(WebKit::WebPasteboardProxy::readBufferFromPasteboard):

  • UIProcess/VisitedLinkProvider.cpp:

(WebKit::VisitedLinkProvider::sendTable):

  • UIProcess/mac/WKPrintingView.mm:

(pageDidDrawToImage):

  • UIProcess/mac/WebPageProxyMac.mm:

(WebKit::WebPageProxy::dataSelectionForPasteboard):
(WebKit::WebPageProxy::setPromisedDataForImage):

  • WebProcess/Plugins/PDF/PDFPlugin.mm:

(WebKit::PDFPlugin::writeItemsToPasteboard):

  • WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:

(WebKit::WebPlatformStrategies::bufferForType):
(WebKit::WebPlatformStrategies::setBufferForType):
(WebKit::WebPlatformStrategies::readBufferFromPasteboard):

  • WebProcess/WebCoreSupport/mac/WebDragClientMac.mm:

(WebKit::WebDragClient::declareAndWriteDragImage):

  • WebProcess/WebPage/VisitedLinkTableController.cpp:

(WebKit::VisitedLinkTableController::setVisitedLinkTable):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::takeSnapshot):
(WebKit::WebPage::drawRectToImage):

  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::getDataSelectionForPasteboard):

1:16 PM Changeset in webkit [182752] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

[iOS] Treat a 'not found' media option index as the 'off' track.
https://bugs.webkit.org/show_bug.cgi?id=143672

Reviewed by Eric Carlson.

The UIProcess will pass in UINT64_MAX for the index of the legible option to select. Treat this
as if the captionOffMenuItem() had been selected to avoid a null dereference.

  • platform/ios/WebVideoFullscreenModelVideoElement.mm:

(WebVideoFullscreenModelVideoElement::selectLegibleMediaOption):

1:02 PM Changeset in webkit [182751] by commit-queue@webkit.org
  • 3 edits
    3 adds in trunk

list-style-image with SVG image renders at incorrect size.
https://bugs.webkit.org/show_bug.cgi?id=141367.

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-04-13
Reviewed by Darin Adler.
Source/WebCore:

This patch imports https://codereview.chromium.org/197203003.

When using an SVG as list marker image, don't unconditionally set the
dimensions to a square with the dimensions of ascent / 2, but rather
determine a suitable size using intrinsic dimensions (and ratio).

Test: svg/as-list-image/svg-list-image-intrinsic-size-1.html

  • rendering/RenderListMarker.cpp:

(WebCore::RenderListMarker::updateContent):

LayoutTests:

Ensure the SVG image gets the correct size when used as an image list.

  • svg/as-list-image: Added.
  • svg/as-list-image/svg-list-image-intrinsic-size-1-expected.html: Added.
  • svg/as-list-image/svg-list-image-intrinsic-size-1.html: Added.
12:53 PM Changeset in webkit [182750] by Said Abou-Hallawa
  • 3 edits
    4 adds in trunk

Canvas drawImage() has a security hole when the image isn't yet fully loaded.
https://bugs.webkit.org/show_bug.cgi?id=58681.

Reviewed by Darin Adler.

Source/WebCore:

There is a race condition which may happen if an image from a different
origin is drawn on a canvas before it finishes loading. The check to taint
the canvas comes before drawing it. This check returns false if the image
is not completely loaded because we check the URL of the resource response.
If after this check and before the drawing, the image finishes loading, the
canvas will not be tainted but the image will be drawn.

The fix is to move the check to taint the canvas after drawing the image.
The only problem with this solution is basically the opposite of this bug:
we will become stricter than before with images which are from a different
origin and before they finish loading. The image has not finished loading,
so we do not draw it. Before we check for tainting, the image finishes
loading. So we decide to taint the canvas even the image is not drawn.

But this should not be a security issue anymore. I personally do not know
if it is even a correctness issue or not.

Test: http/tests/canvas/canvas-tainted-after-draw-image.html

  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::drawImage):

LayoutTests:

This test confirms when we load an image from a different origin and try
drawing it on a canvas, the canvas is tainted if the image is completely
loaded and drawn. Otherwise the image is not drawn.

  • http/tests/canvas/canvas-tainted-after-draw-image-expected.txt: Added.
  • http/tests/canvas/canvas-tainted-after-draw-image.html: Added.
  • http/tests/canvas/resources: Added.
  • http/tests/canvas/resources/100x100-lime-rect.svg: Added.
12:52 PM Changeset in webkit [182749] by jhoneycutt@apple.com
  • 3 edits
    1 add in trunk

Cannot click "Next" button on Google two-factor auth setup page

<https://bugs.webkit.org/show_bug.cgi?id=143624>
<rdar://problem/19175714>

.:

Reviewed by Darin Adler.

  • ManualTests/button-that-focuses-itself-on-click.html: Added.

Source/WebKit2:

This issue occurs when this site focuses the submit button. When it
receives focus, we try to assist it. While we consider ourselves to be
assisting it, we ignore further gesture inputs for that node, including
the tap gesture.

To fix this, only assist input types that we know are assistable,
including text fields, select and date elements, etc.

Reviewed by Darin Adler.

  • UIProcess/ios/WKContentViewInteraction.mm:

(isAssistableInputType):
If the type is a known-assistable type, return true.
(-[WKContentView _startAssistingNode:userIsInteracting:blurPreviousNode:userObject:]):
Call isAssistableInputType() to determine whether we should do any kind
of assistance for this node.

12:17 PM Changeset in webkit [182748] by Beth Dakin
  • 46 edits
    3 deletes in trunk

Add force property to MouseEvents
https://bugs.webkit.org/show_bug.cgi?id=143569
-and corresponding-
rdar://problem/20472954

Reviewed by Darin Adler.

Source/WebCore:

This patch removes WebKitMouseForceEvent and uses a MouseEvent everywhere that it
was used. That’s possible because this patch also adds a force property to all
MouseEvents and to PlatformMouseEvent.

Remove WebKitMouseForceEvent.

  • CMakeLists.txt:
  • DerivedSources.cpp:
  • DerivedSources.make:
  • WebCore.vcxproj/WebCore.vcxproj:
  • WebCore.vcxproj/WebCore.vcxproj.filters:
  • WebCore.xcodeproj/project.pbxproj:
  • dom/DOMAllInOne.cpp:

Create MouseEvents with the appropriate force instead of WebKitMouseForceEvents.
This patch also gets rid of the PlatformMouseEvent parameter for these events.
They were re-using the cached mousedown event before, which they never should have
done. Instead, we create PlatformMouseEvents inside these functions and then use
that to make MouseEvents.

  • dom/Element.cpp:

(WebCore::Element::dispatchMouseForceWillBegin):
(WebCore::Element::dispatchMouseForceChanged):
(WebCore::Element::dispatchMouseForceDown):
(WebCore::Element::dispatchMouseForceUp):
(WebCore::Element::dispatchMouseForceClick):
(WebCore::Element::dispatchMouseForceCancelled):

  • dom/Element.h:

No More WebKitMouseForceEvent.

  • dom/EventNames.in:

Add force to MouseEvent.

  • dom/MouseEvent.cpp:

(WebCore::MouseEvent::create):
(WebCore::MouseEvent::MouseEvent):
(WebCore::MouseEvent::cloneFor):
(WebCore::SimulatedMouseEvent::SimulatedMouseEvent):

  • dom/MouseEvent.h:

(WebCore::MouseEvent::force):
(WebCore::MouseEvent::setForce):

  • dom/MouseEvent.idl:

No More WebKitMouseForceEvent.

  • dom/WebKitMouseForceEvent.cpp: Removed.
  • dom/WebKitMouseForceEvent.h: Removed.
  • dom/WebKitMouseForceEvent.idl: Removed.

PlatformMouseEvent now takes a force parameter.

  • dom/WheelEvent.cpp:

(WebCore::WheelEvent::WheelEvent):

  • page/ContextMenuController.cpp:

(WebCore::ContextMenuController::showContextMenuAt):

  • page/DragController.cpp:

(WebCore::createMouseEvent):

  • page/EventHandler.cpp:

(WebCore::EventHandler::dispatchDragEvent):
(WebCore::EventHandler::sendContextMenuEventForKey):
(WebCore::EventHandler::fakeMouseMoveEventTimerFired):

We don’t need lastMouseDownEvent() anymore. We were using it to avoid creating new
PlatformMouseEvents for the force events, but we fix that in this patch.
(WebCore::EventHandler::lastMouseDownEvent): Deleted.

  • page/EventHandler.h:

At force to PlatformMouseEvent.

  • platform/PlatformMouseEvent.h:

(WebCore::PlatformMouseEvent::PlatformMouseEvent):
(WebCore::PlatformMouseEvent::force):

  • replay/SerializationMethods.cpp:

(JSC::EncodingTraits<PlatformMouseEvent>::encodeValue):
(JSC::EncodingTraits<PlatformMouseEvent>::decodeValue):

Source/WebKit/ios:

Send the appropriate force with this simulated click event.

  • WebView/WebPDFViewPlaceholder.mm:

(-[WebPDFViewPlaceholder simulateClickOnLinkToURL:]):

Source/WebKit/mac:

PlatformMouseEvent and MouseEvent now take force parameters.

  • WebView/WebFrame.mm:

(-[WebFrame _dragSourceEndedAt:operation:]):

  • WebView/WebPDFView.mm:

(-[WebPDFView PDFViewWillClickOnLink:withURL:]):

Source/WebKit/win:

PlatformMouseEvent takes a force parameter.

  • WebDropSource.cpp:

(generateMouseEvent):

Source/WebKit2:

In order to accommodate adding force to all PlatformMouseEvents, we have to add it
to pass a caches pressure event to NativeWebMouseEvent and add force to
WebMouseEvent.

NativeWebMouseEvent now requires a second NSEvent for the pressureEvent.

  • Shared/NativeWebMouseEvent.h:

WebMouseEvent takes a force parameter.

  • Shared/WebEvent.h:

(WebKit::WebMouseEvent::force):

  • Shared/WebEventConversion.cpp:

(WebKit::WebKit2PlatformMouseEvent::WebKit2PlatformMouseEvent):

  • Shared/WebMouseEvent.cpp:

(WebKit::WebMouseEvent::WebMouseEvent):
(WebKit::WebMouseEvent::encode):
(WebKit::WebMouseEvent::decode):

  • Shared/mac/NativeWebMouseEventMac.mm:

(WebKit::NativeWebMouseEvent::NativeWebMouseEvent):

  • Shared/mac/WebEventFactory.h:
  • Shared/mac/WebEventFactory.mm:

(WebKit::WebEventFactory::createWebMouseEvent):

Cache the most recent pressureEvent in _data so that it can be sent along to the
NativeWebMouseEvent constructor.

  • UIProcess/API/mac/WKView.mm:

(-[WKView pressureChangeWithEvent:]):
(-[WKView acceptsFirstMouse:]):
(-[WKView shouldDelayWindowOrderingForEvent:]):
(-[WKView _postFakeMouseMovedEventForFlagsChangedEvent:]):
(-[WKView initWithFrame:processPool:configuration:webView:]):

WebMouseEvent takes a force parameter.

  • WebProcess/Plugins/PDF/PDFPlugin.mm:

(WebKit::PDFPlugin::showContextMenuAtPoint):

  • WebProcess/Plugins/PluginView.cpp:

(WebKit::PluginView::createWebEvent):

MouseEvent and PlatformMouseEvent both take force parameters too.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::navigateToURLWithSimulatedClick):
(WebKit::WebPage::contextMenuAtPointInWindow):
(WebKit::WebPage::dragEnded):
(WebKit::WebPage::simulateMouseDown):
(WebKit::WebPage::simulateMouseUp):
(WebKit::WebPage::simulateMouseMotion):

The functions that dispatch the force events no longer take a PlatformMouseEvent
as a parameter.

  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::inputDeviceForceDidChange):
(WebKit::WebPage::immediateActionDidCancel):

LayoutTests:

  • platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
  • platform/mac/js/dom/global-constructors-attributes-expected.txt:
  • platform/win/js/dom/global-constructors-attributes-expected.txt:
12:12 PM Changeset in webkit [182747] by akling@apple.com
  • 96 edits in trunk/Source

Don't segregate heap objects based on Structure immortality.
<https://webkit.org/b/143638>

Reviewed by Darin Adler.

Source/JavaScriptCore:

Put all objects that need a destructor call into the same MarkedBlock.
This reduces memory consumption in many situations, while improving locality,
since much more of the MarkedBlock space can be shared.

Instead of branching on the MarkedBlock type, we now check a bit in the
JSCell's inline type flags (StructureIsImmortal) to see whether it's safe
to access the cell's Structure during destruction or not.

Performance benchmarks look mostly neutral. Maybe a small regression on
SunSpider's date objects.

On the amazon.com landing page, this saves us 50 MarkedBlocks (3200kB) along
with a bunch of WeakBlocks that were hanging off of them. That's on the higher
end of savings we can get from this, but still a very real improvement.

Most of this patch is removing the "hasImmortalStructure" constant from JSCell
derived classes and passing that responsibility to the StructureIsImmortal flag.
StructureFlags is made public so that it's accessible from non-member functions.
I made sure to declare it everywhere and make classes final to try to make it
explicit what each class is doing to its inherited flags.

  • API/JSCallbackConstructor.h:
  • API/JSCallbackObject.h:
  • bytecode/UnlinkedCodeBlock.h:
  • debugger/DebuggerScope.h:
  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileMakeRope):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileMakeRope):

  • heap/Heap.h:

(JSC::Heap::subspaceForObjectDestructor):
(JSC::Heap::allocatorForObjectWithDestructor):
(JSC::Heap::subspaceForObjectNormalDestructor): Deleted.
(JSC::Heap::subspaceForObjectsWithImmortalStructure): Deleted.
(JSC::Heap::allocatorForObjectWithNormalDestructor): Deleted.
(JSC::Heap::allocatorForObjectWithImmortalStructureDestructor): Deleted.

  • heap/HeapInlines.h:

(JSC::Heap::allocateWithDestructor):
(JSC::Heap::allocateObjectOfType):
(JSC::Heap::subspaceForObjectOfType):
(JSC::Heap::allocatorForObjectOfType):
(JSC::Heap::allocateWithNormalDestructor): Deleted.
(JSC::Heap::allocateWithImmortalStructureDestructor): Deleted.

  • heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::allocateBlock):

  • heap/MarkedAllocator.h:

(JSC::MarkedAllocator::needsDestruction):
(JSC::MarkedAllocator::MarkedAllocator):
(JSC::MarkedAllocator::init):
(JSC::MarkedAllocator::destructorType): Deleted.

  • heap/MarkedBlock.cpp:

(JSC::MarkedBlock::create):
(JSC::MarkedBlock::MarkedBlock):
(JSC::MarkedBlock::callDestructor):
(JSC::MarkedBlock::specializedSweep):
(JSC::MarkedBlock::sweep):
(JSC::MarkedBlock::sweepHelper):

  • heap/MarkedBlock.h:

(JSC::MarkedBlock::needsDestruction):
(JSC::MarkedBlock::destructorType): Deleted.

  • heap/MarkedSpace.cpp:

(JSC::MarkedSpace::MarkedSpace):
(JSC::MarkedSpace::resetAllocators):
(JSC::MarkedSpace::forEachAllocator):
(JSC::MarkedSpace::isPagedOut):
(JSC::MarkedSpace::clearNewlyAllocated):

  • heap/MarkedSpace.h:

(JSC::MarkedSpace::subspaceForObjectsWithDestructor):
(JSC::MarkedSpace::destructorAllocatorFor):
(JSC::MarkedSpace::allocateWithDestructor):
(JSC::MarkedSpace::forEachBlock):
(JSC::MarkedSpace::subspaceForObjectsWithNormalDestructor): Deleted.
(JSC::MarkedSpace::subspaceForObjectsWithImmortalStructure): Deleted.
(JSC::MarkedSpace::immortalStructureDestructorAllocatorFor): Deleted.
(JSC::MarkedSpace::normalDestructorAllocatorFor): Deleted.
(JSC::MarkedSpace::allocateWithImmortalStructureDestructor): Deleted.
(JSC::MarkedSpace::allocateWithNormalDestructor): Deleted.

  • inspector/JSInjectedScriptHost.h:
  • inspector/JSInjectedScriptHostPrototype.h:
  • inspector/JSJavaScriptCallFrame.h:
  • inspector/JSJavaScriptCallFramePrototype.h:
  • jsc.cpp:
  • runtime/ArrayBufferNeuteringWatchpoint.h:
  • runtime/ArrayConstructor.h:
  • runtime/ArrayIteratorPrototype.h:
  • runtime/BooleanPrototype.h:
  • runtime/ClonedArguments.h:
  • runtime/CustomGetterSetter.h:
  • runtime/DateConstructor.h:
  • runtime/DatePrototype.h:
  • runtime/ErrorPrototype.h:
  • runtime/ExceptionHelpers.h:
  • runtime/Executable.h:
  • runtime/GenericArguments.h:
  • runtime/GetterSetter.h:
  • runtime/InternalFunction.h:
  • runtime/JSAPIValueWrapper.h:
  • runtime/JSArgumentsIterator.h:
  • runtime/JSArray.h:
  • runtime/JSArrayBuffer.h:
  • runtime/JSArrayBufferView.h:
  • runtime/JSBoundFunction.h:
  • runtime/JSCallee.h:
  • runtime/JSCell.h:
  • runtime/JSCellInlines.h:

(JSC::JSCell::classInfo):

  • runtime/JSDataViewPrototype.h:
  • runtime/JSEnvironmentRecord.h:
  • runtime/JSFunction.h:
  • runtime/JSGenericTypedArrayView.h:
  • runtime/JSGlobalObject.h:
  • runtime/JSLexicalEnvironment.h:
  • runtime/JSNameScope.h:
  • runtime/JSNotAnObject.h:
  • runtime/JSONObject.h:
  • runtime/JSObject.h:

(JSC::JSFinalObject::JSFinalObject):

  • runtime/JSPromiseConstructor.h:
  • runtime/JSPromiseDeferred.h:
  • runtime/JSPromisePrototype.h:
  • runtime/JSPromiseReaction.h:
  • runtime/JSPropertyNameEnumerator.h:
  • runtime/JSProxy.h:
  • runtime/JSScope.h:
  • runtime/JSString.h:
  • runtime/JSSymbolTableObject.h:
  • runtime/JSTypeInfo.h:

(JSC::TypeInfo::structureIsImmortal):

  • runtime/MathObject.h:
  • runtime/NumberConstructor.h:
  • runtime/NumberPrototype.h:
  • runtime/ObjectConstructor.h:
  • runtime/PropertyMapHashTable.h:
  • runtime/RegExp.h:
  • runtime/RegExpConstructor.h:
  • runtime/RegExpObject.h:
  • runtime/RegExpPrototype.h:
  • runtime/ScopedArgumentsTable.h:
  • runtime/SparseArrayValueMap.h:
  • runtime/StrictEvalActivation.h:
  • runtime/StringConstructor.h:
  • runtime/StringIteratorPrototype.h:
  • runtime/StringObject.h:
  • runtime/StringPrototype.h:
  • runtime/Structure.cpp:

(JSC::Structure::Structure):

  • runtime/Structure.h:
  • runtime/StructureChain.h:
  • runtime/StructureRareData.h:
  • runtime/Symbol.h:
  • runtime/SymbolPrototype.h:
  • runtime/SymbolTable.h:
  • runtime/WeakMapData.h:

Source/WebCore:

  • bindings/js/JSDOMBinding.h:
  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GeneratePrototypeDeclaration):

  • bridge/objc/objc_runtime.h:
  • bridge/runtime_array.h:
  • bridge/runtime_method.h:
  • bridge/runtime_object.h:

Source/WebKit2:

  • WebProcess/Plugins/Netscape/JSNPObject.h:
11:38 AM Changeset in webkit [182746] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit2

javascript: links in inline PDFs shouldn't execute JavaScript in the context of the host website
https://bugs.webkit.org/show_bug.cgi?id=143642
<rdar://problem/18259355>

Reviewed by Darin Adler.

  • WebProcess/Plugins/PDF/PDFPlugin.mm:

(WebKit::PDFPlugin::clickedLink):
Don't follow javascript: URLs.

11:08 AM Changeset in webkit [182745] by mark.lam@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

DFG inlining of op_call_varargs should keep the callee alive in case of OSR exit.
https://bugs.webkit.org/show_bug.cgi?id=143407

Reviewed by Filip Pizlo.

DFG inlining of a varargs call / construct needs to keep the local
containing the callee alive with a Phantom node because the LoadVarargs
node may OSR exit. After the OSR exit, the baseline JIT executes the
op_call_varargs with that callee in the local.

Previously, because that callee local was not explicitly kept alive,
the op_call_varargs case can OSR exit a DFG function and leave an
undefined value in that local. As a result, the baseline observes the
side effect of an op_call_varargs on an undefined value instead of the
function it expected.

Note: this issue does not manifest with op_construct_varargs because
the inlined constructor will have an op_create_this which operates on
the incoming callee value, thereby keeping it alive.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleInlining):

  • tests/stress/call-varargs-with-different-arguments-length-after-warmup.js: Added.

(foo):
(Foo):
(doTest):

11:04 AM Changeset in webkit [182744] by Alan Bujtas
  • 2 edits in trunk/PerformanceTests

Clear up the test content when test is done.

Unreviewed fix.

  • Layout/simple-line-layout-innertext.html:
10:55 AM Changeset in webkit [182743] by Simon Fraser
  • 4 edits
    1 add in trunk

Fixed position element is truncated if moved onscreen by a transform
https://bugs.webkit.org/show_bug.cgi?id=143655
Source/WebCore:

rdar://problem/15020044

Reviewed by Darin Adler.

Our "don't do layout if transform changes" code was too aggressive.
If an element changes between having a transform and not having one, we
really need to do a layout since so much else depends on transforms. In
this particular case, we clip position:fixed elements to the viewport if
they are not transformed, and were failing to re-evaluate this when a
transform was added. Doing a layout fixes this.

Test: compositing/geometry/fixed-transformed.html

  • rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::changeRequiresLayout):

  • rendering/style/StyleTransformData.h:

(WebCore::StyleTransformData::hasTransform):

LayoutTests:

Reviewed by Darin Adler.

Test that moves a position:fixed element on-screen using a transform.

  • compositing/geometry/fixed-transformed.html: Added.
10:54 AM Changeset in webkit [182742] by achristensen@apple.com
  • 4 edits in trunk/Source/WebKit2

[Content Extensions] Don't unmap shared memory while using it.
https://bugs.webkit.org/show_bug.cgi?id=143625

Reviewed by Darin Adler.

  • Shared/WebCompiledContentExtension.cpp:

(WebKit::WebCompiledContentExtension::createFromCompiledContentExtensionData):

  • Shared/WebCompiledContentExtensionData.h:

(WebKit::WebCompiledContentExtensionData::WebCompiledContentExtensionData):

  • UIProcess/API/APIUserContentExtensionStore.cpp:

(API::createExtension):
Keep the Data object alive as long as the SharedMemory that uses it.

10:50 AM Changeset in webkit [182741] by ap@apple.com
  • 2 edits in trunk/LayoutTests

js/regress-141098.html often times out in debug builds.

This test is slow in debug, sometimes barely passing, and other times timing out.

10:42 AM Changeset in webkit [182740] by Michael Catanzaro
  • 2 edits in trunk

[cmake] REGRESSION(182663): It broke feature dependency handling
https://bugs.webkit.org/show_bug.cgi?id=143665

Reviewed by Csaba Osztrogonác.

Don't try to check the value of options before defining the options.

  • Source/cmake/WebKitFeatures.cmake:
10:42 AM Changeset in webkit [182739] by Brent Fulgham
  • 3 edits in trunk/LayoutTests

[Win] Unreviewed test correction after r182635.

Two Windows test expectation files were missing newlines at the end of the file.

  • platform/win/fast/backgrounds/selection-background-color-of-image-list-style-expected.txt:
  • platform/win/fast/backgrounds/selection-background-color-of-list-style-expected.txt:
10:28 AM Changeset in webkit [182738] by ap@apple.com
  • 2 edits in trunk/Tools

build.webkit.org/dashboard: Crash-only queues should show failure when testing fails to start
https://bugs.webkit.org/show_bug.cgi?id=143656

Reviewed by Darin Adler.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BuildbotTesterQueueView.js:

(BuildbotTesterQueueView.prototype.update.appendBuilderQueueStatus):

10:28 AM Changeset in webkit [182737] by Alan Bujtas
  • 26 edits
    1 add in trunk/LayoutTests

[Win] Unreviewed gardening after r182620. (<br> updates mostly)

  • platform/win/fast/dom/focus-contenteditable-expected.txt:
  • platform/win/fast/forms/listbox-hit-test-zoomed-expected.txt:
  • platform/win/fast/forms/range/slider-padding-expected.txt:
  • platform/win/fast/forms/textarea-scroll-height-expected.txt:
  • platform/win/fast/parser/open-comment-in-textarea-expected.txt:
  • platform/win/fast/text/international/bidi-layout-across-linebreak-expected.txt:
  • platform/win/fast/text/svg-font-face-with-kerning-expected.txt: Added.
  • platform/win/http/tests/navigation/postredirect-basic-expected.txt:
  • platform/win/http/tests/navigation/postredirect-goback1-expected.txt:
  • platform/win/printing/single-line-must-not-be-split-into-two-pages-expected.txt:
  • platform/win/svg/wicd/test-rightsizing-b-expected.txt:
  • platform/win/tables/mozilla/bugs/bug1224-expected.txt:
  • platform/win/tables/mozilla/bugs/bug131020-expected.txt:
  • platform/win/tables/mozilla/bugs/bug131020_iframe-expected.txt:
  • platform/win/tables/mozilla/bugs/bug1430-expected.txt:
  • platform/win/tables/mozilla/bugs/bug16252-expected.txt:
  • platform/win/tables/mozilla/bugs/bug19599-expected.txt:
  • platform/win/tables/mozilla/bugs/bug20579-expected.txt:
  • platform/win/tables/mozilla/bugs/bug32205-3-expected.txt:
  • platform/win/tables/mozilla/bugs/bug82946-2-expected.txt:
  • platform/win/tables/mozilla/bugs/bug92143-expected.txt:
  • platform/win/tables/mozilla/marvin/tables_cellpadding-expected.txt:
  • platform/win/tables/mozilla/marvin/tables_cellspacing-expected.txt:
  • platform/win/tables/mozilla/other/wa_table_thtd_rowspan-expected.txt:
  • platform/win/tables/mozilla_expected_failures/bugs/bug56024-expected.txt:
  • platform/win/tables/mozilla_expected_failures/other/test4-expected.txt:
9:22 AM Changeset in webkit [182736] by peavo@outlook.com
  • 2 edits in trunk/Source/WebKit/win

[Win] Incorrect parameter order in call to WebView::repaint.
https://bugs.webkit.org/show_bug.cgi?id=143666

Reviewed by Brent Fulgham.

The 'immediate' default parameter has been forgotten.

  • WebCoreSupport/WebChromeClient.cpp:

(WebChromeClient::invalidateRootView):
(WebChromeClient::invalidateContentsAndRootView):
(WebChromeClient::invalidateContentsForSlowScroll):

8:41 AM Changeset in webkit [182735] by Darin Adler
  • 7 edits in trunk/Source

[Cocoa] Localizable strings are inconsistent and need to be regenerated
https://bugs.webkit.org/show_bug.cgi?id=143661
Source/WebCore:

rdar://problem/19634388

Reviewed by Dan Bernstein.

  • English.lproj/Localizable.strings: Updated by running the

update-webkit-localizable-strings script.

Source/WebKit/mac:

rdar://problem/19634388

Reviewed by Dan Bernstein.

  • Misc/WebLocalizableStrings.mm:

(LoadWebLocalizedStringsTimerCallback): Moved the comment, useful for programmers but
not for localization, into a C++ source code comment, and made the localizer comment
consistent with the place this localizable string is used for actual localization.

  • WebCoreSupport/WebEditorClient.mm:

(undoNameForEditAction): Changed the localizer comments for Delete and Dictation
to match the ones in WebKit2; no need to specify that these are iOS only, and if we do
want to specify that, we should not be using the term PLATFORM(IOS) since there is no
reason for us to expect localizers to understand that terminology. Also added a comment
about the fact that we have two copies of all the localizable strings.

Source/WebKit2:

Reviewed by Dan Bernstein.

  • UIProcess/WebEditCommandProxy.cpp:

(WebKit::WebEditCommandProxy::nameForEditAction): Also added a comment
about the fact that we have two copies of all the localizable strings.

8:40 AM Changeset in webkit [182734] by Darin Adler
  • 2 edits in trunk/Source/WebCore

Remove needless recreation of URL in NavigationScheduler::scheduleLocationChange
https://bugs.webkit.org/show_bug.cgi?id=143662

Reviewed by Sam Weinig.

  • loader/NavigationScheduler.cpp:

(WebCore::NavigationScheduler::scheduleLocationChange): Removed unnecessary code
to convert a URL to a String and then back into a URL.

8:06 AM Changeset in webkit [182733] by svillar@igalia.com
  • 2 edits in trunk/Tools

REGRESSION(r181134): [GTK] Test /webkit2/WebKitWebView/insecure-content is failing after r181134
https://bugs.webkit.org/show_bug.cgi?id=142387

Reviewed by Carlos Garcia Campos.

Running mixed content is blocked by default since r181134. Updated
the test case to reflect the new default settings.

  • TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:

(testInsecureContent):

7:46 AM Changeset in webkit [182732] by Gyuyoung Kim
  • 2 edits in trunk/Tools

Fix wrong value variable in ENABLE_NAVIGATOR_HWCONCURRENCY
https://bugs.webkit.org/show_bug.cgi?id=143667

Reviewed by Csaba Osztrogonác.

ENABLE_NAVIGATOR_HWCONCURRENCY has used $registerProtocolHandlerSupport value variable
since r169017. Added $hardwareConcurrencySupport for it.

Additionally networkInfoSupport is removed because this feature was removed due to spec out.

  • Scripts/webkitperl/FeatureList.pm:
7:11 AM Changeset in webkit [182731] by Csaba Osztrogonác
  • 10 edits in trunk

[cmake] Add ENABLE(ATTACHMENT_ELEMENT) to the build system
https://bugs.webkit.org/show_bug.cgi?id=143664

Reviewed by Gyuyoung Kim.

.:

  • Source/cmake/OptionsEfl.cmake:
  • Source/cmake/OptionsGTK.cmake:
  • Source/cmake/WebKitFeatures.cmake:
  • Source/cmakeconfig.h.cmake:

Source/WebCore:

  • page/efl/DragControllerEfl.cpp:

(WebCore::DragController::declareAndWriteAttachment): Added stub implementation to fix the build.

  • page/gtk/DragControllerGtk.cpp:

(WebCore::DragController::declareAndWriteAttachment): Added stub implementation to fix the build.

Tools:

  • Scripts/webkitperl/FeatureList.pm:
7:08 AM Changeset in webkit [182730] by Csaba Osztrogonác
  • 37 edits
    1 add in trunk/LayoutTests

[EFL] Update table/mozilla expected files after r182620
https://bugs.webkit.org/show_bug.cgi?id=143626

Unreviewed gardening.

  • platform/efl/TestExpectations:
  • platform/efl/tables/mozilla/bugs/bug106795-expected.png:
  • platform/efl/tables/mozilla/bugs/bug106795-expected.txt:
  • platform/efl/tables/mozilla/bugs/bug1224-expected.png:
  • platform/efl/tables/mozilla/bugs/bug1224-expected.txt:
  • platform/efl/tables/mozilla/bugs/bug131020-expected.png:
  • platform/efl/tables/mozilla/bugs/bug131020-expected.txt:
  • platform/efl/tables/mozilla/bugs/bug131020_iframe-expected.png:
  • platform/efl/tables/mozilla/bugs/bug131020_iframe-expected.txt:
  • platform/efl/tables/mozilla/bugs/bug1430-expected.png:
  • platform/efl/tables/mozilla/bugs/bug1430-expected.txt:
  • platform/efl/tables/mozilla/bugs/bug157890-expected.png:
  • platform/efl/tables/mozilla/bugs/bug157890-expected.txt: Added.
  • platform/efl/tables/mozilla/bugs/bug16252-expected.png:
  • platform/efl/tables/mozilla/bugs/bug16252-expected.txt:
  • platform/efl/tables/mozilla/bugs/bug19599-expected.png:
  • platform/efl/tables/mozilla/bugs/bug19599-expected.txt:
  • platform/efl/tables/mozilla/bugs/bug20579-expected.png:
  • platform/efl/tables/mozilla/bugs/bug20579-expected.txt:
  • platform/efl/tables/mozilla/bugs/bug32205-3-expected.png:
  • platform/efl/tables/mozilla/bugs/bug32205-3-expected.txt:
  • platform/efl/tables/mozilla/bugs/bug82946-2-expected.png:
  • platform/efl/tables/mozilla/bugs/bug82946-2-expected.txt:
  • platform/efl/tables/mozilla/bugs/bug92143-expected.png:
  • platform/efl/tables/mozilla/bugs/bug92143-expected.txt:
  • platform/efl/tables/mozilla/marvin/tables_cellpadding-expected.png:
  • platform/efl/tables/mozilla/marvin/tables_cellpadding-expected.txt:
  • platform/efl/tables/mozilla/marvin/tables_cellspacing-expected.png:
  • platform/efl/tables/mozilla/marvin/tables_cellspacing-expected.txt:
  • platform/efl/tables/mozilla/other/wa_table_thtd_rowspan-expected.png:
  • platform/efl/tables/mozilla/other/wa_table_thtd_rowspan-expected.txt:
  • platform/efl/tables/mozilla_expected_failures/bugs/bug1262-expected.png:
  • platform/efl/tables/mozilla_expected_failures/bugs/bug1262-expected.txt:
  • platform/efl/tables/mozilla_expected_failures/bugs/bug56024-expected.png:
  • platform/efl/tables/mozilla_expected_failures/bugs/bug56024-expected.txt:
  • platform/efl/tables/mozilla_expected_failures/other/test4-expected.png:
  • platform/efl/tables/mozilla_expected_failures/other/test4-expected.txt:
7:05 AM Changeset in webkit [182729] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[Curl] Small improvements to CurlCacheEntry::parseResponseHeaders()
https://bugs.webkit.org/show_bug.cgi?id=143597

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-04-13
Reviewed by Csaba Osztrogonác.

Most lines of code in CurlCacheEntry::parseResponseHeaders() don't need to be
executed if the response has "no-cache" or "no-store" directive, but we are
checking these conditions in the middle of the method. We can move this to the
beginning of the method for efficiency.

No new tests, no behavior change.

  • platform/network/curl/CurlCacheEntry.cpp:

(WebCore::CurlCacheEntry::parseResponseHeaders):

6:59 AM Changeset in webkit [182728] by Csaba Osztrogonác
  • 2 edits in trunk/LayoutTests

[EFL] Unreviewed gardening, skip fast/attachment tests, there is
no reason to run these tests before enabling ATTACHMENT_ELEMENT.

  • platform/efl/TestExpectations:
6:38 AM Changeset in webkit [182727] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WTF

Merge r182676 - Fix -Wparentheses warning with GCC 5 in SaturatedArithmetic.h
https://bugs.webkit.org/show_bug.cgi?id=143457

Reviewed by Benjamin Poulain.

Tested by WTF.SaturatedArithmeticAddition and WTF.SaturatedArithmeticSubtraction.

  • wtf/SaturatedArithmetic.h:

(signedAddOverflows): Use && instead of & to avoid triggering -Wparentheses in newer
versions of GCC and Clang, and to improve the clarity of the function.
(signedSubtractOverflows): Changed correspondingly, although there was no warning here.

6:20 AM Changeset in webkit [182726] by svillar@igalia.com
  • 2 edits in trunk/Source/WebCore

Unreviewed, build fix after r182704.

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):

6:06 AM Changeset in webkit [182725] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r182672 - Selects don't scroll at some aspect ratios
https://bugs.webkit.org/show_bug.cgi?id=143649
rdar://problem/19365694

Reviewed by Darin Adler.
Source/WebCore:

Fix width/height flip in RenderListBox which caused us to fail to scroll when
the list was wider than the scroll height.

We're generally confused about RenderListBox scroll offsets (webkit.org/b/143648)
but this fixes the immediate problem.

Test: fast/forms/listbox-visible-size.html

  • rendering/RenderListBox.h:

LayoutTests:

  • fast/forms/listbox-visible-size-expected.txt: Added.
  • fast/forms/listbox-visible-size.html: Added.
6:04 AM Changeset in webkit [182724] by Carlos Garcia Campos
  • 3 edits
    1 delete in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r182671 - Remove PluginModuleInfo.cpp from WebKit2
https://bugs.webkit.org/show_bug.cgi?id=143643

Patch by Sungmann Cho <sungmann.cho@navercorp.com> on 2015-04-12
Reviewed by Darin Adler.

Remove PluginModuleInfo.cpp from WebKit2 because it is totally empty.

No new tests, no behavior change.

  • CMakeLists.txt:
  • Shared/Plugins/PluginModuleInfo.cpp: Removed.
  • WebKit2.xcodeproj/project.pbxproj:
5:58 AM Changeset in webkit [182723] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r182634 - [ARM] Fix calleeSaveRegisters() on non iOS platforms after r180516
https://bugs.webkit.org/show_bug.cgi?id=143368

Reviewed by Michael Saboff.

  • jit/RegisterSet.cpp:

(JSC::RegisterSet::calleeSaveRegisters):

5:52 AM Changeset in webkit [182722] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r182609 - Text-combine erroneously draws vertically after non-layout-causing style change
https://bugs.webkit.org/show_bug.cgi?id=143461
<rdar://problem/19285490>

Reviewed by Darin Adler.

Source/WebCore:

RenderCombineText::styleDidChange() unconditionally uncombines its text. Layout then
recombines it. However, if there is a style change that does not cause layout, the
RenderCombineText will be left uncombined until the next layout.

Test: fast/text/text-combine-style-change-no-layout.html

  • rendering/RenderCombineText.cpp:

(WebCore::RenderCombineText::styleDidChange):

LayoutTests:

  • fast/text/text-combine-style-change-no-layout-expected.html: Added.
  • fast/text/text-combine-style-change-no-layout.html: Added.
5:51 AM Changeset in webkit [182721] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r182643 - REGRESSION (182567): regress/script-tests/sorting-benchmark.js fails on 32 bit dfg-eager tests
https://bugs.webkit.org/show_bug.cgi?id=143582

Reviewed by Mark Lam.

For 32 bit builds, we favor spilling unboxed values. The ASSERT at the root of this bug doesn't
fire for 64 bit builds, because we spill an "Other" value as a full JS value (DataFormatJS).
For 32 bit builds however, if we are able, we spill Other values as JSCell* (DataFormatCell).
The fix is to add a check in fillSpeculateInt32Internal() before the ASSERT that always OSR exits
if the spillFormat is DataFormatCell. Had we spilled in DataFormatJS and the value was a JSCell*,
we would still OSR exit after the speculation check.

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode): Fixed an error in a comment while debugging.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):

5:47 AM Changeset in webkit [182720] by Carlos Garcia Campos
  • 3 edits
    4 adds in releases/WebKitGTK/webkit-2.8

Merge r182567 - JSArray::sortNumeric should handle ArrayWithUndecided
https://bugs.webkit.org/show_bug.cgi?id=143535

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

ArrayWithUndecided is what you get if you haven't stored anything into the array yet. We need to handle it.

  • runtime/JSArray.cpp:

(JSC::JSArray::sortNumeric):

  • tests/stress/sort-array-with-undecided.js: Added.

LayoutTests:

Upload the original test that first spotted this. Shortened it a bit so that it runs fast enough.

  • js/regress/script-tests/sorting-benchmark.js: Added.

(log):
(bottom_up_merge_sort):
(aMinusB):
(verify):
(benchmark):
(makeArrays):

  • js/regress/sorting-benchmark-expected.txt: Added.
  • js/regress/sorting-benchmark.html: Added.
5:43 AM Changeset in webkit [182719] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8

Merge r182562 - DFG::IntegerCheckCombiningPhase's wrap-around check shouldn't trigger C++ undef behavior on wrap-around
https://bugs.webkit.org/show_bug.cgi?id=143532

Reviewed by Gavin Barraclough.

Oh the irony! We were protecting an optimization that only worked if there was no wrap-around in JavaScript.
But the C++ code had wrap-around, which is undef in C++. So, if the compiler was smart enough, our compiler
would think that there never was wrap-around.

This fixes a failure in stress/tricky-array-boiunds-checks.js when JSC is compiled with bleeding-edge clang.

  • dfg/DFGIntegerCheckCombiningPhase.cpp:

(JSC::DFG::IntegerCheckCombiningPhase::isValid):

5:39 AM Changeset in webkit [182718] by Carlos Garcia Campos
  • 4 edits
    4 adds in releases/WebKitGTK/webkit-2.8

Merge r182560 - [CSS Shapes] Properly handle negative reference box widths and center coordinates
https://bugs.webkit.org/show_bug.cgi?id=142610

Reviewed by Rob Buis.
Source/WebCore:

Fix a few cases where values that should not be negative end up that
way.

This patch is based on a couple of Blink patches by Rob Buis.

Tests: fast/shapes/shape-outside-floats/shape-outside-floats-circle-negative-radius-crash.html

fast/shapes/shape-outside-floats/shape-outside-floats-ellipse-negative-width-crash.html

  • rendering/shapes/ShapeOutsideInfo.cpp:

(WebCore::ShapeOutsideInfo::computeDeltasForContainingBlockLine): A

negative margin box width means that the shape has no extent, so
clamp to zero.

  • rendering/style/BasicShapes.cpp:

(WebCore::BasicShapeCircle::floatValueForRadiusInBox): When computing

the radii, take the absolute value, since the radii is based on
the distance, which is always positive.

(WebCore::BasicShapeEllipse::floatValueForRadiusInBox): Ditto.

LayoutTests:

Tests for the cases that trigger asserts.

  • fast/shapes/shape-outside-floats/shape-outside-floats-circle-negative-radius-crash-expected.txt: Added.
  • fast/shapes/shape-outside-floats/shape-outside-floats-circle-negative-radius-crash.html: Added.
  • fast/shapes/shape-outside-floats/shape-outside-floats-ellipse-negative-width-crash-expected.txt: Added.
  • fast/shapes/shape-outside-floats/shape-outside-floats-ellipse-negative-width-crash.html: Added.
5:35 AM Changeset in webkit [182717] by Carlos Garcia Campos
  • 3 edits
    10 adds in releases/WebKitGTK/webkit-2.8

Merge r182546 - Fill list style background with same color with that of list background.
https://bugs.webkit.org/show_bug.cgi?id=143483

Reviewed by Simon Fraser.

Source/WebCore:

LayoutListMarker does not have a node so its selectionBackgroundColor alway returns
the default theme color for selection. We can make it more natural by filling
the same color with that of LayoutListItem into it.

Tests: fast/backgrounds/selection-background-color-of-image-list-style.html

fast/backgrounds/selection-background-color-of-list-style.html

  • rendering/RenderListMarker.cpp:

(WebCore::RenderListMarker::paint):

LayoutTests:

  • fast/backgrounds/selection-background-color-of-image-list-style.html: Added.
  • fast/backgrounds/selection-background-color-of-list-style.html: Added.
  • platform/gtk/fast/backgrounds/selection-background-color-of-image-list-style-expected.png: Added.
  • platform/gtk/fast/backgrounds/selection-background-color-of-image-list-style-expected.txt: Added.
  • platform/gtk/fast/backgrounds/selection-background-color-of-list-style-expected.png: Added.
  • platform/gtk/fast/backgrounds/selection-background-color-of-list-style-expected.txt: Added.
  • platform/mac/fast/backgrounds/selection-background-color-of-image-list-style-expected.png: Added.
  • platform/mac/fast/backgrounds/selection-background-color-of-image-list-style-expected.txt: Added.
  • platform/mac/fast/backgrounds/selection-background-color-of-list-style-expected.png: Added.
  • platform/mac/fast/backgrounds/selection-background-color-of-list-style-expected.txt: Added.
5:33 AM Changeset in webkit [182716] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.8

Merge r182537 - [GTK] Crash in DOMObjectCache when a wrapped object owned by the cache is unreffed by the user
https://bugs.webkit.org/show_bug.cgi?id=143521

Reviewed by Martin Robinson.

This is a case we claim to support, but it only works if the
object has only one reference. In that case, when the user unrefs
it, the weak ref notify callback removes the object from the
cache. However, if the object has more than one ref, the cache
doesn't know the user unreffed it, and when clearing the cache we
try to remove more references than what the object actually has,
causing a crash in g_object_unref.

  • bindings/gobject/DOMObjectCache.cpp:

(WebKit::DOMObjectCacheData::clearObject):

5:30 AM Changeset in webkit [182715] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182534 - [GStreamer] compress property for the HTTP source element
https://bugs.webkit.org/show_bug.cgi?id=143518

Reviewed by Carlos Garcia Campos.

Added a compress property so the default behavior or not
requesting content encoded to the server can be overridden if
needed. This is useful for adaptive streaming playback.

  • platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcSetProperty):
(webKitWebSrcGetProperty):
(webKitWebSrcStart):

5:24 AM Changeset in webkit [182714] by Carlos Garcia Campos
  • 2 edits
    1 add in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182523 - [GStreamer] extra-headers and keep-alive properties for HTTP source element
https://bugs.webkit.org/show_bug.cgi?id=143480

Reviewed by Carlos Garcia Campos.

Keep the resource loader around when persistent HTTP connection
support is enabled. The keep-alive property is set to false by
default. Also before sending the HTTP request we now check the
contents of the extra-headers GstStructure and set additional
headers based on the structure contents.

Patch inspired by GStreamer's souphttpsrc element.

  • platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webkit_web_src_init):
(webKitWebSrcFinalize):
(webKitWebSrcSetProperty):
(webKitWebSrcGetProperty):
(webKitWebSrcStop): Clear resource loader only for non-persistent connections.
(webKitWebSrcSetExtraHeader): Utility function to append headers
to an existing request based on a GValue contents.
(webKitWebSrcProcessExtraHeaders): Parse a GValue and set headers
based on its contents.
(webKitWebSrcStart): Extra headers and persistent connection
support. The resource loader is now lazily initialized here.

5:01 AM Changeset in webkit [182713] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.8

Merge r182450 - [GTK] Fix HPPA build
https://bugs.webkit.org/show_bug.cgi?id=143453

Reviewed by Darin Adler.

Add HPPA to the list of supported CPUs.

  • CMakeLists.txt:
4:39 AM Changeset in webkit [182712] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r182447 - Create the web inspector process pool lazily
https://bugs.webkit.org/show_bug.cgi?id=143456
rdar://problem/20146520

Reviewed by Mark Lam.

Add and implement WebInspectorProxy::isInspectorProcessPool instead of always creating the inspector process pool
when trying to determine if a given process pool is the inspector process pool.

This should speed up initialization somewhat and avoid creating a storage manager for example.

  • UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::inspectorProcessPool):
(WebKit::WebInspectorProxy::isInspectorProcessPool):

  • UIProcess/WebInspectorProxy.h:
  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::getLaunchOptions):

4:32 AM Changeset in webkit [182711] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r182444 - In the 64-bit DFG and FTL, Array::Double case for HasIndexedProperty should set its result to true when all is well.
<https://webkit.org/b/143396>

Reviewed by Filip Pizlo.

The DFG was neglecting to set the result boolean. The FTL was setting it with
an inverted value. Both of these are now resolved.

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileHasIndexedProperty):

  • tests/stress/for-in-array-mode.js: Added.

(.):
(test):

4:24 AM Changeset in webkit [182710] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r182388 - [WK2] API::Array::copy() should move the resulting Vector<> of copies into the Array::create() call
https://bugs.webkit.org/show_bug.cgi?id=143413

Reviewed by Darin Adler.

Move the Vector<> object containing the copied elements into the Array::create()
call, avoiding copying all the elements again.

While here, change the Vector<> parameters for Array::create() and the Array
constructor to rvalue references. This will ensure that the passed-in object
is moved into the Array::create() call if possible, or explicitly copied
otherwise. The constructor is moved into the header for inlining opportunities
and the unnecessary parameter in the create(Vector<>&&) method declaration
removed.

  • Shared/API/APIArray.cpp:

(API::Array::create):
(API::Array::copy):
(API::Array::Array): Deleted.

  • Shared/API/APIArray.h:
4:22 AM Changeset in webkit [182709] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182379 - FileList constructor should move the passed-in Vector<> rvalue reference into the member variable
https://bugs.webkit.org/show_bug.cgi?id=143412

Reviewed by Darin Adler.

  • fileapi/FileList.h:

(WebCore::FileList::FileList): An explicit move of the passed-in rvalue
reference into the member variable is required, otherwise a copy is
performed since an rvalue reference is just an lvalue.

4:20 AM Changeset in webkit [182708] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.8/Source

Merge r182378 - UserScript, UserStyleSheet constructors should take in Vector<String> rvalue references
https://bugs.webkit.org/show_bug.cgi?id=143411

Reviewed by Darin Adler.

Have the UserScript and UserStyleSheet constructors take in Vector<String>
rvalue references for the whitelist and blacklist parameters. Both classes
store these Vector<String> objects, so the referenced objects can simply be
moved into the member variable.

Because the constructor is now demanding an rvalue, it's up to the caller
to move in the desired object if possible, or create an explicit copy
otherwise.

  • page/UserScript.h:

(WebCore::UserScript::UserScript):

  • page/UserStyleSheet.h:

(WebCore::UserStyleSheet::UserStyleSheet):

Source/WebKit2:
UserScript, UserStyleSheet constructors should take in Vector<String> rvalues
https://bugs.webkit.org/show_bug.cgi?id=143411

Reviewed by Darin Adler.

Move the whitelist and blacklist Vector<String> objects into the
UserScript and UserStyleSheet constructors in ArgumentCoder<T>::decode
functions.

  • Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<UserStyleSheet>::decode):
(IPC::ArgumentCoder<UserScript>::decode):

4:18 AM Changeset in webkit [182707] by commit-queue@webkit.org
  • 8 edits in trunk/Source/WebCore

Use std::unique_ptr instead of PassOwnPtr|OwnPtr for ResourceResponse
https://bugs.webkit.org/show_bug.cgi?id=143056

Patch by Joonghun Park <jh718.park@samsung.com> on 2015-04-13
Reviewed by Gyuyoung Kim.

No new tests, no behavior changes.

  • loader/WorkerThreadableLoader.cpp:

(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
(WebCore::WorkerThreadableLoader::MainThreadBridge::didReceiveResponse):

  • platform/CrossThreadCopier.h:
  • platform/network/ResourceResponseBase.cpp:

(WebCore::ResourceResponseBase::adopt):
(WebCore::ResourceResponseBase::copyData):

  • platform/network/ResourceResponseBase.h:
  • platform/network/cf/ResourceResponse.h:

(WebCore::ResourceResponse::doPlatformCopyData):
(WebCore::ResourceResponse::doPlatformAdopt):

  • platform/network/curl/ResourceResponse.h:

(WebCore::ResourceResponse::doPlatformCopyData):
(WebCore::ResourceResponse::doPlatformAdopt):

  • platform/network/soup/ResourceResponse.h:

(WebCore::ResourceResponse::doPlatformCopyData):
(WebCore::ResourceResponse::doPlatformAdopt):

4:16 AM Changeset in webkit [182706] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182374 - FrameView code uses page() without null checking
https://bugs.webkit.org/show_bug.cgi?id=143425
rdar://problem/18920601

Reviewed by Anders Carlsson.

While we don't have tests that cover this, we are seeing crashes coming in
that indicate the shouldEnableSpeculativeTilingDuringLoading function is
being called when the page is null. This patch adds null checks to all the
places in FrameView that use page() without doing null checking.

  • page/FrameView.cpp:

(WebCore::FrameView::layout): If page is null, don't try to do the
auto-sizing logic that involves the textAutosizingWidth value from the page.
(WebCore::FrameView::setFixedVisibleContentRect): Get settings from the
frame rather than the page to avoid possible null-dereference.
(WebCore::FrameView::scrollPositionChanged): Check the page for null when
getting the event throttling delay.
(WebCore::FrameView::updateLayerFlushThrottling): Check the page for null,
and return early if it is null.
(WebCore::shouldEnableSpeculativeTilingDuringLoading): Check the page for
null, and return false if it is null.
(WebCore::FrameView::performPostLayoutTasks): Guard the code that calls
didLayout on the page client by a check if the page is null.
(WebCore::FrameView::pagination): Don't call Page::pagination on a null
page here.
(WebCore::FrameView::visibleContentScaleFactor): Use a scale factor of 1
if the page is null.
(WebCore::FrameView::setVisibleScrollerThumbRect): Don't call through to
the page client if the page is null.
(WebCore::FrameView::scrollbarStyleChanged): Ditto.
(WebCore::FrameView::setScrollPinningBehavior): Check the page for null
before asking it for the scrolling coordinator.

4:14 AM Changeset in webkit [182705] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r182370 - URI encoding/escaping should use efficient string building instead of calling snprintf().
<https://webkit.org/b/143426>

Reviewed by Gavin Barraclough.

I saw 0.5% of main thread time in snprintf() on <http://polymerlabs.github.io/benchmarks/>
which seemed pretty silly. This change gets that down to nothing in favor of using our
existing JSStringBuilder and HexNumber.h facilities.

These APIs are well-exercised by our existing test suite.

  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::encode):
(JSC::globalFuncEscape):

3:49 AM Changeset in webkit [182704] by svillar@igalia.com
  • 4 edits
    2 adds in trunk

[CSS Grid Layout] Support marking/unmarking tracks as infinitely growable
https://bugs.webkit.org/show_bug.cgi?id=141431

Reviewed by Darin Adler.

Source/WebCore:

As explained here
http://lists.w3.org/Archives/Public/www-style/2014Mar/0512.html we
sometimes need to consider that some tracks are infinitely
growable even when they are really not, in order to produce more
"natural" results.

For example the following case:

grid-template-columns: auto auto;
item 1 in column 1 with min-content = max-content = 10px;
item 2 in columns 1-2 with min-content = 30, max-content = 100px;

will produce (45px, 55px) without this patch. But considering the
second column as infinitely growable the result is (10px, 90px), a
more "natural" result because column 1 just needs to be 10px to
accommodate item 1. From now on we can flag GridTracks so that
they can infinitely grow even when the growth limit is finite.

Apart from that distributeSpaceToTracks() is now unconditionally
called even though the extra space is 0. That's because it
computes the plannedSize value.

Test: fast/css-grid-layout/mark-as-infinitely-growable.html

  • rendering/RenderGrid.cpp:

(WebCore::GridTrack::infiniteGrowthPotential):
(WebCore::GridTrack::infinitelyGrowable):
(WebCore::GridTrack::setInfinitelyGrowable):
(WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
(WebCore::RenderGrid::trackSizeForTrackSizeComputationPhase): Updated with new phase.
(WebCore::RenderGrid::shouldProcessTrackForTrackSizeComputationPhase): Ditto.
(WebCore::RenderGrid::trackShouldGrowBeyondGrowthLimitsForTrackSizeComputationPhase): Ditto.
(WebCore::RenderGrid::updateTrackSizeForTrackSizeComputationPhase): Ditto.
(WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase): Ditto.
(WebCore::RenderGrid::markAsInfinitelyGrowableForTrackSizeComputationPhase):
New helper method which does the mark/unmark just for growth limits.
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
(WebCore::sortByGridTrackGrowthPotential): Use
infiniteGrowthPotential() for sorting.
(WebCore::RenderGrid::distributeSpaceToTracks):

  • rendering/RenderGrid.h:

LayoutTests:

New test that to check that tracks whose growth limit changes from
infinite to finite when evaluating "intrinsic maximums" are marked
as infinitely growable for the "max-content maximums" step.

  • fast/css-grid-layout/mark-as-infinitely-growable-expected.txt: Added.
  • fast/css-grid-layout/mark-as-infinitely-growable.html: Added.
3:41 AM Changeset in webkit [182703] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r182285 - Make checkURLReceivedFromWebProcess not rely on details of platform URL implementation.
https://bugs.webkit.org/show_bug.cgi?id=143222
rdar://problem/19978997

Reviewed by Sam Weinig.

  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::checkURLReceivedFromWebProcess):

3:34 AM Changeset in webkit [182702] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182235 - Lots of time spent querying table cell borders, when there are none.
https://bugs.webkit.org/show_bug.cgi?id=143277

Reviewed by Simon Fraser.

This patch speeds up collapsed border queries by using existing collapsed border
cache to calculate repaint rects and by introducing a fast path for zero width collapsed borders.

It reduces the number of calls to recompute collapsed borders from 36 000 to 1 600, while loading a page with a table of 400 rows (1 cell per row).
When scrolling the same page all the way down to the bottom, the number of calls to recompute collapsed borders falls from 290 000 to 0.

Covered by existing tests.

  • rendering/RenderTable.cpp:

(WebCore::RenderTable::styleDidChange): This moves invalidation time from RenderTable::layout() to styleDidChange().
(WebCore::RenderTable::invalidateCollapsedBorders):
(WebCore::RenderTable::recalcCollapsedBorders):

  • rendering/RenderTable.h:

(WebCore::RenderTable::collapsedBordersAreValid):
(WebCore::RenderTable::invalidateCollapsedBorders): Deleted.

  • rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::RenderTableCell):
(WebCore::RenderTableCell::willBeRemovedFromTree): Invalidate caches so that when repaint rect is calculated, we don't end up using stale values.
(WebCore::RenderTableCell::styleDidChange): Same as willBeRemovedFromTree.
(WebCore::RenderTableCell::collapsedStartBorder): Check if collapsed border is zero -also query cache.
(WebCore::RenderTableCell::collapsedEndBorder):
(WebCore::RenderTableCell::collapsedBeforeBorder):
(WebCore::RenderTableCell::collapsedAfterBorder):
(WebCore::RenderTableCell::cachedCollapsedLeftBorder):
(WebCore::RenderTableCell::cachedCollapsedRightBorder):
(WebCore::RenderTableCell::cachedCollapsedTopBorder):
(WebCore::RenderTableCell::cachedCollapsedBottomBorder):
(WebCore::RenderTableCell::paintCollapsedBorders):
(WebCore::RenderTableCell::cellAtLeft): Deleted.
(WebCore::RenderTableCell::cellAtRight): Deleted.
(WebCore::RenderTableCell::cellAtTop): Deleted.
(WebCore::RenderTableCell::cellAtBottom): Deleted.

  • rendering/RenderTableCell.h:

(WebCore::RenderTableCell::invalidateHasEmptyCollapsedBorders):

  • rendering/RenderTableCol.cpp:

(WebCore::RenderTableCol::styleDidChange):

  • rendering/RenderTableRow.cpp:

(WebCore::RenderTableRow::styleDidChange):
(WebCore::RenderTableRow::addChild):

  • rendering/RenderTableSection.cpp:

(WebCore::RenderTableSection::styleDidChange):
(WebCore::RenderTableSection::clearCachedCollapsedBorders): This is just an extra safety to invalidate collapsed border cache. This is always
called together with RenderTable::invalidateCollapsedBorders() -and that should prevent the RenderCells to use the cache.
(WebCore::RenderTableSection::removeCachedCollapsedBorders):
(WebCore::RenderTableSection::setCachedCollapsedBorder):
(WebCore::RenderTableSection::cachedCollapsedBorder):

  • rendering/RenderTableSection.h:
3:29 AM Changeset in webkit [182701] by Carlos Garcia Campos
  • 10 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r180241 - Minor RenderTable* class cleanups.
https://bugs.webkit.org/show_bug.cgi?id=141707

Reviewed by Andreas Kling.

Use in-class initializer where possible.
Remove redundant code.
Move multiline implementations out of class declaration.

No change in functionality.

  • rendering/RenderTableCaption.cpp:

(WebCore::RenderTableCaption::insertedIntoTree):
(WebCore::RenderTableCaption::willBeRemovedFromTree):
(WebCore::RenderTableCaption::containingBlockLogicalWidthForContent): Deleted.

  • rendering/RenderTableCaption.h:
  • rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::RenderTableCell):

  • rendering/RenderTableCell.h:

(WebCore::RenderTableCell::colSpan):
(WebCore::RenderTableCell::rowSpan):
(WebCore::RenderTableCell::setCol):
(WebCore::RenderTableCell::col):
(WebCore::RenderTableCell::section):
(WebCore::RenderTableCell::table):
(WebCore::RenderTableCell::rowIndex):
(WebCore::RenderTableCell::styleOrColLogicalWidth):
(WebCore::RenderTableCell::logicalHeightForRowSizing):
(WebCore::RenderTableCell::isBaselineAligned):
(WebCore::RenderTableCell::borderAdjoiningTableStart):
(WebCore::RenderTableCell::borderAdjoiningTableEnd):
(WebCore::RenderTableCell::borderAdjoiningCellBefore):
(WebCore::RenderTableCell::borderAdjoiningCellAfter):

  • rendering/RenderTableCol.cpp:

(WebCore::RenderTableCol::RenderTableCol):

  • rendering/RenderTableCol.h:

(WebCore::RenderTableCol::enclosingColumnGroupIfAdjacentBefore):
(WebCore::RenderTableCol::enclosingColumnGroupIfAdjacentAfter):

  • rendering/RenderTableRow.h:

(WebCore::RenderTableRow::setRowIndex):
(WebCore::RenderTableRow::rowIndex):
(WebCore::RenderTableRow::borderAdjoiningTableStart):
(WebCore::RenderTableRow::borderAdjoiningTableEnd):
(WebCore::RenderTableRow::table):
(WebCore::RenderTableSection::firstRow):
(WebCore::RenderTableSection::lastRow):

  • rendering/RenderTableSection.cpp:

(WebCore::RenderTableSection::RenderTableSection):
(WebCore::RenderTableSection::dirtiedRows):
(WebCore::RenderTableSection::dirtiedColumns):
(WebCore::RenderTableSection::paintObject):
(WebCore::RenderTableSection::nodeAtPoint):

  • rendering/RenderTableSection.h:

(WebCore::CellSpan::CellSpan):
(WebCore::RenderTableSection::borderAdjoiningTableStart):
(WebCore::RenderTableSection::borderAdjoiningTableEnd):
(WebCore::RenderTableSection::cellAt):
(WebCore::RenderTableSection::primaryCellAt):
(WebCore::RenderTableSection::rowRendererAt):
(WebCore::RenderTableSection::outerBorderLeft):
(WebCore::RenderTableSection::outerBorderRight):
(WebCore::RenderTableSection::outerBorderTop):
(WebCore::RenderTableSection::outerBorderBottom):
(WebCore::RenderTableSection::numRows):
(WebCore::RenderTableSection::recalcCellsIfNeeded):
(WebCore::RenderTableSection::rowBaseline):
(WebCore::RenderTableSection::fullTableRowSpan):
(WebCore::CellSpan::start): Deleted.
(WebCore::CellSpan::end): Deleted.

3:27 AM Changeset in webkit [182700] by Csaba Osztrogonác
  • 5 edits in trunk/LayoutTests

[EFL] Unreviewed gardening, update platform specifix expected files after r181889.

  • platform/efl/css3/selectors3/xhtml/css3-modsel-15c-expected.txt:
  • platform/efl/css3/selectors3/xml/css3-modsel-15c-expected.txt:
  • platform/efl/plugins/npruntime/object-from-destroyed-plugin-expected.txt:
  • platform/efl/plugins/npruntime/object-from-destroyed-plugin-in-subframe-expected.txt:
3:21 AM Changeset in webkit [182699] by Csaba Osztrogonác
  • 1 edit
    1 add in trunk/LayoutTests

[EFL] Rebaseline accessibility/aria-toggle-button-with-title.html
https://bugs.webkit.org/show_bug.cgi?id=143229

Unreviewed gardening after r182012.

  • platform/efl/accessibility/aria-toggle-button-with-title-expected.txt: Added.
3:20 AM Changeset in webkit [182698] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182232 - [CMake][GTK] Use the right variable to include the Wayland headers.
https://bugs.webkit.org/show_bug.cgi?id=143304

Reviewed by Carlos Garcia Campos.

No new tests, no behavior changes.

  • PlatformGTK.cmake: Use the right variable WAYLAND_INCLUDE_DIRS.
3:17 AM Changeset in webkit [182697] by Csaba Osztrogonác
  • 2 edits in trunk/LayoutTests

[EFL] accessibility/plugin.html fails
https://bugs.webkit.org/show_bug.cgi?id=143663

Unreviewed gardening, mark accessibility/plugin.html as failing test.

  • platform/efl/TestExpectations:
3:13 AM Changeset in webkit [182696] by Carlos Garcia Campos
  • 8 edits
    7 adds in releases/WebKitGTK/webkit-2.8

Merge r182197 - border-image with 'fill' keyword does not fill the middle area unless the border width is greater than zero.
https://bugs.webkit.org/show_bug.cgi?id=142650.

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-03-31
Reviewed by Simon Fraser.

Source/WebCore:

The decoration of a RenderBox, a RenderTable or an InlineFlowBox should be
drawn if its RenderStyle has a non-zero width border or the border-image
has the keyword fill.

Tests: fast/borders/border-image-fill-inline-no-border.html

fast/borders/border-image-fill-no-border.html

  • rendering/InlineFlowBox.cpp:

(WebCore::InlineFlowBox::paintBoxDecorations):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::paintBoxDecorations):

  • rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::hasBoxDecorationStyle):

  • rendering/RenderTable.cpp:

(WebCore::RenderTable::paintBoxDecorations):

  • rendering/style/BorderData.h:

(WebCore::BorderData::hasFill):

  • rendering/style/RenderStyle.h:

LayoutTests:

Add tests to ensure the middle area of a RenderBox is going to be drawn
even if the border width is not greater than zero.

  • fast/borders/border-image-fill-inline-no-border-expected.html: Added.
  • fast/borders/border-image-fill-inline-no-border.html: Added.
  • fast/borders/border-image-fill-no-border-expected.html: Added.
  • fast/borders/border-image-fill-no-border.html: Added.
  • fast/borders/resources/button-border-cropped.svg: Added.
  • fast/borders/resources/button-border.svg: Added.
  • fast/borders/resources/svg-100x100-intrinsic.svg: Added.
3:04 AM Changeset in webkit [182695] by Carlos Garcia Campos
  • 3 edits
    4 adds in releases/WebKitGTK/webkit-2.8

Merge r182191 - REGRESSION (r173484): Reducing content of scrollable region does not reset scroll
position
https://bugs.webkit.org/show_bug.cgi?id=138525
-and corresponding-
rdar://problem/18166043

Reviewed by Simon Fraser.

Source/WebCore:

The change that caused this regression was correct. That change does not allow
RenderLayer to update scroll position after a layout if a rubber-band is currently
happening. The change caused this regression because all of the member variables
in ScrollController that attempt to keep track of the current state of the scroll
gesture (m_inScrollGesture, m_momentumScrollInProgress, and
m_snapRubberbandTimerIsActive) all indicated that a momentum scroll gesture was
still in action for this div even though it very much is not when the bug happens.
Those variables were never properly re-set because the
PlatformWheelEventPhaseEnded events never got dispatched to the ScrollController,
which brought the investigation back to Element.

We must still dispatch events that have zero delta so that the default event
handlers can handle them, but we should stopPropagation() so that these events are
not sent to the DOM. Websites will break if they get wheel events with no delta.

  • dom/Element.cpp:

(WebCore::Element::dispatchWheelEvent):

LayoutTests:

  • platform/mac-wk2/tiled-drawing/scrolling/overflow-scroll-reduced-content-expected.txt: Added.
  • platform/mac-wk2/tiled-drawing/scrolling/overflow-scroll-reduced-content.html: Added.
  • platform/mac-wk2/tiled-drawing/scrolling/overflow-scroll-zero-delta-wheel-events-expected.txt: Added.
  • platform/mac-wk2/tiled-drawing/scrolling/overflow-scroll-zero-delta-wheel-events.html: Added.
3:00 AM Changeset in webkit [182694] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r182176 - Unreviewed. Fix GTK+ build with REDIRECTED_XCOMPOSITE_WINDOW disabled in X11 platform.

Also fix some unused parameter warnings when
REDIRECTED_XCOMPOSITE_WINDOW is disabled.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewRenderAcceleratedCompositingResults):
(resizeWebKitWebViewBaseFromAllocation):

2:53 AM Changeset in webkit [182693] by Carlos Garcia Campos
  • 5 edits
    6 adds in releases/WebKitGTK/webkit-2.8

Merge r182130 - currentColor computes to the same colour on all elements, even if 'color' is inherited differently
https://bugs.webkit.org/show_bug.cgi?id=133420

Reviewed by Darin Adler.

Source/WebCore:

When resolving a style with the help of the property cache, we were
completely ignoring currentColor.

Since you can set currentColor on properties that are not inherited,
those properties would just be copied from the cached style, which
may have a completely different inherited color.

This pacth fixes the issue by preventing any MatchResult from hitting
the cache if it contains any non-inherited property that would require
resolution by the cache:
-Using the inherit value.
-Using the currentColor value.

Tests: fast/css/currentColor-on-before-after-pseudo-elements.html

fast/css/currentColor-style-update-reftest.html
fast/css/currentColor-value-style-update.html

  • css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::addElementStyleProperties):
(WebCore::ElementRuleCollector::matchAuthorRules):
(WebCore::ElementRuleCollector::matchUserRules):
(WebCore::ElementRuleCollector::matchUARules):

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::MatchResult::addMatchedProperties):
(WebCore::StyleResolver::styleForKeyframe):
(WebCore::StyleResolver::pseudoStyleForElement):
(WebCore::StyleResolver::styleForPage):
(WebCore::StyleResolver::findFromMatchedPropertiesCache):
(WebCore::StyleResolver::addToMatchedPropertiesCache):
(WebCore::extractDirectionAndWritingMode):
(WebCore::StyleResolver::applyMatchedProperties):
(WebCore::StyleResolver::CascadedProperties::addStyleProperties):
(WebCore::StyleResolver::CascadedProperties::addMatches):

  • css/StyleResolver.h:

(WebCore::StyleResolver::MatchResult::matchedProperties):

LayoutTests:

  • fast/css/currentColor-on-before-after-pseudo-elements-expected.html: Added.
  • fast/css/currentColor-on-before-after-pseudo-elements.html: Added.
  • fast/css/currentColor-style-update-reftest-expected.html: Added.
  • fast/css/currentColor-style-update-reftest.html: Added.
  • fast/css/currentColor-value-style-update-expected.txt: Added.
  • fast/css/currentColor-value-style-update.html: Added.
2:51 AM Changeset in webkit [182692] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r182125 - HTMLCollection caches incorrect length if item(0) is called before length on an empty collection
https://bugs.webkit.org/show_bug.cgi?id=143203
Source/WebCore:

rdar://problem/18460462

Reviewed by Antti Koivisto.

Test: fast/dom/htmlcollection-length-after-item-2.html

  • dom/CollectionIndexCache.h:

(CollectionIndexCache::nodeAt): If we hit the end looking for index 0, cache a length
of 0, not a length of 1.

LayoutTests:

Reviewed by Antti Koivisto.

  • fast/dom/htmlcollection-length-after-item-2-expected.txt: Added.
  • fast/dom/htmlcollection-length-after-item-2.html: Added.
2:46 AM Changeset in webkit [182691] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182116 - Optimize RenderLayer::intersectsDamageRect() slightly
https://bugs.webkit.org/show_bug.cgi?id=143186

Reviewed by Zalan Bujtas.

We can early return from RenderLayer::intersectsDamageRect() if the
damageRect is empty, since nothing will intersect with the empty rect.

Slight performance gain when scrolling overflow-scroll with lots of nested,
clipping layers.

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects):

2:45 AM Changeset in webkit [182690] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r182098 - load8Signed() and load16Signed() should be renamed to avoid confusion
https://bugs.webkit.org/show_bug.cgi?id=143168

Reviewed by Benjamin Poulain.

Renamed load8Signed() to load8SignedExtendTo32() and load16Signed() to load16SignedExtendTo32().

  • assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::load8SignedExtendTo32):
(JSC::MacroAssemblerARM::load16SignedExtendTo32):
(JSC::MacroAssemblerARM::load8Signed): Deleted.
(JSC::MacroAssemblerARM::load16Signed): Deleted.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::load16SignedExtendTo32):
(JSC::MacroAssemblerARM64::load8SignedExtendTo32):
(JSC::MacroAssemblerARM64::load16Signed): Deleted.
(JSC::MacroAssemblerARM64::load8Signed): Deleted.

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::load16SignedExtendTo32):
(JSC::MacroAssemblerARMv7::load8SignedExtendTo32):
(JSC::MacroAssemblerARMv7::load16Signed): Deleted.
(JSC::MacroAssemblerARMv7::load8Signed): Deleted.

  • assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::load8SignedExtendTo32):
(JSC::MacroAssemblerMIPS::load16SignedExtendTo32):
(JSC::MacroAssemblerMIPS::load8Signed): Deleted.
(JSC::MacroAssemblerMIPS::load16Signed): Deleted.

  • assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::load8SignedExtendTo32):
(JSC::MacroAssemblerSH4::load8):
(JSC::MacroAssemblerSH4::load16SignedExtendTo32):
(JSC::MacroAssemblerSH4::load16):
(JSC::MacroAssemblerSH4::load8Signed): Deleted.
(JSC::MacroAssemblerSH4::load16Signed): Deleted.

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::load8SignedExtendTo32):
(JSC::MacroAssemblerX86Common::load16SignedExtendTo32):
(JSC::MacroAssemblerX86Common::load8Signed): Deleted.
(JSC::MacroAssemblerX86Common::load16Signed): Deleted.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::emitIntTypedArrayGetByVal):

2:09 AM Changeset in webkit [182689] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8

Merge r182091 - Fix flakey dfg-int8array.js and dfg-int16array.js tests for ARM64
https://bugs.webkit.org/show_bug.cgi?id=138390

Reviewed by Mark Lam.

Source/JavaScriptCore:

Changed load8Signed() and load16Signed() to only sign extend the loaded value to 32 bits
instead of 64 bits. This is what X86-64 does.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::load16Signed):
(JSC::MacroAssemblerARM64::load8Signed):

LayoutTests:

Reenabled the tests for ARM64/iOS. Left the tests disabled for ARM64/linux and will let linux
developers test and reenable under existing but https://bugs.webkit.org/show_bug.cgi?id=142629.

  • js/script-tests/dfg-int16array.js:
  • js/script-tests/dfg-int8array.js:
1:58 AM Changeset in webkit [182688] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r182084 - WebProcessProxy should not retain WebBackForwardListItems forever.
<https://webkit.org/b/143152>
<rdar://problem/19925709>

Reviewed by Anders Carlsson.

Have WebProcessProxy actually forget about a WebBackForwardListItem after it's removed from
the WebBackForwardList.

This ensures that we don't accumulate too many of these objects, which can get quite large
due to the session state encoded in them.

We already have graceful handling of the case where an incoming IPC message references
a removed back/forward list item.

  • UIProcess/WebBackForwardList.cpp:

(WebKit::WebBackForwardList::didRemoveItem):

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::backForwardRemovedItem):

  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::removeBackForwardItem):

  • UIProcess/WebProcessProxy.h:
1:46 AM Changeset in webkit [182687] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge 182069 - HTMLMediaElement will fire 'seeked' before seek completes, leading to currentTime discontinuities.
https://bugs.webkit.org/show_bug.cgi?id=143132

Reviewed by Eric Carlson.

When seeking, if the ready state rises to >= HAVE_CURRENT_DATA, we will fire the 'seeked'
event and continue playback. However, if a media engine updates the ready state before its
seek operation actually completes, the currentTime it returns may still be the time before
the seek.

Wait until both the ready state rises to HAVE_CURRENT_DATA and m_player->seeking() returns
false before firing the 'seeked' event.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::parseAttribute):

1:45 AM Changeset in webkit [182686] by Carlos Garcia Campos
  • 28 edits in releases/WebKitGTK/webkit-2.8/Source

Merge r182068 - Make some more objects use FastMalloc
https://bugs.webkit.org/show_bug.cgi?id=143122

Reviewed by Csaba Osztrogonác.

Source/JavaScriptCore:

  • API/JSCallbackObject.h:
  • heap/IncrementalSweeper.h:
  • jit/JITThunks.h:
  • runtime/JSGlobalObjectDebuggable.h:
  • runtime/RegExpCache.h:

Source/WebCore:

  • Modules/geolocation/GeolocationController.h:
  • Modules/geolocation/NavigatorGeolocation.h:
  • Modules/indexeddb/DOMWindowIndexedDatabase.h:
  • Modules/notifications/NotificationController.h:
  • Modules/webdatabase/DatabaseServer.h:
  • css/CSSFontFaceSource.h:
  • html/HTMLMediaSession.h:
  • inspector/InspectorIndexedDBAgent.h:
  • inspector/InspectorReplayAgent.h:
  • page/CaptionUserPreferencesMediaAF.h:
  • page/PageConsoleClient.h:
  • page/PageDebuggable.h:
  • page/animation/CSSPropertyAnimation.cpp:
  • page/mac/ServicesOverlayController.h:
  • platform/RemoteCommandListener.h:
  • platform/Timer.h:
  • platform/audio/MediaSessionManager.h:
  • platform/mac/SystemSleepListenerMac.h:
  • platform/mac/ThemeMac.h:
  • rendering/svg/RenderSVGResourceSolidColor.h:
  • replay/ReplayController.h:
1:15 AM Changeset in webkit [182685] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.8

Merge r182067 - FEMorphology::platformApplyGeneric() should bail out if the radius is less than or equal to zero.
https://bugs.webkit.org/show_bug.cgi?id=142885.

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-03-27
Reviewed by Dean Jackson.

Source/WebCore:

FEMorphology class implementation code clean up.

Tests: svg/filters/feMorphology-radius-cases.svg

  • platform/graphics/filters/FEMorphology.cpp:

(WebCore::shouldSupersedeExtremum): Reuse code instead of repeating it and
use < and > instead of =< and >=.

(WebCore::pixelArrayIndex): Returns the array index of a pixel in an image
buffer, given: position(x, y), image width and the color channel.

(WebCore::columnExtremum): Returns the extremum of a column of pixels.

(WebCore::kernelExtremum): Returns the extremum of a filter kernel.

(WebCore::FEMorphology::platformApplyGeneric): Apply some code clean-up.
The kernel size should be equal to radius of the filter. The extra pixel
was causing the resulted image to be asymmetric in some cases.

(WebCore::FEMorphology::platformApplyDegenerate):
(WebCore::FEMorphology::platformApplySoftware): After applying scaling, we
still need to check the resulted radius is negative (overflow case) or less
than one (zero radius case) and treat these cases differently.

(WebCore::FEMorphology::morphologyOperator): Deleted.
(WebCore::FEMorphology::radiusX): Deleted.
(WebCore::FEMorphology::radiusY): Deleted.

  • platform/graphics/filters/FEMorphology.h:

(WebCore::FEMorphology::morphologyOperator):
(WebCore::FEMorphology::radiusX):
(WebCore::FEMorphology::radiusY):
Move a single line functions from the source file to the header file.

LayoutTests:

  • svg/filters/feMorphology-radius-cases-expected.svg: Added.
  • svg/filters/feMorphology-radius-cases.svg: Added.

Test different cases for radius of the feMorphology filter. There are three
cases for the radius:

  1. radius < 0: This is an error case, the source image should not be rendered.
  2. radius = 0: This case is treated as if the filter never exists.
  3. radius > 0: If the scaled radius is > 0, the filter is applied.
1:12 AM Changeset in webkit [182684] by Carlos Garcia Campos
  • 3 edits
    3 adds in releases/WebKitGTK/webkit-2.8

Merge r182058 - Objects with numeric properties intermittently get a phantom 'length' property
https://bugs.webkit.org/show_bug.cgi?id=142792

Reviewed by Csaba Osztrogonác.

Source/JavaScriptCore:

Fixed a > (greater than) that should be a >> (right shift) in the code that disassembles
test and branch instructions. This function is used for linking tbz/tbnz branches between
two seperately JIT'ed sections of code. Sometime we'd create a bogus tbz instruction in
the failure case checks in the GetById array length stub created for "obj.length" access.
If the failure case code address was at a negative offset from the stub, we'd look for bit 1
being set when we should have been looking for bit 0.

  • assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::disassembleTestAndBranchImmediate):

LayoutTests:

New regression test.

  • js/regress-142792-expected.txt: Added.
  • js/regress-142792.html: Added.
  • js/script-tests/regress-142792.js: Added.

(isArrayLike):
(filter):

1:02 AM Changeset in webkit [182683] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebCore

Merge r182015 - Crash when laying out (char)0
https://bugs.webkit.org/show_bug.cgi?id=143103

Reviewed by Dean Jackson.

We currently cache a character -> Font mapping in a HashMap.
However, keys in Hashmaps can't be 0. This patch simply skips
the cache in this case.

No new tests, for now. I'm having trouble creating a test because
the site that causes this bug generates their page using script,
and the script is all minified, and difficult to understand. I
will contact the owner of the site and ask for and unminified
version of their sources. However, I don't want to that to block
this tiny fix from going in.

  • platform/graphics/Font.cpp:

(WebCore::Font::systemFallbackFontForCharacter):

12:59 AM Changeset in webkit [182682] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r182005 - Avoid the Vector<> copy in WebTouchEvent constructor
https://bugs.webkit.org/show_bug.cgi?id=143043

Reviewed by Carlos Garcia Campos.

Have the WebTouchEvent accept a Vector<> rvalue.
The relevant code is updated so the Vector<> object is moved
through the call chain and finally into the WebTouchEvent constructor.

  • Shared/NativeWebTouchEvent.h:
  • Shared/WebEvent.h:
  • Shared/WebTouchEvent.cpp:

(WebKit::WebTouchEvent::WebTouchEvent):

  • Shared/efl/WebEventFactory.cpp:

(WebKit::WebEventFactory::createWebTouchEvent):

  • Shared/gtk/NativeWebTouchEventGtk.cpp:

(WebKit::NativeWebTouchEvent::NativeWebTouchEvent):

  • Shared/gtk/WebEventFactory.cpp:

(WebKit::WebEventFactory::createWebTouchEvent):

  • Shared/gtk/WebEventFactory.h:
  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseTouchEvent):

12:54 AM Changeset in webkit [182681] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.8/Source/WebKit2

Merge r181991 - [WK2] WebFrameLoaderClient::dispatchDecidePolicyForResponse() should always call the FramePolicyFunction
https://bugs.webkit.org/show_bug.cgi?id=143036
<rdar://problem/20252438>
<rdar://problem/13811738>

Reviewed by Alexey Proskuryakov.

WebFrameLoaderClient::dispatchDecidePolicyForResponse() should always
call the FramePolicyFunction. Previously, it would fail to do in 2
cases:

  • m_frame->page() returns null

or

  • webPage->sendSync() returns false

If the FramePolicyFunction is not called, we will fail to clear the
callback in the PolicyChecker and
DocumentLoader::continueAfterContentPolicy() will not be called.

DocumentLoader::continueAfterContentPolicy() is in charge of resetting
m_waitingForContentPolicy flag to false. This could therefore explain
the following assertion being hit in DocumentLoader::detachFromFrame()
(see <rdar://problem/20252438>):
RELEASE_ASSERT(!m_waitingForContentPolicy)

Also, as the PolicyChecker callback is not cleared, it could make it
possible for DocumentLoader::continueAfterContentPolicy() to be called
*after* the load is finished, when later canceling the PolicyCallback:
FrameLoader::stopAllLoaders()

-> PolicyChecker::stopCheck()

-> PolicyCallback::cancel()

-> DocumentLoader::continueAfterContentPolicy(PolicyIgnore)

Calling continueAfterContentPolicy(PolicyIgnore) after the load is
finished would be bad and could explain some of the crashes we've seen
in DocumentLoader::continueAfterContentPolicy() ->
DocumentLoader:: stopLoadingForPolicyChange() (see
<rdar://problem/13811738>).

This patch also applies the same fix to
dispatchDecidePolicyForNewWindowAction() and
dispatchDecidePolicyForNavigationAction() as they use the same pattern.

  • WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNewWindowAction):
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):

12:46 AM Changeset in webkit [182680] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.8/Source/JavaScriptCore

Merge r181981 - REGRESSION(169139): LLINT intermittently fails JSC testapi tests.
<https://webkit.org/b/135719>

Reviewed by Geoffrey Garen.

This is a regression introduced in http://trac.webkit.org/changeset/169139 which
changed VM::watchdog from an embedded field into a std::unique_ptr, but did not
update the LLINT to access it as such.

The issue has only manifested so far on the CLoop tests because those are LLINT
only. In the non-CLoop cases, the JIT kicks in and does the right thing, thereby
hiding the bug in the LLINT.

  • API/JSContextRef.cpp:

(createWatchdogIfNeeded):
(JSContextGroupSetExecutionTimeLimit):
(JSContextGroupClearExecutionTimeLimit):

  • llint/LowLevelInterpreter.asm:
12:11 AM Changeset in webkit [182679] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.8

Merge r181925 - Scripts running in isolated world should not subject to a page's CSP about 'eval'.
https://bugs.webkit.org/show_bug.cgi?id=141316.

Patch by Zhuo Li <zachli@apple.com> on 2015-03-24
Reviewed by Geoffrey Garen.

Source/WebCore:

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::initScript):
We should not impose the main world Content Security Policy onto the isolated world.

LayoutTests:

I added a new Content Security Policy directive, "script-src", so that we do not
allow 'unsafe-eval' in the main world.

Also I have to copy the whole function instead of using eval because
eval is subject to the main world Content Security Policy now.

  • http/tests/security/isolatedWorld/bypass-main-world-csp-expected.txt:
  • http/tests/security/isolatedWorld/bypass-main-world-csp.html:
Note: See TracTimeline for information about the timeline view.