Context Navigation

← Previous Period
Next Period →

Timeline

Sep 22, 2015:

11:43 PM Changeset in webkit [190154] by mark.lam@apple.com

2 edits in trunk/Source/JavaScriptCore

Gardening: speculative non-JIT build fix after r189999.

Not reviewed.

bytecode/ValueRecovery.h:

(JSC::ValueRecovery::jsValueRegs):

6:42 PM Changeset in webkit [190153] by rniwa@webkit.org

7 edits
2 adds in trunk

Event fired on a detached node does not bubble up
https://bugs.webkit.org/show_bug.cgi?id=149488

Reviewed by Antti Koivisto.

LayoutTests/imported/w3c:

Rebaselined a test now that one more test case passes.

web-platform-tests/dom/events/EventTarget-dispatchEvent-expected.txt:

Source/WebCore:

The bug was caused by an explicit check inside EventPath to match an old Firefox behavior (see r19897).
Since Firefox's behavior has changed to match DOM4: https://dom.spec.whatwg.org/#concept-event-dispatch

Fixed the bug by removing the check. The new behavior matches DO4 and behaviors of Firefox and Chrome.

Test: fast/events/event-propagation-in-detached-tree.html

dom/EventDispatcher.cpp:

(WebCore::EventPath::EventPath):

LayoutTests:

Added a regression test. Also modified and rebaselined mouseout-dead-node.html added in r19897
since our new behavior matches that of the latest Firefox as well as Chrome.

fast/events/event-propagation-in-detached-tree-expected.txt: Added.
fast/events/event-propagation-in-detached-tree.html: Added.
fast/events/mouseout-dead-node-expected.txt:
fast/events/mouseout-dead-node.html:

6:37 PM Changeset in webkit [190152] by Gyuyoung Kim

6 edits in trunk

Add a file of pointer-lock to cmake ports
https://bugs.webkit.org/show_bug.cgi?id=149453

Reviewed by Csaba Osztrogonác.

Source/cmake/OptionsEfl.cmake: Add a ENABLE_POINTER_LOCK.

Source/WebCore:

Some cmake ports will be able to enable POINTER_LOCK. To support it,
this patch adds PointerLockController.cpp, and fix a build break in WK2.

CMakeLists.txt:

Source/WebKit2:

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::navigateToPDFLinkWithSimulatedClick): Fix a build break.

6:35 PM Changeset in webkit [190151] by fpizlo@apple.com

18 edits
2 deletes in trunk/Source/JavaScriptCore

GCThreadSharedData is just a bad way of saying Heap
https://bugs.webkit.org/show_bug.cgi?id=149435

Reviewed by Mark Lam.

This removes the GCThreadSharedData class and moves its members into Heap. This is a net
simplification since GCThreadSharedData had a 1-to-1 mapping to Heap and the two classes had a
vast contract with a lot of interdependencies. Heap would call a lot of GCThreadSharedData
methods; now a lot of those are inlined since they were only called from the one place in Heap.
This makes it a lot easier to see what is going on. For example, you no longer have to look at
code in two places (Heap and GCThreadSharedData) to figure out the timing and synchronization
of GC phases - all of that code is in Heap now.

This also removes weird indirections in other places. It used to be that a lot of GC helper
classes woud have a pointer to GCThreadSharedData, and then would use that to get to Heap, VM,
and the visitors. Now these helpers just point to Heap.

I think that GCThreadSharedData was only useful for defining the set of things that we need to
know to collect garbage. That's how we decided if something would go into GCThreadSharedData
instead of Heap. But I think that separating things into multiple classes usually makes the
code less hackable, so there should be a very high bar for doing this in a way that produces a
1-to-1 mapping between two classes - where one instance of one of the classes is always paired
with exactly one instance of the other class and vice-versa.

CMakeLists.txt:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
heap/CopiedSpace.h:
heap/CopyVisitor.cpp:

(JSC::CopyVisitor::CopyVisitor):
(JSC::CopyVisitor::copyFromShared):

heap/CopyVisitor.h:
heap/CopyVisitorInlines.h:

(JSC::CopyVisitor::allocateNewSpaceSlow):
(JSC::CopyVisitor::startCopying):
(JSC::CopyVisitor::doneCopying):
(JSC::CopyVisitor::didCopy):

heap/GCThread.cpp:

(JSC::GCThread::GCThread):
(JSC::GCThread::waitForNextPhase):
(JSC::GCThread::gcThreadMain):

heap/GCThread.h:
heap/GCThreadSharedData.cpp: Removed.
heap/GCThreadSharedData.h: Removed.
heap/Heap.cpp:

(JSC::Heap::Heap):
(JSC::Heap::~Heap):
(JSC::Heap::isPagedOut):
(JSC::Heap::markRoots):
(JSC::Heap::copyBackingStores):
(JSC::Heap::updateObjectCounts):
(JSC::Heap::resetVisitors):
(JSC::Heap::objectCount):
(JSC::Heap::sweepNextLogicallyEmptyWeakBlock):
(JSC::Heap::threadVisitCount):
(JSC::Heap::threadBytesVisited):
(JSC::Heap::threadBytesCopied):
(JSC::Heap::startNextPhase):
(JSC::Heap::endCurrentPhase):

heap/Heap.h:
heap/HeapInlines.h:

(JSC::Heap::unregisterWeakGCMap):
(JSC::Heap::getNextBlocksToCopy):

heap/ListableHandler.h:
heap/SlotVisitor.cpp:

(JSC::SlotVisitor::SlotVisitor):
(JSC::SlotVisitor::didStartMarking):
(JSC::SlotVisitor::reset):
(JSC::SlotVisitor::donateKnownParallel):
(JSC::SlotVisitor::drain):
(JSC::SlotVisitor::drainFromShared):
(JSC::SlotVisitor::mergeOpaqueRoots):
(JSC::SlotVisitor::harvestWeakReferences):
(JSC::SlotVisitor::finalizeUnconditionalFinalizers):

heap/SlotVisitor.h:

(JSC::SlotVisitor::markStack):
(JSC::SlotVisitor::isEmpty):
(JSC::SlotVisitor::sharedData): Deleted.

heap/SlotVisitorInlines.h:

(JSC::SlotVisitor::addWeakReferenceHarvester):
(JSC::SlotVisitor::addUnconditionalFinalizer):
(JSC::SlotVisitor::addOpaqueRoot):
(JSC::SlotVisitor::containsOpaqueRoot):
(JSC::SlotVisitor::containsOpaqueRootTriState):
(JSC::SlotVisitor::opaqueRootCount):
(JSC::SlotVisitor::mergeOpaqueRootsIfNecessary):
(JSC::SlotVisitor::copyLater):
(JSC::SlotVisitor::heap):
(JSC::SlotVisitor::vm):

6:35 PM Changeset in webkit [190150] by Alan Bujtas

2 edits in trunk/LayoutTests

Mark http/tests/notifications/events.html flaky again (crash/timeout this time).

Unreviewed.

TestExpectations:

6:29 PM Changeset in webkit [190149] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: The right sidebar always opens up on breakpoint
https://bugs.webkit.org/show_bug.cgi?id=149261

Patch by Devin Rousso <Devin Rousso> on 2015-09-22
Reviewed by Timothy Hatcher.

Whenever the debugger was paused, the sidebar was being forced to open.
This has been removed in favor of letting the user decide.

UserInterface/Base/Main.js:

(WebInspector._debuggerDidPause):

6:13 PM Changeset in webkit [190148] by matthew_hanson@apple.com

5 edits in branches/safari-601-branch/Source

Versioning.

6:11 PM Changeset in webkit [190147] by matthew_hanson@apple.com

1 copy in tags/Safari-601.2.6

New Tag.

5:39 PM Changeset in webkit [190146] by sbarati@apple.com

9 edits
1 add in trunk

Web Inspector: [ES6] Improve Type Profiler Support for Arrow Functions
https://bugs.webkit.org/show_bug.cgi?id=143171

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

We now need to take into account TypeProfilerSearchDescriptor when
hashing results for type profiler queries. Before, we've gotten
away with not doing this because before we would never have a text
collision between a return type text offset and a normal expression text
offset. But, with arrow functions, we will have collisions when
the arrow function doesn't have parens around its single parameter.
I.e: "param => { ... };"

runtime/TypeProfiler.cpp:

(JSC::TypeProfiler::findLocation):

runtime/TypeProfiler.h:

(JSC::QueryKey::QueryKey):
(JSC::QueryKey::isHashTableDeletedValue):
(JSC::QueryKey::operator==):
(JSC::QueryKey::hash):

tests/typeProfiler/arrow-functions.js: Added.

Source/WebInspectorUI:

Esprima and JSC both support arrow functions. We just
need to support it in our AST and do the right things
to include support in the type profiler bits.

UserInterface/Controllers/TypeTokenAnnotator.js:

(WebInspector.TypeTokenAnnotator.prototype._insertTypeToken):
(WebInspector.TypeTokenAnnotator.prototype._translateToOffsetAfterFunctionParameterList.isLineTerminator):
(WebInspector.TypeTokenAnnotator.prototype._translateToOffsetAfterFunctionParameterList):

UserInterface/Models/ScriptSyntaxTree.js:

(WebInspector.ScriptSyntaxTree.prototype.containsNonEmptyReturnStatement.removeFunctionsFilter):
(WebInspector.ScriptSyntaxTree.prototype.containsNonEmptyReturnStatement):
(WebInspector.ScriptSyntaxTree.functionReturnDivot):
(WebInspector.ScriptSyntaxTree.prototype._recurse):
(WebInspector.ScriptSyntaxTree.prototype._createInternalSyntaxTree):
(WebInspector.ScriptSyntaxTree):

LayoutTests:

inspector/model/parse-script-syntax-tree-expected.txt:
inspector/model/parse-script-syntax-tree.html:

5:33 PM Changeset in webkit [190145] by Chris Dumez

2 edits in trunk/Source/WebCore

Drop unnecessary ancestor traversal in Range::selectNode()
https://bugs.webkit.org/show_bug.cgi?id=149482

Reviewed by Ryosuke Niwa.

Drop unnecessary ancestor traversal in Range::selectNode(). It traversed
the ancestors to throw a INVALID_NODE_TYPE_ERR if one of them was a
DocumentType Node. However, it is impossible for a DocumentType Node to
have children.

dom/Range.cpp:

(WebCore::Range::selectNode):

5:27 PM Changeset in webkit [190144] by Sukolsak Sakshuwong

1 edit in trunk/Source/JavaScriptCore/wasm/WASMFunctionSyntaxChecker.h

Unreviewed, fix argument types in WASMFunctionSyntaxChecker.h.

wasm/WASMFunctionSyntaxChecker.h:

4:51 PM Changeset in webkit [190143] by bweinstein@apple.com

2 edits in trunk/Source/WebCore

Error message in ContentExtensionError.cpp shouldn't have two spaces between sentences.
https://bugs.webkit.org/show_bug.cgi?id=149479

Reviewed by Andy Estes.

contentextensions/ContentExtensionError.cpp:

(WebCore::ContentExtensions::contentExtensionErrorCategory):

4:49 PM Changeset in webkit [190142] by matthew_hanson@apple.com

3 edits in branches/safari-601-branch/Source/WebCore

Merge r189200. rdar://problem/22803080

4:32 PM Changeset in webkit [190141] by andersca@apple.com

3 edits in trunk/Source/WebKit2

URL of page visited in private browsing still appears in Activity Monitor after page is closed
https://bugs.webkit.org/show_bug.cgi?id=149475
rdar://problem/22684521

Reviewed by Dan Bernstein.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::close):
Make sure to call updateActivePages after removing the page from the page map.

WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::updateActivePages):
Don't include pages that have private browsing enabled.

4:28 PM Changeset in webkit [190140] by matthew_hanson@apple.com

3 edits in branches/safari-601.1-branch/Source/WebCore

Rollout r189200. rdar://problem/22803080

4:14 PM Changeset in webkit [190139] by Chris Dumez

4 edits in trunk

Range.surroundContents() should check for partially contained non-Text nodes first
https://bugs.webkit.org/show_bug.cgi?id=149476

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline existing W3C DOM test now that more checks are passing.

web-platform-tests/dom/ranges/Range-surroundContents-expected.txt:

Source/WebCore:

Range.surroundContents() should check for partially contained non-Text
nodes first, before checking the type of the newParent parameter:

https://dom.spec.whatwg.org/#dom-range-surroundcontents (step 1 and 2)

Firefox and Chrome follow the specification.

No new tests, already covered by existing test.

dom/Range.cpp:

(WebCore::Range::surroundContents):

4:06 PM Changeset in webkit [190138] by Chris Dumez

19 edits in trunk

Unreviewed, rolling out r190134.
https://bugs.webkit.org/show_bug.cgi?id=149481

"Seems to cause crashes during garbage collection" (Requested
by cdumez on #webkit).

Reverted changeset:

"HTMLOutputElement.htmlFor should be settable"
https://bugs.webkit.org/show_bug.cgi?id=149418
http://trac.webkit.org/changeset/190134

Patch by Commit Queue <commit-queue@webkit.org> on 2015-09-22

3:35 PM Changeset in webkit [190137] by matthew_hanson@apple.com

3 edits in branches/safari-601.1-branch/Source/WebCore

Merge r189200. rdar://problem/22803080

3:27 PM Changeset in webkit [190136] by Chris Dumez

4 edits in trunk

Range.intersectsNode() does not behave according to the specification when start / end are equal
https://bugs.webkit.org/show_bug.cgi?id=148774
<rdar://problem/22571418>

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline W3C Range test now that another check is passing.

web-platform-tests/dom/ranges/Range-intersectsNode-expected.txt:

Source/WebCore:

Range.intersectsNode() does not behave according to the specification
when start / end are equal:
https://dom.spec.whatwg.org/#dom-range-intersectsnode

The specification says:
"If (parent, offset) is before end and (parent, offset + 1) is after
start, return true."

However, the way we were detecting "is before end" and "is after start"
was flawed in the case where start / end were equal. This is because when
comparePoint() return 0, then it means that the node/offset is not only
equal to start but also equal to end. As such, it is not "after start"
/ "before end".

No new tests, already covered by existing.

dom/Range.cpp:

(WebCore::Range::intersectsNode):
(WebCore::highestAncestorUnderCommonRoot): Deleted.

2:39 PM Changeset in webkit [190135] by Alan Bujtas

2 edits in trunk/LayoutTests

Mark http/tests/notifications/events.html flaky.
https://bugs.webkit.org/show_bug.cgi?id=149218

Unreviewed.

TestExpectations:

2:24 PM Changeset in webkit [190134] by Chris Dumez

19 edits in trunk

HTMLOutputElement.htmlFor should be settable
https://bugs.webkit.org/show_bug.cgi?id=149418

Reviewed by Darin Adler.

Source/WebCore:

HTMLOutputElement.htmlFor should be settable as per the latest HTML
specification:

https://html.spec.whatwg.org/multipage/forms.html#the-output-element

It is supposed to call DOMSettableTokenList.setValue() with the input
String. This patch adds support for this by adding [PutForwards=value]
IDL extended attribute.

This aligns our behavior with the specification, Firefox and Chrome.

No new tests, already covered by existing test.

accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::classList):

dom/Element.cpp:

(WebCore::Element::classList):

dom/ElementRareData.h:

(WebCore::ElementRareData::setClassList):

html/AttributeDOMTokenList.h:
html/DOMSettableTokenList.h:
html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::relList):

html/HTMLAnchorElement.h:
html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::relList):

html/HTMLLinkElement.h:
html/HTMLOutputElement.cpp:

(WebCore::HTMLOutputElement::HTMLOutputElement):
(WebCore::HTMLOutputElement::parseAttribute):
(WebCore::HTMLOutputElement::childrenChanged): Deleted.

html/HTMLOutputElement.h:
html/HTMLOutputElement.idl:

LayoutTests:

Update existing layout test now that HTMLOutputElement.htmlFor is
settable.

fast/dom/HTMLOutputElement/dom-settable-token-list-expected.txt:
fast/dom/HTMLOutputElement/script-tests/dom-settable-token-list.js:

2:11 PM Changeset in webkit [190133] by aestes@apple.com

2 edits in trunk/Tools

ContentFiltering.AllowDownloadAfterAddData is very flaky
https://bugs.webkit.org/show_bug.cgi?id=148885
<rdar://problem/22729563>

Reviewed by Alexey Proskuryakov.

The AllowDownload* tests were relying on -_downloadDidStart: being called before -webView:didFinishNavigation:,
but there is no guarantee of this. For tests that should allow a download, spin the runloop until
-_downloadDidStart: is called. The test will now timeout on failure, but will no longer produce false failures.

TestWebKitAPI/Tests/WebKit2Cocoa/ContentFiltering.mm:

(downloadTest):

2:08 PM Changeset in webkit [190132] by timothy_horton@apple.com

5 edits in trunk/LayoutTests

Demystify why a few text tests depend on threaded scrolling being disabled

fast/text/combining-character-sequence-vertical.html:
fast/text/descent-clip-in-scaled-page-expected.html:
fast/text/descent-clip-in-scaled-page.html:
fast/text/vertical-quotation-marks.html:

1:41 PM Changeset in webkit [190131] by fpizlo@apple.com

13 edits in trunk/Source

Get rid of ENABLE(PARALLEL_GC)
https://bugs.webkit.org/show_bug.cgi?id=149436

Reviewed by Mark Lam.

We always enable parallel GC everywhere but Windows, and it doesn't look like it was disabled
there for any good reason. So, get rid of the flag.

Source/JavaScriptCore:

The only effect of this change is that parallel GC will now be enabled on Windows, provided
that the CPU detection finds more than one.

heap/GCThread.cpp:

(JSC::GCThread::gcThreadMain):

heap/GCThreadSharedData.cpp:

(JSC::GCThreadSharedData::resetChildren):
(JSC::GCThreadSharedData::childBytesCopied):
(JSC::GCThreadSharedData::GCThreadSharedData):
(JSC::GCThreadSharedData::~GCThreadSharedData):
(JSC::GCThreadSharedData::reset):
(JSC::GCThreadSharedData::didStartMarking):

heap/Heap.cpp:

(JSC::Heap::converge):
(JSC::Heap::visitWeakHandles):
(JSC::Heap::updateObjectCounts):
(JSC::Heap::resetVisitors):

heap/MarkedBlock.h:
heap/SlotVisitor.cpp:

(JSC::SlotVisitor::didStartMarking):
(JSC::SlotVisitor::reset):
(JSC::SlotVisitor::drain):
(JSC::SlotVisitor::drainFromShared):
(JSC::SlotVisitor::mergeOpaqueRoots):
(JSC::JSString::tryHashConsLock):
(JSC::JSString::releaseHashConsLock):

heap/SlotVisitorInlines.h:

(JSC::SlotVisitor::addOpaqueRoot):
(JSC::SlotVisitor::containsOpaqueRoot):
(JSC::SlotVisitor::containsOpaqueRootTriState):
(JSC::SlotVisitor::opaqueRootCount):
(JSC::SlotVisitor::mergeOpaqueRootsIfNecessary):

runtime/Options.cpp:

(JSC::computeNumberOfGCMarkers):

Source/WTF:

wtf/MainThread.cpp:

(WTF::canAccessThreadLocalDataForThread):
(WTF::initializeGCThreads):
(WTF::registerGCThread):
(WTF::isMainThreadOrGCThread):

wtf/Platform.h:

1:11 PM Changeset in webkit [190130] by Sukolsak Sakshuwong

9 edits in trunk/Source/JavaScriptCore

Implement min and max instructions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149454

Reviewed by Geoffrey Garen.

This patch implements min and max instructions in WebAssembly.

tests/stress/wasm-arithmetic-float64.js:
tests/stress/wasm-arithmetic-int32.js:
tests/stress/wasm/arithmetic-float64.wasm:
tests/stress/wasm/arithmetic-int32.wasm:
wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::buildMinOrMaxI32):
(JSC::WASMFunctionCompiler::buildMinOrMaxF64):

wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseMinOrMaxExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseMinOrMaxExpressionF64):

wasm/WASMFunctionParser.h:
wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildMinOrMaxI32):
(JSC::WASMFunctionSyntaxChecker::buildMinOrMaxF64):

1:01 PM Changeset in webkit [190129] by fpizlo@apple.com

23 edits in trunk/Source

Get rid of ENABLE(GGC)
https://bugs.webkit.org/show_bug.cgi?id=149472

Reviewed by Mark Hahnenberg and Mark Lam.

Source/JavaScriptCore:

Getting rid of this feature flag allows us to remove a lot of yuck.

bytecode/CodeBlock.h:

(JSC::CodeBlockSet::mark):
(JSC::ScriptExecutable::forEachCodeBlock):

bytecode/PolymorphicAccess.cpp:

(JSC::AccessCase::generate):

dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::osrWriteBarrier):
(JSC::DFG::adjustAndJumpToTarget):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::linkBranches):
(JSC::DFG::SpeculativeJIT::compileStoreBarrier):
(JSC::DFG::SpeculativeJIT::writeBarrier):

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::masqueradesAsUndefinedWatchpointIsStillValid):
(JSC::DFG::SpeculativeJIT::selectScratchGPR):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::writeBarrier):
(JSC::DFG::SpeculativeJIT::moveTrueTo):

dfg/DFGSpeculativeJIT64.cpp:

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::emitStoreBarrier):

heap/CodeBlockSet.cpp:

(JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
(JSC::CodeBlockSet::dump):

heap/Heap.cpp:

(JSC::Heap::Heap):
(JSC::Heap::markRoots):
(JSC::Heap::clearRememberedSet):
(JSC::Heap::updateObjectCounts):
(JSC::Heap::flushWriteBarrierBuffer):
(JSC::Heap::shouldDoFullCollection):
(JSC::Heap::addLogicallyEmptyWeakBlock):

heap/HeapInlines.h:

(JSC::Heap::isWriteBarrierEnabled):
(JSC::Heap::writeBarrier):
(JSC::Heap::reportExtraMemoryAllocated):
(JSC::Heap::reportExtraMemoryVisited):

heap/MarkedBlock.cpp:

(JSC::MarkedBlock::clearMarks):

heap/MarkedSpace.cpp:

(JSC::MarkedSpace::resetAllocators):
(JSC::MarkedSpace::visitWeakSets):

heap/MarkedSpace.h:

(JSC::MarkedSpace::didAllocateInBlock):
(JSC::MarkedSpace::objectCount):

jit/JITPropertyAccess.cpp:

(JSC::JIT::emitWriteBarrier):
(JSC::JIT::emitIdentifierCheck):
(JSC::JIT::privateCompilePutByVal):

llint/LLIntOfflineAsmConfig.h:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:

Source/WebCore:

No new tests because no new behavior.

bindings/js/JSDOMWindowBase.cpp:

(WebCore::JSDOMWindowBase::commonVM):

Source/WTF:

wtf/Platform.h:

12:33 PM Changeset in webkit [190128] by sbarati@apple.com

3 edits in trunk/Source/JavaScriptCore

the toInt32 operation inside DFGSpeculativeJIT.cpp can't throw so we shouldn't emit an exceptionCheck after it.
https://bugs.webkit.org/show_bug.cgi?id=149467

Reviewed by Mark Lam.

The callOperation for toInt32 won't store a call site index in the call frame.
Therefore, if this is the first callOperation in the current compilation,
and we emit an exception check inside a try block, we will hit an assertion
saying that we must have DFGCommonData::codeOrigins.size() be > 0 inside
DFGCommonData::lastCallSite(). Therefore, it is imperative that we don't
emit exception checks for callOperations that don't throw exceptions and
don't store a call site index in the call frame.

dfg/DFGCommonData.cpp:

(JSC::DFG::CommonData::lastCallSite):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileValueToInt32):
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):

12:28 PM Changeset in webkit [190127] by ap@apple.com

4 edits in trunk/Tools

Mavericks: Media tests start to time out after a few days of bot uptime
https://bugs.webkit.org/show_bug.cgi?id=149468

Reviewed by Chris Dumez.

Scripts/webkitpy/port/base.py:
Scripts/webkitpy/port/driver.py:
Scripts/webkitpy/port/mac.py:

12:15 PM Changeset in webkit [190126] by clopez@igalia.com

2 edits in trunk

[CMake] Allow to enable OpenMP support.
https://bugs.webkit.org/show_bug.cgi?id=149457

Reviewed by Csaba Osztrogonác.

Source/cmake/OptionsCommon.cmake: Add the option USE_OPENMP that

will enable the support for OpenMP. Currently this is only used as
an alternative implementation to native threads for the parallelization
of the SVG filters. But name the option with a generic name (USE_OPENMP)
as it could be also used to enable future features that depend on OpenMP.

11:46 AM Changeset in webkit [190125] by Sukolsak Sakshuwong

5 edits in trunk/Source/JavaScriptCore

Implement the conditional instruction in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149451

Reviewed by Geoffrey Garen.

This patch implements the conditional (ternary) instruction in WebAssembly.
This is basically "condition ? exp1 : exp2" in JavaScript.

The use of context.discard() in WASMFunctionParser::parseConditional()
is not ideal. We don't discard anything. We just use it to decrement the
stack top in the WebAssembly baseline JIT. When we optimize the JIT by
storing results directly into the destination like the JavaScript
baseline JIT, the code will look like this:

ContextExpression temp = context.newTemporary();
ContextExpression condition = parseExpressionI32(context);
context.jumpToTargetIf(Context::JumpCondition::Zero, condition, elseTarget);

parseExpression(context, temp, expressionType);
context.jumpToTarget(end);

context.linkTarget(elseTarget);
parseExpression(context, temp, expressionType);
context.linkTarget(end);

return temp;

which looks cleaner than using discard().

tests/stress/wasm-control-flow.js:
tests/stress/wasm/control-flow.wasm:
wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseConditional):

wasm/WASMFunctionParser.h:

11:45 AM Changeset in webkit [190124] by timothy_horton@apple.com

31 edits in trunk/Source

Make it more obvious when using an unaccelerated image buffer, and fix a few callers who do
https://bugs.webkit.org/show_bug.cgi?id=149428

Reviewed by Simon Fraser and Darin Adler.

platform/graphics/ImageBuffer.cpp:

(WebCore::ImageBuffer::createCompatibleBuffer):

platform/graphics/ImageBuffer.h:

(WebCore::ImageBuffer::create):
Make the RenderingMode parameter to ImageBuffer::create non-optional.

platform/graphics/GraphicsContext.h:

(WebCore::GraphicsContext::renderingMode):

platform/graphics/GraphicsTypes.h:

Add renderingMode() getter so that every caller doesn't need to do the conversion to RenderingMode.

css/CSSFilterImageValue.cpp:

(WebCore::CSSFilterImageValue::image):

html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::LRUImageBufferCache::imageBuffer):

rendering/shapes/Shape.cpp:

(WebCore::Shape::createRasterShape):

html/shadow/MediaControlElements.cpp:

(WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage):

platform/graphics/cg/ImageBufferCG.cpp:

(WebCore::ImageBuffer::putByteArray):
These five callers create unconditionally unaccelerated ImageBuffers which
should probably instead respect the acceleration bit from the context
that the ImageBuffer will eventually be painted into. Bugs have been filed.

html/HTMLCanvasElement.cpp:

(WebCore::HTMLCanvasElement::createImageBuffer):

html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::createCompositingBuffer):

platform/graphics/CrossfadeGeneratedImage.cpp:

(WebCore::CrossfadeGeneratedImage::drawPattern):
Adjust the argument order and remove defaults which are passed explicitly.

page/FrameSnapshotting.cpp:

(WebCore::snapshotFrameRect):
Snapshots are (currently) meant to be taken without accelerated drawing.
Make this explicit.

platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::drawPattern):
Make use of createCompatibleBuffer. This caller was previously creating
an unconditionally unaccelerated context!

platform/graphics/NamedImageGeneratedImage.cpp:

(WebCore::NamedImageGeneratedImage::drawPattern):
Remove a comment.

platform/graphics/ShadowBlur.cpp:

(WebCore::ScratchBuffer::getScratchBuffer):
ShadowBlur is only used with unaccelerated contexts, so it's OK to hardcode Unaccelerated here.

platform/graphics/filters/FilterEffect.cpp:

(WebCore::FilterEffect::asImageBuffer):
(WebCore::FilterEffect::createImageBufferResult):
Flip the order of the arguments.

(WebCore::FilterEffect::openCLImageToImageBuffer):
This caller was previously creating an unaccelerated buffer; instead, match the destination buffer.

rendering/FilterEffectRenderer.cpp:

(WebCore::FilterEffectRenderer::allocateBackingStoreIfNeeded):
Adjust the argument order and remove defaults which are passed explicitly.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects):
Get rid of the unneeded renderingMode local, and factor out retrieval of Frame.

rendering/svg/RenderSVGResourceClipper.cpp:

(WebCore::RenderSVGResourceClipper::applyClippingToContext):

rendering/svg/RenderSVGResourceMasker.cpp:

(WebCore::RenderSVGResourceMasker::applyResource):
These two callers are unconditionally creating unaccelerated buffers,
and changing this to match the destination context seems to actually
break things. This needs further investigation.

rendering/svg/RenderSVGResourceGradient.cpp:

(WebCore::createMaskAndSwapContextForTextGradient):
This caller was previously creating an unaccelerated buffer; instead, match the destination buffer.

rendering/svg/RenderSVGResourcePattern.cpp:

(WebCore::RenderSVGResourcePattern::buildPattern):
Make use of renderingMode().

rendering/svg/SVGRenderingContext.cpp:

(WebCore::SVGRenderingContext::createImageBuffer):
Adjust the argument order.

svg/graphics/SVGImage.cpp:

(WebCore::SVGImage::nativeImageForCurrentFrame):

WebCoreSupport/WebContextMenuClient.mm:

(WebContextMenuClient::imageForCurrentSharingServicePickerItem):

Shared/CoordinatedGraphics/threadedcompositor/ThreadSafeCoordinatedSurface.cpp:

(WebKit::ThreadSafeCoordinatedSurface::create):

11:27 AM Changeset in webkit [190123] by Chris Dumez

3 edits
2 adds in trunk

XMLHttpRequest properties should be on the prototype
https://bugs.webkit.org/show_bug.cgi?id=149465

Reviewed by Darin Adler.

Source/WebCore:

Move most XMLHttpRequest properties to the prototype, as per the Web IDL
specification. This should be web-compatible now that properties on the
prototype are configurable after r190104.

The 'response' / 'responseText' properties are still incorrectly on the
instance because they are currently using a [CustomGetter] in our IDL
and the bindings generator currently does not move such properties to
the prototype.

Test:
fast/xmlhttprequest/xmlhttprequest-properties-prototype.html
js/dom/xhr-prototype-define-property.html

bindings/scripts/CodeGeneratorJS.pm:

(InterfaceRequiresAttributesOnInstanceForCompatibility): Deleted.

LayoutTests:

Add layout test to check that XMLHttpRequest properties are on the
prototype and have the right properties (enumerable and configurable).

fast/xmlhttprequest/xmlhttprequest-properties-prototype-expected.txt: Added.
fast/xmlhttprequest/xmlhttprequest-properties-prototype.html: Added.

10:54 AM Changeset in webkit [190122] by n_wang@apple.com

2 edits in trunk/Tools

Unreviewed, add myself to the committers list.

Scripts/webkitpy/common/config/contributors.json:

10:48 AM Changeset in webkit [190121] by akling@apple.com

2 edits in trunk/Source/WebKit2

[WK2][NetworkCache] New entry bodies remain in dirty memory after being written to disk.
<https://webkit.org/b/149463>

Reviewed by Antti Koivisto.

Call msync(MS_ASYNC) on cache entry bodies after writing their data to a
memory-mapped file. This turns the previously dirty memory into clean memory,
reducing our effective footprint.

I previously believed this would happen automatically when the kernel finds
itself under memory pressure, around the same time as it starts dropping
volatile pages. Turns out that's not the case. Even under considerable pressure,
we never flush this memory to file. So let's take care of it ourselves.

If this ends up generating more IO activity than we're comfortable with on some
scenario, we can look at throttling.

NetworkProcess/cache/NetworkCacheData.cpp:

(WebKit::NetworkCache::Data::mapToFile):

10:17 AM Changeset in webkit [190120] by Chris Dumez

72 edits
134 deletes in trunk

Drop support for legacy EntityReference DOM Node type
https://bugs.webkit.org/show_bug.cgi?id=149348

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline W3C DOM test now that more checks are passing.

web-platform-tests/dom/historical-expected.txt:

Source/WebCore:

Drop support for legacy EntityReference DOM Node type.

EntityReference has been dropped from the DOM specification:

https://dom.spec.whatwg.org/#dom-core-changes

EntityReference is not supported in Firefox:

Chrome dropped support for EntityReference a while back (May 2013):

EntityReference: https://code.google.com/p/chromium/issues/detail?id=226628
NodeFilter / TreeWalker.expandEntityReferences:
- https://groups.google.com/a/chromium.org/d/msg/blink-dev/-ZO3eja4maA/86T13XJwQpUJ
- https://src.chromium.org/viewvc/blink?view=rev&revision=185771

IE also dropped support for EntityReference Nodes:
https://msdn.microsoft.com/library/ff974819(v=vs.85).aspx (Remarks section)

No new tests, already covered by existing test.

DerivedSources.cpp:
WebCore.vcxproj/WebCore.vcxproj:
WebCore.vcxproj/WebCore.vcxproj.filters:
WebCore.xcodeproj/project.pbxproj:
bindings/gobject/WebKitDOMPrivate.cpp:

(WebKit::wrap): Deleted.

bindings/js/JSNodeCustom.cpp:

(WebCore::createWrapperInline): Deleted.

bindings/objc/DOM.mm:

(kitClass): Deleted.

bindings/scripts/CodeGeneratorGObject.pm:

(SkipFunction): Skip webkit_dom_document_create_entity_reference until Carlos fixes it.

dom/Attr.cpp:

(WebCore::Attr::childTypeAllowed):
(WebCore::Attr::childrenChanged): Deleted.

dom/Attr.h:
dom/ContainerNode.cpp:

(WebCore::checkAcceptChild): Deleted.
(WebCore::checkAcceptChildGuaranteedNodeTypes): Deleted.
(WebCore::ContainerNode::removeChild): Deleted.

dom/Document.cpp:

(WebCore::Document::createEntityReference):
(WebCore::Document::createNodeIterator):
(WebCore::Document::createTreeWalker):
(WebCore::Document::createEditingTextNode): Deleted.
(WebCore::Document::importNode): Deleted.
(WebCore::Document::adoptNode): Deleted.
(WebCore::Document::scheduleForcedStyleRecalc): Deleted.
(WebCore::Document::scheduleStyleRecalc): Deleted.
(WebCore::Document::childTypeAllowed): Deleted.
(WebCore::Document::canAcceptChild): Deleted.

dom/Document.h:
dom/Document.idl:
dom/DocumentFragment.cpp:

(WebCore::DocumentFragment::childTypeAllowed): Deleted.

dom/Element.cpp:

(WebCore::Element::childTypeAllowed): Deleted.

dom/EntityReference.cpp:

(WebCore::EntityReference::EntityReference):

dom/EntityReference.h:
dom/EntityReference.idl:
dom/Node.cpp:

(WebCore::Node::setNodeValue):
(WebCore::Node::dumpStatistics): Deleted.
(WebCore::Node::childNodes): Deleted.
(WebCore::Node::lastDescendant): Deleted.
(WebCore::Node::isDescendantOf): Deleted.
(WebCore::Node::textContent): Deleted.
(WebCore::Node::ancestorElement): Deleted.
(WebCore::hashPointer): Deleted.

dom/Node.h:

(WebCore::Node::isDocumentTypeNode): Deleted.

dom/NodeIterator.cpp:

(WebCore::NodeIterator::NodeIterator):

dom/NodeIterator.h:

(WebCore::NodeIterator::create):

dom/NodeIterator.idl:
dom/Range.cpp:

(WebCore::Range::checkDeleteExtract):
(WebCore::lengthOfContentsInNode): Deleted.
(WebCore::Range::processContentsBetweenOffsets): Deleted.
(WebCore::Range::insertNode): Deleted.
(WebCore::Range::checkNodeWOffset): Deleted.
(WebCore::Range::checkNodeBA): Deleted.
(WebCore::Range::cloneRange): Deleted.
(WebCore::Range::selectNode): Deleted.
(WebCore::Range::selectNodeContents): Deleted.
(WebCore::Range::surroundContents): Deleted.
(WebCore::Range::shadowRoot): Deleted.
(WebCore::Range::pastLastNode): Deleted.
(WebCore::Range::absoluteBoundingBox): Deleted.
(WebCore::Range::absoluteTextRects): Deleted.

dom/Range.h:
dom/ShadowRoot.cpp:

(WebCore::ShadowRoot::childTypeAllowed): Deleted.

dom/Traversal.cpp:

(WebCore::NodeIteratorBase::NodeIteratorBase):
(WebCore::NodeIteratorBase::acceptNode): Deleted.

dom/Traversal.h:

(WebCore::NodeIteratorBase::expandEntityReferences):

dom/TreeWalker.cpp:

(WebCore::TreeWalker::TreeWalker):

dom/TreeWalker.h:

(WebCore::TreeWalker::create):

dom/TreeWalker.idl:
editing/MarkupAccumulator.cpp:

(WebCore::MarkupAccumulator::appendStartMarkup): Deleted.

xml/XPathUtil.cpp:

(WebCore::XPath::isValidContextNode): Deleted.

Source/WebKit2:

Drop handling EntityReference Nodes.

WebProcess/InjectedBundle/API/mac/WKDOMInternals.mm:

(WebKit::WKDOMNodeClass): Deleted.

WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::isAssistableElement):

LayoutTests:

Drop several outdated DOM compliance tests. Update / Rebaseline others.

9:49 AM Changeset in webkit [190119] by bshafiei@apple.com

5 edits in branches/safari-601-branch/Source

Versioning.

9:13 AM Changeset in webkit [190118] by Chris Dumez

3 edits in trunk/LayoutTests

Unreviewed, rebaseline several W3C html tests on iOS after r190106 and r190085.

platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:
platform/ios-simulator/imported/w3c/web-platform-tests/html/semantics/interfaces-expected.txt:

9:13 AM Changeset in webkit [190117] by eric.carlson@apple.com

2 edits in trunk/Source/WebCore

Unreviewed 32-bit Yosemite build fix.

platform/mediastream/mac/WebAudioSourceProviderAVFObjC.mm:

(WebCore::WebAudioSourceProviderAVFObjC::provideInput):

9:11 AM Changeset in webkit [190116] by Chris Dumez

4 edits in trunk/LayoutTests

Unreviewed, rebaseline fast/table/rowindex.html after r190099.

platform/efl/fast/table/rowindex-expected.txt:
platform/gtk/fast/table/rowindex-expected.txt:
platform/win/fast/table/rowindex-expected.txt:

7:31 AM Changeset in webkit [190115] by eric.carlson@apple.com

19 edits
2 adds in trunk/Source/WebCore

[MediaStream Mac] implement WebAudioSourceProvider
https://bugs.webkit.org/show_bug.cgi?id=149419

Reviewed by Darin Adler.

Modules/mediastream/MediaStreamTrack.cpp:

(WebCore::MediaStreamTrack::audioSourceProvider): New.

Modules/mediastream/MediaStreamTrack.h:

Modules/webaudio/AudioContext.cpp:

(WebCore::AudioContext::createMediaStreamSource): Rewrite.

Modules/webaudio/MediaStreamAudioDestinationNode.cpp:

(WebCore::MediaStreamAudioDestinationNode::MediaStreamAudioDestinationNode): We know the Vector

size, so reserve capacity.

Modules/webaudio/MediaStreamAudioSource.cpp:

(WebCore::MediaStreamAudioSource::audioSourceProvider): Add.

Modules/webaudio/MediaStreamAudioSource.h:

(WebCore::MediaStreamAudioSource::~MediaStreamAudioSource):
(WebCore::MediaStreamAudioSource::deviceId):
(WebCore::MediaStreamAudioSource::setDeviceId):
(WebCore::MediaStreamAudioSource::useIDForTrackID): Deleted.

Modules/webaudio/MediaStreamAudioSourceNode.cpp:

(WebCore::MediaStreamAudioSourceNode::create): Context and track can't be null so take references.
(WebCore::MediaStreamAudioSourceNode::MediaStreamAudioSourceNode): Ditto.
(WebCore::MediaStreamAudioSourceNode::~MediaStreamAudioSourceNode): Clear provider client.
(WebCore::MediaStreamAudioSourceNode::setFormat): Create a resampler when necessary.
(WebCore::MediaStreamAudioSourceNode::process): Process.
(WebCore::MediaStreamAudioSourceNode::reset): Deleted.

Modules/webaudio/MediaStreamAudioSourceNode.h:

(WebCore::MediaStreamAudioSourceNode::mediaStream):
(WebCore::MediaStreamAudioSourceNode::audioSourceProvider): Deleted.

WebCore.xcodeproj/project.pbxproj: Add WebAudioSourceProviderAVFObjC.cpp/h.

platform/mediastream/MediaStreamTrackPrivate.cpp:

(WebCore::MediaStreamTrackPrivate::audioSourceProvider): New, passthrough to source.

platform/mediastream/MediaStreamTrackPrivate.h:
platform/mediastream/RealtimeMediaSource.h:

(WebCore::RealtimeMediaSource::audioSourceProvider):

platform/mediastream/mac/AVAudioCaptureSource.h:
platform/mediastream/mac/AVAudioCaptureSource.mm:

(WebCore::AVAudioCaptureSource::audioSourceProvider): New.

platform/mediastream/mac/AVCaptureDeviceManager.mm:
platform/mediastream/mac/AVMediaCaptureSource.h:
platform/mediastream/mac/AVMediaCaptureSource.mm:

(WebCore::AVMediaCaptureSource::audioSourceProvider): Assert, this shouldn't be reachable.

platform/mediastream/mac/WebAudioSourceProviderAVFObjC.h: Added.
platform/mediastream/mac/WebAudioSourceProviderAVFObjC.mm: Added.

(WebCore::WebAudioSourceProviderAVFObjC::create):
(WebCore::WebAudioSourceProviderAVFObjC::WebAudioSourceProviderAVFObjC):
(WebCore::WebAudioSourceProviderAVFObjC::~WebAudioSourceProviderAVFObjC):
(WebCore::WebAudioSourceProviderAVFObjC::startProducingData):
(WebCore::WebAudioSourceProviderAVFObjC::stopProducingData):
(WebCore::WebAudioSourceProviderAVFObjC::provideInput):
(WebCore::WebAudioSourceProviderAVFObjC::setClient):
(WebCore::operator==):
(WebCore::operator!=):
(WebCore::WebAudioSourceProviderAVFObjC::prepare):
(WebCore::WebAudioSourceProviderAVFObjC::unprepare):
(WebCore::WebAudioSourceProviderAVFObjC::process):

6:59 AM Changeset in webkit [190114] by commit-queue@webkit.org

6 edits in trunk

Source/WebCore:
CurrentTime on mediaController is set as 0 when playback is completed.
https://bugs.webkit.org/show_bug.cgi?id=149154

Patch by sangdeug.kim <sangdeug.kim@samsung.com> on 2015-09-22
Reviewed by Eric Carlson.

Test : media/media-controller-time-clamp.html

html/MediaController.cpp:

(MediaController::setCurrentTime):
(MediaController::updatePlaybackState):

html/MediaController.h:

LayoutTests:
Add test for checking currentTime of mediacontroller when playback is completed.
https://bugs.webkit.org/show_bug.cgi?id=149154

Patch by sangdeug.kim <sangdeug.kim@samsung.com> on 2015-09-22
Reviewed by Eric Carlson.

media/media-controller-time-clamp-expected.txt:
media/media-controller-time-clamp.html:

5:21 AM Changeset in webkit [190113] by commit-queue@webkit.org

74 edits in trunk/Source

Unreviewed, rolling out r189616.
https://bugs.webkit.org/show_bug.cgi?id=149456

suspected cause of multiple regressions (Requested by kling on
#webkit).

Reverted changeset:

"[JSC] Weak should only accept cell pointees."
https://bugs.webkit.org/show_bug.cgi?id=148955
http://trac.webkit.org/changeset/189616

3:06 AM Changeset in webkit [190112] by Csaba Osztrogonác

3 edits in trunk/Source/WebCore

Fix the all-in-one build with GCC
https://bugs.webkit.org/show_bug.cgi?id=148428

Reviewed by Darin Adler.

Removed Source/WebCore/inspector/InspectorIndexedDBAgent.cpp from the all-in-one build.

WebCore.vcxproj/WebCore.vcxproj:
inspector/InspectorAllInOne.cpp:

2:32 AM Changeset in webkit [190111] by Csaba Osztrogonác

2 edits in trunk/Source/WebCore

Fix warnings in IDLParser.pm
https://bugs.webkit.org/show_bug.cgi?id=149406

Reviewed by Alex Christensen.

bindings/scripts/IDLParser.pm:

(typeHasNullableSuffix):
(typeRemoveNullableSuffix):

1:26 AM Changeset in webkit [190110] by sbarati@apple.com

7 edits in trunk

Web Inspector: update Esprima to latest version
https://bugs.webkit.org/show_bug.cgi?id=148960

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

Esprima version 2.6 further supports ES6. We're
updating to it so we can support more ES6 features
in our script syntax tree.

UserInterface/External/Esprima/LICENSE:
UserInterface/External/Esprima/esprima.js:
UserInterface/Models/ScriptSyntaxTree.js:

(WebInspector.ScriptSyntaxTree.prototype._gatherIdentifiersInDeclaration.gatherIdentifiers):
(WebInspector.ScriptSyntaxTree.prototype._gatherIdentifiersInDeclaration):
(WebInspector.ScriptSyntaxTree.prototype._recurse):
(WebInspector.ScriptSyntaxTree.prototype._createInternalSyntaxTree):
(WebInspector.ScriptSyntaxTree):

LayoutTests:

inspector/model/parse-script-syntax-tree-expected.txt:
inspector/model/parse-script-syntax-tree.html:

1:17 AM Changeset in webkit [190109] by rniwa@webkit.org

11 edits in trunk

invalidateSlotAssignments should trigger style recalc
https://bugs.webkit.org/show_bug.cgi?id=149447

Reviewed by Antti Koivisto.

Source/WebCore:

Invalidate the render tree of a shadow host when a new child is inserted, an existing child is removed,
or slot attribute of a child is modified.

No new tests. Covered by existing tests added in r190101.

dom/Element.cpp:

(WebCore::Element::childrenChanged): Call invalidateSlotAssignments or invalidateDefaultSlotAssignments
depending on the types of children being inserted or removed since text nodes can only be assigned into
a default slot.

dom/ShadowRoot.cpp:

(WebCore::ShadowRoot::invalidateSlotAssignments):
(WebCore::ShadowRoot::invalidateDefaultSlotAssignments): Added.

dom/ShadowRoot.h:
dom/SlotAssignment.cpp:

(WebCore::SlotAssignment::invalidate): Reconstruct the render tree for the whole host. We can optimize
in the future by only invalidating active slot elements instead.
(WebCore::SlotAssignment::invalidateDefaultSlot): Added.

dom/SlotAssignment.h:

LayoutTests:

Removed failing expectations from newly passing tests.

Also added test cases for inserting and removing text nodes, and modified the style recalc tests
to force layout between each DOM change to test case separately.

fast/shadow-dom/shadow-layout-after-host-child-changes.html:
fast/shadow-dom/shadow-layout-after-inserting-or-removing-host-child.html:
fast/shadow-dom/shadow-layout-after-slot-changes.html:
platform/mac/TestExpectations:

12:35 AM Changeset in webkit [190108] by sbarati@apple.com

4 edits in trunk/Source/JavaScriptCore

Web Inspector: Basic Block Annotations and Type Profiler annotations wrong for script with "class" with default constructor
https://bugs.webkit.org/show_bug.cgi?id=149248

Reviewed by Mark Lam.

We keep track of which functions have and have not
executed so we can show visually, inside the inspector,
which functions have and have not executed. With a default
constructor, our parser parses code that isn't in the actual
JavaScript source code of the user. Our parser would then
give us a range of starting at "1" to "1 + default constructor length"
as being the text range of a function. But, this would then pollute
actual source code that was at these ranges.

Therefore, we should treat these default constructor source
codes as having "invalid" ranges. We use [UINT_MAX, UINT_MAX]
as the invalid range. This range has the effect of not polluting
valid ranges inside the source code.

bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
(JSC::UnlinkedFunctionExecutable::setInvalidTypeProfilingOffsets):

bytecode/UnlinkedFunctionExecutable.h:
bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitNewDefaultConstructor):

12:29 AM Changeset in webkit [190107] by ryuan.choi@navercorp.com

2 edits in trunk

[EFL] Build break when DEVELOPER_MODE is OFF
https://bugs.webkit.org/show_bug.cgi?id=149448

Reviewed by Gyuyoung Kim.

Since r187191, DatabaseProcessMainUnix is missing in symbol filter.

Source/cmake/eflsymbols.filter:

Sep 21, 2015:

11:25 PM Changeset in webkit [190106] by Chris Dumez

21 edits
3 adds in trunk

time element should use HTMLTimeElement interface
https://bugs.webkit.org/show_bug.cgi?id=148840
<rdar://problem/22586690>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C HTML test now that more checks are passing.

web-platform-tests/html/semantics/text-level-semantics/the-time-element/001-expected.txt:

Source/WebCore:

Time element should be an instance of HTMLTimeElement instead of generic
HTMLElement:
https://html.spec.whatwg.org/multipage/semantics.html#the-time-element

Firefox exposes HTMLTimeElement. This patch aligns our behavior with
the specification and Firefox.

No new tests, already covered by existing test.

CMakeLists.txt:
DerivedSources.cpp:
DerivedSources.make:
WebCore.vcxproj/WebCore.vcxproj:
WebCore.vcxproj/WebCore.vcxproj.filters:
WebCore.xcodeproj/project.pbxproj:
html/HTMLElementsAllInOne.cpp:
html/HTMLTagNames.in:
html/HTMLTimeElement.cpp: Added.

(WebCore::HTMLTimeElement::create):
(WebCore::HTMLTimeElement::HTMLTimeElement):

html/HTMLTimeElement.h: Added.
html/HTMLTimeElement.idl: Added.

LayoutTests:

Rebaseline existing test now that HTMLTimeElement is exposed on the
global Window object.

js/dom/global-constructors-attributes-expected.txt:
platform/efl/js/dom/global-constructors-attributes-expected.txt:
platform/gtk/js/dom/global-constructors-attributes-expected.txt:
platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt:
platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt:
platform/mac/js/dom/global-constructors-attributes-expected.txt:
platform/win/js/dom/global-constructors-attributes-expected.txt:

11:01 PM Changeset in webkit [190105] by Sukolsak Sakshuwong

5 edits
2 adds in trunk/Source/JavaScriptCore

Implement the comma instruction in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149425

Reviewed by Geoffrey Garen.

This patch implements the comma instruction in WebAssembly. The comma
instruction evaluates the left operand and then the right operand and
returns the value of the right operand.

tests/stress/wasm-comma.js: Added.

(shouldBe):

wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::discard):

wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseComma):

wasm/WASMFunctionParser.h:
wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::discard):

10:36 PM Changeset in webkit [190104] by Chris Dumez

11 edits
2 adds in trunk

DOM attributes on prototypes should be configurable
https://bugs.webkit.org/show_bug.cgi?id=134364

Reviewed by Sam Weinig.

Source/WebCore:

DOM attributes on prototypes should be configurable as per the Web IDL
specification:
https://heycam.github.io/webidl/#es-attributes

This patch aligns our behavior with the specification and Firefox.

Test: fast/dom/attributes-configurable.html

bindings/scripts/CodeGeneratorJS.pm:

(GenerateAttributesHashTable):

LayoutTests:

Add a layout test to confirm that attributes on prototypes are configurable.

fast/dom/attributes-configurable-expected.txt: Added.
fast/dom/attributes-configurable.html: Added.

9:34 PM Changeset in webkit [190103] by fpizlo@apple.com

9 edits in trunk/Source

Always use the compiler's CAS implementation and get rid of ENABLE(COMPARE_AND_SWAP)
https://bugs.webkit.org/show_bug.cgi?id=149438

Reviewed by Mark Lam.

Source/JavaScriptCore:

heap/HeapInlines.h:

(JSC::Heap::reportExtraMemoryVisited):
(JSC::Heap::deprecatedReportExtraMemory):

Source/WebCore:

No new tests because no new behavior.

platform/text/TextBreakIterator.cpp:

(WebCore::compareAndSwapNonSharedCharacterBreakIterator):
(WebCore::NonSharedCharacterBreakIterator::NonSharedCharacterBreakIterator):

Source/WTF:

wtf/Atomics.h: Make weakCompareAndSwap() just forward to the system CAS via WTF::Atomic.

(WTF::weakCompareAndSwap):
(WTF::weakCompareAndSwapUIntPtr): Deleted.
(WTF::weakCompareAndSwapSize): Deleted.

wtf/Bitmap.h: Small changes to use the new API.

(WTF::WordType>::concurrentTestAndSet):

wtf/Platform.h: Remove ENABLE(COMPARE_AND_SWAP)

9:27 PM Changeset in webkit [190102] by timothy_horton@apple.com

4 edits in trunk/Source

Allow DataDetectors to pre-filter telephone number menu items
https://bugs.webkit.org/show_bug.cgi?id=149444
<rdar://problem/19286320>

Reviewed by Sam Weinig.

Source/WebCore:

platform/spi/mac/DataDetectorsSPI.h:

Add some SPI.

Source/WebKit2:

Platform/mac/MenuUtilities.mm:

(WebKit::menuItemForTelephoneNumber):
(WebKit::menuForTelephoneNumber):
Let DataDetectors know what kind of items we want, so that they can avoid
some unnecessary work in cases where we were just going to throw away the items anyway.

9:01 PM Changeset in webkit [190101] by rniwa@webkit.org

2 edits
4 copies
4 adds in trunk/LayoutTests

Add some style recalc tests for shadow DOM
https://bugs.webkit.org/show_bug.cgi?id=149445

Reviewed by Antti Koivisto.

Add tests to make sure we trigger necessary style recalc.

fast/shadow-dom/shadow-layout-after-attach-shadow-expected.html: Copied from LayoutTests/fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html.
fast/shadow-dom/shadow-layout-after-attach-shadow.html: Added.
fast/shadow-dom/shadow-layout-after-host-child-changes-expected.html: Copied from LayoutTests/fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html.
fast/shadow-dom/shadow-layout-after-host-child-changes.html: Added.
fast/shadow-dom/shadow-layout-after-inserting-or-removing-host-child-expected.html: Copied from LayoutTests/fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html.
fast/shadow-dom/shadow-layout-after-inserting-or-removing-host-child.html: Added.
fast/shadow-dom/shadow-layout-after-slot-changes-expected.html: Copied from LayoutTests/fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html.
fast/shadow-dom/shadow-layout-after-slot-changes.html: Added.
platform/mac/TestExpectations:

8:06 PM Changeset in webkit [190100] by ap@apple.com

2 edits
2 adds in trunk/LayoutTests

https://bugs.webkit.org/show_bug.cgi?id=149415
REGRESSION (r182648): UIWebView does not set location.hash synchronously
<rdar://problem/22169467>

Reviewed by Darin Adler.

fast/loader/location-hash-user-gesture-expected.txt: Added.
fast/loader/location-hash-user-gesture.html: Added.
platform/ios-simulator-wk2/TestExpectations:

7:57 PM Changeset in webkit [190099] by Chris Dumez

6 edits in trunk

Update HTMLTableRowElement.rowIndex to behave according to the specification
https://bugs.webkit.org/show_bug.cgi?id=148842
<rdar://problem/22586914>

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline W3C HTML test now that one more check is passing.

web-platform-tests/html/semantics/tabular-data/the-tr-element/rowIndex-expected.txt:

Source/WebCore:

Update HTMLTableRowElement.rowIndex to behave according to the
specification:
https://html.spec.whatwg.org/multipage/tables.html#dom-tr-rowindex

In particular, rowIndex no longer returns -1 for <tr> elements that are
direct children of the table Element. Also,<tr> Elements in all <thead> /
<tfoot> children of the table Element now get a rowIndex, as per the
specification:

https://html.spec.whatwg.org/multipage/tables.html#dom-table-rows

Previously, only <tr> elements in the first <thead> and the first <tbody>
children of the table would get a rowIndex.

Also, we now abort early and return -1 if the row is a grand-child of a
table element but its direct parent is not a <thead> / <tbody> / <tfoot>.
This avoid unnecessary traversal and matches the specification.

The code is refactored a bit to leverage HTMLTableElement.rows(), as
per the specification:
"return the index of the tr element in that table element's rows collection"

Previously, we would duplicate the table traversal logic. This
simplifies the code and fixes a bug as the traversal logic was slightly
different here and in HTMLTableRowsCollection. Because of this, only
<tr> elements in the first <thead> / <tfoot> would get a rowIndex.
Performance should be similar.

No new tests, already covered by existing test.

html/HTMLTableRowElement.cpp:

(WebCore::HTMLTableRowElement::rowIndex):
(WebCore::HTMLTableRowElement::sectionRowIndex): Deleted.
(WebCore::HTMLTableRowElement::insertCell): Deleted.

LayoutTests:

Rebaseline existing test because rows in all <thead> / <tfoot> children
of the <table> Element now get a rowIndex.

platform/mac/fast/table/rowindex-expected.txt:

7:26 PM Changeset in webkit [190098] by rniwa@webkit.org

2 edits
8 copies
8 adds in trunk/LayoutTests

Add more rendering tests for shadow DOM
https://bugs.webkit.org/show_bug.cgi?id=149437

Reviewed by Antti Koivisto.

Added various tests for shadow tree rendering as well as tests for :host pseudo class and ::slotted pseudo element.

fast/shadow-dom/css-scoping-shadow-assigned-node-with-before-after-expected.html: Copied from LayoutTests/fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html.
fast/shadow-dom/css-scoping-shadow-assigned-node-with-before-after.html: Added.
fast/shadow-dom/css-scoping-shadow-assigned-node-with-rules-expected.html: Copied from LayoutTests/fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html.
fast/shadow-dom/css-scoping-shadow-assigned-node-with-rules.html: Added.
fast/shadow-dom/css-scoping-shadow-host-functional-rule-expected.html: Copied from LayoutTests/fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html.
fast/shadow-dom/css-scoping-shadow-host-functional-rule.html: Added.
fast/shadow-dom/css-scoping-shadow-host-rule-expected.html: Copied from LayoutTests/fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html.
fast/shadow-dom/css-scoping-shadow-host-rule.html: Added.
fast/shadow-dom/css-scoping-shadow-host-with-before-after-expected.html: Copied from LayoutTests/fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html.
fast/shadow-dom/css-scoping-shadow-host-with-before-after.html: Added.
fast/shadow-dom/css-scoping-shadow-slot-display-override-expected.html: Copied from LayoutTests/fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html.
fast/shadow-dom/css-scoping-shadow-slot-display-override.html: Added.
fast/shadow-dom/css-scoping-shadow-slotted-rule-expected.html: Copied from LayoutTests/fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html.
fast/shadow-dom/css-scoping-shadow-slotted-rule.html: Added.
fast/shadow-dom/css-scoping-shadow-with-outside-rules-expected.html: Copied from LayoutTests/fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html.
fast/shadow-dom/css-scoping-shadow-with-outside-rules.html: Added.
platform/mac/TestExpectations:

6:27 PM Changeset in webkit [190097] by rniwa@webkit.org

3 edits in trunk/Source/WebCore

Fix release builds with security assertion after r190007.

dom/DocumentOrderedMap.cpp:
dom/DocumentOrderedMap.h:

6:21 PM Changeset in webkit [190096] by sbarati@apple.com

2 edits in trunk/Source/JavaScriptCore

functionProtoFuncToString should not rely on typeProfilingEndOffset()
https://bugs.webkit.org/show_bug.cgi?id=149429

Reviewed by Geoffrey Garen.

We should be able to freely change typeProfilingEndOffset()
without worrying we will break Function.prototype.toString.

runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncToString):

5:51 PM Changeset in webkit [190095] by yoon@igalia.com

13 edits in trunk/Source

[Threaded Compositor] Modified to use reference of GraphicsContext instead of pointer
https://bugs.webkit.org/show_bug.cgi?id=149399

Reviewed by Darin Adler.

This fixes build failure after r189144

Source/WebCore:

platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::tiledBackingStorePaint):

platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
platform/graphics/texmap/coordinated/CoordinatedImageBacking.cpp:
platform/graphics/texmap/coordinated/CoordinatedSurface.h:
platform/graphics/texmap/coordinated/Tile.cpp:

(WebCore::Tile::paintToSurfaceContext):

platform/graphics/texmap/coordinated/Tile.h:
platform/graphics/texmap/coordinated/TiledBackingStoreClient.h:
platform/graphics/texmap/coordinated/UpdateAtlas.cpp:

Source/WebKit2:

Shared/CoordinatedGraphics/threadedcompositor/ThreadSafeCoordinatedSurface.cpp:

(WebKit::ThreadSafeCoordinatedSurface::paintToSurface):
(WebKit::ThreadSafeCoordinatedSurface::beginPaint):
(WebKit::ThreadSafeCoordinatedSurface::endPaint):

Shared/CoordinatedGraphics/threadedcompositor/ThreadSafeCoordinatedSurface.h:

5:38 PM Changeset in webkit [190094] by Brent Fulgham

2 edits in trunk/Source/WebKit

[Win] Unreviewed build fix.

WebKit.vcxproj/WebKit/WebKitApple.props: We need to link against

libdispatch on Windows.

5:26 PM Changeset in webkit [190093] by rniwa@webkit.org

5 edits in trunk/Source/WebCore

The binding for getDistributedNodes unnecessarily makes a vector of nodes
https://bugs.webkit.org/show_bug.cgi?id=149434

Reviewed by Darin Adler.

Added a jsArray for const Vector<T*>* so that we can generate the binding code for getDistributedNodes()
without having to create Vector<RefPtr<Node>> out of Vector<Node*>*.

bindings/js/JSDOMBinding.h:

(WebCore::jsArray): Added.

html/HTMLSlotElement.cpp:

(WebCore::HTMLSlotElement::assignedNodes):
(WebCore::HTMLSlotElement::getDistributedNodes): Deleted.

html/HTMLSlotElement.h:
html/HTMLSlotElement.idl:

5:21 PM Changeset in webkit [190092] by ap@apple.com

2 edits in trunk/Source/WebKit/mac

REGRESSION (r182648): UIWebView does not set location.hash synchronously
https://bugs.webkit.org/show_bug.cgi?id=149415
<rdar://problem/22169467>

Reviewed by Darin Adler.

The problem was that the delegate in UI thread became asynchronous due to calling
into LaunchServices.

WebCoreSupport/WebFrameLoaderClient.mm: (shouldTryAppLink): Don't attempt app

links for same domain navigations. This check is part of substantially more complicated
logic in WebKit2 that I don't understand, but that should be enough to demonstrate
that this fix is an improvement at least.

5:07 PM Changeset in webkit [190091] by Brent Fulgham

19 edits in trunk

Source/WebCore:
[Win] Show tiled drawing debug overlay on Windows
https://bugs.webkit.org/show_bug.cgi?id=149426

Reviewed by Dean Jackson.

No new tests: No change in behavior.

platform/graphics/ca/PlatformCALayer.cpp:

(WebCore::PlatformCALayer::drawRepaintIndicator): Revise signature to accept
a scale value and a font size.
(WebCore::PlatformCALayer::drawTextAtPoint): Revise signature for new arguments.

platform/graphics/ca/PlatformCALayer.h:
platform/graphics/ca/TileGrid.cpp:

(WebCore::TileGrid::drawTileMapContents): Removing scaling and text drawing code,
and call common CALayer drawing routine.

platform/graphics/ca/win/CACFLayerTreeHost.cpp:

(WebCore::CACFLayerTreeHost::create): Switch to nullptr.
(WebCore::CACFLayerTreeHost::CACFLayerTreeHost): Switch to C++14 initializers.
(WebCore::CACFLayerTreeHost::setPage): Added.
(WebCore::CACFLayerTreeHost::rootLayer): Update debug info layer if requested by settings.
(WebCore::CACFLayerTreeHost::layerTreeDidChange): Ditto.
(WebCore::CACFLayerTreeHost::mainFrameTiledBacking): Added.
(WebCore::CACFLayerTreeHost::updateDbugInfoLayer): Added.

platform/graphics/ca/win/CACFLayerTreeHost.h:
platform/graphics/ca/win/PlatformCALayerWin.cpp:

(WebCore::PlatformCALayerWin::drawTextAtPoint): Revised signature for new arguments. Use
argument for font size (rather than hard-coded '18'). Adjust font size by passed scale value.

platform/graphics/ca/win/PlatformCALayerWin.h:

Source/WebKit/win:
[Win] Show tiled drawing debug overlay on Windows
https://bugs.webkit.org/show_bug.cgi?id=149426

Reviewed by Dean Jackson.

Interfaces/IWebPreferencesPrivate.idl: Add new IWebPreferencesPrivate3 API version

so we can add new methods this cycle.

WebPreferenceKeysPrivate.h: Add key for 'WebKitShowTiledScrollingIndicator'
WebPreferences.cpp:

(WebPreferences::QueryInterface): Recognize the new IWebPreferencesPrivate3 API.
(WebPreferences::showTiledScrollingIndicator): Added.
(WebPreferences::setShowTiledScrollingIndicator): Ditto.

WebPreferences.h:
WebView.cpp:

(WebView::notifyPreferencesChanged): Update to recognize 'showTiledScrollingIndicator'.
(WebView::setAcceleratedCompositing): Link the CACFLayerTreeHost to the WebCore Page object
so that it can see settings information.

Tools:
Remove 'nullable' to fix older iOS builds.

Patch by Simon Fraser <Simon Fraser> on 2015-09-21

WebKitTestRunner/cocoa/TestRunnerWKWebView.mm:

(-[TestRunnerWKWebView scrollViewDidEndZooming:withView:atScale:]):

5:05 PM Changeset in webkit [190090] by Csaba Osztrogonác

2 edits in trunk/Source/WTF

Remove old GCC cruft from wtf/StdLibExtras.h
https://bugs.webkit.org/show_bug.cgi?id=149401

Reviewed by Alex Christensen.

wtf/StdLibExtras.h:

4:22 PM Changeset in webkit [190089] by aestes@apple.com

2 edits in trunk/Source/WTF

Disable Parental Controls on the Apple TV platform
https://bugs.webkit.org/show_bug.cgi?id=149421

Reviewed by Darin Adler.

wtf/Platform.h:

4:03 PM Changeset in webkit [190088] by commit-queue@webkit.org

4 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r190086.
https://bugs.webkit.org/show_bug.cgi?id=149427

Broke LayoutTests/inspector/model/remote-object.htm (Requested
by saamyjoon on #webkit).

Reverted changeset:

"Web Inspector: Basic Block Annotations and Type Profiler
annotations wrong for script with "class" with default
constructor"
https://bugs.webkit.org/show_bug.cgi?id=149248
http://trac.webkit.org/changeset/190086

3:50 PM Changeset in webkit [190087] by Simon Fraser

2 edits in trunk/Tools

Remove 'nullable' to fix older iOS builds.

WebKitTestRunner/cocoa/TestRunnerWKWebView.mm:

(-[TestRunnerWKWebView scrollViewDidEndZooming:withView:atScale:]):

3:42 PM Changeset in webkit [190086] by sbarati@apple.com

4 edits in trunk/Source/JavaScriptCore

Web Inspector: Basic Block Annotations and Type Profiler annotations wrong for script with "class" with default constructor
https://bugs.webkit.org/show_bug.cgi?id=149248

Reviewed by Mark Lam.

bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
(JSC::UnlinkedFunctionExecutable::setInvalidTypeProfilingOffsets):

bytecode/UnlinkedFunctionExecutable.h:
bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitNewDefaultConstructor):

3:39 PM Changeset in webkit [190085] by Chris Dumez

25 edits
2 adds in trunk

[JS Bindings] prototype.constructor should be writable
https://bugs.webkit.org/show_bug.cgi?id=149412
<rdar://problem/22545096>

Reviewed by Geoffrey Garen.

LayoutTests/imported/w3c:

Rebaseline W3C DOM / HTML tests now that more checks are passing.

web-platform-tests/dom/interfaces-expected.txt:
web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

prototype.constructor should have the following properties:
{ Writable?: true, Enumerable?: false, Configurable?: true }

as per the Web IDL specification:
https://heycam.github.io/webidl/#interface-prototype-object

In WebKit, it is currently not writable. It is writable in Firefox.

Test: fast/events/event-prototype-constructor-properties.html

bindings/scripts/CodeGeneratorJS.pm:

(GenerateAttributesHashTable):

bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
bindings/scripts/test/JS/JSTestEventConstructor.cpp:
bindings/scripts/test/JS/JSTestEventTarget.cpp:
bindings/scripts/test/JS/JSTestException.cpp:
bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
bindings/scripts/test/JS/JSTestInterface.cpp:
bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
bindings/scripts/test/JS/JSTestNode.cpp:
bindings/scripts/test/JS/JSTestNondeterministic.cpp:
bindings/scripts/test/JS/JSTestObj.cpp:
bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
bindings/scripts/test/JS/JSTestTypedefs.cpp:
bindings/scripts/test/JS/JSattribute.cpp:
bindings/scripts/test/JS/JSreadonly.cpp:

LayoutTests:

Add layout test that checks that Event.prototype.constructor has the
expected properties and that it is actually writable.

fast/events/event-prototype-constructor-properties-expected.txt: Added.
fast/events/event-prototype-constructor-properties.html: Added.

3:27 PM Changeset in webkit [190084] by Antti Koivisto

7 edits in trunk

HTMLSlotElement should render its assigned nodes
https://bugs.webkit.org/show_bug.cgi?id=149242

Reviewed by Ryosuke Niwa.

Source/WebCore:

Support rendering the assigned nodes under HTMLSlotElement.

dom/SlotAssignment.cpp:

(WebCore::SlotAssignment::assignSlots):

Move the empty slot finding to the loop as the hash table may mutate.

html/HTMLSlotElement.cpp:

(WebCore::HTMLSlotElement::attributeChanged):
(WebCore::HTMLSlotElement::assignedNodes):
(WebCore::HTMLSlotElement::getDistributedNodes):

html/HTMLSlotElement.h:
style/StyleResolveTree.cpp:

(WebCore::Style::attachBeforeOrAfterPseudoElementIfNeeded):
(WebCore::Style::attachSlot):
(WebCore::Style::attachRenderTree):
(WebCore::Style::detachChildren):
(WebCore::Style::detachShadowRoot):
(WebCore::Style::detachSlot):
(WebCore::Style::detachRenderTree):
(WebCore::Style::resolveChildren):
(WebCore::Style::resolveSlot):
(WebCore::Style::resolveTree):

LayoutTests:

Enable the relevant tests.

platform/mac/TestExpectations:

3:08 PM Changeset in webkit [190083] by bshafiei@apple.com

1 copy in tags/Safari-601.1.46.25

New tag.

3:02 PM Changeset in webkit [190082] by Brent Fulgham

3 edits in trunk/Tools

[Win] Use command-line argument to launch in regular or High DPI mode.
https://bugs.webkit.org/show_bug.cgi?id=149417

Reviewed by Dean Jackson.

MiniBrowser/win/Common.cpp:

(parseCommandLine): Ignore the '--highDPI' argument. It's used at the
very start of execution, before the MiniBrowser.dll is loaded.

win/DLLLauncher/DLLLauncherMain.cpp:

(shouldUseHighDPI): Check for '--highDPI', and use this mode if
present. On WinCairo, always use High DPI.

2:52 PM Changeset in webkit [190081] by achristensen@apple.com

1 edit
1 delete in trunk/LayoutTests

Remove Windows-specific navigator-detached-no-crash-expected.
https://bugs.webkit.org/show_bug.cgi?id=149414

Reviewed by Filip Pizlo.

When we switched to CMake, NAVIGATOR_HWCONCURRENCY got enabled.
There is no reason to disable it, and the expectations match the default expectations now.

platform/win/fast/dom/navigator-detached-no-crash-expected.txt: Removed.

2:20 PM Changeset in webkit [190080] by Sukolsak Sakshuwong

8 edits in trunk/Source/JavaScriptCore

Implement call statements and call expressions of type void in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149411

Reviewed by Mark Lam.

Call instructions in WebAssembly can be both statements and expressions.
This patch implements call statements. It also implements call
expressions of type void. The only place where call expressions of type
void can occur is the left-hand side of the comma (,) operator, which
will be implemented in a subsequent patch. The comma operator requires
both of its operands to be expressions.

tests/stress/wasm-calls.js:
tests/stress/wasm/calls.wasm:
wasm/WASMConstants.h:
wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseStatement):
(JSC::WASMFunctionParser::parseExpression):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseExpressionVoid):
(JSC::WASMFunctionParser::parseCallInternal):
(JSC::WASMFunctionParser::parseCallIndirect):
(JSC::WASMFunctionParser::parseCallImport):

wasm/WASMFunctionParser.h:
wasm/WASMReader.cpp:

(JSC::WASMReader::readOpExpressionVoid):

wasm/WASMReader.h:

2:01 PM Changeset in webkit [190079] by timothy_horton@apple.com

3 edits in trunk/Source/WebCore

svg/custom/hidpi-masking-clipping.svg fails with accelerated drawing on
https://bugs.webkit.org/show_bug.cgi?id=149413
<rdar://problem/22787058>

Reviewed by Dean Jackson.

No new tests, this is covered by existing tests.

rendering/svg/RenderSVGResourcePattern.cpp:

(WebCore::RenderSVGResourcePattern::buildPattern):
(WebCore::RenderSVGResourcePattern::applyResource):
(WebCore::RenderSVGResourcePattern::createTileImage):

rendering/svg/RenderSVGResourcePattern.h:

Make pattern images respect the accelerated bit of the parent GraphicsContext.

1:59 PM Changeset in webkit [190078] by Chris Dumez

10 edits in trunk

DOMTokenList.add() / remove() should run the update steps even if tokens were not modified
https://bugs.webkit.org/show_bug.cgi?id=148780
<rdar://problem/22571794>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C DOM test now that more checks are passing.

web-platform-tests/dom/nodes/MutationObserver-attributes-expected.txt:

Source/WebCore:

DOMTokenList.add() / remove() should run the update steps even if tokens
were not modified, as per the DOM specification:

The update steps are specified at:

https://dom.spec.whatwg.org/#concept-DTL-update

This will have several side effects if the DOMTokenList has an associated
attribute. It will overwrite the attribute value which will:

Generate a Mutation event.
Possibly change the attribute value as the new value is the "ordered set serializer for tokens". So it will get rid of extra spaces and duplicates in the attribute value.

Firefox already behaves according to the specification.

No new tests, already covered by existing tests.

html/DOMTokenList.cpp:

(WebCore::DOMTokenList::addInternal):
(WebCore::DOMTokenList::removeInternal):
(WebCore::DOMTokenList::remove): Deleted.

LayoutTests:

Update / Rebaseline several classList /relList tests now that our
behavior has changed.

fast/dom/HTMLElement/class-list-expected.txt:
fast/dom/HTMLElement/class-list-quirks-expected.txt:
fast/dom/HTMLElement/script-tests/class-list.js:
fast/dom/rel-list-expected.txt:
fast/dom/rel-list.html:

1:57 PM Changeset in webkit [190077] by achristensen@apple.com

2 edits in trunk

Disable PICTURE_SIZES in Windows CMake build like r189745.
https://bugs.webkit.org/show_bug.cgi?id=149125

Source/cmake/OptionsWin.cmake:

Do the same thing as r189745.

1:49 PM Changeset in webkit [190076] by fpizlo@apple.com

59 edits
20 adds in trunk

JSC should infer property types
https://bugs.webkit.org/show_bug.cgi?id=148610

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This change brings recursive type inference to JavaScript object properties in JSC. We check that a
value being stored into a property obeys a property's type before we do the store. If it doesn't,
we broaden the property's type to include the new value. If optimized code was relying on the old
type, we deoptimize that code.

The type system that this supports includes important primitive types like Int32 and Boolean. But
it goes further and also includes a type kind called ObjectWithStructure, which means that we
expect the property to always point to objects with a particular structure. This only works for
leaf structures (i.e. structures that have a valid transition watchpoint set). Invalidation of the
transition set causes the property type to become Object (meaning an object with any structure).
This capability gives us recursive type inference. It's possible for an expression like "o.f.g.h"
to execute without any type checks if .f and .g are both ObjectWithStructure.

The type inference of a property is tracked by an InferredType instance, which is a JSCell. This
means that it manages its own memory. That's convenient. For example, when the DFG is interested in
one of these, it can just list the InferredType as a weak reference in addition to setting a
watchpoint. This ensures that even if the InferredType is dropped by the owning structure, the DFG
won't read a dangling pointer. A mapping from property name to InferredType is implemented by
InferredTypeTable, which is also a JSCell. Each Structure may point to some InferredTypeTable.

This feature causes programs to be happier (run faster without otherwise doing bad things like
using lots of memory) when four conditions hold:

1) A property converges to one of the types that we support.
2) The property is loaded from more frequently than it is stored to.
3) The stores are all cached, so that we statically emit a type check.
4) We don't allocate a lot of meta-data for the property's type.

We maximize the likelihood of (1) by having a rich type system. But having a rich type system means
that a reflective put to a property has to have a large switch over the inferred type to decide how
to do the type check. That's why we need (3). We ensure (3) by having every reflective property
store (i.e. putDirectInternal in any context that isn't PutById) force the inferred type to become
Top. We don't really worry about ensuring (2); this is statistically true for most programs
already.

Probably the most subtle trickery goes into (4). Logically we'd like to say that each
(Structure, Property) maps to its own InferredType. If structure S1 has a transition edge to S2,
then we could ensure that the InferredType I1 where (S1, Property)->I1 has a data flow constraint
to I2 where (S2, Property)->I2. That would work, but it would involve a lot of memory. And when I1
gets invalidated in some way, it would have to tell I2 about it, and then I2 might tell other
InferredType objects downstream. That's madness. So, the first major compromise that we make here
is to say that if some property has some InferredType at some Structure, then anytime we
transition from that Structure, the new Structure shares the same InferredType for that property.
This unifies the type of the property over the entire transition tree starting at the Structure at
which the property was added. But this would still mean that each Structure would have its own
InferredTypeTable. We don't want that because experience with PropertyTable shows that this can be
a major memory hog. So, we don't create an InferredTypeTable until someone adds a property that is
subject to type inference (i.e. it was added non-reflectively), and we share that InferredTypeTable
with the entire structure transition tree rooted at the Structure that had the first inferred
property. We also drop the InferredTypeTable anytime that we do a dictionary transition, and we
don't allow further property type inference if a structure had ever been a dictionary.

This is a 3% speed-up on Octane and a 12% speed-up on Kraken on my setup. It's not a significant
slow-down on any benchmark I ran.

CMakeLists.txt:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::branchTest64):

assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::branchTest64):
(JSC::MacroAssemblerX86_64::test64):

bytecode/PolymorphicAccess.cpp:

(JSC::AccessCase::generate):

bytecode/PutByIdFlags.cpp:

(WTF::printInternal):

bytecode/PutByIdFlags.h:

(JSC::encodeStructureID):
(JSC::decodeStructureID):

bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeFromLLInt):
(JSC::PutByIdStatus::computeFor):
(JSC::PutByIdStatus::computeForStubInfo):

bytecode/PutByIdVariant.cpp:

(JSC::PutByIdVariant::operator=):
(JSC::PutByIdVariant::replace):
(JSC::PutByIdVariant::transition):
(JSC::PutByIdVariant::setter):
(JSC::PutByIdVariant::attemptToMerge):
(JSC::PutByIdVariant::dumpInContext):

bytecode/PutByIdVariant.h:

(JSC::PutByIdVariant::newStructure):
(JSC::PutByIdVariant::requiredType):

bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedInstruction::UnlinkedInstruction):

bytecode/Watchpoint.h:

(JSC::InlineWatchpointSet::touch):
(JSC::InlineWatchpointSet::isBeingWatched):

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::addConstantValue):
(JSC::BytecodeGenerator::emitPutById):
(JSC::BytecodeGenerator::emitDirectPutById):

dfg/DFGAbstractInterpreter.h:

(JSC::DFG::AbstractInterpreter::filter):
(JSC::DFG::AbstractInterpreter::filterByValue):

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
(JSC::DFG::AbstractInterpreter<AbstractStateType>::filter):

dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::setType):
(JSC::DFG::AbstractValue::set):
(JSC::DFG::AbstractValue::fixTypeForRepresentation):
(JSC::DFG::AbstractValue::mergeOSREntryValue):
(JSC::DFG::AbstractValue::isType):
(JSC::DFG::AbstractValue::filter):
(JSC::DFG::AbstractValue::filterValueByType):

dfg/DFGAbstractValue.h:

(JSC::DFG::AbstractValue::setType):
(JSC::DFG::AbstractValue::isType):
(JSC::DFG::AbstractValue::validate):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
(JSC::DFG::ByteCodeParser::handleGetByOffset):
(JSC::DFG::ByteCodeParser::handlePutByOffset):
(JSC::DFG::ByteCodeParser::load):
(JSC::DFG::ByteCodeParser::store):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::handlePutById):

dfg/DFGClobbersExitState.cpp:

(JSC::DFG::clobbersExitState):

dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):
(JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
(JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
(JSC::DFG::ConstantFoldingPhase::addBaseCheck):

dfg/DFGDesiredInferredType.h: Added.

(JSC::DFG::DesiredInferredType::DesiredInferredType):
(JSC::DFG::DesiredInferredType::operator bool):
(JSC::DFG::DesiredInferredType::object):
(JSC::DFG::DesiredInferredType::expected):
(JSC::DFG::DesiredInferredType::isStillValid):
(JSC::DFG::DesiredInferredType::add):
(JSC::DFG::DesiredInferredType::operator==):
(JSC::DFG::DesiredInferredType::operator!=):
(JSC::DFG::DesiredInferredType::isHashTableDeletedValue):
(JSC::DFG::DesiredInferredType::hash):
(JSC::DFG::DesiredInferredType::dumpInContext):
(JSC::DFG::DesiredInferredType::dump):
(JSC::DFG::DesiredInferredTypeHash::hash):
(JSC::DFG::DesiredInferredTypeHash::equal):

dfg/DFGDesiredWatchpoints.cpp:

(JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
(JSC::DFG::InferredTypeAdaptor::add):
(JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
(JSC::DFG::DesiredWatchpoints::~DesiredWatchpoints):
(JSC::DFG::DesiredWatchpoints::addLazily):
(JSC::DFG::DesiredWatchpoints::consider):
(JSC::DFG::DesiredWatchpoints::reallyAdd):
(JSC::DFG::DesiredWatchpoints::areStillValid):
(JSC::DFG::DesiredWatchpoints::dumpInContext):

dfg/DFGDesiredWatchpoints.h:

(JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
(JSC::DFG::InferredTypeAdaptor::hasBeenInvalidated):
(JSC::DFG::InferredTypeAdaptor::dumpInContext):
(JSC::DFG::DesiredWatchpoints::isWatched):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::isSafeToLoad):
(JSC::DFG::Graph::inferredTypeFor):
(JSC::DFG::Graph::livenessFor):
(JSC::DFG::Graph::tryGetConstantProperty):
(JSC::DFG::Graph::inferredValueForProperty):
(JSC::DFG::Graph::tryGetConstantClosureVar):

dfg/DFGGraph.h:

(JSC::DFG::Graph::registerInferredType):
(JSC::DFG::Graph::inferredTypeForProperty):

dfg/DFGInferredTypeCheck.cpp: Added.

(JSC::DFG::insertInferredTypeCheck):

dfg/DFGInferredTypeCheck.h: Added.
dfg/DFGNode.h:
dfg/DFGObjectAllocationSinkingPhase.cpp:
dfg/DFGPropertyTypeKey.h: Added.

(JSC::DFG::PropertyTypeKey::PropertyTypeKey):
(JSC::DFG::PropertyTypeKey::operator bool):
(JSC::DFG::PropertyTypeKey::structure):
(JSC::DFG::PropertyTypeKey::uid):
(JSC::DFG::PropertyTypeKey::operator==):
(JSC::DFG::PropertyTypeKey::operator!=):
(JSC::DFG::PropertyTypeKey::hash):
(JSC::DFG::PropertyTypeKey::isHashTableDeletedValue):
(JSC::DFG::PropertyTypeKey::dumpInContext):
(JSC::DFG::PropertyTypeKey::dump):
(JSC::DFG::PropertyTypeKey::deletedUID):
(JSC::DFG::PropertyTypeKeyHash::hash):
(JSC::DFG::PropertyTypeKeyHash::equal):

dfg/DFGSafeToExecute.h:

(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileTypeOf):
(JSC::DFG::SpeculativeJIT::compileCheckStructure):
(JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
(JSC::DFG::SpeculativeJIT::speculateCell):
(JSC::DFG::SpeculativeJIT::speculateCellOrOther):
(JSC::DFG::SpeculativeJIT::speculateObject):
(JSC::DFG::SpeculativeJIT::speculate):

dfg/DFGSpeculativeJIT.h:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGStoreBarrierInsertionPhase.cpp:
dfg/DFGStructureAbstractValue.h:

(JSC::DFG::StructureAbstractValue::at):
(JSC::DFG::StructureAbstractValue::operator[]):
(JSC::DFG::StructureAbstractValue::onlyStructure):
(JSC::DFG::StructureAbstractValue::forEach):

dfg/DFGUseKind.cpp:

(WTF::printInternal):

dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):

dfg/DFGValidate.cpp:

(JSC::DFG::Validate::validate):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::compileCheckStructure):
(JSC::FTL::DFG::LowerDFGToLLVM::compileCheckCell):
(JSC::FTL::DFG::LowerDFGToLLVM::compileMultiPutByOffset):
(JSC::FTL::DFG::LowerDFGToLLVM::numberOrNotCellToInt32):
(JSC::FTL::DFG::LowerDFGToLLVM::checkInferredType):
(JSC::FTL::DFG::LowerDFGToLLVM::loadProperty):
(JSC::FTL::DFG::LowerDFGToLLVM::speculate):
(JSC::FTL::DFG::LowerDFGToLLVM::speculateCell):
(JSC::FTL::DFG::LowerDFGToLLVM::speculateCellOrOther):
(JSC::FTL::DFG::LowerDFGToLLVM::speculateMachineInt):
(JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):

jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::decodedCodeMapFor):
(JSC::AssemblyHelpers::branchIfNotType):
(JSC::AssemblyHelpers::purifyNaN):

jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::branchIfEqual):
(JSC::AssemblyHelpers::branchIfNotCell):
(JSC::AssemblyHelpers::branchIfCell):
(JSC::AssemblyHelpers::branchIfNotOther):
(JSC::AssemblyHelpers::branchIfInt32):
(JSC::AssemblyHelpers::branchIfNotInt32):
(JSC::AssemblyHelpers::branchIfNumber):
(JSC::AssemblyHelpers::branchIfNotNumber):
(JSC::AssemblyHelpers::branchIfEmpty):
(JSC::AssemblyHelpers::branchStructure):

jit/Repatch.cpp:

(JSC::tryCachePutByID):

llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
runtime/InferredType.cpp: Added.

(JSC::InferredType::create):
(JSC::InferredType::destroy):
(JSC::InferredType::createStructure):
(JSC::InferredType::visitChildren):
(JSC::InferredType::kindForFlags):
(JSC::InferredType::Descriptor::forValue):
(JSC::InferredType::Descriptor::forFlags):
(JSC::InferredType::Descriptor::putByIdFlags):
(JSC::InferredType::Descriptor::merge):
(JSC::InferredType::Descriptor::removeStructure):
(JSC::InferredType::Descriptor::subsumes):
(JSC::InferredType::Descriptor::dumpInContext):
(JSC::InferredType::Descriptor::dump):
(JSC::InferredType::InferredType):
(JSC::InferredType::~InferredType):
(JSC::InferredType::canWatch):
(JSC::InferredType::addWatchpoint):
(JSC::InferredType::dump):
(JSC::InferredType::willStoreValueSlow):
(JSC::InferredType::makeTopSlow):
(JSC::InferredType::set):
(JSC::InferredType::removeStructure):
(JSC::InferredType::InferredStructureWatchpoint::fireInternal):
(JSC::InferredType::InferredStructureFinalizer::finalizeUnconditionally):
(JSC::InferredType::InferredStructure::InferredStructure):
(WTF::printInternal):

runtime/InferredType.h: Added.
runtime/InferredTypeTable.cpp: Added.

(JSC::InferredTypeTable::create):
(JSC::InferredTypeTable::destroy):
(JSC::InferredTypeTable::createStructure):
(JSC::InferredTypeTable::visitChildren):
(JSC::InferredTypeTable::get):
(JSC::InferredTypeTable::willStoreValue):
(JSC::InferredTypeTable::makeTop):
(JSC::InferredTypeTable::InferredTypeTable):
(JSC::InferredTypeTable::~InferredTypeTable):

runtime/InferredTypeTable.h: Added.
runtime/JSObject.h:

(JSC::JSObject::putDirectInternal):
(JSC::JSObject::putDirectWithoutTransition):

runtime/Structure.cpp:

(JSC::Structure::materializePropertyMap):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::removePropertyTransition):
(JSC::Structure::startWatchingInternalProperties):
(JSC::Structure::willStoreValueSlow):
(JSC::Structure::visitChildren):
(JSC::Structure::prototypeChainMayInterceptStoreTo):

runtime/Structure.h:

(JSC::PropertyMapEntry::PropertyMapEntry):

runtime/StructureInlines.h:

(JSC::Structure::get):

runtime/VM.cpp:

(JSC::VM::VM):

runtime/VM.h:
tests/stress/prop-type-boolean-then-string.js: Added.
tests/stress/prop-type-int32-then-string.js: Added.
tests/stress/prop-type-number-then-string.js: Added.
tests/stress/prop-type-object-or-other-then-string.js: Added.
tests/stress/prop-type-object-then-string.js: Added.
tests/stress/prop-type-other-then-string.js: Added.
tests/stress/prop-type-string-then-object.js: Added.
tests/stress/prop-type-struct-or-other-then-string.js: Added.
tests/stress/prop-type-struct-then-object.js: Added.
tests/stress/prop-type-struct-then-object-opt.js: Added.
tests/stress/prop-type-struct-then-object-opt-fold.js: Added.
tests/stress/prop-type-struct-then-object-opt-multi.js: Added.

Source/WTF:

wtf/HashTable.h:

(WTF::HashTableAddResult::HashTableAddResult): Make it possible to say "HashMap::AddResult result" without assigning anything to it yet.

wtf/PrintStream.h:

(WTF::printInternal): Beef up printing of some common WTF types, in particular RefPtr<UniquedStringImpl>.

1:34 PM Changeset in webkit [190075] by rniwa@webkit.org

2 edits in trunk/Tools

32-bit Mac build fix attempt after r190065.

WebKitTestRunner/cocoa/TestRunnerWKWebView.mm:

1:24 PM Changeset in webkit [190074] by rniwa@webkit.org

2 edits
6 adds in trunk/LayoutTests

Add some tests for shadow DOM rendering
https://bugs.webkit.org/show_bug.cgi?id=149330

Reviewed by Antti Koivisto.

Added some ref tests for new shadow DOM API rendering with failing expectations everywhere.

This is a relanding of r189962 excluding css-scoping-shadow-rendering.html since it has since been added in r190006
as css-scoping-shadow-root-hides-children.html by Antti.

fast/shadow-dom/css-scoping-shadow-invisible-slot-expected.html: Added.
fast/shadow-dom/css-scoping-shadow-invisible-slot.html: Added.
fast/shadow-dom/css-scoping-shadow-slot-expected.html: Added.
fast/shadow-dom/css-scoping-shadow-slot.html: Added.
fast/shadow-dom/css-scoping-shadow-with-rules-expected.html: Added.
fast/shadow-dom/css-scoping-shadow-with-rules.html: Added.
platform/mac/TestExpectations:

1:10 PM Changeset in webkit [190073] by fpizlo@apple.com

13 edits in trunk/Source/JavaScriptCore

WebCore shouldn't have to include DFG headers
https://bugs.webkit.org/show_bug.cgi?id=149337

Reviewed by Michael Saboff.

This does some simple rewiring and outlining of CodeBlock/Heap functionality so that
those headers don't have to include DFG headers. As a result, WebCore no longer includes
DFG headers, except for two fairly innocent ones (DFGCommon.h and DFGCompilationMode.h).
This also changes the Xcode project file so that all but those two headers are Project
rather than Private. So, if WebCore accidentally includes any of them, we'll get a build
error.

The main group of headers that this prevents WebCore from including are the DFGDesired*.h
files and whatever those include. Those headers used to be fairly simple, but now they
are growing in complexity (especially with things like http://webkit.org/b/148610). So,
it makes sense to make sure they don't leak out of JSC.

JavaScriptCore.xcodeproj/project.pbxproj:
bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::~CallLinkInfo):
(JSC::CallLinkInfo::clearStub):
(JSC::CallLinkInfo::visitWeak):
(JSC::CallLinkInfo::setFrameShuffleData):

bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::isVarargsCallType):
(JSC::CallLinkInfo::specializationKindFor):
(JSC::CallLinkInfo::frameShuffleData):
(JSC::CallLinkInfo::CallLinkInfo): Deleted.
(JSC::CallLinkInfo::~CallLinkInfo): Deleted.
(JSC::CallLinkInfo::setFrameShuffleData): Deleted.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::getOrAddArrayProfile):
(JSC::CodeBlock::codeOrigins):
(JSC::CodeBlock::numberOfDFGIdentifiers):
(JSC::CodeBlock::identifier):
(JSC::CodeBlock::updateAllPredictionsAndCountLiveness):

bytecode/CodeBlock.h:

(JSC::CodeBlock::hasExpressionInfo):
(JSC::CodeBlock::hasCodeOrigins):
(JSC::CodeBlock::numberOfIdentifiers):
(JSC::CodeBlock::identifier):
(JSC::CodeBlock::codeOrigins): Deleted.
(JSC::CodeBlock::numberOfDFGIdentifiers): Deleted.

bytecode/CodeOrigin.h:
dfg/DFGDesiredIdentifiers.cpp:
heap/Heap.cpp:

(JSC::Heap::didFinishIterating):
(JSC::Heap::completeAllDFGPlans):
(JSC::Heap::markRoots):
(JSC::Heap::deleteAllCodeBlocks):

heap/Heap.h:
heap/HeapInlines.h:

(JSC::Heap::deprecatedReportExtraMemory):
(JSC::Heap::forEachCodeBlock):
(JSC::Heap::forEachProtectedCell):

runtime/Executable.h:
runtime/JSCInlines.h:

(JSC::Heap::forEachCodeBlock): Deleted.

1:09 PM Changeset in webkit [190072] by eric.carlson@apple.com

25 edits in trunk/Source/WebCore

[MediaStream] Clean up MediaStream private interfaces
https://bugs.webkit.org/show_bug.cgi?id=149381

Reviewed by Jer Noble.

No new tests, no functional change.

Modules/mediastream/MediaStream.cpp:

(WebCore::MediaStream::create):
(WebCore::MediaStream::MediaStream):
(WebCore::MediaStream::clone):
(WebCore::MediaStream::getTrackById):
(WebCore::MediaStream::getAudioTracks):
(WebCore::MediaStream::getVideoTracks):
(WebCore::MediaStream::getTracks):
(WebCore::MediaStream::activeStatusChanged):
(WebCore::MediaStream::didAddTrack):
(WebCore::MediaStream::didRemoveTrack):
(WebCore::MediaStream::registry):
(WebCore::MediaStream::trackVectorForType):
(WebCore::MediaStream::didAddTrackToPrivate): Deleted.
(WebCore::MediaStream::didRemoveTrackFromPrivate): Deleted.

Modules/mediastream/MediaStream.h:

Modules/mediastream/MediaStreamRegistry.cpp:

(WebCore::MediaStreamRegistry::lookup):
(WebCore::MediaStreamRegistry::MediaStreamRegistry):

Modules/mediastream/MediaStreamRegistry.h:

Modules/mediastream/MediaStreamTrack.cpp:

(WebCore::MediaStreamTrack::MediaStreamTrack):
(WebCore::MediaStreamTrack::~MediaStreamTrack):
(WebCore::MediaStreamTrack::kind):
(WebCore::MediaStreamTrack::removeObserver):
(WebCore::MediaStreamTrack::trackEnded):
(WebCore::MediaStreamTrack::trackMutedChanged):
(WebCore::MediaStreamTrack::trackStatesChanged):
(WebCore::MediaStreamTrack::configureTrackRendering):

Modules/mediastream/MediaStreamTrack.h:

platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::supportsType):
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load):

platform/graphics/avfoundation/objc/MediaStreamPrivateAVFObjC.h:
platform/graphics/avfoundation/objc/MediaStreamPrivateAVFObjC.mm:

(WebCore::MediaStreamPrivateAVFObjC::create):
(WebCore::MediaStreamPrivateAVFObjC::MediaStreamPrivateAVFObjC):

platform/mediastream/MediaStreamPrivate.cpp:

(WebCore::MediaStreamPrivate::create):
(WebCore::MediaStreamPrivate::MediaStreamPrivate):
(WebCore::MediaStreamPrivate::~MediaStreamPrivate):
(WebCore::MediaStreamPrivate::tracks):
(WebCore::MediaStreamPrivate::addTrack):
(WebCore::MediaStreamPrivate::removeTrack):

platform/mediastream/MediaStreamPrivate.h:

(WebCore::MediaStreamPrivateClient::~MediaStreamPrivateClient):
(WebCore::MediaStreamPrivate::id):
(WebCore::MediaStreamPrivate::active):
(WebCore::MediaStreamPrivate::MediaStreamPrivate): Deleted.
(WebCore::MediaStreamPrivate::~MediaStreamPrivate): Deleted.

platform/mediastream/MediaStreamTrackPrivate.cpp:

(WebCore::MediaStreamTrackPrivate::MediaStreamTrackPrivate):
(WebCore::MediaStreamTrackPrivate::~MediaStreamTrackPrivate):
(WebCore::MediaStreamTrackPrivate::addObserver):
(WebCore::MediaStreamTrackPrivate::removeObserver):
(WebCore::MediaStreamTrackPrivate::label):
(WebCore::MediaStreamTrackPrivate::endTrack):
(WebCore::MediaStreamTrackPrivate::sourceStopped):
(WebCore::MediaStreamTrackPrivate::sourceMutedChanged):
(WebCore::MediaStreamTrackPrivate::sourceStatesChanged):
(WebCore::MediaStreamTrackPrivate::preventSourceFromStopping):

platform/mediastream/MediaStreamTrackPrivate.h:

(WebCore::MediaStreamTrackPrivate::Observer::~Observer):
(WebCore::MediaStreamTrackPrivate::ended):
(WebCore::MediaStreamTrackPrivate::startProducingData):
(WebCore::MediaStreamTrackPrivate::stopProducingData):
(WebCore::MediaStreamTrackPrivate::setMuted):
(WebCore::MediaStreamTrackPrivateClient::~MediaStreamTrackPrivateClient): Deleted.
(WebCore::MediaStreamTrackPrivate::setClient): Deleted.
(WebCore::MediaStreamTrackPrivate::client): Deleted.

platform/mediastream/MediaStreamTrackSourcesRequestClient.h:

(WebCore::TrackSourceInfo::create):
(WebCore::TrackSourceInfo::id):
(WebCore::TrackSourceInfo::label):
(WebCore::TrackSourceInfo::groupId):
(WebCore::TrackSourceInfo::kind):
(WebCore::TrackSourceInfo::TrackSourceInfo):
(WebCore::TrackSourceInfo::deviceId): Deleted.

platform/mediastream/RealtimeMediaSource.cpp:

(WebCore::RealtimeMediaSource::RealtimeMediaSource):
(WebCore::RealtimeMediaSource::reset):
(WebCore::RealtimeMediaSource::setMuted):
(WebCore::RealtimeMediaSource::statesDidChanged):
(WebCore::RealtimeMediaSource::readonly):

platform/mediastream/RealtimeMediaSource.h:

(WebCore::RealtimeMediaSource::id):
(WebCore::RealtimeMediaSource::persistentId):
(WebCore::RealtimeMediaSource::setPersistentId):
(WebCore::RealtimeMediaSource::type):
(WebCore::RealtimeMediaSource::stopped):

platform/mediastream/RealtimeMediaSourceCenter.h:
platform/mediastream/mac/AVCaptureDeviceManager.mm:

(WebCore::AVCaptureDeviceManager::getSourcesInfo):

platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:

(WebCore::RealtimeMediaSourceCenterMac::~RealtimeMediaSourceCenterMac):
(WebCore::RealtimeMediaSourceCenterMac::validateRequestConstraints):
(WebCore::RealtimeMediaSourceCenterMac::createMediaStream):
(WebCore::RealtimeMediaSourceCenterMac::getMediaStreamTrackSources):

platform/mediastream/mac/RealtimeMediaSourceCenterMac.h:

platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp:

(WebCore::RealtimeMediaSourceCenterOwr::~RealtimeMediaSourceCenterOwr):
(WebCore::RealtimeMediaSourceCenterOwr::validateRequestConstraints):

platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.h:

platform/mock/MockRealtimeMediaSourceCenter.cpp:

(WebCore::MockRealtimeMediaSourceCenter::registerMockRealtimeMediaSourceCenter):
(WebCore::MockRealtimeMediaSourceCenter::validateRequestConstraints):
(WebCore::MockRealtimeMediaSourceCenter::createMediaStream):
(WebCore::MockRealtimeMediaSourceCenter::getMediaStreamTrackSources):

platform/mock/MockRealtimeMediaSourceCenter.h:

1:05 PM Changeset in webkit [190071] by rniwa@webkit.org

2 edits in trunk/LayoutTests

Add image-only failure expectation to fast/shadow-dom/css-scoping-shadow-root-hides-children.html on non-Mac ports.

TestExpectations:

12:43 PM Changeset in webkit [190070] by ap@apple.com

5 edits in trunk/Tools

[OS X] Update for Xcode 7.0 on Yosemite
https://bugs.webkit.org/show_bug.cgi?id=149389

Reviewed by Dan Bernstein.

DumpRenderTree/mac/DumpRenderTreeDraggingInfo.h:
WebKitTestRunner/mac/WebKitTestRunnerDraggingInfo.h:

Removed unneeded declarations - conforming to a protocol is sufficient.

DumpRenderTree/mac/DumpRenderTreeDraggingInfo.mm:
WebKitTestRunner/mac/WebKitTestRunnerDraggingInfo.mm:

Changed the definitions to be compiled whenever the SDK requires it (so we will have
dead code compiled in when building for 10.10 with 10.11 SDK, somewhat unfortunately).

12:38 PM Changeset in webkit [190069] by achristensen@apple.com

2 edits in trunk/LayoutTests

Skip tests on Windows after r189947.

platform/win/TestExpectations:

webkit-font-smoothing doesn't work on Windows.

12:15 PM Changeset in webkit [190068] by Csaba Osztrogonác

2 edits in trunk/Source/WebCore

Fix the !ENABLE(TEMPLATE_ELEMENT) build after r189945
https://bugs.webkit.org/show_bug.cgi?id=149400

Reviewed by Darin Adler.

xml/parser/XMLDocumentParserLibxml2.cpp:

(WebCore::XMLDocumentParser::startElementNs):

12:15 PM Changeset in webkit [190067] by Chris Dumez

6 edits
7 adds in trunk

Range.cloneContents() / extractContents should throw a HierarchyRequestError when encountering a doctype
https://bugs.webkit.org/show_bug.cgi?id=148770
<rdar://problem/22570898>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C DOM test now that more checks are passing.

web-platform-tests/dom/ranges/Range-cloneContents-expected.txt:

Source/WebCore:

Range.cloneContents() and Range.extractContents() should throw a
HierarchyRequestError when encountering a doctype:

https://dom.spec.whatwg.org/#concept-range-clone (step 12)
https://dom.spec.whatwg.org/#concept-range-extract (step 12)

However, Range.deleteContents() should not:

https://dom.spec.whatwg.org/#dom-range-deletecontents

WebKit was not throwing in the Range.cloneContents() case. This
aligns updates our behavior to match the specification and
Firefox.

Tests: fast/dom/Range/clone-contents-document-type.html

fast/dom/Range/delete-contents-document-type.html
fast/dom/Range/extract-contents-document-type.html

dom/Range.cpp:

(WebCore::Range::processContentsBetweenOffsets):

LayoutTests:

Add new tests to cover the behaviour of Range's cloneContents() / extractContents()
and deleteContents() when encountering a doctype.

fast/dom/Range/clone-contents-document-type-expected.txt: Added.
fast/dom/Range/clone-contents-document-type.html: Added.
fast/dom/Range/delete-contents-document-type-expected.txt: Added.
fast/dom/Range/delete-contents-document-type.html: Added.
fast/dom/Range/extract-contents-document-type-expected.txt: Added.
fast/dom/Range/extract-contents-document-type.html: Added.
fast/dom/Range/resources/frame-with-doctype.html: Added.

12:11 PM Changeset in webkit [190066] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

Web Inspector: arrow function names are never inferred, call frames are labeled (anonymous function)
https://bugs.webkit.org/show_bug.cgi?id=148318

Patch by Aleksandr Skachkov <gskachkov@gmail.com> on 2015-09-21
Reviewed by Saam Barati.

Tiny change to support of the inferred name in arrow function

parser/ASTBuilder.h:

(JSC::ASTBuilder::createAssignResolve):

12:10 PM Changeset in webkit [190065] by Simon Fraser

26 edits
6 copies
13 adds in trunk

Add the ability for tests to run script in the UI process in WebKitTestRunner
https://bugs.webkit.org/show_bug.cgi?id=149356

Reviewed by Tim Horton.

Source/WebKit2:

Expose a few private functions for testing.

UIProcess/API/Cocoa/WKWebView.mm:
UIProcess/API/Cocoa/WKWebViewPrivate.h:

Tools:

This change adds testRunner.runUIScript(script, callback), which allows a test
to execute script in a JSContext which runs in the UI process. That context
has bindings exposed through the UIScriptController interface; currently one test
function, and some iOS-specific functions are included. UIScriptController can be
async with a callback, and runUIScript() itself is asynchronous. When the UI
script is complete, it calls uiController.uiScriptComplete(result), where 'result'
is a string passed back to the web process, and given to the runUIScript()
callback function.

Thanks to Gyuyoung Kim for help with the Gtk/Efl build.

WebKitTestRunner/DerivedSources.make: Build UIScriptController.idl.
WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl: Add runUIScript().
WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::didReceiveMessageToPage): When the UI-side script is
complete, call back into TestRunner.

WebKitTestRunner/InjectedBundle/TestRunner.cpp:

(WTR::nextUIScriptCallbackID):
(WTR::TestRunner::runUIScript): Post a message to the injected bundle to run the UI script.
(WTR::TestRunner::runUIScriptCallback): When the UI script is done, execute its callback function.

WebKitTestRunner/InjectedBundle/TestRunner.h:
WebKitTestRunner/PlatformWebView.h:
WebKitTestRunner/TestController.cpp:

(WTR::updateTestOptionsFromTestHeader):
(WTR::TestController::testOptionsForTest): Support "useFlexibleViewport" as a test argument.
(WTR::shouldUseFixedLayout): Deleted. Moved to a TestInvocation function.

WebKitTestRunner/TestInvocation.cpp:

(WTR::TestInvocation::shouldUseFixedLayout):
(WTR::TestInvocation::shouldUseThreadedScrolling):
(WTR::TestInvocation::didReceiveMessageFromInjectedBundle):
(WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle):
(WTR::TestInvocation::runUISideScript): Run the UI-side script!
(WTR::TestInvocation::uiScriptDidComplete): Send a message back to the injected bundle.

WebKitTestRunner/TestInvocation.h:
WebKitTestRunner/TestOptions.h:
WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj:
WebKitTestRunner/cocoa/TestControllerCocoa.mm:
WebKitTestRunner/cocoa/TestRunnerWKWebView.h: Copied from Tools/WebKitTestRunner/TestOptions.h.
WebKitTestRunner/cocoa/TestRunnerWKWebView.mm: Added.

(-[TestRunnerWKWebView dragImage:at:offset:event:pasteboard:source:slideBack:]):
(-[TestRunnerWKWebView zoomToScale:animated:completionHandler:]):
(-[TestRunnerWKWebView scrollViewDidEndZooming:withView:atScale:]):
(-[TestRunnerWKWebView onDidEndZooming:]): Allow a test to hook into the end of zooming.

WebKitTestRunner/ios/PlatformWebViewIOS.mm:

(WTR::PlatformWebView::PlatformWebView): Make a TestRunnerWKWebView on iOS.

WebKitTestRunner/ios/UIScriptControllerIOS.mm: Added.

(WTR::UIScriptController::doAsyncTask):
(WTR::UIScriptController::zoomToScale):
(WTR::UIScriptController::zoomScale):
(WTR::UIScriptController::minimumZoomScale):
(WTR::UIScriptController::maximumZoomScale):
(WTR::UIScriptController::contentVisibleRect):

WebKitTestRunner/mac/EventSenderProxy.mm:
WebKitTestRunner/mac/PlatformWebViewMac.mm:

(-[TestRunnerWKWebView dragImage:at:offset:event:pasteboard:source:slideBack:]): Deleted.

WebKitTestRunner/mac/TestControllerMac.mm:

(WTR::TestController::updatePlatformSpecificTestOptionsForTest):
(WTR::shouldUseThreadedScrolling): Deleted. Moved to TestInvocation.

WebKitTestRunner/mac/WebKitTestRunnerDraggingInfo.h:
WebKitTestRunner/uiscriptcontext/UIScriptContext.cpp: Added. Owns the JS context in the UI process.

(UIScriptContext::UIScriptContext):
(UIScriptContext::~UIScriptContext):
(UIScriptContext::runUIScript): Entrypoint to running the UI script. If the script didn't do anything
asynchronous, call the callback.
(UIScriptContext::nextTaskCallbackID):
(UIScriptContext::prepareForAsyncTask): Do setup for one async task (i.e. a UIScriptController function
that has a callback). Has to store the callbackID of the script, so code called from the completion
callback knows which UI script invoked it.
(UIScriptContext::asyncTaskComplete): Called when one task is finished.
(UIScriptContext::uiScriptComplete):
(UIScriptContext::objectFromRect): Make a JS object from a rect.

WebKitTestRunner/uiscriptcontext/UIScriptContext.h: Copied from Tools/WebKitTestRunner/TestOptions.h.

(WTR::UIScriptContext::hasOutstandingAsyncTasks):

WebKitTestRunner/uiscriptcontext/UIScriptController.cpp: Copied from Tools/WebKitTestRunner/TestOptions.h.

(WTR::UIScriptController::UIScriptController):
(WTR::UIScriptController::makeWindowObject):
(WTR::UIScriptController::wrapperClass):
(WTR::UIScriptController::doAsyncTask):
(WTR::UIScriptController::zoomToScale):
(WTR::UIScriptController::zoomScale):
(WTR::UIScriptController::minimumZoomScale):
(WTR::UIScriptController::maximumZoomScale):
(WTR::UIScriptController::contentVisibleRect):
(WTR::UIScriptController::uiScriptComplete):

WebKitTestRunner/uiscriptcontext/UIScriptController.h: Copied from Tools/WebKitTestRunner/TestOptions.h.

(WTR::UIScriptController::create):

WebKitTestRunner/uiscriptcontext/bindings/UIScriptController.idl: Copied from Tools/WebKitTestRunner/TestOptions.h.

LayoutTests:

Some new tests that exercise testRunner.runUIScript().

TestExpectations:
fast/harness/concurrent-ui-side-scripts-expected.txt: Added.
fast/harness/concurrent-ui-side-scripts.html: Added.
fast/harness/ui-side-scripts-expected.txt: Added.
fast/harness/ui-side-scripts.html: Added.
fast/zooming/zoom-to-scale.html: Added.
platform/ios-simulator/TestExpectations:
platform/mac/TestExpectations:

12:03 PM Changeset in webkit [190064] by timothy_horton@apple.com

19 edits in trunk/Source/WebKit2

Layout milestones aren't synchronized with UI-side compositing transactions
https://bugs.webkit.org/show_bug.cgi?id=149362

Reviewed by Anders Carlsson.

Because layout milestones are primarily used to synchronize things with
the displayed layout/rendering of the page, they should fire at the same
time as the contents of the view change.

However, with UI-side compositing, the layer tree transaction will
most likely come in *after* the layout milestones associated with its
contents fire, breaking this synchronization.

Instead, put the layout milestones inside the transaction and fire them
immediately after it is committed in the UI process.

Shared/mac/RemoteLayerTreeTransaction.h:

(WebKit::RemoteLayerTreeTransaction::setCallbackIDs):
(WebKit::RemoteLayerTreeTransaction::newlyReachedLayoutMilestones):
(WebKit::RemoteLayerTreeTransaction::setNewlyReachedLayoutMilestones):

Shared/mac/RemoteLayerTreeTransaction.mm:

(WebKit::RemoteLayerTreeTransaction::RemoteLayerTreeTransaction):
(WebKit::RemoteLayerTreeTransaction::encode):
(WebKit::RemoteLayerTreeTransaction::decode):
Add LayoutMilestones to the transaction.

UIProcess/API/APILoaderClient.h:

(API::LoaderClient::didLayout):

UIProcess/API/APINavigationClient.h:

(API::NavigationClient::renderingProgressDidChange):

UIProcess/API/C/WKPage.cpp:

(WKPageSetPageLoaderClient):
(WKPageSetPageNavigationClient):

UIProcess/Cocoa/NavigationState.h:
UIProcess/Cocoa/NavigationState.mm:

(WebKit::NavigationState::NavigationClient::renderingProgressDidChange):

UIProcess/WebPageProxy.messages.in:
UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::didCommitLayerTree):
Remove the UserData parameter from didLayout/renderingProgressDidChange,
except for at the API level where we'll always pass null.
Nobody uses UserData on didLayout, and we'll assert if any client sets it
(and it won't get passed through to the UI process).

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didLayoutForCustomContentProvider):
Just call didLayout with the relevant milestones instead of reimplementing it.

(WebKit::WebPageProxy::didLayout):

UIProcess/WebPageProxy.h:

Make didLayout public.

WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::dispatchDidLayout):
Let WebPage handle dispatching didLayout.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::dispatchDidLayout):

WebProcess/WebPage/WebPage.h:

Let the DrawingArea handle dispatching didLayout.
If it doesn't want to handle it, we'll just do the normal thing
and dispatch an async message.

UIProcess/mac/RemoteLayerTreeDrawingAreaProxy.mm:

(WebKit::RemoteLayerTreeDrawingAreaProxy::commitLayerTree):
If we reach a new layout milestone, dispatch didLayout client/delegate callbacks.

WebProcess/WebPage/DrawingArea.h:

(WebKit::DrawingArea::dispatchDidLayout):

WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.h:
WebProcess/WebPage/mac/RemoteLayerTreeDrawingArea.mm:

(WebKit::RemoteLayerTreeDrawingArea::flushLayers):
(WebKit::RemoteLayerTreeDrawingArea::dispatchDidLayout):
Queue up milestones as we reach them, and send them in the transaction.

11:59 AM Changeset in webkit [190063] by commit-queue@webkit.org

6 edits in trunk/Source/JavaScriptCore

New tests introduced in r188545 fail on 32 bit ARM
https://bugs.webkit.org/show_bug.cgi?id=148376

Patch by Aleksandr Skachkov <gskachkov@gmail.com> on 2015-09-19
Reviewed by Saam Barati.

Added correct support of the ARM CPU in JIT functions that are related to arrow function.

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewFunction):

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

jit/JIT.h:
jit/JITInlines.h:

(JSC::JIT::callOperation):

jit/JITOpcodes.cpp:

(JSC::JIT::emitNewFuncExprCommon):

11:47 AM Changeset in webkit [190062] by Sukolsak Sakshuwong

7 edits in trunk/Source/JavaScriptCore

Implement Store expressions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149395

Reviewed by Geoffrey Garen.

The Store instruction in WebAssembly stores a value in the linear memory
at the given index. It can be both a statement and an expression. When
it is an expression, it returns the assigned value. This patch
implements Store as an expression.

Since Store uses two operands, which are the index and the value, we
need to pop the two operands from the stack and push the value back to
the stack. We can simply implement this by copying the value to where
the index is in the stack.

tests/stress/wasm-linear-memory.js:
wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::buildStore):

wasm/WASMFunctionParser.cpp:

wasm/WASMFunctionParser.h:
wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildStore):

11:03 AM Changeset in webkit [190061] by timothy_horton@apple.com

4 edits in trunk/Source/WebCore

UserMediaClientMock leaks every test run
https://bugs.webkit.org/show_bug.cgi?id=149358

Reviewed by Eric Carlson.

Modules/mediastream/UserMediaController.cpp:

(WebCore::provideUserMediaTo):
Make provideUserMediaTo operate unconditionally, just like all of the
other similar functions, reverting r165733.

Modules/mediastream/UserMediaController.h:
testing/Internals.cpp:

(WebCore::Internals::Internals):
Remove the existing UserMediaController supplement before installing a new one.
This way, we're replacing it with the one Internals is trying to install,
instead of leaking UserMediaClientMocks.

11:00 AM Changeset in webkit [190060] by timothy_horton@apple.com

36 edits in trunk

Turn on threaded scrolling by default in the tests
https://bugs.webkit.org/show_bug.cgi?id=149377

Reviewed by Simon Fraser.

WebKitTestRunner/mac/TestControllerMac.mm:

(WTR::TestController::updatePlatformSpecificTestOptionsForTest):
(WTR::shouldUseThreadedScrolling): Deleted.
Turn on threaded scrolling by default.

compositing/geometry/fixed-position-flipped-writing-mode.html:
compositing/layer-creation/no-compositing-for-sticky.html:
compositing/overflow/automatically-opt-into-composited-scrolling.html:
compositing/overflow/clipping-ancestor-with-accelerated-scrolling-ancestor.html:
compositing/overflow/composited-scrolling-creates-a-stacking-container.html:
compositing/overflow/composited-scrolling-paint-phases.html:
compositing/overflow/do-not-paint-outline-into-composited-scrolling-contents.html:
compositing/overflow/dynamic-composited-scrolling-status.html:
compositing/overflow/iframe-inside-overflow-clipping.html:
compositing/overflow/nested-scrolling.html:
compositing/overflow/overflow-clip-with-accelerated-scrolling-ancestor.html:
compositing/overflow/paint-neg-z-order-descendants-into-scrolling-contents-layer.html:
compositing/overflow/scrolling-content-clip-to-viewport.html:
compositing/overflow/scrolling-without-painting.html:
compositing/overflow/textarea-scroll-touch.html:
compositing/overflow/updating-scrolling-content.html:
compositing/rtl/rtl-fixed-overflow-scrolled.html:
compositing/rtl/rtl-overflow-scrolling.html:
fast/block/positioning/rtl-fixed-positioning.html:
fast/block/positioning/vertical-rl/fixed-positioning.html:
fast/dom/horizontal-scrollbar-in-rtl.html:
fast/dom/horizontal-scrollbar-when-dir-change.html:
fast/dom/scroll-reveal-left-overflow.html:
fast/dom/scroll-reveal-top-overflow.html:
fast/dom/vertical-scrollbar-when-dir-change.html:
fast/multicol/pagination/RightToLeft-rl-hittest.html:
scrollingcoordinator/non-fast-scrollable-region-scaled-iframe.html:
scrollingcoordinator/non-fast-scrollable-region-transformed-iframe.html:
swipe/main-frame-pinning-requirement.html:

Turn off threaded scrolling in the cases where it sensibly affects the test result.
These cases are:

tests that use scrollTo or similar, and then depend on the scrolling happening synchronously

tests that use setAcceleratedCompositingForOverflowScrollEnabled, which asserts if combined with threaded scrolling

fast/text/combining-character-sequence-vertical.html:
fast/text/descent-clip-in-scaled-page.html:
fast/text/descent-clip-in-scaled-page-expected.html:
fast/text/vertical-quotation-marks.html:

Turn off threaded scrolling in three tests where it shouldn't affect the test result,
but for some reason does.

10:00 AM Changeset in webkit [190059] by achristensen@apple.com

5 edits in trunk/Source/WebCore

Generate WebCoreHeaderDetection.h with CMake on Windows
https://bugs.webkit.org/show_bug.cgi?id=135861

Reviewed by Brent Fulgham.

This fixes many of the failing media tests.

AVFoundationSupport.py:

(lookFor):
(fileContains):
Use a command line parameter for the WebKitLibraries directory
to not require the WEBKIT_LIBRARIES environment variable with the CMake build.

DerivedSources.make:

Pass WEBKIT_LIBRARIES as a command line parameter.

PlatformAppleWin.cmake:

Added missing sources for video.

PlatformWin.cmake:

Generate WebCoreHeaderDetection.h correctly and copy the media controls sources to WebKit.resources.

9:30 AM Changeset in webkit [190058] by Matt Baker

2 edits in trunk/Source/WebInspectorUI

Web Inspector: requestAnimationFrame continues to be called after stopping the timeline recording
https://bugs.webkit.org/show_bug.cgi?id=149390

Reviewed by Brian Burg.

UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype._update):
Stop calling requestAnimationFrame if this._updating is false and recording end time is NaN.

2:38 AM Changeset in webkit [190057] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.10.0

WebKitGTK+ 2.10.0

2:37 AM Changeset in webkit [190056] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.10

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.10.0 release.

Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

gtk/NEWS: Add release notes for 2.10.0

2:14 AM Changeset in webkit [190055] by Sukolsak Sakshuwong

2 edits in trunk/Source/JavaScriptCore/wasm

Build fix for WebAssembly.

wasm/JSWASMModule.cpp:
wasm/WASMFunctionParser.cpp:

1:53 AM Changeset in webkit [190054] by ChangSeok Oh

3 edits
2 adds in trunk

[GTK] media controls does not show up when playing video finishes.
https://bugs.webkit.org/show_bug.cgi?id=149112

Reviewed by Philippe Normand.

Source/WebCore:

GTK port does not show controls after playing video. This behavior is different
from what Mac port does. They do show controls when playing video finishes.
At least, we should update the timeline before showing it up not to show incorrect numbers
when reappearing.

Test: media/media-controls-timeline-updates-after-playing.html

Modules/mediacontrols/mediaControlsBase.js:

(Controller.prototype.setPlaying):
(Controller.prototype.showControls):

LayoutTests:

media/media-controls-timeline-updates-after-playing-expected.txt: Added.
media/media-controls-timeline-updates-after-playing.html: Added.

1:37 AM Changeset in webkit [190053] by ChangSeok Oh

3 edits
2 adds in trunk

[GTK] timeline is not updated after few seconds when mouse hovers on controls
https://bugs.webkit.org/show_bug.cgi?id=149111

Reviewed by Philippe Normand.

Source/WebCore:

Timeline is not updated if controlsAreHidden is true. The problem here is that
the function does not mean actually 'hidden' since it only checkes 'show' and 'hidden'
class existences. The panel's visibility are not only controlled by the two classes,
but also by video::-webkit-media-controls-panel:hover. The panel could be visible
by setting the pseudo hover class. So we need to check if panel is hovered as well in controlsAreHidden().

Test: media/media-controls-timeline-updates-when-hovered.html

Modules/mediacontrols/mediaControlsBase.js:

(Controller.prototype.controlsAreHidden):

LayoutTests:

media/media-controls-timeline-updates-when-hovered-expected.txt: Added.
media/media-controls-timeline-updates-when-hovered.html: Added.

1:36 AM Changeset in webkit [190052] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r190007 - REGRESSION(r150187): updateIdForTreeScope may not be called inside shadow trees
https://bugs.webkit.org/show_bug.cgi?id=149364

Reviewed by Antti Koivisto.

Since the tree scope is set to that of Document's inside removeBetween when a node is removed from a shadow tree,
oldScope != &treeScope() was already true inside Element::removedFrom. This can introduce an inconsistency in
DocumentOrderedMap which could result in a crash. Fixed the bug by checking it against document(), which is the
behavior we had prior to r150187.

Also added a consistency check in DocumentOrderedMap to catch bugs like this.

No new tests. New assertions fail in existing tests without this fix.

dom/DocumentOrderedMap.cpp:

(WebCore::DocumentOrderedMap::add):
(WebCore::DocumentOrderedMap::remove):
(WebCore::DocumentOrderedMap::get):

dom/DocumentOrderedMap.h:
dom/Element.cpp:

(WebCore::Element::removedFrom):

1:36 AM Changeset in webkit [190051] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.10/Source/WebKit2

Merge r190019 - [GTK] WebEditorClient::supportsGlobalSelection returns true under Wayland
https://bugs.webkit.org/show_bug.cgi?id=149375

Reviewed by Darin Adler.

WebEditorClient::supportsGlobalSelection should return false when running under Wayland,
since Wayland does not have any equivalent for PRIMARY or the concept of a global selection.

WebProcess/WebCoreSupport/WebEditorClient.cpp:

(WebKit::WebEditorClient::supportsGlobalSelection):

1:15 AM Changeset in webkit [190050] by Carlos Garcia Campos

4 edits
2 adds in releases/WebKitGTK/webkit-2.10

Merge r189954 - Multi-hop reference cycles not detected.
https://bugs.webkit.org/show_bug.cgi?id=149181

Reviewed by John Honeycutt.

Source/WebCore:

SVG's cycle detection was not picking up a
case where an element was drawing a pattern, that
referenced another pattern, that referenced another
pattern, that referenced the original pattern.

The issue was that we were forgetting to check the
children of the renderer itself, rather than just
the children of the referenced renderers.

Found by running a test from Blink.

I also took the opportunity to clean up the debugging
code that logs cycle detection.

Test: svg/custom/pattern-3-step-cycle.html

platform/Logging.h: Add a new SVG channel. I can't believe we

didn't already have one!

rendering/svg/SVGResourcesCycleSolver.cpp:

(WebCore::SVGResourcesCycleSolver::resourceContainsCycles): Check the referenced
resources for cycles.
(WebCore::SVGResourcesCycleSolver::resolveCycles): Logging update.

LayoutTests:

Test comes from:
https://chromium.googlesource.com/chromium/blink/+/master/LayoutTests/svg/custom/pattern-3-step-cycle.html

svg/custom/pattern-3-step-cycle-expected.txt: Added.
svg/custom/pattern-3-step-cycle.html: Added.

1:12 AM Changeset in webkit [190049] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.10

Cyclic resources were not detected if the reference had deep containers
https://bugs.webkit.org/show_bug.cgi?id=149182

Reviewed by John Honeycutt.

Source/WebCore:

During our examination of the SVG rendering tree looking for cycles,
if a resource pointed to something that had a nested structure, and
one of the parent nodes in that structure was a container object
without resources itself, we were not looking into the children.

Test: svg/custom/pattern-content-cycle-w-resourceless-container.html

rendering/svg/SVGResourcesCycleSolver.cpp:

(WebCore::SVGResourcesCycleSolver::resourceContainsCycles): We should still
check all children resources, but not exit early if there are none. Instead
we should recurse into any children.
(WebCore::SVGResourcesCycleSolver::resolveCycles): Changes to some debug
code that no longer compiled (it's still off by default, but at least
it will work now).

LayoutTests:

This test was ported from Blink. I believe it originally
came from:
https://code.google.com/p/chromium/issues/detail?id=351713

svg/custom/pattern-content-cycle-w-resourceless-container-expected.txt: Added.
svg/custom/pattern-content-cycle-w-resourceless-container.html: Added.

1:10 AM Changeset in webkit [190048] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.10/Source/WebCore

Merge r190045 - [GTK] REGRESSION(188031): ASSERTION FAILED: menu
https://bugs.webkit.org/show_bug.cgi?id=149379

Reviewed by Carlos Garcia Campos.

Remove assert that no longer makes sense.

platform/gtk/ContextMenuGtk.cpp:

(WebCore::ContextMenu::setPlatformDescription): Deleted.

1:02 AM Changeset in webkit [190047] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.10

Merge r188973 - [GTK] Disable ACCELERATED_2D_CANVAS by default
https://bugs.webkit.org/show_bug.cgi?id=148473

Reviewed by Martin Robinson.

Currently ACCELERATED_2D_CANVAS is enabled by default on most systems (which have CairoGL)
but not on Debian (which does not). We've known this was problematic for a while, since it
means we have two different sets of distro-dependent bugs, but never decided whether that
outweighed the benefits of CarioGL or not. I'm making the call now: it's more important to
have the same bugs everywhere. We can turn this on again for other distros when we're ready
to turn it on for Debian.

Also, properly fail the build if ENABLE_ACCELERATED_2D_CANVAS is enabled but CairoGL is not
available.

Source/cmake/OptionsGTK.cmake:

12:28 AM Changeset in webkit [190046] by Carlos Garcia Campos

2 edits in trunk/Tools

[GTK] run-gtk-tests doesn't provide feedback about crashing google tests
https://bugs.webkit.org/show_bug.cgi?id=149252

Reviewed by Darin Adler.

In case of glib tests the test runner notifies about tests
crashing, but for google tests we don't get any feedback, which
means that in case of a test crashing we get a list of PASS
messages and at the summary we are notified that the test suite
has failed, but it's impossible to know which test cases have failed.

Scripts/run-gtk-tests:

(TestRunner._run_google_test): Add a CRASH message if test
case crashed.

12:22 AM Changeset in webkit [190045] by Michael Catanzaro

2 edits in trunk/Source/WebCore

[GTK] REGRESSION(188031): ASSERTION FAILED: menu
https://bugs.webkit.org/show_bug.cgi?id=149379

Reviewed by Carlos Garcia Campos.

Remove assert that no longer makes sense.

platform/gtk/ContextMenuGtk.cpp:

(WebCore::ContextMenu::setPlatformDescription): Deleted.

12:12 AM Changeset in webkit [190044] by bshafiei@apple.com

3 edits in branches/safari-601.1.46-branch/Source/WebKit2

Roll out r189944. rdar://problem/22763066

Sep 20, 2015:

10:06 PM Changeset in webkit [190043] by Sukolsak Sakshuwong

10 edits in trunk/Source/JavaScriptCore

Implement SetLocal and SetGlobal expressions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149383

Reviewed by Saam Barati.

SetLocal and SetGlobal in WebAssembly can be both statements and
expressions. We have implemented the statement version. This patch
implements the expression version.

SetLocal and SetGlobal expressions return the assigned value.
Since SetLocal and SetGlobal use only one operand, which is the assigned
value, we can simply implement them by not removing the value from the
top of the stack.

tests/stress/wasm-globals.js:
tests/stress/wasm-locals.js:
tests/stress/wasm/globals.wasm:
tests/stress/wasm/locals.wasm:
wasm/WASMConstants.h:
wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::buildSetLocal):
(JSC::WASMFunctionCompiler::buildSetGlobal):

wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseStatement):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseSetLocal):
(JSC::WASMFunctionParser::parseSetGlobal):
(JSC::WASMFunctionParser::parseSetLocalStatement): Deleted.
(JSC::WASMFunctionParser::parseSetGlobalStatement): Deleted.

wasm/WASMFunctionParser.h:
wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildSetLocal):
(JSC::WASMFunctionSyntaxChecker::buildSetGlobal):

9:36 PM Changeset in webkit [190042] by commit-queue@webkit.org

1 edit
1 add in trunk/Source/JavaScriptCore

[ES6] Added controlFlowProfiler test for arrow function
https://bugs.webkit.org/show_bug.cgi?id=145638

Patch by Aleksandr Skachkov <gskachkov@gmail.com> on 2015-09-19
Reviewed by Saam Barati.

Source/JavaScriptCore/tests/controlFlowProfiler/arrowfunction-expression.js: added

9:26 PM Changeset in webkit [190041] by aestes@apple.com

3 edits
3 adds in trunk/LayoutTests

http/tests/contentfiltering/load-substitute-data-from-appcache.html crashes sometimes
https://bugs.webkit.org/show_bug.cgi?id=148890

Reviewed by Alexey Proskuryakov.

Added a test to verify my theory that load-substitute-data-from-appcache.html will crash even with Content Filtering disabled.

TestExpectations: Skipped the new test since it only works in WebKit2.
http/tests/appcache/decide-navigation-policy-after-delay-expected.txt: Added.
http/tests/appcache/decide-navigation-policy-after-delay.html: Added.
http/tests/appcache/resources/decide-navigation-policy-after-delay-frame.html: Added.
platform/wk2/TestExpectations: Enabled the test in WebKit2.

8:39 PM Changeset in webkit [190040] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed attempt to fix GTK build after r190030.

bindings/gobject/WebKitDOMCustom.cpp:

(webkit_dom_html_link_element_set_sizes):

8:33 PM Changeset in webkit [190039] by Chris Dumez

3 edits in trunk/Source/WebCore

Unreviewed, another GTK build fix after r190017.

bindings/scripts/CodeGeneratorGObject.pm:

(IsPropertyWriteable):

bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:

(webkit_dom_test_obj_class_init):
(webkit_dom_test_obj_set_property): Deleted.

8:24 PM Changeset in webkit [190038] by Chris Dumez

4 edits in trunk/Source/WebCore

Unreviewed attempt to fix the GTK build after r190017.

bindings/scripts/CodeGeneratorGObject.pm:

(SkipFunction):

8:01 PM Changeset in webkit [190037] by Chris Dumez

2 edits in trunk/LayoutTests

Unreviewed, rebaseline W3C HTML DOM test on iOS after r190030.

platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:

7:42 PM Changeset in webkit [190036] by Chris Dumez

72 edits in trunk/Source/WebCore

Pass JSC::ExecState to the custom bindings by reference
https://bugs.webkit.org/show_bug.cgi?id=149393

Reviewed by Sam Weinig.

Pass JSC::ExecState to the custom bindings by reference instead of by
pointer as it is expected to be non-null.

5:28 PM Changeset in webkit [190035] by ap@apple.com

3 edits in trunk/Tools

WebKitTestRunner can leak user content script results between tests
https://bugs.webkit.org/show_bug.cgi?id=149391

Reviewed by Sam Weinig.

Move WKBundlePageRemoveAllUserContent call so that it's executed before loading
about:blank, and thus about:blank doesn't have unintended side effects.

WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::beginTesting):

WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:

(WTR::InjectedBundlePage::resetAfterTest):

4:24 PM Changeset in webkit [190034] by Chris Dumez

3 edits in trunk/Source/WebCore

Regression(r190023): fast/dom/navigation-with-sideeffects-crash.html is crashing
https://bugs.webkit.org/show_bug.cgi?id=149392

Reviewed by Alexey Proskuryakov.

In the generated code for [PutForwards=xxx], make sure the forwarded
implementation object is ref'd before calling toString() as toString()
can be overridden by JS and cause the object to get deref'd / destroyed.

No new tests, already covered by existing test.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::setJSTestObjPutForwardsAttribute):
(WebCore::setJSTestObjPutForwardsNullableAttribute):

12:52 PM Changeset in webkit [190033] by ap@apple.com

2 edits in trunk/LayoutTests

Fix a relative path in accessibility/mac/removing-textarea-after-edit-crash.html
after moving the test.
https://bugs.webkit.org/show_bug.cgi?id=149217

Patch by Chris Fleizach <Chris Fleizach> on 2015-09-20
Reviewed by Alexey Proskuryakov.

accessibility/mac/removing-textarea-after-edit-crash.html:

12:20 PM Changeset in webkit [190032] by Sukolsak Sakshuwong

1 edit in trunk/Tools/Scripts/webkitpy/common/config/contributors.json

Unreviewed, updated my email address.

Scripts/webkitpy/common/config/contributors.json:

9:44 AM Changeset in webkit [190031] by bshafiei@apple.com

4 edits
2 copies in branches/safari-601.1.46-branch

Merged r189997. rdar://problem/22772263

9:43 AM Changeset in webkit [190030] by Chris Dumez

29 edits
1 delete in trunk

Get rid of custom bindings for HTMLLinkElement.sizes setter
https://bugs.webkit.org/show_bug.cgi?id=149382

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

web-platform-tests/html/dom/interfaces-expected.txt:

Rebaseline test. Our bindings generator does not move attributes that have
a custom setter from the instance to the prototype. Now that the 'sizes'
attribute no longer has a custom setter, it has moved to the prototype,
where it is expected to be.

Source/WebCore:

Get rid of custom bindings for HTMLLinkElement.sizes setter by leveraging
the new [PutForwards=xxx] Web IDL extended attribute, as per the HTML
specification:

https://html.spec.whatwg.org/#htmllinkelement

Also add FIXME comments in our IDL for various attributes that should be
using [PutForwards=xxx] according to the HTML specification but are not
currently. Those were not updated in this patch because it will subtly
change their web-exposed behavior.

No new tests, no intended web-exposed behavior change. However, one side
effect of the change is that the attribtue has moved to the prototype.
Our bindings generator was keeping this attribute on the instance because
it has a custom setter.
Bindings tests coverage was extended.

CMakeLists.txt:
WebCore.vcxproj/WebCore.vcxproj:
WebCore.vcxproj/WebCore.vcxproj.filters:
WebCore.xcodeproj/project.pbxproj:
bindings/js/JSBindingsAllInOne.cpp:
bindings/js/JSHTMLLinkElementCustom.cpp: Removed.

Drop custom bindings for HTMLLinkElement.sizes setter.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

Stop passing an extra isNull argument to getters of nullable attributes that have a wrapper type. These can return a null pointer so there is no need for an extra argument.
When [PutForwards=xxx] is used, only do the null-check on the attribute getter if the attribute is marked as nullable. If the attribute is not marked as nullable, the implementation is expected to return a C++ reference, otherwise a raw pointer. This was needed because HTMLLinkElement::sizes() returns a reference as it can never return null.

bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
bindings/scripts/test/GObject/WebKitDOMTestObj.h:
bindings/scripts/test/JS/JSTestObj.cpp:
bindings/scripts/test/ObjC/DOMTestObj.h:
bindings/scripts/test/ObjC/DOMTestObj.mm:
bindings/scripts/test/TestObj.idl:

Add bindings tests coverage for using [PutForwards=xxx] on a
nullable attribute.

dom/Document.idl:

Mark Document.location as nullable as per the specification. The
implementation returns a raw pointer and can return null. The
bindings generator expects a raw pointer and will do a null check
on it.

html/HTMLAnchorElement.idl:
html/HTMLAreaElement.idl:
html/HTMLElement.idl:
html/HTMLIFrameElement.idl:
html/HTMLOutputElement.idl:
html/HTMLTableCellElement.idl:

Add FIXME comments for attributes that are supposed to use
[PutForwards=xxx] as per the HTML specification but currently don't.

html/HTMLLinkElement.idl:

Use [PutForwards=value] for the 'sizes' attribute, as per the
specification and stop using a custom setter.

9:41 AM Changeset in webkit [190029] by bshafiei@apple.com

3 edits in branches/safari-601.1.46-branch/Source/WebKit2

Merged r189944. rdar://problem/22763066

9:41 AM Changeset in webkit [190028] by Chris Dumez

52 edits in trunk/Source/WebCore

[CallWith=ScriptState] should pass ExecState to the implementation by reference
https://bugs.webkit.org/show_bug.cgi?id=149378

Reviewed by Sam Weinig.

[CallWith=ScriptState] should pass ExecState to the implementation by
reference instead of pointer, as it is expected to be non-null.

Also rename the ExecState variables from 'exec' to 'state' in the
bindings as this is the preferred naming convention.

Modules/indexeddb/IDBCursor.h:
Modules/indexeddb/IDBObjectStore.h:
Modules/indexeddb/legacy/LegacyCursor.cpp:

(WebCore::LegacyCursor::update):

Modules/indexeddb/legacy/LegacyCursor.h:
Modules/indexeddb/legacy/LegacyObjectStore.cpp:

(WebCore::LegacyObjectStore::add):
(WebCore::LegacyObjectStore::put):

Modules/indexeddb/legacy/LegacyObjectStore.h:
Modules/mediastream/CapabilityRange.cpp:

(WebCore::scriptValue):
(WebCore::CapabilityRange::min):
(WebCore::CapabilityRange::max):

Modules/mediastream/CapabilityRange.h:
Modules/streams/ReadableStreamController.h:

(WebCore::ReadableStreamController::error):
(WebCore::ReadableStreamController::enqueue):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateEventListenerCall):
(GenerateGetOwnPropertySlotBody):
(GenerateHeader):
(GenerateOverloadedFunction):
(GetIndexedGetterExpression):
(GenerateImplementation):
(GenerateFunctionCastedThis):
(GenerateCallWith):
(GenerateArgumentsCountCheck):
(GenerateParametersCheck):
(GenerateReturnParameters):
(GenerateCallbackHeader):
(GenerateCallbackImplementation):
(GenerateImplementationFunctionCall):
(JSValueToNative):
(NativeToJSValue):
(GenerateOverloadedConstructorDefinition):
(GenerateConstructorDefinition):

9:37 AM Changeset in webkit [190027] by bshafiei@apple.com

5 edits in branches/safari-601.1.46-branch/Source

Versioning.

8:30 AM Changeset in webkit [190026] by ap@apple.com

5 edits in trunk

[Mac, iOS] AccessibilityController doesn't uninstall global notification handler
https://bugs.webkit.org/show_bug.cgi?id=149384

Reviewed by Chris Fleizach.

Tools:

DumpRenderTree/ios/AccessibilityControllerIOS.mm:

(AccessibilityController::addNotificationListener): Fixed a leak, and cleaned up the code.
(AccessibilityController::platformResetToConsistentState): Actually remove the handler,
regardless of whether someone else holds a reference (we also call -stopListening in
-dealloc).

DumpRenderTree/mac/AccessibilityControllerMac.mm:

(AccessibilityController::platformResetToConsistentState):
(AccessibilityController::addNotificationListener):
Ditto.

LayoutTests:

accessibility/mac/loaded-notification.html: Cleaned up the test - js-test-pre is

incompatible with directly using waitUntilDone.

3:30 AM Changeset in webkit [190025] by youenn.fablet@crf.canon.fr

21 edits in trunk

.:
Removing XHR_TIMEOUT guard

Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

Source/cmake/OptionsEfl.cmake:
Source/cmake/OptionsGTK.cmake:
Source/cmake/OptionsMac.cmake:
Source/cmake/OptionsWin.cmake:
Source/cmake/WebKitFeatures.cmake:

Source/JavaScriptCore:
Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

Configurations/FeatureDefines.xcconfig:

Source/WebCore:
Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

Covered by existing tests.

Configurations/FeatureDefines.xcconfig:
xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::XMLHttpRequest):
(WebCore::XMLHttpRequest::didFail):
(WebCore::XMLHttpRequest::didReachTimeout):
(WebCore::XMLHttpRequest::setTimeout):
(WebCore::XMLHttpRequest::setResponseType):
(WebCore::XMLHttpRequest::open):
(WebCore::XMLHttpRequest::createRequest):
(WebCore::XMLHttpRequest::internalAbort):
(WebCore::XMLHttpRequest::didFailRedirectCheck):
(WebCore::XMLHttpRequest::didSendData):
(WebCore::XMLHttpRequest::suspend):

xml/XMLHttpRequest.h:
xml/XMLHttpRequest.idl:

Source/WebKit/mac:
Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

Configurations/FeatureDefines.xcconfig:

Source/WebKit2:
Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

Configurations/FeatureDefines.xcconfig:

Source/WTF:
Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

wtf/FeatureDefines.h:

Tools:
Remove XHR_TIMEOUT compilation guard
https://bugs.webkit.org/show_bug.cgi?id=149260

Reviewed by Benjamin Poulain.

Scripts/webkitperl/FeatureList.pm:

12:38 AM Changeset in webkit [190024] by timothy_horton@apple.com

2 edits in trunk/Source/WebCore

Add two missing files to the Xcode project

WebCore.xcodeproj/project.pbxproj:

These are imported by files that are built for Mac, but missing from the project.

Sep 19, 2015:

6:59 PM Changeset in webkit [190023] by Chris Dumez

18 edits in trunk/Source/WebCore

[Web IDL] Add support for [PutForwards=XXX] IDL extended attribute
https://bugs.webkit.org/show_bug.cgi?id=149376

Reviewed by Darin Adler.

[Web IDL] Add support for [PutForwards=XXX] IDL extended attribute:
https://heycam.github.io/webidl/#PutForwards

As an initial proof of concept, use it for Document.location as per the
HTML specification, instead of using custom bindings:
https://html.spec.whatwg.org/multipage/dom.html#the-document-object

More attributes can be ported later.

No new tests, no web-exposed behavior change intended. Bindings tests
coverage was added.

bindings/js/JSDocumentCustom.cpp:

Drop custom bindings for the location attribute setter.

bindings/scripts/CodeGenerator.pm:

(GetAttributeFromInterface):
Add convenience function that returned an attribute from another
interface. This is used by [PutForwards] to retrieve the forwarded
attribute.

bindings/scripts/CodeGeneratorJS.pm:

(IsReadonly):
(GenerateImplementation):

bindings/scripts/IDLAttributes.txt:

Add support for [PutForwards=XXX] IDL extended attribute.

bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
bindings/scripts/test/GObject/WebKitDOMTestNode.h:
bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
bindings/scripts/test/GObject/WebKitDOMTestObj.h:
bindings/scripts/test/JS/JSTestNode.cpp:
bindings/scripts/test/JS/JSTestObj.cpp:
bindings/scripts/test/ObjC/DOMTestNode.h:
bindings/scripts/test/ObjC/DOMTestNode.mm:
bindings/scripts/test/ObjC/DOMTestObj.h:
bindings/scripts/test/ObjC/DOMTestObj.mm:

Add binding tests coverage for [PutForwards=XXX] IDL extended
attribute.

dom/Document.idl:

Use [PutForwards=href] for Document.location attribute, as per the HTML
specification and stop using custom bindings for the setter. Also mark
the attribute as readonly as all attributes using [PutForwards] must be
marked as readonly as per the Web IDL specification.

6:09 PM Changeset in webkit [190022] by Yusuke Suzuki

2 edits in trunk/Source/JavaScriptCore

[GTK] Unreviewed, should check the result of fread
https://bugs.webkit.org/show_bug.cgi?id=148917

Suppress the build warning on GTK with GCC.

jsc.cpp:

(fillBufferWithContentsOfFile):
(fetchModuleFromLocalFileSystem):

5:45 PM Changeset in webkit [190021] by Chris Dumez

18 edits
2 adds in trunk

[WebIDL] Specify default parameter values where it is useful
https://bugs.webkit.org/show_bug.cgi?id=149331
<rdar://problem/22545600>

Reviewed by Darin Adler.

Source/WebCore:

Specify default parameter values where it is useful in our IDL, that is
to say where undefined would be converted to something else than the
default value otherwise. This patch focuses on the HTML API.

This patch also adds support for default values for optional parameters
of string enumeration type as this was needed by the
CanvasRenderingContext2D API.

Test: fast/html/undefined-parameter-default-value.html

bindings/scripts/CodeGeneratorJS.pm:

(GenerateParametersCheck):
Add support default values for optional parameters of string enumeration
type as this was needed by the CanvasRenderingContext2D API.

bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
bindings/scripts/test/GObject/WebKitDOMTestObj.h:
bindings/scripts/test/JS/JSTestObj.cpp:
bindings/scripts/test/ObjC/DOMTestObj.h:
bindings/scripts/test/ObjC/DOMTestObj.mm:
bindings/scripts/test/TestObj.idl:

Add bindings tests coverage for optional parameters of string enumeration
type and that have a default value.

html/HTMLInputElement.idl:

Specify default parameter value for stepUp() / stepDown(). Without this,
stepUp(undefined) would be equivalent to calling stepUp(0) even though
it is supposed to be equivalent to calling stepUp(1).

html/HTMLTableElement.idl:
html/HTMLTableSectionElement.idl:

Specify default parameter value for insertRow(). Without this,
insertRow(undefined) would be equivalent to insertRow(0) instead of
insertRow(-1). This would prepend the row instead of appending it:

html/HTMLTableRowElement.idl:

Specify default parameter value for insertCell(). Without this,
insertCell(undefined) would be equivalent to insertCell(0) instead of
insertCell(-1). This would prepend the cell instead of appending it:

https://html.spec.whatwg.org/#htmltablerowelement

html/canvas/CanvasRenderingContext2D.idl:

Specify default value for CanvasWindingRule parameters so that calling
this with undefined will use the default enum value instead of using the
"undefined" string and then throwing because it is not a valid enum value:

https://html.spec.whatwg.org/#canvasrenderingcontext2d

LayoutTests:

Add test to check the behavior of passing undefined for various optional
parameters that have a default value in the HTML specification.

fast/html/undefined-parameter-default-value-expected.txt: Added.
fast/html/undefined-parameter-default-value.html: Added.

5:43 PM Changeset in webkit [190020] by eric.carlson@apple.com

8 edits in trunk/Source/WebCore

Cleanup code that finds and loads a media engine
https://bugs.webkit.org/show_bug.cgi?id=149371

Reviewed by Darin Adler.

No new tests, no functional change.

Modules/mediastream/MediaStream.cpp:

(WebCore::MediaStream::setRegistry): New, set the registry.
(WebCore::MediaStream::lookup): New, lookup a url in the registry.

Modules/mediastream/MediaStream.h:

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::loadResource): Restructure and simplify the code that tries the

different types of media engine so the code is easier to understand and modify.

(WebCore::HTMLMediaElement::createMediaPlayer): Clear m_mediaStreamSrcObject.

platform/graphics/MediaPlayer.cpp:

(WebCore::buildMediaEnginesVector): Add some whitespace to make it easier to read.
(WebCore::bestMediaEngineForSupportParameters): Also process mediastream and mediasource urls.
(WebCore::MediaPlayer::load): ASSERT if called when the reload timer is active.
(WebCore::MediaPlayer::loadWithNextMediaEngine): Also process mediastream and mediasource urls.

platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::supportsType): Don't test empty/null urls.

platform/mock/mediasource/MockMediaPlayerMediaSource.cpp:

(WebCore::MockMediaPlayerMediaSource::supportsType): Ditto.

5:17 PM Changeset in webkit [190019] by Michael Catanzaro

2 edits in trunk/Source/WebKit2

[GTK] WebEditorClient::supportsGlobalSelection returns true under Wayland
https://bugs.webkit.org/show_bug.cgi?id=149375

Reviewed by Darin Adler.

WebEditorClient::supportsGlobalSelection should return false when running under Wayland,
since Wayland does not have any equivalent for PRIMARY or the concept of a global selection.

WebProcess/WebCoreSupport/WebEditorClient.cpp:

(WebKit::WebEditorClient::supportsGlobalSelection):

3:36 PM WebKitIDL edited by Chris Dumez

Add [SetterCallWith] (diff)

3:07 PM Changeset in webkit [190018] by mitz@apple.com

2 edits in trunk/Source/WebKit2

Attempted build fix.

mac/postprocess-framework-headers.sh: Fixed an overzealous regular expression.

2:37 PM Changeset in webkit [190017] by Chris Dumez

17 edits in trunk/Source/WebCore

Get rid of most custom bindings for Location.idl
https://bugs.webkit.org/show_bug.cgi?id=149370

Reviewed by Darin Adler.

Get rid of most custom bindings for Location.idl by extending support
for the [CallWith=XXX] IDL extended attribute to support 2 additional
values: ActiveWindow and FirstWindow. Also introduce a
[SetterCallWith=XXX] alternative that passes the extra arguments to
the attribute setter only, as is needed by the Location attributes.

No new tests, no intended web-exposed behavior change.

bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
bindings/scripts/test/GObject/WebKitDOMTestObj.h:
bindings/scripts/test/JS/JSTestObj.cpp:
bindings/scripts/test/ObjC/DOMTestObj.h:
bindings/scripts/test/ObjC/DOMTestObj.mm:
bindings/scripts/test/TestObj.idl:

Add bindings tests coverage for [SetterCallWith=XXX].

page/Location.idl:

Also drop [DoNotCheckSecurityOnSetter] on href attribute. It has
no effet as the interface does not have [CheckSecurity].

2:05 PM Changeset in webkit [190016] by mitz@apple.com

2 edits in trunk/Tools

Attempted build fix.

WebKitTestRunner/Configurations/WebKitTestRunnerApp.xcconfig:

11:15 AM Changeset in webkit [190015] by Chris Dumez

6 edits in trunk/Source/WebCore

Get rid of custom bindings for Document.location getter
https://bugs.webkit.org/show_bug.cgi?id=149369

Reviewed by Andreas Kling.

Get rid of custom bindings for Document.location getter by defining
a location getter on Document that calls the one on the document's
DOMWindow. The DOMWindow location getter already has an
isCurrentlyDisplayedInFrame() check so the document does not need
to do a null check on the frame.

No new tests, no web-exposed behavior change intended.

bindings/js/JSDocumentCustom.cpp:

(WebCore::JSDocument::location): Deleted.

dom/Document.cpp:

(WebCore::Document::location):

dom/Document.h:
dom/Document.idl:
page/DOMWindow.cpp:

(WebCore::DOMWindow::location):

8:36 AM Changeset in webkit [190014] by sbarati@apple.com

4 edits in trunk/Source/JavaScriptCore

VariableEnvironmentNode should inherit from ParserArenaDeletable because VariableEnvironment's must have their destructors run
https://bugs.webkit.org/show_bug.cgi?id=149359

Reviewed by Andreas Kling.

VariableEnvironment must have its destructor run.
Therefore, VariableEnvironmentNode should inherit from ParserArenaDeletable.
Also, anything that inherits from VariableEnvironmentNode must use
ParserArenaDeletable's operator new. Also, any other nodes that own
a VariableEnvironment must also have their destructors run.

parser/Nodes.h:

(JSC::VariableEnvironmentNode::VariableEnvironmentNode):

2:59 AM Changeset in webkit [190013] by dino@apple.com

3 edits
2 adds in trunk

Null dereference loading Blink layout test svg/filters/feImage-failed-load-crash.html
https://bugs.webkit.org/show_bug.cgi?id=149316
<rdar://problem/22749532>

Reviewed by Tim Horton.

Source/WebCore:

If an feImage triggered loading a resource, and then was removed from the document,
we'd still try to notify its parent when the resource arrived (or failed).

Merge Blink commit:
https://chromium.googlesource.com/chromium/blink/+/9cbcfd7866bbaff0c4b3c4c8508b7c97b46d6e6a

Test: svg/filters/feImage-failed-load-crash.html

svg/SVGFEImageElement.cpp:

(WebCore::SVGFEImageElement::notifyFinished): Add a null check to the parent element
before sending the notification.

LayoutTests:

Merge Blink commit:
https://chromium.googlesource.com/chromium/blink/+/9cbcfd7866bbaff0c4b3c4c8508b7c97b46d6e6a

svg/filters/feImage-failed-load-crash-expected.txt: Added.
svg/filters/feImage-failed-load-crash.html: Added.

2:56 AM Changeset in webkit [190012] by dino@apple.com

3 edits
6 adds in trunk

Null dereference loading Blink layout test svg/custom/use-href-attr-removal-crash.html
https://bugs.webkit.org/show_bug.cgi?id=149315
<rdar://problem/22749358>

Reviewed by Tim Horton.

Source/WebCore:

We were not checking if the corresponding element referenced from
the SVG <use> actually existed before trying to set attributes on it.
The original Blink change is a little more detailed:
https://chromium.googlesource.com/chromium/blink/+/e2f1087f32bb088160ab7d59a715a1403ef267c7
However, we've significantly diverged at this point.

Tests: svg/custom/use-href-attr-removal-crash.html

svg/custom/use-href-attr-removal-crash2.svg
svg/custom/use-href-change-local-to-invalid-remote.html

svg/SVGUseElement.cpp:

(WebCore::SVGUseElement::transferSizeAttributesToTargetClone):

LayoutTests:

These tests, copied from Blink, should not crash.
The originals come from:
https://chromium.googlesource.com/chromium/blink/+/e2f1087f32bb088160ab7d59a715a1403ef267c7

svg/custom/use-href-attr-removal-crash.html: Added.
svg/custom/use-href-attr-removal-crash-expected.txt: Added.
svg/custom/use-href-attr-removal-crash2.svg: Added.
svg/custom/use-href-attr-removal-crash2-expected.txt: Added.
svg/custom/use-href-change-local-to-invalid-remote.html: Added.
svg/custom/use-href-change-local-to-invalid-remote-expected.txt: Added.

1:57 AM Changeset in webkit [190011] by achristensen@apple.com

2 edits in trunk/Source/WebKit

Fix Windows tests after r189934.

CMakeLists.txt:

Include WebKit.rc to include resources like missingImage.png in WebKit.dll.

Sep 18, 2015:

10:00 PM Changeset in webkit [190010] by ap@apple.com

2 edits in trunk/LayoutTests

Update Mac expectations for http/tests/cache/iframe-304-crash.html.
This test is flaky everywhere, not just on Mavericks and Yosemite.

platform/mac-wk2/TestExpectations:

9:48 PM Changeset in webkit [190009] by commit-queue@webkit.org

21 edits in trunk

Unreviewed, rolling out r189908.
https://bugs.webkit.org/show_bug.cgi?id=149368

Broke run-webkit-tests --pixel (Requested by ap on #webkit).

Reverted changeset:

"printing does not use minimum page zoom factor"
https://bugs.webkit.org/show_bug.cgi?id=108507
http://trac.webkit.org/changeset/189908

9:18 PM Changeset in webkit [190008] by rniwa@webkit.org

4 edits
2 adds in trunk

Inserting or removing slot elements can cause a crash
https://bugs.webkit.org/show_bug.cgi?id=149365

Reviewed by Antti Koivisto.

Source/WebCore:

HTMLSlotElement::insertedInto and removedFrom were doing completely non-sensical.

Since insertedInto and removedFrom are called on an element whenever it or its ancestor is inserted into
or removed from a container node, we can't always call addSlotElementByName removeSlotElementByName when
those functions are called. Instead, we need to check whether this slot has been inserted into or removed
from a container node that resides inside a shadow root.

Also reverted r189906 since the change was made upon a bogus assumption I had made.

Test: fast/shadow-dom/slot-removal-crash.html

dom/Element.cpp:

(WebCore::Element::insertedInto): Added comments.
(WebCore::Element::removedFrom): Ditto.
(WebCore::Element::addShadowRoot): Reverted r189906.
(WebCore::Element::removeShadowRoot): Ditto.

html/HTMLSlotElement.cpp:

(WebCore::HTMLSlotElement::insertedInto): When the insertion point's tree scope is different from ours,
the insertion happened to our shadow host or its ancestor. There is nothing to be done in that case since
the shadow tree was not modified (in particular, our relationship with our shadow root never changed).
We also don't do anything if we got inserted into a parent which is not inside a shadow tree.

(WebCore::HTMLSlotElement::removedFrom): Since Container::removeBetween sets the tree scope before this
function is getting called, we can't compare this element's treeScope with that of the "insertion" point.
They're always different regardless of whether the insertion point was in the same shadow tree to which
we belong or its shadow host's. However, since a node removed from a shadow tree is put into document's
tree scope before this function is called and InShadowTree flag is unset in Node::removedFrom at the end
of this function, this slot element is definitely being removed from its shadow root when isInShadowTree()
is true and the newly set tree scope is of the document. So call removeSlotElementByName if and only if
that condition holds.

(WebCore::HTMLSlotElement::getDistributedNodes): Explicitly check that we're inside a shadow root.

LayoutTests:

Added regression tests.

fast/shadow-dom/slot-removal-crash.html: Added.

7:53 PM Changeset in webkit [190007] by rniwa@webkit.org

4 edits in trunk/Source/WebCore

REGRESSION(r150187): updateIdForTreeScope may not be called inside shadow trees
https://bugs.webkit.org/show_bug.cgi?id=149364

Reviewed by Antti Koivisto.

Also added a consistency check in DocumentOrderedMap to catch bugs like this.

No new tests. New assertions fail in existing tests without this fix.

dom/DocumentOrderedMap.cpp:

(WebCore::DocumentOrderedMap::add):
(WebCore::DocumentOrderedMap::remove):
(WebCore::DocumentOrderedMap::get):

dom/DocumentOrderedMap.h:
dom/Element.cpp:

(WebCore::Element::removedFrom):

7:31 PM Changeset in webkit [190006] by Antti Koivisto

4 edits
2 adds in trunk

Don't create renderers for children of shadow host
https://bugs.webkit.org/show_bug.cgi?id=149363

Reviewed by Ryosuke Niwa.

Source/WebCore:

Test: fast/shadow-dom/css-scoping-shadow-root-hides-children.html

dom/ShadowRoot.h:
style/StyleResolveTree.cpp:

(WebCore::Style::attachRenderTree):
(WebCore::Style::resolveShadowTree):
(WebCore::Style::resolveChildren):
(WebCore::Style::resolveTree):

LayoutTests:

fast/shadow-dom/css-scoping-shadow-root-hides-children-expected.html: Added.
fast/shadow-dom/css-scoping-shadow-root-hides-children.html: Added.

7:18 PM Changeset in webkit [190005] by commit-queue@webkit.org

3 edits in trunk/Source/JavaScriptCore

Remove duplicate code in the WebAssembly parser
https://bugs.webkit.org/show_bug.cgi?id=149361

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-18
Reviewed by Saam Barati.

Refactor the methods for parsing GetLocal and GetGlobal in WebAssembly
to remove duplicate code.

wasm/WASMFunctionParser.cpp:

(JSC::nameOfType):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseUnaryExpressionF64):
(JSC::WASMFunctionParser::parseBinaryExpressionF64):
(JSC::WASMFunctionParser::parseGetLocalExpression):
(JSC::WASMFunctionParser::parseGetGlobalExpression):
(JSC::WASMFunctionParser::parseGetLocalExpressionI32): Deleted.
(JSC::WASMFunctionParser::parseGetGlobalExpressionI32): Deleted.
(JSC::WASMFunctionParser::parseGetLocalExpressionF32): Deleted.
(JSC::WASMFunctionParser::parseGetGlobalExpressionF32): Deleted.
(JSC::WASMFunctionParser::parseGetLocalExpressionF64): Deleted.
(JSC::WASMFunctionParser::parseGetGlobalExpressionF64): Deleted.

wasm/WASMFunctionParser.h:

6:26 PM Changeset in webkit [190004] by sbarati@apple.com

2 edits in trunk/Source/JavaScriptCore

Refactor common code between GetCatchHandlerFunctor and UnwindFunctor
https://bugs.webkit.org/show_bug.cgi?id=149276

Reviewed by Mark Lam.

There is currently code copy-pasted between these
two functors. Lets not do that. It's better to write
a function, even if the function is small.

I also did a bit of renaming to make the intent of the
unwindCallFrame function clear. The name of the function
didn't really indicate what it did. It decided if it was
okay to unwind further, and it also notified the debugger.
I've renamed the function to notifyDebuggerOfUnwinding.
And I've inlined the logic of deciding if it's okay
to unwind further into UnwindFunctor itself.

interpreter/Interpreter.cpp:

(JSC::Interpreter::isOpcode):
(JSC::getStackFrameCodeType):
(JSC::Interpreter::stackTraceAsString):
(JSC::findExceptionHandler):
(JSC::GetCatchHandlerFunctor::GetCatchHandlerFunctor):
(JSC::GetCatchHandlerFunctor::operator()):
(JSC::notifyDebuggerOfUnwinding):
(JSC::UnwindFunctor::UnwindFunctor):
(JSC::UnwindFunctor::operator()):
(JSC::Interpreter::notifyDebuggerOfExceptionToBeThrown):
(JSC::unwindCallFrame): Deleted.

6:25 PM Changeset in webkit [190003] by Darin Adler

13 edits
2 deletes in trunk/Source/WebCore

Refine and simplify some color-related code
https://bugs.webkit.org/show_bug.cgi?id=148961

Reviewed by Anders Carlsson.

Refactoring code that seems to be covered by existing tests.

css/CSSParser.cpp:

(WebCore::CSSParser::parseColor): Handle the empty string efficiently so that
callers don't need to do that.

platform/graphics/Color.h: Started adding comments about deprecation.

Added RGBA class for future use whenever we need an RGBA quadruplet rather than
a color with a color space. Added FIXME about future evoluation of the classes here.
Added OptionalColor so we can start removing the "invalid color" feature from Color.
Added roundAndClampColorChannel function.

svg/ColorDistance.cpp: Removed.
svg/ColorDistance.h: Removed.

CMakeLists.txt: Removed ColorDistance.
WebCore.vcxproj/WebCore.vcxproj: Ditto.
WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
WebCore.xcodeproj/project.pbxproj: Ditto.
svg/SVGAllInOne.cpp: Ditto.

svg/SVGAnimatedColor.cpp:

(WebCore::SVGAnimatedColorAnimator::SVGAnimatedColorAnimator): Changed to take
a reference instead of a pointer.
(WebCore::SVGAnimatedColorAnimator::constructFromString): Simplified since the
SVGColor::colorFromRGBColorString will handle the empty string.
(WebCore::SVGAnimatedColorAnimator::addAnimatedTypes): Moved the code to add the
RGB channels of two colors here from ColorDistance::addColors since this is the
only place it was used.
(WebCore::currentColor): Refactored adjustForCurrentColor function into this.
Helper for the code below.
(WebCore::SVGAnimatedColorAnimator::calculateAnimatedValue): Refactored to use
the new currentColor function and replaced the use of the ColorDistance::clampColor
function here with a bit of code here in the one place it was used.
(WebCore::SVGAnimatedColorAnimator::calculateDistance): Moved the distance algorithm
here from ColorDistance::distance.

svg/SVGAnimatedColor.h: Removed unneeded forward declaration, changed constructor

to take references instead of pointers, and made all class member functions private.

svg/SVGAnimatedType.cpp:

(WebCore::SVGAnimatedType::setValueAsString): Removed special case for empty string,
since SVGColor::colorFromRGBColorString does the same thing.

svg/SVGAnimatorFactory.h:

(WebCore::SVGAnimatorFactory::create): Pass references rather tha pointers to the
SVGAnimatedColorAnimator constructor.

svg/SVGColor.cpp:

(WebCore::SVGColor::colorFromRGBColorString): Added more FIXMEs about the future of
this function.
(WebCore::SVGColor::setRGBColor): Fixed confusing verb tense.
(WebCore::SVGColor::customCSSText): Use ASCII literal for an ASCII literal.

5:31 PM Changeset in webkit [190002] by commit-queue@webkit.org

7 edits in trunk/Source/JavaScriptCore

Implement the arithmetic instructions for doubles in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=148945

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-18
Reviewed by Geoffrey Garen.

This patch implements the arithmetic instructions for doubles (float64)
in WebAssembly.

tests/stress/wasm-arithmetic-float64.js:
tests/stress/wasm/arithmetic-float64.wasm:
wasm/WASMFunctionCompiler.h:

(JSC::WASMFunctionCompiler::buildUnaryF64):
(JSC::WASMFunctionCompiler::buildBinaryF64):
(JSC::WASMFunctionCompiler::callOperation):

wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseUnaryExpressionF64):
(JSC::WASMFunctionParser::parseBinaryExpressionF64):

wasm/WASMFunctionParser.h:
wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildUnaryF64):
(JSC::WASMFunctionSyntaxChecker::buildBinaryF32):
(JSC::WASMFunctionSyntaxChecker::buildBinaryF64):

4:57 PM Changeset in webkit [190001] by eric.carlson@apple.com

2 edits in trunk/Source/WebCore

UserMediaClientMock leaks every test run
https://bugs.webkit.org/show_bug.cgi?id=149358

Reviewed by Tim Horton.

platform/mock/UserMediaClientMock.h: Implement pageDestroyed.

4:51 PM Changeset in webkit [190000] by achristensen@apple.com

1 edit in trunk/Source/WebCore/ChangeLog

190,000!

4:51 PM Changeset in webkit [189999] by msaboff@apple.com

14 edits
8 adds in trunk/Source/JavaScriptCore

[ES6] Tail call fast path should efficiently reuse the frame's stack space
https://bugs.webkit.org/show_bug.cgi?id=148662

Patch by Basile Clement <basile_clement@apple.com> on 2015-09-18
Reviewed by Geoffrey Garen.

This introduces a new class (CallFrameShuffler) that is responsible for
efficiently building the new frames when performing a tail call. In
order for Repatch to know about the position of arguments on the
stack/registers (e.g. for polymorphic call inline caches), we store a
CallFrameShuffleData in the CallLinkInfo. Otherwise, the JIT and DFG
compiler are now using CallFrameShuffler instead of
CCallHelpers::prepareForTailCallSlow() to build the frame for a tail
call.

When taking a slow path, we still build the frame as if doing a regular
call, because we could throw an exception and need the caller's frame
at that point. This means that for virtual calls, we don't benefit from
the efficient frame move for now.

CMakeLists.txt:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
assembler/ARMv7Assembler.h:

(JSC::ARMv7Assembler::firstRegister):
(JSC::ARMv7Assembler::lastRegister):
(JSC::ARMv7Assembler::firstFPRegister):
(JSC::ARMv7Assembler::lastFPRegister):

assembler/AbortReason.h:
bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::setFrameShuffleData):
(JSC::CallLinkInfo::frameShuffleData):

bytecode/ValueRecovery.h:

(JSC::ValueRecovery::inRegister):

dfg/DFGGenerationInfo.h:

(JSC::DFG::GenerationInfo::recovery):

jit/CachedRecovery.cpp: Added.

(JSC::CachedRecovery::loadsIntoFPR):
(JSC::CachedRecovery::loadsIntoGPR):

jit/CachedRecovery.h: Added.

(JSC::CachedRecovery::CachedRecovery):
(JSC::CachedRecovery::targets):
(JSC::CachedRecovery::addTarget):
(JSC::CachedRecovery::removeTarget):
(JSC::CachedRecovery::clearTargets):
(JSC::CachedRecovery::setWantedJSValueRegs):
(JSC::CachedRecovery::setWantedFPR):
(JSC::CachedRecovery::boxingRequiresGPR):
(JSC::CachedRecovery::boxingRequiresFPR):
(JSC::CachedRecovery::recovery):
(JSC::CachedRecovery::setRecovery):
(JSC::CachedRecovery::wantedJSValueRegs):
(JSC::CachedRecovery::wantedFPR):

jit/CallFrameShuffleData.cpp: Added.

(JSC::CallFrameShuffleData::setupCalleeSaveRegisters):

jit/CallFrameShuffleData.h: Added.
jit/CallFrameShuffler.cpp: Added.

(JSC::CallFrameShuffler::CallFrameShuffler):
(JSC::CallFrameShuffler::dump):
(JSC::CallFrameShuffler::getCachedRecovery):
(JSC::CallFrameShuffler::setCachedRecovery):
(JSC::CallFrameShuffler::spill):
(JSC::CallFrameShuffler::emitDeltaCheck):
(JSC::CallFrameShuffler::prepareForSlowPath):
(JSC::CallFrameShuffler::prepareForTailCall):
(JSC::CallFrameShuffler::tryWrites):
(JSC::CallFrameShuffler::performSafeWrites):
(JSC::CallFrameShuffler::prepareAny):

jit/CallFrameShuffler.h: Added.

(JSC::CallFrameShuffler::lockGPR):
(JSC::CallFrameShuffler::acquireGPR):
(JSC::CallFrameShuffler::releaseGPR):
(JSC::CallFrameShuffler::snapshot):
(JSC::CallFrameShuffler::setCalleeJSValueRegs):
(JSC::CallFrameShuffler::assumeCalleeIsCell):
(JSC::CallFrameShuffler::canBox):
(JSC::CallFrameShuffler::ensureBox):
(JSC::CallFrameShuffler::ensureLoad):
(JSC::CallFrameShuffler::canLoadAndBox):
(JSC::CallFrameShuffler::updateRecovery):
(JSC::CallFrameShuffler::clearCachedRecovery):
(JSC::CallFrameShuffler::addCachedRecovery):
(JSC::CallFrameShuffler::numLocals):
(JSC::CallFrameShuffler::getOld):
(JSC::CallFrameShuffler::setOld):
(JSC::CallFrameShuffler::firstOld):
(JSC::CallFrameShuffler::lastOld):
(JSC::CallFrameShuffler::isValidOld):
(JSC::CallFrameShuffler::argCount):
(JSC::CallFrameShuffler::getNew):
(JSC::CallFrameShuffler::setNew):
(JSC::CallFrameShuffler::addNew):
(JSC::CallFrameShuffler::firstNew):
(JSC::CallFrameShuffler::lastNew):
(JSC::CallFrameShuffler::isValidNew):
(JSC::CallFrameShuffler::newAsOld):
(JSC::CallFrameShuffler::getFreeRegister):
(JSC::CallFrameShuffler::getFreeGPR):
(JSC::CallFrameShuffler::getFreeFPR):
(JSC::CallFrameShuffler::hasFreeRegister):
(JSC::CallFrameShuffler::ensureRegister):
(JSC::CallFrameShuffler::ensureGPR):
(JSC::CallFrameShuffler::ensureFPR):
(JSC::CallFrameShuffler::addressForOld):
(JSC::CallFrameShuffler::isUndecided):
(JSC::CallFrameShuffler::isSlowPath):
(JSC::CallFrameShuffler::addressForNew):
(JSC::CallFrameShuffler::dangerFrontier):
(JSC::CallFrameShuffler::isDangerNew):
(JSC::CallFrameShuffler::updateDangerFrontier):
(JSC::CallFrameShuffler::hasOnlySafeWrites):

jit/CallFrameShuffler32_64.cpp: Added.

(JSC::CallFrameShuffler::emitStore):
(JSC::CallFrameShuffler::emitBox):
(JSC::CallFrameShuffler::emitLoad):
(JSC::CallFrameShuffler::canLoad):
(JSC::CallFrameShuffler::emitDisplace):

jit/CallFrameShuffler64.cpp: Added.

(JSC::CallFrameShuffler::emitStore):
(JSC::CallFrameShuffler::emitBox):
(JSC::CallFrameShuffler::emitLoad):
(JSC::CallFrameShuffler::canLoad):
(JSC::CallFrameShuffler::emitDisplace):

jit/JITCall.cpp:

(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):

jit/RegisterMap.cpp:

(JSC::RegisterMap::RegisterMap):
(JSC::GPRMap::GPRMap):
(JSC::FPRMap::FPRMap):

jit/Repatch.cpp:

(JSC::linkPolymorphicCall):

4:46 PM Changeset in webkit [189998] by jacob_nielsen@apple.com

3 edits in trunk/LayoutTests

Adds more flaky tests to TestExpecations for iOS and WK2

platform/ios-simulator/TestExpectations:
platform/wk2/TestExpectations:

4:45 PM Changeset in webkit [189997] by aestes@apple.com

4 edits
2 adds in trunk

[iOS] did{Start,Finish}LoadForQuickLookDocumentInMainFrame is never called on WKNavigationDelegate
https://bugs.webkit.org/show_bug.cgi?id=149360

Reviewed by Tim Horton.

Source/WebKit2:

UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::didStartLoadForQuickLookDocumentInMainFrame): Called on m_navigationDelegate if non-null.
(WebKit::WebPageProxy::didFinishLoadForQuickLookDocumentInMainFrame): Ditto.

Tools:

Added an API test.

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit2Cocoa/QuickLook.mm: Added.

(-[QuickLookNavigationDelegate _webView:didStartLoadForQuickLookDocumentInMainFrameWithFileName:uti:]):
(-[QuickLookNavigationDelegate _webView:didFinishLoadForQuickLookDocumentInMainFrame:]):
(-[QuickLookNavigationDelegate webView:didFinishNavigation:]):
(TEST):

TestWebKitAPI/ios/pages.pages: Added.

4:43 PM Changeset in webkit [189996] by sbarati@apple.com

1 edit
6 adds in trunk/LayoutTests

add a regress test for richards with try/catch.
https://bugs.webkit.org/show_bug.cgi?id=149301

Reviewed by Filip Pizlo.

This adds two variants of Octane/richards benchmark using
try/catch. One try/catch variant that actually throws.
Another that never throws. I've included try/catch inside
every function and every loop.

js/regress/richards-empty-try-catch-expected.txt: Added.
js/regress/richards-empty-try-catch.html: Added.
js/regress/richards-try-catch-expected.txt: Added.
js/regress/richards-try-catch.html: Added.
js/regress/script-tests/richards-empty-try-catch.js: Added.

(runRichards):
(Scheduler):
(Scheduler.prototype.addIdleTask):
(Scheduler.prototype.addWorkerTask):
(Scheduler.prototype.addHandlerTask):
(Scheduler.prototype.addDeviceTask):
(Scheduler.prototype.addRunningTask):
(Scheduler.prototype.addTask):
(Scheduler.prototype.schedule):
(Scheduler.prototype.release):
(Scheduler.prototype.holdCurrent):
(Scheduler.prototype.suspendCurrent):
(Scheduler.prototype.queue):
(TaskControlBlock):
(TaskControlBlock.prototype.setRunning):
(TaskControlBlock.prototype.markAsNotHeld):
(TaskControlBlock.prototype.markAsHeld):
(TaskControlBlock.prototype.isHeldOrSuspended):
(TaskControlBlock.prototype.markAsSuspended):
(TaskControlBlock.prototype.markAsRunnable):
(TaskControlBlock.prototype.run):
(TaskControlBlock.prototype.checkPriorityAdd):
(TaskControlBlock.prototype.toString):
(IdleTask):
(IdleTask.prototype.run):
(IdleTask.prototype.toString):
(DeviceTask):
(DeviceTask.prototype.run):
(DeviceTask.prototype.toString):
(WorkerTask):
(WorkerTask.prototype.run):
(WorkerTask.prototype.toString):
(HandlerTask):
(HandlerTask.prototype.run):
(HandlerTask.prototype.toString):
(Packet):
(Packet.prototype.addTo):
(Packet.prototype.toString):

js/regress/script-tests/richards-try-catch.js: Added.

(randomException):
(runRichards):
(Scheduler):
(Scheduler.prototype.addIdleTask):
(Scheduler.prototype.addWorkerTask):
(Scheduler.prototype.addHandlerTask):
(Scheduler.prototype.addDeviceTask):
(Scheduler.prototype.addRunningTask):
(Scheduler.prototype.addTask):
(Scheduler.prototype.schedule):
(Scheduler.prototype.release):
(Scheduler.prototype.holdCurrent):
(Scheduler.prototype.suspendCurrent):
(Scheduler.prototype.queue):
(TaskControlBlock):
(TaskControlBlock.prototype.setRunning):
(TaskControlBlock.prototype.markAsNotHeld):
(TaskControlBlock.prototype.markAsHeld):
(TaskControlBlock.prototype.isHeldOrSuspended):
(TaskControlBlock.prototype.markAsSuspended):
(TaskControlBlock.prototype.markAsRunnable):
(TaskControlBlock.prototype.run):
(TaskControlBlock.prototype.checkPriorityAdd):
(TaskControlBlock.prototype.toString):
(IdleTask):
(IdleTask.prototype.run):
(IdleTask.prototype.toString):
(DeviceTask):
(DeviceTask.prototype.run):
(DeviceTask.prototype.toString):
(WorkerTask):
(WorkerTask.prototype.run):
(WorkerTask.prototype.toString):
(HandlerTask):
(HandlerTask.prototype.run):
(HandlerTask.prototype.toString):
(Packet):
(Packet.prototype.addTo):
(Packet.prototype.toString):

4:37 PM Changeset in webkit [189995] by sbarati@apple.com

42 edits
20 adds in trunk

Implement try/catch in the DFG.
https://bugs.webkit.org/show_bug.cgi?id=147374

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements try/catch inside the DFG JIT.
It also prevents tier up to the FTL for any functions
that have an op_catch in them that are DFG compiled.

This patch accomplishes implementing try/catch inside
the DFG by OSR exiting to op_catch when an exception is thrown.
We can OSR exit from an exception inside the DFG in two ways:
1) We have a JS call (can also be via implicit getter/setter in GetById/PutById)
2) We have an exception when returing from a callOperation

In the case of (1), we get to the OSR exit from genericUnwind because
the exception was thrown in a child call frame. This means these
OSR exits must act as defacto op_catches (even though we will still OSR
exit to a baseline op_catch). That means they must restore the stack pointer
and call frame.

In the case of (2), we can skip genericUnwind because we know the exception
check will take us to a particular OSR exit. Instead, we link these
exception checks as jumps to a particular OSR exit.

Both types of OSR exits will exit into op_catch inside the baseline JIT.
Because they exit to op_catch, these OSR exits must set callFrameForCatch
to the proper call frame pointer.

We "handle" all exceptions inside the machine frame of the DFG code
block. This means the machine code block is responsible for "catching"
exceptions of any inlined frames' try/catch. OSR exit will then exit to
the proper baseline CodeBlock after reifying the inlined frames
(DFG::OSRExit::m_codeOrigin corresponds to the op_catch we will exit to).
Also, genericUnwind will never consult an inlined call frame's CodeBlock to
see if they can catch the exception because they can't. We always unwind to the
next machine code block frame. The DFG CodeBlock changes how the exception
handler table is keyed: it is now keyed by CallSiteIndex for DFG code blocks.

So, when consulting call sites that throw, we keep track of the CallSiteIndex,
and the HandlerInfo for the corresponding baseline exception handler for
that particular CallSiteIndex (if an exception at that call site will be caught).
Then, when we're inside DFG::JITCompiler::link(), we install new HandlerInfo's
inside the DFG CodeBlock and key it by the corresponding CallSiteIndex.
(The CodeBlock only has HandlerInfos for the OSR exits that are to be arrived
at from genericUnwind).

Also, each OSR exit will know if it acting as an exception handler, and
whether or not it will be arrived at from genericUnwind. When we know we
will arrive at an OSR exit from genericUnwind, we set the corresponding
HandlerInfo's nativeCode CodeLocationLabel field to be the OSR exit.

This patch also introduces a new Phase inside the DFG that ensures
that DFG CodeBlocks that handle exceptions take the necessary
steps to keep live variables at "op_catch" live according the
OSR exit value recovery machinery. We accomplish this by flushing
all live op_catch variables to the stack when inside a "try" block.

CMakeLists.txt:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
bytecode/CodeBlock.cpp:

(JSC::CodeBlock::handlerForBytecodeOffset):
(JSC::CodeBlock::handlerForIndex):

bytecode/CodeBlock.h:

(JSC::CodeBlock::clearExceptionHandlers):
(JSC::CodeBlock::appendExceptionHandler):

bytecode/PreciseJumpTargets.cpp:

(JSC::computePreciseJumpTargets):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

dfg/DFGCommonData.cpp:

(JSC::DFG::CommonData::addCodeOrigin):
(JSC::DFG::CommonData::lastCallSite):
(JSC::DFG::CommonData::shrinkToFit):

dfg/DFGCommonData.h:
dfg/DFGGraph.h:
dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::noticeOSREntry):
(JSC::DFG::JITCompiler::appendExceptionHandlingOSRExit):
(JSC::DFG::JITCompiler::willCatchExceptionInMachineFrame):
(JSC::DFG::JITCompiler::exceptionCheck):
(JSC::DFG::JITCompiler::recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded):

dfg/DFGJITCompiler.h:

(JSC::DFG::JITCompiler::emitStoreCodeOrigin):
(JSC::DFG::JITCompiler::emitStoreCallSiteIndex):
(JSC::DFG::JITCompiler::appendCall):
(JSC::DFG::JITCompiler::exceptionCheckWithCallFrameRollback):
(JSC::DFG::JITCompiler::blockHeads):
(JSC::DFG::JITCompiler::exceptionCheck): Deleted.

dfg/DFGLiveCatchVariablePreservationPhase.cpp: Added.

(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::FlushLiveCatchVariablesInsertionPhase):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::run):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::willCatchException):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::handleBlock):
(JSC::DFG::FlushLiveCatchVariablesInsertionPhase::newVariableAccessData):
(JSC::DFG::performLiveCatchVariablePreservationPhase):

dfg/DFGLiveCatchVariablePreservationPhase.h: Added.
dfg/DFGOSRExit.cpp:

(JSC::DFG::OSRExit::OSRExit):
(JSC::DFG::OSRExit::setPatchableCodeOffset):

dfg/DFGOSRExit.h:

(JSC::DFG::OSRExit::considerAddingAsFrequentExitSite):

dfg/DFGOSRExitCompiler.cpp:
dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::osrWriteBarrier):
(JSC::DFG::adjustAndJumpToTarget):

dfg/DFGOSRExitCompilerCommon.h:
dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):

dfg/DFGSlowPathGenerator.h:

(JSC::DFG::SlowPathGenerator::SlowPathGenerator):
(JSC::DFG::SlowPathGenerator::~SlowPathGenerator):
(JSC::DFG::SlowPathGenerator::generate):

dfg/DFGSpeculativeJIT.h:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::emitCall):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::emitCall):

dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::TierUpCheckInjectionPhase::run):

ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

interpreter/Interpreter.cpp:

(JSC::GetCatchHandlerFunctor::operator()):
(JSC::UnwindFunctor::operator()):

interpreter/StackVisitor.cpp:

(JSC::StackVisitor::gotoNextFrame):
(JSC::StackVisitor::unwindToMachineCodeBlockFrame):
(JSC::StackVisitor::readFrame):

interpreter/StackVisitor.h:

(JSC::StackVisitor::operator*):
(JSC::StackVisitor::operator->):

jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::emitExceptionCheck):
(JSC::AssemblyHelpers::emitNonPatchableExceptionCheck):
(JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):

jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitCount):

jit/JITExceptions.cpp:

(JSC::genericUnwind):

jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_catch):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_catch):

llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
runtime/VM.cpp:

(JSC::VM::VM):

runtime/VM.h:

(JSC::VM::clearException):
(JSC::VM::clearLastException):
(JSC::VM::addressOfCallFrameForCatch):
(JSC::VM::exception):
(JSC::VM::addressOfException):

tests/stress/dfg-exception-try-catch-in-constructor-with-inlined-throw.js: Added.

(f):
(bar):
(Foo):

tests/stress/es6-for-of-loop-exception.js: Added.

(assert):
(shouldThrowInvalidConstAssignment):
(baz):
(foo):

tests/stress/exception-dfg-inlined-frame-not-strict-equal.js: Added.

(assert):
(o.valueOf):
(o.toString):
(read):
(bar):
(foo):

tests/stress/exception-dfg-not-strict-equal.js: Added.

(foo):
(o.valueOf):
(o.toString):
(assert):
(shouldDoSomethingInFinally):
(catch):

tests/stress/exception-dfg-operation-read-value.js: Added.

(assert):
(o.valueOf):
(o.toString):
(read):
(foo):

tests/stress/exception-dfg-throw-from-catch-block.js: Added.

(assert):
(baz):
(bar):
(foo):

LayoutTests:

js/regress/raytrace-with-empty-try-catch-expected.txt: Added.
js/regress/raytrace-with-empty-try-catch.html: Added.
js/regress/raytrace-with-try-catch-expected.txt: Added.
js/regress/raytrace-with-try-catch.html: Added.
js/regress/script-tests/raytrace-with-empty-try-catch.js: Added.

(createVector):
(sqrLengthVector):
(lengthVector):
(addVector):
(subVector):
(scaleVector):
(normaliseVector):
(add):
(sub):
(scalev):
(dot):
(scale):
(cross):
(normalise):
(transformMatrix):
(invertMatrix):
(Triangle):
(Triangle.prototype.intersect):
(Scene):
(Scene.prototype.intersect):
(Scene.prototype.blocked):
(Camera):
(Camera.prototype.generateRayPair):
(renderRows):
(Camera.prototype.render):
(raytraceScene.floorShader):
(raytraceScene):
(arrayToCanvasCommands):

js/regress/script-tests/raytrace-with-try-catch.js: Added.

(randomException):
(createVector):
(sqrLengthVector):
(lengthVector):
(addVector):
(subVector):
(scaleVector):
(normaliseVector):
(add):
(sub):
(scalev):
(dot):
(scale):
(cross):
(normalise):
(transformMatrix):
(invertMatrix):
(Triangle):
(Triangle.prototype.intersect):
(Scene):
(Scene.prototype.intersect):
(Scene.prototype.blocked):
(Camera):
(Camera.prototype.generateRayPair):
(renderRows):
(Camera.prototype.render):
(raytraceScene.floorShader):
(raytraceScene):
(arrayToCanvasCommands):

js/regress/script-tests/v8-raytrace-with-empty-try-catch.js: Added.

(Class.create):
(Object.extend):
(Flog.RayTracer.Color.prototype.initialize):
(Flog.RayTracer.Color.prototype.add):
(Flog.RayTracer.Color.prototype.addScalar):
(Flog.RayTracer.Color.prototype.subtract):
(Flog.RayTracer.Color.prototype.multiply):
(Flog.RayTracer.Color.prototype.multiplyScalar):
(Flog.RayTracer.Color.prototype.divideFactor):
(Flog.RayTracer.Color.prototype.limit):
(Flog.RayTracer.Color.prototype.distance):
(Flog.RayTracer.Color.prototype.blend):
(Flog.RayTracer.Color.prototype.brightness):
(Flog.RayTracer.Color.prototype.toString):
(Flog.RayTracer.Light.prototype.initialize):
(Flog.RayTracer.Light.prototype.toString):
(Flog.RayTracer.Vector.prototype.initialize):
(Flog.RayTracer.Vector.prototype.copy):
(Flog.RayTracer.Vector.prototype.normalize):
(Flog.RayTracer.Vector.prototype.magnitude):
(Flog.RayTracer.Vector.prototype.cross):
(Flog.RayTracer.Vector.prototype.dot):
(Flog.RayTracer.Vector.prototype.add):
(Flog.RayTracer.Vector.prototype.subtract):
(Flog.RayTracer.Vector.prototype.multiplyVector):
(Flog.RayTracer.Vector.prototype.multiplyScalar):
(Flog.RayTracer.Vector.prototype.toString):
(Flog.RayTracer.Ray.prototype.initialize):
(Flog.RayTracer.Ray.prototype.toString):
(Flog.RayTracer.Scene.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.getColor):
(Flog.RayTracer.Material.BaseMaterial.prototype.wrapUp):
(Flog.RayTracer.Material.BaseMaterial.prototype.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Shape.Sphere.prototype.initialize):
(Flog.RayTracer.Shape.Sphere.prototype.intersect):
(Flog.RayTracer.Shape.Sphere.prototype.toString):
(Flog.RayTracer.Shape.Plane.prototype.initialize):
(Flog.RayTracer.Shape.Plane.prototype.intersect):
(Flog.RayTracer.Shape.Plane.prototype.toString):
(Flog.RayTracer.IntersectionInfo.prototype.initialize):
(Flog.RayTracer.IntersectionInfo.prototype.toString):
(Flog.RayTracer.Camera.prototype.initialize):
(Flog.RayTracer.Camera.prototype.getRay):
(Flog.RayTracer.Camera.prototype.toString):
(Flog.RayTracer.Background.prototype.initialize):
(Flog.RayTracer.Engine.prototype.initialize):
(Flog.RayTracer.Engine.prototype.setPixel):
(Flog.RayTracer.Engine.prototype.renderScene):
(Flog.RayTracer.Engine.prototype.getPixelColor):
(Flog.RayTracer.Engine.prototype.testIntersection):
(Flog.RayTracer.Engine.prototype.getReflectionRay):
(Flog.RayTracer.Engine.prototype.rayTrace):
(renderScene):

js/regress/script-tests/v8-raytrace-with-try-catch.js: Added.

(randomException):
(Class.create):
(Object.extend):
(Flog.RayTracer.Color.prototype.initialize):
(Flog.RayTracer.Color.prototype.add):
(Flog.RayTracer.Color.prototype.addScalar):
(Flog.RayTracer.Color.prototype.subtract):
(Flog.RayTracer.Color.prototype.multiply):
(Flog.RayTracer.Color.prototype.multiplyScalar):
(Flog.RayTracer.Color.prototype.divideFactor):
(Flog.RayTracer.Color.prototype.limit):
(Flog.RayTracer.Color.prototype.distance):
(Flog.RayTracer.Color.prototype.blend):
(Flog.RayTracer.Color.prototype.brightness):
(Flog.RayTracer.Color.prototype.toString):
(Flog.RayTracer.Light.prototype.initialize):
(Flog.RayTracer.Light.prototype.toString):
(Flog.RayTracer.Vector.prototype.initialize):
(Flog.RayTracer.Vector.prototype.copy):
(Flog.RayTracer.Vector.prototype.normalize):
(Flog.RayTracer.Vector.prototype.magnitude):
(Flog.RayTracer.Vector.prototype.cross):
(Flog.RayTracer.Vector.prototype.dot):
(Flog.RayTracer.Vector.prototype.add):
(Flog.RayTracer.Vector.prototype.subtract):
(Flog.RayTracer.Vector.prototype.multiplyVector):
(Flog.RayTracer.Vector.prototype.multiplyScalar):
(Flog.RayTracer.Vector.prototype.toString):
(Flog.RayTracer.Ray.prototype.initialize):
(Flog.RayTracer.Ray.prototype.toString):
(Flog.RayTracer.Scene.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.initialize):
(Flog.RayTracer.Material.BaseMaterial.prototype.getColor):
(Flog.RayTracer.Material.BaseMaterial.prototype.wrapUp):
(Flog.RayTracer.Material.BaseMaterial.prototype.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Solid.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.initialize):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.getColor):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial.toString):
(Flog.RayTracer.Material.Chessboard.prototype.Object.extend.new.Flog.RayTracer.Material.BaseMaterial):
(Flog.RayTracer.Shape.Sphere.prototype.initialize):
(Flog.RayTracer.Shape.Sphere.prototype.intersect):
(Flog.RayTracer.Shape.Sphere.prototype.toString):
(Flog.RayTracer.Shape.Plane.prototype.initialize):
(Flog.RayTracer.Shape.Plane.prototype.intersect):
(Flog.RayTracer.Shape.Plane.prototype.toString):
(Flog.RayTracer.IntersectionInfo.prototype.initialize):
(Flog.RayTracer.IntersectionInfo.prototype.toString):
(Flog.RayTracer.Camera.prototype.initialize):
(Flog.RayTracer.Camera.prototype.getRay):
(Flog.RayTracer.Camera.prototype.toString):
(Flog.RayTracer.Background.prototype.initialize):
(Flog.RayTracer.Engine.prototype.initialize):
(Flog.RayTracer.Engine.prototype.setPixel):
(Flog.RayTracer.Engine.prototype.renderScene):
(Flog.RayTracer.Engine.prototype.getPixelColor):
(Flog.RayTracer.Engine.prototype.testIntersection):
(Flog.RayTracer.Engine.prototype.getReflectionRay):
(Flog.RayTracer.Engine.prototype.rayTrace):
(renderScene):

js/regress/v8-raytrace-with-empty-try-catch-expected.txt: Added.
js/regress/v8-raytrace-with-empty-try-catch.html: Added.
js/regress/v8-raytrace-with-try-catch-expected.txt: Added.
js/regress/v8-raytrace-with-try-catch.html: Added.

4:19 PM Changeset in webkit [189994] by n_wang@apple.com

7 edits in trunk

AX: Implement ARIA 1.1 @aria-current on iOS
https://bugs.webkit.org/show_bug.cgi?id=149297

Reviewed by Chris Fleizach.

Source/WebCore:

Added support for iOS to query for aria-current status.
Also, enabled aria-current.html test on iOS.

accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper accessibilityInvalidStatus]):
(-[WebAccessibilityObjectWrapper accessibilityARIACurrentStatus]):
(-[WebAccessibilityObjectWrapper accessibilityMathRootIndexObject]):

Tools:

Added support to test aria-current on iOS.

DumpRenderTree/ios/AccessibilityUIElementIOS.mm:

(AccessibilityUIElement::stringAttributeValue):

WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::stringAttributeValue):

LayoutTests:

platform/ios-simulator/TestExpectations:

4:06 PM Changeset in webkit [189993] by commit-queue@webkit.org

13 edits
2 adds in trunk/Source/JavaScriptCore

Implement linear memory instructions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149326

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-18
Reviewed by Geoffrey Garen.

This patch implements linear memory instructions in WebAssembly.[1] To
use the linear memory, an ArrayBuffer must be passed to loadWebAssembly().

Notes:

We limit the ArrayBuffer's byte length to 2^{31 - 1. This enables us to
use only one comparison (unsigned greater than) to check for
out-of-bounds access.}
There is no consensus yet on what should happen when an out-of-bounds access occurs.[2] For now, we throw an error when that happens.
In asm.js, a heap access looks like this: int32Array[i >> 2]. Note that ">> 2" is part of the syntax and is required. pack-asmjs will produce bytecodes that look something like "LoadI32, i" (not "LoadI32, ShiftRightI32, i, 2"). The requirement of the shift operator prevents unaligned accesses in asm.js. (There is a proposal to support unaligned accesses in the future version of asm.js using DataView.[3]) The WebAssembly spec allows unaligned accesses.[4] But since we use asm.js for testing, we follow asm.js's behaviors for now.

[1]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md#linear-memory
[2]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md#out-of-bounds
[3]: https://wiki.mozilla.org/Javascript:SpiderMonkey:OdinMonkey#Possible_asm.js_extensions_that_don.27t_require_new_JS_features
[4]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md#alignment

jit/JITOperations.cpp:
jit/JITOperations.h:
jsc.cpp:

(GlobalObject::finishCreation):
(functionLoadWebAssembly):

tests/stress/wasm-linear-memory.js: Added.

(shouldBe):
(shouldThrow):

tests/stress/wasm/linear-memory.wasm: Added.
wasm/JSWASMModule.cpp:

(JSC::JSWASMModule::JSWASMModule):
(JSC::JSWASMModule::visitChildren):

wasm/JSWASMModule.h:

(JSC::JSWASMModule::create):
(JSC::JSWASMModule::arrayBuffer):
(JSC::JSWASMModule::JSWASMModule): Deleted.

wasm/WASMConstants.h:
wasm/WASMFunctionCompiler.h:

(JSC::sizeOfMemoryType):
(JSC::WASMFunctionCompiler::MemoryAddress::MemoryAddress):
(JSC::WASMFunctionCompiler::endFunction):
(JSC::WASMFunctionCompiler::buildLoad):
(JSC::WASMFunctionCompiler::buildStore):

wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseStatement):
(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseMemoryAddress):
(JSC::WASMFunctionParser::parseLoad):
(JSC::WASMFunctionParser::parseStore):

wasm/WASMFunctionParser.h:
wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::MemoryAddress::MemoryAddress):
(JSC::WASMFunctionSyntaxChecker::buildLoad):
(JSC::WASMFunctionSyntaxChecker::buildStore):

wasm/WASMModuleParser.cpp:

(JSC::WASMModuleParser::WASMModuleParser):
(JSC::WASMModuleParser::parseModule):
(JSC::parseWebAssembly):
(JSC::WASMModuleParser::parse): Deleted.

wasm/WASMModuleParser.h:

4:05 PM Changeset in webkit [189992] by achristensen@apple.com

2 edits in trunk/WebKitLibraries

Remove last required use of WEBKIT_LIBRARIES environment variable on Windows
https://bugs.webkit.org/show_bug.cgi?id=149355

Reviewed by Brent Fulgham.

win/tools/scripts/auto-version.pl:

Use the directory of $0 (the currently executed perl script) to find the perl script instead of an environment variable.
This makes it possible to build WebKit on Windows without environment variables.

4:03 PM Changeset in webkit [189991] by achristensen@apple.com

2 edits in trunk/Source/WebCore

Fix Windows tests after switch to CMake.

testing/js/WebCoreTestSupportPrefix.h:

Include cmakeconfig.h before wtf/Platform.h like we do in all the other precompiled headers
to have consistent features defined.

3:36 PM Changeset in webkit [189990] by ap@apple.com

2 edits in trunk/Source/WebCore

REGRESSION (r189526): Nightlies don't work on Mavericks
https://bugs.webkit.org/show_bug.cgi?id=149215

Reviewed by Daniel Bates.

platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::SQLiteDatabase): Fixed the check to work when cross-compiling
for 10.9 with 10.10 SDK.
(WebCore::SQLiteDatabase::disableThreadingChecks): Removed an obsolete version check -
WebCore has an #error elsewhere making sure that the version is higher than that.
(WebCore::SQLiteDatabase::authorizerFunction): Ditto.

3:30 PM Changeset in webkit [189989] by jacob_nielsen@apple.com

2 edits in trunk/LayoutTests

REGRESSION: http/tests/xmlhttprequest/timeout/xmlhttprequest-timeout-overrides.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=132388

TestExpectations:

3:26 PM Changeset in webkit [189988] by achristensen@apple.com

2 edits in trunk/Source/WebCore

CMake clean build fix after r189971.

CMakeLists.txt:

Remove Entity.idl.

3:25 PM Changeset in webkit [189987] by Antti Koivisto

16 edits in trunk/Source/WebCore

Support style isolation in shadow trees
https://bugs.webkit.org/show_bug.cgi?id=149353

Reviewed by Ryosuke Niwa.

Allow ShadowRoots to have their own StyleResolvers.

This patch just adds the mechanism, all shadow roots still use the document resolver.

css/StyleResolver.h:

(WebCore::StyleResolverParentPusher::push):
(WebCore::StyleResolverParentPusher::~StyleResolverParentPusher):

dom/Element.cpp:

(WebCore::Element::absoluteLinkURL):
(WebCore::Element::styleResolver):

Helper function for getting the right StyleResolver for the element.

(WebCore::Element::resolveStyle):

Helper function for resolving element style.

dom/Element.h:
dom/ShadowRoot.cpp:

(WebCore::ShadowRoot::~ShadowRoot):
(WebCore::ShadowRoot::styleResolver):
(WebCore::ShadowRoot::cloneNode):

dom/ShadowRoot.h:

(WebCore::ShadowRoot::resetStyleInheritance):

editing/EditingStyle.cpp:

(WebCore::styleFromMatchedRulesForElement):

html/HTMLTitleElement.cpp:

(WebCore::HTMLTitleElement::computedTextWithDirection):

html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::setFont):

inspector/InspectorCSSAgent.cpp:

(WebCore::InspectorCSSAgent::getMatchedStylesForNode):

page/animation/KeyframeAnimation.cpp:

(WebCore::KeyframeAnimation::KeyframeAnimation):

rendering/RenderElement.cpp:

(WebCore::RenderElement::getUncachedPseudoStyle):
(WebCore::RenderElement::containingBlockForFixedPosition):

rendering/RenderNamedFlowFragment.cpp:

(WebCore::RenderNamedFlowFragment::checkRegionStyle):
(WebCore::RenderNamedFlowFragment::computeStyleInRegion):

style/StyleResolveTree.cpp:

(WebCore::Style::styleForElement):

svg/SVGElement.cpp:

(WebCore::SVGElement::customStyleForRenderer):
(WebCore::SVGElement::animatedSMILStyleProperties):

svg/SVGElementRareData.h:

(WebCore::SVGElementRareData::overrideComputedStyle):

2:37 PM Changeset in webkit [189986] by Beth Dakin

2 edits in trunk/Source/WebKit2

Snapshots broken on iOS
https://bugs.webkit.org/show_bug.cgi?id=149354

Reviewed by Tim Horton.

We need to send the IOSurface to ViewSnapshot::create() for this to work.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _takeViewSnapshot]):

2:30 PM Changeset in webkit [189985] by achristensen@apple.com

2 edits in trunk/Source/WebCore

[Win] Fix bindings tests after r189934.

Reviewed by Brent Fulgham.

bindings/scripts/preprocessor.pm:

(applyPreprocessor):
Bindings tests use /usr/bin/gcc from cygwin, which requires different flags.
If we're using gcc to preprocess, use it like we did before r189934.

2:29 PM Changeset in webkit [189984] by commit-queue@webkit.org

8 edits in trunk/Source/JavaScriptCore

Implement type conversion instructions in WebAssembly
https://bugs.webkit.org/show_bug.cgi?id=149340

Patch by Sukolsak Sakshuwong <Sukolsak Sakshuwong> on 2015-09-18
Reviewed by Mark Lam.

This patch implements some type conversion instructions in WebAssembly.
The WebAssembly spec has a lot more type conversion instructions than
what are available in asm.js.[1] We only implement the ones that are in
asm.js for now because we can only test those.

[1]: https://github.com/WebAssembly/design/blob/master/AstSemantics.md

tests/stress/wasm-type-conversion.js:
tests/stress/wasm/type-conversion.wasm:
wasm/WASMConstants.h:
wasm/WASMFunctionCompiler.h:

(JSC::operationConvertUnsignedInt32ToDouble):
(JSC::WASMFunctionCompiler::buildConvertType):
(JSC::WASMFunctionCompiler::callOperation):

wasm/WASMFunctionParser.cpp:

(JSC::WASMFunctionParser::parseExpressionI32):
(JSC::WASMFunctionParser::parseExpressionF32):
(JSC::WASMFunctionParser::parseExpressionF64):
(JSC::WASMFunctionParser::parseConvertType):

wasm/WASMFunctionParser.h:
wasm/WASMFunctionSyntaxChecker.h:

(JSC::WASMFunctionSyntaxChecker::buildConvertType):

2:08 PM Changeset in webkit [189983] by jacob_nielsen@apple.com

2 edits in trunk/LayoutTests

line-break-language-sensitive tests should be marked as flaky
https://bugs.webkit.org/show_bug.cgi?id=149349

platform/ios-simulator/TestExpectations:

2:05 PM Changeset in webkit [189982] by eric.carlson@apple.com

18 edits
4 adds
2 deletes in trunk

[MediaStream] Finish implementing MediaDevices.enumerateDevices
https://bugs.webkit.org/show_bug.cgi?id=149322
<rdar://problem/22750866>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: fast/mediastream/MediaDevices-enumerateDevices.html

CMakeLists.txt: Add MediaDevicesRequest.cpp

Modules/mediastream/MediaDeviceInfo.h: Add MediaDeviceInfoVector typedef.

Modules/mediastream/MediaDevices.cpp:

(WebCore::MediaDevices::enumerateDevices): Use MediaDevicesRequest.

Modules/mediastream/MediaDevices.h: EnumerateDevicePromise -> EnumerateDevicesPromise.
Modules/mediastream/MediaDevices.idl:

Modules/mediastream/MediaDevicesRequest.cpp: Added.

(WebCore::MediaDevicesRequest::create):
(WebCore::MediaDevicesRequest::MediaDevicesRequest):
(WebCore::MediaDevicesRequest::~MediaDevicesRequest):
(WebCore::MediaDevicesRequest::securityOrigin):
(WebCore::MediaDevicesRequest::contextDestroyed):
(WebCore::MediaDevicesRequest::start):
(WebCore::MediaDevicesRequest::didCompleteRequest):
(WebCore::MediaDevicesRequest::requestOrigin):

Modules/mediastream/MediaDevicesRequest.h: Added.

Modules/mediastream/MediaStreamTrackSourcesRequest.cpp:

(WebCore::MediaStreamTrackSourcesRequest::MediaStreamTrackSourcesRequest):
(WebCore::MediaStreamTrackSourcesRequest::didCompleteRequest):

Modules/mediastream/MediaStreamTrackSourcesRequest.h:

Modules/mediastream/UserMediaRequest.cpp:

(WebCore::UserMediaRequest::enumerateDevices): Deleted.

Modules/mediastream/UserMediaRequest.h:

WebCore.xcodeproj/project.pbxproj: Add MediaDevicesRequest.cpp

platform/mediastream/MediaDevicesPrivate.cpp: Removed.
platform/mediastream/MediaDevicesPrivate.h: Removed.

platform/mediastream/MediaStreamCreationClient.h:
platform/mediastream/MediaStreamTrackSourcesRequestClient.h:

(WebCore::MediaStreamTrackSourcesRequestClient::~MediaStreamTrackSourcesRequestClient):

platform/mediastream/mac/AVCaptureDeviceManager.h:
platform/mediastream/mac/AVCaptureDeviceManager.mm:

(WebCore::AVCaptureDeviceManager::verifyConstraintsForMediaType): Optionally take an

AVCaptureSession instead of always allocating one.

(WebCore::AVCaptureDeviceManager::bestSourcesForTypeAndConstraints): Pass the AVCaptureSession

to verifyConstraintsForMediaType.

platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:

(WebCore::RealtimeMediaSourceCenterMac::getMediaStreamTrackSources):

platform/mock/MockRealtimeMediaSourceCenter.cpp:

(WebCore::MockRealtimeMediaSourceCenter::getMediaStreamTrackSources):

LayoutTests:

fast/mediastream/MediaDevices-enumerateDevices-expected.txt: Added.
fast/mediastream/MediaDevices-enumerateDevices.html: Added.

1:57 PM Changeset in webkit [189981] by ap@apple.com

2 edits in trunk/Tools

iOS WebKitTestRunner frequently crashes in WKContextGetIconDatabase
https://bugs.webkit.org/show_bug.cgi?id=149352

Reviewed by Simon Fraser.

WebKitTestRunner/TestController.cpp: (WTR::TestController::~TestController):

m_context can be null. This may indicate a bug in webkitpy too, but
WebKitTestRunner should handle this situation nicely, there is nothing intrinsically
wrong with opening and immediately closing it.

1:55 PM Changeset in webkit [189980] by jacob_nielsen@apple.com

2 edits in trunk/LayoutTests

Updates to include change to iOS test expectations after bug 149187

platform/ios-simulator/js/dom/constructor-length-expected.txt:

1:37 PM Changeset in webkit [189979] by Chris Dumez

2 edits in trunk/Source/WebCore

WebContent crash in WebCore::MemoryPressureHandler::releaseCriticalMemory() with GuardMalloc when preparing to suspend
https://bugs.webkit.org/show_bug.cgi?id=149350

Reviewed by Antti Koivisto.

in MemoryPressureHandler::releaseCriticalMemory(), iterate over a copy of
Document::allDocuments() instead of iterating over allDocuments() directly.
Also make sure the Documents are ref'd inside the copy.

This is needed because clearing the StyleResolver of a Document may cause
Documents to be unref'd and removed from the allDocument() HashSet.

No new tests, already covered by existing tests.

platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::releaseCriticalMemory):

1:31 PM Changeset in webkit [189978] by Brent Fulgham

2 edits in trunk/Source/WebCore

[Win] Unreviewed build fix.

Non-cmake build does not include quotes in the file path, so a search
operation always failed.

bindings/scripts/preprocessor.pm:

(applyPreprocessor):

1:00 PM Changeset in webkit [189977] by dbates@webkit.org

2 edits in trunk/Tools

isGitSVNDirectory() returns true when Git is not installed
https://bugs.webkit.org/show_bug.cgi?id=149351

Reviewed by Alexey Proskuryakov.

Fixes an issue where VCSUtils::isGitSVNDirectory() returns true for any arbitrary directory if
Git is not installed on the machine.

Scripts/VCSUtils.pm:

(isGitSVNDirectory): Ensure that git config --get svn-remote.svn.fetch 2>& 1 exits with
status code 0 (success).

12:31 PM Changeset in webkit [189976] by Chris Dumez

4 edits in trunk

REGRESSION (r182449, Mavericks ONLY): Pages re-open empty after swiping back and scrolling on them
https://bugs.webkit.org/show_bug.cgi?id=149317
<rdar://problem/22521514>

Reviewed by Tim Horton.

Source/WebCore:

Disable on Mavericks a PageCache optimization from r182449 which lets
into PageCache pages that only have certain types of pending loads
(images and XHR). This is because it has been determined via bisection
that this change is the one that introduced the bug on Mavericks.

loader/DocumentLoader.cpp:

(WebCore::areAllLoadersPageCacheAcceptable):

LayoutTests:

Skip a couple of PageCache layout tests on Mavericks now that a PageCache
optimization has been disabled.

platform/mac/TestExpectations:

11:35 AM Changeset in webkit [189975] by Alan Bujtas

2 edits in trunk/LayoutTests

Unreviewed iOS gardening.

platform/ios-simulator/TestExpectations:

11:23 AM Changeset in webkit [189974] by Brent Fulgham

8 edits in trunk/Source

[Win] Use tiled drawing for main background layer
https://bugs.webkit.org/show_bug.cgi?id=149347
<rdar://problem/22759632>

Reviewed by Alex Christensen.

Source/WebCore:

Turn on tiled drawing for the root layer when using
accelerated compositing on Windows.

page/Frame.h: Export the 'isMainFrame' method so that

it can be used by WebKit.dll.

platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::getDebugBorderInfo): Use a full
pixel width on Windows, since it doesn't support High DPI (yet).

platform/graphics/ca/win/PlatformCALayerWin.cpp:

(PlatformCALayerWin::create): Use nullptr.
(toCACFFilterType): Ditto.
(layerTreeHostForLayer): Ditto.
(PlatformCALayer::platformCALayer): Ditto.

(PlatformCALayerWin::PlatformCALayerWin): Use the correct contents scaling

factor for new layers.
(PlatformCALayerWin::animationForKey): Use nullptr.

platform/graphics/ca/win/WebTiledBackingLayerWin.cpp:

(WebTiledBackingLayerWin::displayCallback): Update assertion to
recognize LayerTypePageTiledBackingLayer as a valid layer to be used
in this display routine.

Source/WebKit/win:

Instruct WebCore to use tiled drawing for the root layer
of the display.

WebCoreSupport/WebChromeClient.cpp:

(WebChromeClient::shouldUseTiledBackingForFrameView): Added.

WebCoreSupport/WebChromeClient.h:

11:00 AM Changeset in webkit [189973] by achristensen@apple.com

3 edits in trunk/Tools

Prevent build-webkit from building four times on Windows
https://bugs.webkit.org/show_bug.cgi?id=149336

Reviewed by Brent Fulgham.

Scripts/build-webkit:

Move the Windows code out of the for loop iterating over each subdirectory to be build.
They're built all at once.

Scripts/webkitdirs.pm:

(buildVisualStudioProject):
(cmakeGeneratedBuildfile):
Don't generate the Visual Studio solution if it already exists.
It will run CMake again if necessary.

11:00 AM Changeset in webkit [189972] by achristensen@apple.com

3 edits
1 add in trunk

Fix tests on Windows after switching to CMake.
https://bugs.webkit.org/show_bug.cgi?id=149339

Reviewed by Brent Fulgham.

Source/PlatformWin.cmake: Added to copy WebInspectorUI.

Source/JavaScriptCore:

shell/PlatformWin.cmake:

Build testapi and testRegExp (which doesn't seem to be used any more).

10:23 AM Changeset in webkit [189971] by Chris Dumez

40 edits in trunk

Drop support for Entity Node type
https://bugs.webkit.org/show_bug.cgi?id=149239

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline W3C DOM test now that a new check is passing.

web-platform-tests/dom/historical-expected.txt:

Source/WebCore:

Drop support for Entity DOM type. This legacy type has been dropped in
DOM4:

https://dom.spec.whatwg.org/#dom-core-changes

Chrome [1] and Firefox [2] already dropped it. There is currently no
way to construct an Entity Node in WebKit.

[1] https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/k3tZGP2EANc
[2] https://developer.mozilla.org/en-US/docs/Web/API/Entity

No new tests, already covered by existing W3C test.

DerivedSources.cpp:
WebCore.xcodeproj/project.pbxproj:
bindings/gobject/WebKitDOMPrivate.cpp:

(WebKit::wrap): Deleted.

bindings/js/JSNodeCustom.cpp:

(WebCore::createWrapperInline): Deleted.

bindings/objc/DOM.mm:

(kitClass): Deleted.

dom/Document.cpp:

(WebCore::Document::importNode): Deleted.
(WebCore::Document::adoptNode): Deleted.
(WebCore::Document::childTypeAllowed): Deleted.
(WebCore::Document::canAcceptChild): Deleted.

dom/Entity.h:
dom/Entity.idl:
dom/Node.cpp:

(WebCore::Node::isDefaultNamespace): Deleted.
(WebCore::Node::lookupPrefix): Deleted.
(WebCore::Node::lookupNamespaceURI): Deleted.
(WebCore::appendTextContent): Deleted.
(WebCore::Node::setTextContent): Deleted.

dom/Node.h:
dom/Range.cpp:

(WebCore::lengthOfContentsInNode): Deleted.
(WebCore::Range::processContentsBetweenOffsets): Deleted.
(WebCore::Range::insertNode): Deleted.
(WebCore::Range::checkNodeWOffset): Deleted.
(WebCore::Range::checkNodeBA): Deleted.
(WebCore::Range::selectNode): Deleted.
(WebCore::Range::selectNodeContents): Deleted.
(WebCore::Range::surroundContents): Deleted.

editing/MarkupAccumulator.cpp:

(WebCore::MarkupAccumulator::appendStartMarkup): Deleted.

xml/XPathUtil.cpp:

(WebCore::XPath::isValidContextNode): Deleted.

Source/WebKit2:

Stop handling the Entity node type.

WebProcess/InjectedBundle/API/mac/WKDOMInternals.mm:

LayoutTests:

Rebaseline / update layout tests now that we no longer expose the
Entity type to the Web.

fast/dom/Window/get-set-properties-expected.txt:
fast/dom/Window/get-set-properties.html:
fast/dom/Window/resources/window-properties.js:
fast/dom/Window/window-lookup-precedence-expected.txt:
fast/dom/dom-constructors-expected.txt:
fast/dom/dom-constructors.html:
platform/gtk/fast/dom/Window/window-lookup-precedence-expected.txt:
platform/mac/fast/dom/Window/window-lookup-precedence-expected.txt:

10:16 AM Changeset in webkit [189970] by BJ Burg

32 edits in trunk/Source

ASSERT(!m_frontendRouter->hasLocalFrontend()) when running Web Inspector tests
https://bugs.webkit.org/show_bug.cgi?id=149006
Source/JavaScriptCore:

Reviewed by Joseph Pecoraro.

Prior to disconnecting, we need to know how many frontends remain connected.

inspector/InspectorFrontendRouter.h: Add frontendCount().

Source/WebCore:

Reviewed by Joseph Pecoraro.

The patch fixes two defects:

(1) the stub inspector frontend is not closed reliably when a test times out
(2) frontend clients and channels are sometimes connected to the wrong controllers

When an inspector test times out, the test runner requests (via the inspected page's controller)
that the inspector close. But, the stub frontend works independently of InspectorClient,
so the inspected page's InspectorController cannot close the stub frontend. The assertion
failed because the stub frontend's channel was still connected to the inspected page's controller.

The fix is to route requests for the inspector window to close through the FrontendClient's
closeWindow() method rather than InspectorClient, so that the stub frontend can react.
The other code paths (i.e., through close() and closeLocalFrontend()) have been removed.

Now that the stub frontend eagerly closes its channel before the Page gets GC'd, several
methods invoked during test teardown must be reordered to avoid using dangling pointers.

The stub frontend in Internals has been rewritten to properly disconnect itself
from both the frontend and inspected page's inspector controllers.

While fixing this bug, I noticed that we are inconsistent about which inspector controller
(the inspected page's or the frontend page's) receives the FrontendClient and which takes
FrontendChannels. It is now the case for all configurations that the FrontendClient is
connected to the frontend page's inspector controller, and FrontendChannels are connected
to the inspected page's inspector controller. In the WK2 case, the Inspector Process
has an attached frontend client, and its inspected Web Process has frontend channels.

No new tests, covered by existing tests.

inspector/InspectorClient.h:
inspector/InspectorController.cpp:

(WebCore::InspectorController::~InspectorController):
(WebCore::InspectorController::inspectedPageDestroyed):

This method is called from Page::~Page, so we should disconnect all frontends now
before subframes are detached from the page, making InspectorController inaccessible.

(WebCore::InspectorController::disconnectFrontend):

The teardown branch was never being run before, because we never disconnected the
frontend's channel correctly. Some agents use the overlay during teardown, so notify
agents before releasing the overlay page.

(WebCore::InspectorController::disconnectAllFrontends):

The actions from close() are inlined and rearranged here, similar to disconnectFrontend.
We have to notify agents before removing InspectorClient as some agents make use of it.

(WebCore::InspectorController::close): Deleted.
(WebCore::InspectorController::show): This assertion is vacuously true now.

inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::inspectedPage): Added. Used by stub frontend.

inspector/InspectorFrontendClientLocal.h:

(WebCore::InspectorFrontendClientLocal::frontendPage): Added.

loader/EmptyClients.h:
page/Page.cpp:

(WebCore::Page::~Page):

Notify inspector before detaching frames, otherwise it will not be possible to
cleanly disconnect the stub frontend's channel.

testing/Internals.cpp:

Rewrite the stub frontend to better encapsulate its setup and teardown logic.

(WebCore::InspectorStubFrontend::frontendPage): Added.
(WebCore::InspectorStubFrontend::InspectorStubFrontend): Added.
(WebCore::InspectorStubFrontend::~InspectorStubFrontend): Added.
(WebCore::InspectorStubFrontend::closeWindow): Added.
(WebCore::InspectorStubFrontend::sendMessageToFrontend): Added.
(WebCore::Internals::openDummyInspectorFrontend):
(WebCore::Internals::closeDummyInspectorFrontend):
(WebCore::InspectorFrontendClientDummy::~InspectorFrontendClientDummy): Deleted.
(WebCore::InspectorFrontendClientDummy::InspectorFrontendClientDummy): Deleted.
(WebCore::InspectorFrontendChannelDummy::~InspectorFrontendChannelDummy): Deleted.
(WebCore::InspectorFrontendChannelDummy::InspectorFrontendChannelDummy): Deleted.
(WebCore::InspectorFrontendChannelDummy::sendMessageToFrontend): Deleted.

testing/Internals.h:

Source/WebKit/ios:

Reviewed by Joseph Pecoraro.

WebCoreSupport/WebInspectorClientIOS.mm:

(WebInspectorClient::closeLocalFrontend): Deleted.
(WebInspectorFrontendClient::disconnectFromBackend): Deleted.

Source/WebKit/mac:

Reviewed by Joseph Pecoraro.

WK1 WebInspectorClient was connecting to the wrong controllers. Fix this, and
remove extra code paths for closing the frontend.

WebCoreSupport/WebInspectorClient.h:
WebCoreSupport/WebInspectorClient.mm:

(-[WebInspectorWindowController destroyInspectorView]):

Disconnect the FrontendClient from the frontend page's inspector controller.
Do this teardown before releasing the frontend, otherwise we can't use it.

(WebInspectorClient::inspectedPageDestroyed): Deleted.
(WebInspectorClient::closeLocalFrontend): Deleted.
(WebInspectorFrontendClient::disconnectFromBackend): Deleted.

WebInspector/WebInspector.mm:

(-inspectedWebViewClosed):

Make sure to close ourself if the inspected page closes.

(-close:):

Go through the frontend instead of InspectorController.

WebInspector/WebInspectorFrontend.h:
WebInspector/WebInspectorFrontend.mm:

(-[WebInspectorFrontend close]):

Source/WebKit/win:

Reviewed by Joseph Pecoraro.

WebCoreSupport/WebInspectorClient.cpp:

(WebInspectorFrontendClient::destroyInspectorView):

Disconnect the FrontendClient from the frontend page's inspector controller.
Do this teardown before releasing the frontend, otherwise we can't use it.

(WebInspectorFrontendClient::onClose):
(WebInspectorClient::inspectedPageDestroyed): Deleted.
(WebInspectorClient::closeLocalFrontend): Deleted.

WebCoreSupport/WebInspectorClient.h: Drive-by cleanup for class declarations.
WebInspector.cpp:

(WebInspector::close):

Go through the frontend instead of InspectorController.

Source/WebKit2:

<rdar://problem/22654257>
<rdar://problem/22631369>

Reviewed by Joseph Pecoraro.

Stop using InspectorController to close the frontend page. Go through
the FrontendClient instead. Reduce redundant code paths.

This change seems to fix some recent crashes that were seen when
closing Safari with Web Inspector open. These were caused by the frontend
channel not being disconnected at the right time.

WebProcess/WebCoreSupport/WebInspectorClient.cpp:

(WebKit::WebInspectorClient::inspectedPageDestroyed):
(WebKit::WebInspectorClient::closeLocalFrontend): Deleted.

WebProcess/WebCoreSupport/WebInspectorClient.h:
WebProcess/WebPage/WebInspector.cpp:

(WebKit::WebInspector::close):

WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::establishConnection):

Save a pointer to the frontend's InspectorController since we may
need to use it while the page is being destructed and its getter
is no longer accessible.

(WebKit::WebInspectorUI::closeWindow):

Explicitly remove the frontend client when closing the frontend.

WebProcess/WebPage/WebInspectorUI.h:
WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::inspector):

Allow clients to specify whether an inspector should be eagerly created.
Without this, we may accidentally create an instance during teardown.

WebProcess/WebPage/WebPage.h:

9:53 AM Changeset in webkit [189969] by Chris Dumez

9 edits
3 adds in trunk

classList.toggle(name, force) treats undefined force argument as false
https://bugs.webkit.org/show_bug.cgi?id=148582
<rdar://problem/22545600>

Reviewed by Ryosuke Niwa.

Source/WebCore:

classList.toggle(name, force) treats undefined force argument as false.
However, according to the Web IDL specification, we should treat undefined
as if the value was missing for optional parameters that do not have a
default value:
https://heycam.github.io/webidl/#dfn-overload-resolution-algorithm (Step 14.4).

For optional parameters that have a default value, undefined should be
converted into the default value. This is supported as of r189957.

In this patch, we use custom bindings to provide a spec-compliant version
of DOMTokenList.toggle(). Unfortunately, adding such support in the
bindings generator would be a non-trivial task (I guess, we would have to
generalize using WTF::Optional<> type for all optional parameters in our
implementation. Also we cannot use the default value support added in
r189957 because the toggle() implementation needs to be able to
distinguish all 3 states for the 'force' parameter: true, false or
missing.

The new behavior matches the behavior of Firefox and the specification.

Test: fast/dom/Element/class-list-toggle.html

CMakeLists.txt:
WebCore.vcxproj/WebCore.vcxproj:
WebCore.vcxproj/WebCore.vcxproj.filters:
WebCore.xcodeproj/project.pbxproj:
bindings/js/JSBindingsAllInOne.cpp:
bindings/js/JSDOMTokenListCustom.cpp: Added.

(WebCore::JSDOMTokenList::toggle):

html/DOMTokenList.h:
html/DOMTokenList.idl:

LayoutTests:

Add decent test coverage for DOMTokenList.toggle() via Element.classList.

fast/dom/Element/class-list-toggle-expected.txt: Added.
fast/dom/Element/class-list-toggle.html: Added.

9:43 AM WebInspectorCodingStyleGuide edited by BJ Burg

update arrow function guidance (diff)

9:38 AM Changeset in webkit [189968] by Yusuke Suzuki

3 edits in trunk/Source/JavaScriptCore

Explicitly specify builtin JS files dependency
https://bugs.webkit.org/show_bug.cgi?id=149323

Reviewed by Alex Christensen.

JSCBuiltins.{h,cpp} in CMakeLists.txt and DerivedSources.make just depend on the builtins directory.
As a result, even if we modify builtins/*.js code, regenerating JSCBuiltins.{h,cpp} does not occur.
As the same to the cpp sources, let's list up the JS files explicitly.

CMakeLists.txt:
DerivedSources.make:

9:21 AM Changeset in webkit [189967] by msaboff@apple.com

19 edits
3 deletes in trunk/Source/JavaScriptCore

Remove register preservation and restoration stub code
https://bugs.webkit.org/show_bug.cgi?id=149335

Reviewed by Mark Lam.

Delete the register preservation and restoration thunks and related plumbing.

Much of this change is removing the unneeded RegisterPreservationMode parameter
from various functions.

CMakeLists.txt:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::isVarargsCallType):
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::isVarargs):
(JSC::CallLinkInfo::isLinked):
(JSC::CallLinkInfo::setUpCallFromFTL):
(JSC::CallLinkInfo::registerPreservationMode): Deleted.

ftl/FTLJITCode.cpp:

(JSC::FTL::JITCode::initializeAddressForCall):
(JSC::FTL::JITCode::addressForCall):

ftl/FTLJITCode.h:
ftl/FTLOSREntry.cpp:

(JSC::FTL::prepareOSREntry):

ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

jit/JITCode.cpp:

(JSC::JITCode::execute):
(JSC::DirectJITCode::initializeCodeRef):
(JSC::DirectJITCode::addressForCall):
(JSC::NativeJITCode::initializeCodeRef):
(JSC::NativeJITCode::addressForCall):
(JSC::DirectJITCode::ensureWrappers): Deleted.

jit/JITCode.h:

(JSC::JITCode::jitTypeFor):
(JSC::JITCode::executableAddress):

jit/JITOperations.cpp:
jit/RegisterPreservationWrapperGenerator.cpp: Removed.
jit/RegisterPreservationWrapperGenerator.h: Removed.
jit/Repatch.cpp:

(JSC::linkPolymorphicCall):

jit/ThunkGenerators.cpp:

(JSC::virtualThunkFor):

jit/ThunkGenerators.h:
llint/LLIntSlowPaths.cpp:

(JSC::LLInt::entryOSR):
(JSC::LLInt::setUpCall):

runtime/Executable.cpp:

(JSC::ExecutableBase::clearCode):
(JSC::ScriptExecutable::installCode):
(JSC::WebAssemblyExecutable::prepareForExecution):

runtime/Executable.h:

(JSC::ExecutableBase::generatedJITCodeFor):
(JSC::ExecutableBase::entrypointFor):
(JSC::ExecutableBase::offsetOfJITCodeWithArityCheckFor):

runtime/RegisterPreservationMode.h: Removed.

7:20 AM WebKitGTK/2.10.x edited by clopez@igalia.com

(diff)

7:07 AM WebKitGTK/2.10.x edited by clopez@igalia.com

(diff)

6:27 AM Changeset in webkit [189966] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit2

Fix build with --no-indexed-database after r189831
https://bugs.webkit.org/show_bug.cgi?id=149342

Patch by Emanuele Aina <Emanuele Aina> on 2015-09-18
Reviewed by Csaba Osztrogonác.

Context Navigation

Timeline

Sep 22, 2015:

Sep 21, 2015:

Sep 20, 2015:

Sep 19, 2015:

Sep 18, 2015:

Download in other formats: