Timeline



Feb 29, 2016:

11:39 PM Changeset in webkit [197390] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebKit2

ThreadedCompositor: clean up composition-specific resources before shutting down the thread
https://bugs.webkit.org/show_bug.cgi?id=154793

Reviewed by Carlos Garcia Campos.

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:

(WebKit::ThreadedCompositor::runCompositingThread): Before concluding the
compositing thread run, clean up all the resources that were allocated at
the start, and in the reverse order. Specifically, we now also deallocate
the CoordinatedGraphicsScene and the SimpleViewportController objects. This
way these are not deallocated on the main thread when the ThreadedCompositor
destructor would otherwise clean them up.

11:37 PM Changeset in webkit [197389] by Chris Dumez
  • 13 edits in trunk

Have parseHTMLInteger() / parseHTMLNonNegativeInteger() use WTF::Optional
https://bugs.webkit.org/show_bug.cgi?id=154845

Reviewed by Ryosuke Niwa.

Source/WebCore:

Have parseHTMLInteger() / parseHTMLNonNegativeInteger() use
WTF::Optional.

  • dom/Element.cpp:

(WebCore::Element::getIntegralAttribute):
(WebCore::Element::getUnsignedIntegralAttribute):
(WebCore::Element::setUnsignedIntegralAttribute): Deleted.

  • html/HTMLElement.cpp:

(WebCore::HTMLElement::parseBorderWidthAttribute):
(WebCore::HTMLElement::parseAttribute):

  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::parseMaxLengthAttribute):

  • html/HTMLInputElement.h:
  • html/HTMLOListElement.cpp:

(WebCore::HTMLOListElement::parseAttribute):

  • html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::maxLength):

  • html/ImageInputType.cpp:

(WebCore::ImageInputType::height):
(WebCore::ImageInputType::width):

  • html/parser/HTMLParserIdioms.cpp:

(WebCore::parseHTMLIntegerInternal):
(WebCore::parseHTMLInteger):
(WebCore::parseHTMLNonNegativeInteger):

  • html/parser/HTMLParserIdioms.h:

(WebCore::limitToOnlyHTMLNonNegativeNumbersGreaterThanZero):
(WebCore::limitToOnlyHTMLNonNegative):

  • svg/SVGElement.cpp:

(WebCore::SVGElement::parseAttribute):

Tools:

Update API tests accordingly.

  • TestWebKitAPI/Tests/WebCore/HTMLParserIdioms.cpp:

(TestWebKitAPI::testParseHTMLInteger):
(TestWebKitAPI::parseHTMLIntegerFails):
(TestWebKitAPI::testParseHTMLNonNegativeInteger):
(TestWebKitAPI::parseHTMLNonNegativeIntegerFails):
(TestWebKitAPI::TEST): Deleted.

11:36 PM Changeset in webkit [197388] by zandobersek@gmail.com
  • 3 edits in trunk/Source/WebKit2

ThreadSafeCoordinatedSurface: remove the unused private create() static method
https://bugs.webkit.org/show_bug.cgi?id=154792

Reviewed by Carlos Garcia Campos.

Remove the static ThreadSafeCoordinatedSurface::create() method that accepted
a std::unique_ptr<ImageBuffer> object as its third parameter. This was not used
anywhere.

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadSafeCoordinatedSurface.cpp:

(WebKit::ThreadSafeCoordinatedSurface::create): Deleted.

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadSafeCoordinatedSurface.h:
11:32 PM Changeset in webkit [197387] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

TextureMapperGL: simplify TransformationMatrix copies in draw(), beginClip()
https://bugs.webkit.org/show_bug.cgi?id=154791

Reviewed by Carlos Garcia Campos.

In both functions, the passed-in model-view matrix is first copied, multiplied
against a rect-to-rect TransformationMatrix, and then assigned into a local
TransformationMatrix variable, which causes another copy due to the multiply()
function returning a reference to the modified object.

To avoid the last copy, first copy the model-view matrix into a local variable,
and multiply the rect-to-rect TransformationMatrix into the new object afterwards.

  • platform/graphics/texmap/TextureMapperGL.cpp:

(WebCore::TextureMapperGL::draw):
(WebCore::TextureMapperGL::beginClip):

11:31 PM Changeset in webkit [197386] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

ImageBufferCairo should support OpenGL ES 2 configurations
https://bugs.webkit.org/show_bug.cgi?id=154790

Reviewed by Carlos Garcia Campos.

When building with OpenGL ES 2 and with accelerated 2D canvas support,
the GLES2 header should be included instead of the OpenGLShims.h header.

The glTexParameterf() calls targeting GL_TEXTURE_WRAP_S and
GL_TEXTURE_WRAP_T parameters should use the GL_CLAMP_TO_EDGE value.
GL_CLAMP isn't available in OpenGL ES 2 and was dropped in OpenGL 3.

  • platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBufferData::createCairoGLSurface):

11:30 PM Changeset in webkit [197385] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

TextureMapperGL: beginPainting() should handle the PaintingMirrored value in PaintFlags
https://bugs.webkit.org/show_bug.cgi?id=154789

Reviewed by Carlos Garcia Campos.

  • platform/graphics/texmap/TextureMapperGL.cpp:

(WebCore::TextureMapperGL::beginPainting): The ClipStack should be reset with
a Y-axis mode that corresponds to the presence of the PaintingMirrored value in
the passed-in PaintFlags argument. If present, the default Y-axis mode should be
used, and the inverted Y-axis otherwise.

11:28 PM Changeset in webkit [197384] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

CoordinatedGraphicsLayer should override the inherited TextureMapperPlatformLayer::Client methods
https://bugs.webkit.org/show_bug.cgi?id=154788

Reviewed by Carlos Garcia Campos.

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:

Add the override specifiers for the two methods that are inherited
from the TextureMapperPlatformLayer::Client interface.

7:48 PM Changeset in webkit [197383] by Yusuke Suzuki
  • 3 edits
    1 add in trunk/Source/JavaScriptCore

[JSC] Private symbols should not be trapped by proxy handler
https://bugs.webkit.org/show_bug.cgi?id=154817

Reviewed by Mark Lam.

Since the runtime has some assumptions on the properties associated with the private symbols, ES6 Proxy should not trap these property operations.
For example, in ArrayIteratorPrototype.js

var itemKind = this.@arrayIterationKind;
if (itemKind === @undefined)

throw new @TypeError("%ArrayIteratorPrototype%.next requires that |this| be an Array Iterator instance");

Here, we assume that only the array iterator has the @arrayIterationKind property that value is non-undefined.
But If we implement Proxy with the get handler, that returns a non-undefined value for every operations, we accidentally assumes that the given value is an array iterator.

To avoid these situation, we perform the default operations onto property operations with private symbols.

  • runtime/ProxyObject.cpp:

(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::performPut):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::deleteProperty):
(JSC::ProxyObject::deletePropertyByIndex):

  • tests/stress/proxy-basic.js:
  • tests/stress/proxy-with-private-symbols.js: Added.

(assert):
(let.handler.getOwnPropertyDescriptor):

7:42 PM Changeset in webkit [197382] by Simon Fraser
  • 25 edits in trunk

Remove the experimental feature of antialiased font dilation
https://bugs.webkit.org/show_bug.cgi?id=154843

Reviewed by Zalan Bujtas.
Source/WebCore:

Remove the "antialiased font dilation" code path, and related prefs.

  • page/Settings.cpp:

(WebCore::Settings::Settings): Deleted.
(WebCore::Settings::setAntialiasedFontDilationEnabled): Deleted.

  • page/Settings.h:

(WebCore::Settings::antialiasedFontDilationEnabled): Deleted.

  • platform/graphics/FontCascade.cpp:

(WebCore::FontCascade::setAntialiasedFontDilationEnabled): Deleted.
(WebCore::FontCascade::antialiasedFontDilationEnabled): Deleted.

  • platform/graphics/FontCascade.h:
  • platform/graphics/GraphicsContext.cpp:

(WebCore::GraphicsContextStateChange::changesFromState): Deleted.
(WebCore::GraphicsContextStateChange::accumulate): Deleted.
(WebCore::GraphicsContextStateChange::apply): Deleted.
(WebCore::GraphicsContextStateChange::dump): Deleted.
(WebCore::GraphicsContext::setAntialiasedFontDilationEnabled): Deleted.

  • platform/graphics/GraphicsContext.h:

(WebCore::GraphicsContextState::GraphicsContextState): Deleted.
(WebCore::GraphicsContext::antialiasedFontDilationEnabled): Deleted.

  • platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:

(PlatformCALayer::drawLayerContents): Deleted.

  • platform/graphics/cocoa/FontCascadeCocoa.mm:

(WebCore::dilationSizeForTextColor): Deleted.
(WebCore::FontCascade::drawGlyphs): Deleted.

  • platform/graphics/displaylists/DisplayList.cpp:

(WebCore::DisplayList::DisplayList::shouldDumpForFlags): Deleted.

Source/WebKit/mac:

Remove the "antialiased font dilation" code path, and related prefs.

  • WebView/WebPreferenceKeysPrivate.h:
  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]): Deleted.
(-[WebPreferences setAntialiasedFontDilationEnabled:]): Deleted.
(-[WebPreferences antialiasedFontDilationEnabled]): Deleted.

  • WebView/WebPreferencesPrivate.h:
  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]): Deleted.

Source/WebKit2:

Remove the "antialiased font dilation" code path, and related prefs.

  • Shared/WebPreferencesDefinitions.h:
  • UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetAntialiasedFontDilationEnabled):
(WKPreferencesGetAntialiasedFontDilationEnabled):

  • UIProcess/API/C/WKPreferencesRefPrivate.h:
  • UIProcess/API/Cocoa/WKPreferences.mm:

(-[WKPreferences _antialiasedFontDilationEnabled]): Deleted.
(-[WKPreferences _setAntialiasedFontDilationEnabled:]): Deleted.

  • UIProcess/API/Cocoa/WKPreferencesPrivate.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences): Deleted.

Tools:

Remove the "antialiased font dilation" code path, and related prefs.

  • DumpRenderTree/mac/DumpRenderTree.mm:

(resetWebPreferencesToConsistentValues): Deleted.

  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::resetPreferencesToConsistentValues): Deleted.

7:18 PM Changeset in webkit [197381] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

regress/script-tests/double-pollution-putbyoffset.js.ftl-eager timed out because of a lock ordering deadlock involving InferredType and CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=154841

Reviewed by Benjamin Poulain.

Here's the deadlock:

Main thread:

1) Change an InferredType. This acquires InferredType::m_lock.
2) Fire watchpoint set. This triggers CodeBlock invalidation, which acquires

CodeBlock::m_lock.

DFG thread:

1) Iterate over the information in a CodeBlock. This acquires CodeBlock::m_lock.
2) Ask an InferredType for its descriptor(). This acquires InferredType::m_lock.

I think that the DFG thread's ordering should be legal, because the best logic for lock
hierarchies is that locks that protect the largest set of stuff should be acquired first.

This means that the main thread shouldn't be holding the InferredType::m_lock when firing
watchpoint sets. That's what this patch ensures.

At the time of writing, this test was deadlocking for me on trunk 100% of the time. With
this change I cannot get it to deadlock.

  • runtime/InferredType.cpp:

(JSC::InferredType::willStoreValueSlow):
(JSC::InferredType::makeTopSlow):
(JSC::InferredType::set):
(JSC::InferredType::removeStructure):
(JSC::InferredType::InferredStructureWatchpoint::fireInternal):

  • runtime/InferredType.h:
6:30 PM Changeset in webkit [197380] by Yusuke Suzuki
  • 46 edits
    8 adds in trunk

[DFG][FTL][B3] Support floor and ceil
https://bugs.webkit.org/show_bug.cgi?id=154683

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements and fixes the following things.

  1. Implement Ceil and Floor in DFG, FTL and B3

x86 SSE 4.2 and ARM64 have round instructions that can directly perform Ceil or Floor.
This patch leverages this functionality. We introduce ArithFloor and ArithCeil.
During DFG phase, these nodes attempt to convert itself to Identity (in Fixup phase).
As the same to ArithRound, it tracks arith rounding mode.
And if these nodes are required to emit machine codes, we emit rounding machine code
if it is supported in the current machine. For example, in x86, we emit round.

This Floor functionality is nice for @toInteger in builtin.
That is used for Array.prototype.{forEach, map, every, some, reduce...}
And according to the benchmark results, Kraken audio-oscillator is slightly improved
due to its frequent Math.round and Math.floor calls.

  1. Implement Floor in B3 and Air

As the same to Ceil in B3, we add a new B3 IR and Air opcode, Floor.
This Floor is leveraged to implement ArithFloor in DFG.

  1. Fix ArithRound operation

Currently, we used cvtsd2si (in x86) to convert double value to int32.
And we also used this to implement Math.round, like, cvtsd2si(value + 0.5).
However, this implementation is not correct. Because cvtsd2si is not floor operation.
It is trucate operation. This is OK for positive numbers. But NG for negative numbers.
For example, the current implementation accidentally rounds -0.6 to -0.0. This should be -1.0.
Using Ceil and Floor instructions, we implement correct ArithRound.

  • assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::supportsFloatingPointRounding):
(JSC::MacroAssemblerARM::ceilDouble):
(JSC::MacroAssemblerARM::floorDouble):
(JSC::MacroAssemblerARM::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::supportsFloatingPointRounding):
(JSC::MacroAssemblerARM64::floorFloat):
(JSC::MacroAssemblerARM64::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::supportsFloatingPointRounding):
(JSC::MacroAssemblerARMv7::ceilDouble):
(JSC::MacroAssemblerARMv7::floorDouble):
(JSC::MacroAssemblerARMv7::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::ceilDouble):
(JSC::MacroAssemblerMIPS::floorDouble):
(JSC::MacroAssemblerMIPS::supportsFloatingPointRounding):
(JSC::MacroAssemblerMIPS::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::supportsFloatingPointRounding):
(JSC::MacroAssemblerSH4::ceilDouble):
(JSC::MacroAssemblerSH4::floorDouble):
(JSC::MacroAssemblerSH4::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::floorDouble):
(JSC::MacroAssemblerX86Common::floorFloat):
(JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
(JSC::MacroAssemblerX86Common::supportsFloatingPointCeil): Deleted.

  • b3/B3ConstDoubleValue.cpp:

(JSC::B3::ConstDoubleValue::floorConstant):

  • b3/B3ConstDoubleValue.h:
  • b3/B3ConstFloatValue.cpp:

(JSC::B3::ConstFloatValue::floorConstant):

  • b3/B3ConstFloatValue.h:
  • b3/B3LowerMacrosAfterOptimizations.cpp:
  • b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::lower):

  • b3/B3Opcode.cpp:

(WTF::printInternal):

  • b3/B3Opcode.h:
  • b3/B3ReduceDoubleToFloat.cpp:
  • b3/B3ReduceStrength.cpp:
  • b3/B3Validate.cpp:
  • b3/B3Value.cpp:

(JSC::B3::Value::floorConstant):
(JSC::B3::Value::isRounded):
(JSC::B3::Value::effects):
(JSC::B3::Value::key):
(JSC::B3::Value::typeFor):

  • b3/B3Value.h:
  • b3/air/AirFixPartialRegisterStalls.cpp:
  • b3/air/AirOpcode.opcodes:
  • b3/testb3.cpp:

(JSC::B3::testFloorCeilArg):
(JSC::B3::testFloorArg):
(JSC::B3::testFloorImm):
(JSC::B3::testFloorMem):
(JSC::B3::testFloorFloorArg):
(JSC::B3::testCeilFloorArg):
(JSC::B3::testFloorIToD64):
(JSC::B3::testFloorIToD32):
(JSC::B3::testFloorArgWithUselessDoubleConversion):
(JSC::B3::testFloorArgWithEffectfulDoubleConversion):
(JSC::B3::run):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGArithMode.cpp:

(WTF::printInternal):

  • dfg/DFGArithMode.h:
  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):

  • dfg/DFGGraph.h:

(JSC::DFG::Graph::roundShouldSpeculateInt32):

  • dfg/DFGNode.h:

(JSC::DFG::Node::arithNodeFlags):
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::hasArithRoundingMode):

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithRounding):
(JSC::DFG::SpeculativeJIT::compileArithRound): Deleted.

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileArithRound):
(JSC::FTL::DFG::LowerDFGToB3::compileArithFloor):
(JSC::FTL::DFG::LowerDFGToB3::compileArithCeil):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::doubleFloor):

  • jit/ThunkGenerators.cpp:

(JSC::ceilThunkGenerator):

  • tests/stress/math-ceil-arith-rounding-mode.js: Added.

(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):

  • tests/stress/math-ceil-basics.js: Added.

(mathCeilOnIntegers):
(mathCeilOnDoubles):
(mathCeilOnBooleans):
(uselessMathCeil):
(mathCeilWithOverflow):
(mathCeilConsumedAsDouble):
(mathCeilDoesNotCareAboutMinusZero):
(mathCeilNoArguments):
(mathCeilTooManyArguments):
(testMathCeilOnConstants):
(mathCeilStructTransition):
(Math.ceil):

  • tests/stress/math-floor-arith-rounding-mode.js: Added.

(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):

  • tests/stress/math-floor-basics.js: Added.

(mathFloorOnIntegers):
(mathFloorOnDoubles):
(mathFloorOnBooleans):
(uselessMathFloor):
(mathFloorWithOverflow):
(mathFloorConsumedAsDouble):
(mathFloorDoesNotCareAboutMinusZero):
(mathFloorNoArguments):
(mathFloorTooManyArguments):
(testMathFloorOnConstants):
(mathFloorStructTransition):
(Math.floor):

  • tests/stress/math-round-should-not-use-truncate.js: Added.

(mathRoundDoesNotCareAboutMinusZero):

  • tests/stress/math-rounding-infinity.js: Added.

(shouldBe):
(testRound):
(testFloor):
(testCeil):

  • tests/stress/math-rounding-nan.js: Added.

(shouldBe):
(testRound):
(testFloor):
(testCeil):

  • tests/stress/math-rounding-negative-zero.js: Added.

(shouldBe):
(testRound):
(testFloor):
(testCeil):
(testRoundNonNegativeZero):
(testRoundNonNegativeZero2):

Websites/webkit.org:

  • docs/b3/intermediate-representation.html:
6:07 PM Changeset in webkit [197379] by commit-queue@webkit.org
  • 29 edits in trunk/Source/JavaScriptCore

Add new MethodTable method to get an estimated size for a cell
https://bugs.webkit.org/show_bug.cgi?id=154838

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-29
Reviewed by Filip Pizlo.

The new class method estimatedSize(JSCell*) estimates the size for a single cell.
As the name implies, this is meant to be an approximation. It is more important
that big objects report a large size, then to get perfect size information for
all objects in the heap.

Base implementation (JSCell):

  • returns the MarkedBlock bucket size for this cell.
  • This gets us the object size include inline storage. Basically a better sizeof.

Subclasses with "Extra Memory Cost":

  • Any class that reports extra memory (reportExtraMemoryVisited) should include that in the estimated size.
  • E.g. CodeBlock, JSGenericTypedArrayView, WeakMapData, etc.

Subclasses with "Copied Space" storage:

  • Any class with data in copied space (copyBackingStore) should include that in the estimated size.
  • E.g. JSObject, JSGenericTypedArrayView, JSMap, JSSet, DirectArguments, etc.

Add reportExtraMemoryVisited for UnlinkedCodeBlock's compressed unlinked
instructions because this can be larger than 1kb, which is significant.

This has one special case for RegExp generated bytecode / JIT code, which
does not currently fall into the extra memory cost or copied space storage.
In practice I haven't seen this grow to a significant cost.

  • runtime/ClassInfo.h:

Add the new estimatedSize method to the table.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::visitChildren):
(JSC::UnlinkedCodeBlock::estimatedSize):
(JSC::UnlinkedCodeBlock::setInstructions):

  • bytecode/UnlinkedCodeBlock.h:

Report an extra memory cost for unlinked code blocks like
we do for linked code blocks.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::estimatedSize):

  • bytecode/CodeBlock.h:
  • bytecode/UnlinkedInstructionStream.cpp:

(JSC::UnlinkedInstructionStream::sizeInBytes):

  • bytecode/UnlinkedInstructionStream.h:
  • runtime/DirectArguments.cpp:

(JSC::DirectArguments::estimatedSize):

  • runtime/DirectArguments.h:
  • runtime/JSCell.cpp:

(JSC::JSCell::estimatedSizeInBytes):
(JSC::JSCell::estimatedSize):

  • runtime/JSCell.h:
  • runtime/JSGenericTypedArrayView.h:
  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::estimatedSize):

  • runtime/JSMap.cpp:

(JSC::JSMap::estimatedSize):

  • runtime/JSMap.h:
  • runtime/JSObject.cpp:

(JSC::JSObject::visitButterfly):

  • runtime/JSObject.h:
  • runtime/JSSet.cpp:

(JSC::JSSet::estimatedSize):

  • runtime/JSSet.h:
  • runtime/JSString.cpp:

(JSC::JSString::estimatedSize):

  • runtime/JSString.h:
  • runtime/MapData.h:

(JSC::MapDataImpl::capacityInBytes):

  • runtime/WeakMapData.cpp:

(JSC::WeakMapData::estimatedSize):
(JSC::WeakMapData::visitChildren):

  • runtime/WeakMapData.h:

Implement estimated size following the pattern of reporting
extra visited size, or copy space memory.

  • runtime/RegExp.cpp:

(JSC::RegExp::estimatedSize):

  • runtime/RegExp.h:
  • yarr/YarrInterpreter.h:

(JSC::Yarr::ByteDisjunction::estimatedSizeInBytes):
(JSC::Yarr::BytecodePattern::estimatedSizeInBytes):

  • yarr/YarrJIT.h:

(JSC::Yarr::YarrCodeBlock::size):
Include generated bytecode / JITCode to a RegExp's size.

5:36 PM Changeset in webkit [197378] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Marking webgl/1.0.2/conformance/extensions/get-extension.html as flaky on mac, removing wk1 specific flakiness expectation.
https://bugs.webkit.org/show_bug.cgi?id=152506

Unreviewed test gardening.

  • platform/mac-wk1/TestExpectations:
  • platform/mac/TestExpectations:
5:16 PM Changeset in webkit [197377] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange.html as flaky on mac
https://bugs.webkit.org/show_bug.cgi?id=154748

Unreviewed test gardening.

  • platform/mac/TestExpectations:
4:54 PM Changeset in webkit [197376] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Re-enable passing fast/multicol/newmulticol tests on ios-simulator

Unreviewed test gardening.

  • platform/ios-simulator-wk2/TestExpectations:
4:44 PM Changeset in webkit [197375] by jer.noble@apple.com
  • 7 edits
    9 adds in trunk/Source/WebCore

Refactor CoreVideo API access into their own classes so code can be re-used.
https://bugs.webkit.org/show_bug.cgi?id=154544

Reviewed by Eric Carlson.

In order for common CoreVideo code paths to be re-used in other classes, pull those paths
out of MediaPlayerPrivateAVFoundationObjC and into re-usable clasess.

  • WebCore.xcodeproj/project.pbxproj:
  • platform/cf/CoreMediaSoftLink.cpp:
  • platform/cf/CoreMediaSoftLink.h:
  • platform/cocoa/CoreVideoSoftLink.cpp: Added.
  • platform/cocoa/CoreVideoSoftLink.h: Added.
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::createPixelBuffer):
(WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastImage):
(WebCore::MediaPlayerPrivateAVFoundationObjC::copyVideoTextureToPlatformTexture):
(WebCore::CVPixelBufferGetBytePointerCallback): Deleted.
(WebCore::CVPixelBufferReleaseBytePointerCallback): Deleted.
(WebCore::CVPixelBufferReleaseInfoCallback): Deleted.
(WebCore::createImageFromPixelBuffer): Deleted.
(WebCore::enumToStringMap): Deleted.

  • platform/graphics/cv/PixelBufferConformerCV.cpp: Added.

(WebCore::PixelBufferConformerCV::PixelBufferConformerCV):
(WebCore::CVPixelBufferGetBytePointerCallback):
(WebCore::CVPixelBufferReleaseBytePointerCallback):
(WebCore::CVPixelBufferReleaseInfoCallback):
(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):

  • platform/graphics/cv/PixelBufferConformerCV.h: Added.
  • platform/graphics/cv/TextureCacheCV.h: Added.

(WebCore::TextureCacheCV::context):

  • platform/graphics/cv/TextureCacheCV.mm: Added.

(WebCore::TextureCacheCV::create):
(WebCore::TextureCacheCV::TextureCacheCV):
(WebCore::TextureCacheCV::textureFromImage):

  • platform/graphics/cv/VideoTextureCopierCV.cpp: Added.

(WebCore::VideoTextureCopierCV::VideoTextureCopierCV):
(WebCore::VideoTextureCopierCV::~VideoTextureCopierCV):
(WebCore::enumToStringMap):
(WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture):

  • platform/graphics/cv/VideoTextureCopierCV.h: Added.

(WebCore::VideoTextureCopierCV::context):

  • platform/mediastream/mac/AVVideoCaptureSource.mm: Move SOFT_LINK declarations into CoreVideoSoftLink.h/cpp.
4:39 PM Changeset in webkit [197374] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

SpeculatedType should be easier to edit
https://bugs.webkit.org/show_bug.cgi?id=154840

Reviewed by Mark Lam.

We used to specify the bitmasks in SpeculatedType.h using hex codes. This used to work
great because we didn't have so many masks and you could use the mask to visually see
which ones overlapped. It also made it easy to visualize subset relationships.

But now we have a lot of masks with a lot of confusing overlaps, and it's no longer
possible to just see their relationship by looking at hex codes. Worse, the use of hex
codes makes it super annoying to move the bits around. For example, right now we have two
bits free, but if we wanted to reclaim them by editing the old hex masks, it would be a
nightmare.

So this patch replaces the hex masks with shift expressions (1u << 15 for example) and it
makes any derived masks (i.e. masks that are the bit-or of other masks) be expressed using
an or expression (SpecFoo | SpecBar | SpecBaz for example).

This makes it easier to see the relationships and it makes it easier to take bits for new
types.

  • bytecode/SpeculatedType.h:
4:08 PM Changeset in webkit [197373] by beidson@apple.com
  • 4 edits in trunk/Tools

Fix timing flakiness in test I added in http://trac.webkit.org/changeset/197372

Unreviewed.

  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-1.html:
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-2.html:
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm:

(TEST): Sometimes a third message from the first html file was leaking through. The message is expected

so we should always wait for it and make sure we got it.

3:13 PM Changeset in webkit [197372] by beidson@apple.com
  • 9 edits
    3 adds in trunk

Modern IDB: WebKit 2 IPC layer easily confused about multiple web processes being connected.
https://bugs.webkit.org/show_bug.cgi?id=154837

Reviewed by Alex Christensen.

Source/WebKit2:

The crux of the bug is that WebProcesses cannot assign themselves server-unique identifiers...
The server must do that for them.

A once-per-session-per-WebProcess sync message and a few updates to connection management fix this.

  • DatabaseProcess/DatabaseToWebProcessConnection.cpp:

(WebKit::DatabaseToWebProcessConnection::didReceiveSyncMessage):
(WebKit::generateConnectionToServerIdentifier):
(WebKit::DatabaseToWebProcessConnection::establishIDBConnectionToServer):

  • DatabaseProcess/DatabaseToWebProcessConnection.h:
  • DatabaseProcess/DatabaseToWebProcessConnection.messages.in:
  • WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

(WebKit::WebIDBConnectionToServer::WebIDBConnectionToServer):
(WebKit::generateConnectionToServerIdentifier): Deleted.

  • WebProcess/Databases/WebToDatabaseProcessConnection.cpp:

(WebKit::WebToDatabaseProcessConnection::didReceiveMessage):
(WebKit::WebToDatabaseProcessConnection::idbConnectionToServerForSession):

  • WebProcess/Databases/WebToDatabaseProcessConnection.h:

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-1.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-2.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm: Added.
3:06 PM Changeset in webkit [197371] by commit-queue@webkit.org
  • 8 edits in trunk/Source/WebInspectorUI

Web Inspector: Add direct number inputs to Bezier editor
https://bugs.webkit.org/show_bug.cgi?id=154809
<rdar://problem/24881465>

Patch by Devin Rousso <Devin Rousso> on 2016-02-29
Reviewed by Timothy Hatcher.

  • UserInterface/Base/Main.js:

(WebInspector._updateWindowKeydownListener):
Now only adds the shared event listener when the first keydown listener
is added via WebInspector.addWindowKeydownListener

  • UserInterface/Controllers/CodeMirrorBezierEditingController.js:

(WebInspector.CodeMirrorBezierEditingController.prototype.popoverDidDismiss):

  • UserInterface/Controllers/CodeMirrorEditingController.js:

(WebInspector.CodeMirrorEditingController.prototype.popoverDidDismiss):
(WebInspector.CodeMirrorEditingController.prototype.didDismissPopover):
Added function that is called when the popover is dismissed so that
removing event listeners is possible.

  • UserInterface/Views/BezierEditor.css:

(.bezier-editor):
(.bezier-editor > .number-input-container):
(.bezier-editor > .number-input-container > input):

  • UserInterface/Views/BezierEditor.js:

(WebInspector.BezierEditor.createControl):
(WebInspector.BezierEditor.createBezierInput):
(WebInspector.BezierEditor):
Added usage of Element.prototype.createChild for ease of readability.
Also added input elements for manually changing the values of each bezier
point's x and y values.

(WebInspector.BezierEditor.prototype.set bezier):
(WebInspector.BezierEditor.prototype.removeListeners):
(WebInspector.BezierEditor.prototype._handleMousedown):
(WebInspector.BezierEditor.prototype._updateBezier):
(WebInspector.BezierEditor.prototype._updateBezierPreview):
(WebInspector.BezierEditor.prototype._triggerPreviewAnimation):
(WebInspector.BezierEditor.prototype._handleNumberInputInput):
(WebInspector.BezierEditor.prototype._handleNumberInputKeydown):
(WebInspector.BezierEditor.prototype._changeBezierForInput):
Refactored code to make it more reusable, as well as adding event listeners
to the newly created inputs, including value chaning from the arrow keys.

  • UserInterface/Views/CSSStyleDeclarationTextEditor.js:

(WebInspector.CSSStyleDeclarationTextEditor.prototype.didDismissPopover): Deleted.
Removed unused code.

  • UserInterface/Views/InlineSwatch.js:

(WebInspector.InlineSwatch):
(WebInspector.InlineSwatch.prototype.didDismissPopover):
Removes any global event listeners added by the current editor if able.

(WebInspector.InlineSwatch.prototype._swatchElementClicked):
Now saves the current editor object as a member variable.

2:45 PM Changeset in webkit [197370] by keith_miller@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

OverridesHasInstance constant folding is wrong
https://bugs.webkit.org/show_bug.cgi?id=154833

Reviewed by Filip Pizlo.

The current implementation of OverridesHasInstance constant folding
is incorrect. Since it relies on OSR exit information it has been
moved to the StrengthReductionPhase. Normally, such an optimazation would be
put in FixupPhase, however, there are a number of cases where we don't
determine an edge of OverridesHasInstance is a constant until after fixup.
Performing the optimization during StrengthReductionPhase means we can defer
our decision until later.

In the future we should consider creating a version of this optimization
that does not depend on OSR exit information and move the optimization back
to ConstantFoldingPhase.

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.

  • dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

2:41 PM Changeset in webkit [197369] by Ryan Haddad
  • 1 edit
    1 delete in trunk/LayoutTests

Removing unnecessary ios-simulator-wk2 expectation file.

Unreviewed test gardening.

  • platform/ios-simulator-wk2/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/type-change-state-expected.txt: Removed.
2:37 PM Changeset in webkit [197368] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/reflection-forms.html after r197355

Unreviewed test gardening.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt:
2:37 PM Changeset in webkit [197367] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/reflection-embedded.html for ios-simulator after r197237

Unreviewed test gardening.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-embedded-expected.txt:
2:33 PM Changeset in webkit [197366] by fpizlo@apple.com
  • 5 edits
    6 adds in trunk

B3 should have global store elimination
https://bugs.webkit.org/show_bug.cgi?id=154658

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Implements fairly comprehensive global store elimination:

1) If you store the result of a load with no interference in between, remove the store.

2) If you store the same thing you stored previously, remove the store.

3) If you store something that you either loaded previously or stored previously along

arbitrarily many paths, remove the store.

4) If you store to something that is stored to again in the future with no interference in

between, remove the store.

Rule (4) is super relevant to FTL since the DFG does not eliminate redundant PutStructures.
A constructor that produces a large object will have many redundant stores to the same base
pointer, offset, and heap range, with no code to observe that heap raneg in between.

This doesn't have a decisive effect on major benchmarks, but it's an enormous win for
microbenchmarks:

  • 30% faster to construct an object with many fields.
  • 5x faster to do many stores to a global variable.

The compile time cost should be very small. Although the optimization is global, it aborts as
soon as it sees anything that would confound store elimination. For rules (1)-(3), we
piggy-back the existing load elimination, which gives up on interfering stores. For rule (4),
we search forward through the current block and then globally a block at a time (skipping
block contents thanks to summary data), which could be expensive. But rule (4) aborts as soon
as it sees a read, write, or end block (Return or Oops). Any Check will claim to read TOP. Any
Patchpoint that results from an InvalidationPoint will claim to read TOP, as will any
Patchpoints for ICs. Those are usually sprinkled all over the program.

In other words, this optimization rarely kicks in. When it does kick in, it makes programs run
faster. When it doesn't kick in, it's usually O(1) because there are reasons for aborting all
over a "normal" program so the search will halt almost immediately. This of course raises the
question: how much more in compile time do we pay when the optimization does kick in? The
optimization kicks in the most for the microbenchmarks I wrote for this patch. Amazingly, the
effect of the optimization a wash for compile time: whatever cost we pay doing the O(n2)
searches is balanced by the massive reduction in work in the backend. On one of the two
microbenchmarks, overall compile time actually shrank with this optimization even though CSE
itself cost more. That's not too surprising - the backend costs much more per instruction, so
things that remove instructions before we get to the backend tend to be a good idea.

We could consider adding a more aggressive version of this in the future, which could sink
stores into checks. That could be crazy fun: https://bugs.webkit.org/show_bug.cgi?id=152162#c3

But mainly, I'm adding this optimization because it was super fun to implement during the
WebAssembly CG summit.

  • b3/B3EliminateCommonSubexpressions.cpp:
  • b3/B3MemoryValue.h:
  • b3/B3SuccessorCollection.h:

(JSC::B3::SuccessorCollection::begin):
(JSC::B3::SuccessorCollection::end):
(JSC::B3::SuccessorCollection::const_iterator::const_iterator):
(JSC::B3::SuccessorCollection::const_iterator::operator*):
(JSC::B3::SuccessorCollection::const_iterator::operator++):
(JSC::B3::SuccessorCollection::const_iterator::operator==):
(JSC::B3::SuccessorCollection::const_iterator::operator!=):

LayoutTests:

These two benchmarks both speed up significantly with this change.

  • js/regress/build-large-object-expected.txt: Added.
  • js/regress/build-large-object.html: Added.
  • js/regress/many-repeat-stores-expected.txt: Added.
  • js/regress/many-repeat-stores.html: Added.
  • js/regress/script-tests/build-large-object.js: Added.
  • js/regress/script-tests/many-repeat-stores.js: Added.
2:14 PM Changeset in webkit [197365] by fpizlo@apple.com
  • 9 edits
    1 add in trunk/Source/JavaScriptCore

Make it cheap to #include "JITOperations.h"
https://bugs.webkit.org/show_bug.cgi?id=154836

Reviewed by Mark Lam.

Prior to this change, this header included the whole world even though it did't have any
definitions. This patch turns almost all of the includes into forward declarations. Right
now this header is very cheap to include.

  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGSpeculativeJIT.h:
  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jit/Repatch.h:
  • runtime/CommonSlowPaths.h:

(JSC::encodeResult): Deleted.
(JSC::decodeResult): Deleted.

  • runtime/SlowPathReturnType.h: Added.

(JSC::encodeResult):
(JSC::decodeResult):

1:32 PM Changeset in webkit [197364] by Chris Dumez
  • 3 edits in trunk/Source/WebCore

Use WTF::Optional for HTMLOListElement::m_start
https://bugs.webkit.org/show_bug.cgi?id=154824

Reviewed by Andreas Kling.

Use WTF::Optional for HTMLOListElement::m_start.

  • html/HTMLOListElement.cpp:

(WebCore::HTMLOListElement::parseAttribute):

  • html/HTMLOListElement.h:
1:14 PM Changeset in webkit [197363] by jdiggs@igalia.com
  • 2 edits
    1 add in trunk/Tools

[GTK][jhbuild] GLib build fails with GCC 6.0
https://bugs.webkit.org/show_bug.cgi?id=154825

Use the upstream work-around. https://bugzilla.gnome.org/show_bug.cgi?id=761550

Reviewed by Csaba Osztrogonác.

  • gtk/jhbuild.modules: Apply upstream path.
  • gtk/patches/gdate-suppress-string-format-literal-warning.patch: Added.
12:46 PM Changeset in webkit [197362] by achristensen@apple.com
  • 5 edits in trunk/Source/WebKit2

Don't call NetworkProcess::singleton from WebProcess when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154829

Reviewed by Anders Carlsson.

We were calling NetworkProcess::singleton when making the default session in the
WebProcess, which caused bad things to happen. We also were never clearing the
credentials in the WebProcess between tests because it used to always call
NetworkProcess::singleton, which caused flaky tests.

This fixes repeatable crashes in http/tests/media/media-document-referer.html and
http/tests/media/media-document.html when using NetworkSession.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::NetworkProcess):
(WebKit::NetworkProcess::~NetworkProcess):

  • NetworkProcess/NetworkSession.h:
  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::configurationForType):
(WebKit::globalCustomProtocolManager):
(WebKit::NetworkSession::setCustomProtocolManager):
(WebKit::NetworkSession::defaultSession):

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::clearCachedCredentials):

11:35 AM Changeset in webkit [197361] by fpizlo@apple.com
  • 2 edits in trunk/Tools

We've been running Octane/regexp all wrong in run-jsc-benchmarks
https://bugs.webkit.org/show_bug.cgi?id=154827

Reviewed by Andreas Kling.

Octane v.2 and JetStream v.1.1 run this benchmark with warmup. This script was running
it without warmup. This patches fixes this by making this script run it with warmup.

This fix shows that my last patch, which added FTL support for regexp, was actually a 3%
speed-up on Octane/regexp, not a slow-down as the ChangeLog claimed.

It discovered this bug because for each Octane test that I want to debug, I usually make
a standalone .js file that contains the whole test along with a miniharness - usually
a plain loop - that runs it almost like it would for real but with whatever hacks I'm
using for debugging. When I wrote such a thing for regexp, I used a ~20 iteration warmup
to match the one second of warmup that this benchmark gets in Octane. To my surprise,
this quite faithful regexp runner did not see the regression that run-jsc-benchmarks
saw. That's when I found out that run-jsc-benchmarks was running it wrong.

The reason for the no-warmup slow-down is that the FTL is actually fairly expensive to
run on some of these very large functions in the regexp benchmark. I don't think we can
do anything about that, and I'd argue that the speed-up we see after the compilation is
done suggests that it was worth it.

  • Scripts/run-jsc-benchmarks:
11:32 AM WebKitIDL edited by Chris Dumez
(diff)
11:31 AM WebKitIDL edited by Chris Dumez
[TreatNullAs=EmptyString] (diff)
10:55 AM Changeset in webkit [197360] by barraclough@apple.com
  • 16 edits in trunk

RefCounter<T>::Event -> RefCounterEvent
https://bugs.webkit.org/show_bug.cgi?id=154767

Reviewed by Darin Adler.

RefCounter<T>::Event is kinda verbose to use, and there is no need for this
to be specific to a particular typeof RefCounter. Move the enum class up to
the top level & rename to RefCounterEvent.

Source/WebCore:

  • page/PageThrottler.cpp:

(WebCore::PageThrottler::PageThrottler):
(WebCore::m_audiblePluginHysteresis):
(WebCore::m_mediaActivityCounter):
(WebCore::m_pageLoadActivityCounter):

  • platform/VNodeTracker.cpp:

(WebCore::VNodeTracker::singleton):
(WebCore::VNodeTracker::VNodeTracker):
(WebCore::m_lastWarningTime):

Source/WebKit2:

Also remove UserObservablePageToken - this is vestigial & not really offering
anything over just using UserObservablePageCounter::Token directly.

  • UIProcess/Plugins/PluginProcessManager.cpp:

(WebKit::PluginProcessManager::PluginProcessManager):

  • UIProcess/Plugins/PluginProcessManager.h:
  • UIProcess/Plugins/mac/PluginProcessManagerMac.mm:

(WebKit::PluginProcessManager::updateProcessSuppressionDisabled):

  • UIProcess/ProcessThrottler.cpp:

(WebKit::ProcessThrottler::ProcessThrottler):
(WebKit::m_backgroundCounter):
(WebKit::m_suspendMessageCount):

  • UIProcess/ProcessThrottler.h:
  • UIProcess/WebPageProxy.h:
  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::WebProcessPool):
(WebKit::m_processSuppressionDisabledForPageCounter):
(WebKit::m_hiddenPageThrottlingAutoIncreasesCounter):

  • UIProcess/WebProcessPool.h:

Source/WTF:

  • wtf/RefCounter.h:

(WTF::RefCounter<T>::Count::ref):
(WTF::RefCounter<T>::Count::deref):

Tools:

  • TestWebKitAPI/Tests/WTF/RefCounter.cpp:

(TestWebKitAPI::TEST):

10:51 AM Changeset in webkit [197359] by youenn.fablet@crf.canon.fr
  • 3 edits in trunk/LayoutTests

streams/pipe-to.html flaky on mac-wk1 debug
https://bugs.webkit.org/show_bug.cgi?id=154687

Reviewed by Darin Adler.

  • TestExpectations: Marking streams/pipe-to.html as slow.
  • streams/pipe-to.html: Increasing the timeout value.
10:33 AM Changeset in webkit [197358] by Csaba Osztrogonác
  • 5 edits
    1 delete in trunk/Tools

Remove more LLVM related cruft
https://bugs.webkit.org/show_bug.cgi?id=154821

Reviewed by Darin Adler.

  • Scripts/build-jsc:
  • Scripts/build-webkit:
  • Scripts/copy-webkitlibraries-to-product-directory:
  • Scripts/export-llvm-build: Removed.
  • Scripts/run-jsc-stress-tests:
10:05 AM Changeset in webkit [197357] by fpizlo@apple.com
  • 8 edits
    2 adds in trunk/Source/JavaScriptCore

FTL should be able to run everything in Octane/regexp
https://bugs.webkit.org/show_bug.cgi?id=154266

Reviewed by Saam Barati.

Adds FTL support for NewRegexp, RegExpTest, and RegExpExec. I couldn't figure out how to
make the RegExpExec peephole optimization work in FTL. This optimizations shouldn't be a
DFG backend optimization anyway - if we need this optimization then it should be a
strength reduction rule over IR. That way, it can be shared by all backends.

I measured whether removing that optimization had any effect on performance separately
from measuring the performance of this patch. Removing that optimization did not change
our score on any benchmarks.

This patch does have an overall negative effect on the Octane/regexp score. This is
presumably because tiering up to the FTL has no value to the code in the regexp test. Or
maybe it's something else. No matter - the overall effect on the Octane score is not
statistically significant and we don't want this kind of coverage blocked by the fact
that adding coverage hurts a benchmark.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGNode.h:

(JSC::DFG::Node::setIndexingType):
(JSC::DFG::Node::hasRegexpIndex):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNotifyWrite):
(JSC::DFG::SpeculativeJIT::compileIsObjectOrNull):
(JSC::DFG::SpeculativeJIT::compileRegExpExec): Deleted.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):

  • tests/stress/ftl-regexp-exec.js: Added.
  • tests/stress/ftl-regexp-test.js: Added.
9:54 AM Changeset in webkit [197356] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Unreviewed. Fix the build with GTK+ < 3.19.

  • platform/gtk/ScrollbarThemeGtk3.cpp:

(WebCore::ScrollbarThemeGtk::paintScrollbarBackground):
(WebCore::ScrollbarThemeGtk::paintThumb):
(WebCore::ScrollbarThemeGtk::paintButton):

9:36 AM Changeset in webkit [197355] by Chris Dumez
  • 4 edits in trunk

Use HTML parsing rules for textarea.maxLength
https://bugs.webkit.org/show_bug.cgi?id=154805

Reviewed by Andreas Kling.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/reflection-forms-expected.txt:

Source/WebCore:

Use HTML parsing rules for textarea.maxLength:

No new tests, already covered by existing test.

  • html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::maxLength):

9:32 AM Changeset in webkit [197354] by Chris Dumez
  • 6 edits in trunk

Align td.rowSpan / td.colSpan with the specification
https://bugs.webkit.org/show_bug.cgi?id=154803

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/reflection-tabular-expected.txt:

Source/WebCore:

Align td.rowSpan / td.colSpan with the specification:

In particular, the following changes were made:

No new tests, already covered by existing test.

  • html/HTMLTableCellElement.cpp:

(WebCore::HTMLTableCellElement::colSpan):
(WebCore::HTMLTableCellElement::rowSpan):
(WebCore::HTMLTableCellElement::rowSpanForBindings):
(WebCore::HTMLTableCellElement::setColSpan):
(WebCore::HTMLTableCellElement::setRowSpanForBindings):
(WebCore::HTMLTableCellElement::axis): Deleted.
(WebCore::HTMLTableCellElement::headers): Deleted.

  • html/HTMLTableCellElement.h:
  • html/HTMLTableCellElement.idl:
9:28 AM Changeset in webkit [197353] by Chris Dumez
  • 39 edits in trunk/Source/WebCore

[Web IDL] Add support for [TreatNullAs=EmptyString] and use it
https://bugs.webkit.org/show_bug.cgi?id=154654

Reviewed by Darin Adler.

Add support for [TreatNullAs=EmptyString] standard Web IDL extended
attribute:

This replaces the WebKit-specific [TreatNullAs=NullString] IDL
extended attribute. Instead of passing a null String() to the
implementation, emptyString() is passed.

This patch does not cause any web-exposed behavior change. For
case where switching from NullString to EmptyString would change
the behavior (or require changes to the implementation), the old
IDL attribute was kept. However, it was renamed to
[TreatNullAs=LegacyNullString] to discourage its use in new code.
Eventually, this legacy IDL attribute should go away entirely.

[TreatNullAs=EmptyString] should only be used when it is present
in the corresponding specification. Note that there are a lot of
places where we use [TreatNullAs=EmptyString] in our IDL where it
does not match the specification. I have added FIXME comments for
those so we can clean them up later.

No new tests, no web-exposed behavior change.

  • Modules/mediastream/RTCPeerConnection.idl:

No behavior change because this is not implemented.

  • bindings/js/JSDOMBinding.cpp:

(WebCore::valueToStringTreatingNullAsEmptyString):

  • bindings/js/JSDOMBinding.h:

Add new function to convert a JSValue into a String while treating
null as the empty string.

  • bindings/scripts/CodeGeneratorJS.pm:

(JSValueToNative):

  • bindings/scripts/IDLAttributes.txt:
  • Add support for [TreatNullAs=EmptyString].
  • Rename NullString to LegacyNullString to discourage its use.
  • bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestObj.h:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/ObjC/DOMTestObj.h:
  • bindings/scripts/test/ObjC/DOMTestObj.mm:
  • bindings/scripts/test/TestObj.idl:

Add bindings tests coverage for [TreatNullAs=EmptyString].

  • css/CSSStyleDeclaration.idl:
  • dom/CharacterData.idl:
  • dom/DOMImplementation.idl:
  • dom/Document.idl:
  • dom/Element.idl:
  • dom/ShadowRoot.idl:
  • html/HTMLOutputElement.idl:
  • html/HTMLScriptElement.idl:
  • html/URLUtils.idl:
  • svg/SVGAngle.idl:
  • svg/SVGLength.idl:

Use [TreatNullAs=EmptyString] instead of [TreatNullAs=NullString].
There is not behavior change because the implementation does
not distinguish the null string from the empty string.

  • html/HTMLBaseElement.idl:
  • html/HTMLButtonElement.idl:
  • html/HTMLFormElement.idl:
  • html/HTMLMediaElement.idl:
  • html/HTMLSelectElement.idl:
  • svg/SVGElement.idl:
  • svg/SVGScriptElement.idl:

Rename [TreatNullAs=NullString] to [TreatNullAs=LegacyNullString],
no behavior change.

  • html/HTMLDocument.idl:
  • dir and *Color: Rename [TreatNullAs=NullString] to [TreatNullAs=LegacyNullString].
  • designMode: Drop [TreatNullAs=NullString] as per the specification:
  • html/HTMLElement.idl:
  • Use [TreatNullAs=EmptyString] instead of [TreatNullAs=NullString] for innerText / outerText. Does not change behavior because the implementation does not distinguishes.
  • Drop [TreatNullAs=NullString] from contentEditable to match the spec:
  • html/HTMLFrameElement.idl:

Drop [TreatNullAs=NullString] from location attribute. This does not
change behavior because the attribute is using a custom setter.

  • html/HTMLInputElement.idl:
  • formEnctype / formMethod / autocapitalize: Rename [TreatNullAs=NullString] to [TreatNullAs=LegacyNullString].
  • value: Rename [TreatNullAs=NullString] to Rename [TreatNullAs=EmptyString], which does not change behavior because the implementation does not distinguish. Also drop the extended attribute for non-JS bindings as it has no impact.
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::setMediaGroup):
Drop redundant group.isNull() check as group.isEmpty() already checks for null.

  • html/HTMLScriptElement.cpp:

(WebCore::HTMLScriptElement::setText):
Drop useless .impl() call as we have a String and the method requires a String
as input.

  • html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::setValueCommon):
Use emptyString() instead of "" as it is slightly more efficient.

  • html/HTMLTextAreaElement.idl:
  • value: Use [TreatNullAs=EmptyString] instead of [TreatNullAs=NullString]. No behavior change because the implementation does not distinguish.
  • autocapitalize: Rename [TreatNullAs=NullString] to [TreatNullAs=LegacyNullString].
7:03 AM Changeset in webkit [197352] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Fixed compilation with !ENABLE(DATABASE_PROCESS).
https://bugs.webkit.org/show_bug.cgi?id=154813

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-29
Reviewed by Michael Catanzaro.

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::terminateDatabaseProcess): Added missing #if
guard.

7:01 AM Changeset in webkit [197351] by commit-queue@webkit.org
  • 4 edits in trunk

[GTK] Touch slider test fails due to assertion in webkitWebViewBaseTouchEvent()
https://bugs.webkit.org/show_bug.cgi?id=153829

Patch by Adrien Plazas <aplazas@igalia.com> on 2016-02-29
Reviewed by Carlos Garcia Campos.

Source/WebKit2:

Once a touch event sequence is identified as a gesture, remove it
from the list of handled touch events.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseTouchEvent):

LayoutTests:

  • platform/gtk/TestExpectations:

Remove now passing tests from the expected failures.

6:59 AM Changeset in webkit [197350] by commit-queue@webkit.org
  • 2 edits in trunk

[cmake] Allow using FindGLIB in case glib is optional dependency.
https://bugs.webkit.org/show_bug.cgi?id=154796

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-29
Reviewed by Michael Catanzaro.

FindGLIB caused internal CMake error in case glibconfig.h is not
found.

  • Source/cmake/FindGLIB.cmake:
5:32 AM Changeset in webkit [197349] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Revert "Merge r197303 - Shrink UnlinkedCodeBlock a bit."

This reverts commit 200002afed4ac67e3cff10bfa9d7e32d879c9a1f.

5:32 AM Changeset in webkit [197348] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Revert "Merge r197305 - REGRESSION(r197303): 4 jsc tests failing on bots."

This reverts commit 497aed24c9437e5d994322493011412097672fab.

5:01 AM Changeset in webkit [197347] by youenn.fablet@crf.canon.fr
  • 6 edits in trunk/Source/WebCore

Refactor FetchBody constructors
https://bugs.webkit.org/show_bug.cgi?id=154721

Reviewed by Sam Weinig and Darin Adler.

Covered by existing tests.

  • Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::extract): Renamed from "fromJSValue"
(WebCore::FetchBody::extractFromBody): Renamed from "fromRequestBody" and making use of move constructor.

  • Modules/fetch/FetchBody.h:

(WebCore::FetchBody::FetchBody): Making default constructor public and removing empty static method.

  • Modules/fetch/FetchRequest.cpp:

(WebCore::buildBody):

  • Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::error):
(WebCore::FetchResponse::redirect):
(WebCore::FetchResponse::initializeWith):

  • Modules/fetch/FetchResponse.h:

(WebCore::FetchResponse::create):

3:47 AM Changeset in webkit [197346] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebKit2

[Mac][cmake] Unreviewed buildfix after r197177. Just for fun.

  • PlatformMac.cmake:
3:45 AM Changeset in webkit [197345] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197305 - REGRESSION(r197303): 4 jsc tests failing on bots.

Unreviewed follow-up fix.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): This function
can still get called with !m_rareData, in case the type profiler is active but this
particular code block doesn't have type profiler data. Handle it gracefully.

3:45 AM Changeset in webkit [197344] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197303 - Shrink UnlinkedCodeBlock a bit.
<https://webkit.org/b/154797>

Reviewed by Anders Carlsson.

Move profiler-related members of UnlinkedCodeBlock into its RareData
structure, saving 40 bytes, and then reorder the other members of
UnlinkedCodeBlock to save another 24 bytes, netting a nice total 64.

The VM member was removed entirely since UnlinkedCodeBlock is a cell
and can retrieve its VM through MarkedBlock header lookup.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::vm):
(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset):
(JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo):
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::addRegExp):
(JSC::UnlinkedCodeBlock::addConstant):
(JSC::UnlinkedCodeBlock::addFunctionDecl):
(JSC::UnlinkedCodeBlock::addFunctionExpr):
(JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
(JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
(JSC::UnlinkedCodeBlock::vm): Deleted.

3:31 AM Changeset in webkit [197343] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r197300 - Variables can resolve to the wrong value when elements differ in nothing but inherited variable value
https://bugs.webkit.org/show_bug.cgi?id=154785

Reviewed by Antti Koivisto.

Source/WebCore:

Test: fast/css/variables/avoid-matched-property-cache.html

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::MatchResult::addMatchedProperties):
Disable the matched property cache when a value is variable-dependent, because
they can resolve to inherited values, and the matched property cache could
end up copying the wrong value from another similarly-styled element.

LayoutTests:

  • fast/css/variables/avoid-matched-property-cache-expected.html: Added.
  • fast/css/variables/avoid-matched-property-cache.html: Added.

Add a test. The non-standard element is necessary because the resolved property
cache is already disabled when using the "simple" default style sheet, and
it seems better to use a totally non-standard element than one that might
end up in the "simple" default style sheet in the future and would silently
invalidate the test.

3:30 AM Changeset in webkit [197342] by Carlos Garcia Campos
  • 10 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197299 - FTL should lower its abstract heaps to B3 heap ranges
https://bugs.webkit.org/show_bug.cgi?id=154782

Reviewed by Saam Barati.

The FTL can describe the abstract heaps (points-to sets) that a memory operation will
affect. The abstract heaps are arranged as a hierarchy. We used to transform this into
TBAA hierarchies in LLVM, but we never got around to wiring this up to B3's equivalent
notion - the HeapRange. That's what this patch fixes.

B3 has a minimalistic alias analysis. It represents abstract heaps using unsigned 32-bit
integers. There are 1<<32 abstract heaps. The B3 client can describe what an operation
affects by specifying a heap range: a begin...end pair that says that the operation
affects all abstract heaps H such that begin <= H < end.

This peculiar scheme was a deliberate attempt to distill what the abstract heap
hierarchy is all about. We can assign begin...end numbers to abstract heaps so that:

  • A heap's end is greater than its begin.
  • A heap's begin is greater than or equal to its parent's begin.
  • A heap's end is less than or equal to its parent's end.

This is easy to do using a recursive traversal of the abstract heap hierarchy. I almost
went for the iterative traversal, which is a splendid algorithm, but it's totally
unnecessary here since we tightly control the height of the heap hierarchy.

Because abstract heaps are produced on-the-fly by FTL lowering, due to the fact that we
generate new ones for field names and constant indices we encounter, we can't actually
decorate the B3 instructions we create in lowering until all lowering is done. Adding a
new abstract heap to the hierarchy after ranges were already computed would require
updating the ranges of any heaps "to the right" of that heap in the hierarchy. This
patch solves that problem by recording the associations between abstract heaps and their
intended roles in the generated IR, and then decorating all of the relevant B3 values
after we compute the ranges of the hierarchy after lowering.

This is perf-neutral. I was hoping for a small speed-up, but I could not detect a
speed-up on any benchmark. That's not too surprising. We already have very precise CSE
in the DFG, so there aren't many opportunities left for the B3 CSE and it may have
already been getting the big ones even without alias analysis.

Even without a speed-up, this patch is valuable because it makes it easier to implement
other optimizations, like store elimination.

  • b3/B3HeapRange.h:

(JSC::B3::HeapRange::HeapRange):

  • ftl/FTLAbstractHeap.cpp:

(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::changeParent):
(JSC::FTL::AbstractHeap::compute):
(JSC::FTL::AbstractHeap::shallowDump):
(JSC::FTL::AbstractHeap::dump):
(JSC::FTL::AbstractHeap::deepDump):
(JSC::FTL::AbstractHeap::badRangeError):
(JSC::FTL::IndexedAbstractHeap::IndexedAbstractHeap):
(JSC::FTL::IndexedAbstractHeap::baseIndex):
(JSC::FTL::IndexedAbstractHeap::atSlow):
(JSC::FTL::IndexedAbstractHeap::initialize):
(JSC::FTL::AbstractHeap::decorateInstruction): Deleted.
(JSC::FTL::AbstractField::dump): Deleted.

  • ftl/FTLAbstractHeap.h:

(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::isInitialized):
(JSC::FTL::AbstractHeap::initialize):
(JSC::FTL::AbstractHeap::parent):
(JSC::FTL::AbstractHeap::heapName):
(JSC::FTL::AbstractHeap::range):
(JSC::FTL::AbstractHeap::offset):
(JSC::FTL::IndexedAbstractHeap::atAnyIndex):
(JSC::FTL::IndexedAbstractHeap::at):
(JSC::FTL::IndexedAbstractHeap::operator[]):
(JSC::FTL::IndexedAbstractHeap::returnInitialized):
(JSC::FTL::IndexedAbstractHeap::WithoutZeroOrOneHashTraits::constructDeletedValue):
(JSC::FTL::IndexedAbstractHeap::WithoutZeroOrOneHashTraits::isDeletedValue):
(JSC::FTL::AbstractHeap::changeParent): Deleted.
(JSC::FTL::AbstractField::AbstractField): Deleted.
(JSC::FTL::AbstractField::initialize): Deleted.
(JSC::FTL::AbstractField::offset): Deleted.

  • ftl/FTLAbstractHeapRepository.cpp:

(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::~AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::decorateMemory):
(JSC::FTL::AbstractHeapRepository::decorateCCallRead):
(JSC::FTL::AbstractHeapRepository::decorateCCallWrite):
(JSC::FTL::AbstractHeapRepository::decoratePatchpointRead):
(JSC::FTL::AbstractHeapRepository::decoratePatchpointWrite):
(JSC::FTL::AbstractHeapRepository::computeRangesAndDecorateInstructions):

  • ftl/FTLAbstractHeapRepository.h:

(JSC::FTL::AbstractHeapRepository::forArrayType):
(JSC::FTL::AbstractHeapRepository::HeapForValue::HeapForValue):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::lower):

  • ftl/FTLOutput.cpp:

(JSC::FTL::Output::load):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::load16SignExt32):
(JSC::FTL::Output::load16ZeroExt32):
(JSC::FTL::Output::store):
(JSC::FTL::Output::store32As8):
(JSC::FTL::Output::store32As16):
(JSC::FTL::Output::baseIndex):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::address):
(JSC::FTL::Output::absolute):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::load16SignExt32):
(JSC::FTL::Output::load16ZeroExt32):
(JSC::FTL::Output::load32):
(JSC::FTL::Output::load64):
(JSC::FTL::Output::loadPtr):
(JSC::FTL::Output::loadDouble):
(JSC::FTL::Output::store32):
(JSC::FTL::Output::store64):
(JSC::FTL::Output::storePtr):
(JSC::FTL::Output::storeDouble):
(JSC::FTL::Output::ascribeRange):
(JSC::FTL::Output::nonNegative32):
(JSC::FTL::Output::load32NonNegative):
(JSC::FTL::Output::equal):
(JSC::FTL::Output::notEqual):

  • ftl/FTLTypedPointer.h:

(JSC::FTL::TypedPointer::operator!):
(JSC::FTL::TypedPointer::heap):
(JSC::FTL::TypedPointer::value):

3:21 AM Changeset in webkit [197341] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197298 - SVGToOTFFontConversion.cpp does not compile with libstdc++ 4.8
https://bugs.webkit.org/show_bug.cgi?id=154794

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-28
Reviewed by Michael Catanzaro.

No new tests needed.

  • svg/SVGToOTFFontConversion.cpp:

(WebCore::SVGToOTFFontConverter::appendLigatureSubtable): Added const
qualifiers.

3:20 AM Changeset in webkit [197340] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r197265 - Web Inspector: DataGrid's resizers aren't horizontally centered
https://bugs.webkit.org/show_bug.cgi?id=154787
<rdar://problem/24876901>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/DataGrid.css:

(.data-grid .resizer):
Use CSS transforms as margin-left doesn't support sub-pixel values.

3:19 AM Changeset in webkit [197339] by Carlos Garcia Campos
  • 10 edits in releases/WebKitGTK/webkit-2.12

Merge r197263 - Prevent cross-origin access to Location.assign() / Location.reload()
https://bugs.webkit.org/show_bug.cgi?id=154779

Reviewed by Darin Adler.

Source/WebCore:

Prevent cross-origin access to Location.assign() / Location.reload()
to match the latest specification:

Firefox and Chrome already prevent this but WebKit allowed it.

No new tests, already covered by existing tests.

  • bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::getOwnPropertySlotDelegate):
(WebCore::JSLocation::putDelegate): Deleted.

LayoutTests:

Update existing layout tests now that we prevent cross-origin access to
Location.assign() / Location.reload().

  • http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt:
  • http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html:
  • http/tests/security/cross-frame-access-location-get-expected.txt:
  • http/tests/security/cross-frame-access-location-get-override-expected.txt:
  • http/tests/security/cross-frame-access-location-get-override.html:
  • http/tests/security/cross-frame-access-location-get.html:
  • http/tests/security/xss-DENIED-defineProperty-expected.txt:
3:17 AM Changeset in webkit [197338] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197256 - CLoop build fix.

3:16 AM Changeset in webkit [197337] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r197245 - Web Inspector: Increase clickable area of the console prompt
https://bugs.webkit.org/show_bug.cgi?id=154719
<rdar://problem/24854538>

Reviewed by Timothy Hatcher.

Clicking on the area around CodeMirror element now moves
focus to the console prompt.

  • UserInterface/Views/QuickConsole.js:

(WebInspector.QuickConsole.prototype._handleMouseDown):
Only capture mousedown events on .quick-console.
Don't capture clicks on CodeMirror.

  • UserInterface/Views/QuickConsole.css:

(.quick-console > .console-prompt):
(.quick-console > .console-prompt > .CodeMirror):
Make sure .console-prompt is never an event.target for _handleMouseDown.

3:16 AM Changeset in webkit [197336] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r197244 - Network cache: old pages returned by disk cache on history navigation after session is restored
https://bugs.webkit.org/show_bug.cgi?id=153230

Reviewed by Chris Dumez.

Source/WebCore:

Add a flag to HistoryItem to mark them as restored from session
and use it from the FrameLoader to not change the policy request
when navigating to a history item that was restored from session,
except for iOS port.

  • history/HistoryItem.h:

(WebCore::HistoryItem::setWasRestoredFromSession):
(WebCore::HistoryItem::wasRestoredFromSession):

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadDifferentDocumentItem):

Source/WebKit2:

Since r181734, the network cache never revalidates resources for
history navigation. This is good for the memory cache, but in the
case of disk cache, we might end up with outdated pages when
restoring the session. When restoring the session happens because
of an API request (we also restore the session when recovering
from a web process crash), we should revalidate back forward list
requests in the disk cache if needed. This will only happen the
first time they are loaded after a session restore. After a web process
crash, resources will be used uncondionally from the disk cache.

  • WebProcess/WebPage/WebBackForwardListProxy.cpp:

(WebKit::WebBackForwardListProxy::addItemFromUIProcess): Use Ref&&
instead of PassRefPtr.

  • WebProcess/WebPage/WebBackForwardListProxy.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WePage::WebPage): Call restoreSessionInternal passing
No as restoredByAPIRequest parameter.
(WebKit::WebPage::restoreSessionInternal): Set restoredFromSession
flag to the created HistoryItem if the item was restored from
session by an API request.
(WebKit::WebPage::restoreSession): Call restoreSessionInternal
passing Yes as restoredByAPIRequest parameter.

  • WebProcess/WebPage/WebPage.h:
3:14 AM Changeset in webkit [197335] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r197242 - REGRESSION (r196741): Web Inspector: Bottom section of Layers sidebar is 1px shorter than the console prompt
https://bugs.webkit.org/show_bug.cgi?id=154773
<rdar://problem/24873345>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/LayerTreeDetailsSidebarPanel.css:

(.sidebar > .panel.details.layer-tree > .content):
(.panel.details.layer-tree .bottom-bar):

3:13 AM Changeset in webkit [197334] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197236 - [GTK] Fix order of parameters in gtkdoc for webkit_web_view_get_snapshot

Unreviewed.

  • UIProcess/API/gtk/WebKitWebView.cpp:
3:12 AM Changeset in webkit [197333] by Carlos Garcia Campos
  • 10 edits
    1 delete in releases/WebKitGTK/webkit-2.12/Source

Merge r197226 - Remove the on demand executable allocator
https://bugs.webkit.org/show_bug.cgi?id=154749

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Remove all the DemandExecutable code and executable allocator ifdefs.

(JSC::DemandExecutableAllocator::DemandExecutableAllocator): Deleted.
(JSC::DemandExecutableAllocator::~DemandExecutableAllocator): Deleted.
(JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): Deleted.
(JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): Deleted.
(JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): Deleted.
(JSC::DemandExecutableAllocator::allocateNewSpace): Deleted.
(JSC::DemandExecutableAllocator::notifyNeedPage): Deleted.
(JSC::DemandExecutableAllocator::notifyPageIsFree): Deleted.
(JSC::DemandExecutableAllocator::allocators): Deleted.
(JSC::DemandExecutableAllocator::allocatorsMutex): Deleted.
(JSC::ExecutableAllocator::initializeAllocator): Deleted.
(JSC::ExecutableAllocator::ExecutableAllocator): Deleted.
(JSC::ExecutableAllocator::~ExecutableAllocator): Deleted.
(JSC::ExecutableAllocator::isValid): Deleted.
(JSC::ExecutableAllocator::underMemoryPressure): Deleted.
(JSC::ExecutableAllocator::memoryPressureMultiplier): Deleted.
(JSC::ExecutableAllocator::allocate): Deleted.
(JSC::ExecutableAllocator::committedByteCount): Deleted.
(JSC::ExecutableAllocator::dumpProfile): Deleted.
(JSC::ExecutableAllocator::getLock): Deleted.
(JSC::ExecutableAllocator::isValidExecutableMemory): Deleted.
(JSC::ExecutableAllocator::reprotectRegion): Deleted.

  • jit/ExecutableAllocator.h:
  • jit/ExecutableAllocatorFixedVMPool.cpp:
  • jit/JITStubRoutine.h:

(JSC::JITStubRoutine::canPerformRangeFilter): Deleted.
(JSC::JITStubRoutine::filteringStartAddress): Deleted.
(JSC::JITStubRoutine::filteringExtentSize): Deleted.

Source/WTF:

Remove the DeamndExecutableAllocator compile flags.

  • wtf/Platform.h:
2:40 AM Changeset in webkit [197332] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197210 - Reduce direct callers of Structure::findStructuresAndMapForMaterialization
https://bugs.webkit.org/show_bug.cgi?id=154751

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-26
Reviewed by Mark Lam.

  • runtime/Structure.cpp:

(JSC::Structure::toStructureShape):
This property name iteration is identical to Structure::forEachPropertyConcurrently.
Share the code and reduce callers to the subtle findStructuresAndMapForMaterialization.

2:33 AM Changeset in webkit [197331] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197196 - Folding of OverridesHasInstance DFG nodes shoud happen in constant folding not fixup
https://bugs.webkit.org/show_bug.cgi?id=154743

Reviewed by Mark Lam.

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

2:26 AM Changeset in webkit [197330] by Carlos Garcia Campos
  • 4 edits
    1 add
    6 deletes in releases/WebKitGTK/webkit-2.12

Merge r197194 - <g> wrapping <symbol> causes display of hidden <symbol>
https://bugs.webkit.org/show_bug.cgi?id=154576

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-02-26
Reviewed by Darin Adler.
Source/WebCore:

The SVGSymbolElement is allowed in the shadow tree of an SVGUseElement
only if it subtree root element. Any descendant SVGSymbolElement should
be removed from the subtree because it is a hidden container. If the cloned
subtree includes an SVGUseElement which references an SVGSymbolElement,
the same rule will be applied to the descendant SVGUseElement. The goal
is to remove all the descendant SVGSymbolElements from the cloned target
because these SVGSymbolElements will be expanded to SVGSVGElements and
hence become visible.

  • svg/SVGUseElement.cpp:

(WebCore::disassociateAndRemoveClones): A helper function which removes
cloned SVGElements and their subtrees from their parents and disassociate
them from their originals.

(WebCore::removeDisallowedElementsFromSubtree): Use disassociateAndRemoveClones().

(WebCore::removeSymbolElementsFromSubtree): Removes all the descendant
SVGSymbolElements from the cloned subtree. It does not remove the root
element itself if it is an SVGSymbolElement because this one will be
expanded to an SVGSVGElement which is exactly what we need.

(WebCore::SVGUseElement::cloneTarget): Call removeSymbolElementsFromSubtree()
to remove the descendant SVGSymbolElements from the cloned subtree before
appending it to the container shadow root.

LayoutTests:

Ensure the <symbol> element is not displayed when it's wrapped in a <g>
element and this <g> element is referenced by a <use> element.

  • platform/gtk/svg/custom/use-on-g-containing-symbol-expected.png: Removed.
  • platform/gtk/svg/custom/use-on-g-containing-symbol-expected.txt: Removed.
  • platform/ios-simulator/svg/custom/use-on-g-containing-symbol-expected.txt: Removed.
  • platform/mac/svg/custom/use-on-g-containing-symbol-expected.png: Removed.
  • platform/mac/svg/custom/use-on-g-containing-symbol-expected.txt: Removed.
  • platform/win/svg/custom/use-on-g-containing-symbol-expected.txt: Removed.
  • svg/custom/use-on-g-containing-symbol-expected.svg: Added.
  • svg/custom/use-on-g-containing-symbol.svg:

The original test was wrong. It had the following definition:

"<g id='symbol'><symbol>...</symbol></g>"

And it was expecting to have the symbol drawn if the <g> element was
referenced like that

"<use xlink:href='#symbol'/>"

FireFox does not render anything for this <use> element which is correct.
With this patch, this test failed so it had to be modified to test the right
behavior. Also it is now converted to a ref test.

2:23 AM Changeset in webkit [197329] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197186 - [JSC] Add32(Imm, Tmp, Tmp) does not ZDef the destination if Imm is zero
https://bugs.webkit.org/show_bug.cgi?id=154704

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-26
Reviewed by Geoffrey Garen.

If the Imm is zero, we should still zero the top bits
to match the definition in AirOpcodes.

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::add32):

  • b3/testb3.cpp:
2:08 AM Changeset in webkit [197328] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197180 - Cache::traverse should pass the record info to its traversal handler
https://bugs.webkit.org/show_bug.cgi?id=154695

Reviewed by Antti Koivisto.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::fetchDiskCacheEntries):
(WebKit::clearDiskCacheEntries):

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::traverse):

  • NetworkProcess/cache/NetworkCache.h:
2:06 AM Changeset in webkit [197327] by commit-queue@webkit.org
  • 2 edits in trunk

Unreviewed, rolling out r197297.
https://bugs.webkit.org/show_bug.cgi?id=154810

This change broke build of GTK from scratch (Requested by
annulen on #webkit).

Reverted changeset:

"[cmake] Allow using FindGLIB in case glib is optional
dependency."
https://bugs.webkit.org/show_bug.cgi?id=154796
http://trac.webkit.org/changeset/197297

2:03 AM Changeset in webkit [197326] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r197169 - Web Inspector: Option-clicking on the a CSS property sometimes doesn't work
https://bugs.webkit.org/show_bug.cgi?id=154384
<rdar://problem/24714755>

Patch by Devin Rousso <Devin Rousso> on 2016-02-26
Reviewed by Timothy Hatcher.

It seems as though there were race conditions between CodeMirror's event
and the native mousemove such that if CodeMirror fired second, the current
candidate was cleared, and would not reset itself until the cursor was
moved, at which point the same issue could happen. To fix this, the current
candidate is no longer cleared by CodeMirror's event and is instead only
modified by the native mouse-events.

  • UserInterface/Controllers/CodeMirrorTokenTrackingController.js:

(WebInspector.CodeMirrorTokenTrackingController.prototype._hidePopover):

2:02 AM Changeset in webkit [197325] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197164 - [DFG] Drop unnecessary proved type branch in ToPrimitive
https://bugs.webkit.org/show_bug.cgi?id=154716

Reviewed by Geoffrey Garen.

This branching based on the proved types is unnecessary because this is already handled in constant folding phase.
In fact, the DFGSpeculativeJIT64.cpp case is already removed in r164243.
This patch removes the remaining JIT32_64 case.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

2:02 AM Changeset in webkit [197324] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197159 - [JSC] Be aggressive with OSR Entry to FTL if the DFG function was only used for OSR Entry itself
https://bugs.webkit.org/show_bug.cgi?id=154575

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-25
Reviewed by Filip Pizlo.

I noticed that imaging-gaussian-blur spends most of its
samples in DFG code despite executing most of the loop
iterations in FTL.

On this particular test, the main function is only entered
once and have a very heavy loop there. What happens is DFG
starts by compiling the full function in FTL. That takes about
8 to 10 milliseconds during which the DFG code makes very little
progress. The calls to triggerOSREntryNow() try to OSR Enter
for a while then finally start compiling something. By the time
the function is ready, we have wasted a lot of time in DFG code.

What this patch does is set a flag when a DFG function is entered.
If we try to triggerOSREntryNow() and the flag was never set,
we start compiling both the full function and the one for OSR Entry.

  • dfg/DFGJITCode.h:
  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compileEntryExecutionFlag):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):

  • dfg/DFGJITCompiler.h:
  • dfg/DFGOperations.cpp:
  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::Plan): Deleted.

  • dfg/DFGPlan.h:
  • dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::TierUpCheckInjectionPhase::run):

1:53 AM Changeset in webkit [197323] by Carlos Garcia Campos
  • 2 edits
    1 add in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197155 - [JSC] Temporal Dead Zone checks on "this" are eliminated when doing OSR Entry to FTL
https://bugs.webkit.org/show_bug.cgi?id=154664

Reviewed by Saam Barati.

When doing OSR Enter into a constructor, we lose the information
that this may have been set to empty by a previously executed block.

All the code just assumed the type for a FlushedJS value and thus
not an empty value. It was then okay to eliminate the TDZ checks.

In this patch, the values on root entry now assume they may be empty.
As a result, the SetArgument() for "this" has "empty" as possible
type and the TDZ checks are no longer eliminated.

  • dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::initialize):

[JSC] Add the test for r197155
https://bugs.webkit.org/show_bug.cgi?id=154715

Reviewed by Mark Lam.

Silly me. I forgot the test in the latest patch update.

  • tests/stress/class-syntax-tdz-osr-entry-in-loop.js: Added.
1:45 AM Changeset in webkit [197322] by Carlos Garcia Campos
  • 14 edits
    34 deletes in releases/WebKitGTK/webkit-2.12

Merge r197142 - CSP: Remove SecurityPolicy script interface
https://bugs.webkit.org/show_bug.cgi?id=154694
<rdar://problem/24846482>

Reviewed by Andy Estes.

Source/WebCore:

Remove the Content Security Policy script interface, SecurityPolicy. This interface was only
enabled when building with ENABLE(CSP_NEXT) (disabled by default).

For completeness, the SecurityPolicy interface was removed from the Content Security Policy 1.1 spec.
in <https://github.com/w3c/webappsec/commit/18882953ce2d8afca25f685557fef0e0471b2c9a> (12/26/2013).

  • CMakeLists.txt: Remove files to DOMSecurityPolicy.{cpp, idl}.
  • DerivedSources.cpp: Remove file JSDOMSecurityPolicy.cpp.
  • DerivedSources.make: Remove file DOMSecurityPolicy.idl.
  • PlatformGTK.cmake: Ditto.
  • PlatformMac.cmake: Ditto.
  • WebCore.xcodeproj/project.pbxproj: Remove files DOMSecurityPolicy files.
  • bindings/scripts/CodeGeneratorGObject.pm: Remove reference to DOMSecurityPolicy.
  • dom/Document.cpp:

(WebCore::Document::securityPolicy): Deleted.

  • dom/Document.h:
  • dom/Document.idl: Remove attribute securityPolicy.
  • page/DOMSecurityPolicy.cpp: Removed.
  • page/DOMSecurityPolicy.h: Removed.
  • page/DOMSecurityPolicy.idl: Removed.

LayoutTests:

Remove SecurityPolicy tests and update platform-specific expected results as needed.

  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html: Removed.
  • http/tests/security/contentSecurityPolicy/resources/securitypolicy-tests-base.js: Removed.
  • platform/gtk/js/dom/global-constructors-attributes-expected.txt: Update expected result as needed.
  • platform/win/js/dom/global-constructors-attributes-expected.txt: Ditto.
1:27 AM Changeset in webkit [197321] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197141 - Don't clear the weak JSString cache on memory pressure.
<https://webkit.org/b/154693>

Reviewed by Antti Koivisto.

This was stupid. The cache is a WeakGCMap, so all the JSStrings pointed to are
still alive anyway. This way we keep the ability to deduplicate common strings.

  • platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::releaseNoncriticalMemory): Deleted.

1:25 AM Changeset in webkit [197320] by Carlos Garcia Campos
  • 4 edits
    1 delete in releases/WebKitGTK/webkit-2.12/LayoutTests

Merge r197138 - Unreviewed test gardening.

Fix a test flake where order doesn't matter.

  • platform/wk2/storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange-expected.txt: Removed.
  • storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange-expected.txt:
  • storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange-private-expected.txt:
  • storage/indexeddb/resources/deletedatabase-delayed-by-open-and-versionchange.js:

(prepareDatabase.request.onblocked):
(onOpenSuccess):

1:25 AM Changeset in webkit [197319] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197134 - [JSC] Remove a useless "Move" in the lowering of Select
https://bugs.webkit.org/show_bug.cgi?id=154670

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-25
Reviewed by Geoffrey Garen.

I left the Move instruction when creating the aliasing form
of Select.

On ARM64, that meant a useless move for any case that can't
be coalesced.

On x86, that meant an extra constraint on child2, making it
stupidly hard to alias child1.

  • b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::createSelect): Deleted.

1:15 AM Changeset in webkit [197318] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197125 - REGRESSION (r196268): Many assertion failures and crashes on SVG path animation tests when JS garbage collection happens quickly
https://bugs.webkit.org/show_bug.cgi?id=154331

Reviewed by Darin Adler.

This is not an actual regression. The bug did exist before r196268 but
the whole document was leaking once an SVGAnimatedProperty was created
so there was no way to produce this bug. After fixing the leak, one crash
and one assert got uncovered. Both of them happen because of the fact:
"if an SVGAnimatedProperty is not referenced it will be deleted."

  • svg/SVGPathElement.cpp:

(WebCore::SVGPathElement::lookupOrCreateDWrapper):
The code in this function was assuming that the wrapper will be created
only once which happens when SVGAnimatedProperty::lookupOrCreateWrapper()
is called. Before making this single call, lookupOrCreateDWrapper() was
building an initial SVGPathSegList from byte stream. But now
SVGAnimatedProperty::lookupWrapper() can return false even after creating
the SVGAnimatedProperty because it was deleted later. Calling
buildSVGPathSegListFromByteStream() more than once was causing
SVGAnimatedListPropertyTearOff::animationStarted() to fire the assertion
ASSERT(m_values.size() == m_wrappers.size()) because the path segments were
appended twice to m_values which is in fact SVGPathElement::m_pathSegList.value.
The fix is to build the initial SVGPathSegList only once which should happen
when m_pathSegList.value.isEmpty().

(WebCore::SVGPathElement::animatedPropertyWillBeDeleted):

  • svg/SVGPathElement.h:
  • svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:

(WebCore::SVGAnimatedPathSegListPropertyTearOff::~SVGAnimatedPathSegListPropertyTearOff):
SVGPathElement is assuming the following equivalence relation:
m_pathSegList.shouldSynchronize ~ SVGAnimatedProperty_is_created_and_not_null.
SVGPathElement::animatedPathSegList() and animatedNormalizedPathSegList()
set m_pathSegList.shouldSynchronize to true when SVGAnimatedProperty is
created but nothing sets m_pathSegList.shouldSynchronize back to false.
This was not a problem when the SVGAnimatedProperty was leaking but after
ensuring it is deleted when it is not referenced this equivalence relation
becomes untrue sometimes. This caused SVGPathElement::svgAttributeChanged()
to crash when we check m_pathSegList.shouldSynchronize and if it is true we
assume that SVGAnimatedProperty::lookupWrapper() will return a non-null pointer
and therefore we deference this pointer and call SVGAnimatedProperty::isAnimating().
To fix this crash we need to set m_pathSegList.shouldSynchronize back to false
when the associated SVGAnimatedProperty is deleted.

1:13 AM Changeset in webkit [197317] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12

Merge r197123 - HashMap::ensure() should return an AddResult like all the other add-like functions.
https://bugs.webkit.org/show_bug.cgi?id=154680

Reviewed by Anders Carlsson.

While adopting HashMap::ensure(), I found it was useful in some circumstances to know
if the value was added or not. While I could discern this information by setting a bool
in the passed in lambda, it seemed clearer and more idiomatic to just have ensure return
an AddResult like all the other add-like functions do.

  • wtf/HashMap.h:

Change return type of HashMap::ensure() to be an AddResult.

Tools:
HashMap::ensure() should return an AddResult like all the other add-like functions
https://bugs.webkit.org/show_bug.cgi?id=154680

Reviewed by Anders Carlsson.

  • TestWebKitAPI/Tests/WTF/HashMap.cpp:

(TestWebKitAPI::TEST):
Update tests to use/test the new AddResult result.

12:36 AM Changeset in webkit [197316] by Antti Koivisto
  • 3 edits
    2 adds in trunk

::slotted doesn't work in nested shadow trees
https://bugs.webkit.org/show_bug.cgi?id=154765
<rdar://problem/24870995>

Reviewed by Ryosuke Niwa.

Source/WebCore:

See https://github.com/w3c/webcomponents/issues/331#issuecomment-189191593

Test: fast/shadow-dom/css-scoping-shadow-slotted-nested.html

  • css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::matchSlottedPseudoElementRules):

Collect ::slotted rules from all the nested shadow trees instead of just the host's.

LayoutTests:

  • fast/shadow-dom/css-scoping-shadow-slotted-nested-expected.html: Added.
  • fast/shadow-dom/css-scoping-shadow-slotted-nested.html: Added.

Feb 28, 2016:

11:36 PM Changeset in webkit [197315] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197306 - Reduce uses of PassRefPtr in indexeddb
https://bugs.webkit.org/show_bug.cgi?id=154273

Reviewed by Darin Adler.

No new tests, no behavior changes.

  • Modules/indexeddb/IDBDatabaseError.h:

(WebCore::IDBDatabaseError::create):

  • Modules/indexeddb/IDBKeyData.cpp:

(WebCore::IDBKeyData::maybeCreateIDBKey):

  • Modules/indexeddb/IDBKeyData.h:
  • Modules/indexeddb/IDBKeyRange.cpp:

(WebCore::IDBKeyRange::create):
(WebCore::IDBKeyRange::IDBKeyRange):
(WebCore::IDBKeyRange::only):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):

  • Modules/indexeddb/IDBKeyRange.h:

(WebCore::IDBKeyRange::create):
(WebCore::IDBKeyRange::lower):
(WebCore::IDBKeyRange::upper):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):

  • Modules/indexeddb/IDBKeyRangeData.cpp:

(WebCore::IDBKeyRangeData::maybeCreateIDBKeyRange):

  • Modules/indexeddb/IDBKeyRangeData.h:
  • Modules/indexeddb/IDBServerConnection.h:
  • Modules/indexeddb/legacy/IDBCallbacks.h:
  • Modules/indexeddb/legacy/IDBCursorBackend.cpp:

(WebCore::IDBCursorBackend::continueFunction):

  • Modules/indexeddb/legacy/IDBCursorBackend.h:
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.h:

(WebCore::CursorIterationOperation::create):
(WebCore::CursorIterationOperation::CursorIterationOperation):

  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp:

(WebCore::GetOperation::perform):
(WebCore::PutOperation::perform):

  • Modules/indexeddb/legacy/LegacyCursor.cpp:

(WebCore::LegacyCursor::continueFunction):

  • Modules/indexeddb/legacy/LegacyCursor.h:
  • Modules/indexeddb/legacy/LegacyFactory.h:

(WebCore::LegacyFactory::create):

  • Modules/indexeddb/legacy/LegacyRequest.cpp:

(WebCore::LegacyRequest::onSuccess):

  • Modules/indexeddb/legacy/LegacyRequest.h:
  • inspector/InspectorIndexedDBAgent.cpp:
11:36 PM Changeset in webkit [197314] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197246 - Unreviewed. Fix GTK+ clean build.

Add missing header include.

  • WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:
11:35 PM Changeset in webkit [197313] by Carlos Garcia Campos
  • 11 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r197231 - Modern IDB: New database versions are never committed to SQLite.
<rdar://problem/24860952> and https://bugs.webkit.org/show_bug.cgi?id=154741

Modern IDB: If a database handle is not open, files are not actually deleted from disk
https://bugs.webkit.org/show_bug.cgi?id=154756

Reviewed by Alex Christensen.

Source/WebCore:

Tested by API test "IndexedDBPersistence"

  • Modules/indexeddb/server/IDBServer.cpp:

(WebCore::IDBServer::IDBServer::deleteDatabase): If there's not an open handle to the database, create one.

  • Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::beginTransaction): If a version change transaction, actually

set the new version on disk.

  • Modules/indexeddb/server/UniqueIDBDatabase.cpp:

(WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
(WebCore::IDBServer::UniqueIDBDatabase::deleteBackingStore): If there is no open backing store, create one.

This is necessary to both read the current database version, and to actually delete the file on disk.

(WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore): If necessary, manufacture a "most recently

deleted database info" from the version returned by deleteBackingStore.

  • Modules/indexeddb/server/UniqueIDBDatabase.h:

Source/WebKit2:

Add WK2 SPI to force termination of the database process.

  • UIProcess/API/Cocoa/WKProcessPool.mm:

(-[WKProcessPool _terminateDatabaseProcess]):

  • UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::terminateDatabaseProcess):

  • UIProcess/WebProcessPool.h:

Tools:

This also happens to test the previously untested fix for http://trac.webkit.org/changeset/197190

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence-1.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence-2.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence.mm: Added.

(-[IndexedDBNavigationDelegate webView:didFinishNavigation:]):
(-[IndexedDBMessageHandler userContentController:didReceiveScriptMessage:]):
(TEST):

11:35 PM Changeset in webkit [197312] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197190 - Modern IDB: Using existing database info from SQLite backing store is busted.
<rdar://problem/24848143> and https://bugs.webkit.org/show_bug.cgi?id=154735

Reviewed by Alex Christensen.

No new tests.

Reproducing the bug requires having a known database on disk *before* launching the DatabaseProcess to
read in the existing IDBDatabaseInfo.

Our automated infrastructure currently has no way of testing this.

  • Modules/indexeddb/client/IDBConnectionToServer.cpp:

(WebCore::IDBClient::IDBConnectionToServer::openDatabase):

  • Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo): Do the optional migrate on

the IndexRecords table here; *every* time we open a SQLite backing store.

(WebCore::IDBServer::SQLiteIDBBackingStore::createAndPopulateInitialDatabaseInfo): Deleted.

  • Modules/indexeddb/shared/IDBDatabaseInfo.cpp:

(WebCore::IDBDatabaseInfo::isolatedCopy): Copy the entire object, not just name/version.

11:35 PM Changeset in webkit [197311] by Carlos Garcia Campos
  • 40 edits
    71 deletes in releases/WebKitGTK/webkit-2.12/Source

Merge r197131 - Remove LegacyIDB.
https://bugs.webkit.org/show_bug.cgi?id=150854

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (No change in behavior).

  • CMakeLists.txt:
  • Modules/indexeddb/DOMWindowIndexedDatabase.cpp:

(WebCore::DOMWindowIndexedDatabase::indexedDB):

  • Modules/indexeddb/IDBDatabaseMetadata.cpp: Removed.
  • Modules/indexeddb/IDBDatabaseMetadata.h: Removed.
  • Modules/indexeddb/IDBFactory.h:
  • Modules/indexeddb/IDBIndex.h:
  • Modules/indexeddb/IDBIndexMetadata.h: Removed.
  • Modules/indexeddb/IDBObjectStoreMetadata.h: Removed.
  • Modules/indexeddb/IDBOperation.h: Removed.
  • Modules/indexeddb/IDBServerConnection.h: Removed.
  • Modules/indexeddb/IDBTransaction.h:
  • Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.cpp:

(WebCore::WorkerGlobalScopeIndexedDatabase::indexedDB):

  • Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.h:
  • Modules/indexeddb/legacy/IDBCallbacks.h: Removed.
  • Modules/indexeddb/legacy/IDBCursorBackend.cpp: Removed.
  • Modules/indexeddb/legacy/IDBCursorBackend.h: Removed.
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.cpp: Removed.
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.h: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseBackend.cpp: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseBackend.h: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacks.h: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacksImpl.cpp: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacksImpl.h: Removed.
  • Modules/indexeddb/legacy/IDBFactoryBackendInterface.h: Removed.
  • Modules/indexeddb/legacy/IDBPendingDeleteCall.h: Removed.
  • Modules/indexeddb/legacy/IDBPendingOpenCall.h: Removed.
  • Modules/indexeddb/legacy/IDBPendingTransactionMonitor.cpp: Removed.
  • Modules/indexeddb/legacy/IDBPendingTransactionMonitor.h: Removed.
  • Modules/indexeddb/legacy/IDBTransactionBackend.cpp: Removed.
  • Modules/indexeddb/legacy/IDBTransactionBackend.h: Removed.
  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp: Removed.
  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.h: Removed.
  • Modules/indexeddb/legacy/IDBTransactionCoordinator.cpp: Removed.
  • Modules/indexeddb/legacy/IDBTransactionCoordinator.h: Removed.
  • Modules/indexeddb/legacy/LegacyAny.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyAny.h: Removed.
  • Modules/indexeddb/legacy/LegacyCursor.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyCursor.h: Removed.
  • Modules/indexeddb/legacy/LegacyCursorWithValue.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyCursorWithValue.h: Removed.
  • Modules/indexeddb/legacy/LegacyDatabase.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyDatabase.h: Removed.
  • Modules/indexeddb/legacy/LegacyFactory.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyFactory.h: Removed.
  • Modules/indexeddb/legacy/LegacyIndex.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyIndex.h: Removed.
  • Modules/indexeddb/legacy/LegacyObjectStore.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyObjectStore.h: Removed.
  • Modules/indexeddb/legacy/LegacyOpenDBRequest.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyOpenDBRequest.h: Removed.
  • Modules/indexeddb/legacy/LegacyRequest.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyRequest.h: Removed.
  • Modules/indexeddb/legacy/LegacyTransaction.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyTransaction.h: Removed.
  • Modules/indexeddb/legacy/LegacyVersionChangeEvent.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyVersionChangeEvent.h: Removed.
  • Modules/indexeddb/server/SQLiteIDBCursor.cpp:

(WebCore::IDBServer::SQLiteIDBCursor::SQLiteIDBCursor):
(WebCore::IDBServer::SQLiteIDBCursor::establishStatement):
(WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):

  • Modules/indexeddb/server/SQLiteIDBCursor.h:
  • Modules/indexeddb/shared/IDBIndexInfo.h:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/IDBBindingUtilities.cpp:

(WebCore::generateIndexKeysForValue): Deleted.

  • bindings/js/IDBBindingUtilities.h:
  • bindings/js/JSMainThreadExecState.cpp:

(WebCore::JSMainThreadExecState::didLeaveScriptContext): Deleted.

  • inspector/InspectorIndexedDBAgent.cpp:
  • loader/EmptyClients.cpp:
  • page/DatabaseProvider.cpp:

(WebCore::DatabaseProvider::idbFactoryBackend): Deleted.

  • page/DatabaseProvider.h:
  • platform/CrossThreadCopier.cpp:

(WebCore::IDBDatabaseMetadata>::copy): Deleted.
(WebCore::IDBIndexMetadata>::copy): Deleted.
(WebCore::IDBObjectStoreMetadata>::copy): Deleted.

  • platform/CrossThreadCopier.h:

Source/WebKit:

  • Storage/WebDatabaseProvider.cpp:

(WebDatabaseProvider::createIDBFactoryBackend): Deleted.

  • Storage/WebDatabaseProvider.h:

Source/WebKit2:

  • CMakeLists.txt:
  • DatabaseProcess/DatabaseProcess.cpp:

(WebKit::DatabaseProcess::getOrCreateLegacyUniqueIDBDatabase): Deleted.
(WebKit::DatabaseProcess::removeLegacyUniqueIDBDatabase): Deleted.

  • DatabaseProcess/DatabaseProcess.h:
  • DatabaseProcess/DatabaseToWebProcessConnection.cpp:

(WebKit::DatabaseToWebProcessConnection::didClose):
(WebKit::DatabaseToWebProcessConnection::didReceiveMessage): Deleted.
(WebKit::DatabaseToWebProcessConnection::didReceiveSyncMessage): Deleted.
(WebKit::DatabaseToWebProcessConnection::establishIDBConnection): Deleted.
(WebKit::DatabaseToWebProcessConnection::removeDatabaseProcessIDBConnection): Deleted.

  • DatabaseProcess/DatabaseToWebProcessConnection.h:
  • DatabaseProcess/DatabaseToWebProcessConnection.messages.in:
  • DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.cpp: Removed.
  • DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.h: Removed.
  • DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.messages.in: Removed.
  • DatabaseProcess/IndexedDB/IDBIdentifier.h: Removed.
  • DatabaseProcess/IndexedDB/IDBSerialization.cpp: Removed.
  • DatabaseProcess/IndexedDB/IDBSerialization.h: Removed.
  • DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabase.cpp: Removed.
  • DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabase.h: Removed.
  • DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabaseIdentifier.cpp: Removed.
  • DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabaseIdentifier.h: Removed.
  • DatabaseProcess/IndexedDB/UniqueIDBDatabaseBackingStore.h: Removed.
  • DatabaseProcess/IndexedDB/WebIDBConnectionToClient.h:
  • DatabaseProcess/IndexedDB/sqlite/SQLiteIDBCursor.cpp: Removed.
  • DatabaseProcess/IndexedDB/sqlite/SQLiteIDBCursor.h: Removed.
  • DatabaseProcess/IndexedDB/sqlite/SQLiteIDBTransaction.cpp: Removed.
  • DatabaseProcess/IndexedDB/sqlite/SQLiteIDBTransaction.h: Removed.
  • DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.cpp: Removed.
  • DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.h: Removed.
  • DerivedSources.make:
  • Shared/WebCrossThreadCopier.cpp:

(WebCore::LegacyUniqueIDBDatabaseIdentifier>::copy): Deleted.
(WebCore::IDBIdentifier>::copy): Deleted.

  • Shared/WebCrossThreadCopier.h:
  • WebKit2.xcodeproj/project.pbxproj:
  • WebProcess/Databases/IndexedDB/WebIDBFactoryBackend.cpp: Removed.
  • WebProcess/Databases/IndexedDB/WebIDBFactoryBackend.h: Removed.
  • WebProcess/Databases/IndexedDB/WebIDBServerConnection.cpp: Removed.
  • WebProcess/Databases/IndexedDB/WebIDBServerConnection.h: Removed.
  • WebProcess/Databases/IndexedDB/WebIDBServerConnection.messages.in: Removed.
  • WebProcess/Databases/WebDatabaseProvider.cpp:

(WebKit::WebDatabaseProvider::createIDBFactoryBackend): Deleted.

  • WebProcess/Databases/WebDatabaseProvider.h:
  • WebProcess/Databases/WebToDatabaseProcessConnection.cpp:

(WebKit::WebToDatabaseProcessConnection::didReceiveMessage): Deleted.
(WebKit::WebToDatabaseProcessConnection::registerWebIDBServerConnection): Deleted.
(WebKit::WebToDatabaseProcessConnection::removeWebIDBServerConnection): Deleted.

  • WebProcess/Databases/WebToDatabaseProcessConnection.h:
  • WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
11:33 PM Changeset in webkit [197310] by Carlos Garcia Campos
  • 10 edits
    1 add
    78 deletes in releases/WebKitGTK/webkit-2.12

Merge r197122 - Modern IDB: WebKit 2 IPC layer.
https://bugs.webkit.org/show_bug.cgi?id=153808

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (Covered by over 1,000 existing tests).

  • Modules/indexeddb/IDBKeyData.h:

(WebCore::IDBKeyData::encode): It's okay to encode Min and Max.
(WebCore::IDBKeyData::decode): It's okay to decode Min and Max.

Source/WebKit2:

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::NetworkLoad): This ASSERT fires on most WK2 tests. Alex said remove it.

  • WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

(WebKit::WebIDBConnectionToServer::putOrAdd): Properly encode the overwrite flag.

  • WebProcess/Databases/WebDatabaseProvider.h: Enable Modern IDB.

LayoutTests:

  • Consolidate all test failures to the platform agnostic TestExpectations file.
  • Remove all existing WK2-specific results.
  • Add one new WK2-specific result.
  • Skip two WK2-only failures.
  • TestExpectations:
  • platform/mac-wk1/TestExpectations:
  • platform/mac-wk2/TestExpectations:
  • platform/wk2/TestExpectations:
  • platform/wk2/imported/w3c/indexeddb/abort-in-initial-upgradeneeded-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor-advance-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_advance_index5-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_advance_index9-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_advance_objectstore5-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_index5-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_index6-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_index8-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_invalid-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_objectstore6-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_delete_index4-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_delete_objectstore4-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbdatabase_close2-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbdatabase_deleteObjectStore4-not_reused-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbfactory_deleteDatabase3-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbfactory_open12-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex-multientry-big-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_get3-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_get7-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_getKey7-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_openCursor2-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_openKeyCursor3-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_add4-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_createIndex2-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_createIndex4-deleteIndex-event_order-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_createIndex6-event_order-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_createIndex7-event_order-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_put4-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbtransaction_abort-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbversionchangeevent-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/keygenerator-constrainterror-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/keygenerator-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/keygenerator-overflow-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/transaction-requestqueue-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/aborted-versionchange-closes-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/bad-keypath-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/basics-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/clear-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/create-and-remove-object-store-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/create-objectstore-basics-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/cursor-continue-dir-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/cursor-continue-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/cursor-finished-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/cursors-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/database-basics-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/deleteIndex-bug110792-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange-expected.txt: Added.
  • platform/wk2/storage/indexeddb/index-count-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/intversion-abort-in-initial-upgradeneeded-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/intversion-close-in-oncomplete-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/intversion-close-in-upgradeneeded-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/invalid-keys-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-requirements-delete-null-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-requirements-inline-and-passed-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-requirements-put-no-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-requirements-put-null-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-type-array-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/keypath-arrays-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/keypath-edges-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/keyrange-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/bad-keypath-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/clear-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/create-objectstore-basics-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/cursors-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/key-requirements-delete-null-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/key-requirements-inline-and-passed-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/key-requirements-put-no-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/key-requirements-put-null-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/readonly-transactions-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/object-lookups-in-versionchange-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/objectstore-count-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/open-cursor-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/readonly-transactions-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/request-result-cache-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/transaction-abort-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/transaction-active-flag-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/transaction-after-close-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/transaction-read-only-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/version-change-exclusive-expected.txt: Removed.
10:57 PM Changeset in webkit [197309] by Carlos Garcia Campos
  • 22 edits
    1 copy
    1 add in releases/WebKitGTK/webkit-2.12

Merge r197118 - CSP: Make SecurityPolicyViolationEvent more closely conform to CSP spec and enable it by default
https://bugs.webkit.org/show_bug.cgi?id=154522
<rdar://problem/24762078>

Reviewed by Brent Fulgham.

Source/WebCore:

Include attributes statusCode and columnNumber in a dispatched SecurityPolicyViolationEvent and
as part of the SecurityPolicyViolationEventInit dictionary as per section Violation DOM Events
of the Content Security Policy Level 3 spec., <https://w3c.github.io/webappsec-csp/> (24 February 2016).
Additionally, enable dispatching of this event when a Content Security Policy violation occurs regardless
of whether ENABLE(CSP_NEXT) is enabled.

Test: http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html

  • WebCore.xcodeproj/project.pbxproj: Add files JSSecurityPolicyViolationEvent.{cpp, h}.
  • dom/EventNames.in: Enable support for SecurityPolicyViolationEvent unconditionally.
  • dom/SecurityPolicyViolationEvent.h: Remove ENABLE(CSP_NEXT)-guard so that we compile this

code unconditionally. Modified SecurityPolicyViolationEventInit and SecurityPolicyViolationEvent
to support attributes statusCode and columnNumebr.

  • dom/SecurityPolicyViolationEvent.idl: Add attributes statusCode and columnNumber.
  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::reportViolation): Modified to both dispatch a SecurityPolicyViolationEvent
and send a violation report (if applicable).

LayoutTests:

Add new test http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html
to ensure that SecurityPolicyViolationEvent.statusCode is 0 when dispatched for a violation on an HTTPS-served
document per section Reporting of the Content Security Policy 2.0 spec, <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.
Update existing test results and mark more tests as PASS in file LayoutTests/TestExpectations.

  • TestExpectations: Mark tests http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation*.html as PASS

so that we run them.

  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-basics-expected.txt: Update expected result to

reflect failing sub-test. We do not support the experimental JavaScript event listener onsecuritypolicyviolation when
building with ENABLE(CSP_NEXT) disabled.

  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-expected.txt: Update line and column numbers.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html: Added.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html: Update line and column numbers.
  • js/dom/global-constructors-attributes-expected.txt: Update expected results now that we expose SecurityPolicyViolationEvent.
  • platform/efl/js/dom/global-constructors-attributes-expected.txt: Ditto.
  • platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt: Ditto.
  • platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt: Ditto.
  • platform/mac/js/dom/global-constructors-attributes-expected.txt: Ditto.
9:26 PM Changeset in webkit [197308] by akling@apple.com
  • 7 edits in trunk/Source/JavaScriptCore

Make JSFunction.name allocation fully lazy.
<https://webkit.org/b/154806>

Reviewed by Saam Barati.

We were reifying the "name" field on functions lazily, but created the string
value itself up front. This patch gets rid of the up-front allocation,
saving us a JSString allocation per function in most cases.

  • builtins/BuiltinExecutables.cpp:

(JSC::createExecutableInternal):

  • bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::visitChildren):

  • bytecode/UnlinkedFunctionExecutable.h:
  • runtime/CodeCache.cpp:

(JSC::CodeCache::getFunctionExecutableFromGlobalCode):

  • runtime/Executable.h:
  • runtime/JSFunction.cpp:

(JSC::JSFunction::reifyName):

8:36 PM Changeset in webkit [197307] by Chris Dumez
  • 4 edits in trunk

Parse HTMLOLElement.start as per the HTML spec
https://bugs.webkit.org/show_bug.cgi?id=154802

Reviewed by Andreas Kling.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/reflection-grouping-expected.txt:

Source/WebCore:

Parse HTMLOLElement.start as per the HTML spec:

No new tests, already covered by existing test.

  • html/HTMLOListElement.cpp:

(WebCore::HTMLOListElement::parseAttribute):

5:57 PM Changeset in webkit [197306] by Gyuyoung Kim
  • 9 edits in trunk/Source/WebCore

Reduce uses of PassRefPtr in indexeddb
https://bugs.webkit.org/show_bug.cgi?id=154273

Reviewed by Darin Adler.

No new tests, no behavior changes.

  • Modules/indexeddb/IDBDatabaseError.h:

(WebCore::IDBDatabaseError::create):

  • Modules/indexeddb/IDBKeyData.cpp:

(WebCore::IDBKeyData::maybeCreateIDBKey):

  • Modules/indexeddb/IDBKeyData.h:
  • Modules/indexeddb/IDBKeyRange.cpp:

(WebCore::IDBKeyRange::create):
(WebCore::IDBKeyRange::IDBKeyRange):
(WebCore::IDBKeyRange::only):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):

  • Modules/indexeddb/IDBKeyRange.h:

(WebCore::IDBKeyRange::create):
(WebCore::IDBKeyRange::lower):
(WebCore::IDBKeyRange::upper):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):

  • Modules/indexeddb/IDBKeyRangeData.cpp:

(WebCore::IDBKeyRangeData::maybeCreateIDBKeyRange):

  • Modules/indexeddb/IDBKeyRangeData.h:
  • Modules/indexeddb/IDBServerConnection.h:
  • Modules/indexeddb/legacy/IDBCallbacks.h:
  • Modules/indexeddb/legacy/IDBCursorBackend.cpp:

(WebCore::IDBCursorBackend::continueFunction):

  • Modules/indexeddb/legacy/IDBCursorBackend.h:
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.h:

(WebCore::CursorIterationOperation::create):
(WebCore::CursorIterationOperation::CursorIterationOperation):

  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp:

(WebCore::GetOperation::perform):
(WebCore::PutOperation::perform):

  • Modules/indexeddb/legacy/LegacyCursor.cpp:

(WebCore::LegacyCursor::continueFunction):

  • Modules/indexeddb/legacy/LegacyCursor.h:
  • Modules/indexeddb/legacy/LegacyFactory.h:

(WebCore::LegacyFactory::create):

  • Modules/indexeddb/legacy/LegacyRequest.cpp:

(WebCore::LegacyRequest::onSuccess):

  • Modules/indexeddb/legacy/LegacyRequest.h:
  • inspector/InspectorIndexedDBAgent.cpp:
5:44 PM Changeset in webkit [197305] by akling@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

REGRESSION(r197303): 4 jsc tests failing on bots.

Unreviewed follow-up fix.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): This function
can still get called with !m_rareData, in case the type profiler is active but this
particular code block doesn't have type profiler data. Handle it gracefully.

4:32 PM Changeset in webkit [197304] by weinig@apple.com
  • 24 edits
    1 add
    1 delete in trunk

Reimplement WKPageGroup in terms of WKUserContentController
https://bugs.webkit.org/show_bug.cgi?id=154804

Reviewed by Dan Bernstein.

Source/WebKit2:

Instead of having both WebPageGroup and WebUserContentControllerProxy both keep track
of user scripts and user stylesheets, give WebPageGroup a WebUserContentControllerProxy
and let it take care of things. This allows us to remove a ton of duplicate code, and
provides a convenient way for clients currently using PageGroup based user content insertion
to start using UserContentController, since they can now be used at the same time.

When using WKPageConfigurationRef, the rule is:

  • If you don't set a WKUserContentControllerRef, the one from the WKPageGroupRef will be used.
  • If you do set a WKUserContentControllerRef, it will be used, and the one from the WKPageGroupRef will do nothing for that web view.
  • DerivedSources.make:

Remove WebPageGroupProxy. It no longer is a MessageReceiver.

  • Shared/WebPageGroupData.cpp:

(WebKit::WebPageGroupData::encode):
(WebKit::WebPageGroupData::decode):

  • Shared/WebPageGroupData.h:

Stop encoding/decoding user content, instead just encode the identifier to the UserContentController.

  • UIProcess/API/C/WKPageGroup.cpp:

(WKPageGroupGetUserContentController):

  • UIProcess/API/C/WKPageGroup.h:

Add getter for the underlying WKUserContentControllerRef.

  • UIProcess/API/cpp/WKRetainPtr.h:

(WebKit::retainWK):
Add retainWK() helper to match RetainPtr's retainPtr() helper.

  • UIProcess/WebPageGroup.cpp:

(WebKit::WebPageGroup::WebPageGroup):
(WebKit::WebPageGroup::userContentController):
(WebKit::WebPageGroup::addUserStyleSheet):
(WebKit::WebPageGroup::addUserScript):
(WebKit::WebPageGroup::removeAllUserStyleSheets):
(WebKit::WebPageGroup::removeAllUserScripts):
(WebKit::WebPageGroup::removeAllUserContent):
(WebKit::WebPageGroup::addUserContentExtension):
(WebKit::WebPageGroup::removeUserContentExtension):
(WebKit::WebPageGroup::removeAllUserContentExtensions):

  • UIProcess/WebPageGroup.h:

Pass through to the WebUserContentControllerProxy.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::finishInitializingWebPageAfterProcessLaunch):
(WebKit::WebPageProxy::creationParameters):

  • UIProcess/WebPageProxy.h:

WebPageProxies always have a WebUserContentControllerProxy now, so it can go in a Ref and
a few branches can be removed.

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::createWebPage):
If a UserContentController is not passed in, use the one from the PageGroup.

  • WebKit2.xcodeproj/project.pbxproj:

Remove files.

  • WebProcess/InjectedBundle/InjectedBundle.cpp:

Add some #includes that are now needed.

  • WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::WebUserContentController::getOrCreate):

  • WebProcess/UserContent/WebUserContentController.h:

Modernize WebUserContentController::getOrCreate to return a Ref.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::m_shouldDispatchFakeMouseMoveEvents):
(WebKit::WebPage::addUserScript):
(WebKit::WebPage::addUserStyleSheet):
(WebKit::WebPage::removeAllUserContent):

  • WebProcess/WebPage/WebPage.h:

Store the WebUserContentController in Ref, remove unnecessary branches/asserts.

  • WebProcess/WebPage/WebPageGroupProxy.cpp:

(WebKit::WebPageGroupProxy::WebPageGroupProxy):
(WebKit::WebPageGroupProxy::~WebPageGroupProxy):
(WebKit::WebPageGroupProxy::userContentController):
(WebKit::WebPageGroupProxy::addUserStyleSheet): Deleted.
(WebKit::WebPageGroupProxy::addUserScript): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserStyleSheets): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserScripts): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserContent): Deleted.
(WebKit::WebPageGroupProxy::addUserContentExtension): Deleted.
(WebKit::WebPageGroupProxy::removeUserContentExtension): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserContentExtensions): Deleted.

  • WebProcess/WebPage/WebPageGroupProxy.h:

Store a WebUserContentController in a Ref, remove now unnecessary message handling functions.

  • WebProcess/WebPage/WebPageGroupProxy.messages.in:

Removed.

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::didReceiveMessage):
Remove routing to WebPageGroupProxy, which is no longer a MessageReceiver.

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2/PageGroup.cpp: Added.
2:21 PM Changeset in webkit [197303] by akling@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Shrink UnlinkedCodeBlock a bit.
<https://webkit.org/b/154797>

Reviewed by Anders Carlsson.

Move profiler-related members of UnlinkedCodeBlock into its RareData
structure, saving 40 bytes, and then reorder the other members of
UnlinkedCodeBlock to save another 24 bytes, netting a nice total 64.

The VM member was removed entirely since UnlinkedCodeBlock is a cell
and can retrieve its VM through MarkedBlock header lookup.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::vm):
(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset):
(JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo):
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::addRegExp):
(JSC::UnlinkedCodeBlock::addConstant):
(JSC::UnlinkedCodeBlock::addFunctionDecl):
(JSC::UnlinkedCodeBlock::addFunctionExpr):
(JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
(JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
(JSC::UnlinkedCodeBlock::vm): Deleted.

1:56 PM Changeset in webkit [197302] by weinig@apple.com
  • 17 edits in trunk

Source/WebKit2:
Bind _WKUserStyleSheets to _WKUserContentWorlds to allow for grouping of user content by associating to a world
https://bugs.webkit.org/show_bug.cgi?id=154798

Reviewed by Dan Bernstein.

Treat _WKUserStyleSheets like WKUserScripts and allow them to be bound to a _WKUserContentWorld.
The immediate benefit of this is allowing a client to bind a set of user content (scripts and stylesheets
for now) to a world and have them easily remove all user content associated with that world easily.

  • Shared/API/APIArray.h:

Add helpers removeAllMatching and removeAllOfTypeMatching.

  • UIProcess/API/APIUserStyleSheet.h:

Add API::UserContentWorld member.

  • UIProcess/API/Cocoa/WKUserContentController.mm:

(-[WKUserContentController _removeAllUserScriptsAssociatedWithUserContentWorld:]):
(-[WKUserContentController _removeAllUserStyleSheetsAssociatedWithUserContentWorld:]):

  • UIProcess/API/Cocoa/WKUserContentControllerPrivate.h:

Add _removeAllUserScriptsAssociatedWithUserContentWorld and _removeAllUserStyleSheetsAssociatedWithUserContentWorld.

  • UIProcess/API/Cocoa/WKUserScript.mm:

(-[WKUserScript _initWithSource:injectionTime:forMainFrameOnly:legacyWhitelist:legacyBlacklist:userContentWorld:]):
(toStringVector): Deleted.

  • UIProcess/API/Cocoa/_WKUserContentWorldInternal.h:

(API::toStringVector):
Move toStringVector to a location where it can be shared.

  • UIProcess/API/Cocoa/_WKUserStyleSheet.h:
  • UIProcess/API/Cocoa/_WKUserStyleSheet.mm:

(-[_WKUserStyleSheet initWithSource:forMainFrameOnly:legacyWhitelist:legacyBlacklist:userContentWorld:]):
Add new initializer which has a world to be bound to. While here, match WKUserScript and add support for the
legacy whitelist and blacklists.

  • UIProcess/UserContent/WebUserContentControllerProxy.cpp:

(WebKit::WebUserContentControllerProxy::addProcess):
(WebKit::WebUserContentControllerProxy::removeProcess):
(WebKit::WebUserContentControllerProxy::addUserContentWorldUse):
(WebKit::WebUserContentControllerProxy::shouldSendRemoveUserContentWorldsMessage):
(WebKit::WebUserContentControllerProxy::removeUserContentWorldUses):
(WebKit::WebUserContentControllerProxy::addUserScript):
(WebKit::WebUserContentControllerProxy::removeUserScript):
(WebKit::WebUserContentControllerProxy::removeAllUserScripts):
(WebKit::WebUserContentControllerProxy::addUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeAllUserStyleSheets):

  • UIProcess/UserContent/WebUserContentControllerProxy.h:

Refactor to share the code which decides whether to send AddUserContentWorlds/RemoveUserContentWorlds
messages.

  • WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::WebUserContentController::addUserContentWorlds):
(WebKit::WebUserContentController::removeUserContentWorlds):
(WebKit::WebUserContentController::addUserScripts):
(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeAllUserScripts):
(WebKit::WebUserContentController::addUserStyleSheets):
(WebKit::WebUserContentController::removeUserStyleSheet):
(WebKit::WebUserContentController::removeAllUserStyleSheets):

  • WebProcess/UserContent/WebUserContentController.h:
  • WebProcess/UserContent/WebUserContentController.messages.in:

Add support for binding stylesheets to worlds and allow removing all the scripts/stylesheets from a
set of worlds at once by passing Vectors of world identifiers in the remove messages.

Tools:
Bind _WKUserStyleSheets to WKUserContentWorlds to allow for grouping of user content by associating to a world
https://bugs.webkit.org/show_bug.cgi?id=154798

Reviewed by Dan Bernstein.

  • TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:

Add tests for removing _WKUserStyleSheets and WKUserScripts

1:00 PM Changeset in webkit [197301] by timothy_horton@apple.com
  • 5 edits in trunk

Switch to application/vnd.apple.folder for <attachment> folder special-case
https://bugs.webkit.org/show_bug.cgi?id=154786
<rdar://problem/24416632>

Reviewed by Anders Carlsson.

Source/WebCore:

No new tests, adjusted an existing test to cover this.

  • rendering/RenderThemeMac.mm:

(WebCore::iconForAttachment):
Add a second folder MIME type.

LayoutTests:

  • fast/attachment/attachment-folder-icon-expected.html:
  • fast/attachment/attachment-folder-icon.html:
12:42 PM Changeset in webkit [197300] by timothy_horton@apple.com
  • 3 edits
    2 adds in trunk

Variables can resolve to the wrong value when elements differ in nothing but inherited variable value
https://bugs.webkit.org/show_bug.cgi?id=154785

Reviewed by Antti Koivisto.

Source/WebCore:

Test: fast/css/variables/avoid-matched-property-cache.html

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::MatchResult::addMatchedProperties):
Disable the matched property cache when a value is variable-dependent, because
they can resolve to inherited values, and the matched property cache could
end up copying the wrong value from another similarly-styled element.

LayoutTests:

  • fast/css/variables/avoid-matched-property-cache-expected.html: Added.
  • fast/css/variables/avoid-matched-property-cache.html: Added.

Add a test. The non-standard element is necessary because the resolved property
cache is already disabled when using the "simple" default style sheet, and
it seems better to use a totally non-standard element than one that might
end up in the "simple" default style sheet in the future and would silently
invalidate the test.

12:34 PM Changeset in webkit [197299] by fpizlo@apple.com
  • 10 edits in trunk/Source/JavaScriptCore

FTL should lower its abstract heaps to B3 heap ranges
https://bugs.webkit.org/show_bug.cgi?id=154782

Reviewed by Saam Barati.

The FTL can describe the abstract heaps (points-to sets) that a memory operation will
affect. The abstract heaps are arranged as a hierarchy. We used to transform this into
TBAA hierarchies in LLVM, but we never got around to wiring this up to B3's equivalent
notion - the HeapRange. That's what this patch fixes.

B3 has a minimalistic alias analysis. It represents abstract heaps using unsigned 32-bit
integers. There are 1<<32 abstract heaps. The B3 client can describe what an operation
affects by specifying a heap range: a begin...end pair that says that the operation
affects all abstract heaps H such that begin <= H < end.

This peculiar scheme was a deliberate attempt to distill what the abstract heap
hierarchy is all about. We can assign begin...end numbers to abstract heaps so that:

  • A heap's end is greater than its begin.
  • A heap's begin is greater than or equal to its parent's begin.
  • A heap's end is less than or equal to its parent's end.

This is easy to do using a recursive traversal of the abstract heap hierarchy. I almost
went for the iterative traversal, which is a splendid algorithm, but it's totally
unnecessary here since we tightly control the height of the heap hierarchy.

Because abstract heaps are produced on-the-fly by FTL lowering, due to the fact that we
generate new ones for field names and constant indices we encounter, we can't actually
decorate the B3 instructions we create in lowering until all lowering is done. Adding a
new abstract heap to the hierarchy after ranges were already computed would require
updating the ranges of any heaps "to the right" of that heap in the hierarchy. This
patch solves that problem by recording the associations between abstract heaps and their
intended roles in the generated IR, and then decorating all of the relevant B3 values
after we compute the ranges of the hierarchy after lowering.

This is perf-neutral. I was hoping for a small speed-up, but I could not detect a
speed-up on any benchmark. That's not too surprising. We already have very precise CSE
in the DFG, so there aren't many opportunities left for the B3 CSE and it may have
already been getting the big ones even without alias analysis.

Even without a speed-up, this patch is valuable because it makes it easier to implement
other optimizations, like store elimination.

  • b3/B3HeapRange.h:

(JSC::B3::HeapRange::HeapRange):

  • ftl/FTLAbstractHeap.cpp:

(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::changeParent):
(JSC::FTL::AbstractHeap::compute):
(JSC::FTL::AbstractHeap::shallowDump):
(JSC::FTL::AbstractHeap::dump):
(JSC::FTL::AbstractHeap::deepDump):
(JSC::FTL::AbstractHeap::badRangeError):
(JSC::FTL::IndexedAbstractHeap::IndexedAbstractHeap):
(JSC::FTL::IndexedAbstractHeap::baseIndex):
(JSC::FTL::IndexedAbstractHeap::atSlow):
(JSC::FTL::IndexedAbstractHeap::initialize):
(JSC::FTL::AbstractHeap::decorateInstruction): Deleted.
(JSC::FTL::AbstractField::dump): Deleted.

  • ftl/FTLAbstractHeap.h:

(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::isInitialized):
(JSC::FTL::AbstractHeap::initialize):
(JSC::FTL::AbstractHeap::parent):
(JSC::FTL::AbstractHeap::heapName):
(JSC::FTL::AbstractHeap::range):
(JSC::FTL::AbstractHeap::offset):
(JSC::FTL::IndexedAbstractHeap::atAnyIndex):
(JSC::FTL::IndexedAbstractHeap::at):
(JSC::FTL::IndexedAbstractHeap::operator[]):
(JSC::FTL::IndexedAbstractHeap::returnInitialized):
(JSC::FTL::IndexedAbstractHeap::WithoutZeroOrOneHashTraits::constructDeletedValue):
(JSC::FTL::IndexedAbstractHeap::WithoutZeroOrOneHashTraits::isDeletedValue):
(JSC::FTL::AbstractHeap::changeParent): Deleted.
(JSC::FTL::AbstractField::AbstractField): Deleted.
(JSC::FTL::AbstractField::initialize): Deleted.
(JSC::FTL::AbstractField::offset): Deleted.

  • ftl/FTLAbstractHeapRepository.cpp:

(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::~AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::decorateMemory):
(JSC::FTL::AbstractHeapRepository::decorateCCallRead):
(JSC::FTL::AbstractHeapRepository::decorateCCallWrite):
(JSC::FTL::AbstractHeapRepository::decoratePatchpointRead):
(JSC::FTL::AbstractHeapRepository::decoratePatchpointWrite):
(JSC::FTL::AbstractHeapRepository::computeRangesAndDecorateInstructions):

  • ftl/FTLAbstractHeapRepository.h:

(JSC::FTL::AbstractHeapRepository::forArrayType):
(JSC::FTL::AbstractHeapRepository::HeapForValue::HeapForValue):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::lower):

  • ftl/FTLOutput.cpp:

(JSC::FTL::Output::load):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::load16SignExt32):
(JSC::FTL::Output::load16ZeroExt32):
(JSC::FTL::Output::store):
(JSC::FTL::Output::store32As8):
(JSC::FTL::Output::store32As16):
(JSC::FTL::Output::baseIndex):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::address):
(JSC::FTL::Output::absolute):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::load16SignExt32):
(JSC::FTL::Output::load16ZeroExt32):
(JSC::FTL::Output::load32):
(JSC::FTL::Output::load64):
(JSC::FTL::Output::loadPtr):
(JSC::FTL::Output::loadDouble):
(JSC::FTL::Output::store32):
(JSC::FTL::Output::store64):
(JSC::FTL::Output::storePtr):
(JSC::FTL::Output::storeDouble):
(JSC::FTL::Output::ascribeRange):
(JSC::FTL::Output::nonNegative32):
(JSC::FTL::Output::load32NonNegative):
(JSC::FTL::Output::equal):
(JSC::FTL::Output::notEqual):

  • ftl/FTLTypedPointer.h:

(JSC::FTL::TypedPointer::operator!):
(JSC::FTL::TypedPointer::heap):
(JSC::FTL::TypedPointer::value):

12:12 PM Changeset in webkit [197298] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

SVGToOTFFontConversion.cpp does not compile with libstdc++ 4.8
https://bugs.webkit.org/show_bug.cgi?id=154794

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-28
Reviewed by Michael Catanzaro.

No new tests needed.

  • svg/SVGToOTFFontConversion.cpp:

(WebCore::SVGToOTFFontConverter::appendLigatureSubtable): Added const
qualifiers.

12:11 PM Changeset in webkit [197297] by commit-queue@webkit.org
  • 2 edits in trunk

[cmake] Allow using FindGLIB in case glib is optional dependency.
https://bugs.webkit.org/show_bug.cgi?id=154796

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-28
Reviewed by Michael Catanzaro.

FindGLIB caused internal CMake error in case GLIBCONFIG_INCLUDE_DIR is
not defined.

  • Source/cmake/FindGLIB.cmake:
11:14 AM Changeset in webkit [197296] by gskachkov@gmail.com
  • 18 edits
    10 adds in trunk

[ES6] Arrow function syntax. Emit loading&putting this/super only if they are used in arrow function. https://bugs.webkit.org/show_bug.cgi?id=153981

Small improvements

10:40 AM Changeset in webkit [197295] by sbarati@apple.com
  • 7 edits in trunk/Source/JavaScriptCore

ProxyObject.GetOwnProperty? is partially broken because it doesn't propagate information back to the slot
https://bugs.webkit.org/show_bug.cgi?id=154768

Reviewed by Ryosuke Niwa.

This fixes a big bug with ProxyObject.GetOwnProperty?:
http://www.ecma-international.org/ecma-262/6.0/index.html#sec-proxy-object-internal-methods-and-internal-slots-getownproperty-p
We weren't correctly propagating the result of this operation to the
out PropertySlot& parameter. This patch fixes that and adds tests.

  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorGetOwnPropertyDescriptor):
I added a missing exception check after object allocation
because I saw that it was missing while reading the code.

  • runtime/PropertyDescriptor.cpp:

(JSC::PropertyDescriptor::setUndefined):
(JSC::PropertyDescriptor::slowGetterSetter):
(JSC::PropertyDescriptor::getter):

  • runtime/PropertyDescriptor.h:

(JSC::PropertyDescriptor::attributes):
(JSC::PropertyDescriptor::value):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::performInternalMethodGetOwnProperty):

  • tests/es6.yaml:
  • tests/stress/proxy-get-own-property.js:

(let.handler.getOwnPropertyDescriptor):
(set get let.handler.return):
(set get let.handler.getOwnPropertyDescriptor):
(set get let):
(set get let.a):
(let.b):
(let.setter):
(let.getter):

6:57 AM Changeset in webkit [197294] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r179776 - ASSERT repaintContainer->hasLayer() in WebCore::RenderObject::repaintUsingContainer
https://bugs.webkit.org/show_bug.cgi?id=140750

Reviewed by Simon Fraser.

There's a short period of time when RenderObject::layer() still returns a valid pointer
even though we already cleared the hasLayer() flag.
Do not use the layer as repaint container in such cases.

Source/WebCore:

Test: compositing/repaint-container-assertion-when-toggling-compositing.html

  • rendering/RenderObject.cpp:

(WebCore::RenderObject::enclosingLayer):

LayoutTests:

  • compositing/repaint-container-assertion-when-toggling-compositing-expected.txt: Added.
  • compositing/repaint-container-assertion-when-toggling-compositing.html: Added.
6:56 AM Changeset in webkit [197293] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r178363 - Element::normalizeAttributes() needs to handle arbitrary JS executing between loop iterations.
<https://webkit.org/b/140379>
<rdar://problem/19446901>

Reviewed by Benjamin Poulain.

Source/WebCore:

Since DOM mutation events may arise below the call to Node::normalize(),
have the loop in Element::normalizeAttributes() make a copy of the Attr nodes
beforehand, to guard against mutations.

Based on a patch by Chris "Chris Dumez" Dumez.

Test: fast/dom/Element/normalize-crash2.html

  • dom/Element.cpp:

(WebCore::Element::normalizeAttributes):

LayoutTests:

  • fast/dom/Element/normalize-crash2-expected.txt: Added.
  • fast/dom/Element/normalize-crash2.html: Added.
6:46 AM Changeset in webkit [197292] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/JavaScriptCore

Merge r178311 - Out of bounds read in IdentifierArena::makeIdentifier
https://bugs.webkit.org/show_bug.cgi?id=140376

Patch by Alexey Proskuryakov.

Reviewed and ChangeLogged by Geoffrey Garen.

No test, since this is a small past-the-end read, which is very
difficult to turn into a reproducible failing test -- and existing tests
crash reliably using ASan.

  • parser/ParserArena.h:

(JSC::IdentifierArena::makeIdentifier):
(JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
zero-length string input, like we do in the literal parser, since it is
not valid to dereference characters in a zero-length string.

A zero-length string is allowed in JavaScript -- for example, "".

6:34 AM Changeset in webkit [197291] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r179750 - REGRESSION(r179706): Caused memory corruption on some tests (Requested by _ap_ on #webkit).
https://bugs.webkit.org/show_bug.cgi?id=141324

Reviewed by Alexey Proskuryakov.

No new tests. This is caught by existing tests under ASAN, and I don't know how to reproduce
it without ASAN.

  • rendering/RenderLineBoxList.cpp:

(WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): Give up
and just always invalidate the next line. It's too hard to come up
with the condition that catches all needed cases, doesn't itself
cause a crash, and isn't overzealous. And we do this for the
previous line anyway. Also clean up the code a bit since it
confusingly reuses a variable, and declares it uninitialized, for
no good reason.

6:34 AM Changeset in webkit [197290] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r179706 - Crash due to failing to dirty a removed text node's line box
https://bugs.webkit.org/show_bug.cgi?id=136544

Reviewed by David Hyatt.
Source/WebCore:

Test: fast/text/remove-text-node-linebox-not-dirty-crash.html

  • rendering/RenderLineBoxList.cpp:

(WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): Make the check for dirtying the next
line box a bit more inclusive to avoid a case of a line box for a destroyed render object not
being dirtied. In particular, when the text node's parent has no line boxes but contains BRs.

LayoutTests:

  • fast/text/remove-text-node-linebox-not-dirty-crash-expected.txt: Added.
  • fast/text/remove-text-node-linebox-not-dirty-crash.html: Added.
6:23 AM Changeset in webkit [197289] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.4

Merge r180128 - Crash when accessing an item in SVGLengthList and then replacing it with a previous item in the list.
https://bugs.webkit.org/show_bug.cgi?id=141552.

Reviewed by Darin Adler.

Source/WebCore:

Tests: LayoutTests/svg/dom/SVGLengthList-basics.xhtml: This test is modified to
include a new test case.

  • svg/properties/SVGListPropertyTearOff.h: Commit the removal of the replacing item

before trying to detach the wrapper of the item which going to be replaced.

LayoutTests:

  • svg/dom/SVGLengthList-basics-expected.txt:
  • svg/dom/SVGLengthList-basics.xhtml: Add a new test case to this test. Have a

reference to an SVGLength in an SVGLengthList and then replace this SVGLength
with another one which comes before it in the SVGLengthList.

6:01 AM Changeset in webkit [197288] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.4

Merge r182284 - Clean up access checks in JSHistoryCustom.cpp
https://bugs.webkit.org/show_bug.cgi?id=143227

Reviewed by Sam Weinig.

Source/WebCore:

  • bindings/js/JSHistoryCustom.cpp:

(WebCore::JSHistory::putDelegate):
(WebCore::JSHistory::deleteProperty):
(WebCore::JSHistory::deletePropertyByIndex):
(WebCore::JSHistory::getOwnPropertyNames):
(WebCore::JSHistory::pushState):
(WebCore::JSHistory::replaceState):

LayoutTests:

  • http/tests/security/cross-frame-access-call-expected.txt:
  • http/tests/security/cross-frame-access-call.html:
6:00 AM Changeset in webkit [197287] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r173046 - Scrollbar corner can be drawn outside containing frame
https://bugs.webkit.org/show_bug.cgi?id=133131
<rdar://problem/16382769>

Reviewed by Simon Fraser.

Source/WebCore:

Merged from Blink (patch by Levi Weintraub):
<https://src.chromium.org/viewvc/blink?revision=170625&view=revision>

Fixes an issue where the scroll corner may be painted outside the rectangle of
its associated frame by setting a clip rectangle before painting the scroll bar(s)
and scroll corner.

Test: scrollbars/custom-scrollbars-paint-outside-iframe.html

  • platform/ScrollView.cpp:

(WebCore::ScrollView::paint):

LayoutTests:

Add DRT test that was derived from the test included in
<https://src.chromium.org/viewvc/blink?revision=170625&view=revision>.

  • scrollbars/custom-scrollbars-paint-outside-iframe-expected.html: Added.
  • scrollbars/custom-scrollbars-paint-outside-iframe.html: Added.
5:50 AM Changeset in webkit [197286] by Carlos Garcia Campos
  • 5 edits
    12 adds in releases/WebKitGTK/webkit-2.4

Merge r186663 - Fetching Content Security Policy report URL should respect same origin policy
https://bugs.webkit.org/show_bug.cgi?id=146754
<rdar://problem/18860259>

Reviewed by Brady Eidson.

Inspired by Blink r149791 (by Mike West <mkwst@chromium.org>):
<https://src.chromium.org/viewvc/blink?revision=149791&view=revision>

Source/WebCore:

As per <http://www.w3.org/TR/2015/CR-CSP2-20150219/#send-violation-reports>, fetching the
Content Security Policy report URL should include cookies if and only if the origin of
the protected resource is equal to the origin of the report URL.

Tests: http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.html

http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.html
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.html
http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.html
http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.html
http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.html

  • loader/PingLoader.cpp:

(WebCore::PingLoader::sendViolationReport):

LayoutTests:

Added additional tests for private browsing mode.

  • http/tests/cookies/resources/setCookies.cgi:
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.html: Added.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.html: Added.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.html: Added.
  • http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.html: Added.
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.html: Added.
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.html: Added.
  • http/tests/security/contentSecurityPolicy/resources/save-report.php:
  • platform/wk2/TestExpectations: Skip private browsing mode tests in WebKit2 until we fix <https://bugs.webkit.org/show_bug.cgi?id=115274>.
5:44 AM Changeset in webkit [197285] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r186666 - Plugin create can end up destroying its renderer.
https://bugs.webkit.org/show_bug.cgi?id=146824
rdar://problem/18921429

Reviewed by Andreas Kling.

Plugins can run arbitrary code during initialization. If the plugin
happens to destroy the associated node, its renderer becomes invalid.
This patch checks whether the renderer survived the createPlugin() call.
(This WeakPtr pattern is also used in RenderWidget to avoid dangling pointers.)

Speculative fix. Not reproducible.

  • loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::loadPlugin):

5:42 AM Changeset in webkit [197284] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r188014 - Crash when removing children of a MathMLSelectElement
https://bugs.webkit.org/show_bug.cgi?id=147704
<rdar://problem/21940321>

Reviewed by Ryosuke Niwa.

Source/WebCore:

When MathMLSelectElement::childrenChanged() is called after its
children have been removed, MathMLSelectElement calls
updateSelectedChild() which accesses m_selectedChild. However,
in this case, m_selectedChild is the previously selected child
and it may be destroyed as this point if it was removed. To avoid
this problem, MathMLSelectElement now keep a strong ref to the
currently selected element.

Test: mathml/maction-removeChild.html

  • mathml/MathMLSelectElement.h:

LayoutTests:

Add layout test that reproduces the crash under guardmalloc.

  • mathml/maction-removeChild-expected.txt: Added.
  • mathml/maction-removeChild.html: Added.
5:29 AM Changeset in webkit [197283] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r184965 - Crash under ICU with ASAN during editing/selection/move-by-word-visually-crash-test-5.html
https://bugs.webkit.org/show_bug.cgi?id=145429
<rdar://problem/20992218>

Reviewed by Alexey Proskuryakov.

WebKit uses some strings which contain the lower 8-bits of UTF-16 (thereby saving space). However,
ICU doesn't understand this encoding. When we want to use ICU functions with strings in this encoding,
we create a UTextProvider which converts our encoded strings to UTF-16 for ICU, one chunk at a time.
This object contains a vtable which we populate to perform the conversion.

The WebKit function which actually returns the UTF-16 chunks has two relevant arguments: an index into
the encoded string which ICU is requesting, and a direction from that index which ICU is interested
in. This function populates a "chunk" which is characterized by a pointer to a buffer, the length of
the populated data in the buffer, and an offset into the chunk which represents the index that the
requested character was put into.

When ICU requests data going backward, we fill in the chunk accordingly, with the requested character
all the way at the end. We then set the offset equal to the length of the buffer. However, this length
value is stale from the previous time the function ran. Therefore, ICU was reading the wrong index in
the chunk when expecting the requested character.

Covered by editing/selection/move-by-word-visually-crash-test-5.html.

  • platform/text/icu/UTextProviderLatin1.cpp:

(WebCore::uTextLatin1Access):

5:27 AM Changeset in webkit [197282] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r185003 - WebSQL default functions can bypass authorizer.
<rdar://problem/21048994> and https://bugs.webkit.org/show_bug.cgi?id=145463

Reviewed by Sam Weinig and Alexey Proskuryakov.

No new tests yet.

  • platform/sql/SQLiteDatabase.cpp:

(WebCore::unauthorizedSQLFunction): Function to install into SQLite to override some built-in functions.
(WebCore::SQLiteDatabase::open):
(WebCore::SQLiteDatabase::overrideUnauthorizedFunctions): Install function overrides for functions that

take arbitrary input that are also meant to be disabled by virtue of them not being whitelisted.

  • platform/sql/SQLiteDatabase.h:

Review feedback followup for r185003.
https://bugs.webkit.org/show_bug.cgi?id=145463

Reviewed by Darin Adler.

  • platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::overrideUnauthorizedFunctions): static const one thing, c++-style cast another.

5:23 AM Changeset in webkit [197281] by Carlos Garcia Campos
  • 6 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r185392 - feComposite filter does not clip the paint rect to its effect rect when the operator is 'in' or 'atop'
https://bugs.webkit.org/show_bug.cgi?id=137856

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-06-09
Reviewed by Darin Adler.

Source/WebCore:

There was bug in calculating the absolutePaintRect of the feComposite filter
when the operator is equal to 'in' or 'atop'. The absolutePaintRect was set
to the absolutePaintRect of the background FilterEffect which is correct.
What was missing is clipping this rectangle to the maxEffectRect of the
filter which we do for other operators.

Tests: svg/filters/feComposite-background-rect-control-operators.svg

  • platform/graphics/IntRect.h:

(WebCore::operator-=):
(WebCore::operator-): Add new operators to IntRect.

  • platform/graphics/filters/FEComposite.cpp:

(WebCore::FEComposite::determineAbsolutePaintRect): Make sure the filter
absolutePaintRect is clipped to maxEffectRect for all operators.

(WebCore::FEComposite::platformApplySoftware): Code clean-up.

  • platform/graphics/filters/FilterEffect.cpp:

(WebCore::FilterEffect::determineAbsolutePaintRect): Move the clipping
part to a separate function.

(WebCore::FilterEffect::clipAbsolutePaintRect): Clip the absolutePaintRect
to the maxEffectRect of the filter.

  • platform/graphics/filters/FilterEffect.h:

LayoutTests:

  • svg/filters/feComposite-background-rect-control-operators-expected.svg: Added.
  • svg/filters/feComposite-background-rect-control-operators.svg: Added.

Ensure the painting rect of the feComposite filter with operator 'in' or
'atop' is clipped to its bounding rectangle

4:47 AM Changeset in webkit [197280] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r185572 - RootInlineBox::m_lineBreakObj becomes invalid when a child renderer is removed and the line does not get marked dirty.
https://bugs.webkit.org/show_bug.cgi?id=145988
rdar://problem/20959137

Reviewed by David Hyatt.

This patch ensures that we find the right first inline box so that we can dirty the
the appropriate line boxes.
With marking the right line boxes dirty, now we can update RootInlineBox::m_lineBreakObj at the next layout.

Source/WebCore:

Test: fast/inline/crash-when-child-renderer-is-removed-and-line-stays-clean.html

  • rendering/RenderInline.cpp:

(WebCore::RenderInline::culledInlineFirstLineBox):
(WebCore::RenderInline::culledInlineLastLineBox):

  • rendering/RootInlineBox.cpp:

(WebCore::RootInlineBox::setLineBreakInfo): Deleted. Remove misleading assert and comment.

LayoutTests:

  • fast/inline/crash-when-child-renderer-is-removed-and-line-stays-clean-expected.txt: Added.
  • fast/inline/crash-when-child-renderer-is-removed-and-line-stays-clean.html: Added.
4:34 AM Changeset in webkit [197279] by Carlos Garcia Campos
  • 8 edits
    8 adds in releases/WebKitGTK/webkit-2.4

Merge r185769 - Various assertion failures occur when executing script in the midst of DOM insertion
https://bugs.webkit.org/show_bug.cgi?id=132482

Reviewed by Darin Adler.

Source/WebCore:

Prior to this change, when an element containing a <script> child was inserted into a document, the script was
executed in ScriptElement::insertedInto(). That script can access nodes that follow it in the newly-inserted
hierarchy but are not yet fully inserted, leading to at least the following problems:

  • The script could remove a node that is not yet marked as in the document.
  • The script could remove a named <map> that has yet to be added to TreeScope::m_imageMapsByName.
  • The script could remove a form control that has yet to be added to FormController::m_formElementsWithState.

These scenarios all result in assertion failures. This change ensures that each node in the newly-inserted
hierarchy is fully inserted before executing any scripts.

Tests: fast/dom/element-removed-while-inserting-parent-crash.html

fast/dom/named-map-removed-while-inserting-parent-crash.html
fast/forms/form-control-removed-while-inserting-parent-crash.html
svg/dom/element-removed-while-inserting-parent-crash.html

  • dom/ScriptElement.cpp:

(WebCore::ScriptElement::shouldNotifySubtreeInsertions): Renamed from insertedInto().
Returned true in the case where insertedInto() would've called prepareScript().
(WebCore::ScriptElement::didNotifySubtreeInsertions): Called prepareScript().
(WebCore::ScriptElement::insertedInto): Renamed to shouldNotifySubtreeInsertions().

  • dom/ScriptElement.h:
  • html/HTMLScriptElement.cpp:

(WebCore::HTMLScriptElement::insertedInto): If shouldNotifySubtreeInsertions() is true, returned InsertionShouldCallDidNotifySubtreeInsertions.
Otherwise, returned InsertionDone.
(WebCore::HTMLScriptElement::didNotifySubtreeInsertions): Called ScriptElement::didNotifySubtreeInsertions().

  • html/HTMLScriptElement.h:
  • svg/SVGScriptElement.cpp:

(WebCore::SVGScriptElement::insertedInto): Did the same as HTMLScriptElement::insertedInto().
(WebCore::SVGScriptElement::didNotifySubtreeInsertions): Called ScriptElement::didNotifySubtreeInsertions().

  • svg/SVGScriptElement.h:

LayoutTests:

Wrote named-map-removed-while-inserting-parent-crash.html by reducing the test case attached to bug 132482.
The remaining tests were taken from blink r132482.

  • fast/dom/element-removed-while-inserting-parent-crash-expected.txt: Added.
  • fast/dom/element-removed-while-inserting-parent-crash.html: Added.
  • fast/dom/named-map-removed-while-inserting-parent-crash-expected.txt: Added.
  • fast/dom/named-map-removed-while-inserting-parent-crash.html: Added.
  • fast/forms/form-control-removed-while-inserting-parent-crash-expected.txt: Added.
  • fast/forms/form-control-removed-while-inserting-parent-crash.html: Added.
  • svg/dom/element-removed-while-inserting-parent-crash-expected.txt: Added.
  • svg/dom/element-removed-while-inserting-parent-crash.html: Added.
3:55 AM Changeset in webkit [197278] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r182918 - Media element can manipulate DOM during Document destruction.
rdar://problem/20553898 and https://bugs.webkit.org/show_bug.cgi?id=143780

Patch by Brady Eidson <beidson@apple.com> on 2015-04-16
Reviewed by Jer Noble.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::configureMediaControls): Bail if the element has no active document.

3:48 AM Changeset in webkit [197277] by Carlos Garcia Campos
  • 3 edits
    3 adds in releases/WebKitGTK/webkit-2.4

Merge r183275 - Made Object.prototype.proto native getter and setter check that this object not null or undefined
https://bugs.webkit.org/show_bug.cgi?id=141865
rdar://problem/19927273

Reviewed by Filip Pizlo.

  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):

LayoutTests:
Added tests to ensure that Object.prototype.proto native getter and setter do not coerce undefined to this
https://bugs.webkit.org/show_bug.cgi?id=141865
rdar://problem/19927273

Reviewed by Filip Pizlo.

  • js/script-tests/sloppy-getter-setter-global-object.js: Added.
  • js/sloppy-getter-setter-global-object-expected.txt: Added.
  • js/sloppy-getter-setter-global-object.html: Added.
3:45 AM Changeset in webkit [197276] by Carlos Garcia Campos
  • 5 edits
    9 adds in releases/WebKitGTK/webkit-2.4

Merge r183280,r183672 - Origin header is preserved on cross-origin redirects.
https://bugs.webkit.org/show_bug.cgi?id=144157.

Reviewed by Sam Weinig.

Source/WebCore:

Tests: http/tests/security/cors-post-redirect-301.html

http/tests/security/cors-post-redirect-302.html
http/tests/security/cors-post-redirect-307.html
http/tests/security/cors-post-redirect-308.html

  • platform/network/cf/ResourceHandleCFNet.cpp:

(WebCore::ResourceHandle::willSendRequest): Always clear any origin header for cross-origin redirects.

  • platform/network/mac/ResourceHandleMac.mm:

(WebCore::ResourceHandle::willSendRequest): Ditto.

LayoutTests:

  • http/tests/security/cors-post-redirect-301-expected.txt: Added.
  • http/tests/security/cors-post-redirect-301.html: Added.
  • http/tests/security/cors-post-redirect-302-expected.txt: Added.
  • http/tests/security/cors-post-redirect-302.html: Added.
  • http/tests/security/cors-post-redirect-307-expected.txt: Added.
  • http/tests/security/cors-post-redirect-307.html: Added.
  • http/tests/security/cors-post-redirect-308-expected.txt: Added.
  • http/tests/security/cors-post-redirect-308.html: Added.
  • http/tests/security/resources/cors-post-redirect-target.php: Added.

[GTK] New CORS tests from r183280 fail on WebKitGTK+
https://bugs.webkit.org/show_bug.cgi?id=144469

Reviewed by Sergio Villar Senin.

No new tests. This causes failing tests to pass.

  • platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::doRedirect): Clear the origin header on cross-origin redirects.

3:43 AM Changeset in webkit [197275] by Carlos Garcia Campos
  • 6 edits
    4 adds in releases/WebKitGTK/webkit-2.4

Merge r183436 - Form control may be associated with the wrong HTML Form element after form id change
https://bugs.webkit.org/show_bug.cgi?id=133456
<rdar://problem/17095055>

Reviewed by Andy Estes.

Source/WebCore:

Fixes an issue where a form control may be associated with the wrong HTML Form element
after the id of the HTML Form element associated with the form control is changed when
there is more than one HTML Form element with the same id in the document. Specifically,
a form control that has an HTML form attribute value X will always be associated with
some HTML Form element f where f.id = X regardless of whether f.id is subsequently
changed.

Tests: fast/forms/change-form-id-to-be-unique-then-submit-form.html

fast/forms/change-form-id-to-be-unique.html

  • dom/Element.cpp:

(WebCore::Element::attributeChanged): Notify observers when the id of an element changed.
(WebCore::Element::updateId): Added parameter NotifyObservers (defaults to NotifyObservers::Yes),
as to whether we should notify observers of the id change.
(WebCore::Element::updateIdForTreeScope): Ditto.
(WebCore::Element::willModifyAttribute): Do not notify observers of the id change immediately. As
indicated by the name of this method, we plan to modify the DOM attribute id of the element, but
we have not actually modified it when this method is called. Instead we will notify observers
in Element::attributeChanged(), which is called after the DOM attribute id is modified.
(WebCore::Element::cloneAttributesFromElement): Ditto.

  • dom/Element.h: Defined enum class NotifyObservers.
  • dom/TreeScope.cpp:

(WebCore::TreeScope::addElementById): Added boolean parameter notifyObservers (defaults to true)
as to whether we should dispatch a notification to all observers.
(WebCore::TreeScope::removeElementById): Ditto.

  • dom/TreeScope.h:

LayoutTests:

Add tests to ensure that we associate the correct HTML Form element with a
<select> after changing the id of its associated HTML form element.

  • fast/forms/change-form-id-to-be-unique-expected.txt: Added.
  • fast/forms/change-form-id-to-be-unique-then-submit-form-expected.txt: Added.
  • fast/forms/change-form-id-to-be-unique-then-submit-form.html: Added.
  • fast/forms/change-form-id-to-be-unique.html: Added.
3:42 AM Changeset in webkit [197274] by Carlos Garcia Campos
  • 13 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Element::attributeChanged shouldn't do any work when attribute value didn't change
https://bugs.webkit.org/show_bug.cgi?id=129467

Reviewed by Geoffrey Garen.

Exit early in childrenChanged when the attribute value didn't change.

  • dom/Attr.cpp:

(WebCore::Attr::setValue):
(WebCore::Attr::childrenChanged):

  • dom/Element.cpp:

(WebCore::Element::setAttributeInternal):
(WebCore::Element::attributeChanged):
(WebCore::Element::parserSetAttributes):
(WebCore::Element::removeAttributeInternal):
(WebCore::Element::didAddAttribute):
(WebCore::Element::didModifyAttribute):
(WebCore::Element::didRemoveAttribute):
(WebCore::Element::cloneAttributesFromElement):

  • dom/Element.h:
  • dom/StyledElement.cpp:

(WebCore::StyledElement::attributeChanged):

  • dom/StyledElement.h:
  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::updateType):

  • mathml/MathMLElement.cpp:

(WebCore::MathMLElement::attributeChanged):

  • mathml/MathMLElement.h:
  • mathml/MathMLSelectElement.cpp:

(WebCore::MathMLSelectElement::attributeChanged):

  • mathml/MathMLSelectElement.h:
  • svg/SVGElement.cpp:

(WebCore::SVGElement::attributeChanged):

  • svg/SVGElement.h:
3:01 AM Changeset in webkit [197273] by Carlos Garcia Campos
  • 5 edits
    3 adds in releases/WebKitGTK/webkit-2.4

Merge r183649 - Javascript using WebSQL can create their own WebKit info table.
<rdar://problem/20688792> and https://bugs.webkit.org/show_bug.cgi?id=144466

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/websql/alter-to-info-table.html

  • Modules/webdatabase/DatabaseBackendBase.cpp:

(WebCore::DatabaseBackendBase::databaseInfoTableName): Return the info table name.
(WebCore::fullyQualifiedInfoTableName): Append "main." to the info table name.
(WebCore::DatabaseBackendBase::DatabaseBackendBase): Use the fully qualified name.
(WebCore::DatabaseBackendBase::performOpenAndVerify): Ditto.
(WebCore::DatabaseBackendBase::getVersionFromDatabase): Ditto.
(WebCore::DatabaseBackendBase::setVersionInDatabase): Ditto.

LayoutTests:

  • storage/websql/alter-to-info-table-expected.txt: Added.
  • storage/websql/alter-to-info-table.html: Added.
  • storage/websql/alter-to-info-table.js: Added.

Build fix after r183646 for less enlightened platforms.

Unreviewed.

  • Modules/webdatabase/DatabaseBackendBase.cpp:

(WebCore::fullyQualifiedInfoTableName): Windows doesn’t have stpcpy :(

2:52 AM Changeset in webkit [197272] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r182067 - FEMorphology::platformApplyGeneric() should bail out if the radius is less than or equal to zero.
https://bugs.webkit.org/show_bug.cgi?id=142885.

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-03-27
Reviewed by Dean Jackson.

Source/WebCore:

FEMorphology class implementation code clean up.

Tests: svg/filters/feMorphology-radius-cases.svg

  • platform/graphics/filters/FEMorphology.cpp:

(WebCore::shouldSupersedeExtremum): Reuse code instead of repeating it and
use < and > instead of =< and >=.

(WebCore::pixelArrayIndex): Returns the array index of a pixel in an image
buffer, given: position(x, y), image width and the color channel.

(WebCore::columnExtremum): Returns the extremum of a column of pixels.

(WebCore::kernelExtremum): Returns the extremum of a filter kernel.

(WebCore::FEMorphology::platformApplyGeneric): Apply some code clean-up.
The kernel size should be equal to radius of the filter. The extra pixel
was causing the resulted image to be asymmetric in some cases.

(WebCore::FEMorphology::platformApplyDegenerate):
(WebCore::FEMorphology::platformApplySoftware): After applying scaling, we
still need to check the resulted radius is negative (overflow case) or less
than one (zero radius case) and treat these cases differently.

(WebCore::FEMorphology::morphologyOperator): Deleted.
(WebCore::FEMorphology::radiusX): Deleted.
(WebCore::FEMorphology::radiusY): Deleted.

  • platform/graphics/filters/FEMorphology.h:

(WebCore::FEMorphology::morphologyOperator):
(WebCore::FEMorphology::radiusX):
(WebCore::FEMorphology::radiusY):
Move a single line functions from the source file to the header file.

LayoutTests:

  • svg/filters/feMorphology-radius-cases-expected.svg: Added.
  • svg/filters/feMorphology-radius-cases.svg: Added.

Test different cases for radius of the feMorphology filter. There are three
cases for the radius:

  1. radius < 0: This is an error case, the source image should not be rendered.
  2. radius = 0: This case is treated as if the filter never exists.
  3. radius > 0: If the scaled radius is > 0, the filter is applied.
2:44 AM Changeset in webkit [197271] by Carlos Garcia Campos
  • 3 edits
    4 adds in releases/WebKitGTK/webkit-2.4

Merge r182750 - Canvas drawImage() has a security hole when the image isn't yet fully loaded.
https://bugs.webkit.org/show_bug.cgi?id=58681.

Reviewed by Darin Adler.

Source/WebCore:

There is a race condition which may happen if an image from a different
origin is drawn on a canvas before it finishes loading. The check to taint
the canvas comes before drawing it. This check returns false if the image
is not completely loaded because we check the URL of the resource response.
If after this check and before the drawing, the image finishes loading, the
canvas will not be tainted but the image will be drawn.

The fix is to move the check to taint the canvas after drawing the image.
The only problem with this solution is basically the opposite of this bug:
we will become stricter than before with images which are from a different
origin and before they finish loading. The image has not finished loading,
so we do not draw it. Before we check for tainting, the image finishes
loading. So we decide to taint the canvas even the image is not drawn.

But this should not be a security issue anymore. I personally do not know
if it is even a correctness issue or not.

Test: http/tests/canvas/canvas-tainted-after-draw-image.html

  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::drawImage):

LayoutTests:

This test confirms when we load an image from a different origin and try
drawing it on a canvas, the canvas is tainted if the image is completely
loaded and drawn. Otherwise the image is not drawn.

  • http/tests/canvas/canvas-tainted-after-draw-image-expected.txt: Added.
  • http/tests/canvas/canvas-tainted-after-draw-image.html: Added.
  • http/tests/canvas/resources: Added.
  • http/tests/canvas/resources/100x100-lime-rect.svg: Added.

Fix LayoutTests/http/tests/canvas/canvas-tainted-after-draw-image.html on all bots
following http://trac.webkit.org/changeset/182750.

Reviewed by Daniel Bates.

  • http/tests/canvas/canvas-tainted-after-draw-image-expected.txt:
  • http/tests/canvas/canvas-tainted-after-draw-image.html:

Set window.jsTestIsAsync true and call finishJSTest() to make the test
asynchronous, so the "TEST COMPLETE" message will be output after all the
test messages. Also delete the synchronous tests for data url image and
same-domain image since they can't be reliably tested.

2:37 AM Changeset in webkit [197270] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r183398 - Crashes under IDBDatabase::closeConnection
https://bugs.webkit.org/show_bug.cgi?id=141745

Reviewed by Alexey Proskuryakov.

  • Modules/indexeddb/IDBDatabase.cpp:

(WebCore::IDBDatabase::~IDBDatabase): Do the work of close/closeConnection without
actually calling those functions.
(WebCore::IDBDatabase::closeConnection): Protect the database so it's not destroyed
in the middle of this function's execution.

2:35 AM Changeset in webkit [197269] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.4/Source

Merge r180548 - EventHandler references deleted Scrollbar
https://bugs.webkit.org/show_bug.cgi?id=141931
<rdar://problem/19915210>

Reviewed by Tim Horton.

Tested by scrollbars/overflow-custom-scrollbar-crash.html

Update the EventHandler class to use a WeakPtr to reference the
last used Scrollbar, rather than retaining the Scrollbar and
artificially extending its life. This keeps the EventHandler
state in proper sync with the state of the render tree, and
avoids cases where we have destroyed a ScrollableArea (and
Scrollbar) but are still sending messages to a fake zombie
version of the element.

  • page/EventHandler.cpp:

(WebCore::EventHandler::clear):
(WebCore::EventHandler::handleMousePressEvent):
(WebCore::EventHandler::updateMouseEventTargetNode):
(WebCore::EventHandler::updateLastScrollbarUnderMouse):

  • page/EventHandler.h:
  • platform/Scrollbar.cpp:

(WebCore::Scrollbar::Scrollbar): Initialize WeakPtrFactory.

  • platform/Scrollbar.h:

(WebCore::Scrollbar::createWeakPtr): Added,

2:01 AM Changeset in webkit [197268] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r181565 - URLs visited during private browsing show up in WebpageIcons.db
rdar://problem/11254910 and https://bugs.webkit.org/show_bug.cgi?id=142733

Patch by Sam Weinig. Reviewed by Brady Eidson.

  • loader/icon/IconController.cpp:

(WebCore::IconController::startLoader): Bail early here if the page is using an ephemeral session.
(WebCore::IconController::continueLoadWithDecision): Instead of here.

1:51 AM Changeset in webkit [197267] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r182051 - Inline continuation code should not take anonymous containing wrapper granted.
https://bugs.webkit.org/show_bug.cgi?id=133312

Reviewed by Dave Hyatt.

It's wrong to assume that when RenderInline is part of an inline continuation, its containing block
is an anonymous wrapper and its sibling might be a block level renderer.
When the inline continuation is no longer needed, for example when the block level renderer that initiated the continuation
is detached from the render tree, the inline renderes still continue to form continuation.(however they no longer require
anonymous wrappers)

Source/WebCore:

Test: fast/inline/crash-when-position-property-is-changed-and-no-longer-in-continuation.html

  • rendering/RenderInline.cpp:

(WebCore::updateStyleOfAnonymousBlockContinuations):
(WebCore::RenderInline::styleDidChange):

LayoutTests:

  • fast/inline/crash-when-position-property-is-changed-and-no-longer-in-continuation-expected.txt: Added.
  • fast/inline/crash-when-position-property-is-changed-and-no-longer-in-continuation.html: Added.
1:37 AM Changeset in webkit [197266] by Carlos Garcia Campos
  • 4 edits
    4 adds in releases/WebKitGTK/webkit-2.4

Merge r177165 - InstancedArray crashes attempting to draw out of bounds
https://bugs.webkit.org/show_bug.cgi?id=139521
Source/WebCore:

Reviewed by Simon Fraser.

We were not doing index validation correctly for instancing.

Test: fast/canvas/webgl/angle-instanced-arrays-out-of-bounds.html

  • html/canvas/WebGLRenderingContext.cpp:

(WebCore::WebGLRenderingContext::validateVertexAttributes): We need to check
the number of instances drawn against the amount of instance data that has
been provided, taking into account the number of repeats (the divisor).
(WebCore::WebGLRenderingContext::drawArrays): Added some whitespace to make it more clear.
(WebCore::WebGLRenderingContext::validateDrawElements): This needs to take a primcount
parameter so that it can correctly validate the call (when used from drawElementsInstanced).
(WebCore::WebGLRenderingContext::drawElements): New signature to validate.
(WebCore::WebGLRenderingContext::drawArraysInstanced): Rearrange this a bit. The
primcount validation is already being done by the validateDrawArrays call. Also, there
was a bogus UNUSED_PARAM hanging around.
(WebCore::WebGLRenderingContext::drawElementsInstanced): Similar rearrangement. Use
the primcount parameter.

  • html/canvas/WebGLRenderingContext.h:

LayoutTests:

<rdar://problem/17540398>

Reviewed by Simon Fraser.

This is a copy of the official webgl/1.0.3 test.

  • platform/mac-mountainlion/fast/canvas/webgl/angle-instanced-arrays-out-of-bounds-expected.txt: Added. This extension is not available on Mountain Lion.
  • fast/canvas/webgl/angle-instanced-arrays-out-of-bounds-expected.txt: Added.
  • fast/canvas/webgl/angle-instanced-arrays-out-of-bounds.html: Added.
  • fast/canvas/webgl/resources/out-of-bounds-test.js: Added.

(OutOfBoundsTest):

12:01 AM Changeset in webkit [197265] by Nikita Vasilyev
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: DataGrid's resizers aren't horizontally centered
https://bugs.webkit.org/show_bug.cgi?id=154787
<rdar://problem/24876901>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/DataGrid.css:

(.data-grid .resizer):
Use CSS transforms as margin-left doesn't support sub-pixel values.

Feb 27, 2016:

7:33 PM Changeset in webkit [197264] by Sukolsak Sakshuwong
  • 1 edit
    1 delete in trunk/LayoutTests

Removing ios-simulator baseline for js/number-toLocaleString.html
https://bugs.webkit.org/show_bug.cgi?id=154524

Reviewed by Darin Adler.

The default locale issue has been fixed in r197261.
Infinity.toLocaleString() should return "∞" as expected.

  • platform/ios-simulator/js/number-toLocaleString-expected.txt: Removed.
4:50 PM Changeset in webkit [197263] by Chris Dumez
  • 10 edits in trunk

Prevent cross-origin access to Location.assign() / Location.reload()
https://bugs.webkit.org/show_bug.cgi?id=154779

Reviewed by Darin Adler.

Source/WebCore:

Prevent cross-origin access to Location.assign() / Location.reload()
to match the latest specification:

Firefox and Chrome already prevent this but WebKit allowed it.

No new tests, already covered by existing tests.

  • bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::getOwnPropertySlotDelegate):
(WebCore::JSLocation::putDelegate): Deleted.

LayoutTests:

Update existing layout tests now that we prevent cross-origin access to
Location.assign() / Location.reload().

  • http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt:
  • http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html:
  • http/tests/security/cross-frame-access-location-get-expected.txt:
  • http/tests/security/cross-frame-access-location-get-override-expected.txt:
  • http/tests/security/cross-frame-access-location-get-override.html:
  • http/tests/security/cross-frame-access-location-get.html:
  • http/tests/security/xss-DENIED-defineProperty-expected.txt:
4:40 PM Changeset in webkit [197262] by ap@apple.com
  • 2 edits in trunk/Tools

Silence leaks under TextCodecICU::registerCodecs
https://bugs.webkit.org/show_bug.cgi?id=154737

Reviewed by Darin Adler.

  • Scripts/webkitpy/port/leakdetector.py:

(LeakDetector._callstacks_to_exclude_from_leaks):

4:36 PM Changeset in webkit [197261] by commit-queue@webkit.org
  • 20 edits in trunk

Intl.Collator uses POSIX locale (detected by js/intl-collator.html on iOS Simulator)
https://bugs.webkit.org/show_bug.cgi?id=152448

Patch by Andy VanWagoner <thetalecrafter@gmail.com> on 2016-02-27
Reviewed by Darin Adler.

Source/JavaScriptCore:

Add defaultLanguage to the globalObjectMethodTable and use it for the
default locale in Intl object initializations. Fall back to ICU default
locale only if the defaultLanguage function is null, or returns an
empty string.

  • jsc.cpp:
  • runtime/IntlCollator.cpp:

(JSC::IntlCollator::initializeCollator):

  • runtime/IntlDateTimeFormat.cpp:

(JSC::IntlDateTimeFormat::initializeDateTimeFormat):

  • runtime/IntlNumberFormat.cpp:

(JSC::IntlNumberFormat::initializeNumberFormat):

  • runtime/IntlObject.cpp:

(JSC::defaultLocale):
(JSC::lookupMatcher):
(JSC::bestFitMatcher):
(JSC::resolveLocale):

  • runtime/IntlObject.h:
  • runtime/JSGlobalObject.cpp:
  • runtime/JSGlobalObject.h:
  • runtime/StringPrototype.cpp:

(JSC::toLocaleCase):

Source/WebCore:

Pass defaultLanguage from Language.h to the globalObjectMethodTable to
ensure Intl objects can be initialized with the correct default locale.

  • bindings/js/JSDOMWindowBase.cpp:
  • bindings/js/JSWorkerGlobalScopeBase.cpp:

LayoutTests:

Add tests for default locale in test runner to be en-US.

  • js/intl-collator-expected.txt:
  • js/intl-datetimeformat-expected.txt:
  • js/intl-numberformat-expected.txt:
  • js/script-tests/intl-collator.js:
  • js/script-tests/intl-datetimeformat.js:
  • js/script-tests/intl-numberformat.js:
4:35 PM Changeset in webkit [197260] by Chris Dumez
  • 9 edits in trunk

Align HTMLMarqueeElement.scrollAmount / scrollDelay with the specification
https://bugs.webkit.org/show_bug.cgi?id=154781

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/reflection-obsolete-expected.txt:

Source/WebCore:

Align HTMLMarqueeElement.scrollAmount / scrollDelay with the
specification:

In particular:

No new tests, already covered by existing tests.

  • html/HTMLMarqueeElement.cpp:

(WebCore::HTMLMarqueeElement::scrollAmount):
(WebCore::HTMLMarqueeElement::setScrollAmount):
(WebCore::HTMLMarqueeElement::scrollDelay):
(WebCore::HTMLMarqueeElement::setScrollDelay):
(WebCore::HTMLMarqueeElement::loop): Deleted.

  • html/HTMLMarqueeElement.h:
  • html/HTMLMarqueeElement.idl:

LayoutTests:

Update existing test to reflect the behavior changes.

  • fast/html/marquee-element-expected.txt:
  • fast/html/marquee-element.html:
1:05 PM Changeset in webkit [197259] by commit-queue@webkit.org
  • 24 edits in trunk/Source

Unreviewed, rolling out r197204, r197207, r197211, r197217,
r197218, and r197219.
https://bugs.webkit.org/show_bug.cgi?id=154780

Caused crashes in WebVideoFullscreenManagerProxy (Requested by
ap on #webkit).

Reverted changesets:

"Add support for playbackControlsManager"
https://bugs.webkit.org/show_bug.cgi?id=154742
http://trac.webkit.org/changeset/197204

"Attempted build fix."
http://trac.webkit.org/changeset/197207

"Attempted build fix."
http://trac.webkit.org/changeset/197211

"Attempted 32-bit build fix."
http://trac.webkit.org/changeset/197217

"Another 32-bit build fix."
http://trac.webkit.org/changeset/197218

"32-bit!!!"
http://trac.webkit.org/changeset/197219

12:20 PM Changeset in webkit [197258] by ap@apple.com
  • 2 edits in trunk/LayoutTests

Mark failing reftests as such, now that we detect reftest failures.

  • platform/ios-simulator/TestExpectations:
12:01 PM Changeset in webkit [197257] by ap@apple.com
  • 2 edits in trunk/LayoutTests

REGRESSION(r195795): [WK2] fast/text/crash-complex-text-surrogate.html is flakey
https://bugs.webkit.org/show_bug.cgi?id=154709

The test has been made made non-flaky, but it also needs new results.

  • platform/mac/fast/text/crash-complex-text-surrogate-expected.txt:
11:57 AM WebKitGTK/2.10.x edited by Michael Catanzaro
Propose r196467 as it could probably be used to workaround Red Hat #1311519 (diff)
11:28 AM Changeset in webkit [197256] by oliver@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

CLoop build fix.

10:30 AM Changeset in webkit [197255] by Chris Dumez
  • 2 edits in trunk/Source/WebCore

Optimize parseHTMLInteger()
https://bugs.webkit.org/show_bug.cgi?id=154772

Reviewed by Ryosuke Niwa.

Optimize parseHTMLInteger() a bit now that it is used a lot more and
that it has decent API test coverage. In particular, we now:

  • Avoid using a StringBuilder for the digits.
  • Get rid of a is8Bit() branch.
  • Only traverse the input string once.
  • html/parser/HTMLParserIdioms.cpp:

(WebCore::parseHTMLIntegerInternal):
(WebCore::parseHTMLInteger):
(WebCore::parseHTMLNonNegativeInteger): Deleted.

9:49 AM Changeset in webkit [197254] by akling@apple.com
  • 4 edits in trunk/Source/WebCore

[iOS] Discard decoded image data on top-level navigation.
<https://webkit.org/b/154776>

Reviewed by Anders Carlsson.

Add a mechanism that destroys decoded data for all CachedImages and invoke it
when performing a top-level navigation on iOS.

This substantially reduces the ImageIO contribution to our peak memory footprint.

It would be even better if we could mark these images volatile during the transition
but we currently don't have framework support for such machinations.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::commitProvisionalLoad):

  • loader/cache/MemoryCache.cpp:

(WebCore::MemoryCache::forEachResource):
(WebCore::MemoryCache::destroyDecodedDataForAllImages):

  • loader/cache/MemoryCache.h:
7:10 AM Changeset in webkit [197253] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r196364 - [GTK] Toggle buttons are blurry with GTK+ 3.19
https://bugs.webkit.org/show_bug.cgi?id=154007

Reviewed by Michael Catanzaro.

Use min-width/min-height style properties when GTK+ >= 3.19.7 to
get the size of toggle buttons.

  • rendering/RenderThemeGtk.cpp:

(WebCore::setToggleSize):
(WebCore::paintToggle):

7:09 AM Changeset in webkit [197252] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r194847 - [GTK] Cleanup RenderThemeGtk
https://bugs.webkit.org/show_bug.cgi?id=152888

Reviewed by Michael Catanzaro.

Use a common path for GTK+ 3.19 and previous versions, simplifying
the code and removing a lot of ifdefs.

  • createStyleContext() now receives a theme part enum value, and an optional parent GtkStyleContext. It encapsulates all the differences between GTK+ 3.19 and previous version leaving the rendering code common and free of ifdefs.
  • Stock icons support have been removed, simplifying the code that now always renders symbolic icons, updating the colors depending on the current state.
  • Media button and colors have been removed, because they are unused now that we render the media controls with CSS.
  • ComboBox separators support has also been removed. In GTK+ 3.19 combo boxes no longer have separators and most of the GTK+ themes don't use the either, so it's better to simple not render them anymore in WebKit either.
  • Code to paint caps lock indicator has been removed too, since caps lock indicator is now shadow dom and automatically rendered by WebCore.
  • rendering/RenderThemeGtk.cpp:

(WebCore::createStyleContext):
(WebCore::loadThemedIcon):
(WebCore::gtkIconStateFlags):
(WebCore::RenderThemeGtk::adjustRepaintRect):
(WebCore::setToggleSize):
(WebCore::paintToggle):
(WebCore::RenderThemeGtk::setCheckboxSize):
(WebCore::RenderThemeGtk::paintCheckbox):
(WebCore::RenderThemeGtk::setRadioSize):
(WebCore::RenderThemeGtk::paintRadio):
(WebCore::RenderThemeGtk::paintButton):
(WebCore::getComboBoxMetrics):
(WebCore::RenderThemeGtk::popupInternalPaddingLeft):
(WebCore::RenderThemeGtk::popupInternalPaddingRight):
(WebCore::RenderThemeGtk::popupInternalPaddingTop):
(WebCore::RenderThemeGtk::popupInternalPaddingBottom):
(WebCore::RenderThemeGtk::paintMenuList):
(WebCore::RenderThemeGtk::paintTextField):
(WebCore::adjustSearchFieldIconStyle):
(WebCore::RenderThemeGtk::adjustSearchFieldResultsDecorationPartStyle):
(WebCore::paintIcon):
(WebCore::paintEntryIcon):
(WebCore::RenderThemeGtk::paintSearchFieldResultsDecorationPart):
(WebCore::RenderThemeGtk::adjustSearchFieldCancelButtonStyle):
(WebCore::RenderThemeGtk::paintSearchFieldCancelButton):
(WebCore::RenderThemeGtk::shouldHaveCapsLockIndicator):
(WebCore::RenderThemeGtk::paintSliderTrack):
(WebCore::RenderThemeGtk::paintSliderThumb):
(WebCore::RenderThemeGtk::adjustSliderThumbSize):
(WebCore::RenderThemeGtk::paintProgressBar):
(WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
(WebCore::paintSpinArrowButton):
(WebCore::RenderThemeGtk::paintInnerSpinButton):
(WebCore::styleColor):
(WebCore::RenderThemeGtk::platformActiveSelectionBackgroundColor):
(WebCore::RenderThemeGtk::platformInactiveSelectionBackgroundColor):
(WebCore::RenderThemeGtk::platformActiveSelectionForegroundColor):
(WebCore::RenderThemeGtk::platformInactiveSelectionForegroundColor):
(WebCore::RenderThemeGtk::platformActiveListBoxSelectionBackgroundColor):
(WebCore::RenderThemeGtk::platformInactiveListBoxSelectionBackgroundColor):
(WebCore::RenderThemeGtk::platformActiveListBoxSelectionForegroundColor):
(WebCore::RenderThemeGtk::platformInactiveListBoxSelectionForegroundColor):
(WebCore::RenderThemeGtk::systemColor):
(WebCore::RenderThemeGtk::paintMediaButton):
(WebCore::RenderThemeGtk::paintMediaFullscreenButton):
(WebCore::RenderThemeGtk::paintMediaMuteButton):
(WebCore::RenderThemeGtk::paintMediaPlayButton):
(WebCore::RenderThemeGtk::paintMediaSeekBackButton):
(WebCore::RenderThemeGtk::paintMediaSeekForwardButton):
(WebCore::RenderThemeGtk::paintMediaToggleClosedCaptionsButton):

  • rendering/RenderThemeGtk.h:
7:09 AM Changeset in webkit [197251] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r194377 - [GTK] Everything broken in GTK+ 3.19
https://bugs.webkit.org/show_bug.cgi?id=150550

Reviewed by Carlos Garcia Campos.

Port RenderThemeGtk and ScrollbarThemeGtk to use CSS nodes. This makes it possible to render
stuff with modern GTK+.

No new tests. We already have tons of tests for this functionality, but we're running them
with GTK+ 3.16, so they cannot have detected this breakage. These fixes require unreleased
GTK+, and GTK+ rendering is currently in a state of flux; once things settle down, we can
consider upgrading the GTK+ used for our layout tests.

  • platform/gtk/GRefPtrGtk.cpp:

(WTF::refGPtr):
(WTF::derefGPtr):

  • platform/gtk/GRefPtrGtk.h:
  • platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::ScrollbarThemeGtk::themeChanged):
(WebCore::ScrollbarThemeGtk::updateThemeProperties):
(WebCore::orientationStyleClass):
(WebCore::applyScrollbarStyleContextClasses):
(WebCore::ScrollbarThemeGtk::paintTrackBackground):
(WebCore::ScrollbarThemeGtk::paintScrollbarBackground):
(WebCore::ScrollbarThemeGtk::paintThumb):
(WebCore::ScrollbarThemeGtk::paintButton):

  • rendering/RenderThemeGtk.cpp:

(WebCore::createStyleContext):
(WebCore::setToggleSize):
(WebCore::paintToggle):
(WebCore::RenderThemeGtk::paintButton):
(WebCore::getComboBoxMetrics):
(WebCore::RenderThemeGtk::paintMenuList):
(WebCore::RenderThemeGtk::paintTextField):
(WebCore::applySliderStyleContextClasses):
(WebCore::RenderThemeGtk::paintSliderTrack):
(WebCore::RenderThemeGtk::paintSliderThumb):
(WebCore::RenderThemeGtk::paintProgressBar):
(WebCore::paintSpinArrowButton):
(WebCore::styleColor):

7:09 AM Changeset in webkit [197250] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r173110, r193896 - [GTK] ScrollbarThemeGtk should not depend on RenderThemeGtk
https://bugs.webkit.org/show_bug.cgi?id=136338

Reviewed by Philippe Normand.

Remove the dependency by creating the GtkStyleContext for the
scrollbars in ScrollbarThemeGtk.

  • platform/gtk/RenderThemeGtk.cpp:

(WebCore::gtkStyleChangedCallback): Call ScrollbarThemeGtk::themeChanged().
(WebCore::getStyleContext): Remove the scrollbar style context support.

  • platform/gtk/RenderThemeGtk.h: Remove gtkScrollbarStyle().
  • platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::ScrollbarStyleContext::ScrollbarStyleContext): Helper
class to create the global GtkStyleContext for scrollbars.
(WebCore::ScrollbarStyleContext::~ScrollbarStyleContext):
(WebCore::ScrollbarStyleContext::context):
(WebCore::gtkScrollbarStyleContext):
(WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): Remove m_context initialization.
(WebCore::ScrollbarThemeGtk::themeChanged): Invalidate the
GtkStylecontext and call updateThemeProperties().
(WebCore::ScrollbarThemeGtk::updateThemeProperties): Use the
global style context.
(WebCore::ScrollbarThemeGtk::paintTrackBackground): Ditto.
(WebCore::ScrollbarThemeGtk::paintScrollbarBackground): Ditto.
(WebCore::ScrollbarThemeGtk::paintThumb): Ditto.
(WebCore::ScrollbarThemeGtk::paintButton): Ditto.

  • platform/gtk/ScrollbarThemeGtk.h:

[GTK] RenderThemeGtk::platformActiveSelectionBackgroundColor, et. al. should not clobber state of cached GtkStyleContexts
https://bugs.webkit.org/show_bug.cgi?id=151533

Reviewed by Carlos Garcia Campos.

Remove the style context cache to simplify the code, drastically reduce the number of
expensive save/restore operations performed on style contexts, and avoid unwanted
side-effects in RenderThemeGtk::styleColor. This is also a speculative fix for improper
button rendering with certain custom themes, and a simplification that will make it easier
to fix bug #150550.

This change does have performance implications, which I intend to check on the perf bot
after landing to ensure that removing the cache does not have a significant negative impact
on performance; I have no clue whether this will be a net performance win or loss. However,
this is a bit tricky, because the bot is running GTK+ 3.16, whereas I expect save/restore
might be much more expensive in GTK+ 3.20, and I do not want to make performance decisions
except based on the latest GTK+ due to large changes in the implementation of

7:08 AM Changeset in webkit [197249] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r192724 - [GTK] Off-by-one error in getStyleContext()
https://bugs.webkit.org/show_bug.cgi?id=151524

Reviewed by Carlos Garcia Campos.

GtkWidgetPath* path = gtk_widget_path_new();
gtk_widget_path_append_type(path, widgetType);
...
gtk_widget_path_iter_add_class(path, 0, GTK_STYLE_CLASS_BUTTON);
gtk_widget_path_iter_add_class(path, 1, "text-button");

Only one widget type was appended to the widget path, so the maximum valid index is 0. This
code means to add both style classes to the first widget type in the widget path, so the
second call should use index 0 rather than index 1.

This caused no bug in practice, because when the index is invalid,
gtk_widget_path_iter_add_class() automatically changes the index to the last valid position
in the widget path -- in this case, 0. This is routinely done with -1 as a convention for
specifying the last position in the widget path.

  • rendering/RenderThemeGtk.cpp:

(WebCore::getStyleContext):

7:08 AM Changeset in webkit [197248] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r192723 - [GTK] Warning spam from GtkStyleContext
https://bugs.webkit.org/show_bug.cgi?id=151520

Reviewed by Carlos Garcia Campos.

Audit every use of gtk_style_context_get_* to fix compatibility with GTK+ 3.19. Some of
these were already fine and are only changed for clarity.

Company: gtk_style_context_get() (and _get_padding/border/color()) should only ever be

called with the same state as gtk_style_context_get_state()

Company: usually that's a simple replacing of the old state (like in the trace you posted)
Company: sometimes it requires calling gtk_style_context_set_sate() with the right state

first

Company: and in very rare cases it needs a gtk_style_context_save() before the set_state(),

too

  • platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::adjustRectAccordingToMargin):

  • rendering/RenderThemeGtk.cpp:

(gtk_css_section_print):
(WebCore::getStyleContext):
(WebCore::RenderThemeGtk::initMediaColors):
(WebCore::renderButton):
(WebCore::getComboBoxMetrics):
(WebCore::RenderThemeGtk::paintMenuList):
(WebCore::RenderThemeGtk::paintTextField):
(WebCore::RenderThemeGtk::paintProgressBar):
(WebCore::spinButtonArrowSize):
(WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
(WebCore::styleColor):

7:02 AM Changeset in webkit [197247] by Carlos Garcia Campos
  • 3 edits
    5 adds in releases/WebKitGTK/webkit-2.4

Merge r190662 - [GTK] Progress bar is broken on recent GTK+
https://bugs.webkit.org/show_bug.cgi?id=149831

Reviewed by Carlos Garcia Campos.

Source/WebCore:

The gtk progress bar has been broken after bumping up to Gtk+-3.16. This is because
the way of rendering progress bar changed after gtk+-3.13.7. See more
https://mail.gnome.org/archives/commits-list/2014-August/msg03865.html
gtk_render_activity is no longer valid to paint a progress bar on a newer gtk+.
It should be done with gtk_render_background and gtk_render_frame.

Test: fast/dom/HTMLProgressElement/native-progress-bar.html

  • rendering/RenderThemeGtk.cpp:

(WebCore::RenderThemeGtk::paintProgressBar):

LayoutTests:

  • fast/dom/HTMLProgressElement/native-progress-bar.html: Added.
  • platform/gtk/fast/dom/HTMLProgressElement/native-progress-bar-expected.png: Added.
  • platform/gtk/fast/dom/HTMLProgressElement/native-progress-bar-expected.txt: Added.
  • platform/mac/fast/dom/HTMLProgressElement/native-progress-bar-expected.png: Added.
  • platform/mac/fast/dom/HTMLProgressElement/native-progress-bar-expected.txt: Added.

Feb 26, 2016:

11:45 PM Changeset in webkit [197246] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

Unreviewed. Fix GTK+ clean build.

Add missing header include.

  • WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:
11:44 PM Changeset in webkit [197245] by Nikita Vasilyev
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Increase clickable area of the console prompt
https://bugs.webkit.org/show_bug.cgi?id=154719
<rdar://problem/24854538>

Reviewed by Timothy Hatcher.

Clicking on the area around CodeMirror element now moves
focus to the console prompt.

  • UserInterface/Views/QuickConsole.js:

(WebInspector.QuickConsole.prototype._handleMouseDown):
Only capture mousedown events on .quick-console.
Don't capture clicks on CodeMirror.

  • UserInterface/Views/QuickConsole.css:

(.quick-console > .console-prompt):
(.quick-console > .console-prompt > .CodeMirror):
Make sure .console-prompt is never an event.target for _handleMouseDown.

11:44 PM Changeset in webkit [197244] by Carlos Garcia Campos
  • 8 edits in trunk/Source

Network cache: old pages returned by disk cache on history navigation after session is restored
https://bugs.webkit.org/show_bug.cgi?id=153230

Reviewed by Chris Dumez.

Source/WebCore:

Add a flag to HistoryItem to mark them as restored from session
and use it from the FrameLoader to not change the policy request
when navigating to a history item that was restored from session,
except for iOS port.

  • history/HistoryItem.h:

(WebCore::HistoryItem::setWasRestoredFromSession):
(WebCore::HistoryItem::wasRestoredFromSession):

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadDifferentDocumentItem):

Source/WebKit2:

Since r181734, the network cache never revalidates resources for
history navigation. This is good for the memory cache, but in the
case of disk cache, we might end up with outdated pages when
restoring the session. When restoring the session happens because
of an API request (we also restore the session when recovering
from a web process crash), we should revalidate back forward list
requests in the disk cache if needed. This will only happen the
first time they are loaded after a session restore. After a web process
crash, resources will be used uncondionally from the disk cache.

  • WebProcess/WebPage/WebBackForwardListProxy.cpp:

(WebKit::WebBackForwardListProxy::addItemFromUIProcess): Use Ref&&
instead of PassRefPtr.

  • WebProcess/WebPage/WebBackForwardListProxy.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WePage::WebPage): Call restoreSessionInternal passing
No as restoredByAPIRequest parameter.
(WebKit::WebPage::restoreSessionInternal): Set restoredFromSession
flag to the created HistoryItem if the item was restored from
session by an API request.
(WebKit::WebPage::restoreSession): Call restoreSessionInternal
passing Yes as restoredByAPIRequest parameter.

  • WebProcess/WebPage/WebPage.h:
11:26 PM Changeset in webkit [197243] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Remove unused member variables from overview graphs
https://bugs.webkit.org/show_bug.cgi?id=154774

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-26
Reviewed by Timothy Hatcher.

  • UserInterface/Views/LayoutTimelineOverviewGraph.js:

(WebInspector.LayoutTimelineOverviewGraph.prototype.reset):

  • UserInterface/Views/ScriptTimelineOverviewGraph.js:

(WebInspector.ScriptTimelineOverviewGraph.prototype.reset):

11:17 PM Changeset in webkit [197242] by Nikita Vasilyev
  • 2 edits in trunk/Source/WebInspectorUI

REGRESSION (r196741): Web Inspector: Bottom section of Layers sidebar is 1px shorter than the console prompt
https://bugs.webkit.org/show_bug.cgi?id=154773
<rdar://problem/24873345>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/LayerTreeDetailsSidebarPanel.css:

(.sidebar > .panel.details.layer-tree > .content):
(.panel.details.layer-tree .bottom-bar):

10:19 PM Changeset in webkit [197241] by Michael Catanzaro
  • 2 edits in trunk/Tools

[GTK] Fix incorrect cast

Unreviewed.

  • MiniBrowser/gtk/main.c:

(createBrowserWindow):

10:16 PM Changeset in webkit [197240] by Michael Catanzaro
  • 3 edits in trunk/Source/WebCore

Remove unused private field from WEBPImageDecoder

Unreviewed.

  • platform/image-decoders/webp/WEBPImageDecoder.cpp:

(WebCore::WEBPImageDecoder::WEBPImageDecoder):

  • platform/image-decoders/webp/WEBPImageDecoder.h:
10:11 PM Changeset in webkit [197239] by Michael Catanzaro
  • 2 edits in trunk/Source/WebKit2

Fix a typo.

Unreviewed. Shame I didn't notice in the previous commit.

  • WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::WebUserContentController::removeUserContentWorld):

10:09 PM Changeset in webkit [197238] by Michael Catanzaro
  • 4 edits in trunk/Source/WebKit2

Fix GTK and maybe EFL build after r197172.

Unreviewed.

  • CMakeLists.txt:
  • UIProcess/API/gtk/WebKitUserContent.cpp:

(_WebKitUserScript::_WebKitUserScript):

  • WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::WebUserContentController::removeUserContentWorld):
(WebKit::WebUserContentController::addUserScripts):
(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeAllUserScripts):

10:09 PM Changeset in webkit [197237] by Chris Dumez
  • 10 edits
    2 adds in trunk

Fix the behavior of reflecting IDL attributes of type unsigned long
https://bugs.webkit.org/show_bug.cgi?id=154771

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/reflection-embedded-expected.txt:
  • web-platform-tests/html/dom/reflection-obsolete-expected.txt:

Source/WebCore:

Fix the behavior of reflecting IDL attributes of type unsigned long to
align with the specification:

Firefox and Chrome already follow the specification.

There were several issues with our implementation, which are all
addressed in this patch:

  • Upon getting, the value returned must be in the range 0 to 2147483647. Otherwise, we must return the default value (0 unless specified otherwise). We previously returned values in the range 0 to 4294967295 instead.
  • Upon setting, we must set the content attribute to the default value (0 unless specified otherwise) if the input value is not in the range 0 to 2147483647. We previously allowed values in the range 0 to 4294967295 instead.
  • "-0" was not recognized as a valid unsigned integer

Test: fast/dom/reflect-unsigned-long.html

  • dom/Element.cpp:

(WebCore::Element::setUnsignedIntegralAttribute):
Update setUnsignedIntegralAttribute() to limit the input value in the
0 to 2147483647 range, as per the HTML specification. This method is
called by the bindings implementation of reflecting attributes setters.

  • html/parser/HTMLParserIdioms.cpp:

(WebCore::parseHTMLNonNegativeInteger):
Update parseHTMLNonNegativeInteger() to call parseHTMLInteger() instead
of duplicating most of its code and fail if the value returned is
negative. This matches the algorithm in the specification:

This has 2 behavior changes:

  1. "-0" is now correctly parsed as 0.
  2. The returned values are in the range 0 to 2147483647.
  • html/parser/HTMLParserIdioms.h:

(WebCore::limitToOnlyHTMLNonNegativeNumbersGreaterThanZero):
(WebCore::limitToOnlyHTMLNonNegative):
Drop the checks for "<= 2147483647" and replace with an assertion
now that parseHTMLNonNegativeInteger() already returned values in
the right range.

Tools:

Update API tests to cover the fixes to the parseHTMLNonNegativeInteger()
implementation:

  • "-0" is parsed as 0.
  • Range boundaries are now [0; 2147483647].
  • TestWebKitAPI/Tests/WebCore/HTMLParserIdioms.cpp:

(TestWebKitAPI::TEST):

LayoutTests:

Add test coverage for the behavior of reflecting IDL attributes of type
unsigned long.

  • fast/dom/reflect-unsigned-long-expected.txt: Added.
  • fast/dom/reflect-unsigned-long.html: Added.
9:51 PM Changeset in webkit [197236] by Michael Catanzaro
  • 2 edits in trunk/Source/WebKit2

[GTK] Fix order of parameters in gtkdoc for webkit_web_view_get_snapshot

Unreviewed.

  • UIProcess/API/gtk/WebKitWebView.cpp:
9:40 PM Changeset in webkit [197235] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Custom transition bezier curve editor preview should loop when not editing curve
https://bugs.webkit.org/show_bug.cgi?id=154738
<rdar://problem/24861563>

Patch by Devin Rousso <Devin Rousso> on 2016-02-26
Reviewed by Timothy Hatcher.

Added extra frames to bezier preview animation to allow it to infinitely
repeat without being jarring to watch.

  • UserInterface/Views/BezierEditor.css:

(.bezier-editor > .bezier-preview-timing.animate):
(@keyframes bezierPreview):

  • UserInterface/Views/BezierEditor.js:
9:11 PM Changeset in webkit [197234] by Alan Bujtas
  • 21 edits in trunk

REGRESSION (188611): Search field Cancel button should not overlap search text on extensions page.
https://bugs.webkit.org/show_bug.cgi?id=154692
<rdar://problem/22840453>

Reviewed by Brent Fulgham.

Adjust the cancel button position using the actual size of the cancel button.

When the input box and the font height trigger different cancel button sizes, we need to readjust
the rectangle returned by cancelButtonRectForBounds.
This fixes both the mispositioned cancel button and the squared off icon when the input field is zoomed all the way in.

Source/WebCore:

Covered by existing tests.

  • rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::paintSearchFieldCancelButton):
(WebCore::RenderThemeMac::cancelButtonSizes): Update button size.

LayoutTests:

  • fast/forms/search/search-padding-cancel-results-buttons-expected.txt:
  • platform/mac/fast/css/focus-ring-exists-for-search-field-expected.txt:
  • platform/mac/fast/css/text-input-with-webkit-border-radius-expected.txt:
  • platform/mac/fast/css/text-overflow-input-expected.txt:
  • platform/mac/fast/forms/box-shadow-override-expected.txt:
  • platform/mac/fast/forms/control-restrict-line-height-expected.txt:
  • platform/mac/fast/forms/input-appearance-height-expected.txt:
  • platform/mac/fast/forms/placeholder-position-expected.txt:
  • platform/mac/fast/forms/placeholder-pseudo-style-expected.txt:
  • platform/mac/fast/forms/search-cancel-button-style-sharing-expected.txt:
  • platform/mac/fast/forms/search-display-none-cancel-button-expected.txt:
  • platform/mac/fast/forms/search-rtl-expected.txt:
  • platform/mac/fast/forms/search-styled-expected.txt:
  • platform/mac/fast/forms/search-vertical-alignment-expected.txt:
  • platform/mac/fast/forms/search/search-size-with-decorations-expected.txt:
  • platform/mac/fast/forms/searchfield-heights-expected.txt:
  • platform/mac/fast/repaint/search-field-cancel-expected.txt:
  • platform/mac/fast/replaced/width100percent-searchfield-expected.txt:
8:54 PM Changeset in webkit [197233] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Keyboard controls to nudge control points in custom transition bezier curve editor would be nice
https://bugs.webkit.org/show_bug.cgi?id=154739
<rdar://problem/24861498>

Patch by Devin Rousso <Devin Rousso> on 2016-02-26
Reviewed by Timothy Hatcher.

Adds ability for user to nudge the most recently selected bezier control
handle by using the arrow keys. Also makes the currently selected bezier
control line snap to an axis, which is defined when the user mouses down,
whenever the mouse is dragged while the shift key is pressed.

  • UserInterface/Views/BezierEditor.js:

(WebInspector.BezierEditor):
(WebInspector.BezierEditor.prototype.handleKeydownEvent):
(WebInspector.BezierEditor.prototype._handleMouseup):
(WebInspector.BezierEditor.prototype._updateControlPointsForMouseEvent):

8:43 PM Changeset in webkit [197232] by jonlee@apple.com
  • 4 edits in trunk/PerformanceTests

Address Dean's comments in 154673.

  • Animometer/developer.html:
  • Animometer/resources/debug-runner/animometer.js:
  • Animometer/resources/debug-runner/graph.js:
8:39 PM Changeset in webkit [197231] by beidson@apple.com
  • 12 edits
    3 adds in trunk

Modern IDB: New database versions are never committed to SQLite.
<rdar://problem/24860952> and https://bugs.webkit.org/show_bug.cgi?id=154741

Modern IDB: If a database handle is not open, files are not actually deleted from disk
https://bugs.webkit.org/show_bug.cgi?id=154756

Reviewed by Alex Christensen.

Source/WebCore:

Tested by API test "IndexedDBPersistence"

  • Modules/indexeddb/server/IDBServer.cpp:

(WebCore::IDBServer::IDBServer::deleteDatabase): If there's not an open handle to the database, create one.

  • Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::beginTransaction): If a version change transaction, actually

set the new version on disk.

  • Modules/indexeddb/server/UniqueIDBDatabase.cpp:

(WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
(WebCore::IDBServer::UniqueIDBDatabase::deleteBackingStore): If there is no open backing store, create one.

This is necessary to both read the current database version, and to actually delete the file on disk.

(WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore): If necessary, manufacture a "most recently

deleted database info" from the version returned by deleteBackingStore.

  • Modules/indexeddb/server/UniqueIDBDatabase.h:

Source/WebKit2:

Add WK2 SPI to force termination of the database process.

  • UIProcess/API/Cocoa/WKProcessPool.mm:

(-[WKProcessPool _terminateDatabaseProcess]):

  • UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::terminateDatabaseProcess):

  • UIProcess/WebProcessPool.h:

Tools:

This also happens to test the previously untested fix for http://trac.webkit.org/changeset/197190

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence-1.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence-2.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence.mm: Added.

(-[IndexedDBNavigationDelegate webView:didFinishNavigation:]):
(-[IndexedDBMessageHandler userContentController:didReceiveScriptMessage:]):
(TEST):

8:33 PM Changeset in webkit [197230] by jonlee@apple.com
  • 4 edits in trunk/PerformanceTests

Update animation benchmark and tests
https://bugs.webkit.org/show_bug.cgi?id=154673

Reviewed by Dean Jackson.

Update test visuals.

  • Animometer/tests/master/resources/canvas-tests.js:

(CanvasLineSegment.Utilities.createClass): Line segments near the edge of the stage get clipped.
Update circle position and radius to minimize impact.

  • Animometer/tests/master/resources/particles.js: Get rid of rotating gradient background, and

have 3 locations for emitting particles.

  • Animometer/tests/master/resources/multiply.js: Update distance metric so that fringe tiles get

more color.
(initialize): Fix some of the math for laying out the tiles.
(animate): When a tile isn't used, set visibility: hidden.

8:32 PM Changeset in webkit [197229] by jonlee@apple.com
  • 37 edits
    1 add
    2 deletes in trunk/PerformanceTests

Update animation benchmark and tests
https://bugs.webkit.org/show_bug.cgi?id=154673

Reviewed by Dean Jackson.

Update the ramp controller.

The controller refines the complexity interval to test across.

  • Animometer/resources/statistics.js: Add functions that estimate cumulative distribution function.

(Regression): For the flat regression, force the first segment to be at 60 fps.
(valueAt): Add convenience function to return interpolated value based on the regression used.
(_calculateRegression): Include the number of points included for both segments, and the piecewise
errors.

  • Animometer/tests/resources/math.js: Make the Kalman estimator subclass Experiment, and allow it

to be reset.

  • Animometer/tests/resources/main.js: Initialize the tier such that it starts at 100 = 1.

Increase the number of ramps. Maintain three FPS thresholds-- the frame rate of interest, a limit
on the lowest FPS we care to go for later interpolation, and a minimum FPS threshold we want to
aim for each ramp. Also keep three estimators: a running average of the change point, a minimum
boundary for each ramp, and an estimator for all the frames within an interval. The first two
are used to determine the parameters of the next ramp, and the latter allows us to refine the
parameters.
(update): During the tier phase, it is possible that the highest complexity possible for a test
won't stress the system enough to trigger stopping the tier phase and transitioning to the ramps.
If the complexity doesn't change when going to the next tier, we've maxed the test out, and move
on. When the tier phase completed, turn off Controller.frameLengthEstimator, which estimates the
FPS at each tier.
(tune): At each interval, look at the confidence distribution of being on the 60 FPS side or the
slow side. If the slowest FPS we achieve at the ramp's maximum complexity is not at least
_fpsRampSlowThreshold, then increase the maximum complexity. If we ever achieve 60 FPS, increase
the ramp's minimum complexity to that level. If, at an even lower complexity, a glitch causes the
FPS to drop, we reset the minimum complexity.

Have the bootstrap calculation occur between tests. Clean up harness.

  • Animometer/resources/debug-runner/animometer.js: Run bootstrap after a test has

completed to avoid doing all of it at the end before showing the results. Clean up
parameters being passed around.

  • Animometer/resources/debug-runner/tests.js:

(text):

  • Animometer/resources/runner/animometer.js:

(this._processData.calculateScore): Save the results to the same object holding the data.
(this._processData._processData): In the case where a file is dragged, calculate the score
serially. Grab the results object and move it to the results variable and remove it from
the data object. This avoids serializing the results into the JSON.
(this._processData.findRegression): Include the samples used for bootstrapping. Reduce the
resample size to shorten the wait.

  • Animometer/resources/runner/benchmark-runner.js:
  • Animometer/resources/statistics.js:

(bootstrap): Update how bootstrapData is sorted. In some regression results the mix of
floats and integers causes an alphabetical sort to occur.

  • Animometer/resources/strings.js:

Add meta charset so that encodings between harness and test match.

  • Animometer/tests/bouncing-particles/bouncing-canvas-images.html:
  • Animometer/tests/bouncing-particles/bouncing-canvas-shapes.html:
  • Animometer/tests/bouncing-particles/bouncing-css-images.html:
  • Animometer/tests/bouncing-particles/bouncing-css-shapes.html:
  • Animometer/tests/bouncing-particles/bouncing-svg-images.html:
  • Animometer/tests/bouncing-particles/bouncing-svg-shapes.html:
  • Animometer/tests/master/canvas-stage.html:
  • Animometer/tests/master/focus.html:
  • Animometer/tests/master/image-data.html:
  • Animometer/tests/master/multiply.html:
  • Animometer/tests/master/particles.html:
  • Animometer/tests/misc/canvas-electrons.html:
  • Animometer/tests/misc/canvas-stars.html:
  • Animometer/tests/misc/compositing-transforms.html:
  • Animometer/tests/simple/simple-canvas-paths.html:
  • Animometer/tests/simple/tiled-canvas-image.html:
  • Animometer/tests/template/template-canvas.html:
  • Animometer/tests/template/template-css.html:
  • Animometer/tests/template/template-svg.html:
  • Animometer/tests/text/layering-text.html:
  • Animometer/tests/text/text-boxes.html:

Update test harness reporting.

  • Animometer/developer.html: Add missing meta charset.
  • Animometer/index.html: Remove unnecessary utf-8 declaration.
  • Animometer/resources/debug-runner/animometer.css: Add convenience classes for

formatting the results table.

  • Animometer/resources/debug-runner/animometer.js: Adjust which stats are shown.
  • Animometer/resources/debug-runner/tests.js: Display bootstrapping statistics.
  • Animometer/resources/strings.js: Move strings not used by the release harness.

Switch to a pseudo-random number generator.

  • Animometer/resources/statistics.js: Add a Pseudo class, with a simple

pseudo-random number generator.
(_calculateRegression): Reset the generator before running bootstrap.
(bootstrap): Deleted.

Replace Math.random with Pseudo.random.

  • Animometer/tests/master/resources/canvas-tests.js:
  • Animometer/tests/master/resources/focus.js:
  • Animometer/tests/master/resources/particles.js:
  • Animometer/tests/resources/main.js:

Use bootstrapping to get confidence interval in the breakpoint.

For the ramp controller, calculate the piecewise regression, and then use
bootstrapping in order to find the 95% confidence interval. Use the raw data.

  • Animometer/developer.html: Default to the complexity graph. Add a legend

checkbox to toggle visibility of the bootstrap score and histogram.

  • Animometer/resources/debug-runner/animometer.css: Make some more space to show

the old raw and average scores in the legend. Add new styles for the data.

  • Animometer/resources/debug-runner/graph.js:

(_addRegressionLine): Allow passing an array for the variance bar tied to the
regression line. Now |stdev| is |range|.
(createComplexityGraph): Add bootstrap median, and overlay a histogram of
the bootstrap samples. Switch raw samples from circles to X's.
(onComplexityGraphOptionsChanged): Allow toggling of the bootstrap data.
(onGraphTypeChanged): Move the regressions for the raw and average samples to the
legend. In the subtitle use the bootstrap median, and include the 95% confidence
interval.

  • Animometer/resources/runner/animometer.js:

(this._processData.findRegression): Factor out the code that determines which
samples to include when calculating the piecewise regression. For series that have
many samples, or a wider range of recorded complexities, throw away the 2.5%
lowest and highest samples before calculating the regression. Keep all samples
if the number of samples to regress is small or the range of complexities is
narrow.
(this._processData._calculateScore): Factor out regression calculation to
findRegression(). Bootstrap the change point of the regression. The score is the
median.

  • Animometer/resources/statistics.js:

(_calculateRegression): Correct an issue in the calculation of the regression, where
the denominator can be 0.
(bootstrap): Template for bootstrapping. Create a bootstrap sample array, Create
re-samples by random selection with replacement. Return the 95% confidence samples,
the bootstrap median, mean, and the data itself.

  • Animometer/resources/strings.js: Add bootstrap.
  • Animometer/tests/resources/main.js:

(processSamples): Don't prematurely cut the sample data.

Fix graph drawing.

  • Animometer/resources/debug-runner/animometer.js: Add spacing in the JSON output.

Multiple tests output a lot of JSON and can hang when selecting JSON with no whitespace.

  • Animometer/resources/debug-runner/animometer.css:

(#complexity-graph .series.raw circle): Update the color.

  • Animometer/resources/debug-runner/graph.js: Use the FPS axis instead of the

complexity axis, which can vary in domain. For determining the complexity domain,
only use samples after samplingTimeOffset.

Allow dropping results JSON.

  • Animometer/developer.html: Add a button.
  • Animometer/resources/debug-runner/animometer.css:
  • Animometer/resources/debug-runner/animometer.js: Read the data and go straight

to the dashboard. With JSON output, write out only the options and the raw data.

Teach the harness to evaluate the samples and determine the test score.

This will allow us to update how the score is calculated separately from the samples recorded.
This also prepares the harness to be able to accept JSON of prior runs.

  • Animometer/resources/strings.js: Clean up and remove unneeded strings and reduce some of the

hierarchy.

  • Animometer/resources/debug-runner/tests.js: Update to use the new strings.
  • Animometer/tests/resources/main.js: Allow all controllers to show a complexity-FPS graph.

(_processComplexitySamples): Factor out some of the sample processing done in the ramp
controller for the benefit of the other controllers. |complexitySamples| contains a list of
samples. Sort the samples by complexity. Optionally remove the top x% of samples.
Group them, and calculate distribution of samples within the same complexity, and add those as
new entries into |complexityAverageSamples|.
(Controller.processSamples): Move the code responsible for determining the complexity and FPS
scores out to ResultsDashboard. The structure of the data returned by the controller is:

{

controller: [time-regression, time-regression, ...], optional, data specific to controller
marks: [...],
samples: {
all of the sample data

controller: [...],
complexity: [...], processed from controller samples
complexityAverage: [...],
processed from complexity samples

}

}

(AdaptiveController.processSamples): Adding the target frame length is no longer necessary; we
now pass the test options to the graph.
(Regression): Move to statistics.js.

  • Animometer/resources/statistics.js: Move Regression to here. Add a check if the sampling range

only contains one sample, since we cannot calculate a regression from one sample point.

Teach the test harness to evaluate the data.

  • Animometer/resources/runner/animometer.js:

(ResultsDashboard): Store the options used to run the test and the computed results/score separately
from the data. The results are stored as:

{

score: /* geomean of iteration score */,
iterationsResults: [

{

score: /* geomean of tests */,
testsResults: {

suiteName: {

testName: {

controller: {

average:
concern:
stdev:
percent:

},
frameLength: { ... },
complexity: {

complexity:
stdev:
segment1:
segment2:

},
complexityAverage: { ... }

},
testName: { ... },

},
... next suite ...

}

},
{ ...next iteration... }

]

}

  • Animometer/resources/debug-runner/animometer.js: Pass options around instead of relying

on what was selected in the form. This will later allow for dropping previous results, and
using those runs' options when calculating scores.
(ResultsTable._addGraphButton): Simplify button action by using attached test data.

  • Animometer/resources/debug-runner/graph.js: Refactor to use the data.

Consolidate JS files, and move statistics out to a separate JS.

Preparation for having the Controller only handle recording and storage of the samples,
and leave the evaluation of the test score out to the harness. Move Experiment to
a new statistics.js, where Regression will also eventually go. Get rid of algorithm.js
and move it to utilities.js since the Heap is used only for Experiments.

  • Animometer/tests/resources/algorithm.js: Removed. Heap is in utilities.js.
  • Animometer/tests/resources/sampler.js: Removed. Experiment is in statistics.js,

Sampler in main.js.

  • Animometer/tests/resources/main.js: Move Sampler here.
  • Animometer/resources/statistics.js: Added. Move Statistics and Experiment here.
  • Animometer/resources/extensions.js: Move Heap here. Attach static method to create

a max or min heap to Heap, instead of a new Algorithm object.

Update JS files.

  • Animometer/developer.html:
  • Animometer/index.html:
  • Animometer/tests/bouncing-particles/bouncing-canvas-images.html:
  • Animometer/tests/bouncing-particles/bouncing-canvas-shapes.html:
  • Animometer/tests/bouncing-particles/bouncing-css-images.html:
  • Animometer/tests/bouncing-particles/bouncing-css-shapes.html:
  • Animometer/tests/bouncing-particles/bouncing-svg-images.html:
  • Animometer/tests/bouncing-particles/bouncing-svg-shapes.html:
  • Animometer/tests/master/canvas-stage.html:
  • Animometer/tests/master/focus.html:
  • Animometer/tests/master/image-data.html:
  • Animometer/tests/master/multiply.html:
  • Animometer/tests/master/particles.html:
  • Animometer/tests/misc/canvas-electrons.html:
  • Animometer/tests/misc/canvas-stars.html:
  • Animometer/tests/misc/compositing-transforms.html:
  • Animometer/tests/simple/simple-canvas-paths.html:
  • Animometer/tests/simple/tiled-canvas-image.html:
  • Animometer/tests/template/template-canvas.html:
  • Animometer/tests/template/template-css.html:
  • Animometer/tests/template/template-svg.html:
  • Animometer/tests/text/layering-text.html:
  • Animometer/tests/text/text-boxes.html:

Fix the cursor in the graph analysis when the min
complexity is not 0.

  • Animometer/resources/debug-runner/graph.js:

(_addRegression):
(createComplexityGraph):

6:59 PM Changeset in webkit [197228] by mmaxfield@apple.com
  • 5 edits in trunk

Unreviewed, rolling out r197216.
https://bugs.webkit.org/show_bug.cgi?id=154766

Test simply needs updated result (Requested by litherum on
#webkit).

Reverted changeset:

"Unreviewed, rolling out r197158."
https://bugs.webkit.org/show_bug.cgi?id=154758
http://trac.webkit.org/changeset/197216

Patch by Commit Queue <commit-queue@webkit.org> on 2016-02-26

6:53 PM Changeset in webkit [197227] by ap@apple.com
  • 2 edits in trunk/Tools

[iOS Simulator] Reftests don't work
https://bugs.webkit.org/show_bug.cgi?id=154764

Reviewed by Daniel Bates.

  • Scripts/webkitpy/port/image_diff.py: (IOSSimulatorImageDiffer._start):

Use simctl instead of sim.

6:10 PM Changeset in webkit [197226] by oliver@apple.com
  • 10 edits
    1 delete in trunk/Source

Remove the on demand executable allocator
https://bugs.webkit.org/show_bug.cgi?id=154749

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Remove all the DemandExecutable code and executable allocator ifdefs.

(JSC::DemandExecutableAllocator::DemandExecutableAllocator): Deleted.
(JSC::DemandExecutableAllocator::~DemandExecutableAllocator): Deleted.
(JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): Deleted.
(JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): Deleted.
(JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): Deleted.
(JSC::DemandExecutableAllocator::allocateNewSpace): Deleted.
(JSC::DemandExecutableAllocator::notifyNeedPage): Deleted.
(JSC::DemandExecutableAllocator::notifyPageIsFree): Deleted.
(JSC::DemandExecutableAllocator::allocators): Deleted.
(JSC::DemandExecutableAllocator::allocatorsMutex): Deleted.
(JSC::ExecutableAllocator::initializeAllocator): Deleted.
(JSC::ExecutableAllocator::ExecutableAllocator): Deleted.
(JSC::ExecutableAllocator::~ExecutableAllocator): Deleted.
(JSC::ExecutableAllocator::isValid): Deleted.
(JSC::ExecutableAllocator::underMemoryPressure): Deleted.
(JSC::ExecutableAllocator::memoryPressureMultiplier): Deleted.
(JSC::ExecutableAllocator::allocate): Deleted.
(JSC::ExecutableAllocator::committedByteCount): Deleted.
(JSC::ExecutableAllocator::dumpProfile): Deleted.
(JSC::ExecutableAllocator::getLock): Deleted.
(JSC::ExecutableAllocator::isValidExecutableMemory): Deleted.
(JSC::ExecutableAllocator::reprotectRegion): Deleted.

  • jit/ExecutableAllocator.h:
  • jit/ExecutableAllocatorFixedVMPool.cpp:
  • jit/JITStubRoutine.h:

(JSC::JITStubRoutine::canPerformRangeFilter): Deleted.
(JSC::JITStubRoutine::filteringStartAddress): Deleted.
(JSC::JITStubRoutine::filteringExtentSize): Deleted.

Source/WTF:

Remove the DeamndExecutableAllocator compile flags.

  • wtf/Platform.h:
6:03 PM Changeset in webkit [197225] by Chris Dumez
  • 9 edits
    1 add in trunk

Add API test coverage for parseHTMLInteger / parseHTMLNonNegativeInteger
https://bugs.webkit.org/show_bug.cgi?id=154714

Reviewed by Darin Adler.

Source/WebCore:

Export a couple more symbols for API testing.

  • html/parser/HTMLParserIdioms.h:

Tools:

Add API test coverage for parseHTMLInteger / parseHTMLNonNegativeInteger as per:

  • TestWebKitAPI/PlatformEfl.cmake:
  • TestWebKitAPI/PlatformGTK.cmake:
  • TestWebKitAPI/PlatformWin.cmake:
  • TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.vcxproj:
  • TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.vcxproj.filters:
  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebCore/HTMLParserIdioms.cpp: Added.

(TestWebKitAPI::testParseHTMLInteger):
(TestWebKitAPI::parseHTMLIntegerFails):
(TestWebKitAPI::TEST):
(TestWebKitAPI::testParseHTMLNonNegativeInteger):
(TestWebKitAPI::parseHTMLNonNegativeIntegerFails):

5:47 PM Changeset in webkit [197224] by Ryan Haddad
  • 2 edits in branches/safari-601-branch/LayoutTests

Update TestExpectations for css3/font-variant-* tests. rdar://problem/24190682

  • platform/mac/TestExpectations:
5:29 PM Changeset in webkit [197223] by achristensen@apple.com
  • 6 edits in trunk/Source/WebKit2

Clear credentials and prevent unauthorized credential storage when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154755

Reviewed by Brady Eidson.

Credentials from previous tests were being used sometimes, notably in
http/tests/misc/401-alternative-content.php when running multiple credential-based
tests with the same WebKitTestRunner.

  • NetworkProcess/NetworkDataTask.h:
  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::clearCachedCredentials):
(WebKit::NetworkProcess::ensurePrivateBrowsingSession):

  • NetworkProcess/NetworkSession.h:
  • NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTask::NetworkDataTask):
(WebKit::NetworkDataTask::tryPasswordBasedAuthentication):

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::NetworkSession::~NetworkSession):
(WebKit::NetworkSession::clearCredentials):
(WebKit::NetworkSession::dataTaskForIdentifier):

5:21 PM Changeset in webkit [197222] by Ryan Haddad
  • 2 edits
    1 delete in branches/safari-601-branch/LayoutTests

Remove unnecessary test file and skip fast/text/small-caps-web-font.html on Mavericks. rdar://problem/24748533

  • platform/mac-mavericks/fast/text/small-caps-web-font-expected.png: Removed.
  • platform/mac/TestExpectations:
4:59 PM Changeset in webkit [197221] by Ryan Haddad
  • 16 edits
    4 deletes in trunk/Source/bmalloc

Unreviewed, rolling out r197174.
https://bugs.webkit.org/show_bug.cgi?id=154762

This change caused LayoutTests to crash on iOS simulator
(Requested by ryanhaddad on #webkit).

Reverted changeset:

"bmalloc: Added a fast XLarge allocator"
https://bugs.webkit.org/show_bug.cgi?id=154720
http://trac.webkit.org/changeset/197174

Patch by Commit Queue <commit-queue@webkit.org> on 2016-02-26

4:37 PM Changeset in webkit [197220] by Ryan Haddad
  • 3 edits
    3 adds in trunk/LayoutTests

Rebaseline tests for ios-simulator after r197162

Unreviewed test gardening.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/interfaces-expected.txt:
  • platform/ios-simulator/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/type-change-state-expected.txt:
  • platform/ios-simulator/imported/w3c/web-platform-tests/html/semantics/selectors/pseudo-classes/indeterminate-radio-expected.txt: Added.
4:15 PM Changeset in webkit [197219] by Beth Dakin
  • 2 edits in trunk/Source/WebCore

32-bit!!!

  • platform/mac/WebVideoFullscreenInterfaceMac.mm:

(-[WebPlaybackControlsManager initWithWebVideoFullscreenInterfaceMac:]):

4:02 PM Changeset in webkit [197218] by Beth Dakin
  • 2 edits in trunk/Source/WebCore

Another 32-bit build fix.

  • platform/spi/cocoa/AVKitSPI.h:
3:51 PM Changeset in webkit [197217] by Beth Dakin
  • 2 edits in trunk/Source/WebCore

Attempted 32-bit build fix.

  • platform/mac/WebVideoFullscreenInterfaceMac.mm:

(-[WebPlaybackControlsManager initWithWebVideoFullscreenInterfaceMac:]):

3:41 PM Changeset in webkit [197216] by Ryan Haddad
  • 4 edits in trunk

Unreviewed, rolling out r197158.
https://bugs.webkit.org/show_bug.cgi?id=154758

This change did not fix the failing test (Requested by
ryanhaddad on #webkit).

Reverted changeset:

"REGRESSION(r195795): [WK2] fast/text/crash-complex-text-
surrogate.html is flakey"
https://bugs.webkit.org/show_bug.cgi?id=154709
http://trac.webkit.org/changeset/197158

Patch by Commit Queue <commit-queue@webkit.org> on 2016-02-26

3:39 PM Changeset in webkit [197215] by Ryan Haddad
  • 12 edits in trunk

Unreviewed, rolling out r197160.
https://bugs.webkit.org/show_bug.cgi?id=154757

This change causes editing/mac/attributed-string/font-
size.html to fail on El Capitan WK1 (Requested by ryanhaddad
on #webkit).

Reverted changeset:

"Font size computed style is innaccurate"
https://bugs.webkit.org/show_bug.cgi?id=154705
http://trac.webkit.org/changeset/197160

Patch by Commit Queue <commit-queue@webkit.org> on 2016-02-26

3:33 PM Changeset in webkit [197214] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WTF

Enhance logging: Add "always on" macros
https://bugs.webkit.org/show_bug.cgi?id=154498
<rdar://problem/24757759>

Patch by Keith Rollin <Keith Rollin> on 2016-02-26
Reviewed by Chris Dumez.

Add support for efficient always-on logging (logging that is available
in both debug and release builds). This is implemented in the form of
some new macros:

  • LOG_ALWAYS: Always log information-level statements.
  • LOG_ALWAYS_ERROR: Always log error-level statements. These can be filtered out of the normal logging so that they can be found more easily.

In cases where there is no efficient underlying facility for it to
utilize, LOG_ALWAYS_ERROR is redirected to WTFReportError as a backup
mechanism. LOG_ALWAYS is not given a similar treatment so that we
don't overwhelm other logging systems that aren't prepared for "always
on" logging.

  • wtf/Assertions.h:
  • wtf/Platform.h:
3:26 PM Changeset in webkit [197213] by barraclough@apple.com
  • 12 edits in trunk/Source

Page TimerAlignmentIntervalIncrease mechanism should have upper limit
https://bugs.webkit.org/show_bug.cgi?id=154744

Reviewed by Geoff Garen.

There would be diminishing returns from throttling timers in background pages infinitely.
Add a heuristic to limit appropriately.

Source/WebCore:

Keep track of the current limit, and make the increase time take this into account.

  • page/Page.cpp:

(WebCore::Page::setTimerThrottlingEnabled):

  • When timer throttling is disabled visit all timers to resume.

(WebCore::Page::setTimerAlignmentIntervalIncreaseLimit):

  • Track the maximum alignment interval, and call setDOMTimerAlignmentInterval to ensure m_timerAlignmentInterval is updated in accordance with the new limit.

(WebCore::Page::setDOMTimerAlignmentInterval):

  • When the timer alignemnt interval changes update the increase timer.

(WebCore::Page::timerAlignmentIntervalIncreaseTimerFired):

  • Apply limit.
  • page/Page.h:

(WebCore::Page::timerThrottlingEnabled):

  • Accessor for readability.

Source/WebKit2:

The flow of data here is WebPageProxy informs WebProcessPool of the number of pages
participating in this mechanism, WebProcessPool computes an apropriate limit and pushes
this out to the WebProcesses, which in turn update each of their pages.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::WebPageProxy):

  • Call updateHidenPageThrottingAutoIncreases on creation.

(WebKit::WebPageProxy::updateHidenPageThrottingAutoIncreases):

  • If increasing timer throttling is enabled increment the counter on WebProcessPool.

(WebKit::WebPageProxy::preferencesDidChange):

  • Call updateHidenPageThrottingAutoIncreases on preferences change.
  • UIProcess/WebPageProxy.h:
  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::WebProcessPool):

  • initialize new RefCounter.

(WebKit::WebProcessPool::updateHidenPageThrottingAutoIncreaseLimit):

  • When count of participating pages changes, update the limit.
  • UIProcess/WebProcessPool.h:
  • WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::setHiddenPageTimerThrottlingIncreaseLimit):

  • Propagate limit to WebCore::Page.
  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::setHiddenPageTimerThrottlingIncreaseLimit):

  • Propagate limit to WebPages.
  • WebProcess/WebProcess.h:
  • WebProcess/WebProcess.messages.in:
    • Added new message.
3:09 PM Changeset in webkit [197212] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip js/basic-map.html on Mac since it is already run in JSC tests
https://bugs.webkit.org/show_bug.cgi?id=154753

Unreviewed test gardening.

  • platform/mac/TestExpectations:
3:00 PM Changeset in webkit [197211] by Beth Dakin
  • 2 edits in trunk/Source/WebCore

Attempted build fix.

  • platform/spi/cocoa/AVKitSPI.h:
2:58 PM Changeset in webkit [197210] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Reduce direct callers of Structure::findStructuresAndMapForMaterialization
https://bugs.webkit.org/show_bug.cgi?id=154751

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-26
Reviewed by Mark Lam.

  • runtime/Structure.cpp:

(JSC::Structure::toStructureShape):
This property name iteration is identical to Structure::forEachPropertyConcurrently.
Share the code and reduce callers to the subtle findStructuresAndMapForMaterialization.

2:56 PM Changeset in webkit [197209] by bshafiei@apple.com
  • 5 edits in tags/Safari-601.5.17.3/Source

Versioning.

2:54 PM Changeset in webkit [197208] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.5.17.3

New tag.

2:51 PM Changeset in webkit [197207] by Beth Dakin
  • 2 edits in trunk/Source/WebKit2

Attempted build fix.

  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::setUpVideoControlsManagerWithID):
(WebKit::WebVideoFullscreenManagerProxy::resetMediaState):

2:32 PM Changeset in webkit [197206] by andersca@apple.com
  • 2 edits in trunk/Source/WebKit2

Fix Yosemite build.

  • UIProcess/API/Cocoa/_WKWebsiteDataSize.mm:

(-[_WKWebsiteDataSize sizeOfDataTypes:]):

2:29 PM Changeset in webkit [197205] by mark.lam@apple.com
  • 130 edits
    1 add in trunk

Function.name and Function.length should be configurable.
https://bugs.webkit.org/show_bug.cgi?id=154604

Reviewed by Saam Barati.

Source/JavaScriptCore:

According to https://tc39.github.io/ecma262/#sec-ecmascript-language-functions-and-classes,
"Unless otherwise specified, the name property of a built-in Function object,
if it exists, has the attributes { Writable?: false, Enumerable?: false,
Configurable?: true }."

Similarly, "the length property of a built-in Function object has the attributes
{ Writable?: false, Enumerable?: false, Configurable?: true }."

This patch makes Function.name and Function.length configurable.

We do this by lazily reifying the JSFunction name and length properties on first
access. We track whether each of these properties have been reified using flags
in the FunctionRareData. On first access, if not already reified, we will put
the property into the object with its default value and attributes and set the
reified flag. Thereafter, we rely on the base JSObject to handle access to the
property.

Also, lots of test results have to be re-baselined because the old Function.length
has attribute DontDelete, which is in conflict with the ES6 requirement that it
is configurable.

  • runtime/FunctionRareData.h:

(JSC::FunctionRareData::hasReifiedLength):
(JSC::FunctionRareData::setHasReifiedLength):
(JSC::FunctionRareData::hasReifiedName):
(JSC::FunctionRareData::setHasReifiedName):

  • Flags for tracking whether each property has been reified.
  • runtime/JSFunction.cpp:

(JSC::JSFunction::finishCreation):
(JSC::JSFunction::createBuiltinFunction):

  • Host and builtin functions currently always reify their name and length properties. Currently, for builtins, the default names that are used may differ from the executable name. For now, we'll stay with keeping this alternate approach to getting the name and length properties for host and builtin functions. However, we need their default attribute to be configurable as well.

(JSC::JSFunction::getOwnPropertySlot):
(JSC::JSFunction::getOwnNonIndexPropertyNames):
(JSC::JSFunction::put):
(JSC::JSFunction::deleteProperty):
(JSC::JSFunction::defineOwnProperty):
(JSC::JSFunction::reifyLength):
(JSC::JSFunction::reifyName):
(JSC::JSFunction::reifyLazyPropertyIfNeeded):
(JSC::JSFunction::lengthGetter): Deleted.
(JSC::JSFunction::nameGetter): Deleted.

  • runtime/JSFunction.h:
  • runtime/JSFunctionInlines.h:

(JSC::JSFunction::hasReifiedLength):
(JSC::JSFunction::hasReifiedName):

  • tests/es6.yaml:
  • 4 new passing tests.
  • tests/mozilla/ecma/Array/15.4.4.3-1.js:
  • tests/mozilla/ecma/Array/15.4.4.4-1.js:
  • tests/mozilla/ecma/Array/15.4.4.4-2.js:
  • tests/mozilla/ecma/GlobalObject/15.1.2.1-1.js:
  • tests/mozilla/ecma/GlobalObject/15.1.2.2-1.js:
  • tests/mozilla/ecma/GlobalObject/15.1.2.3-1.js:
  • tests/mozilla/ecma/GlobalObject/15.1.2.4.js:
  • tests/mozilla/ecma/GlobalObject/15.1.2.5-1.js:
  • tests/mozilla/ecma/GlobalObject/15.1.2.6.js:
  • tests/mozilla/ecma/GlobalObject/15.1.2.7.js:
  • tests/mozilla/ecma/String/15.5.4.10-1.js:
  • tests/mozilla/ecma/String/15.5.4.11-1.js:
  • tests/mozilla/ecma/String/15.5.4.11-5.js:
  • tests/mozilla/ecma/String/15.5.4.12-1.js:
  • tests/mozilla/ecma/String/15.5.4.6-2.js:
  • tests/mozilla/ecma/String/15.5.4.7-2.js:
  • tests/mozilla/ecma/String/15.5.4.8-1.js:
  • tests/mozilla/ecma/String/15.5.4.9-1.js:
  • Rebase expected test results.
  • tests/stress/function-configurable-properties.js: Added.

LayoutTests:

  • ietestcenter/Javascript/TestCases/15.2.3.3-4-187.js:

(ES5Harness.registerTest.test):

  • ietestcenter/Javascript/TestCases/15.3.4.5-15-2.js:

(ES5Harness.registerTest.test):

  • js/dom/function-name-expected.txt:
  • js/dom/getOwnPropertyDescriptor-expected.txt:
  • js/dom/script-tests/function-name.js:
  • js/mozilla/strict/15.3.5.1-expected.txt:
  • js/mozilla/strict/function-name-arity-expected.txt:
  • js/mozilla/strict/script-tests/15.3.5.1.js:
  • js/mozilla/strict/script-tests/function-name-arity.js:
  • js/resources/getOwnPropertyDescriptor.js:
  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.6/15.10.6.2_RegExp.prototype.exec/S15.10.6.2_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.6/15.10.6.3_RegExp.prototype.test/S15.10.6.3_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.10_RegExp/15.10.6/15.10.6.4_RegExp.prototype.toString/S15.10.6.4_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/15.1.2/15.1.2.1_eval/S15.1.2.1_A4.2.html:
  • sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/15.1.2/15.1.2.2_parseInt/S15.1.2.2_A9.2.html:
  • sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/15.1.2/15.1.2.3_parseFloat/S15.1.2.3_A7.2.html:
  • sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/15.1.2/15.1.2.4_isNaN/S15.1.2.4_A2.2.html:
  • sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/15.1.2/15.1.2.5_isFinite/S15.1.2.5_A2.2.html:
  • sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/15.1.3/15.1.3.1_decodeURI/S15.1.3.1_A5.2.html:
  • sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/15.1.3/15.1.3.2_decodeURIComponent/S15.1.3.2_A5.2.html:
  • sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/15.1.3/15.1.3.3_encodeURI/S15.1.3.3_A5.2.html:
  • sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/15.1.3/15.1.3.4_encodeURIComponent/S15.1.3.4_A5.2.html:
  • sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/15.2.4.2_Object.prototype.toString/S15.2.4.2_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/15.2.4.3_Object.prototype.toLocaleString/S15.2.4.3_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/15.2.4.4_Object.prototype.valueOf/S15.2.4.4_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/15.2.4.5_Object.prototype.hasOwnProperty/S15.2.4.5_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/15.2.4.6_Object.prototype.isPrototypeOf/S15.2.4.6_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.2_Object/15.2.4/15.2.4.7_Object.prototype.propertyIsEnumerable/S15.2.4.7_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.3_Function/15.3.4/15.3.4.2_Function.prototype.toString/S15.3.4.2_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.3_Function/15.3.4/15.3.4.3_Function.prototype.apply/S15.3.4.3_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.3_Function/15.3.4/15.3.4.4_Function.prototype.call/S15.3.4.4_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.3_Function/15.3.5/S15.3.5.1_A2_T1.html:
  • sputnik/Conformance/15_Native_Objects/15.3_Function/15.3.5/S15.3.5.1_A2_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.3_Function/15.3.5/S15.3.5.1_A2_T3.html:
  • sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.10_Array_prototype_slice/S15.4.4.10_A5.2.html:
  • sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.11_Array_prototype_sort/S15.4.4.11_A7.2.html:
  • sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.12_Array_prototype_splice/S15.4.4.12_A5.2.html:
  • sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.13_Array_prototype_unshift/S15.4.4.13_A5.2.html:
  • sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.2_Array_prototype_toString/S15.4.4.2_A4.2.html:
  • sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.3_Array_prototype_toLocaleString/S15.4.4.3_A4.2.html:
  • sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.4_Array_prototype_concat/S15.4.4.4_A4.2.html:
  • sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.5_Array_prototype_join/S15.4.4.5_A6.2.html:
  • sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.6_Array_prototype_pop/S15.4.4.6_A5.2.html:
  • sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.7_Array_prototype_push/S15.4.4.7_A6.2.html:
  • sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.8_Array_prototype_reverse/S15.4.4.8_A5.2.html:
  • sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.9_Array_prototype_shift/S15.4.4.9_A5.2.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.10_String.prototype.match/S15.5.4.10_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.11_String.prototype.replace/S15.5.4.11_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.12_String.prototype.search/S15.5.4.12_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.13_String.prototype.slice/S15.5.4.13_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.15_String.prototype.substring/S15.5.4.15_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.16_String.prototype.toLowerCase/S15.5.4.16_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.17_String.prototype.toLocaleLowerCase/S15.5.4.17_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.18_String.prototype.toUpperCase/S15.5.4.18_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.19_String.prototype.toLocaleUpperCase/S15.5.4.19_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.4_String.prototype.charAt/S15.5.4.4_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.5_String.prototype.charCodeAt/S15.5.4.5_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.6_String.prototype.concat/S15.5.4.6_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.7_String.prototype.indexOf/S15.5.4.7_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.8_String.prototype.lastIndexOf/S15.5.4.8_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.9_String.prototype.localeCompare/S15.5.4.9_A9.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.4/15.9.4.2_Date.parse/S15.9.4.2_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.4/15.9.4.3_Date.UTC/S15.9.4.3_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.10_Date.prototype.getFullYear/S15.9.5.10_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.11_Date.prototype.getUTCFullYear/S15.9.5.11_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.12_Date.prototype.getMonth/S15.9.5.12_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.13_Date.prototype.getUTCMonth/S15.9.5.13_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.14_Date.prototype.getDate/S15.9.5.14_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.15_Date.prototype.getUTCDate/S15.9.5.15_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.16_Date.prototype.getDay/S15.9.5.16_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.17_Date.prototype.getUTCDay/S15.9.5.17_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.18_Date.prototype.getHours/S15.9.5.18_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.19_Date.prototype.getUTCHours/S15.9.5.19_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.20_Date.prototype.getMinutes/S15.9.5.20_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.21_Date.prototype.getUTCMinutes/S15.9.5.21_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.22_Date.prototype.getSeconds/S15.9.5.22_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.23_Date.prototype.getUTCSeconds/S15.9.5.23_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.24_Date.prototype.getMilliseconds/S15.9.5.24_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.25_Date.prototype.getUTCMilliseconds/S15.9.5.25_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.26_Date.prototype.getTimezoneOffset/S15.9.5.26_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.27_Date.prototype.setTime/S15.9.5.27_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.28_Date.prototype.setMilliseconds/S15.9.5.28_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.29_Date.prototype.setUTCMilliseconds/S15.9.5.29_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.2_Date.prototype.toString/S15.9.5.2_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.30_Date.prototype.setSeconds/S15.9.5.30_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.31_Date.prototype.setUTCSeconds/S15.9.5.31_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.32_Date.prototype.setMinutes/S15.9.5.32_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.33_Date.prototype.setUTCMinutes/S15.9.5.33_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.34_Date.prototype.setHours/S15.9.5.34_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.35_Date.prototype.setUTCHours/S15.9.5.35_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.36_Date.prototype.setDate/S15.9.5.36_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.37_Date.prototype.setUTCDate/S15.9.5.37_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.38_Date.prototype.setMonth/S15.9.5.38_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.39_Date.prototype.setUTCMonth/S15.9.5.39_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.3_Date.prototype.toDateString/S15.9.5.3_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.40_Date.prototype.setFullYear/S15.9.5.40_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.41_Date.prototype.setUTCFullYear/S15.9.5.41_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.42_Date.prototype.toUTCString/S15.9.5.42_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.4_Date.prototype.toTimeString/S15.9.5.4_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.5_Date.prototype.toLocaleString/S15.9.5.5_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.6_Date.prototype.toLocaleDateString/S15.9.5.6_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.7_Date.prototype.toLocaleTimeString/S15.9.5.7_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.8_Date.prototype.valueOf/S15.9.5.8_A3_T2.html:
  • sputnik/Conformance/15_Native_Objects/15.9_Date/15.9.5/15.9.5.9_Date.prototype.getTime/S15.9.5.9_A3_T2.html:
2:28 PM Changeset in webkit [197204] by Beth Dakin
  • 24 edits in trunk/Source

Add support for playbackControlsManager
https://bugs.webkit.org/show_bug.cgi?id=154742
-and corresponding-
rdar://problem/23833753

Reviewed by Jer Noble.

Source/WebCore:

Make AVKitSPI.h private so that it can be used from other projects.

  • WebCore.xcodeproj/project.pbxproj:

Right now, set up a controls manager for a video when it starts playing. In
the future, this is something that should be handled by the
PlatformMediaSessionManager since we only want a controls for the
currentSession.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::playInternal):

New function setUpVideoControlsManager.

  • page/ChromeClient.h:

Make these CoreMedia functions available on Mac and iOS instead of just iOS.

  • platform/cf/CoreMediaSoftLink.cpp:
  • platform/cf/CoreMediaSoftLink.h:

This patch fleshes out an implementation for a bunch of these interface
functions since they need to communicate to the playbackControlsManager. This
is also where the playbackControlsManager lives.

  • platform/mac/WebVideoFullscreenInterfaceMac.h:

Define an interface and implementation for WebPlaybackControlsManager.

  • platform/mac/WebVideoFullscreenInterfaceMac.mm:

(-[WebPlaybackControlsManager initWithWebVideoFullscreenInterfaceMac:]):
(-[WebPlaybackControlsManager isSeeking]):
(-[WebPlaybackControlsManager seekToTime:toleranceBefore:toleranceAfter:]):
(-[WebPlaybackControlsManager audioMediaSelectionOptions]):
(-[WebPlaybackControlsManager currentAudioMediaSelectionOption]):
(-[WebPlaybackControlsManager setCurrentAudioMediaSelectionOption:]):
(-[WebPlaybackControlsManager legibleMediaSelectionOptions]):
(-[WebPlaybackControlsManager currentLegibleMediaSelectionOption]):
(-[WebPlaybackControlsManager setCurrentLegibleMediaSelectionOption:]):
(-[WebPlaybackControlsManager cancelThumbnailAndAudioAmplitudeSampleGeneration]):

Relay this information to the playbackControlsManager.
(WebCore::WebVideoFullscreenInterfaceMac::setDuration):
(WebCore::WebVideoFullscreenInterfaceMac::setCurrentTime):
(WebCore::WebVideoFullscreenInterfaceMac::setRate):
(WebCore::WebVideoFullscreenInterfaceMac::setSeekableRanges):
(WebCore::WebVideoFullscreenInterfaceMac::ensureControlsManager):
(WebCore::WebVideoFullscreenInterfaceMac::playBackControlsManager):
(WebCore::WebVideoFullscreenInterfaceMac::setupFullscreen):

New SPI needed.

  • platform/spi/cocoa/AVKitSPI.h:
  • platform/spi/mac/AVFoundationSPI.h:

Source/WebKit2:

WebVideoFullscreenManagerProxy ensures the model and interface for the
UIProcess side of the playbackControlsManager. It also caches the
m_controlsManagerContextId so that it can return the
controlsManagerInterface.

  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.h:
  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.messages.in:
  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::setUpVideoControlsManagerWithID):
(WebKit::WebVideoFullscreenManagerProxy::controlsManagerInterface):

Pipe isPlayingMediaDidChange() to WebViewImpl, and use that information to
update WebViewImplAdditions.

  • UIProcess/Cocoa/WebViewImpl.h:
  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::isPlayingMediaDidChange):

  • UIProcess/PageClient.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::isPlayingMediaDidChange):
(WebKit::WebPageProxy::isPlayingVideoWithAudio):

  • UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::isPlayingAudio):

  • UIProcess/mac/PageClientImpl.h:
  • UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::isPlayingMediaDidChange):

Pipe setUpVideoControlsManager to the WebVideoFullscreenManager.

  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::setUpVideoControlsManager):

  • WebProcess/WebCoreSupport/WebChromeClient.h:

Ensure the model an interface for the playbackControlsManager on the
WebProcess side and pass the message to the UIProcess to do the same.

  • WebProcess/cocoa/WebVideoFullscreenManager.h:
  • WebProcess/cocoa/WebVideoFullscreenManager.mm:

(WebKit::WebVideoFullscreenManager::setUpVideoControlsManager):

2:26 PM Changeset in webkit [197203] by andersca@apple.com
  • 22 edits
    5 copies in trunk

WKWebsiteDataStore/WKWebsiteDataRecord needs to provide size information about each type of data
https://bugs.webkit.org/show_bug.cgi?id=154750
Source/WebKit2:

Reviewed by Tim Horton.

  • DatabaseProcess/DatabaseProcess.cpp:

(WebKit::DatabaseProcess::fetchWebsiteData):
WebsiteData::Entry now takes a size.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::fetchDiskCacheEntries):
If necessary, compute sizes.

(WebKit::NetworkProcess::fetchWebsiteData):
Just pass 0 for the CF cache for now.

  • NetworkProcess/NetworkProcess.h:
  • NetworkProcess/NetworkProcess.messages.in:

FetchWebsiteData now takes a OptionSet<WebsiteDataFetchOption>.

  • Shared/WebsiteData/WebsiteData.cpp:

(WebKit::WebsiteData::Entry::encode):
(WebKit::WebsiteData::Entry::decode):
Encode and decode the size.

  • Shared/WebsiteData/WebsiteData.h:

Add size.

  • Shared/WebsiteData/WebsiteDataFetchOption.h:

Add new enum.

  • UIProcess/API/C/WKApplicationCacheManager.cpp:

(WKApplicationCacheManagerGetApplicationCacheOrigins):
Pass an empty OptionSet<WebsiteDataFetchOption>.

  • UIProcess/API/C/WKResourceCacheManager.cpp:

(WKResourceCacheManagerGetCacheOrigins):
Pass an empty OptionSet<WebsiteDataFetchOption>.

  • UIProcess/API/Cocoa/WKWebsiteDataRecord.mm:

(-[WKWebsiteDataRecord description]):
If we have a size, print it out as well.

(-[WKWebsiteDataRecord _dataSize]):
Return a size if we have one.

  • UIProcess/API/Cocoa/WKWebsiteDataRecordPrivate.h:
  • UIProcess/API/Cocoa/WKWebsiteDataStore.mm:

(-[WKWebsiteDataStore fetchDataRecordsOfTypes:completionHandler:]):
Call through to the SPI.

(-[WKWebsiteDataStore _fetchDataRecordsOfTypes:withOptions:completionHandler:]):
Compute the right options.

  • UIProcess/API/Cocoa/WKWebsiteDataStoreInternal.h:

Import WKWebsiteDataStorePrivate.h.

  • UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h:

Add SPI.

  • UIProcess/API/Cocoa/_WKWebsiteDataSize.h:
  • UIProcess/API/Cocoa/_WKWebsiteDataSize.mm:

(-[_WKWebsiteDataSize initWithSize:]):
(-[_WKWebsiteDataSize totalSize]):
(-[_WKWebsiteDataSize sizeOfDataTypes:]):
Add _WKWebsiteDataSize header.

  • UIProcess/API/Cocoa/_WKWebsiteDataSizeInternal.h: Add IPI header.
  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::fetchWebsiteData):
This now takes a OptionSet<WebsiteDataFetchOption>.

  • UIProcess/Network/NetworkProcessProxy.h:

Update members.

  • UIProcess/WebsiteData/WebsiteDataRecord.h:

Add a hash map from types to sizes.

  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchData):
This now takes a OptionSet<WebsiteDataFetchOption>.

  • UIProcess/WebsiteData/WebsiteDataStore.h:

Update member functions.

  • WebKit2.xcodeproj/project.pbxproj:

Add new files.

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::fetchWebsiteData):
This now takes a OptionSet<WebsiteDataFetchOption>.

Tools:

rdar://problem/23861395

Reviewed by Tim Horton.

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController fetchWebsiteData:]):
Use the new WKWebsiteDataStore SPI to compute data sizes.

2:24 PM Changeset in webkit [197202] by timothy_horton@apple.com
  • 2 edits in branches/safari-601-branch/Source/WTF

Fix the Mavericks build.

  • wtf/FeatureDefines.h:

This feature flag is fully covered by FeatureDefines.xcconfig,
no need for it here.

2:06 PM Changeset in webkit [197201] by Chris Dumez
  • 3 edits
    1 delete in trunk/LayoutTests

Unreviewed, fix flaky test introduced in r197156.

  • fast/dom/Node/nullable-parameters-expected.txt:
  • fast/dom/Node/nullable-parameters.html:
  • fast/dom/Node/resources/testdoc.xml: Removed.
  • fast/dom/Node/resources/testdoc2.xml: Removed.
1:57 PM Changeset in webkit [197200] by bshafiei@apple.com
  • 2 edits in tags/Safari-601.5.17.2/Source/WebCore

Merge r196703. rdar://problem/24623986

1:55 PM Changeset in webkit [197199] by bshafiei@apple.com
  • 5 edits in tags/Safari-601.5.17.2/Source

Versioning.

1:53 PM Changeset in webkit [197198] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.5.17.2

New tag.

1:51 PM Changeset in webkit [197197] by andersca@apple.com
  • 2 edits in trunk/Source/WebKit2

Add a toWebsiteDataType and reimplement toWebsiteDataTypes using it
https://bugs.webkit.org/show_bug.cgi?id=154746

Reviewed by Sam Weinig.

  • UIProcess/API/Cocoa/WKWebsiteDataRecordInternal.h:

(WebKit::toWebsiteDataType):
(WebKit::toWebsiteDataTypes):
(WebKit::toWKWebsiteDataTypes):

1:43 PM Changeset in webkit [197196] by keith_miller@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Folding of OverridesHasInstance DFG nodes shoud happen in constant folding not fixup
https://bugs.webkit.org/show_bug.cgi?id=154743

Reviewed by Mark Lam.

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

1:32 PM Changeset in webkit [197195] by bshafiei@apple.com
  • 7 edits in branches/safari-601-branch/Source/WebCore

Roll out r196637. rdar://problem/24494562

12:58 PM Changeset in webkit [197194] by commit-queue@webkit.org
  • 4 edits
    1 add
    6 deletes in trunk

<g> wrapping <symbol> causes display of hidden <symbol>
https://bugs.webkit.org/show_bug.cgi?id=154576

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-02-26
Reviewed by Darin Adler.
Source/WebCore:

The SVGSymbolElement is allowed in the shadow tree of an SVGUseElement
only if it subtree root element. Any descendant SVGSymbolElement should
be removed from the subtree because it is a hidden container. If the cloned
subtree includes an SVGUseElement which references an SVGSymbolElement,
the same rule will be applied to the descendant SVGUseElement. The goal
is to remove all the descendant SVGSymbolElements from the cloned target
because these SVGSymbolElements will be expanded to SVGSVGElements and
hence become visible.

  • svg/SVGUseElement.cpp:

(WebCore::disassociateAndRemoveClones): A helper function which removes
cloned SVGElements and their subtrees from their parents and disassociate
them from their originals.

(WebCore::removeDisallowedElementsFromSubtree): Use disassociateAndRemoveClones().

(WebCore::removeSymbolElementsFromSubtree): Removes all the descendant
SVGSymbolElements from the cloned subtree. It does not remove the root
element itself if it is an SVGSymbolElement because this one will be
expanded to an SVGSVGElement which is exactly what we need.

(WebCore::SVGUseElement::cloneTarget): Call removeSymbolElementsFromSubtree()
to remove the descendant SVGSymbolElements from the cloned subtree before
appending it to the container shadow root.

LayoutTests:

Ensure the <symbol> element is not displayed when it's wrapped in a <g>
element and this <g> element is referenced by a <use> element.

  • platform/gtk/svg/custom/use-on-g-containing-symbol-expected.png: Removed.
  • platform/gtk/svg/custom/use-on-g-containing-symbol-expected.txt: Removed.
  • platform/ios-simulator/svg/custom/use-on-g-containing-symbol-expected.txt: Removed.
  • platform/mac/svg/custom/use-on-g-containing-symbol-expected.png: Removed.
  • platform/mac/svg/custom/use-on-g-containing-symbol-expected.txt: Removed.
  • platform/win/svg/custom/use-on-g-containing-symbol-expected.txt: Removed.
  • svg/custom/use-on-g-containing-symbol-expected.svg: Added.
  • svg/custom/use-on-g-containing-symbol.svg:

The original test was wrong. It had the following definition:

"<g id='symbol'><symbol>...</symbol></g>"

And it was expecting to have the symbol drawn if the <g> element was
referenced like that

"<use xlink:href='#symbol'/>"

FireFox does not render anything for this <use> element which is correct.
With this patch, this test failed so it had to be modified to test the right
behavior. Also it is now converted to a ref test.

12:47 PM Changeset in webkit [197193] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Initialize LocaleICU data members in header
https://bugs.webkit.org/show_bug.cgi?id=154731

Patch by Olivier Blin <Olivier Blin> on 2016-02-26
Reviewed by Michael Catanzaro.

LocaleICU data members should be initialized in the header, to
avoid conditional initialization lines in the constructor, as
suggested by Darin in bug 154484.

  • platform/text/LocaleICU.cpp:

(WebCore::LocaleICU::LocaleICU): Deleted.

  • platform/text/LocaleICU.h:
12:25 PM Changeset in webkit [197192] by keith_miller@apple.com
  • 8 edits
    1 add in trunk/Source/JavaScriptCore

Native Typed Array functions should use Symbol.species
https://bugs.webkit.org/show_bug.cgi?id=154569

Reviewed by Michael Saboff.

This patch adds support for Symbol.species in the native Typed Array prototype
functions. Additionally, now that other types of typedarrays are creatable inside
the slice we use the JSGenericTypedArrayView::set function, which has been beefed
up, to put everything into the correct place.

  • runtime/JSDataView.cpp:

(JSC::JSDataView::set):

  • runtime/JSDataView.h:
  • runtime/JSGenericTypedArrayView.h:
  • runtime/JSGenericTypedArrayViewConstructorInlines.h:

(JSC::constructGenericTypedArrayViewFromIterator):
(JSC::constructGenericTypedArrayViewWithArguments):
(JSC::constructGenericTypedArrayView):

  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::setWithSpecificType):
(JSC::JSGenericTypedArrayView<Adaptor>::set):

  • runtime/JSGenericTypedArrayViewPrototypeFunctions.h:

(JSC::speciesConstruct):
(JSC::genericTypedArrayViewProtoFuncSet):
(JSC::genericTypedArrayViewProtoFuncSlice):
(JSC::genericTypedArrayViewProtoFuncSubarray):

  • tests/stress/typedarray-slice.js:

(subclasses.typedArrays.map):
(testSpecies):
(forEach):
(subclasses.forEach):
(testSpeciesRemoveConstructor):
(testSpeciesWithSameBuffer):

  • tests/stress/typedarray-subarray.js: Added.

(subclasses.typedArrays.map):
(testSpecies):
(forEach):
(subclasses.forEach):
(testSpeciesRemoveConstructor):

11:49 AM Changeset in webkit [197191] by andersca@apple.com
  • 30 edits
    1 copy
    1 move in trunk/Source

Add WTF::OptionSet and use it for the website data types enum
https://bugs.webkit.org/show_bug.cgi?id=154733

Reviewed by Geoffrey Garen.

Source/WebKit2:

This is a pretty mechanical change:

Convert all uses of the WebsiteDataTypes enum to WTF::OptionSet. Rename the WebsiteDataTypes enum to
WebsiteDataType (since it only represents a single data type), and rename headers. Encode and decode WTF::OptionSet properly.

  • DatabaseProcess/DatabaseProcess.cpp:

(WebKit::DatabaseProcess::fetchWebsiteData):
(WebKit::DatabaseProcess::deleteWebsiteData):
(WebKit::DatabaseProcess::deleteWebsiteDataForOrigins):

  • DatabaseProcess/DatabaseProcess.h:
  • DatabaseProcess/DatabaseProcess.messages.in:
  • NetworkProcess/NetworkProcess.cpp:

(WebKit::fetchDiskCacheEntries):
(WebKit::NetworkProcess::fetchWebsiteData):
(WebKit::NetworkProcess::deleteWebsiteData):
(WebKit::NetworkProcess::deleteWebsiteDataForOrigins):

  • NetworkProcess/NetworkProcess.h:
  • NetworkProcess/NetworkProcess.messages.in:
  • Platform/IPC/ArgumentCoders.h:

(IPC::ArgumentCoder<OptionSet<T>>::encode):
(IPC::ArgumentCoder<OptionSet<T>>::decode):

  • Scripts/webkit/messages.py:

(class_template_headers):

  • Shared/WebsiteData/WebsiteData.h:
  • Shared/WebsiteData/WebsiteDataType.h: Renamed from Source/WebKit2/Shared/WebsiteData/WebsiteDataTypes.h.
  • UIProcess/API/C/WKApplicationCacheManager.cpp:

(WKApplicationCacheManagerGetApplicationCacheOrigins):
(WKApplicationCacheManagerDeleteEntriesForOrigin):
(WKApplicationCacheManagerDeleteAllEntries):

  • UIProcess/API/C/WKResourceCacheManager.cpp:

(toWebsiteDataTypes):
(WKResourceCacheManagerClearCacheForOrigin):

  • UIProcess/API/Cocoa/WKWebsiteDataRecordInternal.h:

(WebKit::toWebsiteDataTypes):
(WebKit::toWKWebsiteDataTypes):

  • UIProcess/Databases/DatabaseProcessProxy.cpp:

(WebKit::DatabaseProcessProxy::fetchWebsiteData):
(WebKit::DatabaseProcessProxy::deleteWebsiteData):
(WebKit::DatabaseProcessProxy::deleteWebsiteDataForOrigins):

  • UIProcess/Databases/DatabaseProcessProxy.h:
  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::fetchWebsiteData):
(WebKit::NetworkProcessProxy::deleteWebsiteData):
(WebKit::NetworkProcessProxy::deleteWebsiteDataForOrigins):

  • UIProcess/Network/NetworkProcessProxy.h:
  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::fetchWebsiteData):
(WebKit::WebProcessProxy::deleteWebsiteData):
(WebKit::WebProcessProxy::deleteWebsiteDataForOrigins):

  • UIProcess/WebProcessProxy.h:
  • UIProcess/WebsiteData/WebsiteDataRecord.cpp:

(WebKit::WebsiteDataRecord::add):
(WebKit::WebsiteDataRecord::addCookieHostName):
(WebKit::WebsiteDataRecord::addPluginDataHostName):

  • UIProcess/WebsiteData/WebsiteDataRecord.h:
  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::computeNetworkProcessAccessTypeForDataFetch):
(WebKit::computeWebProcessAccessTypeForDataFetch):
(WebKit::WebsiteDataStore::fetchData):
(WebKit::computeNetworkProcessAccessTypeForDataRemoval):
(WebKit::computeWebProcessAccessTypeForDataRemoval):
(WebKit::WebsiteDataStore::removeData):

  • UIProcess/WebsiteData/WebsiteDataStore.h:
  • WebKit2.xcodeproj/project.pbxproj:
  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::fetchWebsiteData):
(WebKit::WebProcess::deleteWebsiteData):
(WebKit::WebProcess::deleteWebsiteDataForOrigins):

  • WebProcess/WebProcess.h:
  • WebProcess/WebProcess.messages.in:

Source/WTF:

Add WTF::OptionSet which makes it easier to use strong enums as flags.

  • WTF.xcodeproj/project.pbxproj:
  • wtf/Forward.h:
  • wtf/OptionSet.h: Copied from Source/WebKit2/Shared/WebsiteData/WebsiteData.h.

(WTF::OptionSet::fromRaw):
(WTF::OptionSet::OptionSet):
(WTF::OptionSet::toRaw):
(WTF::OptionSet::contains):
(WTF::OptionSet::operator|=):

11:49 AM Changeset in webkit [197190] by beidson@apple.com
  • 4 edits in trunk/Source/WebCore

Modern IDB: Using existing database info from SQLite backing store is busted.
<rdar://problem/24848143> and https://bugs.webkit.org/show_bug.cgi?id=154735

Reviewed by Alex Christensen.

No new tests.

Reproducing the bug requires having a known database on disk *before* launching the DatabaseProcess to
read in the existing IDBDatabaseInfo.

Our automated infrastructure currently has no way of testing this.

  • Modules/indexeddb/client/IDBConnectionToServer.cpp:

(WebCore::IDBClient::IDBConnectionToServer::openDatabase):

  • Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo): Do the optional migrate on

the IndexRecords table here; *every* time we open a SQLite backing store.

(WebCore::IDBServer::SQLiteIDBBackingStore::createAndPopulateInitialDatabaseInfo): Deleted.

  • Modules/indexeddb/shared/IDBDatabaseInfo.cpp:

(WebCore::IDBDatabaseInfo::isolatedCopy): Copy the entire object, not just name/version.

11:47 AM Changeset in webkit [197189] by bshafiei@apple.com
  • 8 edits in branches/safari-601-branch/Source

Merge patch for rdar://problem/24826901.

11:45 AM Changeset in webkit [197188] by weinig@apple.com
  • 2 edits in trunk/Source/WebKit2

Try to fix the Yosemite build again.

  • UIProcess/API/Cocoa/WKUserScript.mm:

(toStringVector):
(-[WKUserScript _initWithSource:injectionTime:forMainFrameOnly:legacyWhitelist:legacyBlacklist:userContentWorld:]):

11:37 AM Changeset in webkit [197187] by mitz@apple.com
  • 2 edits in trunk/Source/WebKit/mac

Build fix for when WK_OVERRIDE_FRAMEWORKS_DIR contains spaces.

  • Configurations/WebKitLegacy.xcconfig: Added quotes.
11:18 AM Changeset in webkit [197186] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

[JSC] Add32(Imm, Tmp, Tmp) does not ZDef the destination if Imm is zero
https://bugs.webkit.org/show_bug.cgi?id=154704

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-26
Reviewed by Geoffrey Garen.

If the Imm is zero, we should still zero the top bits
to match the definition in AirOpcodes.

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::add32):

  • b3/testb3.cpp:
11:18 AM Changeset in webkit [197185] by oliver@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Make testRegExp not crash when given an invalid regexp
https://bugs.webkit.org/show_bug.cgi?id=154732

Reviewed by Mark Lam.

  • testRegExp.cpp:

(parseRegExpLine):

11:09 AM Changeset in webkit [197184] by bshafiei@apple.com
  • 2 edits in tags/Safari-602.1.20.1/Source/WebCore

Merged r197154. rdar://problem/24845077

10:56 AM Changeset in webkit [197183] by bshafiei@apple.com
  • 5 edits in tags/Safari-602.1.20.1/Source

Versioning.

10:54 AM Changeset in webkit [197182] by weinig@apple.com
  • 2 edits in trunk/Source/WebKit2

Try to fix the Yosemite build.

  • UIProcess/API/Cocoa/WKUserScriptPrivate.h:
10:51 AM Changeset in webkit [197181] by benjamin@webkit.org
  • 1 edit
    1 add in trunk/Source/JavaScriptCore

[JSC] Add the test for r197155
https://bugs.webkit.org/show_bug.cgi?id=154715

Reviewed by Mark Lam.

Silly me. I forgot the test in the latest patch update.

  • tests/stress/class-syntax-tdz-osr-entry-in-loop.js: Added.
10:44 AM Changeset in webkit [197180] by andersca@apple.com
  • 4 edits in trunk/Source/WebKit2

Cache::traverse should pass the record info to its traversal handler
https://bugs.webkit.org/show_bug.cgi?id=154695

Reviewed by Antti Koivisto.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::fetchDiskCacheEntries):
(WebKit::clearDiskCacheEntries):

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::traverse):

  • NetworkProcess/cache/NetworkCache.h:
10:40 AM Changeset in webkit [197179] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.20.1

New tag.

10:20 AM Changeset in webkit [197178] by barraclough@apple.com
  • 14 edits in trunk

Source/WebCore:
RefCounter value changed callback should be called on all changes (not just zero edge).
https://bugs.webkit.org/show_bug.cgi?id=154699

Reviewed by Anders Carlsson.

RefCounter currently only triggers a callback when the count goes from zero
to non-zero and vice-versa. Change that, to be useful to more clients.

  • page/PageThrottler.cpp:

(WebCore::PageThrottler::PageThrottler):

  • Updated for change in RefCounter callback siganture.
  • platform/VNodeTracker.cpp:

(WebCore::VNodeTracker::VNodeTracker):

  • Can now use RefCounter callback to trigger checkPressureState().

(WebCore::VNodeTracker::pressureWarningTimerFired):

  • RefCounter count is now a size_t (%d -> %ul).
  • platform/VNodeTracker.h:
    • simplified VNodeTracker::token() [no longer needs to call checkPressureState()].

Source/WebKit2:
RefCounter value changed callback should be called on all changes (not just zero edge).
https://bugs.webkit.org/show_bug.cgi?id=154699

Reviewed by Anders Carlsson.

RefCounter currently only triggers a callback when the count goes from zero
to non-zero and vice-versa. Change that, to be useful to more clients.

  • UIProcess/Plugins/PluginProcessManager.cpp:

(WebKit::PluginProcessManager::PluginProcessManager):

  • Updated for change in RefCounter callback siganture.
  • UIProcess/Plugins/PluginProcessManager.h:
    • Updated for change in RefCounter callback siganture.
  • UIProcess/Plugins/mac/PluginProcessManagerMac.mm:

(WebKit::PluginProcessManager::updateProcessSuppressionDisabled):

  • updated logic for enabling process supression.
  • UIProcess/ProcessThrottler.cpp:

(WebKit::ProcessThrottler::ProcessThrottler):

  • Updated for change in RefCounter callback siganture.
  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::WebProcessPool):

  • Updated for change in RefCounter callback siganture.

Source/WTF:
Unreviewed, rolling out r197168.
https://bugs.webkit.org/show_bug.cgi?id=154728

crashing on some devices (Requested by kling on #webkit).

Reverted changeset:

"[Darwin] Use vm_kernel_page_size for WTF::pageSize()."
https://bugs.webkit.org/show_bug.cgi?id=154726
http://trac.webkit.org/changeset/197168

Patch by Commit Queue <commit-queue@webkit.org> on 2016-02-26

Tools:
RefCounter value changed callback should be called on all changes (not just zero edge).
https://bugs.webkit.org/show_bug.cgi?id=154699

Reviewed by Geoff Garen.

RefCounter currently only triggers a callback when the count goes from zero
to non-zero and vice-versa. Change that, to be useful to more clients.

  • TestWebKitAPI/Tests/WTF/RefCounter.cpp:

(TestWebKitAPI::TEST):

  • Updated for change in RefCounter callback siganture & behaviour.
10:17 AM Changeset in webkit [197177] by akling@apple.com
  • 11 edits
    3 deletes in trunk/Source

Remove unused CFNetwork disk cache mmap optimization in WebKit2.
<https://webkit.org/b/154727>

Reviewed by Darin Adler.

Source/WebCore:

Remove some now-unused SPI.

  • platform/spi/cf/CFNetworkSPI.h:

Source/WebKit2:

Nuke all the code related to the mmap optimization we had for CFNetwork's disk cache.
This code has not been used since we moved to the WebKit2 network cache.

  • NetworkProcess/Downloads/PendingDownload.h:
  • NetworkProcess/NetworkLoadClient.h:
  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::sendBufferMaybeAborting): Deleted.

  • NetworkProcess/NetworkResourceLoader.h:
  • NetworkProcess/cache/NetworkCacheSpeculativeLoad.h:
  • NetworkProcess/cocoa/NetworkProcessCocoa.mm:

(WebKit::NetworkProcess::platformLowMemoryHandler): Deleted.
(WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa): Deleted.

  • NetworkProcess/mac/NetworkDiskCacheMonitor.h: Removed.
  • NetworkProcess/mac/NetworkDiskCacheMonitor.mm: Removed.
  • NetworkProcess/mac/NetworkLoadMac.mm:

(WebKit::NetworkLoad::willCacheResponseAsync): Deleted.

  • NetworkProcess/mac/NetworkResourceLoaderMac.mm: Removed.
  • WebKit2.xcodeproj/project.pbxproj:
10:12 AM Changeset in webkit [197176] by Ryan Haddad
  • 21 edits in trunk

Unreviewed, rolling out r197167.
https://bugs.webkit.org/show_bug.cgi?id=154730

This change broke the Mac build (Requested by ryanhaddad on
#webkit).

Reverted changeset:

"REGRESSION (188611): Search field Cancel button should not
overlap search text on extensions page."
https://bugs.webkit.org/show_bug.cgi?id=154692
http://trac.webkit.org/changeset/197167

Patch by Commit Queue <commit-queue@webkit.org> on 2016-02-26

9:58 AM Changeset in webkit [197175] by ggaren@apple.com
  • 4 edits in trunk/PerformanceTests

Fix some issues in MallocBench
https://bugs.webkit.org/show_bug.cgi?id=154600

Reviewed by Oliver Hunt.

  • MallocBench/MallocBench.xcodeproj/project.pbxproj: Make nimlang.ops

a part of the build so that it copies to the right place for execution.

  • MallocBench/MallocBench/Interpreter.cpp:

(Interpreter::Interpreter): Don't try to open .ops files for writing
because we're only going to read and we might need extra permissions to
write.

(Interpreter::~Interpreter): Give more context when opening a file fails
to help with debugging.

  • MallocBench/MallocBench/stress.cpp:

(benchmark_stress): Reduce iterations to complete in less than 10 seconds.

9:57 AM Changeset in webkit [197174] by ggaren@apple.com
  • 16 edits
    4 adds in trunk/Source/bmalloc

bmalloc: Added a fast XLarge allocator
https://bugs.webkit.org/show_bug.cgi?id=154720

Reviewed by Andreas Kling.

This is a big speedup for XLarge allocations because it avoids mmap
and page fault churn. It also enables future design changes to handle
a smaller size range on the fast path.

  • bmalloc.xcodeproj/project.pbxproj:
  • bmalloc/Algorithm.h:

(bmalloc::roundUpToMultipleOf):
(bmalloc::roundDownToMultipleOf): Added a non-constant round down.

  • bmalloc/Allocator.cpp:

(bmalloc::Allocator::tryAllocate): XLarge no longer requires the caller
to align things.

(bmalloc::Allocator::allocate): Tweaked the alignment calculation for
clarity. When alignment and largeAlignment are equal, no adjustment
is necessary since all allocations guarantee largeAlignment.

(bmalloc::Allocator::reallocate): Updated for interface change.

Note that the new interface fixes some concurrency bugs. The old code
kept an iterator into the XLarge allocator across lock drop and acquisition,
which is not cool.

(bmalloc::Allocator::allocateXLarge): XLarge no longer requires the caller
to align things.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::scavengeXLargeObjects): Added scavenging for XLarge.

(bmalloc::Heap::allocateXLarge):

(bmalloc::Heap::splitAndAllocate): Split XLarge objects to xLargeAlignment.

(bmalloc::Heap::tryAllocateXLarge):
(bmalloc::Heap::xLargeSize):
(bmalloc::Heap::shrinkXLarge):
(bmalloc::Heap::deallocateXLarge): Allocate from our map before going
to the OS.

(bmalloc::Heap::findXLarge): Deleted.

  • bmalloc/Heap.h:
  • bmalloc/LargeObject.h:

(bmalloc::LargeObject::split):

  • bmalloc/ObjectType.h:

(bmalloc::isXLarge): Give XLarge objects an explicit alignment for clarity.

  • bmalloc/Range.h:

(bmalloc::Range::size):
(bmalloc::Range::operator!):
(bmalloc::Range::operator bool):
(bmalloc::Range::operator<):
(bmalloc::canMerge):
(bmalloc::merge): Some helpers that were useful in writing this patch.

  • bmalloc/Sizes.h:
  • bmalloc/SortedVector.h: Added.

(bmalloc::SortedVector::Bucket::Bucket):
(bmalloc::SortedVector::Bucket::operator<):
(bmalloc::SortedVector::iterator::iterator):
(bmalloc::SortedVector::iterator::operator++):
(bmalloc::SortedVector::iterator::operator!=):
(bmalloc::SortedVector::iterator::operator*):
(bmalloc::SortedVector::iterator::operator->):
(bmalloc::SortedVector::iterator::skipDeletedBuckets):
(bmalloc::SortedVector::begin):
(bmalloc::SortedVector::end):
(bmalloc::SortedVector<T>::insert):
(bmalloc::SortedVector<T>::find):
(bmalloc::SortedVector<T>::get):
(bmalloc::SortedVector<T>::take):
(bmalloc::SortedVector<T>::shrinkToFit): A simple abstraction for keeping
a sorted vector. Insertion is average amortized log(n) because we keep
deleted buckets that we can reuse.

This is better than a tree because we get better locality, less memory
use, and simpler code. Also, trees require a node memory allocator, and
implementing a memory allocator in a memory allocator is no fun.

Arguably we should use a hash table instead. But that's more code, and
sorted vector has other nice properties that we might want to take
adavantage of in the future.

  • bmalloc/VMAllocate.h:

(bmalloc::tryVMAllocate): Fixed an inaccuracy in the alignment calculation
here. This code was sort of trying to enforce the alignment that the
XLarge allocator enforces -- but it's better to enforce that alignment
there.

The right calculation is:

vmAlignment - vmPageSize + vmSize

because the worst case is when you are aligned to 0 + vmPageSize, and
you must walk forward vmAlignment - vmPageSize to reach the next
vmAlignment.

(bmalloc::tryVMExtend): Deleted. No need to go back to the OS for VM
since we manage our own.

  • bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::allocateLargeChunk): Updated for clarity. When we
grow the large heap we know that grown region is where the next allocation
will take place, so we return it directly instead of pushing it to the
free list.

This fixes a subtle bug where an overly conservative aligned allocation
algorithm can fail to allocate at all when it grows the heap.

  • bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateLargeObject): Ditto.
(bmalloc::VMHeap::allocateLargeObject): Ditto.

  • bmalloc/VMState.h:

(bmalloc::merge): Added a helper.

  • bmalloc/Vector.h:

(bmalloc::Vector::begin):
(bmalloc::Vector::end):
(bmalloc::Vector::size):
(bmalloc::Vector::capacity):
(bmalloc::Vector::last):
(bmalloc::Vector::pop):
(bmalloc::Vector<T>::push):
(bmalloc::Vector<T>::pop):
(bmalloc::Vector<T>::shrink): Use a proper iterator API to play nice
with std algorithms.

(bmalloc::Vector<T>::insert): New function required by SortedVector.

(bmalloc::Vector<T>::reallocateBuffer):
(bmalloc::Vector<T>::shrinkCapacity): Allow for shrinking back all the way
to 0 because that's what shrinkToFit wants.
(bmalloc::Vector<T>::growCapacity):
(bmalloc::Vector<T>::shrinkToFit):

  • bmalloc/XLargeMap.cpp: Added. Helper data structure for managing XLarge

objects. We have enough granularity in our metadata to represent any
kind of address range.

We store free ranges in a flat vector because most programs have very
few individual free XLarge ranges. (They usually merge.)

We store allocated ranges in a sorted vector because programs might
allocate lots of XLarge ranges. For example, if the XLarge minimum is
128kB, and you have a 1GB process, that's 8192 ranges. Linear scan would
examine 8192 items but binary search only 13.

Empirically, this is 1.5X faster than our current large allocator if you
modify MallocBench/big to allocate XLarge objects and not to initialize
objects and you allocate 128kB-256kB objects in a 1GB address space.

(bmalloc::XLargeMap::takeFree): Be careful about overflow in this function
because we support super huge pointers, alignments, and sizes.

(bmalloc::XLargeMap::addFree): Merge eagerly on free because the cost
of missing an XLarge opportunity is catastrophic. Also, I discovered
by experiment that any allocator that doesn't merge eagerly can create
lots of subtle opportunities for snowballing fragmentation, as
fragmentation in range A forces you to chop up range B, and so on.

We allocate "first fit" (allocating the lowest address) because someone
wrote a paper once that said that it's the best algorithm to combat
fragmentation (even though worst case fragmentation is unavoidable
regardless of algorithm).

(bmalloc::XLargeMap::addAllocated):
(bmalloc::XLargeMap::getAllocated):
(bmalloc::XLargeMap::takeAllocated):
(bmalloc::XLargeMap::shrinkToFit):
(bmalloc::XLargeMap::takePhysical):
(bmalloc::XLargeMap::addVirtual):

  • bmalloc/XLargeMap.h: Added.

(bmalloc::XLargeMap::Allocation::operator<):

  • bmalloc/XLargeRange.h: Added.

(bmalloc::XLargeRange::XLargeRange):
(bmalloc::XLargeRange::vmState):
(bmalloc::XLargeRange::setVMState):
(bmalloc::canMerge):
(bmalloc::merge):
(bmalloc::XLargeRange::split): Helper for tracking VMState in a range.

9:54 AM Changeset in webkit [197173] by commit-queue@webkit.org
  • 4 edits in trunk/Source

Unreviewed, rolling out r197168.
https://bugs.webkit.org/show_bug.cgi?id=154728

crashing on some devices (Requested by kling on #webkit).

Reverted changeset:

"[Darwin] Use vm_kernel_page_size for WTF::pageSize()."
https://bugs.webkit.org/show_bug.cgi?id=154726
http://trac.webkit.org/changeset/197168

9:50 AM Changeset in webkit [197172] by weinig@apple.com
  • 21 edits
    9 adds in trunk

Allow WKUserScripts to be run in isolated worlds
https://bugs.webkit.org/show_bug.cgi?id=154701

Reviewed by Anders Carlsson.

Source/WebKit2:

Adds support for using isolated worlds, called _WKUserContentWorlds in the SPI,
from the UIProcess.

  • Shared/API/APIObject.h:
  • Shared/Cocoa/APIObject.mm:
  • UIProcess/API/APIUserContentWorld.cpp: Added.

(API::generateIdentifier):
(API::UserContentWorld::worldWithName):
(API::UserContentWorld::normalWorld):
(API::UserContentWorld::UserContentWorld):
(API::UserContentWorld::~UserContentWorld):

  • UIProcess/API/APIUserContentWorld.h: Added.

Add new UserContentWorld type.

  • UIProcess/API/APIUserScript.h:

Bind each user script to a particular _WKUserContentWorld.

  • UIProcess/API/C/WKUserScriptRef.cpp:

(WKUserScriptCreateWithSource):
(WKUserScriptCopySource):
Existing APIs create user scripts for the normal world, preserving existing behavior.

  • UIProcess/API/Cocoa/WKUserScript.mm:

(-[WKUserScript initWithSource:injectionTime:forMainFrameOnly:]):
Existing APIs create user scripts for the normal world, preserving existing behavior.

(-[WKUserScript _initWithSource:injectionTime:forMainFrameOnly:legacyWhitelist:legacyBlacklist:userContentWorld:]):
Add a new initializer which takes a world to bind to. Also add support for the legacy whitelist/blacklist mechanism
while we are here, as the expected client needs these as well.

(-[WKUserScript _userContentWorld]):
Add accessor for the bound world.

  • UIProcess/API/Cocoa/WKUserScriptInternal.h:
  • UIProcess/API/Cocoa/WKUserScriptPrivate.h: Added.

Add new private header.

  • UIProcess/API/Cocoa/_WKUserContentWorld.h: Added.
  • UIProcess/API/Cocoa/_WKUserContentWorld.mm: Added.

(+[_WKUserContentWorld worldWithName:]):
(+[_WKUserContentWorld normalWorld]):
(-[_WKUserContentWorld dealloc]):
(-[_WKUserContentWorld name]):
(-[_WKUserContentWorld _apiObject]):

  • UIProcess/API/Cocoa/_WKUserContentWorldInternal.h: Added.

Add SPI wrapper.

  • UIProcess/UserContent/WebUserContentControllerProxy.cpp:

(WebKit::WebUserContentControllerProxy::addProcess):
(WebKit::WebUserContentControllerProxy::addUserScript):
(WebKit::WebUserContentControllerProxy::removeUserScript):
(WebKit::WebUserContentControllerProxy::removeAllUserScripts):
(WebKit::WebUserContentControllerProxy::addUserStyleSheet):

  • UIProcess/UserContent/WebUserContentControllerProxy.h:

(WebKit::WebUserContentControllerProxy::userScripts):
(WebKit::WebUserContentControllerProxy::userStyleSheets):
Add support for registering the worlds with the associated WebContentProcesses and then using
their identifiers to map user scripts to the correct world.

  • WebKit2.xcodeproj/project.pbxproj:

Add new files.

  • WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInScriptWorld.h:
  • WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInScriptWorld.mm:

(-[WKWebProcessPlugInScriptWorld name]):
Expose the name property.

  • WebProcess/InjectedBundle/API/c/WKBundleScriptWorld.cpp:

(WKBundleScriptWorldCopyName):

  • WebProcess/InjectedBundle/API/c/WKBundleScriptWorld.h:

Expose the name property.

  • WebProcess/InjectedBundle/InjectedBundleScriptWorld.cpp:

(WebKit::allWorlds):
(WebKit::InjectedBundleScriptWorld::create):
(WebKit::InjectedBundleScriptWorld::getOrCreate):
(WebKit::InjectedBundleScriptWorld::normalWorld):
(WebKit::InjectedBundleScriptWorld::InjectedBundleScriptWorld):
(WebKit::InjectedBundleScriptWorld::~InjectedBundleScriptWorld):
(WebKit::InjectedBundleScriptWorld::coreWorld):
(WebKit::InjectedBundleScriptWorld::clearWrappers):

  • WebProcess/InjectedBundle/InjectedBundleScriptWorld.h:

(WebKit::InjectedBundleScriptWorld::name):
Add the name property and do some drive-by RefPtr -> Ref conversions.

  • WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::userContentControllers):
(WebKit::worldMap):
(WebKit::WebUserContentController::getOrCreate):
(WebKit::WebUserContentController::~WebUserContentController):
(WebKit::WebUserContentController::addUserContentWorlds):
(WebKit::WebUserContentController::removeUserContentWorld):
(WebKit::WebUserContentController::addUserScripts):
(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeAllUserScripts):
(WebKit::WebUserContentController::addUserStyleSheets):

  • WebProcess/UserContent/WebUserContentController.h:
  • WebProcess/UserContent/WebUserContentController.messages.in:

Track and use worlds passed from the UIProcess.

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/_WKUserContentWorld.mm: Added.

(-[SimpleDelegate webView:didFinishNavigation:]):
(-[UserContentWorldRemoteObject didObserveNormalWorld]):
(-[UserContentWorldRemoteObject didObserveWorldWithName:]):

  • TestWebKitAPI/Tests/WebKit2Cocoa/_WKUserContentWorldPlugIn.mm: Added.

(-[_WKUserContentWorldPlugIn webProcessPlugIn:didCreateBrowserContextController:]):
(-[_WKUserContentWorldPlugIn webProcessPlugInBrowserContextController:globalObjectIsAvailableForFrame:inScriptWorld:]):

  • TestWebKitAPI/Tests/WebKit2Cocoa/_WKUserContentWorldProtocol.h: Added.
9:36 AM Changeset in webkit [197171] by commit-queue@webkit.org
  • 6 edits in trunk/Source/WebCore

Remove libqcms support
https://bugs.webkit.org/show_bug.cgi?id=154707

Patch by Martin Robinson <mrobinson@igalia.com> on 2016-02-26
Reviewed by Žan Doberšek.

No new tests. This change simply removes dead code.

  • platform/image-decoders/ImageDecoder.h: Remove QCMS support.

(WebCore::ImageDecoder::qcmsOutputDeviceProfile): Deleted.

  • platform/image-decoders/jpeg/JPEGImageDecoder.cpp: Remove QCMS support.

(WebCore::JPEGImageReader::JPEGImageReader): Deleted.
(WebCore::JPEGImageReader::close): Deleted.
(WebCore::JPEGImageReader::decode): Deleted.
(WebCore::JPEGImageReader::colorTransform): Deleted.
(WebCore::JPEGImageReader::createColorTransform): Deleted.
(WebCore::JPEGImageDecoder::outputScanlines): Deleted.

  • platform/image-decoders/png/PNGImageDecoder.cpp: Remove QCMS support.

(WebCore::PNGImageReader::PNGImageReader): Deleted.
(WebCore::PNGImageReader::close): Deleted.
(WebCore::PNGImageReader::rowBuffer): Deleted.
(WebCore::PNGImageReader::createRowBuffer): Deleted.
(WebCore::PNGImageReader::colorTransform): Deleted.
(WebCore::PNGImageReader::createColorTransform): Deleted.
(WebCore::PNGImageDecoder::headerAvailable): Deleted.
(WebCore::PNGImageDecoder::rowAvailable): Deleted.
(WebCore::PNGImageDecoder::frameComplete): Deleted.

  • platform/image-decoders/webp/WEBPImageDecoder.cpp: Remove QCMS support.

(WebCore::WEBPImageDecoder::decode): Remove QCMS support.
(WebCore::WEBPImageDecoder::WEBPImageDecoder): Deleted.
(WebCore::WEBPImageDecoder::clear): Deleted.
(WebCore::WEBPImageDecoder::createColorTransform): Deleted.
(WebCore::WEBPImageDecoder::readColorProfile): Deleted.
(WebCore::WEBPImageDecoder::applyColorProfile): Deleted.

  • platform/image-decoders/webp/WEBPImageDecoder.h: Remove QCMS support.

(WebCore::WEBPImageDecoder::colorTransform): Deleted.

9:36 AM Changeset in webkit [197170] by Alan Bujtas
  • 8 edits in trunk/Source/WebCore

RenderTheme::controlSize* methods should take const RenderStyle&.
https://bugs.webkit.org/show_bug.cgi?id=154708

Reviewed by Darin Adler.

No change in functionality.

  • rendering/RenderTheme.h:

(WebCore::RenderTheme::minimumMenuListSize):
(WebCore::RenderTheme::popupInternalPaddingLeft):
(WebCore::RenderTheme::popupInternalPaddingRight):
(WebCore::RenderTheme::popupInternalPaddingTop):
(WebCore::RenderTheme::popupInternalPaddingBottom):

  • rendering/RenderThemeMac.h:
  • rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::controlSizeForFont):
(WebCore::RenderThemeMac::sizeForFont):
(WebCore::RenderThemeMac::sizeForSystemFont):
(WebCore::RenderThemeMac::controlSizeForSystemFont):
(WebCore::RenderThemeMac::minimumProgressBarHeight):
(WebCore::RenderThemeMac::popupInternalPaddingLeft):
(WebCore::RenderThemeMac::popupInternalPaddingRight):
(WebCore::RenderThemeMac::popupInternalPaddingTop):
(WebCore::RenderThemeMac::popupInternalPaddingBottom):
(WebCore::RenderThemeMac::minimumMenuListSize):

9:15 AM Changeset in webkit [197169] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Option-clicking on the a CSS property sometimes doesn't work
https://bugs.webkit.org/show_bug.cgi?id=154384
<rdar://problem/24714755>

Patch by Devin Rousso <Devin Rousso> on 2016-02-26
Reviewed by Timothy Hatcher.

It seems as though there were race conditions between CodeMirror's event
and the native mousemove such that if CodeMirror fired second, the current
candidate was cleared, and would not reset itself until the cursor was
moved, at which point the same issue could happen. To fix this, the current
candidate is no longer cleared by CodeMirror's event and is instead only
modified by the native mouse-events.

  • UserInterface/Controllers/CodeMirrorTokenTrackingController.js:

(WebInspector.CodeMirrorTokenTrackingController.prototype._hidePopover):

9:04 AM Changeset in webkit [197168] by akling@apple.com
  • 4 edits in trunk/Source

[Darwin] Use vm_kernel_page_size for WTF::pageSize().
<https://webkit.org/b/154726>

Reviewed by Antti Koivisto.

Source/WebKit2:

Use WTF::pageSize() for the SharedMemory page size.

  • Platform/mac/SharedMemoryMac.cpp:

(WebKit::SharedMemory::systemPageSize):

Source/WTF:

Make sure we use the right VM page size on Darwin systems.
On devices where the native page size is 4 KB, it's both
possible and profitable to madvise in smaller chunks.

  • wtf/PageBlock.cpp:

(WTF::systemPageSize):

9:00 AM Changeset in webkit [197167] by Alan Bujtas
  • 21 edits in trunk

REGRESSION (188611): Search field Cancel button should not overlap search text on extensions page.
https://bugs.webkit.org/show_bug.cgi?id=154692
<rdar://problem/22840453>

Reviewed by Brent Fulgham.

Adjust the cancel button position using the actual size of the cancel button.

When the input box and the font height trigger different cancel button sizes, we need to readjust
the rectangle returned by cancelButtonRectForBounds.
This fixes both the mispositioned cancel button and the squared off icon when the input field is zoomed all the way in.

Covered by existing tests.

Source/WebCore:

  • rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::paintSearchFieldCancelButton):
(WebCore::RenderThemeMac::cancelButtonSizes): Update button size.

LayoutTests:

  • fast/forms/search/search-padding-cancel-results-buttons-expected.txt:
  • platform/mac/fast/css/focus-ring-exists-for-search-field-expected.txt:
  • platform/mac/fast/css/text-input-with-webkit-border-radius-expected.txt:
  • platform/mac/fast/css/text-overflow-input-expected.txt:
  • platform/mac/fast/forms/box-shadow-override-expected.txt:
  • platform/mac/fast/forms/control-restrict-line-height-expected.txt:
  • platform/mac/fast/forms/input-appearance-height-expected.txt:
  • platform/mac/fast/forms/placeholder-position-expected.txt:
  • platform/mac/fast/forms/placeholder-pseudo-style-expected.txt:
  • platform/mac/fast/forms/search-cancel-button-style-sharing-expected.txt:
  • platform/mac/fast/forms/search-display-none-cancel-button-expected.txt:
  • platform/mac/fast/forms/search-rtl-expected.txt:
  • platform/mac/fast/forms/search-styled-expected.txt:
  • platform/mac/fast/forms/search-vertical-alignment-expected.txt:
  • platform/mac/fast/forms/search/search-size-with-decorations-expected.txt:
  • platform/mac/fast/forms/searchfield-heights-expected.txt:
  • platform/mac/fast/repaint/search-field-cancel-expected.txt:
  • platform/mac/fast/replaced/width100percent-searchfield-expected.txt:
8:47 AM Changeset in webkit [197166] by commit-queue@webkit.org
  • 4 edits in trunk/Source/WebKit

[cmake] Moved WebKit/Storage sources and include dir to CMakeLists.txt.
https://bugs.webkit.org/show_bug.cgi?id=154722

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-26
Reviewed by Darin Adler.

This code provides port-independent layer used by all WK1 ports,
so it belongs to main CMakeLists.txt, not Platform files.

  • CMakeLists.txt:
  • PlatformMac.cmake:
  • PlatformWin.cmake:
6:57 AM Changeset in webkit [197165] by Antti Koivisto
  • 16 edits
    2 adds in trunk

Implement ::slotted pseudo element
https://bugs.webkit.org/show_bug.cgi?id=149441
<rdar://problem/22731987>

Reviewed by Andreas Kling.

Source/WebCore:

Based on latest in https://github.com/w3c/webcomponents/issues/331

  • css/CSSGrammar.y.in:

Parse ::slotted.

  • css/CSSParser.cpp:

(WebCore::CSSParser::detectFunctionTypeToken):

  • css/CSSParserValues.cpp:

(WebCore::CSSParserSelector::parsePseudoElementCueFunctionSelector):
(WebCore::CSSParserSelector::parsePseudoElementSlottedFunctionSelector):

Tokenize ::slotted.

(WebCore::CSSParserSelector::parsePseudoClassAndCompatibilityElementSelector):

  • css/CSSParserValues.h:
  • css/CSSSelector.cpp:

(WebCore::CSSSelector::pseudoId):

  • css/CSSSelector.h:
  • css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::matchAuthorRules):
(WebCore::ElementRuleCollector::matchHostPseudoClassRules):
(WebCore::ElementRuleCollector::matchSlottedPseudoElementRules):

Match ::slotted selector.

(WebCore::ElementRuleCollector::collectSlottedPseudoElementRulesForSlot):

Collect ::slotted rules that may apply to an element in a slot.

(WebCore::ElementRuleCollector::matchUserRules):
(WebCore::ElementRuleCollector::matchUARules):
(WebCore::findSlottedPseudoElementSelector):
(WebCore::ElementRuleCollector::ruleMatches):

  • css/ElementRuleCollector.h:
  • css/RuleSet.cpp:

(WebCore::RuleSet::addRule):

Collect ::slotted rules.

(WebCore::RuleSet::shrinkToFit):

  • css/RuleSet.h:

(WebCore::RuleSet::hostPseudoClassRules):
(WebCore::RuleSet::slottedPseudoElementRules):
(WebCore::RuleSet::focusPseudoClassRules):
(WebCore::RuleSet::universalRules):

  • css/SelectorChecker.cpp:

(WebCore::SelectorChecker::checkOne):

  • style/StyleSharingResolver.cpp:

(WebCore::Style::SharingResolver::resolve):

Disable style sharing for children of shadow host. They may be affected by the shadow tree style
which is not considered in style sharing checks.

LayoutTests:

  • fast/shadow-dom/css-scoping-shadow-slotted-rule.html:

Enable the test, fix it and update it to the current spec.

  • fast/shadow-dom/slotted-pseudo-element-css-text-expected.txt: Added.
  • fast/shadow-dom/slotted-pseudo-element-css-text.html: Added.

Add parsing/cssText test based on a Blink test.
There are a few failures due to * not roundtripping and the parser being too lenient with pseudo elements.

  • platform/mac/TestExpectations:
3:49 AM Changeset in webkit [197164] by Yusuke Suzuki
  • 2 edits in trunk/Source/JavaScriptCore

[DFG] Drop unnecessary proved type branch in ToPrimitive
https://bugs.webkit.org/show_bug.cgi?id=154716

Reviewed by Geoffrey Garen.

This branching based on the proved types is unnecessary because this is already handled in constant folding phase.
In fact, the DFGSpeculativeJIT64.cpp case is already removed in r164243.
This patch removes the remaining JIT32_64 case.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

2:10 AM Changeset in webkit [197163] by youenn.fablet@crf.canon.fr
  • 3 edits in trunk/Tools

W3C test importer should have an option to clean the destination directory
https://bugs.webkit.org/show_bug.cgi?id=152685

Reviewed by Darin Adler.

Adding --clean-dest-dir option to W3C test importer.
When this option is set, all files in the destination directory will be deleted
except for WebKit specific files (test expectations, .gitignore...) before new tests import.
Dangling test expectations are removed after tests import.'

Adding unit test and minor refactoring for the other tests.

  • Scripts/webkitpy/w3c/test_importer.py:

(parse_args): Add '--clean-dest-dir' option.
(TestImporter.do_import):
(TestImporter._is_baseline): helper routine to capture -expected.txt files.
(TestImporter):
(TestImporter._should_not_keep_when_importing): helper routine to filter files that should not be cleaned before importing.
(TestImporter.clean_destination_directory):
(TestImporter.remove_dangling_expectations):

  • Scripts/webkitpy/w3c/test_importer_unittest.py:

(TestImporterTest._parse_options):
(TestImporterTest.test_import_dir_with_no_tests_and_no_hg):
(TestImporterTest.test_import_dir_with_no_tests):
(TestImporterTest.test_import_dir_with_empty_init_py):
(test_clean_directory_option):

12:55 AM Changeset in webkit [197162] by youenn.fablet@crf.canon.fr
  • 83 edits
    8 copies
    15 moves
    53 adds
    1 delete in trunk/LayoutTests

Sync web-platform-tests up to revision 5ca8b46
https://bugs.webkit.org/show_bug.cgi?id=154678

Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

  • resources/ImportExpectations: Unskipped some tests (already imported tests) and skipped new tests added to WPT repo.
  • resources/TestRepositories: Update revision to 5ca8b46.
  • resources/web-platform-tests-modules.json:
  • web-platform-tests/XMLHttpRequest/FormData-append-expected.txt:
  • web-platform-tests/XMLHttpRequest/FormData-append.html:
  • web-platform-tests/XMLHttpRequest/OWNERS: Added.
  • web-platform-tests/XMLHttpRequest/event-readystate-sync-open-expected.txt: Added.
  • web-platform-tests/XMLHttpRequest/event-readystate-sync-open.htm: Added.
  • web-platform-tests/XMLHttpRequest/formdata-delete-expected.txt: Added.
  • web-platform-tests/XMLHttpRequest/formdata-delete.htm: Added.
  • web-platform-tests/XMLHttpRequest/formdata-get-expected.txt: Added.
  • web-platform-tests/XMLHttpRequest/formdata-get.htm: Added.
  • web-platform-tests/XMLHttpRequest/formdata-has-expected.txt: Added.
  • web-platform-tests/XMLHttpRequest/formdata-has.htm: Added.
  • web-platform-tests/XMLHttpRequest/formdata-set-expected.txt: Added.
  • web-platform-tests/XMLHttpRequest/formdata-set.htm: Added.
  • web-platform-tests/XMLHttpRequest/interfaces-expected.txt:
  • web-platform-tests/XMLHttpRequest/open-method-responsetype-set-sync-expected.txt:
  • web-platform-tests/XMLHttpRequest/open-method-responsetype-set-sync.htm:
  • web-platform-tests/XMLHttpRequest/open-url-encoding-expected.txt:
  • web-platform-tests/XMLHttpRequest/open-url-encoding.htm:
  • web-platform-tests/XMLHttpRequest/responsexml-document-properties-expected.txt:
  • web-platform-tests/XMLHttpRequest/responsexml-document-properties.htm:
  • web-platform-tests/XMLHttpRequest/responsexml-get-twice-expected.txt: Added.
  • web-platform-tests/XMLHttpRequest/responsexml-get-twice.htm: Added.
  • web-platform-tests/XMLHttpRequest/send-entity-body-document-expected.txt:
  • web-platform-tests/XMLHttpRequest/w3c-import.log:
  • web-platform-tests/common/OWNERS: Added.
  • web-platform-tests/common/w3c-import.log:
  • web-platform-tests/dom/OWNERS: Added.
  • web-platform-tests/dom/interfaces-expected.txt:
  • web-platform-tests/dom/nodes/Document-createElement-namespace-tests/empty.html: Added.
  • web-platform-tests/dom/nodes/Document-createElement-namespace-tests/empty.svg: Added.
  • web-platform-tests/dom/nodes/Document-createElement-namespace-tests/empty.xhtml: Added.
  • web-platform-tests/dom/nodes/Document-createElement-namespace-tests/empty.xml: Added.
  • web-platform-tests/dom/nodes/Document-createEvent-expected.txt:
  • web-platform-tests/dom/nodes/Document-createEvent.html:
  • web-platform-tests/dom/nodes/MutationObserver-childList-expected.txt:
  • web-platform-tests/dom/nodes/Node-isEqualNode-expected.txt:
  • web-platform-tests/dom/w3c-import.log:
  • web-platform-tests/domparsing/DOMParser-parseFromString-html-expected.txt:
  • web-platform-tests/domparsing/OWNERS: Added.
  • web-platform-tests/domparsing/w3c-import.log:
  • web-platform-tests/fetch/OWNERS: Added.
  • web-platform-tests/fetch/api/headers/headers-combine-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/fetch/api/headers/headers-nameshake-expected.txt.
  • web-platform-tests/fetch/api/headers/headers-combine.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/fetch/api/headers/headers-nameshake.html.
  • web-platform-tests/fetch/api/headers/w3c-import.log: Copied from LayoutTests/imported/w3c/web-platform-tests/domparsing/w3c-import.log.
  • web-platform-tests/fetch/api/request/request-clone.sub.html:
  • web-platform-tests/fetch/api/request/request-consume.html:
  • web-platform-tests/fetch/api/request/request-error-expected.txt:
  • web-platform-tests/fetch/api/request/request-error.html:
  • web-platform-tests/fetch/api/request/request-idl-expected.txt:
  • web-platform-tests/fetch/api/request/request-init-001.sub-expected.txt:
  • web-platform-tests/fetch/api/request/request-init-001.sub.html:
  • web-platform-tests/fetch/api/request/request-init-003.sub.html:
  • web-platform-tests/fetch/api/request/w3c-import.log: Added.
  • web-platform-tests/fetch/api/resources/method.py:

(main):

  • web-platform-tests/fetch/api/resources/utils.js:

(checkRequest):
(readTextStream):

  • web-platform-tests/fetch/api/resources/w3c-import.log: Added.
  • web-platform-tests/fetch/api/response/response-clone.html:
  • web-platform-tests/fetch/api/response/response-consume.html:
  • web-platform-tests/fetch/api/response/response-error-expected.txt:
  • web-platform-tests/fetch/api/response/response-error.html:
  • web-platform-tests/fetch/api/response/response-idl-expected.txt:
  • web-platform-tests/fetch/api/response/response-idl.html:
  • web-platform-tests/fetch/api/response/response-init-002.html:
  • web-platform-tests/fetch/api/response/response-static-error.html:
  • web-platform-tests/fetch/api/response/response-static-redirect-expected.txt:
  • web-platform-tests/fetch/api/response/response-static-redirect.html:
  • web-platform-tests/fetch/api/response/w3c-import.log: Added.
  • web-platform-tests/fetch/w3c-import.log: Copied from LayoutTests/imported/w3c/web-platform-tests/service-workers/cache-storage/w3c-import.log.
  • web-platform-tests/html/OWNERS: Added.
  • web-platform-tests/html/dom/interfaces-expected.txt:
  • web-platform-tests/html/dom/interfaces.html:
  • web-platform-tests/html/dom/w3c-import.log:
  • web-platform-tests/html/semantics/document-metadata/the-base-element/base_multiple.html:
  • web-platform-tests/html/semantics/embedded-content/media-elements/historical-expected.txt:
  • web-platform-tests/html/semantics/embedded-content/media-elements/historical.html:
  • web-platform-tests/html/semantics/embedded-content/the-area-element/area-coords-expected.txt: Added.
  • web-platform-tests/html/semantics/embedded-content/the-area-element/area-coords.html: Added.
  • web-platform-tests/html/semantics/embedded-content/the-embed-element/embed-document-expected.txt: Added.
  • web-platform-tests/html/semantics/embedded-content/the-embed-element/embed-document.html: Added.
  • web-platform-tests/html/semantics/embedded-content/the-embed-element/embed-iframe-expected.txt: Added.
  • web-platform-tests/html/semantics/embedded-content/the-embed-element/embed-iframe.html: Added.
  • web-platform-tests/html/semantics/embedded-content/the-embed-element/w3c-import.log:
  • web-platform-tests/html/semantics/embedded-content/the-img-element/update-media-expected.txt: Added.
  • web-platform-tests/html/semantics/embedded-content/the-img-element/update-media.html: Added.
  • web-platform-tests/html/semantics/embedded-content/the-img-element/w3c-import.log:
  • web-platform-tests/html/semantics/forms/textfieldselection/w3c-import.log:
  • web-platform-tests/html/semantics/forms/the-input-element/checkbox.html:
  • web-platform-tests/html/semantics/forms/the-input-element/radio.html:
  • web-platform-tests/html/semantics/forms/the-input-element/type-change-state-expected.txt:
  • web-platform-tests/html/semantics/forms/the-input-element/type-change-state.html:
  • web-platform-tests/html/semantics/selectors/pseudo-classes/indeterminate-radio-expected.txt: Added.
  • web-platform-tests/html/semantics/selectors/pseudo-classes/indeterminate-radio.html: Added.
  • web-platform-tests/html/semantics/selectors/pseudo-classes/w3c-import.log:
  • web-platform-tests/html/w3c-import.log: Copied from LayoutTests/imported/w3c/web-platform-tests/service-workers/cache-storage/w3c-import.log.
  • web-platform-tests/images/OWNERS: Added.
  • web-platform-tests/images/w3c-import.log:
  • web-platform-tests/lint.whitelist:
  • web-platform-tests/media/OWNERS: Added.
  • web-platform-tests/media/w3c-import.log:
  • web-platform-tests/service-workers/OWNERS: Added.
  • web-platform-tests/service-workers/cache-storage/OWNERS: Added.
  • web-platform-tests/service-workers/cache-storage/resources/credentials-iframe.html: Added.
  • web-platform-tests/service-workers/cache-storage/resources/credentials-worker.js: Added.

(assert_equals):
(self.onfetch):
(self.onmessage):

  • web-platform-tests/service-workers/cache-storage/resources/test-helpers.js:

(response.new.Response):
(assert_response_equals):
(assert_response_array_equivalent):
(assert_response_array_equals):
(assert_response_in_array):

  • web-platform-tests/service-workers/cache-storage/resources/testharness-helpers.js:
  • web-platform-tests/service-workers/cache-storage/resources/w3c-import.log:
  • web-platform-tests/service-workers/cache-storage/script-tests/cache-add.js:

(cache_test):

  • web-platform-tests/service-workers/cache-storage/script-tests/cache-match.js:

(request.new.Request.entries.a.request.clone):
(return.cache.match.entries.non_2xx_response.request.url.then):
(return.cache.match.entries.error_response.request.url.then):
(return.cache.match.string_appeared_here.then): Deleted.
(return.cache.match.entries.a.request.url.then): Deleted.
(return.cache.match.entries.a.request.then): Deleted.
(return.cache.match.new.Request.entries.a.request.url.then): Deleted.
(then): Deleted.
(return.cache.match.entries.cat.request.url.string_appeared_here.then): Deleted.
(cache_test): Deleted.
(return.cache.match.request.then): Deleted.

  • web-platform-tests/service-workers/cache-storage/script-tests/cache-matchAll.js: Added.

(return.cache.matchAll.string_appeared_here.then):
(return.cache.matchAll.entries.a.request.url.then):
(return.cache.matchAll.entries.a.request.then):
(return.cache.matchAll.new.Request.entries.a.request.url.then):
(then):
(return.cache.matchAll.entries.cat.request.url.string_appeared_here.then):

  • web-platform-tests/service-workers/cache-storage/script-tests/cache-put.js:

(cache_test):

  • web-platform-tests/service-workers/cache-storage/script-tests/cache-storage.js:

(promise_test):

  • web-platform-tests/service-workers/cache-storage/script-tests/w3c-import.log:
  • web-platform-tests/service-workers/cache-storage/serviceworker/cache-match.https.html:
  • web-platform-tests/service-workers/cache-storage/serviceworker/cache-matchAll.https.html: Copied from LayoutTests/imported/w3c/web-platform-tests/service-workers/cache-storage/serviceworker/cache-match.https.html.
  • web-platform-tests/service-workers/cache-storage/serviceworker/credentials.html: Added.
  • web-platform-tests/service-workers/cache-storage/serviceworker/w3c-import.log:
  • web-platform-tests/service-workers/cache-storage/w3c-import.log:
  • web-platform-tests/service-workers/cache-storage/window/cache-match.https.html:
  • web-platform-tests/service-workers/cache-storage/window/cache-matchAll.https.html: Copied from LayoutTests/imported/w3c/web-platform-tests/service-workers/cache-storage/window/cache-match.https.html.
  • web-platform-tests/service-workers/cache-storage/window/w3c-import.log:
  • web-platform-tests/service-workers/cache-storage/worker/cache-match.https.html:
  • web-platform-tests/service-workers/cache-storage/worker/cache-matchAll.https.html: Copied from LayoutTests/imported/w3c/web-platform-tests/service-workers/cache-storage/worker/cache-match.https.html.
  • web-platform-tests/service-workers/cache-storage/worker/w3c-import.log:
  • web-platform-tests/service-workers/w3c-import.log:
  • web-platform-tests/streams/README.txt: Removed.
  • web-platform-tests/streams/byte-length-queuing-strategy.https-expected.txt: Added.
  • web-platform-tests/streams/byte-length-queuing-strategy.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/byte-length-queuing-strategy.html.
  • web-platform-tests/streams/byte-length-queuing-strategy.js:

(test):

  • web-platform-tests/streams/count-queuing-strategy.https-expected.txt: Added.
  • web-platform-tests/streams/count-queuing-strategy.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/count-queuing-strategy.html.
  • web-platform-tests/streams/count-queuing-strategy.js:

(test):

  • web-platform-tests/streams/readable-streams/bad-strategies.https-expected.txt: Added.
  • web-platform-tests/streams/readable-streams/bad-strategies.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/readable-streams/bad-strategies.html.
  • web-platform-tests/streams/readable-streams/bad-strategies.js:

(get string_appeared_here):
(test):
(promise_test):

  • web-platform-tests/streams/readable-streams/bad-underlying-sources.https-expected.txt: Added.
  • web-platform-tests/streams/readable-streams/bad-underlying-sources.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/readable-streams/bad-underlying-sources.html.
  • web-platform-tests/streams/readable-streams/brand-checks.https-expected.txt: Added.
  • web-platform-tests/streams/readable-streams/brand-checks.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/readable-streams/brand-checks.html.
  • web-platform-tests/streams/readable-streams/cancel.https-expected.txt: Added.
  • web-platform-tests/streams/readable-streams/cancel.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/readable-streams/cancel.html.
  • web-platform-tests/streams/readable-streams/count-queuing-strategy-integration.https-expected.txt: Added.
  • web-platform-tests/streams/readable-streams/count-queuing-strategy-integration.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/readable-streams/count-queuing-strategy-integration.html.
  • web-platform-tests/streams/readable-streams/garbage-collection.https-expected.txt: Added.
  • web-platform-tests/streams/readable-streams/garbage-collection.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/readable-streams/garbage-collection.html.
  • web-platform-tests/streams/readable-streams/general.https-expected.txt: Added.
  • web-platform-tests/streams/readable-streams/general.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/readable-streams/general.html.
  • web-platform-tests/streams/readable-streams/general.js:

(test):
(promise_test):

  • web-platform-tests/streams/readable-streams/pipe-through.https-expected.txt: Added.
  • web-platform-tests/streams/readable-streams/pipe-through.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/readable-streams/pipe-through.html.
  • web-platform-tests/streams/readable-streams/readable-stream-reader.https-expected.txt: Added.
  • web-platform-tests/streams/readable-streams/readable-stream-reader.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/readable-streams/readable-stream-reader.html.
  • web-platform-tests/streams/readable-streams/readable-stream-reader.js:

(test):

  • web-platform-tests/streams/readable-streams/tee.https-expected.txt: Added.
  • web-platform-tests/streams/readable-streams/tee.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/readable-streams/tee.html.
  • web-platform-tests/streams/readable-streams/templated.https-expected.txt: Added.
  • web-platform-tests/streams/readable-streams/templated.https.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams/readable-streams/templated.html.
  • web-platform-tests/streams/readable-streams/w3c-import.log: Added.
  • web-platform-tests/streams/resources/w3c-import.log: Copied from LayoutTests/imported/w3c/web-platform-tests/domparsing/w3c-import.log.
  • web-platform-tests/streams/w3c-import.log: Copied from LayoutTests/imported/w3c/web-platform-tests/service-workers/cache-storage/w3c-import.log.

LayoutTests:

  • platform/mac/TestExpectations: Renaming test filenames, and adding test expectation to area-coords.html.

Feb 25, 2016:

10:45 PM Changeset in webkit [197161] by ryuan.choi@navercorp.com
  • 16 edits
    2 moves
    8 deletes in trunk/Source/WebKit2

[EFL] Remove WebUIPopupMenuClient
https://bugs.webkit.org/show_bug.cgi?id=154717

Reviewed by Gyuyoung Kim.

WebUIPopupMenuClient is only for EFL to expose WebPopupMenuProxy and WebPopupItem to WK C APIs.
This patch removes it and related code.

  • PlatformEfl.cmake: Removed WKPopupItem related files from source list.
  • UIProcess/API/C/efl/WKAPICastEfl.h: Removed WKPopupMenu related code.
  • UIProcess/API/C/efl/WKPageEfl.cpp: Removed.
  • UIProcess/API/C/efl/WKPageEfl.h: Removed.
  • UIProcess/API/C/efl/WKPopupItem.cpp: Removed.
  • UIProcess/API/C/efl/WKPopupItem.h: Removed.
  • UIProcess/API/C/efl/WKPopupMenuListener.cpp: Removed.
  • UIProcess/API/C/efl/WKPopupMenuListener.h: Removed.
  • UIProcess/API/efl/EwkView.cpp:

(EwkView::requestPopupMenu):

  • UIProcess/API/efl/EwkView.h:
  • UIProcess/API/efl/ewk_popup_menu.cpp:

(EwkPopupMenu::EwkPopupMenu):
(EwkPopupMenu::close):
(EwkPopupMenu::setSelectedIndex):

  • UIProcess/API/efl/ewk_popup_menu_item.cpp: Used WebPopupItem and others instead of WK C APIs.
  • UIProcess/API/efl/ewk_popup_menu_item_private.h: Ditto.
  • UIProcess/API/efl/ewk_popup_menu_private.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::close): Removed unnecessary EFL guards.
(WebKit::WebPageProxy::showPopupMenu): Ditto.
(WebKit::WebPageProxy::hidePopupMenu): Ditto.

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPopupMenuProxy.h:
  • UIProcess/efl/PageUIClientEfl.cpp: Removed WKPopupMenuListener related code.

(WebKit::PageUIClientEfl::PageUIClientEfl): Deleted.
(WebKit::PageUIClientEfl::showPopupMenu): Deleted.
(WebKit::PageUIClientEfl::hidePopupMenu): Deleted.

  • UIProcess/efl/PageUIClientEfl.h:
  • UIProcess/efl/WebPageProxyEfl.cpp:

(WebKit::WebPageProxy::initializeUIPopupMenuClient): Deleted.

  • UIProcess/efl/WebPopupMenuListenerEfl.cpp:

(WebKit::WebPopupMenuListenerEfl::WebPopupMenuListenerEfl): Deleted.
(WebKit::WebPopupMenuListenerEfl::valueChanged): Deleted.

  • UIProcess/efl/WebPopupMenuListenerEfl.h:

(WebKit::WebPopupMenuListenerEfl::create): Deleted.

  • UIProcess/efl/WebPopupMenuProxyEfl.cpp: Used WebPopupItem and others instead of WK C APIs.
  • UIProcess/efl/WebPopupMenuProxyEfl.h: Ditto.

(WebKit::WebPopupMenuProxyEfl::create):

  • UIProcess/efl/WebUIPopupMenuClient.cpp: Removed.
  • UIProcess/efl/WebUIPopupMenuClient.h: Removed.
  • UIProcess/efl/WebView.cpp:

(WebKit::WebView::createPopupMenuProxy): Used WebPopupItem and others instead of WK C APIs.

10:38 PM Changeset in webkit [197160] by mmaxfield@apple.com
  • 12 edits in trunk

Font size computed style is innaccurate
https://bugs.webkit.org/show_bug.cgi?id=154705
<rdar://problem/23474068>

Reviewed by Timothy Hatcher.

Source/WebCore:

Safari rounds the font size value reported to getComputedStyle(). Neither Firefox
nor Chrome do this.

Covered by existing tests.

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::getFontSizeCSSValuePreferringKeyword):
(WebCore::fontSizeFromStyle):

LayoutTests:

Update expected results.

  • css3/calc/font-size-fractional-expected.txt:
  • css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size.html:
  • css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size-expected.txt:
  • editing/mac/attributed-string/font-size-expected.txt:
  • editing/mac/attributed-string/vertical-align-expected.txt:
  • platform/mac-mavericks/editing/mac/attributed-string/font-size-expected.txt:
  • platform/mac-mavericks/editing/mac/attributed-string/vertical-align-expected.txt:
  • platform/mac-yosemite/editing/mac/attributed-string/font-size-expected.txt:
  • platform/mac-yosemite/editing/mac/attributed-string/vertical-align-expected.txt:
9:59 PM Changeset in webkit [197159] by commit-queue@webkit.org
  • 8 edits in trunk/Source/JavaScriptCore

[JSC] Be aggressive with OSR Entry to FTL if the DFG function was only used for OSR Entry itself
https://bugs.webkit.org/show_bug.cgi?id=154575

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-25
Reviewed by Filip Pizlo.

I noticed that imaging-gaussian-blur spends most of its
samples in DFG code despite executing most of the loop
iterations in FTL.

On this particular test, the main function is only entered
once and have a very heavy loop there. What happens is DFG
starts by compiling the full function in FTL. That takes about
8 to 10 milliseconds during which the DFG code makes very little
progress. The calls to triggerOSREntryNow() try to OSR Enter
for a while then finally start compiling something. By the time
the function is ready, we have wasted a lot of time in DFG code.

What this patch does is set a flag when a DFG function is entered.
If we try to triggerOSREntryNow() and the flag was never set,
we start compiling both the full function and the one for OSR Entry.

  • dfg/DFGJITCode.h:
  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compileEntryExecutionFlag):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):

  • dfg/DFGJITCompiler.h:
  • dfg/DFGOperations.cpp:
  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::Plan): Deleted.

  • dfg/DFGPlan.h:
  • dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::TierUpCheckInjectionPhase::run):

9:20 PM Changeset in webkit [197158] by mmaxfield@apple.com
  • 4 edits in trunk

REGRESSION(r195795): [WK2] fast/text/crash-complex-text-surrogate.html is flakey
https://bugs.webkit.org/show_bug.cgi?id=154709
<rdar://problem/24483596>

Reviewed by Dan Bernstein.

Tools:

Force auto-activation rules to a consistent state.

  • WebKitTestRunner/InjectedBundle/mac/InjectedBundleMac.mm:

(WTR::InjectedBundle::platformInitialize):

LayoutTests:

  • platform/mac-wk2/TestExpectations:
9:01 PM Changeset in webkit [197157] by akling@apple.com
  • 2 edits in trunk/Source/WebKit2

[iOS] Enable PageCache backing store clearing optimization for WebKit2.
<https://webkit.org/b/154712>

Reviewed by Anders Carlsson.

We had an optimization for iOS where we'd tear down the compositing tree for
pages in the page cache, to save memory, but we were only enabling it when
instantiating a WebKit1 web view.

This patch enables the optimization for WebKit2 as well.

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::WebProcess):

8:39 PM WebKitIDL edited by Chris Dumez
Drop [TreatUndefinedAs=X] (diff)
8:36 PM Changeset in webkit [197156] by Chris Dumez
  • 29 edits
    9 adds in trunk

[Web IDL] Mark DOMString parameters as nullable when they should be
https://bugs.webkit.org/show_bug.cgi?id=154666

Reviewed by Darin Adler.

Source/WebCore:

Mark DOMString parameters as nullable when they should be. We previously
emulated nullable DOMString attributes by using:
[TreatNullAs=NullString, TreatUndefinedAs=NullString]
However, this was non-standard and very verbose. Also, developers would
sometimes forget the [TreatUndefinedAs=NullString] part and the behavior
would end up being wrong for undefined.

After this clean up, the non-standard [TreatUndefinedAs=NullString] is
no longer used so this patch drops support for it. Only
[TreatNullAs=NullString] remains and this one will be renamed to
[TreatNullAs=EmptyString] via Bug 154654 to match Web IDL standard.

Tests: fast/dom/Element/getElementsByTagNameNS-nullable.html

fast/dom/Node/nullable-parameters.html
fast/events/storageevent-initStorageEvent-nullable.html

  • Modules/mediastream/RTCPeerConnection.idl:

Drop [TreatUndefinedAs=NullString] from createDataChannel()'s first
parameter instead of marking it as nullable. This matches the
specification:

This means there is a slight behavior change when undefined is passed, it
now becomes the string "undefined" instead of a null String.

  • bindings/scripts/CodeGeneratorJS.pm:

(JSValueToNative):
Drop handling of [TreatUndefinedAs=] as it is no longer used.

  • bindings/scripts/IDLAttributes.txt:

Drop support for [TreatUndefinedAs=] as it is no longer used.

  • bindings/scripts/test/TestObj.idl:
  • dom/DOMImplementation.idl:

Make a few parameters nullable and drop [TreatNullAs=NullString,
TreatUndefinedAs=NullString]. There is no web-exposed behavior
change.

  • dom/Document.idl:
  • Make a few parameters nullable and drop [TreatNullAs=NullString, TreatUndefinedAs=NullString]. There is no web-exposed behavior change from this.
  • Drop these attributes from ObjC-specific bindings as they only matter to JS bindings.
  • The namespaceURI parameter to getElementsByTagNameNS() is now marked as nullable even though it only treated null as a null String, not undefined. This was a bug and did not match the specification: https://dom.spec.whatwg.org/#document
  • dom/Element.idl:
  • Make a few parameters nullable and drop [TreatNullAs=NullString, TreatUndefinedAs=NullString]. There is no web-exposed behavior change from this.
  • Drop these attributes from ObjC-specific bindings as they only matter to JS bindings.
  • The namespaceURI parameter to getElementsByTagNameNS() is now marked as nullable even though it only treated null as a null String, not undefined. This was a bug and did not match the specification: https://dom.spec.whatwg.org/#interface-element
  • dom/NamedNodeMap.idl:

Make a few parameters nullable and drop [TreatNullAs=NullString,
TreatUndefinedAs=NullString]. There is no web-exposed behavior
change from this.

  • dom/Node.idl:
  • Drop these attributes from isSupported() as this is not exposed to JS (only native bindings) and these attributes only matter to JS bindings.
  • Make the first parameter to lookupPrefix() / isDefaultNamespace() and lookupNamespaceURI() nullable. Previously, we treated null as a null string but not undefined. There is therefore a slight behavior change but this matches the specification: https://dom.spec.whatwg.org/#node
  • fileapi/Blob.idl:
  • html/HTMLButtonElement.idl:
  • html/HTMLCanvasElement.idl:
  • html/HTMLFieldSetElement.idl:
  • html/HTMLInputElement.idl:
  • html/HTMLKeygenElement.idl:
  • html/HTMLMediaElement.idl:
  • html/HTMLObjectElement.idl:
  • html/HTMLOutputElement.idl:
  • html/HTMLSelectElement.idl:
  • html/HTMLTextAreaElement.idl:
  • page/DOMWindow.idl:

Make a few parameters nullable and drop [TreatNullAs=NullString,
TreatUndefinedAs=NullString]. There is no web-exposed behavior
change from this.

  • storage/StorageEvent.idl:

Mark oldValueArg / newValueArg parameters to initStorageEvent()
as nullable. Previously, we only treated null as a null string,
not undefined. This is therefore a slight behavior change but
it matches the specification:
https://www.w3.org/TR/webstorage/#storageeventinit

LayoutTests:

Add test coverage for minor behavioral changes in this patch.

  • fast/dom/Element/getElementsByTagNameNS-nullable-expected.txt: Added.
  • fast/dom/Element/getElementsByTagNameNS-nullable.html: Added.
  • fast/dom/Node/nullable-parameters-expected.txt: Added.
  • fast/dom/Node/nullable-parameters.html: Added.
  • fast/dom/Node/resources/testdoc.xml: Added.
  • fast/dom/Node/resources/testdoc2.xml: Added.
  • fast/events/storageevent-initStorageEvent-nullable-expected.txt: Added.
  • fast/events/storageevent-initStorageEvent-nullable.html: Added.
7:15 PM WebKitGTK/StableRelease edited by clopez@igalia.com
(diff)
7:09 PM WebKitGTK/StableRelease edited by clopez@igalia.com
(diff)
6:04 PM Changeset in webkit [197155] by benjamin@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[JSC] Temporal Dead Zone checks on "this" are eliminated when doing OSR Entry to FTL
https://bugs.webkit.org/show_bug.cgi?id=154664

Reviewed by Saam Barati.

When doing OSR Enter into a constructor, we lose the information
that this may have been set to empty by a previously executed block.

All the code just assumed the type for a FlushedJS value and thus
not an empty value. It was then okay to eliminate the TDZ checks.

In this patch, the values on root entry now assume they may be empty.
As a result, the SetArgument() for "this" has "empty" as possible
type and the TDZ checks are no longer eliminated.

  • dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::initialize):

6:04 PM Changeset in webkit [197154] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION (r196744): NetworkExtension.framework and NEFilterSource class are not available on Recovery partition
<http://webkit.org/b/154703>

Reviewed by Andy Estes.

  • platform/cocoa/NetworkExtensionContentFilter.mm: Make

soft-linking of NetworkExtension.framework and NEFilterSource
class optional since they are not available on the Recovery
partition. Note that NetworkExtensionContentFilter::enabled()
does not need to change since it already had the correct
behavior when getNEFilterSourceClass() returned nullptr.

6:03 PM Changeset in webkit [197153] by adachan@apple.com
  • 8 edits in trunk/Source

Update the definition of ENABLE_VIDEO_PRESENTATION_MODE for Mac platform
https://bugs.webkit.org/show_bug.cgi?id=154702

Reviewed by Dan Bernstein.

  • Configurations/FeatureDefines.xcconfig:# Please enter the commit message for your changes. Lines starting
5:56 PM Changeset in webkit [197152] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skipping flaky test storage/indexeddb/intversion-open-in-upgradeneeded.html on mac-wk2
https://bugs.webkit.org/show_bug.cgi?id=154706

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
5:33 PM Changeset in webkit [197151] by jiewen_tan@apple.com
  • 2 edits in trunk/Tools

Unreivewed build fix for r197150.

  • TestWebKitAPI/Tests/mac/IsNavigationActionTrusted.mm:
5:22 PM Changeset in webkit [197150] by jiewen_tan@apple.com
  • 6 edits
    2 adds in trunk

Restrict information passed with navigation action which is triggered by untrusted event
https://bugs.webkit.org/show_bug.cgi?id=154571
<rdar://problem/15967937>

Reviewed by Andy Estes.

Source/WebKit/mac:

  • WebCoreSupport/WebFrameLoaderClient.mm:

(WebFrameLoaderClient::actionDictionary):

Source/WebKit2:

When navigation action is triggered by an untrusted event, we should be more restricted of
what information should be passed to the clients to lower the risk that clients could
be fooled by the untrusted event.

In this patch, we drop the modifiers for key state events and set the mouse button to NoButton
for mouse events.

  • WebProcess/InjectedBundle/InjectedBundleNavigationAction.cpp:

(WebKit::InjectedBundleNavigationAction::modifiersForNavigationAction):

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/mac/IsNavigationActionTrusted.mm: Added.

(-[WKNavigationActionDelegate webView:decidePolicyForNavigationAction:decisionHandler:]):
(TestWebKitAPI::TEST):
(-[NavigationActionDelegate webView:decidePolicyForNavigationAction:request:frame:decisionListener:]):

  • TestWebKitAPI/Tests/mac/IsNavigationActionTrusted.html: Added.
5:00 PM Changeset in webkit [197149] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebCore

Change ASSERT to RELEASE_ASSERT in SOFT_LINK_CLASS() macro

Follow-up fix noted by Andy Estes for:

[Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
<http://webkit.org/b/154364>

  • platform/mac/SoftLinking.h:

(SOFT_LINK_CLASS): Change ASSERT to RELEASE_ASSERT to check the
return value of objc_getClass(). This matches what we do for
SOFT_LINK_CLASS_FOR_SOURCE().

4:58 PM Changeset in webkit [197148] by dbates@webkit.org
  • 2 edits in trunk/LayoutTests

[iOS Simulator] http/tests/security/contentSecurityPolicy/1.1/plugintypes tests failing
https://bugs.webkit.org/show_bug.cgi?id=154652

Skip Content Security Policy plugin-types tests when run in the iOS simulator app because
plugins are not supported on iOS.

  • platform/ios-simulator/TestExpectations:
4:54 PM Changeset in webkit [197147] by barraclough@apple.com
  • 2 edits in trunk/Source/WTF

Replace RefCounter::Token implementation with RefPtr
https://bugs.webkit.org/show_bug.cgi?id=154698

Reviewed by Anders Carlsson.

  • wtf/RefCounter.h:

(WTF::RefCounter::RefCounter):
(WTF::RefCounter::count):
(WTF::RefCounter::value):
(WTF::RefCounter<T>::~RefCounter):
(WTF::RefCounter::Token::Token): Deleted.
(WTF::RefCounter::Token::operator bool): Deleted.
(WTF::RefCounter<T>::Token::Token): Deleted.
(WTF::=): Deleted.

  • Delete.
4:45 PM Changeset in webkit [197146] by barraclough@apple.com
  • 2 edits in trunk/Source/WTF

Should template RefCounter instead of RefCounter::Token
https://bugs.webkit.org/show_bug.cgi?id=154691

Speculative windows build fix.

  • wtf/RefCounter.h:

(WTF::RefCounter::RefCounter):
(WTF::RefCounter::count):

4:33 PM Changeset in webkit [197145] by mmaxfield@apple.com
  • 71 edits
    1 add in trunk

[Win] [SVG -> OTF Converter] Support the SVG -> OTF Font Converter
https://bugs.webkit.org/show_bug.cgi?id=143402

Reviewed by Alex Christensen.

.:

Turn on by default, and turn on for Windows.

EFL and GTK already explicitly disable it in OptionsEfl.cmake and OptionsGTK.cmake.

  • Source/cmake/OptionsWin.cmake:
  • Source/cmake/WebKitFeatures.cmake:

LayoutTests:

Rebaseline many tests.

There are some known bugs (which are marked in platform/win/TestExpecations):
webkit.org/b/137204 The SVG -> OTF Font converter outputs 'kern' tables instead of 'GPOS' tables
webkit.org/b/154690 SVG Fonts don't draw multibyte characters
webkit.org/b/137096 The SVG -> OTF Font Converter does not work with SVG's "altglyph" facility
webkit.org/b/137093 Same thing with the "lang" attribute

  • platform/win/svg/W3C-SVG-1.1/fonts-desc-02-t-expected.txt: Added.
  • platform/win/svg/W3C-SVG-1.1/text-text-06-t-expected.txt: Added.
  • platform/win/TestExpectations:
  • platform/win/svg/W3C-SVG-1.1-SE/color-prop-05-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/coords-dom-01-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/coords-dom-02-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/coords-dom-03-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/coords-dom-04-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/coords-units-03-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/filters-felem-01-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/filters-image-03-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/interact-pointer-03-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/painting-marker-07-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/paths-dom-02-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/pservers-grad-17-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/pservers-grad-20-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/pservers-pattern-03-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/pservers-pattern-04-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/struct-use-14-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/styling-css-04-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/styling-pres-02-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/svgdom-over-01-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/text-tref-03-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/text-tspan-02-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/types-dom-02-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/types-dom-03-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/types-dom-04-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/types-dom-05-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/types-dom-06-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1-SE/types-dom-07-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/animate-elem-03-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/animate-elem-24-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/animate-elem-36-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/animate-elem-40-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/filters-light-04-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/filters-turb-02-f-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/fonts-elem-01-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/fonts-elem-02-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/fonts-elem-03-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/fonts-elem-04-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/fonts-elem-05-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/fonts-elem-06-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/fonts-elem-07-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/masking-mask-01-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/pservers-grad-08-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/render-elems-06-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/render-elems-07-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/render-elems-08-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/render-groups-01-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/render-groups-03-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/text-fonts-03-t-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/text-intro-02-b-expected.txt:
  • platform/win/svg/W3C-SVG-1.1/text-intro-03-b-expected.txt:
  • platform/win/svg/batik/text/textEffect-expected.txt:
  • platform/win/svg/batik/text/textEffect3-expected.txt:
  • platform/win/svg/custom/glyph-selection-arabic-forms-expected.txt:
  • platform/win/svg/custom/svg-fonts-in-html-expected.txt:
  • platform/win/svg/custom/svg-fonts-with-no-element-reference-expected.txt: Added.
  • platform/win/svg/custom/svg-fonts-word-spacing-expected.txt:
  • platform/win/svg/foreignObject/text-tref-02-b-expected.txt:
  • platform/win/svg/hixie/intrinsic/003-expected.txt:
  • platform/win/svg/text/text-overflow-ellipsis-svgfont-kerning-ligatures-expected.txt:
  • platform/win/svg/text/text-text-04-t-expected.txt:
  • platform/win/svg/text/text-text-05-t-expected.txt:
  • platform/win/svg/text/text-text-06-t-expected.txt:
  • platform/win/svg/wicd/test-rightsizing-b-expected.txt:
  • platform/win/svg/zoom/page/zoom-svg-through-object-with-absolute-size-2-expected.txt:
  • platform/win/svg/zoom/page/zoom-svg-through-object-with-absolute-size-expected.txt:
4:15 PM Changeset in webkit [197144] by sbarati@apple.com
  • 7 edits in trunk/Source/JavaScriptCore

[ES6] for...in iteration doesn't comply with the specification
https://bugs.webkit.org/show_bug.cgi?id=154665

Reviewed by Michael Saboff.

If you read ForIn/OfHeadEvaluation inside the spec:
https://tc39.github.io/ecma262/#sec-runtime-semantics-forin-div-ofheadevaluation-tdznames-expr-iterationkind
It calls EnumerateObjectProperties(obj) to get a set of properties
to enumerate over (it models this "set" as en ES6 generator function).
EnumerateObjectProperties is defined in section 13.7.5.15:
https://tc39.github.io/ecma262/#sec-enumerate-object-properties
The implementation calls Reflect.getOwnPropertyDescriptor(.) on the
properties it sees. We must do the same by modeling the operation as
a GetOwnProperty? instead of a HasProperty? internal method call.

  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/JSObject.cpp:

(JSC::JSObject::hasProperty):
(JSC::JSObject::hasPropertyGeneric):

  • runtime/JSObject.h:
  • tests/stress/proxy-get-own-property.js:

(assert):
(let.handler.getOwnPropertyDescriptor):
(i.set assert):

3:59 PM Changeset in webkit [197143] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WTF

Unreviewed, rolling out r197137.
https://bugs.webkit.org/show_bug.cgi?id=154700

broke windows build (Requested by alexchristensen on #webkit).

Reverted changeset:

"Replace RefCounter::Token implementation with RefPtr"
https://bugs.webkit.org/show_bug.cgi?id=154698
http://trac.webkit.org/changeset/197137

3:52 PM Changeset in webkit [197142] by dbates@webkit.org
  • 14 edits
    34 deletes in trunk

CSP: Remove SecurityPolicy script interface
https://bugs.webkit.org/show_bug.cgi?id=154694
<rdar://problem/24846482>

Reviewed by Andy Estes.

Source/WebCore:

Remove the Content Security Policy script interface, SecurityPolicy. This interface was only
enabled when building with ENABLE(CSP_NEXT) (disabled by default).

For completeness, the SecurityPolicy interface was removed from the Content Security Policy 1.1 spec.
in <https://github.com/w3c/webappsec/commit/18882953ce2d8afca25f685557fef0e0471b2c9a> (12/26/2013).

  • CMakeLists.txt: Remove files to DOMSecurityPolicy.{cpp, idl}.
  • DerivedSources.cpp: Remove file JSDOMSecurityPolicy.cpp.
  • DerivedSources.make: Remove file DOMSecurityPolicy.idl.
  • PlatformGTK.cmake: Ditto.
  • PlatformMac.cmake: Ditto.
  • WebCore.xcodeproj/project.pbxproj: Remove files DOMSecurityPolicy files.
  • bindings/scripts/CodeGeneratorGObject.pm: Remove reference to DOMSecurityPolicy.
  • dom/Document.cpp:

(WebCore::Document::securityPolicy): Deleted.

  • dom/Document.h:
  • dom/Document.idl: Remove attribute securityPolicy.
  • page/DOMSecurityPolicy.cpp: Removed.
  • page/DOMSecurityPolicy.h: Removed.
  • page/DOMSecurityPolicy.idl: Removed.

LayoutTests:

Remove SecurityPolicy tests and update platform-specific expected results as needed.

  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html: Removed.
  • http/tests/security/contentSecurityPolicy/resources/securitypolicy-tests-base.js: Removed.
  • platform/gtk/js/dom/global-constructors-attributes-expected.txt: Update expected result as needed.
  • platform/win/js/dom/global-constructors-attributes-expected.txt: Ditto.
3:24 PM Changeset in webkit [197141] by akling@apple.com
  • 2 edits in trunk/Source/WebCore

Don't clear the weak JSString cache on memory pressure.
<https://webkit.org/b/154693>

Reviewed by Antti Koivisto.

This was stupid. The cache is a WeakGCMap, so all the JSStrings pointed to are
still alive anyway. This way we keep the ability to deduplicate common strings.

  • platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::releaseNoncriticalMemory): Deleted.

3:24 PM Changeset in webkit [197140] by bshafiei@apple.com
  • 5 edits in tags/Safari-602.1.19.2/Source

Versioning.

3:24 PM Changeset in webkit [197139] by Chris Dumez
  • 9 edits
    2 adds in trunk

Drop [TreatReturnedNullStringAs=Undefined] WebKit-specific IDL attribute
https://bugs.webkit.org/show_bug.cgi?id=154662

Reviewed by Darin Adler.

Source/WebCore:

Drop [TreatReturnedNullStringAs=Undefined] WebKit-specific IDL attribute.
This has no standard equivalent and all uses in WebKit are either useless
or wrong.

Test: fast/frames/detached-frame-document-defaultCharset.html

  • bindings/scripts/CodeGeneratorJS.pm:

(NativeToJSValue): Deleted.

  • bindings/scripts/IDLAttributes.txt:

Drop support for [TreatReturnedNullStringAs=X] entirely.

  • dom/Document.cpp:

(WebCore::Document::defaultCharset):
Fall back to return "UTF-8" instead of the null string, similarly to
what is done in for Document.characterSet. Note that this attribute
is non-standard and is an IE extension. Firefox never supported it
and Chrome dropped it last year.

  • dom/Document.idl:
  • Drop extended attribute for Document.defaultCharset as the implementation has been updated to never return a null String.
  • Drop extended attribute for Document.readyState. It was useless because the implementation could never return a null String.
  • xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::getAllResponseHeaders):
Update implementation to return emptyString() instead of "" in case
of error.

  • xml/XMLHttpRequest.idl:

Drop extended attribute from XMLHttpRequest.getAllResponseHeaders().
It was useless because the implementation could never return a
null String.

  • xml/XSLTProcessor.idl:

Drop extended attribute from XSLTProcessor.getParameter(). The
operation is already marked as [Custom] so the extended attribute
had no effect.

LayoutTests:

Add layout test to cover the return value of document.defaultCharset before
and after its frame is detached.

  • fast/frames/detached-frame-document-defaultCharset-expected.txt: Added.
  • fast/frames/detached-frame-document-defaultCharset.html: Added.
3:14 PM WebKitIDL edited by Chris Dumez
[TreatReturnedNullStringAs=X] was dropped (diff)
3:12 PM Changeset in webkit [197138] by beidson@apple.com
  • 4 edits
    1 delete in trunk/LayoutTests

Unreviewed test gardening.

Fix a test flake where order doesn't matter.

  • platform/wk2/storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange-expected.txt: Removed.
  • storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange-expected.txt:
  • storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange-private-expected.txt:
  • storage/indexeddb/resources/deletedatabase-delayed-by-open-and-versionchange.js:

(prepareDatabase.request.onblocked):
(onOpenSuccess):

3:10 PM Changeset in webkit [197137] by barraclough@apple.com
  • 2 edits in trunk/Source/WTF

Replace RefCounter::Token implementation with RefPtr
https://bugs.webkit.org/show_bug.cgi?id=154698

Reviewed by Anders Carlsson.

  • wtf/RefCounter.h:

(WTF::RefCounter::RefCounter):
(WTF::RefCounter::count):
(WTF::RefCounter::value):
(WTF::RefCounter<T>::~RefCounter):
(WTF::RefCounter::Token::Token): Deleted.
(WTF::RefCounter::Token::operator bool): Deleted.
(WTF::RefCounter<T>::Token::Token): Deleted.
(WTF::=): Deleted.

  • Delete.
2:58 PM Changeset in webkit [197136] by sbarati@apple.com
  • 8 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Implement Proxy.Set?
https://bugs.webkit.org/show_bug.cgi?id=154511

Reviewed by Filip Pizlo.

This patch is mostly an implementation of
Proxy.Set? with respect to section 9.5.9
of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-set-p-v-receiver

This patch also changes JSObject::putInline and JSObject::putByIndex
to be aware that a Proxy in the prototype chain will intercept
property accesses.

  • runtime/JSObject.cpp:

(JSC::JSObject::putInlineSlow):
(JSC::JSObject::attemptToInterceptPutByIndexOnHoleForPrototype):

  • runtime/JSObject.h:
  • runtime/JSObjectInlines.h:

(JSC::JSObject::canPerformFastPutInline):
(JSC::JSObject::putInline):

  • runtime/JSType.h:
  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::getOwnPropertySlotByIndex):
(JSC::ProxyObject::performPut):
(JSC::ProxyObject::put):
(JSC::ProxyObject::putByIndexCommon):
(JSC::ProxyObject::putByIndex):
(JSC::performProxyCall):
(JSC::ProxyObject::getCallData):
(JSC::performProxyConstruct):
(JSC::ProxyObject::deletePropertyByIndex):
(JSC::ProxyObject::visitChildren):

  • runtime/ProxyObject.h:

(JSC::ProxyObject::create):
(JSC::ProxyObject::createStructure):
(JSC::ProxyObject::target):
(JSC::ProxyObject::handler):

  • tests/es6.yaml:
  • tests/stress/proxy-set.js: Added.

(assert):
(throw.new.Error.let.handler.set 45):
(throw.new.Error):
(let.target.set x):
(let.target.get x):
(set let):

2:44 PM Changeset in webkit [197135] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Removing failure expectation for 26 editing tests that now pass on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=152131

Unreviewed test gardening.

  • platform/ios-simulator-wk2/TestExpectations:
  • platform/ios-simulator/TestExpectations:
2:37 PM Changeset in webkit [197134] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[JSC] Remove a useless "Move" in the lowering of Select
https://bugs.webkit.org/show_bug.cgi?id=154670

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-25
Reviewed by Geoffrey Garen.

I left the Move instruction when creating the aliasing form
of Select.

On ARM64, that meant a useless move for any case that can't
be coalesced.

On x86, that meant an extra constraint on child2, making it
stupidly hard to alias child1.

  • b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::createSelect): Deleted.

2:37 PM Changeset in webkit [197133] by adachan@apple.com
  • 3 edits in trunk/Source/WebKit2

Hook up fullscreenMayReturnToInline() in WKPageUIClient
https://bugs.webkit.org/show_bug.cgi?id=154661

Reviewed by Tim Horton.

  • UIProcess/API/C/WKPage.cpp:

(WKPageSetPageUIClient):

  • UIProcess/API/C/WKPageUIClient.h:
2:24 PM Changeset in webkit [197132] by barraclough@apple.com
  • 16 edits
    1 delete in trunk

Should template RefCounter instead of RefCounter::Token
https://bugs.webkit.org/show_bug.cgi?id=154691

Reviewed by Anders Carlsson.

Source/WebCore:

Mechanical update per RefCounter interface change.

  • page/PageThrottler.cpp:

(WebCore::PageThrottler::mediaActivityToken):
(WebCore::PageThrottler::pageLoadActivityToken):
(WebCore::PageThrottler::setActivityFlag):

  • page/PageThrottler.h:
  • platform/VNodeTracker.h:

Source/WebKit2:

Mechanical update per RefCounter interface change.

  • UIProcess/Plugins/PluginProcessManager.h:

(WebKit::PluginProcessManager::processSuppressionDisabledToken):
(WebKit::PluginProcessManager::processSuppressionDisabled):

  • UIProcess/ProcessThrottler.h:

(WebKit::ProcessThrottler::foregroundActivityToken):
(WebKit::ProcessThrottler::backgroundActivityToken):

  • UIProcess/WebProcessPool.h:

Source/WTF:

My real goal here is to make the counter accurate. Currently returning a Token from token<>()
results in ref-count churn. Fixing this either means changing the return value, or improving
Token (which will probably mean replacing it with RefPtr). Either way would break the current
type checking. Move type tag to RefCount so this can still be enforced.

  • WTF.vcxproj/WTF.vcxproj:
  • WTF.vcxproj/WTF.vcxproj.filters:
  • WTF.xcodeproj/project.pbxproj:
  • wtf/CMakeLists.txt:
  • wtf/RefCounter.cpp: Removed.
    • Removed RefCounter.cpp.
  • wtf/RefCounter.h:

(WTF::RefCounter::Token::Token):
(WTF::RefCounter::Token::operator bool):
(WTF::RefCounter::RefCounter):
(WTF::RefCounter::count):
(WTF::RefCounter::value):
(WTF::RefCounter<T>::Count::ref):
(WTF::RefCounter<T>::Count::deref):
(WTF::RefCounter<T>::RefCounter):
(WTF::RefCounter<T>::~RefCounter):
(WTF::RefCounter<T>::Token::Token):
(WTF::=):
(WTF::RefCounter::token): Deleted.
(WTF::RefCounter::Token<T>::Token): Deleted.

  • RefCounter -> RefCounter<T>,
  • Token<T> -> Token,
  • renamed token<>() -> count().

Tools:

Mechanical update per RefCounter interface change.

  • TestWebKitAPI/Tests/WTF/RefCounter.cpp:

(TestWebKitAPI::TEST):

2:19 PM Changeset in webkit [197131] by beidson@apple.com
  • 41 edits
    24 deletes in trunk/Source

Remove LegacyIDB.
https://bugs.webkit.org/show_bug.cgi?id=150854

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (No change in behavior).

  • CMakeLists.txt:
  • Modules/indexeddb/DOMWindowIndexedDatabase.cpp:

(WebCore::DOMWindowIndexedDatabase::indexedDB):

  • Modules/indexeddb/IDBDatabaseMetadata.cpp: Removed.
  • Modules/indexeddb/IDBDatabaseMetadata.h: Removed.
  • Modules/indexeddb/IDBFactory.h:
  • Modules/indexeddb/IDBIndex.h:
  • Modules/indexeddb/IDBIndexMetadata.h: Removed.
  • Modules/indexeddb/IDBObjectStoreMetadata.h: Removed.
  • Modules/indexeddb/IDBOperation.h: Removed.
  • Modules/indexeddb/IDBServerConnection.h: Removed.
  • Modules/indexeddb/IDBTransaction.h:
  • Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.cpp:

(WebCore::WorkerGlobalScopeIndexedDatabase::indexedDB):

  • Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.h:
  • Modules/indexeddb/legacy/IDBCallbacks.h: Removed.
  • Modules/indexeddb/legacy/IDBCursorBackend.cpp: Removed.
  • Modules/indexeddb/legacy/IDBCursorBackend.h: Removed.
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.cpp: Removed.
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.h: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseBackend.cpp: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseBackend.h: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacks.h: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacksImpl.cpp: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacksImpl.h: Removed.
  • Modules/indexeddb/legacy/IDBFactoryBackendInterface.h: Removed.
  • Modules/indexeddb/legacy/IDBPendingDeleteCall.h: Removed.
  • Modules/indexeddb/legacy/IDBPendingOpenCall.h: Removed.
  • Modules/indexeddb/legacy/IDBPendingTransactionMonitor.cpp: Removed.
  • Modules/indexeddb/legacy/IDBPendingTransactionMonitor.h: Removed.
  • Modules/indexeddb/legacy/IDBTransactionBackend.cpp: Removed.
  • Modules/indexeddb/legacy/IDBTransactionBackend.h: Removed.
  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp: Removed.
  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.h: Removed.
  • Modules/indexeddb/legacy/IDBTransactionCoordinator.cpp: Removed.
  • Modules/indexeddb/legacy/IDBTransactionCoordinator.h: Removed.
  • Modules/indexeddb/legacy/LegacyAny.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyAny.h: Removed.
  • Modules/indexeddb/legacy/LegacyCursor.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyCursor.h: Removed.
  • Modules/indexeddb/legacy/LegacyCursorWithValue.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyCursorWithValue.h: Removed.
  • Modules/indexeddb/legacy/LegacyDatabase.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyDatabase.h: Removed.
  • Modules/indexeddb/legacy/LegacyFactory.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyFactory.h: Removed.
  • Modules/indexeddb/legacy/LegacyIndex.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyIndex.h: Removed.
  • Modules/indexeddb/legacy/LegacyObjectStore.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyObjectStore.h: Removed.
  • Modules/indexeddb/legacy/LegacyOpenDBRequest.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyOpenDBRequest.h: Removed.
  • Modules/indexeddb/legacy/LegacyRequest.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyRequest.h: Removed.
  • Modules/indexeddb/legacy/LegacyTransaction.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyTransaction.h: Removed.
  • Modules/indexeddb/legacy/LegacyVersionChangeEvent.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyVersionChangeEvent.h: Removed.
  • Modules/indexeddb/server/SQLiteIDBCursor.cpp:

(WebCore::IDBServer::SQLiteIDBCursor::SQLiteIDBCursor):
(WebCore::IDBServer::SQLiteIDBCursor::establishStatement):
(WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):

  • Modules/indexeddb/server/SQLiteIDBCursor.h:
  • Modules/indexeddb/shared/IDBIndexInfo.h:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/IDBBindingUtilities.cpp:

(WebCore::generateIndexKeysForValue): Deleted.

  • bindings/js/IDBBindingUtilities.h:
  • bindings/js/JSMainThreadExecState.cpp:

(WebCore::JSMainThreadExecState::didLeaveScriptContext): Deleted.

  • inspector/InspectorIndexedDBAgent.cpp:
  • loader/EmptyClients.cpp:
  • page/DatabaseProvider.cpp:

(WebCore::DatabaseProvider::idbFactoryBackend): Deleted.

  • page/DatabaseProvider.h:
  • platform/CrossThreadCopier.cpp:

(WebCore::IDBDatabaseMetadata>::copy): Deleted.
(WebCore::IDBIndexMetadata>::copy): Deleted.
(WebCore::IDBObjectStoreMetadata>::copy): Deleted.

  • platform/CrossThreadCopier.h:

Source/WebKit:

  • Storage/WebDatabaseProvider.cpp:

(WebDatabaseProvider::createIDBFactoryBackend): Deleted.

  • Storage/WebDatabaseProvider.h:

Source/WebKit2:

  • CMakeLists.txt:
  • DatabaseProcess/DatabaseProcess.cpp:

(WebKit::DatabaseProcess::getOrCreateLegacyUniqueIDBDatabase): Deleted.
(WebKit::DatabaseProcess::removeLegacyUniqueIDBDatabase): Deleted.

  • DatabaseProcess/DatabaseProcess.h:
  • DatabaseProcess/DatabaseToWebProcessConnection.cpp:

(WebKit::DatabaseToWebProcessConnection::didClose):
(WebKit::DatabaseToWebProcessConnection::didReceiveMessage): Deleted.
(WebKit::DatabaseToWebProcessConnection::didReceiveSyncMessage): Deleted.
(WebKit::DatabaseToWebProcessConnection::establishIDBConnection): Deleted.
(WebKit::DatabaseToWebProcessConnection::removeDatabaseProcessIDBConnection): Deleted.

  • DatabaseProcess/DatabaseToWebProcessConnection.h:
  • DatabaseProcess/DatabaseToWebProcessConnection.messages.in:
  • DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.cpp: Removed.
  • DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.h: Removed.
  • DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.messages.in: Removed.
  • DatabaseProcess/IndexedDB/IDBIdentifier.h: Removed.
  • DatabaseProcess/IndexedDB/IDBSerialization.cpp: Removed.
  • DatabaseProcess/IndexedDB/IDBSerialization.h: Removed.
  • DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabase.cpp: Removed.
  • DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabase.h: Removed.
  • DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabaseIdentifier.cpp: Removed.
  • DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabaseIdentifier.h: Removed.
  • DatabaseProcess/IndexedDB/UniqueIDBDatabaseBackingStore.h: Removed.
  • DatabaseProcess/IndexedDB/WebIDBConnectionToClient.h:
  • DatabaseProcess/IndexedDB/sqlite/SQLiteIDBCursor.cpp: Removed.
  • DatabaseProcess/IndexedDB/sqlite/SQLiteIDBCursor.h: Removed.
  • DatabaseProcess/IndexedDB/sqlite/SQLiteIDBTransaction.cpp: Removed.
  • DatabaseProcess/IndexedDB/sqlite/SQLiteIDBTransaction.h: Removed.
  • DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.cpp: Removed.
  • DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.h: Removed.
  • DerivedSources.make:
  • Shared/WebCrossThreadCopier.cpp:

(WebCore::LegacyUniqueIDBDatabaseIdentifier>::copy): Deleted.
(WebCore::IDBIdentifier>::copy): Deleted.

  • Shared/WebCrossThreadCopier.h:
  • WebKit2.xcodeproj/project.pbxproj:
  • WebProcess/Databases/IndexedDB/WebIDBFactoryBackend.cpp: Removed.
  • WebProcess/Databases/IndexedDB/WebIDBFactoryBackend.h: Removed.
  • WebProcess/Databases/IndexedDB/WebIDBServerConnection.cpp: Removed.
  • WebProcess/Databases/IndexedDB/WebIDBServerConnection.h: Removed.
  • WebProcess/Databases/IndexedDB/WebIDBServerConnection.messages.in: Removed.
  • WebProcess/Databases/WebDatabaseProvider.cpp:

(WebKit::WebDatabaseProvider::createIDBFactoryBackend): Deleted.

  • WebProcess/Databases/WebDatabaseProvider.h:
  • WebProcess/Databases/WebToDatabaseProcessConnection.cpp:

(WebKit::WebToDatabaseProcessConnection::didReceiveMessage): Deleted.
(WebKit::WebToDatabaseProcessConnection::registerWebIDBServerConnection): Deleted.
(WebKit::WebToDatabaseProcessConnection::removeWebIDBServerConnection): Deleted.

  • WebProcess/Databases/WebToDatabaseProcessConnection.h:
  • WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
1:38 PM Changeset in webkit [197130] by beidson@apple.com
  • 2 edits in trunk/LayoutTests

Unreviewed test gardening.

12:52 PM Changeset in webkit [197129] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.19.2

New tag.

12:51 PM Changeset in webkit [197128] by bshafiei@apple.com
  • 2 edits in tags/Safari-602.1.20/Source/WebKit

Merged r197124. rdar://problem/24747822

12:32 PM Changeset in webkit [197127] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Removing a pass expectation for inspector/indexeddb/requestDatabaseNames.html that overrides the skip r197122

Unreviewed test gardening.

  • platform/mac/TestExpectations:
12:23 PM Changeset in webkit [197126] by gskachkov@gmail.com
  • 2 edits in trunk/Tools

Unreviewed, move Aleksandr Skachkov to committers list

11:55 AM Changeset in webkit [197125] by Said Abou-Hallawa
  • 4 edits in trunk/Source/WebCore

REGRESSION (r196268): Many assertion failures and crashes on SVG path animation tests when JS garbage collection happens quickly
https://bugs.webkit.org/show_bug.cgi?id=154331

Reviewed by Darin Adler.

This is not an actual regression. The bug did exist before r196268 but
the whole document was leaking once an SVGAnimatedProperty was created
so there was no way to produce this bug. After fixing the leak, one crash
and one assert got uncovered. Both of them happen because of the fact:
"if an SVGAnimatedProperty is not referenced it will be deleted."

  • svg/SVGPathElement.cpp:

(WebCore::SVGPathElement::lookupOrCreateDWrapper):
The code in this function was assuming that the wrapper will be created
only once which happens when SVGAnimatedProperty::lookupOrCreateWrapper()
is called. Before making this single call, lookupOrCreateDWrapper() was
building an initial SVGPathSegList from byte stream. But now
SVGAnimatedProperty::lookupWrapper() can return false even after creating
the SVGAnimatedProperty because it was deleted later. Calling
buildSVGPathSegListFromByteStream() more than once was causing
SVGAnimatedListPropertyTearOff::animationStarted() to fire the assertion
ASSERT(m_values.size() == m_wrappers.size()) because the path segments were
appended twice to m_values which is in fact SVGPathElement::m_pathSegList.value.
The fix is to build the initial SVGPathSegList only once which should happen
when m_pathSegList.value.isEmpty().

(WebCore::SVGPathElement::animatedPropertyWillBeDeleted):

  • svg/SVGPathElement.h:
  • svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:

(WebCore::SVGAnimatedPathSegListPropertyTearOff::~SVGAnimatedPathSegListPropertyTearOff):
SVGPathElement is assuming the following equivalence relation:
m_pathSegList.shouldSynchronize ~ SVGAnimatedProperty_is_created_and_not_null.
SVGPathElement::animatedPathSegList() and animatedNormalizedPathSegList()
set m_pathSegList.shouldSynchronize to true when SVGAnimatedProperty is
created but nothing sets m_pathSegList.shouldSynchronize back to false.
This was not a problem when the SVGAnimatedProperty was leaking but after
ensuring it is deleted when it is not referenced this equivalence relation
becomes untrue sometimes. This caused SVGPathElement::svgAttributeChanged()
to crash when we check m_pathSegList.shouldSynchronize and if it is true we
assume that SVGAnimatedProperty::lookupWrapper() will return a non-null pointer
and therefore we deference this pointer and call SVGAnimatedProperty::isAnimating().
To fix this crash we need to set m_pathSegList.shouldSynchronize back to false
when the associated SVGAnimatedProperty is deleted.

11:36 AM Changeset in webkit [197124] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit

[Win][CMake] Don't use incremental linking
https://bugs.webkit.org/show_bug.cgi?id=154684
<rdar://problem/24747822>

Reviewed by Alex Christensen.

  • PlatformWin.cmake: Make sure the "/INCREMENTAL:NO" flag is used

(overriding "/INCREMENTAL:YES").

11:28 AM Changeset in webkit [197123] by weinig@apple.com
  • 4 edits in trunk

Source/WTF:
HashMap::ensure() should return an AddResult like all the other add-like functions.
https://bugs.webkit.org/show_bug.cgi?id=154680

Reviewed by Anders Carlsson.

While adopting HashMap::ensure(), I found it was useful in some circumstances to know
if the value was added or not. While I could discern this information by setting a bool
in the passed in lambda, it seemed clearer and more idiomatic to just have ensure return
an AddResult like all the other add-like functions do.

  • wtf/HashMap.h:

Change return type of HashMap::ensure() to be an AddResult.

Tools:
HashMap::ensure() should return an AddResult like all the other add-like functions
https://bugs.webkit.org/show_bug.cgi?id=154680

Reviewed by Anders Carlsson.

  • TestWebKitAPI/Tests/WTF/HashMap.cpp:

(TestWebKitAPI::TEST):
Update tests to use/test the new AddResult result.

11:21 AM Changeset in webkit [197122] by beidson@apple.com
  • 11 edits
    1 add
    37 deletes in trunk

Modern IDB: WebKit 2 IPC layer.
https://bugs.webkit.org/show_bug.cgi?id=153808

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (Covered by over 1,000 existing tests).

  • Modules/indexeddb/IDBKeyData.h:

(WebCore::IDBKeyData::encode): It's okay to encode Min and Max.
(WebCore::IDBKeyData::decode): It's okay to decode Min and Max.

Source/WebKit2:

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::NetworkLoad): This ASSERT fires on most WK2 tests. Alex said remove it.

  • WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

(WebKit::WebIDBConnectionToServer::putOrAdd): Properly encode the overwrite flag.

  • WebProcess/Databases/WebDatabaseProvider.h: Enable Modern IDB.

LayoutTests:

  • Consolidate all test failures to the platform agnostic TestExpectations file.
  • Remove all existing WK2-specific results.
  • Add one new WK2-specific result.
  • Skip two WK2-only failures.
  • TestExpectations:
  • platform/mac-wk1/TestExpectations:
  • platform/mac-wk2/TestExpectations:
  • platform/wk2/TestExpectations:
  • platform/wk2/imported/w3c/indexeddb/abort-in-initial-upgradeneeded-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor-advance-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_advance_index5-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_advance_index9-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_advance_objectstore5-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_index5-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_index6-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_index8-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_invalid-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_objectstore6-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_delete_index4-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_delete_objectstore4-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbdatabase_close2-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbdatabase_deleteObjectStore4-not_reused-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbfactory_deleteDatabase3-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbfactory_open12-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex-multientry-big-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_get3-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_get7-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_getKey7-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_openCursor2-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_openKeyCursor3-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_add4-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_createIndex2-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_createIndex4-deleteIndex-event_order-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_createIndex6-event_order-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_createIndex7-event_order-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_put4-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbtransaction_abort-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbversionchangeevent-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/keygenerator-constrainterror-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/keygenerator-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/keygenerator-overflow-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/transaction-requestqueue-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/aborted-versionchange-closes-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/bad-keypath-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/basics-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/clear-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/create-and-remove-object-store-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/create-objectstore-basics-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/cursor-continue-dir-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/cursor-continue-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/cursor-finished-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/cursors-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/database-basics-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/deleteIndex-bug110792-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange-expected.txt: Added.
  • platform/wk2/storage/indexeddb/index-count-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/intversion-abort-in-initial-upgradeneeded-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/intversion-close-in-oncomplete-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/intversion-close-in-upgradeneeded-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/invalid-keys-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-requirements-delete-null-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-requirements-inline-and-passed-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-requirements-put-no-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-requirements-put-null-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-type-array-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/keypath-arrays-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/keypath-edges-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/keyrange-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/bad-keypath-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/clear-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/create-objectstore-basics-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/cursors-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/key-requirements-delete-null-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/key-requirements-inline-and-passed-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/key-requirements-put-no-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/key-requirements-put-null-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/readonly-transactions-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/object-lookups-in-versionchange-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/objectstore-count-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/open-cursor-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/readonly-transactions-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/request-result-cache-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/transaction-abort-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/transaction-active-flag-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/transaction-after-close-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/transaction-read-only-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/version-change-exclusive-expected.txt: Removed.
11:10 AM Changeset in webkit [197121] by ap@apple.com
  • 4 edits in trunk/Tools

Enable MallocScribble when detecting leaks
https://bugs.webkit.org/show_bug.cgi?id=154679

Reviewed by Geoffrey Garen.

  • Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.setup_environ_for_server):

  • Scripts/webkitpy/port/mac.py:

(MacPort.setup_environ_for_server):

  • Scripts/webkitpy/port/mac_unittest.py:

(MacTest.test_setup_environ_for_server):

8:35 AM Changeset in webkit [197120] by eric.carlson@apple.com
  • 2 edits in trunk/Tools

Unreviewed, fix iOS builds after r197114.

  • WebKitTestRunner/TestController.cpp:

(WTR::createCanonicalUUIDString):
(WTR::TestController::saltForOrigin):

8:34 AM Changeset in webkit [197119] by Nikita Vasilyev
  • 5 edits in trunk/Source/WebInspectorUI

Web Inspector: Unify selected item colors
https://bugs.webkit.org/show_bug.cgi?id=154668
<rdar://problem/24832178>

Reviewed by Timothy Hatcher.

Use the same CSS variable color for all selected items.

  • UserInterface/Views/TreeOutline.css:

(.tree-outline:matches(:focus, .force-focus) .item.selected):

  • UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.css:

(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item.selected):

  • UserInterface/Views/VisualStyleSelectorTreeItem.css:

(.item.visual-style-selector-item.selected):

  • UserInterface/Views/VisualStyleTabbedPropertiesRow.css:

(.visual-style-tabbed-properties-row > .visual-style-tabbed-properties-row-container > button.selected):

8:21 AM Changeset in webkit [197118] by dbates@webkit.org
  • 22 edits
    1 copy
    1 add in trunk

CSP: Make SecurityPolicyViolationEvent more closely conform to CSP spec and enable it by default
https://bugs.webkit.org/show_bug.cgi?id=154522
<rdar://problem/24762078>

Reviewed by Brent Fulgham.

Source/WebCore:

Include attributes statusCode and columnNumber in a dispatched SecurityPolicyViolationEvent and
as part of the SecurityPolicyViolationEventInit dictionary as per section Violation DOM Events
of the Content Security Policy Level 3 spec., <https://w3c.github.io/webappsec-csp/> (24 February 2016).
Additionally, enable dispatching of this event when a Content Security Policy violation occurs regardless
of whether ENABLE(CSP_NEXT) is enabled.

Test: http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html

  • WebCore.xcodeproj/project.pbxproj: Add files JSSecurityPolicyViolationEvent.{cpp, h}.
  • dom/EventNames.in: Enable support for SecurityPolicyViolationEvent unconditionally.
  • dom/SecurityPolicyViolationEvent.h: Remove ENABLE(CSP_NEXT)-guard so that we compile this

code unconditionally. Modified SecurityPolicyViolationEventInit and SecurityPolicyViolationEvent
to support attributes statusCode and columnNumebr.

  • dom/SecurityPolicyViolationEvent.idl: Add attributes statusCode and columnNumber.
  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::reportViolation): Modified to both dispatch a SecurityPolicyViolationEvent
and send a violation report (if applicable).

LayoutTests:

Add new test http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html
to ensure that SecurityPolicyViolationEvent.statusCode is 0 when dispatched for a violation on an HTTPS-served
document per section Reporting of the Content Security Policy 2.0 spec, <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.
Update existing test results and mark more tests as PASS in file LayoutTests/TestExpectations.

  • TestExpectations: Mark tests http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation*.html as PASS

so that we run them.

  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-basics-expected.txt: Update expected result to

reflect failing sub-test. We do not support the experimental JavaScript event listener onsecuritypolicyviolation when
building with ENABLE(CSP_NEXT) disabled.

  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-expected.txt: Update line and column numbers.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html: Added.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html: Update line and column numbers.
  • js/dom/global-constructors-attributes-expected.txt: Update expected results now that we expose SecurityPolicyViolationEvent.
  • platform/efl/js/dom/global-constructors-attributes-expected.txt: Ditto.
  • platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt: Ditto.
  • platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt: Ditto.
  • platform/mac/js/dom/global-constructors-attributes-expected.txt: Ditto.
8:21 AM Changeset in webkit [197117] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r197062 - [GTK] Tearing when entering AC mode
https://bugs.webkit.org/show_bug.cgi?id=150955

Reviewed by Michael Catanzaro.

Source/WebCore:

  • platform/gtk/GtkUtilities.cpp:

(WebCore::widgetIsOnscreenToplevelWindow): Allow passing nullptr.

Source/WebKit2:

When entering accelerated compositing mode, we keep rendering the
non accelerated contents until we have the first frame of
accelerated compositing contents. When the view is created hidden,
for example when the browser opens a link in a new tab, the view
is not realized until it is mapped. The native surface handle for
compositing, needed by the web process to render accelerated
compositing contents, is not available until the view is realized,
because it depends on the properties of the parent. When a web
view is mapped for the first time, and then realized, we send the
native surface handle for compositing to the web process, and keep
rendering the non composited contents until we get the first
frame, but in this case we never had non composited contents and
we end up rendering an untinitalized surface. This sometimes just
produces flickering and sometimes rendering artifacts.
We can prevent this from happening by realizing the web view as
soon as possible. A GtkWidget can't be realized until it has been
added to a toplevel, so we can realize our view right after it is
added to a toplevel window, and wait until the view is actually
mapped to notify the web process that it has been added to a
window. This way can we enter accelerated compositing mode before
the web view is mapped, so that when mapped we don't try to paint
the previous contents and don't need to wait for the first frame.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(toplevelWindowFocusInEvent): Handle the case of the window being
hidden when receiving focus in. According to
gtk_window_focus_in_event, this can happen.
(webkitWebViewBaseSetToplevelOnScreenWindow): When the web view is
removed from its toplevel parent, update the IsInWindow and
WindowIsActive flags accordingly. When the view is added to a
toplevel, realize it and don't update the window flags, they will be
updated when the view is mapped the first time.
(webkitWebViewBaseMap): Also update IsInWindow and WindowIsActive
flags if needed. This way, if for example you open a youtube video
in a new tab, the video won't start playing until you visit the
tab, like we did when the view was realized on map.
(webkitWebViewBaseHierarchyChanged): Use hierarchy-changed signal
instead of parent-set to be notified when the view is added to or
removed from a toplevel.
(webkit_web_view_base_class_init): Implement hierarchy-changed
instead of parent-set.
(webkitWebViewBaseRealize): Do not call
webkitWebViewBaseSetToplevelOnScreenWindow on realize, it's now
webkitWebViewBaseSetToplevelOnScreenWindow the one realizing the view.

  • UIProcess/cairo/BackingStoreCairo.cpp:

(WebKit::BackingStore::createBackend): Do not realize the view
here, it should be realized already at this point. If it's not
realized at this point is because it hasn't been added to a
toplevel and gtk_widget_realize will not work anyway.
(WebKit::BackingStore::paint): This is changing the cairo source
operator, so save/restore the cairo context to ensure it doesn't
affect other drawing done after this.

8:19 AM Changeset in webkit [197116] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197057 - Modern IDB: Some w3c objectstore tests crash under GuardMalloc.
https://bugs.webkit.org/show_bug.cgi?id=154460

Reviewed by Alex Christensen.

No new tests (Covered by existing tests).

  • Modules/indexeddb/server/UniqueIDBDatabase.cpp:

(WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
(WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
(WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore): Don't delete the UniqueIDBDatabase yet

if there are still any connections pending close.

(WebCore::IDBServer::UniqueIDBDatabase::didPerformCommitTransaction):
(WebCore::IDBServer::UniqueIDBDatabase::didPerformAbortTransaction):
(WebCore::IDBServer::UniqueIDBDatabase::inProgressTransactionCompleted): It's possible that with this

transaction completing, and a connection finished its close process, that the UniqueIDBDatabase is
now ready to be deleted.

  • Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:

(WebCore::IDBServer::UniqueIDBDatabaseConnection::abortTransactionWithoutCallback):

  • Modules/indexeddb/server/UniqueIDBDatabaseConnection.h:
  • Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp:

(WebCore::IDBServer::UniqueIDBDatabaseTransaction::abortWithoutCallback):

8:18 AM Changeset in webkit [197115] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197037 - Stackmaps have problems with double register constraints
https://bugs.webkit.org/show_bug.cgi?id=154643

Reviewed by Geoffrey Garen.

This is currently a benign bug. I found it while playing.

  • b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::fillStackmap):

  • b3/testb3.cpp:

(JSC::B3::testURShiftSelf64):
(JSC::B3::testPatchpointDoubleRegs):
(JSC::B3::zero):
(JSC::B3::run):

7:18 AM Changeset in webkit [197114] by eric.carlson@apple.com
  • 55 edits
    7 adds in trunk

[MediaStream] MediaDeviceInfo deviceId and groupId must be unique to the page's origin
https://bugs.webkit.org/show_bug.cgi?id=153163
<rdar://problem/24334526>

Reviewed by Tim Horton.

Source/WebCore:

Tests: http/tests/media/media-stream/enumerate-devices-source-id-persistent.html

http/tests/media/media-stream/enumerate-devices-source-id.html

  • Modules/mediastream/MediaDevicesRequest.cpp:

(WebCore::MediaDevicesRequest::start): Don't check document.hasHadActiveMediaStreamTrack, do it

in didCompleteTrackSourceInfoRequest where we need the information.

(WebCore::MediaDevicesRequest::didCompletePermissionCheck): Renamed from didCompleteCheck, save

device ID hash string.

(WebCore::hashString): Hash a string with SHA1.
(WebCore::MediaDevicesRequest::hashID): Hash and ID.
(WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest): Hash deviceId and groupId.
(WebCore::MediaDevicesRequest::didCompleteCheck): Deleted.
(WebCore::MediaDevicesRequest::getTrackSources): Deleted.
(WebCore::MediaDevicesRequest::didCompleteRequest): Deleted.

  • Modules/mediastream/MediaDevicesRequest.h:
  • Modules/mediastream/UserMediaPermissionCheck.cpp:

(WebCore::UserMediaPermissionCheck::userMediaDocumentOrigin): Renamed from securityOrigin.
(WebCore::UserMediaPermissionCheck::topLevelDocumentOrigin): New, return the top level document origin.
(WebCore::UserMediaPermissionCheck::setUserMediaAccessInfo): Renamed from setHasPersistentPermission.
(WebCore::UserMediaPermissionCheck::securityOrigin): Deleted.
(WebCore::UserMediaPermissionCheck::setHasPersistentPermission): Deleted.

  • Modules/mediastream/UserMediaPermissionCheck.h:
  • Modules/mediastream/UserMediaRequest.cpp:

(WebCore::UserMediaRequest::userMediaDocumentOrigin): Renamed from securityOrigin.
(WebCore::UserMediaRequest::topLevelDocumentOrigin): New, return the top level document origin.
(WebCore::UserMediaRequest::securityOrigin): Deleted.

  • Modules/mediastream/UserMediaRequest.h:

(WebCore::UserMediaRequest::requiresAudio): Deleted, unused.
(WebCore::UserMediaRequest::requiresVideo): Ditto.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaPlayerMediaDeviceIdentifierStorageDirectory): Deleted, unused.

  • html/HTMLMediaElement.h:
  • platform/graphics/MediaPlayer.h:

(WebCore::MediaPlayerClient::mediaPlayerMediaDeviceIdentifierStorageDirectory): Deleted.

  • platform/mediastream/MediaStreamTrackSourcesRequestClient.h:

(WebCore::MediaStreamTrackSourcesRequestClient::didCompleteTrackSourceInfoRequest): Renamed from didCompleteRequest.

  • platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:

(WebCore::RealtimeMediaSourceCenterMac::getMediaStreamTrackSources): Ditto.

  • platform/mock/MockRealtimeMediaSourceCenter.cpp:

(WebCore::MockRealtimeMediaSourceCenter::getMediaStreamTrackSources): Ditto.

Source/WebKit/mac:

  • WebCoreSupport/WebUserMediaClient.mm:

(WebUserMediaClient::requestUserMediaAccess):
(WebUserMediaClient::checkUserMediaPermission):
(-[WebUserMediaPolicyCheckerListener allow]):
(-[WebUserMediaPolicyCheckerListener deny]):

Source/WebKit2:

  • CMakeLists.txt: Add WKFrameHandleRef.cpp.
  • Shared/API/c/WKBase.h: Add WKFrameHandleRef.
  • UIProcess/API/APIUIClient.h:

(API::UIClient::decidePolicyForUserMediaPermissionRequest): Add parameter top level document

security context.

(API::UIClient::checkUserMediaPermissionForOrigin): Ditto.

  • UIProcess/API/C/WKAPICast.h: Add FrameHandle.
  • UIProcess/API/C/WKFrameHandleRef.cpp: Added.
  • UIProcess/API/C/WKFrameHandleRef.h: Added.
  • UIProcess/API/C/WKFrameInfoRef.cpp:

(WKFrameInfoGetFrameHandleRef): Added.

  • UIProcess/API/C/WKFrameInfoRef.h:
  • UIProcess/API/C/WKPage.cpp:

(WKPageSetPageUIClient): Add parameters to decidePolicyForUserMediaPermissionRequest and

checkUserMediaPermissionForOrigin for top level document security context.

  • UIProcess/API/C/WKPageUIClient.h: Ditto.
  • UIProcess/API/C/WKUserMediaPermissionCheck.cpp:

(WKUserMediaPermissionCheckSetUserMediaAccessInfo): Renamed from WKUserMediaPermissionCheckSetHasPersistentPermission,

add parameter for top level document security context.

(WKUserMediaPermissionCheckSetHasPersistentPermission): Deleted.

  • UIProcess/API/C/WKUserMediaPermissionCheck.h:
  • UIProcess/API/gtk/WebKitUserMediaPermissionRequest.cpp:

(webkitUserMediaPermissionRequestCreate): Add top level document origin.

  • UIProcess/UserMediaPermissionCheckProxy.cpp:

(WebKit::UserMediaPermissionCheckProxy::setUserMediaAccessInfo): Renamed from setHasPersistentPermission.
(WebKit::UserMediaPermissionCheckProxy::setHasPersistentPermission): Deleted.

  • UIProcess/UserMediaPermissionCheckProxy.h:
  • UIProcess/UserMediaPermissionRequestManagerProxy.cpp:

(WebKit::UserMediaPermissionRequestManagerProxy::didCompleteUserMediaPermissionCheck): Add parameter

for device id hash salt.

  • UIProcess/UserMediaPermissionRequestManagerProxy.h:
  • UIProcess/UserMediaPermissionRequestProxy.h:

(WebKit::UserMediaPermissionRequestProxy::requiresAudio): Deleted, unused.
(WebKit::UserMediaPermissionRequestProxy::requiresVideo): Ditto.
(WebKit::UserMediaPermissionRequestProxy::firstVideoDeviceUID): Ditto.
(WebKit::UserMediaPermissionRequestProxy::firstAudioDeviceUID): Ditto.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::requestUserMediaPermissionForFrame): Pass through parameter for top

level document security context.

(WebKit::WebPageProxy::checkUserMediaPermissionForFrame): Ditto.

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in:
  • WebKit2.xcodeproj/project.pbxproj: Add WKFrameHandleRef.cpp|.h.
  • WebProcess/MediaStream/UserMediaPermissionRequestManager.cpp:

(WebKit::UserMediaPermissionRequestManager::startUserMediaRequest): Pass through parameter for top

level document security context.

(WebKit::UserMediaPermissionRequestManager::startUserMediaPermissionCheck): Ditto.
(WebKit::UserMediaPermissionRequestManager::didCompleteUserMediaPermissionCheck): Pass through

device id hash salt.

  • WebProcess/MediaStream/UserMediaPermissionRequestManager.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::didCompleteUserMediaPermissionCheck): Ditto.

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:

Tools:

  • WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::setUserMediaPermissionForOrigin): Take top level document origin.

  • WebKitTestRunner/InjectedBundle/InjectedBundle.h:
  • WebKitTestRunner/InjectedBundle/TestRunner.cpp:

(WTR::TestRunner::setUserMediaPermissionForOrigin): Ditto.

  • WebKitTestRunner/InjectedBundle/TestRunner.h:
  • WebKitTestRunner/TestController.cpp:

(WTR::decidePolicyForUserMediaPermissionRequest): Pass through top level document origin.
(WTR::checkUserMediaPermissionForOrigin): Ditto.
(WTR::TestController::resetStateToConsistentValues): m_userMediaOriginPermissions -> m_cahcedUserMediaPermissions.
(WTR::originUserVisibleName): Return a String.
(WTR::userMediaOriginHash): Create a hash of the origin plus top level document origin.
(WTR::TestController::saltForOrigin): Return salt for an origin.
(WTR::TestController::setUserMediaPermissionForOrigin): Return permission for an origin.
(WTR::TestController::handleCheckOfUserMediaPermissionForOrigin):
(WTR::TestController::handleUserMediaPermissionRequest):
(WTR::TestController::decidePolicyForUserMediaPermissionRequestIfPossible):
(WTR::OriginSettings::OriginSettings): New, class to cache settings for an origin.
(WTR::OriginSettings::persistentPermission): Persistent permissions for origin.
(WTR::OriginSettings::setPersistentPermission): Set permissions for origin.
(WTR::OriginSettings::persistentSalt): Return the persistent salt for the origin, if any.
(WTR::OriginSettings::setPersistentSalt): Set the persistent salt for the origin
(WTR::OriginSettings::ephemeralSalts): Return hashmap used to store per-frame salts.

  • WebKitTestRunner/TestController.h:
  • WebKitTestRunner/TestInvocation.cpp:

(WTR::TestInvocation::didReceiveMessageFromInjectedBundle):

LayoutTests:

  • fast/mediastream/MediaDevices-enumerateDevices-expected.txt:
  • fast/mediastream/MediaDevices-enumerateDevices.html:
  • http/tests/media/media-stream/enumerate-devices-source-id-expected.txt: Added.
  • http/tests/media/media-stream/enumerate-devices-source-id-persistent-expected.txt: Added.
  • http/tests/media/media-stream/enumerate-devices-source-id-persistent.html: Added.
  • http/tests/media/media-stream/enumerate-devices-source-id.html: Added.
  • http/tests/media/media-stream/resources/enumerate-devices-source-id-frame.html: Added.
7:05 AM Changeset in webkit [197113] by Carlos Garcia Campos
  • 8 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r197030 - Background of an absolutely positioned inline element inside text-indented parent is positioned statically.
https://bugs.webkit.org/show_bug.cgi?id=154019

Reviewed by Simon Fraser.

This patch ensures that statically positioned out-of-flow renderers are also text-aligned
even when none of the renderers on the first line generate a linebox (so we end up with no bidi runs at all).
The fix is to pass IndentTextOrNot information to startAlignedOffsetForLine through updateStaticInlinePositionForChild
so that we can compute the left position for this statically positioned out of flow renderer.

Source/WebCore:

Test: fast/css3-text/css3-text-indent/text-indent-with-absolute-pos-child.html

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::adjustPositionedBlock):
(WebCore::RenderBlockFlow::updateStaticInlinePositionForChild):

  • rendering/RenderBlockFlow.h:
  • rendering/RenderBlockLineLayout.cpp:

(WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
(WebCore::RenderBlockFlow::startAlignedOffsetForLine):

  • rendering/line/LineBreaker.cpp:

(WebCore::LineBreaker::skipTrailingWhitespace):
(WebCore::LineBreaker::skipLeadingWhitespace):

  • rendering/line/LineInlineHeaders.h: webkit.org/b/154628 fixes the bool vs IndentTextOrNot issue.

(WebCore::setStaticPositions):

LayoutTests:

  • fast/css3-text/css3-text-indent/text-indent-with-absolute-pos-child-expected.html: Added.
  • fast/css3-text/css3-text-indent/text-indent-with-absolute-pos-child.html: Added.
7:04 AM Changeset in webkit [197112] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r197024 - REGRESSION(r195949): [GTK] Test /webkit2/WebKitWebView/insert/link is failing since r195949
https://bugs.webkit.org/show_bug.cgi?id=153747

Reviewed by Michael Catanzaro.

Source/WebCore:

Do not return early when reaching a boundary if there's a range
selection. In that case, the selection will be cleared and
accessibility will be notified.

Test: editing/selection/move-to-line-boundary-clear-selection.html

  • editing/FrameSelection.cpp:

(WebCore::FrameSelection::modify):

LayoutTests:

Add test to check that moving to line boundary clears the
selection even if the cursor is already at the boundary.

  • editing/selection/move-to-line-boundary-clear-selection-expected.txt: Added.
  • editing/selection/move-to-line-boundary-clear-selection.html: Added.
6:59 AM Changeset in webkit [197111] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197001 - JSC stress tests' standalone-pre.js should exit on the first failure by default
https://bugs.webkit.org/show_bug.cgi?id=154565

Reviewed by Mark Lam.

Currently, if a test writer does not call finishJSTest() at the end of
any test using stress/resources/standalone-pre.js then the test can fail
without actually reporting an error to the harness. By default, we
should throw on the first error so, in the event someone does not call
finishJSTest() the harness will still notice the error.

  • tests/stress/regress-151324.js:
  • tests/stress/resources/standalone-pre.js:

(testFailed):

6:48 AM Changeset in webkit [197110] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r196999 - Make JSObject::getMethod have fewer branches
https://bugs.webkit.org/show_bug.cgi?id=154603

Reviewed by Mark Lam.

Writing code with fewer branches is almost always better.

  • runtime/JSObject.cpp:

(JSC::JSObject::getMethod):

6:40 AM Changeset in webkit [197109] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r196996 - B3::Value doesn't self-destruct virtually enough (Causes many leaks in LowerDFGToB3::appendOSRExit)
https://bugs.webkit.org/show_bug.cgi?id=154592

Reviewed by Saam Barati.

If Foo has a virtual destructor, then:

foo->Foo::~Foo() does a non-virtual call to Foo's destructor. Even if foo points to a
subclass of Foo that overrides the destructor, this syntax will not call that override.

foo->~Foo() does a virtual call to the destructor, and so if foo points to a subclass, you
get the subclass's override.

In B3, we used this->Value::~Value() thinking that it would call the subclass's override.
This caused leaks because this didn't actually call the subclass's override. This fixes the
problem by using this->~Value() instead.

  • b3/B3ControlValue.cpp:

(JSC::B3::ControlValue::convertToJump):
(JSC::B3::ControlValue::convertToOops):

  • b3/B3Value.cpp:

(JSC::B3::Value::replaceWithIdentity):
(JSC::B3::Value::replaceWithNop):
(JSC::B3::Value::replaceWithPhi):

6:29 AM Changeset in webkit [197108] by Carlos Garcia Campos
  • 14 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r196991 - Lay the groundwork for more constness in StyleResolver-related code
https://bugs.webkit.org/show_bug.cgi?id=154598

Reviewed by Antti Koivisto.

Make some of the leaf functions that are used by the style resolver take
const CSSValues, and use 'auto' more to automatically get const stack variables
when appropriate.

  • css/CSSBorderImageSliceValue.h:

(WebCore::CSSBorderImageSliceValue::slices):

  • css/CSSPrimitiveValue.h:

(WebCore::CSSPrimitiveValue::isQuirkValue):

  • css/FontVariantBuilder.cpp:

(WebCore::extractFontVariantLigatures):
(WebCore::extractFontVariantNumeric):
(WebCore::extractFontVariantEastAsian):

  • css/FontVariantBuilder.h:
  • css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::convertReflection):
(WebCore::StyleBuilderConverter::convertGridAutoFlow):

  • css/StyleBuilderCustom.h:

(WebCore::StyleBuilderCustom::applyValueSize):
(WebCore::StyleBuilderCustom::applyValueStroke):

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::colorFromPrimitiveValueIsDerivedFromElement):
(WebCore::StyleResolver::colorFromPrimitiveValue):
(WebCore::StyleResolver::createFilterOperations):

  • css/StyleResolver.h:
  • css/TransformFunctions.cpp:

(WebCore::transformsForValue):

  • css/TransformFunctions.h:
  • rendering/style/StylePendingImage.h:
  • svg/SVGLength.cpp:

(WebCore::SVGLength::fromCSSPrimitiveValue):

  • svg/SVGLength.h:
6:18 AM Changeset in webkit [197107] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/LayoutTests

Merge r196988 - REGRESSION (r192251): http/tests/navigation/page-cache-xhr.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=154589

Reviewed by Youenn Fablet.

  • http/tests/navigation/page-cache-xhr.html: Load a file that exists. The content

doesn't matter, as we expect to navigate away before the load occurs.

  • http/tests/resources/load-and-stall.cgi: Added cache control, just for a good measure.
6:15 AM Changeset in webkit [197106] by Carlos Garcia Campos
  • 29 edits
    1 add in releases/WebKitGTK/webkit-2.12

Merge r196986 - Debug assertion failure while loading http://kangax.github.io/compat-table/es6/.
https://bugs.webkit.org/show_bug.cgi?id=154542

Reviewed by Saam Barati.

Source/JavaScriptCore:

According to the spec, the constructors of the following types "are not intended
to be called as a function and will throw an exception". These types are:

TypedArrays - https://tc39.github.io/ecma262/#sec-typedarray-constructors
Map - https://tc39.github.io/ecma262/#sec-map-constructor
Set - https://tc39.github.io/ecma262/#sec-set-constructor
WeakMap - https://tc39.github.io/ecma262/#sec-weakmap-constructor
WeakSet - https://tc39.github.io/ecma262/#sec-weakset-constructor
ArrayBuffer - https://tc39.github.io/ecma262/#sec-arraybuffer-constructor
DataView - https://tc39.github.io/ecma262/#sec-dataview-constructor
Promise - https://tc39.github.io/ecma262/#sec-promise-constructor
Proxy - https://tc39.github.io/ecma262/#sec-proxy-constructor

This patch does the foillowing:

  1. Ensures that these constructors can be called but will throw a TypeError when called.
  2. Makes all these objects use throwConstructorCannotBeCalledAsFunctionTypeError() in their implementation to be consistent.
  3. Change the error message to "calling XXX constructor without new is invalid". This is clearer because the error is likely due to the user forgetting to use the new operator on these constructors.
  • runtime/Error.h:
  • runtime/Error.cpp:

(JSC::throwConstructorCannotBeCalledAsFunctionTypeError):

  • Added a convenience function to throw the TypeError.
  • runtime/JSArrayBufferConstructor.cpp:

(JSC::constructArrayBuffer):
(JSC::callArrayBuffer):
(JSC::JSArrayBufferConstructor::getCallData):

  • runtime/JSGenericTypedArrayViewConstructorInlines.h:

(JSC::callGenericTypedArrayView):
(JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):

  • runtime/JSPromiseConstructor.cpp:

(JSC::callPromise):

  • runtime/MapConstructor.cpp:

(JSC::callMap):

  • runtime/ProxyConstructor.cpp:

(JSC::callProxy):
(JSC::ProxyConstructor::getCallData):

  • runtime/SetConstructor.cpp:

(JSC::callSet):

  • runtime/WeakMapConstructor.cpp:

(JSC::callWeakMap):

  • runtime/WeakSetConstructor.cpp:

(JSC::callWeakSet):

  • tests/es6.yaml:
  • The typed_arrays_%TypedArray%[Symbol.species].js test now passes.
  • tests/stress/call-non-calleable-constructors-as-function.js: Added.

(test):

  • tests/stress/map-constructor.js:

(testCallTypeError):

  • tests/stress/promise-cannot-be-called.js:

(shouldThrow):

  • tests/stress/proxy-basic.js:
  • tests/stress/set-constructor.js:
  • tests/stress/throw-from-ftl-call-ic-slow-path-cells.js:

(i.catch):

  • tests/stress/throw-from-ftl-call-ic-slow-path-undefined.js:

(i.catch):

  • tests/stress/throw-from-ftl-call-ic-slow-path.js:

(i.catch):

  • tests/stress/weak-map-constructor.js:

(testCallTypeError):

  • tests/stress/weak-set-constructor.js:
  • Updated error message string.

LayoutTests:

  • js/Promise-types-expected.txt:
  • js/basic-map-expected.txt:
  • js/basic-set-expected.txt:
  • js/dom/basic-weakmap-expected.txt:
  • js/dom/basic-weakset-expected.txt:
  • js/script-tests/Promise-types.js:
  • js/typedarray-constructors-expected.txt:
  • Updated error message string.
5:56 AM Changeset in webkit [197105] by Carlos Garcia Campos
  • 15 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r196977 - [SVG] Update SVG source to return string literals as ASCIILiteral and add test cases for case sensitivity
https://bugs.webkit.org/show_bug.cgi?id=154373

Patch by Nikos Andronikos <nikos.andronikos-webkit@cisra.canon.com.au> on 2016-02-23
Reviewed by Youenn Fablet.

Source/WebCore:

Update SVGAnimatedEnumeration toString method to return ASCIILiteral for string literals and add test cases for
case-sensitivity for these elements.

Test: svg/dom/SVGAnimatedEnumeration-case-sensitive.html

  • svg/SVGComponentTransferFunctionElement.h:

(WebCore::SVGPropertyTraits<ComponentTransferType>::toString):

  • svg/SVGFEBlendElement.h:

(WebCore::SVGPropertyTraits<BlendMode>::toString):

  • svg/SVGFEColorMatrixElement.h:

(WebCore::SVGPropertyTraits<ColorMatrixType>::toString):

  • svg/SVGFECompositeElement.h:

(WebCore::SVGPropertyTraits<CompositeOperationType>::toString):

  • svg/SVGFEConvolveMatrixElement.h:

(WebCore::SVGPropertyTraits<EdgeModeType>::toString):

  • svg/SVGFEDisplacementMapElement.h:

(WebCore::SVGPropertyTraits<ChannelSelectorType>::toString):

  • svg/SVGFEMorphologyElement.h:

(WebCore::SVGPropertyTraits<MorphologyOperatorType>::toString):

  • svg/SVGFETurbulenceElement.h:

(WebCore::SVGPropertyTraits<SVGStitchOptions>::toString):
(WebCore::SVGPropertyTraits<TurbulenceType>::toString):

  • svg/SVGGradientElement.h:

(WebCore::SVGPropertyTraits<SVGSpreadMethodType>::toString):

  • svg/SVGMarkerElement.h:

(WebCore::SVGPropertyTraits<SVGMarkerUnitsType>::toString):

  • svg/SVGTextContentElement.h:

(WebCore::SVGPropertyTraits<SVGLengthAdjustType>::toString):

  • svg/SVGTextPathElement.h:

(WebCore::SVGPropertyTraits<SVGTextPathMethodType>::toString):
(WebCore::SVGPropertyTraits<SVGTextPathSpacingType>::toString):

  • svg/SVGUnitTypes.h:

(WebCore::SVGPropertyTraits<SVGUnitTypes::SVGUnitType>::toString):

LayoutTests:

Add test cases for case-sensitivity for SVGAnimatedEnumeration elements.

  • svg/dom/SVGAnimatedEnumeration-case-sensitive-expected.txt: Added.
  • svg/dom/SVGAnimatedEnumeration-case-sensitive.html: Added.
  • svg/dom/script-tests/SVGAnimatedEnumeration-case-sensitive.js: Added.

(testCaseSensitivity):

5:49 AM Changeset in webkit [197104] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r196971 - Some timer alignment cleanup.
https://bugs.webkit.org/show_bug.cgi?id=154559

Reviewed by Chris Dumez.

Document shouldn't override Page's timer alignment policy with a lower alignment,
and m_domTimerAlignmentInterval isn't really a Settings, it's just the current state
for the page.

  • dom/Document.cpp:

(WebCore::Document::timerAlignmentInterval):

  • take the max of the possible intervals.
  • page/Page.cpp:

(WebCore::Page::Page):
(WebCore::Page::setTimerThrottlingEnabled):
(WebCore::Page::setDOMTimerAlignmentInterval):

  • moved here from Settings.
  • page/Page.h:

(WebCore::Page::domTimerAlignmentInterval):

  • moved here from Settings.
  • page/Settings.cpp:

(WebCore::Settings::setDOMTimerAlignmentInterval): Deleted.

  • moved to Page.
  • page/Settings.h:

(WebCore::Settings::domTimerAlignmentInterval): Deleted.

  • moved to Page.
5:40 AM Changeset in webkit [197103] by Carlos Garcia Campos
  • 13 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r196969 - Font features specified in @font-face blocks don't apply to local() families
https://bugs.webkit.org/show_bug.cgi?id=154554

Reviewed by Dean Jackson.

Source/WebCore:

The correct variables just need to be wired up. In addition, our caches need to be sensitive
to the new data.

Test: css3/font-feature-font-face-local.html

  • css/CSSFontFaceSource.cpp:

(WebCore::CSSFontFaceSource::font):

  • platform/graphics/FontCache.cpp:

(WebCore::FontPlatformDataCacheKey::FontPlatformDataCacheKey):
(WebCore::FontPlatformDataCacheKey::operator==):
(WebCore::FontPlatformDataCacheKeyHash::hash):
(WebCore::FontCache::getCachedFontPlatformData):
(WebCore::FontCache::fontForFamily):

  • platform/graphics/FontCache.h:
  • platform/graphics/FontFeatureSettings.h:

(WebCore::FontFeature::operator!=):
(WebCore::FontFeatureSettings::operator!=):

  • platform/graphics/cocoa/FontCacheCoreText.cpp:

(WebCore::fontWithFamily):
(WebCore::FontCache::createFontPlatformData):

  • platform/graphics/mac/ComplexTextControllerCoreText.mm:

(WebCore::ComplexTextController::collectComplexTextRunsForCharacters):

  • platform/graphics/mac/FontCacheMac.mm:

(WebCore::FontCache::lastResortFallbackFont):

  • platform/text/TextFlags.h:

(WebCore::FontVariantSettings::operator==):
(WebCore::FontVariantSettings::operator!=):
(WebCore::FontVariantSettings::uniqueValue):

LayoutTests:

  • css3/font-feature-font-face-local-expected.html: Added.
  • css3/font-feature-font-face-local.html: Added.
5:24 AM Changeset in webkit [197102] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Web Inspector: Timelines sidebar and overview attempt to access undefined properties when FPS instrument is absent
https://bugs.webkit.org/show_bug.cgi?id=154567
<rdar://problem/24781536>

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):
The viewMode property should be in a valid state before attempting
to access the current view mode settings.

  • UserInterface/Views/TimelineSidebarPanel.js:

(WebInspector.TimelineSidebarPanel.prototype.get minimumWidth):
(WebInspector.TimelineSidebarPanel.prototype._updateViewModeIfNeeded):
(WebInspector.TimelineSidebarPanel):
Added missing checks for FPSInstrument support.

5:21 AM Changeset in webkit [197101] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r196967 - JSGlobalObject doesn't visit ProxyObjectStructure during GC
https://bugs.webkit.org/show_bug.cgi?id=154564

Rubber stamped by Mark Lam.

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::visitChildren):

5:07 AM Changeset in webkit [197100] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r196965 - REGRESSION (r196892): Crash in DocumentLoader::startLoadingMainResource()
https://bugs.webkit.org/show_bug.cgi?id=154563
<rdar://problem/24780678>

Reviewed by Alexey Proskuryakov.

Fixes an issue where the provisional loader may be deallocated when starting
a load. One example where this can occur is when cancelling the provisional load
as part of a form submission because the Content Security Policy of the page
blocks the submission (it violates the directive form-action).

This crash is covered by the test http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html.

  • loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::startLoadingMainResource): Take a ref before calling
DocumentLoader::willSendRequest().

5:05 AM Changeset in webkit [197099] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r196962 - Fix build and implement functions to retrieve registers on FreeBSD
https://bugs.webkit.org/show_bug.cgi?id=152258

Patch by Ting-Wei Lan <Ting-Wei Lan> on 2016-02-22
Reviewed by Michael Catanzaro.

  • heap/MachineStackMarker.cpp:

(pthreadSignalHandlerSuspendResume):
struct ucontext is not specified in POSIX and it is not available on
FreeBSD. Replacing it with ucontext_t fixes the build problem.
(JSC::MachineThreads::Thread::Registers::stackPointer):
(JSC::MachineThreads::Thread::Registers::framePointer):
(JSC::MachineThreads::Thread::Registers::instructionPointer):
(JSC::MachineThreads::Thread::Registers::llintPC):

  • heap/MachineStackMarker.h:
4:49 AM Changeset in webkit [197098] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12

Merge r196961 - REGRESSION (r196563): Images not loading on https://klim.co.nz/blog/paypal-sans-design-information/
https://bugs.webkit.org/show_bug.cgi?id=154547
<rdar://problem/24772167>

Reviewed by Gavin Barraclough.

Source/WebCore:

The Website was doing the following:
$ var e = window.addEventListener;
$ e("eventname", handler)

In such case, the jsEventTargetPrototypeFunctionDispatchEvent() bindings
implementation was caused with a thisValue which is a JSLexicalEnvironment
and the implementation did not know how to convert it into a global object.
The previous implementation on JSDOMWindow used to handle tis correctly
because it was always calling JSValue::toThis() on the thisValue before
trying to cast it to a JSDOMWindow, and JSLexicalEnvironment::toThis()
gets the globalThisValue. This patch updates the EventTarget bindings
code to call always call toThis() on the thisValue before trying to
cast it. This should correctly deal with JSLexicalEnvironment and be a
no-op in usual cases.

No new tests, extended existing test.

  • bindings/scripts/CodeGeneratorJS.pm:

(GenerateFunctionCastedThis):

LayoutTests:

Add regression test for <rdar://problem/24772167>.

  • fast/dom/Window/addEventListener-implicit-this-expected.txt:
  • fast/dom/Window/addEventListener-implicit-this.html:
4:01 AM Changeset in webkit [197097] by Carlos Garcia Campos
  • 10 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r196960 - Repeated background images have the wrong position when using bottom/right-relative background-position
https://bugs.webkit.org/show_bug.cgi?id=154478

Reviewed by Dave Hyatt.
Source/WebCore:

Fix RenderBoxModelObject::calculateBackgroundImageGeometry() to use the right position when
painting repeated background images when right/bottom edges are used.

Also rename BackgroundEdgeOrigin to Edge

Test: fast/images/background-position.html

  • css/CSSPrimitiveValueMappings.h:

(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::operator Edge):
(WebCore::CSSPrimitiveValue::operator BackgroundEdgeOrigin): Deleted.

  • rendering/RenderBoxModelObject.cpp:

(WebCore::resolveEdgeRelativeLength):
(WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):

  • rendering/style/FillLayer.cpp:

(WebCore::FillLayer::FillLayer):

  • rendering/style/FillLayer.h:

(WebCore::FillLayer::backgroundXOrigin):
(WebCore::FillLayer::backgroundYOrigin):
(WebCore::FillLayer::setBackgroundXOrigin):
(WebCore::FillLayer::setBackgroundYOrigin):

  • rendering/style/RenderStyleConstants.cpp:

(WebCore::operator<<):

  • rendering/style/RenderStyleConstants.h:

LayoutTests:

Enhanced background-position-serialize.html to test values that use right/bottom edge specifiers.

Ref test for background-position.

  • fast/css/background-position-serialize-expected.txt:
  • fast/css/background-position-serialize.html:
  • fast/images/background-position-expected.html: Added.
  • fast/images/background-position.html: Added.
  • fast/images/resources/checker.png: Added.
3:42 AM Changeset in webkit [197096] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore/platform/gtk/po

Merge r196957 - [l10n] Updated Polish translation of WebKitGTK+ for 2.12
https://bugs.webkit.org/show_bug.cgi?id=154549

Patch by Piotr Drąg <piotrdrag@gmail.com> on 2016-02-22
Rubber-stamped by Michael Catanzaro.

  • pl.po:
3:40 AM Changeset in webkit [197095] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12

Revert "Merge r196948 - [JSC shell] Don't put empty arguments array to VM."

This reverts commit 634b8dad527aaab26af7e3baaea9d1289b443b37.

3:08 AM Changeset in webkit [197094] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12

Merge r196948 - [JSC shell] Don't put empty arguments array to VM.
https://bugs.webkit.org/show_bug.cgi?id=154516

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-22
Reviewed by Geoffrey Garen.

This allows arrowfunction-lexical-bind-arguments-top-level test to pass
in jsc as well as in browser.

Source/JavaScriptCore:

  • jsc.cpp:

(GlobalObject::finishCreation):

LayoutTests:

  • js/script-tests/arrowfunction-lexical-bind-arguments-top-level.js:

Removed @ skip annotation.

3:08 AM Changeset in webkit [197093] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r196936 - REGRESSION (r196620): Web Inspector: Filter bar in the left sidebar is 1px shorter than the console prompt
https://bugs.webkit.org/show_bug.cgi?id=154529

Reviewed by Timothy Hatcher.

  • UserInterface/Views/NavigationSidebarPanel.css:

(.sidebar > .panel.navigation > .overflow-shadow):

3:05 AM Changeset in webkit [197092] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r196896 - CodeBlock always visits its unlinked code twice
https://bugs.webkit.org/show_bug.cgi?id=154494

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-21
Reviewed by Saam Barati.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::visitChildren):
The unlinked code is always visited in stronglyVisitStrongReferences.

2:51 AM Changeset in webkit [197091] by Carlos Garcia Campos
  • 6 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r196889 - iframe/frame/object.contentDocument should be on the prototype
https://bugs.webkit.org/show_bug.cgi?id=154409

Reviewed by Sam Weinig.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Move iframe/frame/object.contentDocument to the prototype. They used
to be on the instance due to the [CheckSecurityForNode] IDL extended
attribute. This patch updates the bindings generator so that such
attributes are now on the prototype. While they are now on the
prototype, the security checks are still generated in the
corresponding getters and setters so cross origin access is still
prevented.

Test: http/tests/security/cross-origin-iframe-contentDocument.html

  • bindings/scripts/CodeGeneratorJS.pm:

(AttributeShouldBeOnInstance): Deleted.

LayoutTests:

Add test coverage for trying to access iframe.contentDocument cross origin
to make sure it still fails and logs a security error.

  • http/tests/security/cross-origin-iframe-contentDocument-expected.txt: Added.
  • http/tests/security/cross-origin-iframe-contentDocument.html: Added.
2:35 AM Changeset in webkit [197090] by youenn.fablet@crf.canon.fr
  • 1 edit
    48 copies
    3 adds
    1 delete in trunk/LayoutTests/imported/w3c

Move streams tests from web-platform-tests/streams-api to web-platform-tests/streams
https://bugs.webkit.org/show_bug.cgi?id=154671

Reviewed by Xabier Rodriguez-Calvar.

This will allow preparing resyncing web-platform-tests.

  • web-platform-tests/streams/README.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/README.txt.
  • web-platform-tests/streams/byte-length-queuing-strategy-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/byte-length-queuing-strategy-expected.txt.
  • web-platform-tests/streams/byte-length-queuing-strategy.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/byte-length-queuing-strategy.html.
  • web-platform-tests/streams/byte-length-queuing-strategy.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/byte-length-queuing-strategy.js.
  • web-platform-tests/streams/count-queuing-strategy-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/count-queuing-strategy-expected.txt.
  • web-platform-tests/streams/count-queuing-strategy.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/count-queuing-strategy.html.
  • web-platform-tests/streams/count-queuing-strategy.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/count-queuing-strategy.js.
  • web-platform-tests/streams/readable-streams/bad-strategies-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/bad-strategies-expected.txt.
  • web-platform-tests/streams/readable-streams/bad-strategies.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/bad-strategies.html.
  • web-platform-tests/streams/readable-streams/bad-strategies.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/bad-strategies.js.
  • web-platform-tests/streams/readable-streams/bad-underlying-sources-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/bad-underlying-sources-expected.txt.
  • web-platform-tests/streams/readable-streams/bad-underlying-sources.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/bad-underlying-sources.html.
  • web-platform-tests/streams/readable-streams/bad-underlying-sources.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/bad-underlying-sources.js.
  • web-platform-tests/streams/readable-streams/brand-checks-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/brand-checks-expected.txt.
  • web-platform-tests/streams/readable-streams/brand-checks.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/brand-checks.html.
  • web-platform-tests/streams/readable-streams/brand-checks.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/brand-checks.js.
  • web-platform-tests/streams/readable-streams/cancel-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/cancel-expected.txt.
  • web-platform-tests/streams/readable-streams/cancel.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/cancel.html.
  • web-platform-tests/streams/readable-streams/cancel.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/cancel.js.
  • web-platform-tests/streams/readable-streams/count-queuing-strategy-integration-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/count-queuing-strategy-integration-expected.txt.
  • web-platform-tests/streams/readable-streams/count-queuing-strategy-integration.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/count-queuing-strategy-integration.html.
  • web-platform-tests/streams/readable-streams/count-queuing-strategy-integration.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/count-queuing-strategy-integration.js.
  • web-platform-tests/streams/readable-streams/garbage-collection-1-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/garbage-collection-1-expected.txt.
  • web-platform-tests/streams/readable-streams/garbage-collection-1.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/garbage-collection-1.html.
  • web-platform-tests/streams/readable-streams/garbage-collection-2-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/garbage-collection-2-expected.txt.
  • web-platform-tests/streams/readable-streams/garbage-collection-2.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/garbage-collection-2.html.
  • web-platform-tests/streams/readable-streams/garbage-collection-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/garbage-collection-expected.txt.
  • web-platform-tests/streams/readable-streams/garbage-collection.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/garbage-collection.html.
  • web-platform-tests/streams/readable-streams/garbage-collection.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/garbage-collection.js.
  • web-platform-tests/streams/readable-streams/general-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/general-expected.txt.
  • web-platform-tests/streams/readable-streams/general.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/general.html.
  • web-platform-tests/streams/readable-streams/general.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/general.js.
  • web-platform-tests/streams/readable-streams/pipe-through-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/pipe-through-expected.txt.
  • web-platform-tests/streams/readable-streams/pipe-through.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/pipe-through.html.
  • web-platform-tests/streams/readable-streams/pipe-through.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/pipe-through.js.
  • web-platform-tests/streams/readable-streams/readable-stream-reader-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/readable-stream-reader-expected.txt.
  • web-platform-tests/streams/readable-streams/readable-stream-reader.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/readable-stream-reader.html.
  • web-platform-tests/streams/readable-streams/readable-stream-reader.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/readable-stream-reader.js.
  • web-platform-tests/streams/readable-streams/tee-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/tee-expected.txt.
  • web-platform-tests/streams/readable-streams/tee.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/tee.html.
  • web-platform-tests/streams/readable-streams/tee.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/tee.js.
  • web-platform-tests/streams/readable-streams/templated-expected.txt: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/templated-expected.txt.
  • web-platform-tests/streams/readable-streams/templated.html: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/templated.html.
  • web-platform-tests/streams/readable-streams/templated.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/readable-streams/templated.js.
  • web-platform-tests/streams/resources/rs-test-templates.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/resources/rs-test-templates.js.
  • web-platform-tests/streams/resources/rs-utils.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/resources/rs-utils.js.
  • web-platform-tests/streams/resources/test-initializer.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/resources/test-initializer.js.
  • web-platform-tests/streams/resources/test-utils.js: Renamed from LayoutTests/imported/w3c/web-platform-tests/streams-api/resources/test-utils.js.
2:28 AM Changeset in webkit [197089] by Carlos Garcia Campos
  • 19 edits in releases/WebKitGTK/webkit-2.12

Merge r197038 - CSP: Enable plugin-types directive by default
https://bugs.webkit.org/show_bug.cgi?id=154420
<rdar://problem/24730322>

Reviewed by Brent Fulgham.

Source/WebCore:

  • page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::isExperimentalDirectiveName): Move plugin-types from the directives considered
experimental to...
(WebCore::isCSPDirectiveName): ...the list of standard directives.
(WebCore::ContentSecurityPolicyDirectiveList::addDirective): Move logic to parse the plugin-types
directive outside the ENABLE(CSP_NEXT) macro guarded section/experimental feature runtime flag.

LayoutTests:

  • TestExpectations: Mark http/tests/security/contentSecurityPolicy/1.1/plugintypes*.html tests as PASS so that we run them.
  • http/tests/security/contentSecurityPolicy/1.1/plugintypes-invalid-expected.txt: Update expected result.
  • http/tests/security/contentSecurityPolicy/1.1/plugintypes-invalid.html: Call runTests() following changes to multiple-iframe-plugin-test.js.

Also add closing tags for <body> and <html> to make the document well-formed.

  • http/tests/security/contentSecurityPolicy/1.1/plugintypes-mismatched-data.html: Substitute "Content-Security-Policy" for "X-WebKit-CSP";

no behavior change.

  • http/tests/security/contentSecurityPolicy/1.1/plugintypes-mismatched-url.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/plugintypes-notype-data.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/plugintypes-notype-url-expected.txt: Update expected result.
  • http/tests/security/contentSecurityPolicy/1.1/plugintypes-notype-url.html: Substitute "Content-Security-Policy" for "X-WebKit-CSP";

no behavior change.

  • http/tests/security/contentSecurityPolicy/1.1/plugintypes-nourl-allowed.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/plugintypes-nourl-blocked.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-01.html: Call runTests() following changes to multiple-iframe-plugin-test.js.

Also add closing tags for <body> and <html> to make the document well-formed.

  • http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-02.html: Ditto.
  • http/tests/security/contentSecurityPolicy/resources/echo-object-data.pl: Remove logic to support Content Security Policy header X-WebKit-CSP

as it is sufficient to make use of the standardized header Content-Security-Policy.

  • http/tests/security/contentSecurityPolicy/resources/multiple-iframe-plugin-test.js: Simplify code now that we do not pass query string parameter

experimental to script echo-object-data.pl.
(runTests): Runs all the sub-tests.
(runNextTest.iframe.onload): Formerly named testImpl.iframe.onload.
(runNextTest): Formerly named testImpl. Runs the next sub-test.
(testExperimentalPolicy): Deleted.
(test): Deleted.
(testImpl.iframe.onload): Deleted.
(testImpl): Deleted.
(finishTesting): Deleted.

  • http/tests/security/contentSecurityPolicy/source-list-parsing-no-semicolon-expected.txt: Update expected result based on change to test (below).
  • http/tests/security/contentSecurityPolicy/source-list-parsing-no-semicolon.html: Modified to test that we emit

a console warning when plugin-types is used as a source expression.

2:27 AM Changeset in webkit [197088] by Carlos Garcia Campos
  • 8 edits
    1 copy
    8 adds in releases/WebKitGTK/webkit-2.12

Merge r197007 - CSP: Enable base-uri directive by default
https://bugs.webkit.org/show_bug.cgi?id=154521
<rdar://problem/24762032>

Reviewed by Brent Fulgham.

Source/WebCore:

Tests: http/tests/security/contentSecurityPolicy/1.1/base-uri-default-ignored.html

http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-base-uri-deny.html

  • page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::isExperimentalDirectiveName): Move base-uri from the directives considered
experimental to...
(WebCore::isCSPDirectiveName): ...the list of standard directives.
(WebCore::ContentSecurityPolicyDirectiveList::addDirective): Move logic to parse the base-uri
directive outside the ENABLE(CSP_NEXT) macro guarded section/experimental feature runtime flag.

LayoutTests:

Copy test http/tests/security/contentSecurityPolicy/1.1/base-uri-deny.html to
http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-base-uri-deny.html,
making some minor stylistic changes, and update TestExpectations to skip it because it depends
on the firing of event SecurityPolicyViolationEvent, which is disabled as of the time of writing.
We will enable the firing of this event in <https://bugs.webkit.org/show_bug.cgi?id=154522>.
Repurpose test name base-uri-deny.html to test that the base-uri directive prevents the use of
document base URL without depending on the firing of event SecurityPolicyViolationEvent.

Additionally, add test http/tests/security/contentSecurityPolicy/1.1/base-uri-default-ignored.html
to ensure that we do not fall back to enforcing the default-src directive in absence of
a base-uri directive as per section base-uri of the Content Security Policy 2.0 spec.,
<https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

  • TestExpectations:
  • http/tests/security/contentSecurityPolicy/1.1/base-uri-default-ignored-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/base-uri-default-ignored.html: Added.
  • http/tests/security/contentSecurityPolicy/1.1/base-uri-deny-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/base-uri-deny.html: Repurpose test.
  • http/tests/security/contentSecurityPolicy/1.1/resources/base-href/resources/safe-script.js: Added.
  • http/tests/security/contentSecurityPolicy/1.1/resources/safe-script.js: Added.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-base-uri-deny-expected.txt: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/base-uri-deny-expected.txt.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-base-uri-deny.html: Copied from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/base-uri-deny.html.
  • http/tests/security/contentSecurityPolicy/source-list-parsing-no-semicolon-expected.txt: Update expected result based on change to test (below).
  • http/tests/security/contentSecurityPolicy/source-list-parsing-no-semicolon.html: Modified to test that we emit

a console warning when base-uri is used as a source expression.

2:27 AM Changeset in webkit [197087] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12

Merge r196992 - REGRESSION (r196892): No longer emit error message when CSP form-action directive is used as a source expression
https://bugs.webkit.org/show_bug.cgi?id=154555
<rdar://problem/24776777>

Reviewed by Andy Estes.

Source/WebCore:

Fixes an issue where an error message is not emitted when directive form-action is used as a
source expression. Prior to <http://trac.webkit.org/changeset/196892>, when directive form-action
was used as a source expression a console error message would be emitted with the form:

The Content Security Policy directive 'script-src' contains 'form-action' as a source expression.
Did you mean 'script-src ...; form-action...' (note the semicolon)?

  • page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::isCSPDirectiveName): Return true if the specified directive name is "form-action".

LayoutTests:

Test that we emit a console error message when form-action is used as a source expression.

  • http/tests/security/contentSecurityPolicy/source-list-parsing-no-semicolon-expected.txt:
  • http/tests/security/contentSecurityPolicy/source-list-parsing-no-semicolon.html: Use form-action as a

source expression. Also, use a double quoted (") string literal instead of a single quoted (') string
literal to represent the CSP policy so as to avoid the need to escape embedded single quote characters.

2:26 AM Changeset in webkit [197086] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12

Merge r196892 - CSP: Enable form-action directive by default
https://bugs.webkit.org/show_bug.cgi?id=154520
<rdar://problem/24762029>

Reviewed by Sam Weinig.

Source/WebCore:

  • page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::ContentSecurityPolicyDirectiveList::addDirective): Move logic to parse the form-action
directive outside the ENABLE(CSP_NEXT) macro guarded section/experimental feature runtime flag.
(WebCore::isExperimentalDirectiveName): Remove form-action from the directives considered
experimental.

LayoutTests:

Mark form-action tests as Pass so that we run them.

2:26 AM Changeset in webkit [197085] by Carlos Garcia Campos
  • 2 edits
    6 moves in releases/WebKitGTK/webkit-2.12/LayoutTests

Merge r196878 - Attempt to fix the Content Extension test failures following <https://trac.webkit.org/changeset/196875>
(https://bugs.webkit.org/show_bug.cgi?id=154307)

Convert Content Extension tests that use the Content Security Policy directive report-uri from HTML files
to PHP scripts and modified them to define the content security policy for the page via the Content-Security-Policy
HTTP header instead of via a meta element so that the report-uri directive is honored. Following
<https://trac.webkit.org/changeset/196875> the directive report-uri is only honored when contained in a
policy that is delivered via an HTTP header. That is, it is no longer honored when delivered in a meta element.

  • http/tests/contentextensions/block-cookies-in-csp-report.php: Renamed from LayoutTests/http/tests/contentextensions/block-cookies-in-csp-report.html.
  • http/tests/contentextensions/block-csp-report.php: Renamed from LayoutTests/http/tests/contentextensions/block-csp-report.html.
  • http/tests/contentextensions/hide-on-csp-report.php: Renamed from LayoutTests/http/tests/contentextensions/hide-on-csp-report.html.

Merge r196879 - Another attempt to fix the Content Extension test failures following <https://trac.webkit.org/changeset/196875>
(https://bugs.webkit.org/show_bug.cgi?id=154307)

Rename Content Extension JSON files so that they are associated with tests http/tests/contentextensions/block-cookies-in-csp-report.php
http/tests/contentextensions/block-csp-report.php and http/tests/contentextensions/hide-on-csp-report.php. These
files were formerly named block-cookies-in-csp-report.html, block-csp-report.html, and hide-on-csp-report.html,
respectively, prior to <https://trac.webkit.org/changeset/196878>. Also, update expected result for test block-csp-report.html
following <https://trac.webkit.org/changeset/196878>.

  • http/tests/contentextensions/block-cookies-in-csp-report.php.json: Renamed from LayoutTests/http/tests/contentextensions/block-cookies-in-csp-report.html.json.
  • http/tests/contentextensions/block-csp-report-expected.txt:
  • http/tests/contentextensions/block-csp-report.php.json: Renamed from LayoutTests/http/tests/contentextensions/block-csp-report.html.json.
  • http/tests/contentextensions/hide-on-csp-report.php.json: Renamed from LayoutTests/http/tests/contentextensions/hide-on-csp-report.html.json.
2:26 AM Changeset in webkit [197084] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.12

Merge r196877 - CSP: Violation report should include column number
https://bugs.webkit.org/show_bug.cgi?id=154418
<rdar://problem/24729525>

Reviewed by Brent Fulgham.

Source/WebCore:

Include column-number in the Content Security Policy violation report for the column number
in the source script where the violation occurred (for a script violation) as per section
Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

When a CSP report is created for a script violation the source file and line number of the
source code line where the violation occurred are included in the report. We now include
the column number in the source file where the violation occurred so as to help narrow
down the operation that triggered the violation in a complicated source code line.

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::reportViolation):

LayoutTests:

Update expected results to include source file column information where the violation occurred.

  • http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt:
2:26 AM Changeset in webkit [197083] by Carlos Garcia Campos
  • 24 edits
    1 move
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r196876 - CSP: Violation report should include HTTP status code and effective-directive of protected resource
https://bugs.webkit.org/show_bug.cgi?id=154288
<rdar://problem/24674982>
And
https://bugs.webkit.org/show_bug.cgi?id=115707
<rdar://problem/24383128>

Reviewed by Brent Fulgham.

Source/WebCore:

Include status-code and effective-directive in the Content Security Policy violation report for
the HTTP status code of the protected resource and name of the policy directive that was violated,
respectively, as per section Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Test: http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::reportViolation): Add key status-code to the report with value
equal to the HTTP response code for the document or 0 depending on whether the document was
delivered over HTTP or not. Additionally, remove ENABLE(CSP_NEXT)-guard/experimentalFeaturesEnabled()-condition
around code to include the effective-directive property in the report.

LayoutTests:

Add new test http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html to ensure
that the CSP report property status-code is 0 when the protected document is delivered over HTTPS. Fix a
correctness issue in the result for test http/tests/security/contentSecurityPolicy/report-blocked-file-uri.html
and update the expected results for the following tests now that the CSP violation report includes properties
status-code and effective-directive:

http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php
http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.php
http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.php

The rest of the changes to the expected results are cosmetic and reflect the difference in wording for inline
script violations between WebKit and Blink. We will consider adopting wording similar to Blink in
<https://bugs.webkit.org/show_bug.cgi?id=153242>.

  • TestExpectations: Remove entries for tests that now pass. Add test http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.php.
  • http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt:
  • http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive.html. The report-uri

directive is only honored when defined in a policy delivered via an HTTP header. We convert this
HTML file to a PHP script to be able to deliver a Content-Security-Policy HTTP header.

  • http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt: Cosmetic change.
  • http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt: Update expected result now

that the report includes properties status-code and effective-directive.

  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/report-only-expected.txt: Cosmetic change.
  • http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt: Update expected result now

that the report includes properties status-code and effective-directive.

  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt: Cosmetic change.
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt: Update expected result now

that the report includes properties status-code and effective-directive.

  • http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html: Added.
  • http/tests/security/contentSecurityPolicy/report-uri-expected.txt: Cosmetic change.
  • http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt: Cosmetic change.
  • http/tests/security/contentSecurityPolicy/report-uri-from-child-frame.html: Fix ill-formed markup; substitute </iframe> for </script>.
  • http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt: Cosmetic change.
  • http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt: Ditto.
2:25 AM Changeset in webkit [197082] by Carlos Garcia Campos
  • 22 edits
    16 moves
    3 adds
    2 deletes in releases/WebKitGTK/webkit-2.12

Merge r196875 - CSP: report-url directive should be ignored when contained in a policy defined via a meta element
https://bugs.webkit.org/show_bug.cgi?id=154307
<rdar://problem/24684817>

Reviewed by Brent Fulgham.

Source/WebCore:

The Content Security Policy report-uri directive should only be honored when defined via an HTTP header
as per section report-uri of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Currently we honor the report-uri directive when enforcing or monitoring a policy defined either via
an HTML meta element or an HTTP header. Instead we should only honor this directive when defined
via an HTTP header and log a message to the Web Inspector console to explain that the directive
was ignored as suggested in <https://www.w3.org/TR/2015/CR-CSP2-20150721/#delivery-html-meta-element>.

Test: http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html

  • page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::ContentSecurityPolicyDirectiveList::parse): Modified to ignore the directive report-uri when
the Content Security Policy came from an HTML meta element.

LayoutTests:

Add new test http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html and rename and modify
existing tests to make them PHP scripts that emit a Content Security Policy HTTP header.

In addition, remove file http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html that
is no longer meaningful now that we do not honor the report-uri directive defined in a policy via a meta
element. Moreover, we have not made use of this file since <http://trac.webkit.org/changeset/176413>.

  • TestExpectations: Update entries for renames.
  • http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-and-enforce.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce.html.
  • http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-blocked-data-uri.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-data-uri.html.
  • http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-blocked-file-uri.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri.html.
  • http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin.html.
  • http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-blocked-uri.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri.html.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.html.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.html.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.html.
  • http/tests/security/contentSecurityPolicy/report-only-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-only.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-only.html.
  • http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.html.
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.html.
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.html.
  • http/tests/security/contentSecurityPolicy/report-uri-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript.html.
  • http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-uri-from-javascript.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-javascript.html.
  • http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-uri-in-meta-tag-ignored.html: Added.
  • http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt:
  • http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.html: Removed.
  • http/tests/security/contentSecurityPolicy/report-uri-scheme-relative.php: Added.
  • http/tests/security/contentSecurityPolicy/report-uri.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/report-uri.html.
  • http/tests/security/contentSecurityPolicy/resources/generate-csp-report.html: Removed. For completeness, we have

not made use of this file since <http://trac.webkit.org/changeset/176413>.

  • http/tests/security/contentSecurityPolicy/resources/generate-csp-report.php:
  • http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.html.
  • platform/wk2/TestExpectations: Update entries for renames.
2:23 AM Changeset in webkit [197081] by Carlos Garcia Campos
  • 7 edits
    2 moves
    6 adds
    6 deletes in releases/WebKitGTK/webkit-2.12

Merge r196874 - CSP: sandbox directive should be ignored when contained in a policy defined via a meta element
https://bugs.webkit.org/show_bug.cgi?id=154299
<rdar://problem/24680433>

Reviewed by Brent Fulgham.

Source/WebCore:

The Content Security Policy sandbox directive should only be honored when enforcing a policy
defined via an HTTP header as per section sandbox of the Content Security Policy 2.0 spec.,
<https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Currently we honor the sandbox directive when enforcing a policy defined either via an HTML
meta element or an HTTP header. Instead we should only honor this directive when defined
via an HTTP header and log a message to the Web Inspector console to explain that the directive
was ignored as suggested in <https://www.w3.org/TR/2015/CR-CSP2-20150721/#delivery-html-meta-element>.

Tests: http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php

http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe.php
http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header.php
http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored.html

  • dom/Document.cpp:

(WebCore::Document::processHttpEquiv): Substitute ContentSecurityPolicy::processHTTPEquiv() for
ContentSecurityPolicy::didReceiveHeader() as the latter was made private.

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::copyStateFrom): Updated as needed based on ContentSecurityPolicy::didReceiveHeader() change below.
(WebCore::ContentSecurityPolicy::didReceiveHeaders): Ditto.
(WebCore::ContentSecurityPolicy::didReceiveHeader): Modified to take argument of type ContentSecurityPolicy::PolicyFrom
and pass it through to ContentSecurityPolicyDirectiveList::create().
(WebCore::ContentSecurityPolicy::reportInvalidDirectiveInHTTPEquivMeta): Logs a message to the Web Inspector console
that the specified directive was ignored because it was delivered via an HTML meta element.

  • page/csp/ContentSecurityPolicy.h: Made member function ContentSecurityPolicy::didReceiveHeader() private. Defined

enum class PolicyFrom to represent the source of the Content Security Policy: HTTP equiv meta element, HTTP header, or
inherited from another ContentSecurityPolicy object (this value is only used by ContentSecurityPolicy::copyStateFrom()).
(WebCore::ContentSecurityPolicy::processHTTPEquiv): Added; turns around and calls ContentSecurityPolicy::didReceiveHeader().
The name of this function better describes its purpose - to handle the processing of a Content Security Policy
delivered via <meta http-equiv="Content-Security-Policy" content="...">.

  • page/csp/ContentSecurityPolicyDirectiveList.cpp:

(WebCore::ContentSecurityPolicyDirectiveList::create): Modified to take argument of type ContentSecurityPolicy::PolicyFrom
as pass it through to ContentSecurityPolicyDirectiveList::parse().
(WebCore::ContentSecurityPolicyDirectiveList::parse): Modified to ignore the directive sandbox when the Content Security
Policy came from an HTML meta element.

  • page/csp/ContentSecurityPolicyDirectiveList.h:

LayoutTests:

Add test http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored.html to ensure that we ignore
the sandbox directive when delivered via an HTML meta element and log a message to the Web Inspector console.

Remove tests http/tests/security/contentSecurityPolicy/sandbox-{allow-scripts-subframe, empty, empty-subframe}.html
that are no longer meaningful now that we ignore the sandbox directive when delivered via an HTML meta element and
create analogous tests for when the sandbox directive is delivered via an HTTP header.

  • http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2-expected.txt: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-expected.txt.
  • http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header2.php: Renamed from LayoutTests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts.html.
  • http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-subframe.html: Removed.

This test is no longer meaningful now that we ignore the sandbox directive when delivered via an HTML meta element.
An analogous test for when the directive is delivered via an HTTP header is http/tests/security/contentSecurityPolicysandbox-allow-scripts-in-http-header.html.

  • http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe.php: Added. Derived from test http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html.
  • http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header.php: Added. Derived from test http/tests/security/contentSecurityPolicy/sandbox-empty.html.
  • http/tests/security/contentSecurityPolicy/sandbox-empty-subframe-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html: Removed.

This test is no longer meaningful now that we ignore the sandbox directive when delivered via an HTML meta element.
The analogous test for when the directive is delivered via an HTTP header is http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header-inherited-by-subframe.php.

  • http/tests/security/contentSecurityPolicy/sandbox-empty-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/sandbox-empty.html: Removed.

This test is no longer meaningful now that we ignore the sandbox directive when delivered via an HTML meta element.
The analogous test for when the directive is delivered via an HTTP header is http/tests/security/contentSecurityPolicy/sandbox-empty-in-http-header.php.

  • http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/sandbox-in-meta-tag-ignored.html: Added.
2:04 AM Changeset in webkit [197080] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r196869 - Web Inspector: Opacity slider thumb sometimes goes past the bar in Visual Styles sidebar
https://bugs.webkit.org/show_bug.cgi?id=154497

Patch by Devin Rousso <Devin Rousso> on 2016-02-20
Reviewed by Timothy Hatcher.

Since WebInspector.Slider uses CSS transforms to move the slider knob
along the track, if the width of the track changes then the position
of the knob would stay the same since it was translated instead of
adjusting its position relative to the new width.

  • UserInterface/Views/Slider.js:

(WebInspector.Slider.prototype.recalculateKnobX):
Resets the maxX value to 0 to ensure that a new maxX is calculated with
the current width.

  • UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.js:

(WebInspector.VisualStyleCommaSeparatedKeywordEditor.prototype.set specifiedWidth): Deleted.
(WebInspector.VisualStyleCommaSeparatedKeywordEditor.prototype.recalculateWidth):

  • UserInterface/Views/VisualStyleDetailsPanel.js:

(WebInspector.VisualStyleDetailsPanel.prototype.widthDidChange):
(WebInspector.VisualStyleDetailsPanel.prototype._updateProperties):
(WebInspector.VisualStyleDetailsPanel.prototype._populateDisplaySection):

  • UserInterface/Views/VisualStyleUnitSlider.js:

(WebInspector.VisualStyleUnitSlider.prototype.recalculateWidth):

2:02 AM Changeset in webkit [197079] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r196867 - Web Inspector: Visual Styles: Modifying background expands Font section
https://bugs.webkit.org/show_bug.cgi?id=154491
<rdar://problem/24755440>

Patch by Devin Rousso <Devin Rousso> on 2016-02-20
Reviewed by Timothy Hatcher.

When the user selects a new style, the Visual sidebar examines the property
editors in each subsection to see if any have a value and expands/collapses
the subsection accordingly. This issue was happening because that logic was
also being triggered when the user didn't select a new style, which is
controlled by DOMNodeStyles and the significantChange value in refresh().

  • UserInterface/Base/Utilities.js:

(String.prototype.toCamelCase):
Added utility function to transform a string into a camel-cased version.

  • UserInterface/Models/DOMNodeStyles.js:

(WebInspector.DOMNodeStyles.prototype.refresh.fetchedComputedStyle):
Dropped unused variable and added checks to make sure doubly-matching styles
don't count as a significant change and cause refreshes of the styles sidebar.

  • UserInterface/Views/VisualStyleDetailsPanel.js:

(WebInspector.VisualStyleDetailsPanel.prototype._updateSections):
If this function has an event, meaning it was triggered by a newly selected
selector in the selector section, loop through each subsection and perform
the logic described above, but instead only to open sections.

(WebInspector.VisualStyleDetailsPanel.prototype._generateSection.replaceDashWithCapital): Deleted.
(WebInspector.VisualStyleDetailsPanel.prototype._updateProperties):
Removed logic that was already being called by _sectionModified().

2:00 AM Changeset in webkit [197078] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r196864 - Resolve style iteratively
https://bugs.webkit.org/show_bug.cgi?id=154355

Reviewed by Andreas Kling.

Instead of a set of recursive functions use ComposedTreeIterator for traversing the DOM
tree in composed tree order.

This, along with maintaining explicit parent stack makes style resolve code more tractable
for future work.

It also makes the ComposedTreeIterator the definite authority for the shape of the composed tree
instead of duplicating it as a set of recursive style resolve functions. This eliminates
a significant source of bugs and confusion.

The render tree building code path remains recursive for now.

  • css/StyleInvalidationAnalysis.cpp:

(WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):

Invalidate the host element instead of the shadow root. This reduces need for special handling for shadow roots.

  • dom/ComposedTreeIterator.cpp:

(WebCore::ComposedTreeIterator::initializeContextStack):
(WebCore::ComposedTreeIterator::dropAssertions):

Add support for dropping DOM mutation assertions.

(WebCore::ComposedTreeIterator::traverseShadowRoot):

  • dom/ComposedTreeIterator.h:

(WebCore::ComposedTreeIterator::context):
(WebCore::ComposedTreeIterator::current):

  • dom/PseudoElement.h:
  • style/StyleTreeResolver.cpp:

(WebCore::Style::TreeResolver::TreeResolver):
(WebCore::Style::TreeResolver::Scope::Scope):
(WebCore::Style::TreeResolver::Parent::Parent):
(WebCore::Style::TreeResolver::pushScope):
(WebCore::Style::resetStyleForNonRenderedDescendants):
(WebCore::Style::pseudoStyleCacheIsInvalid):
(WebCore::Style::TreeResolver::resolveElement):
(WebCore::Style::resolveTextNode):
(WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
(WebCore::Style::TreeResolver::pushParent):
(WebCore::Style::TreeResolver::popParent):
(WebCore::Style::TreeResolver::popParentsToDepth):

Maintain explicit parent stack.

(WebCore::Style::TreeResolver::resolveComposedTree):

The main loop that iterates over the composed tree and computes style for dirty elements.

(WebCore::Style::TreeResolver::resolve):
(WebCore::Style::detachRenderTree):
(WebCore::Style::TreeResolver::resolveLocally): Deleted.
(WebCore::Style::TreeResolver::resolveChildAtShadowBoundary): Deleted.
(WebCore::Style::TreeResolver::resolveShadowTree): Deleted.
(WebCore::Style::TreeResolver::resolveChildren): Deleted.
(WebCore::Style::TreeResolver::resolveSlotAssignees): Deleted.
(WebCore::Style::TreeResolver::resolveRecursively): Deleted.

Recursive functions go away.

  • style/StyleTreeResolver.h:

(WebCore::Style::TreeResolver::scope):
(WebCore::Style::TreeResolver::parent):

2:00 AM Changeset in webkit [197077] by Carlos Garcia Campos
  • 7 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r196833 - ComposedTreeIterator traverses normal children for elements with empty shadow root
https://bugs.webkit.org/show_bug.cgi?id=154464

Reviewed by Ryosuke Niwa.

Source/WebCore:

Test: fast/shadow-dom/composed-tree-basic.html

  • dom/ComposedTreeIterator.cpp:

(WebCore::ComposedTreeIterator::initializeContextStack):
(WebCore::ComposedTreeIterator::traverseShadowRoot):

If the shadow root is empty continue by skipping the real children.

(WebCore::ComposedTreeIterator::traverseNextInShadowTree):
(WebCore::composedTreeAsText):
(WebCore::ComposedTreeIterator::pushContext): Deleted.

  • dom/ComposedTreeIterator.h:

(WebCore::ComposedTreeIterator::context):
(WebCore::ComposedTreeIterator::current):
(WebCore::ComposedTreeIterator::traverseNext):
(WebCore::composedTreeChildren):

  • testing/Internals.cpp:

(WebCore::Internals::composedTreeAsText):

Testing support.

  • testing/Internals.h:
  • testing/Internals.idl:

LayoutTests:

  • fast/shadow-dom/composed-tree-basic-expected.txt: Added.
  • fast/shadow-dom/composed-tree-basic.html: Added.
1:48 AM Changeset in webkit [197076] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r196863 - Web Inspector: Text Align segmented control blinks while editing other properties in Visual Styles sidebar
https://bugs.webkit.org/show_bug.cgi?id=154487
<rdar://problem/24754703>

Patch by Devin Rousso <Devin Rousso> on 2016-02-20
Reviewed by Timothy Hatcher.

The icon list property editor blinking issue was caused by the fact that
the selected value was toggled on/off each time the value was set on the
editor. In order to prevent this, the logic for the setter value() was
modified to just match a keyword icon to the given value and select it.

  • UserInterface/Views/VisualStyleKeywordIconList.js:

(WebInspector.VisualStyleKeywordIconList.prototype.set value):
(WebInspector.VisualStyleKeywordIconList.prototype._handleKeywordChanged):

1:47 AM Changeset in webkit [197075] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r196857 - Web Inspector: Placeholder text in Visual Styles sidebar table row should be white
https://bugs.webkit.org/show_bug.cgi?id=154488
<rdar://problem/24754715>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/VisualStyleCommaSeparatedKeywordEditor.css:

(.visual-style-property-container.comma-separated-keyword-editor > .visual-style-property-value-container > .visual-style-comma-separated-keyword-list > .visual-style-comma-separated-keyword-item > .titles > .subtitle):

1:46 AM Changeset in webkit [197074] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r196855 - Web Inspector: Inherited selector rows have text too low
https://bugs.webkit.org/show_bug.cgi?id=154489
<rdar://problem/24754774>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/VisualStyleSelectorSection.css:

(.details-section.visual-style-selector-section > .content > .selectors > .selector-list > .section-divider):

1:45 AM Changeset in webkit [197073] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r196852 - Web Inspector: Color picker in Visual Styles sidebar should not default to zero alpha
https://bugs.webkit.org/show_bug.cgi?id=154474
<rdar://problem/24750217>

Patch by Devin Rousso <Devin Rousso> on 2016-02-19
Reviewed by Timothy Hatcher.

  • UserInterface/Views/InlineSwatch.js:

(WebInspector.InlineSwatch.prototype._fallbackValue):
Changed the fallback value for color from transparent to white so that
the color picker starts out with an alpha value of 1.

(WebInspector.InlineSwatch.prototype._handleContextMenuEvent):
Prevents context menu events from having an effect if there is no value
for them to modify.

1:43 AM Changeset in webkit [197072] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r196851 - Use more concrete types for parsing positions
https://bugs.webkit.org/show_bug.cgi?id=154481

Reviewed by Dean Jackson.

Use CSSPrimitiveValues for position-parsing functions where possible, to avoid
the need to downcast<> the values returned by the parsing functions.

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseValue):
(WebCore::CSSParser::parsePositionX):
(WebCore::CSSParser::parsePositionY):
(WebCore::CSSParser::parse4ValuesFillPosition):
(WebCore::CSSParser::parse3ValuesFillPosition):
(WebCore::CSSParser::parseFillPosition):
(WebCore::CSSParser::parse2ValuesFillPosition):
(WebCore::CSSParser::parseFillProperty):
(WebCore::CSSParser::parseTransformOriginShorthand):
(WebCore::CSSParser::parseBasicShapeCircle):
(WebCore::CSSParser::parseBasicShapeEllipse):
(WebCore::CSSParser::parseDeprecatedRadialGradient):
(WebCore::CSSParser::parseRadialGradient):
(WebCore::CSSParser::parseTransformOrigin):
(WebCore::CSSParser::parsePerspectiveOrigin):

  • css/CSSParser.h:
1:40 AM Changeset in webkit [197071] by Carlos Garcia Campos
  • 5 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r196849 - JSObject::getPropertySlot - index-as-propertyname, override on prototype, & shadow
https://bugs.webkit.org/show_bug.cgi?id=154416

Reviewed by Geoff Garen.

Source/JavaScriptCore:

Here's the bug. Suppose you call JSObject::getOwnProperty and -

  • PropertyName contains an index,
  • An object on the prototype chain overrides getOwnPropertySlot, and has that index property,
  • The base of the access (or another object on the prototype chain) shadows that property.

JSObject::getPropertySlot is written assuming the common case is that propertyName is not an
index, and as such walks up the prototype chain looking for non-index properties before it
tries calling parseIndex.

At the point we reach an object on the prototype chain overriding getOwnPropertySlot (which
would potentially return the property) we may have already skipped over non-overriding
objects that contain the property in index storage.

  • runtime/JSObject.h:

(JSC::JSObject::getOwnNonIndexPropertySlot):

  • renamed from inlineGetOwnPropertySlot to better describe behaviour; added ASSERT guarding that this method never returns index properties - if it ever does, this is unsafe for getPropertySlot.

(JSC::JSObject::getOwnPropertySlot):

  • inlineGetOwnPropertySlot -> getOwnNonIndexPropertySlot.

(JSC::JSObject::getPropertySlot):

  • In case of object overriding getOwnPropertySlot check if propertyName is an index.

(JSC::JSObject::getNonIndexPropertySlot):

  • called by getPropertySlot if we encounter an object that overrides getOwnPropertySlot, in order to avoid repeated calls to parseIndex.

(JSC::JSObject::inlineGetOwnPropertySlot): Deleted.

  • this was renamed to getOwnNonIndexPropertySlot.

(JSC::JSObject::fastGetOwnPropertySlot): Deleted.

  • this was folded back in to getPropertySlot.

Source/WebCore:

  • testing/Internals.cpp:

(WebCore::Internals::isReadableStreamDisturbed):

  • fastGetOwnPropertySlot -> getOwnPropertySlot (internal method removed; test shouldn't really have been using this anyway)

LayoutTests:

  • js/index-property-shadows-overriden-get-own-property-slot-expected.txt: Added.
  • js/index-property-shadows-overriden-get-own-property-slot.html: Added.
  • js/script-tests/index-property-shadows-overriden-get-own-property-slot.js: Added.

(test):

  • added test case.
1:16 AM Changeset in webkit [197070] by Carlos Garcia Campos
  • 11 edits in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r196873 - bmalloc: Don't use a whole page for metadata
https://bugs.webkit.org/show_bug.cgi?id=154510

Reviewed by Andreas Kling.

(1) Don't round up metadata to a page boundary. This saves 1.5% dirty
memory on iOS and 0.2% on Mac. It also enables a future patch to allocate
smaller chunks without wasting memory.

(2) Initialize metadata lazily. This saves dirty memory when the program
allocates primarily small or large objects (but not both), leaving some
metadata uninitialized.

  • bmalloc.xcodeproj/project.pbxproj: Medium objects are gone now.
  • bmalloc/BumpAllocator.h:

(bmalloc::BumpAllocator::refill): Added an ASSERT to help debug a bug
I cause while working on this patch.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::allocateSmallBumpRanges): Ditto.

(bmalloc::Heap::splitAndAllocate):
(bmalloc::Heap::allocateLarge): Updated for interface change.

  • bmalloc/LargeChunk.h: Changed the boundaryTagCount calculation to

a static_assert.

Don't round up to page boundary. (See above.)

(bmalloc::LargeChunk::LargeChunk): Moved code here from LargeChunk::init.
A constructor is a more natural / automatic way to do this initialization.

  • bmalloc/LargeObject.h:

(bmalloc::LargeObject::init): Deleted. Moved to LargeChunk.

  • bmalloc/Sizes.h: Chagned largeChunkMetadataSize to a simpler constant

because metadata size no longer varies by page size.

  • bmalloc/SmallChunk.h:

(bmalloc::SmallChunk::begin):
(bmalloc::SmallChunk::end):
(bmalloc::SmallChunk::lines):
(bmalloc::SmallChunk::pages): Use std::array to make begin/end
calculations easier.

(bmalloc::SmallChunk::SmallChunk): Treat our metadata like a series
of allocated objects. We used to avoid trampling our metadata by
starting object memory at the next page. Now we share the first page
between metadata and objects, and we account for metadata explicitly.

  • bmalloc/SuperChunk.h:

(bmalloc::SuperChunk::SuperChunk):
(bmalloc::SuperChunk::smallChunk):
(bmalloc::SuperChunk::largeChunk):
(bmalloc::SuperChunk::create): Deleted. Don't eagerly run the SmallChunk
and LargeChunk constructors. We'll run them lazily as needed.

  • bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::VMHeap):
(bmalloc::VMHeap::allocateSmallChunk):
(bmalloc::VMHeap::allocateLargeChunk):
(bmalloc::VMHeap::allocateSuperChunk):
(bmalloc::VMHeap::grow): Deleted. Track small and large chunks explicitly
so we can initialize them lazily.

  • bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateSmallPage):
(bmalloc::VMHeap::allocateLargeObject): Specify whether we're allocating
a small or large chunk since we don't allocate both at once anymore.

Fixed compilation of bmalloc with GCC 4.8 after r196873.
https://bugs.webkit.org/show_bug.cgi?id=154534

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-22
Reviewed by Mark Lam.

See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=55382.

  • bmalloc/LargeChunk.h:
  • bmalloc/SmallChunk.h:
1:15 AM Changeset in webkit [197069] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r196871 - Use of inlined asm statements causes problems for -std=c99 builds.
https://bugs.webkit.org/show_bug.cgi?id=154507

Reviewed by Dan Bernstein.

Source/bmalloc:

  • bmalloc/BAssert.h:

Source/WTF:

WTF's Assertions.h may inadvertantly get included by other projects that are built
with -std=c99. The use of the inlined asm statements with the keyword "asm" is
not recognized when the -std compiler flag is used.

https://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html says "When writing code that
can be compiled with -ansi and the various -std options, use asm instead of
asm (see Alternate Keywords)."

So, to be a good citizen, we can change the use of "asm" in CRASH() to "asm"
so that we don't break the build of such other projects.

  • wtf/Assertions.h:
1:15 AM Changeset in webkit [197068] by Carlos Garcia Campos
  • 8 edits
    4 deletes in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r196847 - bmalloc: Chunk, Page, and Line don't need to be class templates
https://bugs.webkit.org/show_bug.cgi?id=154480

Reviewed by Gavin Barraclough.

We needed class templates to distinguish between small and medium,
but medium is gone now.

  • bmalloc.xcodeproj/project.pbxproj:
  • bmalloc/Chunk.h: Removed.
  • bmalloc/Heap.cpp:

(bmalloc::Heap::initializeLineMetadata):
(bmalloc::Heap::allocateSmallBumpRanges):

  • bmalloc/Heap.h:
  • bmalloc/Line.h: Removed.
  • bmalloc/Page.h: Removed.
  • bmalloc/Sizes.h:
  • bmalloc/SmallChunk.h: Replaced with Source/bmalloc/bmalloc/Chunk.h.

(bmalloc::SmallChunk::begin):
(bmalloc::SmallChunk::end):
(bmalloc::SmallChunk::lines):
(bmalloc::SmallChunk::pages):
(bmalloc::SmallChunk::get):
(bmalloc::SmallLine::get):
(bmalloc::SmallLine::begin):
(bmalloc::SmallLine::end):
(bmalloc::SmallPage::get):
(bmalloc::SmallPage::begin):
(bmalloc::SmallPage::end):
(bmalloc::Chunk::begin): Deleted.
(bmalloc::Chunk::end): Deleted.
(bmalloc::Chunk::lines): Deleted.
(bmalloc::Chunk::pages): Deleted.

  • bmalloc/SmallLine.h: Replaced with Source/bmalloc/bmalloc/Line.h.

(bmalloc::SmallLine::ref):
(bmalloc::SmallLine::deref):
(bmalloc::Line<Traits>::begin): Deleted.
(bmalloc::Line<Traits>::end): Deleted.
(bmalloc::Line<Traits>::ref): Deleted.
(bmalloc::Line<Traits>::deref): Deleted.

  • bmalloc/SmallPage.h: Replaced with Source/bmalloc/bmalloc/Page.h.

(bmalloc::SmallPage::hasFreeLines):
(bmalloc::SmallPage::setHasFreeLines):
(bmalloc::SmallPage::ref):
(bmalloc::SmallPage::deref):
(bmalloc::Page::hasFreeLines): Deleted.
(bmalloc::Page::setHasFreeLines): Deleted.
(bmalloc::Page<Traits>::ref): Deleted.
(bmalloc::Page<Traits>::deref): Deleted.

  • bmalloc/SmallTraits.h: Removed.

Unreviewed. Fix debug build error since r196847

Fix gcc build warning appeared as below
by removing BASSERT(refCount <= maxRefCount).
error: comparison is always true due to limited range of data type
[-Werror=type-limits]

  • bmalloc/SmallLine.h:

(bmalloc::SmallLine::ref): Deleted.

1:15 AM Changeset in webkit [197067] by Carlos Garcia Campos
  • 19 edits
    4 deletes in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r196845 - bmalloc: Remove the concept of medium objects
https://bugs.webkit.org/show_bug.cgi?id=154436

Reviewed by Sam Weinig.

There's no need to distinguish medium objects from small: Small object
metadata works naturally for both as long as we allow an object to
span more than two small lines. (We already allow an object to span
more than one small line.)

This change reduces memory use because it eliminates the 1kB line size,
so we don't have to hold down 1kB lines for individual 264+ byte objects.

1kB lines were always a bit of a compromise. The main point of bump
allocation is to take advantage of cache lines. Cache lines are usually
64 bytes, so line sizes above 256 bytes are a bit of a stretch.

This change speeds up small object benchmarks because it eliminates the
branch to detect medium objects in deallocation log processing.

This change reduces virtual memory use from worst cast 4X to worst case
2X because the medium chunk is gone. iOS cares about virtual memory use
and terminates apps above ~1GB, so this change gives us more breathing room.

This change slows down medium benchmarks a bit because we end up doing
more work to recycle fragmented medium objects. Overall, the tradeoff
seems justified, since we have a net speedup and a memory use savings.

  • bmalloc.xcodeproj/project.pbxproj: Removed all the medium files. We

can simplify even further in a follow-up patch, removing the base class
templates for Chunk, Page, and Line as well.

  • bmalloc/Allocator.cpp:

(bmalloc::Allocator::Allocator):
(bmalloc::Allocator::allocate):
(bmalloc::Allocator::reallocate):
(bmalloc::Allocator::scavenge):
(bmalloc::Allocator::refillAllocatorSlowCase):
(bmalloc::Allocator::refillAllocator):
(bmalloc::Allocator::allocateSlowCase): Medium is gone. Small max is the
new medium max.

  • bmalloc/Allocator.h:

(bmalloc::Allocator::allocateFastCase): Ditto.

  • bmalloc/BumpAllocator.h:

(bmalloc::BumpAllocator::validate):
(bmalloc::BumpAllocator::allocate): No more medium.

  • bmalloc/Chunk.h: No more medium.
  • bmalloc/Deallocator.cpp:

(bmalloc::Deallocator::processObjectLog): No check for medium. This is
a speedup.

(bmalloc::Deallocator::deallocateSlowCase): No more medium.

  • bmalloc/Deallocator.h:

(bmalloc::Deallocator::deallocateFastCase): Ditto.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::initializeLineMetadata): The algorithm here changed from
iterating each line to iterating each object. This helps us accomodate
objects that might span more than two lines -- i.e., all objects between
(512 bytes, 1024 bytes].

(bmalloc::Heap::scavenge):
(bmalloc::Heap::scavengeSmallPages):
(bmalloc::Heap::scavengeLargeObjects): Medium is gone.

(bmalloc::Heap::allocateSmallBumpRanges): Allow for lines that allocate
zero objects. This happens when an object spans more than two lines --
the middle lines allocate zero objects.

Also set the "has free lines" bit to false if we consume the last free
line. This needs to be a bit now because not all pages agree on their
maximum refcount anymore, so we need an explicit signal for the transition
from maximum to maximum - 1.

(bmalloc::Heap::allocateSmallPage): This code didn't change; I just removed
the medium code.

(bmalloc::Heap::deallocateSmallLine): Changed the algorithm to check
hasFreeLines. See allocateSmallBumpRanges.

(bmalloc::Heap::scavengeMediumPages): Deleted.
(bmalloc::Heap::allocateMediumBumpRanges): Deleted.
(bmalloc::Heap::allocateMediumPage): Deleted.
(bmalloc::Heap::deallocateMediumLine): Deleted.

  • bmalloc/Heap.h:

(bmalloc::Heap::derefMediumLine): Deleted.

  • bmalloc/LargeChunk.h:

(bmalloc::LargeChunk::get):
(bmalloc::LargeChunk::endTag):

  • bmalloc/Line.h: No more medium.
  • bmalloc/MediumChunk.h: Removed.
  • bmalloc/MediumLine.h: Removed.
  • bmalloc/MediumPage.h: Removed.
  • bmalloc/MediumTraits.h: Removed.
  • bmalloc/ObjectType.cpp:

(bmalloc::objectType):

  • bmalloc/ObjectType.h:

(bmalloc::isSmall):
(bmalloc::isXLarge):
(bmalloc::isSmallOrMedium): Deleted.
(bmalloc::isMedium): Deleted. No more medium.

  • bmalloc/Page.h:

(bmalloc::Page::sizeClass):
(bmalloc::Page::setSizeClass):
(bmalloc::Page::hasFreeLines):
(bmalloc::Page::setHasFreeLines): Add the free lines bit. You get better
codegen if you make it the low bit, since ref / deref can then add / sub

  1. So do that.
  • bmalloc/Sizes.h:

(bmalloc::Sizes::sizeClass): Expand the small size class to include the
medium size class.

  • bmalloc/SuperChunk.h:

(bmalloc::SuperChunk::SuperChunk):
(bmalloc::SuperChunk::smallChunk):
(bmalloc::SuperChunk::largeChunk):
(bmalloc::SuperChunk::mediumChunk): Deleted. No more medium.

  • bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow):

  • bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateSmallPage): Set the has free lines bit before
returning a Page to the Heap since this is the correct default state
when we first allocate a page.

(bmalloc::VMHeap::allocateMediumPage): Deleted.
(bmalloc::VMHeap::deallocateMediumPage): Deleted.

1:14 AM Changeset in webkit [197066] by Carlos Garcia Campos
  • 13 edits
    1 move in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r196840 - bmalloc: Unify VMHeap and Heap LargeObjects free lists to reduce fragmentation
https://bugs.webkit.org/show_bug.cgi?id=154192

Reviewed by Geoffrey Garen.

Change the operation of Heap and VMHeap LargeObject free lists.
Renamed Owner to VMState to track the state of each LargeObject.

Physical - The pages have been allocated.
Virtual - The pages have not been allocated.
Mixed - The object contains a mixture of Physical and Virtual pages.

VMState uses one bit each for Physical and Virtual to simplify merging states
when merging two adjacent blocks. This change enforces the rule that objects in
the Heap free list must have have the Physical bit set in their VMState while objects
in the VMHeap free list must have the Physical bit clear. Thie means that the Heap
can have LargeObjects in Physical or Mixed VMState, but the VMHeap's free list can
only contain Virtual LargeObjects.

In both Heap::allocateLarge(), we now allocate physical pages if the LargeObject we
pull from the free list has any Virtual pages before we possilby split the
object. When we merge objects, the result might be made up of Mixed page allocations.
When allocating a Mixed LargeObject, we need to allocate memory for them as well.
The scavenger deallocates both Physical and Mixed LargeObjects, placing them back into
the VMHeap's free list.

When we allocate or deallocate Mixed LargeObjects, there are pages that within these
objects that will be redundantly modified. It would require additional metadata to
eliminate this redundancy.

  • bmalloc.xcodeproj/project.pbxproj:
  • bmalloc/BoundaryTag.h:

(bmalloc::BoundaryTag::vmState): New helper.
(bmalloc::BoundaryTag::setVMState): New helper.
(bmalloc::BoundaryTag::owner): Deleted.
(bmalloc::BoundaryTag::setOwner): Deleted.

  • bmalloc/Heap.h:

(bmalloc::Heap::splitAndAllocate): New helpers.

  • bmalloc/LargeObject.h:

(bmalloc::LargeObject::vmState): New helper.
(bmalloc::LargeObject::setVMState): New helper.

  • bmalloc/Heap.cpp:

(bmalloc::Heap::splitAndAllocate): New helpers.
(bmalloc::Heap::allocateLarge):
(bmalloc::Heap::deallocatePhysicalPages): Refactored from VMHeap::deallocateLargeObjectMemory.

  • bmalloc/FreeList.cpp:

(bmalloc::FreeList::takeGreedy):
(bmalloc::FreeList::take):
(bmalloc::FreeList::removeInvalidAndDuplicateEntries):

  • bmalloc/FreeList.h:

(bmalloc::FreeList::FreeList):
(bmalloc::FreeList::push):

  • bmalloc/Heap.cpp:

(bmalloc::Heap::Heap):
(bmalloc::Heap::scavengeLargeObjects):

  • bmalloc/LargeObject.h:

(bmalloc::LargeObject::isValidAndFree):
(bmalloc::LargeObject::validateSelf):

  • bmalloc/SegregatedFreeList.cpp:

(bmalloc::SegregatedFreeList::SegregatedFreeList): Changed to initialize our required Physical state.

  • bmalloc/SegregatedFreeList.h:

(bmalloc::SegregatedFreeList::SegregatedFreeList):
(bmalloc::SegregatedFreeList::insert):
(bmalloc::SegregatedFreeList::takeGreedy):
(bmalloc::SegregatedFreeList::take):
Replaced Owner parameters and checks with VMState::HasPhysical.

  • bmalloc/LargeObject.h:

(bmalloc::LargeObject::prevCanMerge): Removed owner from tests.
(bmalloc::LargeObject::nextCanMerge): Removed owner from tests.
(bmalloc::LargeObject::merge): Removed owner from tests. Updated to merge VMStates andset the
VMState after the merge.

  • bmalloc/LargeObject.h:

(bmalloc::LargeObject::owner): Deleted.
(bmalloc::LargeObject::setOwner): Deleted.

  • bmalloc/Owner.h: Removed.
  • bmalloc/VMAllocate.h:

(bmalloc::vmAllocatePhysicalPagesSloppy): Changed to round begin down to eliminate the left to right
allocation constraint.

  • bmalloc/VMHeap.cpp:

(bmalloc::VMHeap::grow): Large space managed like small or medium as a vector of LargeChunks.
(bmalloc::VMHeap::VMHeap): Changed to initialize our required Physical state.

  • bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateLargeObject): These no longer allocate memory.
(bmalloc::VMHeap::deallocateLargeObject): Removed setOwner. Now we set the VMState after any merges.

  • bmalloc/VMState.h: Copied from Source/bmalloc/bmalloc/Owner.h.

(bmalloc::VMState::VMState):
(bmalloc::VMState::hasPhysical):
(bmalloc::VMState::hasVirtual):
(bmalloc::VMState::merge):
(bmalloc::VMState::operator ==):
(bmalloc::VMState::operator unsigned):
New class with various helpers.

12:37 AM Changeset in webkit [197065] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r196813 - Blocked plug-in placeholder is sometimes not shown.
https://bugs.webkit.org/show_bug.cgi?id=154434
<rdar://problem/22584973>

Reviewed by Brent Fulgham.

m_isUnavailablePluginIndicatorHidden was set to false incorrectly as initial value.
It prevented RenderEmbeddedObject from issuing repaint when the plugin indicator
was set to visible (m_isUnavailablePluginIndicatorHidden <- false) the first time.
(The reason why the indicator showed up most of the time was because some renderer
triggered repaint on the view.)

Unable to test.

  • rendering/RenderEmbeddedObject.cpp:

(WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsHidden):
(WebCore::RenderEmbeddedObject::RenderEmbeddedObject): Deleted.
(WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsPressed): Deleted.

  • rendering/RenderEmbeddedObject.h:

(WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):

Note: See TracTimeline for information about the timeline view.