Timeline



Mar 3, 2016:

11:41 PM Changeset in webkit [197550] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebCore

Let XCode have its own way and also sort the file.

  • WebCore.xcodeproj/project.pbxproj:
10:36 PM Changeset in webkit [197549] by fpizlo@apple.com
  • 22 edits
    6 adds in trunk

DFG/FTL should inline accesses to RegExpObject::m_lastIndex
https://bugs.webkit.org/show_bug.cgi?id=155003

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

The Octane/regexp benchmark sets RegExps' lastIndex a lot. I could imagine this being
something that people want to do. Right now, I'm not convinced that making the RegExp object
be more plain-JS would be a good idea considering that pretty much all uses of it will
require some special compiler magic. Also, it's good that this patch teaches the compiler
how to reason about lastIndex since some of my other plans for regexp involve having the
compiler treat more regexp stuff as intrinsic.

This is a smaller Octane/regexp speed-up than I hoped - maybe around 1%. It's an enormous
speed-up on the microbenchmarks attached to this patch.

  • dfg/DFGAbstractHeap.h:
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGHeapLocation.h:
  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
(JSC::DFG::SpeculativeJIT::compileGetRegExpObjectLastIndex):
(JSC::DFG::SpeculativeJIT::compileSetRegExpObjectLastIndex):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGStoreBarrierInsertionPhase.cpp:
  • ftl/FTLAbstractHeapRepository.cpp:
  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
(JSC::FTL::DFG::LowerDFGToB3::compileGetRegExpObjectLastIndex):
(JSC::FTL::DFG::LowerDFGToB3::compileSetRegExpObjectLastIndex):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):
(JSC::FTL::DFG::LowerDFGToB3::lowObject):
(JSC::FTL::DFG::LowerDFGToB3::lowRegExpObject):
(JSC::FTL::DFG::LowerDFGToB3::lowString):

  • runtime/RegExpObject.h:

(JSC::RegExpObject::createStructure):
(JSC::RegExpObject::offsetOfLastIndex):

LayoutTests:

  • js/regress/regexp-last-index-expected.txt: Added.
  • js/regress/regexp-last-index.html: Added.
  • js/regress/regexp-set-last-index-expected.txt: Added.
  • js/regress/regexp-set-last-index.html: Added.
  • js/regress/script-tests/regexp-last-index.js: Added.
  • js/regress/script-tests/regexp-set-last-index.js: Added.
10:00 PM Changeset in webkit [197548] by Chris Dumez
  • 9 edits in trunk/Source

Regression(r196770): Unable to use HipChat Mac app
https://bugs.webkit.org/show_bug.cgi?id=154999
<rdar://problem/24931959>

Reviewed by Darin Adler.

Source/JavaScriptCore:

Add a setter to PutPropertySlot to override the 'isStrictMode' flag.

  • runtime/PutPropertySlot.h:

(JSC::PutPropertySlot::setStrictMode):

Source/WebCore:

r196770 made [Unforgeable] operations such as Location.reload()
non-writable as per the Web IDL specification. As a result,
trying to set such properties will be ignored in non-strict
mode and will throw an exception is strict mode. This also matches
Firefox and Chrome.

However, this broke the HipChat Mac App (the Web App seems fine)
because it sets Location.reload() and is using strict mode, therefore
causing an exception to be thrown.

This patch adds a quirk to JSLocation::putDelegate() which disable
strict mode when we detect that the application is HipChat. As a
result, we no longer throw when HipChat tries to set Location.reload
and the application is able to connect again.

  • bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::putDelegate):
Add a quirk which disables strict mode if the application is HipChat.

  • platform/RuntimeApplicationChecks.cpp:

(WebCore::mainBundleIdentifier):
Extract this from mainBundleIsEqualTo() so it can be shared with
applicationBundleIdentifier().

(WebCore::applicationBundleIdentifier):
Returns the application bundle identifier, which is a static variable.
For the WebContent / Networking processes, the application bundle
identifier gets set to the UIProcess bundle identifier upon
initialization. If unset, we fall back to using mainBundleIdentifier()
which will do the right thing for the WK2 UIProcess and WK1.

(WebCore::mainBundleIsEqualTo):
Extract part of the code to mainBundleIdentifier() to better share
code.

(WebCore::applicationIsHipChat):
Add utility function that checks if the application is HipChat. This
will do the right thing whether it is called from the UIProcess, the
WebProcess or the UIProcess.

(WebCore::setApplicationBundleIdentifier):
Add utility function to set the application bundle identifier. It gets
called with the UIProcess bundle identifier by the NetworkProcess and
the WebProcess upon initialization.

  • platform/RuntimeApplicationChecks.h:

Source/WebKit2:

Have the NetworkProcess and the WebProcess pass the UIProcess bundle
identifier to WebCore so that we can do app detection of applications
using a WK2 WebView (such as HipChat).

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::initializeNetworkProcess):

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess):

9:49 PM Changeset in webkit [197547] by fpizlo@apple.com
  • 1 edit
    3 deletes in trunk/LayoutTests

Unreviewed, remove test with flaky timeout that doesn't test anything anymore. This test
was relevant back when arguments got torn off; something that we don't do anymore. It
uses a loop that waits for the top-tier compiler to compile it. We don't write tests
like that anymore.

  • js/dfg-osr-exit-between-create-and-tearoff-arguments-expected.txt: Removed.
  • js/dfg-osr-exit-between-create-and-tearoff-arguments.html: Removed.
  • js/script-tests/dfg-osr-exit-between-create-and-tearoff-arguments.js: Removed.
8:40 PM Changeset in webkit [197546] by commit-queue@webkit.org
  • 5 edits in trunk/Source/JavaScriptCore

[JSC] Add support for MADD, MSUB and MNEG to Air
https://bugs.webkit.org/show_bug.cgi?id=154997

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-03
Reviewed by Filip Pizlo.

ARM64 can do an Add/Sub in the Multiply units.
LLVM was doing so but we lost that when switching to B3.

This patch adds those instructions in Air.

There are more ALUs than multiply units, thus we are more
likely to successfully schedule a Multiply+Add than 2 Multiply.
I am conservative and only emit a multiply-add if the value
can be interned. As far as I can tell from what is generated
by LLVM, that backend had the same rule.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::multiplyAdd32):
(JSC::MacroAssemblerARM64::multiplySub32):
(JSC::MacroAssemblerARM64::multiplyNeg32):
(JSC::MacroAssemblerARM64::multiplyAdd64):
(JSC::MacroAssemblerARM64::multiplySub64):
(JSC::MacroAssemblerARM64::multiplyNeg64):

  • b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::lower):

  • b3/air/AirOpcode.opcodes:
  • b3/testb3.cpp:

(JSC::B3::populateWithInterestingValues):
(JSC::B3::floatingPointOperands):
(JSC::B3::int64Operands):
(JSC::B3::int32Operands):
(JSC::B3::testMulAddArgsLeft):
(JSC::B3::testMulAddArgsRight):
(JSC::B3::testMulAddArgsLeft32):
(JSC::B3::testMulAddArgsRight32):
(JSC::B3::testMulSubArgsLeft):
(JSC::B3::testMulSubArgsRight):
(JSC::B3::testMulSubArgsLeft32):
(JSC::B3::testMulSubArgsRight32):
(JSC::B3::testMulNegArgs):
(JSC::B3::testMulNegArgs32):
(JSC::B3::run):

8:02 PM Changeset in webkit [197545] by ggaren@apple.com
  • 16 edits
    4 adds in trunk/Source/bmalloc

Unreviewed, rolling in r197174.
https://bugs.webkit.org/show_bug.cgi?id=154762

The right calculation for alignment is actually:

vmAlignment - getpagesize() + vmSize

instead of:

vmAlignment - vmPageSize + vmSize

The vmPageSize might be larger than getpagesize().

Restored changeset:

"bmalloc: Added a fast XLarge allocator"
https://bugs.webkit.org/show_bug.cgi?id=154720
http://trac.webkit.org/changeset/197174

7:43 PM Changeset in webkit [197544] by sbarati@apple.com
  • 5 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Implement Proxy.SetPrototypeOf?
https://bugs.webkit.org/show_bug.cgi?id=154931

Reviewed by Ryosuke Niwa.

This patch is a straight forward implementation of Proxy.SetPrototypeOf?
with respect to section 9.5.2 of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-setprototypeof-v

  • runtime/JSObject.cpp:

(JSC::JSObject::putInlineSlow):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::put):
(JSC::ProxyObject::getGenericPropertyNames):
(JSC::ProxyObject::performSetPrototype):
(JSC::ProxyObject::setPrototype):
(JSC::ProxyObject::visitChildren):

  • runtime/ProxyObject.h:
  • tests/es6.yaml:
  • tests/stress/proxy-set-prototype-of.js: Added.

(assert):
(throw.new.Error.let.handler.get setPrototypeOf):
(throw.new.Error.set let):
(throw.new.Error.set catch):
(throw.new.Error):
(assert.let.handler.setPrototypeOf):
(assert.set let):
(assert.set catch):
(let.handler.setPrototypeOf):
(set let):
(set catch):

7:19 PM Changeset in webkit [197543] by keith_miller@apple.com
  • 14 edits
    3 adds in trunk

JSArrayBuffers should be collected less aggressively
https://bugs.webkit.org/show_bug.cgi?id=154982

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

We are currently too aggressive in our collection of ArrayBuffer wrappers.
There are three cases where we need to avoid collecting ArrayBuffer wrappers.

  1. If the wrapper has custom properties.
  2. If the wrapper is a subclass of ArrayBuffer.
  3. If the wrapper is in a WeakMap/WeakSet.

Currently, we only pass the first case in WebCore and none in the jsc CLI.
This patch removes some optimizations that cause us to collect when we
should not. Namely, always skipping the object unless it has custom
properties. Additionally, in the case of subclassing, we also need a way
for custom JSArrayBuffer objects to register themselves as the wrapper for
an ArrayBuffer class.

Finally, this patch fixes an issue where views would not mark their ArrayBuffer
as an opaque root. This patch also moves an associated ASSERT that the
ArrayBuffer held by a view is not null in JSGenericTypedArrayView::visitChildren
into JSArrayBufferView::visitChildren, where we add the opaque root.

  • runtime/JSArrayBuffer.cpp:

(JSC::JSArrayBuffer::finishCreation):
(JSC::JSArrayBuffer::create):
(JSC::JSArrayBuffer::createWithoutWrapping):

  • runtime/JSArrayBuffer.h:
  • runtime/JSArrayBufferView.cpp:

(JSC::JSArrayBufferView::visitChildren):

  • runtime/JSArrayBufferView.h:
  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::visitChildren): Deleted.

  • runtime/SimpleTypedArrayController.cpp:

(JSC::SimpleTypedArrayController::toJS):
(JSC::SimpleTypedArrayController::registerWrapper):
(JSC::SimpleTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots):
(JSC::SimpleTypedArrayController::JSArrayBufferOwner::finalize):

  • runtime/SimpleTypedArrayController.h:
  • runtime/TypedArrayController.h:

Source/WebCore:

We are currently too aggressive in our collection of ArrayBuffer wrappers.
There are three cases where we need to avoid collecting ArrayBuffer wrappers.

  1. If the wrapper has custom properties.
  2. If the wrapper is a subclass of ArrayBuffer.
  3. If the wrapper is in a WeakMap/WeakSet.

Currently, we only pass the first case in WebCore and none in the jsc CLI.
This patch removes some optimizations that cause us to collect when we
should not. Namely, always skipping the object unless it has custom
properties. Additionally, in the case of subclassing, we also need a way
for custom JSArrayBuffer objects to register themselves as the wrapper for
an ArrayBuffer class.

Finally, this patch removes an unnecessary ref() and deref() of
ArrayBuffer objects during the creation/destruction of the wrapper.
Since an ArrayBuffer object's GC lifetime will be at least as long
as the lifetime of the wrapper we are creating for it we don't need
to ref() and deref() the ArrayBuffer object. This lifetime is
guaranteed because ArrayBuffer objects are both GCed and refcounted
and any new wrapper will visit the ArrayBuffer object as long as the
wrapper is still alive.

Test: js/arraybuffer-wrappers.html

  • bindings/js/JSDOMBinding.h:

(WebCore::toJS):

  • bindings/js/WebCoreTypedArrayController.cpp:

(WebCore::WebCoreTypedArrayController::registerWrapper):
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::finalize):
(WebCore::WebCoreTypedArrayController::JSArrayBufferOwner::isReachableFromOpaqueRoots): Deleted.

  • bindings/js/WebCoreTypedArrayController.h:

LayoutTests:

  • js/arraybuffer-wrappers-expected.txt: Added.
  • js/arraybuffer-wrappers.html: Added.
  • js/script-tests/arraybuffer-wrappers.js: Added.

(prototype.types.forEach):

6:43 PM Changeset in webkit [197542] by fpizlo@apple.com
  • 4 edits in trunk/Source/JavaScriptCore

Octane/regexp's Exec function should benefit from array length accessor inlining
https://bugs.webkit.org/show_bug.cgi?id=154994

Reviewed by Benjamin Poulain.

It does:

var thingy = blahbitty.blah;
if (thingy)

foo = thingy.length;

So, 'thingy' is SpecArray | SpecOther, which prevents the array length accessor inlining from
kicking in. Our strategy for this elsewhere in the DFG is to allow a one-time speculation that
we won't see SpecOther, since *usually* we see SpecOther mixed with other stuff in cases like
this where there is some null check guarding the code.

This gives another slight speed-up on Octane/regexp.

  • bytecode/SpeculatedType.h:

(JSC::isCellSpeculation):
(JSC::isCellOrOtherSpeculation):
(JSC::isNotCellSpeculation):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNode.h:

(JSC::DFG::Node::shouldSpeculateCell):
(JSC::DFG::Node::shouldSpeculateCellOrOther):
(JSC::DFG::Node::shouldSpeculateNotCell):

6:26 PM Changeset in webkit [197541] by Simon Fraser
  • 43 edits
    4 copies
    5 adds in trunk

Use larger tiles when possible to reduce per-tile painting overhead
https://bugs.webkit.org/show_bug.cgi?id=154985
rdar://problem/23635219

Reviewed by Tim Horton.
Source/WebCore:

There's no reason to use lots of 512x512 tiles on a non-scrollable page. We can reduce
per-tile painting overhead by using one big tile. On vertically scrolling pages, we
can also use wide tiles to reduce tile-crossing when painting. Have FrameView tell
the TiledBacking about scrollability, allowing TileController to make tile size decisions.

Change the "giant tile" code path to just return whether Settings says we're in giant
tile mode, so that tile size decisions can be made in TileController.

TileController now stores a single margin size, and a per-edge margin flag rather than a size
per edge. It computes tile size based on scrollability, but adjusts tile size with some
hysteresis to avoid size thrashing for content that frequently resizes the document (e.g.
some performance tests).

TileGrid stores a copy of the tile size, so that it remains unchanged from one revalidate
to the next, and the grid can detect when the tile size changes, since it needs to throw away
all tiles in that case.

Tests: tiled-drawing/tile-size-both-scrollable.html

tiled-drawing/tile-size-horizontally-scrollable.html
tiled-drawing/tile-size-unscrollable.html
tiled-drawing/tile-size-vertically-scrollable.html

  • WebCore.xcodeproj/project.pbxproj:
  • page/FrameView.cpp:

(WebCore::FrameView::addedOrRemovedScrollbar):
(WebCore::FrameView::willStartLiveResize): Tell the tile backing when live resize starts and stops.
(WebCore::FrameView::willEndLiveResize):

  • platform/graphics/EdgeSet.h: Added. Template class that just stores some value

per edge.
(WebCore::EdgeSet::EdgeSet):
(WebCore::EdgeSet::top):
(WebCore::EdgeSet::setTop):
(WebCore::EdgeSet::right):
(WebCore::EdgeSet::setRight):
(WebCore::EdgeSet::bottom):
(WebCore::EdgeSet::setBottom):
(WebCore::EdgeSet::left):
(WebCore::EdgeSet::setLeft):
(WebCore::EdgeSet::operator==):
(WebCore::EdgeSet::operator!=):

  • platform/graphics/GraphicsLayerClient.h: Rather than have the client return the

tile size, have it return whether we're in giant tile mode.
(WebCore::GraphicsLayerClient::useGiantTiles):
(WebCore::GraphicsLayerClient::tileSize): Deleted.

  • platform/graphics/TiledBacking.h:

(WebCore::defaultTileSize): Deleted.

  • platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::platformCALayerUseGiantTiles):
(WebCore::GraphicsLayerCA::platformCALayerTileSize): Deleted.

  • platform/graphics/ca/GraphicsLayerCA.h:
  • platform/graphics/ca/PlatformCALayerClient.h:

(WebCore::PlatformCALayerClient::platformCALayerUseGiantTiles):
(WebCore::PlatformCALayerClient::platformCALayerTileSize): Deleted.

  • platform/graphics/ca/TileController.cpp:

(WebCore::TileController::TileController):
(WebCore::TileController::setScrollability):
(WebCore::TileController::willStartLiveResize):
(WebCore::TileController::didEndLiveResize):
(WebCore::TileController::tileSize):
(WebCore::TileController::setHasMargins):
(WebCore::TileController::setMarginSize):
(WebCore::TileController::hasMargins):
(WebCore::TileController::hasHorizontalMargins):
(WebCore::TileController::hasVerticalMargins):
(WebCore::TileController::topMarginHeight):
(WebCore::TileController::bottomMarginHeight):
(WebCore::TileController::leftMarginWidth):
(WebCore::TileController::rightMarginWidth):
(WebCore::TileController::setTileMargins): Deleted.

  • platform/graphics/ca/TileController.h:
  • platform/graphics/ca/TileGrid.cpp:

(WebCore::TileGrid::TileGrid):
(WebCore::TileGrid::setNeedsDisplayInRect):
(WebCore::TileGrid::rectForTileIndex):
(WebCore::TileGrid::getTileIndexRangeForRect):
(WebCore::TileGrid::removeAllTiles):
(WebCore::TileGrid::revalidateTiles):

  • platform/graphics/ca/TileGrid.h:

(WebCore::TileGrid::tileSize):

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::setTiledBackingHasMargins):
(WebCore::RenderLayerBacking::useGiantTiles):
(WebCore::RenderLayerBacking::tileSize): Deleted.

  • rendering/RenderLayerBacking.h:

Source/WebKit2:

Do a bit of #include cleanup.

  • Shared/mac/RemoteLayerBackingStore.mm:
  • WebProcess/WebPage/mac/PlatformCALayerRemote.h:
  • WebProcess/WebPage/mac/PlatformCALayerRemoteTiledBacking.cpp:
  • WebProcess/WebPage/mac/PlatformCALayerRemoteTiledBacking.h:

LayoutTests:

Rebaseline tests with new tile sizes. Add new tests that explicitly test tile size on
pages with different scrollability.

  • tiled-drawing/background-transparency-toggle-expected.txt:
  • tiled-drawing/scrolling/fast-scroll-iframe-latched-iframe-expected.txt:
  • tiled-drawing/scrolling/fast-scroll-iframe-latched-iframe-with-handler-expected.txt:
  • tiled-drawing/scrolling/fast-scroll-iframe-latched-mainframe-expected.txt:
  • tiled-drawing/scrolling/fast-scroll-iframe-latched-mainframe-with-handler-expected.txt:
  • tiled-drawing/scrolling/fixed-background/fixed-background-no-image-expected.txt:
  • tiled-drawing/scrolling/fixed-background/fixed-body-background-body-layer-expected.txt:
  • tiled-drawing/scrolling/fixed-background/fixed-body-background-expected.txt:
  • tiled-drawing/scrolling/fixed-background/fixed-body-background-opacity-expected.txt:
  • tiled-drawing/scrolling/fixed-background/fixed-body-background-positioned-expected.txt:
  • tiled-drawing/scrolling/fixed-background/fixed-html-background-expected.txt:
  • tiled-drawing/scrolling/fixed-background/fixed-non-propagated-body-background-expected.txt:
  • tiled-drawing/tile-coverage-after-scroll-expected.txt:
  • tiled-drawing/tile-coverage-after-scroll-speculative-expected.txt:
  • tiled-drawing/tile-coverage-scroll-to-bottom-expected.txt:
  • tiled-drawing/tile-coverage-slow-scrolling-expected.txt:
  • tiled-drawing/tile-coverage-speculative-expected.txt:
  • tiled-drawing/tile-size-both-scrollable-expected.txt: Copied from LayoutTests/tiled-drawing/scrolling/fixed-background/fixed-background-no-image-expected.txt.
  • tiled-drawing/tile-size-both-scrollable.html: Added.
  • tiled-drawing/tile-size-horizontally-scrollable-expected.txt: Copied from LayoutTests/tiled-drawing/scrolling/fixed-background/fixed-background-no-image-expected.txt.
  • tiled-drawing/tile-size-horizontally-scrollable.html: Added.
  • tiled-drawing/tile-size-unscrollable-expected.txt: Added.
  • tiled-drawing/tile-size-unscrollable.html: Added.
  • tiled-drawing/tile-size-vertically-scrollable-expected.txt: Copied from LayoutTests/tiled-drawing/scrolling/fixed-background/fixed-background-no-image-expected.txt.
  • tiled-drawing/tile-size-vertically-scrollable.html: Added.
  • tiled-drawing/visible-rect-content-inset-expected.txt:
6:26 PM Changeset in webkit [197540] by Simon Fraser
  • 13 edits in trunk/LayoutTests

Fix an image resource URL in tiled scrolling tests
https://bugs.webkit.org/show_bug.cgi?id=154981

Reviewed by Tim Horton.

These tests had an incorrect url to compositing/resources/simple_image.png.

  • tiled-drawing/scrolling/fixed-background/fixed-background-composited-expected.html:
  • tiled-drawing/scrolling/fixed-background/fixed-background-composited.html:
  • tiled-drawing/scrolling/fixed-background/fixed-background-negative-z-index-fixed-expected.html:
  • tiled-drawing/scrolling/fixed-background/fixed-background-negative-z-index-fixed.html:
  • tiled-drawing/scrolling/fixed-background/fixed-body-background-body-layer.html:
  • tiled-drawing/scrolling/fixed-background/fixed-body-background-opacity.html:
  • tiled-drawing/scrolling/fixed-background/fixed-body-background-positioned.html:
  • tiled-drawing/scrolling/fixed-background/fixed-body-background-transformed.html:
  • tiled-drawing/scrolling/fixed-background/fixed-body-background-zoomed.html:
  • tiled-drawing/scrolling/fixed-background/fixed-body-background.html:
  • tiled-drawing/scrolling/fixed-background/fixed-html-background.html:
  • tiled-drawing/scrolling/fixed-background/fixed-non-propagated-body-background.html:
6:25 PM Changeset in webkit [197539] by sbarati@apple.com
  • 20 edits
    1 add in trunk/Source/JavaScriptCore

Add Proxy tests for exceptions that depend on an object being non-extensible and having configurable properties
https://bugs.webkit.org/show_bug.cgi?id=154745

Reviewed by Geoffrey Garen.

This patch is mostly an implementation of Proxy.OwnPropertyKeys?
with respect to section 9.5.11 of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-ownpropertykeys

This patch also changes call sites of getOwnPropertyNames and
getPropertyNames to expect that an exception can be thrown.

  • dfg/DFGOperations.cpp:
  • inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::iteratorEntries):

  • interpreter/Interpreter.cpp:

(JSC::Interpreter::execute):

  • runtime/IntlObject.cpp:

(JSC::supportedLocales):

  • runtime/JSCJSValue.h:
  • runtime/JSCJSValueInlines.h:

(JSC::JSValue::get):
(JSC::JSValue::put):

  • runtime/JSONObject.cpp:

(JSC::Stringifier::Holder::appendNextProperty):
(JSC::Walker::walk):

  • runtime/JSObject.cpp:

(JSC::JSObject::getPropertyNames):
(JSC::JSObject::getGenericPropertyNames):

  • runtime/JSObject.h:

(JSC::makeIdentifier):
(JSC::createListFromArrayLike):

  • runtime/JSPropertyNameEnumerator.h:

(JSC::propertyNameEnumerator):

  • runtime/JSPropertyNameIterator.cpp:

(JSC::JSPropertyNameIterator::create):

  • runtime/MapConstructor.cpp:

(JSC::constructMap):

  • runtime/ObjectConstructor.cpp:

(JSC::defineProperties):
(JSC::objectConstructorSeal):
(JSC::objectConstructorFreeze):
(JSC::objectConstructorIsSealed):
(JSC::objectConstructorIsFrozen):
(JSC::ownPropertyKeys):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::getOwnPropertySlotByIndex):
(JSC::ProxyObject::deleteProperty):
(JSC::ProxyObject::deletePropertyByIndex):
(JSC::ProxyObject::defineOwnProperty):
(JSC::ProxyObject::performGetOwnPropertyNames):
(JSC::ProxyObject::getOwnPropertyNames):
(JSC::ProxyObject::getOwnNonIndexPropertyNames):
(JSC::ProxyObject::getStructurePropertyNames):
(JSC::ProxyObject::getGenericPropertyNames):
(JSC::ProxyObject::visitChildren):

  • runtime/ProxyObject.h:

(JSC::ProxyObject::create):
(JSC::ProxyObject::createStructure):

  • runtime/Structure.cpp:

(JSC::Structure::Structure):
(JSC::Structure::add):
(JSC::Structure::getPropertyNamesFromStructure):
(JSC::Structure::checkConsistency):
(JSC::Structure::canCachePropertyNameEnumerator):
(JSC::Structure::canAccessPropertiesQuicklyForEnumeration):
(JSC::Structure::canAccessPropertiesQuickly): Deleted.

  • runtime/Structure.h:
  • runtime/WeakMapConstructor.cpp:

(JSC::constructWeakMap):

  • tests/es6.yaml:
  • tests/stress/proxy-own-keys.js: Added.

(assert):
(throw.new.Error.let.handler.ownKeys):
(throw.new.Error):
(assert.let.handler.get ownKeys):
(assert.let.handler.ownKeys):
(let.handler.ownKeys):
(i.catch):
(shallowEq):
(let.handler.getOwnPropertyDescriptor):
(i.set assert):
(set add):
(set assert):
(set if):

5:58 PM Changeset in webkit [197538] by bshafiei@apple.com
  • 5 edits in tags/Safari-602.1.21.0.1/Source

Versioning.

5:57 PM Changeset in webkit [197537] by timothy@apple.com
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Temporarily hide the TimelineSidebarPanel

https://bugs.webkit.org/show_bug.cgi?id=154974
rdar://problem/24956380

Reviewed by Joseph Pecoraro.

  • UserInterface/Views/TimelineTabContentView.js:

(WebInspector.TimelineTabContentView): Remove _showNavigationSidebarItem and hide the sidebar.

5:56 PM Changeset in webkit [197536] by keith_miller@apple.com
  • 10 edits
    2 adds in trunk

Array prototype JS builtins should support Symbol.species
https://bugs.webkit.org/show_bug.cgi?id=154710

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Add support for Symbol.species in the Array.prototype JS
builtin functions.

  • builtins/ArrayPrototype.js:

(filter):
(map):

  • runtime/ArrayConstructor.cpp:

(JSC::ArrayConstructor::finishCreation):
(JSC::arrayConstructorPrivateFuncIsArrayConstructor):

  • runtime/ArrayConstructor.h:

(JSC::ArrayConstructor::create):

  • runtime/CommonIdentifiers.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

  • tests/stress/array-species-functions.js:

(id):

LayoutTests:

Add test that checks the Array object created by a species
constructor in Array.prototype functions cannot come from a
different global object without subclassing.

  • js/array-species-different-globalobjects-expected.txt: Added.
  • js/array-species-different-globalobjects.html: Added.
5:56 PM Changeset in webkit [197535] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.21.0.1

New tag.

5:24 PM Changeset in webkit [197534] by msaboff@apple.com
  • 12 edits in trunk

[ES6] Make Unicode RegExp pattern parsing conform to the spec
https://bugs.webkit.org/show_bug.cgi?id=154988

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Updated RegExp pattern processing with 'u' (Unicode) flag to conform to the
spec (https://tc39.github.io/ecma262/2016/#sec-patterns). In the spec, the
grammar is annotated with [U] annotations. Productions that are prefixed with
[+U] are only available with the Unicode flags while productions prefixed with
[~U] are only available without the Unicode flag.

Added flags argument to Yarr::checkSyntax() so we can catch Unicode flag related
parsing errors at syntax checking time. Restricted what escapes are available for
non Unicode patterns. Most of this is defined in the IdentityEscape rule in the
pattern grammar.

Added \- as a CharacterClass only escape in Unicode patterns.

Updated the tests for these changes.

Made changes suggested in https://bugs.webkit.org/show_bug.cgi?id=154842#c22 after
change set r197426 was landed.

  • parser/ASTBuilder.h:

(JSC::ASTBuilder::createRegExp):

  • parser/Parser.cpp:

(JSC::Parser<LexerType>::parsePrimaryExpression):

  • parser/SyntaxChecker.h:

(JSC::SyntaxChecker::createRegExp):

  • yarr/YarrInterpreter.cpp:

(JSC::Yarr::Interpreter::InputStream::readChecked):
(JSC::Yarr::Interpreter::InputStream::readSurrogatePairChecked):
(JSC::Yarr::Interpreter::InputStream::reread):
(JSC::Yarr::Interpreter::InputStream::uncheckInput):
(JSC::Yarr::Interpreter::InputStream::atStart):
(JSC::Yarr::Interpreter::InputStream::atEnd):
(JSC::Yarr::Interpreter::testCharacterClass):
(JSC::Yarr::Interpreter::backtrackPatternCharacter):
(JSC::Yarr::Interpreter::matchDisjunction):
(JSC::Yarr::ByteCompiler::atomPatternCharacter):

  • yarr/YarrParser.h:

(JSC::Yarr::Parser::Parser):
(JSC::Yarr::Parser::isIdentityEscapeAnError):
(JSC::Yarr::Parser::parseEscape):
(JSC::Yarr::Parser::parse):

  • yarr/YarrPattern.cpp:

(JSC::Yarr::CharacterClassConstructor::putChar):
(JSC::Yarr::CharacterClassConstructor::putRange):
(JSC::Yarr::CharacterClassConstructor::addSorted):
(JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):

  • yarr/YarrSyntaxChecker.cpp:

(JSC::Yarr::SyntaxChecker::disjunction):
(JSC::Yarr::checkSyntax):

  • yarr/YarrSyntaxChecker.h:

LayoutTests:

Added tests cases.

  • js/regexp-unicode-expected.txt:
  • js/script-tests/regexp-unicode.js:

(shouldThrowInvalidEscape):

[ES6] Add support for Symbol.toPrimitive
https://bugs.webkit.org/show_bug.cgi?id=154877

Reviewed by Saam Barati.

Update test for Symbol.toPrimitive.

  • js/Object-getOwnPropertyNames-expected.txt:
  • js/script-tests/Object-getOwnPropertyNames.js:
5:07 PM Changeset in webkit [197533] by sbarati@apple.com
  • 6 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Implement Proxy.DefineOwnProperty?
https://bugs.webkit.org/show_bug.cgi?id=154759

Reviewed by Geoffrey Garen and Mark Lam.

This patch is a straight forward implementation of Proxy.DefineOwnProperty?
with respect to section 9.5.6 of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-defineownproperty-p-desc

  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorGetOwnPropertyDescriptor):
(JSC::objectConstructorGetOwnPropertyDescriptors):

  • runtime/ObjectConstructor.h:

(JSC::constructEmptyObject):
(JSC::constructObjectFromPropertyDescriptor):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::isExtensible):
(JSC::ProxyObject::performDefineOwnProperty):
(JSC::ProxyObject::defineOwnProperty):
(JSC::ProxyObject::visitChildren):

  • runtime/ProxyObject.h:
  • tests/es6.yaml:
  • tests/stress/proxy-define-own-property.js: Added.

(assert):
(throw.new.Error):
(assert.let.handler.get defineProperty):
(assert.let.handler.defineProperty):
(let.handler.defineProperty):
(i.catch):
(assert.try.):
(assert.set get catch):
(assert.let.setter):
(assert.let.getter):
(assert.set get let.handler.defineProperty):
(assert.set get let):
(assert.):

4:54 PM Changeset in webkit [197532] by Gyuyoung Kim
  • 4 edits in trunk/Source/WebKit2

Use std::make_unique<> when creating std::unique_ptr<>
https://bugs.webkit.org/show_bug.cgi?id=154574

Reviewed by Darin Adler.

  • NetworkProcess/cache/NetworkCacheStatistics.cpp:

(WebKit::NetworkCache::Statistics::open):

  • NetworkProcess/cache/NetworkCacheStatistics.h:
  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::createColorChooser):

4:47 PM Changeset in webkit [197531] by keith_miller@apple.com
  • 22 edits
    3 adds in trunk

[ES6] Add support for Symbol.toPrimitive
https://bugs.webkit.org/show_bug.cgi?id=154877

Reviewed by Saam Barati.

Source/JavaScriptCore:

This patch adds suport for Symbol.toPrimitive. Since we don't currently
generate snippits for one side of a binary operation we only need to change
the JSObject::ToPrimitive function and update some optimizations in the DFG
that need to know how conversions to primitive values should work. As of
ES6, the date prototype is also no longer special cased in the ToPrimitive
operation. Instead, Date.prototype has a Symbol.species function that
replicates the old behavior.

  • bytecode/ObjectPropertyConditionSet.cpp:

(JSC::generateConditionsForPropertyMissConcurrently):

  • bytecode/ObjectPropertyConditionSet.h:
  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::watchConditions):
(JSC::DFG::Graph::canOptimizeStringObjectAccess):

  • dfg/DFGGraph.h:
  • runtime/CommonIdentifiers.h:
  • runtime/DatePrototype.cpp:

(JSC::DatePrototype::finishCreation):
(JSC::dateProtoFuncToPrimitiveSymbol):

  • runtime/Error.cpp:

(JSC::throwTypeError):

  • runtime/Error.h:
  • runtime/JSCJSValueInlines.h:

(JSC::toPreferredPrimitiveType):

  • runtime/JSObject.cpp:

(JSC::callToPrimitiveFunction):
(JSC::JSObject::ordinaryToPrimitive):
(JSC::JSObject::defaultValue):
(JSC::JSObject::toPrimitive):
(JSC::JSObject::getPrimitiveNumber):
(JSC::callDefaultValueFunction): Deleted.
(JSC::throwTypeError): Deleted.

  • runtime/JSObject.h:

(JSC::JSObject::toPrimitive): Deleted.

  • runtime/SmallStrings.h:
  • runtime/SymbolPrototype.cpp:

(JSC::SymbolPrototype::finishCreation):

  • runtime/SymbolPrototype.h:

(JSC::SymbolPrototype::create):

  • tests/es6.yaml:
  • tests/stress/date-symbol-toprimitive.js: Added.
  • tests/stress/ropes-symbol-toprimitive.js: Added.

(ropify):
(String.prototype.Symbol.toPrimitive):

  • tests/stress/symbol-toprimitive.js: Added.

(foo.Symbol.toPrimitive):
(catch):

LayoutTests:

Update test for Symbol.toPrimitive.

  • js/Object-getOwnPropertyNames-expected.txt:
  • js/script-tests/Object-getOwnPropertyNames.js:
4:39 PM Changeset in webkit [197530] by Matt Baker
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Selected range path component should be zero time corrected
https://bugs.webkit.org/show_bug.cgi?id=154950
<rdar://problem/24947022>

Reviewed by Timothy Hatcher.

Subtracts zero time from TimelineRange start and end values, and corrects
a cosmetic issue in TimelineRuler which showed selection handle tooltips
that weren't adjusted for the ruler's zero time.

  • UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype._timeRangeSelectionChanged):

  • UserInterface/Views/TimelineRuler.js:

(WebInspector.TimelineRuler.prototype._updateSelection):

4:33 PM Changeset in webkit [197529] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Events and Frames mode switch does not fully switch until first zoom
https://bugs.webkit.org/show_bug.cgi?id=154971
<rdar://problem/24955871>

Reviewed by Timothy Hatcher.

Switching modes toggles the visibility of the tree outline, which changes
the width of the overview's ruler, graphs, and scroll container. When the
view mode changes, the overview needs a forced "resize" layout.

  • UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview.prototype._viewModeDidChange):

4:28 PM Changeset in webkit [197528] by rniwa@webkit.org
  • 9 edits
    4 adds in trunk

Source/WebCore:
Disallow custom elements inside a window-less documents
https://bugs.webkit.org/show_bug.cgi?id=154944
<rdar://problem/24944875>

Reviewed by Antti Koivisto.

Disallow custom elements inside a window-less documents such as the shared inert document of template elements
and the ones created by DOMImplementation.createDocument and DOMImplementation.createHTMLDocument.

Throw NotSupportedError in defineCustomElement when it's called in such a document as discussed in:
https://github.com/w3c/webcomponents/issues/369

Tests: fast/custom-elements/parser/parser-constructs-custom-element-in-document-write.html

fast/custom-elements/parser/parser-uses-registry-of-owner-document.html

  • bindings/js/JSDOMBinding.cpp:

(WebCore::throwNotSupportedError): Added.

  • bindings/js/JSDOMBinding.h:
  • bindings/js/JSDocumentCustom.cpp:

(WebCore::JSDocument::defineCustomElement): Throw NotSupportedError when the context object's document doesn't
have a browsing context (i.e. window-less).

  • html/parser/HTMLDocumentParser.cpp:

(WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder): Replaced a FIXME with an assertion now that we
disallow instantiation of custom elements inside a template element.

LayoutTests:
Disallow custom elements inside template elements and share the registry for windowless documents
https://bugs.webkit.org/show_bug.cgi?id=154944
<rdar://problem/24944875>

Reviewed by Antti Koivisto.

Added various tests to ensure the custom elements registry is not shared between documents with
distinct browsing context (e.g. iframes) but shared among the ones that share a single browsing context
(e.g. documents created by DOMImplementation).

Also added a test case for defineCustomElement to ensure it throws NotSupportedError when it's called on
a template element's inert owner document as well as a basic test case for document.write.

  • fast/custom-elements/Document-defineCustomElement-expected.txt:
  • fast/custom-elements/Document-defineCustomElement.html: Added a new test case.
  • fast/custom-elements/parser/parser-constructs-custom-element-in-document-write-expected.txt: Added.
  • fast/custom-elements/parser/parser-constructs-custom-element-in-document-write.html: Added.
  • fast/custom-elements/parser/parser-uses-registry-of-owner-document-expected.txt: Added.
  • fast/custom-elements/parser/parser-uses-registry-of-owner-document.html: Added.
4:26 PM Changeset in webkit [197527] by achristensen@apple.com
  • 4 edits in trunk/Source

Move SPI to CFNetworkSPI.h
https://bugs.webkit.org/show_bug.cgi?id=154992

Reviewed by Andy Estes.

Source/WebCore:

  • platform/spi/cf/CFNetworkSPI.h:

Source/WebKit2:

  • NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::applyBasicAuthorizationHeader):

4:21 PM Changeset in webkit [197526] by achristensen@apple.com
  • 11 edits in trunk/Source

Use CredentialStorage with NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154939

Reviewed by Darin Adler.

Source/WebCore:

This makes the credential-based http tests pass when using NetworkSession.

  • platform/network/CredentialBase.h:

(WebCore::CredentialBase::encodingRequiresPlatformData):

  • platform/network/CredentialStorage.h:

WEBCORE_EXPORT more things that are newly used in WebKit2.

Source/WebKit2:

  • config.h:

Added compile-time flag to help us be able to keep track and remove this code when we can.

  • NetworkProcess/NetworkDataTask.h:

(WebKit::NetworkDataTask::pendingDownloadLocation):

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::clearCachedCredentials):
(WebKit::NetworkProcess::ensurePrivateBrowsingSession):

  • NetworkProcess/NetworkSession.h:

(WebKit::NetworkSession::sessionID):

  • NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::applyBasicAuthorizationHeader):
(WebKit::NetworkDataTask::NetworkDataTask):
Use a credential storage and preemptively apply basic authentication headers if we have credentials from the storage.
This is analogous to code in ResourceHandle::createNSURLConnection.

(WebKit::NetworkDataTask::didReceiveChallenge):
Make this look more like ResourceHandle::didReceiveAuthenticationChallenge.
The call to tryPasswordBasedAuthentication was moved from the delegate callback to here.

(WebKit::NetworkDataTask::willPerformHTTPRedirection):
Use credentials from the credential storage if they exist. This is analogous to code in ResourceHandle::willSendRequest.

(WebKit::NetworkDataTask::tryPasswordBasedAuthentication):
Use credentials from the credential storage if they exist. This is analogous to code in ResourceHandle::tryHandlePasswordBasedAuthentication.

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
If we are given a credential with CredentialPersistenceForSession, put it in the credential storage and give
CFNetwork a credential with CredentialPersistenceNone so it won't automatically be used again until the credential
storage says its ok to use again. This gives us the ability to clear session credentials when logout credentials are used.
This is analogous to code in ResourceHandle::receivedCredential.

(WebKit::NetworkSession::defaultSession):
(WebKit::NetworkSession::NetworkSession):
(WebKit::NetworkSession::~NetworkSession):
(WebKit::NetworkSession::dataTaskForIdentifier):
(WebKit::NetworkSession::clearCredentials): Deleted.

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::clearCachedCredentials):
(WebKit::WebProcess::focusedWebPage):
We no longer need to clear credentials from the NSURLSessions because we don't store session credentials in them.
Instead, calling CredentialStorage.clearCredentials is sufficient.

3:57 PM Changeset in webkit [197525] by clopez@igalia.com
  • 2 edits in trunk/Tools

[GTK] Unreviewed fix after r197505 (Run the run-benchmark script on the performance bot.)
https://bugs.webkit.org/show_bug.cgi?id=154595

Unreviewed fix after r197505.

  • BuildSlaveSupport/build.webkit.org-config/master.cfg:

(RunBenchmarkTests.start):

3:55 PM Changeset in webkit [197524] by Alan Bujtas
  • 3 edits
    2 adds in trunk

Subpixel rendering: Make collapsed borders painting subpixel aware.
https://bugs.webkit.org/show_bug.cgi?id=154980

Reviewed by David Hyatt.

This patch enables collapsed borders with odd pixel width paint on subpixel position.
Currently borders with odd pixels are split at integral position so that border-width: 3px;
paints 1px on the left(top) and 2px on the right(bottom) side. With this patch
we paint 1.5px on both sides(on 2x display).

Source/WebCore:

Test: fast/table/hidpi-collapsed-border-with-odd-pixel-width.html

  • rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::paintCollapsedBorders):

LayoutTests:

  • fast/table/hidpi-collapsed-border-with-odd-pixel-width-expected.html: Added.
  • fast/table/hidpi-collapsed-border-with-odd-pixel-width.html: Added.
3:49 PM Changeset in webkit [197523] by dbates@webkit.org
  • 6 edits
    1 add in trunk

Add unit tests for WTF::OptionSet
https://bugs.webkit.org/show_bug.cgi?id=154925
<rdar://problem/24964211>

Reviewed by Darin Adler.

Source/WTF:

  • wtf/CMakeLists.txt: Add header OptionSet.h to the list of WTF headers.
  • wtf/OptionSet.h: Use in-class initialization to initialize m_storage and declare

the trivial constexpr constructor as default.
(WTF::OptionSet::OptionSet): For convenience add a constructor that takes a std::initializer_list.
This code was written by Anders Carlsson.

Tools:

Add tests to ensure that we do not regress the behavior of WTF::OptionSet.

  • TestWebKitAPI/CMakeLists.txt: Add file TestWebKitAPI/Tests/WTF/OptionSet.cpp.
  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Ditto.
  • TestWebKitAPI/Tests/WTF/OptionSet.cpp: Added.

(TestWebKitAPI::TEST):

3:42 PM Changeset in webkit [197522] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601-branch/Tools

Merge r188607. rdar://problem/24937998

3:32 PM Changeset in webkit [197521] by bshafiei@apple.com
  • 2 edits in tags/Safari-602.1.21/Source/WebCore

Roll out r197149.

3:30 PM Changeset in webkit [197520] by fpizlo@apple.com
  • 8 edits
    3 adds in trunk

DFG should be able to compile StringReplace
https://bugs.webkit.org/show_bug.cgi?id=154979

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Adds support for StringReplace to the DFG tier. This is a 3% speed-up on Octane/regexp.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::speculateFinalObject):
(JSC::DFG::SpeculativeJIT::speculateRegExpObject):
(JSC::DFG::SpeculativeJIT::speculateObjectOrOther):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • jit/JITOperations.h:

LayoutTests:

Add a microbenchmark for a case of StringReplace that we hadn't covered with a microbenchmark
yet: using something absurd for the replace value. This is interesting for implementing the
32_64 version of StringReplace, which gets really weird in the absurd case because of how it
consumes the entire register file while making the call on x86-32.

  • js/regress/script-tests/string-replace-generic.js: Added.
  • js/regress/string-replace-generic-expected.txt: Added.
  • js/regress/string-replace-generic.html: Added.
1:49 PM Changeset in webkit [197519] by hyatt@apple.com
  • 7 edits
    10 adds in trunk

Add support for the "last" value of hanging-punctuation
https://bugs.webkit.org/show_bug.cgi?id=154977

Reviewed by Darin Adler and Simon Fraser.

Source/WebCore:

New tests in fast/text.

This patch adds support for the new "last" value and also fixes up both
"first" and "last" to work with leading and trailing whitespace that ends
up getting collapsed away.

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::computeInlinePreferredLogicalWidths):

  • rendering/RenderBlockLineLayout.cpp:

(WebCore::inlineAncestorHasStartBorderPaddingOrMargin):
(WebCore::inlineAncestorHasEndBorderPaddingOrMargin):
(WebCore::isLastInFlowRun):
(WebCore::RenderBlockFlow::computeInlineDirectionPositionsForSegment):

  • rendering/RenderText.cpp:

(WebCore::isHangablePunctuationAtLineEnd):
(WebCore::RenderText::hangablePunctuationStartWidth):
(WebCore::RenderText::hangablePunctuationEndWidth):
(WebCore::RenderText::firstCharacterIndexStrippingSpaces):
(WebCore::RenderText::lastCharacterIndexStrippingSpaces):
(WebCore::RenderText::trimmedPrefWidths):

  • rendering/RenderText.h:
  • rendering/line/BreakingContext.h:

(WebCore::BreakingContext::handleText):

LayoutTests:

  • fast/text/hanging-punctuation-first-and-last-together-expected.html: Added.
  • fast/text/hanging-punctuation-first-and-last-together.html: Added.
  • fast/text/hanging-punctuation-first-ws-expected.html: Added.
  • fast/text/hanging-punctuation-first-ws.html: Added.
  • fast/text/hanging-punctuation-last-expected.html: Added.
  • fast/text/hanging-punctuation-last-rtl-expected.html: Added.
  • fast/text/hanging-punctuation-last-rtl.html: Added.
  • fast/text/hanging-punctuation-last-ws-expected.html: Added.
  • fast/text/hanging-punctuation-last-ws.html: Added.
  • fast/text/hanging-punctuation-last.html: Added.
1:46 PM Changeset in webkit [197518] by aestes@apple.com
  • 12 edits in trunk/Source

Adopt CFNetwork storage partitioning SPI
https://bugs.webkit.org/show_bug.cgi?id=154957
rdar://problem/23614620

Reviewed by Darin Adler.

Source/WebCore:

Adopt CFNetwork SPI for creating storage partitions. If Settings::cookieStoragePartitioningEnabled() is true,
create cookie storage partitions for third-party contexts. This feature is disabled by default.

No new tests. Test support is tracked by <https://webkit.org/b/154958>.

  • page/Settings.cpp:

(WebCore::Settings::setCookieStoragePartitioningEnabled): Controls whether storage partitioning for cookies is enabled.

  • page/Settings.h:

(WebCore::Settings::cookieStoragePartitioningEnabled):

  • platform/network/NetworkStorageSession.h:
  • platform/network/cf/NetworkStorageSessionCFNet.cpp:

(WebCore::cookieStoragePartition): Computes a storage partition identifier by determining the top
privately-controlled domain of the cookie's first-party (main frame document) URL, then determining whether the
cookie's document hostname is a subdomain of it. If is is not, the first-party top domain is the partition name.
Otherwise, there is no partition name.

  • platform/network/mac/CookieJarMac.mm:

(WebCore::applyPartitionToCookies): Returns a deep copy of the given cookie array after adding a storage
partition property to each copied cookie.
(WebCore::cookiesInPartitionForURL): Returns cookies for the partition computed by the given URLs. If no
partition can be determined, nil is returned.
(WebCore::cookiesForURL): Returns cookiesInPartitionForURL() if non-nil, otherwise returns wkHTTPCookiesForURL().
(WebCore::cookiesForSession): Started calling cookiesForURL().
(WebCore::setCookiesFromDOM): Called applyPartitionToCookies() if a partition can be computed from the given URLs.
(WebCore::getRawCookies): Started calling cookiesForURL().

  • platform/network/mac/ResourceHandleMac.mm:

(WebCore::ResourceHandle::createNSURLConnection): Computed the storage partition identifier for the new request.
If non-empty, set it as a property on the NSURLRequest where CFNetwork knows to find it.

  • platform/spi/cf/CFNetworkSPI.h: Declare new SPI for building with the public SDK.

Source/WebKit2:

  • NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTask::NetworkDataTask): Computed the storage partition identifier for the new session task.
If non-empty, set it using a NSURLSessionTask SPI.

Source/WTF:

  • wtf/Platform.h: Defined HAVE_CFNETWORK_STORAGE_PARTITIONING.
1:43 PM Changeset in webkit [197517] by matthew_hanson@apple.com
  • 2 edits in branches/safari-601-branch/LayoutTests

Merge r195688. None

1:25 PM Changeset in webkit [197516] by commit-queue@webkit.org
  • 8 edits in trunk/Source/WebKit2

[WK2] testRunner.setPrivateBrowsingEnabled doesn't work with NetworkProcess
https://bugs.webkit.org/show_bug.cgi?id=115274

Patch by Alex Christensen <achristensen@webkit.org> on 2016-03-03
Reviewed by Darin Adler.

  • NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::blobSize):
(WebKit::NetworkConnectionToWebProcess::ensureLegacyPrivateBrowsingSession):

  • NetworkProcess/NetworkConnectionToWebProcess.h:
  • NetworkProcess/NetworkConnectionToWebProcess.messages.in:
  • NetworkProcess/NetworkProcess.h:
  • WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::setPrivateBrowsingEnabled):

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::destroyPrivateBrowsingSession):
(WebKit::WebProcess::ensureLegacyPrivateBrowsingSessionInNetworkProcess):
(WebKit::WebProcess::pluginProcessConnectionManager):

  • WebProcess/WebProcess.h:
12:34 PM Changeset in webkit [197515] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Assertion Failed: Cannot show timeline because it does not belong to the shown recording. – "overview"
https://bugs.webkit.org/show_bug.cgi?id=154972
<rdar://problem/24956233>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/TimelineTabContentView.js:

(WebInspector.TimelineTabContentView.prototype._showTimelineViewForType):
Just show the overview if the recording has no timeline of the given type.

12:26 PM Changeset in webkit [197514] by jonlee@apple.com
  • 3 edits
    13 adds in trunk/PerformanceTests

Update image test
https://bugs.webkit.org/show_bug.cgi?id=154962

Rubber-stamped by Darin Adler.

  • Animometer/tests/master/image-data.html: Make each canvas have a compositing layer.
  • Animometer/tests/master/resources/image-data.js:

(initialize): Update to load multiple images serially.
(_loadImage):
(tune): Use display instead of visibility. When showing an element anew, move it somewhere else.
(_createTestElement): Set up the element, refactor out placement of element to _refreshElement.
(_refreshElement): Place element in a tile grid.
(animate):
(_getRandomNeighboringPixelIndex): Use a more conservative distribution to make the effect last a little longer.

  • Animometer/tests/master/resources/compass.svg: Added.
  • Animometer/tests/master/resources/console.svg: Added.
  • Animometer/tests/master/resources/contribute.svg: Added.
  • Animometer/tests/master/resources/debugger.svg: Added.
  • Animometer/tests/master/resources/inspector.svg: Added.
  • Animometer/tests/master/resources/layout.svg: Added.
  • Animometer/tests/master/resources/performance.svg: Added.
  • Animometer/tests/master/resources/script.svg: Added.
  • Animometer/tests/master/resources/shortcuts.svg: Added.
  • Animometer/tests/master/resources/standards.svg: Added.
  • Animometer/tests/master/resources/storage.svg: Added.
  • Animometer/tests/master/resources/styles.svg: Added.
  • Animometer/tests/master/resources/timeline.svg: Added.
11:46 AM Changeset in webkit [197513] by beidson@apple.com
  • 4 edits in trunk/LayoutTests

storage/indexeddb/delete-in-upgradeneeded-close-in-open-success.html flaky on mac-wk2.
https://bugs.webkit.org/show_bug.cgi?id=154747

Reviewed by Alex Christensen.

This callback coming out of order like this is okay, so the test should just allow it.

It makes sense that the flake is WK2-only, since WK1 has a much more well defined order
with thread-hopping versus process-hopping.

  • storage/indexeddb/delete-in-upgradeneeded-close-in-open-success-expected.txt:
  • storage/indexeddb/delete-in-upgradeneeded-close-in-open-success-private-expected.txt:
  • storage/indexeddb/resources/delete-in-upgradeneeded-close-in-open-success.js:
11:18 AM Changeset in webkit [197512] by sbarati@apple.com
  • 9 edits in trunk/Source/JavaScriptCore

SetPrototypeOf? isn't properly implemented everywhere
https://bugs.webkit.org/show_bug.cgi?id=154943

Reviewed by Benjamin Poulain.

We were copy-pasting implememntation bits that belong in OrdinarySetPrototypeOf
in a few different places that call O.SetPrototypeOf?(v)
rather than having those bits in OrdinarySetPrototypeOf itself.
We need to put those copy-pasted bits into OrdinarySetPrototypeOf
and not the call sites of O.SetPrototypeOf?(v) because
O.SetPrototypeOf?(v) won't always call into OrdinarySetPrototypeOf.
This is needed for correctness because this behavior is now observable
with the ES6 Proxy object.

  • runtime/ClassInfo.h:
  • runtime/JSCell.cpp:

(JSC::JSCell::isExtensible):
(JSC::JSCell::setPrototype):

  • runtime/JSCell.h:
  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncProtoSetter):

  • runtime/JSObject.cpp:

(JSC::JSObject::setPrototypeDirect):
(JSC::JSObject::setPrototypeWithCycleCheck):
(JSC::JSObject::setPrototype):
(JSC::JSObject::allowsAccessFrom):

  • runtime/JSObject.h:

(JSC::JSObject::mayInterceptIndexedAccesses):

  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorSetPrototypeOf):

  • runtime/ReflectObject.cpp:

(JSC::reflectObjectSetPrototypeOf):

10:34 AM Changeset in webkit [197511] by Manuel Rego Casasnovas
  • 2 edits in trunk/Source/WebCore

[css-grid] Fix order of grid shorthands in CSSPropertyNames.in
https://bugs.webkit.org/show_bug.cgi?id=154915

Reviewed by Darin Adler.

The order of columns and rows in grid and grid-template shorthands
has been swapped recently (r196906 & r196934).
However the order was not updated in CSSPropertyNames.in file.

  • css/CSSPropertyNames.in:
10:30 AM Changeset in webkit [197510] by beidson@apple.com
  • 2 edits in trunk/LayoutTests

storage/indexeddb/intversion-open-in-upgradeneeded.html is flaky on mac-wk2 debug.
https://bugs.webkit.org/show_bug.cgi?id=154706

Rubberstamped by Alex Christensen.

This test was fixed by http://trac.webkit.org/changeset/197474.

Unskipping it now.

  • platform/mac-wk2/TestExpectations:
9:40 AM Changeset in webkit [197509] by ap@apple.com
  • 3 edits in trunk/Source/WebCore

AllInOne build fix.

  • rendering/RenderFlexibleBox.cpp:
  • rendering/RenderGrid.cpp:

Don't have two static functions with the same name.

9:28 AM Changeset in webkit [197508] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

Unreviewed, rolling out r197442.
https://bugs.webkit.org/show_bug.cgi?id=154967

Broke tests, and also uses a wrong approach (Requested by ap
on #webkit).

Reverted changeset:

"Disable FTL JIT testing on 32-bit JSC tester bots"
https://bugs.webkit.org/show_bug.cgi?id=154858
http://trac.webkit.org/changeset/197442

9:25 AM Changeset in webkit [197507] by Chris Dumez
  • 15 edits in trunk

Drop [TreatNullAs=EmptyString] from URL interface attributes
https://bugs.webkit.org/show_bug.cgi?id=154951

Reviewed by Darin Adler.

Source/WebCore:

Drop [TreatNullAs=EmptyString] from URL interface attributes to match
the specification:

Firefox and Chrome both already follow the specification and convert
null to the "null" string.

No new tests, already covered by existing tests.

  • html/URLUtils.idl:

LayoutTests:

Update existing tests now that URL interface attributes no longer treat
null as the empty string.

  • fast/dom/DOMURL/set-href-attribute-hash-expected.txt:
  • fast/dom/DOMURL/set-href-attribute-hash.html:
  • fast/dom/DOMURL/set-href-attribute-host-expected.txt:
  • fast/dom/DOMURL/set-href-attribute-host.html:
  • fast/dom/DOMURL/set-href-attribute-hostname-expected.txt:
  • fast/dom/DOMURL/set-href-attribute-hostname.html:
  • fast/dom/DOMURL/set-href-attribute-pathname-expected.txt:
  • fast/dom/DOMURL/set-href-attribute-pathname.html:
  • fast/dom/DOMURL/set-href-attribute-protocol-expected.txt:
  • fast/dom/DOMURL/set-href-attribute-protocol.html:
  • fast/dom/DOMURL/set-href-attribute-search-expected.txt:
  • fast/dom/DOMURL/set-href-attribute-search.html:
9:09 AM Changeset in webkit [197506] by commit-queue@webkit.org
  • 8 edits in trunk/Source/WebCore

[TextureMapper] Use RGBA format for textures attached to framebuffers
https://bugs.webkit.org/show_bug.cgi?id=154965

Patch by Miguel Gomez <magomez@igalia.com> on 2016-03-03
Reviewed by Žan Doberšek.

Use RGBA format when allocating textures that will be used as framebuffer
attachments. This means adding a new flag to BitmapTexture and modifying
BitmapTextureGL to use the appropriate format according to the flag. Also,
BitmapTexturePool needs to use two vectors to handle both types of textures
separately, as we want to avoid constantly switching the format of a reused
texture.

No new tests since the behavior change is covered by existing tests.

  • platform/graphics/texmap/BitmapTexture.h: Add new flag.
  • platform/graphics/texmap/BitmapTextureGL.cpp:

(WebCore::BitmapTextureGL::BitmapTextureGL): Receive flags on constructor and use RGBA
when the FBOAttachment flag is enabled.
(WebCore::BitmapTextureGL::applyFilters): Use FBOAttachemt flag to request a texture.

  • platform/graphics/texmap/BitmapTextureGL.h: Add flags to the constructor.
  • platform/graphics/texmap/BitmapTexturePool.cpp: Add a new vector of textures to hold

those in RGBA format.
(WebCore::BitmapTexturePool::acquireTexture): Return a texture for the usage specified
in the incoming flags.
(WebCore::BitmapTexturePool::releaseUnusedTexturesTimerFired): Release textures from
both vectors.
(WebCore::BitmapTexturePool::createTexture): Pass the usage flag when creating a new
texture.

  • platform/graphics/texmap/BitmapTexturePool.h: Add new texture vector and add flags to

the needed headers.

  • platform/graphics/texmap/TextureMapper.cpp:

(WebCore::TextureMapper::acquireTextureFromPool): Pass the received flags to the BitmapTexturePool.

  • platform/graphics/texmap/TextureMapperLayer.cpp:

(WebCore::TextureMapperLayer::paintIntoSurface): Use FBOAttachemt flag to request a texture.

8:40 AM Changeset in webkit [197505] by clopez@igalia.com
  • 6 edits in trunk/Tools

[GTK] Run the run-benchmark script on the performance bot.
https://bugs.webkit.org/show_bug.cgi?id=154595

Reviewed by Carlos Garcia Campos.

  • BuildSlaveSupport/build.webkit.org-config/master.cfg: Add new RunBenchmarkTests step on the perf bots (only for the GTK+ port at this moment).

(RunBenchmarkTests):
(RunBenchmarkTests.start):
(RunBenchmarkTests.getText):
(RunBenchmarkTests.getText2):
(BuildAndPerfTestFactory.init):
(DownloadAndPerfTestFactory.init):

  • BuildSlaveSupport/build.webkit.org-config/mastercfg_unittest.py: Add new test for RunBenchmarkTests and update expected steps of GTK+ perf bot.

(RunBenchmarkTest):
(RunBenchmarkTest.assertResults):
(RunBenchmarkTest.test_success):
(RunBenchmarkTest.test_tests_failed):

  • Scripts/webkitpy/benchmark_runner/benchmark_runner.py: Log both the current iteration as also the total iterations for the current benchmark/plan.

(BenchmarkRunner._run_benchmark):

  • Scripts/webkitpy/benchmark_runner/browser_driver/gtk_minibrowser_driver.py: Use python logging also for errors.

(GTKMiniBrowserDriver.close_browsers):

  • Scripts/webkitpy/benchmark_runner/run_benchmark.py: Implement support for running all available benchmark plans.

(parse_args):
(start):
(main):

6:59 AM WebKitGTK/2.4.x edited by tpopela@redhat.com
(diff)
6:09 AM Changeset in webkit [197504] by Gyuyoung Kim
  • 3 edits in trunk/Tools

[EFL] Remove u-szeged.hu SVN mirror in EFL perf bot
https://bugs.webkit.org/show_bug.cgi?id=154960

Reviewed by Csaba Osztrogonác.

  • BuildSlaveSupport/build.webkit.org-config/config.json: Remove szeged univ's svn mirror.
  • BuildSlaveSupport/build.webkit.org-config/mastercfg_unittest.py:
4:15 AM WebKitGTK/2.4.x edited by berto@igalia.com
(diff)
4:05 AM WebKitGTK/2.4.x edited by berto@igalia.com
(diff)
4:00 AM WebKitGTK/2.4.x edited by berto@igalia.com
(diff)
3:05 AM Changeset in webkit [197503] by jfernandez@igalia.com
  • 57 edits in trunk

[CSS Box Alignment] New CSS Value 'normal' for Content Alignment
https://bugs.webkit.org/show_bug.cgi?id=154282

Source/WebCore:

Reviewed by David Hyatt.

The Box Alignment specification defines a new value 'normal' to be used
as default for the different layout models, which will define the
specific behavior for each case. This patch adds a new CSS value in the
parsing logic and adapts the Content Alignment properties to the new
value.

The 'auto' value is no longer valid and the Computed Value will be
always the specified value. Hence, I removed the StyleResolver logic
because is not required now; the specific behavior of the 'normal'
value will be resolved at layout time.

Computed value of both align-content and justify-content is the
specified value, we don't have to resolve any 'auto' value now.

Additionally, this patch updates the layout logic as well, for both
Flexbox and Grid layout models.

No new tests, since we only need to rebaseline those test cases
affected by the new default computed value.

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::valueForContentPositionAndDistributionWithOverflowAlignment):
(WebCore::ComputedStyleExtractor::propertyValue):
(WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue): Deleted.
(WebCore::CSSComputedStyleDeclaration::copyProperties): Deleted.
(WebCore::nodeOrItsAncestorNeedsStyleRecalc): Deleted.
(WebCore::isFlexOrGrid): Deleted.
(WebCore::ComputedStyleExtractor::customPropertyValue): Deleted.

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseContentDistributionOverflowPosition):

  • css/CSSPrimitiveValueMappings.h:

(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::operator ContentPosition):

  • rendering/RenderFlexibleBox.cpp:

(WebCore::normalValueBehavior):
(WebCore::RenderFlexibleBox::layoutAndPlaceChildren):
(WebCore::RenderFlexibleBox::layoutColumnReverse):
(WebCore::RenderFlexibleBox::alignFlexLines):
(WebCore::alignContentSpaceBetweenChildren): Deleted.

  • rendering/RenderGrid.cpp:

(WebCore::normalValueBehavior):
(WebCore::RenderGrid::applyStretchAlignmentToTracksIfNeeded):
(WebCore::RenderGrid::columnAxisOffsetForChild):
(WebCore::RenderGrid::rowAxisOffsetForChild):
(WebCore::resolveContentDistributionFallback):
(WebCore::contentDistributionOffset):
(WebCore::RenderGrid::computeContentPositionAndDistributionOffset):

  • rendering/style/RenderStyle.cpp:

(WebCore::resolvedContentAlignmentPosition):
(WebCore::resolvedContentAlignmentDistribution):
(WebCore::RenderStyle::resolvedJustifyContentPosition):
(WebCore::RenderStyle::resolvedJustifyContentDistribution):
(WebCore::RenderStyle::resolvedAlignContentPosition):
(WebCore::RenderStyle::resolvedAlignContentDistribution):

  • rendering/style/RenderStyle.h:
  • rendering/style/RenderStyleConstants.h:

LayoutTests:

The Box Alignment specification defines a new value 'normal' to be used
as default for the different layout models, which will define the
specific behavior for each case. This patch adds a new CSS value in the
parsing logic and adapts the Content Alignment properties to the new
value.

Since the 'normal' vlaue, initial/default for both justify-content
and align-content CSS properties, behaves now as 'stretch' instead
of o'start' we have to rebaseline those tests affected by the new
default value.

Reviewed by David Hyatt.

  • css3/flexbox/css-properties-expected.txt:
  • css3/flexbox/css-properties.html:
  • css3/parse-align-content-expected.txt:
  • css3/parse-align-content.html:
  • css3/parse-justify-content-expected.txt:
  • css3/parse-justify-content.html:
  • css3/resources/alignment-parsing-utils.js:

(checkBadValues):

  • fast/css-grid-layout/auto-content-resolution-columns.html:
  • fast/css-grid-layout/grid-auto-columns-rows-update.html:
  • fast/css-grid-layout/grid-auto-flow-resolution.html:
  • fast/css-grid-layout/grid-columns-rows-get-set-multiple.html:
  • fast/css-grid-layout/grid-columns-rows-get-set.html:
  • fast/css-grid-layout/grid-container-change-named-grid-lines-recompute-child.html:
  • fast/css-grid-layout/grid-content-sized-columns-resolution.html:
  • fast/css-grid-layout/grid-dynamic-updates-relayout.html:
  • fast/css-grid-layout/grid-element-min-max-width.html:
  • fast/css-grid-layout/grid-element-repeat-get-set.html:
  • fast/css-grid-layout/grid-initialize-span-one-items.html:
  • fast/css-grid-layout/grid-item-addition-auto-placement-update.html:
  • fast/css-grid-layout/grid-item-addition-track-breadth-update.html:
  • fast/css-grid-layout/grid-item-bad-named-area-auto-placement.html:
  • fast/css-grid-layout/grid-item-margin-auto-columns-rows-horizontal-ltr.html:
  • fast/css-grid-layout/grid-item-margin-auto-columns-rows-horizontal-rtl.html:
  • fast/css-grid-layout/grid-item-margin-auto-columns-rows-vertical-ltr.html:
  • fast/css-grid-layout/grid-item-margin-auto-columns-rows-vertical-rtl.html:
  • fast/css-grid-layout/grid-item-multiple-minmax-content-resolution.html:
  • fast/css-grid-layout/grid-item-named-grid-area-resolution.html:
  • fast/css-grid-layout/grid-item-negative-indexes.html:
  • fast/css-grid-layout/grid-item-order-in-content-sized-columns-resolution.html:
  • fast/css-grid-layout/grid-item-removal-auto-placement-update.html:
  • fast/css-grid-layout/grid-item-removal-track-breadth-update.html:
  • fast/css-grid-layout/grid-update-sizes-after-distributing-all.html:
  • fast/css-grid-layout/implicit-columns-auto-resolution.html:
  • fast/css-grid-layout/implicit-position-dynamic-change.html:
  • fast/css-grid-layout/mark-as-infinitely-growable.html:
  • fast/css-grid-layout/maximize-tracks-definite-indefinite-width.html:
  • fast/css-grid-layout/minmax-spanning-resolution-columns.html:
  • fast/css-grid-layout/named-grid-line-get-set.html:
  • fast/css-grid-layout/named-grid-lines-computed-style-implicit-tracks.html:
  • fast/css-grid-layout/named-grid-lines-with-named-grid-areas-resolution.html:
  • fast/css-grid-layout/percent-intrinsic-track-breadth.html:
  • fast/css-grid-layout/percent-track-breadths-regarding-container-size.html:
  • fast/css-grid-layout/resources/grid-definitions-parsing-utils.js:

(checkGridTemplatesSetJSValues):

  • fast/css-grid-layout/resources/grid-template-shorthand-parsing-utils.js:

(checkGridDefinitionsSetJSValues):
(testGridDefinitionsSetBadJSValues):

  • fast/css/getComputedStyle/computed-style-expected.txt:
  • fast/css/getComputedStyle/computed-style-without-renderer-expected.txt:
  • svg/css/getComputedStyle-basic-expected.txt:
2:53 AM WebKitGTK/2.4.x edited by tpopela@redhat.com
(diff)
2:48 AM Changeset in webkit [197502] by Antti Koivisto
  • 3 edits in trunk/Source/WebCore

Slider thumb style should not depend on renderers
https://bugs.webkit.org/show_bug.cgi?id=154961

Reviewed by Andreas Kling.

Currently slider thumb pseudo id is computed based on host element renderer.
Style is the input for building a render tree and should be computable without having one.

  • html/shadow/SliderThumbElement.cpp:

(WebCore::SliderThumbElement::hostInput):
(WebCore::SliderThumbElement::customStyleForRenderer):

Compute pseudo id based on the host style.
Return nullptr so style recalc will otherwise proceed normally.

(WebCore::SliderThumbElement::shadowPseudoId):
(WebCore::SliderThumbElement::cloneElementWithoutAttributesAndChildren):
(WebCore::SliderContainerElement::SliderContainerElement):
(WebCore::SliderContainerElement::create):
(WebCore::SliderContainerElement::createElementRenderer):
(WebCore::SliderContainerElement::customStyleForRenderer):

Here too.

(WebCore::SliderContainerElement::shadowPseudoId):
(WebCore::sliderThumbShadowPseudoId): Deleted.
(WebCore::mediaSliderThumbShadowPseudoId): Deleted.

  • html/shadow/SliderThumbElement.h:
2:23 AM Changeset in webkit [197501] by Manuel Rego Casasnovas
  • 4 edits in trunk/Source/WebCore

[css-grid] Simplify method to resolve auto-placed items
https://bugs.webkit.org/show_bug.cgi?id=154911

Reviewed by Sergio Villar Senin.

Refactor the method to resolve auto-placed items
as we're only interested in knowing the span size.

Adapt the calls to use the span size instead of a GridSpan.

No new tests, no change of behavior.

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
(WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid):
(WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
(WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):

  • rendering/style/GridResolvedPosition.cpp:

(WebCore::GridResolvedPosition::spanSizeForAutoPlacedItem):
(WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
Renamed to spanSizeForAutoPlacedItem().

  • rendering/style/GridResolvedPosition.h:
1:12 AM Changeset in webkit [197500] by achristensen@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Fix Windows build after r197489.

  • jsc.cpp:
12:22 AM Changeset in webkit [197499] by jonlee@apple.com
  • 4 edits in trunk/PerformanceTests

Add some new controllers, and refine tests
https://bugs.webkit.org/show_bug.cgi?id=154914

Reviewed by Simon Fraser.

Improve tests.

  • Animometer/tests/master/focus.html: Move each particle into a layer. Put the particle

in a container element. Expand the container element by the max blur radius, and clip
overflow. This way, when the blur is applied, it avoids causing layer resizes.

  • Animometer/tests/master/resources/focus.js:

(FocusElement.Utilities.createClass): Create a container element, and put the particle
inside.
(hide): Set display:none.
(show): Set display:block.
(animate): Apply filters to the container element.
(FocusStage.call.initialize): Instead of inserting and removing elements from the DOM,
keep them in the stage, but set the display style instead. Use this._offsetIndex to
keep track of which elements are displayed.
(FocusStage.call.animate): Move some calculations around to avoid doing unneeded math.
(FocusStage.call.getBlurValue): Make sure elements are always blurred.
(FocusStage.call.getOpacityValue): Make sure elements have some opacity.

  • Animometer/tests/master/resources/multiply.js: Have the particles on the edge of the

stage appear less black when the complexity gets large enough.
(tune): Have this._distanceFactor calculate the factor. Avoid calculating square root each
frame.

12:15 AM Changeset in webkit [197498] by jonlee@apple.com
  • 7 edits in trunk/PerformanceTests

Add some new controllers, and refine tests
https://bugs.webkit.org/show_bug.cgi?id=154914

Reviewed by Simon Fraser.

Add a controller that centers around 30 fps instead of 60 fps.

  • Animometer/developer.html: Add a new option.
  • Animometer/resources/debug-runner/animometer.js:
  • Animometer/resources/runner/animometer.js:

(this._processData.findRegression): When calculating the complexity-frameLength regression,
check the controller, and use a 30 fps baseline if needed.

  • Animometer/resources/statistics.js:

(Regression.Utilities.createClass): Update to allow clients to specify the baseline
frame length.

  • Animometer/tests/resources/main.js:

(tune): Override some of the constants in RampController. Move those constants out for
easier reading.

Add a fixed controller, with no step.

  • Animometer/developer.html: Add a controller that takes no step.
  • Animometer/resources/debug-runner/animometer.js:
  • Animometer/tests/resources/main.js:

(Rotater.Utilities.createClass):

Switch to ramp controller as default.

  • Animometer/developer.html: Increase the test length to 20 seconds.
  • Animometer/resources/debug-runner/animometer.js: Rename the "adjustment" field to "controller"

since that is a more accurate description.

  • Animometer/resources/debug-runner/graph.js:
  • Animometer/resources/runner/animometer.js: Update preferences for release suite.

Mar 2, 2016:

11:44 PM Changeset in webkit [197497] by Chris Dumez
  • 3 edits
    2 adds in trunk

HTMLFormElement's named property getter does not return a RadioNodelist
https://bugs.webkit.org/show_bug.cgi?id=154949

Reviewed by Ryosuke Niwa.

Source/WebCore:

HTMLFormElement's named property getter should return a RadioNodeList
when there are several matches:
https://html.spec.whatwg.org/multipage/forms.html#the-form-element

Previously, WebKit returned a generic NodeList. As a result, users
cannot create a white-and-gold hat in the MAKE A HAT GREAT AGAIN
section at:
https://www.washingtonpost.com/news/the-fix/wp/2015/10/06/hey-lets-all-make-our-own-donald-trump-hats/

Chrome and Firefox already match the specification. Edge will soon.

Test: fast/dom/HTMLFormElement/named-property-getter-radionodelist.html

  • bindings/js/JSHTMLFormElementCustom.cpp:

(WebCore::JSHTMLFormElement::nameGetter):

LayoutTests:

Add layout test to confirm that HTMLFormElement's named property getter
does indeed return a RadioNodeList when there are several matches.

  • fast/dom/HTMLFormElement/named-property-getter-radionodelist-expected.txt: Added.
  • fast/dom/HTMLFormElement/named-property-getter-radionodelist.html: Added.
11:36 PM Changeset in webkit [197496] by commit-queue@webkit.org
  • 5 edits in trunk/Source/WebKit2

Properly cancel downloads when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154893

Patch by Alex Christensen <achristensen@webkit.org> on 2016-03-02
Reviewed by Brady Eidson.

  • NetworkProcess/Downloads/Download.cpp:

(WebKit::Download::Download):

  • NetworkProcess/Downloads/Download.h:
  • NetworkProcess/Downloads/cocoa/DownloadCocoa.mm:

(WebKit::Download::cancel):

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:dataTask:didBecomeDownloadTask:]):

10:37 PM Changeset in webkit [197495] by fred.wang@free.fr
  • 2 edits in trunk/Tools

[jhbuild] Remove LLVM dependency.
https://bugs.webkit.org/show_bug.cgi?id=153274

Patch by Frederic Wang <fwang@igalia.com> on 2016-03-03
Reviewed by Carlos Garcia Campos.

  • gtk/jhbuild.modules:
10:31 PM Changeset in webkit [197494] by Chris Dumez
  • 5 edits in trunk

Drop [TreatNullAs=LegacyNullString] from HTMLBaseElement.href
https://bugs.webkit.org/show_bug.cgi?id=154952

Reviewed by Ryosuke Niwa.

Source/WebCore:

Drop [TreatNullAs=LegacyNullString] from HTMLBaseElement.href as this
does not match the specification:

Firefox and Chrome both convert null to the string "null".

No new tests, updated the following existing test:
fast/dom/HTMLBaseElement/href-attribute-resolves-with-respect-to-document.html

  • html/HTMLBaseElement.idl:

LayoutTests:

Update existing layout test now that HTMLBaseElement.href setter no
longer treats null as the empty string.

  • fast/dom/HTMLBaseElement/href-attribute-resolves-with-respect-to-document-expected.txt:
  • fast/dom/HTMLBaseElement/href-attribute-resolves-with-respect-to-document.html:
10:26 PM Changeset in webkit [197493] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Update MemoryTimelineView for new ruler height
https://bugs.webkit.org/show_bug.cgi?id=153904
<rdar://problem/24517259>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/MemoryTimelineView.css:

(.timeline-view.memory > .content > .details > .timeline-ruler):
(.timeline-view.memory > .content > .details > .subtitle):
Adjust ruler top and subtitle padding for shorter timeline ruler.
Also reduced padding in the Categories heading area to tighen up
the layout a bit.

9:58 PM Changeset in webkit [197492] by fpizlo@apple.com
  • 7 edits
    1 add in trunk/Source/JavaScriptCore

RegExpExec/RegExpTest should not unconditionally speculate cell
https://bugs.webkit.org/show_bug.cgi?id=154901

Reviewed by Benjamin Poulain.

This is a three part change. It all started with a simple goal: end the rage-recompiles in
Octane/regexp by enabling the DFG and FTL to do untyped RegExpExec/RegExpTest. This keeps us
in the optimized code when you do a regexp match on a number, for example.

While implementing this, I realized that DFGOperations.cpp was bad at exception checking. When
it did check for exceptions, it used exec->hadException() instead of vm.exception(). So I
fixed that. I also made sure that the regexp operations checked for exception after doing
toString().

Unfortunately, the introduction of untyped RegExpExec/RegExpTest caused a regression on
Octane/regexp. This was because we were simultaneously scheduling replacement and OSR compiles
of some large functions with the FTL JIT. The OSR compiles were not useful. This was a
regression from the previous changes to make OSR compiles happen sooner. The problem is that
this change also removed the throttling of OSR compiles even in those cases where we suspect
that replacement is more likely. This patch reintroduces that throttling, but only in the
replacement path.

This change ends up being neutral overall.

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):

  • tests/stress/regexp-exec-effect-after-exception.js: Added.
9:29 PM Changeset in webkit [197491] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

[JSC] JSCell_freeListNext and JSCell_structureID are considered not overlapping
https://bugs.webkit.org/show_bug.cgi?id=154947

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-02
Reviewed by Filip Pizlo.

This bug was discovered while testing https://bugs.webkit.org/show_bug.cgi?id=154894.

The problem was that JSCell_freeListNext and JSCell_structureID were
considered as disjoint. When reordering instructions, the scheduler
could move the write of the StructureID first to reduce dependencies.
This would erase half of JSCell_freeListNext before we get a chance
to load the value.

This patch changes the hierarchy to make sure nothing is written
until JSCell_freeListNext is processed.

All credits for this patch go to Filip.

  • ftl/FTLAbstractHeapRepository.cpp:

(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):

  • ftl/FTLAbstractHeapRepository.h:
9:19 PM Changeset in webkit [197490] by commit-queue@webkit.org
  • 8 edits in trunk/Source/JavaScriptCore

[JSC] Improve Select of Doubles based on Double condition
https://bugs.webkit.org/show_bug.cgi?id=154572

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-02
Reviewed by Filip Pizlo.

Octane has a bunch of Select on Double based on comparing Doubles.
A few nodes generate that: ValueRep, Min, Max, etc.

On ARM64, we can improve our code a lot. ARM can do a select
based on flags with the FCSEL instruction.

On x86, this patch adds aggressive aliasing for moveDoubleConditionallyXXX.
This has obviously a much more limited impact.

  • assembler/MacroAssembler.h:

(JSC::MacroAssembler::moveDoubleConditionally32): Deleted.
(JSC::MacroAssembler::moveDoubleConditionally64): Deleted.
(JSC::MacroAssembler::moveDoubleConditionallyTest32): Deleted.
(JSC::MacroAssembler::moveDoubleConditionallyTest64): Deleted.
(JSC::MacroAssembler::moveDoubleConditionallyDouble): Deleted.
(JSC::MacroAssembler::moveDoubleConditionallyFloat): Deleted.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::moveDoubleConditionallyAfterFloatingPointCompare):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyDouble):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyFloat):
(JSC::MacroAssemblerARM64::moveConditionally32):
(JSC::MacroAssemblerARM64::moveDoubleConditionally32):
(JSC::MacroAssemblerARM64::moveDoubleConditionally64):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyTest32):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyTest64):
(JSC::MacroAssemblerARM64::branch64):

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::moveConditionally32):
(JSC::MacroAssemblerX86Common::moveDoubleConditionally32):
(JSC::MacroAssemblerX86Common::moveDoubleConditionallyTest32):
(JSC::MacroAssemblerX86Common::moveDoubleConditionallyDouble):
(JSC::MacroAssemblerX86Common::moveDoubleConditionallyFloat):

  • assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::moveDoubleConditionally64):
(JSC::MacroAssemblerX86_64::moveDoubleConditionallyTest64):

  • b3/air/AirInstInlines.h:

(JSC::B3::Air::Inst::shouldTryAliasingDef):

  • b3/air/AirOpcode.opcodes:
  • b3/testb3.cpp:

(JSC::B3::populateWithInterestingValues):
(JSC::B3::floatingPointOperands):
(JSC::B3::int64Operands):
(JSC::B3::int32Operands):
(JSC::B3::testSelectCompareFloat):
(JSC::B3::testSelectCompareFloatToDouble):
(JSC::B3::testSelectDoubleCompareDouble):
(JSC::B3::testSelectDoubleCompareDoubleWithAliasing):
(JSC::B3::testSelectFloatCompareFloat):
(JSC::B3::testSelectFloatCompareFloatWithAliasing):
(JSC::B3::run):

9:15 PM Changeset in webkit [197489] by commit-queue@webkit.org
  • 12 edits
    12 adds in trunk/Source/JavaScriptCore

Add ability to generate a Heap Snapshot
https://bugs.webkit.org/show_bug.cgi?id=154847

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-02
Reviewed by Mark Lam.

This adds HeapSnapshot, HeapSnapshotBuilder, and HeapProfiler.

HeapProfiler hangs off of the VM and holds the list of snapshots.
I expect to add other HeapProfiling features, such as allocation
tracking, to the profiler.

HeapSnapshot contains a collection of live cells and their identifiers.
It can point to a previous HeapSnapshot, to ensure that a cell that
already received an identifier maintains the same identifier across
multiple snapshots. When a snapshotted cell gets garbage collected,
the cell will be swept from the HeapSnapshot at the end of collection
to ensure the list contains only live cells.

When building a HeapSnapshot nodes are added in increasing node
identifier order. When done building, the list of nodes is complete
and the snapshot is finalized. At this point the nodes are sorted
by JSCell* address to allow for quick lookup of a JSCell*.

HeapSnapshotBuilder is where snapshotting begins. The builder
will initiate a specialized heap snapshotting garbage collection.
During this collection the builder will be notified of all marked
(live) cells, and connections between cells, as seen by SlotVisitors.
The builder can reference the previous, readonly, HeapSnapshots to
avoid creating new nodes for cells that have already been snapshotted.
When it is determined that we are visiting a live cell for the first
time, we give the cell a unique identifier and add it to the the
snapshot we are building.

Since edge data is costly, and of little long term utility, this
data is only held by the builder for serialization, and not stored
long term with the HeapSnapshot node data.

The goals of HeapSnapshotting at this time are:

  • minimal impact on performance when not profiling the heap
  • unique identifier for cells, so they may be identified across multiple snapshots
  • nodes and edges to be able to construct a graph of which nodes reference/retain which other nodes
  • node data - identifier, type (class name), size
  • edge data - from cell, to cell, type / data (to come in a follow-up patch)

Add new files to the build.

  • heap/Heap.cpp:

(JSC::Heap::isHeapSnapshotting):
(JSC::RemoveDeadHeapSnapshotNodes::RemoveDeadHeapSnapshotNodes):
(JSC::RemoveDeadHeapSnapshotNodes::operator()):
(JSC::Heap::removeDeadHeapSnapshotNodes):
(JSC::Heap::collectImpl):
After every collection, sweep dead cells from in memory snapshots.

  • runtime/VM.cpp:

(JSC::VM::ensureHeapProfiler):

  • runtime/VM.h:

(JSC::VM::heapProfiler):

  • heap/Heap.h:
  • heap/HeapProfiler.cpp: Added.

(JSC::HeapProfiler::HeapProfiler):
(JSC::HeapProfiler::~HeapProfiler):
(JSC::HeapProfiler::mostRecentSnapshot):
(JSC::HeapProfiler::appendSnapshot):
(JSC::HeapProfiler::clearSnapshots):
(JSC::HeapProfiler::setActiveSnapshotBuilder):

  • heap/HeapProfiler.h: Added.

(JSC::HeapProfiler::vm):
(JSC::HeapProfiler::activeSnapshotBuilder):
VM and Heap can look at the profiler to determine if we are building a
snapshot, or the "head" snapshot to use for sweeping.

  • heap/HeapSnapshot.cpp: Added.

(JSC::HeapSnapshot::HeapSnapshot):
(JSC::HeapSnapshot::~HeapSnapshot):
(JSC::HeapSnapshot::appendNode):
Add a node to the unfinalized list of new cells.

(JSC::HeapSnapshot::sweepCell):
(JSC::HeapSnapshot::shrinkToFit):
Collect a list of cells for sweeping and then remove them all at once
in shrinkToFit. This is done to avoid thrashing of individual removes
that could cause many overlapping moves within the Vector.

(JSC::HeapSnapshot::finalize):
Sort the list, and also cache the bounding start/stop identifiers.
No other snapshot can contain an identifier in this range, so it will
improve lookup of a node from an identifier.

(JSC::HeapSnapshot::nodeForCell):
(JSC::HeapSnapshot::nodeForObjectIdentifier):
Search helpers.

  • heap/HeapSnapshotBuilder.h: Added.

(JSC::HeapSnapshotNode::HeapSnapshotNode):
(JSC::HeapSnapshotEdge::HeapSnapshotEdge):
Node and Edge struct types the builder creates.

  • heap/HeapSnapshotBuilder.cpp: Added.

(JSC::HeapSnapshotBuilder::getNextObjectIdentifier):
(JSC::HeapSnapshotBuilder::HeapSnapshotBuilder):
(JSC::HeapSnapshotBuilder::~HeapSnapshotBuilder):
(JSC::HeapSnapshotBuilder::buildSnapshot):
(JSC::HeapSnapshotBuilder::appendNode):
(JSC::HeapSnapshotBuilder::appendEdge):
When building the snapshot, generating the next identifier, and
appending to any of the lists must be guarded by a lock because
SlotVisitors running in parallel may be accessing the builder.

(JSC::HeapSnapshotBuilder::hasExistingNodeForCell):
Looking up if a node already exists in a previous snapshot can be
done without a lock because at this point the data is readonly.

(JSC::edgeTypeToNumber):
(JSC::edgeTypeToString):
(JSC::HeapSnapshotBuilder::json):
JSON serialization of a heap snapshot contains node and edge data.

  • heap/SlotVisitor.h:
  • heap/SlotVisitor.cpp:

(JSC::SlotVisitor::didStartMarking):
(JSC::SlotVisitor::reset):
Set/clear the active snapshot builder to know if this will be a
snapshotting GC or not.

(JSC::SlotVisitor::append):
(JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
Inform the builder of a new node or edge.

(JSC::SlotVisitor::visitChildren):
Remember the current cell we are visiting so that if we need to
inform the builder of edges we know the "from" cell.

  • jsc.cpp:

(SimpleObject::SimpleObject):
(SimpleObject::create):
(SimpleObject::finishCreation):
(SimpleObject::visitChildren):
(SimpleObject::createStructure):
(SimpleObject::hiddenValue):
(SimpleObject::setHiddenValue):
Create a new class "SimpleObject" that can be used by heap snapshotting
tests. It is easy to filter for this new class name and test internal
edge relationships created by garbage collection visiting the cell.

(functionCreateSimpleObject):
(functionGetHiddenValue):
(functionSetHiddenValue):
Expose methods to create and interact with a SimpleObject.

(functionGenerateHeapSnapshot):
Expose methods to create a heap snapshot. This currently automatically
turns the serialized string into a JSON object. That may change.

  • tests/heapProfiler.yaml: Added.
  • tests/heapProfiler/basic-edges.js: Added.

(excludeStructure):

  • tests/heapProfiler/basic-nodes.js: Added.

(hasDifferentSizeNodes):
(hasAllInternalNodes):
Add tests for basic node and edge data.

  • tests/heapProfiler/driver/driver.js: Added.

(assert):
(CheapHeapSnapshotNode):
(CheapHeapSnapshotEdge):
(CheapHeapSnapshotEdge.prototype.get from):
(CheapHeapSnapshotEdge.prototype.get to):
(CheapHeapSnapshot):
(CheapHeapSnapshot.prototype.get nodes):
(CheapHeapSnapshot.prototype.get edges):
(CheapHeapSnapshot.prototype.nodeWithIdentifier):
(CheapHeapSnapshot.prototype.nodesWithClassName):
(CheapHeapSnapshot.prototype.classNameFromTableIndex):
(CheapHeapSnapshot.prototype.edgeTypeFromTableIndex):
(createCheapHeapSnapshot):
(HeapSnapshotNode):
(HeapSnapshotEdge):
(HeapSnapshot):
(HeapSnapshot.prototype.nodesWithClassName):
(createHeapSnapshot):
Add two HeapSnapshot representations.
CheapHeapSnapshot creates two lists of node and edge data that
lazily creates objects as needed.
HeapSnapshot creates an object for each node and edge. This
is wasteful but easier to use.

7:50 PM Changeset in webkit [197488] by Matt Baker
  • 9 edits
    2 copies in trunk/Source/WebInspectorUI

Web Inspector: Timelines UI redesign: replace content view container with a content browser
https://bugs.webkit.org/show_bug.cgi?id=153033
<rdar://problem/24195565>

Reviewed by Timothy Hatcher.

This patch replaces the ContentViewContainer in the Timelines tab with a ContentBrowser,
moves filtering controls from the sidebar to the new browser's navigation bar, and adds
a new leaf path component for the current ruler selection to the main content browser's
navigation bar.

  • Localizations/en.lproj/localizedStrings.js:

New UI strings.

  • UserInterface/Base/Utilities.js:

Added global en dash string.

  • UserInterface/Main.html:
  • UserInterface/Test.html:

New files.

  • UserInterface/Models/TimelineRange.js:

(WebInspector.TimelineRange):
(WebInspector.TimelineRange.prototype.get startValue):
(WebInspector.TimelineRange.prototype.set startValue):
(WebInspector.TimelineRange.prototype.get endValue):
(WebInspector.TimelineRange.prototype.set endValue):
New represented object used by ruler selection path components.

  • UserInterface/Views/FilterBarNavigationItem.js:

(WebInspector.FilterBarNavigationItem):
(WebInspector.FilterBarNavigationItem.prototype.get filterBar):
Adapter class for using a FilterBar as a NavigationItem.

  • UserInterface/Views/TimelineIcons.css:

(.time-icon .icon):
Icon class used by ruler selection path component.

  • UserInterface/Views/TimelineRecordingContentView.css:

(.content-view.timeline-recording > .content-browser):
(.content-view.timeline-recording > .content-browser > .navigation-bar):
(.content-view.timeline-recording > .content-browser > .navigation-bar > .item.scope-bar.default-item-selected > .multiple):
(.content-view.timeline-recording > .content-browser > .navigation-bar > .item.scope-bar.default-item-selected > .multiple .arrows):
(.content-view.timeline-recording > .content-browser > .content-view-container > .timeline-view > .data-grid td):
(.content-view.timeline-recording > .content-browser > .content-view-container > .timeline-view > .data-grid table.data):
(.content-view.timeline-recording > .content-view-container): Deleted.
(.content-view.timeline-recording > .content-view-container > .timeline-view > .data-grid td): Deleted.
(.content-view.timeline-recording > .content-view-container > .timeline-view > .data-grid table.data): Deleted.
New styles for the ContentBrowser that replaces the ContentViewContainer.

  • UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView):
Create the ContentBrowser, ruler selection path components, and the browser's filter bar.

(WebInspector.TimelineRecordingContentView.prototype.showOverviewTimelineView):
(WebInspector.TimelineRecordingContentView.prototype.showTimelineViewForTimeline):
Implemented by the content browser instead of the view container.

(WebInspector.TimelineRecordingContentView.prototype.get selectionPathComponents):
Add timeline and selection path components. Components for the current TimelineView
are now located in the lower content browser's navigation bar.

(WebInspector.TimelineRecordingContentView.prototype.get supplementalRepresentedObjects):
(WebInspector.TimelineRecordingContentView.prototype.get handleCopyEvent):
(WebInspector.TimelineRecordingContentView.prototype.get supportsSave):
(WebInspector.TimelineRecordingContentView.prototype.get saveData):
(WebInspector.TimelineRecordingContentView.prototype.get currentTimelineView):
(WebInspector.TimelineRecordingContentView.prototype.shown):
(WebInspector.TimelineRecordingContentView.prototype.hidden):
(WebInspector.TimelineRecordingContentView.prototype.closed):
(WebInspector.TimelineRecordingContentView.prototype.canGoBack):
(WebInspector.TimelineRecordingContentView.prototype.canGoForward):
(WebInspector.TimelineRecordingContentView.prototype.goBack):
(WebInspector.TimelineRecordingContentView.prototype.goForward):
(WebInspector.TimelineRecordingContentView.prototype.saveToCookie):
Implemented by the content browser instead of the view container.

(WebInspector.TimelineRecordingContentView.prototype.contentBrowserTreeElementForRepresentedObject):
Create the root tree element for the lower content browser's navigation bar.

(WebInspector.TimelineRecordingContentView.prototype._timeRangePathComponentSelected):
Update the ruler selection based on the new path component.

(WebInspector.TimelineRecordingContentView.prototype._contentViewSelectionPathComponentDidChange):
(WebInspector.TimelineRecordingContentView.prototype._contentViewSupplementalRepresentedObjectsDidChange):
(WebInspector.TimelineRecordingContentView.prototype._updateTimes):
(WebInspector.TimelineRecordingContentView.prototype._updateTimelineOverviewHeight):
Implemented by the content browser instead of the view container.

(WebInspector.TimelineRecordingContentView.prototype._timeRangeSelectionChanged):
Update the currently selected path component when the ruler selection changes.
If the entire range is selected, show the "Entire Recording" path component,
otherwise update the TimelineRange of the path component for the user-defined
selection and refresh all timeline range path components.

(WebInspector.TimelineRecordingContentView.prototype._updateTimeRangePathComponents):
Update title text and sibling relationships for ruler selection path components.

(WebInspector.TimelineRecordingContentView.prototype._createTimelineRangePathComponent):
Helper function for creating TimelineRange path components.

(WebInspector.TimelineRecordingContentView.prototype._currentContentViewDidChange):
The TimelineView scope bar is no longer added to the sidebar. The UI has been moved
to the lower content browser navigation bar.

(WebInspector.TimelineRecordingContentView.prototype._updateFrameSelection): Deleted.
No longer needed since the selected range is shown in the navigation bar.

  • UserInterface/Views/TimelineView.js:

(WebInspector.TimelineView.prototype.get navigationItems):
Adds the TimelineView's scope bar (if any) to the lower content browser's navigation
bar. Items are inserted before the filter bar, which is always the right-most item.

7:45 PM Changeset in webkit [197487] by Matt Baker
  • 21 edits in trunk/Source/WebInspectorUI

Web Inspector: Timelines UI redesign: show content tree outline records in timeline data grids
https://bugs.webkit.org/show_bug.cgi?id=153032
<rdar://problem/24195317>

Reviewed by Timothy Hatcher.

This patch relocates the data shown in the Timelines navigation sidebar content tree outline
to a new grid column in each TimelineDataGrid. Logic for creating subtitles, goto arrow buttons,
and status elements (the progress spinner used for network resources) has been replicated in
the appropriate TimelineDataGridNode classes.

Duplicate logic contained in TimelineRecordTreeElement classes is left in place for now, but
will be removed in <https://webkit.org/b/153036>.

  • UserInterface/Views/DataGrid.css:

(.data-grid td.error):
Use --error-text-color CSS variable.

  • UserInterface/Views/DataGrid.js:

Removed GoToArrowClicked event.
(WebInspector.DataGridNode.prototype.createGoToArrowButton.buttonClicked): Deleted.
(WebInspector.DataGridNode.prototype.createGoToArrowButton): Deleted.
Now part of TimelineDataGridNode.

  • UserInterface/Views/LayoutTimelineDataGridNode.js:

(WebInspector.LayoutTimelineDataGridNode):
(WebInspector.LayoutTimelineDataGridNode.prototype.get data):
Add name cell to row data.
(WebInspector.LayoutTimelineDataGridNode.prototype.createCellContent):
Create name cell.

  • UserInterface/Views/LayoutTimelineView.css:

(.timeline-view.layout > .data-grid .eventType-column): Deleted.
Column border no longer hidden.

  • UserInterface/Views/LayoutTimelineView.js:

(WebInspector.LayoutTimelineView):
Setup name column.

  • UserInterface/Views/NetworkTimelineView.css:

(.timeline-view.network > .data-grid .name-column .subtitle):
Don't show subtitles in the Network grid's name column.

  • UserInterface/Views/NetworkTimelineView.js:

(WebInspector.NetworkTimelineView):
Setup name column.

  • UserInterface/Views/OverviewTimelineView.css:

(.timeline-view.overview > .data-grid th.graph-column > .timeline-ruler):
(.timeline-view.overview > .data-grid th.graph-column > .timeline-ruler > .header):
(.timeline-view.overview > .data-grid th):
(body.window-inactive .timeline-view.overview > .data-grid th):
(.timeline-view.overview .timeline-ruler > .event-markers):
(.timeline-view.overview > .data-grid):
(.timeline-view.overview > .timeline-ruler): Deleted.
(.timeline-view.overview > .timeline-ruler > .header): Deleted.
(body.window-inactive .timeline-view.overview > .timeline-ruler > .header): Deleted.
(.timeline-view.overview > .timeline-ruler > .event-markers): Deleted.
New styles for adding grid column headers and using a TimelineRuler as the
graph column header.

  • UserInterface/Views/OverviewTimelineView.js:

(WebInspector.OverviewTimelineView):
Setup name column and add ruler to graph column header.

  • UserInterface/Views/ProfileNodeDataGridNode.js:

(WebInspector.ProfileNodeDataGridNode):
Use cached data instead of creating row data at construction time.
(WebInspector.ProfileNodeDataGridNode.prototype.get data):
Add name cell to row data.
(WebInspector.ProfileNodeDataGridNode.prototype.createCellContent):
Create name cell.
(WebInspector.ProfileNodeDataGridNode.prototype._iconClassNameForProfileNode):
(WebInspector.ProfileNodeDataGridNode.prototype._titleForProfileNode):
Copied from ProfileNodeTreeElement.

  • UserInterface/Views/RenderingFrameTimelineDataGridNode.js:

(WebInspector.RenderingFrameTimelineDataGridNode):
(WebInspector.RenderingFrameTimelineDataGridNode.prototype.get data):
Add name cell to row data.
(WebInspector.RenderingFrameTimelineDataGridNode.prototype.createCellContent):
Create name cell.

  • UserInterface/Views/RenderingFrameTimelineView.js:

(WebInspector.RenderingFrameTimelineView):
Setup name column.

  • UserInterface/Views/ResourceTimelineDataGridNode.js:

(WebInspector.ResourceTimelineDataGridNode):
Renamed "graphOnly" to "includesGraph", since resource rows in the overview
now show the name column in addition to the graph column. Resource events
LoadingDidFinish and LoadingDidFail now need to be handled for both types
of resource rows.

(WebInspector.ResourceTimelineDataGridNode.prototype.get data):
(WebInspector.ResourceTimelineDataGridNode.prototype.createCellContent):
Update resource status element and create name cell content.
(WebInspector.ResourceTimelineDataGridNode.prototype._createNameCellDocumentFragment):
Create DOM fragment with titles. Based on code in TimelineRecordTreeElement.
(WebInspector.ResourceTimelineDataGridNode.prototype._dataGridNodeGoToArrowClicked):
Show resource when goto arrow is clicked.
(WebInspector.ResourceTimelineDataGridNode.prototype._updateStatus):
Update name cell's text color and progress spinner.

  • UserInterface/Views/ResourceTreeElement.css:

(.item.resource.failed):
(.item.resource.failed .subtitle):
Use --error-text-color CSS variable.

  • UserInterface/Views/ScriptTimelineDataGridNode.js:

(WebInspector.ScriptTimelineDataGridNode):
(WebInspector.ScriptTimelineDataGridNode.prototype.createCellContent):
(WebInspector.ScriptTimelineDataGridNode.prototype._createNameCellDocumentFragment):
Create DOM fragment with titles. Based on code in TimelineRecordTreeElement.

  • UserInterface/Views/ScriptTimelineView.js:

(WebInspector.ScriptTimelineView):
Setup name column.

  • UserInterface/Views/SourceCodeTimelineTimelineDataGridNode.js:

(WebInspector.SourceCodeTimelineTimelineDataGridNode.prototype.createCellContent):
Added now that this node type is no longer "graph only".
(WebInspector.SourceCodeTimelineTimelineDataGridNode.prototype._createNameCellContent):
Create DOM fragment with titles. Based on code in TimelineRecordTreeElement.

  • UserInterface/Views/TimelineDataGridNode.js:

(WebInspector.TimelineDataGridNode):
Renamed graphOnly to includesGraph.
(WebInspector.TimelineDataGridNode.prototype.createCellContent):
Removed icon element creation. This is now handled by the DataGrid.
(WebInspector.TimelineDataGridNode.prototype.refresh):
Refresh of all node cells after updating the graph.
(WebInspector.TimelineDataGridNode.prototype.createGoToArrowButton):
(WebInspector.TimelineDataGridNode.prototype.createGoToArrowButton.buttonClicked):
Relocated from DataGrid, as it's only used by TimelineDataGridNodes.

  • UserInterface/Views/TimelineView.css:

(.timeline-view > .data-grid .indeterminate-progress-spinner):
Styles for grid cell progress spinners.

  • UserInterface/Views/Variables.css:

(:root):
Added --error-text-color variable to remove duplication.

7:30 PM Changeset in webkit [197486] by Alan Bujtas
  • 4 edits
    2 adds in trunk

Paint table borders on empty cells even in quirks mode.
https://bugs.webkit.org/show_bug.cgi?id=154928

Reviewed by David Hyatt.

Enable border painting for empty cells unless 'empty-cells: hide' is set.
This is inline with FF and Chrome behaviour.

Source/WebCore:

Test: fast/table/border-on-empty-table-cells-quirks-mode.html

  • rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::paintBoxDecorations):

LayoutTests:

  • fast/table/border-on-empty-table-cells-quirks-mode-expected.html: Added.
  • fast/table/border-on-empty-table-cells-quirks-mode.html: Added.
6:06 PM Changeset in webkit [197485] by fpizlo@apple.com
  • 5 edits in trunk/Source/JavaScriptCore

RegExpPrototype should check for exceptions after calling toString and doing so should not be expensive
https://bugs.webkit.org/show_bug.cgi?id=154927

Reviewed by Saam Barati.

While working on regexp optimizations, I found that RegExpPrototype calls toString(), an
effectful operation that could do anything, without then checking for hadException().

So I added a call to hadException().

But that regressed Octane/regexp by 5%! That's a lot! It turns out that
exec->hadException() is soooper slow. So, I made it cheaper to check for exceptions from
toString(): there is now a variant called toStringFast() that returns null iff it throws an
exception.

This allowed me to add the exception check without regressing perf.

Note that toString() must retain its old behavior of returning an empty string on exception.
There is just too much code that relies on that behavior.

  • runtime/JSCJSValue.cpp:

(JSC::JSValue::isValidCallee):
(JSC::JSValue::toStringSlowCase):
(JSC::JSValue::toWTFStringSlowCase):

  • runtime/JSCJSValue.h:

(JSC::JSValue::asValue):

  • runtime/JSString.h:

(JSC::JSValue::toString):
(JSC::JSValue::toStringFast):
(JSC::JSValue::toWTFString):

  • runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncTest):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncCompile):

6:04 PM Changeset in webkit [197484] by sbarati@apple.com
  • 15 edits in trunk/Source/JavaScriptCore

clean up JSObject::isExtensibleInline and JSObject::setPrototypeOfInline, and rename setPrototypeOf to setPrototype
https://bugs.webkit.org/show_bug.cgi?id=154942

Reviewed by Benjamin Poulain.

These don't need to be inlined in the way they are.
Doing dynamic dispatch is ok performance wise until
we have evidence stating otherwise.

  • API/JSObjectRef.cpp:

(JSObjectSetPrototype):
(JSObjectHasProperty):

  • runtime/ClassInfo.h:
  • runtime/IntlCollatorConstructor.cpp:

(JSC::constructIntlCollator):

  • runtime/IntlDateTimeFormatConstructor.cpp:

(JSC::constructIntlDateTimeFormat):

  • runtime/IntlNumberFormatConstructor.cpp:

(JSC::constructIntlNumberFormat):

  • runtime/JSCell.cpp:

(JSC::JSCell::isExtensible):
(JSC::JSCell::setPrototype):
(JSC::JSCell::setPrototypeOf): Deleted.

  • runtime/JSCell.h:
  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncProtoSetter):

  • runtime/JSObject.cpp:

(JSC::JSObject::setPrototypeWithCycleCheck):
(JSC::JSObject::setPrototype):
(JSC::JSObject::allowsAccessFrom):
(JSC::JSObject::isExtensible):
(JSC::JSObject::reifyAllStaticProperties):
(JSC::JSObject::defineOwnNonIndexProperty):
(JSC::JSObject::setPrototypeOf): Deleted.

  • runtime/JSObject.h:

(JSC::JSObject::mayInterceptIndexedAccesses):
(JSC::JSObject::indexingShouldBeSparse):
(JSC::JSObject::setPrototypeOfInline): Deleted.
(JSC::JSObject::isExtensibleInline): Deleted.

  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorSetPrototypeOf):
(JSC::objectConstructorIsSealed):
(JSC::objectConstructorIsFrozen):
(JSC::objectConstructorIsExtensible):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::performPreventExtensions):
(JSC::ProxyObject::performIsExtensible):

  • runtime/ReflectObject.cpp:

(JSC::reflectObjectIsExtensible):
(JSC::reflectObjectSetPrototypeOf):

  • runtime/StringObject.cpp:

(JSC::StringObject::defineOwnProperty):

5:29 PM Changeset in webkit [197483] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking storage/indexeddb/odd-strings.html as flaky on mac-wk1
https://bugs.webkit.org/show_bug.cgi?id=154619

Unreviewed test gardening.

  • platform/mac-wk1/TestExpectations:
5:22 PM Changeset in webkit [197482] by beidson@apple.com
  • 2 edits in trunk/LayoutTests

Unreviewed test gardening.

  • platform/wk2/TestExpectations: Mark two tests that are very slow as [ Slow ].
5:20 PM Changeset in webkit [197481] by rniwa@webkit.org
  • 6 edits
    8 deletes in trunk

HTML parser instantiates a custom element inside a template element with a wrong owner document
https://bugs.webkit.org/show_bug.cgi?id=154936

Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

Updated the expected results for newly passing test cases.

One test case in additions-to-parsing-xhtml-documents/node-document.html starts failing due to a bug in the test.
The bug in the test will be fixed in https://github.com/w3c/web-platform-tests/pull/2651

Finally, remove duplicated HTML template element tests in html-templates since there is a new copy under
web-platform-tests/html/semantics/scripting-1/the-template-element/. Unfortunately, we can't remove
html-templates/parsing-html-templates/ because we haven't imported web-platform-tests/html/syntax yet.

  • html-templates/additions-to-parsing-xhtml-documents: Removed.
  • html-templates/additions-to-serializing-xhtml-documents: Removed.
  • html-templates/additions-to-the-css-user-agent-style-sheet: Removed.
  • html-templates/additions-to-the-steps-to-clone-a-node: Removed.
  • html-templates/definitions: Removed.
  • html-templates/innerhtml-on-templates: Removed.
  • html-templates/serializing-html-templates: Removed.
  • html-templates/template-element: Removed.
  • web-platform-tests/html/semantics/scripting-1/the-template-element/additions-to-parsing-xhtml-documents/node-document.html:
  • web-platform-tests/html/semantics/scripting-1/the-template-element/definitions/template-contents-owner-test-001-expected.txt:
  • web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/node-document-changes-expected.txt:

Source/WebCore:

The bug was caused by our implementation following the old spec which didn't create a appropriate template
contents owner document [1] for a document without a browsing context. The new spec no longer has this clause,
and we should be always creating the appropriate template contents owner document unless the document itself
is an appropriate template contents owner document for another document (comes up in nested template elements).

No new tests since the behavior change is covered by existing tests.

[1] https://html.spec.whatwg.org/#appropriate-template-contents-owner-document

  • dom/Document.h:

(WebCore::Document::templateDocument):

5:19 PM Changeset in webkit [197480] by barraclough@apple.com
  • 3 edits in trunk/Source/WebCore

PageThrottler should apply hysteresis to media activity
https://bugs.webkit.org/show_bug.cgi?id=154940

Reviewed by Ryosuke Niwa.

Currently PageThrottler keeps a track of audible plugin activity and HTML media element
activity separately. Audible plugin activity also gets an extra 5s hysteresis applied,
so that after audio playback has completed there is a chance to queue up more audio
before timer throttling kicks in. HTML audio does not get this grace. Funnel both
together into a single activity flag, such that the hysteresis is applied to both.

  • page/PageThrottler.cpp:

(WebCore::PageThrottler::PageThrottler):
(WebCore::m_mediaActivityHysteresis):

  • PageActivityState::AudiblePlugin -> PageActivityState::MediaActivity.

(WebCore::m_mediaActivityCounter):

  • when m_mediaActivityCounter value changes call mediaActivityCounterChanged().

(WebCore::PageThrottler::mediaActivityCounterChanged):

  • Drive PageActivityState::MediaActivity indirectly via m_mediaActivityHysteresis, such that a 5s hysteresis is applied.
  • page/PageThrottler.h:
    • Removed AudiblePlugin (merged in with MediaActivity).

(WebCore::PageThrottler::pluginDidEvaluateWhileAudioIsPlaying):

  • m_audiblePluginHysteresis.impulse -> m_mediaActivityHysteresis.impulse.
4:34 PM Changeset in webkit [197479] by Matt Baker
  • 6 edits
    1 add in trunk/Source/WebInspectorUI

Web Inspector: Timelines UI redesign: relocate recording controls to TimelineTabContentView's content browser
https://bugs.webkit.org/show_bug.cgi?id=153532
<rdar://problem/24361611>

Reviewed by Timothy Hatcher.

This patch shifts UI controller responsibilities from the sidebar panel
to the tab content view. Controls for starting/stopping the recording and
switching view modes are now located in the tab's navigation bar, as is
the hidden tree outline of open timeline recordings.

  • Localizations/en.lproj/localizedStrings.js:

New UI strings. Renamed view-mode radio buttons located from the sidebar
to "Events" and "Frames". UI for switching modes isn't final, and the
labels may change or be removed entirely in favor of image-only buttons.

  • UserInterface/Main.html:

New file.

  • UserInterface/Views/ContentBrowserTabContentView.js:

(WebInspector.ContentBrowserTabContentView.prototype.contentBrowserTreeElementForRepresentedObject):
(WebInspector.ContentBrowserTabContentView.prototype.treeElementForRepresentedObject):
Allow subclasses to override behavior for retrieving the tree element
for a represented object. Default behavior delegates the implementation
to the navigation sidebar.

(WebInspector.ContentBrowserTabContentView.prototype._contentBrowserCurrentContentViewDidChange):
(WebInspector.ContentBrowserTabContentView.prototype._revealAndSelectRepresentedObject):
(WebInspector.ContentBrowserTabContentView):
(WebInspector.ContentBrowserTabContentView.prototype._revealAndSelectRepresentedObjectInNavigationSidebar): Deleted.
Renamed to _revealAndSelectRepresentedObject as it's no longer specific
to the sidebar.

  • UserInterface/Views/TabContentView.js:

(WebInspector.TabContentView):
(WebInspector.TabContentView.prototype.restoreStateFromCookie):
(WebInspector.TabContentView.prototype.saveStateToCookie):
A navigation sidebar shouldn't be required to save/restore cookie state.

  • UserInterface/Views/TimelineTabContentView.css: Added.

(.timeline.tab.content-view .navigation-bar > .item.toggle-navigation-sidebar.activate.button):
(.timeline.tab.content-view .navigation-bar > .item.record-start-stop):
(.timeline.tab.content-view .navigation-bar > .item.record-start-stop:hover):
(.timeline.tab.content-view .navigation-bar > .item.record-start-stop:active):
(.timeline.tab.content-view .navigation-bar > .item.record-start-stop *):
(.timeline.tab.content-view .navigation-bar > .item.radio):
Styles for new navigation items: record button and view mode radio buttons.

  • UserInterface/Views/TimelineTabContentView.js:

Logic for maintaining the timeline recording hierarchy and the state
of the active recording has been added to the tab content view.

(WebInspector.TimelineTabContentView):
(WebInspector.TimelineTabContentView.prototype.shown):
(WebInspector.TimelineTabContentView.prototype.hidden):
(WebInspector.TimelineTabContentView.prototype.canShowRepresentedObject):
Objects other than recordings are no longer shown in the tab's content
browser. Displaying other objects (such as timeline resources) in the
content browser will be addressed in a follow-up patch: https://bugs.webkit.org/show_bug.cgi?id=154920.

(WebInspector.TimelineTabContentView.prototype.get supportsSplitContentBrowser):
(WebInspector.TimelineTabContentView.prototype.restoreFromCookie):
(WebInspector.TimelineTabContentView.prototype.saveToCookie):
Persist view state that was previously located in the sidebar.

(WebInspector.TimelineTabContentView.prototype.treeElementForRepresentedObject):
Implements logic previously limited to the navigation sidebar. Only tree
elements for timeline recordings are supported, since other represented
objects (timeline resources) no longer have content tree outline tree elements.

(WebInspector.TimelineTabContentView.prototype._capturingStartedOrStopped):
(WebInspector.TimelineTabContentView.prototype._toggleRecordingOnSpacebar):
(WebInspector.TimelineTabContentView.prototype._toggleNewRecordingOnSpacebar):
(WebInspector.TimelineTabContentView.prototype._toggleRecording):
(WebInspector.TimelineTabContentView.prototype._recordButtonClicked):
(WebInspector.TimelineTabContentView.prototype._recordingsTreeSelectionDidChange):
(WebInspector.TimelineTabContentView.prototype._recordingCreated):
(WebInspector.TimelineTabContentView.prototype._addRecording):
(WebInspector.TimelineTabContentView.prototype._recordingCountChanged):
(WebInspector.TimelineTabContentView.prototype._recordingLoaded):
Implementations copied from the sidebar panel.

(WebInspector.TimelineTabContentView.prototype._recordingSelected):
Implementation similar to that which existed in the sidebar panel, except
that logic related to instruments isn't needed. Updates to timeline view
filters will be implemented in a follow-up patch: https://bugs.webkit.org/show_bug.cgi?id=154924.

(WebInspector.TimelineTabContentView.prototype._viewModeSelected):
This method is now limited to the handling of the radio button event only.
Additional logic which existed in the sidebar panel's implementation has
been pushed into _changeViewMode, which does the actual work of toggling
view modes.

(WebInspector.TimelineTabContentView.prototype._changeViewMode):
Updates the current view mode state. If triggered by a user selection (was
called by the radio button event handler), the correct timeline view for
the new mode is shown.

(WebInspector.TimelineTabContentView.prototype._showTimelineViewForType):
Helper function for showing the view for the specified timeline type, if
the timeline exists in the current recording. Otherwise the overview timeline
view is displayed.

(WebInspector.TimelineTabContentView.prototype._displayedContentViewNavigationItemsDidChange):
Keep the view mode in sync with the content browser.

(WebInspector.TimelineTabContentView.prototype._getTimelineForCurrentContentView):
Helper function for getting the currently displayed timeline.

4:34 PM Changeset in webkit [197478] by adachan@apple.com
  • 19 edits in trunk/Source

Update the media element's presentation mode properly after going in and out of full screen via the Full Screen API
https://bugs.webkit.org/show_bug.cgi?id=154834

Reviewed by Simon Fraser.

Source/WebCore:

  • dom/Document.cpp:

(WebCore::Document::webkitWillEnterFullScreenForElement):

  • dom/Element.cpp:

(WebCore::Element::willBecomeFullscreenElement):

  • dom/Element.h:

(WebCore::Element::ancestorWillEnterFullscreen):

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::enterFullscreen):
If the Full Screen API is enabled and this media element is entering a mode other than standard
full screen, see if it's currently contained in a full screen element. If so, exit full screen.
(WebCore::HTMLMediaElement::willBecomeFullscreenElement):
If this media element is going to standard full screen, update its presentation mode. If
this media element also supports presentation mode and it currently has a presentation mode
that's not standard full screen, exit that presentation mode directly without animation.
(WebCore::HTMLMediaElement::willStopBeingFullscreenElement):
Set the presentation mode back to inline unless it's already changed to a different
presentation mode.

  • html/HTMLMediaElement.h:
  • html/HTMLVideoElement.cpp:

(WebCore::HTMLVideoElement::ancestorWillEnterFullscreen):
Reset this video element's presentation state to inline if its ancestor is going to full screen.
(WebCore::HTMLVideoElement::exitToFullscreenModeWithoutAnimationIfPossible):
If the fullscreen mode the video element is exiting from is supported, exit that mode to the new mode.

  • html/HTMLVideoElement.h:
  • page/ChromeClient.h:
  • platform/mac/WebVideoFullscreenInterfaceMac.h:
  • platform/mac/WebVideoFullscreenInterfaceMac.mm:

(WebCore::WebVideoFullscreenInterfaceMac::exitFullscreenWithoutAnimationToMode):

Source/WebKit2:

  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.h:
  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.messages.in:
  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::exitFullscreenWithoutAnimationToMode):
Call the new exitFullscreenWithoutAnimationToMode() method on WebVideoFullscreenInterfaceMac.

  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::exitVideoFullscreenToModeWithoutAnimation):

  • WebProcess/WebCoreSupport/WebChromeClient.h:
  • WebProcess/cocoa/WebVideoFullscreenManager.h:
  • WebProcess/cocoa/WebVideoFullscreenManager.mm:

(WebKit::WebVideoFullscreenManager::exitVideoFullscreenToModeWithoutAnimation):

4:29 PM Changeset in webkit [197477] by bshafiei@apple.com
  • 5 edits in tags/Safari-601.5.17.4/Source

Versioning.

4:26 PM Changeset in webkit [197476] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip unsupported test fast/text/complex-small-caps-non-bmp-capitalize.html on ios-simulator

Unreviewed test gardening.

  • platform/ios-simulator/TestExpectations:
4:24 PM Changeset in webkit [197475] by bshafiei@apple.com
  • 1 copy in tags/Safari-601.5.17.4

New tag.

4:23 PM Changeset in webkit [197474] by beidson@apple.com
  • 14 edits
    6 adds in trunk

Modern IDB: Close UniqueIDBDatabases once they become unused.
https://bugs.webkit.org/show_bug.cgi?id=154922

Reviewed by Alex Christensen.

Source/WebCore:

Tests: storage/indexeddb/modern/256-open-databases.html

storage/indexeddb/modern/exceed-open-file-limit.html

Without this change, attempts to open a 256th database in the DatabaseProcess will fail on Mac.

Due to SQLite journal files, this limit could come up as early as 128 databases if they are all
in active use.

This is because launchd - by default - limits xpc services to having 256 open file handles by default.

While we should explore raising the limit, we should also close databases we no longer need.

  • Modules/indexeddb/server/IDBBackingStore.h:
  • Modules/indexeddb/server/IDBServer.cpp:

(WebCore::IDBServer::IDBServer::closeUniqueIDBDatabase):
(WebCore::IDBServer::IDBServer::deleteUniqueIDBDatabase): Deleted.

  • Modules/indexeddb/server/IDBServer.h:
  • Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:

(WebCore::IDBServer::MemoryBackingStoreTransaction::MemoryBackingStoreTransaction):

  • Modules/indexeddb/server/MemoryIDBBackingStore.cpp:

(WebCore::IDBServer::MemoryIDBBackingStore::getOrEstablishDatabaseInfo):

  • Modules/indexeddb/server/MemoryIDBBackingStore.h:
  • Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):

  • Modules/indexeddb/server/SQLiteIDBBackingStore.h:
  • Modules/indexeddb/server/UniqueIDBDatabase.cpp:

(WebCore::IDBServer::UniqueIDBDatabase::UniqueIDBDatabase):
(WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
(WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation): Handle the case where opening

the backing store failed by firing an error event instead of pretending everything is okay.

(WebCore::IDBServer::UniqueIDBDatabase::deleteBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::openBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::didOpenBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::isCurrentlyInUse):
(WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired): If the database is not

currently in use, close it.

(WebCore::IDBServer::UniqueIDBDatabase::inProgressTransactionCompleted):

  • Modules/indexeddb/server/UniqueIDBDatabase.h:

(WebCore::IDBServer::UniqueIDBDatabase::deletePending): Deleted.

  • Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:

(WebCore::IDBObjectStoreInfo::isolatedCopy): Actually get this right.

LayoutTests:

  • platform/mac-wk1/TestExpectations:
  • storage/indexeddb/modern/256-open-databases-expected.txt: Added.
  • storage/indexeddb/modern/256-open-databases.html: Added.
  • storage/indexeddb/modern/exceed-open-file-limit-expected.txt: Added.
  • storage/indexeddb/modern/exceed-open-file-limit.html: Added.
  • storage/indexeddb/modern/resources/256-open-databases.js: Added.
  • storage/indexeddb/modern/resources/exceed-open-file-limit.js: Added.
4:21 PM Changeset in webkit [197473] by Matt Baker
  • 7 edits in trunk/Source/WebInspectorUI

Web Inspector: Timelines UI redesign: add the timelines tree outline to the TimelineOverview
https://bugs.webkit.org/show_bug.cgi?id=153034
<rdar://problem/24195628>

Reviewed by Timothy Hatcher.

Move the Timelines tree outline to the overview, in preparation for <https://webkit.org/b/153036>.

  • UserInterface/Views/OverviewTimelineView.css:

(.timeline-view.overview > .timeline-ruler > .header): Deleted.
(.timeline-view.overview > .timeline-ruler > .event-markers): Deleted.
These are now part of the default ruler style.

  • UserInterface/Views/TimelineOverview.css:

(.timeline-overview > .tree-outline.timelines):
(.timeline-overview > .tree-outline.timelines::before):
(body.window-inactive .timeline-overview > .tree-outline.timelines):
(.timeline-overview.frames > .tree-outline.timelines):
(.timeline-overview > .tree-outline.timelines .close-button):
(.timeline-overview > .tree-outline.timelines .item.selected .close-button):
(.timeline-overview > .tree-outline.timelines .item:not(.selected):nth-child(even)):
(.timeline-overview > .tree-outline.timelines .item:not(.selected):not(:first-child)):
(.timeline-overview > .tree-outline.timelines .item.selected + .item):
(body.window-inactive .timeline-overview > .tree-outline.timelines .item.selected + .item):
(.timeline-overview > .tree-outline.timelines :focus .item.selected + .item):
(.timeline-overview > .scroll-container):
(.timeline-overview.frames > .scroll-container):
(.timeline-overview > .timeline-ruler):
(.timeline-overview.frames > .timeline-ruler):
(.timeline-overview > .timeline-ruler > .markers):
(.timeline-overview > .graphs-container):
(.timeline-overview.frames > .graphs-container):
Styles for the timelines tree outline. A content element is inserted before the
tree to fill the gap created by the timeline ruler. For now the tree has a fixed
width of 185px, and is hidden when displaying the FPS instrument.

  • UserInterface/Views/TimelineOverview.js:

(WebInspector.TimelineOverview):
(WebInspector.TimelineOverview.prototype.get selectedTimeline):
(WebInspector.TimelineOverview.prototype.set selectedTimeline):
Make the selected timeline accessible to the parent view, since the overview doesn't
have a "represented object", or receive ContentView change notifications.

(WebInspector.TimelineOverview.prototype._instrumentAdded):
(WebInspector.TimelineOverview.prototype._instrumentRemoved):
(WebInspector.TimelineOverview.prototype._viewModeDidChange):
Add and remove instrument tree elements. Each tree element is created with a height
equal to it's overview graph, and is shown/hidden based on the current view mode.

(WebInspector.TimelineOverview.prototype._timelinesTreeSelectionDidChange):
Update the selected timeline and dispatch change event.

  • UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView):
(WebInspector.TimelineRecordingContentView.prototype._currentContentViewDidChange):
(WebInspector.TimelineRecordingContentView.prototype._updateTimelineOverviewHeight):
(WebInspector.TimelineRecordingContentView.prototype._timelineSelected):
Sync the overview's timeline selection with the current ContentView's represented object.

  • UserInterface/Views/TimelineRuler.css:

(.timeline-ruler > .header):
(.timeline-ruler > .header > .divider > .label):
(.timeline-ruler > .selection-drag):
(.timeline-ruler > .selection-handle):
Ruler height changed to 23px, to be consistent with the DataGrid header.

  • UserInterface/Views/TreeOutline.css:

(.tree-outline.large .item .icon):
Large icon style updated to match TimelineSidebarPanel.css. The 32px
size is outdated and no longer used.

  • UserInterface/Views/Variables.css:

(:root):
New color variables, used by TimelineOverview.css.

4:19 PM Changeset in webkit [197472] by barraclough@apple.com
  • 2 edits in trunk/Source/WebCore

Disable timer throttling increases for visually idle / active pages.
https://bugs.webkit.org/show_bug.cgi?id=154935

Reviewed by Chris Dumez.

Currently any page that is visually idle can timer throttle, and all are eligible for throttling
allow throttling to increase.

Instead, still allow any visually idle page to timer throttle, but only allow increasing in those
that are fully hidden & inactive (no page loading or media activity).

  • page/Page.cpp:

(WebCore::Page::setTimerThrottlingState):

  • Updated policy per commet above.

(WebCore::Page::setPageActivityState):
(WebCore::Page::setIsVisible):

  • We now may need to updated timer throttling when these change.
4:17 PM Changeset in webkit [197471] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Rebaseline fast/transforms/bounding-rect-zoom.html for ios-simulator after r197450

Unreviewed test gardening.

  • platform/ios-simulator/fast/transforms/bounding-rect-zoom-expected.txt:
4:10 PM Changeset in webkit [197470] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/reflection-forms.html for ios-simulator after r197458

Unreviewed test gardening.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt:
3:48 PM Changeset in webkit [197469] by Beth Dakin
  • 3 edits in trunk/Source/WebKit2

Crashes in media tests after http://trac.webkit.org/changeset/197461
https://bugs.webkit.org/show_bug.cgi?id=154933

Reviewed by Eric Carlson.

Since the controlsManagerInterface is not guaranteed to exist, it doesn't
make sense to return a reference. Return a pointer instead.

  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.h:
  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::isVisible):
(WebKit::WebVideoFullscreenManagerProxy::controlsManagerInterface):
(WebKit::WebVideoFullscreenManagerProxy::fullscreenMayReturnToInline):

2:45 PM Changeset in webkit [197468] by commit-queue@webkit.org
  • 8 edits in trunk

[cmake] Moved PRE/POST_BUILD_COMMAND to WEBKIT_FRAMEWORK.
https://bugs.webkit.org/show_bug.cgi?id=154651

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-03-02
Reviewed by Alex Christensen.

.:

  • Source/cmake/WebKitMacros.cmake: Used phony target instead of

CMake's PRE_BUILD COMMAND feature because the latter actually
generates pre-link target instead of pre-build.

Source/JavaScriptCore:

  • CMakeLists.txt: Moved shared code to WEBKIT_FRAMEWORK macro.

Source/WebCore:

No new tests needed.

  • CMakeLists.txt: Moved shared code to WEBKIT_FRAMEWORK macro.

Source/WTF:

  • CMakeLists.txt: Moved shared code to WEBKIT_FRAMEWORK macro.
2:39 PM Changeset in webkit [197467] by sbarati@apple.com
  • 17 edits in trunk/Source/JavaScriptCore

SetPrototypeOf? should be a fully virtual method in ClassInfo::methodTable
https://bugs.webkit.org/show_bug.cgi?id=154897

Reviewed by Filip Pizlo.

This patch makes us more consistent with how the ES6 specification models the
SetPrototypeOf? trap. Moving this method into ClassInfo::methodTable
is a prerequisite for implementing Proxy.SetPrototypeOf?. This patch
still allows directly setting the prototype for situations where this
is the desired behavior. This is equivalent to setting the internal
Prototype? field as described in the specification.

  • API/JSClassRef.cpp:

(OpaqueJSClass::prototype):

  • API/JSObjectRef.cpp:

(JSObjectMake):
(JSObjectSetPrototype):
(JSObjectHasProperty):

  • API/JSWrapperMap.mm:

(makeWrapper):

  • runtime/ClassInfo.h:
  • runtime/IntlCollatorConstructor.cpp:

(JSC::constructIntlCollator):

  • runtime/IntlDateTimeFormatConstructor.cpp:

(JSC::constructIntlDateTimeFormat):

  • runtime/IntlNumberFormatConstructor.cpp:

(JSC::constructIntlNumberFormat):

  • runtime/JSCell.cpp:

(JSC::JSCell::isExtensible):
(JSC::JSCell::setPrototypeOf):

  • runtime/JSCell.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::resetPrototype):

  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncProtoSetter):

  • runtime/JSObject.cpp:

(JSC::JSObject::switchToSlowPutArrayStorage):
(JSC::JSObject::setPrototypeDirect):
(JSC::JSObject::setPrototypeWithCycleCheck):
(JSC::JSObject::setPrototypeOf):
(JSC::JSObject::allowsAccessFrom):
(JSC::JSObject::setPrototype): Deleted.

  • runtime/JSObject.h:

(JSC::JSObject::setPrototypeOfInline):
(JSC::JSObject::mayInterceptIndexedAccesses):

  • runtime/JSProxy.cpp:

(JSC::JSProxy::setTarget):

  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorSetPrototypeOf):

  • runtime/ReflectObject.cpp:

(JSC::reflectObjectSetPrototypeOf):

2:37 PM Changeset in webkit [197466] by rniwa@webkit.org
  • 1 edit
    2 adds in trunk/LayoutTests

Add a custom element test for synchronous element construction in HTML parser
https://bugs.webkit.org/show_bug.cgi?id=154932

Reviewed by Antti Koivisto.

Added a test.

  • fast/custom-elements/parser/parser-constructs-custom-element-synchronously-expected.txt: Added.
  • fast/custom-elements/parser/parser-constructs-custom-element-synchronously.html: Added.
2:30 PM Changeset in webkit [197465] by fpizlo@apple.com
  • 1 edit
    3 adds in trunk/LayoutTests

Add a benchmark for string transcoding.

Rubber stamped by Saam Barati.

I wrote some code like this while working on
https://github.com/WebAssembly/design/pull/573. I thought I'd add it as a benchmark since
it stresses things that we may not have good bench coverage for.

  • js/regress/script-tests/string-transcoding.js: Added.

(decodeUTF8):
(encodeUTF8):
(arraysEqual):
(arrayToString):
(setHeader):
(print):
(tryArray):
(doSteps):

  • js/regress/string-transcoding-expected.txt: Added.
  • js/regress/string-transcoding.html: Added.
2:29 PM Changeset in webkit [197464] by hyatt@apple.com
  • 9 edits
    4 adds in trunk

Add support for the "first" value of the hanging-punctuation property.
https://bugs.webkit.org/show_bug.cgi?id=154919

Reviewed by Simon Fraser.

Source/WebCore:

New tests added in fast/text.

Implement the "first" value for hanging-punctuation as described here:
https://drafts.csswg.org/css-text-3/#propdef-hanging-punctuation

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::computeInlinePreferredLogicalWidths):
Update the preferred logical width computation to factor in hanging punctuation.
This check is similar to the text-indent logic in that we only want to do it for
the first formatted line.

  • rendering/RenderBlockFlow.h:

(WebCore::RenderBlockFlow::simpleLineLayout):
Make sure to turn off simple line layout when hanging punctuation is present. Eventually
it should be feasible to support this in simple line layout, but since the full line
layout model has to work with it anyway, we are starting there.

  • rendering/RenderBlockLineLayout.cpp:

(WebCore::inlineAncestorHasStartBorderPaddingOrMargin):
(WebCore::isLastInFlowRun):
Helper functions that are needed to determine whether or not we're allowed to apply
hanging punctuation "first" to a text run.

(WebCore::RenderBlockFlow::computeInlineDirectionPositionsForSegment):
This function manipulates logicalLeft and availableWidth when hanging punctuation
is present to shift the line as needed and to expand the availableWidth of the line.

  • rendering/RenderText.cpp:

(WebCore::isHangablePunctuationAtLineStart):
(WebCore::isHangablePunctuationAtLineEnd):
(WebCore::RenderText::hangablePunctuationStartWidth):
(WebCore::RenderText::trimmedPrefWidths):

  • rendering/RenderText.h:

RenderText has a helper function for handing back the hangable punctuation width. This
is used everywhere line layout wants to apply that offset. There are also helper functions
that detect whether the character is a hangable punctuation character.

  • rendering/SimpleLineLayout.cpp:

(WebCore::SimpleLineLayout::canUseForWithReason):
(WebCore::SimpleLineLayout::printReason):
Turn off simple line layout when hanging punctuation is enabled.

  • rendering/line/BreakingContext.h:

(WebCore::BreakingContext::handleText):
Modified to expand the available width when hanging punctuation is present so that we
know we have more room on the line.

  • rendering/line/LineWidth.h:

(WebCore::LineWidth::isFirstLine):
Add an accessor for whether or not we're the first line.

LayoutTests:

  • fast/text/hanging-punctuation-first-expected.html: Added.
  • fast/text/hanging-punctuation-first-rtl-expected.html: Added.
  • fast/text/hanging-punctuation-first-rtl.html: Added.
  • fast/text/hanging-punctuation-first.html: Added.
1:56 PM Changeset in webkit [197463] by rniwa@webkit.org
  • 12 edits
    9 adds in trunk

Make HTML parser construct custom elements
https://bugs.webkit.org/show_bug.cgi?id=154908
Source/WebCore:

<rdar://problem/24923735>

Reviewed by Antti Koivisto.

Added the support for instantiating custom elements inside the parser. Based on Jan F2F discussion,
the HTML parser is going to synchronously construct custom elements. When a custom element constructor
throws, the HTML parser creates a HTMLUnknownElement instead.

In our implementation, we pause the parser completely and construct custom elements using the same
mechanism used to run author scripts. It's possible that we may want to apply some optimizations to
to make custom element construction but it's probably a good idea to get semantics right first.

Tests: fast/custom-elements/parser/parser-constructs-custom-elements.html

fast/custom-elements/parser/parser-fallsback-to-unknown-element.html
fast/custom-elements/parser/parser-sets-attributes-and-children.html
fast/custom-elements/parser/parser-uses-constructed-element.html

  • bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::constructElement): Added ShouldClearException as an argument
to be used by the HTML parser since the parser can't re-throw to anywhere or fail parsing.

  • bindings/js/JSCustomElementInterface.h:

(WebCore::JSCustomElementInterface::ShouldClearException): Added.

  • dom/Document.cpp:

(WebCore::createHTMLElementWithNameValidation): Do not clear the exception here since createElement
must re-throw the exception thrown by a custom element constructor.
(WebCore::Document::createElementForBindings):

  • dom/make_names.pl:

(printFactoryCppFile): Added ConstructorFunctionMapEntry which contains the constructor function
as well as the qualified name.
(printFactoryHeaderFile): Added a variant of createKnownElement and createElement that takes
AtomicString instead of QualifiedName.

  • html/parser/HTMLConstructionSite.cpp:

(WebCore::setAttributes): Added a variant that takes Vector<Attribute>.
(WebCore::HTMLConstructionSite::insertHTMLElementOrFindCustomElementInterface): Added. Returns a
custom element interface when the element doesn't match any builtin element and there is a custom
element definition that matches the specified name.
(WebCore::HTMLConstructionSite::insertCustomElement): Added. Like insertElement but also sets the
attributes on the newly created custom element.
(WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface): Extracted from
createHTMLElement. When customElementInterface is not nullptr, we optionally find the custom
element interface and return nullptr.
(WebCore::HTMLConstructionSite::createHTMLElement):

  • html/parser/HTMLConstructionSite.h:
  • html/parser/HTMLDocumentParser.cpp:

(WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder): Create a custom element when there
is a pending custom element to create (i.e. m_customElementToConstruct is not empty).
(WebCore::HTMLDocumentParser::isWaitingForScripts):

  • html/parser/HTMLStackItem.h:

(WebCore::HTMLStackItem::create): Added a variant used for custom elements.
(WebCore::HTMLStackItem::HTMLStackItem): Ditto.

  • html/parser/HTMLTreeBuilder.cpp:

(WebCore::CustomElementConstructionData::CustomElementConstructionData): Added. It needs to be in
the cpp file to avoid introducing more header dependencies in HTMLTreeBuilder.h.
(WebCore::CustomElementConstructionData::~CustomElementConstructionData): Ditto.
(WebCore::HTMLTreeBuilder::processStartTagForInBody): Use insertGenericHTMLElement when creating
a generic element that could be custom elements.
(WebCore::HTMLTreeBuilder::insertGenericHTMLElement): Added. Create and insert a new element
or set m_customElementToConstruct so that the HTMLDocumentParser will create a custom element later.
(WebCore::HTMLTreeBuilder::didCreateCustomOrCallbackElement): Added. Called by HTMLDocumentParser
when it finishes creating a new custom element.

  • html/parser/HTMLTreeBuilder.h:

(WebCore::HTMLTreeBuilder::takeCustomElementConstructionData): Added.
(WebCore::HTMLTreeBuilder::hasParserBlockingScriptWork): Renamed from hasParserBlockingScript.
Checks the existence of m_customElementToConstruct as well as m_scriptToProcess.

LayoutTests:

Reviewed by Antti Koivisto.

Added W3C testharness.js based tests for instantiating custom elements inside the HTML parser.

  • fast/custom-elements/parser: Added.
  • fast/custom-elements/parser/parser-constructs-custom-elements-expected.txt: Added.
  • fast/custom-elements/parser/parser-constructs-custom-elements.html: Added.
  • fast/custom-elements/parser/parser-fallsback-to-unknown-element-expected.txt: Added.
  • fast/custom-elements/parser/parser-fallsback-to-unknown-element.html: Added.
  • fast/custom-elements/parser/parser-sets-attributes-and-children-expected.txt: Added.
  • fast/custom-elements/parser/parser-sets-attributes-and-children.html: Added.
  • fast/custom-elements/parser/parser-uses-constructed-element-expected.txt: Added.
  • fast/custom-elements/parser/parser-uses-constructed-element.html: Added.
1:42 PM Changeset in webkit [197462] by Alan Bujtas
  • 13 edits in trunk/Source/WebCore

Use IndentTextOrNot instead of passing isFirstLine/shouldIndentText as bool.
https://bugs.webkit.org/show_bug.cgi?id=154628

Reviewed by Simon Fraser.

No change in behaviour.

  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::computeStartPositionDeltaForChildAvoidingFloats):
(WebCore::RenderBlock::logicalLeftSelectionOffset):
(WebCore::RenderBlock::logicalRightSelectionOffset):

  • rendering/RenderBlock.h:

(WebCore::RenderBlock::availableLogicalWidthForLineInRegion):
(WebCore::RenderBlock::logicalRightOffsetForLineInRegion):
(WebCore::RenderBlock::logicalLeftOffsetForLineInRegion):
(WebCore::RenderBlock::startOffsetForLineInRegion):
(WebCore::RenderBlock::endOffsetForLineInRegion):
(WebCore::RenderBlock::availableLogicalWidthForLine):
(WebCore::RenderBlock::logicalRightOffsetForLine):
(WebCore::RenderBlock::logicalLeftOffsetForLine):
(WebCore::RenderBlock::startOffsetForLine):
(WebCore::RenderBlock::endOffsetForLine):

  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::getClearDelta):

  • rendering/RenderBlockLineLayout.cpp:

(WebCore::updateLogicalInlinePositions):
(WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
(WebCore::RenderBlockFlow::deleteEllipsisLineBoxes):
(WebCore::RenderBlockFlow::checkLinesForTextOverflow):
(WebCore::RenderBlockFlow::startAlignedOffsetForLine):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::shrinkLogicalWidthToAvoidFloats):
(WebCore::RenderBox::containingBlockAvailableLineWidthInRegion):

  • rendering/RenderDeprecatedFlexibleBox.cpp:

(WebCore::RenderDeprecatedFlexibleBox::applyLineClamp):

  • rendering/RenderListItem.cpp:

(WebCore::RenderListItem::positionListMarker):

  • rendering/RootInlineBox.cpp:

(WebCore::RootInlineBox::selectionTop):
(WebCore::RootInlineBox::selectionBottom):

  • rendering/SimpleLineLayout.cpp:

(WebCore::SimpleLineLayout::canUseForWithReason):
(WebCore::SimpleLineLayout::updateLineConstrains):

  • rendering/line/LineBreaker.cpp:

(WebCore::LineBreaker::skipLeadingWhitespace):

  • rendering/line/LineWidth.cpp:

(WebCore::LineWidth::shrinkAvailableWidthForNewFloatIfNeeded):
(WebCore::availableWidthAtOffset):

  • rendering/line/LineWidth.h:

(WebCore::LineWidth::shouldIndentText):

12:59 PM Changeset in webkit [197461] by Beth Dakin
  • 24 edits in trunk/Source

Add support for playbackControlsManager
https://bugs.webkit.org/show_bug.cgi?id=154742
-and corresponding-
rdar://problem/23833753

Reviewed by Jer Noble.

Source/WebCore:

Make AVKitSPI.h private so that it can be used from other projects.

  • WebCore.xcodeproj/project.pbxproj:

Right now, set up a controls manager for a video when it starts playing. In
the future, this is something that should be handled by the
PlatformMediaSessionManager since we only want a controls for the
currentSession.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::playInternal):

New function setUpVideoControlsManager.

  • page/ChromeClient.h:

Make these CoreMedia functions available on Mac and iOS instead of just iOS.

  • platform/cf/CoreMediaSoftLink.cpp:
  • platform/cf/CoreMediaSoftLink.h:

This patch fleshes out an implementation for a bunch of these interface
functions since they need to communicate to the playbackControlsManager. This
is also where the playbackControlsManager lives.

  • platform/mac/WebVideoFullscreenInterfaceMac.h:

Define an interface and implementation for WebPlaybackControlsManager.

  • platform/mac/WebVideoFullscreenInterfaceMac.mm:

(-[WebPlaybackControlsManager initWithWebVideoFullscreenInterfaceMac:]):
(-[WebPlaybackControlsManager isSeeking]):
(-[WebPlaybackControlsManager seekToTime:toleranceBefore:toleranceAfter:]):
(-[WebPlaybackControlsManager audioMediaSelectionOptions]):
(-[WebPlaybackControlsManager currentAudioMediaSelectionOption]):
(-[WebPlaybackControlsManager setCurrentAudioMediaSelectionOption:]):
(-[WebPlaybackControlsManager legibleMediaSelectionOptions]):
(-[WebPlaybackControlsManager currentLegibleMediaSelectionOption]):
(-[WebPlaybackControlsManager setCurrentLegibleMediaSelectionOption:]):
(-[WebPlaybackControlsManager cancelThumbnailAndAudioAmplitudeSampleGeneration]):

Relay this information to the playbackControlsManager.
(WebCore::WebVideoFullscreenInterfaceMac::setDuration):
(WebCore::WebVideoFullscreenInterfaceMac::setCurrentTime):
(WebCore::WebVideoFullscreenInterfaceMac::setRate):
(WebCore::WebVideoFullscreenInterfaceMac::setSeekableRanges):
(WebCore::WebVideoFullscreenInterfaceMac::ensureControlsManager):
(WebCore::WebVideoFullscreenInterfaceMac::playBackControlsManager):
(WebCore::WebVideoFullscreenInterfaceMac::setupFullscreen):

New SPI needed.

  • platform/spi/cocoa/AVKitSPI.h:
  • platform/spi/mac/AVFoundationSPI.h:

Source/WebKit2:

WebVideoFullscreenManagerProxy ensures the model and interface for the
UIProcess side of the playbackControlsManager. It also caches the
m_controlsManagerContextId so that it can return the
controlsManagerInterface.

  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.h:
  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.messages.in:
  • UIProcess/Cocoa/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::setUpVideoControlsManagerWithID):
(WebKit::WebVideoFullscreenManagerProxy::controlsManagerInterface):

Pipe isPlayingMediaDidChange() to WebViewImpl, and use that information to
update WebViewImplAdditions.

  • UIProcess/Cocoa/WebViewImpl.h:
  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::isPlayingMediaDidChange):

  • UIProcess/PageClient.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::isPlayingMediaDidChange):
(WebKit::WebPageProxy::isPlayingVideoWithAudio):

  • UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::isPlayingAudio):

  • UIProcess/mac/PageClientImpl.h:
  • UIProcess/mac/PageClientImpl.mm:

(WebKit::PageClientImpl::isPlayingMediaDidChange):

Pipe setUpVideoControlsManager to the WebVideoFullscreenManager.

  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::setUpVideoControlsManager):

  • WebProcess/WebCoreSupport/WebChromeClient.h:

Ensure the model an interface for the playbackControlsManager on the
WebProcess side and pass the message to the UIProcess to do the same.

  • WebProcess/cocoa/WebVideoFullscreenManager.h:
  • WebProcess/cocoa/WebVideoFullscreenManager.mm:

(WebKit::WebVideoFullscreenManager::setUpVideoControlsManager):

12:49 PM Changeset in webkit [197460] by Ryan Haddad
  • 2 edits in branches/safari-601-branch/LayoutTests

Merge r194336. rdar://problem/24935448

12:39 PM Changeset in webkit [197459] by barraclough@apple.com
  • 3 edits in trunk/Source/WebCore

Add Page::TimerThrottlingState
https://bugs.webkit.org/show_bug.cgi?id=154926

Reviewed by Chris Dumez.

Hidden page timer throttling is currently a boolean state, indicated by whether the Optional
m_timerThrottlingEnabledTime is in a set/unset state. When enabled, the increasing mechanism
may or may not be enabled, this is controlled directly by the setting.

Refactor to add an enum tracking timer throttling being in one of three states - disabled,
enabled, or enabled-increasing. This cleans things up, and will enabled up to introduce a
dynamic policy for when enabled-throttling is enabled. (Behavior is unchanged in this patch.)

  • page/Page.cpp:

(WebCore::Page::Page):
(WebCore::Page::setIsVisuallyIdleInternal):
(WebCore::Page::hiddenPageDOMTimerThrottlingStateChanged):

  • setTimerThrottlingEnabled -> updateTimerThrottlingState.

(WebCore::Page::updateTimerThrottlingState):

  • policy decision (currently enabled if visually-idle) was scattered across all call sites to setTimerThrottlingState. Unify in one place.

(WebCore::Page::setTimerThrottlingState):

  • Was setTimerThrottlingEnabled.

(WebCore::Page::setTimerAlignmentIntervalIncreaseLimit):
(WebCore::Page::setDOMTimerAlignmentInterval):
(WebCore::Page::timerAlignmentIntervalIncreaseTimerFired):

  • updated to check m_timerThrottlingState.

(WebCore::Page::setTimerThrottlingEnabled): Deleted.

  • This became updateTimerThrottlingState.
  • page/Page.h:

(WebCore::Page::timerThrottlingEnabled): Deleted.

  • Removed, it's easy enough now to just check m_timerThrottlingState.
12:38 PM Changeset in webkit [197458] by Chris Dumez
  • 17 edits in trunk

Align HTMLInputElement.maxLength with the specification
https://bugs.webkit.org/show_bug.cgi?id=154906

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline W3C tests now that more checks are passing.

  • web-platform-tests/html/dom/reflection-forms-expected.txt:
  • web-platform-tests/html/semantics/forms/the-input-element/maxlength-expected.txt:

Source/WebCore:

Align HTMLInputElement.maxLength with the specification:

In particular, the following Web-facing change was made:

Note that HTMLTextAreaElement.maxLength was already returning -1 in
this case.

The new behavior matches Firefox. Chrome however, still seems to
return 524288.

Note that we keep using 524288 as a maximum maxLength internally for
performance reasons. However, we stop exposing this arbitrary value to
the Web as this is an internal limitation.

No new tests, already covered by existing tests.

  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::HTMLInputElement):
Initialize m_maxLength to -1 initially, instead of 524288.

(WebCore::HTMLInputElement::tooLong):
Call effectiveMaxLength() instead of maxLength(), which no longer
exists. effectiveMaxLength() makes sure of returning a value in
the range [0, 524288].

(WebCore::HTMLInputElement::parseAttribute):

(WebCore::HTMLInputElement::effectiveMaxLength):
Split maxLength() into maxLengthForBindings() and effectiveMaxLength().
effectiveMaxLength() returns a value in the range [0, 524288], while
maxLengthForBindings() returns values in the range [-1, 2147483647].

(WebCore::HTMLInputElement::setMaxLength): Deleted.
The implementation was moved to the parent class so that it can be
shared with HTMLTextAreaElement.

(WebCore::HTMLInputElement::maxLengthAttributeChanged):
Rename for clarity.

  • html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::parseAttribute):
(WebCore::HTMLTextAreaElement::maxLengthAttributeChanged):
Cache the parsed maxLength when the content attribute changes, similarly
to what is already done in HTMLInputElement.

(WebCore::HTMLTextAreaElement::handleBeforeTextInsertedEvent):
(WebCore::HTMLTextAreaElement::validationMessage):
(WebCore::HTMLTextAreaElement::tooLong):
Call effectiveMaxLength() instead of maxLength() which no longer exists.
effectiveMaxLength() returns a cached value and is therefore a lot more
efficient.

  • html/HTMLTextAreaElement.h:
  • html/HTMLTextAreaElement.idl:
  • html/HTMLTextFormControlElement.cpp:

(WebCore::HTMLTextFormControlElement::setMaxLengthForBindings):
This was moved up from HTMLInputElement / HTMLTextAreaElement to avoid code
duplication.

  • html/HTMLTextFormControlElement.h:
  • html/InputType.cpp:

(WebCore::InputType::validationMessage):

  • html/TextFieldInputType.cpp:

(WebCore::TextFieldInputType::handleBeforeTextInsertedEvent):
Call HTMLInputElement::effectiveMaxLength() instead of
HTMLInputElement::maxLength() which no longer exists.

LayoutTests:

Update test now that input.maxLength initially returns -1
instead of 524288.

  • fast/forms/input-maxlength-expected.txt:
  • fast/forms/input-maxlength.html:
11:17 AM Changeset in webkit [197457] by sbarati@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

SIGSEGV in Proxy Get? and Set? recursion
https://bugs.webkit.org/show_bug.cgi?id=154854

Reviewed by Yusuke Suzuki.

We need to be aware of the possibility that the VM
may recurse and that we can stack overflow.

  • runtime/ProxyObject.cpp:

(JSC::performProxyGet):
(JSC::ProxyObject::performPut):

  • tests/stress/proxy-get-and-set-recursion-stack-overflow.js: Added.

(assert):
(testStackOverflowGet):
(testStackOverflowIndexedGet):
(testStackOverflowSet):
(testStackOverflowIndexedSet):

10:54 AM Changeset in webkit [197456] by commit-queue@webkit.org
  • 10 edits in trunk/Source/WebCore

Unreviewed, rolling out r197434 and r197436.
https://bugs.webkit.org/show_bug.cgi?id=154921

This change caused a LayoutTest assertion in debug (Requested
by ryanhaddad on #webkit).

Reverted changesets:

"Extend CSSFontSelector's lifetime to be longer than the
Document's lifetime"
https://bugs.webkit.org/show_bug.cgi?id=154101
http://trac.webkit.org/changeset/197434

"Unreviewed build fix after r197434."
http://trac.webkit.org/changeset/197436

10:31 AM Changeset in webkit [197455] by bshafiei@apple.com
  • 5 edits in trunk/Source

Versioning.

10:29 AM Changeset in webkit [197454] by bshafiei@apple.com
  • 1 copy in tags/Safari-602.1.21

New tag.

10:05 AM Changeset in webkit [197453] by Ryan Haddad
  • 2 edits in branches/safari-601-branch/LayoutTests

Update TestExpectations for media/controls/track-menu.html. rdar://problem/24745197

  • platform/mac/TestExpectations:
9:59 AM Changeset in webkit [197452] by Carlos Garcia Campos
  • 3 edits in trunk/Source/WebKit2

REGRESSION(r197409): [GTK] Web process always crashes on WebPage construction after r197409
https://bugs.webkit.org/show_bug.cgi?id=154918

Reviewed by Žan Doberšek.

We have an incorrect check in DrawingAreaImpl constructor that has
never actually worked because it uses the page settings before
they were initialized. But that has been fixed in r197409 and now
we are always forcing accelerated compositing mode incorrectly,
because m_alwaysUseCompositing is set in the constructor and never
changed again.

  • WebProcess/WebPage/DrawingAreaImpl.cpp:

(WebKit::DrawingAreaImpl::DrawingAreaImpl): Remove code to set
settings and m_alwaysUseCompositing, since that should be done in
updatePreferences().
(WebKit::DrawingAreaImpl::updatePreferences): Update the settings
accordingly and always update m_alwaysUseCompositing when AC is
enabled and forced in the settings.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage): WebPage::updatePreferences() calls
DrawingArea::updatePreferences(), but since r197409 it happens
before the drawing area has been created. So, call
DrawingArea::updatePreferences() in the constructor right after
the main frame has been created, since
DrawingArea::updatePreferences() uses the main frame.

9:32 AM Changeset in webkit [197451] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Fix the build with VIDEO disabled.

Patch by Milan Crha <mcrha@redhat.com> on 2016-03-02
Reviewed by Carlos Garcia Campos.

  • platform/gtk/RenderThemeGtk2.cpp:
  • platform/gtk/RenderThemeGtk3.cpp:
9:16 AM Changeset in webkit [197450] by Alan Bujtas
  • 14 edits
    2 adds in trunk

Subpixel layout: Enable vertical/horizontal subpixel spacing for tables.
https://bugs.webkit.org/show_bug.cgi?id=154899

Reviewed by Simon Fraser.

This patch enables authors to specify device pixel values for table border spacing.
(see border-spacing)

Source/WebCore:

Test: fast/table/hidpi-vertical-and-horizontal-spacing.html

  • css/CSSPropertyNames.in:
  • page/animation/CSSPropertyAnimation.cpp:

(WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):

  • rendering/RenderTable.cpp:

(WebCore::RenderTable::offsetLeftForColumn):
(WebCore::RenderTable::offsetWidthForColumn):
(WebCore::RenderTable::RenderTable): Deleted.

  • rendering/RenderTable.h:
  • rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::horizontalBorderSpacing):
(WebCore::RenderStyle::verticalBorderSpacing):
(WebCore::RenderStyle::setHorizontalBorderSpacing):
(WebCore::RenderStyle::setVerticalBorderSpacing):

  • rendering/style/RenderStyle.h:
  • rendering/style/StyleInheritedData.h:

LayoutTests:

  • fast/table/hidpi-vertical-and-horizontal-spacing-expected.html: Added.
  • fast/table/hidpi-vertical-and-horizontal-spacing.html: Added.
9:12 AM Changeset in webkit [197449] by Chris Dumez
  • 9 edits in trunk/Source/WebCore

Have parseHTMLInteger() / parseHTMLNonNegativeInteger() use WTF::Optional
https://bugs.webkit.org/show_bug.cgi?id=154845

Reviewed by Darin Adler.

Take into consideration review comments made after landing r197389.

  • html/HTMLElement.cpp:

(WebCore::HTMLElement::parseBorderWidthAttribute):
(WebCore::HTMLElement::parseAttribute):

  • html/HTMLInputElement.cpp:
  • html/HTMLInputElement.h:
  • html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::maxLength):

  • html/ImageInputType.cpp:

(WebCore::ImageInputType::height):
(WebCore::ImageInputType::width):

  • html/parser/HTMLParserIdioms.cpp:

(WebCore::parseHTMLNonNegativeInteger):

  • html/parser/HTMLParserIdioms.h:

(WebCore::limitToOnlyHTMLNonNegativeNumbersGreaterThanZero):
(WebCore::limitToOnlyHTMLNonNegative):

  • svg/SVGElement.cpp:

(WebCore::SVGElement::parseAttribute):

9:08 AM Changeset in webkit [197448] by jdiggs@igalia.com
  • 8 edits in trunk/LayoutTests

[AX][GTK] Position-related tests need new baseline after r196439
https://bugs.webkit.org/show_bug.cgi?id=154917

The tests in question include the position accessed via the component
interface. The result changed by one pixel after r196439.

Unreviewed gardening.

  • platform/gtk/accessibility/image-link-expected.txt: new baseline
  • platform/gtk/accessibility/math-multiscript-attributes-expected.txt: new baseline
  • platform/gtk/accessibility/table-attributes-expected.txt: new baseline
  • platform/gtk/accessibility/table-cell-spans-expected.txt: new baseline
  • platform/gtk/accessibility/table-cells-expected.txt: new baseline
  • platform/gtk/accessibility/table-detection-expected.txt: new baseline
  • platform/gtk/accessibility/table-sections-expected.txt: new baseline
5:40 AM Changeset in webkit [197447] by alex
  • 2 edits in trunk/Tools

Unreviewed build fix for media-stream after r197114.

  • TestWebKitAPI/Tests/WebKit2/UserMedia.cpp:

(TestWebKitAPI::decidePolicyForUserMediaPermissionRequestCallBack):

2:22 AM Changeset in webkit [197446] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

[JSC] Use a Move without REX byte when possible
https://bugs.webkit.org/show_bug.cgi?id=154801

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-02
Reviewed by Alex Christensen.

Filip wrote an optimization in the register allocator
to use 32bit "Move" when we don't care about the top bytes.

When I moved the commutative ops to the fake 3 operands instruction
I largely destroyed this since all the "Moves" became full register.

In this patch, I switch back to 32bit "Moves" for 32bit operations.

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::and32):
(JSC::MacroAssemblerX86Common::lshift32):
(JSC::MacroAssemblerX86Common::mul32):
(JSC::MacroAssemblerX86Common::or32):
(JSC::MacroAssemblerX86Common::rshift32):
(JSC::MacroAssemblerX86Common::urshift32):
(JSC::MacroAssemblerX86Common::xor32):
(JSC::MacroAssemblerX86Common::branchAdd32):
(JSC::MacroAssemblerX86Common::branchMul32):
(JSC::MacroAssemblerX86Common::branchSub32):
(JSC::MacroAssemblerX86Common::move32IfNeeded):

Mar 1, 2016:

11:53 PM Changeset in webkit [197445] by benjamin@webkit.org
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

[JSC] Simplify ArithMod(ArithMod(x, const1), const2) if const2 >= const1
https://bugs.webkit.org/show_bug.cgi?id=154904

Reviewed by Saam Barati.

The ASM test "ubench" has a "x % 10 % 255".
The second modulo should be eliminated.

This is a 15% improvement on ASMJS' ubench.

  • dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

  • tests/stress/arith-modulo-twice.js: Added.

(opaqueModuloSmaller):
(opaqueModuloEqual):
(opaqueModuloLarger):
(opaqueModuloSmallerNeg):
(opaqueModuloEqualNeg):
(opaqueModuloLargerNeg):
(opaqueExpectedOther):

11:12 PM Changeset in webkit [197444] by rniwa@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed. Update the status of Proxy objects to "In Development".

  • features.json:
11:06 PM Changeset in webkit [197443] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebCore

Unreviewed. Remove the "Partial Support" status from web components since shadow DOM and custom elements
are in active development.

  • features.json:
10:58 PM Changeset in webkit [197442] by Csaba Osztrogonác
  • 2 edits in trunk/Tools

Disable FTL JIT testing on 32-bit JSC tester bots
https://bugs.webkit.org/show_bug.cgi?id=154858

Reviewed by Saam Barati.

  • BuildSlaveSupport/build.webkit.org-config/master.cfg:

(Run32bitJSCTests):

10:56 PM Changeset in webkit [197441] by commit-queue@webkit.org
  • 10 edits
    1 add in trunk/Source

Unreviewed, rolling out r197226 and r197256.
https://bugs.webkit.org/show_bug.cgi?id=154910

Caused crashes on Mac 32-bit and on ARM (Requested by ap on
#webkit).

Reverted changesets:

"Remove the on demand executable allocator"
https://bugs.webkit.org/show_bug.cgi?id=154749
http://trac.webkit.org/changeset/197226

"CLoop build fix."
http://trac.webkit.org/changeset/197256

10:53 PM Changeset in webkit [197440] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebCore

Unreviewed. Update the feature status for custom elements API.

  • features.json:
9:31 PM Changeset in webkit [197439] by rniwa@webkit.org
  • 6 edits
    2 adds in trunk

Contents inside a shadow host with a negative tabindex should not be tab focusable
https://bugs.webkit.org/show_bug.cgi?id=154769

Reviewed by Antti Koivisto.

Source/WebCore:

Contents inside a shadow host with a negative tabindex content attribute should not be included in
the sequential focus navigation order as discussed on https://github.com/w3c/webcomponents/issues/399.

Test: fast/shadow-dom/negative-tabindex-on-shadow-host.html

  • dom/Element.cpp:

(WebCore::Element::tabIndexSetExplicitly): Added.

  • dom/Element.h:
  • page/FocusController.cpp:

(WebCore::shadowAdjustedTabIndex): Renamed from adjustedTabIndex. Return 0 when tabindex content attribute
is not explicitly set since element.tabIndex() would return -1 for HTML elements in such case.
(WebCore::isFocusableOrHasShadowTreeWithoutCustomFocusLogic): Renamed from shouldVisit.
(WebCore::FocusController::findElementWithExactTabIndex):
(WebCore::nextElementWithGreaterTabIndex):
(WebCore::previousElementWithLowerTabIndex):
(WebCore::FocusController::nextFocusableElement):
(WebCore::FocusController::previousFocusableElement):

LayoutTests:

Added a test for navigating across shadow boundaries.

  • fast/shadow-dom/negative-tabindex-on-shadow-host-expected.txt: Added.
  • fast/shadow-dom/negative-tabindex-on-shadow-host.html: Added.
  • platform/ios-simulator/TestExpectations:
8:30 PM Changeset in webkit [197438] by commit-queue@webkit.org
  • 3 edits in trunk/Source/JavaScriptCore

Simplify some StringBuilder appends
https://bugs.webkit.org/show_bug.cgi?id=154902

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-01
Reviewed by Mark Lam.

  • runtime/ExceptionHelpers.cpp:

(JSC::notAFunctionSourceAppender):

  • runtime/SamplingProfiler.cpp:

(JSC::SamplingProfiler::stackTracesAsJSON):
Use StringBuilder::append(char) instead of append(char*) where possible.

7:22 PM Changeset in webkit [197437] by msaboff@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION (r197426): Missed adding unicode parameter to call to Yarr::parse() in URLFilterParser::addPattern()
https://bugs.webkit.org/show_bug.cgi?id=154898

Reviewed by Saam Barati.

This is a fix for the API tests after r197426.

Added missing bool unicode parameter of "false".

  • contentextensions/URLFilterParser.cpp:

(WebCore::ContentExtensions::URLFilterParser::addPattern):

6:53 PM Changeset in webkit [197436] by mmaxfield@apple.com
  • 2 edits in trunk/Source/WebCore

Unreviewed build fix after r197434.

Unreviewed

  • css/SourceSizeList.cpp:

(WebCore::parseSizesAttribute):

6:50 PM Changeset in webkit [197435] by mmaxfield@apple.com
  • 3 edits
    2 adds
    2 deletes in trunk

Small-caps non-BMP characters are garbled in the complex text codepath
https://bugs.webkit.org/show_bug.cgi?id=154875

Reviewed by Michael Saboff.

Source/WebCore:

We were assuming that all characters able to be capitalized are in BMP. This is not true.

Test: fast/text/complex-small-caps-non-bmp-capitalize.html

  • platform/graphics/mac/ComplexTextController.cpp:

(WebCore::capitalized):
(WebCore::ComplexTextController::collectComplexTextRuns):

LayoutTests:

  • fast/text/complex-small-caps-non-bmp-capitalize-expected.html: Added.
  • fast/text/complex-small-caps-non-bmp-capitalize.html: Added.
  • fast/text/regress-154875-expected.txt: Deleted
  • fast/text/regress-154875.html: Deleted
6:34 PM Changeset in webkit [197434] by mmaxfield@apple.com
  • 10 edits in trunk/Source/WebCore

Extend CSSFontSelector's lifetime to be longer than the Document's lifetime
https://bugs.webkit.org/show_bug.cgi?id=154101

Reviewed by Darin Adler.

Rather than destroying the Document's CSSFontSelector, instead, the object should
live for the lifetime of the document, and it should instead be asked to clear its
contents.

This is important for the CSS Font Loading API, where the identity of objects the
CSSFontSelector references needs to persist throughout the lifetime of the
Document. This patch represents the first step to implementing this correctly.
The second step is for the CSSFontSelector to perform a diff instead of a
wholesale clear of its contents. Once this is done, font loading objects can
survive through a call to Document::clearStyleResolver().

This patch gives the CSSFontSelector two states: building underway and building not
underway. The state is building underway in between calls to clearStyleResolver()
and when the style resolver gets built back up. Otherwise, the state is building
not underway. Because of this new design, creation of all FontFace objects can be
postponed until a state transition from building underway to building not underway.
A subsequent patch will perform the diff at this point. An ASSERT() makes sure that
we never service a font lookup request while Building.

No new tests because there is no behavior change.

  • css/CSSFontFaceSet.cpp:

(WebCore::CSSFontFaceSet::clear):

  • css/CSSFontSelector.cpp:

(WebCore::CSSFontSelector::buildStarted):
(WebCore::CSSFontSelector::buildCompleted):
(WebCore::CSSFontSelector::addFontFaceRule):
(WebCore::CSSFontSelector::fontRangesForFamily):
(WebCore::CSSFontSelector::CSSFontSelector): Deleted.
(WebCore::CSSFontSelector::clearDocument): Deleted.

  • css/CSSFontSelector.h:
  • css/StyleResolver.cpp:

(WebCore::StyleResolver::appendAuthorStyleSheets):

  • dom/Document.cpp:

(WebCore::Document::Document):
(WebCore::Document::~Document):
(WebCore::Document::clearStyleResolver):
(WebCore::Document::fontSelector): Deleted.

  • dom/Document.h:

(WebCore::Document::fontSelector):

6:28 PM Changeset in webkit [197433] by ap@apple.com
  • 3 edits in trunk/Source/WebCore

Update Xcode project for InstallAPI
https://bugs.webkit.org/show_bug.cgi?id=154896
rdar://problem/24825992

Patch by Daniel Dunbar, reviewed by me.

  • Configurations/WebCore.xcconfig:
  • WebCore.xcodeproj/project.pbxproj:
6:16 PM Changeset in webkit [197432] by adachan@apple.com
  • 2 edits in trunk/Source/WebCore

One more attempt to fix the build.

  • platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:

(WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):

6:07 PM Changeset in webkit [197431] by adachan@apple.com
  • 2 edits in trunk/Source/WebCore

Attempt to fix the internal build.

  • platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:

(WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):

5:43 PM Changeset in webkit [197430] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

Fix iOS EWS.
https://bugs.webkit.org/show_bug.cgi?id=154880

Patch by Dean Johnson <dean_johnson@apple.com> on 2016-03-01
Reviewed by Alexey Proskuryakov.

  • Scripts/copy-webkitlibraries-to-product-directory:
5:15 PM Changeset in webkit [197429] by adachan@apple.com
  • 39 edits in trunk/Source

Adopt the new version of AVOutputDeviceMenuController's showMenuForRect method.
https://bugs.webkit.org/show_bug.cgi?id=154823

Reviewed by Tim Horton.

Source/WebCore:

  • Modules/mediasession/WebMediaSessionManager.cpp:

(WebCore::WebMediaSessionManager::showPlaybackTargetPicker):
(WebCore::WebMediaSessionManager::customPlaybackActionSelected):
Call customPlaybackActionSelected() on the client that requested the picker.

  • Modules/mediasession/WebMediaSessionManager.h:
  • Modules/mediasession/WebMediaSessionManagerClient.h:
  • dom/Document.cpp:

(WebCore::Document::showPlaybackTargetPicker):
(WebCore::Document::customPlaybackActionSelected):

  • dom/Document.h:
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::customPlaybackActionSelected):
(WebCore::HTMLMediaElement::playbackTargetPickerCustomActionName):

  • html/HTMLMediaElement.h:
  • html/MediaElementSession.cpp:

(WebCore::MediaElementSession::showPlaybackTargetPicker):
(WebCore::MediaElementSession::customPlaybackActionSelected):

  • html/MediaElementSession.h:
  • page/ChromeClient.h:
  • page/Page.cpp:

(WebCore::Page::showPlaybackTargetPicker):
(WebCore::Page::customPlaybackActionSelected):

  • page/Page.h:
  • platform/audio/PlatformMediaSession.h:

(WebCore::PlatformMediaSessionClient::customPlaybackActionSelected):

  • platform/graphics/MediaPlaybackTargetClient.h:
  • platform/graphics/MediaPlaybackTargetPicker.cpp:

(WebCore::MediaPlaybackTargetPicker::pendingActionTimerFired):
(WebCore::MediaPlaybackTargetPicker::showPlaybackTargetPicker):

  • platform/graphics/MediaPlaybackTargetPicker.h:

(WebCore::MediaPlaybackTargetPicker::Client::customPlaybackActionSelected):
(WebCore::MediaPlaybackTargetPicker::customPlaybackActionSelected):

  • platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.h:
  • platform/graphics/avfoundation/objc/MediaPlaybackTargetPickerMac.mm:

Update the forward declaration of AVOutputDeviceMenuController's showMenuForRect method.
(WebCore::MediaPlaybackTargetPickerMac::showPlaybackTargetPicker):
Call the new version of showMenuForRect if available.

  • platform/mac/WebVideoFullscreenInterfaceMac.h:
  • platform/mac/WebVideoFullscreenInterfaceMac.mm:

(WebCore::WebVideoFullscreenInterfaceMac::setExternalPlayback):

  • platform/mock/MediaPlaybackTargetPickerMock.cpp:

(WebCore::MediaPlaybackTargetPickerMock::showPlaybackTargetPicker):

  • platform/mock/MediaPlaybackTargetPickerMock.h:
  • platform/spi/cocoa/AVKitSPI.h:

Updated with the new version of showMenuForRect.

Source/WebKit/mac:

  • WebCoreSupport/WebChromeClient.h:
  • WebCoreSupport/WebChromeClient.mm:

(WebChromeClient::showPlaybackTargetPicker):

  • WebView/WebMediaPlaybackTargetPicker.h:
  • WebView/WebMediaPlaybackTargetPicker.mm:

(WebMediaPlaybackTargetPicker::showPlaybackTargetPicker):
(WebMediaPlaybackTargetPicker::customPlaybackActionSelected):

  • WebView/WebView.mm:

(-[WebView _showPlaybackTargetPicker:location:hasVideo:]):

Source/WebKit2:

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::showPlaybackTargetPicker):
(WebKit::WebPageProxy::customPlaybackActionSelected):

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in:
  • WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::showPlaybackTargetPicker):

  • WebProcess/WebCoreSupport/WebChromeClient.h:
  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::customPlaybackActionSelected):

5:08 PM Changeset in webkit [197428] by keith_miller@apple.com
  • 2 edits
    1 add in trunk/Source/JavaScriptCore

Promise.prototype.then should use Symbol.species to construct the return Promise
https://bugs.webkit.org/show_bug.cgi?id=154862

Reviewed by Saam Barati.

  • builtins/PromisePrototype.js:
  • tests/stress/promise-species-functions.js: Added.

(Symbol.species):
(id):
(funcThrows):
(makeC):
(test.species):
(test.speciesThrows):
(test):

5:02 PM Changeset in webkit [197427] by Brent Fulgham
  • 5 edits in trunk/Source/WebKit2

[WK2] Stub support for WebsiteDataTypeResourceLoadStatistics
https://bugs.webkit.org/show_bug.cgi?id=154689
<rdar://problem/24702576>

Reviewed by Sam Weinig.

  • Shared/WebsiteData/WebsiteDataType.h: Add new WebsiteDataTypeResourceLoadStatistics.
  • UIProcess/API/Cocoa/WKWebsiteDataRecord.mm:

(dataTypesToString): Handle new type.

  • UIProcess/API/Cocoa/WKWebsiteDataRecordInternal.h:

(WebKit::toWebsiteDataTypes): Ditto.
(WebKit::toWKWebsiteDataTypes): Ditto.

  • UIProcess/API/Cocoa/WKWebsiteDataRecordPrivate.h: Add new _WebsiteDataTypeResourceLoadStatistics.
4:39 PM Changeset in webkit [197426] by msaboff@apple.com
  • 27 edits
    3 moves
    3 adds in trunk

[ES6] Add support for Unicode regular expressions
https://bugs.webkit.org/show_bug.cgi?id=154842

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Added processing of Unicode regular expressions to the Yarr interpreter.

Changed parsing of regular expression patterns and PatternTerms to process characters as
UChar32 in the Yarr code. The parser converts matched surrogate pairs into the appropriate
Unicode character when the expression is parsed. When matching a unicode expression and
reading source characters, we convert proper surrogate pair into a Unicode character and
advance the source cursor, "pos", one more position. The exception to this is when we
know when generating a fixed character atom that we need to match a unicode character
that doesn't fit in 16 bits. The code calls this an extendedUnicodeCharacter and has a
helper to determine this.

Added 'u' flag and 'unicode' identifier to regular expression classes. Added an "isUnicode"
parameter to YarrPattern pattern() and internal users of that function.

Updated the generation of the canonicalization tables to include a new set a tables that
follow the ES 6.0, 21.2.2.8.2 Step 2. Renamed the YarrCanonicalizeUCS2.* files to
YarrCanonicalizeUnicode.*.

Added a new Layout/js test that tests the added functionality. Updated other tests that
have minor es6 unicode checks and look for valid flags.

Ran the ChakraCore Unicode regular expression tests as well.

  • inspector/ContentSearchUtilities.cpp:

(Inspector::ContentSearchUtilities::findMagicComment):

  • yarr/RegularExpression.cpp:

(JSC::Yarr::RegularExpression::Private::compile):
Updated use of pattern().

  • runtime/CommonIdentifiers.h:
  • runtime/RegExp.cpp:

(JSC::regExpFlags):
(JSC::RegExpFunctionalTestCollector::outputOneTest):
(JSC::RegExp::finishCreation):
(JSC::RegExp::compile):
(JSC::RegExp::compileMatchOnly):

  • runtime/RegExp.h:
  • runtime/RegExpKey.h:
  • runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncCompile):
(JSC::flagsString):
(JSC::regExpProtoGetterMultiline):
(JSC::regExpProtoGetterUnicode):
(JSC::regExpProtoGetterFlags):
Updated for new 'y' (unicode) flag. Add check to use the interpreter for unicode regular expressions.

  • tests/es6.yaml:
  • tests/stress/static-getter-in-names.js:

Updated tests for new flag and for passing the minimal es6 regular expression processing.

  • yarr/Yarr.h: Updated the size of information now kept for backtracking.
  • yarr/YarrCanonicalizeUCS2.cpp: Removed.
  • yarr/YarrCanonicalizeUCS2.h: Removed.
  • yarr/YarrCanonicalizeUCS2.js: Removed.
  • yarr/YarrCanonicalizeUnicode.cpp: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUCS2.cpp.
  • yarr/YarrCanonicalizeUnicode.h: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUCS2.h.

(JSC::Yarr::canonicalCharacterSetInfo):
(JSC::Yarr::canonicalRangeInfoFor):
(JSC::Yarr::getCanonicalPair):
(JSC::Yarr::isCanonicallyUnique):
(JSC::Yarr::areCanonicallyEquivalent):
(JSC::Yarr::rangeInfoFor): Deleted.

  • yarr/YarrCanonicalizeUnicode.js: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUCS2.js.

(printHeader):
(printFooter):
(hex):
(canonicalize):
(canonicalizeUnicode):
(createUCS2CanonicalGroups):
(createUnicodeCanonicalGroups):
(cu.in.groupedCanonically.characters.sort): Deleted.
(cu.in.groupedCanonically.else): Deleted.
Refactored to output two sets of tables, one for UCS2 and one for Unicode. The UCS2 tables follow
the legacy canonicalization rules now specified in ES 6.0, 21.2.2.8.2 Step 3. The new Unicode
tables follow the rules specified in ES 6.0, 21.2.2.8.2 Step 2. Eliminated the unused Latin1 tables.

  • yarr/YarrInterpreter.cpp:

(JSC::Yarr::Interpreter::InputStream::InputStream):
(JSC::Yarr::Interpreter::InputStream::readChecked):
(JSC::Yarr::Interpreter::InputStream::readSurrogatePairChecked):
(JSC::Yarr::Interpreter::InputStream::reread):
(JSC::Yarr::Interpreter::InputStream::prev):
(JSC::Yarr::Interpreter::testCharacterClass):
(JSC::Yarr::Interpreter::checkCharacter):
(JSC::Yarr::Interpreter::checkSurrogatePair):
(JSC::Yarr::Interpreter::checkCasedCharacter):
(JSC::Yarr::Interpreter::tryConsumeBackReference):
(JSC::Yarr::Interpreter::backtrackPatternCharacter):
(JSC::Yarr::Interpreter::matchCharacterClass):
(JSC::Yarr::Interpreter::backtrackCharacterClass):
(JSC::Yarr::Interpreter::matchParenthesesTerminalEnd):
(JSC::Yarr::Interpreter::matchDisjunction):
(JSC::Yarr::Interpreter::Interpreter):
(JSC::Yarr::ByteCompiler::assertionWordBoundary):
(JSC::Yarr::ByteCompiler::atomPatternCharacter):

  • yarr/YarrInterpreter.h:

(JSC::Yarr::ByteTerm::ByteTerm):
(JSC::Yarr::BytecodePattern::BytecodePattern):

  • yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::optimizeAlternative):
(JSC::Yarr::YarrGenerator::matchCharacterClassRange):
(JSC::Yarr::YarrGenerator::matchCharacterClass):
(JSC::Yarr::YarrGenerator::notAtEndOfInput):
(JSC::Yarr::YarrGenerator::jumpIfCharNotEquals):
(JSC::Yarr::YarrGenerator::generatePatternCharacterOnce):
(JSC::Yarr::YarrGenerator::generatePatternCharacterFixed):
(JSC::Yarr::YarrGenerator::generatePatternCharacterGreedy):
(JSC::Yarr::YarrGenerator::backtrackPatternCharacterNonGreedy):

  • yarr/YarrParser.h:

(JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
(JSC::Yarr::Parser::Parser):
(JSC::Yarr::Parser::parseEscape):
(JSC::Yarr::Parser::consumePossibleSurrogatePair):
(JSC::Yarr::Parser::parseCharacterClass):
(JSC::Yarr::Parser::parseTokens):
(JSC::Yarr::Parser::parse):
(JSC::Yarr::Parser::atEndOfPattern):
(JSC::Yarr::Parser::patternRemaining):
(JSC::Yarr::Parser::peek):
(JSC::Yarr::parse):

  • yarr/YarrPattern.cpp:

(JSC::Yarr::CharacterClassConstructor::CharacterClassConstructor):
(JSC::Yarr::CharacterClassConstructor::append):
(JSC::Yarr::CharacterClassConstructor::putChar):
(JSC::Yarr::CharacterClassConstructor::putUnicodeIgnoreCase):
(JSC::Yarr::CharacterClassConstructor::putRange):
(JSC::Yarr::CharacterClassConstructor::charClass):
(JSC::Yarr::CharacterClassConstructor::addSorted):
(JSC::Yarr::CharacterClassConstructor::addSortedRange):
(JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
(JSC::Yarr::YarrPatternConstructor::assertionWordBoundary):
(JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
(JSC::Yarr::YarrPatternConstructor::atomCharacterClassBegin):
(JSC::Yarr::YarrPatternConstructor::atomCharacterClassAtom):
(JSC::Yarr::YarrPatternConstructor::atomCharacterClassRange):
(JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets):
(JSC::Yarr::YarrPattern::compile):
(JSC::Yarr::YarrPattern::YarrPattern):

  • yarr/YarrPattern.h:

(JSC::Yarr::CharacterRange::CharacterRange):
(JSC::Yarr::CharacterClass::CharacterClass):
(JSC::Yarr::PatternTerm::PatternTerm):
(JSC::Yarr::YarrPattern::reset):

  • yarr/YarrSyntaxChecker.cpp:

(JSC::Yarr::SyntaxChecker::assertionBOL):
(JSC::Yarr::SyntaxChecker::assertionEOL):
(JSC::Yarr::SyntaxChecker::assertionWordBoundary):
(JSC::Yarr::SyntaxChecker::atomPatternCharacter):
(JSC::Yarr::SyntaxChecker::atomBuiltInCharacterClass):
(JSC::Yarr::SyntaxChecker::atomCharacterClassBegin):
(JSC::Yarr::SyntaxChecker::atomCharacterClassAtom):
(JSC::Yarr::checkSyntax):

LayoutTests:

Added a new test for the added unicode regular expression processing.

Updated several tests for the y flag changes and "unicode" property.

  • js/regexp-unicode-expected.txt: Added.
  • js/regexp-unicode.html: Added.
  • js/script-tests/regexp-unicode.js: Added.

New test.

  • js/Object-getOwnPropertyNames-expected.txt:
  • js/regexp-flags-expected.txt:
  • js/script-tests/Object-getOwnPropertyNames.js:
  • js/script-tests/regexp-flags.js:

(RegExp.prototype.hasOwnProperty):
Updated tests.

4:31 PM Changeset in webkit [197425] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking fast/text/crash-complex-text-surrogate.html as flaky on mac
https://bugs.webkit.org/show_bug.cgi?id=154709

Unreviewed test gardening.

  • platform/mac/TestExpectations:
4:01 PM Changeset in webkit [197424] by dbates@webkit.org
  • 2 edits in trunk/Source/WebCore

com.apple.WebKit.Networking.Development crashes in WebCore::formOpen()
https://bugs.webkit.org/show_bug.cgi?id=154682
<rdar://problem/23550269>

Reviewed by Brent Fulgham.

Speculative fix for a race condition when opening the stream for the next form data element.
Calling CFReadStreamOpen(s) in WebCore::openNextStream() can cause stream s to be closed and
deallocated before CFReadStreamOpen(s) returns.

When WebCore::openNextStream() is called it closes and deallocates the current stream and
then opens a new stream for the next form data element. Calling CFReadStreamOpen() in
WebCore::openNextStream() can lead to WebCore::openNextStream() being re-entered via
WebCore::formEventCallback() from another thread. One example when this can occur is when
the stream being opened has no data (i.e. WebCore::formEventCallback() is called
back with event type kCFStreamEventEndEncountered).

I have been unable to reproduce this crash. We know that it occurs from crash reports.

  • platform/network/cf/FormDataStreamCFNet.cpp:

(WebCore::closeCurrentStream): Assert that we had acquired a lock to close the stream.
(WebCore::advanceCurrentStream): Assert that we had acquired a lock to advance the stream.
(WebCore::openNextStream): Acquire a lock before we open the next stream to ensure that
exactly one thread executes this critical section at a time.
(WebCore::formFinalize): Acquire a lock before we close the current stream.
(WebCore::formClose): Ditto.

4:00 PM Changeset in webkit [197423] by msaboff@apple.com
  • 3 edits
    2 adds in trunk

ASSERT in platform/graphics/mac/ComplexTextController.cpp::capitalize()
https://bugs.webkit.org/show_bug.cgi?id=154875

Reviewed by Myles C. Maxfield.

Source/WebCore:

Change an ASSERT to verify that uper casing a character doesn't change its size.

Test: fast/text/regress-154875.html

  • platform/graphics/mac/ComplexTextController.cpp:

(WebCore::capitalized):

LayoutTests:

New test.

  • fast/text/regress-154875-expected.txt: Added.
  • fast/text/regress-154875.html: Added.
3:58 PM Changeset in webkit [197422] by sbarati@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Remove FIXMEs and add valid test cases after necessary patch has landed.

Rubber stamped by Mark Lam.

  • tests/stress/proxy-prevent-extensions.js:

(assert.Object.isSealed):
(assert):

3:57 PM Changeset in webkit [197421] by Ryan Haddad
  • 2 edits in branches/safari-601-branch/LayoutTests

Rebaseline fast/css/will-change-parsing.html. rdar://problem/24743200

  • fast/css/will-change-parsing-expected.txt:
3:51 PM Changeset in webkit [197420] by sbarati@apple.com
  • 4 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Implement Proxy.IsExtensible?
https://bugs.webkit.org/show_bug.cgi?id=154872

Reviewed by Oliver Hunt.

This patch is a direct implementation of Proxy.IsExtensible? with respect to section 9.5.3
of the ECMAScript 6 spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-isextensible

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::preventExtensions):
(JSC::ProxyObject::performIsExtensible):
(JSC::ProxyObject::isExtensible):
(JSC::ProxyObject::visitChildren):

  • runtime/ProxyObject.h:
  • tests/es6.yaml:
  • tests/stress/proxy-is-extensible.js: Added.

(assert):
(throw.new.Error.let.handler.get isExtensible):
(throw.new.Error):
(assert.let.handler.isExtensible):
(assert.):
(let.handler.isExtensible):

3:44 PM Changeset in webkit [197419] by Ryan Haddad
  • 2 edits in branches/safari-601-branch/LayoutTests

Update TesetExpectations for fast/text/multiple-feature-properties.html. rdar://problem/24494562

  • platform/mac/TestExpectations:
3:42 PM Changeset in webkit [197418] by sbarati@apple.com
  • 4 edits
    1 add in trunk/Source/JavaScriptCore

[ES6] Implement Proxy.PreventExtensions?
https://bugs.webkit.org/show_bug.cgi?id=154873

Reviewed by Oliver Hunt.

This patch is a direct implementation of Proxy.PreventExtensions? with respect to section 9.5.4
of the ECMAScript 6 spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-preventextensions

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::deletePropertyByIndex):
(JSC::ProxyObject::performPreventExtensions):
(JSC::ProxyObject::preventExtensions):
(JSC::ProxyObject::visitChildren):

  • runtime/ProxyObject.h:
  • tests/es6.yaml:
  • tests/stress/proxy-prevent-extensions.js: Added.

(assert):
(throw.new.Error.let.handler.get preventExtensions):
(throw.new.Error):
(assert.let.handler.preventExtensions):
(assert.):
(let.handler.preventExtensions):
(assert.Object.isSealed.let.handler.preventExtensions):
(assert.Object.isSealed):

3:40 PM Changeset in webkit [197417] by fpizlo@apple.com
  • 1 edit
    3 adds in trunk/LayoutTests

FTL should simplify StringReplace with an empty replacement string
https://bugs.webkit.org/show_bug.cgi?id=154871

Reviewed by Michael Saboff.

Really add this new test.

  • js/regress/script-tests/string-replace-empty.js: Added.
  • js/regress/string-replace-empty-expected.txt: Added.
  • js/regress/string-replace-empty.html: Added.
3:35 PM Changeset in webkit [197416] by fpizlo@apple.com
  • 5 edits in trunk

FTL should simplify StringReplace with an empty replacement string
https://bugs.webkit.org/show_bug.cgi?id=154871

Reviewed by Michael Saboff.

This is a simple and hugely profitable change. If we do a string.replace(/things/, ""), then
this calls directly into StringPrototype's replace-with-empty-string logic instead of going
through stuff that does checks before reaching that same conclusion.

This speeds up Octane/regexp by about 6-10%. It also speeds up the attached microbenchmark by
about 7%.

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):

  • runtime/StringPrototype.cpp:

(JSC::jsSpliceSubstringsWithSeparators):
(JSC::removeUsingRegExpSearch):
(JSC::replaceUsingRegExpSearch):
(JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
(JSC::operationStringProtoFuncReplaceRegExpString):

  • runtime/StringPrototype.h:
3:33 PM Changeset in webkit [197415] by barraclough@apple.com
  • 2 edits in trunk/Source/WebCore

Timer alignment in separate web processes should not all sync up to the same point.
https://bugs.webkit.org/show_bug.cgi?id=154878

Reviewed by Chris Dumez.

For any given WebContent process it is desirable that timers are synchronized to a single
alignment point, but if all WebContent processes align to the same point then there may
be a thundering herd of processes waking up.

  • page/DOMTimer.cpp:

(WebCore::DOMTimer::alignedFireTime):

  • align to a randomized point.
2:29 PM Changeset in webkit [197414] by commit-queue@webkit.org
  • 10 edits in trunk

Reduce size of internal windows build output
https://bugs.webkit.org/show_bug.cgi?id=154763

Patch by Alex Christensen <achristensen@webkit.org> on 2016-03-01
Reviewed by Brent Fulgham.

.:

  • Source/cmake/OptionsWin.cmake:

Source/JavaScriptCore:

Source/WebCore:

  • WebCore.vcxproj/WebCore.proj:

Source/WebKit:

  • WebKit.vcxproj/WebKit.proj:

Source/WTF:

  • WTF.vcxproj/WTF.proj:
2:13 PM Changeset in webkit [197413] by achristensen@apple.com
  • 5 edits in trunk/Source/WebKit2

Correctly keep track of NetworkDataTasks with and without credentials when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154876

Reviewed by Brady Eidson.

I was seeing an assertion failure from ASSERT(!m_session.m_dataTaskMap.contains(taskIdentifier()))
in the NetworkDataTask constructor sometimes. This is because a task identifier is not enough information
to uniquely find a NetworkDataTask in a NetworkSession since r196034 because there are two NSURLSessions
in a NetworkSession, one with credentials and one without. The assertion would fire in a case like if we
made the first NetworkDataTask with credentials (taskIdentifier is 1) and the first NetworkDataTask
without credentials before the first NetworkDataTask with credentials was finished. In that case, the
taskIdentifier would also be 1, which would conflict with the other taskIdentifier. That taskIdentifier
would uniquely identify the task in the correct NSURLSession, though, so the solution is to keep a map
for each NSURLSession in the NetworkSession.

  • NetworkProcess/NetworkDataTask.h:
  • NetworkProcess/NetworkSession.h:
  • NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTask::NetworkDataTask):
(WebKit::NetworkDataTask::~NetworkDataTask):
(WebKit::NetworkDataTask::suspend):
(WebKit::serverTrustCredential):

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:task:didSendBodyData:totalBytesSent:totalBytesExpectedToSend:]):
(-[WKNetworkSessionDelegate URLSession:task:willPerformHTTPRedirection:newRequest:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:task:didCompleteWithError:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveData:]):
(-[WKNetworkSessionDelegate URLSession:downloadTask:didWriteData:totalBytesWritten:totalBytesExpectedToWrite:]):
(-[WKNetworkSessionDelegate URLSession:dataTask:didBecomeDownloadTask:]):
(WebKit::NetworkSession::clearCredentials):
(WebKit::NetworkSession::dataTaskForIdentifier):
(WebKit::NetworkSession::addDownloadID):

1:45 PM Changeset in webkit [197412] by sbarati@apple.com
  • 14 edits in trunk/Source/JavaScriptCore

IsExtensible? should be a virtual method in the method table
https://bugs.webkit.org/show_bug.cgi?id=154799

Reviewed by Mark Lam.

This patch makes us more consistent with how the ES6 specification models the
IsExtensible? trap. Moving this method into ClassInfo::methodTable
is a prerequisite for implementing Proxy.IsExtensible?.

  • runtime/ClassInfo.h:
  • runtime/JSCell.cpp:

(JSC::JSCell::preventExtensions):
(JSC::JSCell::isExtensible):

  • runtime/JSCell.h:
  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncProtoSetter):

  • runtime/JSObject.cpp:

(JSC::JSObject::preventExtensions):
(JSC::JSObject::isExtensible):
(JSC::JSObject::reifyAllStaticProperties):
(JSC::JSObject::defineOwnIndexedProperty):
(JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
(JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
(JSC::JSObject::defineOwnNonIndexProperty):
(JSC::JSObject::defineOwnProperty):

  • runtime/JSObject.h:

(JSC::JSObject::isSealed):
(JSC::JSObject::isFrozen):
(JSC::JSObject::isExtensibleImpl):
(JSC::JSObject::isStructureExtensible):
(JSC::JSObject::isExtensibleInline):
(JSC::JSObject::indexingShouldBeSparse):
(JSC::JSObject::putDirectInternal):
(JSC::JSObject::isExtensible): Deleted.

  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorSetPrototypeOf):
(JSC::objectConstructorIsSealed):
(JSC::objectConstructorIsFrozen):
(JSC::objectConstructorIsExtensible):
(JSC::objectConstructorIs):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):

  • runtime/ReflectObject.cpp:

(JSC::reflectObjectIsExtensible):
(JSC::reflectObjectSetPrototypeOf):

  • runtime/SparseArrayValueMap.cpp:

(JSC::SparseArrayValueMap::putEntry):
(JSC::SparseArrayValueMap::putDirect):

  • runtime/StringObject.cpp:

(JSC::StringObject::defineOwnProperty):

  • runtime/Structure.cpp:

(JSC::Structure::isSealed):
(JSC::Structure::isFrozen):

  • runtime/Structure.h:
1:40 PM Changeset in webkit [197411] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix CLOOP build.

  • jit/JITOperations.h:
1:28 PM Changeset in webkit [197410] by gskachkov@gmail.com
  • 6 edits in trunk/Source/JavaScriptCore

[ES6] Arrow function. Some not used byte code is emited
https://bugs.webkit.org/show_bug.cgi?id=154639

Reviewed by Saam Barati.

Currently bytecode that is generated for arrow function is not optimal.
Current fix removed following unnecessary bytecode:
1.create_lexical_environment not emited always for arrow function, only if some of
features(this/super/arguments/eval) is used inside of the arrow function.
2.load 'this' from arrow function scope in constructor is done only if super
contains in arrow function

  • bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::isSuperCallUsedInInnerArrowFunction):

  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/NodesCodegen.cpp:

(JSC::ThisNode::emitBytecode):
(JSC::FunctionNode::emitBytecode):

  • parser/Nodes.h:

(JSC::ScopeNode::doAnyInnerArrowFunctionsUseAnyFeature):

  • tests/stress/arrowfunction-lexical-bind-supercall-4.js:
1:20 PM Changeset in webkit [197409] by akling@apple.com
  • 5 edits in trunk/Source

REGRESSION (r154616): Accelerated drawing is off during the initial load
<https://webkit.org/b/123812>

Reviewed by Tim Horton.

Source/WebCore:

Robustify the hey-the-Settings-changed callbacks in Page to handle document-less frames.
This is needed because now Settings are changed even before the main Frame has a Document.

  • page/Page.cpp:

(WebCore::networkStateChanged):
(WebCore::Page::updateStyleForAllPagesAfterGlobalChangeInEnvironment):
(WebCore::Page::takeAnyMediaCanStartListener):
(WebCore::Page::setMediaVolume):
(WebCore::Page::setPageScaleFactor):
(WebCore::Page::invalidateStylesForAllLinks):
(WebCore::Page::invalidateStylesForLink):
(WebCore::Page::dnsPrefetchingStateChanged):
(WebCore::Page::storageBlockingStateChanged):
(WebCore::Page::setMuted):
(WebCore::Page::captionPreferencesChanged):
(WebCore::Page::setSessionID):
(WebCore::Page::setPlaybackTarget):
(WebCore::Page::playbackTargetAvailabilityDidChange):
(WebCore::Page::setShouldPlayToPlaybackTarget):

  • page/Settings.cpp:

(WebCore::setImageLoadingSettings):

Source/WebKit2:

Load preferences before instantiating the first DrawingArea. This ensures that we do the
initial paint using accelerated drawing, and avoids allocating persistent data structures
only needed by the software rendering path.

  • WebProcess/WebPage/WebPage.cpp:
1:18 PM Changeset in webkit [197408] by fpizlo@apple.com
  • 28 edits
    3 adds in trunk

Turn String.prototype.replace into an intrinsic
https://bugs.webkit.org/show_bug.cgi?id=154835

Reviewed by Michael Saboff.

Source/JavaScriptCore:

Octane/regexp spends a lot of time in String.prototype.replace(). That function does a lot
of checks to see if the parameters are what they are likely to often be (a string, a
regexp, and a string). The intuition of this patch is that it's good to remove those checks
and it's good to call the native function as directly as possible.

This yields a 10% speed-up on a replace microbenchmark and a 3% speed-up on Octane/regexp.
It also improves Octane/jquery.

This is only the beginning of what I want to do with replace optimizations. The other
optimizations will rely on StringReplace being revealed as a construct in DFG IR.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • bytecode/SpeculatedType.cpp:

(JSC::dumpSpeculation):
(JSC::speculationToAbbreviatedString):
(JSC::speculationFromClassInfo):

  • bytecode/SpeculatedType.h:

(JSC::isStringOrStringObjectSpeculation):
(JSC::isRegExpObjectSpeculation):
(JSC::isBoolInt32Speculation):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGNode.h:

(JSC::DFG::Node::shouldSpeculateStringOrStringObject):
(JSC::DFG::Node::shouldSpeculateRegExpObject):
(JSC::DFG::Node::shouldSpeculateSymbol):

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::speculateFinalObject):
(JSC::DFG::SpeculativeJIT::speculateRegExpObject):
(JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
(JSC::DFG::SpeculativeJIT::speculate):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGUseKind.cpp:

(WTF::printInternal):

  • dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):
(JSC::DFG::isCell):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):
(JSC::FTL::DFG::LowerDFGToB3::speculate):
(JSC::FTL::DFG::LowerDFGToB3::speculateFinalObject):
(JSC::FTL::DFG::LowerDFGToB3::speculateRegExpObject):
(JSC::FTL::DFG::LowerDFGToB3::speculateString):

  • jit/JITOperations.h:
  • runtime/Intrinsic.h:
  • runtime/JSType.h:
  • runtime/RegExpObject.h:

(JSC::RegExpObject::createStructure):

  • runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):
(JSC::removeUsingRegExpSearch):
(JSC::replaceUsingRegExpSearch):
(JSC::operationStringProtoFuncReplaceRegExpString):
(JSC::replaceUsingStringSearch):
(JSC::stringProtoFuncRepeat):
(JSC::replace):
(JSC::stringProtoFuncReplace):
(JSC::operationStringProtoFuncReplaceGeneric):
(JSC::stringProtoFuncToString):

  • runtime/StringPrototype.h:

LayoutTests:

  • js/regress/script-tests/string-replace.js: Added.
  • js/regress/string-replace-expected.txt: Added.
  • js/regress/string-replace.html: Added.
12:00 PM Changeset in webkit [197407] by achristensen@apple.com
  • 2 edits in trunk/Source/WebKit2

Fix tests when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154866

Reviewed by Brady Eidson.

  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::globalCustomProtocolManager):
(WebKit::NetworkSession::setCustomProtocolManager):

Use a static NeverDestroyed instead of a local NeverDestroyed.
This fix was suggested by Darin after I broke the custom protocol tests in r197362.

(WebKit::NetworkSession::clearCredentials):

In r197223 I added code that I thought cleared the credentials of a session, but it was
actually trying (and failing) to remove the credentials from the NSURLCredentialStorage that
were stored with NSURLCredentialPersistencePermanent.
This was causing credentials stored in an NSURLSession with NSURLCredentialPersistenceForSession
to remain for the next tests, and was causing credentials from previous tests, usually from
http/tests/loading/basic-credentials-sent-automatically.html, to be used in future tests.
Creating a new NSURLSession is the equivalent of CredentialStorage::clearCredentials because it
removes all credentials stored with NSURLCredentialPersistenceForSession.

11:47 AM Changeset in webkit [197406] by commit-queue@webkit.org
  • 8 edits in trunk

Unreviewed, rolling out r197056.
https://bugs.webkit.org/show_bug.cgi?id=154870

broke win ews (Requested by alexchristensen on #webkit).

Reverted changeset:

"[cmake] Moved PRE/POST_BUILD_COMMAND to WEBKIT_FRAMEWORK."
https://bugs.webkit.org/show_bug.cgi?id=154651
http://trac.webkit.org/changeset/197056

11:41 AM Changeset in webkit [197405] by beidson@apple.com
  • 4 edits in trunk/Source/WebCore

Modern IDB: Possible crash deallocating IDBDatabaseInfo/IDBObjectStoreInfo/IDBIndexInfo.
https://bugs.webkit.org/show_bug.cgi?id=154860

Reviewed by Alex Christensen.

Covered by existing tests.

  • Modules/indexeddb/shared/IDBDatabaseInfo.cpp:

(WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
(WebCore::IDBDatabaseInfo::isolatedCopy):

  • Modules/indexeddb/shared/IDBDatabaseInfo.h:
  • Modules/indexeddb/shared/IDBTransactionInfo.cpp:

(WebCore::IDBTransactionInfo::isolatedCopy): If there's an IDBDatabaseInfo to copy, that

copy needs to be isolated.

10:49 AM Changeset in webkit [197404] by timothy_horton@apple.com
  • 8 edits in trunk/Source

Expose MediaElement and VideoElement to the Objective-C DOM bindings
https://bugs.webkit.org/show_bug.cgi?id=154830

Reviewed by Sam Weinig.

Source/WebCore:

  • Modules/mediasession/HTMLMediaElementMediaSession.idl:
  • Modules/mediastream/HTMLMediaElementMediaStream.idl:
  • html/HTMLMediaElement.idl:
  • html/HTMLVideoElement.idl:

Avoid Objective-C bindings for various extraneous bits, like MediaSource and MediaSession,
to avoid exposing way more than we need to.

  • WebCore.xcodeproj/project.pbxproj:

Add a bunch of Derived Sources.

Source/WebKit/mac:

  • MigrateHeaders.make:
10:33 AM Changeset in webkit [197403] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Rebaseline isplaylists/extent-includes tests for mac-wk1

Unreviewed test gardening.

  • platform/mac-wk1/displaylists/extent-includes-shadow-expected.txt:
  • platform/mac-wk1/displaylists/extent-includes-transforms-expected.txt:
9:42 AM Changeset in webkit [197402] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebKit2

NetworkCache: Web process leaks resource buffer when using shareable reasources
https://bugs.webkit.org/show_bug.cgi?id=154852

Reviewed by Darin Adler.

ResourceLoader::didReceiveBuffer() expects a PassRefPtr, but we
are passing a raw pointer making PassRefPtr to take another
reference instead of transfering the ownership as expected.

  • WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::didReceiveResource):

9:33 AM Changeset in webkit [197401] by Antti Koivisto
  • 22 edits in trunk/Source/WebCore

Text control shadow element style shouldn't depend on renderers
https://bugs.webkit.org/show_bug.cgi?id=154855

Reviewed by Andreas Kling.

Currently the code for computing style for text control shadow elements lives in render tree.
Style is the input for building a render tree and should be computable without having one.

Fix by moving virtual createInnerTextStyle() from RenderTextControl hierarchy to the DOM side
HTMLTextFormControlElement hierarchy.

  • dom/Element.cpp:

(WebCore::Element::didDetachRenderers):
(WebCore::Element::customStyleForRenderer):

Also pass shadow host style as it is needed for text controls.

  • dom/Element.h:
  • dom/PseudoElement.cpp:

(WebCore::PseudoElement::clearHostElement):
(WebCore::PseudoElement::customStyleForRenderer):

  • dom/PseudoElement.h:
  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::setRangeText):
(WebCore::HTMLInputElement::createInnerTextStyle):
(WebCore::HTMLInputElement::setupDateTimeChooserParameters):

  • html/HTMLInputElement.h:
  • html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::willRespondToMouseClickEvents):
(WebCore::HTMLTextAreaElement::createInnerTextStyle):

  • html/HTMLTextAreaElement.h:
  • html/HTMLTextFormControlElement.cpp:

(WebCore::HTMLTextFormControlElement::directionForFormData):
(WebCore::HTMLTextFormControlElement::adjustInnerTextStyle):

  • html/HTMLTextFormControlElement.h:

(WebCore::HTMLTextFormControlElement::cachedSelectionDirection):

  • html/shadow/TextControlInnerElements.cpp:

(WebCore::TextControlInnerElement::create):
(WebCore::TextControlInnerElement::customStyleForRenderer):
(WebCore::TextControlInnerTextElement::renderer):
(WebCore::TextControlInnerTextElement::customStyleForRenderer):

  • html/shadow/TextControlInnerElements.h:
  • rendering/RenderTextControl.cpp:

(WebCore::RenderTextControl::styleDidChange):
(WebCore::RenderTextControl::textBlockLogicalHeight):
(WebCore::RenderTextControl::adjustInnerTextStyle): Deleted.

  • rendering/RenderTextControl.h:
  • rendering/RenderTextControlMultiLine.cpp:

(WebCore::RenderTextControlMultiLine::baselinePosition):
(WebCore::RenderTextControlMultiLine::layoutSpecialExcludedChild):
(WebCore::RenderTextControlMultiLine::createInnerTextStyle): Deleted.

createInnerTextStyle moves to HTMLTextAreaElement::createInnerTextStyle

  • rendering/RenderTextControlMultiLine.h:
  • rendering/RenderTextControlSingleLine.cpp:

(WebCore::RenderTextControlSingleLine::RenderTextControlSingleLine):

Remove m_desiredInnerTextLogicalHeight cache. It doesn't work, it is never valid when hit.

(WebCore::RenderTextControlSingleLine::layout):
(WebCore::RenderTextControlSingleLine::styleDidChange):
(WebCore::RenderTextControlSingleLine::computeControlLogicalHeight):
(WebCore::RenderTextControlSingleLine::textShouldBeTruncated):
(WebCore::RenderTextControlSingleLine::createInnerTextStyle): Deleted.
(WebCore::RenderTextControlSingleLine::createInnerBlockStyle): Deleted.

  • createInnerTextStyle moves to HTMLInputElement::createInnerTextStyle
  • createInnerBlockStyle moves to TextControlInnerElement::customStyleForRenderer
  • rendering/RenderTextControlSingleLine.h:

(WebCore::RenderTextControlSingleLine::centerContainerIfNeeded):
(WebCore::RenderTextControlSingleLine::containerElement):

  • style/StyleTreeResolver.cpp:

(WebCore::Style::TreeResolver::styleForElement):

  • svg/SVGElement.cpp:

(WebCore::SVGElement::synchronizeSystemLanguage):
(WebCore::SVGElement::customStyleForRenderer):

  • svg/SVGElement.h:
8:54 AM Changeset in webkit [197400] by Manuel Rego Casasnovas
  • 8 edits in trunk/Source/WebCore

[css-grid] Get rid of GridResolvedPosition
https://bugs.webkit.org/show_bug.cgi?id=154818

Reviewed by Darin Adler.

GridResolvedPosition was a small class just wrapping a unsigned.
In the future it should actually wrap an integer,
as we want to support implicit tracks before the explicit grid.

The class itself is not providing any benefit,
so we can get rid of it and store directly 2 unsigned in GridSpan.

This will make simpler future changes related to this task.

We keep the class just as a utility for the methods
that deal with the positions resolution.
But it should be renamed in a follow-up patch.

No new tests, no change of behavior.

  • css/CSSGridTemplateAreasValue.cpp:

(WebCore::stringForPosition):

  • css/CSSParser.cpp:

(WebCore::CSSParser::parseGridTemplateAreasRow):

  • css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::createImplicitNamedGridLinesFromGridArea):

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
(WebCore::RenderGrid::findFlexFactorUnitSize):
(WebCore::RenderGrid::spanningItemCrossesFlexibleSizedTracks):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
(WebCore::RenderGrid::insertItemIntoGrid):
(WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
(WebCore::RenderGrid::createEmptyGridAreaAtSpecifiedPositionsOutsideGrid):
(WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
(WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
(WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
(WebCore::RenderGrid::gridAreaBreadthForChild):
(WebCore::RenderGrid::gridAreaBreadthForChildIncludingAlignmentOffsets):
(WebCore::RenderGrid::columnAxisOffsetForChild):
(WebCore::RenderGrid::rowAxisOffsetForChild):

  • rendering/style/GridCoordinate.h:

(WebCore::GridSpan::definiteGridSpan):
(WebCore::GridSpan::integerSpan):
(WebCore::GridSpan::resolvedInitialPosition):
(WebCore::GridSpan::resolvedFinalPosition):
(WebCore::GridSpan::GridSpanIterator::GridSpanIterator):
(WebCore::GridSpan::GridSpanIterator::operator*):
(WebCore::GridSpan::GridSpanIterator::operator++):
(WebCore::GridSpan::GridSpanIterator::operator!=):
(WebCore::GridSpan::begin):
(WebCore::GridSpan::end):
(WebCore::GridSpan::GridSpan):

  • rendering/style/GridResolvedPosition.cpp:

(WebCore::resolveNamedGridLinePositionFromStyle):
(WebCore::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
(WebCore::resolveGridPositionAgainstOppositePosition):
(WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
(WebCore::resolveGridPositionFromStyle):
(WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):

  • rendering/style/GridResolvedPosition.h:

(WebCore::GridResolvedPosition::GridResolvedPosition): Deleted.
(WebCore::GridResolvedPosition::operator*): Deleted.
(WebCore::GridResolvedPosition::operator++): Deleted.
(WebCore::GridResolvedPosition::operator==): Deleted.
(WebCore::GridResolvedPosition::operator!=): Deleted.
(WebCore::GridResolvedPosition::operator<): Deleted.
(WebCore::GridResolvedPosition::operator>): Deleted.
(WebCore::GridResolvedPosition::operator<=): Deleted.
(WebCore::GridResolvedPosition::operator>=): Deleted.
(WebCore::GridResolvedPosition::toInt): Deleted.
(WebCore::GridResolvedPosition::next): Deleted.
(WebCore::GridResolvedPosition::prev): Deleted.

6:29 AM Changeset in webkit [197399] by akling@apple.com
  • 2 edits in trunk/Source/WebCore

MemoryCache::forEachResource() should guard resources across function invocation.
<https://webkit.org/b/154846>

Reviewed by Antti Koivisto.

It occurred to me that we should protect the CachedResources from being
deleted while invoking the custom function here, lest we create a giant footgun.

  • loader/cache/MemoryCache.cpp:

(WebCore::MemoryCache::forEachResource):

3:58 AM Changeset in webkit [197398] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebCore

[Mac][cmake] One more unreviewed speculative buildfix after r197375. Just for fun.

  • PlatformMac.cmake:
3:17 AM Changeset in webkit [197397] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebCore

[Mac][cmake] Unreviewed speculative buildfix after r197375. Just for fun.

  • PlatformMac.cmake:
2:34 AM Changeset in webkit [197396] by youenn.fablet@crf.canon.fr
  • 8 edits in trunk

[Fetch API] Support Request and Response blob() when body data is a blob
https://bugs.webkit.org/show_bug.cgi?id=154820

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Adding blob specific tests. New tests are not covered yet as they require converting data from a blob into another form (JSON, text...).
Rebasing expectations with test that is now passing and new failing tests.
Fixing typos in test (Json -> JSON and removing TextDecoder use).

  • web-platform-tests/fetch/api/request/request-consume-expected.txt:
  • web-platform-tests/fetch/api/request/request-consume.html:
  • web-platform-tests/fetch/api/response/response-consume-expected.txt:
  • web-platform-tests/fetch/api/response/response-consume.html:

Source/WebCore:

Adding support for returning the same Blob that is stored in Body in case JS blob() is called.
Adding support for Blob creation when data is stored as text.
Updated JSDOMBinding and JSDOMPromise to return a JS ArrayBuffer for Vector<char> as well as Vector<unsigned char>.

Covered by added tests.

  • Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::arrayBuffer):
(WebCore::FetchBody::blob):
(WebCore::FetchBody::extractFromText):

  • Modules/fetch/FetchBody.h:
  • bindings/js/JSDOMBinding.h:

(WebCore::toJS):

  • bindings/js/JSDOMPromise.h:

(WebCore::DeferredWrapper::resolve): Deleted.

1:05 AM Changeset in webkit [197395] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.11.91

WebKitGTK+ 2.11.91

1:03 AM Changeset in webkit [197394] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.11.91 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit2:

  • gtk/NEWS: Add release notes for 2.11.91.
1:03 AM Changeset in webkit [197393] by Carlos Garcia Campos
  • 10 edits
    1 add in releases/WebKitGTK/webkit-2.12/Source

Revert "Merge r197226 - Remove the on demand executable allocator"

This reverts commit 3380464fbd83e408a06904221206c9bd1cafe2e6.

1:02 AM Changeset in webkit [197392] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Revert "Merge r197256 - CLoop build fix."

This reverts commit d6136b81fc3f561214c85ccf3e69a4109963bae9.

12:11 AM Changeset in webkit [197391] by sbarati@apple.com
  • 12 edits in trunk/Source/JavaScriptCore

PreventExtensions? should be a virtual method in the method table.
https://bugs.webkit.org/show_bug.cgi?id=154800

Reviewed by Yusuke Suzuki.

This patch makes us more consistent with how the ES6 specification models the
PreventExtensions? trap. Moving this method into ClassInfo::methodTable
is a prerequisite for implementing Proxy.PreventExtensions?.

  • runtime/ClassInfo.h:
  • runtime/JSCell.cpp:

(JSC::JSCell::getGenericPropertyNames):
(JSC::JSCell::preventExtensions):

  • runtime/JSCell.h:
  • runtime/JSModuleNamespaceObject.cpp:

(JSC::JSModuleNamespaceObject::JSModuleNamespaceObject):
(JSC::JSModuleNamespaceObject::finishCreation):
(JSC::JSModuleNamespaceObject::destroy):

  • runtime/JSModuleNamespaceObject.h:

(JSC::JSModuleNamespaceObject::create):
(JSC::JSModuleNamespaceObject::moduleRecord):

  • runtime/JSObject.cpp:

(JSC::JSObject::freeze):
(JSC::JSObject::preventExtensions):
(JSC::JSObject::reifyAllStaticProperties):

  • runtime/JSObject.h:

(JSC::JSObject::isSealed):
(JSC::JSObject::isFrozen):
(JSC::JSObject::isExtensible):

  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorSeal):
(JSC::objectConstructorFreeze):
(JSC::objectConstructorPreventExtensions):
(JSC::objectConstructorIsSealed):

  • runtime/ReflectObject.cpp:

(JSC::reflectObjectPreventExtensions):

  • runtime/Structure.cpp:

(JSC::Structure::Structure):
(JSC::Structure::preventExtensionsTransition):

  • runtime/Structure.h:

Feb 29, 2016:

11:39 PM Changeset in webkit [197390] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebKit2

ThreadedCompositor: clean up composition-specific resources before shutting down the thread
https://bugs.webkit.org/show_bug.cgi?id=154793

Reviewed by Carlos Garcia Campos.

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:

(WebKit::ThreadedCompositor::runCompositingThread): Before concluding the
compositing thread run, clean up all the resources that were allocated at
the start, and in the reverse order. Specifically, we now also deallocate
the CoordinatedGraphicsScene and the SimpleViewportController objects. This
way these are not deallocated on the main thread when the ThreadedCompositor
destructor would otherwise clean them up.

11:37 PM Changeset in webkit [197389] by Chris Dumez
  • 13 edits in trunk

Have parseHTMLInteger() / parseHTMLNonNegativeInteger() use WTF::Optional
https://bugs.webkit.org/show_bug.cgi?id=154845

Reviewed by Ryosuke Niwa.

Source/WebCore:

Have parseHTMLInteger() / parseHTMLNonNegativeInteger() use
WTF::Optional.

  • dom/Element.cpp:

(WebCore::Element::getIntegralAttribute):
(WebCore::Element::getUnsignedIntegralAttribute):
(WebCore::Element::setUnsignedIntegralAttribute): Deleted.

  • html/HTMLElement.cpp:

(WebCore::HTMLElement::parseBorderWidthAttribute):
(WebCore::HTMLElement::parseAttribute):

  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::parseMaxLengthAttribute):

  • html/HTMLInputElement.h:
  • html/HTMLOListElement.cpp:

(WebCore::HTMLOListElement::parseAttribute):

  • html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::maxLength):

  • html/ImageInputType.cpp:

(WebCore::ImageInputType::height):
(WebCore::ImageInputType::width):

  • html/parser/HTMLParserIdioms.cpp:

(WebCore::parseHTMLIntegerInternal):
(WebCore::parseHTMLInteger):
(WebCore::parseHTMLNonNegativeInteger):

  • html/parser/HTMLParserIdioms.h:

(WebCore::limitToOnlyHTMLNonNegativeNumbersGreaterThanZero):
(WebCore::limitToOnlyHTMLNonNegative):

  • svg/SVGElement.cpp:

(WebCore::SVGElement::parseAttribute):

Tools:

Update API tests accordingly.

  • TestWebKitAPI/Tests/WebCore/HTMLParserIdioms.cpp:

(TestWebKitAPI::testParseHTMLInteger):
(TestWebKitAPI::parseHTMLIntegerFails):
(TestWebKitAPI::testParseHTMLNonNegativeInteger):
(TestWebKitAPI::parseHTMLNonNegativeIntegerFails):
(TestWebKitAPI::TEST): Deleted.

11:36 PM Changeset in webkit [197388] by zandobersek@gmail.com
  • 3 edits in trunk/Source/WebKit2

ThreadSafeCoordinatedSurface: remove the unused private create() static method
https://bugs.webkit.org/show_bug.cgi?id=154792

Reviewed by Carlos Garcia Campos.

Remove the static ThreadSafeCoordinatedSurface::create() method that accepted
a std::unique_ptr<ImageBuffer> object as its third parameter. This was not used
anywhere.

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadSafeCoordinatedSurface.cpp:

(WebKit::ThreadSafeCoordinatedSurface::create): Deleted.

  • Shared/CoordinatedGraphics/threadedcompositor/ThreadSafeCoordinatedSurface.h:
11:32 PM Changeset in webkit [197387] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

TextureMapperGL: simplify TransformationMatrix copies in draw(), beginClip()
https://bugs.webkit.org/show_bug.cgi?id=154791

Reviewed by Carlos Garcia Campos.

In both functions, the passed-in model-view matrix is first copied, multiplied
against a rect-to-rect TransformationMatrix, and then assigned into a local
TransformationMatrix variable, which causes another copy due to the multiply()
function returning a reference to the modified object.

To avoid the last copy, first copy the model-view matrix into a local variable,
and multiply the rect-to-rect TransformationMatrix into the new object afterwards.

  • platform/graphics/texmap/TextureMapperGL.cpp:

(WebCore::TextureMapperGL::draw):
(WebCore::TextureMapperGL::beginClip):

11:31 PM Changeset in webkit [197386] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

ImageBufferCairo should support OpenGL ES 2 configurations
https://bugs.webkit.org/show_bug.cgi?id=154790

Reviewed by Carlos Garcia Campos.

When building with OpenGL ES 2 and with accelerated 2D canvas support,
the GLES2 header should be included instead of the OpenGLShims.h header.

The glTexParameterf() calls targeting GL_TEXTURE_WRAP_S and
GL_TEXTURE_WRAP_T parameters should use the GL_CLAMP_TO_EDGE value.
GL_CLAMP isn't available in OpenGL ES 2 and was dropped in OpenGL 3.

  • platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBufferData::createCairoGLSurface):

11:30 PM Changeset in webkit [197385] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

TextureMapperGL: beginPainting() should handle the PaintingMirrored value in PaintFlags
https://bugs.webkit.org/show_bug.cgi?id=154789

Reviewed by Carlos Garcia Campos.

  • platform/graphics/texmap/TextureMapperGL.cpp:

(WebCore::TextureMapperGL::beginPainting): The ClipStack should be reset with
a Y-axis mode that corresponds to the presence of the PaintingMirrored value in
the passed-in PaintFlags argument. If present, the default Y-axis mode should be
used, and the inverted Y-axis otherwise.

11:28 PM Changeset in webkit [197384] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebCore

CoordinatedGraphicsLayer should override the inherited TextureMapperPlatformLayer::Client methods
https://bugs.webkit.org/show_bug.cgi?id=154788

Reviewed by Carlos Garcia Campos.

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:

Add the override specifiers for the two methods that are inherited
from the TextureMapperPlatformLayer::Client interface.

7:48 PM Changeset in webkit [197383] by Yusuke Suzuki
  • 3 edits
    1 add in trunk/Source/JavaScriptCore

[JSC] Private symbols should not be trapped by proxy handler
https://bugs.webkit.org/show_bug.cgi?id=154817

Reviewed by Mark Lam.

Since the runtime has some assumptions on the properties associated with the private symbols, ES6 Proxy should not trap these property operations.
For example, in ArrayIteratorPrototype.js

var itemKind = this.@arrayIterationKind;
if (itemKind === @undefined)

throw new @TypeError("%ArrayIteratorPrototype%.next requires that |this| be an Array Iterator instance");

Here, we assume that only the array iterator has the @arrayIterationKind property that value is non-undefined.
But If we implement Proxy with the get handler, that returns a non-undefined value for every operations, we accidentally assumes that the given value is an array iterator.

To avoid these situation, we perform the default operations onto property operations with private symbols.

  • runtime/ProxyObject.cpp:

(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::performPut):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::deleteProperty):
(JSC::ProxyObject::deletePropertyByIndex):

  • tests/stress/proxy-basic.js:
  • tests/stress/proxy-with-private-symbols.js: Added.

(assert):
(let.handler.getOwnPropertyDescriptor):

7:42 PM Changeset in webkit [197382] by Simon Fraser
  • 25 edits in trunk

Remove the experimental feature of antialiased font dilation
https://bugs.webkit.org/show_bug.cgi?id=154843

Reviewed by Zalan Bujtas.
Source/WebCore:

Remove the "antialiased font dilation" code path, and related prefs.

  • page/Settings.cpp:

(WebCore::Settings::Settings): Deleted.
(WebCore::Settings::setAntialiasedFontDilationEnabled): Deleted.

  • page/Settings.h:

(WebCore::Settings::antialiasedFontDilationEnabled): Deleted.

  • platform/graphics/FontCascade.cpp:

(WebCore::FontCascade::setAntialiasedFontDilationEnabled): Deleted.
(WebCore::FontCascade::antialiasedFontDilationEnabled): Deleted.

  • platform/graphics/FontCascade.h:
  • platform/graphics/GraphicsContext.cpp:

(WebCore::GraphicsContextStateChange::changesFromState): Deleted.
(WebCore::GraphicsContextStateChange::accumulate): Deleted.
(WebCore::GraphicsContextStateChange::apply): Deleted.
(WebCore::GraphicsContextStateChange::dump): Deleted.
(WebCore::GraphicsContext::setAntialiasedFontDilationEnabled): Deleted.

  • platform/graphics/GraphicsContext.h:

(WebCore::GraphicsContextState::GraphicsContextState): Deleted.
(WebCore::GraphicsContext::antialiasedFontDilationEnabled): Deleted.

  • platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:

(PlatformCALayer::drawLayerContents): Deleted.

  • platform/graphics/cocoa/FontCascadeCocoa.mm:

(WebCore::dilationSizeForTextColor): Deleted.
(WebCore::FontCascade::drawGlyphs): Deleted.

  • platform/graphics/displaylists/DisplayList.cpp:

(WebCore::DisplayList::DisplayList::shouldDumpForFlags): Deleted.

Source/WebKit/mac:

Remove the "antialiased font dilation" code path, and related prefs.

  • WebView/WebPreferenceKeysPrivate.h:
  • WebView/WebPreferences.mm:

(+[WebPreferences initialize]): Deleted.
(-[WebPreferences setAntialiasedFontDilationEnabled:]): Deleted.
(-[WebPreferences antialiasedFontDilationEnabled]): Deleted.

  • WebView/WebPreferencesPrivate.h:
  • WebView/WebView.mm:

(-[WebView _preferencesChanged:]): Deleted.

Source/WebKit2:

Remove the "antialiased font dilation" code path, and related prefs.

  • Shared/WebPreferencesDefinitions.h:
  • UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetAntialiasedFontDilationEnabled):
(WKPreferencesGetAntialiasedFontDilationEnabled):

  • UIProcess/API/C/WKPreferencesRefPrivate.h:
  • UIProcess/API/Cocoa/WKPreferences.mm:

(-[WKPreferences _antialiasedFontDilationEnabled]): Deleted.
(-[WKPreferences _setAntialiasedFontDilationEnabled:]): Deleted.

  • UIProcess/API/Cocoa/WKPreferencesPrivate.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::updatePreferences): Deleted.

Tools:

Remove the "antialiased font dilation" code path, and related prefs.

  • DumpRenderTree/mac/DumpRenderTree.mm:

(resetWebPreferencesToConsistentValues): Deleted.

  • WebKitTestRunner/TestController.cpp:

(WTR::TestController::resetPreferencesToConsistentValues): Deleted.

7:18 PM Changeset in webkit [197381] by fpizlo@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

regress/script-tests/double-pollution-putbyoffset.js.ftl-eager timed out because of a lock ordering deadlock involving InferredType and CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=154841

Reviewed by Benjamin Poulain.

Here's the deadlock:

Main thread:

1) Change an InferredType. This acquires InferredType::m_lock.
2) Fire watchpoint set. This triggers CodeBlock invalidation, which acquires

CodeBlock::m_lock.

DFG thread:

1) Iterate over the information in a CodeBlock. This acquires CodeBlock::m_lock.
2) Ask an InferredType for its descriptor(). This acquires InferredType::m_lock.

I think that the DFG thread's ordering should be legal, because the best logic for lock
hierarchies is that locks that protect the largest set of stuff should be acquired first.

This means that the main thread shouldn't be holding the InferredType::m_lock when firing
watchpoint sets. That's what this patch ensures.

At the time of writing, this test was deadlocking for me on trunk 100% of the time. With
this change I cannot get it to deadlock.

  • runtime/InferredType.cpp:

(JSC::InferredType::willStoreValueSlow):
(JSC::InferredType::makeTopSlow):
(JSC::InferredType::set):
(JSC::InferredType::removeStructure):
(JSC::InferredType::InferredStructureWatchpoint::fireInternal):

  • runtime/InferredType.h:
6:30 PM Changeset in webkit [197380] by Yusuke Suzuki
  • 46 edits
    8 adds in trunk

[DFG][FTL][B3] Support floor and ceil
https://bugs.webkit.org/show_bug.cgi?id=154683

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements and fixes the following things.

  1. Implement Ceil and Floor in DFG, FTL and B3

x86 SSE 4.2 and ARM64 have round instructions that can directly perform Ceil or Floor.
This patch leverages this functionality. We introduce ArithFloor and ArithCeil.
During DFG phase, these nodes attempt to convert itself to Identity (in Fixup phase).
As the same to ArithRound, it tracks arith rounding mode.
And if these nodes are required to emit machine codes, we emit rounding machine code
if it is supported in the current machine. For example, in x86, we emit round.

This Floor functionality is nice for @toInteger in builtin.
That is used for Array.prototype.{forEach, map, every, some, reduce...}
And according to the benchmark results, Kraken audio-oscillator is slightly improved
due to its frequent Math.round and Math.floor calls.

  1. Implement Floor in B3 and Air

As the same to Ceil in B3, we add a new B3 IR and Air opcode, Floor.
This Floor is leveraged to implement ArithFloor in DFG.

  1. Fix ArithRound operation

Currently, we used cvtsd2si (in x86) to convert double value to int32.
And we also used this to implement Math.round, like, cvtsd2si(value + 0.5).
However, this implementation is not correct. Because cvtsd2si is not floor operation.
It is trucate operation. This is OK for positive numbers. But NG for negative numbers.
For example, the current implementation accidentally rounds -0.6 to -0.0. This should be -1.0.
Using Ceil and Floor instructions, we implement correct ArithRound.

  • assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::supportsFloatingPointRounding):
(JSC::MacroAssemblerARM::ceilDouble):
(JSC::MacroAssemblerARM::floorDouble):
(JSC::MacroAssemblerARM::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::supportsFloatingPointRounding):
(JSC::MacroAssemblerARM64::floorFloat):
(JSC::MacroAssemblerARM64::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::supportsFloatingPointRounding):
(JSC::MacroAssemblerARMv7::ceilDouble):
(JSC::MacroAssemblerARMv7::floorDouble):
(JSC::MacroAssemblerARMv7::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::ceilDouble):
(JSC::MacroAssemblerMIPS::floorDouble):
(JSC::MacroAssemblerMIPS::supportsFloatingPointRounding):
(JSC::MacroAssemblerMIPS::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::supportsFloatingPointRounding):
(JSC::MacroAssemblerSH4::ceilDouble):
(JSC::MacroAssemblerSH4::floorDouble):
(JSC::MacroAssemblerSH4::supportsFloatingPointCeil): Deleted.

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::floorDouble):
(JSC::MacroAssemblerX86Common::floorFloat):
(JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
(JSC::MacroAssemblerX86Common::supportsFloatingPointCeil): Deleted.

  • b3/B3ConstDoubleValue.cpp:

(JSC::B3::ConstDoubleValue::floorConstant):

  • b3/B3ConstDoubleValue.h:
  • b3/B3ConstFloatValue.cpp:

(JSC::B3::ConstFloatValue::floorConstant):

  • b3/B3ConstFloatValue.h:
  • b3/B3LowerMacrosAfterOptimizations.cpp:
  • b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::lower):

  • b3/B3Opcode.cpp:

(WTF::printInternal):

  • b3/B3Opcode.h:
  • b3/B3ReduceDoubleToFloat.cpp:
  • b3/B3ReduceStrength.cpp:
  • b3/B3Validate.cpp:
  • b3/B3Value.cpp:

(JSC::B3::Value::floorConstant):
(JSC::B3::Value::isRounded):
(JSC::B3::Value::effects):
(JSC::B3::Value::key):
(JSC::B3::Value::typeFor):

  • b3/B3Value.h:
  • b3/air/AirFixPartialRegisterStalls.cpp:
  • b3/air/AirOpcode.opcodes:
  • b3/testb3.cpp:

(JSC::B3::testFloorCeilArg):
(JSC::B3::testFloorArg):
(JSC::B3::testFloorImm):
(JSC::B3::testFloorMem):
(JSC::B3::testFloorFloorArg):
(JSC::B3::testCeilFloorArg):
(JSC::B3::testFloorIToD64):
(JSC::B3::testFloorIToD32):
(JSC::B3::testFloorArgWithUselessDoubleConversion):
(JSC::B3::testFloorArgWithEffectfulDoubleConversion):
(JSC::B3::run):

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGArithMode.cpp:

(WTF::printInternal):

  • dfg/DFGArithMode.h:
  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):

  • dfg/DFGGraph.h:

(JSC::DFG::Graph::roundShouldSpeculateInt32):

  • dfg/DFGNode.h:

(JSC::DFG::Node::arithNodeFlags):
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::hasArithRoundingMode):

  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithRounding):
(JSC::DFG::SpeculativeJIT::compileArithRound): Deleted.

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileArithRound):
(JSC::FTL::DFG::LowerDFGToB3::compileArithFloor):
(JSC::FTL::DFG::LowerDFGToB3::compileArithCeil):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::doubleFloor):

  • jit/ThunkGenerators.cpp:

(JSC::ceilThunkGenerator):

  • tests/stress/math-ceil-arith-rounding-mode.js: Added.

(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):

  • tests/stress/math-ceil-basics.js: Added.

(mathCeilOnIntegers):
(mathCeilOnDoubles):
(mathCeilOnBooleans):
(uselessMathCeil):
(mathCeilWithOverflow):
(mathCeilConsumedAsDouble):
(mathCeilDoesNotCareAboutMinusZero):
(mathCeilNoArguments):
(mathCeilTooManyArguments):
(testMathCeilOnConstants):
(mathCeilStructTransition):
(Math.ceil):

  • tests/stress/math-floor-arith-rounding-mode.js: Added.

(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):

  • tests/stress/math-floor-basics.js: Added.

(mathFloorOnIntegers):
(mathFloorOnDoubles):
(mathFloorOnBooleans):
(uselessMathFloor):
(mathFloorWithOverflow):
(mathFloorConsumedAsDouble):
(mathFloorDoesNotCareAboutMinusZero):
(mathFloorNoArguments):
(mathFloorTooManyArguments):
(testMathFloorOnConstants):
(mathFloorStructTransition):
(Math.floor):

  • tests/stress/math-round-should-not-use-truncate.js: Added.

(mathRoundDoesNotCareAboutMinusZero):

  • tests/stress/math-rounding-infinity.js: Added.

(shouldBe):
(testRound):
(testFloor):
(testCeil):

  • tests/stress/math-rounding-nan.js: Added.

(shouldBe):
(testRound):
(testFloor):
(testCeil):

  • tests/stress/math-rounding-negative-zero.js: Added.

(shouldBe):
(testRound):
(testFloor):
(testCeil):
(testRoundNonNegativeZero):
(testRoundNonNegativeZero2):

Websites/webkit.org:

  • docs/b3/intermediate-representation.html:
6:07 PM Changeset in webkit [197379] by commit-queue@webkit.org
  • 29 edits in trunk/Source/JavaScriptCore

Add new MethodTable method to get an estimated size for a cell
https://bugs.webkit.org/show_bug.cgi?id=154838

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-29
Reviewed by Filip Pizlo.

The new class method estimatedSize(JSCell*) estimates the size for a single cell.
As the name implies, this is meant to be an approximation. It is more important
that big objects report a large size, then to get perfect size information for
all objects in the heap.

Base implementation (JSCell):

  • returns the MarkedBlock bucket size for this cell.
  • This gets us the object size include inline storage. Basically a better sizeof.

Subclasses with "Extra Memory Cost":

  • Any class that reports extra memory (reportExtraMemoryVisited) should include that in the estimated size.
  • E.g. CodeBlock, JSGenericTypedArrayView, WeakMapData, etc.

Subclasses with "Copied Space" storage:

  • Any class with data in copied space (copyBackingStore) should include that in the estimated size.
  • E.g. JSObject, JSGenericTypedArrayView, JSMap, JSSet, DirectArguments, etc.

Add reportExtraMemoryVisited for UnlinkedCodeBlock's compressed unlinked
instructions because this can be larger than 1kb, which is significant.

This has one special case for RegExp generated bytecode / JIT code, which
does not currently fall into the extra memory cost or copied space storage.
In practice I haven't seen this grow to a significant cost.

  • runtime/ClassInfo.h:

Add the new estimatedSize method to the table.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::visitChildren):
(JSC::UnlinkedCodeBlock::estimatedSize):
(JSC::UnlinkedCodeBlock::setInstructions):

  • bytecode/UnlinkedCodeBlock.h:

Report an extra memory cost for unlinked code blocks like
we do for linked code blocks.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::estimatedSize):

  • bytecode/CodeBlock.h:
  • bytecode/UnlinkedInstructionStream.cpp:

(JSC::UnlinkedInstructionStream::sizeInBytes):

  • bytecode/UnlinkedInstructionStream.h:
  • runtime/DirectArguments.cpp:

(JSC::DirectArguments::estimatedSize):

  • runtime/DirectArguments.h:
  • runtime/JSCell.cpp:

(JSC::JSCell::estimatedSizeInBytes):
(JSC::JSCell::estimatedSize):

  • runtime/JSCell.h:
  • runtime/JSGenericTypedArrayView.h:
  • runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::estimatedSize):

  • runtime/JSMap.cpp:

(JSC::JSMap::estimatedSize):

  • runtime/JSMap.h:
  • runtime/JSObject.cpp:

(JSC::JSObject::visitButterfly):

  • runtime/JSObject.h:
  • runtime/JSSet.cpp:

(JSC::JSSet::estimatedSize):

  • runtime/JSSet.h:
  • runtime/JSString.cpp:

(JSC::JSString::estimatedSize):

  • runtime/JSString.h:
  • runtime/MapData.h:

(JSC::MapDataImpl::capacityInBytes):

  • runtime/WeakMapData.cpp:

(JSC::WeakMapData::estimatedSize):
(JSC::WeakMapData::visitChildren):

  • runtime/WeakMapData.h:

Implement estimated size following the pattern of reporting
extra visited size, or copy space memory.

  • runtime/RegExp.cpp:

(JSC::RegExp::estimatedSize):

  • runtime/RegExp.h:
  • yarr/YarrInterpreter.h:

(JSC::Yarr::ByteDisjunction::estimatedSizeInBytes):
(JSC::Yarr::BytecodePattern::estimatedSizeInBytes):

  • yarr/YarrJIT.h:

(JSC::Yarr::YarrCodeBlock::size):
Include generated bytecode / JITCode to a RegExp's size.

5:36 PM Changeset in webkit [197378] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

Marking webgl/1.0.2/conformance/extensions/get-extension.html as flaky on mac, removing wk1 specific flakiness expectation.
https://bugs.webkit.org/show_bug.cgi?id=152506

Unreviewed test gardening.

  • platform/mac-wk1/TestExpectations:
  • platform/mac/TestExpectations:
5:16 PM Changeset in webkit [197377] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Marking storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange.html as flaky on mac
https://bugs.webkit.org/show_bug.cgi?id=154748

Unreviewed test gardening.

  • platform/mac/TestExpectations:
4:54 PM Changeset in webkit [197376] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Re-enable passing fast/multicol/newmulticol tests on ios-simulator

Unreviewed test gardening.

  • platform/ios-simulator-wk2/TestExpectations:
4:44 PM Changeset in webkit [197375] by jer.noble@apple.com
  • 7 edits
    9 adds in trunk/Source/WebCore

Refactor CoreVideo API access into their own classes so code can be re-used.
https://bugs.webkit.org/show_bug.cgi?id=154544

Reviewed by Eric Carlson.

In order for common CoreVideo code paths to be re-used in other classes, pull those paths
out of MediaPlayerPrivateAVFoundationObjC and into re-usable clasess.

  • WebCore.xcodeproj/project.pbxproj:
  • platform/cf/CoreMediaSoftLink.cpp:
  • platform/cf/CoreMediaSoftLink.h:
  • platform/cocoa/CoreVideoSoftLink.cpp: Added.
  • platform/cocoa/CoreVideoSoftLink.h: Added.
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
  • platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::createPixelBuffer):
(WebCore::MediaPlayerPrivateAVFoundationObjC::updateLastImage):
(WebCore::MediaPlayerPrivateAVFoundationObjC::copyVideoTextureToPlatformTexture):
(WebCore::CVPixelBufferGetBytePointerCallback): Deleted.
(WebCore::CVPixelBufferReleaseBytePointerCallback): Deleted.
(WebCore::CVPixelBufferReleaseInfoCallback): Deleted.
(WebCore::createImageFromPixelBuffer): Deleted.
(WebCore::enumToStringMap): Deleted.

  • platform/graphics/cv/PixelBufferConformerCV.cpp: Added.

(WebCore::PixelBufferConformerCV::PixelBufferConformerCV):
(WebCore::CVPixelBufferGetBytePointerCallback):
(WebCore::CVPixelBufferReleaseBytePointerCallback):
(WebCore::CVPixelBufferReleaseInfoCallback):
(WebCore::PixelBufferConformerCV::createImageFromPixelBuffer):

  • platform/graphics/cv/PixelBufferConformerCV.h: Added.
  • platform/graphics/cv/TextureCacheCV.h: Added.

(WebCore::TextureCacheCV::context):

  • platform/graphics/cv/TextureCacheCV.mm: Added.

(WebCore::TextureCacheCV::create):
(WebCore::TextureCacheCV::TextureCacheCV):
(WebCore::TextureCacheCV::textureFromImage):

  • platform/graphics/cv/VideoTextureCopierCV.cpp: Added.

(WebCore::VideoTextureCopierCV::VideoTextureCopierCV):
(WebCore::VideoTextureCopierCV::~VideoTextureCopierCV):
(WebCore::enumToStringMap):
(WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture):

  • platform/graphics/cv/VideoTextureCopierCV.h: Added.

(WebCore::VideoTextureCopierCV::context):

  • platform/mediastream/mac/AVVideoCaptureSource.mm: Move SOFT_LINK declarations into CoreVideoSoftLink.h/cpp.
4:39 PM Changeset in webkit [197374] by fpizlo@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

SpeculatedType should be easier to edit
https://bugs.webkit.org/show_bug.cgi?id=154840

Reviewed by Mark Lam.

We used to specify the bitmasks in SpeculatedType.h using hex codes. This used to work
great because we didn't have so many masks and you could use the mask to visually see
which ones overlapped. It also made it easy to visualize subset relationships.

But now we have a lot of masks with a lot of confusing overlaps, and it's no longer
possible to just see their relationship by looking at hex codes. Worse, the use of hex
codes makes it super annoying to move the bits around. For example, right now we have two
bits free, but if we wanted to reclaim them by editing the old hex masks, it would be a
nightmare.

So this patch replaces the hex masks with shift expressions (1u << 15 for example) and it
makes any derived masks (i.e. masks that are the bit-or of other masks) be expressed using
an or expression (SpecFoo | SpecBar | SpecBaz for example).

This makes it easier to see the relationships and it makes it easier to take bits for new
types.

  • bytecode/SpeculatedType.h:
4:08 PM Changeset in webkit [197373] by beidson@apple.com
  • 4 edits in trunk/Tools

Fix timing flakiness in test I added in http://trac.webkit.org/changeset/197372

Unreviewed.

  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-1.html:
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-2.html:
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm:

(TEST): Sometimes a third message from the first html file was leaking through. The message is expected

so we should always wait for it and make sure we got it.

3:13 PM Changeset in webkit [197372] by beidson@apple.com
  • 9 edits
    3 adds in trunk

Modern IDB: WebKit 2 IPC layer easily confused about multiple web processes being connected.
https://bugs.webkit.org/show_bug.cgi?id=154837

Reviewed by Alex Christensen.

Source/WebKit2:

The crux of the bug is that WebProcesses cannot assign themselves server-unique identifiers...
The server must do that for them.

A once-per-session-per-WebProcess sync message and a few updates to connection management fix this.

  • DatabaseProcess/DatabaseToWebProcessConnection.cpp:

(WebKit::DatabaseToWebProcessConnection::didReceiveSyncMessage):
(WebKit::generateConnectionToServerIdentifier):
(WebKit::DatabaseToWebProcessConnection::establishIDBConnectionToServer):

  • DatabaseProcess/DatabaseToWebProcessConnection.h:
  • DatabaseProcess/DatabaseToWebProcessConnection.messages.in:
  • WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

(WebKit::WebIDBConnectionToServer::WebIDBConnectionToServer):
(WebKit::generateConnectionToServerIdentifier): Deleted.

  • WebProcess/Databases/WebToDatabaseProcessConnection.cpp:

(WebKit::WebToDatabaseProcessConnection::didReceiveMessage):
(WebKit::WebToDatabaseProcessConnection::idbConnectionToServerForSession):

  • WebProcess/Databases/WebToDatabaseProcessConnection.h:

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-1.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-2.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm: Added.
3:06 PM Changeset in webkit [197371] by commit-queue@webkit.org
  • 8 edits in trunk/Source/WebInspectorUI

Web Inspector: Add direct number inputs to Bezier editor
https://bugs.webkit.org/show_bug.cgi?id=154809
<rdar://problem/24881465>

Patch by Devin Rousso <Devin Rousso> on 2016-02-29
Reviewed by Timothy Hatcher.

  • UserInterface/Base/Main.js:

(WebInspector._updateWindowKeydownListener):
Now only adds the shared event listener when the first keydown listener
is added via WebInspector.addWindowKeydownListener

  • UserInterface/Controllers/CodeMirrorBezierEditingController.js:

(WebInspector.CodeMirrorBezierEditingController.prototype.popoverDidDismiss):

  • UserInterface/Controllers/CodeMirrorEditingController.js:

(WebInspector.CodeMirrorEditingController.prototype.popoverDidDismiss):
(WebInspector.CodeMirrorEditingController.prototype.didDismissPopover):
Added function that is called when the popover is dismissed so that
removing event listeners is possible.

  • UserInterface/Views/BezierEditor.css:

(.bezier-editor):
(.bezier-editor > .number-input-container):
(.bezier-editor > .number-input-container > input):

  • UserInterface/Views/BezierEditor.js:

(WebInspector.BezierEditor.createControl):
(WebInspector.BezierEditor.createBezierInput):
(WebInspector.BezierEditor):
Added usage of Element.prototype.createChild for ease of readability.
Also added input elements for manually changing the values of each bezier
point's x and y values.

(WebInspector.BezierEditor.prototype.set bezier):
(WebInspector.BezierEditor.prototype.removeListeners):
(WebInspector.BezierEditor.prototype._handleMousedown):
(WebInspector.BezierEditor.prototype._updateBezier):
(WebInspector.BezierEditor.prototype._updateBezierPreview):
(WebInspector.BezierEditor.prototype._triggerPreviewAnimation):
(WebInspector.BezierEditor.prototype._handleNumberInputInput):
(WebInspector.BezierEditor.prototype._handleNumberInputKeydown):
(WebInspector.BezierEditor.prototype._changeBezierForInput):
Refactored code to make it more reusable, as well as adding event listeners
to the newly created inputs, including value chaning from the arrow keys.

  • UserInterface/Views/CSSStyleDeclarationTextEditor.js:

(WebInspector.CSSStyleDeclarationTextEditor.prototype.didDismissPopover): Deleted.
Removed unused code.

  • UserInterface/Views/InlineSwatch.js:

(WebInspector.InlineSwatch):
(WebInspector.InlineSwatch.prototype.didDismissPopover):
Removes any global event listeners added by the current editor if able.

(WebInspector.InlineSwatch.prototype._swatchElementClicked):
Now saves the current editor object as a member variable.

2:45 PM Changeset in webkit [197370] by keith_miller@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

OverridesHasInstance constant folding is wrong
https://bugs.webkit.org/show_bug.cgi?id=154833

Reviewed by Filip Pizlo.

The current implementation of OverridesHasInstance constant folding
is incorrect. Since it relies on OSR exit information it has been
moved to the StrengthReductionPhase. Normally, such an optimazation would be
put in FixupPhase, however, there are a number of cases where we don't
determine an edge of OverridesHasInstance is a constant until after fixup.
Performing the optimization during StrengthReductionPhase means we can defer
our decision until later.

In the future we should consider creating a version of this optimization
that does not depend on OSR exit information and move the optimization back
to ConstantFoldingPhase.

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.

  • dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

2:41 PM Changeset in webkit [197369] by Ryan Haddad
  • 1 edit
    1 delete in trunk/LayoutTests

Removing unnecessary ios-simulator-wk2 expectation file.

Unreviewed test gardening.

  • platform/ios-simulator-wk2/imported/w3c/web-platform-tests/html/semantics/forms/the-input-element/type-change-state-expected.txt: Removed.
2:37 PM Changeset in webkit [197368] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/reflection-forms.html after r197355

Unreviewed test gardening.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt:
2:37 PM Changeset in webkit [197367] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Rebaseline imported/w3c/web-platform-tests/html/dom/reflection-embedded.html for ios-simulator after r197237

Unreviewed test gardening.

  • platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-embedded-expected.txt:
2:33 PM Changeset in webkit [197366] by fpizlo@apple.com
  • 5 edits
    6 adds in trunk

B3 should have global store elimination
https://bugs.webkit.org/show_bug.cgi?id=154658

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Implements fairly comprehensive global store elimination:

1) If you store the result of a load with no interference in between, remove the store.

2) If you store the same thing you stored previously, remove the store.

3) If you store something that you either loaded previously or stored previously along

arbitrarily many paths, remove the store.

4) If you store to something that is stored to again in the future with no interference in

between, remove the store.

Rule (4) is super relevant to FTL since the DFG does not eliminate redundant PutStructures.
A constructor that produces a large object will have many redundant stores to the same base
pointer, offset, and heap range, with no code to observe that heap raneg in between.

This doesn't have a decisive effect on major benchmarks, but it's an enormous win for
microbenchmarks:

  • 30% faster to construct an object with many fields.
  • 5x faster to do many stores to a global variable.

The compile time cost should be very small. Although the optimization is global, it aborts as
soon as it sees anything that would confound store elimination. For rules (1)-(3), we
piggy-back the existing load elimination, which gives up on interfering stores. For rule (4),
we search forward through the current block and then globally a block at a time (skipping
block contents thanks to summary data), which could be expensive. But rule (4) aborts as soon
as it sees a read, write, or end block (Return or Oops). Any Check will claim to read TOP. Any
Patchpoint that results from an InvalidationPoint will claim to read TOP, as will any
Patchpoints for ICs. Those are usually sprinkled all over the program.

In other words, this optimization rarely kicks in. When it does kick in, it makes programs run
faster. When it doesn't kick in, it's usually O(1) because there are reasons for aborting all
over a "normal" program so the search will halt almost immediately. This of course raises the
question: how much more in compile time do we pay when the optimization does kick in? The
optimization kicks in the most for the microbenchmarks I wrote for this patch. Amazingly, the
effect of the optimization a wash for compile time: whatever cost we pay doing the O(n2)
searches is balanced by the massive reduction in work in the backend. On one of the two
microbenchmarks, overall compile time actually shrank with this optimization even though CSE
itself cost more. That's not too surprising - the backend costs much more per instruction, so
things that remove instructions before we get to the backend tend to be a good idea.

We could consider adding a more aggressive version of this in the future, which could sink
stores into checks. That could be crazy fun: https://bugs.webkit.org/show_bug.cgi?id=152162#c3

But mainly, I'm adding this optimization because it was super fun to implement during the
WebAssembly CG summit.

  • b3/B3EliminateCommonSubexpressions.cpp:
  • b3/B3MemoryValue.h:
  • b3/B3SuccessorCollection.h:

(JSC::B3::SuccessorCollection::begin):
(JSC::B3::SuccessorCollection::end):
(JSC::B3::SuccessorCollection::const_iterator::const_iterator):
(JSC::B3::SuccessorCollection::const_iterator::operator*):
(JSC::B3::SuccessorCollection::const_iterator::operator++):
(JSC::B3::SuccessorCollection::const_iterator::operator==):
(JSC::B3::SuccessorCollection::const_iterator::operator!=):

LayoutTests:

These two benchmarks both speed up significantly with this change.

  • js/regress/build-large-object-expected.txt: Added.
  • js/regress/build-large-object.html: Added.
  • js/regress/many-repeat-stores-expected.txt: Added.
  • js/regress/many-repeat-stores.html: Added.
  • js/regress/script-tests/build-large-object.js: Added.
  • js/regress/script-tests/many-repeat-stores.js: Added.
2:14 PM Changeset in webkit [197365] by fpizlo@apple.com
  • 9 edits
    1 add in trunk/Source/JavaScriptCore

Make it cheap to #include "JITOperations.h"
https://bugs.webkit.org/show_bug.cgi?id=154836

Reviewed by Mark Lam.

Prior to this change, this header included the whole world even though it did't have any
definitions. This patch turns almost all of the includes into forward declarations. Right
now this header is very cheap to include.

  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGSpeculativeJIT.h:
  • jit/JITOperations.cpp:
  • jit/JITOperations.h:
  • jit/Repatch.h:
  • runtime/CommonSlowPaths.h:

(JSC::encodeResult): Deleted.
(JSC::decodeResult): Deleted.

  • runtime/SlowPathReturnType.h: Added.

(JSC::encodeResult):
(JSC::decodeResult):

1:32 PM Changeset in webkit [197364] by Chris Dumez
  • 3 edits in trunk/Source/WebCore

Use WTF::Optional for HTMLOListElement::m_start
https://bugs.webkit.org/show_bug.cgi?id=154824

Reviewed by Andreas Kling.

Use WTF::Optional for HTMLOListElement::m_start.

  • html/HTMLOListElement.cpp:

(WebCore::HTMLOListElement::parseAttribute):

  • html/HTMLOListElement.h:
1:14 PM Changeset in webkit [197363] by jdiggs@igalia.com
  • 2 edits
    1 add in trunk/Tools

[GTK][jhbuild] GLib build fails with GCC 6.0
https://bugs.webkit.org/show_bug.cgi?id=154825

Use the upstream work-around. https://bugzilla.gnome.org/show_bug.cgi?id=761550

Reviewed by Csaba Osztrogonác.

  • gtk/jhbuild.modules: Apply upstream path.
  • gtk/patches/gdate-suppress-string-format-literal-warning.patch: Added.
12:46 PM Changeset in webkit [197362] by achristensen@apple.com
  • 5 edits in trunk/Source/WebKit2

Don't call NetworkProcess::singleton from WebProcess when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154829

Reviewed by Anders Carlsson.

We were calling NetworkProcess::singleton when making the default session in the
WebProcess, which caused bad things to happen. We also were never clearing the
credentials in the WebProcess between tests because it used to always call
NetworkProcess::singleton, which caused flaky tests.

This fixes repeatable crashes in http/tests/media/media-document-referer.html and
http/tests/media/media-document.html when using NetworkSession.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::NetworkProcess):
(WebKit::NetworkProcess::~NetworkProcess):

  • NetworkProcess/NetworkSession.h:
  • NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::configurationForType):
(WebKit::globalCustomProtocolManager):
(WebKit::NetworkSession::setCustomProtocolManager):
(WebKit::NetworkSession::defaultSession):

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::clearCachedCredentials):

11:35 AM Changeset in webkit [197361] by fpizlo@apple.com
  • 2 edits in trunk/Tools

We've been running Octane/regexp all wrong in run-jsc-benchmarks
https://bugs.webkit.org/show_bug.cgi?id=154827

Reviewed by Andreas Kling.

Octane v.2 and JetStream v.1.1 run this benchmark with warmup. This script was running
it without warmup. This patches fixes this by making this script run it with warmup.

This fix shows that my last patch, which added FTL support for regexp, was actually a 3%
speed-up on Octane/regexp, not a slow-down as the ChangeLog claimed.

It discovered this bug because for each Octane test that I want to debug, I usually make
a standalone .js file that contains the whole test along with a miniharness - usually
a plain loop - that runs it almost like it would for real but with whatever hacks I'm
using for debugging. When I wrote such a thing for regexp, I used a ~20 iteration warmup
to match the one second of warmup that this benchmark gets in Octane. To my surprise,
this quite faithful regexp runner did not see the regression that run-jsc-benchmarks
saw. That's when I found out that run-jsc-benchmarks was running it wrong.

The reason for the no-warmup slow-down is that the FTL is actually fairly expensive to
run on some of these very large functions in the regexp benchmark. I don't think we can
do anything about that, and I'd argue that the speed-up we see after the compilation is
done suggests that it was worth it.

  • Scripts/run-jsc-benchmarks:
11:32 AM WebKitIDL edited by Chris Dumez
(diff)
11:31 AM WebKitIDL edited by Chris Dumez
[TreatNullAs=EmptyString] (diff)
10:55 AM Changeset in webkit [197360] by barraclough@apple.com
  • 16 edits in trunk

RefCounter<T>::Event -> RefCounterEvent
https://bugs.webkit.org/show_bug.cgi?id=154767

Reviewed by Darin Adler.

RefCounter<T>::Event is kinda verbose to use, and there is no need for this
to be specific to a particular typeof RefCounter. Move the enum class up to
the top level & rename to RefCounterEvent.

Source/WebCore:

  • page/PageThrottler.cpp:

(WebCore::PageThrottler::PageThrottler):
(WebCore::m_audiblePluginHysteresis):
(WebCore::m_mediaActivityCounter):
(WebCore::m_pageLoadActivityCounter):

  • platform/VNodeTracker.cpp:

(WebCore::VNodeTracker::singleton):
(WebCore::VNodeTracker::VNodeTracker):
(WebCore::m_lastWarningTime):

Source/WebKit2:

Also remove UserObservablePageToken - this is vestigial & not really offering
anything over just using UserObservablePageCounter::Token directly.

  • UIProcess/Plugins/PluginProcessManager.cpp:

(WebKit::PluginProcessManager::PluginProcessManager):

  • UIProcess/Plugins/PluginProcessManager.h:
  • UIProcess/Plugins/mac/PluginProcessManagerMac.mm:

(WebKit::PluginProcessManager::updateProcessSuppressionDisabled):

  • UIProcess/ProcessThrottler.cpp:

(WebKit::ProcessThrottler::ProcessThrottler):
(WebKit::m_backgroundCounter):
(WebKit::m_suspendMessageCount):

  • UIProcess/ProcessThrottler.h:
  • UIProcess/WebPageProxy.h:
  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::WebProcessPool):
(WebKit::m_processSuppressionDisabledForPageCounter):
(WebKit::m_hiddenPageThrottlingAutoIncreasesCounter):

  • UIProcess/WebProcessPool.h:

Source/WTF:

  • wtf/RefCounter.h:

(WTF::RefCounter<T>::Count::ref):
(WTF::RefCounter<T>::Count::deref):

Tools:

  • TestWebKitAPI/Tests/WTF/RefCounter.cpp:

(TestWebKitAPI::TEST):

10:51 AM Changeset in webkit [197359] by youenn.fablet@crf.canon.fr
  • 3 edits in trunk/LayoutTests

streams/pipe-to.html flaky on mac-wk1 debug
https://bugs.webkit.org/show_bug.cgi?id=154687

Reviewed by Darin Adler.

  • TestExpectations: Marking streams/pipe-to.html as slow.
  • streams/pipe-to.html: Increasing the timeout value.
10:33 AM Changeset in webkit [197358] by Csaba Osztrogonác
  • 5 edits
    1 delete in trunk/Tools

Remove more LLVM related cruft
https://bugs.webkit.org/show_bug.cgi?id=154821

Reviewed by Darin Adler.

  • Scripts/build-jsc:
  • Scripts/build-webkit:
  • Scripts/copy-webkitlibraries-to-product-directory:
  • Scripts/export-llvm-build: Removed.
  • Scripts/run-jsc-stress-tests:
10:05 AM Changeset in webkit [197357] by fpizlo@apple.com
  • 8 edits
    2 adds in trunk/Source/JavaScriptCore

FTL should be able to run everything in Octane/regexp
https://bugs.webkit.org/show_bug.cgi?id=154266

Reviewed by Saam Barati.

Adds FTL support for NewRegexp, RegExpTest, and RegExpExec. I couldn't figure out how to
make the RegExpExec peephole optimization work in FTL. This optimizations shouldn't be a
DFG backend optimization anyway - if we need this optimization then it should be a
strength reduction rule over IR. That way, it can be shared by all backends.

I measured whether removing that optimization had any effect on performance separately
from measuring the performance of this patch. Removing that optimization did not change
our score on any benchmarks.

This patch does have an overall negative effect on the Octane/regexp score. This is
presumably because tiering up to the FTL has no value to the code in the regexp test. Or
maybe it's something else. No matter - the overall effect on the Octane score is not
statistically significant and we don't want this kind of coverage blocked by the fact
that adding coverage hurts a benchmark.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGNode.h:

(JSC::DFG::Node::setIndexingType):
(JSC::DFG::Node::hasRegexpIndex):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNotifyWrite):
(JSC::DFG::SpeculativeJIT::compileIsObjectOrNull):
(JSC::DFG::SpeculativeJIT::compileRegExpExec): Deleted.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):

  • tests/stress/ftl-regexp-exec.js: Added.
  • tests/stress/ftl-regexp-test.js: Added.
9:54 AM Changeset in webkit [197356] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Unreviewed. Fix the build with GTK+ < 3.19.

  • platform/gtk/ScrollbarThemeGtk3.cpp:

(WebCore::ScrollbarThemeGtk::paintScrollbarBackground):
(WebCore::ScrollbarThemeGtk::paintThumb):
(WebCore::ScrollbarThemeGtk::paintButton):

9:36 AM Changeset in webkit [197355] by Chris Dumez
  • 4 edits in trunk

Use HTML parsing rules for textarea.maxLength
https://bugs.webkit.org/show_bug.cgi?id=154805

Reviewed by Andreas Kling.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/reflection-forms-expected.txt:

Source/WebCore:

Use HTML parsing rules for textarea.maxLength:

No new tests, already covered by existing test.

  • html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::maxLength):

9:32 AM Changeset in webkit [197354] by Chris Dumez
  • 6 edits in trunk

Align td.rowSpan / td.colSpan with the specification
https://bugs.webkit.org/show_bug.cgi?id=154803

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/reflection-tabular-expected.txt:

Source/WebCore:

Align td.rowSpan / td.colSpan with the specification:

In particular, the following changes were made:

No new tests, already covered by existing test.

  • html/HTMLTableCellElement.cpp:

(WebCore::HTMLTableCellElement::colSpan):
(WebCore::HTMLTableCellElement::rowSpan):
(WebCore::HTMLTableCellElement::rowSpanForBindings):
(WebCore::HTMLTableCellElement::setColSpan):
(WebCore::HTMLTableCellElement::setRowSpanForBindings):
(WebCore::HTMLTableCellElement::axis): Deleted.
(WebCore::HTMLTableCellElement::headers): Deleted.

  • html/HTMLTableCellElement.h:
  • html/HTMLTableCellElement.idl:
9:28 AM Changeset in webkit [197353] by Chris Dumez
  • 39 edits in trunk/Source/WebCore

[Web IDL] Add support for [TreatNullAs=EmptyString] and use it
https://bugs.webkit.org/show_bug.cgi?id=154654

Reviewed by Darin Adler.

Add support for [TreatNullAs=EmptyString] standard Web IDL extended
attribute:

This replaces the WebKit-specific [TreatNullAs=NullString] IDL
extended attribute. Instead of passing a null String() to the
implementation, emptyString() is passed.

This patch does not cause any web-exposed behavior change. For
case where switching from NullString to EmptyString would change
the behavior (or require changes to the implementation), the old
IDL attribute was kept. However, it was renamed to
[TreatNullAs=LegacyNullString] to discourage its use in new code.
Eventually, this legacy IDL attribute should go away entirely.

[TreatNullAs=EmptyString] should only be used when it is present
in the corresponding specification. Note that there are a lot of
places where we use [TreatNullAs=EmptyString] in our IDL where it
does not match the specification. I have added FIXME comments for
those so we can clean them up later.

No new tests, no web-exposed behavior change.

  • Modules/mediastream/RTCPeerConnection.idl:

No behavior change because this is not implemented.

  • bindings/js/JSDOMBinding.cpp:

(WebCore::valueToStringTreatingNullAsEmptyString):

  • bindings/js/JSDOMBinding.h:

Add new function to convert a JSValue into a String while treating
null as the empty string.

  • bindings/scripts/CodeGeneratorJS.pm:

(JSValueToNative):

  • bindings/scripts/IDLAttributes.txt:
  • Add support for [TreatNullAs=EmptyString].
  • Rename NullString to LegacyNullString to discourage its use.
  • bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
  • bindings/scripts/test/GObject/WebKitDOMTestObj.h:
  • bindings/scripts/test/JS/JSTestObj.cpp:
  • bindings/scripts/test/ObjC/DOMTestObj.h:
  • bindings/scripts/test/ObjC/DOMTestObj.mm:
  • bindings/scripts/test/TestObj.idl:

Add bindings tests coverage for [TreatNullAs=EmptyString].

  • css/CSSStyleDeclaration.idl:
  • dom/CharacterData.idl:
  • dom/DOMImplementation.idl:
  • dom/Document.idl:
  • dom/Element.idl:
  • dom/ShadowRoot.idl:
  • html/HTMLOutputElement.idl:
  • html/HTMLScriptElement.idl:
  • html/URLUtils.idl:
  • svg/SVGAngle.idl:
  • svg/SVGLength.idl:

Use [TreatNullAs=EmptyString] instead of [TreatNullAs=NullString].
There is not behavior change because the implementation does
not distinguish the null string from the empty string.

  • html/HTMLBaseElement.idl:
  • html/HTMLButtonElement.idl:
  • html/HTMLFormElement.idl:
  • html/HTMLMediaElement.idl:
  • html/HTMLSelectElement.idl:
  • svg/SVGElement.idl:
  • svg/SVGScriptElement.idl:

Rename [TreatNullAs=NullString] to [TreatNullAs=LegacyNullString],
no behavior change.

  • html/HTMLDocument.idl:
  • dir and *Color: Rename [TreatNullAs=NullString] to [TreatNullAs=LegacyNullString].
  • designMode: Drop [TreatNullAs=NullString] as per the specification:
  • html/HTMLElement.idl:
  • Use [TreatNullAs=EmptyString] instead of [TreatNullAs=NullString] for innerText / outerText. Does not change behavior because the implementation does not distinguishes.
  • Drop [TreatNullAs=NullString] from contentEditable to match the spec:
  • html/HTMLFrameElement.idl:

Drop [TreatNullAs=NullString] from location attribute. This does not
change behavior because the attribute is using a custom setter.

  • html/HTMLInputElement.idl:
  • formEnctype / formMethod / autocapitalize: Rename [TreatNullAs=NullString] to [TreatNullAs=LegacyNullString].
  • value: Rename [TreatNullAs=NullString] to Rename [TreatNullAs=EmptyString], which does not change behavior because the implementation does not distinguish. Also drop the extended attribute for non-JS bindings as it has no impact.
  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::setMediaGroup):
Drop redundant group.isNull() check as group.isEmpty() already checks for null.

  • html/HTMLScriptElement.cpp:

(WebCore::HTMLScriptElement::setText):
Drop useless .impl() call as we have a String and the method requires a String
as input.

  • html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::setValueCommon):
Use emptyString() instead of "" as it is slightly more efficient.

  • html/HTMLTextAreaElement.idl:
  • value: Use [TreatNullAs=EmptyString] instead of [TreatNullAs=NullString]. No behavior change because the implementation does not distinguish.
  • autocapitalize: Rename [TreatNullAs=NullString] to [TreatNullAs=LegacyNullString].
7:03 AM Changeset in webkit [197352] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit2

Fixed compilation with !ENABLE(DATABASE_PROCESS).
https://bugs.webkit.org/show_bug.cgi?id=154813

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-29
Reviewed by Michael Catanzaro.

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::terminateDatabaseProcess): Added missing #if
guard.

7:01 AM Changeset in webkit [197351] by commit-queue@webkit.org
  • 4 edits in trunk

[GTK] Touch slider test fails due to assertion in webkitWebViewBaseTouchEvent()
https://bugs.webkit.org/show_bug.cgi?id=153829

Patch by Adrien Plazas <aplazas@igalia.com> on 2016-02-29
Reviewed by Carlos Garcia Campos.

Source/WebKit2:

Once a touch event sequence is identified as a gesture, remove it
from the list of handled touch events.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseTouchEvent):

LayoutTests:

  • platform/gtk/TestExpectations:

Remove now passing tests from the expected failures.

6:59 AM Changeset in webkit [197350] by commit-queue@webkit.org
  • 2 edits in trunk

[cmake] Allow using FindGLIB in case glib is optional dependency.
https://bugs.webkit.org/show_bug.cgi?id=154796

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-29
Reviewed by Michael Catanzaro.

FindGLIB caused internal CMake error in case glibconfig.h is not
found.

  • Source/cmake/FindGLIB.cmake:
5:32 AM Changeset in webkit [197349] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Revert "Merge r197303 - Shrink UnlinkedCodeBlock a bit."

This reverts commit 200002afed4ac67e3cff10bfa9d7e32d879c9a1f.

5:32 AM Changeset in webkit [197348] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Revert "Merge r197305 - REGRESSION(r197303): 4 jsc tests failing on bots."

This reverts commit 497aed24c9437e5d994322493011412097672fab.

5:01 AM Changeset in webkit [197347] by youenn.fablet@crf.canon.fr
  • 6 edits in trunk/Source/WebCore

Refactor FetchBody constructors
https://bugs.webkit.org/show_bug.cgi?id=154721

Reviewed by Sam Weinig and Darin Adler.

Covered by existing tests.

  • Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::extract): Renamed from "fromJSValue"
(WebCore::FetchBody::extractFromBody): Renamed from "fromRequestBody" and making use of move constructor.

  • Modules/fetch/FetchBody.h:

(WebCore::FetchBody::FetchBody): Making default constructor public and removing empty static method.

  • Modules/fetch/FetchRequest.cpp:

(WebCore::buildBody):

  • Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::error):
(WebCore::FetchResponse::redirect):
(WebCore::FetchResponse::initializeWith):

  • Modules/fetch/FetchResponse.h:

(WebCore::FetchResponse::create):

3:47 AM Changeset in webkit [197346] by Csaba Osztrogonác
  • 2 edits in trunk/Source/WebKit2

[Mac][cmake] Unreviewed buildfix after r197177. Just for fun.

  • PlatformMac.cmake:
3:45 AM Changeset in webkit [197345] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197305 - REGRESSION(r197303): 4 jsc tests failing on bots.

Unreviewed follow-up fix.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): This function
can still get called with !m_rareData, in case the type profiler is active but this
particular code block doesn't have type profiler data. Handle it gracefully.

3:45 AM Changeset in webkit [197344] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197303 - Shrink UnlinkedCodeBlock a bit.
<https://webkit.org/b/154797>

Reviewed by Anders Carlsson.

Move profiler-related members of UnlinkedCodeBlock into its RareData
structure, saving 40 bytes, and then reorder the other members of
UnlinkedCodeBlock to save another 24 bytes, netting a nice total 64.

The VM member was removed entirely since UnlinkedCodeBlock is a cell
and can retrieve its VM through MarkedBlock header lookup.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::vm):
(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset):
(JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo):
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::addRegExp):
(JSC::UnlinkedCodeBlock::addConstant):
(JSC::UnlinkedCodeBlock::addFunctionDecl):
(JSC::UnlinkedCodeBlock::addFunctionExpr):
(JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
(JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
(JSC::UnlinkedCodeBlock::vm): Deleted.

3:31 AM Changeset in webkit [197343] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.12

Merge r197300 - Variables can resolve to the wrong value when elements differ in nothing but inherited variable value
https://bugs.webkit.org/show_bug.cgi?id=154785

Reviewed by Antti Koivisto.

Source/WebCore:

Test: fast/css/variables/avoid-matched-property-cache.html

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::MatchResult::addMatchedProperties):
Disable the matched property cache when a value is variable-dependent, because
they can resolve to inherited values, and the matched property cache could
end up copying the wrong value from another similarly-styled element.

LayoutTests:

  • fast/css/variables/avoid-matched-property-cache-expected.html: Added.
  • fast/css/variables/avoid-matched-property-cache.html: Added.

Add a test. The non-standard element is necessary because the resolved property
cache is already disabled when using the "simple" default style sheet, and
it seems better to use a totally non-standard element than one that might
end up in the "simple" default style sheet in the future and would silently
invalidate the test.

3:30 AM Changeset in webkit [197342] by Carlos Garcia Campos
  • 10 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197299 - FTL should lower its abstract heaps to B3 heap ranges
https://bugs.webkit.org/show_bug.cgi?id=154782

Reviewed by Saam Barati.

The FTL can describe the abstract heaps (points-to sets) that a memory operation will
affect. The abstract heaps are arranged as a hierarchy. We used to transform this into
TBAA hierarchies in LLVM, but we never got around to wiring this up to B3's equivalent
notion - the HeapRange. That's what this patch fixes.

B3 has a minimalistic alias analysis. It represents abstract heaps using unsigned 32-bit
integers. There are 1<<32 abstract heaps. The B3 client can describe what an operation
affects by specifying a heap range: a begin...end pair that says that the operation
affects all abstract heaps H such that begin <= H < end.

This peculiar scheme was a deliberate attempt to distill what the abstract heap
hierarchy is all about. We can assign begin...end numbers to abstract heaps so that:

  • A heap's end is greater than its begin.
  • A heap's begin is greater than or equal to its parent's begin.
  • A heap's end is less than or equal to its parent's end.

This is easy to do using a recursive traversal of the abstract heap hierarchy. I almost
went for the iterative traversal, which is a splendid algorithm, but it's totally
unnecessary here since we tightly control the height of the heap hierarchy.

Because abstract heaps are produced on-the-fly by FTL lowering, due to the fact that we
generate new ones for field names and constant indices we encounter, we can't actually
decorate the B3 instructions we create in lowering until all lowering is done. Adding a
new abstract heap to the hierarchy after ranges were already computed would require
updating the ranges of any heaps "to the right" of that heap in the hierarchy. This
patch solves that problem by recording the associations between abstract heaps and their
intended roles in the generated IR, and then decorating all of the relevant B3 values
after we compute the ranges of the hierarchy after lowering.

This is perf-neutral. I was hoping for a small speed-up, but I could not detect a
speed-up on any benchmark. That's not too surprising. We already have very precise CSE
in the DFG, so there aren't many opportunities left for the B3 CSE and it may have
already been getting the big ones even without alias analysis.

Even without a speed-up, this patch is valuable because it makes it easier to implement
other optimizations, like store elimination.

  • b3/B3HeapRange.h:

(JSC::B3::HeapRange::HeapRange):

  • ftl/FTLAbstractHeap.cpp:

(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::changeParent):
(JSC::FTL::AbstractHeap::compute):
(JSC::FTL::AbstractHeap::shallowDump):
(JSC::FTL::AbstractHeap::dump):
(JSC::FTL::AbstractHeap::deepDump):
(JSC::FTL::AbstractHeap::badRangeError):
(JSC::FTL::IndexedAbstractHeap::IndexedAbstractHeap):
(JSC::FTL::IndexedAbstractHeap::baseIndex):
(JSC::FTL::IndexedAbstractHeap::atSlow):
(JSC::FTL::IndexedAbstractHeap::initialize):
(JSC::FTL::AbstractHeap::decorateInstruction): Deleted.
(JSC::FTL::AbstractField::dump): Deleted.

  • ftl/FTLAbstractHeap.h:

(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::isInitialized):
(JSC::FTL::AbstractHeap::initialize):
(JSC::FTL::AbstractHeap::parent):
(JSC::FTL::AbstractHeap::heapName):
(JSC::FTL::AbstractHeap::range):
(JSC::FTL::AbstractHeap::offset):
(JSC::FTL::IndexedAbstractHeap::atAnyIndex):
(JSC::FTL::IndexedAbstractHeap::at):
(JSC::FTL::IndexedAbstractHeap::operator[]):
(JSC::FTL::IndexedAbstractHeap::returnInitialized):
(JSC::FTL::IndexedAbstractHeap::WithoutZeroOrOneHashTraits::constructDeletedValue):
(JSC::FTL::IndexedAbstractHeap::WithoutZeroOrOneHashTraits::isDeletedValue):
(JSC::FTL::AbstractHeap::changeParent): Deleted.
(JSC::FTL::AbstractField::AbstractField): Deleted.
(JSC::FTL::AbstractField::initialize): Deleted.
(JSC::FTL::AbstractField::offset): Deleted.

  • ftl/FTLAbstractHeapRepository.cpp:

(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::~AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::decorateMemory):
(JSC::FTL::AbstractHeapRepository::decorateCCallRead):
(JSC::FTL::AbstractHeapRepository::decorateCCallWrite):
(JSC::FTL::AbstractHeapRepository::decoratePatchpointRead):
(JSC::FTL::AbstractHeapRepository::decoratePatchpointWrite):
(JSC::FTL::AbstractHeapRepository::computeRangesAndDecorateInstructions):

  • ftl/FTLAbstractHeapRepository.h:

(JSC::FTL::AbstractHeapRepository::forArrayType):
(JSC::FTL::AbstractHeapRepository::HeapForValue::HeapForValue):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::lower):

  • ftl/FTLOutput.cpp:

(JSC::FTL::Output::load):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::load16SignExt32):
(JSC::FTL::Output::load16ZeroExt32):
(JSC::FTL::Output::store):
(JSC::FTL::Output::store32As8):
(JSC::FTL::Output::store32As16):
(JSC::FTL::Output::baseIndex):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::address):
(JSC::FTL::Output::absolute):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::load16SignExt32):
(JSC::FTL::Output::load16ZeroExt32):
(JSC::FTL::Output::load32):
(JSC::FTL::Output::load64):
(JSC::FTL::Output::loadPtr):
(JSC::FTL::Output::loadDouble):
(JSC::FTL::Output::store32):
(JSC::FTL::Output::store64):
(JSC::FTL::Output::storePtr):
(JSC::FTL::Output::storeDouble):
(JSC::FTL::Output::ascribeRange):
(JSC::FTL::Output::nonNegative32):
(JSC::FTL::Output::load32NonNegative):
(JSC::FTL::Output::equal):
(JSC::FTL::Output::notEqual):

  • ftl/FTLTypedPointer.h:

(JSC::FTL::TypedPointer::operator!):
(JSC::FTL::TypedPointer::heap):
(JSC::FTL::TypedPointer::value):

3:21 AM Changeset in webkit [197341] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197298 - SVGToOTFFontConversion.cpp does not compile with libstdc++ 4.8
https://bugs.webkit.org/show_bug.cgi?id=154794

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-28
Reviewed by Michael Catanzaro.

No new tests needed.

  • svg/SVGToOTFFontConversion.cpp:

(WebCore::SVGToOTFFontConverter::appendLigatureSubtable): Added const
qualifiers.

3:20 AM Changeset in webkit [197340] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r197265 - Web Inspector: DataGrid's resizers aren't horizontally centered
https://bugs.webkit.org/show_bug.cgi?id=154787
<rdar://problem/24876901>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/DataGrid.css:

(.data-grid .resizer):
Use CSS transforms as margin-left doesn't support sub-pixel values.

3:19 AM Changeset in webkit [197339] by Carlos Garcia Campos
  • 10 edits in releases/WebKitGTK/webkit-2.12

Merge r197263 - Prevent cross-origin access to Location.assign() / Location.reload()
https://bugs.webkit.org/show_bug.cgi?id=154779

Reviewed by Darin Adler.

Source/WebCore:

Prevent cross-origin access to Location.assign() / Location.reload()
to match the latest specification:

Firefox and Chrome already prevent this but WebKit allowed it.

No new tests, already covered by existing tests.

  • bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::getOwnPropertySlotDelegate):
(WebCore::JSLocation::putDelegate): Deleted.

LayoutTests:

Update existing layout tests now that we prevent cross-origin access to
Location.assign() / Location.reload().

  • http/tests/security/cross-frame-access-getOwnPropertyDescriptor-expected.txt:
  • http/tests/security/cross-frame-access-getOwnPropertyDescriptor.html:
  • http/tests/security/cross-frame-access-location-get-expected.txt:
  • http/tests/security/cross-frame-access-location-get-override-expected.txt:
  • http/tests/security/cross-frame-access-location-get-override.html:
  • http/tests/security/cross-frame-access-location-get.html:
  • http/tests/security/xss-DENIED-defineProperty-expected.txt:
3:17 AM Changeset in webkit [197338] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197256 - CLoop build fix.

3:16 AM Changeset in webkit [197337] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r197245 - Web Inspector: Increase clickable area of the console prompt
https://bugs.webkit.org/show_bug.cgi?id=154719
<rdar://problem/24854538>

Reviewed by Timothy Hatcher.

Clicking on the area around CodeMirror element now moves
focus to the console prompt.

  • UserInterface/Views/QuickConsole.js:

(WebInspector.QuickConsole.prototype._handleMouseDown):
Only capture mousedown events on .quick-console.
Don't capture clicks on CodeMirror.

  • UserInterface/Views/QuickConsole.css:

(.quick-console > .console-prompt):
(.quick-console > .console-prompt > .CodeMirror):
Make sure .console-prompt is never an event.target for _handleMouseDown.

3:16 AM Changeset in webkit [197336] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r197244 - Network cache: old pages returned by disk cache on history navigation after session is restored
https://bugs.webkit.org/show_bug.cgi?id=153230

Reviewed by Chris Dumez.

Source/WebCore:

Add a flag to HistoryItem to mark them as restored from session
and use it from the FrameLoader to not change the policy request
when navigating to a history item that was restored from session,
except for iOS port.

  • history/HistoryItem.h:

(WebCore::HistoryItem::setWasRestoredFromSession):
(WebCore::HistoryItem::wasRestoredFromSession):

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadDifferentDocumentItem):

Source/WebKit2:

Since r181734, the network cache never revalidates resources for
history navigation. This is good for the memory cache, but in the
case of disk cache, we might end up with outdated pages when
restoring the session. When restoring the session happens because
of an API request (we also restore the session when recovering
from a web process crash), we should revalidate back forward list
requests in the disk cache if needed. This will only happen the
first time they are loaded after a session restore. After a web process
crash, resources will be used uncondionally from the disk cache.

  • WebProcess/WebPage/WebBackForwardListProxy.cpp:

(WebKit::WebBackForwardListProxy::addItemFromUIProcess): Use Ref&&
instead of PassRefPtr.

  • WebProcess/WebPage/WebBackForwardListProxy.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WePage::WebPage): Call restoreSessionInternal passing
No as restoredByAPIRequest parameter.
(WebKit::WebPage::restoreSessionInternal): Set restoredFromSession
flag to the created HistoryItem if the item was restored from
session by an API request.
(WebKit::WebPage::restoreSession): Call restoreSessionInternal
passing Yes as restoredByAPIRequest parameter.

  • WebProcess/WebPage/WebPage.h:
3:14 AM Changeset in webkit [197335] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r197242 - REGRESSION (r196741): Web Inspector: Bottom section of Layers sidebar is 1px shorter than the console prompt
https://bugs.webkit.org/show_bug.cgi?id=154773
<rdar://problem/24873345>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/LayerTreeDetailsSidebarPanel.css:

(.sidebar > .panel.details.layer-tree > .content):
(.panel.details.layer-tree .bottom-bar):

3:13 AM Changeset in webkit [197334] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197236 - [GTK] Fix order of parameters in gtkdoc for webkit_web_view_get_snapshot

Unreviewed.

  • UIProcess/API/gtk/WebKitWebView.cpp:
3:12 AM Changeset in webkit [197333] by Carlos Garcia Campos
  • 10 edits
    1 delete in releases/WebKitGTK/webkit-2.12/Source

Merge r197226 - Remove the on demand executable allocator
https://bugs.webkit.org/show_bug.cgi?id=154749

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Remove all the DemandExecutable code and executable allocator ifdefs.

(JSC::DemandExecutableAllocator::DemandExecutableAllocator): Deleted.
(JSC::DemandExecutableAllocator::~DemandExecutableAllocator): Deleted.
(JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators): Deleted.
(JSC::DemandExecutableAllocator::bytesCommittedByAllocactors): Deleted.
(JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators): Deleted.
(JSC::DemandExecutableAllocator::allocateNewSpace): Deleted.
(JSC::DemandExecutableAllocator::notifyNeedPage): Deleted.
(JSC::DemandExecutableAllocator::notifyPageIsFree): Deleted.
(JSC::DemandExecutableAllocator::allocators): Deleted.
(JSC::DemandExecutableAllocator::allocatorsMutex): Deleted.
(JSC::ExecutableAllocator::initializeAllocator): Deleted.
(JSC::ExecutableAllocator::ExecutableAllocator): Deleted.
(JSC::ExecutableAllocator::~ExecutableAllocator): Deleted.
(JSC::ExecutableAllocator::isValid): Deleted.
(JSC::ExecutableAllocator::underMemoryPressure): Deleted.
(JSC::ExecutableAllocator::memoryPressureMultiplier): Deleted.
(JSC::ExecutableAllocator::allocate): Deleted.
(JSC::ExecutableAllocator::committedByteCount): Deleted.
(JSC::ExecutableAllocator::dumpProfile): Deleted.
(JSC::ExecutableAllocator::getLock): Deleted.
(JSC::ExecutableAllocator::isValidExecutableMemory): Deleted.
(JSC::ExecutableAllocator::reprotectRegion): Deleted.

  • jit/ExecutableAllocator.h:
  • jit/ExecutableAllocatorFixedVMPool.cpp:
  • jit/JITStubRoutine.h:

(JSC::JITStubRoutine::canPerformRangeFilter): Deleted.
(JSC::JITStubRoutine::filteringStartAddress): Deleted.
(JSC::JITStubRoutine::filteringExtentSize): Deleted.

Source/WTF:

Remove the DeamndExecutableAllocator compile flags.

  • wtf/Platform.h:
2:40 AM Changeset in webkit [197332] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197210 - Reduce direct callers of Structure::findStructuresAndMapForMaterialization
https://bugs.webkit.org/show_bug.cgi?id=154751

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-26
Reviewed by Mark Lam.

  • runtime/Structure.cpp:

(JSC::Structure::toStructureShape):
This property name iteration is identical to Structure::forEachPropertyConcurrently.
Share the code and reduce callers to the subtle findStructuresAndMapForMaterialization.

2:33 AM Changeset in webkit [197331] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197196 - Folding of OverridesHasInstance DFG nodes shoud happen in constant folding not fixup
https://bugs.webkit.org/show_bug.cgi?id=154743

Reviewed by Mark Lam.

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

2:26 AM Changeset in webkit [197330] by Carlos Garcia Campos
  • 4 edits
    1 add
    6 deletes in releases/WebKitGTK/webkit-2.12

Merge r197194 - <g> wrapping <symbol> causes display of hidden <symbol>
https://bugs.webkit.org/show_bug.cgi?id=154576

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-02-26
Reviewed by Darin Adler.
Source/WebCore:

The SVGSymbolElement is allowed in the shadow tree of an SVGUseElement
only if it subtree root element. Any descendant SVGSymbolElement should
be removed from the subtree because it is a hidden container. If the cloned
subtree includes an SVGUseElement which references an SVGSymbolElement,
the same rule will be applied to the descendant SVGUseElement. The goal
is to remove all the descendant SVGSymbolElements from the cloned target
because these SVGSymbolElements will be expanded to SVGSVGElements and
hence become visible.

  • svg/SVGUseElement.cpp:

(WebCore::disassociateAndRemoveClones): A helper function which removes
cloned SVGElements and their subtrees from their parents and disassociate
them from their originals.

(WebCore::removeDisallowedElementsFromSubtree): Use disassociateAndRemoveClones().

(WebCore::removeSymbolElementsFromSubtree): Removes all the descendant
SVGSymbolElements from the cloned subtree. It does not remove the root
element itself if it is an SVGSymbolElement because this one will be
expanded to an SVGSVGElement which is exactly what we need.

(WebCore::SVGUseElement::cloneTarget): Call removeSymbolElementsFromSubtree()
to remove the descendant SVGSymbolElements from the cloned subtree before
appending it to the container shadow root.

LayoutTests:

Ensure the <symbol> element is not displayed when it's wrapped in a <g>
element and this <g> element is referenced by a <use> element.

  • platform/gtk/svg/custom/use-on-g-containing-symbol-expected.png: Removed.
  • platform/gtk/svg/custom/use-on-g-containing-symbol-expected.txt: Removed.
  • platform/ios-simulator/svg/custom/use-on-g-containing-symbol-expected.txt: Removed.
  • platform/mac/svg/custom/use-on-g-containing-symbol-expected.png: Removed.
  • platform/mac/svg/custom/use-on-g-containing-symbol-expected.txt: Removed.
  • platform/win/svg/custom/use-on-g-containing-symbol-expected.txt: Removed.
  • svg/custom/use-on-g-containing-symbol-expected.svg: Added.
  • svg/custom/use-on-g-containing-symbol.svg:

The original test was wrong. It had the following definition:

"<g id='symbol'><symbol>...</symbol></g>"

And it was expecting to have the symbol drawn if the <g> element was
referenced like that

"<use xlink:href='#symbol'/>"

FireFox does not render anything for this <use> element which is correct.
With this patch, this test failed so it had to be modified to test the right
behavior. Also it is now converted to a ref test.

2:23 AM Changeset in webkit [197329] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197186 - [JSC] Add32(Imm, Tmp, Tmp) does not ZDef the destination if Imm is zero
https://bugs.webkit.org/show_bug.cgi?id=154704

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-26
Reviewed by Geoffrey Garen.

If the Imm is zero, we should still zero the top bits
to match the definition in AirOpcodes.

  • assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::add32):

  • b3/testb3.cpp:
2:08 AM Changeset in webkit [197328] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197180 - Cache::traverse should pass the record info to its traversal handler
https://bugs.webkit.org/show_bug.cgi?id=154695

Reviewed by Antti Koivisto.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::fetchDiskCacheEntries):
(WebKit::clearDiskCacheEntries):

  • NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::traverse):

  • NetworkProcess/cache/NetworkCache.h:
2:06 AM Changeset in webkit [197327] by commit-queue@webkit.org
  • 2 edits in trunk

Unreviewed, rolling out r197297.
https://bugs.webkit.org/show_bug.cgi?id=154810

This change broke build of GTK from scratch (Requested by
annulen on #webkit).

Reverted changeset:

"[cmake] Allow using FindGLIB in case glib is optional
dependency."
https://bugs.webkit.org/show_bug.cgi?id=154796
http://trac.webkit.org/changeset/197297

2:03 AM Changeset in webkit [197326] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebInspectorUI

Merge r197169 - Web Inspector: Option-clicking on the a CSS property sometimes doesn't work
https://bugs.webkit.org/show_bug.cgi?id=154384
<rdar://problem/24714755>

Patch by Devin Rousso <Devin Rousso> on 2016-02-26
Reviewed by Timothy Hatcher.

It seems as though there were race conditions between CodeMirror's event
and the native mousemove such that if CodeMirror fired second, the current
candidate was cleared, and would not reset itself until the cursor was
moved, at which point the same issue could happen. To fix this, the current
candidate is no longer cleared by CodeMirror's event and is instead only
modified by the native mouse-events.

  • UserInterface/Controllers/CodeMirrorTokenTrackingController.js:

(WebInspector.CodeMirrorTokenTrackingController.prototype._hidePopover):

2:02 AM Changeset in webkit [197325] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197164 - [DFG] Drop unnecessary proved type branch in ToPrimitive
https://bugs.webkit.org/show_bug.cgi?id=154716

Reviewed by Geoffrey Garen.

This branching based on the proved types is unnecessary because this is already handled in constant folding phase.
In fact, the DFGSpeculativeJIT64.cpp case is already removed in r164243.
This patch removes the remaining JIT32_64 case.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

2:02 AM Changeset in webkit [197324] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197159 - [JSC] Be aggressive with OSR Entry to FTL if the DFG function was only used for OSR Entry itself
https://bugs.webkit.org/show_bug.cgi?id=154575

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-25
Reviewed by Filip Pizlo.

I noticed that imaging-gaussian-blur spends most of its
samples in DFG code despite executing most of the loop
iterations in FTL.

On this particular test, the main function is only entered
once and have a very heavy loop there. What happens is DFG
starts by compiling the full function in FTL. That takes about
8 to 10 milliseconds during which the DFG code makes very little
progress. The calls to triggerOSREntryNow() try to OSR Enter
for a while then finally start compiling something. By the time
the function is ready, we have wasted a lot of time in DFG code.

What this patch does is set a flag when a DFG function is entered.
If we try to triggerOSREntryNow() and the flag was never set,
we start compiling both the full function and the one for OSR Entry.

  • dfg/DFGJITCode.h:
  • dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compileEntryExecutionFlag):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):

  • dfg/DFGJITCompiler.h:
  • dfg/DFGOperations.cpp:
  • dfg/DFGPlan.cpp:

(JSC::DFG::Plan::Plan): Deleted.

  • dfg/DFGPlan.h:
  • dfg/DFGTierUpCheckInjectionPhase.cpp:

(JSC::DFG::TierUpCheckInjectionPhase::run):

1:53 AM Changeset in webkit [197323] by Carlos Garcia Campos
  • 2 edits
    1 add in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197155 - [JSC] Temporal Dead Zone checks on "this" are eliminated when doing OSR Entry to FTL
https://bugs.webkit.org/show_bug.cgi?id=154664

Reviewed by Saam Barati.

When doing OSR Enter into a constructor, we lose the information
that this may have been set to empty by a previously executed block.

All the code just assumed the type for a FlushedJS value and thus
not an empty value. It was then okay to eliminate the TDZ checks.

In this patch, the values on root entry now assume they may be empty.
As a result, the SetArgument() for "this" has "empty" as possible
type and the TDZ checks are no longer eliminated.

  • dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::initialize):

[JSC] Add the test for r197155
https://bugs.webkit.org/show_bug.cgi?id=154715

Reviewed by Mark Lam.

Silly me. I forgot the test in the latest patch update.

  • tests/stress/class-syntax-tdz-osr-entry-in-loop.js: Added.
1:45 AM Changeset in webkit [197322] by Carlos Garcia Campos
  • 14 edits
    34 deletes in releases/WebKitGTK/webkit-2.12

Merge r197142 - CSP: Remove SecurityPolicy script interface
https://bugs.webkit.org/show_bug.cgi?id=154694
<rdar://problem/24846482>

Reviewed by Andy Estes.

Source/WebCore:

Remove the Content Security Policy script interface, SecurityPolicy. This interface was only
enabled when building with ENABLE(CSP_NEXT) (disabled by default).

For completeness, the SecurityPolicy interface was removed from the Content Security Policy 1.1 spec.
in <https://github.com/w3c/webappsec/commit/18882953ce2d8afca25f685557fef0e0471b2c9a> (12/26/2013).

  • CMakeLists.txt: Remove files to DOMSecurityPolicy.{cpp, idl}.
  • DerivedSources.cpp: Remove file JSDOMSecurityPolicy.cpp.
  • DerivedSources.make: Remove file DOMSecurityPolicy.idl.
  • PlatformGTK.cmake: Ditto.
  • PlatformMac.cmake: Ditto.
  • WebCore.xcodeproj/project.pbxproj: Remove files DOMSecurityPolicy files.
  • bindings/scripts/CodeGeneratorGObject.pm: Remove reference to DOMSecurityPolicy.
  • dom/Document.cpp:

(WebCore::Document::securityPolicy): Deleted.

  • dom/Document.h:
  • dom/Document.idl: Remove attribute securityPolicy.
  • page/DOMSecurityPolicy.cpp: Removed.
  • page/DOMSecurityPolicy.h: Removed.
  • page/DOMSecurityPolicy.idl: Removed.

LayoutTests:

Remove SecurityPolicy tests and update platform-specific expected results as needed.

  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowconnectionto.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-alloweval.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowfontfrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowformaction.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowframefrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowimagefrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinescript.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowinlinestyle.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowmediafrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowobjectfrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowplugintype.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowscriptfrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-allowstylefrom.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-isactive.html: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi-expected.txt: Removed.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicy-reporturi.html: Removed.
  • http/tests/security/contentSecurityPolicy/resources/securitypolicy-tests-base.js: Removed.
  • platform/gtk/js/dom/global-constructors-attributes-expected.txt: Update expected result as needed.
  • platform/win/js/dom/global-constructors-attributes-expected.txt: Ditto.
1:27 AM Changeset in webkit [197321] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197141 - Don't clear the weak JSString cache on memory pressure.
<https://webkit.org/b/154693>

Reviewed by Antti Koivisto.

This was stupid. The cache is a WeakGCMap, so all the JSStrings pointed to are
still alive anyway. This way we keep the ability to deduplicate common strings.

  • platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::releaseNoncriticalMemory): Deleted.

1:25 AM Changeset in webkit [197320] by Carlos Garcia Campos
  • 4 edits
    1 delete in releases/WebKitGTK/webkit-2.12/LayoutTests

Merge r197138 - Unreviewed test gardening.

Fix a test flake where order doesn't matter.

  • platform/wk2/storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange-expected.txt: Removed.
  • storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange-expected.txt:
  • storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange-private-expected.txt:
  • storage/indexeddb/resources/deletedatabase-delayed-by-open-and-versionchange.js:

(prepareDatabase.request.onblocked):
(onOpenSuccess):

1:25 AM Changeset in webkit [197319] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197134 - [JSC] Remove a useless "Move" in the lowering of Select
https://bugs.webkit.org/show_bug.cgi?id=154670

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-02-25
Reviewed by Geoffrey Garen.

I left the Move instruction when creating the aliasing form
of Select.

On ARM64, that meant a useless move for any case that can't
be coalesced.

On x86, that meant an extra constraint on child2, making it
stupidly hard to alias child1.

  • b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::createSelect): Deleted.

1:15 AM Changeset in webkit [197318] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197125 - REGRESSION (r196268): Many assertion failures and crashes on SVG path animation tests when JS garbage collection happens quickly
https://bugs.webkit.org/show_bug.cgi?id=154331

Reviewed by Darin Adler.

This is not an actual regression. The bug did exist before r196268 but
the whole document was leaking once an SVGAnimatedProperty was created
so there was no way to produce this bug. After fixing the leak, one crash
and one assert got uncovered. Both of them happen because of the fact:
"if an SVGAnimatedProperty is not referenced it will be deleted."

  • svg/SVGPathElement.cpp:

(WebCore::SVGPathElement::lookupOrCreateDWrapper):
The code in this function was assuming that the wrapper will be created
only once which happens when SVGAnimatedProperty::lookupOrCreateWrapper()
is called. Before making this single call, lookupOrCreateDWrapper() was
building an initial SVGPathSegList from byte stream. But now
SVGAnimatedProperty::lookupWrapper() can return false even after creating
the SVGAnimatedProperty because it was deleted later. Calling
buildSVGPathSegListFromByteStream() more than once was causing
SVGAnimatedListPropertyTearOff::animationStarted() to fire the assertion
ASSERT(m_values.size() == m_wrappers.size()) because the path segments were
appended twice to m_values which is in fact SVGPathElement::m_pathSegList.value.
The fix is to build the initial SVGPathSegList only once which should happen
when m_pathSegList.value.isEmpty().

(WebCore::SVGPathElement::animatedPropertyWillBeDeleted):

  • svg/SVGPathElement.h:
  • svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:

(WebCore::SVGAnimatedPathSegListPropertyTearOff::~SVGAnimatedPathSegListPropertyTearOff):
SVGPathElement is assuming the following equivalence relation:
m_pathSegList.shouldSynchronize ~ SVGAnimatedProperty_is_created_and_not_null.
SVGPathElement::animatedPathSegList() and animatedNormalizedPathSegList()
set m_pathSegList.shouldSynchronize to true when SVGAnimatedProperty is
created but nothing sets m_pathSegList.shouldSynchronize back to false.
This was not a problem when the SVGAnimatedProperty was leaking but after
ensuring it is deleted when it is not referenced this equivalence relation
becomes untrue sometimes. This caused SVGPathElement::svgAttributeChanged()
to crash when we check m_pathSegList.shouldSynchronize and if it is true we
assume that SVGAnimatedProperty::lookupWrapper() will return a non-null pointer
and therefore we deference this pointer and call SVGAnimatedProperty::isAnimating().
To fix this crash we need to set m_pathSegList.shouldSynchronize back to false
when the associated SVGAnimatedProperty is deleted.

1:13 AM Changeset in webkit [197317] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12

Merge r197123 - HashMap::ensure() should return an AddResult like all the other add-like functions.
https://bugs.webkit.org/show_bug.cgi?id=154680

Reviewed by Anders Carlsson.

While adopting HashMap::ensure(), I found it was useful in some circumstances to know
if the value was added or not. While I could discern this information by setting a bool
in the passed in lambda, it seemed clearer and more idiomatic to just have ensure return
an AddResult like all the other add-like functions do.

  • wtf/HashMap.h:

Change return type of HashMap::ensure() to be an AddResult.

Tools:
HashMap::ensure() should return an AddResult like all the other add-like functions
https://bugs.webkit.org/show_bug.cgi?id=154680

Reviewed by Anders Carlsson.

  • TestWebKitAPI/Tests/WTF/HashMap.cpp:

(TestWebKitAPI::TEST):
Update tests to use/test the new AddResult result.

12:36 AM Changeset in webkit [197316] by Antti Koivisto
  • 3 edits
    2 adds in trunk

::slotted doesn't work in nested shadow trees
https://bugs.webkit.org/show_bug.cgi?id=154765
<rdar://problem/24870995>

Reviewed by Ryosuke Niwa.

Source/WebCore:

See https://github.com/w3c/webcomponents/issues/331#issuecomment-189191593

Test: fast/shadow-dom/css-scoping-shadow-slotted-nested.html

  • css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::matchSlottedPseudoElementRules):

Collect ::slotted rules from all the nested shadow trees instead of just the host's.

LayoutTests:

  • fast/shadow-dom/css-scoping-shadow-slotted-nested-expected.html: Added.
  • fast/shadow-dom/css-scoping-shadow-slotted-nested.html: Added.

Feb 28, 2016:

11:36 PM Changeset in webkit [197315] by Carlos Garcia Campos
  • 9 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197306 - Reduce uses of PassRefPtr in indexeddb
https://bugs.webkit.org/show_bug.cgi?id=154273

Reviewed by Darin Adler.

No new tests, no behavior changes.

  • Modules/indexeddb/IDBDatabaseError.h:

(WebCore::IDBDatabaseError::create):

  • Modules/indexeddb/IDBKeyData.cpp:

(WebCore::IDBKeyData::maybeCreateIDBKey):

  • Modules/indexeddb/IDBKeyData.h:
  • Modules/indexeddb/IDBKeyRange.cpp:

(WebCore::IDBKeyRange::create):
(WebCore::IDBKeyRange::IDBKeyRange):
(WebCore::IDBKeyRange::only):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):

  • Modules/indexeddb/IDBKeyRange.h:

(WebCore::IDBKeyRange::create):
(WebCore::IDBKeyRange::lower):
(WebCore::IDBKeyRange::upper):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):

  • Modules/indexeddb/IDBKeyRangeData.cpp:

(WebCore::IDBKeyRangeData::maybeCreateIDBKeyRange):

  • Modules/indexeddb/IDBKeyRangeData.h:
  • Modules/indexeddb/IDBServerConnection.h:
  • Modules/indexeddb/legacy/IDBCallbacks.h:
  • Modules/indexeddb/legacy/IDBCursorBackend.cpp:

(WebCore::IDBCursorBackend::continueFunction):

  • Modules/indexeddb/legacy/IDBCursorBackend.h:
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.h:

(WebCore::CursorIterationOperation::create):
(WebCore::CursorIterationOperation::CursorIterationOperation):

  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp:

(WebCore::GetOperation::perform):
(WebCore::PutOperation::perform):

  • Modules/indexeddb/legacy/LegacyCursor.cpp:

(WebCore::LegacyCursor::continueFunction):

  • Modules/indexeddb/legacy/LegacyCursor.h:
  • Modules/indexeddb/legacy/LegacyFactory.h:

(WebCore::LegacyFactory::create):

  • Modules/indexeddb/legacy/LegacyRequest.cpp:

(WebCore::LegacyRequest::onSuccess):

  • Modules/indexeddb/legacy/LegacyRequest.h:
  • inspector/InspectorIndexedDBAgent.cpp:
11:36 PM Changeset in webkit [197314] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197246 - Unreviewed. Fix GTK+ clean build.

Add missing header include.

  • WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:
11:35 PM Changeset in webkit [197313] by Carlos Garcia Campos
  • 11 edits
    3 adds in releases/WebKitGTK/webkit-2.12

Merge r197231 - Modern IDB: New database versions are never committed to SQLite.
<rdar://problem/24860952> and https://bugs.webkit.org/show_bug.cgi?id=154741

Modern IDB: If a database handle is not open, files are not actually deleted from disk
https://bugs.webkit.org/show_bug.cgi?id=154756

Reviewed by Alex Christensen.

Source/WebCore:

Tested by API test "IndexedDBPersistence"

  • Modules/indexeddb/server/IDBServer.cpp:

(WebCore::IDBServer::IDBServer::deleteDatabase): If there's not an open handle to the database, create one.

  • Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::beginTransaction): If a version change transaction, actually

set the new version on disk.

  • Modules/indexeddb/server/UniqueIDBDatabase.cpp:

(WebCore::IDBServer::UniqueIDBDatabase::performCurrentDeleteOperation):
(WebCore::IDBServer::UniqueIDBDatabase::deleteBackingStore): If there is no open backing store, create one.

This is necessary to both read the current database version, and to actually delete the file on disk.

(WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore): If necessary, manufacture a "most recently

deleted database info" from the version returned by deleteBackingStore.

  • Modules/indexeddb/server/UniqueIDBDatabase.h:

Source/WebKit2:

Add WK2 SPI to force termination of the database process.

  • UIProcess/API/Cocoa/WKProcessPool.mm:

(-[WKProcessPool _terminateDatabaseProcess]):

  • UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::terminateDatabaseProcess):

  • UIProcess/WebProcessPool.h:

Tools:

This also happens to test the previously untested fix for http://trac.webkit.org/changeset/197190

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence-1.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence-2.html: Added.
  • TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBPersistence.mm: Added.

(-[IndexedDBNavigationDelegate webView:didFinishNavigation:]):
(-[IndexedDBMessageHandler userContentController:didReceiveScriptMessage:]):
(TEST):

11:35 PM Changeset in webkit [197312] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197190 - Modern IDB: Using existing database info from SQLite backing store is busted.
<rdar://problem/24848143> and https://bugs.webkit.org/show_bug.cgi?id=154735

Reviewed by Alex Christensen.

No new tests.

Reproducing the bug requires having a known database on disk *before* launching the DatabaseProcess to
read in the existing IDBDatabaseInfo.

Our automated infrastructure currently has no way of testing this.

  • Modules/indexeddb/client/IDBConnectionToServer.cpp:

(WebCore::IDBClient::IDBConnectionToServer::openDatabase):

  • Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo): Do the optional migrate on

the IndexRecords table here; *every* time we open a SQLite backing store.

(WebCore::IDBServer::SQLiteIDBBackingStore::createAndPopulateInitialDatabaseInfo): Deleted.

  • Modules/indexeddb/shared/IDBDatabaseInfo.cpp:

(WebCore::IDBDatabaseInfo::isolatedCopy): Copy the entire object, not just name/version.

11:35 PM Changeset in webkit [197311] by Carlos Garcia Campos
  • 40 edits
    71 deletes in releases/WebKitGTK/webkit-2.12/Source

Merge r197131 - Remove LegacyIDB.
https://bugs.webkit.org/show_bug.cgi?id=150854

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (No change in behavior).

  • CMakeLists.txt:
  • Modules/indexeddb/DOMWindowIndexedDatabase.cpp:

(WebCore::DOMWindowIndexedDatabase::indexedDB):

  • Modules/indexeddb/IDBDatabaseMetadata.cpp: Removed.
  • Modules/indexeddb/IDBDatabaseMetadata.h: Removed.
  • Modules/indexeddb/IDBFactory.h:
  • Modules/indexeddb/IDBIndex.h:
  • Modules/indexeddb/IDBIndexMetadata.h: Removed.
  • Modules/indexeddb/IDBObjectStoreMetadata.h: Removed.
  • Modules/indexeddb/IDBOperation.h: Removed.
  • Modules/indexeddb/IDBServerConnection.h: Removed.
  • Modules/indexeddb/IDBTransaction.h:
  • Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.cpp:

(WebCore::WorkerGlobalScopeIndexedDatabase::indexedDB):

  • Modules/indexeddb/WorkerGlobalScopeIndexedDatabase.h:
  • Modules/indexeddb/legacy/IDBCallbacks.h: Removed.
  • Modules/indexeddb/legacy/IDBCursorBackend.cpp: Removed.
  • Modules/indexeddb/legacy/IDBCursorBackend.h: Removed.
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.cpp: Removed.
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.h: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseBackend.cpp: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseBackend.h: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacks.h: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacksImpl.cpp: Removed.
  • Modules/indexeddb/legacy/IDBDatabaseCallbacksImpl.h: Removed.
  • Modules/indexeddb/legacy/IDBFactoryBackendInterface.h: Removed.
  • Modules/indexeddb/legacy/IDBPendingDeleteCall.h: Removed.
  • Modules/indexeddb/legacy/IDBPendingOpenCall.h: Removed.
  • Modules/indexeddb/legacy/IDBPendingTransactionMonitor.cpp: Removed.
  • Modules/indexeddb/legacy/IDBPendingTransactionMonitor.h: Removed.
  • Modules/indexeddb/legacy/IDBTransactionBackend.cpp: Removed.
  • Modules/indexeddb/legacy/IDBTransactionBackend.h: Removed.
  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp: Removed.
  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.h: Removed.
  • Modules/indexeddb/legacy/IDBTransactionCoordinator.cpp: Removed.
  • Modules/indexeddb/legacy/IDBTransactionCoordinator.h: Removed.
  • Modules/indexeddb/legacy/LegacyAny.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyAny.h: Removed.
  • Modules/indexeddb/legacy/LegacyCursor.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyCursor.h: Removed.
  • Modules/indexeddb/legacy/LegacyCursorWithValue.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyCursorWithValue.h: Removed.
  • Modules/indexeddb/legacy/LegacyDatabase.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyDatabase.h: Removed.
  • Modules/indexeddb/legacy/LegacyFactory.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyFactory.h: Removed.
  • Modules/indexeddb/legacy/LegacyIndex.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyIndex.h: Removed.
  • Modules/indexeddb/legacy/LegacyObjectStore.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyObjectStore.h: Removed.
  • Modules/indexeddb/legacy/LegacyOpenDBRequest.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyOpenDBRequest.h: Removed.
  • Modules/indexeddb/legacy/LegacyRequest.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyRequest.h: Removed.
  • Modules/indexeddb/legacy/LegacyTransaction.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyTransaction.h: Removed.
  • Modules/indexeddb/legacy/LegacyVersionChangeEvent.cpp: Removed.
  • Modules/indexeddb/legacy/LegacyVersionChangeEvent.h: Removed.
  • Modules/indexeddb/server/SQLiteIDBCursor.cpp:

(WebCore::IDBServer::SQLiteIDBCursor::SQLiteIDBCursor):
(WebCore::IDBServer::SQLiteIDBCursor::establishStatement):
(WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):

  • Modules/indexeddb/server/SQLiteIDBCursor.h:
  • Modules/indexeddb/shared/IDBIndexInfo.h:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/IDBBindingUtilities.cpp:

(WebCore::generateIndexKeysForValue): Deleted.

  • bindings/js/IDBBindingUtilities.h:
  • bindings/js/JSMainThreadExecState.cpp:

(WebCore::JSMainThreadExecState::didLeaveScriptContext): Deleted.

  • inspector/InspectorIndexedDBAgent.cpp:
  • loader/EmptyClients.cpp:
  • page/DatabaseProvider.cpp:

(WebCore::DatabaseProvider::idbFactoryBackend): Deleted.

  • page/DatabaseProvider.h:
  • platform/CrossThreadCopier.cpp:

(WebCore::IDBDatabaseMetadata>::copy): Deleted.
(WebCore::IDBIndexMetadata>::copy): Deleted.
(WebCore::IDBObjectStoreMetadata>::copy): Deleted.

  • platform/CrossThreadCopier.h:

Source/WebKit:

  • Storage/WebDatabaseProvider.cpp:

(WebDatabaseProvider::createIDBFactoryBackend): Deleted.

  • Storage/WebDatabaseProvider.h:

Source/WebKit2:

  • CMakeLists.txt:
  • DatabaseProcess/DatabaseProcess.cpp:

(WebKit::DatabaseProcess::getOrCreateLegacyUniqueIDBDatabase): Deleted.
(WebKit::DatabaseProcess::removeLegacyUniqueIDBDatabase): Deleted.

  • DatabaseProcess/DatabaseProcess.h:
  • DatabaseProcess/DatabaseToWebProcessConnection.cpp:

(WebKit::DatabaseToWebProcessConnection::didClose):
(WebKit::DatabaseToWebProcessConnection::didReceiveMessage): Deleted.
(WebKit::DatabaseToWebProcessConnection::didReceiveSyncMessage): Deleted.
(WebKit::DatabaseToWebProcessConnection::establishIDBConnection): Deleted.
(WebKit::DatabaseToWebProcessConnection::removeDatabaseProcessIDBConnection): Deleted.

  • DatabaseProcess/DatabaseToWebProcessConnection.h:
  • DatabaseProcess/DatabaseToWebProcessConnection.messages.in:
  • DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.cpp: Removed.
  • DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.h: Removed.
  • DatabaseProcess/IndexedDB/DatabaseProcessIDBConnection.messages.in: Removed.
  • DatabaseProcess/IndexedDB/IDBIdentifier.h: Removed.
  • DatabaseProcess/IndexedDB/IDBSerialization.cpp: Removed.
  • DatabaseProcess/IndexedDB/IDBSerialization.h: Removed.
  • DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabase.cpp: Removed.
  • DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabase.h: Removed.
  • DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabaseIdentifier.cpp: Removed.
  • DatabaseProcess/IndexedDB/LegacyUniqueIDBDatabaseIdentifier.h: Removed.
  • DatabaseProcess/IndexedDB/UniqueIDBDatabaseBackingStore.h: Removed.
  • DatabaseProcess/IndexedDB/WebIDBConnectionToClient.h:
  • DatabaseProcess/IndexedDB/sqlite/SQLiteIDBCursor.cpp: Removed.
  • DatabaseProcess/IndexedDB/sqlite/SQLiteIDBCursor.h: Removed.
  • DatabaseProcess/IndexedDB/sqlite/SQLiteIDBTransaction.cpp: Removed.
  • DatabaseProcess/IndexedDB/sqlite/SQLiteIDBTransaction.h: Removed.
  • DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.cpp: Removed.
  • DatabaseProcess/IndexedDB/sqlite/UniqueIDBDatabaseBackingStoreSQLite.h: Removed.
  • DerivedSources.make:
  • Shared/WebCrossThreadCopier.cpp:

(WebCore::LegacyUniqueIDBDatabaseIdentifier>::copy): Deleted.
(WebCore::IDBIdentifier>::copy): Deleted.

  • Shared/WebCrossThreadCopier.h:
  • WebKit2.xcodeproj/project.pbxproj:
  • WebProcess/Databases/IndexedDB/WebIDBFactoryBackend.cpp: Removed.
  • WebProcess/Databases/IndexedDB/WebIDBFactoryBackend.h: Removed.
  • WebProcess/Databases/IndexedDB/WebIDBServerConnection.cpp: Removed.
  • WebProcess/Databases/IndexedDB/WebIDBServerConnection.h: Removed.
  • WebProcess/Databases/IndexedDB/WebIDBServerConnection.messages.in: Removed.
  • WebProcess/Databases/WebDatabaseProvider.cpp:

(WebKit::WebDatabaseProvider::createIDBFactoryBackend): Deleted.

  • WebProcess/Databases/WebDatabaseProvider.h:
  • WebProcess/Databases/WebToDatabaseProcessConnection.cpp:

(WebKit::WebToDatabaseProcessConnection::didReceiveMessage): Deleted.
(WebKit::WebToDatabaseProcessConnection::registerWebIDBServerConnection): Deleted.
(WebKit::WebToDatabaseProcessConnection::removeWebIDBServerConnection): Deleted.

  • WebProcess/Databases/WebToDatabaseProcessConnection.h:
  • WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
11:33 PM Changeset in webkit [197310] by Carlos Garcia Campos
  • 10 edits
    1 add
    78 deletes in releases/WebKitGTK/webkit-2.12

Merge r197122 - Modern IDB: WebKit 2 IPC layer.
https://bugs.webkit.org/show_bug.cgi?id=153808

Reviewed by Alex Christensen.

Source/WebCore:

No new tests (Covered by over 1,000 existing tests).

  • Modules/indexeddb/IDBKeyData.h:

(WebCore::IDBKeyData::encode): It's okay to encode Min and Max.
(WebCore::IDBKeyData::decode): It's okay to decode Min and Max.

Source/WebKit2:

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::NetworkLoad): This ASSERT fires on most WK2 tests. Alex said remove it.

  • WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

(WebKit::WebIDBConnectionToServer::putOrAdd): Properly encode the overwrite flag.

  • WebProcess/Databases/WebDatabaseProvider.h: Enable Modern IDB.

LayoutTests:

  • Consolidate all test failures to the platform agnostic TestExpectations file.
  • Remove all existing WK2-specific results.
  • Add one new WK2-specific result.
  • Skip two WK2-only failures.
  • TestExpectations:
  • platform/mac-wk1/TestExpectations:
  • platform/mac-wk2/TestExpectations:
  • platform/wk2/TestExpectations:
  • platform/wk2/imported/w3c/indexeddb/abort-in-initial-upgradeneeded-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor-advance-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_advance_index5-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_advance_index9-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_advance_objectstore5-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_index5-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_index6-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_index8-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_invalid-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_continue_objectstore6-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_delete_index4-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbcursor_delete_objectstore4-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbdatabase_close2-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbdatabase_deleteObjectStore4-not_reused-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbfactory_deleteDatabase3-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbfactory_open12-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex-multientry-big-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_get3-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_get7-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_getKey7-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_openCursor2-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbindex_openKeyCursor3-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_add4-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_createIndex2-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_createIndex4-deleteIndex-event_order-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_createIndex6-event_order-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_createIndex7-event_order-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbobjectstore_put4-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbtransaction_abort-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/idbversionchangeevent-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/keygenerator-constrainterror-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/keygenerator-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/keygenerator-overflow-expected.txt: Removed.
  • platform/wk2/imported/w3c/indexeddb/transaction-requestqueue-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/aborted-versionchange-closes-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/bad-keypath-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/basics-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/clear-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/create-and-remove-object-store-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/create-objectstore-basics-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/cursor-continue-dir-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/cursor-continue-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/cursor-finished-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/cursors-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/database-basics-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/deleteIndex-bug110792-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/deletedatabase-delayed-by-open-and-versionchange-expected.txt: Added.
  • platform/wk2/storage/indexeddb/index-count-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/intversion-abort-in-initial-upgradeneeded-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/intversion-close-in-oncomplete-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/intversion-close-in-upgradeneeded-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/invalid-keys-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-requirements-delete-null-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-requirements-inline-and-passed-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-requirements-put-no-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-requirements-put-null-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/key-type-array-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/keypath-arrays-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/keypath-edges-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/keyrange-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/bad-keypath-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/clear-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/create-objectstore-basics-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/cursors-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/key-requirements-delete-null-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/key-requirements-inline-and-passed-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/key-requirements-put-no-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/key-requirements-put-null-key-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/mozilla/readonly-transactions-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/object-lookups-in-versionchange-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/objectstore-count-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/open-cursor-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/readonly-transactions-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/request-result-cache-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/transaction-abort-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/transaction-active-flag-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/transaction-after-close-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/transaction-read-only-expected.txt: Removed.
  • platform/wk2/storage/indexeddb/version-change-exclusive-expected.txt: Removed.
10:57 PM Changeset in webkit [197309] by Carlos Garcia Campos
  • 22 edits
    1 copy
    1 add in releases/WebKitGTK/webkit-2.12

Merge r197118 - CSP: Make SecurityPolicyViolationEvent more closely conform to CSP spec and enable it by default
https://bugs.webkit.org/show_bug.cgi?id=154522
<rdar://problem/24762078>

Reviewed by Brent Fulgham.

Source/WebCore:

Include attributes statusCode and columnNumber in a dispatched SecurityPolicyViolationEvent and
as part of the SecurityPolicyViolationEventInit dictionary as per section Violation DOM Events
of the Content Security Policy Level 3 spec., <https://w3c.github.io/webappsec-csp/> (24 February 2016).
Additionally, enable dispatching of this event when a Content Security Policy violation occurs regardless
of whether ENABLE(CSP_NEXT) is enabled.

Test: http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html

  • WebCore.xcodeproj/project.pbxproj: Add files JSSecurityPolicyViolationEvent.{cpp, h}.
  • dom/EventNames.in: Enable support for SecurityPolicyViolationEvent unconditionally.
  • dom/SecurityPolicyViolationEvent.h: Remove ENABLE(CSP_NEXT)-guard so that we compile this

code unconditionally. Modified SecurityPolicyViolationEventInit and SecurityPolicyViolationEvent
to support attributes statusCode and columnNumebr.

  • dom/SecurityPolicyViolationEvent.idl: Add attributes statusCode and columnNumber.
  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::reportViolation): Modified to both dispatch a SecurityPolicyViolationEvent
and send a violation report (if applicable).

LayoutTests:

Add new test http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html
to ensure that SecurityPolicyViolationEvent.statusCode is 0 when dispatched for a violation on an HTTPS-served
document per section Reporting of the Content Security Policy 2.0 spec, <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.
Update existing test results and mark more tests as PASS in file LayoutTests/TestExpectations.

  • TestExpectations: Mark tests http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation*.html as PASS

so that we run them.

  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-basics-expected.txt: Update expected result to

reflect failing sub-test. We do not support the experimental JavaScript event listener onsecuritypolicyviolation when
building with ENABLE(CSP_NEXT) disabled.

  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-expected.txt: Update line and column numbers.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image-from-script.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-cross-origin-image.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script-expected.txt: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-from-script.html: Ditto.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html: Added.
  • http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image.html: Update line and column numbers.
  • js/dom/global-constructors-attributes-expected.txt: Update expected results now that we expose SecurityPolicyViolationEvent.
  • platform/efl/js/dom/global-constructors-attributes-expected.txt: Ditto.
  • platform/mac-mavericks/js/dom/global-constructors-attributes-expected.txt: Ditto.
  • platform/mac-yosemite/js/dom/global-constructors-attributes-expected.txt: Ditto.
  • platform/mac/js/dom/global-constructors-attributes-expected.txt: Ditto.
9:26 PM Changeset in webkit [197308] by akling@apple.com
  • 7 edits in trunk/Source/JavaScriptCore

Make JSFunction.name allocation fully lazy.
<https://webkit.org/b/154806>

Reviewed by Saam Barati.

We were reifying the "name" field on functions lazily, but created the string
value itself up front. This patch gets rid of the up-front allocation,
saving us a JSString allocation per function in most cases.

  • builtins/BuiltinExecutables.cpp:

(JSC::createExecutableInternal):

  • bytecode/UnlinkedFunctionExecutable.cpp:

(JSC::UnlinkedFunctionExecutable::visitChildren):

  • bytecode/UnlinkedFunctionExecutable.h:
  • runtime/CodeCache.cpp:

(JSC::CodeCache::getFunctionExecutableFromGlobalCode):

  • runtime/Executable.h:
  • runtime/JSFunction.cpp:

(JSC::JSFunction::reifyName):

8:36 PM Changeset in webkit [197307] by Chris Dumez
  • 4 edits in trunk

Parse HTMLOLElement.start as per the HTML spec
https://bugs.webkit.org/show_bug.cgi?id=154802

Reviewed by Andreas Kling.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

  • web-platform-tests/html/dom/reflection-grouping-expected.txt:

Source/WebCore:

Parse HTMLOLElement.start as per the HTML spec:

No new tests, already covered by existing test.

  • html/HTMLOListElement.cpp:

(WebCore::HTMLOListElement::parseAttribute):

5:57 PM Changeset in webkit [197306] by Gyuyoung Kim
  • 9 edits in trunk/Source/WebCore

Reduce uses of PassRefPtr in indexeddb
https://bugs.webkit.org/show_bug.cgi?id=154273

Reviewed by Darin Adler.

No new tests, no behavior changes.

  • Modules/indexeddb/IDBDatabaseError.h:

(WebCore::IDBDatabaseError::create):

  • Modules/indexeddb/IDBKeyData.cpp:

(WebCore::IDBKeyData::maybeCreateIDBKey):

  • Modules/indexeddb/IDBKeyData.h:
  • Modules/indexeddb/IDBKeyRange.cpp:

(WebCore::IDBKeyRange::create):
(WebCore::IDBKeyRange::IDBKeyRange):
(WebCore::IDBKeyRange::only):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):

  • Modules/indexeddb/IDBKeyRange.h:

(WebCore::IDBKeyRange::create):
(WebCore::IDBKeyRange::lower):
(WebCore::IDBKeyRange::upper):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):

  • Modules/indexeddb/IDBKeyRangeData.cpp:

(WebCore::IDBKeyRangeData::maybeCreateIDBKeyRange):

  • Modules/indexeddb/IDBKeyRangeData.h:
  • Modules/indexeddb/IDBServerConnection.h:
  • Modules/indexeddb/legacy/IDBCallbacks.h:
  • Modules/indexeddb/legacy/IDBCursorBackend.cpp:

(WebCore::IDBCursorBackend::continueFunction):

  • Modules/indexeddb/legacy/IDBCursorBackend.h:
  • Modules/indexeddb/legacy/IDBCursorBackendOperations.h:

(WebCore::CursorIterationOperation::create):
(WebCore::CursorIterationOperation::CursorIterationOperation):

  • Modules/indexeddb/legacy/IDBTransactionBackendOperations.cpp:

(WebCore::GetOperation::perform):
(WebCore::PutOperation::perform):

  • Modules/indexeddb/legacy/LegacyCursor.cpp:

(WebCore::LegacyCursor::continueFunction):

  • Modules/indexeddb/legacy/LegacyCursor.h:
  • Modules/indexeddb/legacy/LegacyFactory.h:

(WebCore::LegacyFactory::create):

  • Modules/indexeddb/legacy/LegacyRequest.cpp:

(WebCore::LegacyRequest::onSuccess):

  • Modules/indexeddb/legacy/LegacyRequest.h:
  • inspector/InspectorIndexedDBAgent.cpp:
5:44 PM Changeset in webkit [197305] by akling@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

REGRESSION(r197303): 4 jsc tests failing on bots.

Unreviewed follow-up fix.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): This function
can still get called with !m_rareData, in case the type profiler is active but this
particular code block doesn't have type profiler data. Handle it gracefully.

4:32 PM Changeset in webkit [197304] by weinig@apple.com
  • 24 edits
    1 add
    1 delete in trunk

Reimplement WKPageGroup in terms of WKUserContentController
https://bugs.webkit.org/show_bug.cgi?id=154804

Reviewed by Dan Bernstein.

Source/WebKit2:

Instead of having both WebPageGroup and WebUserContentControllerProxy both keep track
of user scripts and user stylesheets, give WebPageGroup a WebUserContentControllerProxy
and let it take care of things. This allows us to remove a ton of duplicate code, and
provides a convenient way for clients currently using PageGroup based user content insertion
to start using UserContentController, since they can now be used at the same time.

When using WKPageConfigurationRef, the rule is:

  • If you don't set a WKUserContentControllerRef, the one from the WKPageGroupRef will be used.
  • If you do set a WKUserContentControllerRef, it will be used, and the one from the WKPageGroupRef will do nothing for that web view.
  • DerivedSources.make:

Remove WebPageGroupProxy. It no longer is a MessageReceiver.

  • Shared/WebPageGroupData.cpp:

(WebKit::WebPageGroupData::encode):
(WebKit::WebPageGroupData::decode):

  • Shared/WebPageGroupData.h:

Stop encoding/decoding user content, instead just encode the identifier to the UserContentController.

  • UIProcess/API/C/WKPageGroup.cpp:

(WKPageGroupGetUserContentController):

  • UIProcess/API/C/WKPageGroup.h:

Add getter for the underlying WKUserContentControllerRef.

  • UIProcess/API/cpp/WKRetainPtr.h:

(WebKit::retainWK):
Add retainWK() helper to match RetainPtr's retainPtr() helper.

  • UIProcess/WebPageGroup.cpp:

(WebKit::WebPageGroup::WebPageGroup):
(WebKit::WebPageGroup::userContentController):
(WebKit::WebPageGroup::addUserStyleSheet):
(WebKit::WebPageGroup::addUserScript):
(WebKit::WebPageGroup::removeAllUserStyleSheets):
(WebKit::WebPageGroup::removeAllUserScripts):
(WebKit::WebPageGroup::removeAllUserContent):
(WebKit::WebPageGroup::addUserContentExtension):
(WebKit::WebPageGroup::removeUserContentExtension):
(WebKit::WebPageGroup::removeAllUserContentExtensions):

  • UIProcess/WebPageGroup.h:

Pass through to the WebUserContentControllerProxy.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::WebPageProxy):
(WebKit::WebPageProxy::finishInitializingWebPageAfterProcessLaunch):
(WebKit::WebPageProxy::creationParameters):

  • UIProcess/WebPageProxy.h:

WebPageProxies always have a WebUserContentControllerProxy now, so it can go in a Ref and
a few branches can be removed.

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::createWebPage):
If a UserContentController is not passed in, use the one from the PageGroup.

  • WebKit2.xcodeproj/project.pbxproj:

Remove files.

  • WebProcess/InjectedBundle/InjectedBundle.cpp:

Add some #includes that are now needed.

  • WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::WebUserContentController::getOrCreate):

  • WebProcess/UserContent/WebUserContentController.h:

Modernize WebUserContentController::getOrCreate to return a Ref.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::m_shouldDispatchFakeMouseMoveEvents):
(WebKit::WebPage::addUserScript):
(WebKit::WebPage::addUserStyleSheet):
(WebKit::WebPage::removeAllUserContent):

  • WebProcess/WebPage/WebPage.h:

Store the WebUserContentController in Ref, remove unnecessary branches/asserts.

  • WebProcess/WebPage/WebPageGroupProxy.cpp:

(WebKit::WebPageGroupProxy::WebPageGroupProxy):
(WebKit::WebPageGroupProxy::~WebPageGroupProxy):
(WebKit::WebPageGroupProxy::userContentController):
(WebKit::WebPageGroupProxy::addUserStyleSheet): Deleted.
(WebKit::WebPageGroupProxy::addUserScript): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserStyleSheets): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserScripts): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserContent): Deleted.
(WebKit::WebPageGroupProxy::addUserContentExtension): Deleted.
(WebKit::WebPageGroupProxy::removeUserContentExtension): Deleted.
(WebKit::WebPageGroupProxy::removeAllUserContentExtensions): Deleted.

  • WebProcess/WebPage/WebPageGroupProxy.h:

Store a WebUserContentController in a Ref, remove now unnecessary message handling functions.

  • WebProcess/WebPage/WebPageGroupProxy.messages.in:

Removed.

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::didReceiveMessage):
Remove routing to WebPageGroupProxy, which is no longer a MessageReceiver.

Tools:

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
  • TestWebKitAPI/Tests/WebKit2/PageGroup.cpp: Added.
2:21 PM Changeset in webkit [197303] by akling@apple.com
  • 3 edits in trunk/Source/JavaScriptCore

Shrink UnlinkedCodeBlock a bit.
<https://webkit.org/b/154797>

Reviewed by Anders Carlsson.

Move profiler-related members of UnlinkedCodeBlock into its RareData
structure, saving 40 bytes, and then reorder the other members of
UnlinkedCodeBlock to save another 24 bytes, netting a nice total 64.

The VM member was removed entirely since UnlinkedCodeBlock is a cell
and can retrieve its VM through MarkedBlock header lookup.

  • bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::vm):
(JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset):
(JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo):
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.

  • bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::addRegExp):
(JSC::UnlinkedCodeBlock::addConstant):
(JSC::UnlinkedCodeBlock::addFunctionDecl):
(JSC::UnlinkedCodeBlock::addFunctionExpr):
(JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
(JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
(JSC::UnlinkedCodeBlock::vm): Deleted.

1:56 PM Changeset in webkit [197302] by weinig@apple.com
  • 17 edits in trunk

Source/WebKit2:
Bind _WKUserStyleSheets to _WKUserContentWorlds to allow for grouping of user content by associating to a world
https://bugs.webkit.org/show_bug.cgi?id=154798

Reviewed by Dan Bernstein.

Treat _WKUserStyleSheets like WKUserScripts and allow them to be bound to a _WKUserContentWorld.
The immediate benefit of this is allowing a client to bind a set of user content (scripts and stylesheets
for now) to a world and have them easily remove all user content associated with that world easily.

  • Shared/API/APIArray.h:

Add helpers removeAllMatching and removeAllOfTypeMatching.

  • UIProcess/API/APIUserStyleSheet.h:

Add API::UserContentWorld member.

  • UIProcess/API/Cocoa/WKUserContentController.mm:

(-[WKUserContentController _removeAllUserScriptsAssociatedWithUserContentWorld:]):
(-[WKUserContentController _removeAllUserStyleSheetsAssociatedWithUserContentWorld:]):

  • UIProcess/API/Cocoa/WKUserContentControllerPrivate.h:

Add _removeAllUserScriptsAssociatedWithUserContentWorld and _removeAllUserStyleSheetsAssociatedWithUserContentWorld.

  • UIProcess/API/Cocoa/WKUserScript.mm:

(-[WKUserScript _initWithSource:injectionTime:forMainFrameOnly:legacyWhitelist:legacyBlacklist:userContentWorld:]):
(toStringVector): Deleted.

  • UIProcess/API/Cocoa/_WKUserContentWorldInternal.h:

(API::toStringVector):
Move toStringVector to a location where it can be shared.

  • UIProcess/API/Cocoa/_WKUserStyleSheet.h:
  • UIProcess/API/Cocoa/_WKUserStyleSheet.mm:

(-[_WKUserStyleSheet initWithSource:forMainFrameOnly:legacyWhitelist:legacyBlacklist:userContentWorld:]):
Add new initializer which has a world to be bound to. While here, match WKUserScript and add support for the
legacy whitelist and blacklists.

  • UIProcess/UserContent/WebUserContentControllerProxy.cpp:

(WebKit::WebUserContentControllerProxy::addProcess):
(WebKit::WebUserContentControllerProxy::removeProcess):
(WebKit::WebUserContentControllerProxy::addUserContentWorldUse):
(WebKit::WebUserContentControllerProxy::shouldSendRemoveUserContentWorldsMessage):
(WebKit::WebUserContentControllerProxy::removeUserContentWorldUses):
(WebKit::WebUserContentControllerProxy::addUserScript):
(WebKit::WebUserContentControllerProxy::removeUserScript):
(WebKit::WebUserContentControllerProxy::removeAllUserScripts):
(WebKit::WebUserContentControllerProxy::addUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeUserStyleSheet):
(WebKit::WebUserContentControllerProxy::removeAllUserStyleSheets):

  • UIProcess/UserContent/WebUserContentControllerProxy.h:

Refactor to share the code which decides whether to send AddUserContentWorlds/RemoveUserContentWorlds
messages.

  • WebProcess/UserContent/WebUserContentController.cpp:

(WebKit::WebUserContentController::addUserContentWorlds):
(WebKit::WebUserContentController::removeUserContentWorlds):
(WebKit::WebUserContentController::addUserScripts):
(WebKit::WebUserContentController::removeUserScript):
(WebKit::WebUserContentController::removeAllUserScripts):
(WebKit::WebUserContentController::addUserStyleSheets):
(WebKit::WebUserContentController::removeUserStyleSheet):
(WebKit::WebUserContentController::removeAllUserStyleSheets):

  • WebProcess/UserContent/WebUserContentController.h:
  • WebProcess/UserContent/WebUserContentController.messages.in:

Add support for binding stylesheets to worlds and allow removing all the scripts/stylesheets from a
set of worlds at once by passing Vectors of world identifiers in the remove messages.

Tools:
Bind _WKUserStyleSheets to WKUserContentWorlds to allow for grouping of user content by associating to a world
https://bugs.webkit.org/show_bug.cgi?id=154798

Reviewed by Dan Bernstein.

  • TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:

Add tests for removing _WKUserStyleSheets and WKUserScripts

1:00 PM Changeset in webkit [197301] by timothy_horton@apple.com
  • 5 edits in trunk

Switch to application/vnd.apple.folder for <attachment> folder special-case
https://bugs.webkit.org/show_bug.cgi?id=154786
<rdar://problem/24416632>

Reviewed by Anders Carlsson.

Source/WebCore:

No new tests, adjusted an existing test to cover this.

  • rendering/RenderThemeMac.mm:

(WebCore::iconForAttachment):
Add a second folder MIME type.

LayoutTests:

  • fast/attachment/attachment-folder-icon-expected.html:
  • fast/attachment/attachment-folder-icon.html:
12:42 PM Changeset in webkit [197300] by timothy_horton@apple.com
  • 3 edits
    2 adds in trunk

Variables can resolve to the wrong value when elements differ in nothing but inherited variable value
https://bugs.webkit.org/show_bug.cgi?id=154785

Reviewed by Antti Koivisto.

Source/WebCore:

Test: fast/css/variables/avoid-matched-property-cache.html

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::MatchResult::addMatchedProperties):
Disable the matched property cache when a value is variable-dependent, because
they can resolve to inherited values, and the matched property cache could
end up copying the wrong value from another similarly-styled element.

LayoutTests:

  • fast/css/variables/avoid-matched-property-cache-expected.html: Added.
  • fast/css/variables/avoid-matched-property-cache.html: Added.

Add a test. The non-standard element is necessary because the resolved property
cache is already disabled when using the "simple" default style sheet, and
it seems better to use a totally non-standard element than one that might
end up in the "simple" default style sheet in the future and would silently
invalidate the test.

12:34 PM Changeset in webkit [197299] by fpizlo@apple.com
  • 10 edits in trunk/Source/JavaScriptCore

FTL should lower its abstract heaps to B3 heap ranges
https://bugs.webkit.org/show_bug.cgi?id=154782

Reviewed by Saam Barati.

The FTL can describe the abstract heaps (points-to sets) that a memory operation will
affect. The abstract heaps are arranged as a hierarchy. We used to transform this into
TBAA hierarchies in LLVM, but we never got around to wiring this up to B3's equivalent
notion - the HeapRange. That's what this patch fixes.

B3 has a minimalistic alias analysis. It represents abstract heaps using unsigned 32-bit
integers. There are 1<<32 abstract heaps. The B3 client can describe what an operation
affects by specifying a heap range: a begin...end pair that says that the operation
affects all abstract heaps H such that begin <= H < end.

This peculiar scheme was a deliberate attempt to distill what the abstract heap
hierarchy is all about. We can assign begin...end numbers to abstract heaps so that:

  • A heap's end is greater than its begin.
  • A heap's begin is greater than or equal to its parent's begin.
  • A heap's end is less than or equal to its parent's end.

This is easy to do using a recursive traversal of the abstract heap hierarchy. I almost
went for the iterative traversal, which is a splendid algorithm, but it's totally
unnecessary here since we tightly control the height of the heap hierarchy.

Because abstract heaps are produced on-the-fly by FTL lowering, due to the fact that we
generate new ones for field names and constant indices we encounter, we can't actually
decorate the B3 instructions we create in lowering until all lowering is done. Adding a
new abstract heap to the hierarchy after ranges were already computed would require
updating the ranges of any heaps "to the right" of that heap in the hierarchy. This
patch solves that problem by recording the associations between abstract heaps and their
intended roles in the generated IR, and then decorating all of the relevant B3 values
after we compute the ranges of the hierarchy after lowering.

This is perf-neutral. I was hoping for a small speed-up, but I could not detect a
speed-up on any benchmark. That's not too surprising. We already have very precise CSE
in the DFG, so there aren't many opportunities left for the B3 CSE and it may have
already been getting the big ones even without alias analysis.

Even without a speed-up, this patch is valuable because it makes it easier to implement
other optimizations, like store elimination.

  • b3/B3HeapRange.h:

(JSC::B3::HeapRange::HeapRange):

  • ftl/FTLAbstractHeap.cpp:

(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::changeParent):
(JSC::FTL::AbstractHeap::compute):
(JSC::FTL::AbstractHeap::shallowDump):
(JSC::FTL::AbstractHeap::dump):
(JSC::FTL::AbstractHeap::deepDump):
(JSC::FTL::AbstractHeap::badRangeError):
(JSC::FTL::IndexedAbstractHeap::IndexedAbstractHeap):
(JSC::FTL::IndexedAbstractHeap::baseIndex):
(JSC::FTL::IndexedAbstractHeap::atSlow):
(JSC::FTL::IndexedAbstractHeap::initialize):
(JSC::FTL::AbstractHeap::decorateInstruction): Deleted.
(JSC::FTL::AbstractField::dump): Deleted.

  • ftl/FTLAbstractHeap.h:

(JSC::FTL::AbstractHeap::AbstractHeap):
(JSC::FTL::AbstractHeap::isInitialized):
(JSC::FTL::AbstractHeap::initialize):
(JSC::FTL::AbstractHeap::parent):
(JSC::FTL::AbstractHeap::heapName):
(JSC::FTL::AbstractHeap::range):
(JSC::FTL::AbstractHeap::offset):
(JSC::FTL::IndexedAbstractHeap::atAnyIndex):
(JSC::FTL::IndexedAbstractHeap::at):
(JSC::FTL::IndexedAbstractHeap::operator[]):
(JSC::FTL::IndexedAbstractHeap::returnInitialized):
(JSC::FTL::IndexedAbstractHeap::WithoutZeroOrOneHashTraits::constructDeletedValue):
(JSC::FTL::IndexedAbstractHeap::WithoutZeroOrOneHashTraits::isDeletedValue):
(JSC::FTL::AbstractHeap::changeParent): Deleted.
(JSC::FTL::AbstractField::AbstractField): Deleted.
(JSC::FTL::AbstractField::initialize): Deleted.
(JSC::FTL::AbstractField::offset): Deleted.

  • ftl/FTLAbstractHeapRepository.cpp:

(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::~AbstractHeapRepository):
(JSC::FTL::AbstractHeapRepository::decorateMemory):
(JSC::FTL::AbstractHeapRepository::decorateCCallRead):
(JSC::FTL::AbstractHeapRepository::decorateCCallWrite):
(JSC::FTL::AbstractHeapRepository::decoratePatchpointRead):
(JSC::FTL::AbstractHeapRepository::decoratePatchpointWrite):
(JSC::FTL::AbstractHeapRepository::computeRangesAndDecorateInstructions):

  • ftl/FTLAbstractHeapRepository.h:

(JSC::FTL::AbstractHeapRepository::forArrayType):
(JSC::FTL::AbstractHeapRepository::HeapForValue::HeapForValue):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::lower):

  • ftl/FTLOutput.cpp:

(JSC::FTL::Output::load):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::load16SignExt32):
(JSC::FTL::Output::load16ZeroExt32):
(JSC::FTL::Output::store):
(JSC::FTL::Output::store32As8):
(JSC::FTL::Output::store32As16):
(JSC::FTL::Output::baseIndex):

  • ftl/FTLOutput.h:

(JSC::FTL::Output::address):
(JSC::FTL::Output::absolute):
(JSC::FTL::Output::load8SignExt32):
(JSC::FTL::Output::load8ZeroExt32):
(JSC::FTL::Output::load16SignExt32):
(JSC::FTL::Output::load16ZeroExt32):
(JSC::FTL::Output::load32):
(JSC::FTL::Output::load64):
(JSC::FTL::Output::loadPtr):
(JSC::FTL::Output::loadDouble):
(JSC::FTL::Output::store32):
(JSC::FTL::Output::store64):
(JSC::FTL::Output::storePtr):
(JSC::FTL::Output::storeDouble):
(JSC::FTL::Output::ascribeRange):
(JSC::FTL::Output::nonNegative32):
(JSC::FTL::Output::load32NonNegative):
(JSC::FTL::Output::equal):
(JSC::FTL::Output::notEqual):

  • ftl/FTLTypedPointer.h:

(JSC::FTL::TypedPointer::operator!):
(JSC::FTL::TypedPointer::heap):
(JSC::FTL::TypedPointer::value):

12:12 PM Changeset in webkit [197298] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

SVGToOTFFontConversion.cpp does not compile with libstdc++ 4.8
https://bugs.webkit.org/show_bug.cgi?id=154794

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-28
Reviewed by Michael Catanzaro.

No new tests needed.

  • svg/SVGToOTFFontConversion.cpp:

(WebCore::SVGToOTFFontConverter::appendLigatureSubtable): Added const
qualifiers.

12:11 PM Changeset in webkit [197297] by commit-queue@webkit.org
  • 2 edits in trunk

[cmake] Allow using FindGLIB in case glib is optional dependency.
https://bugs.webkit.org/show_bug.cgi?id=154796

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-28
Reviewed by Michael Catanzaro.

FindGLIB caused internal CMake error in case GLIBCONFIG_INCLUDE_DIR is
not defined.

  • Source/cmake/FindGLIB.cmake:
11:14 AM Changeset in webkit [197296] by gskachkov@gmail.com
  • 18 edits
    10 adds in trunk

[ES6] Arrow function syntax. Emit loading&putting this/super only if they are used in arrow function. https://bugs.webkit.org/show_bug.cgi?id=153981

Small improvements

10:40 AM Changeset in webkit [197295] by sbarati@apple.com
  • 7 edits in trunk/Source/JavaScriptCore

ProxyObject.GetOwnProperty? is partially broken because it doesn't propagate information back to the slot
https://bugs.webkit.org/show_bug.cgi?id=154768

Reviewed by Ryosuke Niwa.

This fixes a big bug with ProxyObject.GetOwnProperty?:
http://www.ecma-international.org/ecma-262/6.0/index.html#sec-proxy-object-internal-methods-and-internal-slots-getownproperty-p
We weren't correctly propagating the result of this operation to the
out PropertySlot& parameter. This patch fixes that and adds tests.

  • runtime/ObjectConstructor.cpp:

(JSC::objectConstructorGetOwnPropertyDescriptor):
I added a missing exception check after object allocation
because I saw that it was missing while reading the code.

  • runtime/PropertyDescriptor.cpp:

(JSC::PropertyDescriptor::setUndefined):
(JSC::PropertyDescriptor::slowGetterSetter):
(JSC::PropertyDescriptor::getter):

  • runtime/PropertyDescriptor.h:

(JSC::PropertyDescriptor::attributes):
(JSC::PropertyDescriptor::value):

  • runtime/ProxyObject.cpp:

(JSC::ProxyObject::performInternalMethodGetOwnProperty):

  • tests/es6.yaml:
  • tests/stress/proxy-get-own-property.js:

(let.handler.getOwnPropertyDescriptor):
(set get let.handler.return):
(set get let.handler.getOwnPropertyDescriptor):
(set get let):
(set get let.a):
(let.b):
(let.setter):
(let.getter):

6:57 AM Changeset in webkit [197294] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r179776 - ASSERT repaintContainer->hasLayer() in WebCore::RenderObject::repaintUsingContainer
https://bugs.webkit.org/show_bug.cgi?id=140750

Reviewed by Simon Fraser.

There's a short period of time when RenderObject::layer() still returns a valid pointer
even though we already cleared the hasLayer() flag.
Do not use the layer as repaint container in such cases.

Source/WebCore:

Test: compositing/repaint-container-assertion-when-toggling-compositing.html

  • rendering/RenderObject.cpp:

(WebCore::RenderObject::enclosingLayer):

LayoutTests:

  • compositing/repaint-container-assertion-when-toggling-compositing-expected.txt: Added.
  • compositing/repaint-container-assertion-when-toggling-compositing.html: Added.
6:56 AM Changeset in webkit [197293] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r178363 - Element::normalizeAttributes() needs to handle arbitrary JS executing between loop iterations.
<https://webkit.org/b/140379>
<rdar://problem/19446901>

Reviewed by Benjamin Poulain.

Source/WebCore:

Since DOM mutation events may arise below the call to Node::normalize(),
have the loop in Element::normalizeAttributes() make a copy of the Attr nodes
beforehand, to guard against mutations.

Based on a patch by Chris "Chris Dumez" Dumez.

Test: fast/dom/Element/normalize-crash2.html

  • dom/Element.cpp:

(WebCore::Element::normalizeAttributes):

LayoutTests:

  • fast/dom/Element/normalize-crash2-expected.txt: Added.
  • fast/dom/Element/normalize-crash2.html: Added.
6:46 AM Changeset in webkit [197292] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/JavaScriptCore

Merge r178311 - Out of bounds read in IdentifierArena::makeIdentifier
https://bugs.webkit.org/show_bug.cgi?id=140376

Patch by Alexey Proskuryakov.

Reviewed and ChangeLogged by Geoffrey Garen.

No test, since this is a small past-the-end read, which is very
difficult to turn into a reproducible failing test -- and existing tests
crash reliably using ASan.

  • parser/ParserArena.h:

(JSC::IdentifierArena::makeIdentifier):
(JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
zero-length string input, like we do in the literal parser, since it is
not valid to dereference characters in a zero-length string.

A zero-length string is allowed in JavaScript -- for example, "".

6:34 AM Changeset in webkit [197291] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r179750 - REGRESSION(r179706): Caused memory corruption on some tests (Requested by _ap_ on #webkit).
https://bugs.webkit.org/show_bug.cgi?id=141324

Reviewed by Alexey Proskuryakov.

No new tests. This is caught by existing tests under ASAN, and I don't know how to reproduce
it without ASAN.

  • rendering/RenderLineBoxList.cpp:

(WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): Give up
and just always invalidate the next line. It's too hard to come up
with the condition that catches all needed cases, doesn't itself
cause a crash, and isn't overzealous. And we do this for the
previous line anyway. Also clean up the code a bit since it
confusingly reuses a variable, and declares it uninitialized, for
no good reason.

6:34 AM Changeset in webkit [197290] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r179706 - Crash due to failing to dirty a removed text node's line box
https://bugs.webkit.org/show_bug.cgi?id=136544

Reviewed by David Hyatt.
Source/WebCore:

Test: fast/text/remove-text-node-linebox-not-dirty-crash.html

  • rendering/RenderLineBoxList.cpp:

(WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): Make the check for dirtying the next
line box a bit more inclusive to avoid a case of a line box for a destroyed render object not
being dirtied. In particular, when the text node's parent has no line boxes but contains BRs.

LayoutTests:

  • fast/text/remove-text-node-linebox-not-dirty-crash-expected.txt: Added.
  • fast/text/remove-text-node-linebox-not-dirty-crash.html: Added.
6:23 AM Changeset in webkit [197289] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.4

Merge r180128 - Crash when accessing an item in SVGLengthList and then replacing it with a previous item in the list.
https://bugs.webkit.org/show_bug.cgi?id=141552.

Reviewed by Darin Adler.

Source/WebCore:

Tests: LayoutTests/svg/dom/SVGLengthList-basics.xhtml: This test is modified to
include a new test case.

  • svg/properties/SVGListPropertyTearOff.h: Commit the removal of the replacing item

before trying to detach the wrapper of the item which going to be replaced.

LayoutTests:

  • svg/dom/SVGLengthList-basics-expected.txt:
  • svg/dom/SVGLengthList-basics.xhtml: Add a new test case to this test. Have a

reference to an SVGLength in an SVGLengthList and then replace this SVGLength
with another one which comes before it in the SVGLengthList.

6:01 AM Changeset in webkit [197288] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.4

Merge r182284 - Clean up access checks in JSHistoryCustom.cpp
https://bugs.webkit.org/show_bug.cgi?id=143227

Reviewed by Sam Weinig.

Source/WebCore:

  • bindings/js/JSHistoryCustom.cpp:

(WebCore::JSHistory::putDelegate):
(WebCore::JSHistory::deleteProperty):
(WebCore::JSHistory::deletePropertyByIndex):
(WebCore::JSHistory::getOwnPropertyNames):
(WebCore::JSHistory::pushState):
(WebCore::JSHistory::replaceState):

LayoutTests:

  • http/tests/security/cross-frame-access-call-expected.txt:
  • http/tests/security/cross-frame-access-call.html:
6:00 AM Changeset in webkit [197287] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r173046 - Scrollbar corner can be drawn outside containing frame
https://bugs.webkit.org/show_bug.cgi?id=133131
<rdar://problem/16382769>

Reviewed by Simon Fraser.

Source/WebCore:

Merged from Blink (patch by Levi Weintraub):
<https://src.chromium.org/viewvc/blink?revision=170625&view=revision>

Fixes an issue where the scroll corner may be painted outside the rectangle of
its associated frame by setting a clip rectangle before painting the scroll bar(s)
and scroll corner.

Test: scrollbars/custom-scrollbars-paint-outside-iframe.html

  • platform/ScrollView.cpp:

(WebCore::ScrollView::paint):

LayoutTests:

Add DRT test that was derived from the test included in
<https://src.chromium.org/viewvc/blink?revision=170625&view=revision>.

  • scrollbars/custom-scrollbars-paint-outside-iframe-expected.html: Added.
  • scrollbars/custom-scrollbars-paint-outside-iframe.html: Added.
5:50 AM Changeset in webkit [197286] by Carlos Garcia Campos
  • 5 edits
    12 adds in releases/WebKitGTK/webkit-2.4

Merge r186663 - Fetching Content Security Policy report URL should respect same origin policy
https://bugs.webkit.org/show_bug.cgi?id=146754
<rdar://problem/18860259>

Reviewed by Brady Eidson.

Inspired by Blink r149791 (by Mike West <mkwst@chromium.org>):
<https://src.chromium.org/viewvc/blink?revision=149791&view=revision>

Source/WebCore:

As per <http://www.w3.org/TR/2015/CR-CSP2-20150219/#send-violation-reports>, fetching the
Content Security Policy report URL should include cookies if and only if the origin of
the protected resource is equal to the origin of the report URL.

Tests: http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.html

http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.html
http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.html
http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.html
http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.html
http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.html

  • loader/PingLoader.cpp:

(WebCore::PingLoader::sendViolationReport):

LayoutTests:

Added additional tests for private browsing mode.

  • http/tests/cookies/resources/setCookies.cgi:
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-enabled.html: Added.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-when-private-browsing-toggled.html: Added.
  • http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies.html: Added.
  • http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-same-origin-no-cookies-when-private-browsing-toggled.html: Added.
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-when-private-browsing-enabled.html: Added.
  • http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies.html: Added.
  • http/tests/security/contentSecurityPolicy/resources/save-report.php:
  • platform/wk2/TestExpectations: Skip private browsing mode tests in WebKit2 until we fix <https://bugs.webkit.org/show_bug.cgi?id=115274>.
5:44 AM Changeset in webkit [197285] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r186666 - Plugin create can end up destroying its renderer.
https://bugs.webkit.org/show_bug.cgi?id=146824
rdar://problem/18921429

Reviewed by Andreas Kling.

Plugins can run arbitrary code during initialization. If the plugin
happens to destroy the associated node, its renderer becomes invalid.
This patch checks whether the renderer survived the createPlugin() call.
(This WeakPtr pattern is also used in RenderWidget to avoid dangling pointers.)

Speculative fix. Not reproducible.

  • loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::loadPlugin):

5:42 AM Changeset in webkit [197284] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r188014 - Crash when removing children of a MathMLSelectElement
https://bugs.webkit.org/show_bug.cgi?id=147704
<rdar://problem/21940321>

Reviewed by Ryosuke Niwa.

Source/WebCore:

When MathMLSelectElement::childrenChanged() is called after its
children have been removed, MathMLSelectElement calls
updateSelectedChild() which accesses m_selectedChild. However,
in this case, m_selectedChild is the previously selected child
and it may be destroyed as this point if it was removed. To avoid
this problem, MathMLSelectElement now keep a strong ref to the
currently selected element.

Test: mathml/maction-removeChild.html

  • mathml/MathMLSelectElement.h:

LayoutTests:

Add layout test that reproduces the crash under guardmalloc.

  • mathml/maction-removeChild-expected.txt: Added.
  • mathml/maction-removeChild.html: Added.
5:29 AM Changeset in webkit [197283] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r184965 - Crash under ICU with ASAN during editing/selection/move-by-word-visually-crash-test-5.html
https://bugs.webkit.org/show_bug.cgi?id=145429
<rdar://problem/20992218>

Reviewed by Alexey Proskuryakov.

WebKit uses some strings which contain the lower 8-bits of UTF-16 (thereby saving space). However,
ICU doesn't understand this encoding. When we want to use ICU functions with strings in this encoding,
we create a UTextProvider which converts our encoded strings to UTF-16 for ICU, one chunk at a time.
This object contains a vtable which we populate to perform the conversion.

The WebKit function which actually returns the UTF-16 chunks has two relevant arguments: an index into
the encoded string which ICU is requesting, and a direction from that index which ICU is interested
in. This function populates a "chunk" which is characterized by a pointer to a buffer, the length of
the populated data in the buffer, and an offset into the chunk which represents the index that the
requested character was put into.

When ICU requests data going backward, we fill in the chunk accordingly, with the requested character
all the way at the end. We then set the offset equal to the length of the buffer. However, this length
value is stale from the previous time the function ran. Therefore, ICU was reading the wrong index in
the chunk when expecting the requested character.

Covered by editing/selection/move-by-word-visually-crash-test-5.html.

  • platform/text/icu/UTextProviderLatin1.cpp:

(WebCore::uTextLatin1Access):

5:27 AM Changeset in webkit [197282] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r185003 - WebSQL default functions can bypass authorizer.
<rdar://problem/21048994> and https://bugs.webkit.org/show_bug.cgi?id=145463

Reviewed by Sam Weinig and Alexey Proskuryakov.

No new tests yet.

  • platform/sql/SQLiteDatabase.cpp:

(WebCore::unauthorizedSQLFunction): Function to install into SQLite to override some built-in functions.
(WebCore::SQLiteDatabase::open):
(WebCore::SQLiteDatabase::overrideUnauthorizedFunctions): Install function overrides for functions that

take arbitrary input that are also meant to be disabled by virtue of them not being whitelisted.

  • platform/sql/SQLiteDatabase.h:

Review feedback followup for r185003.
https://bugs.webkit.org/show_bug.cgi?id=145463

Reviewed by Darin Adler.

  • platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::overrideUnauthorizedFunctions): static const one thing, c++-style cast another.

5:23 AM Changeset in webkit [197281] by Carlos Garcia Campos
  • 6 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r185392 - feComposite filter does not clip the paint rect to its effect rect when the operator is 'in' or 'atop'
https://bugs.webkit.org/show_bug.cgi?id=137856

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-06-09
Reviewed by Darin Adler.

Source/WebCore:

There was bug in calculating the absolutePaintRect of the feComposite filter
when the operator is equal to 'in' or 'atop'. The absolutePaintRect was set
to the absolutePaintRect of the background FilterEffect which is correct.
What was missing is clipping this rectangle to the maxEffectRect of the
filter which we do for other operators.

Tests: svg/filters/feComposite-background-rect-control-operators.svg

  • platform/graphics/IntRect.h:

(WebCore::operator-=):
(WebCore::operator-): Add new operators to IntRect.

  • platform/graphics/filters/FEComposite.cpp:

(WebCore::FEComposite::determineAbsolutePaintRect): Make sure the filter
absolutePaintRect is clipped to maxEffectRect for all operators.

(WebCore::FEComposite::platformApplySoftware): Code clean-up.

  • platform/graphics/filters/FilterEffect.cpp:

(WebCore::FilterEffect::determineAbsolutePaintRect): Move the clipping
part to a separate function.

(WebCore::FilterEffect::clipAbsolutePaintRect): Clip the absolutePaintRect
to the maxEffectRect of the filter.

  • platform/graphics/filters/FilterEffect.h:

LayoutTests:

  • svg/filters/feComposite-background-rect-control-operators-expected.svg: Added.
  • svg/filters/feComposite-background-rect-control-operators.svg: Added.

Ensure the painting rect of the feComposite filter with operator 'in' or
'atop' is clipped to its bounding rectangle

4:47 AM Changeset in webkit [197280] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r185572 - RootInlineBox::m_lineBreakObj becomes invalid when a child renderer is removed and the line does not get marked dirty.
https://bugs.webkit.org/show_bug.cgi?id=145988
rdar://problem/20959137

Reviewed by David Hyatt.

This patch ensures that we find the right first inline box so that we can dirty the
the appropriate line boxes.
With marking the right line boxes dirty, now we can update RootInlineBox::m_lineBreakObj at the next layout.

Source/WebCore:

Test: fast/inline/crash-when-child-renderer-is-removed-and-line-stays-clean.html

  • rendering/RenderInline.cpp:

(WebCore::RenderInline::culledInlineFirstLineBox):
(WebCore::RenderInline::culledInlineLastLineBox):

  • rendering/RootInlineBox.cpp:

(WebCore::RootInlineBox::setLineBreakInfo): Deleted. Remove misleading assert and comment.

LayoutTests:

  • fast/inline/crash-when-child-renderer-is-removed-and-line-stays-clean-expected.txt: Added.
  • fast/inline/crash-when-child-renderer-is-removed-and-line-stays-clean.html: Added.
4:34 AM Changeset in webkit [197279] by Carlos Garcia Campos
  • 8 edits
    8 adds in releases/WebKitGTK/webkit-2.4

Merge r185769 - Various assertion failures occur when executing script in the midst of DOM insertion
https://bugs.webkit.org/show_bug.cgi?id=132482

Reviewed by Darin Adler.

Source/WebCore:

Prior to this change, when an element containing a <script> child was inserted into a document, the script was
executed in ScriptElement::insertedInto(). That script can access nodes that follow it in the newly-inserted
hierarchy but are not yet fully inserted, leading to at least the following problems:

  • The script could remove a node that is not yet marked as in the document.
  • The script could remove a named <map> that has yet to be added to TreeScope::m_imageMapsByName.
  • The script could remove a form control that has yet to be added to FormController::m_formElementsWithState.

These scenarios all result in assertion failures. This change ensures that each node in the newly-inserted
hierarchy is fully inserted before executing any scripts.

Tests: fast/dom/element-removed-while-inserting-parent-crash.html

fast/dom/named-map-removed-while-inserting-parent-crash.html
fast/forms/form-control-removed-while-inserting-parent-crash.html
svg/dom/element-removed-while-inserting-parent-crash.html

  • dom/ScriptElement.cpp:

(WebCore::ScriptElement::shouldNotifySubtreeInsertions): Renamed from insertedInto().
Returned true in the case where insertedInto() would've called prepareScript().
(WebCore::ScriptElement::didNotifySubtreeInsertions): Called prepareScript().
(WebCore::ScriptElement::insertedInto): Renamed to shouldNotifySubtreeInsertions().

  • dom/ScriptElement.h:
  • html/HTMLScriptElement.cpp:

(WebCore::HTMLScriptElement::insertedInto): If shouldNotifySubtreeInsertions() is true, returned InsertionShouldCallDidNotifySubtreeInsertions.
Otherwise, returned InsertionDone.
(WebCore::HTMLScriptElement::didNotifySubtreeInsertions): Called ScriptElement::didNotifySubtreeInsertions().

  • html/HTMLScriptElement.h:
  • svg/SVGScriptElement.cpp:

(WebCore::SVGScriptElement::insertedInto): Did the same as HTMLScriptElement::insertedInto().
(WebCore::SVGScriptElement::didNotifySubtreeInsertions): Called ScriptElement::didNotifySubtreeInsertions().

  • svg/SVGScriptElement.h:

LayoutTests:

Wrote named-map-removed-while-inserting-parent-crash.html by reducing the test case attached to bug 132482.
The remaining tests were taken from blink r132482.

  • fast/dom/element-removed-while-inserting-parent-crash-expected.txt: Added.
  • fast/dom/element-removed-while-inserting-parent-crash.html: Added.
  • fast/dom/named-map-removed-while-inserting-parent-crash-expected.txt: Added.
  • fast/dom/named-map-removed-while-inserting-parent-crash.html: Added.
  • fast/forms/form-control-removed-while-inserting-parent-crash-expected.txt: Added.
  • fast/forms/form-control-removed-while-inserting-parent-crash.html: Added.
  • svg/dom/element-removed-while-inserting-parent-crash-expected.txt: Added.
  • svg/dom/element-removed-while-inserting-parent-crash.html: Added.
3:55 AM Changeset in webkit [197278] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r182918 - Media element can manipulate DOM during Document destruction.
rdar://problem/20553898 and https://bugs.webkit.org/show_bug.cgi?id=143780

Patch by Brady Eidson <beidson@apple.com> on 2015-04-16
Reviewed by Jer Noble.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::configureMediaControls): Bail if the element has no active document.

3:48 AM Changeset in webkit [197277] by Carlos Garcia Campos
  • 3 edits
    3 adds in releases/WebKitGTK/webkit-2.4

Merge r183275 - Made Object.prototype.proto native getter and setter check that this object not null or undefined
https://bugs.webkit.org/show_bug.cgi?id=141865
rdar://problem/19927273

Reviewed by Filip Pizlo.

  • runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):

LayoutTests:
Added tests to ensure that Object.prototype.proto native getter and setter do not coerce undefined to this
https://bugs.webkit.org/show_bug.cgi?id=141865
rdar://problem/19927273

Reviewed by Filip Pizlo.

  • js/script-tests/sloppy-getter-setter-global-object.js: Added.
  • js/sloppy-getter-setter-global-object-expected.txt: Added.
  • js/sloppy-getter-setter-global-object.html: Added.
3:45 AM Changeset in webkit [197276] by Carlos Garcia Campos
  • 5 edits
    9 adds in releases/WebKitGTK/webkit-2.4

Merge r183280,r183672 - Origin header is preserved on cross-origin redirects.
https://bugs.webkit.org/show_bug.cgi?id=144157.

Reviewed by Sam Weinig.

Source/WebCore:

Tests: http/tests/security/cors-post-redirect-301.html

http/tests/security/cors-post-redirect-302.html
http/tests/security/cors-post-redirect-307.html
http/tests/security/cors-post-redirect-308.html

  • platform/network/cf/ResourceHandleCFNet.cpp:

(WebCore::ResourceHandle::willSendRequest): Always clear any origin header for cross-origin redirects.

  • platform/network/mac/ResourceHandleMac.mm:

(WebCore::ResourceHandle::willSendRequest): Ditto.

LayoutTests:

  • http/tests/security/cors-post-redirect-301-expected.txt: Added.
  • http/tests/security/cors-post-redirect-301.html: Added.
  • http/tests/security/cors-post-redirect-302-expected.txt: Added.
  • http/tests/security/cors-post-redirect-302.html: Added.
  • http/tests/security/cors-post-redirect-307-expected.txt: Added.
  • http/tests/security/cors-post-redirect-307.html: Added.
  • http/tests/security/cors-post-redirect-308-expected.txt: Added.
  • http/tests/security/cors-post-redirect-308.html: Added.
  • http/tests/security/resources/cors-post-redirect-target.php: Added.

[GTK] New CORS tests from r183280 fail on WebKitGTK+
https://bugs.webkit.org/show_bug.cgi?id=144469

Reviewed by Sergio Villar Senin.

No new tests. This causes failing tests to pass.

  • platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::doRedirect): Clear the origin header on cross-origin redirects.

3:43 AM Changeset in webkit [197275] by Carlos Garcia Campos
  • 6 edits
    4 adds in releases/WebKitGTK/webkit-2.4

Merge r183436 - Form control may be associated with the wrong HTML Form element after form id change
https://bugs.webkit.org/show_bug.cgi?id=133456
<rdar://problem/17095055>

Reviewed by Andy Estes.

Source/WebCore:

Fixes an issue where a form control may be associated with the wrong HTML Form element
after the id of the HTML Form element associated with the form control is changed when
there is more than one HTML Form element with the same id in the document. Specifically,
a form control that has an HTML form attribute value X will always be associated with
some HTML Form element f where f.id = X regardless of whether f.id is subsequently
changed.

Tests: fast/forms/change-form-id-to-be-unique-then-submit-form.html

fast/forms/change-form-id-to-be-unique.html

  • dom/Element.cpp:

(WebCore::Element::attributeChanged): Notify observers when the id of an element changed.
(WebCore::Element::updateId): Added parameter NotifyObservers (defaults to NotifyObservers::Yes),
as to whether we should notify observers of the id change.
(WebCore::Element::updateIdForTreeScope): Ditto.
(WebCore::Element::willModifyAttribute): Do not notify observers of the id change immediately. As
indicated by the name of this method, we plan to modify the DOM attribute id of the element, but
we have not actually modified it when this method is called. Instead we will notify observers
in Element::attributeChanged(), which is called after the DOM attribute id is modified.
(WebCore::Element::cloneAttributesFromElement): Ditto.

  • dom/Element.h: Defined enum class NotifyObservers.
  • dom/TreeScope.cpp:

(WebCore::TreeScope::addElementById): Added boolean parameter notifyObservers (defaults to true)
as to whether we should dispatch a notification to all observers.
(WebCore::TreeScope::removeElementById): Ditto.

  • dom/TreeScope.h:

LayoutTests:

Add tests to ensure that we associate the correct HTML Form element with a
<select> after changing the id of its associated HTML form element.

  • fast/forms/change-form-id-to-be-unique-expected.txt: Added.
  • fast/forms/change-form-id-to-be-unique-then-submit-form-expected.txt: Added.
  • fast/forms/change-form-id-to-be-unique-then-submit-form.html: Added.
  • fast/forms/change-form-id-to-be-unique.html: Added.
3:42 AM Changeset in webkit [197274] by Carlos Garcia Campos
  • 13 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Element::attributeChanged shouldn't do any work when attribute value didn't change
https://bugs.webkit.org/show_bug.cgi?id=129467

Reviewed by Geoffrey Garen.

Exit early in childrenChanged when the attribute value didn't change.

  • dom/Attr.cpp:

(WebCore::Attr::setValue):
(WebCore::Attr::childrenChanged):

  • dom/Element.cpp:

(WebCore::Element::setAttributeInternal):
(WebCore::Element::attributeChanged):
(WebCore::Element::parserSetAttributes):
(WebCore::Element::removeAttributeInternal):
(WebCore::Element::didAddAttribute):
(WebCore::Element::didModifyAttribute):
(WebCore::Element::didRemoveAttribute):
(WebCore::Element::cloneAttributesFromElement):

  • dom/Element.h:
  • dom/StyledElement.cpp:

(WebCore::StyledElement::attributeChanged):

  • dom/StyledElement.h:
  • html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::updateType):

  • mathml/MathMLElement.cpp:

(WebCore::MathMLElement::attributeChanged):

  • mathml/MathMLElement.h:
  • mathml/MathMLSelectElement.cpp:

(WebCore::MathMLSelectElement::attributeChanged):

  • mathml/MathMLSelectElement.h:
  • svg/SVGElement.cpp:

(WebCore::SVGElement::attributeChanged):

  • svg/SVGElement.h:
3:01 AM Changeset in webkit [197273] by Carlos Garcia Campos
  • 5 edits
    3 adds in releases/WebKitGTK/webkit-2.4

Merge r183649 - Javascript using WebSQL can create their own WebKit info table.
<rdar://problem/20688792> and https://bugs.webkit.org/show_bug.cgi?id=144466

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/websql/alter-to-info-table.html

  • Modules/webdatabase/DatabaseBackendBase.cpp:

(WebCore::DatabaseBackendBase::databaseInfoTableName): Return the info table name.
(WebCore::fullyQualifiedInfoTableName): Append "main." to the info table name.
(WebCore::DatabaseBackendBase::DatabaseBackendBase): Use the fully qualified name.
(WebCore::DatabaseBackendBase::performOpenAndVerify): Ditto.
(WebCore::DatabaseBackendBase::getVersionFromDatabase): Ditto.
(WebCore::DatabaseBackendBase::setVersionInDatabase): Ditto.

LayoutTests:

  • storage/websql/alter-to-info-table-expected.txt: Added.
  • storage/websql/alter-to-info-table.html: Added.
  • storage/websql/alter-to-info-table.js: Added.

Build fix after r183646 for less enlightened platforms.

Unreviewed.

  • Modules/webdatabase/DatabaseBackendBase.cpp:

(WebCore::fullyQualifiedInfoTableName): Windows doesn’t have stpcpy :(

2:52 AM Changeset in webkit [197272] by Carlos Garcia Campos
  • 4 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r182067 - FEMorphology::platformApplyGeneric() should bail out if the radius is less than or equal to zero.
https://bugs.webkit.org/show_bug.cgi?id=142885.

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2015-03-27
Reviewed by Dean Jackson.

Source/WebCore:

FEMorphology class implementation code clean up.

Tests: svg/filters/feMorphology-radius-cases.svg

  • platform/graphics/filters/FEMorphology.cpp:

(WebCore::shouldSupersedeExtremum): Reuse code instead of repeating it and
use < and > instead of =< and >=.

(WebCore::pixelArrayIndex): Returns the array index of a pixel in an image
buffer, given: position(x, y), image width and the color channel.

(WebCore::columnExtremum): Returns the extremum of a column of pixels.

(WebCore::kernelExtremum): Returns the extremum of a filter kernel.

(WebCore::FEMorphology::platformApplyGeneric): Apply some code clean-up.
The kernel size should be equal to radius of the filter. The extra pixel
was causing the resulted image to be asymmetric in some cases.

(WebCore::FEMorphology::platformApplyDegenerate):
(WebCore::FEMorphology::platformApplySoftware): After applying scaling, we
still need to check the resulted radius is negative (overflow case) or less
than one (zero radius case) and treat these cases differently.

(WebCore::FEMorphology::morphologyOperator): Deleted.
(WebCore::FEMorphology::radiusX): Deleted.
(WebCore::FEMorphology::radiusY): Deleted.

  • platform/graphics/filters/FEMorphology.h:

(WebCore::FEMorphology::morphologyOperator):
(WebCore::FEMorphology::radiusX):
(WebCore::FEMorphology::radiusY):
Move a single line functions from the source file to the header file.

LayoutTests:

  • svg/filters/feMorphology-radius-cases-expected.svg: Added.
  • svg/filters/feMorphology-radius-cases.svg: Added.

Test different cases for radius of the feMorphology filter. There are three
cases for the radius:

  1. radius < 0: This is an error case, the source image should not be rendered.
  2. radius = 0: This case is treated as if the filter never exists.
  3. radius > 0: If the scaled radius is > 0, the filter is applied.
2:44 AM Changeset in webkit [197271] by Carlos Garcia Campos
  • 3 edits
    4 adds in releases/WebKitGTK/webkit-2.4

Merge r182750 - Canvas drawImage() has a security hole when the image isn't yet fully loaded.
https://bugs.webkit.org/show_bug.cgi?id=58681.

Reviewed by Darin Adler.

Source/WebCore:

There is a race condition which may happen if an image from a different
origin is drawn on a canvas before it finishes loading. The check to taint
the canvas comes before drawing it. This check returns false if the image
is not completely loaded because we check the URL of the resource response.
If after this check and before the drawing, the image finishes loading, the
canvas will not be tainted but the image will be drawn.

The fix is to move the check to taint the canvas after drawing the image.
The only problem with this solution is basically the opposite of this bug:
we will become stricter than before with images which are from a different
origin and before they finish loading. The image has not finished loading,
so we do not draw it. Before we check for tainting, the image finishes
loading. So we decide to taint the canvas even the image is not drawn.

But this should not be a security issue anymore. I personally do not know
if it is even a correctness issue or not.

Test: http/tests/canvas/canvas-tainted-after-draw-image.html

  • html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::drawImage):

LayoutTests:

This test confirms when we load an image from a different origin and try
drawing it on a canvas, the canvas is tainted if the image is completely
loaded and drawn. Otherwise the image is not drawn.

  • http/tests/canvas/canvas-tainted-after-draw-image-expected.txt: Added.
  • http/tests/canvas/canvas-tainted-after-draw-image.html: Added.
  • http/tests/canvas/resources: Added.
  • http/tests/canvas/resources/100x100-lime-rect.svg: Added.

Fix LayoutTests/http/tests/canvas/canvas-tainted-after-draw-image.html on all bots
following http://trac.webkit.org/changeset/182750.

Reviewed by Daniel Bates.

  • http/tests/canvas/canvas-tainted-after-draw-image-expected.txt:
  • http/tests/canvas/canvas-tainted-after-draw-image.html:

Set window.jsTestIsAsync true and call finishJSTest() to make the test
asynchronous, so the "TEST COMPLETE" message will be output after all the
test messages. Also delete the synchronous tests for data url image and
same-domain image since they can't be reliably tested.

2:37 AM Changeset in webkit [197270] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r183398 - Crashes under IDBDatabase::closeConnection
https://bugs.webkit.org/show_bug.cgi?id=141745

Reviewed by Alexey Proskuryakov.

  • Modules/indexeddb/IDBDatabase.cpp:

(WebCore::IDBDatabase::~IDBDatabase): Do the work of close/closeConnection without
actually calling those functions.
(WebCore::IDBDatabase::closeConnection): Protect the database so it's not destroyed
in the middle of this function's execution.

2:35 AM Changeset in webkit [197269] by Carlos Garcia Campos
  • 6 edits in releases/WebKitGTK/webkit-2.4/Source

Merge r180548 - EventHandler references deleted Scrollbar
https://bugs.webkit.org/show_bug.cgi?id=141931
<rdar://problem/19915210>

Reviewed by Tim Horton.

Tested by scrollbars/overflow-custom-scrollbar-crash.html

Update the EventHandler class to use a WeakPtr to reference the
last used Scrollbar, rather than retaining the Scrollbar and
artificially extending its life. This keeps the EventHandler
state in proper sync with the state of the render tree, and
avoids cases where we have destroyed a ScrollableArea (and
Scrollbar) but are still sending messages to a fake zombie
version of the element.

  • page/EventHandler.cpp:

(WebCore::EventHandler::clear):
(WebCore::EventHandler::handleMousePressEvent):
(WebCore::EventHandler::updateMouseEventTargetNode):
(WebCore::EventHandler::updateLastScrollbarUnderMouse):

  • page/EventHandler.h:
  • platform/Scrollbar.cpp:

(WebCore::Scrollbar::Scrollbar): Initialize WeakPtrFactory.

  • platform/Scrollbar.h:

(WebCore::Scrollbar::createWeakPtr): Added,

2:01 AM Changeset in webkit [197268] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r181565 - URLs visited during private browsing show up in WebpageIcons.db
rdar://problem/11254910 and https://bugs.webkit.org/show_bug.cgi?id=142733

Patch by Sam Weinig. Reviewed by Brady Eidson.

  • loader/icon/IconController.cpp:

(WebCore::IconController::startLoader): Bail early here if the page is using an ephemeral session.
(WebCore::IconController::continueLoadWithDecision): Instead of here.

1:51 AM Changeset in webkit [197267] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.4

Merge r182051 - Inline continuation code should not take anonymous containing wrapper granted.
https://bugs.webkit.org/show_bug.cgi?id=133312

Reviewed by Dave Hyatt.

It's wrong to assume that when RenderInline is part of an inline continuation, its containing block
is an anonymous wrapper and its sibling might be a block level renderer.
When the inline continuation is no longer needed, for example when the block level renderer that initiated the continuation
is detached from the render tree, the inline renderes still continue to form continuation.(however they no longer require
anonymous wrappers)

Source/WebCore:

Test: fast/inline/crash-when-position-property-is-changed-and-no-longer-in-continuation.html

  • rendering/RenderInline.cpp:

(WebCore::updateStyleOfAnonymousBlockContinuations):
(WebCore::RenderInline::styleDidChange):

LayoutTests:

  • fast/inline/crash-when-position-property-is-changed-and-no-longer-in-continuation-expected.txt: Added.
  • fast/inline/crash-when-position-property-is-changed-and-no-longer-in-continuation.html: Added.
1:37 AM Changeset in webkit [197266] by Carlos Garcia Campos
  • 4 edits
    4 adds in releases/WebKitGTK/webkit-2.4

Merge r177165 - InstancedArray crashes attempting to draw out of bounds
https://bugs.webkit.org/show_bug.cgi?id=139521
Source/WebCore:

Reviewed by Simon Fraser.

We were not doing index validation correctly for instancing.

Test: fast/canvas/webgl/angle-instanced-arrays-out-of-bounds.html

  • html/canvas/WebGLRenderingContext.cpp:

(WebCore::WebGLRenderingContext::validateVertexAttributes): We need to check
the number of instances drawn against the amount of instance data that has
been provided, taking into account the number of repeats (the divisor).
(WebCore::WebGLRenderingContext::drawArrays): Added some whitespace to make it more clear.
(WebCore::WebGLRenderingContext::validateDrawElements): This needs to take a primcount
parameter so that it can correctly validate the call (when used from drawElementsInstanced).
(WebCore::WebGLRenderingContext::drawElements): New signature to validate.
(WebCore::WebGLRenderingContext::drawArraysInstanced): Rearrange this a bit. The
primcount validation is already being done by the validateDrawArrays call. Also, there
was a bogus UNUSED_PARAM hanging around.
(WebCore::WebGLRenderingContext::drawElementsInstanced): Similar rearrangement. Use
the primcount parameter.

  • html/canvas/WebGLRenderingContext.h:

LayoutTests:

<rdar://problem/17540398>

Reviewed by Simon Fraser.

This is a copy of the official webgl/1.0.3 test.

  • platform/mac-mountainlion/fast/canvas/webgl/angle-instanced-arrays-out-of-bounds-expected.txt: Added. This extension is not available on Mountain Lion.
  • fast/canvas/webgl/angle-instanced-arrays-out-of-bounds-expected.txt: Added.
  • fast/canvas/webgl/angle-instanced-arrays-out-of-bounds.html: Added.
  • fast/canvas/webgl/resources/out-of-bounds-test.js: Added.

(OutOfBoundsTest):

12:01 AM Changeset in webkit [197265] by Nikita Vasilyev
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: DataGrid's resizers aren't horizontally centered
https://bugs.webkit.org/show_bug.cgi?id=154787
<rdar://problem/24876901>

Reviewed by Timothy Hatcher.

  • UserInterface/Views/DataGrid.css:

(.data-grid .resizer):
Use CSS transforms as margin-left doesn't support sub-pixel values.

Note: See TracTimeline for information about the timeline view.