Context Navigation

← Previous Period
Next Period →

Timeline

Mar 8, 2016:

11:59 PM Changeset in webkit [197843] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197577 - Remove use of deprecated sqlite3_expired
https://bugs.webkit.org/show_bug.cgi?id=155025

Reviewed by Tim Horton.

Since we exclusively use sqlite3_prepare_v2 and don't use sqlite3_prepare,
manually checking for expired statements is not necessary.

platform/sql/SQLiteStatement.cpp:

(WebCore::SQLiteStatement::isExpired): Null check the statement, but don't bother

with sqlite3_expired.

11:59 PM Changeset in webkit [197842] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.12

Merge r197576 - Location.reload should not be writable
https://bugs.webkit.org/show_bug.cgi?id=154989

Reviewed by Gavin Barraclough.

Source/JavaScriptCore:

After r196770, operations marked as [Unforgeable] in the IDL (such as
Location.reload) are correctly reported as not writable by
Object.getOwnPropertyDescriptor(). Trying to set such property in JS
is correctly ignored (or throws in strict mode) if the object has
previously been reified. However, due to a bug in putEntry(), it was
still possible to override the property if the object was not reified
yet. This patch fixes the issue by checking in putEntry() that entries
that are functions are not ReadOnly before calling putDirect().

runtime/Lookup.h:

(JSC::putEntry):

LayoutTests:

Add a layout test to verify that operations marked as [Unforgeable] in
IDL are indeed not writable.

fast/html/unforgeable-operations-readonly-expected.txt: Added.
fast/html/unforgeable-operations-readonly.html: Added.

11:45 PM Changeset in webkit [197841] by commit-queue@webkit.org

8 edits in trunk/Source/WebCore

Unreviewed, rolling out r197825.
https://bugs.webkit.org/show_bug.cgi?id=155222

It broke the EFL build. It is not dead code. (Requested by
gyuyoung on #webkit).

Reverted changeset:

"Delete dead scrolling code"
https://bugs.webkit.org/show_bug.cgi?id=155210
http://trac.webkit.org/changeset/197825

11:44 PM Changeset in webkit [197840] by Carlos Garcia Campos

3 edits
4 adds in releases/WebKitGTK/webkit-2.12

Merge r197570 - [iOS] Crash during font loading when injected bundle cancels load
https://bugs.webkit.org/show_bug.cgi?id=155001

Reviewed by Tim Horton.

Source/WebCore:

If a injected bundle cancels the load, the fontLoaded() callback will be
called twice. We can simply detect this condition.

Test: CancelLoading.CancelFontSubresource API test

css/CSSFontFaceSource.cpp:

(WebCore::CSSFontFaceSource::fontLoaded):

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit2/Ahem.ttf: Added.
TestWebKitAPI/Tests/WebKit2/webfont.html: Added.
TestWebKitAPI/Tests/WebKit2Cocoa/CancelFontSubresource.mm: Added.

(-[Myles webView:didFinishNavigation:]):
(TEST):

TestWebKitAPI/Tests/WebKit2Cocoa/CancelFontSubresourcePlugIn.mm: Added.

(-[CancelFontSubresourcePlugIn webProcessPlugIn:didCreateBrowserContextController:]):
(-[CancelFontSubresourcePlugIn webProcessPlugInBrowserContextController:frame:willSendRequestForResource:request:redirectResponse:]):

11:42 PM Changeset in webkit [197839] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197552 - Drop DocumentSharedObjectPool immediately when going into PageCache.
<https://webkit.org/b/154986>

Reviewed by Antti Koivisto.

The DocumentSharedObjectPool is a weirdly efficient little optimization
that deduplicates ElementData during the first 10s of a Document's lifetime.
While it's up, every ElementData created will persist so it can be used for
deduplication.

If a Document goes into the PageCache while its shared object pool is still
alive, we can just kill it right away. This will sometimes allow us to free
a bunch of ElementData sooner.

dom/Document.cpp:

(WebCore::Document::Document):
(WebCore::Document::setInPageCache):
(WebCore::Document::clearSharedObjectPool):
(WebCore::Document::sharedObjectPoolClearTimerFired): Deleted.

dom/Document.h:

11:29 PM Changeset in webkit [197838] by fpizlo@apple.com

2 edits in trunk/Source/WTF

Remove failing assertion. There are strings that claim to be atomic but that the
compiler thread can totally deal with, like the empty string.

Rubber stamped by Mark Lam.

wtf/text/StringImpl.h:

(WTF::StringImpl::ref):
(WTF::StringImpl::deref):

11:28 PM Changeset in webkit [197837] by Carlos Garcia Campos

22 edits
6 adds in releases/WebKitGTK/webkit-2.12

Merge r197549 - DFG/FTL should inline accesses to RegExpObject::m_lastIndex
https://bugs.webkit.org/show_bug.cgi?id=155003

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

The Octane/regexp benchmark sets RegExps' lastIndex a lot. I could imagine this being
something that people want to do. Right now, I'm not convinced that making the RegExp object
be more plain-JS would be a good idea considering that pretty much all uses of it will
require some special compiler magic. Also, it's good that this patch teaches the compiler
how to reason about lastIndex since some of my other plans for regexp involve having the
compiler treat more regexp stuff as intrinsic.

This is a smaller Octane/regexp speed-up than I hoped - maybe around 1%. It's an enormous
speed-up on the microbenchmarks attached to this patch.

dfg/DFGAbstractHeap.h:
dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGHeapLocation.h:
dfg/DFGNodeType.h:
dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compilePutAccessorByVal):
(JSC::DFG::SpeculativeJIT::compileGetRegExpObjectLastIndex):
(JSC::DFG::SpeculativeJIT::compileSetRegExpObjectLastIndex):

dfg/DFGSpeculativeJIT.h:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGStoreBarrierInsertionPhase.cpp:
ftl/FTLAbstractHeapRepository.cpp:
ftl/FTLAbstractHeapRepository.h:
ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
(JSC::FTL::DFG::LowerDFGToB3::compileGetRegExpObjectLastIndex):
(JSC::FTL::DFG::LowerDFGToB3::compileSetRegExpObjectLastIndex):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):
(JSC::FTL::DFG::LowerDFGToB3::lowObject):
(JSC::FTL::DFG::LowerDFGToB3::lowRegExpObject):
(JSC::FTL::DFG::LowerDFGToB3::lowString):

runtime/RegExpObject.h:

(JSC::RegExpObject::createStructure):
(JSC::RegExpObject::offsetOfLastIndex):

LayoutTests:

js/regress/regexp-last-index-expected.txt: Added.
js/regress/regexp-last-index.html: Added.
js/regress/regexp-set-last-index-expected.txt: Added.
js/regress/regexp-set-last-index.html: Added.
js/regress/script-tests/regexp-last-index.js: Added.
js/regress/script-tests/regexp-set-last-index.js: Added.

11:28 PM Changeset in webkit [197836] by Carlos Garcia Campos

1 edit
3 deletes in releases/WebKitGTK/webkit-2.12/LayoutTests

Merge r197547 - Unreviewed, remove test with flaky timeout that doesn't test anything anymore. This test
was relevant back when arguments got torn off; something that we don't do anymore. It
uses a loop that waits for the top-tier compiler to compile it. We don't write tests
like that anymore.

js/dfg-osr-exit-between-create-and-tearoff-arguments-expected.txt: Removed.
js/dfg-osr-exit-between-create-and-tearoff-arguments.html: Removed.
js/script-tests/dfg-osr-exit-between-create-and-tearoff-arguments.js: Removed.

10:27 PM Changeset in webkit [197835] by Chris Dumez

3 edits
2 adds in trunk

Element with maximum tabIndex cannot be returned by nextElementWithGreaterTabIndex()
https://bugs.webkit.org/show_bug.cgi?id=155215

Reviewed by Ryosuke Niwa.

Source/WebCore:

Element with maximum tabIndex cannot be returned by nextElementWithGreaterTabIndex()
due to a bug in r197726. This patch fixes the issue by only comparing
candidate.tabIndex to winningTabIndex if winner is non-null.

Test: fast/events/max-tabindex-focus.html

page/FocusController.cpp:

(WebCore::nextElementWithGreaterTabIndex):

LayoutTests:

Add test to make sure that an Element with a tabIndex equal to
2147483647 (maximum tabIndex) can be focused.

fast/events/max-tabindex-focus-expected.txt: Added.
fast/events/max-tabindex-focus.html: Added.

9:53 PM Changeset in webkit [197834] by ap@apple.com

2 edits in trunk/Tools

Fix iOS Simulator EWS.

Unreviewed build fix.

Scripts/webkitpy/common/config/ports.py:

9:16 PM Changeset in webkit [197833] by fpizlo@apple.com

27 edits
6 adds in trunk

DFG should be able to constant-fold strings
https://bugs.webkit.org/show_bug.cgi?id=155200

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

This adds constant-folding of string1 + string2 and string.length. The actual folding
rule is easy, but there are some gotchas.

The problem is that the DFG cannot allocate new JSString objects until we are on the
main thread. So, DFG IR must have a node for a JSValue string constant that hasn't been
created yet - i.e. it doesn't have any concrete JSValue bits yet.

We have the ability to speak of such things, using LazyJSValue. But that's a class, not
a node type. This patch now adds a node type, LazyJSConstant, which is a Node that holds
a LazyJSValue.

This puts us in a weird situation: AI uses JSValue to represent constants. It would take
a lot of work to change it to use LazyJSValue. So, this implements the constant folding
in StrengthReductionPhase. I created a bug and put a FIXME about moving these rules into
AI.

OTOH, our experience in B3 shows that constant folding in strength reduction is quite
nice. It would totally make sense to have strength reduction have constant folding rules
that mirror the rules in AI, or to factor out the AI constant folding rules, the same
way that B3 factors out those rules into Value methods.

Another issue is how to represent the cumulative result of possibly many foldings. I
initially considered adding LazyJSValue kinds that represented concatenation. Folding
the concatenation to a constant meand that this constant was actually a LazyJSValue that
represented the concatenation of two other things. But this would get super messy if we
wanted to fold an operation that uses the results of another folded operation.

So, the JIT thread folds string operations by creating a WTF::String that contains the
result. The DFG::Graph holds a +1 on the underlying StringImpl, so we can pass the
StringImpl* around without reference counting. The LazyJSValue now has a special kind
that means: we created this StringImpl* on the JIT thread, and once the JIT is done, we
will relinquish ownership of it. LazyJSValue has some magic to emit code for these
to-be-created-JSStrings while also transferring ownership of the StringImpl from the JIT
thread to the main thread and registering the JSString with the GC.

This just implements folding for concatenation and GetArrayLength. It's just a proof of
concept for evil things I want to do later.

This change is a 2.5x speed-up on the string concatenation microbenchmarks I added in
this patch.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGFrozenValue.cpp:

(JSC::DFG::FrozenValue::emptySingleton):
(JSC::DFG::FrozenValue::tryGetString):
(JSC::DFG::FrozenValue::dumpInContext):

dfg/DFGFrozenValue.h:

(JSC::DFG::FrozenValue::strength):

dfg/DFGGraph.h:
dfg/DFGLazyJSValue.cpp:

(JSC::DFG::LazyJSValue::newString):
(JSC::DFG::LazyJSValue::getValue):
(JSC::DFG::equalToStringImpl):
(JSC::DFG::LazyJSValue::tryGetStringImpl):
(JSC::DFG::LazyJSValue::tryGetString):
(JSC::DFG::LazyJSValue::strictEqual):
(JSC::DFG::LazyJSValue::switchLookupValue):
(JSC::DFG::LazyJSValue::emit):
(JSC::DFG::LazyJSValue::dumpInContext):

dfg/DFGLazyJSValue.h:

(JSC::DFG::LazyJSValue::LazyJSValue):
(JSC::DFG::LazyJSValue::knownStringImpl):
(JSC::DFG::LazyJSValue::kind):
(JSC::DFG::LazyJSValue::tryGetValue):
(JSC::DFG::LazyJSValue::character):
(JSC::DFG::LazyJSValue::stringImpl):

dfg/DFGMayExit.cpp:

(JSC::DFG::mayExit):

dfg/DFGNode.cpp:

(JSC::DFG::Node::convertToIdentityOn):
(JSC::DFG::Node::convertToLazyJSConstant):
(JSC::DFG::Node::convertToPutHint):
(JSC::DFG::Node::convertToPutClosureVarHint):
(JSC::DFG::Node::tryGetString):
(JSC::DFG::Node::promotedLocationDescriptor):

dfg/DFGNode.h:

(JSC::DFG::Node::convertToConstant):
(JSC::DFG::Node::convertToConstantStoragePointer):
(JSC::DFG::Node::castConstant):
(JSC::DFG::Node::hasLazyJSValue):
(JSC::DFG::Node::lazyJSValue):
(JSC::DFG::Node::initializationValueForActivation):

dfg/DFGNodeType.h:
dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileSetRegExpObjectLastIndex):
(JSC::DFG::SpeculativeJIT::compileLazyJSConstant):

dfg/DFGSpeculativeJIT.h:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileInt52Constant):
(JSC::FTL::DFG::LowerDFGToB3::compileLazyJSConstant):
(JSC::FTL::DFG::LowerDFGToB3::compileDoubleRep):

Source/WTF:

Also disable assertions about reference counting strings on the JIT thread. We will do
that now and it's OK.

wtf/text/StringImpl.h:

(WTF::StringImpl::ref):
(WTF::StringImpl::deref):

LayoutTests:

js/regress/script-tests/strcat-const.js: Added.

(foo):
(bar):

js/regress/script-tests/strcat-length-const.js: Added.

(foo):
(bar):

js/regress/strcat-const-expected.txt: Added.
js/regress/strcat-const.html: Added.
js/regress/strcat-length-const-expected.txt: Added.
js/regress/strcat-length-const.html: Added.

9:02 PM Changeset in webkit [197832] by commit-queue@webkit.org

3 edits in trunk/Source/WebInspectorUI

Web Inspector: Timelines keeps switching to overview instead of keeping the selected timeline
https://bugs.webkit.org/show_bug.cgi?id=155212
<rdar://problem/25052504>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-08
Reviewed by Timothy Hatcher.

UserInterface/Views/TimelineSidebarPanel.js:

(WebInspector.TimelineSidebarPanel.prototype.saveStateToCookie):
The sidebar was using out of date information in its tree outline causing it to
switch to the wrong sidebar. Use the up to date information from the recording view.

UserInterface/Views/TimelineTabContentView.js:

(WebInspector.TimelineTabContentView.prototype._recordingSelected):
Fix typo not getting the right timeline type.

8:39 PM Changeset in webkit [197831] by weinig@apple.com

7 edits in trunk/Source/WebCore

Stop using the UserContentController for injecting the override style sheet from CaptionUserPreferences
https://bugs.webkit.org/show_bug.cgi?id=155211

Reviewed by Dan Bernstein.

The UserContentController is going to become read only from WebCore's perspective. The CaptionUserPreferences
was relying on being able to set a UserStyleSheet on it, but this was really unnecessary complexity. Simplify
things by storing the style sheet's source directly on the Page and teaching ExtensionStyleSheets about it
explicitly.

dom/ExtensionStyleSheets.cpp:

(WebCore::ExtensionStyleSheets::updateInjectedStyleSheetCache):
If there is a captionUserPreferencesStyleSheet on the page, inject it.

page/CaptionUserPreferences.cpp:

(WebCore::CaptionUserPreferences::updateCaptionStyleSheetOveride):
Greatly simplify the code. Now, all this does is set the style sheet on each page.

page/Page.cpp:

(WebCore::Page::invalidateInjectedStyleSheetCacheInAllFrames):
Extract this out from UserContentController.

(WebCore::Page::setUserContentController):
Call the newly extracted invalidateInjectedStyleSheetCacheInAllFrames().

(WebCore::Page::captionUserPreferencesStyleSheet):
(WebCore::Page::setCaptionUserPreferencesStyleSheet):
Add getter/setter. When setting, invalidate the style sheet cache.

page/Page.h:

Add new members and functions.

page/UserContentController.cpp:

(WebCore::UserContentController::addUserStyleSheet):
(WebCore::UserContentController::removeUserStyleSheet):
(WebCore::UserContentController::removeUserStyleSheets):
(WebCore::UserContentController::removeAllUserContent):
Switch to calling invalidateInjectedStyleSheetCacheInAllFramesInAllPages().

(WebCore::UserContentController::invalidateInjectedStyleSheetCacheInAllFramesInAllPages):
Rename and implement in terms of Page::invalidateInjectedStyleSheetCacheInAllFrames().

page/UserContentController.h:

Rename function.

6:50 PM Changeset in webkit [197830] by aakash_jain@apple.com

2 edits in trunk/Tools

Booting multiple iOS simulator parallely fails sometimes
https://bugs.webkit.org/show_bug.cgi?id=155208
<rdar://problem/25019651>

Reviewed by Darin Adler.

Scripts/webkitpy/port/ios.py:

(IOSSimulatorPort.setup_test_run): Increase the time delay between subsequent
simulator boot.

6:27 PM Changeset in webkit [197829] by weinig@apple.com

2 edits in trunk/Source/WebKit2

Roll r197632 back in now that the bots have caught up.

UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView textInputTraits]):

6:17 PM Changeset in webkit [197828] by ap@apple.com

2 edits in trunk/Tools

Add iOS debug testers to flakiness dashboard
https://bugs.webkit.org/show_bug.cgi?id=155206

Reviewed by Darin Adler.

TestResultServer/static-dashboards/builders.jsonp:

6:06 PM Changeset in webkit [197827] by Joseph Pecoraro

22 edits
3 copies in trunk/Source

Web Inspector: Memory Timeline should show MemoryPressure events
https://bugs.webkit.org/show_bug.cgi?id=155158
<rdar://problem/25026610>

Reviewed by Brian Burg.

Source/JavaScriptCore:

inspector/protocol/Memory.json:

Source/WebCore:

platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::releaseMemory):
When responding to memory pressure, notify page inspectors.

platform/cocoa/MemoryPressureHandlerCocoa.mm:

Remove unused includes.

inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::didHandleMemoryPressureImpl):

inspector/InspectorInstrumentation.h:

(WebCore::InspectorInstrumentation::playbackStarted):
(WebCore::InspectorInstrumentation::playbackPaused):
(WebCore::InspectorInstrumentation::playbackFinished):
(WebCore::InspectorInstrumentation::playbackHitPosition):
(WebCore::InspectorInstrumentation::didHandleMemoryPressure):

inspector/InspectorMemoryAgent.cpp:

(WebCore::InspectorMemoryAgent::didCreateFrontendAndBackend):
(WebCore::InspectorMemoryAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorMemoryAgent::enable):
(WebCore::InspectorMemoryAgent::disable):
(WebCore::InspectorMemoryAgent::didHandleMemoryPressure):

inspector/InspectorMemoryAgent.h:
inspector/InstrumentingAgents.cpp:

(WebCore::InstrumentingAgents::reset):

inspector/InstrumentingAgents.h:

(WebCore::InstrumentingAgents::inspectorMemoryAgent):
(WebCore::InstrumentingAgents::setInspectorMemoryAgent):
Plumbing to notify the right active inspector.

Source/WebInspectorUI:

UserInterface/Main.html:

New resources.

UserInterface/Base/Main.js:

(WebInspector.loaded):

UserInterface/Controllers/MemoryManager.js:

(WebInspector.MemoryManager):
(WebInspector.MemoryManager.prototype.memoryPressure):

UserInterface/Protocol/MemoryObserver.js:

(WebInspector.MemoryObserver.prototype.memoryPressure):
New manager for Memory domain events.

UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager):
(WebInspector.TimelineManager.defaultInstruments):
(WebInspector.TimelineManager.prototype._memoryPressure):

UserInterface/Models/TimelineRecording.js:

(WebInspector.TimelineRecording.prototype.addMemoryPressureEvent):
Add events to the Memory Timeline of the active recording.

UserInterface/Models/MemoryTimeline.js:

(WebInspector.MemoryTimeline.prototype.get memoryPressureEvents):
(WebInspector.MemoryTimeline.prototype.addMemoryPressureEvent):
(WebInspector.MemoryTimeline.prototype.reset):
(WebInspector.MemoryTimeline):

UserInterface/Models/Timeline.js:

(WebInspector.Timeline.create):
Create a specific MemoryTimeline to hold records and memory pressure events.

UserInterface/Models/MemoryPressureEvent.js:

(WebInspector.MemoryPressureEvent):
(WebInspector.MemoryPressureEvent.fromPayload):
(WebInspector.MemoryPressureEvent.prototype.get timestamp):
(WebInspector.MemoryPressureEvent.prototype.get severity):
Model object for a memory pressure event.

UserInterface/Views/MemoryTimelineOverviewGraph.css:

(.timeline-overview-graph.memory .memory-pressure-event):

UserInterface/Views/MemoryTimelineOverviewGraph.js:

(WebInspector.MemoryTimelineOverviewGraph):
(WebInspector.MemoryTimelineOverviewGraph.prototype.reset):
(WebInspector.MemoryTimelineOverviewGraph.prototype._visibleMemoryPressureEvents):
(WebInspector.MemoryTimelineOverviewGraph.prototype._memoryTimelineMemoryPressureEventAdded):
Include markers for memory pressure events.

6:06 PM Changeset in webkit [197826] by Joseph Pecoraro

7 edits
2 adds in trunk

Web Inspector: Add Heap domain start/stop tracking commands
https://bugs.webkit.org/show_bug.cgi?id=155190

Reviewed by Brian Burg.

Source/JavaScriptCore:

inspector/agents/InspectorHeapAgent.cpp:

(Inspector::InspectorHeapAgent::willDestroyFrontendAndBackend):
(Inspector::InspectorHeapAgent::startTracking):
(Inspector::InspectorHeapAgent::stopTracking):

inspector/agents/InspectorHeapAgent.h:
inspector/protocol/Heap.json:

Source/WebInspectorUI:

UserInterface/Protocol/HeapObserver.js:

(WebInspector.HeapObserver.prototype.trackingStart):
(WebInspector.HeapObserver.prototype.trackingComplete):
To be used when we have a HeapAllocationsInstrument and timeline.

LayoutTests:

inspector/heap/tracking-expected.txt: Added.
inspector/heap/tracking.html: Added.

6:05 PM Changeset in webkit [197825] by mmaxfield@apple.com

8 edits in trunk/Source/WebCore

Delete dead scrolling code
https://bugs.webkit.org/show_bug.cgi?id=155210

Reviewed by Simon Fraser.

No new tests because there is no behavior change.

page/FrameView.cpp:

(WebCore::FrameView::layerForScrolling): Deleted.

page/FrameView.h:
page/scrolling/ScrollingCoordinator.cpp:

(WebCore::ScrollingCoordinator::scrollLayerForScrollableArea): Deleted.

page/scrolling/ScrollingCoordinator.h:
platform/ScrollableArea.h:

(WebCore::ScrollableArea::horizontalScrollbar):
(WebCore::ScrollableArea::verticalScrollbar):
(WebCore::ScrollableArea::tiledBacking):
(WebCore::ScrollableArea::layerForHorizontalScrollbar):
(WebCore::ScrollableArea::layerForVerticalScrollbar):
(WebCore::ScrollableArea::layerForScrollCorner):
(WebCore::ScrollableArea::layerForOverhangAreas):
(WebCore::ScrollableArea::layerForScrolling): Deleted.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects): Deleted.

rendering/RenderLayer.h:

5:44 PM Changeset in webkit [197824] by commit-queue@webkit.org

3 edits
1 move in trunk/Source/WebInspectorUI

Web Inspector: Make debugging Test.html easier
https://bugs.webkit.org/show_bug.cgi?id=155207

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-08
Reviewed by Brian Burg.

UserInterface/Base/InspectorFrontendHostStub.js: Renamed from Source/WebInspectorUI/UserInterface/Protocol/InspectorFrontendHostStub.js.

(window.InspectorFrontendHost.WebInspector.InspectorFrontendHostStub.prototype.unbufferedLog):
Add new stub for test function.

UserInterface/Main.html:
UserInterface/Test.html:

Move the stub to the Base directory.

5:40 PM Changeset in webkit [197823] by mmaxfield@apple.com

2 edits in trunk

[EFL] Enable the SVG -> OTF Font Converter
https://bugs.webkit.org/show_bug.cgi?id=155192

Reviewed by Gyuyoung Kim.

Source/cmake/OptionsEfl.cmake:

5:38 PM Changeset in webkit [197822] by commit-queue@webkit.org

10 edits
5 adds in trunk

Web Inspector: Add a way to create a Heap Snapshot
https://bugs.webkit.org/show_bug.cgi?id=155188

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-08
Reviewed by Brian Burg.

Source/JavaScriptCore:

inspector/agents/InspectorHeapAgent.h:
inspector/protocol/Heap.json:
inspector/agents/InspectorHeapAgent.cpp:

(Inspector::InspectorHeapAgent::snapshot):
Take a heap snapshot and return the JSON string result.

inspector/protocol/Debugger.json:

Remove unused optional inferredName. Our displayName would be inferred.

Source/WebInspectorUI:

UserInterface/Main.html:
UserInterface/Test.html:

Add new Model resources.

UserInterface/Models/HeapSnapshot.js: Added.

(WebInspector.HeapSnapshotClassCategory):
(WebInspector.HeapSnapshot):
(WebInspector.HeapSnapshot.fromPayload):
(WebInspector.HeapSnapshot.prototype.get rootNode):
(WebInspector.HeapSnapshot.prototype.get nodes):
(WebInspector.HeapSnapshot.prototype.get identifier):
(WebInspector.HeapSnapshot.prototype.get instances):
(WebInspector.HeapSnapshot.prototype.get categories):
(WebInspector.HeapSnapshot.prototype.get totalSize):
(WebInspector.HeapSnapshot.prototype.get totalObjectCount):
(WebInspector.HeapSnapshot.prototype.instancesWithClassName):
(WebInspector.HeapSnapshot.prototype.nodeWithObjectIdentifier):

UserInterface/Models/HeapSnapshotEdge.js: Added.

(WebInspector.HeapSnapshotEdge):
(WebInspector.HeapSnapshotEdge.prototype.stringify):

UserInterface/Models/HeapSnapshotNode.js: Added.

(WebInspector.HeapSnapshotNode):
Data structures for a HeapSnapshot.

LayoutTests:

inspector/heap/snapshot-expected.txt: Added.
inspector/heap/snapshot.html: Added.

5:05 PM Changeset in webkit [197821] by oliver@apple.com

2 edits in trunk/Source/JavaScriptCore

Fix ios bot build.

5:00 PM Changeset in webkit [197820] by Ryan Haddad

3 edits in trunk/LayoutTests

Move two indexeddb test skips out of wk2/TestExpectations and in to TestExpectations.

Unreviewed test gardening.

TestExpectations:
platform/wk2/TestExpectations:

4:40 PM Changeset in webkit [197819] by andersca@apple.com

2 edits in trunk/Source/WTF

Fix AppKitCompatibilityDeclarations build.

wtf/mac/AppKitCompatibilityDeclarations.h:

Remove duplicate declarations, conditionally define NSTextAlignment and
add a NSWindowStyleMask typedef.

4:25 PM Changeset in webkit [197818] by oliver@apple.com

1 edit in trunk/Source/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp

Build fix

4:21 PM Changeset in webkit [197817] by mark.lam@apple.com

3 edits in trunk/Source/JavaScriptCore

Implement Function.name support for getters/setters and inferring name of function properties.
https://bugs.webkit.org/show_bug.cgi?id=154865

Rubber-stamped by Joseph Pecoraro.

Follow up to the fix for this bug: adding a few small clean-ups for issues Joe
pointed out in the bug.

runtime/JSBoundSlotBaseFunction.cpp:

(JSC::JSBoundSlotBaseFunction::create):

runtime/JSCJSValue.cpp:

(JSC::JSValue::putToPrimitiveByIndex):

4:08 PM Changeset in webkit [197816] by oliver@apple.com

21 edits in trunk

Start moving to separated writable and executable mappings in the JIT
https://bugs.webkit.org/show_bug.cgi?id=155178

Reviewed by Fil Pizlo.

Source/JavaScriptCore:

Start moving to a separate writable and executable heap for the various
JITs.

As part of our work to harden the JIT against various attacks, we're
moving away from our current RWX heap and on to using separate RW and X
mappings. This means that simply leaking the location of the executable
mapping is not sufficient to compromise JSC, so we can continue to
use direct executable pointers in our GC objects (which we need for
performance), but keep the writable pointer in only a single location
so that we are less likely to leak the address. To further obscure the
address of the writable region we place it in an execute only region
of memory so that it is not possible to read the location from
anywhere. That means an attacker must have at least partial control
of PC (to call jitMemCopy) before they can start to attack the JIT.

This work is initially ARM64 only, as we use as the jitMemCopy is
currently specific to that platform's calling conventions and layout.
We're just landing it in the current form so that we can at least
ensure it doesn't regress.

Configurations/FeatureDefines.xcconfig:
assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::ldp):
(JSC::ARM64Assembler::ldnp):
(JSC::ARM64Assembler::fillNops):
(JSC::ARM64Assembler::stp):
(JSC::ARM64Assembler::stnp):
(JSC::ARM64Assembler::replaceWithJump):
(JSC::ARM64Assembler::replaceWithLoad):
(JSC::ARM64Assembler::replaceWithAddressComputation):
(JSC::ARM64Assembler::setPointer):
(JSC::ARM64Assembler::repatchInt32):
(JSC::ARM64Assembler::repatchCompact):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):
(JSC::ARM64Assembler::loadStoreRegisterPairOffset):
(JSC::ARM64Assembler::loadStoreRegisterPairNonTemporal):

assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::allocate):

assembler/LinkBuffer.h:

(JSC::LinkBuffer::LinkBuffer):

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::sub64):
(JSC::MacroAssemblerARM64::load64):
(JSC::MacroAssemblerARM64::loadPair64):
(JSC::MacroAssemblerARM64::loadPair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::load8):
(JSC::MacroAssemblerARM64::store64):
(JSC::MacroAssemblerARM64::storePair64):
(JSC::MacroAssemblerARM64::storePair64WithNonTemporalAccess):
(JSC::MacroAssemblerARM64::store8):
(JSC::MacroAssemblerARM64::branchAdd64):
(JSC::MacroAssemblerARM64::branchSub64):

jit/ExecutableAllocator.h:

(JSC::performJITMemcpy):

jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):

runtime/Options.cpp:

(JSC::recomputeDependentOptions):

runtime/Options.h:

Source/WebCore:

Update feature defines.

Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Update feature defines.

Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Update feature defines.

Configurations/FeatureDefines.xcconfig:

Source/WTF:

Update feature defines.

wtf/FeatureDefines.h:
wtf/Platform.h: ARM64 for now.

Tools:

Making run-jsc-benchmarks slightly happier on my machine.

Scripts/run-jsc-benchmarks:

4:01 PM Changeset in webkit [197815] by mark.lam@apple.com

21 edits
3 adds in trunk

Implement Function.name support for getters/setters and inferring name of function properties.
https://bugs.webkit.org/show_bug.cgi?id=154865

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

toString() no longer uses the value of Function.name as the name of the function in the returned string, because ...

Function.name is supposed to be configurable. Hence, it can be made writable and can be set to any JSValue, or deleted.

Function.prototype.toString() is supposed to produce a string that can be

eval'ed. Hence, for JS functions, the function name in the produced
string must be a legal function name (and not some arbitrary value set in
Function.name). For example, while a number is a legal value for
Function.name, it is not legal as the function name in the toString()
string.

Instead, we'll always use the original name from the JS source that the
function was parsed from.

JSFunction::name() now always return the original name, not the value of the Function.name property. As a result, it also no longer needs an ExecState* arg.

If the original name is an empty string, JSFunction::name() will use the
inferred name.

For JS functions, the original name can be attained from their FunctionExecutable object.

For host/native functions (which do not have a FunctionExecutable), we get the
"original" name from its NativeExecutable.

The m_hostFunctionStubMap now keys its NativeExecutable pointers using the original name, in addition to the native function and constructor pointers.

This is needed because we want a different NativeExecutable for functions with
a different name (to satisfy (3) above).

Changed JSBoundFunction to store the name of its bound function in its NativeExecutable. This will later be used to generate the toString() string. It's Function.name value is eagerly initialized at construction time.

Function.name for getters/setters are now prefixed with "get"/"set". This was done both for the JSBoundSlotBaseFunctions and JS definable get/set functions.

Added InternalFunction::m_originalName so that we can use it to generate the toString() string. We're storing it as a JSString instead of a WTF::String only because we want InternalFunction to be continue to be trivially destructible.

inspector/JSInjectedScriptHost.cpp:

(Inspector::JSInjectedScriptHost::functionDetails):

jit/JITThunks.cpp:

(JSC::JITThunks::finalize):
(JSC::JITThunks::hostFunctionStub):

jit/JITThunks.h:
runtime/Executable.h:
runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncToString):

runtime/InternalFunction.cpp:

(JSC::InternalFunction::finishCreation):
(JSC::InternalFunction::visitChildren):
(JSC::InternalFunction::name):
(JSC::InternalFunction::displayName):

runtime/InternalFunction.h:
runtime/JSBoundFunction.cpp:

(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::visitChildren):
(JSC::JSBoundFunction::toStringName): Deleted.

runtime/JSBoundFunction.h:

(JSC::JSBoundFunction::boundThis):
(JSC::JSBoundFunction::boundArgs):
(JSC::JSBoundFunction::createStructure):

runtime/JSBoundSlotBaseFunction.cpp:

(JSC::boundSlotBaseFunctionCall):
(JSC::JSBoundSlotBaseFunction::create):

runtime/JSFunction.cpp:

(JSC::JSFunction::initializeRareData):
(JSC::JSFunction::name):
(JSC::JSFunction::displayName):
(JSC::JSFunction::calculatedDisplayName):
(JSC::JSFunction::reifyName):

runtime/JSFunction.h:
tests/es6.yaml:

LayoutTests:

js/function-toString-vs-name-expected.txt: Added.
js/function-toString-vs-name.html: Added.
js/script-tests/function-toString-vs-name.js: Added.

3:59 PM Changeset in webkit [197814] by mmaxfield@apple.com

2 edits in trunk

[GTK] Enable the SVG -> OTF Font Converter
https://bugs.webkit.org/show_bug.cgi?id=155191

Reviewed by Martin Robinson.

Source/cmake/OptionsGTK.cmake:

3:58 PM Changeset in webkit [197813] by andersca@apple.com

2 edits in trunk/Tools

Use NSUInteger instead of NSWindowStyleMask.

MiniBrowser/mac/MiniBrowser_Prefix.pch:

3:56 PM Changeset in webkit [197812] by andersca@apple.com

4 edits in trunk/Tools

Fix build.

We intentionally don't use AppKitCompatibilityDeclarations.h here, since we want
MiniBrowser to build without WTF.

MiniBrowser/mac/AppDelegate.m:

(-[BrowserAppDelegate _updateNewWindowKeyEquivalents]):

MiniBrowser/mac/BrowserWindowController.m:

(-[BrowserWindowController windowDidLoad]):

MiniBrowser/mac/MiniBrowser_Prefix.pch:

3:52 PM Changeset in webkit [197811] by mmaxfield@apple.com

12 edits in trunk

Font size computed style is innaccurate
https://bugs.webkit.org/show_bug.cgi?id=154705
<rdar://problem/23474068>

Reviewed by Timothy Hatcher.

Source/WebCore:

Safari rounds the font size value reported to getComputedStyle(). Neither Firefox
nor Chrome do this.

Covered by existing tests.

css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::getFontSizeCSSValuePreferringKeyword):
(WebCore::fontSizeFromStyle):

LayoutTests:

Update expected results.

css3/calc/font-size-fractional-expected.txt:
css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size.html:
css3/viewport-percentage-lengths/viewport-percentage-lengths-relative-font-size-expected.txt:
editing/mac/attributed-string/font-size-expected.txt:
editing/mac/attributed-string/vertical-align-expected.txt:
platform/mac-mavericks/editing/mac/attributed-string/font-size-expected.txt:
platform/mac-mavericks/editing/mac/attributed-string/vertical-align-expected.txt:
platform/mac-yosemite/editing/mac/attributed-string/font-size-expected.txt:
platform/mac-yosemite/editing/mac/attributed-string/vertical-align-expected.txt:

3:44 PM Changeset in webkit [197810] by andersca@apple.com

2 edits
1 add in trunk/Source/WTF

Add AppKit compatibility header
https://bugs.webkit.org/show_bug.cgi?id=155202

Reviewed by Beth Dakin.

WTF.xcodeproj/project.pbxproj:
wtf/mac/AppKitCompatibilityDeclarations.h: Added.

3:31 PM Changeset in webkit [197809] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking storage/domstorage/events/basic-body-attribute.html as flaky on ios-simulator-wk2
https://bugs.webkit.org/show_bug.cgi?id=155201

Unreviewed test gardening.

platform/ios-simulator-wk2/TestExpectations:

3:30 PM Changeset in webkit [197808] by Brent Fulgham

2 edits in trunk/Source/WebKit2

[WK2][Mac] Allow processes to set "fast-dev-casheable" bit in Network Process
https://bugs.webkit.org/show_bug.cgi?id=155189
<rdar://problem/25042678>

Reviewed by Alexey Proskuryakov.

Update the NetworkProcess sandbox profiles with a declaration that using the
system-fctl to touch the "hot file" flag (to support caching operations)
is allowed. I should have done this in Bug 154503, but did not.

NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in: Add sandbox permission.

3:16 PM Changeset in webkit [197807] by adachan@apple.com

3 edits in trunk/Source/WebCore

Enable API related to the video fullscreen layer in MediaPlayerPrivateMediaStreamAVFObjC for Mac.
https://bugs.webkit.org/show_bug.cgi?id=153239

Reviewed by Eric Carlson.

Reuse VideoFullscreenLayerManager to manage moving the video layer between the fullscreen
layer and the inline layer depending on the current presentation mode.

platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC):
Create m_videoFullscreenLayerManager.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer):
Return the video inline layer from the VideoFullscreenLayerManager.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):
Call VideoFullscreenLayerManager::setVideoLayer() with the m_videoBackgroundLayer. To make sure
the preview layer (a sublayer of m_videoBackgroundLayer) resize according to aspect ratio, set
its contents gravity to kCAGravityResizeAspect. Also, set its autoresizing mask so it'll resize
with its superlayer.
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenLayer):
Call VideoFullscreenLayerManager::setVideoFullscreenLayer().
(WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVideoFullscreenFrame):
Call VideoFullscreenLayerManager::setVideoFullscreenFrame().

3:02 PM Changeset in webkit [197806] by commit-queue@webkit.org

5 edits in trunk/Source/WebInspectorUI

Web Inspector: Miscellaneous inspector fixes for typos / stale code
https://bugs.webkit.org/show_bug.cgi?id=155193

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-08
Reviewed by Timothy Hatcher.

UserInterface/Models/SourceCodeLocation.js:

(WebInspector.SourceCodeLocation.prototype._locationString):
Fix whitespace.

UserInterface/Views/ApplicationCacheFrameContentView.js:

(WebInspector.ApplicationCacheFrameContentView):
Remove unused class name.

UserInterface/Views/SourceCodeTextEditor.js:

(WebInspector.SourceCodeTextEditor.prototype._showPopoverForFunction.didGetDetails):
Remove inferredName, as that was never sent by our backend and is getting removed.

UserInterface/Views/TimelineRuler.js:

(WebInspector.TimelineRuler.prototype._handleMouseUp):
Fix variable name typo.

2:29 PM Changeset in webkit [197805] by ap@apple.com

4 edits in trunk/Tools

Add iOS simulator EWS that runs tests
https://bugs.webkit.org/show_bug.cgi?id=155175

Reviewed by Lucas Forschler.

QueueStatusServer/config/queues.py:
Scripts/webkitpy/common/config/ews.json:
Scripts/webkitpy/common/config/ports.py:

2:22 PM Changeset in webkit [197804] by mmaxfield@apple.com

11 edits
2 adds in trunk

[Font Loading] Crash when a single load request causes multiple fonts to fail loading
https://bugs.webkit.org/show_bug.cgi?id=155009

Reviewed by Simon Fraser.

Source/WebCore:

In JavaScript, the first promise fulfillment/failure wins. However, in C++, any
subsequent fulfillments/failures cause a crash.

Test: fast/text/font-face-set-document-multiple-failure.html

css/CSSFontFace.cpp:

(WebCore::iterateClients): Notifying a client may cause some other client
to be destroyed, thereby modifying the clients set. This function allows
for notifying clients in a resilient manner.
(WebCore::CSSFontFace::setStyle): Update to use iterateClients().
(WebCore::CSSFontFace::setWeight): Ditto.
(WebCore::CSSFontFace::setUnicodeRange): Ditto.
(WebCore::CSSFontFace::setVariantLigatures): Ditto.
(WebCore::CSSFontFace::setVariantPosition): Ditto.
(WebCore::CSSFontFace::setVariantCaps): Ditto.
(WebCore::CSSFontFace::setVariantNumeric): Ditto.
(WebCore::CSSFontFace::setVariantAlternates): Ditto.
(WebCore::CSSFontFace::setVariantEastAsian): Ditto.
(WebCore::CSSFontFace::setFeatureSettings): Ditto.
(WebCore::CSSFontFace::setStatus): Ditto.
(WebCore::CSSFontFace::notifyClientsOfFontPropertyChange): Deleted.

css/CSSFontFace.h: Adding a way for clients to make sure they don't register

or deregister another client.

css/CSSFontFaceSet.cpp:

(WebCore::CSSFontFaceSet::guardAgainstClientRegistrationChanges): Simple
ref()/deref() pair.
(WebCore::CSSFontFaceSet::stopGuardingAgainstClientRegistrationChanges):

css/CSSFontFaceSet.h:
css/FontFace.cpp: Ditto.

(WebCore::FontFace::guardAgainstClientRegistrationChanges):
(WebCore::FontFace::stopGuardingAgainstClientRegistrationChanges):

css/FontFace.h:
css/FontFaceSet.cpp:

(WebCore::FontFaceSet::faceFinished): Make sure that we only fulfil or reject
a promise once.

css/FontFaceSet.h:
dom/Document.cpp:

(WebCore::Document::fonts): The CSSFontFaces inside the CSSFontSelector get
created during style recalc. We may be in a state where there is a style
recalc pending. In order to make sure the Javascript API sees the current
state of the world, force a style recalc here (but only if one is pending).

LayoutTests:

fast/text/font-face-set-document-multiple-failure-expected.txt: Added.
fast/text/font-face-set-document-multiple-failure.html: Added.

1:58 PM Changeset in webkit [197803] by commit-queue@webkit.org

21 edits
1 delete in trunk

Unreviewed, rolling out r197793 and r197799.
https://bugs.webkit.org/show_bug.cgi?id=155195

something weird happened while landing this and everything
broke (Requested by olliej on #webkit).

Reverted changesets:

"Start moving to separated writable and executable mappings in
the JIT"
https://bugs.webkit.org/show_bug.cgi?id=155178
http://trac.webkit.org/changeset/197793

"arm64 build fix after r197793."
http://trac.webkit.org/changeset/197799

1:56 PM Changeset in webkit [197802] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155182
<rdar://problem/25040640>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-08
Reviewed by Daniel Bates.

UserInterface/Main.html:

Allow Web Inspector to load file: and blob: image resources.
Also blob: media and font resources.

1:44 PM Changeset in webkit [197801] by Brent Fulgham

2 edits in trunk/Source/WebKit2

[WK2] Grant explicit read access to ManagedPreferences
https://bugs.webkit.org/show_bug.cgi?id=155173
<rdar://problem/24910550>

Reviewed by Alexey Proskuryakov.

Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Add new

read permission.

1:42 PM Changeset in webkit [197800] by Ryan Haddad

2 edits in trunk/LayoutTests

Skip fast/events/prevent-default-prevents-interaction-with-scrollbars.html on ios-simulator

Unreviewed test gardening.

The test relies on mouse events, which are unsupported on ios-simulator.

platform/ios-simulator/TestExpectations:

1:36 PM Changeset in webkit [197799] by achristensen@apple.com

2 edits in trunk/Source/JavaScriptCore

arm64 build fix after r197793.

jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeBulletproofJIT):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
Use consistent ENABLE macro. It looks like it was partially renamed.

1:33 PM Changeset in webkit [197798] by Ryan Haddad

2 edits in trunk/LayoutTests

Skip css3/filters tests that seem to cause a crash on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=153933

Unreviewed test gardening.

platform/ios-simulator/TestExpectations:

1:21 PM Changeset in webkit [197797] by ggaren@apple.com

7 edits
1 add in trunk/Source/bmalloc

Unreviewed, rolling in r197722.
https://bugs.webkit.org/show_bug.cgi?id=155171

The right calculation for our static_assert is actually:

sizeof(SmallChunk) % vmPageSize + 2 * smallMax <= vmPageSize

instead of:

sizeof(SmallChunk) % vmPageSize + smallMax <= vmPageSize

smallMax is not enough because line metadata might require us to begin
allocation at an offset as large as smallMax, so we need 2 * smallMax.

Once correct, this static_assert fires, and we fix it by increasing
the alignment of SmallChunk.

Restored changeset:

"bmalloc: Use List<T> instead of Vector<T> in some places"
https://bugs.webkit.org/show_bug.cgi?id=155150
http://trac.webkit.org/changeset/197722

1:15 PM Changeset in webkit [197796] by fpizlo@apple.com

9 edits
2 adds in trunk/Source/JavaScriptCore

Regexp matching should incur less call overhead
https://bugs.webkit.org/show_bug.cgi?id=155181

Reviewed by Geoffrey Garen.

Previously we had DFG/FTL code call into the DFGOperation, which then called in to
RegExpObject, which then called into createRegExpMatchesArray, which then called into
RegExp, which then called the code generated by Yarr.

Now we have DFG/FTL code call into the DFGOperation, which does all of the things and calls
into code generated by Yarr.

This is another tiny Octane/regexp speed-up.

JavaScriptCore.xcodeproj/project.pbxproj:
dfg/DFGOperations.cpp:
runtime/RegExp.cpp:

(JSC::regExpFlags):
(JSC::RegExp::compile):
(JSC::RegExp::match):
(JSC::RegExp::compileMatchOnly):
(JSC::RegExp::deleteCode):
(JSC::RegExpFunctionalTestCollector::clearRegExp): Deleted.
(JSC::RegExp::compileIfNecessary): Deleted.
(JSC::RegExp::compileIfNecessaryMatchOnly): Deleted.

runtime/RegExp.h:
runtime/RegExpInlines.h: Added.

(JSC::RegExpFunctionalTestCollector::clearRegExp):
(JSC::RegExp::compileIfNecessary):
(JSC::RegExp::matchInline):
(JSC::RegExp::compileIfNecessaryMatchOnly):

runtime/RegExpMatchesArray.cpp:

(JSC::createEmptyRegExpMatchesArray):
(JSC::createStructureImpl):
(JSC::tryCreateUninitializedRegExpMatchesArray): Deleted.
(JSC::createRegExpMatchesArray): Deleted.

runtime/RegExpMatchesArray.h:

(JSC::tryCreateUninitializedRegExpMatchesArray):
(JSC::createRegExpMatchesArray):

runtime/RegExpObject.cpp:

(JSC::RegExpObject::put):
(JSC::RegExpObject::exec):
(JSC::RegExpObject::match):
(JSC::getLastIndexAsUnsigned): Deleted.

runtime/RegExpObject.h:

(JSC::RegExpObject::getLastIndex):
(JSC::RegExpObject::test):
(JSC::RegExpObject::testInline):

runtime/RegExpObjectInlines.h: Added.

(JSC::getRegExpObjectLastIndexAsUnsigned):
(JSC::RegExpObject::execInline):
(JSC::RegExpObject::matchInline):

1:02 PM Changeset in webkit [197795] by andersca@apple.com

12 edits in trunk/Source/WebKit2

Ignore deprecation warnings.

Shared/mac/ChildProcessMac.mm:

(WebKit::ChildProcess::stopNSAppRunLoop):

Shared/mac/WebEventFactory.mm:

(WebKit::mouseButtonForEvent):
(WebKit::mouseEventTypeForEvent):
(WebKit::clickCountForEvent):
(WebKit::globalPointForEvent):
(WebKit::pointForEvent):
(WebKit::textFromEvent):
(WebKit::unmodifiedTextFromEvent):
(WebKit::isKeypadEvent):
(WebKit::isKeyUpEvent):
(WebKit::modifiersForEvent):
(WebKit::WebEventFactory::createWebKeyboardEvent):

UIProcess/API/Cocoa/WKNavigationAction.mm:

(toNSEventModifierFlags):

UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::becomeFirstResponder):
(WebKit::WebViewImpl::updateContentInsetsIfAutomatic):
(WebKit::WebViewImpl::viewDidMoveToWindow):
(WebKit::WebViewImpl::postFakeMouseMovedEventForFlagsChangedEvent):
(WebKit::WebViewImpl::createFullScreenWindow):
(WebKit::WebViewImpl::sendToolTipMouseExited):
(WebKit::WebViewImpl::sendToolTipMouseEntered):
(WebKit::applicationFlagsForDrag):
(WebKit::WebViewImpl::setLastMouseDownEvent):
(WebKit::WebViewImpl::doneWithKeyEvent):
(WebKit::WebViewImpl::collectKeyboardLayoutCommandsForEvent):
(WebKit::WebViewImpl::performKeyEquivalent):

UIProcess/Plugins/mac/PluginProcessProxyMac.mm:

(WebKit::PluginProcessProxy::beginModal):

UIProcess/mac/WebContextMenuProxyMac.mm:

(WebKit::WebContextMenuProxyMac::showContextMenu):

UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::WebInspectorProxy::platformCanAttach):

UIProcess/mac/WebPopupMenuProxyMac.mm:

(WebKit::WebPopupMenuProxyMac::populate):
(WebKit::WebPopupMenuProxyMac::showPopupMenu):

WebProcess/Plugins/PDF/DeprecatedPDFPlugin.mm:

(WebKit::modifierFlagsFromWebEvent):
(WebKit::getEventTypeFromWebEvent):

WebProcess/Plugins/PDF/PDFPluginTextAnnotation.mm:

(WebKit::cssAlignmentValueForNSTextAlignment):

WebProcess/WebCoreSupport/mac/WebDragClientMac.mm:

(WebKit::convertImageToBitmap):

12:57 PM Changeset in webkit [197794] by mark.lam@apple.com

28 edits
2 deletes in trunk/Source

synthesizePrototype() and friends need to be followed by exception checks (or equivalent).
https://bugs.webkit.org/show_bug.cgi?id=155169

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

With the exception checks, we may end up throwing new exceptions over an existing
one that has been thrown but not handled yet, thereby obscuring it. It may also
mean that the VM will continue running on potentially unstable state, which may
have undesirable consequences.

I first observed this in some failed assertion while running tests on a patch for
https://bugs.webkit.org/show_bug.cgi?id=154865.

Performance is neutral with this patch (tested on x86_64).

Deleted JSNotAnObject, and removed all uses of it.

Added exception checks, when needed, following calls to synthesizePrototype() and JSValue::toObject().

The cases that do not need an exception check are the ones that already ensures
that JSValue::toObject() is only called on a value that is convertible to an
object. In those cases, I added an assertion that no exception was thrown
after the call.

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
inspector/ScriptCallStackFactory.cpp:

(Inspector::createScriptCallStackFromException):

interpreter/Interpreter.cpp:
jit/JITOperations.cpp:
llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf):
(JSC::arrayProtoFuncValues):
(JSC::arrayProtoFuncEntries):
(JSC::arrayProtoFuncKeys):

runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

runtime/ExceptionHelpers.cpp:
runtime/JSCJSValue.cpp:

(JSC::JSValue::toObjectSlowCase):
(JSC::JSValue::toThisSlowCase):
(JSC::JSValue::synthesizePrototype):
(JSC::JSValue::putToPrimitive):
(JSC::JSValue::putToPrimitiveByIndex):

runtime/JSCJSValueInlines.h:

(JSC::JSValue::getPropertySlot):
(JSC::JSValue::get):

runtime/JSFunction.cpp:
runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncProtoGetter):

runtime/JSNotAnObject.cpp: Removed.
runtime/JSNotAnObject.h: Removed.
runtime/ObjectConstructor.cpp:

(JSC::objectConstructorDefineProperties):
(JSC::objectConstructorCreate):

runtime/ObjectPrototype.cpp:

(JSC::objectProtoFuncValueOf):
(JSC::objectProtoFuncHasOwnProperty):
(JSC::objectProtoFuncIsPrototypeOf):
(JSC::objectProtoFuncToString):

runtime/VM.cpp:

(JSC::VM::VM):

runtime/VM.h:

Source/WebCore:

No new tests because this issue is covered by existing tests when the fix for
https://bugs.webkit.org/show_bug.cgi?id=154865 lands. That patch is waiting for
this patch to land first so as to not introduce test failures.

Modules/plugins/QuickTimePluginReplacement.mm:

(WebCore::QuickTimePluginReplacement::installReplacement):

bindings/js/JSDeviceMotionEventCustom.cpp:

(WebCore::readAccelerationArgument):
(WebCore::readRotationRateArgument):

bindings/js/JSGeolocationCustom.cpp:

(WebCore::createPositionOptions):

bindings/js/JSHTMLCanvasElementCustom.cpp:

(WebCore::get3DContextAttributes):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateConstructorDefinition):

bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::JSTestEventConstructorConstructor::construct):

contentextensions/ContentExtensionParser.cpp:

(WebCore::ContentExtensions::getTypeFlags):

html/HTMLMediaElement.cpp:

(WebCore::setPageScaleFactorProperty):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):

html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot):

12:53 PM Changeset in webkit [197793] by oliver@apple.com

21 edits
1 add in trunk

Start moving to separated writable and executable mappings in the JIT
https://bugs.webkit.org/show_bug.cgi?id=155178

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

Start moving to a separate writable and executable heap for the various
JITs.

Configurations/FeatureDefines.xcconfig:
assembler/ARM64Assembler.h:

assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::copyCompactAndLinkCode):
(JSC::LinkBuffer::allocate):

assembler/LinkBuffer.h:

(JSC::LinkBuffer::LinkBuffer):

assembler/MacroAssemblerARM64.h:

jit/ExecutableAllocator.h:

(JSC::performJITMemcpy):

jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeBulletproofJIT):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):

runtime/Options.cpp:

(JSC::recomputeDependentOptions):

runtime/Options.h:

Source/WebCore:

Update feature defines.

Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Update feature defines.

Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Update feature defines.

Configurations/FeatureDefines.xcconfig:

Source/WTF:

Update feature defines.

wtf/FeatureDefines.h:
wtf/Platform.h: ARM64 for now.

Tools:

Making run-jsc-benchmarks slightly happier on my machine.

Scripts/run-jsc-benchmarks:

12:35 PM Changeset in webkit [197792] by commit-queue@webkit.org

9 edits
2 deletes in trunk

Unreviewed, rolling out r197766.
https://bugs.webkit.org/show_bug.cgi?id=155183

Has platform-specific code in non-platform files (Requested by
smfr on #webkit).

Reverted changeset:

"AX: Force allow user zoom"
https://bugs.webkit.org/show_bug.cgi?id=155056
http://trac.webkit.org/changeset/197766

12:26 PM Changeset in webkit [197791] by andersca@apple.com

18 edits in trunk/Source/WebKit/mac

Ignore deprecation warnings.

Misc/WebNSEventExtras.m:

(-[NSEvent _web_isKeyEvent:]):
(-[NSEvent _web_isOptionTabKeyEvent]):

Misc/WebNSViewExtras.m:

(-[NSView _web_dragShouldBeginFromMouseDown:withExpiration:xHysteresis:yHysteresis:]):

Plugins/Hosted/NetscapePluginHostProxy.mm:

(WebKit::NetscapePluginHostProxy::beginModal):

Plugins/Hosted/NetscapePluginInstanceProxy.mm:

(WebKit::NetscapePluginInstanceProxy::syntheticKeyDownWithCommandModifier):

Plugins/Hosted/WebHostedNetscapePluginView.mm:

(-[WebHostedNetscapePluginView drawRect:]):

Plugins/WebNetscapePluginEventHandlerCocoa.mm:

(WebNetscapePluginEventHandlerCocoa::syntheticKeyDownWithCommandModifier):

WebCoreSupport/PopupMenuMac.mm:

(PopupMenuMac::populate):
(PopupMenuMac::show):

WebCoreSupport/WebContextMenuClient.mm:

(WebContextMenuClient::showContextMenu):

WebCoreSupport/WebFrameLoaderClient.mm:

(WebFrameLoaderClient::actionDictionary):

WebCoreSupport/WebInspectorClient.mm:

(WebInspectorFrontendClient::canAttach):
(-[WebInspectorWindowController window]):

WebInspector/WebNodeHighlight.mm:

(-[WebNodeHighlight initWithTargetView:inspectorController:]):

WebView/WebFrameView.mm:

(-[WebFrameView keyDown:keyDown:]):

WebView/WebFullScreenController.mm:

(-[WebFullScreenController init]):
(createBackgroundFullscreenWindow):

WebView/WebHTMLView.mm:

(-[WebHTMLView _postFakeMouseMovedEventForFlagsChangedEvent:]):
(-[WebHTMLView _setMouseDownEvent:_setMouseDownEvent:]):
(isQuickLookEvent):
(-[WebHTMLView hitTest:]):
(-[WebHTMLView _sendToolTipMouseExited]):
(-[WebHTMLView _sendToolTipMouseEntered]):
(mouseEventIsPartOfClickOrDrag):
(-[WebHTMLView _updateMouseoverWithEvent:]):
(-[WebHTMLView acceptsFirstResponder]):
(-[WebHTMLView viewDidMoveToWindow]):
(currentKeyboardEvent):
(-[WebHTMLView _handleStyleKeyEquivalent:]):
(-[WebHTMLView _interpretKeyEvent:savingCommands:]):

WebView/WebPDFView.mm:

(-[WebPDFView hitTest:]):
(-[WebPDFView PDFViewWillClickOnLink:withURL:]):
(-[WebPDFView _fakeKeyEventWithFunctionKey:]):

WebView/WebTextCompletionController.mm:

(-[WebTextCompletionController _buildUI]):
(-[WebTextCompletionController _placePopupWindow:]):

WebView/WebView.mm:

(-[WebView applicationFlags:]):

12:18 PM Changeset in webkit [197790] by Beth Dakin

6 edits in trunk/Source/WebCore

Add an event for when touch force changes
https://bugs.webkit.org/show_bug.cgi?id=155143
-and corresponding-
rdar://problem/24068726

Reviewed by Darin Adler.

We will be able to test this once we fix the iOS touch tests.

This patch adds touchforcechange which is a lot like the iOS equivalent of
webkitmouseforcechanged. We had originally hoped to use touchmove to dispatch
force changes, but that turned out to be a compatibility nightmare.

dom/EventNames.h:

(WebCore::EventNames::isTouchEventType):
(WebCore::EventNames::isWheelEventType):
(WebCore::EventNames::touchEventNames):

dom/GlobalEventHandlers.idl:
html/HTMLAttributeNames.in:
html/HTMLElement.cpp:

(WebCore::HTMLElement::createEventHandlerNameMap):

platform/PlatformEvent.h:

12:11 PM Changeset in webkit [197789] by andersca@apple.com

15 edits in trunk/Source/WebCore

Ignore deprecation warnings.

editing/cocoa/HTMLConverter.mm:

(HTMLConverter::computedAttributesForElement):
(HTMLConverter::_addMarkersToList):

page/mac/EventHandlerMac.mm:

(WebCore::EventHandler::keyEvent):
(WebCore::lastEventIsMouseUp):
(WebCore::EventHandler::passSubframeEventToSubframe):
(WebCore::EventHandler::passWheelEventToWidget):
(WebCore::EventHandler::sendFakeEventsAfterWidgetTracking):

page/mac/TextIndicatorWindow.mm:

(WebCore::TextIndicatorWindow::setTextIndicator):

platform/graphics/mac/IconMac.mm:

(WebCore::Icon::paint):

platform/mac/CursorMac.mm:

(WebCore::createCustomCursor):

platform/mac/DragImageMac.mm:

(WebCore::dissolveDragImageToFraction):
(WebCore::createDragImageFromImage):

platform/mac/EventLoopMac.mm:

(WebCore::EventLoop::cycle):

platform/mac/PasteboardMac.mm:

(WebCore::Pasteboard::setDragImage):

platform/mac/PlatformEventFactoryMac.mm:

(WebCore::globalPointForEvent):
(WebCore::pointForEvent):
(WebCore::mouseButtonForEvent):
(WebCore::mouseEventTypeForEvent):
(WebCore::clickCountForEvent):
(WebCore::textFromEvent):
(WebCore::unmodifiedTextFromEvent):
(WebCore::keyIdentifierForKeyEvent):
(WebCore::isKeypadEvent):
(WebCore::windowsKeyCodeForKeyEvent):
(WebCore::isKeyUpEvent):
(WebCore::modifiersForEvent):
(WebCore::PlatformKeyboardEventBuilder::PlatformKeyboardEventBuilder):

platform/mac/ScrollbarThemeMac.mm:

(WebCore::scrollbarControlSizeToNSControlSize):

platform/mac/ThemeMac.mm:

(-[WebCoreThemeView window]):
(WebCore::controlSizeForFont):
(WebCore::controlSizeFromPixelSize):
(WebCore::setUpButtonCell):
(WebCore::stepperControlSizeForFont):
(WebCore::paintStepper):
(WebCore::ThemeMac::minimumControlSize):

platform/mac/WebVideoFullscreenHUDWindowController.mm:

(-[WebVideoFullscreenHUDWindow initWithContentRect:styleMask:backing:defer:]):
(-[WebVideoFullscreenHUDWindow performKeyEquivalent:]):
(-[WebVideoFullscreenHUDWindowController init]):
(-[WebVideoFullscreenHUDWindowController keyDown:]):
(-[WebVideoFullscreenHUDWindowController windowDidLoad]):

platform/mac/WebWindowAnimation.mm:

(WebWindowAnimationDurationFromDuration):

rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::updateCachedSystemFontDescription):
(WebCore::RenderThemeMac::controlSizeForFont):
(WebCore::RenderThemeMac::controlSizeForCell):
(WebCore::RenderThemeMac::controlSizeForSystemFont):
(WebCore::RenderThemeMac::paintProgressBar):
(WebCore::RenderThemeMac::popupMenuSize):
(WebCore::RenderThemeMac::sliderThumbHorizontal):
(WebCore::RenderThemeMac::sliderThumbVertical):

11:33 AM Changeset in webkit [197788] by dbates@webkit.org

5 edits in trunk

Support iterating over an OptionSet and checking if it is empty
https://bugs.webkit.org/show_bug.cgi?id=154941
<rdar://problem/24964187>

Reviewed by Darin Adler.

Source/WTF:

Implements support for iterating over the enumerators in an OptionSet as well as
determining if the set is empty.

Iterating over an OptionSet is in Big Theta(N) where N is the number of items in
the set. More precisely, it is in Big Theta(log M) where M is the bitmask represented
by the bitwise OR-ing of all enumerators in the set.

wtf/OptionSet.h: Added comment to describe the purpose of this class and its invariant -

the enumerators must be positive powers of two.
(WTF::OptionSet::Iterator::operator*): Returns the enumerator pointed to by the iterator.
(WTF::OptionSet::Iterator::operator++): Advance to the next smallest enumerator in the set.
(WTF::OptionSet::Iterator::operator==): Returns whether the iterator is equal to the specified iterator.
(WTF::OptionSet::Iterator::operator!=): Returns whether the iterator is not equal to the specified iterator.
(WTF::OptionSet::Iterator::Iterator): Added.
(WTF::OptionSet::fromRaw): Instantiate using specialized private constructor to allow
instantiation with a raw value of 0.
(WTF::OptionSet::OptionSet): Specialized constructor that asserts that the specified value
is a positive power of two. This variant is only compiled when assertions are enabled (i.e. !ASSERT_DISABLED).
(WTF::OptionSet::isEmpty): Returns whether the set is empty.
(WTF::OptionSet::begin): Returns an iterator to the enumerator with the smallest value in the set.
(WTF::OptionSet::end): Returns an iterator that represents the end sentinel of the set.

Tools:

Add tests to ensure that we do not regression both iteration of an OptionSet and
determining whether an OptionSet is empty.

TestWebKitAPI/Test.h:

(TestWebKitAPI::Util::assertStrongEnum): Helper function to assert two strong enum type for equality.

TestWebKitAPI/Tests/WTF/OptionSet.cpp:

(TestWebKitAPI::TEST):

11:32 AM Changeset in webkit [197787] by adachan@apple.com

5 edits in trunk/Source/WebKit2

Fix lifetime issues regarding WebVideoFullscreenInterfaceMac
https://bugs.webkit.org/show_bug.cgi?id=155130

Reviewed by Beth Dakin.

Now that both fullscreen and video controls manager rely on WebVideoFullscreenInterface,
we now keep track of a "client count" for each context ID so we'll only remove it
from the context map after all the "clients" are done with it.

Before this change, every time WebVideoFullscreenManager::setUpVideoControlsManager()
is called, the existing interface is cleared and a new one is created even when there's
an existing interface for that. With this change, we reuse the existing interface for
the video element.

UIProcess/Cocoa/WebVideoFullscreenManagerProxy.h:
UIProcess/Cocoa/WebVideoFullscreenManagerProxy.mm:

(WebKit::WebVideoFullscreenManagerProxy::invalidate):
Also clear out m_clientCounts.
(WebKit::WebVideoFullscreenManagerProxy::addClientForContext):
If the context ID is not in m_clientCounts yet, add the count of 1 to
that table for that ID. Otherwise, increment the count by 1.
(WebKit::WebVideoFullscreenManagerProxy::removeClientForContext):
Assert that we have added this context id to m_clientCounts before.
Decrement the count. If it reaches 0, remove this context ID from both
m_clientCounts and m_contextMap.
(WebKit::WebVideoFullscreenManagerProxy::setupFullscreenWithID):
We have started a new fullscreen session using this interface. Call
addClientForContext() to update the client count.
(WebKit::WebVideoFullscreenManagerProxy::setUpVideoControlsManagerWithID):
If the current controls manager set up has the same context ID as the one
passed in, we don't have to do anything. Otherwise, if we have set up
the video controls manager with a different ID before, call removeClientForContext()
on the old ID to decrement its client count. Set m_controlsManagerContextId
to the new value and call addClientForContext() with it.
(WebKit::WebVideoFullscreenManagerProxy::didCleanupFullscreen):
Instead of removing the mapping from m_contextMap directly, reset the fullscreen
mode on the interface and call removeClientForContext(), which removes the mapping
only if there's no more client using the interface.

WebProcess/cocoa/WebVideoFullscreenManager.h:
WebProcess/cocoa/WebVideoFullscreenManager.mm:

(WebKit::WebVideoFullscreenManager::~WebVideoFullscreenManager):
Clear m_clientCounts.
(WebKit::WebVideoFullscreenManager::removeContext):
Add a helper method for removing the context.
(WebKit::WebVideoFullscreenManager::addClientForContext):
If the context ID is not in m_clientCounts yet, add the count of 1 to
that table for that ID. Otherwise, increment the count by 1.
(WebKit::WebVideoFullscreenManager::removeClientForContext):
Assert that we have added this context id to m_clientCounts before.
Decrement the count. If it reaches 0, remove this context ID from
m_clientCounts and call removeContext() to clean up this context.
(WebKit::WebVideoFullscreenManager::enterVideoFullscreenForVideoElement):
We have started a new fullscreen session using this interface. Call
addClientForContext() to update the client count. Create a layer hosting
context if it's not there.
(WebKit::WebVideoFullscreenManager::setUpVideoControlsManager):
If we have set up a context for this video element before, see if it's
the one we are currently managing video controls for. If it is, return early.
Otherwise, call removeClientForContext() on the previous m_controlsManagerContextId
and update m_controlsManagerContextId to the context ID of this video element.
If there's no context created for this video element yet, set one up.
Send a SetUpVideoControlsManagerWithID message to the proxy object in the UI process
so it'll update its controls manager context ID. Also, conditionalize all of this
under PLATFORM(MAC) to be consistent with WebVideoFullscreenManagerProxy.
(WebKit::WebVideoFullscreenManager::didCleanupFullscreen):
Just reset the fullscreen mode on the interface and call removeClientForContext() which
only cleans up the context if there's no more client using it.

11:02 AM Changeset in webkit [197786] by Ryan Haddad

2 edits in trunk/LayoutTests

Skip svg/animations/animate-marker-orient-from-angle-to-autostartreverse.html on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=155174

Unreviewed test gardening.

platform/ios-simulator/TestExpectations:

10:58 AM Changeset in webkit [197785] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed attempt to fix the 32bit build after r197782.

platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):

10:57 AM Changeset in webkit [197784] by tonikitoo@webkit.org

3 edits
2 adds in trunk

Scrolling does not work when the mouse down is handled by a node
https://bugs.webkit.org/show_bug.cgi?id=19033

Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/events/prevent-default-prevents-interaction-with-scrollbars-.html

When a mouse press/down event happens on a scrollbar area, but event
is default prevented in the document level, for example, event does not get
properly passed to scrollbars, although it should.

Problem started long ago with r17770, and was improved with r19596.
However, years later, the way Scrollbar* is obtained is still currently different
weither event is default prevented or not.

Patch uniforms the logic for both cases, and fixes the bug.

Note: code before used to look like

if (swallowEvent) {

<code>

} else {

<bleh>
<foo>

}

.. and now looks like

if (!swallowEvent)

<bleh>

<code>

if (!swallowEvent)

<foo>

e.g. document.addEventListener('mousedown', function (e) { e.preventDefault(); });

page/EventHandler.cpp:

(WebCore::scrollbarForMouseEvent):
(WebCore::EventHandler::handleMousePressEvent):

LayoutTests:

fast/events/prevent-default-prevents-interaction-with-scrollbars-expected.txt: Added.
fast/events/prevent-default-prevents-interaction-with-scrollbars.html: Added.

10:54 AM Changeset in webkit [197783] by Sukolsak Sakshuwong

1 edit in trunk/Tools/Scripts/webkitpy/common/config/contributors.json

Unreviewed. Move myself to the reviewers list.

Scripts/webkitpy/common/config/contributors.json:

10:51 AM Changeset in webkit [197782] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed Windows build fix after r197728.

platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):

10:35 AM Changeset in webkit [197781] by msaboff@apple.com

10 edits
3 moves
3 adds in trunk

[ES6] Regular Expression canonicalization tables for Unicode need to be updated to use Unicode CaseFolding.txt
https://bugs.webkit.org/show_bug.cgi?id=155114

Reviewed by Darin Adler.

Source/JavaScriptCore:

Extracted out the Unicode canonicalization table creation from
YarrCanonicalizeUnicode.js into a new Python script, generateYarrCanonicalizeUnicode.
That script generates the Unicode tables as the file YarrCanonicalizeUnicode.cpp in
DerivedSources/JavaScriptCore.

Updated the processing of ignore case to make the ASCII short cuts dependent on whether
or not we are a Unicode pattern.

Renamed yarr/YarrCanonicalizeUnicode.{cpp,js} back to their prior names,
YarrCanonicalizeUCS2.{cpp,js}.
Renamed yarr/YarrCanonicalizeUnicode.h to YarrCanonicalize.h as it declares both the
legacy UCS2 and Unicode tables.

CMakeLists.txt:
DerivedSources.make:
JavaScriptCore.xcodeproj/project.pbxproj:
generateYarrCanonicalizeUnicode: Added.
ucd: Added.
ucd/CaseFolding.txt: Added. The current verion, 8.0, of the Unicode CaseFolding table.
yarr/YarrCanonicalizeUCS2.cpp: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUnicode.cpp.
yarr/YarrCanonicalize.h: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUnicode.h.
yarr/YarrCanonicalizeUCS2.js: Copied from Source/JavaScriptCore/yarr/YarrCanonicalizeUnicode.js.

(printHeader):

yarr/YarrCanonicalizeUnicode.cpp: Removed.
yarr/YarrCanonicalizeUnicode.h: Removed.
yarr/YarrCanonicalizeUnicode.js: Removed.
yarr/YarrInterpreter.cpp:

(JSC::Yarr::Interpreter::tryConsumeBackReference):

yarr/YarrJIT.cpp:
yarr/YarrPattern.cpp:

(JSC::Yarr::CharacterClassConstructor::putChar):

LayoutTests:

Updated test cases.

js/regexp-unicode-expected.txt:
js/script-tests/regexp-unicode.js:

10:19 AM Changeset in webkit [197780] by Ryan Haddad

3 edits
2 deletes in trunk

Unreviewed, rolling out r197765.
https://bugs.webkit.org/show_bug.cgi?id=155172

The test added with this change is failing on all platforms.
(Requested by ryanhaddad on #webkit).

Reverted changeset:

"ImageDocuments leak their world."
https://bugs.webkit.org/show_bug.cgi?id=155167
http://trac.webkit.org/changeset/197765

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-08

10:11 AM Changeset in webkit [197779] by Antti Koivisto

21 edits in trunk/Source/WebCore

Make Element const in ElementRuleCollector
https://bugs.webkit.org/show_bug.cgi?id=155170

Reviewed by Andreas Kling.

More const.

css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::ElementRuleCollector):
(WebCore::ElementRuleCollector::matchAllRules):

css/ElementRuleCollector.h:
css/SelectorChecker.cpp:

(WebCore::SelectorChecker::checkOne):
(WebCore::SelectorChecker::matchesFocusPseudoClass):

cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelationIfResolvingStyle):
(WebCore::SelectorCompiler::addStyleRelationFunction):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateContextFunctionCallTest):
(WebCore::SelectorCompiler::elementIsActive):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
(WebCore::SelectorCompiler::elementIsHovered):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
(WebCore::SelectorCompiler::makeContextStyleUniqueIfNecessaryAndTestIsPlaceholderShown):
(WebCore::SelectorCompiler::isPlaceholderShown):

cssjit/SelectorCompiler.h:
dom/StyledElement.h:

(WebCore::StyledElement::additionalPresentationAttributeStyle):
(WebCore::StyledElement::inlineStyle):
(WebCore::StyledElement::collectStyleForPresentationAttribute):
(WebCore::StyledElement::invalidateStyleAttribute):
(WebCore::StyledElement::presentationAttributeStyle):

html/HTMLTableCellElement.cpp:

(WebCore::HTMLTableCellElement::parseAttribute):
(WebCore::HTMLTableCellElement::additionalPresentationAttributeStyle):

html/HTMLTableCellElement.h:
html/HTMLTableColElement.cpp:

(WebCore::HTMLTableColElement::parseAttribute):
(WebCore::HTMLTableColElement::additionalPresentationAttributeStyle):

html/HTMLTableColElement.h:
html/HTMLTableElement.cpp:

(WebCore::leakBorderStyle):
(WebCore::HTMLTableElement::additionalPresentationAttributeStyle):

html/HTMLTableElement.h:
html/HTMLTableSectionElement.cpp:

(WebCore::HTMLTableSectionElement::create):
(WebCore::HTMLTableSectionElement::additionalPresentationAttributeStyle):

html/HTMLTableSectionElement.h:
inspector/InspectorCSSAgent.cpp:

(WebCore::InspectorCSSAgent::didUnregisterNamedFlowContentElement):
(WebCore::InspectorCSSAgent::forcePseudoState):

inspector/InspectorCSSAgent.h:
inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::pushNodePathToFrontend):
(WebCore::InspectorDOMAgent::boundNodeId):
(WebCore::InspectorDOMAgent::backendNodeIdForNode):

inspector/InspectorDOMAgent.h:
inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::handleMousePressImpl):
(WebCore::InspectorInstrumentation::forcePseudoStateImpl):

inspector/InspectorInstrumentation.h:

(WebCore::InspectorInstrumentation::handleMousePress):
(WebCore::InspectorInstrumentation::forcePseudoState):

10:09 AM Changeset in webkit [197778] by youenn.fablet@crf.canon.fr

5 edits
1 copy in trunk/Source/WebCore

[Fetch API] Commonalize handling of FetchBody by FetchRequest and FetchResponse
https://bugs.webkit.org/show_bug.cgi?id=154959

Reviewed by Darin Adler.

Introducing FetchBodyOwner class as base class of FetchRequest and FetchResponse.
This class is an ActiveDOMObject and is responsible of handling the Body API implemented by Request and Response.

Covered by existing tests.

Modules/fetch/FetchBodyOwner.h: Added.

(WebCore::FetchBodyOwner::isDisturbed):
(WebCore::FetchBodyOwner::arrayBuffer):
(WebCore::FetchBodyOwner::formData):
(WebCore::FetchBodyOwner::blob):
(WebCore::FetchBodyOwner::json):
(WebCore::FetchBodyOwner::text):
(WebCore::FetchBodyOwner::body):
(WebCore::FetchBodyOwner::FetchBodyOwner):

Modules/fetch/FetchRequest.h:

(WebCore::FetchRequest::FetchRequest):

Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::FetchResponse):

Modules/fetch/FetchResponse.h:
WebCore.xcodeproj/project.pbxproj:

10:06 AM Changeset in webkit [197777] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed, fix 32-bit build after r197726.

Also, re-enable static_assert to check the ElementRareData size.

dom/ElementRareData.cpp:

10:03 AM Changeset in webkit [197776] by Ryan Haddad

3 edits in trunk/LayoutTests

Rebaseline WPT reflection tests for ios-simulator after r197726

Unreviewed test gardening.

platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-embedded-expected.txt:
platform/ios-simulator/imported/w3c/web-platform-tests/html/dom/reflection-forms-expected.txt:

9:59 AM Changeset in webkit [197775] by ap@apple.com

2 edits in trunk/Tools

Add debug iOS Simulator bots to the dashboard
https://bugs.webkit.org/show_bug.cgi?id=155157

Reviewed by Darin Adler.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/WebKitBuildbot.js:

9:57 AM Changeset in webkit [197774] by akling@apple.com

2 edits in trunk/Source/JavaScriptCore

WeakBlock::visit() should check for a WeakHandleOwner before consulting mark bits.
<https://webkit.org/b/155154>

Reviewed by Darin Adler.

Reorder the checks in WeakBlock::visit() so we don't look at the mark bits in MarkedBlock
unless the current WeakImpl has a WeakHandleOwner we need to consult.

I was originally hoping to make an optimization that could skip over entire WeakBlocks
if they didn't have a single WeakHandleOwner, but it turns out that scenario is not as
common as I suspected.

heap/WeakBlock.cpp:

(JSC::WeakBlock::visit):

9:55 AM Changeset in webkit [197773] by timothy@apple.com

4 edits in trunk/Source/WebKit2

Web Inspector: Add automation protocol methods for navigation

https://bugs.webkit.org/show_bug.cgi?id=155163
rdar://problem/25029054

Reviewed by Darin Adler.

UIProcess/Automation/Automation.json:
UIProcess/Automation/WebAutomationSession.cpp:

(WebKit::WebAutomationSession::getBrowsingContexts): Set url.
(WebKit::WebAutomationSession::getBrowsingContext): Added.
(WebKit::WebAutomationSession::navigateBrowsingContext): Added.
(WebKit::WebAutomationSession::goBackInBrowsingContext): Added.
(WebKit::WebAutomationSession::goForwardInBrowsingContext): Added.
(WebKit::WebAutomationSession::reloadBrowsingContext): Added.

UIProcess/Automation/WebAutomationSession.h:

9:41 AM Changeset in webkit [197772] by Ryan Haddad

7 edits
1 delete in trunk/Source/bmalloc

Unreviewed, rolling out r197722.
https://bugs.webkit.org/show_bug.cgi?id=155171

This change caused 800+ JSC test failures (Requested by
ryanhaddad on #webkit).

Reverted changeset:

"bmalloc: Use List<T> instead of Vector<T> in some places"
https://bugs.webkit.org/show_bug.cgi?id=155150
http://trac.webkit.org/changeset/197722

Patch by Commit Queue <commit-queue@webkit.org> on 2016-03-08

9:39 AM Changeset in webkit [197771] by Brent Fulgham

2 edits in trunk/Source/WebCore

Unreviewed test fix after r197721.
https://bugs.webkit.org/show_bug.cgi?id=155120
<rdar://problem/25010167>

If a WK1 client turns on the "Resource Load Statistics" debug flag, but
does not supply a data modification handler, we dereference a null function.

loader/ResourceLoadStatisticsStore.cpp:

(WebCore::ResourceLoadStatisticsStore::fireDataModificationHandler): Check
for nullptr function before invoking it.

9:25 AM Changeset in webkit [197770] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed, temporarily comment out static_assert while I investigate.

It still did not build on some platforms.

dom/ElementRareData.cpp:

9:17 AM Changeset in webkit [197769] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed, another build fix after r197726.

dom/ElementRareData.cpp:

9:11 AM Changeset in webkit [197768] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed Windows build fix after r197728.

platform/MemoryPressureHandler.cpp:

9:06 AM Changeset in webkit [197767] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed build fix after r197726.

dom/ElementRareData.cpp:

8:13 AM Changeset in webkit [197766] by n_wang@apple.com

9 edits
2 adds in trunk

AX: Force allow user zoom
https://bugs.webkit.org/show_bug.cgi?id=155056

Reviewed by Chris Fleizach.

Source/WebCore:

Override the maximum scale factor when forceAlwaysUserScalable is true.

Test: accessibility/ios-simulator/force-user-scalable.html

page/ViewportConfiguration.h:

(WebCore::ViewportConfiguration::maximumScale):

testing/Internals.cpp:

(WebCore::Internals::composedTreeAsText):
(WebCore::Internals::setViewportForceAlwaysUserScalable):
(WebCore::Internals::viewportConfigurationMaximumScale):

testing/Internals.h:
testing/Internals.idl:

Source/WebKit2:

Soft linked libAccessibility library so that we can observe the accessibility
setting change for the force always user scalable feature.

WebProcess/WebPage/WebPage.cpp:

(WebKit::forceAlwaysUserScalableChangedCallback):
(WebKit::WebPage::create):
(WebKit::m_shouldDispatchFakeMouseMoveEvents):
(WebKit::WebPage::~WebPage):
(WebKit::WebPage::preferencesDidChange):
(WebKit::WebPage::updateForceAlwaysUserScalable):
(WebKit::WebPage::updatePreferences):

WebProcess/WebPage/WebPage.h:

LayoutTests:

accessibility/ios-simulator/force-user-scalable-expected.txt: Added.
accessibility/ios-simulator/force-user-scalable.html: Added.

7:14 AM Changeset in webkit [197765] by akling@apple.com

3 edits
2 adds in trunk

ImageDocuments leak their world.
<https://webkit.org/b/155167>
<rdar://problem/24987363>

Reviewed by Antti Koivisto.

Source/WebCore:

ImageDocument uses a special code path in ImageLoader in order to manually
control how the image is loaded. It has to do this because the ImageDocument
is really just a synthetic wrapper around a main resource that's an image.

This custom loading code had a bug where it would create a new CachedImage
and neglect to set its CachedResource::m_state flag to Pending (which is
normally set by CachedResource::load(), but we don't call that for these.)

This meant that when ImageDocument called CachedImage::finishLoading() to
trigger the notifyFinished() callback path, the image would look at its
loading state and see that it was Unknown (not Pending), and conclude that
it hadn't loaded yet. So we never got the notifyFinished() signal.

The world leaks here because ImageLoader slaps a ref on its <img> element
while it waits for the loading operation to complete. Once finished, whether
successfully or with an error, it derefs the <img>.

Since we never fired notifyFinished(), we ended up with an extra ref on
these <img> forever, and then the element kept its document alive too.

Test: fast/dom/ImageDocument-world-leak.html

loader/ImageLoader.cpp:

(WebCore::ImageLoader::updateFromElement):

LayoutTests:

Made a little test that loads an image into an <iframe> 10 times and then
triggers a garbage collection and checks that all the documents got destroyed.

Prior to this change, all 10 ImageDocuments would remain alive at the end.

fast/dom/ImageDocument-world-leak-expected.txt: Added.
fast/dom/ImageDocument-world-leak.html: Added.

6:59 AM Changeset in webkit [197764] by Antti Koivisto

30 edits
2 adds in trunk/Source/WebCore

ElementRuleCollector should not mutate document and style
https://bugs.webkit.org/show_bug.cgi?id=155113

Reviewed by Andreas Kling.

Move applying of style relations out of ElementRuleCollector and StyleResolver.
This gets us closer to making StyleResolver const for Element.

CMakeLists.txt:
WebCore.xcodeproj/project.pbxproj:
css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::ElementRuleCollector):

No need for style parameter anymore.

(WebCore::ElementRuleCollector::collectMatchingRules):
(WebCore::ElementRuleCollector::sortAndTransferMatchedRules):
(WebCore::ElementRuleCollector::ruleMatches):

Client will now do the style and element mutations. Just collect the data here.

(WebCore::ElementRuleCollector::collectMatchingRulesForList):
(WebCore::ElementRuleCollector::commitStyleRelations): Deleted.

Moves to StyleRelations.cpp

css/ElementRuleCollector.h:

(WebCore::ElementRuleCollector::hasMatchedRules):
(WebCore::ElementRuleCollector::matchedPseudoElementIds):
(WebCore::ElementRuleCollector::styleRelations):
(WebCore::ElementRuleCollector::didMatchUncommonAttributeSelector):

css/MediaQueryMatcher.cpp:

(WebCore::MediaQueryMatcher::prepareEvaluator):
(WebCore::MediaQueryMatcher::evaluate):

css/SelectorChecker.cpp:

(WebCore::addStyleRelation):
(WebCore::isFirstChildElement):
(WebCore::isFirstOfType):
(WebCore::countElementsBefore):
(WebCore::countElementsOfTypeBefore):
(WebCore::SelectorChecker::matchRecursively):
(WebCore::SelectorChecker::checkOne):

css/SelectorChecker.h:

(WebCore::SelectorChecker::CheckingContext::CheckingContext):

css/StyleMedia.cpp:

(WebCore::StyleMedia::matchMedium):

css/StyleResolver.cpp:

(WebCore::StyleResolver::StyleResolver):
(WebCore::isAtShadowBoundary):
(WebCore::StyleResolver::styleForElement):

Apply the style relations affecting current style immediately.
Pass the rest to the client.

(WebCore::StyleResolver::styleForKeyframe):
(WebCore::StyleResolver::pseudoStyleForElement):
(WebCore::StyleResolver::pseudoStyleRulesForElement):

css/StyleResolver.h:

(WebCore::ElementStyle::ElementStyle):

cssjit/SelectorCompiler.cpp:

(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelationIfResolvingStyle):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateAddStyleRelation):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateSelectorCheckerExcludingPseudoElements):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateDirectAdjacentTreeWalker):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateIndirectAdjacentTreeWalker):
(WebCore::SelectorCompiler::addStyleRelationFunction):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsActive):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsEmpty):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsFirstChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsHovered):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsLastChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsOnlyChild):
(WebCore::SelectorCompiler::makeContextStyleUniqueIfNecessaryAndTestIsPlaceholderShown):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthChildOf):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChild):
(WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementIsNthLastChildOf):

dom/Document.cpp:

(WebCore::Document::styleForElementIgnoringPendingStylesheets):

Apply style relations.

(WebCore::Document::updateLayoutIfDimensionsOutOfDate):

dom/Element.cpp:

(WebCore::Element::styleResolver):
(WebCore::Element::resolveStyle):
(WebCore::Element::didDetachRenderers):
(WebCore::Element::resolveCustomStyle):

Return ElementStyle (which contains style relations along with the render style).
Rename for consistency.

(WebCore::Element::cloneAttributesFromElement):
(WebCore::Element::customStyleForRenderer): Deleted.

dom/Element.h:

(WebCore::Element::isVisibleInViewportChanged):

dom/PseudoElement.cpp:

(WebCore::PseudoElement::clearHostElement):
(WebCore::PseudoElement::resolveCustomStyle):
(WebCore::PseudoElement::didAttachRenderers):
(WebCore::PseudoElement::customStyleForRenderer): Deleted.

dom/PseudoElement.h:
html/HTMLTitleElement.cpp:

(WebCore::HTMLTitleElement::computedTextWithDirection):

html/shadow/SliderThumbElement.cpp:

(WebCore::SliderThumbElement::hostInput):
(WebCore::SliderThumbElement::resolveCustomStyle):
(WebCore::SliderThumbElement::shadowPseudoId):
(WebCore::SliderContainerElement::createElementRenderer):
(WebCore::SliderContainerElement::resolveCustomStyle):
(WebCore::SliderContainerElement::shadowPseudoId):
(WebCore::SliderThumbElement::customStyleForRenderer): Deleted.
(WebCore::SliderContainerElement::customStyleForRenderer): Deleted.

html/shadow/SliderThumbElement.h:
html/shadow/TextControlInnerElements.cpp:

(WebCore::TextControlInnerElement::create):
(WebCore::TextControlInnerElement::resolveCustomStyle):
(WebCore::TextControlInnerTextElement::renderer):
(WebCore::TextControlInnerTextElement::resolveCustomStyle):
(WebCore::TextControlPlaceholderElement::TextControlPlaceholderElement):
(WebCore::TextControlPlaceholderElement::resolveCustomStyle):
(WebCore::TextControlInnerElement::customStyleForRenderer): Deleted.
(WebCore::TextControlInnerTextElement::customStyleForRenderer): Deleted.
(WebCore::TextControlPlaceholderElement::customStyleForRenderer): Deleted.

html/shadow/TextControlInnerElements.h:
rendering/RenderElement.cpp:

(WebCore::RenderElement::getUncachedPseudoStyle):

rendering/RenderNamedFlowFragment.cpp:

(WebCore::RenderNamedFlowFragment::computeStyleInRegion):
(WebCore::RenderNamedFlowFragment::computeChildrenStyleInRegion):

style/StyleRelations.cpp: Added.

(WebCore::Style::commitRelationsToRenderStyle):

Commit relations affecting style that is being computed.

(WebCore::Style::commitRelationsToDocument):

Commit relations that mutate document.

style/StyleRelations.h: Added.

Factor style relation data structures and functions to a file of their own.

(WebCore::Style::Relation::Relation):

style/StyleSharingResolver.cpp:

(WebCore::Style::SharingResolver::styleSharingCandidateMatchesRuleSet):

style/StyleTreeResolver.cpp:

(WebCore::Style::TreeResolver::styleForElement):

Apply style relations.

style/StyleTreeResolver.h:
svg/SVGElement.cpp:

(WebCore::SVGElement::synchronizeSystemLanguage):
(WebCore::SVGElement::resolveCustomStyle):
(WebCore::SVGElement::customStyleForRenderer): Deleted.

svg/SVGElement.h:
svg/SVGElementRareData.h:

(WebCore::SVGElementRareData::overrideComputedStyle):

6:50 AM Changeset in webkit [197763] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197546 - [JSC] Add support for MADD, MSUB and MNEG to Air
https://bugs.webkit.org/show_bug.cgi?id=154997

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-03
Reviewed by Filip Pizlo.

ARM64 can do an Add/Sub in the Multiply units.
LLVM was doing so but we lost that when switching to B3.

This patch adds those instructions in Air.

There are more ALUs than multiply units, thus we are more
likely to successfully schedule a Multiply+Add than 2 Multiply.
I am conservative and only emit a multiply-add if the value
can be interned. As far as I can tell from what is generated
by LLVM, that backend had the same rule.

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::multiplyAdd32):
(JSC::MacroAssemblerARM64::multiplySub32):
(JSC::MacroAssemblerARM64::multiplyNeg32):
(JSC::MacroAssemblerARM64::multiplyAdd64):
(JSC::MacroAssemblerARM64::multiplySub64):
(JSC::MacroAssemblerARM64::multiplyNeg64):

b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::lower):

b3/air/AirOpcode.opcodes:
b3/testb3.cpp:

(JSC::B3::populateWithInterestingValues):
(JSC::B3::floatingPointOperands):
(JSC::B3::int64Operands):
(JSC::B3::int32Operands):
(JSC::B3::testMulAddArgsLeft):
(JSC::B3::testMulAddArgsRight):
(JSC::B3::testMulAddArgsLeft32):
(JSC::B3::testMulAddArgsRight32):
(JSC::B3::testMulSubArgsLeft):
(JSC::B3::testMulSubArgsRight):
(JSC::B3::testMulSubArgsLeft32):
(JSC::B3::testMulSubArgsRight32):
(JSC::B3::testMulNegArgs):
(JSC::B3::testMulNegArgs32):
(JSC::B3::run):

6:28 AM Changeset in webkit [197762] by Carlos Garcia Campos

16 edits
2 copies
2 adds in releases/WebKitGTK/webkit-2.12/Source/bmalloc

Merge r197545 - Unreviewed, rolling in r197174.
https://bugs.webkit.org/show_bug.cgi?id=154762

The right calculation for alignment is actually:

vmAlignment - getpagesize() + vmSize

instead of:

vmAlignment - vmPageSize + vmSize

The vmPageSize might be larger than getpagesize().

Restored changeset:

"bmalloc: Added a fast XLarge allocator"
https://bugs.webkit.org/show_bug.cgi?id=154720
http://trac.webkit.org/changeset/197174

6:23 AM Changeset in webkit [197761] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197542 - Octane/regexp's Exec function should benefit from array length accessor inlining
https://bugs.webkit.org/show_bug.cgi?id=154994

Reviewed by Benjamin Poulain.

It does:

var thingy = blahbitty.blah;
if (thingy)

foo = thingy.length;

So, 'thingy' is SpecArray | SpecOther, which prevents the array length accessor inlining from
kicking in. Our strategy for this elsewhere in the DFG is to allow a one-time speculation that
we won't see SpecOther, since *usually* we see SpecOther mixed with other stuff in cases like
this where there is some null check guarding the code.

This gives another slight speed-up on Octane/regexp.

bytecode/SpeculatedType.h:

(JSC::isCellSpeculation):
(JSC::isCellOrOtherSpeculation):
(JSC::isNotCellSpeculation):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGNode.h:

(JSC::DFG::Node::shouldSpeculateCell):
(JSC::DFG::Node::shouldSpeculateCellOrOther):
(JSC::DFG::Node::shouldSpeculateNotCell):

5:57 AM Changeset in webkit [197760] by Carlos Garcia Campos

8 edits
3 adds in releases/WebKitGTK/webkit-2.12

Merge r197520 - DFG should be able to compile StringReplace
https://bugs.webkit.org/show_bug.cgi?id=154979

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Adds support for StringReplace to the DFG tier. This is a 3% speed-up on Octane/regexp.

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::speculateFinalObject):
(JSC::DFG::SpeculativeJIT::speculateRegExpObject):
(JSC::DFG::SpeculativeJIT::speculateObjectOrOther):

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

jit/JITOperations.h:

LayoutTests:

Add a microbenchmark for a case of StringReplace that we hadn't covered with a microbenchmark
yet: using something absurd for the replace value. This is interesting for implementing the
32_64 version of StringReplace, which gets really weird in the absurd case because of how it
consumes the entire register file while making the call on x86-32.

js/regress/script-tests/string-replace-generic.js: Added.
js/regress/string-replace-generic-expected.txt: Added.
js/regress/string-replace-generic.html: Added.

5:35 AM Changeset in webkit [197759] by Carlos Garcia Campos

8 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197506 - [TextureMapper] Use RGBA format for textures attached to framebuffers
https://bugs.webkit.org/show_bug.cgi?id=154965

Patch by Miguel Gomez <magomez@igalia.com> on 2016-03-03
Reviewed by Žan Doberšek.

Use RGBA format when allocating textures that will be used as framebuffer
attachments. This means adding a new flag to BitmapTexture and modifying
BitmapTextureGL to use the appropriate format according to the flag. Also,
BitmapTexturePool needs to use two vectors to handle both types of textures
separately, as we want to avoid constantly switching the format of a reused
texture.

No new tests since the behavior change is covered by existing tests.

platform/graphics/texmap/BitmapTexture.h: Add new flag.
platform/graphics/texmap/BitmapTextureGL.cpp:

(WebCore::BitmapTextureGL::BitmapTextureGL): Receive flags on constructor and use RGBA
when the FBOAttachment flag is enabled.
(WebCore::BitmapTextureGL::applyFilters): Use FBOAttachemt flag to request a texture.

platform/graphics/texmap/BitmapTextureGL.h: Add flags to the constructor.
platform/graphics/texmap/BitmapTexturePool.cpp: Add a new vector of textures to hold

those in RGBA format.
(WebCore::BitmapTexturePool::acquireTexture): Return a texture for the usage specified
in the incoming flags.
(WebCore::BitmapTexturePool::releaseUnusedTexturesTimerFired): Release textures from
both vectors.
(WebCore::BitmapTexturePool::createTexture): Pass the usage flag when creating a new
texture.

platform/graphics/texmap/BitmapTexturePool.h: Add new texture vector and add flags to

the needed headers.

platform/graphics/texmap/TextureMapper.cpp:

(WebCore::TextureMapper::acquireTextureFromPool): Pass the received flags to the BitmapTexturePool.

platform/graphics/texmap/TextureMapperLayer.cpp:

(WebCore::TextureMapperLayer::paintIntoSurface): Use FBOAttachemt flag to request a texture.

5:31 AM Changeset in webkit [197758] by Carlos Garcia Campos

7 edits
1 add in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197492 - RegExpExec/RegExpTest should not unconditionally speculate cell
https://bugs.webkit.org/show_bug.cgi?id=154901

Reviewed by Benjamin Poulain.

This is a three part change. It all started with a simple goal: end the rage-recompiles in
Octane/regexp by enabling the DFG and FTL to do untyped RegExpExec/RegExpTest. This keeps us
in the optimized code when you do a regexp match on a number, for example.

While implementing this, I realized that DFGOperations.cpp was bad at exception checking. When
it did check for exceptions, it used exec->hadException() instead of vm.exception(). So I
fixed that. I also made sure that the regexp operations checked for exception after doing
toString().

Unfortunately, the introduction of untyped RegExpExec/RegExpTest caused a regression on
Octane/regexp. This was because we were simultaneously scheduling replacement and OSR compiles
of some large functions with the FTL JIT. The OSR compiles were not useful. This was a
regression from the previous changes to make OSR compiles happen sooner. The problem is that
this change also removed the throttling of OSR compiles even in those cases where we suspect
that replacement is more likely. This patch reintroduces that throttling, but only in the
replacement path.

This change ends up being neutral overall.

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):

tests/stress/regexp-exec-effect-after-exception.js: Added.

5:23 AM Changeset in webkit [197757] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197491 - [JSC] JSCell_freeListNext and JSCell_structureID are considered not overlapping
https://bugs.webkit.org/show_bug.cgi?id=154947

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-02
Reviewed by Filip Pizlo.

This bug was discovered while testing https://bugs.webkit.org/show_bug.cgi?id=154894.

The problem was that JSCell_freeListNext and JSCell_structureID were
considered as disjoint. When reordering instructions, the scheduler
could move the write of the StructureID first to reduce dependencies.
This would erase half of JSCell_freeListNext before we get a chance
to load the value.

This patch changes the hierarchy to make sure nothing is written
until JSCell_freeListNext is processed.

All credits for this patch go to Filip.

ftl/FTLAbstractHeapRepository.cpp:

(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):

ftl/FTLAbstractHeapRepository.h:

4:57 AM Changeset in webkit [197756] by Carlos Garcia Campos

8 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197490 - [JSC] Improve Select of Doubles based on Double condition
https://bugs.webkit.org/show_bug.cgi?id=154572

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-02
Reviewed by Filip Pizlo.

Octane has a bunch of Select on Double based on comparing Doubles.
A few nodes generate that: ValueRep, Min, Max, etc.

On ARM64, we can improve our code a lot. ARM can do a select
based on flags with the FCSEL instruction.

On x86, this patch adds aggressive aliasing for moveDoubleConditionallyXXX.
This has obviously a much more limited impact.

assembler/MacroAssembler.h:

(JSC::MacroAssembler::moveDoubleConditionally32): Deleted.
(JSC::MacroAssembler::moveDoubleConditionally64): Deleted.
(JSC::MacroAssembler::moveDoubleConditionallyTest32): Deleted.
(JSC::MacroAssembler::moveDoubleConditionallyTest64): Deleted.
(JSC::MacroAssembler::moveDoubleConditionallyDouble): Deleted.
(JSC::MacroAssembler::moveDoubleConditionallyFloat): Deleted.

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::moveDoubleConditionallyAfterFloatingPointCompare):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyDouble):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyFloat):
(JSC::MacroAssemblerARM64::moveConditionally32):
(JSC::MacroAssemblerARM64::moveDoubleConditionally32):
(JSC::MacroAssemblerARM64::moveDoubleConditionally64):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyTest32):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyTest64):
(JSC::MacroAssemblerARM64::branch64):

assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::moveConditionally32):
(JSC::MacroAssemblerX86Common::moveDoubleConditionally32):
(JSC::MacroAssemblerX86Common::moveDoubleConditionallyTest32):
(JSC::MacroAssemblerX86Common::moveDoubleConditionallyDouble):
(JSC::MacroAssemblerX86Common::moveDoubleConditionallyFloat):

assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::moveDoubleConditionally64):
(JSC::MacroAssemblerX86_64::moveDoubleConditionallyTest64):

b3/air/AirInstInlines.h:

(JSC::B3::Air::Inst::shouldTryAliasingDef):

b3/air/AirOpcode.opcodes:
b3/testb3.cpp:

(JSC::B3::populateWithInterestingValues):
(JSC::B3::floatingPointOperands):
(JSC::B3::int64Operands):
(JSC::B3::int32Operands):
(JSC::B3::testSelectCompareFloat):
(JSC::B3::testSelectCompareFloatToDouble):
(JSC::B3::testSelectDoubleCompareDouble):
(JSC::B3::testSelectDoubleCompareDoubleWithAliasing):
(JSC::B3::testSelectFloatCompareFloat):
(JSC::B3::testSelectFloatCompareFloatWithAliasing):
(JSC::B3::run):

4:21 AM Changeset in webkit [197755] by Carlos Garcia Campos

4 edits
2 adds in releases/WebKitGTK/webkit-2.12

Merge r197486 - Paint table borders on empty cells even in quirks mode.
https://bugs.webkit.org/show_bug.cgi?id=154928

Reviewed by David Hyatt.

Enable border painting for empty cells unless 'empty-cells: hide' is set.
This is inline with FF and Chrome behaviour.

Source/WebCore:

Test: fast/table/border-on-empty-table-cells-quirks-mode.html

rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::paintBoxDecorations):

LayoutTests:

fast/table/border-on-empty-table-cells-quirks-mode-expected.html: Added.
fast/table/border-on-empty-table-cells-quirks-mode.html: Added.

4:07 AM Changeset in webkit [197754] by alex

4 edits in trunk

Unreviewed EFL build fix after r197752.

Tools:

Scripts/webkitperl/FeatureList.pm: Avoid MEDIA_STREAM

compilation by default until EFL bumps gstreamer to 1.6.

LayoutTests:

platform/efl/TestExpectations: Avoid running the mediastream

tests until the support is implemented and compiled by default.

2:58 AM Changeset in webkit [197753] by Csaba Osztrogonác

2 edits in trunk/Source/WebKit2

One more unreviewed speculative buildfix after r197728.

NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::didFinishLoading):
(WebKit::NetworkResourceLoader::continueWillSendRequest):

2:36 AM Changeset in webkit [197752] by alex

7 edits
1 delete in trunk

[GTK] [EFL] Avoid running mediastream tests by default until we compile by default
https://bugs.webkit.org/show_bug.cgi?id=153540

Reviewed by Philippe Normand.

After bumping gstreamer to 1.6.3 in r196804 we can enable again
Tools:

compilation of mediastream and running the tests.

Scripts/run-gtk-tests:

(TestRunner): Enable again the UserMedia API test.

Scripts/webkitperl/FeatureList.pm: Enable the compilation of the

mediastream by default.

gtk/jhbuild-webrtc.modules: Removed the specific jhbuild modules

file.

gtk/jhbuild.modules: Bumped the openwebrtc version to the one we

are currently using.

LayoutTests:

compilation of mediastream and running the tests. We have updated
the expectations accordingly.

platform/efl/TestExpectations:
platform/gtk/TestExpectations:

2:11 AM Changeset in webkit [197751] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197485 - RegExpPrototype should check for exceptions after calling toString and doing so should not be expensive
https://bugs.webkit.org/show_bug.cgi?id=154927

Reviewed by Saam Barati.

While working on regexp optimizations, I found that RegExpPrototype calls toString(), an
effectful operation that could do anything, without then checking for hadException().

So I added a call to hadException().

But that regressed Octane/regexp by 5%! That's a lot! It turns out that
exec->hadException() is soooper slow. So, I made it cheaper to check for exceptions from
toString(): there is now a variant called toStringFast() that returns null iff it throws an
exception.

This allowed me to add the exception check without regressing perf.

Note that toString() must retain its old behavior of returning an empty string on exception.
There is just too much code that relies on that behavior.

runtime/JSCJSValue.cpp:

(JSC::JSValue::isValidCallee):
(JSC::JSValue::toStringSlowCase):
(JSC::JSValue::toWTFStringSlowCase):

runtime/JSCJSValue.h:

(JSC::JSValue::asValue):

runtime/JSString.h:

(JSC::JSValue::toString):
(JSC::JSValue::toStringFast):
(JSC::JSValue::toWTFString):

runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncTest):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncCompile):

1:48 AM Changeset in webkit [197750] by Csaba Osztrogonác

2 edits in trunk/Source/WebKit2

Unreviewed speculative buildfix after r197728.

WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::scheduleLoad):

1:47 AM Changeset in webkit [197749] by Carlos Garcia Campos

14 edits
6 adds in releases/WebKitGTK/webkit-2.12

Merge r197474 - Modern IDB: Close UniqueIDBDatabases once they become unused.
https://bugs.webkit.org/show_bug.cgi?id=154922

Reviewed by Alex Christensen.

Source/WebCore:

Tests: storage/indexeddb/modern/256-open-databases.html

storage/indexeddb/modern/exceed-open-file-limit.html

Without this change, attempts to open a 256th database in the DatabaseProcess will fail on Mac.

Due to SQLite journal files, this limit could come up as early as 128 databases if they are all
in active use.

This is because launchd - by default - limits xpc services to having 256 open file handles by default.

While we should explore raising the limit, we should also close databases we no longer need.

Modules/indexeddb/server/IDBBackingStore.h:

Modules/indexeddb/server/IDBServer.cpp:

(WebCore::IDBServer::IDBServer::closeUniqueIDBDatabase):
(WebCore::IDBServer::IDBServer::deleteUniqueIDBDatabase): Deleted.

Modules/indexeddb/server/IDBServer.h:

Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:

(WebCore::IDBServer::MemoryBackingStoreTransaction::MemoryBackingStoreTransaction):

Modules/indexeddb/server/MemoryIDBBackingStore.cpp:

(WebCore::IDBServer::MemoryIDBBackingStore::getOrEstablishDatabaseInfo):

Modules/indexeddb/server/MemoryIDBBackingStore.h:

Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo):

Modules/indexeddb/server/SQLiteIDBBackingStore.h:

Modules/indexeddb/server/UniqueIDBDatabase.cpp:

(WebCore::IDBServer::UniqueIDBDatabase::UniqueIDBDatabase):
(WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
(WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation): Handle the case where opening

the backing store failed by firing an error event instead of pretending everything is okay.

(WebCore::IDBServer::UniqueIDBDatabase::deleteBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::openBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::didOpenBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::isCurrentlyInUse):
(WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired): If the database is not

currently in use, close it.

(WebCore::IDBServer::UniqueIDBDatabase::inProgressTransactionCompleted):

Modules/indexeddb/server/UniqueIDBDatabase.h:

(WebCore::IDBServer::UniqueIDBDatabase::deletePending): Deleted.

Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:

(WebCore::IDBObjectStoreInfo::isolatedCopy): Actually get this right.

LayoutTests:

platform/mac-wk1/TestExpectations:
storage/indexeddb/modern/256-open-databases-expected.txt: Added.
storage/indexeddb/modern/256-open-databases.html: Added.
storage/indexeddb/modern/exceed-open-file-limit-expected.txt: Added.
storage/indexeddb/modern/exceed-open-file-limit.html: Added.
storage/indexeddb/modern/resources/256-open-databases.js: Added.
storage/indexeddb/modern/resources/exceed-open-file-limit.js: Added.

1:46 AM Changeset in webkit [197748] by youenn.fablet@crf.canon.fr

11 edits
63 adds in trunk

[Fetch API] Implement fetch skeleton
https://bugs.webkit.org/show_bug.cgi?id=155111

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Importing basic fetch api tests.

resources/ImportExpectations: Activating fetch/api/basic import.
web-platform-tests/fetch/api/basic/accept-header-expected.txt: Added.
web-platform-tests/fetch/api/basic/accept-header-worker-expected.txt: Added.
web-platform-tests/fetch/api/basic/accept-header-worker.html: Added.
web-platform-tests/fetch/api/basic/accept-header.html: Added.
web-platform-tests/fetch/api/basic/accept-header.js: Added.

(promise_test):

web-platform-tests/fetch/api/basic/integrity-expected.txt: Added.
web-platform-tests/fetch/api/basic/integrity-worker-expected.txt: Added.
web-platform-tests/fetch/api/basic/integrity-worker.html: Added.
web-platform-tests/fetch/api/basic/integrity.html: Added.
web-platform-tests/fetch/api/basic/integrity.js: Added.

(integrity):

web-platform-tests/fetch/api/basic/mode-no-cors-expected.txt: Added.
web-platform-tests/fetch/api/basic/mode-no-cors-worker-expected.txt: Added.
web-platform-tests/fetch/api/basic/mode-no-cors-worker.html: Added.
web-platform-tests/fetch/api/basic/mode-no-cors.html: Added.
web-platform-tests/fetch/api/basic/mode-no-cors.js: Added.

(fetchNoCors):

web-platform-tests/fetch/api/basic/mode-same-origin-expected.txt: Added.
web-platform-tests/fetch/api/basic/mode-same-origin-worker-expected.txt: Added.
web-platform-tests/fetch/api/basic/mode-same-origin-worker.html: Added.
web-platform-tests/fetch/api/basic/mode-same-origin.html: Added.
web-platform-tests/fetch/api/basic/mode-same-origin.js: Added.

(fetchSameOrigin):

web-platform-tests/fetch/api/basic/request-forbidden-headers-expected.txt: Added.
web-platform-tests/fetch/api/basic/request-forbidden-headers-worker-expected.txt: Added.
web-platform-tests/fetch/api/basic/request-forbidden-headers-worker.html: Added.
web-platform-tests/fetch/api/basic/request-forbidden-headers.html: Added.
web-platform-tests/fetch/api/basic/request-forbidden-headers.js: Added.

(requestForbiddenHeaders):

web-platform-tests/fetch/api/basic/request-headers-expected.txt: Added.
web-platform-tests/fetch/api/basic/request-headers-worker-expected.txt: Added.
web-platform-tests/fetch/api/basic/request-headers-worker.html: Added.
web-platform-tests/fetch/api/basic/request-headers.html: Added.
web-platform-tests/fetch/api/basic/request-headers.js: Added.

(requestHeaders):

web-platform-tests/fetch/api/basic/scheme-about-expected.txt: Added.
web-platform-tests/fetch/api/basic/scheme-about-worker-expected.txt: Added.
web-platform-tests/fetch/api/basic/scheme-about-worker.html: Added.
web-platform-tests/fetch/api/basic/scheme-about.html: Added.
web-platform-tests/fetch/api/basic/scheme-about.js: Added.

(checkFetchResponse):
(checkKoUrl):

web-platform-tests/fetch/api/basic/scheme-blob-expected.txt: Added.
web-platform-tests/fetch/api/basic/scheme-blob-worker-expected.txt: Added.
web-platform-tests/fetch/api/basic/scheme-blob-worker.html: Added.
web-platform-tests/fetch/api/basic/scheme-blob.html: Added.
web-platform-tests/fetch/api/basic/scheme-blob.js: Added.

(checkFetchResponse):
(checkKoUrl):

web-platform-tests/fetch/api/basic/scheme-data-expected.txt: Added.
web-platform-tests/fetch/api/basic/scheme-data-worker-expected.txt: Added.
web-platform-tests/fetch/api/basic/scheme-data-worker.html: Added.
web-platform-tests/fetch/api/basic/scheme-data.html: Added.
web-platform-tests/fetch/api/basic/scheme-data.js: Added.

(checkFetchResponse):
(checkKoUrl):

web-platform-tests/fetch/api/basic/scheme-others-expected.txt: Added.
web-platform-tests/fetch/api/basic/scheme-others-worker-expected.txt: Added.
web-platform-tests/fetch/api/basic/scheme-others-worker.html: Added.
web-platform-tests/fetch/api/basic/scheme-others.html: Added.
web-platform-tests/fetch/api/basic/scheme-others.js: Added.

(checkKoUrl):

web-platform-tests/fetch/api/basic/stream-response-expected.txt: Added.
web-platform-tests/fetch/api/basic/stream-response-worker-expected.txt: Added.
web-platform-tests/fetch/api/basic/stream-response-worker.html: Added.
web-platform-tests/fetch/api/basic/stream-response.html: Added.
web-platform-tests/fetch/api/basic/stream-response.js: Added.

(streamBody):
(promise_test.):
(promise_test):

web-platform-tests/fetch/api/basic/w3c-import.log: Added.

Source/WebCore:

Adding skeleton code to call fetch API from normal and worker scopes.
Fetch API implementation is limited to reject the promise.

Updating the binding generator to fix the case of overloaded promise-returning functions.
Made overloaded utility functions "static inline".

Tests: imported/w3c/web-platform-tests/fetch/api/basic/accept-header-worker.html

imported/w3c/web-platform-tests/fetch/api/basic/accept-header.html
imported/w3c/web-platform-tests/fetch/api/basic/integrity-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/integrity.html
imported/w3c/web-platform-tests/fetch/api/basic/mode-no-cors-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/mode-no-cors.html
imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/mode-same-origin.html
imported/w3c/web-platform-tests/fetch/api/basic/request-forbidden-headers-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/request-forbidden-headers.html
imported/w3c/web-platform-tests/fetch/api/basic/request-headers-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/request-headers.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-about-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-about.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-blob-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-blob.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-data-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-data.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-others-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/scheme-others.html
imported/w3c/web-platform-tests/fetch/api/basic/stream-response-worker.html
imported/w3c/web-platform-tests/fetch/api/basic/stream-response.html

CMakeLists.txt:
DerivedSources.make:
Modules/fetch/DOMWindowFetch.cpp: Added.

(WebCore::DOMWindowFetch::fetch):

Modules/fetch/DOMWindowFetch.h: Added.
Modules/fetch/DOMWindowFetch.idl: Added.
Modules/fetch/WorkerGlobalScopeFetch.cpp: Added.

(WebCore::WorkerGlobalScopeFetch::fetch):

Modules/fetch/WorkerGlobalScopeFetch.h: Added.
Modules/fetch/WorkerGlobalScopeFetch.idl: Added.
WebCore.xcodeproj/project.pbxproj:
bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation): Fixing the case of overloaded promise-returning functions.

bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjPrototypeFunctionOverloadedMethod1):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod2):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod3):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod4):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod5):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod6):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod8):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod11):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod12):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithOptionalParameter1):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethodWithOptionalParameter2):
(WebCore::jsTestObjConstructorFunctionOverloadedMethod11):
(WebCore::jsTestObjConstructorFunctionOverloadedMethod12):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction1):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction1Promise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction2):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction2Promise):
(WebCore::jsTestObjPrototypeFunctionTestPromiseOverloadedFunction):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod): Deleted.
(WebCore::jsTestObjConstructorFunctionClassMethod2): Deleted.
(WebCore::jsTestObjPrototypeFunctionAny): Deleted.
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionPromise): Deleted.
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithFloatArgumentPromise): Deleted.
(WebCore::jsTestObjPrototypeFunctionTestPromiseFunctionWithExceptionPromise): Deleted.

bindings/scripts/test/TestObj.idl:

LayoutTests:

TestExpectations: Marking some tests as flaky.

1:44 AM Changeset in webkit [197747] by Carlos Garcia Campos

1 edit
3 adds in releases/WebKitGTK/webkit-2.12/LayoutTests

Merge r197465 - Add a benchmark for string transcoding.

Rubber stamped by Saam Barati.

I wrote some code like this while working on
https://github.com/WebAssembly/design/pull/573. I thought I'd add it as a benchmark since
it stresses things that we may not have good bench coverage for.

js/regress/script-tests/string-transcoding.js: Added.

(decodeUTF8):
(encodeUTF8):
(arraysEqual):
(arrayToString):
(setHeader):
(print):
(tryArray):
(doSteps):

js/regress/string-transcoding-expected.txt: Added.
js/regress/string-transcoding.html: Added.

1:36 AM Changeset in webkit [197746] by Carlos Garcia Campos

13 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197462 - Use IndentTextOrNot instead of passing isFirstLine/shouldIndentText as bool.
https://bugs.webkit.org/show_bug.cgi?id=154628

Reviewed by Simon Fraser.

No change in behaviour.

rendering/RenderBlock.cpp:

(WebCore::RenderBlock::computeStartPositionDeltaForChildAvoidingFloats):
(WebCore::RenderBlock::logicalLeftSelectionOffset):
(WebCore::RenderBlock::logicalRightSelectionOffset):

rendering/RenderBlock.h:

(WebCore::RenderBlock::availableLogicalWidthForLineInRegion):
(WebCore::RenderBlock::logicalRightOffsetForLineInRegion):
(WebCore::RenderBlock::logicalLeftOffsetForLineInRegion):
(WebCore::RenderBlock::startOffsetForLineInRegion):
(WebCore::RenderBlock::endOffsetForLineInRegion):
(WebCore::RenderBlock::availableLogicalWidthForLine):
(WebCore::RenderBlock::logicalRightOffsetForLine):
(WebCore::RenderBlock::logicalLeftOffsetForLine):
(WebCore::RenderBlock::startOffsetForLine):
(WebCore::RenderBlock::endOffsetForLine):

rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::getClearDelta):

rendering/RenderBlockLineLayout.cpp:

(WebCore::updateLogicalInlinePositions):
(WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange):
(WebCore::RenderBlockFlow::deleteEllipsisLineBoxes):
(WebCore::RenderBlockFlow::checkLinesForTextOverflow):
(WebCore::RenderBlockFlow::startAlignedOffsetForLine):

rendering/RenderBox.cpp:

(WebCore::RenderBox::shrinkLogicalWidthToAvoidFloats):
(WebCore::RenderBox::containingBlockAvailableLineWidthInRegion):

rendering/RenderDeprecatedFlexibleBox.cpp:

(WebCore::RenderDeprecatedFlexibleBox::applyLineClamp):

rendering/RenderListItem.cpp:

(WebCore::RenderListItem::positionListMarker):

rendering/RootInlineBox.cpp:

(WebCore::RootInlineBox::selectionTop):
(WebCore::RootInlineBox::selectionBottom):

rendering/SimpleLineLayout.cpp:

(WebCore::SimpleLineLayout::canUseForWithReason):
(WebCore::SimpleLineLayout::updateLineConstrains):

rendering/line/LineBreaker.cpp:

(WebCore::LineBreaker::skipLeadingWhitespace):

rendering/line/LineWidth.cpp:

(WebCore::LineWidth::shrinkAvailableWidthForNewFloatIfNeeded):
(WebCore::availableWidthAtOffset):

rendering/line/LineWidth.h:

(WebCore::LineWidth::shouldIndentText):

1:31 AM Changeset in webkit [197745] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197446 - [JSC] Use a Move without REX byte when possible
https://bugs.webkit.org/show_bug.cgi?id=154801

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-02
Reviewed by Alex Christensen.

Filip wrote an optimization in the register allocator
to use 32bit "Move" when we don't care about the top bytes.

When I moved the commutative ops to the fake 3 operands instruction
I largely destroyed this since all the "Moves" became full register.

In this patch, I switch back to 32bit "Moves" for 32bit operations.

assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::and32):
(JSC::MacroAssemblerX86Common::lshift32):
(JSC::MacroAssemblerX86Common::mul32):
(JSC::MacroAssemblerX86Common::or32):
(JSC::MacroAssemblerX86Common::rshift32):
(JSC::MacroAssemblerX86Common::urshift32):
(JSC::MacroAssemblerX86Common::xor32):
(JSC::MacroAssemblerX86Common::branchAdd32):
(JSC::MacroAssemblerX86Common::branchMul32):
(JSC::MacroAssemblerX86Common::branchSub32):
(JSC::MacroAssemblerX86Common::move32IfNeeded):

1:10 AM Changeset in webkit [197744] by youenn.fablet@crf.canon.fr

7 edits in trunk/Source/WebCore

[Fetch API] Make FetchRequest and FetchResponse ActiveDOMObject
https://bugs.webkit.org/show_bug.cgi?id=154729

Reviewed by Darin Adler.

Covered by existing tests.

Making FetchRequest and FetchResponse ActiveDOMObject.
Both objects can always be suspended now.
This might be updated when blob conversion is added or when fetching data to fill in FetchResponse.

Modules/fetch/FetchRequest.cpp:

(WebCore::FetchRequest::create):
(WebCore::FetchRequest::clone):
(WebCore::FetchRequest::activeDOMObjectName):
(WebCore::FetchRequest::canSuspendForDocumentSuspension):

Modules/fetch/FetchRequest.h:

(WebCore::FetchRequest::FetchRequest):

Modules/fetch/FetchRequest.idl:
Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::error):
(WebCore::FetchResponse::redirect):
(WebCore::FetchResponse::FetchResponse):
(WebCore::FetchResponse::clone):
(WebCore::FetchResponse::activeDOMObjectName):
(WebCore::FetchResponse::canSuspendForDocumentSuspension):

Modules/fetch/FetchResponse.h:

(WebCore::FetchResponse::create):

Modules/fetch/FetchResponse.idl:

1:08 AM Changeset in webkit [197743] by Carlos Garcia Campos

2 edits
1 add in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197445 - [JSC] Simplify ArithMod(ArithMod(x, const1), const2) if const2 >= const1
https://bugs.webkit.org/show_bug.cgi?id=154904

Reviewed by Saam Barati.

The ASM test "ubench" has a "x % 10 % 255".
The second modulo should be eliminated.

This is a 15% improvement on ASMJS' ubench.

dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

tests/stress/arith-modulo-twice.js: Added.

(opaqueModuloSmaller):
(opaqueModuloEqual):
(opaqueModuloLarger):
(opaqueModuloSmallerNeg):
(opaqueModuloEqualNeg):
(opaqueModuloLargerNeg):
(opaqueExpectedOther):

12:55 AM Changeset in webkit [197742] by timothy@apple.com

3 edits in trunk/Source/WebKit2

Web Inspector: Make WebAutomationSession::closeBrowsingContext work as expected

https://bugs.webkit.org/show_bug.cgi?id=155162
rdar://problem/25027191

Reviewed by Brian Burg.

UIProcess/Automation/WebAutomationSession.cpp:

(WebKit::WebAutomationSession::closeBrowsingContext):
Call closePage, the same method ultimately used by window.close().

UIProcess/WebPageProxy.h: Make closePage public.

12:49 AM Changeset in webkit [197741] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197438 - Simplify some StringBuilder appends
https://bugs.webkit.org/show_bug.cgi?id=154902

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-01
Reviewed by Mark Lam.

runtime/ExceptionHelpers.cpp:

(JSC::notAFunctionSourceAppender):

runtime/SamplingProfiler.cpp:

(JSC::SamplingProfiler::stackTracesAsJSON):
Use StringBuilder::append(char) instead of append(char*) where possible.

12:46 AM Changeset in webkit [197740] by Carlos Garcia Campos

1 edit
3 adds in releases/WebKitGTK/webkit-2.12/LayoutTests

Merge r197417 - FTL should simplify StringReplace with an empty replacement string
https://bugs.webkit.org/show_bug.cgi?id=154871

Reviewed by Michael Saboff.

Really add this new test.

js/regress/script-tests/string-replace-empty.js: Added.
js/regress/string-replace-empty-expected.txt: Added.
js/regress/string-replace-empty.html: Added.

12:38 AM Changeset in webkit [197739] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.12

Merge r197416 - FTL should simplify StringReplace with an empty replacement string
https://bugs.webkit.org/show_bug.cgi?id=154871

Reviewed by Michael Saboff.

This is a simple and hugely profitable change. If we do a string.replace(/things/, ""), then
this calls directly into StringPrototype's replace-with-empty-string logic instead of going
through stuff that does checks before reaching that same conclusion.

This speeds up Octane/regexp by about 6-10%. It also speeds up the attached microbenchmark by
about 7%.

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):

runtime/StringPrototype.cpp:

(JSC::jsSpliceSubstringsWithSeparators):
(JSC::removeUsingRegExpSearch):
(JSC::replaceUsingRegExpSearch):
(JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
(JSC::operationStringProtoFuncReplaceRegExpString):

runtime/StringPrototype.h:

12:20 AM Changeset in webkit [197738] by commit-queue@webkit.org

11 edits
7 adds in trunk

[SVG2] Implement marker orient='auto-start-reverse'
https://bugs.webkit.org/show_bug.cgi?id=138456

Patch by Nikos Andronikos <nikos.andronikos-webkit@cisra.canon.com.au> on 2016-03-08
Reviewed by Darin Adler.

Source/WebCore:

https://www.w3.org/TR/SVG2/painting.html#OrientAttribute
marker-start markers must be oriented at 180 degrees to the direction of the path when
the orient attribute of the marker is set to 'auto-start-reverse'.

To acheive this the SVGMarkerData class which calculates the angles for each marker on
a path must know whether the orient type is set to reverse the start marker.

Tests: svg/animations/animate-marker-orient-from-angle-to-autostartreverse.html

svg/animations/animate-marker-orienttype-4.html
svg/custom/marker-auto-start-reverse.html

rendering/svg/RenderSVGShape.cpp:

(WebCore::RenderSVGShape::processMarkerPositions):

Create marker data, using animated value of orient to determine
if first marker should be reversed.

rendering/svg/SVGMarkerData.h:

(WebCore::SVGMarkerData::SVGMarkerData):

Constructor now requires boolean indicating if start marker is
reversed.

(WebCore::SVGMarkerData::currentAngle):

Take into account whether start marker should be reversed.

rendering/svg/SVGResources.cpp:

(WebCore::SVGResources::markerReverseStart):

New function to query whether start marker should be reversed.

rendering/svg/SVGResources.h: Add declaration for new function.
svg/SVGAnimatedAngle.cpp:

(WebCore::SVGAnimatedAngleAnimator::calculateAnimatedValue):

Support animation including the value auto-start-reverse.

svg/SVGMarkerElement.cpp:

(WebCore::SVGMarkerElement::setOrient):

Combine duplicated functionality into one private method

(WebCore::SVGMarkerElement::setOrientToAuto):

Set orient type and angle correctly for orient=auto. Uses setOrient.

(WebCore::SVGMarkerElement::setOrientToAngle):

Set orient type and angle correctly for orient=<angle>. Uses setOrient.

(WebCore::SVGMarkerElement::synchronizeOrientType):

Support auto-start-reverse as a possible case.

svg/SVGMarkerElement.h:

(WebCore::SVGIDLEnumLimits<SVGMarkerOrientType>::highestExposedEnumValue):

Limit the orient DOM property so that the new enum value
required for auto-start-reverse is not exposed.

(WebCore::SVGPropertyTraits<SVGMarkerOrientType>::highestEnumValue):

Support auto-start-reverse.

(WebCore::SVGPropertyTraits<SVGMarkerOrientType>::fromString):

Support auto-start-reverse.

LayoutTests:

svg/animations/animate-marker-orient-from-angle-to-autostartreverse-expected.txt: Added.
svg/animations/animate-marker-orient-from-angle-to-autostartreverse.html: Added.
svg/animations/animate-marker-orienttype-4-expected.html: Added.
svg/animations/animate-marker-orienttype-4.html: Added. Verify output after animation has run - ensure animation reflected in visual result.
svg/animations/script-tests/animate-marker-orient-from-angle-to-autostartreverse.js: Added. Test DOM values at various snap-shot times throughout the animation.

(sample1):
(sample2):
(sample3):
(executeTest):

svg/custom/marker-auto-start-reverse-expected.html: Added.
svg/custom/marker-auto-start-reverse.html: Added. Verify static result - start marker is oriented at 180 degrees to direction of path.
svg/dom/SVGAnimatedEnumeration-SVGMarkerElement-expected.txt:
svg/dom/script-tests/SVGAnimatedEnumeration-SVGMarkerElement.js: Check attributes are treated as case sensitive. Check UNKNOWN is returned for enum value when auto-start-reverse set.

12:16 AM Changeset in webkit [197737] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197415 - Timer alignment in separate web processes should not all sync up to the same point.
https://bugs.webkit.org/show_bug.cgi?id=154878

Reviewed by Chris Dumez.

For any given WebContent process it is desirable that timers are synchronized to a single
alignment point, but if all WebContent processes align to the same point then there may
be a thundering herd of processes waking up.

page/DOMTimer.cpp:

(WebCore::DOMTimer::alignedFireTime):

align to a randomized point.

12:13 AM Changeset in webkit [197736] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197411 - Unreviewed, fix CLOOP build.

jit/JITOperations.h:

Mar 7, 2016:

11:58 PM Changeset in webkit [197735] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197452 - REGRESSION(r197409): [GTK] Web process always crashes on WebPage construction after r197409
https://bugs.webkit.org/show_bug.cgi?id=154918

Reviewed by Žan Doberšek.

We have an incorrect check in DrawingAreaImpl constructor that has
never actually worked because it uses the page settings before
they were initialized. But that has been fixed in r197409 and now
we are always forcing accelerated compositing mode incorrectly,
because m_alwaysUseCompositing is set in the constructor and never
changed again.

WebProcess/WebPage/DrawingAreaImpl.cpp:

(WebKit::DrawingAreaImpl::DrawingAreaImpl): Remove code to set
settings and m_alwaysUseCompositing, since that should be done in
updatePreferences().
(WebKit::DrawingAreaImpl::updatePreferences): Update the settings
accordingly and always update m_alwaysUseCompositing when AC is
enabled and forced in the settings.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage): WebPage::updatePreferences() calls
DrawingArea::updatePreferences(), but since r197409 it happens
before the drawing area has been created. So, call
DrawingArea::updatePreferences() in the constructor right after
the main frame has been created, since
DrawingArea::updatePreferences() uses the main frame.

11:58 PM Changeset in webkit [197734] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r197409 - REGRESSION (r154616): Accelerated drawing is off during the initial load
<https://webkit.org/b/123812>

Reviewed by Tim Horton.

Source/WebCore:

Robustify the hey-the-Settings-changed callbacks in Page to handle document-less frames.
This is needed because now Settings are changed even before the main Frame has a Document.

page/Page.cpp:

(WebCore::networkStateChanged):
(WebCore::Page::updateStyleForAllPagesAfterGlobalChangeInEnvironment):
(WebCore::Page::takeAnyMediaCanStartListener):
(WebCore::Page::setMediaVolume):
(WebCore::Page::setPageScaleFactor):
(WebCore::Page::invalidateStylesForAllLinks):
(WebCore::Page::invalidateStylesForLink):
(WebCore::Page::dnsPrefetchingStateChanged):
(WebCore::Page::storageBlockingStateChanged):
(WebCore::Page::setMuted):
(WebCore::Page::captionPreferencesChanged):
(WebCore::Page::setSessionID):
(WebCore::Page::setPlaybackTarget):
(WebCore::Page::playbackTargetAvailabilityDidChange):
(WebCore::Page::setShouldPlayToPlaybackTarget):

page/Settings.cpp:

(WebCore::setImageLoadingSettings):

Source/WebKit2:

Load preferences before instantiating the first DrawingArea. This ensures that we do the
initial paint using accelerated drawing, and avoids allocating persistent data structures
only needed by the software rendering path.

WebProcess/WebPage/WebPage.cpp:

11:18 PM Changeset in webkit [197733] by Carlos Garcia Campos

2 edits in trunk/Source/WebKit2

REGRESSION(r197062): [GTK] Transparent backgrounds no longer work after r197062
https://bugs.webkit.org/show_bug.cgi?id=155119

Reviewed by Martin Robinson.

This is because after r197062 we are now realizing the view too
early, even before the toplevel window has been realized, forcing
the toplevel window to be realized. If the RGBA visual is set on
the window after it has been realzied it doesn't have any
effect. We should wait until the toplevel window is realized to
realize the web view, giving time to the application to set RGBA
visual and background color. If the toplevel window is already
realized we realize the web view immediately, so that this doesn't
affect the tearing problems fixed in r197062.

UIProcess/API/gtk/WebKitWebViewBase.cpp:

(toplevelWindowRealized):
(webkitWebViewBaseSetToplevelOnScreenWindow):

11:16 PM Changeset in webkit [197732] by sbarati@apple.com

11 edits
1 copy
2 adds in trunk/Source/JavaScriptCore

[ES6] Implement revocable proxies
https://bugs.webkit.org/show_bug.cgi?id=154321

Reviewed by Mark Lam.

This patch is a straight forward implementation of Proxy.revocable
with respect to section 26.2.2.1 of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy.revocable

This patch also fixes a bug in Proxy where we
were incorrectly caching "in", i.e, "x" in proxy.
We should never blatantly cache this because caching is observable
behavior by users of the language. We could come up with
a smarter caching scheme that caches only if the Proxy's
handler doesn't have a "has" property, i.e, we don't have
to call out to JS code. But for now, it's easiest to disable
caching.

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::moduleRecordStructure):
(JSC::JSGlobalObject::moduleNamespaceObjectStructure):
(JSC::JSGlobalObject::proxyObjectStructure):
(JSC::JSGlobalObject::proxyRevokeStructure):
(JSC::JSGlobalObject::wasmModuleStructure):

runtime/ProxyConstructor.cpp:

(JSC::ProxyConstructor::create):
(JSC::ProxyConstructor::ProxyConstructor):
(JSC::makeRevocableProxy):
(JSC::proxyRevocableConstructorThrowError):
(JSC::ProxyConstructor::finishCreation):
(JSC::constructProxyObject):

runtime/ProxyConstructor.h:

(JSC::ProxyConstructor::createStructure):

runtime/ProxyObject.cpp:

(JSC::ProxyObject::finishCreation):
(JSC::performProxyGet):
(JSC::ProxyObject::performInternalMethodGetOwnProperty):
(JSC::ProxyObject::performHasProperty):
(JSC::ProxyObject::performPut):
(JSC::performProxyCall):
(JSC::performProxyConstruct):
(JSC::ProxyObject::performDelete):
(JSC::ProxyObject::performPreventExtensions):
(JSC::ProxyObject::performIsExtensible):
(JSC::ProxyObject::performDefineOwnProperty):
(JSC::ProxyObject::performGetOwnPropertyNames):
(JSC::ProxyObject::performSetPrototype):
(JSC::ProxyObject::performGetPrototype):
(JSC::ProxyObject::getPrototype):
(JSC::ProxyObject::revoke):
(JSC::ProxyObject::visitChildren):

runtime/ProxyObject.h:

(JSC::ProxyObject::create):

runtime/ProxyRevoke.cpp: Added.

(JSC::ProxyRevoke::create):
(JSC::ProxyRevoke::ProxyRevoke):
(JSC::ProxyRevoke::finishCreation):
(JSC::performProxyRevoke):
(JSC::ProxyRevoke::getCallData):
(JSC::ProxyRevoke::visitChildren):

runtime/ProxyRevoke.h: Added.

(JSC::ProxyRevoke::createStructure):
(JSC::ProxyRevoke::proxy):
(JSC::ProxyRevoke::setProxyToNull):

tests/stress/proxy-has-property.js:

(assert):
(assert.let.handler.has):
(assert.let.foo):

tests/stress/proxy-revoke.js: Added.

(assert):
(throw.new.Error.):
(throw.new.Error):
(callAllHandlers):
(shouldThrowNullHandler):
(allHandlersShouldThrow):
(i.let.trap.of.traps.trap.string_appeared_here.func):
(i.let.trap.of.traps.else.func):
(i.Proxy.revocable):

11:09 PM Changeset in webkit [197731] by Csaba Osztrogonác

2 edits in trunk/Source/JavaScriptCore

Fix the ARM build after r197687
https://bugs.webkit.org/show_bug.cgi?id=155128

Reviewed by Saam Barati.

assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::moveZeroToDouble):

10:55 PM Changeset in webkit [197730] by fpizlo@apple.com

3 edits in trunk/Source/JavaScriptCore

Reduce the number of instructions needed to record the last regexp result
https://bugs.webkit.org/show_bug.cgi?id=155161

Reviewed by Sam Weinig.

This tightens up RegExpCachedResult::record(). My profiling shows that we spend just
over 1% of the time in Octane/regexp in this function. This function had two obvious
redundancies:

1) It executed the write barrier on owner twice. It only needs to execute it once. Since

the same RegExpConstructor is likely to be used many times, it makes sense to do the
barrier without looking at the 'to' objects at all. In steady state, this means that
the RegExpConstructor will simply be OldGrey so this one barrier will always skip the
slow path.

2) It cleared some fields that didn't need to be cleared, since we can just use

m_reified to indicate that the fields are not meaningful anymore.

This is meant to be a microscopic regexp speed-up.

runtime/RegExpCachedResult.cpp:

(JSC::RegExpCachedResult::visitChildren):
(JSC::RegExpCachedResult::lastResult):

runtime/RegExpCachedResult.h:

(JSC::RegExpCachedResult::record):

10:53 PM Changeset in webkit [197729] by fpizlo@apple.com

3 edits in trunk/Source/JavaScriptCore

createRegExpMatchesArray should allocate substrings more quickly
https://bugs.webkit.org/show_bug.cgi?id=155160

Reviewed by Sam Weinig.

This was calling a version of jsSubstring() that isn't inlineable because it was doing a lot
of checks in finishCreation(). In particular, it was checking that the base string is not
itself a substring and that it's been resolved. We don't need those checks here, since the
string must have been resolved prior to regexp processing.

This patch is also smart about whether to do checks for the empty and full substrings. In
the matches array loop, these checks are super unlikely to be profitable, so we just
unconditionally allocate the substring.

This removes those checks and makes the allocation inlineable. It looks like a 1% speed-up
on Octane/regexp.

runtime/JSString.h:

(JSC::jsSubstring):
(JSC::jsSubstringOfResolved):

runtime/RegExpMatchesArray.cpp:

(JSC::createRegExpMatchesArray):

10:44 PM Changeset in webkit [197728] by commit-queue@webkit.org

25 edits in trunk/Source

Enhance logging: Use "always on" macros
https://bugs.webkit.org/show_bug.cgi?id=154499
<rdar://problem/24757730>

Patch by Keith Rollin <Keith Rollin> on 2016-03-07
Reviewed by Chris Dumez.

Source/WebCore:

Make use of new logging macros by reporting on frame and resource
load activity.

Add new logging to memory pressure handler to show when it's called
and its effectiveness. As part of this change, the various
platform-specific implementations have been unified.

No new tests. No new basic functionality has been added. Only new
logging has been added in release mode or has been enabled to execute
in release mode as well as debug mode.

loader/FrameLoader.cpp:

(WebCore::FrameLoader::prepareForLoadStart):
(WebCore::FrameLoader::checkLoadCompleteForThisFrame):
(WebCore::FrameLoader::isAlwaysOnLoggingAllowed):

loader/FrameLoader.h:
loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::isAlwaysOnLoggingAllowed):

loader/ResourceLoader.h:
page/Frame.cpp:

(WebCore::Frame::isAlwaysOnLoggingAllowed):

page/Frame.h:
page/Page.cpp:

(WebCore::Page::isAlwaysOnLoggingAllowed):

page/Page.h:
page/SessionID.h:

(WebCore::SessionID::isAlwaysOnLoggingAllowed):

platform/MemoryPressureHandler.cpp:

(WebCore::MemoryPressureHandler::ReliefLogger::logMemoryUsageChange):
(WebCore::MemoryPressureHandler::ReliefLogger::platformLog): Deleted.

platform/MemoryPressureHandler.h:

(WebCore::MemoryPressureHandler::ReliefLogger::ReliefLogger):
(WebCore::MemoryPressureHandler::ReliefLogger::~ReliefLogger):

platform/cocoa/MemoryPressureHandlerCocoa.mm:

(WebCore::MemoryPressureHandler::ReliefLogger::platformLog): Deleted.

platform/linux/MemoryPressureHandlerLinux.cpp:

(WebCore::MemoryPressureHandler::ReliefLogger::platformLog): Deleted.

platform/win/MemoryPressureHandlerWin.cpp:

(WebCore::MemoryPressureHandler::ReliefLogger::platformLog): Deleted.

Source/WebKit2:

Make use of new logging macros by reporting on frame and resource
load activity.

Connection updated to report IPC errors, helping us identify when
messaging between processes breaks down.

ChildProcess updated to log if it is terminating early. Some
sysdiagnose logging from customers indicate that this is happening in
the wild.

NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::startNetworkLoad):
(WebKit::NetworkResourceLoader::didFinishLoading):
(WebKit::NetworkResourceLoader::didFailLoading):
(WebKit::NetworkResourceLoader::continueWillSendRequest):
(WebKit::NetworkResourceLoader::isAlwaysOnLoggingAllowed):

NetworkProcess/NetworkResourceLoader.h:
Platform/IPC/Connection.cpp:

(IPC::Connection::waitForSyncReply):

Shared/ChildProcess.cpp:

(WebKit::didCloseOnConnectionWorkQueue):

WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::scheduleLoad):

WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::willSendRequest):
(WebKit::WebResourceLoader::didReceiveResponse):
(WebKit::WebResourceLoader::didReceiveData):
(WebKit::WebResourceLoader::didFinishResourceLoad):
(WebKit::WebResourceLoader::didFailResourceLoad):
(WebKit::WebResourceLoader::didReceiveResource):
(WebKit::WebResourceLoader::isAlwaysOnLoggingAllowed):

WebProcess/Network/WebResourceLoader.h:

Source/WTF:

Update LOG_ALWAYS and LOG_ALWAYS_ERROR macros to take an expression to
be evaluated. If the expression evaluates to True, the associated
message is logged. This facility is used to prevent logging from being
performed in private sessions, but it could be extended to prevent
logging under other circumstances as well.

wtf/Assertions.h:

10:42 PM Changeset in webkit [197727] by Chris Dumez

6 edits in trunk

Align HTMLCanvasElement.width / height with the specification
https://bugs.webkit.org/show_bug.cgi?id=155156

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

web-platform-tests/html/dom/reflection-embedded-expected.txt:

Source/WebCore:

Align HTMLCanvasElement.width / height with the specification:

In particular, the following changes were made:

The attributes are now 'unsigned long' instead of 'long'
The corresponding content attributes are parsed as per the HTML rules for passing non-negative integers.
Upon setting, if the value is out-of-range, the content attributes is set to its default value.

No new tests, already covered by existing test.

html/HTMLCanvasElement.cpp:

(WebCore::HTMLCanvasElement::setHeight):
(WebCore::HTMLCanvasElement::setWidth):
(WebCore::HTMLCanvasElement::reset):

html/HTMLCanvasElement.h:
html/HTMLCanvasElement.idl:

10:38 PM Changeset in webkit [197726] by Chris Dumez

26 edits
2 deletes in trunk

Stop clamping HTMLElement.tabIndex to the range of a short
https://bugs.webkit.org/show_bug.cgi?id=155159

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

web-platform-tests/html/dom/reflection-embedded-expected.txt:
web-platform-tests/html/dom/reflection-forms-expected.txt:
web-platform-tests/html/dom/reflection-grouping-expected.txt:
web-platform-tests/html/dom/reflection-metadata-expected.txt:
web-platform-tests/html/dom/reflection-misc-expected.txt:
web-platform-tests/html/dom/reflection-obsolete-expected.txt:
web-platform-tests/html/dom/reflection-sections-expected.txt:
web-platform-tests/html/dom/reflection-tabular-expected.txt:
web-platform-tests/html/dom/reflection-text-expected.txt:

Source/WebCore:

Stop clamping HTMLElement.tabIndex to the range of a short. We
apparently did this to match Firefox. However, this no longer matches
Firefox's behavior nor the HTML specification:

https://html.spec.whatwg.org/multipage/interaction.html#dom-tabindex

No new tests, already covered by existing test.

dom/Element.cpp:

(WebCore::Element::setTabIndexExplicitly):
(WebCore::Element::tabIndex):

dom/Element.h:
dom/ElementRareData.h:

(WebCore::ElementRareData::tabIndex):
(WebCore::ElementRareData::setTabIndexExplicitly):

html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::tabIndex):

html/HTMLAnchorElement.h:
html/HTMLElement.cpp:

(WebCore::HTMLElement::parseAttribute):
(WebCore::HTMLElement::tabIndex):

html/HTMLElement.h:
html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::tabIndex):

html/HTMLFormControlElement.h:
page/FocusController.cpp:

(WebCore::nextElementWithGreaterTabIndex):
(WebCore::FocusController::previousFocusableElement):

svg/SVGAElement.cpp:

(WebCore::SVGAElement::tabIndex):

svg/SVGAElement.h:
svg/SVGElement.cpp:

(WebCore::SVGElement::tabIndex):
(WebCore::SVGElement::parseAttribute):

svg/SVGElement.h:

LayoutTests:

Drop outdated test.

fast/dom/tabindex-clamp-expected.txt: Removed.
fast/dom/tabindex-clamp.html: Removed.

9:56 PM Changeset in webkit [197725] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

[JSC] Small clean up of how we use SSA's valuesAtHead
https://bugs.webkit.org/show_bug.cgi?id=155152

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-07
Reviewed by Filip Pizlo.

liveAtHead and valuesAtHead contain the same nodes,
we do not need the extra look up.

This also opens the way to use the same kind of liveness
analysis as Air (where live values at head do not use a set).

dfg/DFGInPlaceAbstractState.cpp:

(JSC::DFG::InPlaceAbstractState::beginBasicBlock):
(JSC::DFG::InPlaceAbstractState::merge):

9:39 PM Changeset in webkit [197724] by dbates@webkit.org

6 edits
34 adds in trunk

CSP: Source '*' should not match URLs with schemes blob, data, or filesystem
https://bugs.webkit.org/show_bug.cgi?id=154122
<rdar://problem/24613336>

Reviewed by Brent Fulgham.

Source/WebCore:

Restrict matching of source expression * to HTTP or HTTPS URLs for all directives except
img-src and media-src. This policy is more restrictive than the policy described in section
Matching Source Expressions of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721>,
which restricts matching * to schemes that are not blob, data, or filesystem.

For directive img-src we restrict matching of * to HTTP, HTTPS, and data URLs. For directive
media-src we restrict matching of * to HTTP, HTTPS, data URLs and blob URLs. We use a
more lenient interpretation of * for directives img-src and media-src than required by
the spec. to mitigate web compatibility issues.

Tests: fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html

fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star.html
fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star.html
fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star.html
fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star.html
fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star.html
http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star.html
http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star.html
http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star.html
http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star.html
http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star.html
http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star.html
http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html
media/video-with-blob-url-allowed-by-csp-media-src-star.html
media/video-with-data-url-allowed-by-csp-media-src-star.html
media/video-with-file-url-blocked-by-csp-media-src-star.html

page/csp/ContentSecurityPolicySourceList.cpp:

(WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar): Added.
(WebCore::ContentSecurityPolicySourceList::matches): Modified to only match * if ContentSecurityPolicySourceList::isProtocolAllowedByStar().
evaluates to true.

page/csp/ContentSecurityPolicySourceList.h:

LayoutTests:

Add tests to ensure that we do not regress our interpretation of * with respect to directives
img-src, media-src, style-src, and default-src.

When running in WebKitTestRunner, skip the tests fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html
and media/video-with-blob-url-allowed-by-csp-media-src-star.html as they make use of eventSender.beginDragWithFiles(),
which is not implement. We will need to fix <https://bugs.webkit.org/show_bug.cgi?id=64285>
before we can run these tests in WebKitTestRunner.

TestExpectations:
fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star-expected.html: Added.
fast/dom/HTMLImageElement/image-with-blob-url-blocked-by-csp-img-src-star.html: Added.
fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star-expected.html: Added.
fast/dom/HTMLImageElement/image-with-data-url-allowed-by-csp-img-src-star.html: Added.
fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star-expected.html: Added.
fast/dom/HTMLImageElement/image-with-file-url-blocked-by-csp-img-src-star.html: Added.
fast/dom/HTMLImageElement/resources/green.png: Added.
fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star-expected.html: Added.
fast/dom/HTMLLinkElement/link-with-blob-url-blocked-by-csp-style-src-star.html: Added.
fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star-expected.html: Added.
fast/dom/HTMLLinkElement/link-with-data-url-blocked-by-csp-style-src-star.html: Added.
fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star-expected.html: Added.
fast/dom/HTMLLinkElement/link-with-file-url-blocked-by-csp-style-src-star.html: Added.
fast/dom/HTMLLinkElement/resources/red-background-color.css: Added.

(#test):

http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star-expected.txt: Added.
http/tests/security/contentSecurityPolicy/image-with-http-url-allowed-by-csp-img-src-star.html: Added.
http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star-expected.txt: Added.
http/tests/security/contentSecurityPolicy/image-with-https-url-allowed-by-csp-img-src-star.html: Added.
http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star-expected.txt: Added.
http/tests/security/contentSecurityPolicy/javascript-url-blocked-by-default-src-star.html: Added.
http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star-expected.txt: Added.
http/tests/security/contentSecurityPolicy/link-with-http-url-allowed-by-csp-style-src-star.html: Added.
http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star-expected.txt: Added.
http/tests/security/contentSecurityPolicy/link-with-https-url-allowed-by-csp-style-src-star.html: Added.
http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star-expected.txt: Added.
http/tests/security/contentSecurityPolicy/video-with-http-url-allowed-by-csp-media-src-star.html: Added.
http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star-expected.txt: Added.
http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html: Added.
media/video-with-blob-url-allowed-by-csp-media-src-star-expected.html: Added.
media/video-with-blob-url-allowed-by-csp-media-src-star.html: Added.
media/video-with-data-url-allowed-by-csp-media-src-star-expected.html: Added.
media/video-with-data-url-allowed-by-csp-media-src-star.html: Added.
media/video-with-file-url-blocked-by-csp-media-src-star-expected.html: Added.
media/video-with-file-url-blocked-by-csp-media-src-star.html: Added.
platform/wk2/TestExpectations:

7:45 PM Changeset in webkit [197723] by jonlee@apple.com

6 edits in trunk/PerformanceTests

Add ability to retrieve raw data from release harness
https://bugs.webkit.org/show_bug.cgi?id=155026

Reviewed by Simon Fraser.

Animometer/developer.html: Remove the special UI in the debug

harness.

Animometer/resources/runner/animometer.css: Add styles for the

overlay.

Animometer/resources/runner/animometer.js: Let 'j' show the JSON

results, but only if the overlay doesn't exist. Add 'esc' key to dismiss
the overlay.
(window.benchmarkController.selectResults): Cycle the cases around
so that the first 's' press selects both the benchmark score and
the individual test scores.

Animometer/resources/debug-runner/animometer.css: Remove

unneeded rules.

Animometer/resources/debug-runner/animometer.js: Make the same

call to handleKeyPress.

7:01 PM Changeset in webkit [197722] by ggaren@apple.com

7 edits
1 add in trunk/Source/bmalloc

bmalloc: Use List<T> instead of Vector<T> in some places
https://bugs.webkit.org/show_bug.cgi?id=155150

Reviewed by Andreas Kling.

Vector<T> is expensive when you want a lot of them because our minimum
allocation size is the system page size.

bmalloc.xcodeproj/project.pbxproj: Added a List<T> class.

bmalloc/Heap.cpp:

(bmalloc::Heap::scavengeSmallPages):
(bmalloc::Heap::allocateSmallPage): Use the List<T> API. No need to check
for stale entries anymore because List<T> supports O(1) eager removal
and we remove eagerly now.

(bmalloc::Heap::deallocateSmallLine): Remove eagerly. This simplifies
the allocation code and it is also required for correctness since we
only have enough metadata to be in one list at a time.

bmalloc/Heap.h: List!

bmalloc/SmallChunk.h: Made this assert a little more precise since this

patch triggered the old version in a benign way.

(bmalloc::SmallChunk::SmallChunk): This code moved to the SmallPage
constructor.

bmalloc/SmallPage.h:

(bmalloc::SmallPage::SmallPage): Accomodate the List<T> data structure.
This is a net memory savings on Mac for heaps smaller than ~128MB and on
iOS for heaps smaller than ~512MB. The maximum memory saved is 512kB on
Mac and 2MB on iOS. For larger heaps, there's a memory cost of 0.4% on
Mac and 0.1% on iOS.

bmalloc/VMHeap.h:

(bmalloc::VMHeap::allocateSmallPage): Use List<T> API.

6:56 PM Changeset in webkit [197721] by Brent Fulgham

10 edits in trunk/Source

Reduce startup and shutdown cost of resource load statistics
https://bugs.webkit.org/show_bug.cgi?id=155120
<rdar://problem/25010167>

Reviewed by Andy Estes.

Source/WebCore:

Move all file-related code out of WebCore.

loader/ResourceLoadStatisticsStore.cpp:

(WebCore::ResourceLoadStatisticsStore::create): Deleted path overload.
(WebCore::ResourceLoadStatisticsStore::createEncoderFromData): Added.
(WebCore::ResourceLoadStatisticsStore::readDataFromDecoder): Added.
(WebCore::ResourceLoadStatisticsStore::ResourceLoadStatisticsStore): Deleted.
(WebCore::ResourceLoadStatisticsStore::writeDataToDisk): Deleted.
(WebCore::ResourceLoadStatisticsStore::setStatisticsStorageDirectory): Deleted.
(WebCore::ResourceLoadStatisticsStore::persistentStoragePath): Deleted.
(WebCore::ResourceLoadStatisticsStore::readDataFromDiskIfNeeded): Deleted.
(WebCore::ResourceLoadStatisticsStore::createDecoderFromDisk): Deleted.
(WebCore::ResourceLoadStatisticsStore::writeEncoderToDisk): Deleted.

loader/ResourceLoadStatisticsStore.h:

(WebCore::ResourceLoadStatisticsStore::clear): Added.

Source/WebKit/mac:

Remove the Resource Load Statistics stuff from WK1, now that it is up and
running in WK2.

WebView/WebView.mm:

(-[WebView _preferencesChanged:]): Remove call to read resource load
statistics from disk.
(+[WebView _applicationWillTerminate]): Remove call to write resource load
statistics to disk.

Source/WebKit2:

Use a dedicated WorkQueue to process resource load statistics data. Allow
processing to load (and save) previously stored statistics asynchronously so
that it does not delay startup.

Now that we have a more rational storage situation, get rid of the 'writeToDisk'
method since it is no longer needed in the WK2 layer.

Move all of the Resource Load Statistics file handling code from WebCore to this
API layer.

UIProcess/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::WebResourceLoadStatisticsStore): Initialize
member variable with storage path, rather than passing to WebCore code.
(WebKit::WebResourceLoadStatisticsStore::resourceLoadStatisticsUpdated): Revised to
use the new WorkQueue code.
(WebKit::WebResourceLoadStatisticsStore::setResourceLoadStatisticsEnabled): When
activating the feature, purge any old statistics before loading from disk.
(WebKit::WebResourceLoadStatisticsStore::readDataFromDiskIfNeeded): Added.
(WebKit::WebResourceLoadStatisticsStore::processWillOpenConnection): Added.
(WebKit::WebResourceLoadStatisticsStore::processDidCloseConnection): Added.
(WebKit::WebResourceLoadStatisticsStore::applicationWillTerminate): Make sure all
of the WorkQueue tasks are done before terminating.
(WebKit::WebResourceLoadStatisticsStore::persistentStoragePath): Moved from WebCore.
(WebKit::WebResourceLoadStatisticsStore::writeEncoderToDisk): Ditto.
(WebKit::WebResourceLoadStatisticsStore::createDecoderFromDisk): Ditto.
(WebKit::WebResourceLoadStatisticsStore::writeToDisk): Deleted.

UIProcess/WebResourceLoadStatisticsStore.h:

(WebKit::WebResourceLoadStatisticsStore::coreStore):

UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::webProcessWillOpenConnection): Call new WebResourceLoadStatisticsStore code.
(WebKit::WebsiteDataStore::webProcessDidCloseConnection): Ditto.

6:40 PM Changeset in webkit [197720] by achristensen@apple.com

6 edits
2 adds in trunk

Fix cookies with private browsing and NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=155147
rdar://problem/25018279

Reviewed by Brady Eidson.

Source/WebKit2:

In the NetworkSession constructor, we look for a NetworkStorageSession in the SessionTracker
and use that NetworkStorageSession's CFHTTPCookieStorageRef in the NSURLSessionConfiguration.
NetworkStorageSessions were being set in SessionTracker's storageSessionMap after NetworkSessions
were created, causing the NSHTTPCookieStorage of the NSURLSession to be different from the
CFHTTPCookieStorageRef used by document.cookie in newly created private browsing sessions.
This fixes that problem by passing the NetworkStorageSession as a constructor parameter to the
NetworkSession so it can use the correct CFHTTPCookieStorageRef in its NSURLSessionConfiguration
before it is in the storageSessionMap.

NetworkProcess/NetworkSession.h:

(WebKit::NetworkSession::sessionID):

NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::NetworkSession::defaultSession):
(WebKit::NetworkSession::NetworkSession):

NetworkProcess/mac/RemoteNetworkingContext.mm:

(WebKit::RemoteNetworkingContext::ensurePrivateBrowsingSession):

WebProcess/WebCoreSupport/mac/WebFrameNetworkingContext.mm:

(WebKit::WebFrameNetworkingContext::ensurePrivateBrowsingSession):

LayoutTests:

http/tests/cookies/private-cookie-storage-expected.txt: Added.
http/tests/cookies/private-cookie-storage.html: Added.

5:51 PM Changeset in webkit [197719] by jonlee@apple.com

3 edits in trunk/Tools

Update perf bot configuration for Animometer
https://bugs.webkit.org/show_bug.cgi?id=155134

Reviewed by Ryosuke Niwa.

Scripts/webkitpy/benchmark_runner/data/patches/Animometer.patch: Refactor the patch

to work with the latest version of the harness.

Scripts/webkitpy/benchmark_runner/data/plans/animometer.plan: Bump up the timeout,

and use the latest version of the harness.

5:27 PM WebKitGTK/2.12.x edited by Michael Catanzaro

(diff)

5:23 PM Changeset in webkit [197718] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking media/track/track-cues-pause-on-exit.html as flaky on ElCapitan Debug WK2
https://bugs.webkit.org/show_bug.cgi?id=155151

Unreviewed test gardening.

platform/mac-wk2/TestExpectations:

4:49 PM Changeset in webkit [197717] by BJ Burg

18 edits
1 add in trunk/Source/JavaScriptCore

Web Inspector: the protocol generator should generate factory method stubs for protocol types
https://bugs.webkit.org/show_bug.cgi?id=155103
<rdar://problem/25002772>

Reviewed by Timothy Hatcher.

Generate stubs with unique names so that parsing methods can be used
reflectively at runtime, based on the protocol version that's loaded.

JavaScriptCore.xcodeproj/project.pbxproj:
inspector/scripts/codegen/init.py:
inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py:

Added. For each type in a domain, add a method of the form
-[ProtocolTypeConversions _parseXXX:fromPayload]. This is in a category
method, and the selector is only ever looked up at runtime.

(ObjCProtocolTypeConversionsHeaderGenerator.generate_output):

inspector/scripts/generate-inspector-protocol-bindings.py:

(generate_from_specification):

Rebaseline test results with new generator output.

inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
inspector/scripts/tests/expected/enum-values.json-result:
inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
inspector/scripts/tests/expected/type-declaration-array-type.json-result:
inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
inspector/scripts/tests/expected/type-declaration-object-type.json-result:
inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

4:45 PM Changeset in webkit [197716] by Alan Bujtas

11 edits in trunk/Source/WebCore

Crash in WebCore::RenderElement::containingBlockForObjectInFlow
https://bugs.webkit.org/show_bug.cgi?id=155109

Reviewed by Simon Fraser.

It's unsafe to call containingBlock() on RenderView.

Unable to reproduce.

rendering/RenderBlock.cpp:

(WebCore::RenderBlock::styleWillChange):
(WebCore::RenderBlock::isSelfCollapsingBlock):
(WebCore::RenderBlock::selectionGaps):

rendering/RenderBox.cpp:

(WebCore::RenderBox::borderBoxRectInRegion):
(WebCore::RenderBox::computePercentageLogicalHeight):
(WebCore::RenderBox::computeReplacedLogicalHeightUsing):
(WebCore::logicalWidthIsResolvable):
(WebCore::RenderBox::percentageLogicalHeightIsResolvableFromBlock):

rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::hasAutoHeightOrContainingBlockWithAutoHeight):

rendering/RenderFlowThread.cpp:

(WebCore::RenderFlowThread::adjustedPositionRelativeToOffsetParent):
(WebCore::RenderFlowThread::offsetFromLogicalTopOfFirstRegion):

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::hasCompositedLayerInEnclosingPaginationChain):
(WebCore::RenderLayer::updatePagination):
(WebCore::inContainingBlockChain):

rendering/RenderMultiColumnFlowThread.cpp:

(WebCore::isValidColumnSpanner):

rendering/RenderNamedFlowThread.cpp:

(WebCore::RenderNamedFlowThread::decorationsClipRectForBoxInNamedFlowFragment):

rendering/RenderObject.cpp:

(WebCore::hasFixedPosInNamedFlowContainingBlock):

rendering/RenderReplaced.cpp:

(WebCore::firstContainingBlockWithLogicalWidth):

rendering/RenderView.cpp:

(WebCore::RenderView::subtreeSelectionBounds):
(WebCore::RenderView::repaintSubtreeSelection):
(WebCore::RenderView::clearSubtreeSelection):
(WebCore::RenderView::applySubtreeSelection):

4:34 PM Changeset in webkit [197715] by fpizlo@apple.com

9 edits in trunk/Source/JavaScriptCore

RegExp.prototype.exec() should call into Yarr at most once
https://bugs.webkit.org/show_bug.cgi?id=155139

Reviewed by Saam Barati.

For apparently no good reason, RegExp.prototype.match() was calling into Yarr twice, almost
as if it was hoping that the non-matching case was so common that it was best to have the
matching case do the work all over again.

This is a 4% speed-up on Octane/regexp. It's also a matter of common sense: we should not be
in the business of presuming whether someone's match will succeed or fail. The increased
cost of running Yarr twice is so much larger than whatever savings we were getting from
running a match-only regexp that this is just not a good overall deal for the engine.

Also, it's interesting that we are seeing a 4% speed-up on regexp despite the fact that a
majority (almost a supermajority, I think) of calls into RegExp.prototype.match() are failed
matches. So, this change is a 4% speed-up despite being a slow down on the common case. That
tells you just how bad the old behavior was on the uncommon case.

runtime/MatchResult.h:

(MatchResult::MatchResult):
(MatchResult::failed):
(MatchResult::operator bool):

runtime/RegExpCachedResult.cpp:

(JSC::RegExpCachedResult::lastResult):

runtime/RegExpConstructor.h:

(JSC::RegExpConstructor::setMultiline):
(JSC::RegExpConstructor::multiline):
(JSC::RegExpConstructor::performMatch):
(JSC::RegExpConstructor::recordMatch):

runtime/RegExpMatchesArray.cpp:

(JSC::createRegExpMatchesArray):
(JSC::createEmptyRegExpMatchesArray):
(JSC::createStructureImpl):

runtime/RegExpMatchesArray.h:

(JSC::createRegExpMatchesArray):

runtime/RegExpObject.cpp:

(JSC::RegExpObject::put):
(JSC::getLastIndexAsUnsigned):
(JSC::RegExpObject::exec):
(JSC::RegExpObject::match):

runtime/RegExpObject.h:

(JSC::RegExpObject::getLastIndex):
(JSC::RegExpObject::test):

runtime/StringPrototype.cpp:

(JSC::stringProtoFuncMatch):

4:14 PM Changeset in webkit [197714] by Brent Fulgham

2 edits in trunk/Source/WebKit2

Correct bug in resource load statistics debug flag for legacy clients
https://bugs.webkit.org/show_bug.cgi?id=155118
<rdar://problem/25020088>

Reviewed by Andy Estes.

Some clients launch WebKit2 using the "legacy" configuration for the website data store.
The Resource Load Statistics code was not added to this type of configuration, which
prevents various WebKit2 clients from using this code.

UIProcess/WebProcessPool.cpp:

(WebKit::legacyWebsiteDataStoreConfiguration): Tell the legacy initializer where to
find the resource load statistics data.

4:04 PM Changeset in webkit [197713] by jdiggs@igalia.com

4 edits in trunk/Tools

[GTK][jhbuild] OpenWebRTC build fails with GCC 6.0
https://bugs.webkit.org/show_bug.cgi?id=154839

Reviewed by Michael Catanzaro.

Add '-Wno-error' to jhbuildrc; remove it from the module sets for macos.

gtk/jhbuild-webrtc.modules:
gtk/jhbuild.modules:
gtk/jhbuildrc:

3:45 PM Changeset in webkit [197712] by commit-queue@webkit.org

22 edits
2 adds in trunk/Source/JavaScriptCore

Heap Snapshot should include different Edge types and data (Property, Index, Variable)
https://bugs.webkit.org/show_bug.cgi?id=154937

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-07
Reviewed by Geoffrey Garen.

heap/SlotVisitor.cpp:

(JSC::SlotVisitor::appendHidden):

heap/SlotVisitor.h:
heap/SlotVisitorInlines.h:

(JSC::SlotVisitor::appendHidden):
(JSC::SlotVisitor::appendValuesHidden):
Add new visit methods to visit a reference without snapshotting the edge.

heap/Heap.cpp:

(JSC::AddExtraHeapSnapshotEdges::AddExtraHeapSnapshotEdges):
(JSC::AddExtraHeapSnapshotEdges::operator()):
(JSC::Heap::addHeapSnapshotEdges):
(JSC::Heap::removeDeadHeapSnapshotNodes):
(JSC::Heap::collectImpl):

heap/Heap.h:

After marking, visit the live cells for a chance to record extra
heap snapshotting information about the cell.

heap/HeapSnapshotBuilder.cpp:

(JSC::HeapSnapshotBuilder::appendNode):
(JSC::HeapSnapshotBuilder::appendEdge):
(JSC::HeapSnapshotBuilder::appendPropertyNameEdge):
(JSC::HeapSnapshotBuilder::appendVariableNameEdge):
(JSC::HeapSnapshotBuilder::appendIndexEdge):
(JSC::HeapSnapshotBuilder::json):

heap/HeapSnapshotBuilder.h:

(JSC::HeapSnapshotEdge::HeapSnapshotEdge):
Construct edges with extra data.

runtime/ClassInfo.h:
runtime/JSCell.cpp:

(JSC::JSCell::heapSnapshot):

runtime/JSCell.h:

Add a new method to provide cells with an opportunity to provide
extra heap snapshotting information.

runtime/JSObject.cpp:

(JSC::JSObject::visitButterfly):
(JSC::JSObject::visitChildren):
(JSC::JSObject::heapSnapshot):
(JSC::JSFinalObject::visitChildren):

runtime/JSObject.h:

Capture object property names and index names when heap snapshotting.
Do not include them as internal edges in normal visitChildren.

runtime/JSEnvironmentRecord.cpp:

(JSC::JSEnvironmentRecord::visitChildren):
(JSC::JSEnvironmentRecord::heapSnapshot):

runtime/JSEnvironmentRecord.h:
runtime/JSSegmentedVariableObject.cpp:

(JSC::JSSegmentedVariableObject::visitChildren):
(JSC::JSSegmentedVariableObject::heapSnapshot):

runtime/JSSegmentedVariableObject.h:

Capture scope variable names when heap snapshotting.

runtime/Structure.cpp:

(JSC::Structure::visitChildren):

runtime/Structure.h:
runtime/StructureInlines.h:

(JSC::Structure::propertyTable):
When performing a heap snapshotting collection, don't clear the
property table so that accessing the table during this GC is okay.

tests/heapProfiler/driver/driver.js:
tests/heapProfiler/property-edge-types.js: Added.
tests/heapProfiler/variable-edge-types.js: Added.

Tests covering the different edge types and data we capture.

3:27 PM Changeset in webkit [197711] by sbarati@apple.com

4 edits
1 add in trunk/Source/JavaScriptCore

[ES6] Implement Proxy.GetPrototypeOf?
https://bugs.webkit.org/show_bug.cgi?id=155099

Reviewed by Mark Lam.

This patch is a straight forward implementation of Proxy.GetPrototypeOf?
with respect to section 9.5.1 of the ECMAScript spec.
https://tc39.github.io/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getprototypeof

runtime/ProxyObject.cpp:

(JSC::performProxyGet):
(JSC::ProxyObject::setPrototype):
(JSC::ProxyObject::performGetPrototype):
(JSC::ProxyObject::getPrototype):
(JSC::ProxyObject::visitChildren):

runtime/ProxyObject.h:
tests/es6.yaml:
tests/stress/proxy-get-prototype-of.js: Added.

(assert):
(throw.new.Error.let.handler.get getPrototypeOf):
(throw.new.Error.get let):
(throw.new.Error.get catch):
(throw.new.Error):
(assert.let.handler.getPrototypeOf):
(assert.get let):
(assert.get catch):
(assert.):
(let.handler.getPrototypeOf):
(get let):
(let.handler.has):

3:24 PM Changeset in webkit [197710] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking imported/w3c/indexeddb/idbcursor-advance-continue-async.htm as flaky on Yosemite Release WK2
https://bugs.webkit.org/show_bug.cgi?id=154606

Unreviewed test gardening.

platform/mac-wk2/TestExpectations:

3:16 PM Changeset in webkit [197709] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking js/promises-tests/promises-tests-2-3-3.html as flaky on mac
https://bugs.webkit.org/show_bug.cgi?id=155140

Unreviewed test gardening.

platform/mac/TestExpectations:

2:58 PM Changeset in webkit [197708] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking inspector/console/addInspectedNode.html as flaky on Yosemite WK2
https://bugs.webkit.org/show_bug.cgi?id=155138

Unreviewed test gardening.

platform/mac-wk2/TestExpectations:

2:24 PM Changeset in webkit [197707] by Ryan Haddad

2 edits in trunk/LayoutTests

Skipping css3/filters/huge-region-composited.html on ios-simulator in an
attempt to eliminate a flaky crash.
https://bugs.webkit.org/show_bug.cgi?id=153933

Unreviewed test gardening.

platform/ios-simulator/TestExpectations:

2:17 PM Changeset in webkit [197706] by dbates@webkit.org

10 edits in trunk/Source

Cleanup: Add convenience function URL::procotolIsBlob()
https://bugs.webkit.org/show_bug.cgi?id=155127
<rdar://problem/25016829>

Reviewed by Brent Fulgham.

Source/WebCore:

Similar to the class member function URL::protocolIsData(), add a class member function to
class URL to determine if a URL is a blob URL.

No functionality was changed. So, no new tests.

page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::shouldUseInnerURL): Modified to use URL::protocolIsBlob().
(WebCore::getCachedOrigin): Ditto.

platform/URL.h:

(WebCore::URL::protocolIsBlob): Added.

platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcStart): Modified to use URL::protocolIsBlob().
(urlHasSupportedProtocol): Ditto.

workers/Worker.cpp:

(WebCore::Worker::didReceiveResponse): Ditto.

xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::createRequest): Ditto.

Source/WebKit2:

NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::NetworkLoad): Modified to use URL::protocolIsBlob().

NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::NetworkResourceLoader): Ditto.

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::canHandleRequest): Ditto.

1:53 PM Changeset in webkit [197705] by Ryan Haddad

2 edits in trunk/LayoutTests

Skip unsupported plugin tests from r197697 on ios-simulator

Unreviewed test gardening.

platform/ios-simulator/TestExpectations:

1:40 PM Changeset in webkit [197704] by aakash_jain@apple.com

3 edits in trunk/Tools

webkitpy should verify timestamp from CrashLogs while collecting all crash logs
https://bugs.webkit.org/show_bug.cgi?id=155000
<rdar://problem/24860219>

Reviewed by Alexey Proskuryakov.

Scripts/webkitpy/common/system/crashlogs.py:

(CrashLogs._find_all_logs_darwin): Make sure that crash log timestamp is within expected
time range, because file modification time is not always accurate.
(CrashLogs.get_timestamp_from_logs): Parse the timestamp from logs.

Scripts/webkitpy/common/system/crashlogs_unittest.py:

(CrashLogsTest.test_get_timestamp_from_logs_darwin): Testcase for above function.

1:39 PM Changeset in webkit [197703] by Ryan Haddad

2 edits in trunk/LayoutTests

Skip storage/indexeddb/intversion-open-in-upgradeneeded.html on mac-wk2
https://bugs.webkit.org/show_bug.cgi?id=155050

Unreviewed test gardening.

platform/mac-wk2/TestExpectations:

1:25 PM Changeset in webkit [197702] by adam.bergkvist@ericsson.com

13 edits
5 copies
6 adds in trunk

WebRTC: Implement MediaEndpointPeerConnection::createOffer()
https://bugs.webkit.org/show_bug.cgi?id=154867

Reviewed by Eric Carlson and Jer Noble.

Source/WebCore:

MediaEndpointPeerConnection: Initial implementation of createOffer()

added. createOffer() is split up into a synchronous part, and a
scheduled task. The task will be deferred until information, requiring
some amount of work, such as the DTLS fingerprint is available. Other
async API functions will also follow this pattern.

SDPProcessor (added): The SDPProcessors parses SDP to a

MediaEndpointSessionConfiguration object and generates SDP in the
reverse direction. Any SDP string handling is confined to the
SDPProcessor and all configuration of the media session is done via the
MediaEndpointSessionConfiguration object.

The SDP parser and generator logic is implemented in JavaScript and
works with JSON (SDP->JSON, JSON->SDP). The SDPProcessor runs JS in an
isolated scope and converts JSON to a MediaEndpointSessionConfiguration
object and the reverse. Using JSON signaling (nonstandard) can be
helpful during debugging.

MockMediaEndpoint (added): Mock MediaEndpoint implementation with

support for generating offers. DTLS information, such as fingerprint,
is hard coded to facilitate testing with expected values.

Test: fast/mediastream/RTCPeerConnection-inspect-offer.html

The test is currently skipped on the mac port until support to read the
SDPProcessor JavaScript resource is added.

CMakeLists.txt:
Modules/mediastream/MediaEndpointPeerConnection.cpp:

(WebCore::WrappedSessionDescriptionPromise::create):
(WebCore::WrappedSessionDescriptionPromise::promise):
(WebCore::WrappedSessionDescriptionPromise::WrappedSessionDescriptionPromise):
(WebCore::randomString):
(WebCore::MediaEndpointPeerConnection::MediaEndpointPeerConnection):
(WebCore::MediaEndpointPeerConnection::runTask):
(WebCore::MediaEndpointPeerConnection::startRunningTasks):
(WebCore::MediaEndpointPeerConnection::createOffer):
(WebCore::MediaEndpointPeerConnection::createOfferTask):
(WebCore::MediaEndpointPeerConnection::gotDtlsFingerprint):

Modules/mediastream/MediaEndpointPeerConnection.h:
Modules/mediastream/SDPProcessor.cpp: Added.

(WebCore::SDPProcessor::SDPProcessor):
(WebCore::createCandidateObject):
(WebCore::createCandidate):
(WebCore::configurationFromJSON):
(WebCore::iceCandidateFromJSON):
(WebCore::configurationToJSON):
(WebCore::iceCandidateToJSON):
(WebCore::SDPProcessor::generate):
(WebCore::SDPProcessor::parse):
(WebCore::SDPProcessor::generateCandidateLine):
(WebCore::SDPProcessor::parseCandidateLine):
(WebCore::SDPProcessor::callScript):

Modules/mediastream/SDPProcessor.h: Added.
Modules/mediastream/sdp.js: Added.

(match):
(addDefaults):
(fillTemplate):
(SDP.parse):
(SDP.generate):
(SDP.generateCandidateLine):
(hasAllProperties):
(SDP.verifyObject):
(generate):
(parse):
(generateCandidateLine):
(parseCandidateLine):

PlatformGTK.cmake:
WebCore.xcodeproj/project.pbxproj:
platform/mediastream/MediaEndpoint.cpp:

(WebCore::createMediaEndpoint):

platform/mediastream/MediaEndpoint.h:
platform/mediastream/PeerMediaDescription.h:
platform/mediastream/SDPProcessorScriptResource.cpp: Added.

(WebCore::SDPProcessorScriptResource::scriptString):

platform/mediastream/SDPProcessorScriptResource.h: Added.
platform/mediastream/gtk/SDPProcessorScriptResourceGtk.cpp: Added.

(WebCore::SDPProcessorScriptResource::scriptString):

platform/mock/MockMediaEndpoint.cpp: Added.

(WebCore::MockMediaEndpoint::create):
(WebCore::MockMediaEndpoint::MockMediaEndpoint):
(WebCore::MockMediaEndpoint::~MockMediaEndpoint):
(WebCore::MockMediaEndpoint::setConfiguration):
(WebCore::MockMediaEndpoint::generateDtlsInfo):
(WebCore::MockMediaEndpoint::getDefaultAudioPayloads):
(WebCore::MockMediaEndpoint::getDefaultVideoPayloads):
(WebCore::MockMediaEndpoint::updateReceiveConfiguration):
(WebCore::MockMediaEndpoint::updateSendConfiguration):
(WebCore::MockMediaEndpoint::addRemoteCandidate):
(WebCore::MockMediaEndpoint::replaceSendSource):
(WebCore::MockMediaEndpoint::stop):

platform/mock/MockMediaEndpoint.h: Added.
testing/Internals.cpp:

(WebCore::Internals::Internals):
(WebCore::Internals::enableMockMediaEndpoint):

testing/Internals.h:

LayoutTests:

The output SDP from createOffer() is processed by verifying all variable
identifiers, such as session and user id, and replacing them with
predefined values to make the SDP comparable with an expected result.

The test is currently skipped on the mac port until support to read the
SDPProcessor JavaScript resource is added.

fast/mediastream/RTCPeerConnection-inspect-offer-expected.txt: Added.
fast/mediastream/RTCPeerConnection-inspect-offer.html: Added.
platform/mac/TestExpectations:

1:22 PM Changeset in webkit [197701] by BJ Burg

21 edits
1 move in trunk/Source/JavaScriptCore

Web Inspector: rename generated *EnumConversionHelpers.h to *TypeConversions.h
https://bugs.webkit.org/show_bug.cgi?id=155121
<rdar://problem/25010391>

Reviewed by Timothy Hatcher.

Split out this renaming from the work to generate factory method stubs for types.

JavaScriptCore.xcodeproj/project.pbxproj:
inspector/scripts/codegen/init.py:
inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:

(ObjCConfigurationImplementationGenerator.generate_output):

inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:

(ObjCFrontendDispatcherImplementationGenerator.generate_output):

inspector/scripts/codegen/generate_objc_protocol_type_conversions_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objc_conversion_helpers.py.
inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:

(ObjCProtocolTypesImplementationGenerator.generate_output):

inspector/scripts/codegen/objc_generator_templates.py:
inspector/scripts/generate-inspector-protocol-bindings.py:

(generate_from_specification):

Rebaseline tests after changing generator order.

inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
inspector/scripts/tests/expected/enum-values.json-result:
inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
inspector/scripts/tests/expected/type-declaration-array-type.json-result:
inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
inspector/scripts/tests/expected/type-declaration-object-type.json-result:
inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

1:08 PM Changeset in webkit [197700] by Ryan Haddad

2 edits in trunk/LayoutTests

Skip storage/indexeddb/modern/exceed-open-file-limit.html
https://bugs.webkit.org/show_bug.cgi?id=155091

Unreviewed test gardening.

platform/wk2/TestExpectations:

12:33 PM Changeset in webkit [197699] by Simon Fraser

2 edits in trunk/Source/WebKit2

Use CGColorSpaceCopyICCData instead of CGColorSpaceCopyICCProfile
https://bugs.webkit.org/show_bug.cgi?id=155123
rdar://problem/24990256

Reviewed by Tim Horton.

On newer OSes, use CGColorSpaceCopyICCData().

Shared/mac/ColorSpaceData.mm:

(WebKit::ColorSpaceData::encode):

12:28 PM Changeset in webkit [197698] by barraclough@apple.com

3 edits in trunk/Source/WebKit2

Last opened tab does not receive SetHiddenPageTimerThrottlingIncreaseLimit message
https://bugs.webkit.org/show_bug.cgi?id=155126

Reviewed by Chris Dumez.

WebPageProxy will increment the hidden page throttling counter from within its constructor,
which currently causes the WebProcessPool to try to synchronously message all processes.
The web page triggering the increment then fails to receive the message, since it was
still being constructed. Make the update of the limit async, such that the page is fully
constructed before the WebProcessPool processes the update.

UIProcess/WebProcessPool.cpp:

(WebKit::m_hiddenPageThrottlingAutoIncreasesCounter):

This now schedules a zero-delay timer to handle the update.

(WebKit::m_hiddenPageThrottlingTimer):

This is now responsible for calling updateHiddenPageThrottlingAutoIncreaseLimit.

UIProcess/WebProcessPool.h:
- Added m_hiddenPageThrottlingTimer.

12:21 PM Changeset in webkit [197697] by dbates@webkit.org

13 edits
8 adds
1 delete in trunk

CSP: object-src directive should prohibit creation of nested browsing context
https://bugs.webkit.org/show_bug.cgi?id=153153
<rdar://problem/24383209>

Reviewed by Brent Fulgham.

Source/WebCore:

Enforce the Content Security Policy object-src directive when fetching a URL for content
that will cause an HTML object or HTML embed element to act as a nested browsing context
(i.e. behave as if the content was loaded in an HTML iframe element). This makes our
enforcement of the object-src directive match the behavior of the object-src directive
in the Content Security Policy 2.0 spec., <http://www.w3.org/TR/2015/CR-CSP2-20150721/>.

Tests: http/tests/security/contentSecurityPolicy/embed-src-url-blocked.html

http/tests/security/contentSecurityPolicy/embed-src-url-blocked2.html
http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2.html
http/tests/security/contentSecurityPolicy/object-src-url-blocked2.html

loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Extracted from SubframeLoader::pluginIsLoadable().
Checks if the plugin element is allowed by the Content Security Policy to load the URL and MIME type.
(WebCore::SubframeLoader::pluginIsLoadable): Extract out the logic for determining if
the plugin content is allowed to load by the Content Security Policy into SubframeLoader::isPluginContentAllowedByContentSecurityPolicy()
and make use of this function.
(WebCore::SubframeLoader::requestObject): Modified to call SubframeLoader::isPluginContentAllowedByContentSecurityPolicy()
before loading plugin content into a sub frame. If the plugin content is not allowed to load then we
mark the plugin as unavailable with the reason being that it was blocked by the Content Security Policy.

loader/SubframeLoader.h:

LayoutTests:

Add test to ensure that we enforce the Content Security Policy object-src directive
for HTML object and HTML embed elements that behave like an HTML iframe element.

TestExpectations: Remove entries for tests that pass.
http/tests/security/contentSecurityPolicy/embed-src-url-blocked-expected.txt: Added.
http/tests/security/contentSecurityPolicy/embed-src-url-blocked.html: Added.
http/tests/security/contentSecurityPolicy/embed-src-url-blocked2-expected.txt: Added.
http/tests/security/contentSecurityPolicy/embed-src-url-blocked2.html: Added.

http/tests/security/contentSecurityPolicy/object-src-param-code-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/object-src-param-movie-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/object-src-param-movie-blocked.html:
http/tests/security/contentSecurityPolicy/object-src-param-src-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/object-src-param-src-blocked.html:
http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2-expected.txt: Added.
http/tests/security/contentSecurityPolicy/object-src-param-src-blocked2.html: Added.
http/tests/security/contentSecurityPolicy/object-src-param-url-blocked-expected.txt:
http/tests/security/contentSecurityPolicy/object-src-param-url-blocked.html:

Simplify the code used in the above tests and update incorrect expected results.

http/tests/security/contentSecurityPolicy/object-src-url-blocked2-expected.txt: Added.
http/tests/security/contentSecurityPolicy/object-src-url-blocked2.html: Added.
http/tests/security/contentSecurityPolicy/resources/object-src-param.js: Removed.

11:39 AM Changeset in webkit [197696] by Ryan Haddad

2 edits in trunk/LayoutTests

Marking js/arraybuffer-wrappers.html as a flaky timeout on Mac
https://bugs.webkit.org/show_bug.cgi?id=155092

Unreviewed test gardening.

platform/mac/TestExpectations:

10:57 AM Changeset in webkit [197695] by benjamin@webkit.org

2 edits in trunk/Source/JavaScriptCore

[JSC] Improve and64() and or64() with immediate on x86
https://bugs.webkit.org/show_bug.cgi?id=155104

Reviewed by Geoffrey Garen.

GetButterflyReadOnly was doing:

movq 0x8(%rbx), %r9
movq $0xfffffffffffffffc, %r11
andq %r11, %r9

There is no need for the move to load the immediate,
andq sign extend its immediate.

With this patch, we have:

movq 0x8(%rbx), %r9
andq $0xfffffffffffffffc, %r9

assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::and64):
(JSC::MacroAssemblerX86_64::or64):

10:52 AM Changeset in webkit [197694] by bshafiei@apple.com

5 edits in tags/Safari-602.1.21.0.3/Source

Versioning.

10:51 AM Changeset in webkit [197693] by peavo@outlook.com

2 edits in trunk/Source/WebKit/win

[WinCairo][AcceleratedCompositing] Rendering issues on www.bbc.com.
https://bugs.webkit.org/show_bug.cgi?id=154912

Reviewed by Michael Catanzaro.

If we have a scroll layer, we should not include the scroll position in the visible rectangle,
since the scroll position is already reflected in the position of the scroll layer.

WebCoreSupport/AcceleratedCompositingContext.cpp:

(AcceleratedCompositingContext::flushPendingLayerChanges):

10:50 AM Changeset in webkit [197692] by bshafiei@apple.com

1 copy in tags/Safari-602.1.21.0.3

New tag.

10:44 AM Changeset in webkit [197691] by Ryan Haddad

2 edits in trunk/LayoutTests

Rebaseline inspector/model/remote-object.html for mac after r197626
https://bugs.webkit.org/show_bug.cgi?id=155115

Unreviewed test gardening.

platform/mac/inspector/model/remote-object-expected.txt:

10:41 AM Changeset in webkit [197690] by barraclough@apple.com

18 edits in trunk/Source

Convert DOMTimer to std::chrono::milliseconds
https://bugs.webkit.org/show_bug.cgi?id=155085

Reviewed by Andreas Kling.

DOMTimer currently uses a mix of millisecond (was int, now std::chrono) and second (as double)
time values. Constant conversion back and forth is a complete mess. Stop that.

Source/WebCore:

dom/Document.cpp:

(WebCore::Document::minimumTimerInterval):
(WebCore::Document::timerAlignmentInterval):

dom/Document.h:
- double -> std::chrono::milliseconds
dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::adjustMinimumTimerInterval):
(WebCore::ScriptExecutionContext::minimumTimerInterval):
(WebCore::ScriptExecutionContext::timerAlignmentInterval):

dom/ScriptExecutionContext.h:
- double -> std::chrono::milliseconds
page/DOMTimer.cpp:

(WebCore::DOMTimer::updateTimerIntervalIfNecessary):
(WebCore::DOMTimer::intervalClampedToMinimum):
(WebCore::DOMTimer::alignedFireTime):

page/DOMTimer.h:
- double -> std::chrono::milliseconds
page/Page.cpp:

(WebCore::Page::setTimerThrottlingState):
(WebCore::Page::setTimerAlignmentIntervalIncreaseLimit):
(WebCore::Page::updateDOMTimerAlignmentInterval):

page/Page.h:
- double -> std::chrono::milliseconds
page/Settings.cpp:

(WebCore::Settings::setNeedsAdobeFrameReloadingQuirk):
(WebCore::Settings::setMinimumDOMTimerInterval):

page/Settings.h:
- double -> std::chrono::milliseconds
page/SuspendableTimer.h:

(WebCore::SuspendableTimer::startRepeating):
(WebCore::SuspendableTimer::startOneShot):
(WebCore::SuspendableTimer::repeatIntervalMS):
(WebCore::SuspendableTimer::augmentFireInterval):
(WebCore::SuspendableTimer::augmentRepeatInterval):

added std::chrono::milliseconds interface.

platform/Timer.cpp:

(WebCore::TimerBase::setNextFireTime):

restructured for new alignedFireTime signatured, moved zero-delay handling to here. This change made because inside alignedFireTime fireTime will have already been truncated.

platform/Timer.h:

(WebCore::TimerBase::msToSeconds):
(WebCore::TimerBase::secondsToMS):

internal helper functions to bridge std::chrono::milliseconds to internal double.

(WebCore::TimerBase::startRepeating):
(WebCore::TimerBase::startOneShot):
(WebCore::TimerBase::repeatIntervalMS):
(WebCore::TimerBase::augmentFireInterval):
(WebCore::TimerBase::augmentRepeatInterval):

expanded std::chrono::milliseconds interface.

(WebCore::TimerBase::alignedFireTime):

changed to std::chrono::milliseconds, made return value Optional (null means no alignment).

testing/InternalSettings.cpp:

(WebCore::InternalSettings::setMinimumTimerInterval):

testing/InternalSettings.h:
- double -> std::chrono::milliseconds

Source/WebKit/win:

WebView.cpp:

(WebView::setMinimumTimerInterval):

Convert double argument into std::chrono::milliseconds.

10:41 AM Changeset in webkit [197689] by BJ Burg

11 edits in trunk/Source/JavaScriptCore

Web Inspector: It should be possible to initialize generated ObjC protocol types from an NSDictionary payload
https://bugs.webkit.org/show_bug.cgi?id=155102
<rdar://problem/25002015>

Reviewed by Timothy Hatcher.

In Objective-C code, we sometimes prefer to parse JSON using Cocoa rather
than the InspectorValue classes. Support initializing protocol objects
directly from an NSDictionary payload. This delegates validation of values to
the setter methods that already exist on the protocol object classes.

inspector/scripts/codegen/generate_objc_header.py:

(ObjCHeaderGenerator._generate_type_interface):

inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:

(ObjCProtocolTypesImplementationGenerator.generate_type_implementation):
(ObjCProtocolTypesImplementationGenerator._generate_init_method_for_payload):

inspector/scripts/codegen/objc_generator.py:

(ObjCGenerator.payload_to_objc_expression_for_member):
Add a new helper method to generate an expression to unpack the value
from an NSDictionary. If it's not a primitive, the setter performs
validation of the value's kind using -[NSObject isKindOfClass:].

Rebaseline relevant tests.

inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
inspector/scripts/tests/expected/type-declaration-object-type.json-result:
inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:

10:30 AM Changeset in webkit [197688] by benjamin@webkit.org

5 edits
1 add in trunk/Source/JavaScriptCore

[JSC] Simplify the overflow check of ArithAbs
https://bugs.webkit.org/show_bug.cgi?id=155063

Reviewed by Geoffrey Garen.

The only integer that overflow abs(int32) is INT_MIN.
For some reason, our code testing for that case
was checking the top bit of the result specifically.

The code required a large immediate on x86 and an extra
register on ARM64.

This patch turns the overflow check into a branch on
the sign of the result.

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileArithAbs):

jit/ThunkGenerators.cpp:

(JSC::absThunkGenerator):

tests/stress/arith-abs-overflow.js: Added.

(opaqueAbs):

10:25 AM Changeset in webkit [197687] by commit-queue@webkit.org

4 edits in trunk/Source/JavaScriptCore

[JSC] Improve how DFG zero Floating Point registers
https://bugs.webkit.org/show_bug.cgi?id=155096

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-07
Reviewed by Geoffrey Garen.

DFG had a weird way of zeroing a FPR:

-zero a GP.
-move that to a FP.

Filip added moveZeroToDouble() for B3. This patch
uses that in the lower tiers.

assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::moveZeroToDouble):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):

jit/ThunkGenerators.cpp:

(JSC::floorThunkGenerator):
(JSC::roundThunkGenerator):

10:24 AM Changeset in webkit [197686] by akling@apple.com

3 edits in trunk/Source/JavaScriptCore

REGRESSION (r197303): Web Inspector crashes web process when inspecting an element on TOT
<https://webkit.org/b/154812>

Reviewed by Geoffrey Garen.

Guard against null pointer dereference for UnlinkedCodeBlocks that don't have any control flow
profiling data.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):

bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::hasOpProfileControlFlowBytecodeOffsets):

10:23 AM Changeset in webkit [197685] by benjamin@webkit.org

3 edits in trunk/Source/JavaScriptCore

[JSC] Remove a useless "Move" from baseline-JIT op_mul's fast path
https://bugs.webkit.org/show_bug.cgi?id=155071

Reviewed by Geoffrey Garen.

We do not need to multiply to a scratch and then move the result
to the destination. We can just multiply to the destination.

jit/JITArithmetic.cpp:

(JSC::JIT::emit_op_mul):

jit/JITMulGenerator.cpp:

(JSC::JITMulGenerator::generateFastPath):

10:21 AM Changeset in webkit [197684] by Yusuke Suzuki

2 edits
2 adds in trunk/Source/JavaScriptCore

[JSC] StringObject.{put, defineOwnProperty} should realize indexed properties
https://bugs.webkit.org/show_bug.cgi?id=155089

Reviewed by Geoffrey Garen.

Through implementing Reflect.set[1], we found StringObject does not obey the spec.
StringObject::put should call putByIndex if the given propertyName is index.
And StringObject::defineOwnProperty should recognize indexed properties since
JSObject::defineOwnIndexedProperty is specialized to JSObject layout.
Before calling JSObject::defineOwnProperty,
StringObject should handle its special indexed own properties.
It is responsibility of StringObject::defineOwnProperty.

And the logic is cleaned up by using validateAndApplyPropertyDescriptor.

[1]: https://bugs.webkit.org/show_bug.cgi?id=155024

runtime/StringObject.cpp:

(JSC::StringObject::put):
(JSC::StringObject::putByIndex):
(JSC::isStringOwnProperty):
(JSC::StringObject::defineOwnProperty):
(JSC::StringObject::deleteProperty):

tests/stress/string-object-define-own-property.js: Added.

(shouldBe):
(shouldThrow):

tests/stress/string-object-put-by-index.js: Added.

(shouldBe):
(shouldThrow):
(testSloppy):
(testStrict):

9:50 AM Changeset in webkit [197683] by bshafiei@apple.com

5 edits in tags/Safari-602.1.21.0.2/Source

Versioning.

9:49 AM Changeset in webkit [197682] by bshafiei@apple.com

1 copy in tags/Safari-602.1.21.0.2

New tag.

9:30 AM Changeset in webkit [197681] by Simon Fraser

2 edits
2 adds in trunk/LayoutTests

[iOS Simulator] Three object-position tests failing after r197618
https://bugs.webkit.org/show_bug.cgi?id=155116

Mark two tests as image failures, and add new results for a compositing test.

platform/ios-simulator/TestExpectations:
platform/ios-simulator/compositing/video/video-object-position-expected.txt: Added.

7:22 AM Changeset in webkit [197680] by akling@apple.com

2 edits in trunk/Source/WebCore

Make RenderStyle copy-on-write a bit less.
<https://webkit.org/b/155106>

Reviewed by Antti Koivisto.

Add a cheesy SET_NESTED_VAR macro complement to SET_VAR so we can avoid copy-on-write
detachment of nested RenderStyle substructures when the leaf value doesn't change.

I spotted about 300kB of these mistakes being made during PLT on iOS, most of them
in the transformX setter.

rendering/style/RenderStyle.h:

4:12 AM Changeset in webkit [197679] by Carlos Garcia Campos

28 edits
3 adds in releases/WebKitGTK/webkit-2.12

Merge r197408 - Turn String.prototype.replace into an intrinsic
https://bugs.webkit.org/show_bug.cgi?id=154835

Reviewed by Michael Saboff.

Source/JavaScriptCore:

Octane/regexp spends a lot of time in String.prototype.replace(). That function does a lot
of checks to see if the parameters are what they are likely to often be (a string, a
regexp, and a string). The intuition of this patch is that it's good to remove those checks
and it's good to call the native function as directly as possible.

This yields a 10% speed-up on a replace microbenchmark and a 3% speed-up on Octane/regexp.
It also improves Octane/jquery.

This is only the beginning of what I want to do with replace optimizations. The other
optimizations will rely on StringReplace being revealed as a construct in DFG IR.

JavaScriptCore.xcodeproj/project.pbxproj:
bytecode/SpeculatedType.cpp:

(JSC::dumpSpeculation):
(JSC::speculationToAbbreviatedString):
(JSC::speculationFromClassInfo):

bytecode/SpeculatedType.h:

(JSC::isStringOrStringObjectSpeculation):
(JSC::isRegExpObjectSpeculation):
(JSC::isBoolInt32Speculation):

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGNode.h:

(JSC::DFG::Node::shouldSpeculateStringOrStringObject):
(JSC::DFG::Node::shouldSpeculateRegExpObject):
(JSC::DFG::Node::shouldSpeculateSymbol):

dfg/DFGNodeType.h:
dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGSafeToExecute.h:

(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::speculateFinalObject):
(JSC::DFG::SpeculativeJIT::speculateRegExpObject):
(JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
(JSC::DFG::SpeculativeJIT::speculate):

dfg/DFGSpeculativeJIT.h:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGUseKind.cpp:

(WTF::printInternal):

dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):
(JSC::DFG::isCell):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::compileStringReplace):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):
(JSC::FTL::DFG::LowerDFGToB3::speculate):
(JSC::FTL::DFG::LowerDFGToB3::speculateFinalObject):
(JSC::FTL::DFG::LowerDFGToB3::speculateRegExpObject):
(JSC::FTL::DFG::LowerDFGToB3::speculateString):

jit/JITOperations.h:
runtime/Intrinsic.h:
runtime/JSType.h:
runtime/RegExpObject.h:

(JSC::RegExpObject::createStructure):

runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):
(JSC::removeUsingRegExpSearch):
(JSC::replaceUsingRegExpSearch):
(JSC::operationStringProtoFuncReplaceRegExpString):
(JSC::replaceUsingStringSearch):
(JSC::stringProtoFuncRepeat):
(JSC::replace):
(JSC::stringProtoFuncReplace):
(JSC::operationStringProtoFuncReplaceGeneric):
(JSC::stringProtoFuncToString):

runtime/StringPrototype.h:

LayoutTests:

js/regress/script-tests/string-replace.js: Added.
js/regress/string-replace-expected.txt: Added.
js/regress/string-replace.html: Added.

4:07 AM Changeset in webkit [197678] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

[TextureMapper] [BitmapTexturePool] Use appropriate list size when freeing textures
https://bugs.webkit.org/show_bug.cgi?id=155105

Patch by Miguel Gomez <magomez@igalia.com> on 2016-03-07
Reviewed by Žan Doberšek.

Use appropriate list size when releasing the textures used as attachment.
This is a fix for the patch to https://bugs.webkit.org/show_bug.cgi?id=154965.

No new tests because no new functionality was added.

platform/graphics/texmap/BitmapTexturePool.cpp:

(WebCore::BitmapTexturePool::releaseUnusedTexturesTimerFired):

3:36 AM Changeset in webkit [197677] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197405 - Modern IDB: Possible crash deallocating IDBDatabaseInfo/IDBObjectStoreInfo/IDBIndexInfo.
https://bugs.webkit.org/show_bug.cgi?id=154860

Reviewed by Alex Christensen.

Covered by existing tests.

Modules/indexeddb/shared/IDBDatabaseInfo.cpp:

(WebCore::IDBDatabaseInfo::IDBDatabaseInfo):
(WebCore::IDBDatabaseInfo::isolatedCopy):

Modules/indexeddb/shared/IDBDatabaseInfo.h:

Modules/indexeddb/shared/IDBTransactionInfo.cpp:

(WebCore::IDBTransactionInfo::isolatedCopy): If there's an IDBDatabaseInfo to copy, that

copy needs to be isolated.

3:34 AM Changeset in webkit [197676] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197402 - NetworkCache: Web process leaks resource buffer when using shareable reasources
https://bugs.webkit.org/show_bug.cgi?id=154852

Reviewed by Darin Adler.

ResourceLoader::didReceiveBuffer() expects a PassRefPtr, but we
are passing a raw pointer making PassRefPtr to take another
reference instead of transfering the ownership as expected.

WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::didReceiveResource):

3:31 AM Changeset in webkit [197675] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197387 - TextureMapperGL: simplify TransformationMatrix copies in draw(), beginClip()
https://bugs.webkit.org/show_bug.cgi?id=154791

Reviewed by Carlos Garcia Campos.

In both functions, the passed-in model-view matrix is first copied, multiplied
against a rect-to-rect TransformationMatrix, and then assigned into a local
TransformationMatrix variable, which causes another copy due to the multiply()
function returning a reference to the modified object.

To avoid the last copy, first copy the model-view matrix into a local variable,
and multiply the rect-to-rect TransformationMatrix into the new object afterwards.

platform/graphics/texmap/TextureMapperGL.cpp:

(WebCore::TextureMapperGL::draw):
(WebCore::TextureMapperGL::beginClip):

3:30 AM Changeset in webkit [197674] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197386 - ImageBufferCairo should support OpenGL ES 2 configurations
https://bugs.webkit.org/show_bug.cgi?id=154790

Reviewed by Carlos Garcia Campos.

When building with OpenGL ES 2 and with accelerated 2D canvas support,
the GLES2 header should be included instead of the OpenGLShims.h header.

The glTexParameterf() calls targeting GL_TEXTURE_WRAP_S and
GL_TEXTURE_WRAP_T parameters should use the GL_CLAMP_TO_EDGE value.
GL_CLAMP isn't available in OpenGL ES 2 and was dropped in OpenGL 3.

platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBufferData::createCairoGLSurface):

3:30 AM Changeset in webkit [197673] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197385 - TextureMapperGL: beginPainting() should handle the PaintingMirrored value in PaintFlags
https://bugs.webkit.org/show_bug.cgi?id=154789

Reviewed by Carlos Garcia Campos.

platform/graphics/texmap/TextureMapperGL.cpp:

(WebCore::TextureMapperGL::beginPainting): The ClipStack should be reset with
a Y-axis mode that corresponds to the presence of the PaintingMirrored value in
the passed-in PaintFlags argument. If present, the default Y-axis mode should be
used, and the inverted Y-axis otherwise.

3:28 AM Changeset in webkit [197672] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197381 - regress/script-tests/double-pollution-putbyoffset.js.ftl-eager timed out because of a lock ordering deadlock involving InferredType and CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=154841

Reviewed by Benjamin Poulain.

Here's the deadlock:

Main thread:

1) Change an InferredType. This acquires InferredType::m_lock.
2) Fire watchpoint set. This triggers CodeBlock invalidation, which acquires

CodeBlock::m_lock.

DFG thread:

1) Iterate over the information in a CodeBlock. This acquires CodeBlock::m_lock.
2) Ask an InferredType for its descriptor(). This acquires InferredType::m_lock.

I think that the DFG thread's ordering should be legal, because the best logic for lock
hierarchies is that locks that protect the largest set of stuff should be acquired first.

This means that the main thread shouldn't be holding the InferredType::m_lock when firing
watchpoint sets. That's what this patch ensures.

At the time of writing, this test was deadlocking for me on trunk 100% of the time. With
this change I cannot get it to deadlock.

runtime/InferredType.cpp:

(JSC::InferredType::willStoreValueSlow):
(JSC::InferredType::makeTopSlow):
(JSC::InferredType::set):
(JSC::InferredType::removeStructure):
(JSC::InferredType::InferredStructureWatchpoint::fireInternal):

runtime/InferredType.h:

3:08 AM Changeset in webkit [197671] by Carlos Garcia Campos

46 edits
8 adds in releases/WebKitGTK/webkit-2.12

Merge r197380 - [DFG][FTL][B3] Support floor and ceil
https://bugs.webkit.org/show_bug.cgi?id=154683

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch implements and fixes the following things.

Implement Ceil and Floor in DFG, FTL and B3

x86 SSE 4.2 and ARM64 have round instructions that can directly perform Ceil or Floor.
This patch leverages this functionality. We introduce ArithFloor and ArithCeil.
During DFG phase, these nodes attempt to convert itself to Identity (in Fixup phase).
As the same to ArithRound, it tracks arith rounding mode.
And if these nodes are required to emit machine codes, we emit rounding machine code
if it is supported in the current machine. For example, in x86, we emit round.

This Floor functionality is nice for @toInteger in builtin.
That is used for Array.prototype.{forEach, map, every, some, reduce...}
And according to the benchmark results, Kraken audio-oscillator is slightly improved
due to its frequent Math.round and Math.floor calls.

Implement Floor in B3 and Air

As the same to Ceil in B3, we add a new B3 IR and Air opcode, Floor.
This Floor is leveraged to implement ArithFloor in DFG.

Fix ArithRound operation

Currently, we used cvtsd2si (in x86) to convert double value to int32.
And we also used this to implement Math.round, like, cvtsd2si(value + 0.5).
However, this implementation is not correct. Because cvtsd2si is not floor operation.
It is trucate operation. This is OK for positive numbers. But NG for negative numbers.
For example, the current implementation accidentally rounds -0.6 to -0.0. This should be -1.0.
Using Ceil and Floor instructions, we implement correct ArithRound.

assembler/MacroAssemblerARM.h:

(JSC::MacroAssemblerARM::supportsFloatingPointRounding):
(JSC::MacroAssemblerARM::ceilDouble):
(JSC::MacroAssemblerARM::floorDouble):
(JSC::MacroAssemblerARM::supportsFloatingPointCeil): Deleted.

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::supportsFloatingPointRounding):
(JSC::MacroAssemblerARM64::floorFloat):
(JSC::MacroAssemblerARM64::supportsFloatingPointCeil): Deleted.

assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::supportsFloatingPointRounding):
(JSC::MacroAssemblerARMv7::ceilDouble):
(JSC::MacroAssemblerARMv7::floorDouble):
(JSC::MacroAssemblerARMv7::supportsFloatingPointCeil): Deleted.

assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::ceilDouble):
(JSC::MacroAssemblerMIPS::floorDouble):
(JSC::MacroAssemblerMIPS::supportsFloatingPointRounding):
(JSC::MacroAssemblerMIPS::supportsFloatingPointCeil): Deleted.

assembler/MacroAssemblerSH4.h:

(JSC::MacroAssemblerSH4::supportsFloatingPointRounding):
(JSC::MacroAssemblerSH4::ceilDouble):
(JSC::MacroAssemblerSH4::floorDouble):
(JSC::MacroAssemblerSH4::supportsFloatingPointCeil): Deleted.

assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::floorDouble):
(JSC::MacroAssemblerX86Common::floorFloat):
(JSC::MacroAssemblerX86Common::supportsFloatingPointRounding):
(JSC::MacroAssemblerX86Common::supportsFloatingPointCeil): Deleted.

b3/B3ConstDoubleValue.cpp:

(JSC::B3::ConstDoubleValue::floorConstant):

b3/B3ConstDoubleValue.h:
b3/B3ConstFloatValue.cpp:

(JSC::B3::ConstFloatValue::floorConstant):

b3/B3ConstFloatValue.h:
b3/B3LowerMacrosAfterOptimizations.cpp:
b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::lower):

b3/B3Opcode.cpp:

(WTF::printInternal):

b3/B3Opcode.h:
b3/B3ReduceDoubleToFloat.cpp:
b3/B3ReduceStrength.cpp:
b3/B3Validate.cpp:
b3/B3Value.cpp:

(JSC::B3::Value::floorConstant):
(JSC::B3::Value::isRounded):
(JSC::B3::Value::effects):
(JSC::B3::Value::key):
(JSC::B3::Value::typeFor):

b3/B3Value.h:
b3/air/AirFixPartialRegisterStalls.cpp:
b3/air/AirOpcode.opcodes:
b3/testb3.cpp:

(JSC::B3::testFloorCeilArg):
(JSC::B3::testFloorArg):
(JSC::B3::testFloorImm):
(JSC::B3::testFloorMem):
(JSC::B3::testFloorFloorArg):
(JSC::B3::testCeilFloorArg):
(JSC::B3::testFloorIToD64):
(JSC::B3::testFloorIToD32):
(JSC::B3::testFloorArgWithUselessDoubleConversion):
(JSC::B3::testFloorArgWithEffectfulDoubleConversion):
(JSC::B3::run):

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGArithMode.cpp:

(WTF::printInternal):

dfg/DFGArithMode.h:
dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):

dfg/DFGGraph.h:

(JSC::DFG::Graph::roundShouldSpeculateInt32):

dfg/DFGNode.h:

(JSC::DFG::Node::arithNodeFlags):
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::hasArithRoundingMode):

dfg/DFGNodeType.h:
dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithRounding):
(JSC::DFG::SpeculativeJIT::compileArithRound): Deleted.

dfg/DFGSpeculativeJIT.h:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileArithRound):
(JSC::FTL::DFG::LowerDFGToB3::compileArithFloor):
(JSC::FTL::DFG::LowerDFGToB3::compileArithCeil):

ftl/FTLOutput.h:

(JSC::FTL::Output::doubleFloor):

jit/ThunkGenerators.cpp:

(JSC::ceilThunkGenerator):

tests/stress/math-ceil-arith-rounding-mode.js: Added.

(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):

tests/stress/math-ceil-basics.js: Added.

(mathCeilOnIntegers):
(mathCeilOnDoubles):
(mathCeilOnBooleans):
(uselessMathCeil):
(mathCeilWithOverflow):
(mathCeilConsumedAsDouble):
(mathCeilDoesNotCareAboutMinusZero):
(mathCeilNoArguments):
(mathCeilTooManyArguments):
(testMathCeilOnConstants):
(mathCeilStructTransition):
(Math.ceil):

tests/stress/math-floor-arith-rounding-mode.js: Added.

(firstCareAboutZeroSecondDoesNot):
(firstDoNotCareAboutZeroSecondDoes):
(warmup):
(verifyNegativeZeroIsPreserved):

tests/stress/math-floor-basics.js: Added.

(mathFloorOnIntegers):
(mathFloorOnDoubles):
(mathFloorOnBooleans):
(uselessMathFloor):
(mathFloorWithOverflow):
(mathFloorConsumedAsDouble):
(mathFloorDoesNotCareAboutMinusZero):
(mathFloorNoArguments):
(mathFloorTooManyArguments):
(testMathFloorOnConstants):
(mathFloorStructTransition):
(Math.floor):

tests/stress/math-round-should-not-use-truncate.js: Added.

(mathRoundDoesNotCareAboutMinusZero):

tests/stress/math-rounding-infinity.js: Added.

(shouldBe):
(testRound):
(testFloor):
(testCeil):

tests/stress/math-rounding-nan.js: Added.

(shouldBe):
(testRound):
(testFloor):
(testCeil):

tests/stress/math-rounding-negative-zero.js: Added.

(shouldBe):
(testRound):
(testFloor):
(testCeil):
(testRoundNonNegativeZero):
(testRoundNonNegativeZero2):

Websites/webkit.org:

docs/b3/intermediate-representation.html:

2:45 AM Changeset in webkit [197670] by Carlos Garcia Campos

29 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197379 - Add new MethodTable method to get an estimated size for a cell
https://bugs.webkit.org/show_bug.cgi?id=154838

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-02-29
Reviewed by Filip Pizlo.

The new class method estimatedSize(JSCell*) estimates the size for a single cell.
As the name implies, this is meant to be an approximation. It is more important
that big objects report a large size, then to get perfect size information for
all objects in the heap.

Base implementation (JSCell):

returns the MarkedBlock bucket size for this cell.
This gets us the object size include inline storage. Basically a better sizeof.

Subclasses with "Extra Memory Cost":

Any class that reports extra memory (reportExtraMemoryVisited) should include that in the estimated size.
E.g. CodeBlock, JSGenericTypedArrayView, WeakMapData, etc.

Subclasses with "Copied Space" storage:

Any class with data in copied space (copyBackingStore) should include that in the estimated size.
E.g. JSObject, JSGenericTypedArrayView, JSMap, JSSet, DirectArguments, etc.

Add reportExtraMemoryVisited for UnlinkedCodeBlock's compressed unlinked
instructions because this can be larger than 1kb, which is significant.

This has one special case for RegExp generated bytecode / JIT code, which
does not currently fall into the extra memory cost or copied space storage.
In practice I haven't seen this grow to a significant cost.

runtime/ClassInfo.h:

Add the new estimatedSize method to the table.

bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::visitChildren):
(JSC::UnlinkedCodeBlock::estimatedSize):
(JSC::UnlinkedCodeBlock::setInstructions):

bytecode/UnlinkedCodeBlock.h:

Report an extra memory cost for unlinked code blocks like
we do for linked code blocks.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::estimatedSize):

bytecode/CodeBlock.h:
bytecode/UnlinkedInstructionStream.cpp:

(JSC::UnlinkedInstructionStream::sizeInBytes):

bytecode/UnlinkedInstructionStream.h:
runtime/DirectArguments.cpp:

(JSC::DirectArguments::estimatedSize):

runtime/DirectArguments.h:
runtime/JSCell.cpp:

(JSC::JSCell::estimatedSizeInBytes):
(JSC::JSCell::estimatedSize):

runtime/JSCell.h:
runtime/JSGenericTypedArrayView.h:
runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::estimatedSize):

runtime/JSMap.cpp:

(JSC::JSMap::estimatedSize):

runtime/JSMap.h:
runtime/JSObject.cpp:

(JSC::JSObject::visitButterfly):

runtime/JSObject.h:
runtime/JSSet.cpp:

(JSC::JSSet::estimatedSize):

runtime/JSSet.h:
runtime/JSString.cpp:

(JSC::JSString::estimatedSize):

runtime/JSString.h:
runtime/MapData.h:

(JSC::MapDataImpl::capacityInBytes):

runtime/WeakMapData.cpp:

(JSC::WeakMapData::estimatedSize):
(JSC::WeakMapData::visitChildren):

runtime/WeakMapData.h:

Implement estimated size following the pattern of reporting
extra visited size, or copy space memory.

runtime/RegExp.cpp:

(JSC::RegExp::estimatedSize):

runtime/RegExp.h:
yarr/YarrInterpreter.h:

(JSC::Yarr::ByteDisjunction::estimatedSizeInBytes):
(JSC::Yarr::BytecodePattern::estimatedSizeInBytes):

yarr/YarrJIT.h:

(JSC::Yarr::YarrCodeBlock::size):
Include generated bytecode / JITCode to a RegExp's size.

2:43 AM Changeset in webkit [197669] by Manuel Rego Casasnovas

3 edits in trunk/LayoutTests

[css-grid] Add missing test for grid-template shorthand
https://bugs.webkit.org/show_bug.cgi?id=155013

Reviewed by Sergio Villar Senin.

We support the following syntax in grid-template shorthand:

-webkit-grid-template: [foo1] 'a' 50px [foo2]

[bar1] 'b' 50px [bar2] / 100px;

But we don't have a test to check that grid-template-rows value
has the names of the same lines grouped. So it's:

[foo1] 50px [foo2 bar1] 50px [bar2];

This means that if we remove the third argument in
CSSParser::parseGridLineNames(), all the current tests are passing.

Without that argument, the value for grid-template-rows would be:

[foo1] 50px [foo2] [bar1] 50px [bar2];

Which is wrong.

This patch adds a specific test case for this which would fail
in that case.

fast/css-grid-layout/grid-template-shorthand-get-set-expected.txt:
fast/css-grid-layout/grid-template-shorthand-get-set.html:

2:19 AM Changeset in webkit [197668] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197374 - SpeculatedType should be easier to edit
https://bugs.webkit.org/show_bug.cgi?id=154840

Reviewed by Mark Lam.

We used to specify the bitmasks in SpeculatedType.h using hex codes. This used to work
great because we didn't have so many masks and you could use the mask to visually see
which ones overlapped. It also made it easy to visualize subset relationships.

But now we have a lot of masks with a lot of confusing overlaps, and it's no longer
possible to just see their relationship by looking at hex codes. Worse, the use of hex
codes makes it super annoying to move the bits around. For example, right now we have two
bits free, but if we wanted to reclaim them by editing the old hex masks, it would be a
nightmare.

So this patch replaces the hex masks with shift expressions (1u << 15 for example) and it
makes any derived masks (i.e. masks that are the bit-or of other masks) be expressed using
an or expression (SpecFoo | SpecBar | SpecBaz for example).

This makes it easier to see the relationships and it makes it easier to take bits for new
types.

bytecode/SpeculatedType.h:

2:12 AM WebKitGTK/2.4.x edited by tpopela@redhat.com

(diff)

1:58 AM Changeset in webkit [197667] by Carlos Garcia Campos

8 edits
3 adds in releases/WebKitGTK/webkit-2.12

Merge r197372 - Modern IDB: WebKit 2 IPC layer easily confused about multiple web processes being connected.
https://bugs.webkit.org/show_bug.cgi?id=154837

Reviewed by Alex Christensen.

Source/WebKit2:

The crux of the bug is that WebProcesses cannot assign themselves server-unique identifiers...
The server must do that for them.

A once-per-session-per-WebProcess sync message and a few updates to connection management fix this.

DatabaseProcess/DatabaseToWebProcessConnection.cpp:

(WebKit::DatabaseToWebProcessConnection::didReceiveSyncMessage):
(WebKit::generateConnectionToServerIdentifier):
(WebKit::DatabaseToWebProcessConnection::establishIDBConnectionToServer):

DatabaseProcess/DatabaseToWebProcessConnection.h:
DatabaseProcess/DatabaseToWebProcessConnection.messages.in:

WebProcess/Databases/IndexedDB/WebIDBConnectionToServer.cpp:

(WebKit::WebIDBConnectionToServer::WebIDBConnectionToServer):
(WebKit::generateConnectionToServerIdentifier): Deleted.

WebProcess/Databases/WebToDatabaseProcessConnection.cpp:

(WebKit::WebToDatabaseProcessConnection::didReceiveMessage):
(WebKit::WebToDatabaseProcessConnection::idbConnectionToServerForSession):

WebProcess/Databases/WebToDatabaseProcessConnection.h:

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-1.html: Added.
TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess-2.html: Added.
TestWebKitAPI/Tests/WebKit2Cocoa/IndexedDBMultiProcess.mm: Added.

1:56 AM Changeset in webkit [197666] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197370 - OverridesHasInstance constant folding is wrong
https://bugs.webkit.org/show_bug.cgi?id=154833

Reviewed by Filip Pizlo.

The current implementation of OverridesHasInstance constant folding
is incorrect. Since it relies on OSR exit information it has been
moved to the StrengthReductionPhase. Normally, such an optimazation would be
put in FixupPhase, however, there are a number of cases where we don't
determine an edge of OverridesHasInstance is a constant until after fixup.
Performing the optimization during StrengthReductionPhase means we can defer
our decision until later.

In the future we should consider creating a version of this optimization
that does not depend on OSR exit information and move the optimization back
to ConstantFoldingPhase.

dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.

dfg/DFGStrengthReductionPhase.cpp:

(JSC::DFG::StrengthReductionPhase::handleNode):

1:48 AM Changeset in webkit [197665] by Carlos Garcia Campos

5 edits
6 adds in releases/WebKitGTK/webkit-2.12

Merge r197366 - B3 should have global store elimination
https://bugs.webkit.org/show_bug.cgi?id=154658

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Implements fairly comprehensive global store elimination:

1) If you store the result of a load with no interference in between, remove the store.

2) If you store the same thing you stored previously, remove the store.

3) If you store something that you either loaded previously or stored previously along

arbitrarily many paths, remove the store.

4) If you store to something that is stored to again in the future with no interference in

between, remove the store.

Rule (4) is super relevant to FTL since the DFG does not eliminate redundant PutStructures.
A constructor that produces a large object will have many redundant stores to the same base
pointer, offset, and heap range, with no code to observe that heap raneg in between.

This doesn't have a decisive effect on major benchmarks, but it's an enormous win for
microbenchmarks:

30% faster to construct an object with many fields.

5x faster to do many stores to a global variable.

The compile time cost should be very small. Although the optimization is global, it aborts as
soon as it sees anything that would confound store elimination. For rules (1)-(3), we
piggy-back the existing load elimination, which gives up on interfering stores. For rule (4),
we search forward through the current block and then globally a block at a time (skipping
block contents thanks to summary data), which could be expensive. But rule (4) aborts as soon
as it sees a read, write, or end block (Return or Oops). Any Check will claim to read TOP. Any
Patchpoint that results from an InvalidationPoint will claim to read TOP, as will any
Patchpoints for ICs. Those are usually sprinkled all over the program.

In other words, this optimization rarely kicks in. When it does kick in, it makes programs run
faster. When it doesn't kick in, it's usually O(1) because there are reasons for aborting all
over a "normal" program so the search will halt almost immediately. This of course raises the
question: how much more in compile time do we pay when the optimization does kick in? The
optimization kicks in the most for the microbenchmarks I wrote for this patch. Amazingly, the
effect of the optimization a wash for compile time: whatever cost we pay doing the O(n^{2)

searches is balanced by the massive reduction in work in the backend. On one of the two

microbenchmarks, overall compile time actually shrank with this optimization even though CSE

itself cost more. That's not too surprising - the backend costs much more per instruction, so

things that remove instructions before we get to the backend tend to be a good idea.}

We could consider adding a more aggressive version of this in the future, which could sink
stores into checks. That could be crazy fun: https://bugs.webkit.org/show_bug.cgi?id=152162#c3

But mainly, I'm adding this optimization because it was super fun to implement during the
WebAssembly CG summit.

b3/B3EliminateCommonSubexpressions.cpp:
b3/B3MemoryValue.h:
b3/B3SuccessorCollection.h:

(JSC::B3::SuccessorCollection::begin):
(JSC::B3::SuccessorCollection::end):
(JSC::B3::SuccessorCollection::const_iterator::const_iterator):
(JSC::B3::SuccessorCollection::const_iterator::operator*):
(JSC::B3::SuccessorCollection::const_iterator::operator++):
(JSC::B3::SuccessorCollection::const_iterator::operator==):
(JSC::B3::SuccessorCollection::const_iterator::operator!=):

LayoutTests:

These two benchmarks both speed up significantly with this change.

js/regress/build-large-object-expected.txt: Added.
js/regress/build-large-object.html: Added.
js/regress/many-repeat-stores-expected.txt: Added.
js/regress/many-repeat-stores.html: Added.
js/regress/script-tests/build-large-object.js: Added.
js/regress/script-tests/many-repeat-stores.js: Added.

1:47 AM WebKitGTK/2.4.x edited by berto@igalia.com

(diff)

1:46 AM WebKitGTK/2.4.x edited by berto@igalia.com

(diff)

1:39 AM Changeset in webkit [197664] by Carlos Garcia Campos

9 edits
1 add in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197365 - Make it cheap to #include "JITOperations.h"
https://bugs.webkit.org/show_bug.cgi?id=154836

Reviewed by Mark Lam.

Prior to this change, this header included the whole world even though it did't have any
definitions. This patch turns almost all of the includes into forward declarations. Right
now this header is very cheap to include.

JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
JavaScriptCore.xcodeproj/project.pbxproj:
dfg/DFGSpeculativeJIT.h:
jit/JITOperations.cpp:
jit/JITOperations.h:
jit/Repatch.h:
runtime/CommonSlowPaths.h:

(JSC::encodeResult): Deleted.
(JSC::decodeResult): Deleted.

runtime/SlowPathReturnType.h: Added.

(JSC::encodeResult):
(JSC::decodeResult):

1:37 AM WebKitGTK/2.4.x edited by tpopela@redhat.com

(diff)

1:36 AM Changeset in webkit [197663] by Carlos Garcia Campos

8 edits
2 adds in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r197357 - FTL should be able to run everything in Octane/regexp
https://bugs.webkit.org/show_bug.cgi?id=154266

Reviewed by Saam Barati.

Adds FTL support for NewRegexp, RegExpTest, and RegExpExec. I couldn't figure out how to
make the RegExpExec peephole optimization work in FTL. This optimizations shouldn't be a
DFG backend optimization anyway - if we need this optimization then it should be a
strength reduction rule over IR. That way, it can be shared by all backends.

I measured whether removing that optimization had any effect on performance separately
from measuring the performance of this patch. Removing that optimization did not change
our score on any benchmarks.

This patch does have an overall negative effect on the Octane/regexp score. This is
presumably because tiering up to the FTL has no value to the code in the regexp test. Or
maybe it's something else. No matter - the overall effect on the Octane score is not
statistically significant and we don't want this kind of coverage blocked by the fact
that adding coverage hurts a benchmark.

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGNode.h:

(JSC::DFG::Node::setIndexingType):
(JSC::DFG::Node::hasRegexpIndex):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNotifyWrite):
(JSC::DFG::SpeculativeJIT::compileIsObjectOrNull):
(JSC::DFG::SpeculativeJIT::compileRegExpExec): Deleted.

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):
(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):

tests/stress/ftl-regexp-exec.js: Added.
tests/stress/ftl-regexp-test.js: Added.

1:25 AM Changeset in webkit [197662] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebKit2

Merge r197352 - Fixed compilation with !ENABLE(DATABASE_PROCESS).
https://bugs.webkit.org/show_bug.cgi?id=154813

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-02-29
Reviewed by Michael Catanzaro.

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::terminateDatabaseProcess): Added missing #if
guard.

1:24 AM Changeset in webkit [197661] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.12

Merge r197351 - [GTK] Touch slider test fails due to assertion in webkitWebViewBaseTouchEvent()
https://bugs.webkit.org/show_bug.cgi?id=153829

Patch by Adrien Plazas <aplazas@igalia.com> on 2016-02-29
Reviewed by Carlos Garcia Campos.

Source/WebKit2:

Once a touch event sequence is identified as a gesture, remove it
from the list of handled touch events.

UIProcess/API/gtk/WebKitWebViewBase.cpp:

(webkitWebViewBaseTouchEvent):

LayoutTests:

platform/gtk/TestExpectations:

Remove now passing tests from the expected failures.

Mar 6, 2016:

11:54 PM Changeset in webkit [197660] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.4/Source/JavaScriptCore

Merge r173886 - [CLoop] - Fix CLoop on the 32-bit Big-Endians
https://bugs.webkit.org/show_bug.cgi?id=137020

Patch by Tomas Popela <tpopela@redhat.com> on 2014-09-23
Reviewed by Mark Lam.

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter32_64.asm:

10:41 PM Changeset in webkit [197659] by Nikita Vasilyev

3 edits in trunk/Source/WebInspectorUI

Web Inspector: Use half-pixel borders for data grids
https://bugs.webkit.org/show_bug.cgi?id=154437
<rdar://problem/24736365>

Reviewed by Timothy Hatcher.

UserInterface/Views/DataGrid.css:

(.data-grid.inline):
(.data-grid th):
(.data-grid :matches(th, td):not(:last-child)):
Half-pixel borders round to 1px on 1x (non-retina) screens since r192444.

UserInterface/Views/DataGrid.js:

(WebInspector.DataGrid.prototype._positionResizerElements):
Use getBoundingClientRect for better precision since it provides subpixel values.

7:52 PM Changeset in webkit [197658] by BJ Burg

12 edits in trunk/Source/JavaScriptCore

Web Inspector: the protocol generator should have separate prefix options for Objective-C classes and filenames
https://bugs.webkit.org/show_bug.cgi?id=155101
<rdar://problem/25000053>

Reviewed by Timothy Hatcher.

It should be possible to generate Objective-C protocol types without prefixing all class names.
The prefixes are only necessary when the generated files are part of a framework, but this isn't
how the generated Objective-C frontend files are used.

Add a separate framework setting and switch over code to use the 'protocol_group' in filenames,
and the 'objc_prefix' for Objective-C enum and class prefixes.

No tests need to be rebaselined because tests always set the protocol_group and objc_prefix
to the same value.

inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:

(ObjCBackendDispatcherHeaderGenerator.output_filename):

inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:

(ObjCConfigurationImplementationGenerator.output_filename):
(ObjCConfigurationImplementationGenerator.generate_output):

inspector/scripts/codegen/generate_objc_configuration_header.py:

(ObjCConfigurationHeaderGenerator.output_filename):
(ObjCConfigurationHeaderGenerator.generate_output):
(ObjCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):

inspector/scripts/codegen/generate_objc_configuration_implementation.py:

(ObjCBackendDispatcherImplementationGenerator.output_filename):
(ObjCBackendDispatcherImplementationGenerator.generate_output):
(ObjCBackendDispatcherImplementationGenerator._generate_configuration_implementation_for_domains):

inspector/scripts/codegen/generate_objc_conversion_helpers.py:

(ObjCConversionHelpersGenerator.output_filename):

inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:

(ObjCFrontendDispatcherImplementationGenerator.output_filename):
(ObjCFrontendDispatcherImplementationGenerator.generate_output):

inspector/scripts/codegen/generate_objc_header.py:

(ObjCHeaderGenerator.output_filename):

inspector/scripts/codegen/generate_objc_internal_header.py:

(ObjCInternalHeaderGenerator.output_filename):
(ObjCInternalHeaderGenerator.generate_output):

inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:

(ObjCProtocolTypesImplementationGenerator.output_filename):
(ObjCProtocolTypesImplementationGenerator.generate_output):

inspector/scripts/codegen/models.py:
inspector/scripts/codegen/objc_generator.py:

(ObjCGenerator):
(ObjCGenerator.protocol_name):
(ObjCGenerator.objc_prefix):

7:37 PM Changeset in webkit [197657] by BJ Burg

6 edits in trunk/Source/JavaScriptCore

Unreviewed, rebaseline inspector protocol generator tests after r197563.

inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
inspector/scripts/tests/expected/enum-values.json-result:
inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:

7:36 PM Changeset in webkit [197656] by enrica@apple.com

3 edits in trunk/Source/WebKit2

Support preview on attachment elements.
https://bugs.webkit.org/show_bug.cgi?id=155074
rdar://problem/24806079

Reviewed by Sam Weinig.

Allowing preview to start on attachment elements.
Adding a private UIDelegate method to provide the data for the preview.

UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _interactionShouldBeginFromPreviewItemController:forPosition:]):
(-[WKContentView _dataForPreviewItemController:atPosition:type:]):

7:21 PM Changeset in webkit [197655] by benjamin@webkit.org

3 edits in trunk/Source/JavaScriptCore

[JSC] Improve DFG's Int32 ArithMul if one operand is a constant
https://bugs.webkit.org/show_bug.cgi?id=155066

Reviewed by Filip Pizlo.

When multiplying an integer by a constant, DFG was doing quite
a bit worse than baseline JIT.
We were loading the constant into a register, doing the multiply,
the checking the result and both operands for negative zero.

This patch changes:
-Use the multiply-by-immediate form on x86.
-Do as few checks as possible to detect negative-zero.

In most cases, this reduce the negative-zero checks
to zero or one TEST+JUMP.

assembler/MacroAssembler.h:

(JSC::MacroAssembler::mul32):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithMul):

6:43 PM Changeset in webkit [197654] by benjamin@webkit.org

4 edits in trunk/Source/JavaScriptCore

[JSC] Remove a superfluous Move in front of every double unboxing
https://bugs.webkit.org/show_bug.cgi?id=155064

Reviewed by Saam Barati.

Double unboxing was always doing:

Move source, scratch
Add64 tag, scratch
IntToDouble scratch, fp

We do not need to "Move" to copy the source.
Both x86 and ARM64 have an efficient 3 operands Add instruction.

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileValueToInt32):
(JSC::DFG::SpeculativeJIT::compileDoubleRep):
(JSC::DFG::SpeculativeJIT::speculateRealNumber):

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::unboxDouble):

jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::unboxDoubleWithoutAssertions):
(JSC::AssemblyHelpers::unboxDouble):
(JSC::AssemblyHelpers::unboxDoubleNonDestructive):

6:42 PM Changeset in webkit [197653] by benjamin@webkit.org

6 edits in trunk/Source/JavaScriptCore

[JSC] Use 3 operands Add in more places
https://bugs.webkit.org/show_bug.cgi?id=155082

Reviewed by Filip Pizlo.

assembler/MacroAssembler.h:

(JSC::MacroAssembler::addPtr):
(JSC::MacroAssembler::add32):

assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::add32):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArithAdd):
The case with child1 constant is useless.
The canonical form will have the constant as child2.

Also add register reuse for the fast-add.
Registers are a scarce resource on x86.

jit/CCallHelpers.h:

(JSC::CCallHelpers::prepareForTailCallSlow):

yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::generate):

6:40 PM Changeset in webkit [197652] by commit-queue@webkit.org

14 edits in trunk/Source

[JSC] Improve codegen of Compare and Test
https://bugs.webkit.org/show_bug.cgi?id=155055

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-03-06
Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch introduces a few improvements on how we lower
Compare and Test with immediates:

-Add certain Immediate forms of ARM64.
-Use CBZ/CBNZ when possible on ARM64.
-When possible, convert a CMP into a TST

On some hardware, we can issue more TST simultaneously.

On x86, any TST+Jump is candidate for macro-fusion.
They are also smaller.
(sections 3.4.2.2 and 3.5.1.9)

-Do not load the mask immediate of a TST

if it only contains ones (mostly useful for ARM64
since that would not have been a valid immediate).

assembler/MacroAssembler.h:

(JSC::MacroAssembler::compare32):

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::moveConditionallyAfterFloatingPointCompare):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyAfterFloatingPointCompare):
This is somewhat unrelated but I found that out while working
on moveDoubleConditionallyTest32:

If "thenCase" and "dest" are assigned the same register
by the allocator, then the first (f)fcsel would override
the "thenCase" and the second fcsel would always be "elseCase".

This is covered by testb3 but was only uncovered
after recent "Move" removals in lowering.

(JSC::MacroAssemblerARM64::moveConditionally32):
(JSC::MacroAssemblerARM64::moveConditionally64):
(JSC::MacroAssemblerARM64::moveConditionallyTest32):
(JSC::MacroAssemblerARM64::moveDoubleConditionally32):
(JSC::MacroAssemblerARM64::moveDoubleConditionally64):
(JSC::MacroAssemblerARM64::moveDoubleConditionallyTest32):
(JSC::MacroAssemblerARM64::branch32):
(JSC::MacroAssemblerARM64::branch64):
(JSC::MacroAssemblerARM64::branchTest32):
(JSC::MacroAssemblerARM64::test32):
The version taking an immediate was guarded by

(cond == Zero)

(cond == NonZero). That is overzealous,

and only needed for CBZ/CBNZ.

(JSC::MacroAssemblerARM64::branchTest64):
(JSC::MacroAssemblerARM64::compare32):
(JSC::MacroAssemblerARM64::compare64):
(JSC::MacroAssemblerARM64::commuteCompareToZeroIntoTest):

assembler/MacroAssemblerX86Common.h:

(JSC::MacroAssemblerX86Common::moveConditionally32):
(JSC::MacroAssemblerX86Common::moveConditionallyTest32):
(JSC::MacroAssemblerX86Common::branch32):
(JSC::MacroAssemblerX86Common::test32):
(JSC::MacroAssemblerX86Common::branchTest32):
(JSC::MacroAssemblerX86Common::compare32):
(JSC::MacroAssemblerX86Common::commuteCompareToZeroIntoTest):

assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::compare64):
(JSC::MacroAssemblerX86_64::branch64):
(JSC::MacroAssemblerX86_64::moveConditionally64):

b3/B3LowerToAir.cpp:

(JSC::B3::Air::LowerToAir::createGenericCompare):
Unfortunately this cannot be abstracted by the MacroAssembler.
Those immediates are not valid, we have to pick the better
for right away.

b3/air/AirOpcode.opcodes:
b3/testb3.cpp:

(JSC::B3::int64Operands):
(JSC::B3::modelCompare):
(JSC::B3::testCompareImpl):
(JSC::B3::testCompare):
(JSC::B3::b3Pow):
(JSC::B3::testPowDoubleByIntegerLoop):
Some versions of pow(double, int) do not return
the exact same bits as our integer loop.
Added a new version to have the same behavior
as the B3 loop.

(JSC::B3::run):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compilePeepHoleBooleanBranch):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compileInt32Compare):
Comparing to an immediate is super common. Do not waste
a register for that!

Source/WebCore:

cssjit/FunctionCall.h:

(WebCore::FunctionCall::callAndBranchOnCondition):

6:40 PM Changeset in webkit [197651] by jonlee@apple.com

2 edits in trunk/PerformanceTests

Make sure multiply test particles have at least some opacity
https://bugs.webkit.org/show_bug.cgi?id=155027

Reviewed by Simon Fraser.

Animometer/tests/master/resources/multiply.js:

(initialize): Have the elements spin a little faster to make it
more obvious when the system is being stressed.
(_addTile):
(animate): Make sure each element being animated has at least 1%
opacity.

6:22 PM Changeset in webkit [197650] by fpizlo@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, fix build. This was a messed up merge.

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileInstanceOf):

6:07 PM Changeset in webkit [197649] by fpizlo@apple.com

15 edits in trunk/Source/JavaScriptCore

DFG should know how to speculate StringOrOther
https://bugs.webkit.org/show_bug.cgi?id=155094

Reviewed by Saam Barati.

Any code that processes the regexp matches array was previously doing a relatively expensive
Branch(Untyped:). This introduces a new use kind called StringOrOther, which is perfect for
code that loops over the matches array and branches on the entries being non-empty.

To do this, I needed to introduce code into the FTL that creates new blocks. We still had that
awful FTL_NEW_BLOCK idiom since the only way to debug LLVM IR was to ascribe names to basic
blocks. B3 IR is inherently more debuggable since unlike LLVM, B3 knows how to always respect
code origin, and it knows how to print the code origin nicely in the dumps. So, rather than
continue using FTL_NEW_BLOCK(m_out, ("things")), I replaced all of that stuff with
m_out.newBlock(). It's much nicer that way.

This is a tiny speed-up on Octane/regexp at best. I was hoping for more. Oh well.

bytecode/SpeculatedType.h:

(JSC::isStringSpeculation):
(JSC::isStringOrOtherSpeculation):
(JSC::isSymbolSpeculation):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGNode.h:

(JSC::DFG::Node::shouldSpeculateString):
(JSC::DFG::Node::shouldSpeculateStringOrOther):
(JSC::DFG::Node::shouldSpeculateStringObject):

dfg/DFGSafeToExecute.h:

(JSC::DFG::SafeToExecuteEdge::operator()):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileStringZeroLength):
(JSC::DFG::SpeculativeJIT::compileLogicalNotStringOrOther):
(JSC::DFG::SpeculativeJIT::emitStringBranch):
(JSC::DFG::SpeculativeJIT::emitStringOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compileConstantStoragePointer):
(JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
(JSC::DFG::SpeculativeJIT::speculateString):
(JSC::DFG::SpeculativeJIT::speculateStringOrOther):
(JSC::DFG::SpeculativeJIT::speculateStringIdentAndLoadStorage):
(JSC::DFG::SpeculativeJIT::speculate):

dfg/DFGSpeculativeJIT.h:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compileLogicalNot):
(JSC::DFG::SpeculativeJIT::emitBranch):

dfg/DFGUseKind.cpp:

(WTF::printInternal):

dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::lower):
(JSC::FTL::DFG::LowerDFGToB3::compileDoubleRep):
(JSC::FTL::DFG::LowerDFGToB3::compileBooleanToNumber):
(JSC::FTL::DFG::LowerDFGToB3::compileToThis):
(JSC::FTL::DFG::LowerDFGToB3::compileArithMul):
(JSC::FTL::DFG::LowerDFGToB3::compileArithDiv):
(JSC::FTL::DFG::LowerDFGToB3::compileArithMod):
(JSC::FTL::DFG::LowerDFGToB3::compileArithMinOrMax):
(JSC::FTL::DFG::LowerDFGToB3::compileArithPow):
(JSC::FTL::DFG::LowerDFGToB3::compileArithRound):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckStructure):
(JSC::FTL::DFG::LowerDFGToB3::compileArrayifyToStructure):
(JSC::FTL::DFG::LowerDFGToB3::compileGetById):
(JSC::FTL::DFG::LowerDFGToB3::compileGetIndexedPropertyStorage):
(JSC::FTL::DFG::LowerDFGToB3::compileGetTypedArrayByteOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByVal):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileArrayPush):
(JSC::FTL::DFG::LowerDFGToB3::compileArrayPop):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateDirectArguments):
(JSC::FTL::DFG::LowerDFGToB3::compileCopyRest):
(JSC::FTL::DFG::LowerDFGToB3::compileGetRestLength):
(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSize):
(JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray):
(JSC::FTL::DFG::LowerDFGToB3::compileToStringOrCallStringConstructor):
(JSC::FTL::DFG::LowerDFGToB3::compileToPrimitive):
(JSC::FTL::DFG::LowerDFGToB3::compileMakeRope):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharAt):
(JSC::FTL::DFG::LowerDFGToB3::compileStringCharCodeAt):
(JSC::FTL::DFG::LowerDFGToB3::compileStringFromCharCode):
(JSC::FTL::DFG::LowerDFGToB3::compileMultiGetByOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileMultiPutByOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileNotifyWrite):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
(JSC::FTL::DFG::LowerDFGToB3::compileForwardVarargs):
(JSC::FTL::DFG::LowerDFGToB3::compileSwitch):
(JSC::FTL::DFG::LowerDFGToB3::compileIsString):
(JSC::FTL::DFG::LowerDFGToB3::compileIsObject):
(JSC::FTL::DFG::LowerDFGToB3::compileIsObjectOrNull):
(JSC::FTL::DFG::LowerDFGToB3::compileIsFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileTypeOf):
(JSC::FTL::DFG::LowerDFGToB3::compileOverridesHasInstance):
(JSC::FTL::DFG::LowerDFGToB3::compileInstanceOf):
(JSC::FTL::DFG::LowerDFGToB3::compileHasIndexedProperty):
(JSC::FTL::DFG::LowerDFGToB3::compileHasStructureProperty):
(JSC::FTL::DFG::LowerDFGToB3::compileGetDirectPname):
(JSC::FTL::DFG::LowerDFGToB3::compileGetEnumeratorStructurePname):
(JSC::FTL::DFG::LowerDFGToB3::compileGetEnumeratorGenericPname):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject):
(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer):
(JSC::FTL::DFG::LowerDFGToB3::checkStructure):
(JSC::FTL::DFG::LowerDFGToB3::numberOrNotCellToInt32):
(JSC::FTL::DFG::LowerDFGToB3::checkInferredType):
(JSC::FTL::DFG::LowerDFGToB3::allocatePropertyStorageWithSizeImpl):
(JSC::FTL::DFG::LowerDFGToB3::loadVectorWithBarrier):
(JSC::FTL::DFG::LowerDFGToB3::copyBarrier):
(JSC::FTL::DFG::LowerDFGToB3::loadVectorReadOnly):
(JSC::FTL::DFG::LowerDFGToB3::compareEqObjectOrOtherToObject):
(JSC::FTL::DFG::LowerDFGToB3::nonSpeculativeCompare):
(JSC::FTL::DFG::LowerDFGToB3::stringsEqual):
(JSC::FTL::DFG::LowerDFGToB3::allocateCell):
(JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateBasicStorageAndGetEnd):
(JSC::FTL::DFG::LowerDFGToB3::allocateObject):
(JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
(JSC::FTL::DFG::LowerDFGToB3::boolify):
(JSC::FTL::DFG::LowerDFGToB3::equalNullOrUndefined):
(JSC::FTL::DFG::LowerDFGToB3::contiguousPutByValOutOfBounds):
(JSC::FTL::DFG::LowerDFGToB3::switchString):
(JSC::FTL::DFG::LowerDFGToB3::switchStringRecurse):
(JSC::FTL::DFG::LowerDFGToB3::buildTypeOf):
(JSC::FTL::DFG::LowerDFGToB3::doubleToInt32):
(JSC::FTL::DFG::LowerDFGToB3::sensibleDoubleToInt32):
(JSC::FTL::DFG::LowerDFGToB3::strictInt52ToJSValue):
(JSC::FTL::DFG::LowerDFGToB3::jsValueToStrictInt52):
(JSC::FTL::DFG::LowerDFGToB3::convertDoubleToInt32):
(JSC::FTL::DFG::LowerDFGToB3::speculate):
(JSC::FTL::DFG::LowerDFGToB3::speculateCellOrOther):
(JSC::FTL::DFG::LowerDFGToB3::speculateObjectOrOther):
(JSC::FTL::DFG::LowerDFGToB3::speculateString):
(JSC::FTL::DFG::LowerDFGToB3::speculateStringOrOther):
(JSC::FTL::DFG::LowerDFGToB3::speculateStringIdent):
(JSC::FTL::DFG::LowerDFGToB3::speculateStringOrStringObject):
(JSC::FTL::DFG::LowerDFGToB3::speculateRealNumber):
(JSC::FTL::DFG::LowerDFGToB3::speculateNotStringVar):
(JSC::FTL::DFG::LowerDFGToB3::emitStoreBarrier):
(JSC::FTL::DFG::LowerDFGToB3::callCheck):

ftl/FTLOutput.cpp:

(JSC::FTL::Output::initialize):
(JSC::FTL::Output::newBlock):
(JSC::FTL::Output::check):

ftl/FTLOutput.h:

(JSC::FTL::Output::setFrequency):
(JSC::FTL::Output::insertNewBlocksBefore):

5:00 PM Changeset in webkit [197648] by sbarati@apple.com

90 edits in trunk/Source

GetPrototypeOf? should be a fully virtual method in the method table
https://bugs.webkit.org/show_bug.cgi?id=155002

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This patch makes us more consistent with how the ES6 specification models the
GetPrototypeOf? trap. Moving this method into ClassInfo::methodTable
is a prerequisite for implementing Proxy.GetPrototypeOf?. This patch
still allows directly accessing the prototype for situations where this
is the desired behavior. This is equivalent to getting the internal
Prototype? field as described in the specification.

API/JSObjectRef.cpp:

(JSObjectGetPrototype):
(JSObjectSetPrototype):

dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
(JSC::DFG::SpeculativeJIT::compileCheckTypeInfoFlags):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileInstanceOf):
(JSC::FTL::DFG::LowerDFGToB3::compileInstanceOfCustom):

jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):

jit/JITOperations.cpp:
jit/JITOperations.h:
jsc.cpp:

(functionCreateProxy):

llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
runtime/ArrayPrototype.cpp:

(JSC::speciesConstructArray):

runtime/ClassInfo.h:
runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncBind):

runtime/IntlCollatorPrototype.cpp:

(JSC::IntlCollatorPrototypeGetterCompare):

runtime/IntlDateTimeFormatPrototype.cpp:

(JSC::IntlDateTimeFormatPrototypeGetterFormat):

runtime/IntlNumberFormatPrototype.cpp:

(JSC::IntlNumberFormatPrototypeGetterFormat):

runtime/JSBoundFunction.cpp:

(JSC::hasInstanceBoundFunction):
(JSC::getBoundFunctionStructure):
(JSC::JSBoundFunction::create):

runtime/JSBoundFunction.h:
runtime/JSCJSValue.cpp:

(JSC::JSValue::putToPrimitive):

runtime/JSCell.cpp:

(JSC::JSCell::setPrototype):
(JSC::JSCell::getPrototype):

runtime/JSCell.h:
runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::hasLegacyProfiler):
(JSC::lastInPrototypeChain):
(JSC::JSGlobalObject::objectPrototypeIsSane):
(JSC::JSGlobalObject::arrayPrototypeChainIsSane):
(JSC::JSGlobalObject::stringPrototypeChainIsSane):

runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::finishCreation):

runtime/JSGlobalObjectFunctions.cpp:

(JSC::GlobalFuncProtoGetterFunctor::GlobalFuncProtoGetterFunctor):
(JSC::GlobalFuncProtoGetterFunctor::operator()):
(JSC::globalFuncProtoGetter):

runtime/JSLexicalEnvironment.cpp:

(JSC::JSLexicalEnvironment::getOwnPropertySlot):

runtime/JSObject.cpp:

(JSC::JSObject::calculatedClassName):
(JSC::JSObject::putInlineSlow):
(JSC::JSObject::setPrototypeWithCycleCheck):
(JSC::JSObject::setPrototype):
(JSC::JSObject::getPrototype):
(JSC::JSObject::defaultHasInstance):
(JSC::objectPrivateFuncInstanceOf):
(JSC::JSObject::getPropertyNames):
(JSC::JSObject::attemptToInterceptPutByIndexOnHoleForPrototype):
(JSC::JSObject::attemptToInterceptPutByIndexOnHole):
(JSC::JSObject::getGenericPropertyNames):

runtime/JSObject.h:

(JSC::JSObject::finishCreation):
(JSC::JSObject::JSObject):
(JSC::JSObject::getPrototypeDirect):
(JSC::JSObject::getPrototype):
(JSC::JSObject::getOwnNonIndexPropertySlot):
(JSC::JSObject::getPropertySlot):
(JSC::JSObject::getNonIndexPropertySlot):
(JSC::JSObject::prototype): Deleted.

runtime/JSObjectInlines.h:

(JSC::JSObject::canPerformFastPutInline):

runtime/JSProxy.cpp:

(JSC::JSProxy::setTarget):

runtime/JSTypedArrayViewConstructor.cpp:

(JSC::constructTypedArrayView):

runtime/ObjectConstructor.cpp:

(JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
(JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
(JSC::objectConstructorGetPrototypeOf):

runtime/ObjectPrototype.cpp:

(JSC::objectProtoFuncIsPrototypeOf):

runtime/ProxyObject.cpp:

(JSC::performProxyGet):
(JSC::ProxyObject::performSetPrototype):

runtime/StructureInlines.h:

(JSC::Structure::isValid):

tests/stress/proxy-has-property.js:

(assert.let.h1.has):
(assert.let.h2.has):
(assert):

Source/WebCore:

Change ::getPrototype(.) to ::prototype(.) in various places to prevent
a naming conflict with JSC.

No new tests because no new functionality was added.

bindings/js/JSDOMWindowShell.cpp:

(WebCore::JSDOMWindowShell::setWindow):

bindings/js/JSImageConstructor.cpp:

(WebCore::JSImageConstructor::initializeProperties):
(WebCore::JSImageConstructor::prototypeForStructure):

bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::initScript):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateHeader):
(GenerateImplementation):
(GenerateConstructorHelperMethods):

bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:

(WebCore::JSTestActiveDOMObjectConstructor::initializeProperties):
(WebCore::JSTestActiveDOMObject::createPrototype):
(WebCore::JSTestActiveDOMObject::prototype):
(WebCore::JSTestActiveDOMObject::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestActiveDOMObject.h:
bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:

(WebCore::JSTestClassWithJSBuiltinConstructorConstructor::initializeProperties):
(WebCore::JSTestClassWithJSBuiltinConstructor::createPrototype):
(WebCore::JSTestClassWithJSBuiltinConstructor::prototype):
(WebCore::JSTestClassWithJSBuiltinConstructor::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:

(WebCore::JSTestCustomConstructorWithNoInterfaceObjectConstructor::initializeProperties):
(WebCore::JSTestCustomConstructorWithNoInterfaceObject::createPrototype):
(WebCore::JSTestCustomConstructorWithNoInterfaceObject::prototype):
(WebCore::JSTestCustomConstructorWithNoInterfaceObject::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:

(WebCore::JSTestCustomNamedGetterConstructor::initializeProperties):
(WebCore::JSTestCustomNamedGetter::createPrototype):
(WebCore::JSTestCustomNamedGetter::prototype):
(WebCore::JSTestCustomNamedGetter::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
bindings/scripts/test/JS/JSTestEventConstructor.cpp:

(WebCore::JSTestEventConstructorConstructor::initializeProperties):
(WebCore::JSTestEventConstructor::createPrototype):
(WebCore::JSTestEventConstructor::prototype):
(WebCore::JSTestEventConstructor::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestEventConstructor.h:
bindings/scripts/test/JS/JSTestEventTarget.cpp:

(WebCore::JSTestEventTargetConstructor::initializeProperties):
(WebCore::JSTestEventTarget::createPrototype):
(WebCore::JSTestEventTarget::prototype):
(WebCore::JSTestEventTarget::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestEventTarget.h:
bindings/scripts/test/JS/JSTestException.cpp:

(WebCore::JSTestExceptionConstructor::initializeProperties):
(WebCore::JSTestException::createPrototype):
(WebCore::JSTestException::prototype):
(WebCore::JSTestException::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestException.h:
bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:

(WebCore::JSTestGenerateIsReachableConstructor::initializeProperties):
(WebCore::JSTestGenerateIsReachable::createPrototype):
(WebCore::JSTestGenerateIsReachable::prototype):
(WebCore::JSTestGenerateIsReachable::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::JSTestInterfaceConstructor::initializeProperties):
(WebCore::JSTestInterface::createPrototype):
(WebCore::JSTestInterface::prototype):
(WebCore::JSTestInterface::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestInterface.h:
bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:

(WebCore::JSTestJSBuiltinConstructorConstructor::initializeProperties):
(WebCore::JSTestJSBuiltinConstructor::createPrototype):
(WebCore::JSTestJSBuiltinConstructor::prototype):
(WebCore::JSTestJSBuiltinConstructor::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:

(WebCore::JSTestMediaQueryListListenerConstructor::initializeProperties):
(WebCore::JSTestMediaQueryListListener::createPrototype):
(WebCore::JSTestMediaQueryListListener::prototype):
(WebCore::JSTestMediaQueryListListener::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
bindings/scripts/test/JS/JSTestNamedConstructor.cpp:

(WebCore::JSTestNamedConstructorConstructor::initializeProperties):
(WebCore::JSTestNamedConstructorNamedConstructor::initializeProperties):
(WebCore::JSTestNamedConstructor::createPrototype):
(WebCore::JSTestNamedConstructor::prototype):
(WebCore::JSTestNamedConstructor::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestNamedConstructor.h:
bindings/scripts/test/JS/JSTestNode.cpp:

(WebCore::JSTestNodeConstructor::initializeProperties):
(WebCore::JSTestNode::createPrototype):
(WebCore::JSTestNode::prototype):
(WebCore::JSTestNode::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestNode.h:
bindings/scripts/test/JS/JSTestNondeterministic.cpp:

(WebCore::JSTestNondeterministicConstructor::initializeProperties):
(WebCore::JSTestNondeterministic::createPrototype):
(WebCore::JSTestNondeterministic::prototype):
(WebCore::JSTestNondeterministic::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestNondeterministic.h:
bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::JSTestObjConstructor::initializeProperties):
(WebCore::JSTestObj::createPrototype):
(WebCore::JSTestObj::prototype):
(WebCore::JSTestObj::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestObj.h:
bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:

(WebCore::JSTestOverloadedConstructorsConstructor::initializeProperties):
(WebCore::JSTestOverloadedConstructors::createPrototype):
(WebCore::JSTestOverloadedConstructors::prototype):
(WebCore::JSTestOverloadedConstructors::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:

(WebCore::JSTestOverrideBuiltinsConstructor::initializeProperties):
(WebCore::JSTestOverrideBuiltins::createPrototype):
(WebCore::JSTestOverrideBuiltins::prototype):
(WebCore::JSTestOverrideBuiltins::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:

(WebCore::JSTestSerializedScriptValueInterfaceConstructor::initializeProperties):
(WebCore::JSTestSerializedScriptValueInterface::createPrototype):
(WebCore::JSTestSerializedScriptValueInterface::prototype):
(WebCore::JSTestSerializedScriptValueInterface::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
bindings/scripts/test/JS/JSTestTypedefs.cpp:

(WebCore::JSTestTypedefsConstructor::initializeProperties):
(WebCore::JSTestTypedefs::createPrototype):
(WebCore::JSTestTypedefs::prototype):
(WebCore::JSTestTypedefs::getPrototype): Deleted.

bindings/scripts/test/JS/JSTestTypedefs.h:
bindings/scripts/test/JS/JSattribute.cpp:

(WebCore::JSattributeConstructor::initializeProperties):
(WebCore::JSattribute::createPrototype):
(WebCore::JSattribute::prototype):
(WebCore::JSattribute::getPrototype): Deleted.

bindings/scripts/test/JS/JSattribute.h:
bindings/scripts/test/JS/JSreadonly.cpp:

(WebCore::JSreadonlyConstructor::initializeProperties):
(WebCore::JSreadonly::createPrototype):
(WebCore::JSreadonly::prototype):
(WebCore::JSreadonly::getPrototype): Deleted.

bindings/scripts/test/JS/JSreadonly.h:

3:40 PM Changeset in webkit [197647] by Alan Bujtas

2 edits in trunk/LayoutTests

[iOS] Some more gardening after r197627.

Unreviewed.

platform/ios-simulator/TestExpectations: skip a test.

3:12 PM Changeset in webkit [197646] by commit-queue@webkit.org

40 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r197645.
https://bugs.webkit.org/show_bug.cgi?id=155097

"Doesn't build properly when building entire webkit"
(Requested by saamyjoon on #webkit).

Reverted changeset:

"GetPrototypeOf? should be a fully virtual method in the
method table"
https://bugs.webkit.org/show_bug.cgi?id=155002
http://trac.webkit.org/changeset/197645

3:05 PM Changeset in webkit [197645] by sbarati@apple.com

40 edits in trunk/Source/JavaScriptCore

GetPrototypeOf? should be a fully virtual method in the method table
https://bugs.webkit.org/show_bug.cgi?id=155002

Reviewed by Filip Pizlo.

API/JSObjectRef.cpp:

(JSObjectGetPrototype):
(JSObjectSetPrototype):

dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
(JSC::DFG::SpeculativeJIT::compileCheckTypeInfoFlags):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileInstanceOf):
(JSC::FTL::DFG::LowerDFGToB3::compileInstanceOfCustom):

jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):

jit/JITOperations.cpp:
jit/JITOperations.h:
jsc.cpp:

(functionCreateProxy):

llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
runtime/ArrayPrototype.cpp:

(JSC::speciesConstructArray):

runtime/ClassInfo.h:
runtime/FunctionPrototype.cpp:

(JSC::functionProtoFuncBind):

runtime/IntlCollatorPrototype.cpp:

(JSC::IntlCollatorPrototypeGetterCompare):

runtime/IntlDateTimeFormatPrototype.cpp:

(JSC::IntlDateTimeFormatPrototypeGetterFormat):

runtime/IntlNumberFormatPrototype.cpp:

(JSC::IntlNumberFormatPrototypeGetterFormat):

runtime/JSBoundFunction.cpp:

(JSC::hasInstanceBoundFunction):
(JSC::getBoundFunctionStructure):
(JSC::JSBoundFunction::create):

runtime/JSBoundFunction.h:
runtime/JSCJSValue.cpp:

(JSC::JSValue::putToPrimitive):

runtime/JSCell.cpp:

(JSC::JSCell::setPrototype):
(JSC::JSCell::getPrototype):

runtime/JSCell.h:
runtime/JSGlobalObject.cpp:

runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::finishCreation):

runtime/JSGlobalObjectFunctions.cpp:

(JSC::GlobalFuncProtoGetterFunctor::GlobalFuncProtoGetterFunctor):
(JSC::GlobalFuncProtoGetterFunctor::operator()):
(JSC::globalFuncProtoGetter):

runtime/JSLexicalEnvironment.cpp:

(JSC::JSLexicalEnvironment::getOwnPropertySlot):

runtime/JSObject.cpp:

runtime/JSObject.h:

runtime/JSObjectInlines.h:

(JSC::JSObject::canPerformFastPutInline):

runtime/JSProxy.cpp:

(JSC::JSProxy::setTarget):

runtime/JSTypedArrayViewConstructor.cpp:

(JSC::constructTypedArrayView):

runtime/ObjectConstructor.cpp:

(JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
(JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
(JSC::objectConstructorGetPrototypeOf):

runtime/ObjectPrototype.cpp:

(JSC::objectProtoFuncIsPrototypeOf):

runtime/ProxyObject.cpp:

(JSC::performProxyGet):
(JSC::ProxyObject::performSetPrototype):

runtime/StructureInlines.h:

(JSC::Structure::isValid):

tests/stress/proxy-has-property.js:

(assert.let.h1.has):
(assert.let.h2.has):
(assert):

2:57 PM Changeset in webkit [197644] by Alan Bujtas

2 edits in trunk/LayoutTests

[iOS] Gardening after r197627.

Unreviewed.

platform/ios-simulator/TestExpectations:

2:30 PM Changeset in webkit [197643] by sbarati@apple.com

2 edits in trunk/Websites/webkit.org

Update style guide to reflect our style of only using "override" or "final" when overriding virtual methods
https://bugs.webkit.org/show_bug.cgi?id=154978

Reviewed by Darin Adler.

code-style.md:

12:44 PM Changeset in webkit [197642] by youenn.fablet@crf.canon.fr

7 edits in trunk/Source/WebCore

Enable DOM class create functions to take parameters in case of JSBuiltinConstructor
https://bugs.webkit.org/show_bug.cgi?id=155022

Reviewed by Darin Adler.

Introducing JSDOMObjectInspector to check whether a given JS class is built-in (no DOM class).
If that is not the case, the JS class wraps a DOM class.
The inspector detects whether the DOM class create static method takes no parameter or some parameters.
This is used in JSDOMConstructor.h to generate correctly the createJSObject functions needed by JSBuiltinConstructor.

Updated binding generator to not generate anymore createJSObject as it is handled directly in JSDOMConstructor.h.

Covered by existing tests.

bindings/js/JSDOMConstructor.h:

(WebCore::JSBuiltinConstructor<JSClass>::callConstructor):
(WebCore::createJSObject):
(WebCore::JSBuiltinConstructor<JSClass>::construct):

bindings/js/JSDOMWrapper.h:
bindings/js/JSKeyValueIterator.h: Taking benefit of JSClass::DOMWrapper type declaration.
bindings/js/JSReadableStreamPrivateConstructors.cpp:

(WebCore::JSBuiltinReadableStreamReaderPrivateConstructor::initializeExecutable): Deleted.
(WebCore::JSBuiltinReadableStreamControllerPrivateConstructor::initializeExecutable): Deleted.

bindings/scripts/CodeGeneratorJS.pm:

(GenerateConstructorDefinition): Deleted.

bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:

(WebCore::JSTestClassWithJSBuiltinConstructorConstructor::prototypeForStructure): Deleted.

12:11 PM Changeset in webkit [197641] by fpizlo@apple.com

33 edits
5 adds in trunk

RegExpMatchesArray doesn't know how to have a bad time
https://bugs.webkit.org/show_bug.cgi?id=155069

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

In trunk if we are having a bad time, the regexp matches array is still allocated with a
non-slow-put indexing shape, which makes it have the wrong behavior on indexed setters on
the prototype chain.

Getting this to work right requires introducing bad time code paths into the regexp matches
array. It also requires something more drastic: making this code not play games with the
global object. The code that creates the matches array needs to have the actual global
object of the regexp native function that it's logically created by.

This is totally different from how we've handled global objects in the past because it means
that the global object is not a constant. Normally we can make it a constant because a
script executable will know its global object. But with native functions, it's the function
instance that knows the global object - not the native executable. When we inline a native
intrinsic, we are guaranteed to know the native executable but we're not guaranteed to know
the functon instance. This means that the global object may be a variable that gets computed
by looking at the instance at run-time. So, the RegExpExec/RegExpTest nodes in DFG IR now
take a global object child. That also meant adding a new node type, GetGlobalObject, which
does the thing to the callee that CallFrame::lexicalGlobalObject() would have done.
Eventually, we'll probably have to make other native intrinsics also use GetGlobalObject. It
turns out that this really isn't so bad because usually it's constant-folded anyway, since
although the intrinsic code supports executable-based inlining (which leaves the callee
instance as an unknown), it happens rarely for intrinsics. So, conveying the global object
via a child isn't any worse than conveying it via meta-data, and it's probably better than
telling the inliner not to do executable-based inlining of native intrinsics. That would
have been a confusing special-case.

This is perf-neutral on my machines but it fixes a bug and it unlocks some interesting
possibilities. For example, RegExpExec can now make a firm promise about the type of array
it's creating.

This also contains some other changes:

We are now using Structure::addPropertyTransition() in a lot of places even though it was meant to be an internal method with a quirky contract - for example if only works if you know that there is not existing transition. This relaxes this constraint.

Restores the use of "*" for heap references in JSString.h. It's very unusual to have heap references pointed at with "&", since we don't currently do that anywhere. The fact that it was using the wrong reference type also meant that the code couldn't elegantly make use of some our GC pointer helpers like jsCast<>.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::attemptToInlineCall):
(JSC::DFG::ByteCodeParser::handleMinMax):
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGNodeType.h:
dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileSkipScope):
(JSC::DFG::SpeculativeJIT::compileGetGlobalObject):
(JSC::DFG::SpeculativeJIT::compileGetArrayLength):

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileSkipScope):
(JSC::FTL::DFG::LowerDFGToB3::compileGetGlobalObject):
(JSC::FTL::DFG::LowerDFGToB3::compileGetClosureVar):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):
(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):

jit/JITOperations.h:
runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::haveABadTime):
(JSC::JSGlobalObject::visitChildren):

runtime/JSGlobalObject.h:
runtime/JSObject.h:

(JSC::JSObject::putDirectInternal):

runtime/JSString.h:

(JSC::jsString):
(JSC::jsSubstring):

runtime/RegExpCachedResult.cpp:

(JSC::RegExpCachedResult::lastResult):

runtime/RegExpMatchesArray.cpp:

(JSC::tryCreateUninitializedRegExpMatchesArray):
(JSC::createRegExpMatchesArray):
(JSC::createStructureImpl):
(JSC::createRegExpMatchesArrayStructure):
(JSC::createRegExpMatchesArraySlowPutStructure):

runtime/RegExpMatchesArray.h:
runtime/RegExpObject.cpp:

(JSC::RegExpObject::put):
(JSC::RegExpObject::exec):
(JSC::RegExpObject::match):

runtime/RegExpObject.h:

(JSC::RegExpObject::getLastIndex):
(JSC::RegExpObject::test):

runtime/RegExpPrototype.cpp:

(JSC::regExpProtoFuncTest):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncCompile):

runtime/StringPrototype.cpp:

(JSC::stringProtoFuncMatch):

runtime/Structure.cpp:

(JSC::Structure::suggestedArrayStorageTransition):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::addNewPropertyTransition):

runtime/Structure.h:
tests/stress/regexp-matches-array-bad-time.js: Added.
tests/stress/regexp-matches-array-slow-put.js: Added.

LayoutTests:

js/regress/regexp-exec-expected.txt: Added.
js/regress/regexp-exec.html: Added.
js/regress/script-tests/regexp-exec.js: Added.

12:08 PM Changeset in webkit [197640] by Yusuke Suzuki

3 edits
1 add in trunk/Source/JavaScriptCore

[JSC] RegExp#lastIndex should handle writable attribute when defining in defineOwnProperty path
https://bugs.webkit.org/show_bug.cgi?id=155093

Reviewed by Filip Pizlo.

Before this patch, setLastIndex(ExecState* exec, size_t lastIndex) always overwrites the existing value
regardless of writable attribute.
And when defining RegExp#lastIndex in defineOwnProperty, we need to define the value first
before making the attribute readonly. After changing the writable attribute, we cannot define the value.

runtime/RegExpObject.cpp:

(JSC::RegExpObject::defineOwnProperty):

runtime/RegExpObject.h:

(JSC::RegExpObject::setLastIndex):

tests/stress/regexp-last-index-writable.js: Added.

(shouldBe):
(shouldThrow):
(regExpLastIndex):

7:00 AM Changeset in webkit [197639] by Alan Bujtas

2 edits in trunk/LayoutTests

[iOS] Gardening after r197627.

Unreviewed.

platform/ios-simulator/css2.1/20110323/border-conflict-style-088-expected.txt:

4:04 AM Changeset in webkit [197638] by akling@apple.com

4 edits in trunk/Source

Reduce page cache capacity from 3 to 2.
<https://webkit.org/b/155087>

Reviewed by Antti Koivisto.

Source/WebKit/mac:

Trim WebKit1 page cache capacities consistently with WebKit2.

WebView/WebView.mm:

(+[WebView _setCacheModel:]):

Source/WebKit2:

It's extremely rare that users go back more than 2 pages in the page cache,
and nowadays the network cache makes even un-cached pages fast to reload.

Trimming the page cache from 3 to 2 entries has a very nice effect on heap
fragmentation. I'm seeing a ~5% progression on the iPad PLUM test locally;
average memory usage across 300 loads goes from ~121MB to ~114MB.

Shared/CacheModel.cpp:

(WebKit::calculateCacheSizes):

2:17 AM Changeset in webkit [197637] by Antti Koivisto

11 edits in trunk/Source/WebCore

RenderTextControlSingleLine shouldn't mutate placeholder element inline style
https://bugs.webkit.org/show_bug.cgi?id=155086

Reviewed by Andreas Kling.

Text field placeholder element is currently managed by changing its inline style
from the host renderer based on the host style and state. Rendering poking
into DOM is wrong.

html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::setRangeText):
(WebCore::HTMLInputElement::shouldTruncateText):

Add a helper.

(WebCore::HTMLInputElement::createInnerTextStyle):

html/HTMLInputElement.h:
html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::HTMLTextAreaElement):
(WebCore::HTMLTextAreaElement::placeholderElement):
(WebCore::HTMLTextAreaElement::matchesReadWritePseudoClass):
(WebCore::HTMLTextAreaElement::updatePlaceholderText):

Use the new shadow element.

html/HTMLTextAreaElement.h:
html/HTMLTextFormControlElement.cpp:

(WebCore::HTMLTextFormControlElement::updatePlaceholderVisibility):

No more poking to inline style.

(WebCore::HTMLTextFormControlElement::setSelectionStart):

html/TextFieldInputType.cpp:

(WebCore::TextFieldInputType::updatePlaceholderText):

Use the new shadow element.

html/shadow/TextControlInnerElements.cpp:

(WebCore::TextControlPlaceholderElement::TextControlPlaceholderElement):

Add a subclass for the placeholder element instead of just using div.

(WebCore::TextControlPlaceholderElement::customStyleForRenderer):

Compute style base on the host state and style.

(WebCore::SearchFieldResultsButtonElement::SearchFieldResultsButtonElement):

html/shadow/TextControlInnerElements.h:
rendering/RenderTextControlSingleLine.cpp:

(WebCore::RenderTextControlSingleLine::styleDidChange):

No more setInlineStyleProperty.
This now needs to trigger layout like it does with other inner elements.

(WebCore::RenderTextControlSingleLine::computeControlLogicalHeight):
(WebCore::RenderTextControlSingleLine::autoscroll):
(WebCore::RenderTextControlSingleLine::textShouldBeTruncated): Deleted.

rendering/RenderTextControlSingleLine.h:

12:33 AM Changeset in webkit [197636] by ap@apple.com

3 edits in trunk/Tools

build-webkit prints an error on iOS simulator bots
https://bugs.webkit.org/show_bug.cgi?id=155078

Reviewed by Dan Bernstein.

This happens when build-layouttestrelay sets $xcodeSDK to undefined, to use host SDK.

Scripts/webkitdirs.pm: (buildXCodeProject): There is no need to pass -sdk, because

XcodeOptions() already passes SDKROOT as appropriate.

Scripts/build-layouttestrelay: Added a FIXME. Resetting $xcodeSDK doesn't reset

any other configuration variables that were derived from its initial value, like $portName.

Mar 5, 2016:

11:46 PM Changeset in webkit [197635] by Alan Bujtas

148 edits
1 add in trunk/LayoutTests

[iOS] Gardening after r197627.

Unreviewed.

platform/ios-simulator/css2.1/20110323/border-conflict-style-079-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-01-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-02-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-03-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-04-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-05-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-06-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-07-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-08-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-11-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-12-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-13-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-14-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-15-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-16-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-17-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-18-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-21-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-22-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-23-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-24-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-25-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-26-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-27-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-28-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-31-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-32-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-33-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-34-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-35-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-36-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-37-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-38-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-41-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-42-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-43-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-44-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-45-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-46-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-47-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-48-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-51-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-52-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-53-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-54-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-55-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-56-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-57-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-58-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-61-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-62-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-63-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-64-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-65-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-66-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-67-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-68-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-71-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-72-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-73-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-74-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-75-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-76-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-77-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-78-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-81-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-82-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-83-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-84-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-85-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-86-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-87-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-88-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-91-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-92-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-93-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-94-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-95-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-96-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-97-d-expected.txt:
platform/ios-simulator/css2.1/t170602-bdr-conflct-w-98-d-expected.txt:
platform/ios-simulator/fast/borders/border-antialiasing-expected.txt:
platform/ios-simulator/fast/dynamic/create-renderer-for-whitespace-only-text-expected.txt:
platform/ios-simulator/fast/table/border-collapsing/002-expected.txt:
platform/ios-simulator/fast/table/border-collapsing/002-vertical-expected.txt:
platform/ios-simulator/fast/table/border-collapsing/border-collapsing-head-foot-expected.txt:
platform/ios-simulator/fast/table/border-collapsing/border-collapsing-head-foot-vertical-expected.txt:
platform/ios-simulator/fast/table/border-collapsing/cached-69296-expected.txt:
platform/ios-simulator/fast/table/border-collapsing/cached-change-row-border-width-expected.txt:
platform/ios-simulator/fast/table/border-collapsing/cached-change-tbody-border-width-expected.txt:
platform/ios-simulator/fast/table/border-collapsing/equal-precedence-resolution-expected.txt:
platform/ios-simulator/fast/table/border-collapsing/rtl-border-collapsing-expected.txt:
platform/ios-simulator/fast/table/border-collapsing/rtl-border-collapsing-vertical-expected.txt:
platform/ios-simulator/fast/table/colgroup-spanning-groups-rules-expected.txt:
platform/ios-simulator/fast/table/frame-and-rules-expected.txt:
platform/ios-simulator/fast/table/overflowHidden-expected.txt:
platform/ios-simulator/fast/table/rules-attr-dynchange1-expected.txt:
platform/ios-simulator/fast/table/rules-attr-dynchange2-expected.txt:
platform/ios-simulator/fast/text/international/bidi-override-expected.txt:
platform/ios-simulator/ietestcenter/css3/bordersbackgrounds/border-radius-applies-to-009-expected.txt:
platform/ios-simulator/ietestcenter/css3/bordersbackgrounds/border-radius-applies-to-012-expected.txt:
platform/ios-simulator/ietestcenter/css3/bordersbackgrounds/border-radius-applies-to-013-expected.txt:
platform/ios-simulator/ietestcenter/css3/bordersbackgrounds/border-radius-applies-to-014-expected.txt:
platform/ios-simulator/ietestcenter/css3/bordersbackgrounds/border-radius-applies-to-015-expected.txt:
platform/ios-simulator/ietestcenter/css3/bordersbackgrounds/border-radius-applies-to-016-expected.txt:
platform/ios-simulator/tables/mozilla/bugs/bug24200-expected.txt:
platform/ios-simulator/tables/mozilla/bugs/bug43854-2-expected.txt:
platform/ios-simulator/tables/mozilla/bugs/bug9024-expected.txt: Added.
platform/ios-simulator/tables/mozilla/collapsing_borders/bug41262-3-expected.txt:
platform/ios-simulator/tables/mozilla/collapsing_borders/bug41262-4-expected.txt:
platform/ios-simulator/tables/mozilla/core/table_rules-expected.txt:
platform/ios-simulator/tables/mozilla/marvin/backgr_layers-opacity-expected.txt:
platform/ios-simulator/tables/mozilla/marvin/backgr_position-table-expected.txt:
platform/ios-simulator/tables/mozilla/marvin/backgr_simple-table-cell-expected.txt:
platform/ios-simulator/tables/mozilla/marvin/backgr_simple-table-column-expected.txt:
platform/ios-simulator/tables/mozilla/marvin/backgr_simple-table-column-group-expected.txt:
platform/ios-simulator/tables/mozilla/marvin/backgr_simple-table-expected.txt:
platform/ios-simulator/tables/mozilla/marvin/backgr_simple-table-row-expected.txt:
platform/ios-simulator/tables/mozilla/marvin/backgr_simple-table-row-group-expected.txt:
platform/ios-simulator/tables/mozilla/marvin/table_rules_all-expected.txt:
platform/ios-simulator/tables/mozilla/marvin/table_rules_none-expected.txt:
platform/ios-simulator/tables/mozilla/marvin/x_table_rules_groups-expected.txt:
platform/ios-simulator/tables/mozilla/marvin/x_table_rules_none-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/bugs/bug1055-2-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/bugs/bug89315-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/collapsing_borders/bug41262-1-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/collapsing_borders/bug41262-5-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/collapsing_borders/bug41262-6-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_border-table-cell-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_border-table-column-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_border-table-column-group-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_border-table-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_border-table-quirks-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_border-table-row-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_border-table-row-group-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_fixed-bg-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_layers-hide-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_layers-show-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_position-table-cell-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_position-table-column-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_position-table-column-group-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_position-table-row-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/backgr_position-table-row-group-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/table_rules_cols-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/table_rules_rows-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/x_table_rules_all-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/x_table_rules_cols-expected.txt:
platform/ios-simulator/tables/mozilla_expected_failures/marvin/x_table_rules_rows-expected.txt:

9:07 PM Changeset in webkit [197634] by rniwa@webkit.org

14 edits
3 adds in trunk

Add the support for upgrading custom elements in cloneNode
https://bugs.webkit.org/show_bug.cgi?id=155062

Reviewed by Antti Koivisto.

Source/WebCore:

Implement https://w3c.github.io/webcomponents/spec/custom/#upgrading and steps 6 through 11 in
https://w3c.github.io/webcomponents/spec/custom/#htmlelement-constructor to support upgrading elements
created by Node.prototype.cloneNode.

Tests: fast/custom-elements/lifecycle-callback-timing.html

fast/custom-elements/upgrading/Node-cloneNode.html

bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::upgradeElement): Added. Implements

https://w3c.github.io/webcomponents/spec/custom/#dfn-upgrade-a-custom-element

(WebCore::JSCustomElementInterface::didUpgradeLastElementInConstructionStack): Added. Implements step 10

"Replace the last entry in definition's construction stacka with an already constructed marker."
in https://w3c.github.io/webcomponents/spec/custom/#dom-htmlelement-constructor

bindings/js/JSCustomElementInterface.h:

(WebCore::JSCustomElementInterface::isUpgradingElement):
(WebCore::JSCustomElementInterface::lastElementInConstructionStack):
(WebCore::JSCustomElementInterface): Added m_constructionStack. This is the construction stack:

https://w3c.github.io/webcomponents/spec/custom/#dfn-element-definition-construction-stack

bindings/js/JSDOMBinding.cpp:

(WebCore::throwInvalidStateError): Added.

bindings/js/JSDOMBinding.h:
bindings/js/JSHTMLElementCustom.cpp:

(WebCore::constructJSHTMLElement): Implement the upgrading case in:

https://w3c.github.io/webcomponents/spec/custom/#htmlelement-constructor

dom/Document.cpp:

(WebCore::createFallbackHTMLElement): Added. Enqueues upgrades of custom elements (enqueueElementUpgrade

currently does nothing if there is no InvokesCustomElementLifecycleCallbacks; e.g. in other DOM APIs).
This function implements https://w3c.github.io/webcomponents/spec/custom/#dfn-element-upgrade-algorithm

(WebCore::Document::createElement):

dom/LifecycleCallbackQueue.cpp:

(WebCore::LifecycleQueueItem::LifecycleQueueItem): Added a generic constructor.
(WebCore::LifecycleQueueItem::invoke): Call upgradeElement when m_type is Type::ElementUpgrade.
(WebCore::LifecycleCallbackQueue::enqueueElementUpgrade): Added.

dom/LifecycleCallbackQueue.h:
dom/Node.idl: Added InvokesCustomElementLifecycleCallbacks on cloneNode.
dom/make_names.pl:

(printFactoryCppFile): Added a variant of createKnownElement which takes QualifiedName. Also directly call

find(HTML|SVG|MathML)ElementConstructorFunction in createElement that takes AtomicString to avoid an extra
function call.

(printFactoryHeaderFile): Added a function declaration for createKnownElement that takes QualifiedName and

outdented class and function declarations to match the modern code style guideline.

LayoutTests:

Added test cases for upgrading elements with Node.prototype.cloneNode.

fast/custom-elements/lifecycle-callback-timing-expected.txt:
fast/custom-elements/lifecycle-callback-timing.html:

9:02 PM Changeset in webkit [197633] by timothy_horton@apple.com

4 edits
1 add in trunk

Create a DOMHTMLVideoElement when wrapping <video> elements
https://bugs.webkit.org/show_bug.cgi?id=155084
<rdar://problem/24997193>

Reviewed by Dan Bernstein.

bindings/objc/DOM.mm:

(WebCore::createElementClassMap):
Add <video> to the mapping.

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/mac/DOMHTMLVideoElementWrapper.mm: Added.

(-[VideoWrapperFrameLoadDelegate webView:didFinishLoadForFrame:]):
(TestWebKitAPI::TEST):
Add an API test for this behavior.

8:34 PM Changeset in webkit [197632] by weinig@apple.com

2 edits in trunk/Source/WebKit2

Revert usage of autofill field name for use with UITextInputTraits
until our bots can catch up.

UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView textInputTraits]):

8:25 PM Changeset in webkit [197631] by weinig@apple.com

5 edits in trunk/LayoutTests

Update tests to match the latest version of the HTML5 spec.

LayoutTests/imported/w3c:

web-platform-tests/html/semantics/forms/the-form-element/form-autocomplete.html:

Fields that don't have any value set for their autocomplete attribute should return the the empty string.

LayoutTests:

fast/forms/autocomplete-expected.txt:
fast/forms/autocomplete.html:

Fields that don't have any value set for their autocomplete attribute should return the the empty string.

8:25 PM Changeset in webkit [197630] by rniwa@webkit.org

3 edits in trunk/Source/WebCore

Minor cleans up in custom elements' code per Darin's comments
https://bugs.webkit.org/show_bug.cgi?id=155081

Reviewed by Darin Adler.

Cleanup per Darin's comments.

dom/CustomElementDefinitions.cpp:

(WebCore::CustomElementDefinitions::findInterface): Use get instead of explicitly checking against end().

dom/LifecycleCallbackQueue.h: Remove unecessary header includes.

8:18 PM Changeset in webkit [197629] by weinig@apple.com

2 edits in trunk/Source/WebCore

Fix two minor typos from http://trac.webkit.org/changeset/197626 that were causing some test failures.

html/Autofill.cpp:

(WebCore::fieldNameMap):
(WebCore::AutofillData::createFromHTMLFormControlElement):

7:28 PM Changeset in webkit [197628] by Chris Dumez

40 edits
1 add
3 deletes in trunk/Source

Consolidate RuntimeApplicationChecks and RuntimeApplicationChecksIOS
https://bugs.webkit.org/show_bug.cgi?id=155035

Reviewed by Darin Adler.

Source/WebCore:

Consolidate RuntimeApplicationChecks and RuntimeApplicationChecksIOS into
one file. The following changes were made:

The checks now all rely on applicationBundleIdentifier(), which has the benefit of working in WK1 and WK2 UI/WebContent/Networking processes.
Use namespaces to distinguish Mac and iOS applications instead of relying on the method name. So, applicationIsIBooksForIOS() becomes IOSApplication::isIBooks().
Use NSBundle API on both iOS and Mac instead of using the CF API on Mac and the NS API on iOS.

CMakeLists.txt:
WebCore.xcodeproj/project.pbxproj:
accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper _accessibilityWebDocumentView]):

bindings/js/JSDOMWindowBase.cpp:

(WebCore::JSDOMWindowBase::commonVM):

bindings/js/JSLocationCustom.cpp:

(WebCore::JSLocation::putDelegate):

html/HTMLMediaElement.cpp:
html/HTMLObjectElement.cpp:

(WebCore::shouldNotPerformURLAdjustment):

html/MediaElementSession.cpp:
inspector/InspectorTimelineAgent.cpp:

(WebCore::currentRunLoop):

loader/FrameLoader.cpp:

(WebCore::FrameLoader::willLoadMediaElementURL):

loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::create):
(WebCore::SubresourceLoader::startLoading):

loader/cache/CachedScript.cpp:

(WebCore::CachedScript::shouldIgnoreHTTPStatusCodeErrors):

platform/RuntimeApplicationChecks.cpp: Removed.
platform/RuntimeApplicationChecks.h:
platform/RuntimeApplicationChecks.mm: Added.

(WebCore::applicationBundleIdentifier):
(WebCore::applicationBundleIsEqualTo):
(WebCore::MacApplication::isSafari):
(WebCore::MacApplication::isAppleMail):
(WebCore::MacApplication::isIBooks):
(WebCore::MacApplication::isITunes):
(WebCore::MacApplication::isMicrosoftMessenger):
(WebCore::MacApplication::isAdobeInstaller):
(WebCore::MacApplication::isAOLInstantMessenger):
(WebCore::MacApplication::isMicrosoftMyDay):
(WebCore::MacApplication::isMicrosoftOutlook):
(WebCore::MacApplication::isQuickenEssentials):
(WebCore::MacApplication::isAperture):
(WebCore::MacApplication::isVersions):
(WebCore::MacApplication::isHRBlock):
(WebCore::MacApplication::isSolidStateNetworksDownloader):
(WebCore::MacApplication::isHipChat):
(WebCore::IOSApplication::isMobileMail):
(WebCore::IOSApplication::isMobileSafari):
(WebCore::IOSApplication::isDumpRenderTree):
(WebCore::IOSApplication::isMobileStore):
(WebCore::IOSApplication::isWebApp):
(WebCore::IOSApplication::isOkCupid):
(WebCore::IOSApplication::isFacebook):
(WebCore::IOSApplication::isDaijisenDictionary):
(WebCore::IOSApplication::isNASAHD):
(WebCore::IOSApplication::isTheEconomistOnIphone):
(WebCore::IOSApplication::isWebProcess):
(WebCore::IOSApplication::isIBooks):
(WebCore::setApplicationBundleIdentifier):

platform/RuntimeApplicationChecksIOS.h: Removed.
platform/RuntimeApplicationChecksIOS.mm: Removed.
platform/audio/ios/AudioDestinationIOS.cpp:
platform/cf/URLCF.cpp:
platform/graphics/ca/cocoa/LayerFlushSchedulerMac.cpp:

(WebCore::currentRunLoop):

platform/ios/PasteboardIOS.mm:
platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
platform/ios/wak/WebCoreThread.mm:

(WebThreadEnable):

platform/mac/WidgetMac.mm:

(WebCore::Widget::paint):

platform/network/ios/QuickLook.mm:
platform/network/mac/ResourceHandleMac.mm:
rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::needsIOSDumpRenderTreeMainFrameRenderViewLayerIsAlwaysOpaqueHack):

Source/WebKit:

Update runtime application checks.

WebCoreSupport/WebResourceLoadScheduler.cpp:

(WebResourceLoadScheduler::servePendingRequests):

Source/WebKit/ios:

Update runtime application checks.

WebCoreSupport/WebChromeClientIOS.mm:

Source/WebKit/mac:

Update runtime application checks.

Plugins/WebPluginController.mm:

(initializeAudioSession):

WebCoreSupport/WebFrameLoaderClient.mm:
WebView/WebFrame.mm:

(needsMicrosoftMessengerDOMDocumentWorkaround):

WebView/WebImmediateActionController.mm:

(-[WebImmediateActionController _updateImmediateActionItem]):

WebView/WebView.mm:

(WebKitInitializeApplicationCachePathIfNecessary):
(shouldEnableLoadDeferring):
(shouldRestrictWindowFocus):
(needsOutlookQuirksScript):
(shouldTransformsAffectOverflow):
(shouldDispatchJavaScriptWindowOnErrorEvents):
(shouldUseLegacyBackgroundSizeShorthandBehavior):
(-[WebView _commonInitializationWithFrameName:groupName:]):
(+[WebView enableWebThread]):
(+[WebView registerForMemoryNotifications]):
(-[WebView _needsKeyboardEventDisambiguationQuirks]):
(needsSelfRetainWhileLoadingQuirk):
(-[WebView _needsPreHTML5ParserQuirks]):

Source/WebKit2:

Update runtime application checks.

UIProcess/API/Cocoa/APIWebsiteDataStoreCocoa.mm:

(API::WebsiteDataStore::defaultApplicationCacheDirectory):

UIProcess/Cocoa/VersionChecks.mm:

(WebKit::linkedOnOrAfter):

UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::platformInitializeWebProcess):
(WebKit::WebProcessPool::legacyPlatformDefaultApplicationCacheDirectory):

UIProcess/ios/WKContentViewInteraction.mm:
UIProcess/mac/WebPageProxyMac.mm:

(WebKit::expectsLegacyImplicitRubberBandControl):
(WebKit::WebPageProxy::appleMailPaginationQuirkEnabled):

7:10 PM Changeset in webkit [197627] by Alan Bujtas

8 edits
2 adds in trunk

Make table collapsed borders subpixel aware.
https://bugs.webkit.org/show_bug.cgi?id=150383

Reviewed by Simon Fraser.

This patch enables authors to

set subpixel width on collapsed borders
and push those borders to subpixel positions.

Source/WebCore:

Test: fast/table/collapsed-border-with-odd-pixel-width.html

rendering/RenderTable.cpp:

(WebCore::RenderTable::calcBorderStart):
(WebCore::RenderTable::calcBorderEnd):
(WebCore::RenderTable::outerBorderBefore):
(WebCore::RenderTable::outerBorderAfter):
(WebCore::RenderTable::outerBorderStart):
(WebCore::RenderTable::outerBorderEnd):

rendering/RenderTableCell.cpp:

(WebCore::RenderTableCell::borderHalfStart):
(WebCore::RenderTableCell::borderHalfEnd):
(WebCore::RenderTableCell::borderHalfBefore):
(WebCore::RenderTableCell::borderHalfAfter):
(WebCore::RenderTableCell::paintCollapsedBorders):

rendering/RenderTableSection.cpp:

(WebCore::RenderTableSection::calcOuterBorderBefore):
(WebCore::RenderTableSection::calcOuterBorderAfter):
(WebCore::RenderTableSection::calcOuterBorderStart):
(WebCore::RenderTableSection::calcOuterBorderEnd):

rendering/style/CollapsedBorderValue.h:

(WebCore::CollapsedBorderValue::adjustedCollapsedBorderWidth):

LayoutTests:

fast/table/collapsed-border-with-odd-pixel-width-expected.html: Added.
fast/table/collapsed-border-with-odd-pixel-width.html: Added.
fast/table/hidpi-collapsed-border-with-odd-pixel-width-expected.html:

6:17 PM Changeset in webkit [197626] by weinig@apple.com

18 edits
2 adds in trunk

Add support for processing the autofill field name out of form control elements ultimately to aid input methods
<rdar://problem/23041180>
https://bugs.webkit.org/show_bug.cgi?id=155079

Reviewed by Enrica Casucci.

Source/WebCore:

Added additional cases to fast/forms/autocomplete-tokens.html.

WebCore.xcodeproj/project.pbxproj:

Add Autofill.h/cpp

html/Autofill.cpp: Added.

(WebCore::fieldNameMap):
(WebCore::toAutofillFieldName):
(WebCore::isContactToken):
(WebCore::maxTokensForAutofillFieldCategory):
(WebCore::AutofillData::createFromHTMLFormControlElement):

html/Autofill.h: Added.

(WebCore::AutofillData::AutofillData):
Refactored the autofill data processing algorithm into it's own file and added support
returning not just the IDL-exposed autofill value but also the autofill field name. The
code is structured simply enough that if we find a need for the hint set or scope information
we could return it as well.

html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::autocomplete):
(WebCore::HTMLFormControlElement::setAutocomplete):
(WebCore::HTMLFormControlElement::autofillMantle):
(WebCore::HTMLFormControlElement::autofillData):
Use AutofillData to implement these.

html/HTMLFormControlElement.h:

Expose accessor for mantle and AutofillData.

html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::autocomplete):

html/HTMLFormElement.h:

Switch to return an AtomicString as it will always
return one of two known values.

testing/Internals.cpp:

(WebCore::Internals::autofillFieldName):

testing/Internals.h:
testing/Internals.idl:

Add accessor of the field name for testing purposes.

Source/WebKit2:

Shared/AssistedNodeInformation.cpp:

(WebKit::AssistedNodeInformation::encode):
(WebKit::AssistedNodeInformation::decode):

Shared/AssistedNodeInformation.h:

Add AutofillFieldName. Convert some coders to use encodeEnum/decodeEnum instead of casting.

UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView textInputTraits]):
Map AutofillFieldNames to the associated UITextContentTypes.

WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::getAssistedNodeInformation):
Extract the AutofillFieldNames onto the AssistedNodeInformation for <input> elements
and <textarea> elements.

LayoutTests:

fast/forms/autocomplete-tokens-expected.txt:
fast/forms/autocomplete-tokens.html:

Update test to also test field names, as they are now exposed via internals.

5:52 PM Changeset in webkit [197625] by commit-queue@webkit.org

4 edits
2 adds in trunk/Source/WebInspectorUI

Web Inspector: Have separate path component for Script Timeline content views
https://bugs.webkit.org/show_bug.cgi?id=155075
<rdar://problem/24996564>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-03-05
Reviewed by Timothy Hatcher.

UserInterface/Images/CallTrees.svg: Added.
UserInterface/Images/Events.svg: Added.

New icons based off of ResultLine.svg.

UserInterface/Views/PathComponentIcons.css:

(.events-icon .icon):
(.call-trees-icon .icon):
(body:not(.mac-platform, .windows-platform) .call-trees-icon .icon):
Use the new icons and fallback to ResultLine.svg for other ports.

UserInterface/Views/ScriptClusterTimelineView.js:

(WebInspector.ScriptClusterTimelineView):
(WebInspector.ScriptClusterTimelineView.prototype.get eventsContentView):
(WebInspector.ScriptClusterTimelineView.prototype.showEvents):
(WebInspector.ScriptClusterTimelineView.prototype.showProfile):
(WebInspector.ScriptClusterTimelineView.prototype._pathComponentForContentView):
(WebInspector.ScriptClusterTimelineView.prototype._identifierForContentView):
(WebInspector.ScriptClusterTimelineView.prototype._showContentViewForIdentifier):
(WebInspector.ScriptClusterTimelineView.prototype._scriptClusterViewCurrentContentViewDidChange):
(WebInspector.ScriptClusterTimelineView.prototype.get detailsContentView): Deleted.
(WebInspector.ScriptClusterTimelineView.prototype.showDetails): Deleted.
Rename "Details" to "Events".

UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype.contentBrowserTreeElementForRepresentedObject): Deleted.
Always include the top level "Details" component.

5:23 PM Changeset in webkit [197624] by rniwa@webkit.org

2 edits in trunk/Source/WebCore

Build fix after r197612 (under ASAN/GuardMalloc).

dom/CustomElementDefinitions.cpp:

(WebCore::CustomElementDefinitions::findInterface):

5:20 PM Changeset in webkit [197623] by Michael Catanzaro

6 edits in trunk

Unreviewed, fix GTK/EFL build after r197575 and add mandatory GnuTLS dependency

Source/cmake/OptionsEfl.cmake:
Source/cmake/OptionsGTK.cmake:

Source/WebCore:

PlatformEfl.cmake:
PlatformGTK.cmake:

4:48 PM Changeset in webkit [197622] by fpizlo@apple.com

11 edits in trunk/Source/JavaScriptCore

The most aggressive form of RegExpTest/RegExpExec should speculate more aggressively than just cell
https://bugs.webkit.org/show_bug.cgi?id=154900

Reviewed by Saam Barati.

These old operations used to speculate cell. That's what they did when they were first
introduced. That was probably about as good as they could do back then because we didn't have
very powerful checks. Now we have powerful checks, so we can do this right.

The most profitable thing to check is that child1 is a RegExpObject and child2 is a JSString.
Sometimes though, we will not know what child2 is even though we know that child1 is a
RegExpObject. So, this patch means that RegExpExec/RegExpTest have the following overloads:

RegExpExec(RegExpObject:, String:)
RegExpExec(RegExpObject:, Untyped:)
RegExpExec(Untyped:, Untyped:)

This shaves off some type checks in Octane/regexp. It also cleans up some problems in our
modeling of the effectfulness of these operations.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):
(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):

jit/JITOperations.h:

4:40 PM Changeset in webkit [197621] by timothy@apple.com

9 edits in trunk/Source/WebKit2

Implement the Automation protocol commands by tracking WebPageProxy objects
that are controlled by automation and assigning them a UUID handle.

https://bugs.webkit.org/show_bug.cgi?id=154953
rdar://problem/24947489

Reviewed by Brian Burg.

UIProcess/API/APIAutomationSessionClient.h:

(API::AutomationSessionClient::didRequestNewWindow):
Return a WebPageProxy instead of void so it can be assigned a UUID handle.

UIProcess/API/Cocoa/_WKAutomationSessionDelegate.h:

Return a WKPageRef from _automationSessionDidRequestNewWindow:.

UIProcess/Automation/WebAutomationSession.cpp:

(WebKit::WebAutomationSession::webPageProxyForHandle):
(WebKit::WebAutomationSession::handleForWebPageProxy):
(WebKit::WebAutomationSession::getBrowsingContexts):
(WebKit::WebAutomationSession::createBrowsingContext):
(WebKit::WebAutomationSession::closeBrowsingContext):
(WebKit::WebAutomationSession::switchToBrowsingContext):

UIProcess/Automation/WebAutomationSession.h:

Added new methods and maps to track pages and handles.

UIProcess/Cocoa/AutomationSessionClient.h:
UIProcess/Cocoa/AutomationSessionClient.mm:

(WebKit::AutomationSessionClient::didRequestNewWindow):
Return a WebPageProxy from the WKPageRef.

UIProcess/WebPageProxy.h: Make setFocus public.

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::setAutomationSession):
Set the WebProcessPool on the WebAutomationSession so it can be used to find
WebPageProxy objects controlled by automation.

4:40 PM Changeset in webkit [197620] by timothy@apple.com

4 edits in trunk/Source/WebKit2

Rename Automation protocol methods to use "BrowsingContext" instead of "Window".
Also flesh out the protocol commands more by adding switchToBrowsingContext
and return a BrowsingContextHandle for createBrowsingContext.

https://bugs.webkit.org/show_bug.cgi?id=154953
rdar://problem/24947489

Reviewed by Brian Burg.

UIProcess/Automation/Automation.json:
UIProcess/Automation/WebAutomationSession.cpp:

(WebKit::WebAutomationSession::getBrowsingContexts):
(WebKit::WebAutomationSession::createBrowsingContext):
(WebKit::WebAutomationSession::closeBrowsingContext):
(WebKit::WebAutomationSession::switchToBrowsingContext):
(WebKit::WebAutomationSession::getWindows): Deleted.
(WebKit::WebAutomationSession::openWindow): Deleted.
(WebKit::WebAutomationSession::closeWindow): Deleted.

UIProcess/Automation/WebAutomationSession.h:

4:28 PM Changeset in webkit [197619] by Joseph Pecoraro

15 edits
2 moves
6 adds in trunk/Source/WebInspectorUI

Web Inspector: Add back support for a heavy / bottom up profile view
https://bugs.webkit.org/show_bug.cgi?id=140578
<rdar://problem/19506794>

Reviewed by Timothy Hatcher.

Localizations/en.lproj/localizedStrings.js:
UserInterface/Main.html:

New strings and resources.

UserInterface/Base/Utilities.js:

(Number.secondsToMillisecondsString):
Helper for providing a consistent milliseconds string used in profiles.

UserInterface/Controllers/TimelineManager.js:

(WebInspector.TimelineManager.prototype.scriptProfilerTrackingCompleted):
The calling context tree should be stored on a Recording, not on the global
TimelineManager. Also create two trees, one top down and one bottom up.

UserInterface/Models/CallingContextTree.js:

(WebInspector.CallingContextTree):
(WebInspector.CallingContextTree.prototype.get type):
(WebInspector.CallingContextTree.prototype.get totalExecutionTime):
(WebInspector.CallingContextTree.prototype.reset):
(WebInspector.CallingContextTree.prototype.numberOfSamplesInTimeRange):
(WebInspector.CallingContextTree.prototype.increaseExecutionTime):
Give a CallingContextTree a type (TopDown / BottomUp) and some getters.

(WebInspector.CallingContextTree.prototype.updateTreeWithStackTrace):
Build a bottom up or top down tree from samples.

(WebInspector.CallingContextTree.prototype.forEachChild):
Allow iterating from the root.

(WebInspector.CCTNode):
(WebInspector.CCTNode.prototype.hasChildrenInTimeRange):
(WebInspector.CCTNode.prototype.numberOfLeafTimestamps):
(WebInspector.CCTNode.prototype.addTimestampAndExpressionLocation):
(WebInspector.CCTNode.prototype.equals):
(WebInspector.CCTNode.prototype.hasChildren): Deleted.
Give a CCTNode a list of leaf timestamps alongside the list of all timestamps.
Leaf timestamps will count as "self time" in a profile view.

UserInterface/Models/SourceCodeLocation.js:

(WebInspector.SourceCodeLocation.prototype._locationString):
Nobody was using "ColumnStyle.Hidden" so repurpose it to be even simpler.

UserInterface/Models/TimelineRecording.js:

(WebInspector.TimelineRecording):
(WebInspector.TimelineRecording.prototype.get topDownCallingContextTree):
(WebInspector.TimelineRecording.prototype.get bottomUpCallingContextTree):
(WebInspector.TimelineRecording.prototype.reset):
Store the two types of calling context trees and allow reseting them.

UserInterface/Protocol/InspectorFrontendAPI.js:

(InspectorFrontendAPI.contextMenuItemSelected):
Helper for debugging uncaught exceptions in context menus.

UserInterface/Views/ContentView.js:

(WebInspector.ContentView.createFromRepresentedObject):
(WebInspector.ContentView.isViewable):
A ScriptTimeline now has a cluster view.
A CallingContextTree now has a ProfileView.

UserInterface/Views/DataGrid.js:

(WebInspector.DataGrid.prototype.insertChild):
(WebInspector.DataGrid.prototype._contextMenuInDataTable):
(WebInspector.DataGridNode.prototype.refreshRecursively):
(WebInspector.DataGridNode.prototype.elementWithColumnIdentifier):
(WebInspector.DataGridNode.prototype.forEachImmediateChild):
(WebInspector.DataGridNode.prototype.forEachChildInSubtree):
(WebInspector.DataGridNode.prototype.isInSubtreeOfNode):
Provide some helpers for iterating DataGridNodes, useful when the
actual DataGrid comes from a DataGridTree.

(WebInspector.DataGridNode.prototype.select):
(WebInspector.DataGridNode.prototype.deselect):
The indent width of DataGridNodes was not getting reset when a
node was removed and re-added to a tree due to a cached padding.

(WebInspector.DataGridNode.prototype.appendContextMenuItems):
Allow DataGridNodes to provide context menu items by overriding this method.

UserInterface/Views/PathComponentIcons.css:

(.function-icon .icon):
(.native-icon .icon):
(.program-icon .icon):
Icons for profile nodes in path components.

UserInterface/Views/ProfileDataGridNode.js: Added.

(WebInspector.ProfileDataGridNode):
(WebInspector.ProfileDataGridNode.prototype.get node):
(WebInspector.ProfileDataGridNode.prototype.displayName):
(WebInspector.ProfileDataGridNode.prototype.iconClassName):
(WebInspector.ProfileDataGridNode.prototype.get data):
(WebInspector.ProfileDataGridNode.prototype.createCellContent):
(WebInspector.ProfileDataGridNode.prototype.sort):
(WebInspector.ProfileDataGridNode.prototype.refresh):
(WebInspector.ProfileDataGridNode.prototype.appendContextMenuItems):
(WebInspector.ProfileDataGridNode.prototype._updateChildrenForModifiers):
(WebInspector.ProfileDataGridNode.prototype._recalculateData):
(WebInspector.ProfileDataGridNode.prototype._totalTimeContent):
(WebInspector.ProfileDataGridNode.prototype._displayContent):
(WebInspector.ProfileDataGridNode.prototype._populate):
CCTNode DataGridNode. A row in the ProfileDataGridTree. Handles
tree modifiers like charge to caller.

UserInterface/Views/ProfileDataGridTree.js: Added.

(WebInspector.ProfileDataGridTree):
(WebInspector.ProfileDataGridTree.buildSortComparator):
(WebInspector.ProfileDataGridTree.prototype.get callingContextTree):
(WebInspector.ProfileDataGridTree.prototype.get sampleInterval):
(WebInspector.ProfileDataGridTree.prototype.get focusNodes):
(WebInspector.ProfileDataGridTree.prototype.get currentFocusNode):
(WebInspector.ProfileDataGridTree.prototype.get modifiers):
(WebInspector.ProfileDataGridTree.prototype.get startTime):
(WebInspector.ProfileDataGridTree.prototype.get endTime):
(WebInspector.ProfileDataGridTree.prototype.get numberOfSamples):
(WebInspector.ProfileDataGridTree.prototype.get children):
(WebInspector.ProfileDataGridTree.prototype.appendChild):
(WebInspector.ProfileDataGridTree.prototype.insertChild):
(WebInspector.ProfileDataGridTree.prototype.removeChildren):
(WebInspector.ProfileDataGridTree.prototype.set sortComparator):
(WebInspector.ProfileDataGridTree.prototype.sort):
(WebInspector.ProfileDataGridTree.prototype.refresh):
(WebInspector.ProfileDataGridTree.prototype.addFocusNode):
(WebInspector.ProfileDataGridTree.prototype.rollbackFocusNode):
(WebInspector.ProfileDataGridTree.prototype.clearFocusNodes):
(WebInspector.ProfileDataGridTree.prototype.hasModifiers):
(WebInspector.ProfileDataGridTree.prototype.addModifier):
(WebInspector.ProfileDataGridTree.prototype.clearModifiers):
(WebInspector.ProfileDataGridTree.prototype._repopulate):
(WebInspector.ProfileDataGridTree.prototype._focusChanged):
(WebInspector.ProfileDataGridTree.prototype._updateCurrentFocusDetails):
(WebInspector.ProfileDataGridTree.prototype._restoreFocusedNodeToOriginalParent):
(WebInspector.ProfileDataGridTree.prototype._modifiersChanged):
Start of a DataGridTree for a CallingContextTree.
Contains special logic for focused nodes and modifiers.

UserInterface/Views/ProfileView.css: Added.

(.profile > .data-grid):
(.profile > .data-grid th):
(.profile > .data-grid td .icon):
(.profile > .data-grid td .percentage):
(.profile > .data-grid td .location):
(.profile > .data-grid:matches(:focus, .force-focus) tr.selected td .location):
(.profile > .data-grid td .icon.function-icon):
(.profile > .data-grid td .icon.native-icon):
(.profile > .data-grid td .icon.program-icon):
(.profile > .data-grid tr:matches(.selected, :hover) .go-to-arrow):
(.profile > .data-grid td.function-column):
(.profile > .data-grid td .guidance):
(.profile > .data-grid td .guidance.hover):
(.profile > .data-grid td .guidance.base):
(.profile > .data-grid tr:not(.expanded) td .guidance.base):
(.profile > .data-grid tr.expanded td .guidance.base):

UserInterface/Views/ProfileView.js: Added.

(WebInspector.ProfileView):
(WebInspector.ProfileView.prototype.get callingContextTree):
(WebInspector.ProfileView.prototype.get startTime):
(WebInspector.ProfileView.prototype.get endTime):
(WebInspector.ProfileView.prototype.setStartAndEndTime):
(WebInspector.ProfileView.prototype.hasFocusNodes):
(WebInspector.ProfileView.prototype.clearFocusNodes):
(WebInspector.ProfileView.prototype.get selectionPathComponents):
(WebInspector.ProfileView.prototype._recreate):
(WebInspector.ProfileView.prototype._repopulateDataGridFromTree):
(WebInspector.ProfileView.prototype._pathComponentClicked):
(WebInspector.ProfileView.prototype._dataGridTreeFocusChanged):
(WebInspector.ProfileView.prototype._dataGridTreeModifiersChanged):
(WebInspector.ProfileView.prototype._dataGridSortChanged):
(WebInspector.ProfileView.prototype._dataGridNodeSelected):
(WebInspector.ProfileView.prototype._dataGridNodeExpanded):
(WebInspector.ProfileView.prototype._mouseOverDataGrid):
(WebInspector.ProfileView.prototype._mouseLeaveDataGrid):
(WebInspector.ProfileView.prototype._guidanceElementKey):
(WebInspector.ProfileView.prototype._removeGuidanceElement):
(WebInspector.ProfileView.prototype._appendGuidanceElement):
ProfileView holds a data grid which is populated from the data grid tree.
Special handing for guidance markers when hovering / selecting parts of the tree.

UserInterface/Views/ScriptClusterTimelineView.js: Added.

(WebInspector.ScriptClusterTimelineView.createPathComponent):
(WebInspector.ScriptClusterTimelineView):
(WebInspector.ScriptClusterTimelineView.prototype.get zeroTime):
(WebInspector.ScriptClusterTimelineView.prototype.set zeroTime):
(WebInspector.ScriptClusterTimelineView.prototype.get startTime):
(WebInspector.ScriptClusterTimelineView.prototype.set startTime):
(WebInspector.ScriptClusterTimelineView.prototype.get endTime):
(WebInspector.ScriptClusterTimelineView.prototype.set endTime):
(WebInspector.ScriptClusterTimelineView.prototype.get currentTime):
(WebInspector.ScriptClusterTimelineView.prototype.set currentTime):
(WebInspector.ScriptClusterTimelineView.prototype.get navigationSidebarTreeOutline):
(WebInspector.ScriptClusterTimelineView.prototype.reset):
(WebInspector.ScriptClusterTimelineView.prototype.filterDidChange):
(WebInspector.ScriptClusterTimelineView.prototype.matchTreeElementAgainstCustomFilters):
(WebInspector.ScriptClusterTimelineView.prototype.get detailsContentView):
(WebInspector.ScriptClusterTimelineView.prototype.get profileContentView):
(WebInspector.ScriptClusterTimelineView.prototype.get selectionPathComponents):
(WebInspector.ScriptClusterTimelineView.prototype.saveToCookie):
(WebInspector.ScriptClusterTimelineView.prototype.restoreFromCookie):
(WebInspector.ScriptClusterTimelineView.prototype.showDetails):
(WebInspector.ScriptClusterTimelineView.prototype.showProfile):
(WebInspector.ScriptClusterTimelineView.prototype._pathComponentForContentView):
(WebInspector.ScriptClusterTimelineView.prototype._identifierForContentView):
(WebInspector.ScriptClusterTimelineView.prototype._showContentViewForIdentifier):
(WebInspector.ScriptClusterTimelineView.prototype._pathComponentSelected):
(WebInspector.ScriptClusterTimelineView.prototype._scriptClusterViewCurrentContentViewDidChange):
Script Timeline ClusterContentView. Toggle between the normal "Details" data grid
and the new "Call Tree" profile view. Currently the recording expects child content
views to be TimelineViews, this ClusterContentView forwards TimelineView relevant
methods to the real TimelineView children.

UserInterface/Views/ScriptDetailsTimelineView.js: Renamed from Source/WebInspectorUI/UserInterface/Views/ScriptTimelineView.js.

(WebInspector.ScriptDetailsTimelineView):
(WebInspector.ScriptDetailsTimelineView.prototype.get navigationSidebarTreeOutlineLabel):
(WebInspector.ScriptDetailsTimelineView.prototype.shown):
(WebInspector.ScriptDetailsTimelineView.prototype.hidden):
(WebInspector.ScriptDetailsTimelineView.prototype.closed):
(WebInspector.ScriptDetailsTimelineView.prototype.get selectionPathComponents):
(WebInspector.ScriptDetailsTimelineView.prototype.reset):
(WebInspector.ScriptDetailsTimelineView.prototype.canShowContentViewForTreeElement):
(WebInspector.ScriptDetailsTimelineView.prototype.showContentViewForTreeElement):
(WebInspector.ScriptDetailsTimelineView.prototype.treeElementPathComponentSelected):
(WebInspector.ScriptDetailsTimelineView.prototype.treeElementSelected):
(WebInspector.ScriptDetailsTimelineView.prototype.dataGridNodeForTreeElement):
(WebInspector.ScriptDetailsTimelineView.prototype.populateProfileNodeTreeElement):
(WebInspector.ScriptDetailsTimelineView.prototype.layout):
(WebInspector.ScriptDetailsTimelineView.prototype._processPendingRecords):
(WebInspector.ScriptDetailsTimelineView.prototype._scriptTimelineRecordAdded):
(WebInspector.ScriptDetailsTimelineView.prototype._scriptTimelineRecordRefreshed):
(WebInspector.ScriptDetailsTimelineView.prototype._dataGridFiltersDidChange):
(WebInspector.ScriptDetailsTimelineView.prototype._dataGridNodeSelected):

UserInterface/Views/ScriptProfileTimelineView.js: Added.

(WebInspector.ScriptProfileTimelineView):
(WebInspector.ScriptProfileTimelineView.prototype.closed):
(WebInspector.ScriptProfileTimelineView.prototype.get navigationItems):
(WebInspector.ScriptProfileTimelineView.prototype.get selectionPathComponents):
(WebInspector.ScriptProfileTimelineView.prototype.layout):
(WebInspector.ScriptProfileTimelineView.prototype._callingContextTreeForOrientation):
(WebInspector.ScriptProfileTimelineView.prototype._profileViewSelectionPathComponentsDidChange):
(WebInspector.ScriptProfileTimelineView.prototype._scriptTimelineRecordRefreshed):
(WebInspector.ScriptProfileTimelineView.prototype._updateProfileOrientationButtonItem):
(WebInspector.ScriptProfileTimelineView.prototype._toggleProfileOrientation):
(WebInspector.ScriptProfileTimelineView.prototype._updateClearFocusNodesButtonItem):
(WebInspector.ScriptProfileTimelineView.prototype._clearFocusNodes):
The two TimelineViews.

UserInterface/Views/TimelineRecordingContentView.js:

(WebInspector.TimelineRecordingContentView.prototype.get currentTimelineView):
(WebInspector.TimelineRecordingContentView.prototype.contentBrowserTreeElementForRepresentedObject):
The timeline content browser may now hold a ClusterContentView. It is not exactly a TimelineView,
but it holds TimelineViews, so treat it like one. Assume the ClusterContentView will add its own
path components.

(WebInspector.TimelineRecordingContentView.prototype._instrumentAdded):
Add extra information other than the sidebar to TimelineViews. The ProfileView looks
at the recording for the calling context trees.

4:01 PM Changeset in webkit [197618] by Simon Fraser

4 edits
17 adds in trunk

Add support for the object-position CSS property
https://bugs.webkit.org/show_bug.cgi?id=122811
rdar://problem/15836338

Reviewed by Sam Weinig.

Source/WebCore:

Take object-position into account when rendering replaced elements.
RenderReplaced::replacedContentRect() is the one place where we compute
the content rect for replaced elements.

Also return false from foregroundIsKnownToBeOpaqueInRect() if we have
any non-default object-position, as the foreground may no longer fill the box.

Tests: compositing/video/video-object-position.html

fast/css/object-position/object-position-canvas.html
fast/css/object-position/object-position-embed.html
fast/css/object-position/object-position-img-svg.html
fast/css/object-position/object-position-img.html
fast/css/object-position/object-position-input-image.html
fast/css/object-position/object-position-object.html
fast/css/object-position/object-position-video-poster.html

rendering/RenderImage.cpp:

(WebCore::RenderImage::foregroundIsKnownToBeOpaqueInRect):

rendering/RenderReplaced.cpp:

(WebCore::RenderReplaced::replacedContentRect):

LayoutTests:

Various object-position tests.

compositing/video/video-object-position-expected.txt: Added.
compositing/video/video-object-position.html: Added.
fast/css/object-position/object-position-embed-expected.html: Added.
fast/css/object-position/object-position-embed.html: Added.
fast/css/object-position/object-position-img-expected.html: Added.
fast/css/object-position/object-position-img-svg-expected.html: Added.
fast/css/object-position/object-position-img-svg.html: Added.
fast/css/object-position/object-position-img.html: Added.
fast/css/object-position/object-position-input-image-expected.html: Added.
fast/css/object-position/object-position-input-image.html: Added.
fast/css/object-position/object-position-object-expected.html: Added.
fast/css/object-position/object-position-object.html: Added.
fast/css/object-position/object-position-video-poster-expected.html: Added.
fast/css/object-position/object-position-video-poster.html: Added.
fast/css/object-position/resources/expected.css: Added.
fast/css/object-position/resources/test.css: Added.

3:23 PM Changeset in webkit [197617] by Simon Fraser

13 edits
5 adds in trunk

Add parsing support for object-position
https://bugs.webkit.org/show_bug.cgi?id=155065

Reviewed by Sam Weinig.

Source/WebCore:

Add parsing support for object-position. This is the first property with
CSS <position> values which does not have equivalent -x and -y shorthands,
so we can store it as a new LengthPoint type.

Per the CSS Values spec, bottom- and right-relative values are translated
into calc() expressions, which are exposed via computed style. For example,
"right 10px bottom" becomes "calc(100% - 10px) 100%". This also allows transitions
between, say, "left 10px bottom" and "right 10px bottom".

Test: fast/css/object-position/parsing-object-position.html

CMakeLists.txt:
WebCore.xcodeproj/project.pbxproj:
css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::propertyValue):

css/CSSParser.cpp:

(WebCore::CSSParser::parseValue):

css/CSSPrimitiveValue.h:

(WebCore::CSSPrimitiveValue::isPair):

css/CSSPropertyNames.in:
css/CSSValue.h:
css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::convertLength):
(WebCore::StyleBuilderConverter::convertTo100PercentMinusLength):
(WebCore::StyleBuilderConverter::convertPositionComponent):
(WebCore::StyleBuilderConverter::convertObjectPosition):

platform/LengthPoint.cpp: Added.

(WebCore::operator<<):

platform/LengthPoint.h: Added.

(WebCore::LengthPoint::LengthPoint):
(WebCore::LengthPoint::operator==):
(WebCore::LengthPoint::setX):
(WebCore::LengthPoint::x):
(WebCore::LengthPoint::setY):
(WebCore::LengthPoint::y):
(WebCore::LengthPoint::blend):

rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::changeRequiresRepaint):

rendering/style/RenderStyle.h:
rendering/style/StyleRareNonInheritedData.cpp:

(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
(WebCore::StyleRareNonInheritedData::operator==):

rendering/style/StyleRareNonInheritedData.h:

LayoutTests:

object-position parsing test.

fast/css/object-position/parsing-object-position-expected.txt: Added.
fast/css/object-position/parsing-object-position.html: Added.

1:35 PM Changeset in webkit [197616] by jdiggs@igalia.com

18 edits
21 adds in trunk

AX: Implement missing/different accessibility API mappings for SVG
https://bugs.webkit.org/show_bug.cgi?id=155034

Reviewed by Chris Fleizach.

Source/WebCore:

Create an AccessibilitySVGElement class for the SVG-specific mappings;
fix name and description mappings for ATK; add new AccessibilityRole
types (SVGTextRole, SVGTSpanRole, SVGTextPathRole) and map them for
ATK and AX API.

Tests: accessibility/w3c-svg-description-calculation.html

accessibility/w3c-svg-elements-not-exposed.html
accessibility/w3c-svg-name-calculation.html
accessibility/w3c-svg-presentational-role.html
accessibility/w3c-svg-roles.html

CMakeLists.txt:
WebCore.xcodeproj/project.pbxproj:
accessibility/AXObjectCache.cpp:

(WebCore::createFromRenderer):

accessibility/AccessibilityAllInOne.cpp:
accessibility/AccessibilityNodeObject.cpp:

(WebCore::AccessibilityNodeObject::alternativeText): Deleted.
(WebCore::AccessibilityNodeObject::accessibilityDescription): Deleted.

accessibility/AccessibilityObject.h:

(WebCore::AccessibilityObject::isAccessibilitySVGElement):

accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::determineAccessibilityRole): Deleted.

accessibility/AccessibilitySVGElement.cpp: Added.

(WebCore::AccessibilitySVGElement::AccessibilitySVGElement):
(WebCore::AccessibilitySVGElement::~AccessibilitySVGElement):
(WebCore::AccessibilitySVGElement::create):
(WebCore::AccessibilitySVGElement::targetForUseElement):
(WebCore::AccessibilitySVGElement::accessibilityText):
(WebCore::AccessibilitySVGElement::accessibilityDescription):
(WebCore::AccessibilitySVGElement::helpText):
(WebCore::AccessibilitySVGElement::computeAccessibilityIsIgnored):
(WebCore::AccessibilitySVGElement::inheritsPresentationalRole):
(WebCore::AccessibilitySVGElement::determineAriaRoleAttribute):
(WebCore::AccessibilitySVGElement::determineAccessibilityRole):

accessibility/AccessibilitySVGElement.h: Added.
accessibility/atk/WebKitAccessibleWrapperAtk.cpp:

(webkitAccessibleGetName):
(webkitAccessibleGetDescription):
(atkRole):

accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):

accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(createAccessibilityRoleMap):

rendering/RenderObject.h:

(WebCore::RenderObject::isSVGTSpan):

rendering/svg/RenderSVGTSpan.h:

LayoutTests:

accessibility/svg-group-element-with-title.html: Modified to reflect correct ATK results.
accessibility/svg-image.html: Modified to reflect correct ATK results.
accessibility/svg-labelledby.html: Modified to reflect correct ATK results.
accessibility/svg-remote-element.html: Modified to reflect correct ATK results.
accessibility/w3c-svg-description-calculation.html: Added.
accessibility/w3c-svg-elements-not-exposed.html: Added.
accessibility/w3c-svg-name-calculation.html: Added.
accessibility/w3c-svg-presentational-role.html: Added.
accessibility/w3c-svg-roles.html: Added.
platform/gtk/accessibility/svg-group-element-with-title-expected.txt: Added.
platform/gtk/accessibility/svg-image-expected.txt: Added.
platform/gtk/accessibility/svg-labelledby-expected.txt: Added.
platform/gtk/accessibility/svg-remote-element-expected.txt: Added.
platform/gtk/accessibility/w3c-svg-description-calculation-expected.txt: Added.
platform/gtk/accessibility/w3c-svg-elements-not-exposed-expected.txt: Added.
platform/gtk/accessibility/w3c-svg-name-calculation-expected.txt: Added.
platform/gtk/accessibility/w3c-svg-presentational-role-expected.txt: Added.
platform/gtk/accessibility/w3c-svg-roles-expected.txt: Added.
platform/mac/accessibility/w3c-svg-description-calculation-expected.txt: Added.
platform/mac/accessibility/w3c-svg-elements-not-exposed-expected.txt: Added.
platform/mac/accessibility/w3c-svg-name-calculation-expected.txt: Added.
platform/mac/accessibility/w3c-svg-presentational-role-expected.txt: Added.
platform/mac/accessibility/w3c-svg-roles-expected.txt: Added.

11:44 AM Changeset in webkit [197615] by clopez@igalia.com

2 edits in trunk/Tools

[GTK] Fix logging details after r197505 (Run the run-benchmark script on the performance bot.)
https://bugs.webkit.org/show_bug.cgi?id=154595

Unreviewed.

Scripts/webkitpy/benchmark_runner/run_benchmark.py:

(start): Use logging.exception when a test fails in order to get the details about the error.

9:01 AM Changeset in webkit [197614] by Yusuke Suzuki

114 edits
1 add in trunk/Source

[ES6] Support Reflect.construct
https://bugs.webkit.org/show_bug.cgi?id=147330

Reviewed by Saam Barati.

Source/JavaScriptCore:

Based on Saam's r196868, this patch adds support for Reflect.construct.
This patch implements OrdinaryCreateFromConstructor[1] for fallback cases.
This path is rarely taken. For example,

Reflect.construct(function () { }, [], Map);

In this case, the new.target becomes Map.
So we should create an object that __proto__ is Map.prototype.

And to allow forward declaration (and encouraging strong type checking), we change
ConstructType, CallType to C++11 enum class.

[1]: http://ecma-international.org/ecma-262/6.0/#sec-ordinarycreatefromconstructor

API/JSCallbackConstructor.cpp:

(JSC::JSCallbackConstructor::getConstructData):

API/JSCallbackFunction.cpp:

(JSC::JSCallbackFunction::getCallData):

API/JSCallbackObjectFunctions.h:

(JSC::JSCallbackObject<Parent>::getConstructData):
(JSC::JSCallbackObject<Parent>::getCallData):

API/JSObjectRef.cpp:

(JSObjectIsFunction):
(JSObjectCallAsFunction):
(JSObjectIsConstructor):
(JSObjectCallAsConstructor):

API/ObjCCallbackFunction.mm:

(JSC::ObjCCallbackFunction::getCallData):
(JSC::ObjCCallbackFunction::getConstructData):

bindings/ScriptFunctionCall.cpp:

(Deprecated::ScriptFunctionCall::call):

bindings/ScriptValue.cpp:

(Deprecated::ScriptValue::isFunction):

builtins/ReflectObject.js:
dfg/DFGOperations.cpp:
inspector/InjectedScriptManager.cpp:

(Inspector::InjectedScriptManager::createInjectedScript):

interpreter/Interpreter.cpp:

(JSC::sizeOfVarargs):
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):

jit/JITOperations.cpp:
llint/LLIntSlowPaths.cpp:

(JSC::LLInt::handleHostCall):

runtime/ArrayConstructor.cpp:

(JSC::ArrayConstructor::getConstructData):
(JSC::ArrayConstructor::getCallData):

runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::getLength): Deleted.

runtime/BooleanConstructor.cpp:

(JSC::BooleanConstructor::getConstructData):
(JSC::BooleanConstructor::getCallData):

runtime/CallData.cpp:

(JSC::call):

runtime/CallData.h:
runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

runtime/ConstructData.cpp:

(JSC::construct):

runtime/ConstructData.h:
runtime/DateConstructor.cpp:

(JSC::DateConstructor::getConstructData):
(JSC::DateConstructor::getCallData):

runtime/DatePrototype.cpp:

(JSC::dateProtoFuncToJSON):

runtime/Error.h:

(JSC::StrictModeTypeErrorFunction::getConstructData):
(JSC::StrictModeTypeErrorFunction::getCallData):

runtime/ErrorConstructor.cpp:

(JSC::ErrorConstructor::getConstructData):
(JSC::ErrorConstructor::getCallData):

runtime/ExceptionHelpers.cpp:

(JSC::errorDescriptionForValue):

runtime/FunctionConstructor.cpp:

(JSC::FunctionConstructor::getConstructData):
(JSC::FunctionConstructor::getCallData):

runtime/FunctionPrototype.cpp:

(JSC::FunctionPrototype::getCallData):
(JSC::functionProtoFuncToString):
(JSC::functionProtoFuncBind):

runtime/GeneratorFunctionConstructor.cpp:

(JSC::GeneratorFunctionConstructor::getCallData):
(JSC::GeneratorFunctionConstructor::getConstructData):

runtime/InternalFunction.cpp:

(JSC::InternalFunction::getCallData):

runtime/IntlCollatorConstructor.cpp:

(JSC::IntlCollatorConstructor::getConstructData):
(JSC::IntlCollatorConstructor::getCallData):

runtime/IntlDateTimeFormatConstructor.cpp:

(JSC::IntlDateTimeFormatConstructor::getConstructData):
(JSC::IntlDateTimeFormatConstructor::getCallData):

runtime/IntlNumberFormatConstructor.cpp:

(JSC::IntlNumberFormatConstructor::getConstructData):
(JSC::IntlNumberFormatConstructor::getCallData):

runtime/IteratorOperations.cpp:

(JSC::iteratorNext):
(JSC::iteratorClose):

runtime/JSArray.h:

(JSC::getLength):

runtime/JSArrayBufferConstructor.cpp:

(JSC::JSArrayBufferConstructor::getConstructData):
(JSC::JSArrayBufferConstructor::getCallData):

runtime/JSBoundFunction.cpp:

(JSC::boundFunctionCall):
(JSC::boundFunctionConstruct):
(JSC::JSBoundFunction::create):

runtime/JSCJSValue.h:
runtime/JSCJSValueInlines.h:

(JSC::JSValue::isFunction):
(JSC::JSValue::isConstructor):

runtime/JSCell.cpp:

(JSC::JSCell::getCallData):
(JSC::JSCell::getConstructData):

runtime/JSFunction.cpp:

(JSC::JSFunction::getCallData):
(JSC::JSFunction::getConstructData):

runtime/JSGenericTypedArrayViewConstructorInlines.h:

(JSC::constructGenericTypedArrayViewWithArguments):
(JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getConstructData):
(JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):

runtime/JSInternalPromise.cpp:

(JSC::JSInternalPromise::then):

runtime/JSInternalPromiseConstructor.cpp:

(JSC::JSInternalPromiseConstructor::getConstructData):
(JSC::JSInternalPromiseConstructor::getCallData):

runtime/JSJob.cpp:

(JSC::JSJobMicrotask::run):

runtime/JSONObject.cpp:

(JSC::Stringifier::Stringifier):
(JSC::Stringifier::toJSONImpl):
(JSC::Stringifier::appendStringifiedValue):
(JSC::JSONProtoFuncParse):

runtime/JSObject.cpp:

(JSC::callToPrimitiveFunction):
(JSC::JSObject::hasInstance):
(JSC::JSObject::getMethod):

runtime/JSObject.h:

(JSC::getCallData):
(JSC::getConstructData):

runtime/JSPromise.cpp:

(JSC::JSPromise::initialize):

runtime/JSPromiseConstructor.cpp:

(JSC::JSPromiseConstructor::getConstructData):
(JSC::JSPromiseConstructor::getCallData):

runtime/JSPromiseDeferred.cpp:

(JSC::newPromiseCapability):
(JSC::callFunction):

runtime/JSTypedArrayViewConstructor.cpp:

(JSC::constructTypedArrayView):
(JSC::JSTypedArrayViewConstructor::getConstructData):
(JSC::JSTypedArrayViewConstructor::getCallData):

runtime/MapConstructor.cpp:

(JSC::constructMap):
(JSC::MapConstructor::getConstructData):
(JSC::MapConstructor::getCallData):

runtime/ModuleLoaderObject.cpp:

(JSC::ModuleLoaderObject::provide):
(JSC::ModuleLoaderObject::loadAndEvaluateModule):
(JSC::ModuleLoaderObject::loadModule):
(JSC::ModuleLoaderObject::linkAndEvaluateModule):

runtime/NativeErrorConstructor.cpp:

(JSC::NativeErrorConstructor::getConstructData):
(JSC::NativeErrorConstructor::getCallData):

runtime/NullGetterFunction.cpp:

(JSC::NullGetterFunction::getCallData):
(JSC::NullGetterFunction::getConstructData):

runtime/NullSetterFunction.cpp:

(JSC::NullSetterFunction::getCallData):
(JSC::NullSetterFunction::getConstructData):

runtime/NumberConstructor.cpp:

(JSC::NumberConstructor::getConstructData):
(JSC::NumberConstructor::getCallData):

runtime/ObjectConstructor.cpp:

(JSC::ObjectConstructor::getConstructData):
(JSC::ObjectConstructor::getCallData):
(JSC::toPropertyDescriptor):

runtime/ObjectPrototype.cpp:

(JSC::objectProtoFuncDefineGetter):
(JSC::objectProtoFuncDefineSetter):
(JSC::objectProtoFuncToLocaleString):

runtime/Operations.cpp:

(JSC::jsTypeStringForValue):
(JSC::jsIsObjectTypeOrNull):
(JSC::jsIsFunctionType):

runtime/ProxyConstructor.cpp:

(JSC::ProxyConstructor::getConstructData):
(JSC::ProxyConstructor::getCallData):

runtime/ProxyObject.cpp:

(JSC::ProxyObject::finishCreation):
(JSC::performProxyCall):
(JSC::ProxyObject::getCallData):
(JSC::performProxyConstruct):
(JSC::ProxyObject::getConstructData):

runtime/ReflectObject.cpp:

(JSC::reflectObjectConstruct):

runtime/RegExpConstructor.cpp:

(JSC::RegExpConstructor::getConstructData):
(JSC::RegExpConstructor::getCallData):

runtime/RuntimeType.h:
runtime/SamplingProfiler.cpp:

(JSC::SamplingProfiler::processUnverifiedStackTraces):

runtime/SetConstructor.cpp:

(JSC::constructSet):
(JSC::SetConstructor::getConstructData):
(JSC::SetConstructor::getCallData):

runtime/StringConstructor.cpp:

(JSC::StringConstructor::getConstructData):
(JSC::StringConstructor::getCallData):

runtime/StringPrototype.cpp:

(JSC::replaceUsingRegExpSearch):
(JSC::operationStringProtoFuncReplaceRegExpEmptyStr):
(JSC::operationStringProtoFuncReplaceRegExpString):
(JSC::replaceUsingStringSearch):

runtime/SymbolConstructor.cpp:

(JSC::SymbolConstructor::getConstructData):
(JSC::SymbolConstructor::getCallData):

runtime/WeakMapConstructor.cpp:

(JSC::constructWeakMap):
(JSC::WeakMapConstructor::getConstructData):
(JSC::WeakMapConstructor::getCallData):

runtime/WeakSetConstructor.cpp:

(JSC::constructWeakSet):
(JSC::WeakSetConstructor::getConstructData):
(JSC::WeakSetConstructor::getCallData):

tests/es6.yaml:
tests/stress/reflect-construct.js: Added.

(shouldBe):
(shouldThrow):
(shouldThrow.array.get length):
(shouldThrow.array.get 0):
(array.get length):
(array.get 0):
(shouldBe.Reflect.construct):
(shouldBe.Reflect.construct.Hello):
(3.shouldBe.Reflect.construct.Hello):
(3.newTarget):
(0.shouldBe.Reflect.construct):
(shouldBe.A):
(shouldBe.B):
(nativeConstructorTest.DerivedMap):
(nativeConstructorTest.FailedMap):
(set noInline):

Source/WebCore:

Modules/plugins/QuickTimePluginReplacement.mm:

(WebCore::QuickTimePluginReplacement::installReplacement):

bindings/js/CallbackFunction.cpp:

(WebCore::checkFunctionOnlyCallback):

bindings/js/JSCallbackData.cpp:

(WebCore::JSCallbackData::invokeCallback):

bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::constructElement):
(WebCore::JSCustomElementInterface::attributeChanged):

bindings/js/JSCustomXPathNSResolver.cpp:

(WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):

bindings/js/JSDOMBinding.cpp:

(WebCore::callFunctionWithCurrentArguments):
(WebCore::DOMConstructorObject::getCallData):

bindings/js/JSDOMConstructor.h:

(WebCore::JSDOMConstructorNotConstructable::getCallData):
(WebCore::JSDOMConstructor<JSClass>::getConstructData):
(WebCore::JSDOMNamedConstructor<JSClass>::getConstructData):
(WebCore::JSBuiltinConstructor<JSClass>::getConstructData):

bindings/js/JSDOMPromise.cpp:

(WebCore::DeferredWrapper::callFunction):

bindings/js/JSDocumentCustom.cpp:

(WebCore::JSDocument::defineElement):

bindings/js/JSErrorHandler.cpp:

(WebCore::JSErrorHandler::handleEvent):

bindings/js/JSEventListener.cpp:

(WebCore::JSEventListener::handleEvent):

bindings/js/JSHTMLAllCollectionCustom.cpp:

(WebCore::JSHTMLAllCollection::getCallData):

bindings/js/JSHTMLDocumentCustom.cpp:

(WebCore::JSHTMLDocument::open):

bindings/js/JSKeyValueIterator.h:

(WebCore::keyValueIteratorForEach):

bindings/js/JSMainThreadExecStateInstrumentation.h:

(WebCore::JSMainThreadExecState::instrumentFunctionCall):
(WebCore::JSMainThreadExecState::instrumentFunctionConstruct):

bindings/js/JSMutationCallback.cpp:

(WebCore::JSMutationCallback::call):

bindings/js/JSMutationObserverCustom.cpp:

(WebCore::constructJSMutationObserver):

bindings/js/JSPluginElementFunctions.cpp:

(WebCore::callPlugin):
(WebCore::pluginElementGetCallData):

bindings/js/ScheduledAction.cpp:

(WebCore::ScheduledAction::create):
(WebCore::ScheduledAction::executeFunctionInContext):

bindings/objc/WebScriptObject.mm:

(-[WebScriptObject callWebScriptMethod:withArguments:]):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateConstructorHelperMethods):

bindings/scripts/test/JS/JSFloat64Array.cpp:

(WebCore::JSFloat64ArrayConstructor::getConstructData):

bindings/scripts/test/JS/JSTestInterface.cpp:

(WebCore::JSTestInterfaceConstructor::getConstructData):

bridge/NP_jsobject.cpp:

(_NPN_InvokeDefault):
(_NPN_Invoke):
(_NPN_Construct):

bridge/objc/objc_runtime.mm:

(JSC::Bindings::ObjcFallbackObjectImp::getCallData):

bridge/runtime_method.cpp:

(JSC::RuntimeMethod::getCallData):

bridge/runtime_object.cpp:

(JSC::Bindings::RuntimeObject::getCallData):
(JSC::Bindings::RuntimeObject::getConstructData):

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::updateCaptionContainer):
(WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
(WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):

html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::didAddUserAgentShadowRoot):

testing/Internals.cpp:

(WebCore::Internals::isReadableStreamDisturbed):

Source/WebKit/mac:

Plugins/Hosted/NetscapePluginInstanceProxy.mm:

(WebKit::NetscapePluginInstanceProxy::invoke):
(WebKit::NetscapePluginInstanceProxy::invokeDefault):
(WebKit::NetscapePluginInstanceProxy::construct):

Source/WebKit/win:

Plugins/PluginPackage.cpp:

(WebCore::NPN_Invoke):

Source/WebKit2:

WebProcess/Plugins/Netscape/JSNPMethod.cpp:

(WebKit::JSNPMethod::getCallData):

WebProcess/Plugins/Netscape/JSNPObject.cpp:

(WebKit::JSNPObject::getCallData):
(WebKit::JSNPObject::getConstructData):

WebProcess/Plugins/Netscape/NPJSObject.cpp:

(WebKit::NPJSObject::hasMethod):
(WebKit::NPJSObject::construct):
(WebKit::NPJSObject::invoke):

12:50 AM Changeset in webkit [197613] by rniwa@webkit.org

2 edits in trunk/Source/WebCore

Fix the bindings test after r197611.

bindings/scripts/test/TestObj.idl:

12:31 AM Changeset in webkit [197612] by rniwa@webkit.org

7 edits in trunk/Source/WebCore

Move QualifiedName from CustomElementInfo to JSCustomElementInterface
https://bugs.webkit.org/show_bug.cgi?id=155061

Reviewed by Antti Koivisto.

Store QualifiedName of custom elements in JSCustomElementInterface instead of CustomElementInfo
now that each interface is associated with exactly one custom element as of r197602.

No new tests since this is a refactoring.

bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::JSCustomElementInterface): Now takes QualifiedName as the
first argument.

bindings/js/JSCustomElementInterface.h:

(WebCore::JSCustomElementInterface::create):
(WebCore::JSCustomElementInterface::name): Added.

bindings/js/JSDocumentCustom.cpp:

(WebCore::JSDocument::defineElement):

bindings/js/JSHTMLElementCustom.cpp:

(WebCore::constructJSHTMLElement): Use findInterface instead of the deleted findName.

dom/CustomElementDefinitions.cpp:

(WebCore::CustomElementDefinitions::checkName):
(WebCore::CustomElementDefinitions::addElementDefinition): Renamed from defineElement.
(WebCore::CustomElementDefinitions::findInterface): Add a variant that finds the interface object
by a JS constructor.
(WebCore::CustomElementDefinitions::containsConstructor):
(WebCore::CustomElementDefinitions::findName): Deleted.

dom/CustomElementDefinitions.h:

(WebCore::CustomElementDefinitions::CustomElementInfo::CustomElementInfo): Deleted.

Mar 4, 2016:

11:50 PM Changeset in webkit [197611] by rniwa@webkit.org

14 edits
6 adds in trunk

Add basic support for attributeChanged lifecycle callback
https://bugs.webkit.org/show_bug.cgi?id=155011

Reviewed by Antti Koivisto.

Source/WebCore:

Add basic support for attributeChangedCallback in setAttribute, removeAttribute, setAttributeNS,
remoteAttributeNS, setAttributeNode, and removeAttributeNS. There are many other DOM APIs that
could modify attributes but we would annotate those APIs in a separate patch to limit the scope
of this change.

In order to invoke the lifecycle callback right before returning to the author script, allocate
an instance of CustomElementLifecycleProcessingStack in each of these functions' binding code.
The stack object's destructor invokes all callbacks enqueued by the DOM API if there are any.

Spec: https://w3c.github.io/webcomponents/spec/custom/#dfn-attribute-changed-callback

Tests: fast/custom-elements/attribute-changed-callback.html

fast/custom-elements/lifecycle-callback-timing.html

CMakeLists.txt:
WebCore.xcodeproj/project.pbxproj:
bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::attributeChanged): Added. Invokes attributeChangedCallback.

bindings/js/JSCustomElementInterface.h:
bindings/js/JSMainThreadExecState.h:

(JSMainThreadNullState): Allocate an instance of CustomElementLifecycleProcessingStack in GObject
and Objective-C binding code for consistency with JavaScript. We can't do this in JavaScript
because there is no RAII object all functions, getters, and setters allocate (for a good reason).

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation): Generate an instance of CustomElementLifecycleProcessingStack when
NeedsLifecycleProcessingStack is specified as an extended IDL attribute.

bindings/scripts/IDLAttributes.txt: Added NeedsLifecycleProcessingStack.
bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjPrototypeFunctionMethodWithNeedsLifecycleProcessingStack):

bindings/scripts/test/TestObj.idl: Added a test for NeedsLifecycleProcessingStack.

dom/DOMAllInOne.cpp:
dom/Element.cpp:

(WebCore::Element::attributeChanged): Enqueue attributeChanged callback if the context object
is a custom element and there is a CustomElementLifecycleProcessingStack allocated in the stack.

dom/Element.idl:

dom/LifecycleCallbackQueue.cpp: Added.

(WebCore::LifecycleQueueItem): Added.
(WebCore::LifecycleQueueItem::LifecycleQueueItem): Added.
(WebCore::LifecycleQueueItem::invoke): Added.
(WebCore::LifecycleCallbackQueue::LifecycleCallbackQueue): Added.
(WebCore::LifecycleCallbackQueue::~LifecycleCallbackQueue): Added.
(WebCore::LifecycleCallbackQueue::enqueueAttributeChangedCallback): Added.
(WebCore::LifecycleCallbackQueue::invokeAll): Added.
(WebCore::CustomElementLifecycleProcessingStack::ensureCurrentQueue): Added. As noted in FIXME,
the early exit in the code is necessary only because we haven't added NeedsLifecycleProcessingStack
in all places. It should go away in a follow up patch.
(WebCore::CustomElementLifecycleProcessingStack::processQueue): Added.

dom/LifecycleCallbackQueue.h: Added.

(WebCore::CustomElementLifecycleProcessingStack): This is a light weight RAII object the binding
code will allocate in order to queue up lifecycle callbacks. We don't use Ref or std::unique_ptr
in m_queue to avoid generating the code to destruct LifecycleCallbackQueue everywhere.
(WebCore::CustomElementLifecycleProcessingStack::CustomElementLifecycleProcessingStack): Added.
(WebCore::CustomElementLifecycleProcessingStack::~CustomElementLifecycleProcessingStack): Added.
(WebCore::CustomElementLifecycleProcessingStack::hasCurrentProcessingStack): Added.

LayoutTests:

Added a test for attributeChangedCallback and a test for the timing of lifecycle callbacks in general.

fast/custom-elements/attribute-changed-callback-expected.txt: Added.
fast/custom-elements/attribute-changed-callback.html: Added.
fast/custom-elements/lifecycle-callback-timing-expected.txt: Added.
fast/custom-elements/lifecycle-callback-timing.html: Added.

11:31 PM Changeset in webkit [197610] by timothy_horton@apple.com

2 edits in trunk/LayoutTests

Temporarily skip attachment tests on iOS

platform/ios-simulator/TestExpectations:

There's no point in running these quite yet (I'm surprised they weren't already skipped).
We'll turn them back on soon.

10:25 PM Changeset in webkit [197609] by Carlos Garcia Campos

3 edits in trunk/Source/WebCore

[GTK] Scrollbars are broken again with GTK+ >= 3.19.11
https://bugs.webkit.org/show_bug.cgi?id=154890

Reviewed by Michael Catanzaro.

Scrollbar style properties have been deprecated in GTK+, and it
seems that now deprecating means keeping the properties but
ignoring them. So, this reworks the whole scrollbars theme code
again to not cache style properties anymore, but retrieve them
from the GtkStyleContext. Previous GTK+ versions still need to
query the style properties, so I've added helper functions to get
all the style properties with the ifdefs, trying to keep the
common render code free of GTK+ versions ifdefs.

platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::ScrollbarThemeGtk::backButtonRect):
(WebCore::ScrollbarThemeGtk::forwardButtonRect):
(WebCore::ScrollbarThemeGtk::trackRect):
(WebCore::ScrollbarThemeGtk::thumbRect):
(WebCore::ScrollbarThemeGtk::paintTrackBackground):
(WebCore::ScrollbarThemeGtk::paintThumb):
(WebCore::ScrollbarThemeGtk::paint):
(WebCore::ScrollbarThemeGtk::scrollbarThickness):
(WebCore::ScrollbarThemeGtk::buttonSize):
(WebCore::ScrollbarThemeGtk::stepperSize):
(WebCore::ScrollbarThemeGtk::getStepperSpacing):
(WebCore::ScrollbarThemeGtk::troughUnderSteppers):
(WebCore::ScrollbarThemeGtk::minimumThumbLength):
(WebCore::ScrollbarThemeGtk::thumbFatness):
(WebCore::ScrollbarThemeGtk::getTroughBorder):
(WebCore::ScrollbarThemeGtk::getOrCreateStyleContext):
(WebCore::ScrollbarThemeGtk::updateThemeProperties):
(WebCore::ScrollbarThemeGtk::handleMousePressEvent):

platform/gtk/ScrollbarThemeGtk.h:

9:24 PM Changeset in webkit [197608] by Brent Fulgham

5 edits in trunk/Source/WebCore

Resource load statistics are not honoring private browsing
https://bugs.webkit.org/show_bug.cgi?id=155054
<rdar://problem/24987873>

Reviewed by Andy Estes.

Modify the points where we capture resource load statistics to ignore
loads made during private browsing. Do this by moving more of the logic
about whether to gather statistics into the logging functions, passing
the raw input types (frame, ResourceRequest, ResourceResponse) internally
so that we don't pay any cost until we decide we want to gather data.s

loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::willSendRequest): Revise for the new API on
ResourceLoadObserver.

loader/ResourceLoadObserver.cpp:

(WebCore::ResourceLoadObserver::logFrameNavigation): Revise signature and
check for private browsing.
(WebCore::ResourceLoadObserver::logSubresourceLoading): Ditto.
(WebCore::ResourceLoadObserver::logUserInteraction): Ditto.

loader/ResourceLoadObserver.h:
loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::willSendRequestInternal): Ditto.

7:42 PM Changeset in webkit [197607] by Lucas Forschler

1 edit in trunk/Tools/BuildSlaveSupport/build.webkit.org-config/config.json

config.json fix to remove duplicate scheduler.

7:30 PM Changeset in webkit [197606] by commit-queue@webkit.org

5 edits in trunk/Source

Fix file mime-types when using NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=155058

Patch by Alex Christensen <achristensen@webkit.org> on 2016-03-04
Reviewed by Andy Estes.

Source/WebCore:

This fixes platform/mac/fast/loader/file-url-mimetypes-3.html
and platform/mac/fast/loader/file-url-mimetypes.html.

platform/network/mac/WebCoreURLResponse.h:

Source/WebKit2:

NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTask::NetworkDataTask):
Call adjustMIMETypeIfNecessary like we do in connection didReceiveResponse in
WebCoreResourceHandleAsOperationQueueDelegate.mm.

NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):
Don't content sniff file urls. This check is analogous to ResourceHandle::shouldContentSniffURL.

5:35 PM Changeset in webkit [197605] by weinig@apple.com

10 edits in trunk/Source

[WebKit2] Add WebKit2 equivalent of -[WebView _insertNewlineInQuotedContent]
<rdar://problem/24943591>
https://bugs.webkit.org/show_bug.cgi?id=155057

Reviewed by Tim Horton.

Source/WebCore:

Move Editor::insertParagraphSeparatorInQuotedContent() into Editor.cpp
and remove the duplicated code in EditorIOS.mm and EditorMac.mm.

editing/Editor.cpp:

(WebCore::Editor::insertParagraphSeparatorInQuotedContent):

editing/Editor.h:
editing/ios/EditorIOS.mm:

(WebCore::Editor::insertParagraphSeparatorInQuotedContent): Deleted.

editing/mac/EditorMac.mm:

(WebCore::Editor::insertParagraphSeparatorInQuotedContent): Deleted.

Source/WebKit2:

WebProcess/InjectedBundle/API/c/WKBundlePage.cpp:

(WKBundlePageInsertNewlineInQuotedContent):

WebProcess/InjectedBundle/API/c/WKBundlePagePrivate.h:
WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::insertNewlineInQuotedContent):

WebProcess/WebPage/WebPage.h:

Expose WKBundlePageInsertNewlineInQuotedContent as SPI.

5:34 PM Changeset in webkit [197604] by barraclough@apple.com

2 edits in trunk/Source/WebCore

Convert DOMTimer interval from int to std::chromo::milliseconds
https://bugs.webkit.org/show_bug.cgi?id=155051

Speculative build fix.

inspector/TimelineRecordFactory.cpp:

(WebCore::TimelineRecordFactory::createTimerInstallData):

5:32 PM Changeset in webkit [197603] by barraclough@apple.com

2 edits in trunk/Source/WebCore

Convert DOMTimer interval from int to std::chromo::milliseconds
https://bugs.webkit.org/show_bug.cgi?id=155051

iOS build fix

page/DOMTimer.cpp:

(WebCore::DOMTimer::install):

5:23 PM Changeset in webkit [197602] by rniwa@webkit.org

18 edits
2 moves in trunk

Update defineCustomElement according to the spec rewrite
https://bugs.webkit.org/show_bug.cgi?id=155010
<rdar://problem/24970878>

Reviewed by Chris Dumez.

Source/WebCore:

Updated the implementation of defineCustomElement and HTMLConstructor per recent rewrite of the spec:
https://w3c.github.io/webcomponents/spec/custom/#dom-document-defineelement
https://w3c.github.io/webcomponents/spec/custom/#htmlelement-constructor

defineCustomElement is now called defineElement and we disallow defining multiple custom elements with
a single class and throw an exception in defineElement.

Test: fast/custom-elements/Document-defineElement.html

bindings/js/JSDocumentCustom.cpp:

(WebCore::JSDocument::defineElement): Renamed from defineCustomElement. Throw an exception when the interface
already defines another custom element. Also added FIXME's for missing steps.

bindings/js/JSHTMLElementCustom.cpp:

(WebCore::constructJSHTMLElement): Removed the support for specifying a tag name in the first argument when
a single class defines multiple custom elements since that now results in an exception (in defineElement).

dom/CustomElementDefinitions.cpp:

(WebCore::CustomElementDefinitions::containsConstructor): Added.

dom/CustomElementDefinitions.h:
dom/Document.idl: Renamed defineCustomElement to defineElement.
html/HTMLElement.idl: Removed the optional tag name from the constructor.

LayoutTests:

Update the tests for the rename and semantics change of defineCustomElement and HTMLElement constructor.

fast/custom-elements/Document-createElement.html:
fast/custom-elements/Document-defineCustomElement-expected.txt: Removed.
fast/custom-elements/Document-defineCustomElement.html: Removed.
fast/custom-elements/Document-defineElement-expected.txt: Renamed from LayoutTests/fast/custom-elements/Document-defineCustomElement-expected.txt.
fast/custom-elements/Document-defineElement.html: Renamed from LayoutTests/fast/custom-elements/Document-defineCustomElement.html.

Also added a test case for defining multiple custom elements with a single class, which must throw.

fast/custom-elements/HTMLElement-constructor-expected.txt:
fast/custom-elements/HTMLElement-constructor.html:

Removed test cases for the tag name in the first argument as well as ones that associate a single class with multiple tag names.

fast/custom-elements/parser/parser-constructs-custom-element-in-document-write.html:
fast/custom-elements/parser/parser-constructs-custom-element-synchronously.html:
fast/custom-elements/parser/parser-constructs-custom-elements.html:
fast/custom-elements/parser/parser-fallsback-to-unknown-element.html:
fast/custom-elements/parser/parser-sets-attributes-and-children.html:
fast/custom-elements/parser/parser-uses-constructed-element.html:
fast/custom-elements/parser/parser-uses-registry-of-owner-document.html:

5:06 PM Changeset in webkit [197601] by ap@apple.com

2 edits in trunk/Tools

Add iOS simulator debug bots
https://bugs.webkit.org/show_bug.cgi?id=155053

Reviewed by Lucas Forschler.

BuildSlaveSupport/build.webkit.org-config/config.json:

4:57 PM Changeset in webkit [197600] by timothy_horton@apple.com

3 edits in trunk/Source/WebCore

Begin implementing <attachment> painting on iOS
https://bugs.webkit.org/show_bug.cgi?id=155046
<rdar://problem/24805991>

Reviewed by Enrica Casucci.

No new tests; there are existing tests that I will unskip and rebaseline
in the near future.

rendering/RenderThemeIOS.h:
rendering/RenderThemeIOS.mm:

(WebCore::AttachmentInfo::addLine):
(WebCore::AttachmentInfo::buildTitleLines):
(WebCore::AttachmentInfo::buildSingleLine):
(WebCore::getAttachmentProgress):
(WebCore::iconForAttachment):
(WebCore::AttachmentInfo::AttachmentInfo):
(WebCore::RenderThemeIOS::attachmentIntrinsicSize):
(WebCore::RenderThemeIOS::attachmentBaseline):
(WebCore::paintAttachmentIcon):
(WebCore::paintAttachmentText):
(WebCore::paintAttachmentProgress):
(WebCore::paintAttachmentBorder):
(WebCore::RenderThemeIOS::paintAttachment):
There are still a few missing pieces, but get <attachment> painting a bit on iOS.
We will paint an icon, action, title, and subtitle - in that order - depending on what we have.
The content is vertically and horizontally centered.

4:56 PM Changeset in webkit [197599] by barraclough@apple.com

11 edits in trunk/Source/WebCore

Convert DOMTimer interval from int to std::chromo::milliseconds
https://bugs.webkit.org/show_bug.cgi?id=155051

Reviewed by Ryosuke Niwa.

This change is pretty much mechanical, replacing int with std::chrono::milliseconds.

inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::willSendXMLHttpRequestImpl):
(WebCore::InspectorInstrumentation::didInstallTimerImpl):

inspector/InspectorInstrumentation.h:

(WebCore::InspectorInstrumentation::willSendXMLHttpRequest):
(WebCore::InspectorInstrumentation::didInstallTimer):

inspector/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::didPaint):
(WebCore::InspectorTimelineAgent::didInstallTimer):

inspector/InspectorTimelineAgent.h:
inspector/TimelineRecordFactory.cpp:

(WebCore::TimelineRecordFactory::createGenericTimerData):
(WebCore::TimelineRecordFactory::createTimerInstallData):

inspector/TimelineRecordFactory.h:
page/DOMTimer.cpp:

(WebCore::shouldForwardUserGesture):
(WebCore::DOMTimer::DOMTimer):
(WebCore::DOMTimer::~DOMTimer):
(WebCore::DOMTimer::install):
(WebCore::DOMTimer::intervalClampedToMinimum):

page/DOMTimer.h:
page/DOMWindow.cpp:

(WebCore::DOMWindow::setTimeout):
(WebCore::DOMWindow::clearTimeout):
(WebCore::DOMWindow::setInterval):
(WebCore::DOMWindow::clearInterval):

workers/WorkerGlobalScope.cpp:

(WebCore::WorkerGlobalScope::setTimeout):
(WebCore::WorkerGlobalScope::clearTimeout):
(WebCore::WorkerGlobalScope::setInterval):
(WebCore::WorkerGlobalScope::clearInterval):

4:40 PM Changeset in webkit [197598] by Brent Fulgham

5 edits in trunk/Source/WebKit2

Stub API to support a debug menu option for measuring resource load statistics
https://bugs.webkit.org/show_bug.cgi?id=154998
<rdar://problem/24944604>

Reviewed by Andy Estes.

UIProcess/API/APIWebsiteDataStore.cpp:

(API::WebsiteDataStore::resourceLoadStatisticsEnabled): Added stub.
(API::WebsiteDataStore::setResourceLoadStatisticsEnabled): Ditto.

UIProcess/API/APIWebsiteDataStore.h:
UIProcess/API/C/WKWebsiteDataStoreRef.cpp:

(WKWebsiteDataStoreSetResourceLoadStatisticsEnabled): Added method that calls through
to the underlying APIWebsiteDataStore class.
(WKWebsiteDataStoreGetResourceLoadStatisticsEnabled): Ditto.

UIProcess/API/C/WKWebsiteDataStoreRef.h:

4:36 PM Changeset in webkit [197597] by Brent Fulgham

2 edits in trunk/Source/WebKit/mac

Unreviewed test fix for null global WebResourceLoadStatisticsStore.

WebView/WebView.mm:

(-[WebView _preferencesChanged:]):
(+[WebView _applicationWillTerminate]):

3:55 PM Changeset in webkit [197596] by enrica@apple.com

12 edits in trunk/Source

Add a mechanism to customize the long press action.
https://bugs.webkit.org/show_bug.cgi?id=154995
rdar://problem/24823732

Reviewed by Tim Horton.

Source/WebCore:

We want to allow long press on attachment elements as well.

WebCore.xcodeproj/project.pbxproj: Making HTMLAttachmentElement.h private.
html/HTMLAttachmentElement.h: Adding exported functions.

Source/WebKit2:

Adding a new private delegate method to allow clients to
replace the action sheet displayed for images and links.
The change also adds support for attachment elements.

Shared/ios/InteractionInformationAtPosition.h:
Shared/ios/InteractionInformationAtPosition.mm:

(WebKit::InteractionInformationAtPosition::encode):
(WebKit::InteractionInformationAtPosition::decode):

UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
UIProcess/API/Cocoa/_WKActivatedElementInfo.h:
UIProcess/ios/WKActionSheetAssistant.h:
UIProcess/ios/WKActionSheetAssistant.mm:

(-[WKActionSheetAssistant showImageSheet]):
(-[WKActionSheetAssistant showLinkSheet]):

UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _showImageSheet]):
(-[WKContentView _showAttachmentSheet]):
(-[WKContentView _showLinkSheet]):
(-[WKContentView _actionForLongPress]):
(-[WKContentView actionSheetAssistant:shouldIncludeAppLinkActionsForElement:]):
(-[WKContentView actionSheetAssistant:showCustomSheetForElement:]):
(-[WKContentView actionSheetAssistant:decideActionsForElement:defaultActions:]):

WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::getPositionInformation):

3:33 PM Changeset in webkit [197595] by akling@apple.com

7 edits in trunk/Source

[iOS] Throw away compiled RegExp code when navigating to a new page.
<https://webkit.org/b/155015>

Reviewed by Anders Carlsson.

Source/JavaScriptCore:

Add a mechanism to have the VM discard all RegExp bytecode and JIT code.

runtime/VM.cpp:

(JSC::VM::deleteAllRegExpCode):

runtime/VM.h:

Source/WebCore:

Discard RegExp code when doing a top-level navigation.
This frees up a couple hundred kilobytes on many pages.

bindings/js/GCController.cpp:

(WebCore::GCController::deleteAllRegExpCode):

bindings/js/GCController.h:
loader/FrameLoader.cpp:

(WebCore::FrameLoader::commitProvisionalLoad):

3:32 PM Changeset in webkit [197594] by Simon Fraser

26 edits in trunk

Use larger tiles when possible to reduce per-tile painting overhead
https://bugs.webkit.org/show_bug.cgi?id=154985

Reviewed by Zalan Bujtas.

Source/WebCore:

r197541 inadvertently missed FrameView changes that push scrollability data
onto the TiledBacking, so didn't actually change behavior (hence the 512x512 tiles
in the failing tests).

Also remove m_tileSizeAtLastRevalidate from TileGrid; it's replaced by a simpler test.

page/FrameView.cpp:

(WebCore::FrameView::addedOrRemovedScrollbar):

platform/graphics/ca/TileGrid.cpp:

(WebCore::TileGrid::revalidateTiles):
(WebCore::TileGrid::TileGrid): Deleted.

platform/graphics/ca/TileGrid.h:

LayoutTests:

tiled-drawing/background-transparency-toggle-expected.txt:
tiled-drawing/scrolling/fast-scroll-iframe-latched-iframe-expected.txt:
tiled-drawing/scrolling/fast-scroll-iframe-latched-iframe-with-handler-expected.txt:
tiled-drawing/scrolling/fast-scroll-iframe-latched-mainframe-expected.txt:
tiled-drawing/scrolling/fast-scroll-iframe-latched-mainframe-with-handler-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-background-no-image-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-body-background-body-layer-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-body-background-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-body-background-opacity-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-body-background-positioned-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-html-background-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-non-propagated-body-background-expected.txt:
tiled-drawing/scrolling/fixed/four-bars-zoomed-expected.txt:
tiled-drawing/tile-coverage-after-scroll-expected.txt:
tiled-drawing/tile-coverage-after-scroll-speculative-expected.txt:
tiled-drawing/tile-coverage-scroll-to-bottom-expected.txt:
tiled-drawing/tile-coverage-slow-scrolling-expected.txt:
tiled-drawing/tile-coverage-speculative-expected.txt:
tiled-drawing/tile-size-unscrollable-expected.txt:
tiled-drawing/tile-size-vertically-scrollable-expected.txt:
tiled-drawing/visible-rect-content-inset-expected.txt:

3:32 PM Changeset in webkit [197593] by Simon Fraser

4 edits
1 delete in trunk/Source/WebCore

Use BoxExtent instead of EdgeSet in TileController
https://bugs.webkit.org/show_bug.cgi?id=155040

Reviewed by Zalan Bujtas.

Remove EdgeSet, which was very similar to the existing BoxExtent, and use BoxExtent
in TileController.

WebCore.xcodeproj/project.pbxproj:
platform/graphics/EdgeSet.h: Removed.

(WebCore::EdgeSet::EdgeSet): Deleted.
(WebCore::EdgeSet::top): Deleted.
(WebCore::EdgeSet::setTop): Deleted.
(WebCore::EdgeSet::right): Deleted.
(WebCore::EdgeSet::setRight): Deleted.
(WebCore::EdgeSet::bottom): Deleted.
(WebCore::EdgeSet::setBottom): Deleted.
(WebCore::EdgeSet::left): Deleted.
(WebCore::EdgeSet::setLeft): Deleted.
(WebCore::EdgeSet::operator==): Deleted.
(WebCore::EdgeSet::operator!=): Deleted.

platform/graphics/ca/TileController.cpp:

(WebCore::TileController::setHasMargins):

platform/graphics/ca/TileController.h:

3:29 PM Changeset in webkit [197592] by Brent Fulgham

43 edits
5 adds in trunk

[WK2] Gather resource load statistics
https://bugs.webkit.org/show_bug.cgi?id=154278
<rdar://problem/24702892>

Reviewed by Andy Estes.

Source/WebCore:

Tested (now under WK2) by http/tests/navigation/statistics.html

Split part of the ResourceLoadObserver into a new class (ResourceLoadStatisticsStore)
that manages the collection of ResourceLoadStatistic objects, and that can be used
in the UIProcess without touching various WebProcess-specific WebCore classes.

Have the WebProcess only fire a message to the UIProcess if data has been modified. Otherwise,
no messages should be sent. When new data is encountered, start a 5 second timer. If more
data is found during this delay, just accumulate it. When the timer fires, all data is sent
and the timer stops until a new batch of data arrives.

CMakeLists.txt: Add the new ResourceLoadStatisticsStore class.
WebCore.xcodeproj/project.pbxproj: Adjust visibility of ResourceLoadStatistics header,

and add new ResourceLoadStatisticsStore class.

loader/ResourceLoadObserver.cpp:

(WebCore::ResourceLoadObserver::setResourceLoadStatisticsEnabled): Deleted.
(WebCore::ResourceLoadObserver::resourceLoadStatisticsEnabled): Deleted.
(WebCore::ResourceLoadObserver::setStatisticsStore): Added.
(WebCore::ResourceLoadObserver::logFrameNavigation): Tell the ResourceLoadStatisticsStore to fire its 'data changed'
handler if necessary.
(WebCore::ResourceLoadObserver::logSubresourceLoading): Ditto.
(WebCore::ResourceLoadObserver::logUserInteraction): Ditto.
(WebCore::ResourceLoadObserver::statisticsForOrigin): Use new ResourceLoadStatisticsStore.
(WebCore::ResourceLoadObserver::isPrevalentResource): Deleted.
(WebCore::ResourceLoadObserver::resourceStatisticsForPrimaryDomain): Deleted.
(WebCore::ResourceLoadObserver::writeDataToDisk): Deleted.
(WebCore::ResourceLoadObserver::setStatisticsStorageDirectory): Deleted.
(WebCore::ResourceLoadObserver::persistentStoragePath): Deleted.
(WebCore::ResourceLoadObserver::readDataFromDiskIfNeeded): Deleted.
(WebCore::ResourceLoadObserver::createDecoderFromDisk): Deleted.
(WebCore::ResourceLoadObserver::writeEncoderToDisk): Deleted.

loader/ResourceLoadObserver.h:
loader/ResourceLoadStatistics.cpp:

(WebCore::ResourceLoadStatistics::encode): Get rid of unneeded argument.
(WebCore::ResourceLoadStatistics::decode): Ditto.
(WebCore::mergeHashCountedSet): Added helper function.
(WebCore::ResourceLoadStatistics::merge): Added.

loader/ResourceLoadStatistics.h:

(WebCore::ResourceLoadStatistics::ResourceLoadStatistics):

loader/ResourceLoadStatisticsStore.cpp: Added.

(WebCore::ResourceLoadStatisticsStore::create):
(WebCore::ResourceLoadStatisticsStore::ResourceLoadStatisticsStore):
(WebCore::ResourceLoadStatisticsStore::isPrevalentResource):
(WebCore::ResourceLoadStatisticsStore::resourceStatisticsForPrimaryDomain):
(WebCore::ResourceLoadStatisticsStore::writeDataToDisk):
(WebCore::ResourceLoadStatisticsStore::setStatisticsStorageDirectory):
(WebCore::ResourceLoadStatisticsStore::persistentStoragePath):
(WebCore::ResourceLoadStatisticsStore::readDataFromDiskIfNeeded):
(WebCore::ResourceLoadStatisticsStore::createDecoderFromDisk):
(WebCore::ResourceLoadStatisticsStore::writeEncoderToDisk):
(WebCore::ResourceLoadStatisticsStore::statisticsForOrigin):
(WebCore::ResourceLoadStatisticsStore::takeStatistics):
(WebCore::ResourceLoadStatisticsStore::mergeStatistics):
(WebCore::ResourceLoadStatisticsStore::setNotificationCallback):
(WebCore::ResourceLoadStatisticsStore::fireDataModificationHandler):

loader/ResourceLoadStatisticsStore.h: Added.

Source/WebKit/mac:

Switch to maintaining a global WebCore::ResourceLoadStatisticsStore in the WebKit process,
and hand it off to the WebCore layer to use during data gathering. The ResourceLoadStatisticsStore
is now responsible for reading/writing to disk, and tracking the collection of load data.

WebView/WebView.mm:

(WebKitInitializeApplicationStatisticsStoragePathIfNecessary): Initialize singleton
ResourceLoadStatisticsStore object for tracking state.
(-[WebView _preferencesChanged:]): Revise for new singleton.
(+[WebView _applicationWillTerminate]): Ditto.

Source/WebKit2:

Revise the WebProcess to notify the UIProcess about resource load statistics. These
updates are not time-critical, and do not need to be done in concert with the actual
load. As resource loads are made, each WebProcess notifies the UIProcess of the new
load counts, then clears its local state. These statistics are then aggregated in
the UIProcess.

CMakeLists.txt: Add new ResourceLoadStatisticsState files to build.
DerivedSources.make: Ditto.
Platform/IPC/ArgumentCoders.h: Update to support HashCountedSets.
PlatformEfl.cmake: Add new ResourceLoadStatisticsState files to build.
PlatformGTK.cmake: Ditto.
PlatformMac.cmake: Ditto.
Shared/API/APIObject.h: Add new ResourceLoadStatistics type.
Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<ExceptionDetails>::decode): Support new ResourceLoadStatistics type.
(IPC::ArgumentCoder<ResourceLoadStatistics>::encode): Added.
(IPC::ArgumentCoder<ResourceLoadStatistics>::decode): Added.

Shared/WebCoreArgumentCoders.h:
Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode): Handle 'resourceLoadStatisticsEnabled' flag.
(WebKit::WebProcessCreationParameters::decode): Ditto.

Shared/WebProcessCreationParameters.h:
UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::ProcessPoolConfiguration): Add storage location for the
resource load statistics.
(API::ProcessPoolConfiguration::copy): Handle the new storage location and the feature flag.

UIProcess/API/APIProcessPoolConfiguration.h:
UIProcess/API/APIWebsiteDataStore.cpp:

(API::WebsiteDataStore::defaultResourceLoadStatisticsDirectory): Added stub.

UIProcess/API/APIWebsiteDataStore.h:
UIProcess/API/Cocoa/APIWebsiteDataStoreCocoa.mm:

(API::WebsiteDataStore::defaultResourceLoadStatisticsDirectory): Added.
(API::WebsiteDataStore::defaultDataStoreConfiguration): Added support for the new resource
load statistics storage location.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _initializeWithConfiguration:]): Sync Process Pool configuration parameters
with the state of our websiteData object's "ResourceLoadStatisticsEnabled" flag, so that
new processes are created in the right state.

UIProcess/API/Cocoa/WKWebsiteDataStore.mm:

(-[WKWebsiteDataStore _resourceLoadStatisticsEnabled]): Added.
(-[WKWebsiteDataStore _setResourceLoadStatisticsEnabled:]): Added.

UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h:
UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::createNewWebProcess): Handle new flag for enabling resource
load statistics.

UIProcess/WebResourceLoadStatisticsStore.cpp: Added.

(WebKit::WebResourceLoadStatisticsStore::create):
(WebKit::WebResourceLoadStatisticsStore::WebResourceLoadStatisticsStore):
(WebKit::WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore):
(WebKit::WebResourceLoadStatisticsStore::resourceLoadStatisticsUpdated):
(WebKit::WebResourceLoadStatisticsStore::setResourceLoadStatisticsEnabled):
(WebKit::WebResourceLoadStatisticsStore::resourceLoadStatisticsEnabled):
(WebKit::WebResourceLoadStatisticsStore::readDataFromDiskIfNeeded):
(WebKit::WebResourceLoadStatisticsStore::writeToDisk):
(WebKit::WebResourceLoadStatisticsStore::applicationWillTerminate):

UIProcess/WebResourceLoadStatisticsStore.h: Added.

(WebKit::WebResourceLoadStatisticsStore::coreStore):

UIProcess/WebResourceLoadStatisticsStore.messages.in: Added.
UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:

(WebKit::WebsiteDataStore::platformInitialize): Register a termination handler
to close down the resource load statistics store.

UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::WebsiteDataStore): Initialize the new WebResourceLoadStatisticsStore
member.
(WebKit::WebsiteDataStore::webProcessWillOpenConnection): Register the WebResourceLoadStatisticsStore
object as a work queue message receiver
(WebKit::WebsiteDataStore::webProcessDidCloseConnection): Unregister WebResourceLoadStatisticsStore.
(WebKit::WebsiteDataStore::resourceLoadStatisticsEnabled): Added.
(WebKit::WebsiteDataStore::setResourceLoadStatisticsEnabled): Ditto.

UIProcess/WebsiteData/WebsiteDataStore.h:

(WebKit::WebsiteDataStore::resourceLoadStatisticsStore): Added.

WebKit2.xcodeproj/project.pbxproj: Add new ResourceLoadStatisticsState files to build.
WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess): Take into account the new parameter
specifying whether resource load statistics are being captured.
(WebKit::WebProcess::WebProcess): Initialized statistics changed notification timer.
(WebKit::WebProcess::statisticsChangedTimerFired): Added. Send bundles of site load
statistics to the UIProcess on a set interval. Clear out local cache after each send.
(WebKit::WebProcess::setResourceLoadStatisticsEnabled): Added.

WebProcess/WebProcess.h:
WebProcess/WebProcess.messages.in: Add new SetResourceLoadStatisticsEnabled message.

Tools:

MiniBrowser/mac/AppDelegate.m:

(defaultConfiguration): Retrieve state of the ResourceLoadStatisticsEnabled setting.

MiniBrowser/mac/SettingsController.m:

(-[SettingsController _populateMenu]): Move setting from WK1-only to be
universally applicable.

MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController didChangeSettings]): Recognize when the
Resource Load Statistics flag has changed.

3:28 PM Changeset in webkit [197591] by commit-queue@webkit.org

13 edits in trunk/Source/WebCore

Added missing override specifiers under Source/WebCore.
https://bugs.webkit.org/show_bug.cgi?id=155021

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-03-04
Reviewed by Michael Catanzaro.

No new tests needed.

bridge/NP_jsobject.cpp:
css/CSSStyleSheet.cpp:
dom/MutationObserver.cpp:
editing/DictationCommand.cpp:
editing/EditingStyle.cpp:
loader/EmptyClients.cpp:
loader/SinkDocument.cpp:
page/DOMWindow.cpp:
page/animation/CSSPropertyAnimation.cpp:
platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

Also added #if(SOUP) guard to
ResourceHandleStreamingClient::getOrCreateReadBuffer
because it is not an overridden method otherwise.

platform/text/LineEnding.cpp:
xml/parser/XMLDocumentParserLibxml2.cpp:

2:18 PM Changeset in webkit [197590] by ddkilzer@apple.com

3 edits in trunk/Source/JavaScriptCore

REGRESSION (r197531): JavaScriptCore ASan build fails due to weak external symbol
<http://webkit.org/b/155033>
<rdar://problem/24979661>

Reviewed by Alexey Proskuryakov.

runtime/JSObject.cpp:

(JSC::JSObject::ordinaryToPrimitive): Don't mark this method
inline since it's also used in DatePrototype.cpp, and is
declared as a public class method.

runtime/JSObject.h:

(JSC::JSObject::ordinaryToPrimitive): Don't export this method
since it is not used outside of JavaScriptCore.

2:07 PM Changeset in webkit [197589] by dbates@webkit.org

2 edits in trunk/Source/WebKit2

Temporarily use bundle identifier as part of user directory suffix
https://bugs.webkit.org/show_bug.cgi?id=155042
<rdar://problem/24983174>

Reviewed by Brent Fulgham and Brady Eidson.

Shared/mac/ChildProcessMac.mm:

(WebKit::ChildProcess::initializeSandbox):

1:56 PM Changeset in webkit [197588] by barraclough@apple.com

2 edits in trunk/Source/WebCore

Max out timer throttling immediately for pre-render pages
https://bugs.webkit.org/show_bug.cgi?id=155038

Reviewed by Chris Dumez.

If a hidden page has never been visible, no need to gently ramp into throttling - treat it
the same as a page that has been viewed, but has been in the background for a long time.

Why? The throttling mechanism scales with the amount of background work by shifting the
limit - once all background pages have maxed out the limit, they should no longer be burden
of the system. However the mechanism doesn't currently do anything to accelerate towards
the limit based on the number of pages in the ramp up phase, and ramp up duration is
proportional to limit (so ramping up to a high limit takes a long time). So if you quickly
create a large number of hidden pages the system may be under excessive load for a while,
as we slowly ramp up to a limit that will adequately constrain resource consumption.
In cases where a large number of hidden pages are rapidly generated, many likely remain in
the pre-render state, so this mitigation should typically help.

page/Page.cpp:

(WebCore::Page::updateDOMTimerAlignmentInterval):

if m_isPrerender then m_timerAlignmentInterval is set to the limit.

(WebCore::Page::setIsPrerender):

When this changes updateDOMTimerAlignmentInterval().

1:48 PM Changeset in webkit [197587] by bshafiei@apple.com

1 copy in branches/safari-601.5-branch

New Branch.

1:36 PM Changeset in webkit [197586] by achristensen@apple.com

1 edit
31 deletes in trunk/Tools

Remove vcxproj build system
https://bugs.webkit.org/show_bug.cgi?id=154388

Rubber-stamped by Brent Fulgham.

DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree.sln: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTree.vcxproj: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTree.vcxproj.filters: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeApple.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeCommon.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeDebug.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeDebugWinCairo.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeLauncher.vcxproj: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeLauncherCommon.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeLauncherDebug.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeLauncherProduction.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeLauncherRelease.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreePostBuild.cmd: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreePreBuild.cmd: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeProduction.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeRelease.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/DumpRenderTree/DumpRenderTreeReleaseWinCairo.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiff.vcxproj: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffCommon.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffCommonWinCairo.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffDebug.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffDebugWinCairo.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffLauncher.vcxproj: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffLauncherCommon.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffLauncherDebug.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffLauncherProduction.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffLauncherRelease.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffPostBuild.cmd: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffPreBuild.cmd: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffProduction.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffRelease.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/ImageDiff/ImageDiffReleaseWinCairo.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/TestNetscapePlugin/TestNetscapePlugin.vcxproj: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/TestNetscapePlugin/TestNetscapePlugin.vcxproj.filters: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/TestNetscapePlugin/TestNetscapePluginCommon.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/TestNetscapePlugin/TestNetscapePluginDebug.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/TestNetscapePlugin/TestNetscapePluginPostBuild.cmd: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/TestNetscapePlugin/TestNetscapePluginPreBuild.cmd: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/TestNetscapePlugin/TestNetscapePluginProduction.props: Removed.
DumpRenderTree/DumpRenderTree.vcxproj/TestNetscapePlugin/TestNetscapePluginRelease.props: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowser.vcxproj: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowser.vcxproj.filters: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserCF.props: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserCFLite.props: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserCommon.props: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserDebug.props: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserLib.vcxproj: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserLib.vcxproj.filters: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserLibCommon.props: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserLibDebug.props: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserLibPostBuild.cmd: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserLibPreBuild.cmd: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserLibProduction.props: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserLibRelease.props: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserPostBuild.cmd: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserPreBuild.cmd: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserProduction.props: Removed.
MiniBrowser/MiniBrowser.vcxproj/MiniBrowserRelease.props: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.sln: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.vcxproj: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPI.vcxproj.filters: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPICommon.props: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPICommonWinCairo.props: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPIDebug.props: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPIDebugWinCairo.props: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPIPostBuild.cmd: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPIPreBuild.cmd: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPIProduction.props: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPIRelease.props: Removed.
TestWebKitAPI/TestWebKitAPI.vcxproj/TestWebKitAPIReleaseWinCairo.props: Removed.
win/AssembleBuildLogs: Removed.
win/AssembleBuildLogs/AssembleBuildLogs.vcxproj: Removed.
win/AssembleBuildLogs/AssembleBuildLogs.vcxproj.filters: Removed.
win/AssembleBuildLogs/AssembleLogs.cmd: Removed.
win/AssembleBuildLogs/README: Removed.

1:27 PM Changeset in webkit [197585] by Ryan Haddad

2 edits in trunk/LayoutTests

Temporarily skip fast/table/table-overflow.html on ios-simulator
https://bugs.webkit.org/show_bug.cgi?id=155036

Unreviewed test gardening.

platform/ios-simulator/TestExpectations:

1:19 PM Changeset in webkit [197584] by Ryan Haddad

2 edits in trunk/LayoutTests

Skip fast/text/all-small-caps-whitespace.html on ios-simulator

Unreviewed test gardening.

platform/ios-simulator/TestExpectations:

1:05 PM Changeset in webkit [197583] by Ryan Haddad

2 edits in trunk/LayoutTests

Skip storage/indexeddb/modern/256-open-databases.html on mac
https://bugs.webkit.org/show_bug.cgi?id=155028

Unreviewed test gardening.

platform/wk2/TestExpectations:

1:00 PM Changeset in webkit [197582] by achristensen@apple.com

2 edits in trunk/Source/WebKit2

Release build fix after r197572.
https://bugs.webkit.org/show_bug.cgi?id=154993

NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:downloadTask:didWriteData:totalBytesWritten:totalBytesExpectedToWrite:]):

12:58 PM Changeset in webkit [197581] by barraclough@apple.com

3 edits in trunk/Source/WebCore

Unify determination of page timer alignment
https://bugs.webkit.org/show_bug.cgi?id=155031

Reviewed by Chris Dumez.

Currently this is scattered throughout Page - sites that call setDOMTimerAlignmentInterval have
to determine the correct alignment interval. Instead, replace setDOMTimerAlignmentInterval with
updateDOMTimerAlignmentInterval, and unify the policy decision here.

page/Page.cpp:

(WebCore::Page::setTimerThrottlingState):

setDOMTimerAlignmentInterval -> updateDOMTimerAlignmentInterval Also, to simplify always record the timestamp when the state changes.

(WebCore::Page::setTimerAlignmentIntervalIncreaseLimit):

setDOMTimerAlignmentInterval -> updateDOMTimerAlignmentInterval

(WebCore::Page::updateDOMTimerAlignmentInterval):

Was setDOMTimerAlignmentInterval, now determines the new alignment value.

(WebCore::Page::timerAlignmentIntervalIncreaseTimerFired):

setDOMTimerAlignmentInterval -> updateDOMTimerAlignmentInterval

(WebCore::Page::setDOMTimerAlignmentInterval): Deleted.

Removed, became updateDOMTimerAlignmentInterval.

page/Page.h:
- setDOMTimerAlignmentInterval -> updateDOMTimerAlignmentInterval m_timerThrottlingEnabledTime -> m_timerThrottlingStateLastChangedTime

12:19 PM Changeset in webkit [197580] by Simon Fraser

2 edits in trunk/Source/WebCore

Fix crash seen in iOS simulator tests
https://bugs.webkit.org/show_bug.cgi?id=155030

Reviewed by Tim Horton.

owningGraphicsLayer() can be null when the tileSizeChangeTimer fires, so null check
it and return, as we do for the tileRevalidationTimer.

platform/graphics/ca/TileController.cpp:

(WebCore::TileController::tileSizeChangeTimerFired):

11:59 AM Changeset in webkit [197579] by achristensen@apple.com

3 edits
95 deletes in trunk/Source

Remove vcxproj build system
https://bugs.webkit.org/show_bug.cgi?id=154388

Rubber-stamped by Brent Fulgham.

Source/JavaScriptCore:

JavaScriptCore.vcxproj/JavaScriptCore.sln: Removed.
JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Removed.
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Removed.
JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreCF.props: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreCFLite.props: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreCommon.props: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreDLL.cpp: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreDebug.props: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreDebugCFLite.props: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreGenerated.make: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj.filters: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreGeneratedCommon.props: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreGeneratedDebug.props: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreGeneratedProduction.props: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreGeneratedRelease.props: Removed.
JavaScriptCore.vcxproj/JavaScriptCorePostBuild.cmd: Removed.
JavaScriptCore.vcxproj/JavaScriptCorePreBuild.cmd: Removed.
JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreProduction.props: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreRelease.props: Removed.
JavaScriptCore.vcxproj/JavaScriptCoreReleaseCFLite.props: Removed.
JavaScriptCore.vcxproj/build-generated-files.pl: Removed.
JavaScriptCore.vcxproj/copy-files.cmd: Removed.

Source/WebCore:

WebCore.vcxproj/WebCore.submit.sln: Removed.
WebCore.vcxproj/WebCore.vcxproj: Removed.
WebCore.vcxproj/WebCore.vcxproj.filters: Removed.
WebCore.vcxproj/WebCoreCFNetwork.props: Removed.
WebCore.vcxproj/WebCoreCG.props: Removed.
WebCore.vcxproj/WebCoreCURL.props: Removed.
WebCore.vcxproj/WebCoreCairo.props: Removed.
WebCore.vcxproj/WebCoreCommon.props: Removed.
WebCore.vcxproj/WebCoreDebug.props: Removed.
WebCore.vcxproj/WebCoreDebugWinCairo.props: Removed.
WebCore.vcxproj/WebCoreGenerated.make: Removed.
WebCore.vcxproj/WebCoreGenerated.vcxproj: Removed.
WebCore.vcxproj/WebCoreGenerated.vcxproj.filters: Removed.
WebCore.vcxproj/WebCoreGeneratedCommon.props: Removed.
WebCore.vcxproj/WebCoreGeneratedDebug.props: Removed.
WebCore.vcxproj/WebCoreGeneratedDebugWinCairo.props: Removed.
WebCore.vcxproj/WebCoreGeneratedProduction.props: Removed.
WebCore.vcxproj/WebCoreGeneratedRelease.props: Removed.
WebCore.vcxproj/WebCoreGeneratedReleaseWinCairo.props: Removed.
WebCore.vcxproj/WebCoreGeneratedWinCairo.make: Removed.
WebCore.vcxproj/WebCoreGeneratedWinCairoCommon.props: Removed.
WebCore.vcxproj/WebCoreIncludeCommon.props: Removed.
WebCore.vcxproj/WebCoreMediaQT.props: Removed.
WebCore.vcxproj/WebCorePostBuild.cmd: Removed.
WebCore.vcxproj/WebCorePreBuild.cmd: Removed.
WebCore.vcxproj/WebCoreProduction.props: Removed.
WebCore.vcxproj/WebCoreQuartzCore.props: Removed.
WebCore.vcxproj/WebCoreRelease.props: Removed.
WebCore.vcxproj/WebCoreReleaseWinCairo.props: Removed.
WebCore.vcxproj/WebCoreTestSupport.vcxproj: Removed.
WebCore.vcxproj/WebCoreTestSupport.vcxproj.filters: Removed.
WebCore.vcxproj/WebCoreTestSupportCommon.props: Removed.
WebCore.vcxproj/WebCoreTestSupportDebug.props: Removed.
WebCore.vcxproj/WebCoreTestSupportDebugWinCairo.props: Removed.
WebCore.vcxproj/WebCoreTestSupportProduction.props: Removed.
WebCore.vcxproj/WebCoreTestSupportRelease.props: Removed.
WebCore.vcxproj/WebCoreTestSupportReleaseWinCairo.props: Removed.
WebCore.vcxproj/build-generated-files.pl: Removed.
WebCore.vcxproj/copyForwardingHeaders.cmd: Removed.
WebCore.vcxproj/copyWebCoreResourceFiles.cmd: Removed.
WebCore.vcxproj/migrate-scripts.pl: Removed.

Source/WebKit:

WebKit.vcxproj/Interfaces/FixMIDLHeaders.pl: Removed.
WebKit.vcxproj/Interfaces/Interfaces.vcxproj: Removed.
WebKit.vcxproj/Interfaces/Interfaces.vcxproj.filters: Removed.
WebKit.vcxproj/Interfaces/InterfacesCommon.props: Removed.
WebKit.vcxproj/Interfaces/InterfacesDebug.props: Removed.
WebKit.vcxproj/Interfaces/InterfacesDebugWinCairo.props: Removed.
WebKit.vcxproj/Interfaces/InterfacesPostBuild.cmd: Removed.
WebKit.vcxproj/Interfaces/InterfacesPreBuild.cmd: Removed.
WebKit.vcxproj/Interfaces/InterfacesProduction.props: Removed.
WebKit.vcxproj/Interfaces/InterfacesRelease.props: Removed.
WebKit.vcxproj/Interfaces/InterfacesReleaseWinCairo.props: Removed.
WebKit.vcxproj/WebKit.sln: Removed.
WebKit.vcxproj/WebKit.submit.sln: Removed.
WebKit.vcxproj/WebKit/WebKit.vcxproj: Removed.
WebKit.vcxproj/WebKit/WebKit.vcxproj.filters: Removed.
WebKit.vcxproj/WebKit/WebKitANGLE.props: Removed.
WebKit.vcxproj/WebKit/WebKitApple.props: Removed.
WebKit.vcxproj/WebKit/WebKitCFLite.props: Removed.
WebKit.vcxproj/WebKit/WebKitCommon.props: Removed.
WebKit.vcxproj/WebKit/WebKitDebug.props: Removed.
WebKit.vcxproj/WebKit/WebKitDebugWinCairo.props: Removed.
WebKit.vcxproj/WebKit/WebKitDirectX.props: Removed.
WebKit.vcxproj/WebKit/WebKitPostBuild.cmd: Removed.
WebKit.vcxproj/WebKit/WebKitPreBuild.cmd: Removed.
WebKit.vcxproj/WebKit/WebKitPreLink.cmd: Removed.
WebKit.vcxproj/WebKit/WebKitProduction.props: Removed.
WebKit.vcxproj/WebKit/WebKitRelease.props: Removed.
WebKit.vcxproj/WebKit/WebKitReleaseWinCairo.props: Removed.
WebKit.vcxproj/WebKit/WebKitVersion.cmd: Removed.

11:48 AM Changeset in webkit [197578] by achristensen@apple.com

1 edit
23 deletes in trunk/Source/WTF

Remove vcxproj build system
https://bugs.webkit.org/show_bug.cgi?id=154388

Rubber-stamped by Brent Fulgham.

WTF.vcxproj/WTF.submit.sln: Removed.
WTF.vcxproj/WTF.vcxproj: Removed.
WTF.vcxproj/WTF.vcxproj.filters: Removed.
WTF.vcxproj/WTFCFLite.props: Removed.
WTF.vcxproj/WTFCommon.props: Removed.
WTF.vcxproj/WTFCoreFoundation.props: Removed.
WTF.vcxproj/WTFDebug.props: Removed.
WTF.vcxproj/WTFDebugWinCairo.props: Removed.
WTF.vcxproj/WTFGenerated.make: Removed.
WTF.vcxproj/WTFGenerated.vcxproj: Removed.
WTF.vcxproj/WTFGenerated.vcxproj.filters: Removed.
WTF.vcxproj/WTFGeneratedCommon.props: Removed.
WTF.vcxproj/WTFGeneratedDebug.props: Removed.
WTF.vcxproj/WTFGeneratedProduction.props: Removed.
WTF.vcxproj/WTFGeneratedRelease.props: Removed.
WTF.vcxproj/WTFPostBuild.cmd: Removed.
WTF.vcxproj/WTFPreBuild.cmd: Removed.
WTF.vcxproj/WTFProduction.props: Removed.
WTF.vcxproj/WTFRelease.props: Removed.
WTF.vcxproj/WTFReleaseWinCairo.props: Removed.
WTF.vcxproj/build-generated-files.pl: Removed.
WTF.vcxproj/copy-files.cmd: Removed.
WTF.vcxproj/work-around-vs-dependency-tracking-bugs.py: Removed.

11:42 AM Changeset in webkit [197577] by beidson@apple.com

2 edits in trunk/Source/WebCore

Remove use of deprecated sqlite3_expired
https://bugs.webkit.org/show_bug.cgi?id=155025

Reviewed by Tim Horton.

Since we exclusively use sqlite3_prepare_v2 and don't use sqlite3_prepare,
manually checking for expired statements is not necessary.

platform/sql/SQLiteStatement.cpp:

(WebCore::SQLiteStatement::isExpired): Null check the statement, but don't bother

with sqlite3_expired.

11:30 AM Changeset in webkit [197576] by Chris Dumez

3 edits
2 adds in trunk

Location.reload should not be writable
https://bugs.webkit.org/show_bug.cgi?id=154989

Reviewed by Gavin Barraclough.

Source/JavaScriptCore:

runtime/Lookup.h:

(JSC::putEntry):

LayoutTests:

Add a layout test to verify that operations marked as [Unforgeable] in
IDL are indeed not writable.

fast/html/unforgeable-operations-readonly-expected.txt: Added.
fast/html/unforgeable-operations-readonly.html: Added.

11:26 AM Changeset in webkit [197575] by dbates@webkit.org

12 edits
3 moves
3 adds in trunk/Source/WebCore

Move CryptoDigest to WebCore/platform
https://bugs.webkit.org/show_bug.cgi?id=155008
<rdar://problem/24969787>

Reviewed by Brent Fulgham.

CryptoDigest provides a platform-independent interface for interacting with platform-
specific cryptographic hashing services. We currently make use of this code as part
of the implementation of Web Crypto. This code will also be beneficial as part of
implementing support for Content Security Policy inline script and inline stylesheet
hashes. We should move CryptoDigest to WebCore/platform to convey that it a general
purpose platform abstraction.

CMakeLists.txt: Add include directory WebCore/platform/crypto.
PlatformEfl.cmake: Add file platform/crypto/gnutls/CryptoDigestGnuTLS.cpp and

remove file crypto/gnutls/CryptoDigestGnuTLS.cpp.

PlatformGTK.cmake: Ditto.
PlatformMac.cmake: Add file platform/crypto/mac/CryptoDigestMac.cpp and

remove file crypto/mac/CryptoDigestMac.cpp.

WebCore.xcodeproj/project.pbxproj:
crypto/algorithms/CryptoAlgorithmSHA1.cpp:

(WebCore::CryptoAlgorithmSHA1::digest): Substitute "CryptoDigest::Algorithm" for "CryptoAlgorithmIdentifier".

crypto/algorithms/CryptoAlgorithmSHA224.cpp:

(WebCore::CryptoAlgorithmSHA224::digest): Ditto.

crypto/algorithms/CryptoAlgorithmSHA256.cpp:

(WebCore::CryptoAlgorithmSHA256::digest): Ditto.

crypto/algorithms/CryptoAlgorithmSHA384.cpp:

(WebCore::CryptoAlgorithmSHA384::digest): Ditto.

crypto/algorithms/CryptoAlgorithmSHA512.cpp:

(WebCore::CryptoAlgorithmSHA512::digest): Ditto.

crypto/mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp:

(WebCore::getCryptoDigestAlgorithm): Converts a CryptoAlgorithmIdentifier enumerator to a
CryptoDigest::Algorithm enumerator, if applicable.
(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign): Write in terms of WebCore::getCryptoDigestAlgorithm().
(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify): Ditto.

platform/crypto/CryptoDigest.h: Renamed from Source/WebCore/crypto/CryptoDigest.h. Also added enum CryptoDigest::Algorithm

and changed constructor to take this enum.

platform/crypto/gnutls/CryptoDigestGnuTLS.cpp: Renamed from Source/WebCore/crypto/gnutls/CryptoDigestGnuTLS.cpp.

(WebCore::CryptoDigest::CryptoDigest): Substitute "CryptoDigest::Algorithm" for "CryptoAlgorithmIdentifier".
(WebCore::CryptoDigest::~CryptoDigest): Ditto.
(WebCore::CryptoDigest::create): Ditto.
(WebCore::CryptoDigest::addBytes): Ditto.
(WebCore::CryptoDigest::computeHash): Ditto.

platform/crypto/mac/CryptoDigestMac.cpp: Renamed from Source/WebCore/crypto/mac/CryptoDigestMac.cpp.

(WebCore::toSHA1Context): Ditto.
(WebCore::toSHA224Context): Ditto.
(WebCore::toSHA256Context): Ditto.
(WebCore::toSHA384Context): Ditto.
(WebCore::toSHA512Context): Ditto.
(WebCore::CryptoDigest::CryptoDigest): Ditto.
(WebCore::CryptoDigest::~CryptoDigest): Ditto.
(WebCore::CryptoDigest::create): Ditto.
(WebCore::CryptoDigest::addBytes): Ditto.
(WebCore::CryptoDigest::computeHash): Ditto.

11:13 AM Changeset in webkit [197574] by Ryan Haddad

2 edits in trunk/LayoutTests

Rebaseline inspector/model/remote-object.html for mac after r197539

Unreviewed test gardening.

platform/mac/inspector/model/remote-object-expected.txt:

11:09 AM Changeset in webkit [197573] by mmaxfield@apple.com

8 edits
2 adds in trunk

Whitespace causes font-variant: all-small-caps to synthesize
https://bugs.webkit.org/show_bug.cgi?id=155004
<rdar://problem/24630796>

Reviewed by Darin Adler.

Source/WebCore:

Many fonts (such as Avenir Next) don't report to support whitespace characters under
smcp or c2sc. Previously, we were using this as a signal to synthesize small caps
instead of true small caps. However, a better solution is for whitespace to never
cause synthesis with all-small-caps.

Test: fast/text/all-small-caps-whitespace.html

platform/graphics/mac/ComplexTextController.cpp:

(WebCore::shouldSynthesize):
(WebCore::ComplexTextController::collectComplexTextRuns):

Tools:

DumpRenderTree/mac/DumpRenderTree.mm:

(allowedFontFamilySet):

WebKitTestRunner/InjectedBundle/cocoa/ActivateFontsCocoa.mm:

(WTR::allowedFontFamilySet):

WebKitTestRunner/mac/TestControllerMac.mm:

(WTR::allowedFontFamilySet):

LayoutTests:

fast/text/all-small-caps-whitespace-expected.html: Added.
fast/text/all-small-caps-whitespace.html: Added.
platform/mac/TestExpectations: Skip on platforms which don't support proper coverage

queries.

11:05 AM Changeset in webkit [197572] by achristensen@apple.com

4 edits in trunk/Source

Use NSURLSession for loading in WebKit2
https://bugs.webkit.org/show_bug.cgi?id=154993

Reviewed by Sam Weinig.

Source/WebKit2:

config.h:

Source/WTF:

wtf/Platform.h:

10:48 AM Changeset in webkit [197571] by Simon Fraser

26 edits in trunk/LayoutTests

REGRESSION (r197541): many tiled drawing tests failing after new "large tile size" logic was added
https://bugs.webkit.org/show_bug.cgi?id=155020

Rebaseline these tests.

platform/mac-wk2/TestExpectations:
tiled-drawing/background-transparency-toggle-expected.txt:
tiled-drawing/scrolling/fast-scroll-iframe-latched-iframe-expected.txt:
tiled-drawing/scrolling/fast-scroll-iframe-latched-iframe-with-handler-expected.txt:
tiled-drawing/scrolling/fast-scroll-iframe-latched-mainframe-expected.txt:
tiled-drawing/scrolling/fast-scroll-iframe-latched-mainframe-with-handler-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-background-no-image-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-body-background-body-layer-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-body-background-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-body-background-opacity-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-body-background-positioned-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-html-background-expected.txt:
tiled-drawing/scrolling/fixed-background/fixed-non-propagated-body-background-expected.txt:
tiled-drawing/scrolling/fixed/four-bars-zoomed-expected.txt:
tiled-drawing/scrolling/scroll-snap/scroll-snap-mandatory-2d-overflow-expected.txt:
tiled-drawing/scrolling/scroll-snap/scroll-snap-mandatory-borders-expected.txt:
tiled-drawing/scrolling/scroll-snap/scroll-snap-mandatory-overflow-expected.txt:
tiled-drawing/tile-coverage-after-scroll-expected.txt:
tiled-drawing/tile-coverage-after-scroll-speculative-expected.txt:
tiled-drawing/tile-coverage-scroll-to-bottom-expected.txt:
tiled-drawing/tile-coverage-slow-scrolling-expected.txt:
tiled-drawing/tile-coverage-speculative-expected.txt:
tiled-drawing/tile-size-unscrollable-expected.txt:
tiled-drawing/tile-size-vertically-scrollable-expected.txt:
tiled-drawing/visible-rect-content-inset-expected.txt:

10:30 AM Changeset in webkit [197570] by mmaxfield@apple.com

4 edits
4 adds in trunk

[iOS] Crash during font loading when injected bundle cancels load
https://bugs.webkit.org/show_bug.cgi?id=155001

Reviewed by Tim Horton.

Source/WebCore:

If a injected bundle cancels the load, the fontLoaded() callback will be
called twice. We can simply detect this condition.

Test: CancelLoading.CancelFontSubresource API test

css/CSSFontFaceSource.cpp:

(WebCore::CSSFontFaceSource::fontLoaded):

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit2/Ahem.ttf: Added.
TestWebKitAPI/Tests/WebKit2/webfont.html: Added.
TestWebKitAPI/Tests/WebKit2Cocoa/CancelFontSubresource.mm: Added.

(-[Myles webView:didFinishNavigation:]):
(TEST):

TestWebKitAPI/Tests/WebKit2Cocoa/CancelFontSubresourcePlugIn.mm: Added.

10:27 AM Changeset in webkit [197569] by adachan@apple.com

2 edits in trunk/Source/WebCore

The visibility of the airplay menu also depends on whether there's a custom menu item.
https://bugs.webkit.org/show_bug.cgi?id=154987

Reviewed by Darin Adler.

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::enqueuePlaybackTargetAvailabilityChangedEvent):

10:01 AM Changeset in webkit [197568] by achristensen@apple.com

3 edits
1 add in trunk/Source/WebKit2

Use NetworkSession for pings
https://bugs.webkit.org/show_bug.cgi?id=154984

Reviewed by Antti Koivisto.

Before this patch, we were using NSURLConnection for pings when the rest of the loading was being
done with NSURLSession. To fix this, I implemented PingLoad, which is the NetworkSession equivalent
of PingHandle.

This fixes http/tests/security/contentSecurityPolicy/report-status-code-zero-when-using-https.html

NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::loadPing):
(WebKit::NetworkConnectionToWebProcess::removeLoadIdentifier):

NetworkProcess/PingLoad.h: Added.

(WebKit::PingLoad::PingLoad):
(WebKit::PingLoad::willPerformHTTPRedirection):
(WebKit::PingLoad::didReceiveChallenge):
(WebKit::PingLoad::didReceiveResponseNetworkSession):
(WebKit::PingLoad::didReceiveData):
(WebKit::PingLoad::didCompleteWithError):
(WebKit::PingLoad::didBecomeDownload):
(WebKit::PingLoad::didSendData):
(WebKit::PingLoad::wasBlocked):
(WebKit::PingLoad::cannotShowURL):
(WebKit::PingLoad::timeoutTimerFired):
(WebKit::PingLoad::~PingLoad):

WebKit2.xcodeproj/project.pbxproj:

9:58 AM Changeset in webkit [197567] by commit-queue@webkit.org

3 edits in trunk/Tools

[check-webkit-style] Added checks for redundant virtual specifiers.
https://bugs.webkit.org/show_bug.cgi?id=155017

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-03-04
Reviewed by Darin Adler.

Added 3 new checks related to virtual, override, and final specifiers:

When "override" is present, "virtual" is redundant.
When "final" is present, "virtual" is redundant.
When "final" is present, "override" is redundant.

Scripts/webkitpy/style/checkers/cpp.py:

(_FunctionState.begin):
(_FunctionState.is_virtual):
(_check_parameter_name_against_text):
(_error_redundant_specifier):
(check_function_definition):
(CppChecker):

Scripts/webkitpy/style/checkers/cpp_unittest.py:

(FunctionDetectionTest.perform_function_detection):
(FunctionDetectionTest.test_basic_function_detection):
(FunctionDetectionTest.test_function_declaration_detection):
(FunctionDetectionTest.test_pure_function_detection):
(FunctionDetectionTest.test_override_and_final_function_detection):
(FunctionDetectionTest.test_non_functions):
(FunctionDetectionTest.test_parameter_list):

9:20 AM Changeset in webkit [197566] by Darin Adler

165 edits in trunk

Followup to:
Remove "virtual" from all lines that have both "virtual" and "override".
https://bugs.webkit.org/show_bug.cgi?id=155005

Reviewed by Geoffrey Garen.

Scripts/do-webcore-rename: Added more regular expressions to make sure we always

use either override or final, not both, and to remove virtual from all lines that
have both virtual and final.

9:02 AM Changeset in webkit [197565] by Darin Adler

3 edits in trunk/LayoutTests

REGRESSION (r197541): many tiled drawing tests failing after new "large tile size" logic was added
https://bugs.webkit.org/show_bug.cgi?id=155020

platform/mac-wk2/TestExpectations: Added failure expectations for tiled drawing tests.
platform/wk2/TestExpectations: Moved some expectations to a more appropriate section in the file.

8:55 AM Changeset in webkit [197564] by timothy@apple.com

14 edits in trunk/Source

Inform WebKit and WebCore if a page is controlled by automation.

https://bugs.webkit.org/show_bug.cgi?id=154991
rdar://problem/24965784

Reviewed by Joseph Pecoraro.

Source/WebCore:

page/Page.h:

(WebCore::Page::isControlledByAutomation): Added.
(WebCore::Page::setControlledByAutomation): Added.

Source/WebKit2:

Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

Shared/WebPageCreationParameters.h:
UIProcess/API/C/WKPage.cpp:

(WKPageGetIsControlledByAutomation):
(WKPageSetControlledByAutomation):

UIProcess/API/C/WKPagePrivate.h:
UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::setControlledByAutomation):
(WebKit::WebPageProxy::creationParameters):

UIProcess/WebPageProxy.h:

(WebKit::WebPageProxy::isControlledByAutomation):

WebProcess/InjectedBundle/API/c/WKBundlePage.cpp:

(WKBundlePageIsControlledByAutomation):

WebProcess/InjectedBundle/API/c/WKBundlePage.h:
WebProcess/WebPage/WebPage.cpp:

(WebKit::m_shouldDispatchFakeMouseMoveEvents):
(WebKit::WebPage::isControlledByAutomation):
(WebKit::WebPage::setControlledByAutomation):

WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/WebPage.messages.in:

8:47 AM Changeset in webkit [197563] by Darin Adler

1432 edits in trunk

Remove "virtual" from all lines that have both "virtual" and "override".
https://bugs.webkit.org/show_bug.cgi?id=155005

Reviewed by Geoffrey Garen.

Scripts/do-webcore-rename: Added a regular expression to this script to do the job.

5:26 AM Changeset in webkit [197562] by Carlos Garcia Campos

1 edit in releases/WebKitGTK/webkit-2.4/Source/JavaScriptCore/interpreter/JSStack.cpp

Merge r193648 - Crashes on PPC64 due to mprotect() on address not aligned to the page size
https://bugs.webkit.org/show_bug.cgi?id=130237

Reviewed by Mark Lam.

Make sure that commitSize is at least as big as the page size.

interpreter/JSStack.cpp:

(JSC::commitSize):
(JSC::JSStack::JSStack):
(JSC::JSStack::growSlowCase):

interpreter/JSStack.h:

5:20 AM Changeset in webkit [197561] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.4/Source/JavaScriptCore

Merge r193648 - Crashes on PPC64 due to mprotect() on address not aligned to the page size
https://bugs.webkit.org/show_bug.cgi?id=130237

Reviewed by Mark Lam.

Make sure that commitSize is at least as big as the page size.

interpreter/JSStack.cpp:

(JSC::commitSize):
(JSC::JSStack::JSStack):
(JSC::JSStack::growSlowCase):

interpreter/JSStack.h:

5:17 AM WebKitGTK/2.4.x edited by Carlos Garcia Campos

(diff)

5:06 AM WebKitGTK/2.4.x edited by Carlos Garcia Campos

(diff)

5:04 AM Changeset in webkit [197560] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WTF

Merge r185863 - [WTF] Platform.h: use _ABI64 instead of _MIPS_SIM_ABI64 to determine MIPS N64
https://bugs.webkit.org/show_bug.cgi?id=145113

Patch by YunQiang Su <wzssyqa@gmail.com> on 2015-06-22
Reviewed by Csaba Osztrogonác.

wtf/Platform.h:

5:03 AM Changeset in webkit [197559] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Source/WebCore

Merge r169665 - Initialize a char* that needs to be initialized.
<rdar://problem/15840022> and https://bugs.webkit.org/show_bug.cgi?id=133585

Reviewed by Mark Rowe.

r152134 (erroneously) removed this initialization.

platform/sql/SQLiteStatement.cpp:

(WebCore::SQLiteStatement::prepare): tail should start out initialized to 0.

5:01 AM Changeset in webkit [197558] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.4/Source/JavaScriptCore

Merge r167031 - Ensure that LLINT accessing of the ProtoCallFrame is big endian friendly.
<https://webkit.org/b/131449>

Reviewed by Mark Hahnenberg.

Change ProtoCallFrame::paddedArgCount to be of type uint32_t. The argCount
that it pads is of type int anyway. It doesn't need to be 64 bit. This
also makes it work with the LLINT which is loading it with a loadi
instruction.

We should add the PayLoadOffset to ProtoCallFrame::argCountAndCodeOriginValue
when loading the argCount.

interpreter/ProtoCallFrame.h:

(JSC::ProtoCallFrame::setPaddedArgCount):

llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:

4:57 AM Changeset in webkit [197557] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.4/Source

Merge r176519 - Webkit2 doesnt build on powerpc 32 bits
https://bugs.webkit.org/show_bug.cgi?id=130837

Reviewed by Carlos Garcia Campos.

Check if libatomic is needed in order to use std::atomic, and add
it to the list of WebKit2 libraries.

PlatformGTK.cmake:

4:54 AM Changeset in webkit [197556] by Carlos Garcia Campos

8 edits in releases/WebKitGTK/webkit-2.4

Merge r166232 - [EFL] Add ARM64 build support
https://bugs.webkit.org/show_bug.cgi?id=130506

Rubber stamped by Gyuyoung Kim.

CMakeLists.txt: Set WTF_CPU_ARM64 when aarch64 is defined.

Source/ThirdParty:

leveldb/port/atomic_pointer.h: Set ARCH_CPU_ARM_FAMILY when aarch64 is defined.

Source/WTF:

wtf/Platform.h: Set WTF_CPU_ARM64 when aarch64 is defined.

Tools:

Scripts/webkitdirs.pm:

(isARM): Detect aarch64 as ARM.

4:51 AM Changeset in webkit [197555] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.4/Tools

Merge r164794 - [gtk-doc] UnicodeEncodeError: 'ascii' codec can't encode character
https://bugs.webkit.org/show_bug.cgi?id=128927

Reviewed by Philippe Normand.

Encode manually the data for sys.{stdout,stderr}.write.

gtk/gtkdoc.py:

(GTKDoc._run_command):

1:52 AM Changeset in webkit [197554] by gskachkov@gmail.com

9 edits in trunk

[ES6] Arrow function syntax. Lexical bind super inside of the arrow function in generator.
https://bugs.webkit.org/show_bug.cgi?id=152575

Reviewed by Yusuke Suzuki.

Added support of the 'SuperProperty' in arrow function within of the generator
method of class. Before patch parser did not recognize that current arrow function
is declated inside of the generator and raise SyntaxError.

Source/JavaScriptCore:

parser/Parser.cpp:

(JSC::Parser<LexerType>::parseFunctionInfo):

parser/Parser.h:

(JSC::Scope::Scope):
(JSC::Scope::isGeneratorBoundary):
(JSC::Scope::setIsFunction):
(JSC::Scope::setIsGenerator):
(JSC::Parser::closestParentOrdinaryFunctionNonLexicalScope):

tests/stress/arrowfunction-lexical-bind-superproperty.js:

LayoutTests:

js/arrowfunction-superproperty-expected.txt:
js/arrowfunction-syntax-errors-expected.txt:
js/script-tests/arrowfunction-superproperty.js:
js/script-tests/arrowfunction-syntax-errors.js:

1:29 AM Changeset in webkit [197553] by Antti Koivisto

4 edits
2 adds in trunk

ComposedTreeIterator may traverse slotted nodes multiple times
https://bugs.webkit.org/show_bug.cgi?id=154983

Reviewed by Ryosuke Niwa.

Source/WebCore:

Traversal of slotted nodes can escape to real siblings. Those siblings are then traversed again as slotted nodes.

Test: fast/shadow-dom/composed-tree-slots.html

dom/ComposedTreeIterator.cpp:

(WebCore::ComposedTreeIterator::initializeContextStack):
(WebCore::ComposedTreeIterator::traverseNextInShadowTree):
(WebCore::ComposedTreeIterator::traverseNextLeavingContext):
(WebCore::ComposedTreeIterator::advanceInSlot):

dom/ComposedTreeIterator.h:

(WebCore::ComposedTreeIterator::Context::Context):

Include end iterator to the context.
For slotted nodes set it up to point to the next sibling of the node.

(WebCore::ComposedTreeIterator::context):
(WebCore::ComposedTreeIterator::traverseNextSkippingChildren):

LayoutTests:

fast/shadow-dom/composed-tree-slots-expected.txt: Added.
fast/shadow-dom/composed-tree-slots.html: Added.

1:03 AM Changeset in webkit [197552] by akling@apple.com

3 edits in trunk/Source/WebCore

Drop DocumentSharedObjectPool immediately when going into PageCache.
<https://webkit.org/b/154986>

Reviewed by Antti Koivisto.

If a Document goes into the PageCache while its shared object pool is still
alive, we can just kill it right away. This will sometimes allow us to free
a bunch of ElementData sooner.

dom/Document.cpp:

(WebCore::Document::Document):
(WebCore::Document::setInPageCache):
(WebCore::Document::clearSharedObjectPool):
(WebCore::Document::sharedObjectPoolClearTimerFired): Deleted.

dom/Document.h:

12:27 AM Changeset in webkit [197551] by youenn.fablet@crf.canon.fr

7 edits in trunk/Source/WebCore

Remove PassRefPtr from ThreadableLoader and relatives
https://bugs.webkit.org/show_bug.cgi?id=154966

Reviewed by Darin Adler.

Covered by existing tests.

loader/DocumentThreadableLoader.cpp:

(WebCore::DocumentThreadableLoader::create):

loader/DocumentThreadableLoader.h:
loader/ThreadableLoader.cpp:

(WebCore::ThreadableLoader::create):

loader/ThreadableLoader.h:
loader/WorkerThreadableLoader.cpp:

(WebCore::WorkerThreadableLoader::WorkerThreadableLoader):
(WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):

loader/WorkerThreadableLoader.h:

Note: See TracTimeline for information about the timeline view.

Download in other formats:

RSS Feed