Context Navigation

← Previous Period
Next Period →

Timeline

Apr 12, 2016:

11:53 PM Changeset in webkit [199416] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198387 - Data URL DecodeTask may get deleted outside main thread
https://bugs.webkit.org/show_bug.cgi?id=155584
rdar://problem/24492104

Reviewed by Darin Adler.

This is unsafe as it owns strings and other types that are only safe to delete in the main thread.

There is a race between deref in dispatch() and deref in timerFired(). If the timer fires before dispatch()
exits the implicit deref will trigger deletion of DecodingResultDispatcher in the dispatching thread.

(WebCore::DataURLDecoder::DecodingResultDispatcher::timerFired):

Fix by clearing m_decodeTask when the timer fires.

11:51 PM Changeset in webkit [199415] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.12

Merge r198377 - [XSS Auditor] Off by one in XSSAuditor::canonicalizedSnippetForJavaScript()
https://bugs.webkit.org/show_bug.cgi?id=155624
<rdar://problem/25219962>

Unreviewed merge from Blink (patch by Tom Sepez <tsepez@chromium.org>):
<https://src.chromium.org/viewvc/blink?revision=201803&view=revision>

Source/WebCore:

Test: http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html

html/parser/XSSAuditor.cpp:

(WebCore::XSSAuditor::canonicalizedSnippetForJavaScript): Correct off-by-one error.

LayoutTests:

http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode-expected.txt: Added.
http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html: Added.

11:48 PM Changeset in webkit [199414] by Carlos Garcia Campos

4 edits
2 adds in releases/WebKitGTK/webkit-2.12

Merge r198374 - Images in feed on ebay.com jiggle when one is hovered
https://bugs.webkit.org/show_bug.cgi?id=155608
<rdar://problem/25160681>

The content offset in compositing layer = subpixel gap between the graphics layer and the layer bounds + layer bounds top left.

Reviewed by Simon Fraser.

Source/WebCore:

Test: compositing/hidpi-viewport-clipping-on-composited-content.html

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):
(WebCore::RenderLayerBacking::contentOffsetInCompostingLayer):

rendering/RenderLayerBacking.h:

LayoutTests:

compositing/hidpi-viewport-clipping-on-composited-content-expected.html: Added.
compositing/hidpi-viewport-clipping-on-composited-content.html: Added.

11:47 PM Changeset in webkit [199413] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.12

Merge r198372 - Don't initiate a style recall while drawing text
https://bugs.webkit.org/show_bug.cgi?id=155618

Patch by Zalan Bujtas <Alan Bujtas> on 2016-03-17
Reviewed by Simon Fraser.

This patch ensures that we don't initiate a style recalc while in the middle of text drawing.

Source/WebCore:

Test: fast/canvas/crash-while-resizing-canvas.html

html/canvas/CanvasRenderingContext2D.cpp:

(WebCore::CanvasRenderingContext2D::drawTextInternal):

LayoutTests:

fast/canvas/crash-while-resizing-canvas-expected.txt: Added.
fast/canvas/crash-while-resizing-canvas.html: Added.

11:46 PM Changeset in webkit [199412] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198370 - Improve some metadata tests
https://bugs.webkit.org/show_bug.cgi?id=155616

Patch by Eric Carlson <eric.carlson@apple.com> on 2016-03-17
Reviewed by Saam Barati.

html/track/DataCue.cpp:

(WebCore::DataCue::DataCue):
(WebCore::DataCue::setData):

11:45 PM Changeset in webkit [199411] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198361 - Some media tests are flaky.
https://bugs.webkit.org/show_bug.cgi?id=155614

Reviewed by Eric Carlson.

html/track/TextTrack.cpp:

(WebCore::TextTrack::~TextTrack):

11:44 PM Changeset in webkit [199410] by Carlos Garcia Campos

3 edits
3 adds in releases/WebKitGTK/webkit-2.12

Merge r198357 - Don't try to restore deleted MemoryIndexes if their owning object store is not restored.
https://bugs.webkit.org/show_bug.cgi?id=155068

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/indexeddb/modern/deleteindex-4-private.html

Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:

(WebCore::IDBServer::MemoryBackingStoreTransaction::indexDeleted):

LayoutTests:

storage/indexeddb/modern/deleteindex-4-private-expected.txt: Added.
storage/indexeddb/modern/deleteindex-4-private.html: Added.
storage/indexeddb/modern/resources/deleteindex-4.js: Added.

11:41 PM Changeset in webkit [199409] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.12/Source/WTF

Merge r198345 - Silence leaks in ParkingLot
https://bugs.webkit.org/show_bug.cgi?id=155510

Reviewed by Alexey Proskuryakov.

ParkingLot has a concurrent hashtable that it reallocates on demand. It will not reallocate
it in steady state. The hashtable is sized to accommodate the high watermark of the number
of active threads - so long as the program doesn't just keep starting an unbounded number
of threads that are all active, the hashtable will stop resizing. Each resize operation is
designed to stay out of the way of the data-access-parallel normal path, in which two
threads operating on different lock addresses don't have to synchronize. To do this, it
simply drops the old hashtable without deleting it, so that threads that were still using
it don't crash. They will realize that they have the wrong hashtable before doing anything
bad, but we don't have a way of proving when all of those threads are no longer going to
read from the old hashtables. So, we just leak them.

This is a bounded leak, since the hashtable resizes exponentially. Thus the total memory
utilization of all hashtables, including the leaked ones, converges to a linear function of
the current hashtable's size (it's 2 * size of current hashtable).

But this leak is a problem for leaks tools, which will always report this leak. This is not
useful. It's better to silence the leak. That's what this patch does by ensuring that all
hashtables, including leaked ones, end up in a global vector. This is perf-neutral.

This requires making a StaticWordLock variant of WordLock. That's probably the biggest part
of this change.

wtf/ParkingLot.cpp:
wtf/WordLock.cpp:

(WTF::WordLockBase::lockSlow):
(WTF::WordLockBase::unlockSlow):
(WTF::WordLock::lockSlow): Deleted.
(WTF::WordLock::unlockSlow): Deleted.

wtf/WordLock.h:

(WTF::WordLockBase::lock):
(WTF::WordLockBase::isLocked):
(WTF::WordLock::WordLock):
(WTF::WordLock::lock): Deleted.
(WTF::WordLock::isLocked): Deleted.

11:37 PM Changeset in webkit [199408] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.12

Merge r198309 - Subpixel rendering: Directly composited image layers need pixelsnapping.
https://bugs.webkit.org/show_bug.cgi?id=155558

Reviewed by Simon Fraser.

In order to match non-composited image size/position, we need to pixelsnap both the contents and the clipping
layer bounds for directly composited images.

Source/WebCore:

Test: fast/images/hidpi-directly-composited-image-on-subpixel-position.html

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::resetContentsRect):
(WebCore::RenderLayerBacking::updateChildClippingStrategy):
(WebCore::RenderLayerBacking::updateImageContents):

LayoutTests:

fast/images/hidpi-directly-composited-image-on-subpixel-position-expected.html: Added.
fast/images/hidpi-directly-composited-image-on-subpixel-position.html: Added.

11:35 PM Changeset in webkit [199407] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198305 - Fix assertion failure on drive.google.com after r196052
https://bugs.webkit.org/show_bug.cgi?id=155562

Reviewed by Jer Noble.

rendering/RenderGeometryMap.cpp:

(WebCore::RenderGeometryMap::mapToContainer):
Change float equality check to areEssentiallyEqual.
This assertion was failing because rendererMappedResult was (944.335693, 232.047409)
but result was (944.335693, 232.047394). They differ by (0, 0.000015).

11:34 PM Changeset in webkit [199406] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r198296 - ASSERTION FAILED: !edge->isPhantomAllocation() in regress/script-tests/sink-huge-activation.js.ftl-eager in debug mode
https://bugs.webkit.org/show_bug.cgi?id=153805

Reviewed by Mark Lam.

The object allocation sinking phase uses InferredValue::isStillValid() in the opposite
way from most clients: it will do an *extra* optimization if it returns false. The
phase will first compute sink candidates and then it will compute materialization
points. If something is a sink candidate then it is not a materialization point. A
NewFunction node may appear as not being a sink candidate during the first pass, so it's
not added to the set of things that will turn into PhantomNewFunction. But on the second
pass where we add materializations, we check isStillValid() again. Now this may become
false, so that second pass thinks that NewFunction is a sink candidate (even though it's
not in the sink candidates set) and so is not a materialization point.

This manifests as the NewFunction referring to a PhantomCreateActivation or whatever.

The solution is to have the phase cache results of calls to isStillValid(). It's OK if
we just remember the result of the first call and assume that it's not a sink candidate.
That's the worst that can happen.

No new tests since this is a super hard race and sink-huge-activation seemed to already
be catching it.

dfg/DFGObjectAllocationSinkingPhase.cpp:

11:26 PM Changeset in webkit [199405] by Carlos Garcia Campos

22 edits
2 adds in releases/WebKitGTK/webkit-2.12

Merge r198289 - URL Parsing should signal failure for illegal IDN
https://bugs.webkit.org/show_bug.cgi?id=154945
<rdar://problem/8014795>

Reviewed by Brent Fulgham.

Source/WebCore:

WebCore::URL will now invalidate URLs with illegal IDN. And functions inside WebCoreNSURLExtras.h
that deal with IDN mapping will now return nil to signal error.

Test: fast/url/invalid-idn.html

platform/URL.cpp:

(WebCore::isSchemeFirstChar):
(WebCore::URL::init):
(WebCore::appendEncodedHostname):
(WebCore::encodeHostnames):
(WebCore::encodeRelativeString):

platform/mac/WebCoreNSURLExtras.h:
platform/mac/WebCoreNSURLExtras.mm:

(WebCore::mapHostNameWithRange):
(WebCore::hostNameNeedsDecodingWithRange):
(WebCore::hostNameNeedsEncodingWithRange):
(WebCore::decodeHostNameWithRange):
(WebCore::encodeHostNameWithRange):
(WebCore::decodeHostName):
(WebCore::encodeHostName):
(WebCore::collectRangesThatNeedMapping):
(WebCore::mapHostNames):
(WebCore::URLWithData):
(WebCore::dataWithUserTypedString):
(WebCore::URLWithUserTypedString):
(WebCore::URLWithUserTypedStringDeprecated):
(WebCore::userVisibleString):

Source/WebKit/ios:

Misc/WebNSStringExtrasIOS.m:

(-[NSString _web_possibleURLsForForUserTypedString:]):

WebView/WebPDFViewPlaceholder.mm:

(-[WebPDFViewPlaceholder _updateTitleForURL:]):

Source/WebKit/mac:

In this patch, we add new SPIs _webkit_URLWithUserTypedString, _webkit_decodeHostName and
_webkit_encodeHostName which will return nil while dealing with illegal IDN.

Old SPIs _web_URLWithUserTypedString, _web_decodeHostName and _web_encodeHostName are marked
deprecated as they ignore URL parsing failure.

History/WebHistoryItem.mm:

(-[WebHistoryItem initFromDictionaryRepresentation:]):

Misc/WebKitErrors.m:

(+[NSError _webKitErrorWithCode:failingURL:]):

Misc/WebNSFileManagerExtras.mm:

(-[NSFileManager _webkit_setMetadataURL:referrer:atPath:]):

Misc/WebNSPasteboardExtras.mm:

(-[NSPasteboard _web_bestURL]):

Misc/WebNSURLExtras.h:
Misc/WebNSURLExtras.mm:

(+[NSURL _web_URLWithUserTypedString:]):
(+[NSURL _webkit_URLWithUserTypedString:relativeToURL:]):
(+[NSURL _webkit_URLWithUserTypedString:]):
(-[NSString _web_decodeHostName]):
(-[NSString _web_encodeHostName]):
(-[NSString _webkit_decodeHostName]):
(-[NSString _webkit_encodeHostName]):

Panels/WebAuthenticationPanel.m:

(-[WebAuthenticationPanel setUpForChallenge:]):

WebCoreSupport/WebEditorClient.mm:

(WebEditorClient::canonicalizeURLString):

Tools:

MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController fetch:]):

TestWebKitAPI/Tests/Cocoa/URLExtras.mm:

(TestWebKitAPI::TEST):

LayoutTests:

fast/url/host-expected.txt:
fast/url/idna2003-expected.txt:
fast/url/invalid-idn-expected.txt: Added.
fast/url/invalid-idn.html: Added.

11:20 PM Changeset in webkit [199404] by Carlos Garcia Campos

5 edits
2 adds in releases/WebKitGTK/webkit-2.12

Merge r198284 - Don't invalidate style unnecessarily when setting inline style cssText
https://bugs.webkit.org/show_bug.cgi?id=155541
rdar://problem/23318893

Reviewed by Simon Fraser.

Source/WebCore:

We currently invalidate style when cssText is set whether the style declaration changed or not.

Based on a patch by Simon.

Test: fast/css/style-invalidation-inline-csstext.html

css/PropertySetCSSStyleDeclaration.cpp:

(WebCore::PropertySetCSSStyleDeclaration::cssText):
(WebCore::PropertySetCSSStyleDeclaration::setCssText):

Invalidate only if the parsed style changed.

css/StyleProperties.cpp:

(WebCore::MutableStyleProperties::parseDeclaration):

Compare the original and new style after parsing, return result.

css/StyleProperties.h:

LayoutTests:

fast/css/style-invalidation-inline-csstext-expected.txt: Added.
fast/css/style-invalidation-inline-csstext.html: Added.

8:57 PM Changeset in webkit [199403] by ap@apple.com

2 edits in trunk/Tools

Python test webkitpy.common.system.executive_unittest.ExecutiveTest.serial_test_kill_process is flaky
https://bugs.webkit.org/show_bug.cgi?id=155367

Reviewed by Darin Adler.

Scripts/webkitpy/common/system/executive.py: (Executive.kill_process):

Don't flakily consume the return code with waitpid, callers need to do waitpid on
their own. Not sure if this line of code was even intentional.

8:14 PM Changeset in webkit [199402] by keith_miller@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed undo change from ArrayClass to ArrayWithUndecided, which
was not intedend to land with r199397.

runtime/ArrayPrototype.h:

(JSC::ArrayPrototype::createStructure):

7:29 PM Changeset in webkit [199401] by dbates@webkit.org

5 edits
2 adds in trunk/Source/WebKit2

REGRESSION (r198933): Unable to login to Google account from Internet Accounts preference pane
https://bugs.webkit.org/show_bug.cgi?id=156447
<rdar://problem/25628133>

Reviewed by Darin Adler.

Reverts the workaround landed in r199301 and teaches ProcessLauncherMac to use the code
signing identifier of the UI process as the client-identifier if it is signed. Otherwise,
we fall back to using the main bundle identifier or _NSGetProgname() depending on whether
the UI process has an associated app bundle.

PlatformMac.cmake: Add file Shared/mac/CodeSigning.mm.
Shared/mac/ChildProcessMac.mm:

(WebKit::ChildProcess::initializeSandbox):
(WebKit::codeSigningIdentifierForProcess): Deleted; moved from here to file Shared/mac/CodeSigning.mm.

Shared/mac/CodeSigning.h: Added.
Shared/mac/CodeSigning.mm: Added.

(WebKit::secCodeForCurrentProcess): Added.
(WebKit::secCodeForProcess): Added.
(WebKit::secCodeSigningInformation): Added.
(WebKit::appleSignedOrMacAppStoreSignedOrAppleDeveloperSignedRequirement): Added.
(WebKit::secCodeSigningIdentifier): Added.
(WebKit::codeSigningIdentifier): Returns the code signing identifier for the current process.
(WebKit::codeSigningIdentifierForProcess): Moved from file Shared/mac/ChildProcessMac.mm. Extracted logic
into various helper functions (above) so that it can be shared with WebKit::codeSigningIdentifier() as
well as to improve the readability of the code. Removed the OSStatus out argument that was used by callers
for logging purposes and moved such logging responsibility into WebKit::secCodeSigningIdentifier() as
a release assertion message since we always want to log this error when code signing validation fails. We
use a release assertion to cause a noticeable crash because we such failures should not occur and if they
do then we want to see crash reports so that we can handle such failures. Using a release assertion for
validation failures also simplifies the possible return values of this function as such failures represented
the only case where this function would return an empty string. We now return either a null string or a non-
empty string. We return a null string when the specified process is either unsigned or signed by a third-party;
otherwise, we return a non-empty string that represents the code signing identifier.

UIProcess/Launcher/mac/ProcessLauncherMac.mm:

(WebKit::connectToService): Use the code signing identifier for the client-identifier if we have one (e.g.
we are signed app). If we do not have a code signing identifier then take client-identifier to be the
bundle identifier of our main bundle. Failing that we take client-identifier to be _NSGetProgname().

WebKit2.xcodeproj/project.pbxproj: Add files Shared/mac/CodeSigning.{h, mm}.

6:31 PM Changeset in webkit [199400] by mark.lam@apple.com

24 edits
56 deletes in trunk

Rollout: ES6: Implement String.prototype.split and RegExp.prototype[@@split].
https://bugs.webkit.org/show_bug.cgi?id=156013

Speculative rollout to fix 32-bit shadow-chicken.yaml/tests/v8-v6/v8-regexp.js.shadow-chicken test failure.

Not reviewed.

Source/JavaScriptCore:

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
builtins/GlobalObject.js:

(speciesGetter):
(speciesConstructor): Deleted.

builtins/PromisePrototype.js:
builtins/RegExpPrototype.js:

(advanceStringIndexUnicode):
(match):
(advanceStringIndex): Deleted.
(regExpExec): Deleted.
(hasObservableSideEffectsForRegExpSplit): Deleted.
(split): Deleted.

builtins/StringPrototype.js:

(repeat):
(split): Deleted.

bytecode/BytecodeIntrinsicRegistry.cpp:

(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
(JSC::BytecodeIntrinsicRegistry::lookup):

bytecode/BytecodeIntrinsicRegistry.h:
runtime/CommonIdentifiers.h:
runtime/ECMAScriptSpecInternalFunctions.cpp: Removed.
runtime/ECMAScriptSpecInternalFunctions.h: Removed.
runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::setGlobalThis):
(JSC::JSGlobalObject::init):
(JSC::getGetterById): Deleted.

runtime/PropertyDescriptor.cpp:

(JSC::PropertyDescriptor::setDescriptor):

runtime/RegExpObject.h:

(JSC::RegExpObject::offsetOfLastIndexIsWritable):

runtime/RegExpPrototype.cpp:

(JSC::RegExpPrototype::finishCreation):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncSearch):
(JSC::advanceStringIndex): Deleted.
(JSC::regExpProtoFuncSplitFast): Deleted.

runtime/RegExpPrototype.h:
runtime/StringObject.h:

(JSC::jsStringWithReuse): Deleted.
(JSC::jsSubstring): Deleted.

runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):
(JSC::jsStringWithReuse):
(JSC::jsSubstring):
(JSC::substituteBackreferencesSlow):
(JSC::splitStringByOneCharacterImpl):
(JSC::stringProtoFuncSplit):
(JSC::stringProtoFuncSubstr):
(JSC::stringProtoFuncSubstring):
(JSC::stringProtoFuncEndsWith):
(JSC::stringProtoFuncIncludes):
(JSC::stringProtoFuncIterator):
(JSC::stringProtoFuncSplitFast): Deleted.
(JSC::builtinStringSubstrInternal): Deleted.
(JSC::stringIncludesImpl): Deleted.
(JSC::builtinStringIncludesInternal): Deleted.

runtime/StringPrototype.h:
tests/es6.yaml:

LayoutTests:

js/Object-getOwnPropertyNames-expected.txt:
js/dom/string-prototype-properties-expected.txt:
js/regress/regexp-prototype-split-observable-side-effects-expected.txt: Removed.
js/regress/regexp-prototype-split-observable-side-effects.html: Removed.
js/regress/regexp-prototype-split-observable-side-effects2-expected.txt: Removed.
js/regress/regexp-prototype-split-observable-side-effects2.html: Removed.
js/regress/regexp-prototype-split-observable-side-effects3-flags-expected.txt: Removed.
js/regress/regexp-prototype-split-observable-side-effects3-flags.html: Removed.
js/regress/regexp-prototype-split-observable-side-effects3-global-expected.txt: Removed.
js/regress/regexp-prototype-split-observable-side-effects3-global.html: Removed.
js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Removed.
js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase.html: Removed.
js/regress/regexp-prototype-split-observable-side-effects3-multiline-expected.txt: Removed.
js/regress/regexp-prototype-split-observable-side-effects3-multiline.html: Removed.
js/regress/regexp-prototype-split-observable-side-effects3-sticky-expected.txt: Removed.
js/regress/regexp-prototype-split-observable-side-effects3-sticky.html: Removed.
js/regress/regexp-prototype-split-observable-side-effects3-unicode-expected.txt: Removed.
js/regress/regexp-prototype-split-observable-side-effects3-unicode.html: Removed.
js/regress/regexp-prototype-split-observable-side-effects4-expected.txt: Removed.
js/regress/regexp-prototype-split-observable-side-effects4.html: Removed.
js/regress/script-tests/regexp-prototype-split-observable-side-effects.js: Removed.
js/regress/script-tests/regexp-prototype-split-observable-side-effects2.js: Removed.
js/regress/script-tests/regexp-prototype-split-observable-side-effects3-flags.js: Removed.
js/regress/script-tests/regexp-prototype-split-observable-side-effects3-global.js: Removed.
js/regress/script-tests/regexp-prototype-split-observable-side-effects3-ignoreCase.js: Removed.
js/regress/script-tests/regexp-prototype-split-observable-side-effects3-multiline.js: Removed.
js/regress/script-tests/regexp-prototype-split-observable-side-effects3-sticky.js: Removed.
js/regress/script-tests/regexp-prototype-split-observable-side-effects3-unicode.js: Removed.
js/regress/script-tests/regexp-prototype-split-observable-side-effects4.js: Removed.
js/regress/script-tests/string-prototype-split-observable-side-effects.js: Removed.
js/regress/script-tests/string-prototype-split-observable-side-effects2.js: Removed.
js/regress/script-tests/string-prototype-split-observable-side-effects3-flags.js: Removed.
js/regress/script-tests/string-prototype-split-observable-side-effects3-global.js: Removed.
js/regress/script-tests/string-prototype-split-observable-side-effects3-ignoreCase.js: Removed.
js/regress/script-tests/string-prototype-split-observable-side-effects3-multiline.js: Removed.
js/regress/script-tests/string-prototype-split-observable-side-effects3-sticky.js: Removed.
js/regress/script-tests/string-prototype-split-observable-side-effects3-unicode.js: Removed.
js/regress/script-tests/string-prototype-split-observable-side-effects4.js: Removed.
js/regress/string-prototype-split-observable-side-effects-expected.txt: Removed.
js/regress/string-prototype-split-observable-side-effects.html: Removed.
js/regress/string-prototype-split-observable-side-effects2-expected.txt: Removed.
js/regress/string-prototype-split-observable-side-effects2.html: Removed.
js/regress/string-prototype-split-observable-side-effects3-flags-expected.txt: Removed.
js/regress/string-prototype-split-observable-side-effects3-flags.html: Removed.
js/regress/string-prototype-split-observable-side-effects3-global-expected.txt: Removed.
js/regress/string-prototype-split-observable-side-effects3-global.html: Removed.
js/regress/string-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Removed.
js/regress/string-prototype-split-observable-side-effects3-ignoreCase.html: Removed.
js/regress/string-prototype-split-observable-side-effects3-multiline-expected.txt: Removed.
js/regress/string-prototype-split-observable-side-effects3-multiline.html: Removed.
js/regress/string-prototype-split-observable-side-effects3-sticky-expected.txt: Removed.
js/regress/string-prototype-split-observable-side-effects3-sticky.html: Removed.
js/regress/string-prototype-split-observable-side-effects3-unicode-expected.txt: Removed.
js/regress/string-prototype-split-observable-side-effects3-unicode.html: Removed.
js/regress/string-prototype-split-observable-side-effects4-expected.txt: Removed.
js/regress/string-prototype-split-observable-side-effects4.html: Removed.
js/script-tests/Object-getOwnPropertyNames.js:
sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:

6:07 PM Changeset in webkit [199399] by enrica@apple.com

9 edits in trunk/Source/WebKit2

Should retrieve text surrounding the selection when performing lookup.
https://bugs.webkit.org/show_bug.cgi?id=156525
rdar://problem/25043678

Reviewed by Tim Horton.

The lookup functionality requires the surrounding text to improve
the quality of the results. This patch changes the implementation of
_lookup to retrieve the text before and the text after the selection.
It also renames DictationContextCallback to SelectionContextCallback so
that it can be used for both dictation and lookup, since they both need
the surrounding text.

UIProcess/AutoCorrectionCallback.h:
UIProcess/WebPageProxy.h:
UIProcess/WebPageProxy.messages.in:
UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _lookup:]):

UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::WebPageProxy::autocorrectionDataCallback):
(WebKit::WebPageProxy::selectionContextCallback):
(WebKit::WebPageProxy::getAutocorrectionContext):
(WebKit::WebPageProxy::getSelectionContext):
(WebKit::WebPageProxy::handleTwoFingerTapAtPoint):
(WebKit::WebPageProxy::dictationContextCallback): Deleted.
(WebKit::WebPageProxy::getLookupContextAtPoint): Deleted.

WebProcess/WebPage/WebPage.h:
WebProcess/WebPage/WebPage.messages.in:
WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::performDefaultBehaviorForKeyEvent):
(WebKit::WebPage::getSelectionContext):
(WebKit::WebPage::accessibilityObjectForMainFramePlugin):
(WebKit::WebPage::requestDictationContext):
(WebKit::WebPage::replaceSelectedText):
(WebKit::WebPage::getLookupContextAtPoint): Deleted.

5:48 PM Changeset in webkit [199398] by mark.lam@apple.com

2 edits in trunk/Source/JavaScriptCore

Remove 2 unused JSC options.
https://bugs.webkit.org/show_bug.cgi?id=156526

Reviewed by Benjamin Poulain.

The options JSC_assertICSizing and JSC_dumpFailedICSizing are no longer in use
now that we have B3.

runtime/Options.h:

5:37 PM Changeset in webkit [199397] by keith_miller@apple.com

40 edits
5 adds in trunk

[ES6] Add support for Symbol.isConcatSpreadable.
https://bugs.webkit.org/show_bug.cgi?id=155351

Reviewed by Saam Barati.

Source/JavaScriptCore:

This patch adds support for Symbol.isConcatSpreadable. In order to do so it was necessary to move the
Array.prototype.concat function to JS. A number of different optimizations were needed to make such the move to
a builtin performant. First, four new DFG intrinsics were added.

1) IsArrayObject (I would have called it IsArray but we use the same name for an IndexingType): an intrinsic of

the Array.isArray function.

2) IsJSArray: checks the first child is a JSArray object.
3) IsArrayConstructor: checks the first child is an instance of ArrayConstructor.
4) CallObjectConstructor: an intrinsic of the Object constructor.

IsActualObject, IsJSArray, and CallObjectConstructor can all be converted into constants in the abstract interpreter if
we are able to prove that the first child is an Array or for ToObject an Object.

In order to further improve the perfomance we also now cover more indexing types in our fast path memcpy
code. Before we would only memcpy Arrays if they had the same indexing type and did not have Array storage and
were not undecided. Now the memcpy code covers the following additional two cases: One array is undecided and
the other is a non-array storage and the case where one array is Int32 and the other is contiguous (we map this
into a contiguous array).

This patch also adds a new fast path for concat with more than one array argument by using memcpy to append
values onto the result array. This works roughly the same as the two array fast path using the same methodology
to decide if we can memcpy the other butterfly into the result butterfly.

Two new debugging tools are also added to the jsc cli. One is a version of the print function with a private
name so it can be used for debugging builtins. The other is dumpDataLog, which takes a JSValue and runs our
dataLog function on it.

Finally, this patch add a new constructor to JSValueRegsTemporary that allows it to reuse the the registers of a
JSValueOperand if the operand's use count is one.

JavaScriptCore.xcodeproj/project.pbxproj:
builtins/ArrayPrototype.js:

(concatSlowPath):
(concat):

bytecode/BytecodeIntrinsicRegistry.cpp:

(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):

bytecode/BytecodeIntrinsicRegistry.h:
dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGNodeType.h:
dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::compileIsJSArray):
(JSC::DFG::SpeculativeJIT::compileIsArrayObject):
(JSC::DFG::SpeculativeJIT::compileIsArrayConstructor):
(JSC::DFG::SpeculativeJIT::compileCallObjectConstructor):

dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCallObjectConstructor):
(JSC::FTL::DFG::LowerDFGToB3::compileIsArrayObject):
(JSC::FTL::DFG::LowerDFGToB3::compileIsJSArray):
(JSC::FTL::DFG::LowerDFGToB3::compileIsArrayConstructor):
(JSC::FTL::DFG::LowerDFGToB3::isArray):

jit/JITOperations.h:
jsc.cpp:

(GlobalObject::finishCreation):
(functionDataLogValue):

runtime/ArrayConstructor.cpp:

(JSC::ArrayConstructor::finishCreation):
(JSC::arrayConstructorPrivateFuncIsArrayConstructor):

runtime/ArrayConstructor.h:

(JSC::isArrayConstructor):

runtime/ArrayPrototype.cpp:

(JSC::ArrayPrototype::finishCreation):
(JSC::arrayProtoPrivateFuncIsJSArray):
(JSC::moveElements):
(JSC::arrayProtoPrivateFuncConcatMemcpy):
(JSC::arrayProtoPrivateFuncAppendMemcpy):
(JSC::arrayProtoFuncConcat): Deleted.

runtime/ArrayPrototype.h:

(JSC::ArrayPrototype::createStructure):

runtime/CommonIdentifiers.h:
runtime/Intrinsic.h:
runtime/JSArray.cpp:

(JSC::JSArray::appendMemcpy):
(JSC::JSArray::fastConcatWith): Deleted.

runtime/JSArray.h:

(JSC::JSArray::createStructure):
(JSC::JSArray::fastConcatType): Deleted.

runtime/JSArrayInlines.h: Added.

(JSC::JSArray::memCopyWithIndexingType):
(JSC::JSArray::canFastCopy):

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

runtime/JSType.h:
runtime/ObjectConstructor.h:

(JSC::constructObject):

tests/es6.yaml:
tests/stress/array-concat-spread-object.js: Added.

(arrayEq):

tests/stress/array-concat-spread-proxy-exception-check.js: Added.

(arrayEq):

tests/stress/array-concat-spread-proxy.js: Added.

(arrayEq):

tests/stress/array-concat-with-slow-indexingtypes.js: Added.

(arrayEq):

tests/stress/array-species-config-array-constructor.js:

LayoutTests:

Fix tests for Symbol.isConcatSpreadable on the Symbol object.

js/Object-getOwnPropertyNames-expected.txt:
js/dom/array-prototype-properties-expected.txt:
js/script-tests/Object-getOwnPropertyNames.js:

4:57 PM Changeset in webkit [199396] by BJ Burg

2 edits in trunk/Source/WebInspectorUI

Web Inspector: save inspector's zoom factor as a persistent setting across sessions
https://bugs.webkit.org/show_bug.cgi?id=156522
<rdar://problem/25635774>

Reviewed by Timothy Hatcher.

UserInterface/Base/Main.js:

(WebInspector.loaded):
Initialize the setting and immediately set the zoom before the frontend page loads.

(WebInspector._increaseZoom):
(WebInspector._decreaseZoom):
(WebInspector._resetZoom):
Use the internal get/set method which updates the WebInspector.Setting.

(WebInspector._setZoomFactor):
Added. Round-trip through the frontend host method in case it further clamps the value.

(WebInspector._zoomFactor):
Added. Just return the setting, since there's no other way for zoom to have changed.

3:48 PM Changeset in webkit [199395] by commit-queue@webkit.org

2 edits in trunk/Source/WebKit2

Web Inspector: Dock controls are not available in toolbar if Web Inspector window leaves fullscreen
https://bugs.webkit.org/show_bug.cgi?id=156520
<rdar://problem/22101106>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-04-12
Reviewed by Timothy Hatcher.

UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::WebInspectorProxy::platformCanAttach):
Be more explicit about the attachment view check. Its intent
was to prevent allowing a 2nd level inspector from attaching
to a 1st level inspector. We can use a stronger check. Also,
remove deprecated pragmas by switching to new value.

3:42 PM Changeset in webkit [199394] by sbarati@apple.com

3 edits in trunk/Source/JavaScriptCore

Lets not iterate over the constant pool twice every time we link a code block
https://bugs.webkit.org/show_bug.cgi?id=156517

Reviewed by Mark Lam.

I introduced a second iteration over the constant pool when I implemented
block scoping. I did this because we must clone all the symbol tables when
we link a CodeBlock. We can just do this cloning when setting the constant
registers for the first time. There is no need to iterate over the constant
pool a second time.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::setAlternative):

bytecode/CodeBlock.h:

(JSC::CodeBlock::replaceConstant):
(JSC::CodeBlock::setConstantRegisters): Deleted.

3:40 PM Changeset in webkit [199393] by mark.lam@apple.com

24 edits
56 adds in trunk

ES6: Implement String.prototype.split and RegExp.prototype[@@split].
https://bugs.webkit.org/show_bug.cgi?id=156013

Reviewed by Keith Miller.

Source/JavaScriptCore:

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
builtins/GlobalObject.js:

(speciesConstructor):

builtins/PromisePrototype.js:
refactored to use the @speciesConstructor internal function.

builtins/RegExpPrototype.js:

(advanceStringIndex):

refactored from @advanceStringIndexUnicode() to be match the spec. Benchmarks show that there's no advantage in doing the unicode check outside of the advanceStringIndexUnicode part. So, I simplified the code to match the spec (especially since @@split needs to call advanceStringIndex from more than 1 location).

(match):

Removed an unnecessary call to @Object because it was already proven above.
Changed to use advanceStringIndex instead of advanceStringIndexUnicode. Again, there's no perf regression for this.

(regExpExec):
(hasObservableSideEffectsForRegExpSplit):
(split):
(advanceStringIndexUnicode): Deleted.

builtins/StringPrototype.js:

(split):

Modified to use RegExp.prototype[@@split].

bytecode/BytecodeIntrinsicRegistry.cpp:

(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):
(JSC::BytecodeIntrinsicRegistry::lookup):

bytecode/BytecodeIntrinsicRegistry.h:
Added the @@split symbol.

runtime/CommonIdentifiers.h:
runtime/ECMAScriptSpecInternalFunctions.cpp: Added.

(JSC::esSpecIsConstructor):
(JSC::esSpecIsRegExp):

runtime/ECMAScriptSpecInternalFunctions.h: Added.

runtime/JSGlobalObject.cpp:

(JSC::getGetterById):
(JSC::JSGlobalObject::init):

runtime/PropertyDescriptor.cpp:

(JSC::PropertyDescriptor::setDescriptor):

Removed an assert that is no longer valid.

runtime/RegExpObject.h:
Made advanceStringUnicode() public so that it can be re-used by the regexp split fast path.

runtime/RegExpPrototype.cpp:

(JSC::RegExpPrototype::finishCreation):
(JSC::regExpProtoFuncExec):
(JSC::regExpProtoFuncSearch):
(JSC::advanceStringIndex):
(JSC::regExpProtoFuncSplitFast):

runtime/RegExpPrototype.h:

runtime/StringObject.h:

(JSC::jsStringWithReuse):
(JSC::jsSubstring):

Hoisted some utility functions from StringPrototype.cpp so that they can be reused by the regexp split fast path.

runtime/StringPrototype.cpp:

(JSC::StringPrototype::finishCreation):
(JSC::stringProtoFuncSplitFast):
(JSC::stringProtoFuncSubstr):
(JSC::builtinStringSubstrInternal):
(JSC::stringProtoFuncSubstring):
(JSC::stringIncludesImpl):
(JSC::stringProtoFuncIncludes):
(JSC::builtinStringIncludesInternal):
(JSC::jsStringWithReuse): Deleted.
(JSC::jsSubstring): Deleted.
(JSC::stringProtoFuncSplit): Deleted.

runtime/StringPrototype.h:

tests/es6.yaml:

LayoutTests:

js/Object-getOwnPropertyNames-expected.txt:
js/dom/string-prototype-properties-expected.txt:

js/regress/regexp-prototype-split-observable-side-effects-expected.txt: Added.
js/regress/regexp-prototype-split-observable-side-effects.html: Added.
js/regress/regexp-prototype-split-observable-side-effects2-expected.txt: Added.
js/regress/regexp-prototype-split-observable-side-effects2.html: Added.
js/regress/regexp-prototype-split-observable-side-effects3-flags-expected.txt: Added.
js/regress/regexp-prototype-split-observable-side-effects3-flags.html: Added.
js/regress/regexp-prototype-split-observable-side-effects3-global-expected.txt: Added.
js/regress/regexp-prototype-split-observable-side-effects3-global.html: Added.
js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Added.
js/regress/regexp-prototype-split-observable-side-effects3-ignoreCase.html: Added.
js/regress/regexp-prototype-split-observable-side-effects3-multiline-expected.txt: Added.
js/regress/regexp-prototype-split-observable-side-effects3-multiline.html: Added.
js/regress/regexp-prototype-split-observable-side-effects3-sticky-expected.txt: Added.
js/regress/regexp-prototype-split-observable-side-effects3-sticky.html: Added.
js/regress/regexp-prototype-split-observable-side-effects3-unicode-expected.txt: Added.
js/regress/regexp-prototype-split-observable-side-effects3-unicode.html: Added.
js/regress/regexp-prototype-split-observable-side-effects4-expected.txt: Added.
js/regress/regexp-prototype-split-observable-side-effects4.html: Added.

js/regress/script-tests/regexp-prototype-split-observable-side-effects.js: Added.
js/regress/script-tests/regexp-prototype-split-observable-side-effects2.js: Added.
js/regress/script-tests/regexp-prototype-split-observable-side-effects3-flags.js: Added.
js/regress/script-tests/regexp-prototype-split-observable-side-effects3-global.js: Added.
js/regress/script-tests/regexp-prototype-split-observable-side-effects3-ignoreCase.js: Added.
js/regress/script-tests/regexp-prototype-split-observable-side-effects3-multiline.js: Added.
js/regress/script-tests/regexp-prototype-split-observable-side-effects3-sticky.js: Added.
js/regress/script-tests/regexp-prototype-split-observable-side-effects3-unicode.js: Added.
js/regress/script-tests/regexp-prototype-split-observable-side-effects4.js: Added.

js/regress/script-tests/string-prototype-split-observable-side-effects.js: Added.
js/regress/script-tests/string-prototype-split-observable-side-effects2.js: Added.
js/regress/script-tests/string-prototype-split-observable-side-effects3-flags.js: Added.
js/regress/script-tests/string-prototype-split-observable-side-effects3-global.js: Added.
js/regress/script-tests/string-prototype-split-observable-side-effects3-ignoreCase.js: Added.
js/regress/script-tests/string-prototype-split-observable-side-effects3-multiline.js: Added.
js/regress/script-tests/string-prototype-split-observable-side-effects3-sticky.js: Added.
js/regress/script-tests/string-prototype-split-observable-side-effects3-unicode.js: Added.
js/regress/script-tests/string-prototype-split-observable-side-effects4.js: Added.

js/regress/string-prototype-split-observable-side-effects-expected.txt: Added.
js/regress/string-prototype-split-observable-side-effects.html: Added.
js/regress/string-prototype-split-observable-side-effects2-expected.txt: Added.
js/regress/string-prototype-split-observable-side-effects2.html: Added.
js/regress/string-prototype-split-observable-side-effects3-flags-expected.txt: Added.
js/regress/string-prototype-split-observable-side-effects3-flags.html: Added.
js/regress/string-prototype-split-observable-side-effects3-global-expected.txt: Added.
js/regress/string-prototype-split-observable-side-effects3-global.html: Added.
js/regress/string-prototype-split-observable-side-effects3-ignoreCase-expected.txt: Added.
js/regress/string-prototype-split-observable-side-effects3-ignoreCase.html: Added.
js/regress/string-prototype-split-observable-side-effects3-multiline-expected.txt: Added.
js/regress/string-prototype-split-observable-side-effects3-multiline.html: Added.
js/regress/string-prototype-split-observable-side-effects3-sticky-expected.txt: Added.
js/regress/string-prototype-split-observable-side-effects3-sticky.html: Added.
js/regress/string-prototype-split-observable-side-effects3-unicode-expected.txt: Added.
js/regress/string-prototype-split-observable-side-effects3-unicode.html: Added.
js/regress/string-prototype-split-observable-side-effects4-expected.txt: Added.
js/regress/string-prototype-split-observable-side-effects4.html: Added.

js/script-tests/Object-getOwnPropertyNames.js:
sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:

3:38 PM Changeset in webkit [199392] by Chris Dumez

7 edits
2 adds in trunk

Attr.value should not be nullable
https://bugs.webkit.org/show_bug.cgi?id=156515

Reviewed by Benjamin Poulain.

Source/WebCore:

Update Attr.value so that it is no longer nullable, as per:
https://dom.spec.whatwg.org/#interface-attr

This aligns our behavior with Firefox and Chrome as well.

Test: fast/dom/Attr/value-not-nullable.html

dom/Attr.cpp:

(WebCore::Attr::setValueForBindings):
(WebCore::Attr::setNodeValue):
(WebCore::Attr::setValue):

dom/Attr.h:
dom/Attr.idl:

LayoutTests:

Add layout test and rebaseline existing one now that Attr.value is no
longer nullable.

fast/dom/Attr/value-not-nullable-expected.txt: Added.
fast/dom/Attr/value-not-nullable.html: Added.
fast/dom/coreDOM-element-attribute-js-null-expected.txt:
fast/dom/coreDOM-element-attribute-js-null.xhtml:

2:52 PM Changeset in webkit [199391] by keith_miller@apple.com

2 edits
1 add in trunk/Source/JavaScriptCore

AbstractValue should use the result type to filter structures
https://bugs.webkit.org/show_bug.cgi?id=156516

Reviewed by Geoffrey Garen.

When filtering an AbstractValue with a SpeculatedType we would not use the merged type when
filtering out the valid structures (despite what the comment directly above said). This
would cause us to crash if our structure-set was Top and the two speculated types were
different kinds of cells.

dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::filter):

tests/stress/ai-consistency-filter-cells.js: Added.

(get value):
(attribute.value.get record):
(attribute.attrs.get this):
(get foo):
(let.thisValue.return.serialize):
(let.thisValue.transformFor):

2:35 PM Changeset in webkit [199390] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Show the normal Native icon for all Internal objects in Heap Snapshots
https://bugs.webkit.org/show_bug.cgi?id=156513

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-04-12
Reviewed by Timothy Hatcher.

UserInterface/Views/HeapSnapshotClusterContentView.js:

(WebInspector.HeapSnapshotClusterContentView.iconStyleClassNameForClassName):
Show the native icon for internal objects.

2:10 PM Changeset in webkit [199389] by fpizlo@apple.com

2 edits in trunk/Source/JavaScriptCore

Unreviewed, remove FIXME for https://bugs.webkit.org/show_bug.cgi?id=156457 and replace it
with a comment that describes what we do now.

bytecode/PolymorphicAccess.h:

2:04 PM Changeset in webkit [199388] by rniwa@webkit.org

5 edits in trunk/Websites/perf.webkit.org

Make sync-buildbot.js fault safe
https://bugs.webkit.org/show_bug.cgi?id=156498

Reviewed by Chris Dumez.

Fixed a bug that sync-buildbot.js will continue to schedule build requests from multiple test groups
if multiple test groups are simultaneously in-progress on the same builder. Also fixed a bug that if
a build request had failed without leaving a trace (i.e. no entry on any of the builders we know of),
sync-buildbot.js throws an exception.

server-tests/tools-buildbot-triggerable-tests.js: Added test cases.
tools/js/buildbot-syncer.js:

(BuildbotSyncer.prototype.scheduleRequestInGroupIfAvailable): Renamed. Optionally takes the slave name.
When this parameter is specified, schedule the request only if the specified slave is available.

tools/js/buildbot-triggerable.js:

(BuildbotTriggerable.prototype._scheduleNextRequestInGroupIfSlaveIsAvailable): Always use
scheduleRequestInGroupIfAvailable to schedule a new build request. Using scheduleRequest for non-first
build requests was problematic when there were multiple test groups with pending requests because then
we would schedule those pending requests without checking whether there is already a pending job or if
we have previously scheduled a job. Also fallback to use any syncer / builder when groupInfo.syncer is
not set even if the next request was not the first one in the test group since we can't determine on
which builder preceding requests are processed in such cases.

unit-tests/buildbot-syncer-tests.js:

2:03 PM Changeset in webkit [199387] by ddkilzer@apple.com

2 edits in trunk/LayoutTests

Web Inspector: inspector/heap/getRemoteObject.html is flakey
<http://webkit.org/b/156077>

Unreviewed test expectations update.

platform/mac-wk2/TestExpectations:

(inspector/heap/getRemoteObject.html): Update bug number.

1:56 PM Changeset in webkit [199386] by ddkilzer@apple.com

2 edits in trunk/LayoutTests

Web Inspector: inspector/heap/getRemoteObject.html is flakey
<http://webkit.org/b/156514>

Unreviewed test expectations update.

platform/mac-wk2/TestExpectations:

(inspector/heap/getRemoteObject.html): Mark as flakey.

1:47 PM Changeset in webkit [199385] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

Fixed uninitialization of Node::DataUnion with GCC 4.8.
https://bugs.webkit.org/show_bug.cgi?id=156507

Patch by Konstantin Tokarev <Konstantin Tokarev> on 2016-04-12
Reviewed by Michael Catanzaro.

This change fixes run time crashes caused by access to uninitialized
memory in Node::renderer().

No new tests needed.

dom/Node.h:

1:47 PM Changeset in webkit [199384] by sbarati@apple.com

2 edits in trunk/Source/JavaScriptCore

isLocked() assertion broke builds because ConcurrentJITLock isn't always a real lock.

Rubber-stamped by Filip Pizlo.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::resultProfileForBytecodeOffset):
(JSC::CodeBlock::ensureResultProfile):

1:40 PM Changeset in webkit [199383] by eric.carlson@apple.com

3 edits in trunk/Source/WebCore

[iOS] do not exit AirPlay when the screen locks
https://bugs.webkit.org/show_bug.cgi?id=156502
<rdar://problem/24616592>

Reviewed by Jer Noble.

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction): Add logging.
(WebCore::HTMLMediaElement::purgeBufferedDataIfPossible): Don't tell the media engine to purge

data if it is playing to a wireless target because that will drop the connection.

html/MediaElementSession.cpp:

(WebCore::MediaElementSession::playbackPermitted): Add logging.
(WebCore::MediaElementSession::canPlayToWirelessPlaybackTarget): Drive by fix: iOS doesn't

have an explicit playbackTarget, don't test for it.

(WebCore::MediaElementSession::isPlayingToWirelessPlaybackTarget): Ditto.

1:06 PM Changeset in webkit [199382] by fpizlo@apple.com

14 edits in trunk/Source

PolymorphicAccess should buffer AccessCases before regenerating
https://bugs.webkit.org/show_bug.cgi?id=156457

Reviewed by Benjamin Poulain.

Source/JavaScriptCore:

Prior to this change, whenever we added an AccessCase to a PolymorphicAccess, we would
regenerate the whole stub. That meant that we'd do O(N^{2) work for N access cases.}

One way to fix this is to have each AccessCase generate a stub just for itself, which
cascades down to the already-generated cases. But that removes the binary switch
optimization, which makes the IC perform great even when there are many cases.

This change fixes the issue by buffering access cases. When we take slow path and try to add
a new case, the StructureStubInfo will usually just buffer the new case without generating
new code. We simply guarantee that after we buffer a case, we will take at most
Options::repatchBufferingCountdown() slow path calls before generating code for it. That
option is currently 7. Taking 7 more slow paths means that we have 7 more opportunities to
gather more access cases, or to realize that this IC is too crazy to bother with.

This change ensures that the DFG still gets the same kind of profiling. This is because the
buffered AccessCases are still part of PolymorphicAccess and so are still scanned by
GetByIdStatus and PutByIdStatus. The fact that the AccessCases hadn't been generated and so
hadn't executed doesn't change much. Mainly, it increases the likelihood that the DFG will
see an access case that !couldStillSucceed(). The DFG's existing profile parsing logic can
handle this just fine.

There are a bunch of algorithmic changes here. StructureStubInfo now caches the set of
structures that it has seen as a guard to prevent adding lots of redundant cases, in case
we see the same 7 cases after buffering the first one. This cache means we won't wastefully
allocate 7 identical AccessCase instances. PolymorphicAccess is now restructured around
having separate addCase() and regenerate() calls. That means a bit more moving data around.
So far that seems OK for performance, probably since it's O(N) work rather than O(N^{2) work.

There is room for improvement for future patches, to be sure.

This is benchmarking as slightly positive or neutral on JS benchmarks. It's meant to reduce

pathologies I saw in page loads.}

bytecode/GetByIdStatus.cpp:

(JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):

bytecode/PolymorphicAccess.cpp:

(JSC::PolymorphicAccess::PolymorphicAccess):
(JSC::PolymorphicAccess::~PolymorphicAccess):
(JSC::PolymorphicAccess::addCases):
(JSC::PolymorphicAccess::addCase):
(JSC::PolymorphicAccess::visitWeak):
(JSC::PolymorphicAccess::dump):
(JSC::PolymorphicAccess::commit):
(JSC::PolymorphicAccess::regenerate):
(JSC::PolymorphicAccess::aboutToDie):
(WTF::printInternal):
(JSC::PolymorphicAccess::regenerateWithCases): Deleted.
(JSC::PolymorphicAccess::regenerateWithCase): Deleted.

bytecode/PolymorphicAccess.h:

(JSC::AccessCase::isGetter):
(JSC::AccessCase::callLinkInfo):
(JSC::AccessGenerationResult::AccessGenerationResult):
(JSC::AccessGenerationResult::madeNoChanges):
(JSC::AccessGenerationResult::gaveUp):
(JSC::AccessGenerationResult::buffered):
(JSC::AccessGenerationResult::generatedNewCode):
(JSC::AccessGenerationResult::generatedFinalCode):
(JSC::AccessGenerationResult::shouldGiveUpNow):
(JSC::AccessGenerationResult::generatedSomeCode):
(JSC::PolymorphicAccess::isEmpty):
(JSC::PolymorphicAccess::size):
(JSC::PolymorphicAccess::at):

bytecode/PutByIdStatus.cpp:

(JSC::PutByIdStatus::computeForStubInfo):

bytecode/StructureStubInfo.cpp:

(JSC::StructureStubInfo::StructureStubInfo):
(JSC::StructureStubInfo::addAccessCase):
(JSC::StructureStubInfo::reset):
(JSC::StructureStubInfo::visitWeakReferences):

bytecode/StructureStubInfo.h:

(JSC::StructureStubInfo::considerCaching):
(JSC::StructureStubInfo::willRepatch): Deleted.
(JSC::StructureStubInfo::willCoolDown): Deleted.

jit/JITOperations.cpp:
jit/Repatch.cpp:

(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::tryCachePutByID):
(JSC::repatchPutByID):
(JSC::tryRepatchIn):
(JSC::repatchIn):

runtime/JSCJSValue.h:
runtime/JSCJSValueInlines.h:

(JSC::JSValue::putByIndex):
(JSC::JSValue::structureOrNull):
(JSC::JSValue::structureOrUndefined):

runtime/Options.h:

Source/WTF:

wtf/TinyPtrSet.h:

(WTF::TinyPtrSet::add): Add a helpful comment because I had forgotten what the bool return meant.

12:37 PM Changeset in webkit [199381] by barraclough@apple.com

2 edits in trunk/Source/WebCore

WebKit should adopt journal_mode=wal for all SQLite databases.
https://bugs.webkit.org/show_bug.cgi?id=133496

Rubber stamped by Chris Dumez.

Temporarily disable on iOS - this broke a test.
(storage/websql/alter-to-info-table.html)

platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::open):

12:35 PM Changeset in webkit [199380] by Joseph Pecoraro

22 edits in trunk/Source

Web Inspector: Keyboard shortcut for "Inspect Element" only works when Web Inspector is open.
https://bugs.webkit.org/show_bug.cgi?id=111193
<rdar://problem/13325889>

Reviewed by Timothy Hatcher.

Source/WebCore:

inspector/InspectorClient.h:

(WebCore::InspectorClient::elementSelectionChanged):

inspector/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::setSearchingForNode):
Inform the client when element selection changes.

Source/WebInspectorUI:

UserInterface/Controllers/DOMTreeManager.js:

(WebInspector.DOMTreeManager.prototype.set inspectModeEnabled):
(WebInspector.DOMTreeManager.set inspectModeEnabled.callback):

UserInterface/Protocol/InspectorFrontendAPI.js:

(InspectorFrontendAPI.setElementSelectionEnabled):
Frontend API to enable element selection.

Source/WebKit2:

UIProcess/API/C/WKInspector.cpp:

(WKInspectorIsElementSelectionActive):
(WKInspectorToggleElementSelection):

UIProcess/API/C/WKInspector.h:

API for WebKit clients to toggle element selection.

UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::toggleElementSelection):
(WebKit::WebInspectorProxy::elementSelectionChanged):

UIProcess/WebInspectorProxy.h:

(WebKit::WebInspectorProxy::isElementSelectionActive):

UIProcess/WebInspectorProxy.messages.in:

UIProcess update according to the state of the page
and action to tell the page to toggle.
When starting, pre-connect the inspector. When the
state changes, if we were stopping and nothing was
selected, then disconnect. Otherwise, we will bring
the inspector to the front.

WebProcess/WebCoreSupport/WebInspectorClient.cpp:

(WebKit::WebInspectorClient::elementSelectionChanged):

WebProcess/WebCoreSupport/WebInspectorClient.h:

Let the UIProcess update its cached state of whether or
not element selection is enabled or disabled.

WebProcess/WebPage/WebInspector.cpp:

(WebKit::WebInspector::startElementSelection):
(WebKit::WebInspector::stopElementSelection):
(WebKit::WebInspector::elementSelectionChanged):

WebProcess/WebPage/WebInspector.h:
WebProcess/WebPage/WebInspector.messages.in:

Messages in both directions.
UIProcess -> InspectorProcess enable/disable.
WebProcess -> UIProcess updated element selection state.

WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::startElementSelection):
(WebKit::WebInspectorUI::stopElementSelection):

WebProcess/WebPage/WebInspectorUI.h:
WebProcess/WebPage/WebInspectorUI.messages.in:

Open the inspector and enable element selection.

12:35 PM Changeset in webkit [199379] by Joseph Pecoraro

16 edits in trunk

Web Inspector: Should be able to expand Objects in Heap Allocations View to see exactly what it retains
https://bugs.webkit.org/show_bug.cgi?id=156419
<rdar://problem/25633863>

Reviewed by Timothy Hatcher.

Source/WebInspectorUI:

Localizations/en.lproj/localizedStrings.js:
UserInterface/Main.html:

Remove strings, and fix sort.

UserInterface/Models/HeapSnapshotRootPath.js:

(WebInspector.HeapSnapshotRootPath.pathComponentForIndividualEdge):
(WebInspector.HeapSnapshotRootPath.canPropertyNameBeDotAccess):
(WebInspector.HeapSnapshotRootPath.prototype.appendPropertyName):
(WebInspector.HeapSnapshotRootPath.prototype._canPropertyNameBeDotAccess):
Provide a helper to get an path component string for an individual edge.

UserInterface/Models/PropertyPreview.js:

(WebInspector.PropertyPreview):
Fix an assert that may have errantly fired for an empty string name.

UserInterface/Proxies/HeapSnapshotNodeProxy.js:

(WebInspector.HeapSnapshotNodeProxy):
(WebInspector.HeapSnapshotNodeProxy.deserialize):
Include "hasChildren" property in the original proxy message.

(WebInspector.HeapSnapshotNodeProxy.prototype.retainedNodes):
The method now also returns a list of edges for each of the retained nodes.

UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:

(WebInspector.HeapSnapshotInstanceDataGridNode):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.createCellContent):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype.sort):
(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._populate):
An instance DataGrid node can now show children. It can expand to show
its retained node graph.

UserInterface/Workers/HeapSnapshot/HeapSnapshot.js:

(HeapSnapshot.instancesWithClassName):
(HeapSnapshot.prototype.dominatedNodes):
(HeapSnapshot.prototype.retainers):
(HeapSnapshot.prototype.serializeNode):
Remove unnecessary calls to bind in favor of using the thisObject argument.

(HeapSnapshot.prototype.retainedNodes):
Return a parallel list of edges for each of the nodes.

UserInterface/Views/HeapSnapshotClassDataGridNode.js:

(WebInspector.HeapSnapshotClassDataGridNode.prototype.createCellContent):
(WebInspector.HeapSnapshotClassDataGridNode.prototype._populate):

UserInterface/Views/HeapSnapshotClusterContentView.js:

(WebInspector.HeapSnapshotClusterContentView.prototype.get summaryContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype.get instancesContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype.shown):
(WebInspector.HeapSnapshotClusterContentView):
(WebInspector.HeapSnapshotClusterContentView.prototype.get navigationItems): Deleted.
(WebInspector.HeapSnapshotClusterContentView.prototype._contentViewExtraArguments): Deleted.
(WebInspector.HeapSnapshotClusterContentView.prototype._toggleShowInternalObjectsSetting): Deleted.
(WebInspector.HeapSnapshotClusterContentView.prototype._updateViewsForShowInternalObjectsSettingValue): Deleted.
(WebInspector.HeapSnapshotClusterContentView.prototype._updateShowInternalObjectsButtonNavigationItem): Deleted.

UserInterface/Views/HeapSnapshotInstancesContentView.js:

(WebInspector.HeapSnapshotInstancesContentView):
(WebInspector.HeapSnapshotInstancesContentView.prototype.get showInternalObjects): Deleted.
(WebInspector.HeapSnapshotInstancesContentView.prototype.set showInternalObjects): Deleted.

UserInterface/Views/HeapSnapshotInstancesDataGridTree.js:

(WebInspector.HeapSnapshotInstancesDataGridTree.prototype._populateTopLevel):
(WebInspector.HeapSnapshotInstancesDataGridTree):
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.get includeInternalObjects): Deleted.
(WebInspector.HeapSnapshotInstancesDataGridTree.prototype.set includeInternalObjects): Deleted.

UserInterface/Views/HeapSnapshotSummaryContentView.js:

Remove the show/hide internal objects button. In the Instances view we will
only show non-Internal objects at the top level, and show internal objects
when those instances are expanded.

LayoutTests:

inspector/unit-tests/heap-snapshot-expected.txt:
inspector/unit-tests/heap-snapshot.html:

Add a quick test that retainedNodes returns a list of edges.

11:44 AM Changeset in webkit [199378] by Chris Dumez

2 edits in trunk/Source/WebCore

Regression(r199360): assertion hit in Element::fastGetAttribute()
https://bugs.webkit.org/show_bug.cgi?id=156509

Reviewed by Ryosuke Niwa.

Stop using fastGetAttribute() / setAttributeWithoutSynchronization()
given that DOMTokenList is used for the class attribute and we need
to synchronize in this case.

No new tests, already covered by existing tests.

html/DOMTokenList.cpp:

(WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
(WebCore::DOMTokenList::tokens):

11:40 AM Changeset in webkit [199377] by mmaxfield@apple.com

3 edits
2 adds in trunk

[RTL Scrollbars] Overlay scrollbars push contents inwards
https://bugs.webkit.org/show_bug.cgi?id=156225
<rdar://problem/25137040>

Reviewed by Darin Adler.

Source/WebCore:

The contents should be pushed in by the occupied width of the
scrollbar, which is 0 for overlay scrollbars.

Test: fast/scrolling/rtl-scrollbars-overlay-no-push-contents.html

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::computeScrollDimensions):

LayoutTests:

fast/scrolling/rtl-scrollbars-overlay-no-push-contents-expected.html: Added.
fast/scrolling/rtl-scrollbars-overlay-no-push-contents.html: Added.

11:38 AM Changeset in webkit [199376] by sbarati@apple.com

3 edits in trunk/Source/JavaScriptCore

There is a race with the compiler thread and the main thread with result profiles
https://bugs.webkit.org/show_bug.cgi?id=156503

Reviewed by Filip Pizlo.

The compiler thread should not be asking for a result
profile while the execution thread is creating one.
We must guard against such races with a lock.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::resultProfileForBytecodeOffset):
(JSC::CodeBlock::ensureResultProfile):
(JSC::CodeBlock::capabilityLevel):

bytecode/CodeBlock.h:

(JSC::CodeBlock::couldTakeSlowCase):
(JSC::CodeBlock::numberOfResultProfiles):
(JSC::CodeBlock::specialFastCaseProfileCountForBytecodeOffset):
(JSC::CodeBlock::ensureResultProfile): Deleted.

11:33 AM Changeset in webkit [199375] by mmaxfield@apple.com

14 edits in trunk

[OS X] Flakey crash after ScrollAnimatorMac destruction
https://bugs.webkit.org/show_bug.cgi?id=156372

Reviewed by Darin Adler.

Source/WebCore:

Previously, we were disabling the mock scrollbars using JavaScript after
the WebView was created. However, enabling these mock scrollbars can be
triggered with a bit of state inside the WebPreferences object, which
means WebKit clients can change it at any point. DumpRenderTree is doing
this during the document's lifetime.

This means that the creation of the Scrollbar objects saw a non-mock
ScrollbarTheme, but the destruction of the Scrollbar objects saw a mock
ScrollbarTheme. Therefore, the non-mock ScrollbarTheme doesn't get
cleaned up correctly (ScrollAnimatorMac::willRemoveVerticalScrollbar()
returns early because it sees that there is nothing to deregister
due to the ScrollbarTheme being mocked).

This cleanup is necessary because it sets the NSScrollerImp's delegate
to nil before the NSScrollerImpDelegate gets destroyed. Because the
cleanup wasn't happening, the delegate pointer wasn't getting set to
nil, so the pointer was dangling, and AppKit was following it and
crashing.

Because the clients of this bit of state can change it at any time,
it is incorrect to change it in JavaScript. Instead, the client must
manage this bit of state (so the client and the web process are always
in sync). Therefore, the correct way to set this bit of state must be
done in the test runner rather than Javascript internals. The mechanism
we have to do that is the  comment at the
beginning of the test. This patch migrates to this mechanism and removes
the old internals method.

Test: fast/scrolling/rtl-scrollbars-animation-property.html

page/Settings.cpp:
testing/Internals.cpp:

(WebCore::Internals::setMockScrollbarsEnabled): Deleted.

testing/Internals.h:
testing/Internals.idl:

Tools:

Implement the new  flag.

WebKitTestRunner/TestController.cpp:

(WTR::TestController::createWebViewWithOptions):
(WTR::TestController::ensureViewSupportsOptionsForTest):
(WTR::TestController::resetPreferencesToConsistentValues):
(WTR::TestController::resetStateToConsistentValues):
(WTR::updateTestOptionsFromTestHeader):

WebKitTestRunner/TestController.h:
WebKitTestRunner/TestInvocation.cpp:

(WTR::TestInvocation::invoke):

WebKitTestRunner/TestOptions.h:
WebKitTestRunner/mac/PlatformWebViewMac.mm:

(WKR::PlatformWebView::viewSupportsOptions):

LayoutTests:

Migrate to the new mechanism for disabling mock scrollbars in tests.

fast/scrolling/rtl-scrollbars-animation-property.html:

10:55 AM Changeset in webkit [199374] by Matt Baker

2 edits in trunk/Source/WebInspectorUI

Web Inspector: clearing the console should exit all console groups
https://bugs.webkit.org/show_bug.cgi?id=156496
<rdar://problem/25676416>

Reviewed by Timothy Hatcher.

UserInterface/Views/LogContentView.js:

(WebInspector.LogContentView.prototype._logCleared):
Reset nesting level to zero.

10:40 AM Changeset in webkit [199373] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

Unreviewed, rolling out r199339.
https://bugs.webkit.org/show_bug.cgi?id=156505

memset_s is indeed necessary (Requested by alexchristensen_ on
#webkit).

Reverted changeset:

"Build fix after r199299."
https://bugs.webkit.org/show_bug.cgi?id=155508
http://trac.webkit.org/changeset/199339

10:27 AM Changeset in webkit [199372] by commit-queue@webkit.org

2 edits in trunk/Source/JavaScriptCore

MIPS: add MacroAssemblerMIPS::store8(TrustedImm32,ImplicitAddress)
https://bugs.webkit.org/show_bug.cgi?id=156481

This method with this signature is used by r199075, and therefore
WebKit doesn't build on MIPS since then.

Patch by Guillaume Emont <guijemont@igalia.com> on 2016-04-12
Reviewed by Mark Lam.

assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::store8):

10:08 AM Changeset in webkit [199371] by Darin Adler

7 edits in trunk/Source/WebCore

Remove UsePointersEvenForNonNullableObjectArguments from SVG lists
https://bugs.webkit.org/show_bug.cgi?id=156494

Reviewed by Chris Dumez.

bindings/scripts/CodeGenerator.pm:

(ShouldPassWrapperByReference): For now, don't do this for any tear-off classes.
This includes the items stored in most SVG list classes.

svg/SVGLengthList.idl: Removed UsePointersEvenForNonNullableObjectArguments.
svg/SVGNumberList.idl: Ditto.
svg/SVGPointList.idl: Ditto.
svg/SVGTransformList.idl: Ditto.

svg/SVGPathSegList.idl: Removed UsePointersEvenForNonNullableObjectArguments.

Marked the arguments nullable, and added FIXMEs about returning later since they
don't really need to be nullable. But fixing this requires some reworking of the
SVG list template and it's not urgent at this time. Preserves behavior where we
get an exception when passing null, it's just an SVG exception instead of TypeError.

9:58 AM Changeset in webkit [199370] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198243 - Occasional crash under GraphicsContext::platformContext() when dragging Google maps
https://bugs.webkit.org/show_bug.cgi?id=155521
rdar://problem/24357307

Reviewed by Tim Horton.

It's possible for createDragImageForSelection() to return a null image, if the bounds
of the selection are an empty rect. That would cause a crash under convertImageToBitmap()
because a zero-sized ShareableBitmap will return a null GraphicsContext.

To avoid this, early return from DragController::startDrag() if the dragImage is null.

I wasn't able to come up with a test for this.

page/DragController.cpp:

(WebCore::DragController::startDrag):

9:57 AM Changeset in webkit [199369] by Carlos Garcia Campos

9 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198238 - Delay HTMLFormControlElement::focus() call until after layout is finished.
https://bugs.webkit.org/show_bug.cgi?id=155503
<rdar://problem/24046635>

Reviewed by Simon Fraser.

Calling focus on a form element can trigger arbitrary JS code which could interfere with
the ongoing layout.
This patch delays HTMLFormControlElement::focus() call until after layout is finished.
If we are currently not in the middle of a layout, HTMLFormControlElement::focus() is delayed until
after style resolution is done.

Covered by LayoutTests/fast/dom/adopt-node-crash-2.html

accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::updateBackingStore):

dom/Document.cpp:

(WebCore::Document::updateStyleIfNeeded):
(WebCore::Document::updateLayout):
(WebCore::Document::updateLayoutIfDimensionsOutOfDate):

html/HTMLEmbedElement.cpp:

(WebCore::HTMLEmbedElement::renderWidgetLoadingPlugin):

html/HTMLFormControlElement.cpp:

(WebCore::HTMLFormControlElement::didAttachRenderers):

page/FrameView.cpp:

(WebCore::FrameView::layout):
(WebCore::FrameView::queuePostLayoutCallback):
(WebCore::FrameView::flushPostLayoutTasksQueue):
(WebCore::FrameView::performPostLayoutTasks):
(WebCore::FrameView::sendResizeEventIfNeeded):

page/FrameView.h:
rendering/RenderBox.cpp:

(WebCore::RenderBox::imageChanged):

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::scrollTo):

9:50 AM Changeset in webkit [199368] by Carlos Garcia Campos

9 edits in releases/WebKitGTK/webkit-2.12

Merge r198216 - REGRESSION (196383): Class change invalidation does not handle :not correctly
https://bugs.webkit.org/show_bug.cgi?id=155493
<rdar://problem/24846762>

Reviewed by Andreas Kling.

We fail to invalidate bar style in

:not(.foo) bar { }

when class foo is added or removed.

There is a logic error in the invalidation code. It assumes that class addition can only make new selectors match
and removal make them not match. This is not true when :not is present.

style/AttributeChangeInvalidation.h:

(WebCore::Style::AttributeChangeInvalidation::AttributeChangeInvalidation):

style/ClassChangeInvalidation.cpp:

(WebCore::Style::ClassChangeInvalidation::invalidateStyle):

Invalidate style and collect full set of rules that may affect descendant style.

(WebCore::Style::ClassChangeInvalidation::invalidateDescendantStyle):

Invalidate with this set both before and after committing the changes.

(WebCore::Style::ClassChangeInvalidation::computeClassChange): Deleted.

style/ClassChangeInvalidation.h:

(WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
(WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):

LayoutTests:
Class change invalidation does not handle :not correctly
https://bugs.webkit.org/show_bug.cgi?id=155493
<rdar://problem/24846762>

Reviewed by Andreas Kling.

fast/css/style-invalidation-attribute-change-descendants-expected.txt:
fast/css/style-invalidation-attribute-change-descendants.html:

Also add :not case for attribute changes (which handles this correctly already).

fast/css/style-invalidation-class-change-descendants-expected.txt:
fast/css/style-invalidation-class-change-descendants.html:

Add :not case.

9:46 AM Changeset in webkit [199367] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198205 - Leak: Accelerated ImageBufferCairo doesn't destroy the used textures
https://bugs.webkit.org/show_bug.cgi?id=155431

Patch by Miguel Gomez <magomez@igalia.com> on 2016-03-15
Reviewed by Žan Doberšek.

When using the Cairo backend, add a destructor to ImageBufferData and use it to destroy the
textures created if the buffer is being accelerated.

No new tests, already covered by existing ones.

platform/graphics/cairo/ImageBufferCairo.cpp:

(WebCore::ImageBufferData::ImageBufferData):
Store the renderingMode flag.
(WebCore::ImageBufferData::~ImageBufferData):
Destroy gl resources if renderingMode is accelerated.
(WebCore::ImageBuffer::ImageBuffer):
Pass renderingMode to the data class and use it fro checks instead of the function parameter.

platform/graphics/cairo/ImageBufferDataCairo.h:

Add destructor and a renderingMode flag.

9:44 AM Changeset in webkit [199366] by commit-queue@webkit.org

2 edits in trunk/Source/WTF

S390X and PPC64 architectures detection is wrong
https://bugs.webkit.org/show_bug.cgi?id=156337

Patch by Tomas Popela <tpopela@redhat.com> on 2016-04-12
Reviewed by Carlos Garcia Campos.

After the http://trac.webkit.org/changeset/198919 was committed
it showed that the PPC64 detection is wrong as the CPU(PPC) path was
activated even for PPC64. The thing is that GCC defines ppc
even on PPC64 and not just on PPC(32). The same applies for S390X.

wtf/Platform.h:

9:41 AM Changeset in webkit [199365] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore

Merge r198173 - [mips] Fix unaligned access in LLINT.
https://bugs.webkit.org/show_bug.cgi?id=153228

Address loads used with btbxx opcodes were wrongly converted to lw
instruction instead of lbu, leading to unaligned access on mips
platforms. This is not a bug as it's silently fixed up by kernel,
but it's more efficient to avoid unaligned accesses for mips.

Reviewed by Geoffrey Garen.

offlineasm/mips.rb:

9:40 AM Changeset in webkit [199364] by Carlos Garcia Campos

4 edits
6 adds in releases/WebKitGTK/webkit-2.12

Merge r198163 - Selecting with shift+drag results in unexpected drag-n-drop
https://bugs.webkit.org/show_bug.cgi?id=155314

Reviewed by Darin Adler.

Source/WebCore:

Test: editing/selection/shift-drag-selection-no-drag-n-drop.html

Whenever user tries to extend an existing text selection by dragging the mouse
(left button hold) with shift key pressed, WebKit enters drag-n-drop mode.
This behavior does not match common editing behavior out there, including other
browsers' (Firefox, Opera/Presto and IE).

Patch changes WebKit so that whenever one extends a selection with mouse
and shift key pressed off of a #text node, it does not enter drag-n-drop mode.

Additionally, patch also adds some further tests to ensure that when
selection is extended off of either a link or an image, drag-n-drop does
get triggered, no matter if shift key is pressed.

page/EventHandler.cpp:

(WebCore::EventHandler::handleMousePressEvent):

LayoutTests:

Tests that ensure that WebKit:

1) does not enter drag-n-drop mode and extending selection by dragging with mouse with shift key is pressed,

off of a #text node.

2) does enter drag-n-drop mode and extending selection by dragging with mouse with shift key is pressed,

off of a link.

3) does enter drag-n-drop mode and extending selection by dragging with mouse with shift key is pressed,

off of an image.

Note that (1) is a behavior changed by this patch, whereas (2) and (3) represent existing
behavior that is kept.
Tests are also skip for iOS similarly to other drag-n-drop related tests.

fast/events/shift-drag-selection-no-drag-n-drop-expected.txt: Added.
fast/events/shift-drag-selection-no-drag-n-drop.html: Added.
fast/events/shift-drag-selection-on-link-triggers-drag-n-drop-expected.txt: Added.
fast/events/shift-drag-selection-on-link-triggers-drag-n-drop.html: Added.
fast/events/shift-drag-selection-on-image-triggers-drag-n-drop-expected.txt: Added.
fast/events/shift-drag-selection-on-image-triggers-drag-n-drop.html: Added.

9:32 AM Changeset in webkit [199363] by Carlos Garcia Campos

5 edits
2 adds in releases/WebKitGTK/webkit-2.12

Merge r198090 - REGRESSION (r190840): crash inside details element's slotNameFunction
https://bugs.webkit.org/show_bug.cgi?id=155388

Reviewed by Antti Koivisto.

Source/WebCore:

The bug was caused by HTMLDetailsElement::isActiveSummary calling findAssignedSlot with a summary element
inside the shadow tree of the detials element. Fixed it by existing early when the summary element passed
to isActiveSummary is not a direct child of the details element.

Test: fast/html/details-summary-tabindex-crash.html

dom/ShadowRoot.cpp:

(WebCore::ShadowRoot::findAssignedSlot): Added an assertion for regression testing.

dom/SlotAssignment.cpp:

(WebCore::SlotAssignment::findAssignedSlot): Removed the superfluous call to assignSlots added in r190840.
There is no need to update the slot assignments here (entires in m_slots are added or removed by
addSlotElementByName or removeSlotElementByName and assignSlots only updates assignedNodes in each SlotInfo
which is never used in this function or findFirstSlotElement.

html/HTMLDetailsElement.cpp:

(WebCore::HTMLDetailsElement::isActiveSummary): Fixed the bug.

LayoutTests:

Added a regression test.

fast/html/details-summary-tabindex-crash-expected.txt: Added.
fast/html/details-summary-tabindex-crash.html: Added.

9:30 AM Changeset in webkit [199362] by Carlos Garcia Campos

4 edits
2 adds in releases/WebKitGTK/webkit-2.12

Merge r198087 - ComposedTreeIterator fails to traverse slots if root is shadow host
https://bugs.webkit.org/show_bug.cgi?id=155407

Reviewed by Darin Adler.

Source/WebCore:

Test: fast/shadow-dom/composed-tree-shadow-subtree.html

dom/ComposedTreeIterator.cpp:

(WebCore::ComposedTreeIterator::ComposedTreeIterator):

Traversal functions assume m_contextStack is deeper than 1 before they need to enter slot traversal code paths.
Call initializeContextStack in case of shadow host which does the right thing.

(WebCore::ComposedTreeIterator::traverseSiblingInSlot):
(WebCore::composedTreeAsText):

Add option to include pointers as debugging aid.

dom/ComposedTreeIterator.h:

(WebCore::composedTreeChildren):

LayoutTests:

fast/shadow-dom/composed-tree-shadow-subtree-expected.txt: Added.
fast/shadow-dom/composed-tree-shadow-subtree.html: Added.

9:27 AM Changeset in webkit [199361] by Carlos Garcia Campos

5 edits
4 adds in releases/WebKitGTK/webkit-2.12

Merge r198075 - REGRESSION (r188647): Teamtreehouse website sidebar buttons are not rendered
https://bugs.webkit.org/show_bug.cgi?id=155400
<rdar://problem/24818602>

Reviewed by Anders Carlsson.

Source/WebCore:

When we unprefixed CSS filters we accidentally
stopped SVG elements that use the CSS filter shorthands
from rendering. We still don't actually support
the shorthands in this case, but we should render
the element without the filter.

Tests: css3/filters/filters-on-svg-element.html

css3/filters/filters-on-svg-root.html

rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::hasReferenceFilterOnly): Add
this new function that tells us if we have the
style of filter that we can handle in SVG content.

rendering/style/RenderStyle.h:
rendering/svg/SVGRenderingContext.cpp:

(WebCore::SVGRenderingContext::prepareToRenderSVGContent):
We can mark an element as ready to render if it
has a shorthand filter.

LayoutTests:

Add tests with SVG content that uses CSS filter
shorthands. These particular filters are no-ops
so should not affect rendering. If they actually
tried to do something you wouldn't see them work
until we enable shorthand filters on SVG content.

css3/filters/filters-on-svg-element-expected.html: Added.
css3/filters/filters-on-svg-element.html: Added.
css3/filters/filters-on-svg-root-expected.html: Added.
css3/filters/filters-on-svg-root.html: Added.

9:21 AM Changeset in webkit [199360] by Chris Dumez

8 edits in trunk/Source/WebCore

Lazily update tokens in DOMTokenList when the associated attribute value changes
https://bugs.webkit.org/show_bug.cgi?id=156474

Reviewed by Ryosuke Niwa.

Lazily update tokens in DOMTokenList when the associated attribute value
changes for performance. Constructing the sanitized vector of tokens
every time the associated Element attribute changes is too expensive.
Instead, we mark the vector as dirty whenever the attribute changes, and
we only construct the sanitized vector when it is actually required.

Also do some renaming for clarity.

There is no web-exposed behavior change.

dom/Element.cpp:

(WebCore::Element::classAttributeChanged):

html/DOMTokenList.cpp:

(WebCore::DOMTokenList::contains):
(WebCore::DOMTokenList::addInternal):
(WebCore::DOMTokenList::removeInternal):
(WebCore::DOMTokenList::toggle):
(WebCore::DOMTokenList::value):
(WebCore::DOMTokenList::setValue):
(WebCore::DOMTokenList::updateTokensFromAttributeValue):
(WebCore::DOMTokenList::associatedAttributeValueChanged):
(WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
(WebCore::DOMTokenList::tokens):
(WebCore::DOMTokenList::DOMTokenList): Deleted.

html/DOMTokenList.h:

(WebCore::DOMTokenList::tokens):
(WebCore::DOMTokenList::length):
(WebCore::DOMTokenList::item):

html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::parseAttribute):

html/HTMLIFrameElement.cpp:

(WebCore::HTMLIFrameElement::parseAttribute):

html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::parseAttribute):

html/HTMLOutputElement.cpp:

(WebCore::HTMLOutputElement::parseAttribute):

9:16 AM Changeset in webkit [199359] by Carlos Garcia Campos

3 edits
3 adds in releases/WebKitGTK/webkit-2.12

Merge r198050 - WebKit should not be redirected to an invalid URL
https://bugs.webkit.org/show_bug.cgi?id=155263
<rdar://problem/22820172>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: http/tests/navigation/redirect-to-invalid-url.html

loader/SubresourceLoader.cpp:

(WebCore::SubresourceLoader::willSendRequestInternal):

LayoutTests:

http/tests/navigation/redirect-to-invalid-url-expected.txt: Added.
http/tests/navigation/redirect-to-invalid-url.html: Added.
http/tests/navigation/resources/redirect-to-invalid-url-frame.php: Added.

9:15 AM Changeset in webkit [199358] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r198044 - Fix typo in StyleTreeResolver.cpp
https://bugs.webkit.org/show_bug.cgi?id=139946

Patch by Maksim Kisilev <mkisilev@yandex-team.ru> on 2016-03-10
Reviewed by Andy Estes.

The constructor for CheckForVisibilityChangeOnRecalcStyle was improperly comparing the
result of WKContentChange() (which is not a function) to WKContentVisibilityChange. I
believe the above cast would implicitly resolve to WKContentNoChange in all cases,
whether a visibility change had been observed or not.

This patch corrects this problem. I would expect that this might affect some content
visibility change behavior, but I'm not sure what the appropriate test case would be
since this was apparently found through code inspection.

style/StyleTreeResolver.cpp:

(WebCore::Style::CheckForVisibilityChangeOnRecalcStyle::CheckForVisibilityChangeOnRecalcStyle):

9:11 AM Changeset in webkit [199357] by Darin Adler

2 edits in trunk/Source/WebCore

Remove UsePointersEvenForNonNullableObjectArguments from HTMLMediaElement
https://bugs.webkit.org/show_bug.cgi?id=156492

Reviewed by Chris Dumez.

html/HTMLMediaElement.idl: Removed UsePointersEvenForNonNullableObjectArguments,

sorted remaining class attributes, simplified #if around canPlayType a bit,
removed comment that is not all that useful, made the argument to
webkitSetMediaKeys nullable since the implementation supports that.

9:10 AM Changeset in webkit [199356] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.12

Merge r197989 - CRASH at WebCore::RenderView::updateVisibleViewportRect
https://bugs.webkit.org/show_bug.cgi?id=155209
<rdar://problem/23997530>

Reviewed by Simon Fraser.

Source/WebCore:

Test: media/video-crash-invisible-autoplay-display-none.html

Between the time when the video element's renderer is created and destroyed, we may have unset the
InvisibleAutoplayNotPermitted restriction. So rather than check for that restriction before
unregistering for the "visible in viewport" notification, unregister only if the renderer
was previously registered.

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::willDetachRenderers):

LayoutTests:

(These files were mistakenly landed in a previous commit:)

media/video-crash-invisible-autoplay-display-none-expected.txt: Added.
media/video-crash-invisible-autoplay-display-none.html: Added.

9:08 AM Changeset in webkit [199355] by Carlos Garcia Campos

8 edits in releases/WebKitGTK/webkit-2.12/Source/WebCore

Merge r197967 - REGRESSION: GuardMallloc crash in SVGListPropertyTearOff<SVGPointList>::processIncomingListItemWrapper
https://bugs.webkit.org/show_bug.cgi?id=154969

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-03-10
Reviewed by Darin Adler.

The life cycle of the SVGAnimatedPropertyTearOff::m_baseVal and m_animVal
was not correct. Like what was done in SVGAnimatedListPropertyTearOff,
m_baseVal and m_animVal have to be raw RefCounted pointers. When requested
through, SVGAnimatedPropertyTearOff::baseVal() and animVal() they are
encapsulated in a RefPtr to ensure they existence as long as they are
referenced. When the animated property object (which is stored in either
m_baseVal or m_animVal) is not referenced by anyone, it is going to be
deleted. In the destructor of their class, SVGAnimatedPropertyTearOff
will be notified of this deletion through propertyWillBeDeleted() to clean
its member m_baseVal or m_animVal.

bindings/scripts/CodeGeneratorJS.pm:

(NativeToJSValue): Now all the SVG animated property return RefPtrs. In
addition to that, SVGViewSpec.transform also returns
RefPtr<SVGTransformListPropertyTearOff>.

svg/properties/SVGAnimatedListPropertyTearOff.h:

(WebCore::SVGAnimatedListPropertyTearOff::animVal):
(WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
(WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
(WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
(WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
(WebCore::SVGAnimatedListPropertyTearOff::isAnimating):
(WebCore::SVGAnimatedListPropertyTearOff::propertyWillBeDeleted):
Change propertyWillBeDeleted() to be virtual and make it takes an SVGProperty*.
Rename m_animatingAnimVal to be m_animatedProperty. Add isAnimating() which
returns true if m_animatedProperty is not null. Use isAnimating() instead of
m_isAnimating because it's deleted from the base class.

svg/properties/SVGAnimatedProperty.cpp:

(WebCore::SVGAnimatedProperty::SVGAnimatedProperty):
(WebCore::SVGAnimatedProperty::~SVGAnimatedProperty):

svg/properties/SVGAnimatedProperty.h:

(WebCore::SVGAnimatedProperty::isAnimating):
(WebCore::SVGAnimatedProperty::propertyWillBeDeleted):
Delete m_isAnimating since its value can be deduced from the value of
m_animatedProperty in the derived class. Add propertyWillBeDeleted() and
isAnimating() as virtual functions with the default behavior.

svg/properties/SVGAnimatedPropertyTearOff.h:

(WebCore::SVGAnimatedPropertyTearOff::baseVal):
(WebCore::SVGAnimatedPropertyTearOff::animVal):
Like SVGAnimatedListPropertyTearOff::baseVal() and animVal() create the
value if it does not exist. Keep a raw RefCounted pointer but return a
RefPtr.

(WebCore::SVGAnimatedPropertyTearOff::isAnimating):
(WebCore::SVGAnimatedPropertyTearOff::propertyWillBeDeleted):
Override virtual functions.

(WebCore::SVGAnimatedPropertyTearOff::currentAnimatedValue):
(WebCore::SVGAnimatedPropertyTearOff::animationStarted):
(WebCore::SVGAnimatedPropertyTearOff::animationEnded):
(WebCore::SVGAnimatedPropertyTearOff::animValWillChange):
(WebCore::SVGAnimatedPropertyTearOff::animValDidChange):
Replace m_isAnimating with isAnimating(). Ensure that we get a new animated
property through animVal() and store it in a RefPtr to ensure it will not
go away while animating.

svg/properties/SVGAnimatedStaticPropertyTearOff.h:

(WebCore::SVGAnimatedStaticPropertyTearOff::isAnimating):
(WebCore::SVGAnimatedStaticPropertyTearOff::currentAnimatedValue):
(WebCore::SVGAnimatedStaticPropertyTearOff::animationStarted):
(WebCore::SVGAnimatedStaticPropertyTearOff::animationEnded):
(WebCore::SVGAnimatedStaticPropertyTearOff::animValWillChange):
(WebCore::SVGAnimatedStaticPropertyTearOff::animValDidChange):
Add isAnimating() and replace all the instances of m_isAnimating with calls
to isAnimating().

svg/properties/SVGPropertyTearOff.h:

(WebCore::SVGPropertyTearOff::animatedProperty):
(WebCore::SVGPropertyTearOff::setAnimatedProperty):
(WebCore::SVGPropertyTearOff::contextElement):
(WebCore::SVGPropertyTearOff::SVGPropertyTearOff):
(WebCore::SVGPropertyTearOff::~SVGPropertyTearOff):
SVGPropertyTearOff is what SVGAnimatedPropertyTearOff creates for its
baseVal() and animVal() values. These values can be null anytime once
they are not referenced. The SVGAnimatedPropertyTearOff holds only raw
RefCounted pointer for them. So (1) SVGPropertyTearOff needs to hold a
RefPtr for its SVGAnimatedProperty and (2) it needs to notify its
SVGAnimatedProperty when it's deleted by calling propertyWillBeDeleted()
from the destructor. Also there is no need to get the contextElement()
and save it in class member, m_contextElement since it can be always be
retrieved from SVGAnimatedProperty::contextElement().

8:53 AM WebKitGTK/2.12.x edited by tpopela@redhat.com

(diff)

8:46 AM Changeset in webkit [199354] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.12

Merge r197788 - Support iterating over an OptionSet and checking if it is empty
https://bugs.webkit.org/show_bug.cgi?id=154941
<rdar://problem/24964187>

Reviewed by Darin Adler.

Source/WTF:

Implements support for iterating over the enumerators in an OptionSet as well as
determining if the set is empty.

Iterating over an OptionSet is in Big Theta(N) where N is the number of items in
the set. More precisely, it is in Big Theta(log M) where M is the bitmask represented
by the bitwise OR-ing of all enumerators in the set.

wtf/OptionSet.h: Added comment to describe the purpose of this class and its invariant -

the enumerators must be positive powers of two.
(WTF::OptionSet::Iterator::operator*): Returns the enumerator pointed to by the iterator.
(WTF::OptionSet::Iterator::operator++): Advance to the next smallest enumerator in the set.
(WTF::OptionSet::Iterator::operator==): Returns whether the iterator is equal to the specified iterator.
(WTF::OptionSet::Iterator::operator!=): Returns whether the iterator is not equal to the specified iterator.
(WTF::OptionSet::Iterator::Iterator): Added.
(WTF::OptionSet::fromRaw): Instantiate using specialized private constructor to allow
instantiation with a raw value of 0.
(WTF::OptionSet::OptionSet): Specialized constructor that asserts that the specified value
is a positive power of two. This variant is only compiled when assertions are enabled (i.e. !ASSERT_DISABLED).
(WTF::OptionSet::isEmpty): Returns whether the set is empty.
(WTF::OptionSet::begin): Returns an iterator to the enumerator with the smallest value in the set.
(WTF::OptionSet::end): Returns an iterator that represents the end sentinel of the set.

Tools:

Add tests to ensure that we do not regression both iteration of an OptionSet and
determining whether an OptionSet is empty.

TestWebKitAPI/Test.h:

(TestWebKitAPI::Util::assertStrongEnum): Helper function to assert two strong enum type for equality.

TestWebKitAPI/Tests/WTF/OptionSet.cpp:

(TestWebKitAPI::TEST):

8:45 AM Changeset in webkit [199353] by Carlos Garcia Campos

7 edits
2 adds in releases/WebKitGTK/webkit-2.12

Merge r197191,r197523 - Add WTF::OptionSet and use it for the website data types enum
https://bugs.webkit.org/show_bug.cgi?id=154733

Patch by Anders Carlsson <andersca@apple.com> on 2016-02-26
Reviewed by Geoffrey Garen.

Add WTF::OptionSet which makes it easier to use strong enums as flags.

WTF.xcodeproj/project.pbxproj:
wtf/Forward.h:
wtf/OptionSet.h: Copied from Source/WebKit2/Shared/WebsiteData/WebsiteData.h.

(WTF::OptionSet::fromRaw):
(WTF::OptionSet::OptionSet):
(WTF::OptionSet::toRaw):
(WTF::OptionSet::contains):
(WTF::OptionSet::operator|=):

8:21 AM Changeset in webkit [199352] by sbarati@apple.com

9 edits in trunk

We incorrectly parse arrow function expressions
https://bugs.webkit.org/show_bug.cgi?id=156373

Reviewed by Mark Lam.

Source/JavaScriptCore:

This patch removes the notion of "isEndOfArrowFunction".
This was a very weird function and it was incorrect.
It checked that the arrow functions with concise body
grammar production "had a valid ending". "had a valid
ending" is in quotes because concise body arrow functions
have a valid ending as long as their body has a valid
assignment expression. I've removed all notion of this
function because it was wrong and was causing us
to throw syntax errors on valid programs.

parser/Lexer.cpp:

(JSC::Lexer<T>::nextTokenIsColon):
(JSC::Lexer<T>::lex):
(JSC::Lexer<T>::setTokenPosition): Deleted.

parser/Lexer.h:

(JSC::Lexer::setIsReparsingFunction):
(JSC::Lexer::isReparsingFunction):
(JSC::Lexer::lineNumber):

parser/Parser.cpp:

(JSC::Parser<LexerType>::parseInner):
(JSC::Parser<LexerType>::parseArrowFunctionSingleExpressionBodySourceElements):
(JSC::Parser<LexerType>::parseFunctionInfo):

parser/Parser.h:

(JSC::Parser::matchIdentifierOrKeyword):
(JSC::Parser::tokenStart):
(JSC::Parser::autoSemiColon):
(JSC::Parser::canRecurse):
(JSC::Parser::isEndOfArrowFunction): Deleted.
(JSC::Parser::setEndOfStatement): Deleted.

tests/stress/arrowfunction-others.js:

(testCase):
(simpleArrowFunction):
(truthy):
(falsey):

LayoutTests:

js/parser-syntax-check-expected.txt:
js/script-tests/parser-syntax-check.js:

(catch):

8:19 AM Changeset in webkit [199351] by eric.carlson@apple.com

10 edits in trunk/Source/WebCore

[iOS] media title sometimes remain in Control Center after tab is closed
https://bugs.webkit.org/show_bug.cgi?id=156243
<rdar://problem/20167445>

Reviewed by Darin Adler.

Modules/webaudio/AudioContext.h: Implement characteristics.

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaLoadingFailed): Call mediaSession->clientCharacteristicsChanged.
(WebCore::HTMLMediaElement::setReadyState): Ditto.
(WebCore::HTMLMediaElement::clearMediaPlayer): Ditto.
(WebCore::HTMLMediaElement::stop): Call mediaSession->stopSession.
(WebCore::HTMLMediaElement::characteristics): New, return current characteristics.

html/HTMLMediaElement.h:

platform/audio/PlatformMediaSession.cpp:

(WebCore::PlatformMediaSession::stopSession): Suspend playback, and remove the session

from the manager, it will never play again.

(WebCore::PlatformMediaSession::characteristics): Return client characteristics.
(WebCore::PlatformMediaSession::clientCharacteristicsChanged):

platform/audio/PlatformMediaSession.h:

platform/audio/PlatformMediaSessionManager.cpp:

(WebCore::PlatformMediaSessionManager::stopAllMediaPlaybackForProcess): Call stopSession

instead of pauseSession to signal that playback will never start again.

platform/audio/PlatformMediaSessionManager.h:

platform/audio/ios/MediaSessionManagerIOS.h:
platform/audio/ios/MediaSessionManagerIOS.mm:

(WebCore::MediaSessionManageriOS::sessionWillBeginPlayback): Add logging.
(WebCore::MediaSessionManageriOS::removeSession): Update NowPlaying.
(WebCore::MediaSessionManageriOS::sessionWillEndPlayback): Add logging.
(WebCore::MediaSessionManageriOS::clientCharacteristicsChanged): Update NowPlaying.
(WebCore::MediaSessionManageriOS::nowPlayingEligibleSession): New, return the first session

that is an audio or video element with playable audio. WebAudio is not currently controllable
so it isn't appropriate to show it in the NowPlaying info center.

(WebCore::MediaSessionManageriOS::updateNowPlayingInfo): Remember the last state passed to

NowPlaying so we can call it only when something has changed.

7:56 AM Changeset in webkit [199350] by commit-queue@webkit.org

2 edits in trunk/Tools

Modify the CXXFLAGS in webkitdirs.pm just on architectures where the flags are supported
https://bugs.webkit.org/show_bug.cgi?id=156338

Patch by Tomas Popela <tpopela@redhat.com> on 2016-04-12
Reviewed by Michael Catanzaro.

Add the "-march=pentium4 -msse2 -mfpmath=sse " into the CXXFLAGS just
for the i686 where it is supported and not for other architectures
(such as s390(x) and ppc(64)) where the build will fail with these
CXXFLAGS.

Scripts/webkitdirs.pm:

(generateBuildSystemFromCMakeProject):

6:52 AM Changeset in webkit [199349] by Carlos Garcia Campos

7 edits in releases/WebKitGTK/webkit-2.12

Merge r197874 - Move attributes to the instance for most interfaces that have "Error" in their name
https://bugs.webkit.org/show_bug.cgi?id=155231

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Rebaseline now that more checks are passing.

web-platform-tests/html/dom/interfaces-expected.txt:

Source/WebCore:

Our bindings generator was keeping attributes on the instances for
interfaces having "Error" or "Exception" in their name. The reason is
that interfaces that have "Error" in their prototype would not behave
correctly otherwise because "Error" incorrectly has its attributes on
the instance at the moment. However, in our bindings generator, the
condition to decide if an interface's prototype should be "Error" is
if $interface->isException. Therefore, we should use the same condition
to decide if we should keep attributes on the instance until "Error"
is updated to have its attributes on the prototype. Doing this for any
interface having "Error" or "Exception" in their name is overkill.

No new tests, already covered by existing test.

bindings/scripts/CodeGeneratorJS.pm:

(InterfaceRequiresAttributesOnInstance):

6:33 AM Changeset in webkit [199348] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.12

Merge r197868 - Removing and re-adding a script message handler with the same name results in an unusable message handler
https://bugs.webkit.org/show_bug.cgi?id=155223

Reviewed by Sam Weinig.
Source/WebCore:

New API test: WKUserContentController.ScriptMessageHandlerReplaceWithSameName.

page/UserMessageHandler.h:

(WebCore::UserMessageHandler::descriptor):

page/UserMessageHandlersNamespace.cpp:

(WebCore::UserMessageHandlersNamespace::handler):
This lazy removal mechanism combined with the fact that we only compare
handler name and world makes it such that m_messageHandlers could have
a stale UserMessageHandler with a UserMessageHandlerDescriptor that differed
only in client.

It is safe to compare the descriptors by pointer instead because m_messageHandler
holds a strong reference to its UserMessageHandlerDescriptors, and this will ensure
that the add-remove-add path (with identical name and world) causes a new
UserContentController to be created.

We also now clean up any stale UserMessageHandlers whenever we're about to
add a new one, by removing any which the UserContentController no longer knows about.

Tools:

TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:

(TEST):
Add a test ensuring that it is possible to remove and re-add a script message handler
with the same name and still dispatch messages to it.

6:25 AM Changeset in webkit [199347] by Carlos Garcia Campos

3 edits
3 adds in releases/WebKitGTK/webkit-2.12

Merge r197858 - Local HTML should be blocked from localStorage access unless "Disable Local File Restrictions" is checked..
https://bugs.webkit.org/show_bug.cgi?id=155185
<rdar://problem/11101440>

Reviewed by Zalan Bujtas.

Source/WebCore:

Tested by storage/domstorage/localstorage/blocked-file-access.html.

page/SecurityOrigin.cpp:

(WebCore::SecurityOrigin::canAccessStorage): If the origin is a local file, and we have not been granted
universal file access, prevent access to DOM localStorage.

LayoutTests:

storage/domstorage/localstorage/blocked-file-access-expected.txt: Added.
storage/domstorage/localstorage/blocked-file-access.html: Added.
storage/domstorage/localstorage/resources/blocked-example.html: Added.

6:25 AM Changeset in webkit [199346] by Carlos Garcia Campos

6 edits in releases/WebKitGTK/webkit-2.12/Source

Merge r198532 - [GTK] WebInspector broken after r197620
https://bugs.webkit.org/show_bug.cgi?id=155497
<rdar://problem/25171910>

Patch by Carlos Garcia Campos <cgarcia@igalia.com> on 2016-03-22
Reviewed by Philippe Normand.

Source/WebCore:

Add resource scheme to the list of secure protocols.

platform/SchemeRegistry.cpp:

(WebCore::secureSchemes):

Source/WebKit2:

Stop registering resource:// URLs as local, because they are not
like a local file at all. Compare also the URL protocols when
checking whether requested URL is main or test inspector page
instead of checking that the protocol is registered as local.

UIProcess/WebInspectorProxy.cpp:

(WebKit::isMainOrTestInspectorPage): Compare also the URL protocols.

UIProcess/WebInspectorProxy.h:
UIProcess/gtk/WebInspectorProxyGtk.cpp:

(WebKit::WebInspectorProxy::platformCreateInspectorPage): Do not
set setAllowFileAccessFromFileURLs setting to true.

UIProcess/gtk/WebProcessPoolGtk.cpp:

(WebKit::WebProcessPool::platformInitializeWebProcess): Do not
register resource:// URLS as local.

6:14 AM Changeset in webkit [199345] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.12

Merge r197856 - ImageDocuments leak their world.
<https://webkit.org/b/155167>
<rdar://problem/24987363>

Reviewed by Antti Koivisto.

Source/WebCore:

ImageDocument uses a special code path in ImageLoader in order to manually
control how the image is loaded. It has to do this because the ImageDocument
is really just a synthetic wrapper around a main resource that's an image.

This custom loading code had a bug where it would create a new CachedImage
and neglect to set its CachedResource::m_state flag to Pending (which is
normally set by CachedResource::load(), but we don't call that for these.)

This meant that when ImageDocument called CachedImage::finishLoading() to
trigger the notifyFinished() callback path, the image would look at its
loading state and see that it was Unknown (not Pending), and conclude that
it hadn't loaded yet. So we never got the notifyFinished() signal.

The world leaks here because ImageLoader slaps a ref on its <img> element
while it waits for the loading operation to complete. Once finished, whether
successfully or with an error, it derefs the <img>.

Since we never fired notifyFinished(), we ended up with an extra ref on
these <img> forever, and then the element kept its document alive too.

Test: fast/dom/ImageDocument-world-leak.html

loader/ImageLoader.cpp:

(WebCore::ImageLoader::updateFromElement):

LayoutTests:

Made a little test that loads an image into an <iframe> 10 times and then
triggers a garbage collection and checks that all the documents got destroyed.

Prior to this change, all 10 ImageDocuments would remain alive at the end.

This got rolled out the first time because it failed on bots. It failed due
to expecting a specific number of documents to be live at the start of the
test, which was not reliable on bots since we appear to have more leaks(!)

Tweaked the test to check the delta in live document count instead.

fast/dom/ImageDocument-world-leak-expected.txt: Added.
fast/dom/ImageDocument-world-leak.html: Added.

5:42 AM Changeset in webkit [199344] by Carlos Garcia Campos

5 edits in trunk/Source/WebCore

[GTK] Rework scrollbars theming code for GTK+ 3.20
https://bugs.webkit.org/show_bug.cgi?id=156462

Reviewed by Michael Catanzaro.

In r199292, we reworked the theming code to ensure it works with the new GTK+ CSS theming system. The same is
needed for scrollbars, this patch uses the RenderThemeGadget classes introduced in r199292 to render the native
scrollbars. The code is now split in 3 parts: stub methods for GTK+2 (since this file is compiled for
WebCoreGTK, but not used), the implementation for GTK+ < 3.20 and the implementation for GTK+ >= 3.20. This
reduces the amount of ifdefed code, and ensures that changes in new code don't break the rendering with older
versions of GTK+. I noticed that we were overriding both, the specific paint methods to render scrollbars
parts and the global paint method that renders all the scrollbar parts. We don't really need the specific paint
methods, so I've removed the implemention leaving only the paint method. This also allows us to get rid of the
GtkStyleContext cache.

platform/gtk/RenderThemeGadget.cpp:

(WebCore::RenderThemeGadget::create): Handle scrollbars gadgets.
(WebCore::appendElementToPath): In case of scrollbar gadget, use the scrollbar GType when creating the path to
be able to get non-CSS style properties.
(WebCore::RenderThemeGadget::opacity): Add method to get the opacity CSS style property.
(WebCore::RenderThemeScrollbarGadget::RenderThemeScrollbarGadget): Initialize m_steppers option set with the
steppers used by the theme.

platform/gtk/RenderThemeGadget.h:
platform/gtk/ScrollbarThemeGtk.cpp:

(WebCore::themeChangedCallback):
(WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
(WebCore::createStyleContext):
(WebCore::createChildStyleContext):
(WebCore::ScrollbarThemeGtk::themeChanged):
(WebCore::ScrollbarThemeGtk::updateThemeProperties):
(WebCore::scrollbarPartStateFlags):
(WebCore::scrollbarGadgetForLayout):
(WebCore::contentsGadgetForLayout):
(WebCore::ScrollbarThemeGtk::trackRect):
(WebCore::ScrollbarThemeGtk::hasThumb):
(WebCore::ScrollbarThemeGtk::backButtonRect):
(WebCore::ScrollbarThemeGtk::forwardButtonRect):
(WebCore::ScrollbarThemeGtk::paint):
(WebCore::paintStepper):
(WebCore::adjustRectAccordingToMargin):
(WebCore::ScrollbarThemeGtk::scrollbarThickness):
(WebCore::ScrollbarThemeGtk::minimumThumbLength):

platform/gtk/ScrollbarThemeGtk.h:

5:21 AM Changeset in webkit [199343] by svillar@igalia.com

9 edits
4 adds in trunk

[css-grid] Add parsing support for <auto-repeat> syntax
https://bugs.webkit.org/show_bug.cgi?id=155583

Reviewed by Antti Koivisto.

Source/WebCore:

The repeat() notation allows now to specify auto-fill or auto-fit instead of
a fixed number of repetitions meaning that it will be automatically computed
depending on the available space.

This patch just adds the parsing support, the expansion of the repeat notation
will be implemented in a follow up patch because it cannot be done at
parsing level (since it requires knowledge about the available space).

Test: fast/css-grid-layout/grid-element-auto-repeat-get-set.html

CMakeLists.txt:
css/CSSGridAutoRepeatValue.cpp: Added.

(WebCore::CSSGridAutoRepeatValue::customCSSText):

css/CSSGridAutoRepeatValue.h: Added.

(WebCore::CSSGridAutoRepeatValue::create):
(WebCore::CSSGridAutoRepeatValue::autoRepeatID):
(WebCore::CSSGridAutoRepeatValue::CSSGridAutoRepeatValue):

css/CSSParser.cpp:

(WebCore::allTracksAreFixedSized):
(WebCore::CSSParser::parseGridTrackList):
(WebCore::CSSParser::parseGridTrackRepeatFunction):
(WebCore::CSSParser::parseGridTrackSize):
(WebCore::CSSParser::parseGridBreadth):

css/CSSParser.h:
css/CSSValue.cpp:

(WebCore::CSSValue::equals):
(WebCore::CSSValue::cssText):
(WebCore::CSSValue::destroy):

css/CSSValue.h:

(WebCore::CSSValue::isGridAutoRepeatValue):

css/CSSValueKeywords.in:

LayoutTests:

fast/css-grid-layout/grid-element-auto-repeat-get-set-expected.txt: Added.
fast/css-grid-layout/grid-element-auto-repeat-get-set.html: Added.

1:25 AM Changeset in webkit [199342] by Yusuke Suzuki

7 edits in trunk/Source

[JSC] addStaticGlobals should emit SymbolTableEntry watchpoints to encourage constant folding in DFG
https://bugs.webkit.org/show_bug.cgi?id=155110

Reviewed by Saam Barati.

Source/JavaScriptCore:

addStaticGlobals does not emit SymbolTableEntry watchpoints for the added entries.
So, all the global variable lookups pointing to these static globals are not converted
into constants in DFGBytecodeGenerator: this fact leaves these lookups as GetGlobalVar.
Such thing avoids constant folding chance and emits CheckCell for @privateFunction inlining.
This operation is pure overhead.

Static globals are not configurable, and they are typically non-writable.
So they are constants in almost all the cases.

This patch initializes watchpoints for these static globals.
These watchpoints allow DFG to convert these nodes into constants in DFG BytecodeParser.
These watchpoints includes many builtin operations and undefined.

The microbenchmark, many-foreach-calls shows 5 - 7% improvement since it removes unnecessary CheckCell.

bytecode/VariableWriteFireDetail.h:
runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::addGlobalVar):
(JSC::JSGlobalObject::addStaticGlobals):

runtime/JSSymbolTableObject.h:

(JSC::symbolTablePutTouchWatchpointSet):
(JSC::symbolTablePutInvalidateWatchpointSet):
(JSC::symbolTablePut):
(JSC::symbolTablePutWithAttributesTouchWatchpointSet): Deleted.

runtime/SymbolTable.h:

(JSC::SymbolTableEntry::SymbolTableEntry):
(JSC::SymbolTableEntry::operator=):
(JSC::SymbolTableEntry::swap):

Source/WebCore:

bindings/js/JSDOMWindowBase.cpp:

(WebCore::JSDOMWindowBase::updateDocument):

1:24 AM Changeset in webkit [199341] by svillar@igalia.com

3 edits in trunk/Source/WebCore

[css-grid] Pass GridSizingData instead of columnTracks to track sizing methods
https://bugs.webkit.org/show_bug.cgi?id=156466

Reviewed by Darin Adler.

Several methods used to compute the items' size contribution to the tracks they span in, get
as an argument a vector with the sizes of the column tracks.

In order to support grids with orthogonal flows (among other things) it's much better to
pass the GridSizingData struct and let those methods decide whether to use the columns or
the rows.

No new tests as this is just a minor refactoring with no change in behavior.

rendering/RenderGrid.cpp:

(WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
(WebCore::RenderGrid::logicalContentHeightForChild):
(WebCore::RenderGrid::minSizeForChild):
(WebCore::RenderGrid::minContentForChild):
(WebCore::RenderGrid::maxContentForChild):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
(WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):
(WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):

rendering/RenderGrid.h:

12:38 AM Changeset in webkit [199340] by commit-queue@webkit.org

4 edits
2 adds in trunk

Remove failing assertion in ANGLE
https://bugs.webkit.org/show_bug.cgi?id=156485

Patch by Alex Christensen <achristensen@webkit.org> on 2016-04-12
Reviewed by Dean Jackson.

Source/ThirdParty/ANGLE:

src/compiler/translator/glslang.l:
src/compiler/translator/glslang_lex.cpp:

LayoutTests:

fast/canvas/webgl/fragment-shader-assertion-expected.txt: Added.
fast/canvas/webgl/fragment-shader-assertion.html: Added.

12:29 AM Changeset in webkit [199339] by achristensen@apple.com

2 edits in trunk/Source/JavaScriptCore

Build fix after r199299.
https://bugs.webkit.org/show_bug.cgi?id=155508

jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
memset_s is not defined. STDC_WANT_LIB_EXT1 is not defined anywhere.
Since the return value is unused and set_constraint_handler_s is never called
I'm chaning it to memset.

Apr 11, 2016:

11:53 PM Changeset in webkit [199338] by achristensen@apple.com

6 edits
1 add in trunk

Build MiniBrowser with CMake on Mac
https://bugs.webkit.org/show_bug.cgi?id=156471

Reviewed by Daniel Bates.

Source/WebKit2:

DatabaseProcess/DatabaseProcess.messages.in:

Tools:

CMakeLists.txt:
DumpRenderTree/CMakeLists.txt:
DumpRenderTree/PlatformWin.cmake:
MiniBrowser/mac/CMakeLists.txt: Added.

11:16 PM Changeset in webkit [199337] by commit-queue@webkit.org

4 edits in trunk/Source/JavaScriptCore

[JSC] B3 can use undefined bits or not defined required bits when spilling
https://bugs.webkit.org/show_bug.cgi?id=156486

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-04-11
Reviewed by Filip Pizlo.

Spilling had issues when replacing arguments in place.

The problems are:
1) If we have a 32bit stackslot, a x86 instruction could still try to load 64bits from it.
2) If we have a 64bit stackslot, Move32 would only set half the bits.
3) We were reducing Move to Move32 even if the top bits are read from the stack slot.

The case 1 appear with something like this:

Move32 %tmp0, %tmp1
Op64 %tmp1, %tmp2, %tmp3

When we spill %tmp1, the stack slot is 32bit, Move32 sets 32bits
but Op64 supports addressing for %tmp1. When we substitute %tmp1 in Op64,
we are creating a 64bit read for a 32bit stack slot.

The case 2 is an other common one. If we have:

BB#1

Move32 %tmp0, %tmp1
Jump #3

BB#2

Op64 %tmp0, %tmp1
Jump #3

BB#3

Use64 %tmp1

We have a stack slot of 64bits. When spilling %tmp1 in #1, we are
effectively doing a 32bit store on the stack slot, leaving the top bits undefined.

Case 3 is pretty much the same as 2 but we create the Move32 ourself
because the source is a 32bit with ZDef.

Case (1) is solved by requiring that the stack slot is at least as large as the largest
use/def of that tmp.

Case (2) and (3) are solved by not replacing a Tmp by an Address if the Def
is smaller than the stack slot.

b3/air/AirIteratedRegisterCoalescing.cpp:
b3/testb3.cpp:

(JSC::B3::testSpillDefSmallerThanUse):
(JSC::B3::testSpillUseLargerThanDef):
(JSC::B3::run):

11:12 PM Changeset in webkit [199336] by ryuan.choi@navercorp.com

12 edits in trunk

[EFL] Do not pass context to EwkViewCreate
https://bugs.webkit.org/show_bug.cgi?id=156461

Reviewed by Darin Adler.

Source/WebKit2:

EWKViewCreate already has pageConfiguration which contains context.
So, this patch removes context argument from EWKViewCreate.

UIProcess/API/C/CoordinatedGraphics/WKView.cpp:

(WKViewCreate):

UIProcess/API/C/CoordinatedGraphics/WKView.h:
UIProcess/API/efl/ewk_view.cpp:

(EWKViewCreate): Call WebView::Create instead of WKViewCreate not to use WK API.
(ewk_view_smart_add):
(ewk_view_add_with_configuration):
(ewk_view_add_with_context):

UIProcess/API/efl/ewk_view_private.h:
UIProcess/efl/WebInspectorProxyEfl.cpp:

(WebKit::WebInspectorProxy::platformCreateInspectorPage):

UIProcess/efl/WebView.cpp:

(WebKit::WebView::create):
(WebKit::WebView::WebView):

UIProcess/efl/WebView.h:

Tools:

TestWebKitAPI/Tests/WebKit2/CoordinatedGraphics/WKViewUserViewportToContents.cpp:

(TestWebKitAPI::TEST): Removed context argument from EwkViewCreate calls.

TestWebKitAPI/efl/PlatformWebView.cpp:

(TestWebKitAPI::PlatformWebView::PlatformWebView): Ditto.

WebKitTestRunner/efl/PlatformWebViewEfl.cpp:

(WTR::PlatformWebView::PlatformWebView): Ditto.

10:49 PM Changeset in webkit [199335] by Darin Adler

4 edits in trunk/Source/WebCore

Remove UsePointersEvenForNonNullableObjectArguments from HTMLOptionsCollection
https://bugs.webkit.org/show_bug.cgi?id=156491

Reviewed by Chris Dumez.

html/HTMLOptionsCollection.cpp:

(WebCore::HTMLOptionsCollection::add): Take a reference instead of a pointer.

html/HTMLOptionsCollection.h: Removed unneeded forward declaration. Changed

add to take a reference instead of a pointer for the element to add. Used
final instead of override on virtual functions.

html/HTMLOptionsCollection.idl: Removed now-unneeded attribute

UsePointersEvenForNonNullableObjectArguments; the only function affected was
add, and the overloading code was already checking for null.

9:15 PM Changeset in webkit [199334] by Darin Adler

20 edits in trunk/Source

Remove UsePointersEvenForNonNullableObjectArguments from HTMLSelectElement
https://bugs.webkit.org/show_bug.cgi?id=156458

Reviewed by Chris Dumez.

Source/WebCore:

bindings/js/JSHTMLOptionsCollectionCustom.cpp:

(WebCore::JSHTMLOptionsCollection::remove): Updated to call remove with a reference
rather than a pointer.

bindings/js/JSHTMLSelectElementCustom.cpp:

(WebCore::JSHTMLSelectElement::remove): Updated to call remove with a reference
rather than a pointer.
(WebCore::selectIndexSetter): Updated to call setOption with a reference rather
than a pointer.

bindings/scripts/CodeGeneratorGObject.pm:

(GenerateFunction): Added basic support for passing wrappers by reference.
GObject bindings already check arguments for null, so didn't add any new checks.

bindings/scripts/test/GObject/WebKitDOMTestActiveDOMObject.cpp:
bindings/scripts/test/GObject/WebKitDOMTestCallback.cpp:
bindings/scripts/test/GObject/WebKitDOMTestCallbackFunction.cpp:
bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp:
bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:

Updated.

editing/FrameSelection.cpp: Updated includes.

html/HTMLOptionElement.cpp:

(WebCore::HTMLOptionElement::setSelected): Pass reference when calling
HTMLSelectElement::optionSelectionStateChanged.
(WebCore::HTMLOptionElement::insertedInto): Ditto.

html/HTMLOptionsCollection.cpp:

(WebCore::HTMLOptionsCollection::add): Moved null checking behavior here.
Preserves existing "silently do nothing if null".
(WebCore::HTMLOptionsCollection::remove): Changed function to take a reference
instead of a pointer.

html/HTMLOptionsCollection.h: Updated include. Changed remove to take a

reference instead of a pointer.

html/HTMLSelectElement.cpp:

(WebCore::HTMLSelectElement::add): Changed to take a reference instead of
a pointer. Also removed unneeded protect code, since insertBefore already
protects itself, and unneeded call to updateValidity, since the
HTMLSelectElement::childrenChanged function already calls updateValidity.
(WebCore::HTMLSelectElement::remove): Changed to take a reference instead
of a pointer.
(WebCore::HTMLSelectElement::setOption): Changed to take a reference
instead of a pointer.
(WebCore::HTMLSelectElement::setLength): Renamed "newLen" to "newLength".
Use Ref instead of RefPtr for result of createElement, which makes the
argument passed to add be a reference rather than a pointer.
(WebCore::HTMLSelectElement::willRespondToMouseClickEvents): Put the #if
for this here instead of in the header.
(WebCore::HTMLSelectElement::optionSelectionStateChanged): Changed to take
a reference instead of a pointer for the option element.

html/HTMLSelectElement.h: Removed unneeded includes. Derive privately

from TypeAheadDataSource instead of publicly. Make all overrides final
except for the one that is actually overridden by a derived class.
Changed the arguments of the add, remove, setOption, and
optionSelectionStateChanged functions to be references instead of pointers.
Tweaked formatting a bit and used nullptr instead of 0. Override
willRespondToMouseClickEvents on all platforms, not just iOS.

html/HTMLSelectElement.idl: Removed UsePointersEvenForNonNullableObjectArguments.

Removed a comment that is no longer needed. Made some types nullable to match
the specification, in places that currently have no effect on code generation.
Added a FIXME comment about the argument to setCustomValidity incorrectly being
marked as nullable.

Source/WebKit/win:

DOMCoreClasses.cpp: Added now-needed include.

Source/WebKit2:

WebProcess/Plugins/PDF/PDFPluginAnnotation.mm: Updated includes.

8:42 PM Changeset in webkit [199333] by rniwa@webkit.org

1 edit
1 add
2 deletes in trunk/Websites/perf.webkit.org

Replace script runner to use mocha.js tests
https://bugs.webkit.org/show_bug.cgi?id=156490

Reviewed by Chris Dumez.

Replaced run-tests.js, which was a whole test harness for running legacy tests by tools/run-tests.py
which is a thin wrapper around mocha.js.

run-tests.js: Removed.
tests: Removed.
tools/run-tests.py: Added.

(main):

8:18 PM Changeset in webkit [199332] by rniwa@webkit.org

6 edits in trunk/Websites/perf.webkit.org

New syncing script sometimes schedules a build request on a wrong builder
https://bugs.webkit.org/show_bug.cgi?id=156489

Reviewed by Stephanie Lewis.

The bug was caused by _scheduleNextRequestInGroupIfSlaveIsAvailable scheduling the next build request on
any available syncer regardless of whether the request is the first one in the test group or not because
BuildRequest.order was returning a string instead of a number.

Also fixed a bug that BuildbotTriggerable.syncOnce was re-ordering test groups by their id's instead of
respecting the order in which the perf dashboard returned.

public/v3/models/build-request.js:

(BuildRequest.prototype.order): Force the order to be a number.

server-tests/api-build-requests-tests.js: Assert the order as numbers.
server-tests/resources/mock-data.js:

(MockData.addAnotherMockTestGroup): Changed the test group id to 601, which is after the first mock data.
The old number was masking a bug in BuildbotTriggerable that it was re-ordering test groups by their id's
instead of using the order set forth by the perf dashboard.
(MockData.mockTestSyncConfigWithSingleBuilder):

server-tests/tools-buildbot-triggerable-tests.js: Added a test case for scheduling two build requests in

a single call to syncOnce. Each build request should be scheduled on the same builder as the previous build
requests in the same test group.

tools/js/buildbot-triggerable.js:

(BuildbotTriggerable.prototype.syncOnce): Order test groups by groupOrder, which is the index at which first
build request in the group appeared.
(BuildbotTriggerable.prototype._scheduleNextRequestInGroupIfSlaveIsAvailable): Don't re-order build requests
as they're already sorted on the server side.
(BuildbotTriggerable._testGroupMapForBuildRequests): Added groupOrder to test group info

8:07 PM Changeset in webkit [199331] by Brent Fulgham

13 edits
2 adds in trunk

Use WeakPtrs to avoid using deallocated Widgets and ScrollableAreas
https://bugs.webkit.org/show_bug.cgi?id=156420
<rdar://problem/25637378>

Reviewed by Darin Adler.

Source/WebCore:

Avoid the risk of using deallocated Widgets and ScrollableAreas by using WeakPtrs instead of
bare pointers. This allows us to remove some explicit calls to get ScrollableArea and Widget
members in the event handling logic. Instead, null checks are sufficient to ensure we never
accidentally dereference a deleted element.

Modify the ScrollableArea class to support vending WeakPtrs.
Modify the Event Handling code to use WeakPtrs to hold ScrollableArea and RenderWidget objects, and to null-check these elements after event handling dispatching is finished to handle cases where these objects are destroyed.

Test: fast/events/wheel-event-destroys-frame.html

fast/events/wheel-event-destroys-overflow.html

page/EventHandler.cpp:

(WebCore::EventHandler::platformPrepareForWheelEvents): Change signature for WeakPtr.
(WebCore::EventHandler::platformCompleteWheelEvent): Ditto.
(WebCore::EventHandler::platformNotifyIfEndGesture): Ditto.
(WebCore::widgetForElement): Change to return a WeakPtr.
(WebCore::EventHandler::handleWheelEvent): Use WeakPtrs to hold elements that might be destroyed
during event handling.

page/EventHandler.h:
page/mac/EventHandlerEfl.cpp: Rename passWheelEventToWidget to widgetDidHandleWheelEvent.
page/mac/EventHandlerGtk.cpp: Ditto.
page/mac/EventHandlerIOS.mm: Ditto.
page/mac/EventHandlerMac.mm:

(WebCore::scrollableAreaForEventTarget): Renamed from scrollViewForEventTarget. Return
a WeakPtr rather than a bare pointer.
(WebCore::scrollableAreaForContainerNode): Return WeakPtr rather than bare pointer.
(WebCore::EventHandler::completeWidgetWheelEvent): Added.
(WebCore::EventHandler::passWheelEventToWidget): Deleted.
(WebCore::EventHandler::platformPrepareForWheelEvents): Convert to WeakPtrs.
(WebCore::EventHandler::platformCompleteWheelEvent): Ditto.
(WebCore::EventHandler::platformCompletePlatformWidgetWheelEvent): Ditto.
(WebCore::EventHandler::platformNotifyIfEndGesture): Ditto.
(WebCore::EventHandler::widgetDidHandleWheelEvent): Renamed from passWheelEventToWidget.
(WebCore::EventHandler::widgetForEventTarget): Converted from static function to static
method so it can be shared with EventHandlerMac.
(WebCore::scrollViewForEventTarget): Deleted.

page/mac/EventHandlerWin.cpp: Rename passWheelEventToWidget to widgetDidHandleWheelEvent.
platform/ScrollableArea.cpp:
platform/ScrollableArea.h:

(WebCore::ScrollableArea::createWeakPtr): Added.

platform/Widget.h:

(WebCore::ScrollableArea::createWeakPtr): Added.

LayoutTests:

fast/events/wheel-event-destroys-overflow-expected.txt: Added.
fast/events/wheel-event-destroys-overflow.html: Added.
platform/ios-simulator/TestExpectations: Skip wheel-event test on iOS.

7:57 PM Changeset in webkit [199330] by dino@apple.com

3 edits
2 adds in trunk

putImageData needs to premultiply input
https://bugs.webkit.org/show_bug.cgi?id=156488
<rdar://problem/25672675>

Reviewed by Zalan Bujtas.

Source/WebCore:

I made a mistake in r187534 as I was converting get and putImageData
to use Accelerate. The incoming data is unmultiplied, and should
be premultiplied before copying into the backing store. I was
accidentally unmultiplying unmultiplied data, which caused
some pretty psychedelic results.

Test: fast/canvas/putImageData-unmultiplied.html

platform/graphics/cg/ImageBufferDataCG.cpp:

(WebCore::ImageBufferData::putData): Call premultiply, not unpremultiply.

LayoutTests:

Tests that putImageData is taking unmultiplied data,
premultiplying it, then copying into the backing store.

fast/canvas/putImageData-unmultiplied-expected.html: Added.
fast/canvas/putImageData-unmultiplied.html: Added.

7:20 PM Changeset in webkit [199329] by bshafiei@apple.com

5 edits in branches/safari-601.1.46-branch/Source

Versioning.

7:12 PM Changeset in webkit [199328] by jonlee@apple.com

7 edits in trunk/PerformanceTests

Update Animometer to accommodate different screens
https://bugs.webkit.org/show_bug.cgi?id=156449

Reviewed by Darin Adler.
Provisionally reviewed by Said Abou-Hallawa.

Animometer/index.html: Wrap button in a container to add padding at the bottom.
Animometer/resources/debug-runner/animometer.css:

(@media screen and (min-device-width: 1800px)): Deleted.
(@media screen and (min-width: 1800px)): Cannot use min-device-width since it may match incorrectly.
(screen and (max-device-height: 414px) and (orientation: landscape)): Some devices swap device width
and height with orientation change.

Animometer/resources/runner/animometer.css: Similar.

(screen and (min-device-width: 1024px) and (orientation: landscape)):
(screen and (max-device-height: 414px) and (orientation: landscape)):
(.frame-container): On smaller iPhones, adding 1px prevents the navigation bars from appearing.
(@media screen and (min-device-width: 768px) and (max-device-width: 1024px)): Deleted.
(@media (min-device-height: 768px) and (max-device-height: 1024px)): Target iPad Airs and similar.
(@media screen and (min-device-width: 1024px) and (max-device-width: 1366px)): Deleted.
(@media screen and (max-device-width: 1024px) and (min-device-height: 1366px)): Target iPad Pro.
(#results footer): Add padding below the button for testing again.

Animometer/tests/master/multiply.html: Remove the center text.
Animometer/tests/master/resources/text.js: Update the test so that in every frame the text moves.
Animometer/tests/master/text.html: Update the text sizing depending on the size of the device.

6:32 PM Changeset in webkit [199327] by bshafiei@apple.com

1 copy in tags/Safari-601.1.46.126

New tag.

6:00 PM Changeset in webkit [199326] by commit-queue@webkit.org

28 edits in trunk/Source

When clearing cache, also clear AVFoundation cache.
https://bugs.webkit.org/show_bug.cgi?id=155783
rdar://problem/25252541

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-04-11
Reviewed by Darin Adler.

Source/WebCore:

Use AVAssetCache at a specified location on disk for all AVURLAssets. This AVAssetCache
can then be used to manage the cache storage used by AVFoundation. It is used to query the
contents of the cache in originsInMediaCache() and to clear the cache completely or partially in
clearMediaCache() and clearMediaCacheForOrigins().

Use SecurityOrigin instead of the less formal site String to represent origins in the cache.

html/HTMLMediaElement.cpp:

(WebCore::sharedMediaCacheDirectory): Added.
(WebCore::HTMLMediaElement::setMediaCacheDirectory): Added.
(WebCore::HTMLMediaElement::mediaCacheDirectory): Added.
(WebCore::HTMLMediaElement::originsInMediaCache): Added.
(WebCore::HTMLMediaElement::clearMediaCache): Added parameter.
(WebCore::HTMLMediaElement::clearMediaCacheForOrigins): Added.
(WebCore::HTMLMediaElement::mediaPlayerMediaCacheDirectory): Added.
(WebCore::HTMLMediaElement::getSitesInMediaCache): Deleted.
(WebCore::HTMLMediaElement::clearMediaCacheForSite): Deleted.

html/HTMLMediaElement.h:

(WebCore::HTMLMediaElement::clearMediaCache): Added parameter.

platform/graphics/MediaPlayer.cpp:

(WebCore::addMediaEngine): Add new cache methods.
(WebCore::addToHash): Added.
(WebCore::MediaPlayer::originsInMediaCache): Added.
(WebCore::MediaPlayer::clearMediaCache): Added parameter.
(WebCore::MediaPlayer::clearMediaCacheForOrigins): Added.
(WebCore::MediaPlayer::getSitesInMediaCache): Deleted.
(WebCore::MediaPlayer::clearMediaCacheForSite): Deleted.

platform/graphics/MediaPlayer.h:

(WebCore::MediaPlayerClient::mediaPlayerMediaCacheDirectory): Added.

platform/graphics/MediaPlayerPrivate.h:

(WebCore::MediaPlayerPrivateInterface::originsInMediaCache): Added.
(WebCore::MediaPlayerPrivateInterface::clearMediaCache): Added parameter.
(WebCore::MediaPlayerPrivateInterface::clearMediaCacheForOrigins): Added.
(WebCore::MediaPlayerPrivateInterface::getSitesInMediaCache): Deleted.
(WebCore::MediaPlayerPrivateInterface::clearMediaCacheForSite): Deleted.

platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

(WebCore::MediaPlayerPrivateAVFoundationObjC::registerMediaEngine): Added cache methods.
(WebCore::assetCacheForPath): Added.
(WebCore::MediaPlayerPrivateAVFoundationObjC::originsInMediaCache): Added.
(WebCore::toSystemClockTime): Added.
(WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCache): Added parameter.
(WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCacheForOrigins): Added.
(WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL): Added.

platform/graphics/mac/MediaPlayerPrivateQTKit.h:
platform/graphics/mac/MediaPlayerPrivateQTKit.mm:

(WebCore::MediaPlayerPrivateQTKit::registerMediaEngine): Added cache methods.
(WebCore::MediaPlayerPrivateQTKit::originsInMediaCache): Added.
(WebCore::MediaPlayerPrivateQTKit::clearMediaCache): Added parameter.
(WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForOrigins): Added.
(WebCore::MediaPlayerPrivateQTKit::getSitesInMediaCache): Deleted.
(WebCore::MediaPlayerPrivateQTKit::clearMediaCacheForSite): Deleted.

platform/spi/mac/AVFoundationSPI.h:

Source/WebKit2:

Include the HTMLMediaElement media cache when doing disk cache operations.
Add a sandbox extension for media cache directory. This allows the UI process and the web process
to access the same cache.

Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode): Add media cache directory.
(WebKit::WebProcessCreationParameters::decode): Add media cache directory.

Shared/WebProcessCreationParameters.h:
UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::createWithLegacyOptions):
(API::ProcessPoolConfiguration::ProcessPoolConfiguration): Add media cache directory.
(API::ProcessPoolConfiguration::copy): Add media cache directory.

UIProcess/API/APIProcessPoolConfiguration.h:
UIProcess/API/APIWebsiteDataStore.cpp:

(API::WebsiteDataStore::defaultMediaCacheDirectory): Default implementation.

UIProcess/API/APIWebsiteDataStore.h:
UIProcess/API/Cocoa/APIWebsiteDataStoreCocoa.mm:

(API::WebsiteDataStore::defaultMediaCacheDirectory): Media cache is in temporary directory.
(API::WebsiteDataStore::tempDirectoryFileSystemRepresentation): For resources in temporary directory.
(API::WebsiteDataStore::defaultDataStoreConfiguration): Init media cache directory.

UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::legacyPlatformDefaultMediaCacheDirectory):

UIProcess/WebProcessPool.cpp:

(WebKit::legacyWebsiteDataStoreConfiguration): Add mediaCacheDirectory.
(WebKit::WebProcessPool::createNewWebProcess): Add mediaCacheDirectory.

UIProcess/WebProcessPool.h:
UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::WebsiteDataStore):
(WebKit::WebsiteDataStore::fetchData): Implement for mediaCacheDirectory.
(WebKit::WebsiteDataStore::removeData): Implement for mediaCacheDirectory.

UIProcess/WebsiteData/WebsiteDataStore.h:
UIProcess/efl/WebProcessPoolEfl.cpp:

(WebKit::WebProcessPool::legacyPlatformDefaultMediaCacheDirectory): Added.

UIProcess/gtk/WebProcessPoolGtk.cpp:

(WebKit::WebProcessPool::legacyPlatformDefaultMediaCacheDirectory): Added.

WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess): Initialize media cache directory.

WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess): Consume sandbox extension.

5:48 PM Changeset in webkit [199325] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Tab Bar items get unreadable at narrow window widths, should collapse earlier
https://bugs.webkit.org/show_bug.cgi?id=156477

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-04-11
Reviewed by Timothy Hatcher.

UserInterface/Views/TabBar.js:

(WebInspector.TabBar.prototype.layout):
Hide-titles sooner since a width of 60 results in only a few characters
and looks poor.

5:45 PM Changeset in webkit [199324] by jiewen_tan@apple.com

2 edits in trunk/LayoutTests

Unskip imported/w3c/web-platform-tests/IndexedDB/idbindex-multientry-big.htm
https://bugs.webkit.org/show_bug.cgi?id=156480

Unreviewed test gardening.

platform/ios-simulator/TestExpectations:

4:49 PM Changeset in webkit [199323] by commit-queue@webkit.org

25 edits in trunk/Source/WebCore

Unreviewed, rolling out r199310.
https://bugs.webkit.org/show_bug.cgi?id=156483

This change turns many indexeddb tests into crashes (Requested
by jwtan on #webkit).

Reverted changeset:

"Clean up IDBBindingUtilities."
https://bugs.webkit.org/show_bug.cgi?id=156472
http://trac.webkit.org/changeset/199310

4:47 PM Changeset in webkit [199322] by commit-queue@webkit.org

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Unstyled nodes in ObjectTree previews look poor
https://bugs.webkit.org/show_bug.cgi?id=156475
<rdar://problem/25667351>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2016-04-11
Reviewed by Timothy Hatcher.

UserInterface/Views/ObjectPreviewView.js:

(WebInspector.ObjectPreviewView.prototype._appendPreview):
Treat nodes as simple values.

(WebInspector.ObjectPreviewView.prototype._initTitleElement):
(WebInspector.ObjectPreviewView.prototype._appendValuePreview):
Format nodes nicely, and treat them as lossy since they have properties.

4:46 PM Changeset in webkit [199321] by commit-queue@webkit.org

28 edits in trunk/Source

Unreviewed, rolling out r199315.
https://bugs.webkit.org/show_bug.cgi?id=156482

This change broke the OS X Yosemite build. (Requested by jwtan
on #webkit).

Reverted changeset:

"When clearing cache, also clear AVFoundation cache."
https://bugs.webkit.org/show_bug.cgi?id=155783
http://trac.webkit.org/changeset/199315

4:22 PM Changeset in webkit [199320] by BJ Burg

9 edits in trunk/Source

Web Inspector: get rid of InspectorBasicValue and InspectorString subclasses
https://bugs.webkit.org/show_bug.cgi?id=156407
<rdar://problem/25627659>

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

There's no point having these subclasses as they don't save any space.
Add a StringImpl to the union and merge some implementations of writeJSON.

Rename m_data to m_map and explicitly name the union as InspectorValue::m_value.
If the value is a string and the string is not empty or null (i.e., it has a
StringImpl), then we need to ref() and deref() the string as the InspectorValue
is created or destroyed.

Move uses of the subclass to InspectorValue and delete redundant methods.
Now, most InspectorValue methods are non-virtual so they can be templated.

bindings/ScriptValue.cpp:

(Deprecated::jsToInspectorValue):

inspector/InjectedScriptBase.cpp:

(Inspector::InjectedScriptBase::makeCall):
Don't used deleted subclasses.

inspector/InspectorValues.cpp:

(Inspector::InspectorValue::null):
(Inspector::InspectorValue::create):
(Inspector::InspectorValue::asValue):
(Inspector::InspectorValue::asBoolean):
(Inspector::InspectorValue::asDouble):
(Inspector::InspectorValue::asInteger):
(Inspector::InspectorValue::asString):
These only need one implementation now.

(Inspector::InspectorValue::writeJSON):
Still a virtual method since Object and Array need their members.

(Inspector::InspectorObjectBase::InspectorObjectBase):
(Inspector::InspectorBasicValue::asBoolean): Deleted.
(Inspector::InspectorBasicValue::asDouble): Deleted.
(Inspector::InspectorBasicValue::asInteger): Deleted.
(Inspector::InspectorBasicValue::writeJSON): Deleted.
(Inspector::InspectorString::asString): Deleted.
(Inspector::InspectorString::writeJSON): Deleted.
(Inspector::InspectorString::create): Deleted.
(Inspector::InspectorBasicValue::create): Deleted.

inspector/InspectorValues.h:

(Inspector::InspectorObjectBase::find):
(Inspector::InspectorObjectBase::setBoolean):
(Inspector::InspectorObjectBase::setInteger):
(Inspector::InspectorObjectBase::setDouble):
(Inspector::InspectorObjectBase::setString):
(Inspector::InspectorObjectBase::setValue):
(Inspector::InspectorObjectBase::setObject):
(Inspector::InspectorObjectBase::setArray):
(Inspector::InspectorArrayBase::pushBoolean):
(Inspector::InspectorArrayBase::pushInteger):
(Inspector::InspectorArrayBase::pushDouble):
(Inspector::InspectorArrayBase::pushString):
(Inspector::InspectorArrayBase::pushValue):
(Inspector::InspectorArrayBase::pushObject):
(Inspector::InspectorArrayBase::pushArray):
Use new factory methods.

replay/EncodedValue.cpp:

(JSC::ScalarEncodingTraits<bool>::encodeValue):
(JSC::ScalarEncodingTraits<double>::encodeValue):
(JSC::ScalarEncodingTraits<float>::encodeValue):
(JSC::ScalarEncodingTraits<int32_t>::encodeValue):
(JSC::ScalarEncodingTraits<int64_t>::encodeValue):
(JSC::ScalarEncodingTraits<uint32_t>::encodeValue):
(JSC::ScalarEncodingTraits<uint64_t>::encodeValue):

replay/EncodedValue.h:

Use new factory methods.

Source/WebCore:

inspector/InspectorDatabaseAgent.cpp: Don't use deleted subclasses.

4:16 PM Changeset in webkit [199319] by bshafiei@apple.com

2 edits in tags/Safari-602.1.27.0.1/Source/WebCore

Merged r199317. rdar://problem/25627389

4:16 PM Changeset in webkit [199318] by jiewen_tan@apple.com

2 edits in trunk/LayoutTests

Skip imported/w3c/web-platform-tests/IndexedDB/idbindex-multientry-big.htm on ios-simulators
https://bugs.webkit.org/show_bug.cgi?id=156480

Unreviewed test gardening.

platform/ios-simulator/TestExpectations:

4:13 PM Changeset in webkit [199317] by achristensen@apple.com

2 edits in trunk/Source/WebCore

Unreviewed, rolling out r198909.
https://bugs.webkit.org/show_bug.cgi?id=156479

made double-click-and-drag on text drag instead of
highlighting (Requested by alexchristensen_ on #webkit).

Reverted changeset:

"eventMayStartDrag() does not check for shiftKey or
isOverLink"
https://bugs.webkit.org/show_bug.cgi?id=155746
http://trac.webkit.org/changeset/198909

Patch by Commit Queue <commit-queue@webkit.org> on 2016-04-11

4:00 PM Changeset in webkit [199316] by Chris Dumez

7 edits in trunk/Source/WebCore

[WebIDL] Add support for [ImplementedAs] for EventHandler attributes
https://bugs.webkit.org/show_bug.cgi?id=156421

Reviewed by Darin Adler.

Add support for [ImplementedAs] for EventHandler attributes so we can
get rid of some ugly name hard-coding in the bindings generator.

Modules/notifications/Notification.idl:
bindings/scripts/CodeGeneratorJS.pm:

(EventHandlerAttributeEventName):

bindings/scripts/test/JS/JSTestObj.cpp:

(WebCore::jsTestObjOnwebkitfoo):
(WebCore::setJSTestObjOnwebkitfoo):

bindings/scripts/test/TestObj.idl:
dom/Element.idl:
page/DOMWindow.idl:

3:43 PM Changeset in webkit [199315] by commit-queue@webkit.org

28 edits in trunk/Source

When clearing cache, also clear AVFoundation cache.
https://bugs.webkit.org/show_bug.cgi?id=155783
rdar://problem/25252541

Patch by Jeremy Jones <jeremyj@apple.com> on 2016-04-11
Reviewed by Darin Adler.

Source/WebCore:

Use SecurityOrigin instead of the less formal site String to represent origins in the cache.

html/HTMLMediaElement.cpp:

html/HTMLMediaElement.h:

(WebCore::HTMLMediaElement::clearMediaCache): Added parameter.

platform/graphics/MediaPlayer.cpp:

platform/graphics/MediaPlayer.h:

(WebCore::MediaPlayerClient::mediaPlayerMediaCacheDirectory): Added.

platform/graphics/MediaPlayerPrivate.h:

platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:

platform/graphics/mac/MediaPlayerPrivateQTKit.h:
platform/graphics/mac/MediaPlayerPrivateQTKit.mm:

platform/spi/mac/AVFoundationSPI.h:

Source/WebKit2:

Include the HTMLMediaElement media cache when doing disk cache operations.
Add a sandbox extension for media cache directory. This allows the UI process and the web process
to access the same cache.

Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode): Add media cache directory.
(WebKit::WebProcessCreationParameters::decode): Add media cache directory.

Shared/WebProcessCreationParameters.h:
UIProcess/API/APIProcessPoolConfiguration.cpp:

UIProcess/API/APIProcessPoolConfiguration.h:
UIProcess/API/APIWebsiteDataStore.cpp:

(API::WebsiteDataStore::defaultMediaCacheDirectory): Default implementation.

UIProcess/API/APIWebsiteDataStore.h:
UIProcess/API/Cocoa/APIWebsiteDataStoreCocoa.mm:

UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::legacyPlatformDefaultMediaCacheDirectory):

UIProcess/WebProcessPool.cpp:

(WebKit::legacyWebsiteDataStoreConfiguration): Add mediaCacheDirectory.
(WebKit::WebProcessPool::createNewWebProcess): Add mediaCacheDirectory.

UIProcess/WebProcessPool.h:
UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::WebsiteDataStore):
(WebKit::WebsiteDataStore::fetchData): Implement for mediaCacheDirectory.
(WebKit::WebsiteDataStore::removeData): Implement for mediaCacheDirectory.

UIProcess/WebsiteData/WebsiteDataStore.h:
UIProcess/efl/WebProcessPoolEfl.cpp:

(WebKit::WebProcessPool::legacyPlatformDefaultMediaCacheDirectory): Added.

UIProcess/gtk/WebProcessPoolGtk.cpp:

(WebKit::WebProcessPool::legacyPlatformDefaultMediaCacheDirectory): Added.

WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess): Initialize media cache directory.

WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess): Consume sandbox extension.

2:42 PM Changeset in webkit [199314] by commit-queue@webkit.org

4 edits in trunk/Source/WebCore

[WebGL2] Use Open GL ES 3.0 to back WebGL2 contexts
https://bugs.webkit.org/show_bug.cgi?id=141178

Patch by Antoine Quint <Antoine Quint> on 2016-04-11
Reviewed by Dean Jackson.

We add a new useGLES3 attribute when creating a GraphicsContext3D in the event that the
context type is "webgl2". This attribute is then read by the GraphicsContext3D constructor
to request an Open GL ES 3.0 backend when creating the EAGLContext on iOS.

html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::create):

platform/graphics/GraphicsContext3D.h:

(WebCore::GraphicsContext3D::Attributes::Attributes):

platform/graphics/mac/GraphicsContext3DMac.mm:

(WebCore::GraphicsContext3D::GraphicsContext3D):

2:35 PM Changeset in webkit [199313] by jiewen_tan@apple.com

4 edits
2 adds in trunk

fast/loader/opaque-base-url.html crashing during mac and ios debug tests
https://bugs.webkit.org/show_bug.cgi?id=156179
<rdar://problem/25507719>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Navigate to about:blank if the provided src of an iframe/frame cannot be
resolved to a valid URL.

Test: fast/loader/iframe-src-invalid-url.html

loader/SubframeLoader.cpp:

(WebCore::SubframeLoader::requestFrame):

LayoutTests:

fast/loader/iframe-src-invalid-url-expected.txt: Added.
fast/loader/iframe-src-invalid-url.html: Added.

2:33 PM Changeset in webkit [199312] by commit-queue@webkit.org

25 edits
2 adds
1 delete in trunk

Merge CG ImageSource and non CG ImageSource implementation in one file
https://bugs.webkit.org/show_bug.cgi?id=155456

Patch by Said Abou-Hallawa <sabouhallawa@apple,com> on 2016-04-11
Reviewed by Darin Adler.
Source/WebCore:

ImageSource for CG and CG code paths look very similar. All the platform
specific code can be moved to ImageDecoder classes for CG and non CG. And
we can have the ImageSource be platform independent and we get rid of
ImageSourceCG.cpp.

Test: fast/images/image-subsampling.html

CMakeLists.txt:
PlatformAppleWin.cmake:
PlatformMac.cmake:
WebCore.xcodeproj/project.pbxproj:

Delete ImageSourceCG.cpp form all make files and add ImageSource.cpp to
CMakeLists.txt.

platform/Cursor.cpp:

(WebCore::determineHotSpot):

platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::hotSpot):
(WebCore::BitmapImage::getHotSpot): Deleted.

platform/graphics/BitmapImage.h:
platform/graphics/Image.h:

(WebCore::Image::hotSpot):
(WebCore::Image::getHotSpot): Deleted.
Rename getHotSpot() to hotSpot() and change it to return Optional<IntPoint>.

platform/graphics/ImageSource.cpp:

(WebCore::ImageSource::~ImageSource): Remove clear(true) call. It does nothing.
(WebCore::ImageSource::clearFrameBufferCache): A wrapper which calls ImageDecoder::clearFrameBufferCache().
(WebCore::ImageSource::clear): Calls clearFrameBufferCache() which will do nothing for CG.

(WebCore::ImageSource::ensureDecoderIsCreated): Change SharedBuffer* to
const SharedBuffer& and remove the call to ImageDecoder::setMaxNumPixels().
The value of const static int CG ImageDecoder::m_maxNumPixels will be set
based on IMAGE_DECODER_DOWN_SAMPLING.

(WebCore::ImageSource::setData): Pass SharedBuffer& to the underlying functions.

(WebCore::ImageSource::calculateMaximumSubsamplingLevel): Returns the maximum
subsampling level allowed for an image.

(WebCore::ImageSource::subsamplingLevelForScale): Converts from a scale to
SubsamplingLevel taking into consideration the maximumSubsamplingLevel for
a particular image.

(WebCore::ImageSource::bytesDecodedToDetermineProperties): Returns the number
of encoded bytes which can determine the image properties. For non CG it's
zero. For CG it is a maximum value which can be corrected later.

(WebCore::ImageSource::isSizeAvailable):
(WebCore::ImageSource::sizeRespectingOrientation):
(WebCore::ImageSource::frameCount):
(WebCore::ImageSource::repetitionCount):
(WebCore::ImageSource::filenameExtension):
(WebCore::ImageSource::getHotSpot):
(WebCore::ImageSource::frameIsCompleteAtIndex):
(WebCore::ImageSource::frameHasAlphaAtIndex):
(WebCore::ImageSource::allowSubsamplingOfFrameAtIndex):
(WebCore::ImageSource::frameSizeAtIndex):
(WebCore::ImageSource::frameBytesAtIndex):
(WebCore::ImageSource::frameDurationAtIndex):
(WebCore::ImageSource::orientationAtIndex):
(WebCore::ImageSource::createFrameImageAtIndex):
These are wrappers for the ImageDecoder APIs. The purpose of these functions
is to ensure the ImageDecoder is created.

(WebCore::ImageSource::dump): Called from BitmapImage::dump().

(WebCore::ImageSource::getHotSpot): Deleted.

platform/graphics/ImageSource.h:

(WebCore::ImageSource::setAllowSubsampling): Called from BitmapImage::setAllowSubsampling().

(WebCore::ImageSource::maxPixelsPerDecodedImage): Deleted.
(WebCore::ImageSource::setMaxPixelsPerDecodedImage): Deleted.
Setting maxPixelsPerDecodedImage was moved to the non CG ImageDecoder.

platform/graphics/cg/ImageDecoderCG.cpp:

(WebCore::ImageDecoder::setData): Change SharedBuffer* to SharedBuffer&.

(WebCore::ImageDecoder::subsamplingLevelForScale): Deleted.
The code was moved to ImageSource::subsamplingLevelForScale().

platform/graphics/cg/ImageDecoderCG.h:

(WebCore::ImageDecoder::create): Make the prototype of this function
suitable for CG and non CG cases.
(WebCore::ImageDecoder::clearFrameBufferCache): Empty functions for CG.

platform/graphics/cg/ImageSourceCG.cpp: Removed.

platform/image-decoders/ImageDecoder.cpp:

(WebCore::ImageDecoder::frameIsCompleteAtIndex): A mew function to return
whether the frame decoding is complete or not.

(WebCore::ImageDecoder::frameHasAlphaAtIndex): Simplify the logic.

(WebCore::ImageDecoder::frameDurationAtIndex): The code was moved from
ImageSource::frameDurationAtIndex() in ImageSource.cpp.

(WebCore::ImageDecoder::createFrameImageAtIndex): The code was moved from
ImageSource::createFrameImageAtIndex() in ImageSource.cpp.

platform/image-decoders/ImageDecoder.h:

(WebCore::ImageDecoder::ImageDecoder): Initialize the members in class.
(WebCore::ImageDecoder::~ImageDecoder): Fix the braces style.
(WebCore::ImageDecoder::setData): Change the type of the argument from
SharedBuffer* to SharedBuffer&.
(WebCore::ImageDecoder::frameSizeAtIndex): Add the argument SubsamplingLevel
so it can have the same prototype as CG.
(WebCore::ImageDecoder::orientationAtIndex): Rename it to the same of CG.

(WebCore::ImageDecoder::allowSubsamplingOfFrameAtIndex):
(WebCore::ImageDecoder::bytesDecodedToDetermineProperties):
(WebCore::ImageDecoder::subsamplingLevelForScale): Add these functions
and return the default values so we do not have to add directive compiled
non CG blocks in ImageSource.cpp.

(WebCore::ImageDecoder::hotSpot): Return Optional<IntPoint>.

(WebCore::ImageDecoder::orientation): Deleted.
(WebCore::ImageDecoder::setMaxNumPixels): Deleted.

platform/image-decoders/bmp/BMPImageDecoder.cpp:

(WebCore::BMPImageDecoder::setData):

platform/image-decoders/bmp/BMPImageDecoder.h:
platform/image-decoders/gif/GIFImageDecoder.cpp:

(WebCore::GIFImageDecoder::setData):
(WebCore::GIFImageDecoder::decode):

platform/image-decoders/gif/GIFImageDecoder.h:
platform/image-decoders/gif/GIFImageReader.h:

(GIFImageReader::setData):

platform/image-decoders/ico/ICOImageDecoder.cpp:

(WebCore::ICOImageDecoder::setData):
Use reference SharedBuffer instead of pointer SharedBuffer.

(WebCore::ICOImageDecoder::hotSpot):
(WebCore::ICOImageDecoder::hotSpotAtIndex):
Change hotSpot() to return Optional<IntPoint>.

platform/image-decoders/ico/ICOImageDecoder.h:

(WebCore::ICOImageDecoder::setDataForPNGDecoderAtIndex):
Pass reference SharedBuffer instead of pointer SharedBuffer.

Source/WebKit2:

UIProcess/API/efl/EwkView.cpp:

(EwkView::setCursor):
Replace the call to Image::getHotSpot() by Image::hotSpot().

LayoutTests:

Add a test for image sub-sampling. The image subsampling is enabled by
default for iOS platform only. But it can be explicitly enabled through
the setting ImageSubsamplingEnabled.

fast/images/image-subsampling-expected.html: Added.
fast/images/image-subsampling.html: Added.

2:32 PM Changeset in webkit [199311] by andersca@apple.com

6 edits
2 moves in trunk/Source/WebKit2

Rename WKOpenPanelParameters files to WKOpenPanelParametersRef
https://bugs.webkit.org/show_bug.cgi?id=156473

Reviewed by Alex Christensen.

UIProcess/API/C/WKOpenPanelParameters.cpp:

(WKOpenPanelParametersGetTypeID): Deleted.
(WKOpenPanelParametersGetAllowsMultipleFiles): Deleted.
(WKOpenPanelParametersCopyAcceptedMIMETypes): Deleted.
(WKOpenPanelParametersCopyCapture): Deleted.
(WKOpenPanelParametersGetCaptureEnabled): Deleted.
(WKOpenPanelParametersCopySelectedFileNames): Deleted.

UIProcess/API/C/WKOpenPanelParametersRef.cpp: Renamed from Source/WebKit2/UIProcess/API/C/WKOpenPanelParameters.cpp.

(WKOpenPanelParametersGetTypeID):
(WKOpenPanelParametersGetAllowsMultipleFiles):
(WKOpenPanelParametersCopyAcceptedMIMETypes):
(WKOpenPanelParametersCopyCapture):
(WKOpenPanelParametersGetCaptureEnabled):
(WKOpenPanelParametersCopySelectedFileNames):

UIProcess/API/C/WKOpenPanelParametersRef.h: Renamed from Source/WebKit2/UIProcess/API/C/WKOpenPanelParameters.h.
UIProcess/API/C/WebKit2_C.h:
UIProcess/API/efl/ewk_file_chooser_request.cpp:
UIProcess/mac/WebInspectorProxyMac.mm:
WebKit2.xcodeproj/project.pbxproj:

2:31 PM Changeset in webkit [199310] by beidson@apple.com

25 edits in trunk/Source/WebCore

Clean up IDBBindingUtilities.
https://bugs.webkit.org/show_bug.cgi?id=156472

Reviewed by Alex Christensen.

No new tests (No change in behavior).

Get rid of a whole bunch of unused functions (since we got rid of Legacy IDB).
Make more functions deal in ExecState/ScriptExecutionContexts instead of DOMRequestState.
Make more functions deal in JSValue instead of Deprecated::ScriptValue.

bindings/scripts/IDLAttributes.txt: Add a new attribute to signify that an implementation returns JSValues instead of Deprecated::ScriptState
bindings/scripts/CodeGeneratorJS.pm:

(NativeToJSValue): Use that new attribute.

Modules/indexeddb/IDBAny.cpp:

(WebCore::IDBAny::IDBAny):
(WebCore::IDBAny::scriptValue):

Modules/indexeddb/IDBAny.h:

(WebCore::IDBAny::create):

Modules/indexeddb/IDBCursor.cpp:

(WebCore::IDBCursor::key):
(WebCore::IDBCursor::primaryKey):
(WebCore::IDBCursor::value):
(WebCore::IDBCursor::update):
(WebCore::IDBCursor::continueFunction):
(WebCore::IDBCursor::deleteFunction):
(WebCore::IDBCursor::setGetResult):

Modules/indexeddb/IDBCursor.h:
Modules/indexeddb/IDBCursor.idl:
Modules/indexeddb/IDBCursorWithValue.idl:
Modules/indexeddb/IDBFactory.cpp:

(WebCore::IDBFactory::cmp):

Modules/indexeddb/IDBIndex.cpp:

(WebCore::IDBIndex::count):
(WebCore::IDBIndex::get):
(WebCore::IDBIndex::getKey):

Modules/indexeddb/IDBKeyRange.cpp:

(WebCore::IDBKeyRange::lowerValue):
(WebCore::IDBKeyRange::upperValue):
(WebCore::IDBKeyRange::only):
(WebCore::IDBKeyRange::lowerBound):
(WebCore::IDBKeyRange::upperBound):
(WebCore::IDBKeyRange::bound):

Modules/indexeddb/IDBKeyRange.h:
Modules/indexeddb/IDBKeyRange.idl:
Modules/indexeddb/IDBObjectStore.cpp:

(WebCore::IDBObjectStore::get):
(WebCore::IDBObjectStore::modernDelete):
(WebCore::IDBObjectStore::count):

Modules/indexeddb/IDBRequest.cpp:

(WebCore::IDBRequest::setResult):
(WebCore::IDBRequest::setResultToStructuredClone):

Modules/indexeddb/server/MemoryObjectStore.cpp:

(WebCore::IDBServer::MemoryObjectStore::updateIndexesForPutRecord):
(WebCore::IDBServer::MemoryObjectStore::populateIndexWithExistingRecords):

bindings/js/IDBBindingUtilities.cpp:

(WebCore::idbKeyPathFromValue):
(WebCore::deserializeIDBValueDataToJSValue):
(WebCore::scriptValueToIDBKey):
(WebCore::idbKeyDataToScriptValue):
(WebCore::idbKeyDataToJSValue): Deleted.
(WebCore::injectIDBKeyIntoScriptValue): Deleted.
(WebCore::createIDBKeyFromScriptValueAndKeyPath): Deleted.
(WebCore::maybeCreateIDBKeyFromScriptValueAndKeyPath): Deleted.
(WebCore::canInjectIDBKeyIntoScriptValue): Deleted.
(WebCore::deserializeIDBValue): Deleted.
(WebCore::deserializeIDBValueData): Deleted.
(WebCore::deserializeIDBValueBuffer): Deleted.
(WebCore::idbValueDataToJSValue): Deleted.
(WebCore::idbKeyToScriptValue): Deleted.

bindings/js/IDBBindingUtilities.h:
bindings/js/JSIDBAnyCustom.cpp:

(WebCore::toJS):

bindings/js/JSIDBDatabaseCustom.cpp:

(WebCore::JSIDBDatabase::createObjectStore):

bindings/js/JSIDBObjectStoreCustom.cpp:

(WebCore::JSIDBObjectStore::createIndex):

dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::execState):

dom/ScriptExecutionContext.h:
inspector/InspectorIndexedDBAgent.cpp:

1:10 PM Changeset in webkit [199309] by barraclough@apple.com

16 edits in trunk/Source

WebKit should adopt journal_mode=wal for all SQLite databases.
https://bugs.webkit.org/show_bug.cgi?id=133496

Reviewed by Darin Adler.

Source/WebCore:

The statement intended to enable WAL mode is always failing because it is missing a
prepare(). Fix this. We were also previously permitting SQLITE_OK results - this
was in error (we were only getting these because stepping the unprepared statement
returned SQLITE_OK). Also set the SQLITE_OPEN_AUTOPROXY flag when opening the
database - this will improve perfomance when the database is accessed via an AFP
mount.

This exposed a bug, that deleteAllDatabases does not actually delete the databases on
iOS, for testing to reset back to a known state between tests it should be doing so.

Modules/webdatabase/DatabaseTracker.cpp:

(WebCore::DatabaseTracker::deleteAllDatabases):

force databases to actually be deleted on iOS. This method is only used from testing code (DumpRenderTree / WebKitTestRunner).

(WebCore::DatabaseTracker::deleteOrigin):

added IOSDeletionMode.

(WebCore::DatabaseTracker::deleteDatabaseFile):

added IOSDeletionMode, modified to actually delete if this is set.

Modules/webdatabase/DatabaseTracker.h:
- added IOSDeletionMode.
platform/sql/SQLiteDatabase.cpp:

(WebCore::SQLiteDatabase::open):

call prepareAndStep(), only check for SQLITE_ROW result.

platform/sql/SQLiteFileSystem.cpp:

(WebCore::SQLiteFileSystem::openDatabase):

should set SQLITE_OPEN_AUTOPROXY flag when opening database.

Source/WebKit/mac:

Storage/WebDatabaseManagerPrivate.h:
- renamed deleteAllDatabases -> deleteAllDatabasesImmediately.

Source/WebKit/win:

WebDatabaseManager.cpp:

(WebDatabaseManager::deleteAllDatabases):

renamed deleteAllDatabases -> deleteAllDatabasesImmediately.

Source/WebKit2:

WebProcess/InjectedBundle/API/c/WKBundle.cpp:

(WKBundleClearAllDatabases):

renamed deleteAllDatabases -> deleteAllDatabasesImmediately.

1:00 PM Changeset in webkit [199308] by Joseph Pecoraro

4 edits in trunk/Source/WebInspectorUI

Web Inspector: HeapSnapshot instance property path popover should include a descriptive header
https://bugs.webkit.org/show_bug.cgi?id=156431
<rdar://problem/25633594>

Reviewed by Timothy Hatcher.

Localizations/en.lproj/localizedStrings.js:
UserInterface/Views/HeapSnapshotInstanceDataGridNode.js:

(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.appendTitle):
Title for the popover. Because localization may change the location of the @1234
in the string, localize first with a placeholder, and then replace the placeholder
with the @1234 link.

(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.appendPath):
Give the table a container for extra padding.

(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler.appendPathRow):
Do not include the space before @1234 as part of the clickable link.

(WebInspector.HeapSnapshotInstanceDataGridNode.prototype._mouseoverHandler):
Include a title when the popover shows a root path.

UserInterface/Views/HeapSnapshotInstancesContentView.css:

(.heap-snapshot-instance-popover-content > .title):
(.heap-snapshot-instance-popover-content):
(.heap-snapshot-instance-popover-content > .table-container):
(.heap-snapshot-instance-popover-content table):
Provide styles for the title. Let the title extend across the entire
popover horizontally, but pad the table so that it appears more
centered under the title. Because the table has border collapse we have
to wrap it in a container to give it back the padding we want.

12:52 PM Changeset in webkit [199307] by Alan Bujtas

4 edits in trunk/Source/WebCore

Simplify InlineTextBox::selectionStartEnd()
https://bugs.webkit.org/show_bug.cgi?id=156459

Reviewed by Darin Adler.

No change in functionality.

rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::selectionState):
(WebCore::InlineTextBox::paint):
(WebCore::InlineTextBox::selectionStartEnd):
(WebCore::InlineTextBox::paintSelection):
(WebCore::InlineTextBox::paintCompositionBackground):

rendering/InlineTextBox.h:
rendering/svg/SVGInlineTextBox.cpp:

(WebCore::SVGInlineTextBox::paintSelectionBackground):
(WebCore::SVGInlineTextBox::paintText):

12:37 PM Changeset in webkit [199306] by bshafiei@apple.com

2 edits in tags/Safari-602.1.27.0.1/Source/WebKit2

Merged r199301. rdar://problem/25628133

12:33 PM Changeset in webkit [199305] by bshafiei@apple.com

5 edits in tags/Safari-602.1.27.0.1/Source

Versioning.

12:31 PM Changeset in webkit [199304] by Alan Bujtas

4 edits
2 adds in trunk

REGRESSION (r193857): Text selection causes text to disappear.
https://bugs.webkit.org/show_bug.cgi?id=156448
rdar://problem/25578952

Reviewed by Simon Fraser.

Apparently when the end position of the selection range is smaller than the start position, we need
to repaint the entire text as it indicates selection clearing.

Source/WebCore:

Test: fast/text/text-disappear-on-deselect.html

rendering/TextPainter.cpp:

(WebCore::TextPainter::paintText):

LayoutTests:

fast/text/text-disappear-on-deselect-expected.html: Added.
fast/text/text-disappear-on-deselect.html: Added.

12:31 PM Changeset in webkit [199303] by fpizlo@apple.com

21 edits in trunk/Source/JavaScriptCore

It should be possible to edit StructureStubInfo without recompiling the world
https://bugs.webkit.org/show_bug.cgi?id=156470

Reviewed by Keith Miller.

This change makes it less painful to make changes to the IC code. It used to be that any
change to StructureStubInfo caused every JIT-related file to get recompiled. Now only a
smaller set of files - ones that actually peek into StructureStubInfo - will recompile. This
is mainly because CodeBlock.h no longer includes StructureStubInfo.h.

bytecode/ByValInfo.h:
bytecode/CodeBlock.cpp:
bytecode/CodeBlock.h:
bytecode/GetByIdStatus.cpp:
bytecode/GetByIdStatus.h:
bytecode/PutByIdStatus.cpp:
bytecode/PutByIdStatus.h:
bytecode/StructureStubInfo.h:

(JSC::getStructureStubInfoCodeOrigin):

dfg/DFGByteCodeParser.cpp:
dfg/DFGJITCompiler.cpp:
dfg/DFGOSRExitCompilerCommon.cpp:
dfg/DFGSpeculativeJIT.h:
ftl/FTLLowerDFGToB3.cpp:
ftl/FTLSlowPathCall.h:
jit/IntrinsicEmitter.cpp:
jit/JITInlineCacheGenerator.cpp:
jit/JITInlineCacheGenerator.h:
jit/JITOperations.cpp:
jit/JITPropertyAccess.cpp:
jit/JITPropertyAccess32_64.cpp:

12:20 PM Changeset in webkit [199302] by bshafiei@apple.com

1 copy in tags/Safari-602.1.27.0.1

New tag.

12:06 PM Changeset in webkit [199301] by dbates@webkit.org

2 edits in trunk/Source/WebKit2

REGRESSION (r198933): Unable to login to Google account from Internet Accounts preference pane
https://bugs.webkit.org/show_bug.cgi?id=156447
<rdar://problem/25628133>

Reviewed by Anders Carlsson.

Temporarily perform code signing verification only for Mac App Store- and Apple Developer- signed apps.

Shared/mac/ChildProcessMac.mm:

(WebKit::codeSigningIdentifierForProcess):

12:04 PM Changeset in webkit [199300] by gskachkov@gmail.com

19 edits in trunk/Source/JavaScriptCore

Remove NewArrowFunction from DFG IR
https://bugs.webkit.org/show_bug.cgi?id=156439

Reviewed by Saam Barati.

It seems that NewArrowFunction was left in DFG IR during refactoring by mistake.

dfg/DFGAbstractInterpreterInlines.h:
dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGClobbersExitState.cpp:
dfg/DFGDoesGC.cpp:
dfg/DFGFixupPhase.cpp:
dfg/DFGMayExit.cpp:
dfg/DFGNode.h:

(JSC::DFG::Node::convertToPhantomNewFunction):

dfg/DFGNodeType.h:
dfg/DFGObjectAllocationSinkingPhase.cpp:
dfg/DFGPredictionPropagationPhase.cpp:
dfg/DFGSafeToExecute.h:
dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewFunction):

dfg/DFGSpeculativeJIT32_64.cpp:
dfg/DFGSpeculativeJIT64.cpp:
dfg/DFGStoreBarrierInsertionPhase.cpp:
dfg/DFGStructureRegistrationPhase.cpp:
ftl/FTLCapabilities.cpp:
ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):

12:00 PM Changeset in webkit [199299] by oliver@apple.com

21 edits in trunk

Remove compile time define for SEPARATED_HEAP
https://bugs.webkit.org/show_bug.cgi?id=155508

Reviewed by Mark Lam.

Source/JavaScriptCore:

Remove the SEPARATED_HEAP compile time flag. The separated
heap is available, but off by default, on x86_64, ARMv7, and
ARM64.

Working through the issues that happened last time essentially
required implementing the ARMv7 path for the separated heap
just so I could find all the ways it was going wrong.

We fixed all the logic by making the branch and jump logic in
the linker and assemblers take two parameters, the location to
write to, and the location we'll actually be writing to. We
need to do this because it's no longer sufficient to compute
jumps relative to region the linker is writing to.

The repatching jump, branch, and call functions only need the
executable address as the patching is performed directly using
performJITMemcpy function which works in terms of the executable
address.

There is no performance impact on jsc-benchmarks with the separate
heap either emabled or disabled.

Configurations/FeatureDefines.xcconfig:
assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::linkJump):
(JSC::ARM64Assembler::linkCall):
(JSC::ARM64Assembler::relinkJump):
(JSC::ARM64Assembler::relinkCall):
(JSC::ARM64Assembler::link):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):
(JSC::ARM64Assembler::relinkJumpOrCall):

assembler/ARMv7Assembler.h:

(JSC::ARMv7Assembler::revertJumpTo_movT3movtcmpT2):
(JSC::ARMv7Assembler::revertJumpTo_movT3):
(JSC::ARMv7Assembler::link):
(JSC::ARMv7Assembler::linkJump):
(JSC::ARMv7Assembler::relinkJump):
(JSC::ARMv7Assembler::repatchCompact):
(JSC::ARMv7Assembler::replaceWithJump):
(JSC::ARMv7Assembler::replaceWithLoad):
(JSC::ARMv7Assembler::replaceWithAddressComputation):
(JSC::ARMv7Assembler::setInt32):
(JSC::ARMv7Assembler::setUInt7ForLoad):
(JSC::ARMv7Assembler::isB):
(JSC::ARMv7Assembler::isBX):
(JSC::ARMv7Assembler::isMOV_imm_T3):
(JSC::ARMv7Assembler::isMOVT):
(JSC::ARMv7Assembler::isNOP_T1):
(JSC::ARMv7Assembler::isNOP_T2):
(JSC::ARMv7Assembler::linkJumpT1):
(JSC::ARMv7Assembler::linkJumpT2):
(JSC::ARMv7Assembler::linkJumpT3):
(JSC::ARMv7Assembler::linkJumpT4):
(JSC::ARMv7Assembler::linkConditionalJumpT4):
(JSC::ARMv7Assembler::linkBX):
(JSC::ARMv7Assembler::linkConditionalBX):
(JSC::ARMv7Assembler::linkJumpAbsolute):

assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::copyCompactAndLinkCode):

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::link):

assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::link):

jit/ExecutableAllocator.h:

(JSC::performJITMemcpy):

jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
(JSC::FixedVMPoolExecutableAllocator::jitWriteThunkGenerator):
(JSC::FixedVMPoolExecutableAllocator::genericWriteToJITRegion):
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): Deleted.

runtime/Options.cpp:

(JSC::recomputeDependentOptions):

runtime/Options.h:

Source/WebCore:

Configurations/FeatureDefines.xcconfig:

Source/WebKit/mac:

Configurations/FeatureDefines.xcconfig:

Source/WebKit2:

Configurations/FeatureDefines.xcconfig:

Source/WTF:

wtf/FeatureDefines.h:
wtf/Platform.h:

11:49 AM Changeset in webkit [199298] by Chris Dumez

15 edits
2 deletes in trunk/Source/WebCore

Merge AttributedDOMTokenList into DOMTokenList
https://bugs.webkit.org/show_bug.cgi?id=156468

Reviewed by Ryosuke Niwa.

Merge AttributedDOMTokenList into DOMTokenList to simplify the code.
DOMTokenList is not constructible and AttributedDOMTokenList is its
only constructible subclass after r196123.

CMakeLists.txt:
WebCore.xcodeproj/project.pbxproj:
dom/Element.cpp:

(WebCore::Element::classList):

dom/ElementRareData.h:

(WebCore::ElementRareData::classList):
(WebCore::ElementRareData::setClassList):

html/AttributeDOMTokenList.cpp: Removed.
html/AttributeDOMTokenList.h: Removed.
html/DOMTokenList.cpp:

(WebCore::DOMTokenList::DOMTokenList):
(WebCore::DOMTokenList::attributeValueChanged):
(WebCore::DOMTokenList::updateAfterTokenChange):

html/DOMTokenList.h:

(WebCore::DOMTokenList::ref):
(WebCore::DOMTokenList::deref):
(WebCore::DOMTokenList::element):
(WebCore::DOMTokenList::~DOMTokenList): Deleted.
(WebCore::DOMTokenList::updateAfterTokenChange): Deleted.

html/HTMLAnchorElement.cpp:

(WebCore::HTMLAnchorElement::relList):

html/HTMLAnchorElement.h:
html/HTMLIFrameElement.cpp:

(WebCore::HTMLIFrameElement::sandbox):

html/HTMLIFrameElement.h:
html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::sizes):
(WebCore::HTMLLinkElement::relList):

html/HTMLLinkElement.h:
html/HTMLOutputElement.cpp:

(WebCore::HTMLOutputElement::htmlFor):

html/HTMLOutputElement.h:

11:20 AM Changeset in webkit [199297] by fpizlo@apple.com

9 edits in trunk/Source/JavaScriptCore

Clean up how we reason about the states of AccessCases
https://bugs.webkit.org/show_bug.cgi?id=156454

Reviewed by Mark Lam.

Currently when we add an AccessCase to a PolymorphicAccess stub, we regenerate the stub.
That means that as we grow a stub to have N cases, we will do O(N^{2) generation work. I want

to explore buffering AccessCases so that we can do O(N) generation work instead. But to

before I go there, I want to make sure that the statefulness of AccessCase makes sense. So,

I broke it down into three different states and added assertions about the transitions. I

also broke out a separate operation called AccessCase::commit(), which is the work that

cannot be buffered since there cannot be any JS effects between when the AccessCase was

created and when we do the work in commit().

This opens up a fairly obvious path to buffering AccessCases: add them to the list without

regenerating. Then when we do eventually trigger regeneration, those cases will get cloned

and generated automagically. This patch doesn't implement this technique yet, but gives us

an opportunity to independently test the scaffolding necessary to do it.}

This is perf-neutral on lots of tests.

bytecode/PolymorphicAccess.cpp:

(JSC::AccessGenerationResult::dump):
(JSC::AccessCase::clone):
(JSC::AccessCase::commit):
(JSC::AccessCase::guardedByStructureCheck):
(JSC::AccessCase::dump):
(JSC::AccessCase::generateWithGuard):
(JSC::AccessCase::generate):
(JSC::AccessCase::generateImpl):
(JSC::PolymorphicAccess::regenerateWithCases):
(JSC::PolymorphicAccess::regenerate):
(WTF::printInternal):

bytecode/PolymorphicAccess.h:

(JSC::AccessCase::type):
(JSC::AccessCase::state):
(JSC::AccessCase::offset):
(JSC::AccessCase::viaProxy):
(JSC::AccessCase::callLinkInfo):

bytecode/StructureStubInfo.cpp:

(JSC::StructureStubInfo::addAccessCase):

bytecode/Watchpoint.h:
dfg/DFGOperations.cpp:
jit/Repatch.cpp:

(JSC::repatchGetByID):
(JSC::repatchPutByID):
(JSC::repatchIn):

runtime/VM.cpp:

(JSC::VM::dumpRegExpTrace):
(JSC::VM::ensureWatchpointSetForImpureProperty):
(JSC::VM::registerWatchpointForImpureProperty):
(JSC::VM::addImpureProperty):

runtime/VM.h:

9:50 AM Changeset in webkit [199296] by Chris Dumez

15 edits in trunk

DOMTokenList.contains() should not throw
https://bugs.webkit.org/show_bug.cgi?id=156453

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Re-sync dom/nodes/Element-classlist.html with upstream @26308720.

web-platform-tests/dom/nodes/Element-classlist-expected.txt:
web-platform-tests/dom/nodes/Element-classlist.html:

Source/WebCore:

DOMTokenList.contains() should not throw if the input token is invalid:
https://github.com/whatwg/dom/commit/6d3076e3cbcba662489b272a718bc6b8c0082a74

We now return false in such cases, instead of throwing, which should be
safe with regards to backward compatibility.

No new tests, already covered by existing tests.

html/DOMTokenList.cpp:

(WebCore::DOMTokenList::contains):

html/DOMTokenList.h:
html/DOMTokenList.idl:

LayoutTests:

Update existing layout tests now that DOMTokenList.contains() no longer
throws when called with an invalid token.

fast/dom/HTMLElement/class-list-expected.txt:
fast/dom/HTMLElement/class-list-quirks-expected.txt:
fast/dom/HTMLElement/script-tests/class-list.js:

(shouldThrowDOMException): Deleted.

fast/dom/HTMLOutputElement/dom-settable-token-list-expected.txt:
fast/dom/HTMLOutputElement/script-tests/dom-settable-token-list.js:

(shouldThrowDOMException): Deleted.

fast/dom/rel-list-expected.txt:
fast/dom/rel-list.html:

9:07 AM WebKitIDL edited by Chris Dumez

Add [ExportMacro] (diff)

8:45 AM MathML/Early_2016_Refactoring edited by fred.wang@free.fr

(diff)

8:38 AM Changeset in webkit [199295] by fred.wang@free.fr

15 edits
2 adds in trunk

Refactor RenderMathMLFraction layout to avoid using flexbox
https://bugs.webkit.org/show_bug.cgi?id=153917

Patch by Frederic Wang <fwang@igalia.com> on 2016-04-11
Reviewed by Sergio Villar Senin.

Source/WebCore:

Based on a patch by Alejandro G. Castro <alex@igalia.com>

Implement the layoutBlock method to handle the layout calculations
directly in the class. This also fixes parsing of absolute values for
linethickness attribute (e.g. 10px) and adds support for the AxisHeight
and FractionRuleThickness MATH parameters.

Test: mathml/opentype/fraction-line.html

accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::mathLineThickness): Use the thickness relative to the
default line thickness since that's really what is expected by mathml-line-fraction.html

css/mathml.css: Remove flexbox properties for mfrac.

(mfrac): Deleted.
(mfrac > *): Deleted.
(mfrac[numalign="left"] > :first-child): Deleted.
(mfrac[numalign="right"] > :first-child): Deleted.
(mfrac[denomalign="left"] > :last-child): Deleted.
(mfrac[denomalign="right"] > :last-child): Deleted.
(mfrac > :first-child): Deleted.
(mfrac > :last-child): Deleted.
(mfrac): Deleted.

rendering/mathml/RenderMathMLBlock.cpp: Introduce a helper function to retrieve the math

axis height.
(WebCore::RenderMathMLBlock::mathAxisHeight):

rendering/mathml/RenderMathMLBlock.h: Declare mathAxisHeight.
rendering/mathml/RenderMathMLFraction.cpp:

(WebCore::RenderMathMLFraction::RenderMathMLFraction):
(WebCore::RenderMathMLFraction::parseAlignmentAttribute): Helper function to parse the align
attribute.
(WebCore::RenderMathMLFraction::isValid): Helper function to verify whether the child list
is valid with respect to the MathML specificitation.
(WebCore::RenderMathMLFraction::numerator): Helper function to retrieve the numerator.
(WebCore::RenderMathMLFraction::denominator): Helper function to retrieve the denominator.
(WebCore::RenderMathMLFraction::updateFromElement): Use the FractionRuleThickness parameter
when avaiable to calculate the default linethickness.
Fix computation of linethickness for absolute values (e.g. 10px), the default linethickness
must not be involved for such values.
We no longer need to manage style of anonymous wrappers.
(WebCore::RenderMathMLFraction::unembellishedOperator): Use the helper function and we no
longer care about anonymous wrappers.
(WebCore::RenderMathMLFraction::computePreferredLogicalWidths): Implement this function
without using flexbox.
(WebCore::RenderMathMLFraction::horizontalOffset): Helper function to get the horizontal
offsets of children depending of the alignment.
(WebCore::RenderMathMLFraction::layoutBlock): Implement this function without using flexbox.
(WebCore::RenderMathMLFraction::paint): Do not paint if the fraction is invalid. Use helper
function. Use the width of the renderer (instead of the one of the denominator) as the
length of the fraction bar.
(WebCore::RenderMathMLFraction::firstLineBaseline): Use the helper functions to get children
and axis height.
(WebCore::RenderMathMLFraction::paintChildren): Temporary function to remove in a
follow-up patch.
(WebCore::RenderMathMLFraction::fixChildStyle): Deleted. We no longer need to manage style
of anonymous wrappers.
(WebCore::RenderMathMLFraction::addChild): Deleted. We no longer need to manage
anonymous wrappers.
(WebCore::RenderMathMLFraction::styleDidChange): We no longer need to manage style of
anonymous wrappers.
(WebCore::RenderMathMLFraction::layout): Deleted.

rendering/mathml/RenderMathMLFraction.h: Replace lineThickness with relativeLineThickness,

as needed by the accessibility code. Update function and members declarations.

LayoutTests:

TestExpectations: No longer skip mathml/presentation/fractions-positions.html
mathml/opentype/fraction-line-expected.html: Added. New test to verify AxisHeight and

FractionRuleThickness parameters.

mathml/opentype/fraction-line.html: Added. New test to verify axis height and rule

thickness parameters.

mathml/presentation/fractions-linethickness-expected.html: Adjust the test to be sure that

the default rule thickness is 1px.

mathml/presentation/fractions-linethickness.html: Adjust the test to be sure that the

default rule thickness is 1px.

platform/gtk/mathml/presentation/roots-expected.txt: Update reference to take into account

changes in the render tree.

platform/ios-simulator/mathml/presentation/roots-expected.txt: Ditto
platform/mac/TestExpectations: Mark fraction-line and fractions-linethickness as

possibly failing since these tests require Latin Modern Math to work reliably.

platform/ios-simulator/TestExpectations: Ditto

5:46 AM Changeset in webkit [199294] by commit-queue@webkit.org

25 edits
1 copy
2 deletes in trunk

Unreviewed, rolling out r199290.
https://bugs.webkit.org/show_bug.cgi?id=156465

broke 300 tests (Requested by mcatanzaro on #webkit).

Reverted changeset:

"Merge CG ImageSource and non CG ImageSource implementation in
one file"
https://bugs.webkit.org/show_bug.cgi?id=155456
http://trac.webkit.org/changeset/199290

5:12 AM MathML/Early_2016_Refactoring edited by fred.wang@free.fr

(diff)

5:11 AM Changeset in webkit [199293] by fred.wang@free.fr

13 edits
2 adds in trunk

Refactor RenderMathMLUnderOver layout functions to avoid using flexbox
https://bugs.webkit.org/show_bug.cgi?id=153742

Patch by Frederic Wang <fwang@igalia.com> on 2016-04-11
Reviewed by Sergio Villar Senin.

Source/WebCore:

Based on a patch by Javier Fernandez <jfernandez@igalia.com>

Refactor the UnderOver renderer to use its own layoutBlock method that
does all the layout calculations without considering the flexbox
restrictions.

css/mathml.css:

(mo, mfrac, munder, mover, munderover): Delete the underover elements from the line defining
the column direction.
(munder, mover, munderover): Deleted. This flexbox property is no longer needed.
(mover > :last-child, munderover > :last-child): Deleted. This flexbox property is no longer
needed.

rendering/mathml/RenderMathMLUnderOver.cpp:

(WebCore::RenderMathMLUnderOver::firstLineBaseline): Use ascentForChild.
(WebCore::RenderMathMLUnderOver::computeOperatorsHorizontalStretch): Avoid stretching
operators that are not stretchy.
(WebCore::RenderMathMLUnderOver::isValid): Helper function to ensure that the child list is
valid with respect to the MathML specification.
(WebCore::RenderMathMLUnderOver::base): Added. Helper function.
(WebCore::RenderMathMLUnderOver::under): Added. Helper function.
(WebCore::RenderMathMLUnderOver::over): Added. Helper function.
(WebCore::RenderMathMLUnderOver::computePreferredLogicalWidths): Added.
The preferred width is the maximum preferred width of the base, under and over scripts.
(WebCore::RenderMathMLUnderOver::horizontalOffset): Added, helper to calculate the
horizontal position of children (horizontally centered).
(WebCore::RenderMathMLUnderOver::layoutBlock): Added, it lays out the base, underscript and
overscript. It calculates the exact logical width, which may differ from the preferred width when
one child contains stretchy operators. It later sets the locations of children accordingly
and sets the heigth of the render element.
(WebCore::RenderMathMLUnderOver::paintChildren): Added, we have to use the usual traverse
instead of the one that comes from the flexbox. This will be removed in a follow-up patch.
(WebCore::RenderMathMLUnderOver::layout): Deleted.

rendering/mathml/RenderMathMLUnderOver.h: Added new functions definitions.

LayoutTests:

Apply some small adjustments to the expectations of MathML tests after
the refactoring of RenderMathMLUnderOver. We also add a test for
non-stretchy horizontal operators in underover.

platform/gtk/mathml/opentype/horizontal-expected.png:
platform/gtk/mathml/opentype/horizontal-expected.txt:
platform/gtk/mathml/opentype/opentype-stretchy-horizontal-expected.png:
platform/gtk/mathml/opentype/opentype-stretchy-horizontal-expected.txt:
platform/mac/mathml/opentype/opentype-stretchy-horizontal-expected.png:
platform/mac/mathml/opentype/opentype-stretchy-horizontal-expected.txt:
mathml/mn-as-list-item-assert.html: Move the test description out of the invalid munderover

so that it is still displayed.

mathml/mn-as-list-item-assert-expected.txt: Update the text expectation.
mathml/presentation/underover-nonstretchy-horizontal.html: Ensure that nonstretchy horizontal operators are not stretched in munderover.
mathml/presentation/underover-nonstretchy-horizontal-expected.html: Ditto.

3:59 AM Changeset in webkit [199292] by Carlos Garcia Campos

7 edits
3 adds in trunk

[GTK] Rework the theming code for GTK+ 3.20
https://bugs.webkit.org/show_bug.cgi?id=156333

Reviewed by Michael Catanzaro.

Add a manual test to check how themed elements are rendered.

ManualTests/gtk/theme.html: Added.

Source/WebCore:

During the 3.19 GTK+ release cycle, the GTK+ css system was reworked, making themes and programs rendering
themed widgets, incompatible with the new system. We were trying to fix our rendering every time GTK+ broke
something, but we were just changing whatever it was needed to make our rendering look like current GTK+ with
the default theme Adwaita. This means that our rendering will be broken for other themes or that changes in
Adwaita can break our rendering. This solution was good enough to ensure WebKitGTK+ 2.12 looked good with GTK+
3.20, but it doesn't work in the long term. We need to ensure that our theming code honors the new GTK+ CSS
properties (max-width, min-width, margin, padding, border, ...) in all the cases, not only the cases where
Adwaita uses them like we currently do.
This patch splits all rendering methods to keep the current code for previous GTK+ versions and adds new code
for GTK+ >= 3.20 using the new RenderThemeGadget classes. This makes the code easier to read, since there aren't
ifdef blocks in the functions, and we ensure we don't break previous rendering.

PlatformGTK.cmake: Add new files to compilation.
html/shadow/SpinButtonElement.cpp:

(WebCore::SpinButtonElement::defaultEventHandler): Check the button layout used by the theme to decide the
current buttons state.

platform/gtk/RenderThemeGadget.cpp: Added.

(WebCore::RenderThemeGadget::create):
(WebCore::createStyleContext):
(WebCore::appendElementToPath):
(WebCore::RenderThemeGadget::RenderThemeGadget):
(WebCore::RenderThemeGadget::~RenderThemeGadget):
(WebCore::RenderThemeGadget::marginBox):
(WebCore::RenderThemeGadget::borderBox):
(WebCore::RenderThemeGadget::paddingBox):
(WebCore::RenderThemeGadget::contentsBox):
(WebCore::RenderThemeGadget::color):
(WebCore::RenderThemeGadget::backgroundColor):
(WebCore::RenderThemeGadget::minimumSize):
(WebCore::RenderThemeGadget::preferredSize):
(WebCore::RenderThemeGadget::render):
(WebCore::RenderThemeGadget::renderFocus):
(WebCore::RenderThemeBoxGadget::RenderThemeBoxGadget):
(WebCore::RenderThemeTextFieldGadget::RenderThemeTextFieldGadget):
(WebCore::RenderThemeTextFieldGadget::minimumSize):
(WebCore::RenderThemeToggleGadget::RenderThemeToggleGadget):
(WebCore::RenderThemeToggleGadget::render):
(WebCore::RenderThemeArrowGadget::RenderThemeArrowGadget):
(WebCore::RenderThemeArrowGadget::render):
(WebCore::RenderThemeIconGadget::RenderThemeIconGadget):
(WebCore::RenderThemeIconGadget::gtkIconSizeForPixelSize):
(WebCore::RenderThemeIconGadget::render):
(WebCore::RenderThemeIconGadget::minimumSize):

platform/gtk/RenderThemeGadget.h: Added.

(WebCore::RenderThemeGadget::context):

rendering/RenderTheme.h:

(WebCore::RenderTheme::innerSpinButtonLayout): Added this method to allow themes use a different layout for the
buttons.

rendering/RenderThemeGtk.cpp:

(WebCore::themeChangedCallback): Just moved this code to a common place.
(WebCore::RenderThemeGtk::RenderThemeGtk): Initialize the theme monitor in the constructor.
(WebCore::createStyleContext): Remove the render parts that are specific to GTK+ 3.20.
(WebCore::RenderThemeGtk::adjustRepaintRect): Moved inside a GTK+ < 3.20 ifdef block.
(WebCore::themePartStateFlags): Helper function to get the GtkStateFlags of a theme part for a given RenderObject.
(WebCore::shrinkToMinimumSizeAndCenterRectangle): Move this common code to a helper function.
(WebCore::setToggleSize):
(WebCore::paintToggle):
(WebCore::RenderThemeGtk::paintButton):
(WebCore::RenderThemeGtk::popupInternalPaddingBox):
(WebCore::RenderThemeGtk::paintMenuList):
(WebCore::RenderThemeGtk::adjustTextFieldStyle): For GTK+ 3.20 we need to ensure a minimum size for spin buttons,
so if the text field is for a spin button, we adjust the desired size here.
(WebCore::RenderThemeGtk::paintTextField): In GTK+ 3.20 the CSS gadgets used to render spin buttons are
different, so we check here if this is the entry of a spin button to use the right gadgets.
(WebCore::adjustSearchFieldIconStyle):
(WebCore::RenderThemeGtk::paintTextArea):
(WebCore::RenderThemeGtk::adjustSearchFieldResultsButtonStyle):
(WebCore::RenderThemeGtk::paintSearchFieldResultsButton):
(WebCore::RenderThemeGtk::adjustSearchFieldResultsDecorationPartStyle):
(WebCore::RenderThemeGtk::adjustSearchFieldCancelButtonStyle):
(WebCore::paintSearchFieldIcon):
(WebCore::RenderThemeGtk::paintSearchFieldResultsDecorationPart):
(WebCore::RenderThemeGtk::paintSearchFieldCancelButton):
(WebCore::centerRectVerticallyInParentInputElement): Moved inside a GTK+ < 3.20 ifdef block.
(WebCore::RenderThemeGtk::paintSliderTrack):
(WebCore::RenderThemeGtk::adjustSliderThumbSize):
(WebCore::RenderThemeGtk::paintSliderThumb):
(WebCore::RenderThemeGtk::progressBarRectForBounds): Ensure a minimum size of progress bars in GTK+ 3.20.
(WebCore::RenderThemeGtk::paintProgressBar):
(WebCore::RenderThemeGtk::innerSpinButtonLayout): Use an horizontal layout for spin buttons.
(WebCore::RenderThemeGtk::adjustInnerSpinButtonStyle):
(WebCore::RenderThemeGtk::paintInnerSpinButton):
(WebCore::styleColor):
(WebCore::RenderThemeGtk::paintMediaButton):

rendering/RenderThemeGtk.h:

2:13 AM Changeset in webkit [199291] by Antti Koivisto

13 edits in trunk

Implement functional :host() pseudo class
https://bugs.webkit.org/show_bug.cgi?id=156397
<rdar://problem/25621445>

Reviewed by Darin Adler.

Source/WebCore:

We already support :host. Add functional syntax too.

css/CSSGrammar.y.in:

Parse functional :host().

css/CSSParser.cpp:

(WebCore::CSSParser::detectFunctionTypeToken):

css/CSSParserValues.cpp:

(WebCore::CSSParserSelector::parsePseudoClassHostFunctionSelector):

css/CSSParserValues.h:
css/ElementRuleCollector.cpp:

(WebCore::ElementRuleCollector::matchedRuleList):
(WebCore::ElementRuleCollector::addMatchedRule):

Factor some shared code here.

(WebCore::ElementRuleCollector::matchHostPseudoClassRules):

Instead of using the generic paths use a :host specific code path for matching.
This makes it easier to avoid :host matching when it shouldn't.

(WebCore::ElementRuleCollector::collectMatchingRulesForList):

css/ElementRuleCollector.h:
css/RuleSet.cpp:

(WebCore::computeMatchBasedOnRuleHash):

:host is always handled by the special matching path.

css/SelectorChecker.cpp:

(WebCore::SelectorChecker::match):
(WebCore::SelectorChecker::matchHostPseudoClass):

Add a function specifically for checking :host. In always fails on the normal code paths.
Check the argument selector if provided.

(WebCore::hasScrollbarPseudoElement):

css/SelectorChecker.h:

LayoutTests:

Enable, fix and expand the test.

fast/shadow-dom/css-scoping-shadow-host-functional-rule.html:
platform/mac/TestExpectations:

12:30 AM MathML edited by fred.wang@free.fr

Update Bugzilla links (diff)

12:29 AM Changeset in webkit [199290] by commit-queue@webkit.org

25 edits
2 adds
1 delete in trunk

Merge CG ImageSource and non CG ImageSource implementation in one file
https://bugs.webkit.org/show_bug.cgi?id=155456

Patch by Said Abou-Hallawa <sabouhallawa@apple,com> on 2016-04-11
Reviewed by Darin Adler.
Source/WebCore:

Test: fast/images/image-subsampling.html

CMakeLists.txt:
PlatformAppleWin.cmake:
PlatformMac.cmake:
WebCore.xcodeproj/project.pbxproj:

Delete ImageSourceCG.cpp form all make files and add ImageSource.cpp to
CMakeLists.txt.

platform/Cursor.cpp:

(WebCore::determineHotSpot):

platform/graphics/BitmapImage.cpp:

(WebCore::BitmapImage::hotSpot):
(WebCore::BitmapImage::getHotSpot): Deleted.

platform/graphics/BitmapImage.h:
platform/graphics/Image.h:

(WebCore::Image::hotSpot):
(WebCore::Image::getHotSpot): Deleted.
Rename getHotSpot() to hotSpot() and change it to return Optional<IntPoint>.

platform/graphics/ImageSource.cpp:

(WebCore::ImageSource::setData): Pass SharedBuffer& to the underlying functions.

(WebCore::ImageSource::calculateMaximumSubsamplingLevel): Returns the maximum
subsampling level allowed for an image.

(WebCore::ImageSource::subsamplingLevelForScale): Converts from a scale to
SubsamplingLevel taking into consideration the maximumSubsamplingLevel for
a particular image.

(WebCore::ImageSource::dump): Called from BitmapImage::dump().

(WebCore::ImageSource::getHotSpot): Deleted.

platform/graphics/ImageSource.h:

(WebCore::ImageSource::setAllowSubsampling): Called from BitmapImage::setAllowSubsampling().

(WebCore::ImageSource::maxPixelsPerDecodedImage): Deleted.
(WebCore::ImageSource::setMaxPixelsPerDecodedImage): Deleted.
Setting maxPixelsPerDecodedImage was moved to the non CG ImageDecoder.

platform/graphics/cg/ImageDecoderCG.cpp:

(WebCore::ImageDecoder::setData): Change SharedBuffer* to SharedBuffer&.

(WebCore::ImageDecoder::subsamplingLevelForScale): Deleted.
The code was moved to ImageSource::subsamplingLevelForScale().

platform/graphics/cg/ImageDecoderCG.h:

(WebCore::ImageDecoder::create): Make the prototype of this function
suitable for CG and non CG cases.
(WebCore::ImageDecoder::clearFrameBufferCache): Empty functions for CG.

platform/graphics/cg/ImageSourceCG.cpp: Removed.

platform/image-decoders/ImageDecoder.cpp:

(WebCore::ImageDecoder::frameIsCompleteAtIndex): A mew function to return
whether the frame decoding is complete or not.

(WebCore::ImageDecoder::frameHasAlphaAtIndex): Simplify the logic.

(WebCore::ImageDecoder::frameDurationAtIndex): The code was moved from
ImageSource::frameDurationAtIndex() in ImageSource.cpp.

(WebCore::ImageDecoder::createFrameImageAtIndex): The code was moved from
ImageSource::createFrameImageAtIndex() in ImageSource.cpp.

platform/image-decoders/ImageDecoder.h:

(WebCore::ImageDecoder::hotSpot): Return Optional<IntPoint>.

(WebCore::ImageDecoder::orientation): Deleted.
(WebCore::ImageDecoder::setMaxNumPixels): Deleted.

platform/image-decoders/bmp/BMPImageDecoder.cpp:

(WebCore::BMPImageDecoder::setData):

platform/image-decoders/bmp/BMPImageDecoder.h:
platform/image-decoders/gif/GIFImageDecoder.cpp:

(WebCore::GIFImageDecoder::setData):
(WebCore::GIFImageDecoder::decode):

platform/image-decoders/gif/GIFImageDecoder.h:
platform/image-decoders/gif/GIFImageReader.h:

(GIFImageReader::setData):

platform/image-decoders/ico/ICOImageDecoder.cpp:

(WebCore::ICOImageDecoder::setData):
Use reference SharedBuffer instead of pointer SharedBuffer.

(WebCore::ICOImageDecoder::hotSpot):
(WebCore::ICOImageDecoder::hotSpotAtIndex):
Change hotSpot() to return Optional<IntPoint>.

platform/image-decoders/ico/ICOImageDecoder.h:

(WebCore::ICOImageDecoder::setDataForPNGDecoderAtIndex):
Pass reference SharedBuffer instead of pointer SharedBuffer.

Source/WebKit2:

UIProcess/API/efl/EwkView.cpp:

(EwkView::setCursor):
Replace the call to Image::getHotSpot() by Image::hotSpot().

LayoutTests:

Add a test for image sub-sampling. The image subsampling is enabled by
default for iOS platform only. But it can be explicitly enabled through
the setting ImageSubsamplingEnabled.

fast/images/image-subsampling-expected.html: Added.
fast/images/image-subsampling.html: Added.

12:28 AM Changeset in webkit [199289] by commit-queue@webkit.org

28 edits in trunk

[CMake] Make FOLDER property INHERITED
https://bugs.webkit.org/show_bug.cgi?id=156460

Patch by Fujii Hironori <Hironori.Fujii@jp.sony.com> on 2016-04-11
Reviewed by Brent Fulgham.

Some CMake targets are not setting the FOLDER property. This causes the
generated projects to be displayed in the top-level folder of the solution.

Making the FOLDER property INHERITED ensures that all the targets
are placed in their proper directories.

Source/cmake/OptionsCommon.cmake:

Define FOLDER property as a inherited property.

Source/cmake/WebKitMacros.cmake:

Do not set FOLDER target property.

Source/bmalloc:

CMakeLists.txt: