Timeline



Jan 10, 2018:

11:26 PM Changeset in webkit [226766] by aestes@apple.com
  • 16 edits
    3 moves
    2 adds
    2 deletes in trunk

[Payment Request] Rename ApplePayMerchantValidationEvent to MerchantValidationEvent
https://bugs.webkit.org/show_bug.cgi?id=181437
<rdar://problem/36376481>

Reviewed by Tim Horton.
Source/WebCore:

Renamed ApplePayMerchantValidationEvent to MerchantValidationEvent and changed complete() to accept a Promise.

Test: http/tests/paymentrequest/payment-request-merchant-validation.https.html

  • DerivedSources.make:
  • Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:

(WebCore::ApplePayPaymentHandler::merchantValidationCompleted):
(WebCore::ApplePayPaymentHandler::validateMerchant):

  • Modules/applepay/paymentrequest/ApplePayPaymentHandler.h:
  • Modules/paymentrequest/MerchantValidationEvent.cpp: Renamed from Source/WebCore/Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.cpp.

(WebCore::MerchantValidationEvent::create):
(WebCore::MerchantValidationEvent::MerchantValidationEvent):
(WebCore::MerchantValidationEvent::eventInterface const):
(WebCore::MerchantValidationEvent::complete):

  • Modules/paymentrequest/MerchantValidationEvent.h: Renamed from Source/WebCore/Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.h.
  • Modules/paymentrequest/MerchantValidationEvent.idl: Renamed from Source/WebCore/Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.idl.
  • Modules/paymentrequest/PaymentHandler.h:
  • Modules/paymentrequest/PaymentRequest.cpp:

(WebCore::PaymentRequest::completeMerchantValidation):

  • Modules/paymentrequest/PaymentRequest.h:
  • Modules/paymentrequest/PaymentRequest.idl:
  • WebCore.xcodeproj/project.pbxproj:
  • dom/EventNames.h:
  • dom/EventNames.in:

LayoutTests:

  • http/tests/paymentrequest/payment-request-change-shipping-address.https.html:
  • http/tests/paymentrequest/payment-request-change-shipping-option.https.html:
  • http/tests/paymentrequest/payment-request-merchant-validation.https-expected.txt: Added.
  • http/tests/paymentrequest/payment-request-merchant-validation.https.html: Added.
  • http/tests/paymentrequest/resources/helpers.js:

(async.getPaymentRequestResponse):

  • http/tests/paymentrequest/updateWith-method-pmi-handling.https.html:
  • http/tests/ssl/applepay/ApplePayMerchantValidationEvent.https-expected.txt: Removed.
  • http/tests/ssl/applepay/ApplePayMerchantValidationEvent.https.html: Removed.
11:07 PM Changeset in webkit [226765] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebInspectorUI

REGRESSION(r218975): Web Inspector: Add back NavigationSidebarPanel initialization parameter used by SearchSidebarPanel (top overflow shadow)
https://bugs.webkit.org/show_bug.cgi?id=181518
<rdar://problem/36427197>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2018-01-10
Reviewed by Matt Baker.

  • UserInterface/Views/NavigationSidebarPanel.css:

(.sidebar > .panel.navigation > .overflow-shadow.top):

  • UserInterface/Views/NavigationSidebarPanel.js:

(WI.NavigationSidebarPanel):
Add back the initialization parameter still used by SearchSidebarPanel
and add back its implementation. There were still references to
dynamically update _topOverflowShadowElement in NavigationSidebarPanel.

11:05 PM Changeset in webkit [226764] by Carlos Garcia Campos
  • 4 edits in trunk/WebDriverTests

Unreviewed. Update W3C WebDriver imported tests.

  • imported/w3c/importer.json:
  • imported/w3c/webdriver/tests/sessions/new_session/invalid_capabilities.py:
  • imported/w3c/webdriver/tests/sessions/new_session/support/create.py:
11:05 PM Changeset in webkit [226763] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Incorrect check with WI.debuggableType
https://bugs.webkit.org/show_bug.cgi?id=181515
<rdar://problem/36425509>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2018-01-10
Reviewed by Brian Burg.

  • UserInterface/Base/Main.js:

(WI.contentLoaded):
This moved to WI.sharedApp a while ago.

10:34 PM Changeset in webkit [226762] by jeffm@apple.com
  • 2 edits in trunk/Source/WebKit

-[WKWebView _web_gestureEventWasNotHandledByWebCore:] should call -_gestureEventWasNotHandledByWebCore:
https://bugs.webkit.org/show_bug.cgi?id=181498

Reviewed by Alex Christensen.

WKView's API contract allows clients to override -_gestureEventWasNotHandledByWebCore:, and -[WKView
_web_gestureEventWasNotHandledByWebCore:] calls -_gestureEventWasNotHandledByWebCore: instead of
invoking WebViewImpl::gestureEventWasNotHandledByWebCoreFromViewOnly() directly. WKWebView should do
the same thing.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _web_gestureEventWasNotHandledByWebCore:]):
Call -_gestureEventWasNotHandledByWebCore:, which will call gestureEventWasNotHandledByWebCoreFromViewOnly().

10:13 PM Changeset in webkit [226761] by Adrian Perez de Castro
  • 2 edits in trunk/Tools

[GTK] Tools/gtk/install-dependencies: Packages geoclue, ruby-highline, xorg-utils do not exist in Arch Linux
https://bugs.webkit.org/show_bug.cgi?id=181475

Reviewed by Michael Catanzaro.

  • gtk/install-dependencies: Update package list for Arch Linux, extend

message shown at end of installation with additional tips.

9:15 PM Changeset in webkit [226760] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Update TestExpectations for http/tests/misc/submit-post-keygen.html.
https://bugs.webkit.org/show_bug.cgi?id=121331

Unreviewed test gardening.

  • platform/mac/TestExpectations:
9:06 PM Changeset in webkit [226759] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark swipe/pushstate-with-manual-scrollrestoration.html as failing.
https://bugs.webkit.org/show_bug.cgi?id=181502

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
8:57 PM Changeset in webkit [226758] by pvollan@apple.com
  • 2 edits in trunk

[Win] WebKitLegacy should be a dll, not a static library.
https://bugs.webkit.org/show_bug.cgi?id=181500

Reviewed by Alex Christensen.

Set WebKitLegacy library type to shared.

  • Source/cmake/OptionsWin.cmake:
8:16 PM Changeset in webkit [226757] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark accessibility/mac/aria-multiple-liveregions-notification.html as flaky.
https://bugs.webkit.org/show_bug.cgi?id=181494

Unreviewed test gardening.

  • platform/mac/TestExpectations:
8:06 PM Changeset in webkit [226756] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Mark http/tests/misc/slow-loading-animated-image.html as flaky.
https://bugs.webkit.org/show_bug.cgi?id=181479

Unreviewed test gardening.

  • platform/mac/TestExpectations:
7:36 PM Changeset in webkit [226755] by Matt Baker
  • 4 edits
    2 adds in trunk

Web Inspector: Canvas tab: throttle recording slider updates
https://bugs.webkit.org/show_bug.cgi?id=180839
<rdar://problem/36057849>

Reviewed by Joseph Pecoraro

Source/WebInspectorUI:

  • UserInterface/Base/Utilities.js:

Add Object.throttle and Function.cancelThrottle. Repeated calls to a
function on a throttled object are delayed, so that the function isn't
invoked more frequently than the specified delay value.

For a description of throttling behavior see:

  • UserInterface/Views/RecordingContentView.js:

(WI.RecordingContentView.prototype.updateActionIndex):
Throttle frequency of canvas snapshot creation to 200ms.
(WI.RecordingContentView.prototype.hidden):
Prevent trailing edge call after hiding the view.

LayoutTests:

  • inspector/unit-tests/throttle-expected.txt: Added.
  • inspector/unit-tests/throttle.html: Added.

Added function throttling tests.

7:30 PM Changeset in webkit [226754] by don.olmstead@sony.com
  • 6 edits in trunk/Source/WebCore

[Curl] Cross-protocol, cross-site scripting (XPXSS) using HTML forms
Nhttps://bugs.webkit.org/show_bug.cgi?id=153088

Patch by Basuke Suzuki <Basuke Suzuki> on 2018-01-10
Reviewed by Alex Christensen.

No new tests because it's covered by existing tests.

  • platform/network/curl/CurlContext.cpp:

(WebCore::CurlHandle::getHttpVersion):

  • platform/network/curl/CurlContext.h:
  • platform/network/curl/CurlRequest.cpp:

(WebCore::CurlRequest::didReceiveHeader):

  • platform/network/curl/CurlResponse.h:

(WebCore::CurlResponse::isolatedCopy const):

  • platform/network/curl/ResourceResponseCurl.cpp:

(WebCore::ResourceResponse::ResourceResponse):
(WebCore::ResourceResponse::setStatusLine):

7:05 PM Changeset in webkit [226753] by wenson_hsieh@apple.com
  • 14 edits
    2 adds in trunk

REGRESSION(r222507): Composition highlight doesn't render when using IME
https://bugs.webkit.org/show_bug.cgi?id=181485
<rdar://problem/35896516>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Fixes the order of arguments passed to paintTextSubrangeBackground from paintCompositionBackground.

Test: editing/marked-text-appearance.html

  • rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::paintCompositionBackground):

Source/WebKit:

Add plumbing for a suppressUnderline argument when setting marked text.

  • WebProcess/InjectedBundle/API/c/WKBundlePage.cpp:

(WKBundlePageSetComposition):

  • WebProcess/InjectedBundle/API/c/WKBundlePagePrivate.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::setCompositionForTesting):

  • WebProcess/WebPage/WebPage.h:

Tools:

Add a suppressUnderline argument to TextInputController.setMarkedText. This suppresses the custom underlines
rendered when testing IME on iOS in WebKit2. In this new test, suppressing underline rendering is needed to
allow rendering composition backgrounds (see InlineTextBox::paint).

  • DumpRenderTree/ios/TextInputControllerIOS.m:

(+[TextInputController isSelectorExcludedFromWebScript:]):
(+[TextInputController webScriptNameForSelector:]):
(-[TextInputController setMarkedText:selectedFrom:length:suppressUnderline:]):
(-[TextInputController setMarkedText:selectedFrom:length:]): Deleted.

  • DumpRenderTree/mac/TextInputControllerMac.m:

(+[TextInputController isSelectorExcludedFromWebScript:]):
(+[TextInputController webScriptNameForSelector:]):
(-[TextInputController setMarkedText:selectedFrom:length:suppressUnderline:]):
(-[TextInputController setMarkedText:selectedFrom:length:]): Deleted.

  • WebKitTestRunner/InjectedBundle/Bindings/TextInputController.idl:
  • WebKitTestRunner/InjectedBundle/TextInputController.cpp:

(WTR::TextInputController::setMarkedText):

  • WebKitTestRunner/InjectedBundle/TextInputController.h:

LayoutTests:

Add a new layout test to ensure that in the absence of custom composition underlines, a marked composition
string appears different once it is confirmed.

  • editing/marked-text-appearance-expected-mismatch.html: Added.
  • editing/marked-text-appearance.html: Added.
7:03 PM Changeset in webkit [226752] by jfbastien@apple.com
  • 16 edits in trunk

Poison small JSObject derivatives which only contain pointers
https://bugs.webkit.org/show_bug.cgi?id=181483
<rdar://problem/36407127>

Reviewed by Mark Lam.

Source/JavaScriptCore:

I wrote a script that finds interesting things to poison or
generally harden. These stood out because they derive from
JSObject and only contain a few pointer or pointer-like fields,
and could therefore just be poisoned. This also requires some
template "improvements" to our poisoning machinery. Worth noting
is that I'm making PoisonedUniquePtr move-assignable and
move-constructible from unique_ptr, which makes it a better
drop-in replacement because we don't need to use
makePoisonedUniquePtr. This means function-locals can be
unique_ptr and get the nice RAII pattern, and once the function is
done you can just move to the class' PoisonedUniquePtr without
worrying.

  • API/JSAPIWrapperObject.h:

(JSC::JSAPIWrapperObject::wrappedObject):

  • API/JSAPIWrapperObject.mm:

(JSC::JSAPIWrapperObject::JSAPIWrapperObject):

  • API/JSCallbackObject.h:
  • runtime/ArrayPrototype.h:
  • runtime/DateInstance.h:
  • runtime/JSArrayBuffer.cpp:

(JSC::JSArrayBuffer::finishCreation):
(JSC::JSArrayBuffer::isShared const):
(JSC::JSArrayBuffer::sharingMode const):

  • runtime/JSArrayBuffer.h:
  • runtime/JSCPoison.h:

Source/WTF:

The associated JSC poisoning change requires some template
"improvements" to our poisoning machinery. Worth noting is that
I'm making PoisonedUniquePtr move-assignable and
move-constructible from unique_ptr, which makes it a better
drop-in replacement because we don't need to use
makePoisonedUniquePtr. This means function-locals can be
unique_ptr and get the nice RAII pattern, and once the function is
done you can just move to the class' PoisonedUniquePtr without
worrying.

  • wtf/Poisoned.h:

(WTF::PoisonedImpl::PoisonedImpl):

  • wtf/PoisonedUniquePtr.h:

(WTF::PoisonedUniquePtr::PoisonedUniquePtr):
(WTF::PoisonedUniquePtr::operator=):

Tools:

Test the new move-assign and move-copy from unique_ptr, as well as
nullptr_t ctors.

  • TestWebKitAPI/Tests/WTF/Poisoned.cpp:

(TestWebKitAPI::TEST):

  • TestWebKitAPI/Tests/WTF/PoisonedUniquePtr.cpp:

(TestWebKitAPI::TEST):

  • TestWebKitAPI/Tests/WTF/PoisonedUniquePtrForTriviallyDestructibleArrays.cpp:

(TestWebKitAPI::TEST):

6:30 PM Changeset in webkit [226751] by Chris Dumez
  • 4 edits in trunk

Multiple http/wpt/beacon/contentextensions/ test are flaky.
https://bugs.webkit.org/show_bug.cgi?id=179256
<rdar://problem/35401978>

Reviewed by Alex Christensen.

Tools:

Update WebKitTestRunner to set a temporary path for content extensions so that its WKTR
instance gets its own folder to avoid conflicts and flakiness.

  • WebKitTestRunner/mac/TestControllerMac.mm:

(WTR::TestController::platformConfigureViewForTest):

LayoutTests:

Stop marking content extensions tests as flaky.

  • platform/mac-wk2/TestExpectations:
6:18 PM Changeset in webkit [226750] by timothy_horton@apple.com
  • 16 edits
    2 adds in trunk

REGRESSION (r213590): Swipe from edge to go to previous page is significantly slower than tapping back button on Twitter
https://bugs.webkit.org/show_bug.cgi?id=181269
<rdar://problem/35110344>

Reviewed by Simon Fraser.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _processDidExit]):
(-[WKWebView _didCommitLayerTree:]):
When swiping to a page that set history.scrollRestoration = "manual",
we will never restore the scroll position. We will still restore
"state", but won't have a location. Currently, the code assumes that
it should wait to remove the swipe snapshot until the scroll position
is restored. Instead, wait until the "state" is restored, whether
or not that includes a scroll position/center point restoration.

Do this by making _firstTransactionIDAfterPageRestore an optional,
and reset it after it fires, so that we only run the restoration code
in _didCommitLayerTree for the first commit after state restoration,
not all subsequent commits. Then, tell ViewGestureController that
the scroll position has been restored even if the page opted out.

The reason that this is specific to pushState is that normal,
non-same-document loads bail from waiting for the scroll position
restoration in VGC::didReachMainFrameLoadTerminalState() (see the long
comment there for an explanation).

(-[WKWebView _beginBackSwipeForTesting]):
(-[WKWebView _completeBackSwipeForTesting]):

  • Platform/spi/ios/UIKitSPI.h:
  • UIProcess/API/Cocoa/WKWebViewPrivate.h:
  • UIProcess/Cocoa/ViewGestureController.h:
  • UIProcess/ios/ViewGestureControllerIOS.mm:

(-[WKSwipeTransitionController transitionForDirection:]):
(WebKit::ViewGestureController::beginSimulatedSwipeInDirectionForTesting):
(WebKit::ViewGestureController::completeSimulatedSwipeInDirectionForTesting):

  • UIProcess/mac/ViewGestureControllerMac.mm:

(WebKit::ViewGestureController::beginSimulatedSwipeInDirectionForTesting):
(WebKit::ViewGestureController::completeSimulatedSwipeInDirectionForTesting):
Add a mechanism to forcefully test swipe back. Instead of simulating
events like on Mac, we just talk to the UIKit internals and force
the interaction to start, pause, and then complete when we want.

  • swipe/pushstate-with-manual-scrollrestoration-expected.txt: Added.
  • swipe/pushstate-with-manual-scrollrestoration.html: Added.

Add a test (which previously would complain about taking too long)
that using manual scroll position restoration and pushState together
doesn't cause swipes to hang until the watchdog fires.

  • DumpRenderTree/ios/UIScriptControllerIOS.mm:

(WTR::UIScriptController::beginBackSwipe):
(WTR::UIScriptController::completeBackSwipe):

  • TestRunnerShared/UIScriptContext/UIScriptController.cpp:

(WTR::UIScriptController::beginBackSwipe):
(WTR::UIScriptController::completeBackSwipe):
(WTR::UIScriptController::overridePreference):
(WTR::UIScriptController::replaceTextAtRange):

  • WebKitTestRunner/ios/PlatformWebViewIOS.mm:

(WTR::PlatformWebView::setNavigationGesturesEnabled):

  • WebKitTestRunner/ios/UIScriptControllerIOS.mm:

(WTR::UIScriptController::beginBackSwipe):
(WTR::UIScriptController::completeBackSwipe):
Implement beginBackSwipe and completeBackSwipe on iOS (they already
exist on Mac) in terms of the new WKWebView testing SPI.

5:45 PM Changeset in webkit [226749] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip http/tests/workers/service/cors-image-fetch.html.
https://bugs.webkit.org/show_bug.cgi?id=181222

Unreviewed test gardening.

5:39 PM Changeset in webkit [226748] by jmarcell@apple.com
  • 7 edits in branches/safari-604.5.6.0-branch/Source

Versioning.

5:38 PM Changeset in webkit [226747] by Konstantin Tokarev
  • 2 edits in trunk/Source/WTF

Add nullptr_t specialization of poison
https://bugs.webkit.org/show_bug.cgi?id=181469

Patch by Don Olmstead <don.olmstead@sony.com> on 2018-01-10
Reviewed by JF Bastien.

  • wtf/Poisoned.h:

(WTF::PoisonedImpl::poison):

5:35 PM Changeset in webkit [226746] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.5.6.0.1

Tag Safari-604.5.6.0.1.

4:45 PM Changeset in webkit [226745] by commit-queue@webkit.org
  • 9 edits in trunk

Use no-cache fetch mode when loading main documents with location.reload()
https://bugs.webkit.org/show_bug.cgi?id=181285
LayoutTests/imported/w3c:

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-10
Reviewed by Alex Christensen.

  • web-platform-tests/service-workers/service-worker/fetch-event.https-expected.txt:

Source/WebCore:

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-10
Reviewed by Alex Christensen.

Covered by rebased tests.

Start to translate cache policy used for navigation as FetchOptions::Cache.
This allows ensuring service workers receive the right cache mode when intercepting navigation loads.
To not change current navigation behavior, ReturnCacheDataElseLoad and ReturnCacheDataDontLoad still trigger default fetch cache mode.

For Reload and ReloadExpiredOnly frame load types, using no-cache mode is more efficient than reload mode,
as a conditional request will be sent if possible. This applies to location.reload which is consistent with other browsers.
Keep reload mode for ReloadFromOrigin.

  • loader/DocumentLoader.cpp:

(WebCore::toFetchOptionsCache):
(WebCore::DocumentLoader::loadMainResource):

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadFrameRequest):
(WebCore::FrameLoader::loadURL):
(WebCore::FrameLoader::load):
(WebCore::FrameLoader::reload):
(WebCore::FrameLoader::defaultRequestCachingPolicy):
(WebCore::FrameLoader::loadDifferentDocumentItem):

  • loader/NavigationScheduler.cpp:

LayoutTests:

<rdar://problem/36356831>

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-10
Reviewed by Alex Christensen.

  • http/tests/inspector/network/har/har-page-expected.txt:
  • http/tests/inspector/network/har/har-page.html:
4:14 PM Changeset in webkit [226744] by jmarcell@apple.com
  • 2 edits in branches/safari-604.5.6.0-branch/Source/JavaScriptCore

Cherry-pick r226672. rdar://problem/36397324

4:14 PM Changeset in webkit [226743] by jmarcell@apple.com
  • 7 edits in branches/safari-604.5.6.0-branch/Source

Versioning.

4:06 PM Changeset in webkit [226742] by Brent Fulgham
  • 2 edits in trunk/Source/WebKit

Use protectedThis for the 'updatePrevalentDomainsToPartitionOrBlockCookies' lambda
https://bugs.webkit.org/show_bug.cgi?id=181452
<rdar://problem/36416912>

Reviewed by Chris Dumez.

We forgot to use a 'protectedThis' back in r225006 for one of the lambdas used by
the WebsiteDataStore for processing.

  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::enableResourceLoadStatisticsAndSetTestingCallback):

3:41 PM Changeset in webkit [226741] by jmarcell@apple.com
  • 7 edits in branches/safari-605-branch/Source

Versioning.

3:29 PM Changeset in webkit [226740] by pvollan@apple.com
  • 2 edits in trunk/LayoutTests

Mark accessibility/table-header-calculation-for-header-rows.html as failure on Windows.
https://bugs.webkit.org/show_bug.cgi?id=181501

Unreviewed test gardening.

  • platform/win/TestExpectations:
3:19 PM Changeset in webkit [226739] by jmarcell@apple.com
  • 7 edits in trunk/Source

Versioning.

3:04 PM Changeset in webkit [226738] by jmarcell@apple.com
  • 1 copy in tags/Safari-605.1.21

Tag Safari-605.1.21.

2:51 PM Changeset in webkit [226737] by Matt Lewis
  • 4 edits in trunk/LayoutTests

Adjusted expectations for webrtc/video-unmute.html.
https://bugs.webkit.org/show_bug.cgi?id=172879

Unreviewed test gardening.

  • platform/ios-simulator-wk2/TestExpectations:
  • platform/ios-wk2/TestExpectations:
  • platform/mac-wk2/TestExpectations:
2:46 PM Changeset in webkit [226736] by Jonathan Bedard
  • 3 edits in trunk/Tools

REGRESSION (r226715): ignore WARNING output in linter tests
https://bugs.webkit.org/show_bug.cgi?id=181486
<rdar://problem/36408847>

Reviewed by Aakash Jain.

Linter unit tests should not be interested in logs at the the INFO or WARNING levels.

  • Scripts/webkitpy/common/system/outputcapture.py:

(OutputCapture.init): Pass logging level to be captured.

  • Scripts/webkitpy/style/main_unittest.py:

(ExpectationLinterInStyleCheckerTest.test_no_linter_errors): Capture logging at the ERROR level.
(ExpectationLinterInStyleCheckerTest.test_linter_duplicate_line): Ditto.
(ExpectationLinterInStyleCheckerTest.test_linter_duplicate_line_no_edit): Ditto.
(ExpectationLinterInStyleCheckerTest.test_linter_duplicate_line_edit_in_file): Ditto.
(ExpectationLinterInStyleCheckerTest.test_linter_duplicate_line_only_deletes): Ditto.
(ExpectationLinterInStyleCheckerTest.test_linter_added_file_with_error): Ditto.
(ExpectationLinterInStyleCheckerTest.test_linter_deleted_file): Ditto.
(ExpectationLinterInStyleCheckerTest.test_linter_deleted_file_no_edit): Ditto.

2:43 PM Changeset in webkit [226735] by commit-queue@webkit.org
  • 2 edits in trunk/LayoutTests

Skip http/wpt/service-workers/fetchEvent.https.html in Debug
https://bugs.webkit.org/show_bug.cgi?id=181481

Unreviewed.

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-10

2:21 PM Changeset in webkit [226734] by jmarcell@apple.com
  • 1 copy in branches/safari-604.5.6.0-branch

New Branch.

2:08 PM Changeset in webkit [226733] by mitz@apple.com
  • 9 copies
    1 add in releases/Apple/Safari Technology Preview 47

Added a tag for Safari Technology Preview release 47.

2:04 PM Changeset in webkit [226732] by jmarcell@apple.com
  • 1 copy in tags/Safari-606.1.1

Tag Safari-606.1.1.

1:57 PM Changeset in webkit [226731] by Matt Lewis
  • 2 edits in trunk/LayoutTests

Marked http/tests/workers/service/service-worker-importScript.html as flaky on macOS WK2.
https://bugs.webkit.org/show_bug.cgi?id=181097

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
1:53 PM Changeset in webkit [226730] by Matt Lewis
  • 3 edits in trunk/LayoutTests

Marked imported/w3c/web-platform-tests/service-workers/service-worker/fetch-waits-for-activate.https.html as flaky on macOS and iOS WK2.
https://bugs.webkit.org/show_bug.cgi?id=181392

Unreviewed test gardening.

  • platform/ios-wk2/TestExpectations:
  • platform/mac-wk2/TestExpectations:
1:00 PM Changeset in webkit [226729] by clopez@igalia.com
  • 3 edits in trunk/Tools

Add a JSCOnly MIPS buildbot
https://bugs.webkit.org/show_bug.cgi?id=181487

Reviewed by Michael Catanzaro.

Add the new bot configs definitions for the master and update the unit tests.

  • BuildSlaveSupport/build.webkit.org-config/config.json:
  • BuildSlaveSupport/build.webkit.org-config/steps_unittest.py:
12:19 PM Changeset in webkit [226728] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Should not try to autocomplete subsections of a string
https://bugs.webkit.org/show_bug.cgi?id=181461
<rdar://problem/36369421>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2018-01-10
Reviewed by Brian Burg.

  • UserInterface/Controllers/CodeMirrorCompletionController.js:

(WI.CodeMirrorCompletionController.prototype._completeAtCurrentPosition):
Disable autocompletion within strings.

12:07 PM Changeset in webkit [226727] by pvollan@apple.com
  • 2 edits in trunk/LayoutTests

[Win] Rebaseline test after r225366.

Unreviewed test gardening.

  • platform/win/svg/W3C-SVG-1.1/filters-comptran-01-b-expected.txt:
11:58 AM Changeset in webkit [226726] by Jonathan Bedard
  • 2 edits in trunk/Tools

REGRESSION (r226715): don't re-check number of simulators in child processes
https://bugs.webkit.org/show_bug.cgi?id=181484
<rdar://problem/36407151>

Reviewed by Aakash Jain.

  • Scripts/webkitpy/port/ios_simulator.py:

(IOSSimulatorPort.init): Skip the number of simulators check if simulators
are already initialized.

11:41 AM Changeset in webkit [226725] by commit-queue@webkit.org
  • 67 edits
    2 deletes in trunk

Unreviewed, rolling out r226667 and r226673.
https://bugs.webkit.org/show_bug.cgi?id=181488

This caused a flaky crash. (Requested by mlewis13 on #webkit).

Reverted changesets:

"CodeBlocks should be in IsoSubspaces"
https://bugs.webkit.org/show_bug.cgi?id=180884
https://trac.webkit.org/changeset/226667

"REGRESSION (r226667): CodeBlocks should be in IsoSubspaces"
https://bugs.webkit.org/show_bug.cgi?id=180884
https://trac.webkit.org/changeset/226673

11:27 AM Changeset in webkit [226724] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.5.6

Tag Safari-604.5.6.

11:03 AM Changeset in webkit [226723] by Jonathan Bedard
  • 2 edits in trunk/Tools

Follow-up fix to r226715
https://bugs.webkit.org/show_bug.cgi?id=180555
<rdar://problem/36131381>

Unreviewed infrastructure fix.

  • Scripts/webkitpy/xcode/new_simulated_device.py:

(SimulatedDeviceManager._create_or_find_device_for_request): Use _delete instead
of delete.

10:20 AM Changeset in webkit [226722] by Chris Dumez
  • 5 edits in trunk/LayoutTests

REGRESSION (r224301?): LayoutTest http/tests/workers/service/registration-task-queue-scheduling-1.html is a flaky failure
https://bugs.webkit.org/show_bug.cgi?id=179342
<rdar://problem/35478161>

Reviewed by Youenn Fablet.

Unmark the test as flaky.

  • http/tests/workers/service/registration-task-queue-scheduling-1-expected.txt:
  • http/tests/workers/service/resources/registration-task-queue-scheduling-1-second-window.html:
  • http/tests/workers/service/resources/registration-task-queue-scheduling-1.js:

Update test to register a scriptURL that actually fails. When registration succeeds, the test
logs lines indicating that registration succeeded unexpectedly. Also, when registration
succeeds, the registration of the top frame are no longer guaranteed to be resolved before
the ones of the subframe (because it involves things like network loads).

10:19 AM Changeset in webkit [226721] by Antti Koivisto
  • 2 edits in trunk/Source/WebCore

REGRESSION(r225650): The scores of MotionMark tests Multiply and Leaves dropped by 8%
https://bugs.webkit.org/show_bug.cgi?id=181460
<rdar://problem/36379776>

Reviewed by Ryosuke Niwa.

  • css/parser/CSSParser.cpp:

(WebCore::CSSParserContext::CSSParserContext):

Don't do the expensive security origin test if the sheet base URL and document URL are identical.
This is true for inline style and inline stylesheets.

9:51 AM Changeset in webkit [226720] by Chris Dumez
  • 2 edits in trunk/LayoutTests

Unreviewed, skip http/tests/workers/service/other_resources folder.

It is a resources folder and does not contain tests.

9:29 AM Changeset in webkit [226719] by pvollan@apple.com
  • 5 edits in trunk/LayoutTests

[Win] Rebaseline tests after r225366.

Unreviewed test gardening.

  • platform/win/svg/custom/feComponentTransfer-Discrete-expected.txt:
  • platform/win/svg/custom/feComponentTransfer-Gamma-expected.txt:
  • platform/win/svg/custom/feComponentTransfer-Linear-expected.txt:
  • platform/win/svg/custom/feComponentTransfer-Table-expected.txt:
9:01 AM Changeset in webkit [226718] by Antti Koivisto
  • 2 edits in trunk/Source/WebCore

Try to fix windows build.

  • css/RuleFeature.cpp:

(WebCore::RuleFeatureSet::computeNextMatchElement):

8:38 AM Changeset in webkit [226717] by Philippe Normand
  • 2 edits in trunk/LayoutTests

Unreviewed GTK gardening

  • platform/gtk/TestExpectations: Unflag now-passing test and skip

mediastream tests, useless without any webrtc backend.

8:16 AM Changeset in webkit [226716] by zandobersek@gmail.com
  • 2 edits in trunk/Source/WebDriver

WebDriver: deserializeTimeouts() shouldn't reject double timeout values
https://bugs.webkit.org/show_bug.cgi?id=181473

Reviewed by Carlos Garcia Campos.

With these changes, the following tests are fixed:

imported/selenium/py/test/selenium/webdriver/common/executing_async_javascript_tests.py::testShouldTimeoutIfScriptDoesNotInvokeCallbackWithLongTimeout
imported/selenium/py/test/selenium/webdriver/common/executing_async_javascript_tests.py::testShouldDetectPageLoadsWhileWaitingOnAnAsyncScriptAndReturnAnError
imported/selenium/py/test/selenium/webdriver/common/executing_async_javascript_tests.py::testShouldBeAbleToExecuteAsynchronousScripts
imported/selenium/py/test/selenium/webdriver/common/implicit_waits_tests.py::testShouldImplicitlyWaitForASingleElement
imported/selenium/py/test/selenium/webdriver/common/implicit_waits_tests.py::testShouldStillFailToFindAnElementWhenImplicitWaitsAreEnabled
imported/selenium/py/test/selenium/webdriver/common/implicit_waits_tests.py::testShouldReturnAfterFirstAttemptToFindOneAfterDisablingImplicitWaits
imported/selenium/py/test/selenium/webdriver/common/implicit_waits_tests.py::testShouldImplicitlyWaitUntilAtLeastOneElementIsFoundWhenSearchingForMany
imported/selenium/py/test/selenium/webdriver/common/implicit_waits_tests.py::testShouldStillFailToFindAnElemenstWhenImplicitWaitsAreEnabled
imported/selenium/py/test/selenium/webdriver/common/implicit_waits_tests.py::testShouldReturnAfterFirstAttemptToFindManyAfterDisablingImplicitWaits
imported/selenium/py/test/selenium/webdriver/common/page_load_timeout_tests.py::testShouldTimeoutOnPageLoadTakingTooLong
imported/selenium/py/test/selenium/webdriver/common/page_load_timeout_tests.py::testShouldTimeoutOnPageLoadTakingTooLong
imported/selenium/py/test/selenium/webdriver/common/webdriverwait_tests.py::testShouldWaitOnlyAsLongAsTimeoutSpecifiedWhenImplicitWaitsAreSet

The following two tests regress, and will be looked into separately:

imported/w3c/webdriver/tests/sessions/new_session/merge.py::test_merge_invalid
imported/w3c/webdriver/tests/sessions/new_session/merge.py::test_merge_invalid

  • WebDriverService.cpp:

(WebDriver::integerValue): Helper function that retrieves an integer value
from a given JSON::Value object, if possible.
(WebDriver::deserializeTimeouts): Timeout JSON value has to be converted to
an integer, which is allowed if the value is of either Integer or Double type.
Helper integerValue() function retrieves the integer value, in addition to
ensuring that possible double value that we convert to an integer is already
in integer form to begin with.

8:05 AM Changeset in webkit [226715] by Jonathan Bedard
  • 8 edits in trunk/Tools

webkitpy: Refactor simulator code (Part 2)
https://bugs.webkit.org/show_bug.cgi?id=180555
<rdar://problem/36131381>

Reviewed by Aakash Jain.

The patch leverages the SimulatedDeviceManager when running layout tests.
This patch is primarily code removal, since much of the IOSSimulatorPort
was dedicated to managing simulators. The removed code is either now owned by the
SimulatedDeviceManager (and committed in Part 1) or supported a technique to
boot multiple simulators which was made obsolete in Xcode 9.

  • Scripts/webkitpy/layout_tests/controllers/manager.py:

(Manager._custom_device_for_test.in): Device names now have spaces in them,
strip those spaces.

  • Scripts/webkitpy/layout_tests/run_webkit_tests.py:

(parse_args): Remove '--runtime' flag, this is achieved with the --version flag.

  • Scripts/webkitpy/port/ios.py:

(IOSPort.init): The _current_device idiom is no longer required since the
SimulatedDeviceManager keeps track of any previously booted devices.
(IOSPort.target_host): Even when only a single device is used, it will be accessed
through the array of managed devices.
(IOSPort.using_multiple_devices): Deleted.

  • Scripts/webkitpy/port/ios_device.py:

(IOSDevicePort.using_multiple_devices): Deleted.

  • Scripts/webkitpy/port/ios_simulator.py:

(IOSSimulatorPort): Remove constants required to manage simulators, change device
class strings so they can be parsed by the DeviceType class.
(IOSSimulatorPort.init): Determine the number of processes to use by checking
the number of simulators currently booted, the number of child processes specified
and the maximum number of simulators supported by this system.
(IOSSimulatorPort._device_for_worker_number_map):Return the array of initialized
devices owned by the SimulatedDeviceManager.
(IOSSimulatorPort.ios_version): Remove support for the --runtime option.
(IOSSimulatorPort.default_child_processes): Use the SimulatedDeviceManager to check
the maximum number of supported simulators on this system.
(IOSSimulatorPort._create_devices): Construct a list of device requests with a
request for each child process and send this list to the SimulatedDeviceManager to
initialize the devices.
(IOSSimulatorPort.clean_up_test_run):
(IOSSimulatorPort.check_sys_deps): Check that there are simulators running the
specified version of iOS.
(IOSSimulatorPort.reset_preferences):
(IOSSimulatorPort.simulator_runtime): Deleted.
(IOSSimulatorPort.simulator_device_type): Deleted.
(IOSSimulatorPort._teardown_managed_simulators): Deleted.
(IOSSimulatorPort.use_multiple_simulator_apps): Deleted.
(IOSSimulatorPort._create_simulators): Deleted.
(IOSSimulatorPort._quit_ios_simulator): Deleted.
(IOSSimulatorPort._using_dedicated_simulators): Deleted.
(IOSSimulatorPort.using_multiple_devices): Deleted.
(IOSSimulatorPort._create_device): Deleted.
(IOSSimulatorPort.get_simulator_path): Deleted.
(IOSSimulatorPort._createSimulatorApps): Deleted.
(IOSSimulatorPort._createSimulatorApp): Deleted.

  • Scripts/webkitpy/tool/commands/rebaseline_unittest.py:

(TestRebaseline.test_rebaseline): Filter out commands run when determining the
maximum number of simulators run on this system.
(TestRebaselineExpectations.test_rebaseline_expectations): Ditto.

  • Scripts/webkitpy/xcode/new_simulated_device.py:

(SimulatedDeviceManager._does_fulfill_request): Fixed log statement.

7:54 AM Changeset in webkit [226714] by Alan Bujtas
  • 9 edits in trunk/Source/WebCore

[RenderTreeBuilder] Move RenderRuby's moveChildren logic to RenderTreeBuilder
https://bugs.webkit.org/show_bug.cgi?id=181470
<rdar://problem/36397683>

Reviewed by Antti Koivisto.

This is about moving code, no cleanup and/or normalization (unfortunately it also means
some temporary changes).

No change in functionality.

  • rendering/RenderBlockFlow.h:
  • rendering/RenderRubyBase.cpp:

(WebCore::RenderRubyBase::moveChildren): Deleted.
(WebCore::RenderRubyBase::mergeChildrenWithBase): Deleted.
(WebCore::RenderRubyBase::moveInlineChildren): Deleted.
(WebCore::RenderRubyBase::moveBlockChildren): Deleted.

  • rendering/RenderRubyBase.h:
  • rendering/RenderRubyRun.cpp:

(WebCore::RenderRubyRun::takeChild):

  • rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::moveRubyChildren):

  • rendering/updating/RenderTreeBuilder.h:
  • rendering/updating/RenderTreeBuilderRuby.cpp:

(WebCore::RenderTreeBuilder::Ruby::moveInlineChildren):
(WebCore::RenderTreeBuilder::Ruby::moveBlockChildren):
(WebCore::RenderTreeBuilder::Ruby::moveChildren):
(WebCore::RenderTreeBuilder::Ruby::moveChildrenInternal):
(WebCore::RenderTreeBuilder::Ruby::insertChild):

  • rendering/updating/RenderTreeBuilderRuby.h:
7:29 AM Changeset in webkit [226713] by Philippe Normand
  • 2 edits in trunk/Source/WebCore

[GStreamer] fix critical GObject warning

Rubber-stamped by Carlos Garcia Campos.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::handleMessage): No need to
resort to complicated things to get the element name...

7:26 AM Changeset in webkit [226712] by Philippe Normand
  • 4 edits in trunk

[GStreamer] REGRESSION(r226629): broke media/video-interruption-with-resume-allowing-play.html
https://bugs.webkit.org/show_bug.cgi?id=181471
<rdar://problem/36402323>

Reviewed by Carlos Garcia Campos.

Source/WebCore:

This patch mainly reduces the amount of playback state changes
emitted by the GStreamer player to its client. Emitting those
notifications too often has bad side effects.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::paused const): Add debug messages.
(WebCore::MediaPlayerPrivateGStreamer::handleMessage): This debug message appears too much. Demote.
(WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded const): Ditto.
(WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress const): Ditto.
(WebCore::MediaPlayerPrivateGStreamer::updateStates): Try to emit
playback state change notification only when going to PLAYING.
(WebCore::MediaPlayerPrivateGStreamer::loadingFailed): Add warning message.

LayoutTests:

  • platform/gtk/TestExpectations: These 2 tests shall pass now.
6:44 AM Changeset in webkit [226711] by Carlos Garcia Campos
  • 2 edits in trunk/Tools

WebDriver: run-webdriver-tests doesn't handle test names with a '/' correctly
https://bugs.webkit.org/show_bug.cgi?id=181474

Reviewed by Carlos Alberto Lopez Perez.

We use os.path.basename() to get the subtest name. If the test name contains a slash we get part of the subtest
name as the name.

  • Scripts/webkitpy/webdriver_tests/webdriver_test_runner_w3c.py:

(WebDriverTestRunnerW3C._subtest_name): Helper function to get the subtest name.
(WebDriverTestRunnerW3C.run): Use _subtest_name() instead of os.path.basename().

4:29 AM Changeset in webkit [226710] by Ms2ger@igalia.com
  • 2 edits in trunk/LayoutTests

[GTK] Enable css2.1/20110323/c541-word-sp-000.htm.
https://bugs.webkit.org/show_bug.cgi?id=94009

Unreviewed test gardening.

It was fixed in r226404.

  • platform/gtk/TestExpectations:
4:13 AM Changeset in webkit [226709] by Philippe Normand
  • 2 edits in trunk/LayoutTests

Unreviewed, updating expectations for media test timing out on GTK

  • platform/gtk/TestExpectations:
3:25 AM Changeset in webkit [226708] by Carlos Garcia Campos
  • 25 edits
    6 copies
    6 adds
    2 deletes in trunk/WebDriverTests

Unreviewed. Update W3C WebDriver imported tests.

  • imported/w3c/importer.json:
  • imported/w3c/tools/wptrunner/wptrunner/browsers/firefox.py:
  • imported/w3c/tools/wptrunner/wptrunner/browsers/servo.py:
  • imported/w3c/tools/wptrunner/wptrunner/environment.py:
  • imported/w3c/tools/wptrunner/wptrunner/executors/base.py:
  • imported/w3c/tools/wptrunner/wptrunner/executors/executormarionette.py:
  • imported/w3c/tools/wptrunner/wptrunner/executors/executorservo.py:
  • imported/w3c/tools/wptrunner/wptrunner/executors/pytestrunner/runner.py:
  • imported/w3c/tools/wptrunner/wptrunner/testrunner.py:
  • imported/w3c/tools/wptrunner/wptrunner/update/update.py:
  • imported/w3c/tools/wptrunner/wptrunner/webdriver_server.py:
  • imported/w3c/tools/wptrunner/wptrunner/wptlogging.py:
  • imported/w3c/tools/wptrunner/wptrunner/wptrunner.py:
  • imported/w3c/webdriver/OWNERS:
  • imported/w3c/webdriver/interface/interface.html: Removed.
  • imported/w3c/webdriver/tests/actions/modifier_click.py:
  • imported/w3c/webdriver/tests/actions/mouse.py:
  • imported/w3c/webdriver/tests/actions/mouse_dblclick.py: Added.
  • imported/w3c/webdriver/tests/actions/sequence.py:
  • imported/w3c/webdriver/tests/actions/support/mouse.py: Added.
  • imported/w3c/webdriver/tests/cookies/add_cookie.py:
  • imported/w3c/webdriver/tests/cookies/get_named_cookie.py:
  • imported/w3c/webdriver/tests/element_retrieval/init.py: Copied from WebDriverTests/imported/w3c/webdriver/tests/retrieval/init.py.
  • imported/w3c/webdriver/tests/element_retrieval/find_element.py: Renamed from WebDriverTests/imported/w3c/webdriver/tests/retrieval/find_element.py.
  • imported/w3c/webdriver/tests/element_retrieval/find_element_from_element.py: Renamed from WebDriverTests/imported/w3c/webdriver/tests/retrieval/find_element_from_element.py.
  • imported/w3c/webdriver/tests/element_retrieval/find_elements.py: Renamed from WebDriverTests/imported/w3c/webdriver/tests/retrieval/find_elements.py.
  • imported/w3c/webdriver/tests/element_retrieval/find_elements_from_element.py: Renamed from WebDriverTests/imported/w3c/webdriver/tests/retrieval/find_element_from_elements.py.
  • imported/w3c/webdriver/tests/element_send_keys/init.py: Renamed from WebDriverTests/imported/w3c/webdriver/tests/retrieval/init.py.
  • imported/w3c/webdriver/tests/element_send_keys/interactability.py: Added.
  • imported/w3c/webdriver/tests/element_send_keys/scroll_into_view.py: Added.
  • imported/w3c/webdriver/tests/execute_script/cyclic.py: Added.
  • imported/w3c/webdriver/tests/get_window_rect.py:
  • imported/w3c/webdriver/tests/interface.html:
  • imported/w3c/webdriver/tests/navigation/current_url.py:
  • imported/w3c/webdriver/tests/support/asserts.py:
  • imported/w3c/webdriver/tests/support/fixtures.py:
2:50 AM WebKitGTK/2.18.x edited by Carlos Garcia Campos
(diff)
2:44 AM Changeset in webkit [226707] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.18.5

WebKitGTK+ 2.18.5

2:43 AM Changeset in webkit [226706] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.18

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.18.5 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit:

  • gtk/NEWS: Add release notes for 2.18.5.
2:16 AM Changeset in webkit [226705] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Add Service Worker CSP persistency
https://bugs.webkit.org/show_bug.cgi?id=181434

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-10
Reviewed by Alex Christensen.

Covered by manual testing.
Future work on service worker test infrastructure should allow automating such tests.

Add support for service worker CSP data persistency.
Add a version parameter to increment each time the schema is changing.
This allows the same store to be used by multiple WebKits.

  • workers/service/server/RegistrationDatabase.cpp:

(WebCore::v1RecordsTableSchema):
(WebCore::RegistrationDatabase::openSQLiteDatabase):
(WebCore::RegistrationDatabase::doPushChanges):
(WebCore::RegistrationDatabase::importRecords):

2:15 AM Changeset in webkit [226704] by Philippe Normand
  • 2 edits in trunk/LayoutTests

Unreviewed, updating expectations for media test timing out on GTK

  • platform/gtk/TestExpectations:
1:01 AM Changeset in webkit [226703] by Antti Koivisto
  • 12 edits in trunk

Invalidate current element style on class change accurately
https://bugs.webkit.org/show_bug.cgi?id=181210

Reviewed by Zalan Bujtas.

Source/WebCore:

  • css/DocumentRuleSets.cpp:

(WebCore::DocumentRuleSets::collectFeatures const):
(WebCore::DocumentRuleSets::subjectClassRules const):

New rule set containing class rules affecting the subject element.

(WebCore::DocumentRuleSets::ancestorClassRules const):

  • css/DocumentRuleSets.h:
  • css/RuleFeature.cpp:

(WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):

Classify selector components into various buckets based on the elements they match relative to
the subject element. There are more categories than this patch strictly needs, for future use.

(WebCore::RuleFeatureSet::collectFeatures):
(WebCore::RuleFeatureSet::add):
(WebCore::RuleFeatureSet::clear):
(WebCore::RuleFeatureSet::shrinkToFit):

  • css/RuleFeature.h:
  • css/StyleResolver.h:

(WebCore::StyleResolver::hasSelectorForClass const): Deleted.

  • style/ClassChangeInvalidation.cpp:

(WebCore::Style::elementNeedsInvalidation):
(WebCore::Style::ClassChangeInvalidation::computeInvalidation):

Don't invalidate current element unconditionally on class change. Instead find the subject rulesets
that might affect it use them to perform invalidation.

(WebCore::Style::ClassChangeInvalidation::invalidateStyleWithRuleSets):
(WebCore::Style::ClassChangeInvalidation::invalidateStyle): Deleted.
(WebCore::Style::ClassChangeInvalidation::invalidateDescendantStyle): Deleted.

  • style/ClassChangeInvalidation.h:

(WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
(WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):

  • style/StyleSharingResolver.cpp:

(WebCore::Style::SharingResolver::classNamesAffectedByRules const):

LayoutTests:

  • fast/css/set-inline-style-recalc-expected.txt:
  • fast/css/set-inline-style-recalc.html:
12:56 AM Changeset in webkit [226702] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.18/Source/WebKit

Merge r226018 - [GTK][WPE] Enable WebProcess memory monitor
https://bugs.webkit.org/show_bug.cgi?id=180861

Reviewed by Michael Catanzaro.

For some reason this is only enabled in mac. We want to enable it also in GTK and WPE ports. This runs every 30
seconds to release memory or even kill the process if necessary. Carlos López has realized that in some
applications using video tags, the memory grows a lot and it's never released. It seems it's not memory leaked,
but simply large memory allocations (I guess it's gst allocating video frames) that make the heap grow. The
memory pressure calls malloc_trim that releases all that memory keeping the web process footprint stable.

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess):

12:35 AM Changeset in webkit [226701] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.18/Tools

Merge r224458 - [GTK] Fix gtk-doc generation with gtk-doc master
https://bugs.webkit.org/show_bug.cgi?id=179252

Reviewed by Carlos Garcia Campos.

gtkdoc-scangobj has changed to no longer use a shell when executing its subcommands. In
particular, this means we can no longer rely on shell stuff in our run command that we use
to run the scanner. We currently use the RUN envvar to set LD_LIBRARY_PATH, and the end
result is gtkdoc-scangobj now attempts to execute our environment variable instead of the
scanner itself. We can just set LD_LIBRARY_PATH directly, instead of using RUN, in order to
make documentation generation work again.

  • gtk/gtkdoc.py:

(GTKDoc._run_gtkdoc_scangobj):

12:34 AM Changeset in webkit [226700] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.18/Source/WebInspectorUI

Merge r221800 - Uncaught Exception: TypeError: this._heapSnapshot.addEventListener is not a function.
https://bugs.webkit.org/show_bug.cgi?id=176633

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2017-09-08
Reviewed by Michael Saboff.

  • UserInterface/Proxies/HeapSnapshotDiffProxy.js:

(WI.HeapSnapshotDiffProxy):
This class has listeners of another object's events. It should extend WI.Object.

12:33 AM Changeset in webkit [226699] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.18

Merge r226495 - Reduce the precision of "high" resolution time to 1ms
https://bugs.webkit.org/show_bug.cgi?id=180910
<rdar://problem/36085943>

Reviewed by Saam Barati.

Source/WebCore:

Reduced the high prevision time's resolution to 1ms, the same precision as Date.now().

Also fixed the bug in fillRTCStats that we weren't reducing the time resolution in RTCStats dictionaries.

  • Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:

(WebCore::fillRTCStats):

  • page/Performance.cpp:

(WebCore::Performance::reduceTimeResolution):

LayoutTests:

Add a flaky test expectation to imported/w3c/web-platform-tests/workers/worker-performance.worker.html
due to a test bug. The test fix is tracked in https://github.com/w3c/web-platform-tests/pull/8711

12:28 AM Changeset in webkit [226698] by Carlos Garcia Campos
  • 19 edits in releases/WebKitGTK/webkit-2.18

Merge r226386 - Disable SharedArrayBuffers from Web API
https://bugs.webkit.org/show_bug.cgi?id=181266

Reviewed by Saam Barati.

JSTests:

Disabled SharedArrayBuffer tests.

  • stress/SharedArrayBuffer-opt.js:
  • stress/SharedArrayBuffer.js:
  • stress/array-buffer-byte-length.js:
  • stress/atomics-add-uint32.js:
  • stress/atomics-known-int-use.js:
  • stress/atomics-neg-zero.js:
  • stress/atomics-store-return.js:
  • stress/lars-sab-workers.js:
  • stress/regress-159779-1.js:
  • stress/regress-159779-2.js:
  • stress/regress-170473.js:
  • test262.yaml:

Source/JavaScriptCore:

Removed SharedArrayBuffer prototype and structure from GlobalObject creation
to disable.

  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

  • runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::arrayBufferPrototype const):
(JSC::JSGlobalObject::arrayBufferStructure const):

Source/WTF:

Turn off SharedArrayBuffers using a compile time flag ENABLE_SHARED_ARRAY_BUFFER.

  • wtf/Platform.h:

LayoutTests:

Disabled SharedArrayBuffer tests.

12:20 AM WebKitGTK/Gardening/Calendar edited by Ms2ger@igalia.com
Fix off-by-one error (diff)

Jan 9, 2018:

10:15 PM Changeset in webkit [226697] by graouts@webkit.org
  • 8 edits in trunk

[Web Animations] Expose the id property on Animation
https://bugs.webkit.org/show_bug.cgi?id=181450
<rdar://problem/36383600>

Reviewed by Dean Jackson.

Source/WebCore:

Expose the "id" property on Animation and handle the "id" property on the optional KeyframeAnimationOptions object
passed to Element.animate(). All of the WPT tests related to this property are now passing.

  • animation/WebAnimation.h:
  • animation/WebAnimation.idl:
  • dom/Element.cpp:

(WebCore::Element::animate):

LayoutTests:

Mark all tests related to the "id" property as passing.

  • http/wpt/web-animations/interfaces/Animatable/animate-expected.txt:
  • http/wpt/web-animations/interfaces/Animation/id-expected.txt:
  • http/wpt/web-animations/interfaces/Animation/idlharness-expected.txt:
9:43 PM Changeset in webkit [226696] by jmarcell@apple.com
  • 2 edits in branches/safari-605-branch/Source/JavaScriptCore

Cherry-pick r226672. rdar://problem/36397330

9:02 PM Changeset in webkit [226695] by rniwa@webkit.org
  • 1 edit
    1 copy in trunk/Websites/browserbench.org

Merge the latest version of Speedometer 2.0 to browserbench.org against at r226694.

Rubber-stamped by Keith Miller.

  • Speedometer2.0: Replaced with PerformanceTests/Speedometer.
8:51 PM Changeset in webkit [226694] by rniwa@webkit.org
  • 3 edits in trunk/PerformanceTests

Speedometer 2.0: Update the About page.
https://bugs.webkit.org/show_bug.cgi?id=175918

Reviewed by Keith Miller.

Updated the about page for Speedometer 2.0.

  • Speedometer/index.html:
8:31 PM Changeset in webkit [226693] by jmarcell@apple.com
  • 2 edits in branches/safari-605-branch/Source/WebKit

Cherry-pick r226669. rdar://problem/36393011

8:31 PM Changeset in webkit [226692] by jmarcell@apple.com
  • 5 edits in branches/safari-605-branch

Cherry-pick r226638. rdar://problem/36392286

8:31 PM Changeset in webkit [226691] by jmarcell@apple.com
  • 24 edits in branches/safari-605-branch

Cherry-pick r226628. rdar://problem/36392341

8:31 PM Changeset in webkit [226690] by jmarcell@apple.com
  • 12 edits in branches/safari-605-branch/Source

Cherry-pick r226626. rdar://problem/36392359

8:31 PM Changeset in webkit [226689] by jmarcell@apple.com
  • 2 edits in branches/safari-605-branch/Source/WebCore

Cherry-pick r226623. rdar://problem/36392380

8:31 PM Changeset in webkit [226688] by jmarcell@apple.com
  • 5 edits
    2 adds in branches/safari-605-branch

Cherry-pick r226617. rdar://problem/36392336

8:31 PM Changeset in webkit [226687] by jmarcell@apple.com
  • 15 edits in branches/safari-605-branch

Cherry-pick r226615. rdar://problem/36392328

8:31 PM Changeset in webkit [226686] by jmarcell@apple.com
  • 6 edits in branches/safari-605-branch/Source/JavaScriptCore

Cherry-pick r226556. rdar://problem/36392331

8:31 PM Changeset in webkit [226685] by jmarcell@apple.com
  • 8 edits in branches/safari-605-branch/Source

Cherry-pick r226542. rdar://problem/36392364

8:31 PM Changeset in webkit [226684] by jmarcell@apple.com
  • 26 edits in branches/safari-605-branch/Source

Cherry-pick r226530. rdar://problem/36392325

8:31 PM Changeset in webkit [226683] by jmarcell@apple.com
  • 2 edits in branches/safari-605-branch/Source/WebKit

Cherry-pick r226528. rdar://problem/36392391

8:31 PM Changeset in webkit [226682] by jmarcell@apple.com
  • 14 edits
    2 adds in branches/safari-605-branch

Cherry-pick r226526. rdar://problem/36392384

8:31 PM Changeset in webkit [226681] by jmarcell@apple.com
  • 5 edits
    2 adds in branches/safari-605-branch

Cherry-pick r226521. rdar://problem/36392339

8:31 PM Changeset in webkit [226680] by jmarcell@apple.com
  • 2 edits in branches/safari-605-branch/Source/WebKit

Cherry-pick r226519. rdar://problem/36392376

8:31 PM Changeset in webkit [226679] by jmarcell@apple.com
  • 2 edits in branches/safari-605-branch/Source/WebInspectorUI

Cherry-pick r226517. rdar://problem/36392371

8:31 PM Changeset in webkit [226678] by jmarcell@apple.com
  • 7 edits in branches/safari-605-branch/Source

Versioning.

8:08 PM Changeset in webkit [226677] by Chris Dumez
  • 6 edits
    9 adds in trunk

Make service workers behave correctly with regards to Page Cache
https://bugs.webkit.org/show_bug.cgi?id=181446
<rdar://problem/36164291>

Reviewed by Youenn Fablet.

Source/WebCore:

Make service workers behave correctly with regards to Page Cache:

  1. If a document has an active service worker, do not let it go into PageCache
  2. When a document goes into page cache, unregister it from the list of service worker clients
  3. When a document is restored from page cache, add it nack to the list of service worker clients

Tests: http/tests/workers/service/client-added-to-clients-when-restored-from-page-cache.html

http/tests/workers/service/client-removed-from-clients-while-in-page-cache.html
http/tests/workers/service/no-page-cache-when-controlled.html
http/tests/workers/service/other_resources/test.html

  • dom/Document.cpp:

(WebCore::Document::suspend):
(WebCore::Document::resume):

  • history/PageCache.cpp:

(WebCore::canCacheFrame):

  • page/DiagnosticLoggingKeys.cpp:

(WebCore::DiagnosticLoggingKeys::serviceWorkerKey):

  • page/DiagnosticLoggingKeys.h:

LayoutTests:

Add layout test coverage.

  • http/tests/workers/service/client-added-to-clients-when-restored-from-page-cache-expected.txt: Added.
  • http/tests/workers/service/client-added-to-clients-when-restored-from-page-cache.html: Added.
  • http/tests/workers/service/client-removed-from-clients-while-in-page-cache-expected.txt: Added.
  • http/tests/workers/service/client-removed-from-clients-while-in-page-cache.html: Added.
  • http/tests/workers/service/no-page-cache-when-controlled-expected.txt: Added.
  • http/tests/workers/service/no-page-cache-when-controlled.html: Added.
  • http/tests/workers/service/other_resources/test.html: Added.
  • http/tests/workers/service/resources/getClientCount-worker.js: Added.

(event.then):

7:31 PM Changeset in webkit [226676] by Chris Dumez
  • 11 edits in trunk

We should not return undefined for most properties of a detached Window
https://bugs.webkit.org/show_bug.cgi?id=181416
<rdar://problem/36162489>

Reviewed by Ryosuke Niwa.

LayoutTests/imported/w3c:

Rebaseline several WPT tests now that more checks are passing.

  • web-platform-tests/custom-elements/custom-element-registry/per-global-expected.txt:
  • web-platform-tests/html/semantics/embedded-content/the-iframe-element/iframe-append-to-child-document-expected.txt:
  • web-platform-tests/service-workers/service-worker/detached-context.https-expected.txt:

Source/WebCore:

We should not return undefined for most properties on a detached Window. WebKit previously only exposed "closed"
and "close" properties on detached / frameless windows. However, this does not match the HTML specification [1]
or the behavior of Firefox and Chrome.

Note that Chrome does not seem to fully follow the HTML specification either, it seems to treat detached windows
the same way as cross-origin ones. As a result, it only exposed properties that are visible cross-origin when
a window is detached / frameless.

[1] https://html.spec.whatwg.org/#windowproxy-get

No new tests, updated existingt tests.

  • bindings/js/JSDOMWindowCustom.cpp:

(WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
(WebCore::JSDOMWindow::getOwnPropertySlot):
(WebCore::JSDOMWindow::getOwnPropertySlotByIndex):

LayoutTests:

Update existing tests to reflect behavior change.

  • fast/dom/Window/orphaned-frame-access-expected.txt:
  • fast/dom/Window/orphaned-frame-access.html:
  • fast/frames/detached-frame-property-expected.txt:
  • fast/frames/detached-frame-property.html:
7:24 PM Changeset in webkit [226675] by Darin Adler
  • 10 edits in trunk

Further refinement to list item and counter code after "list-item" counter fix
https://bugs.webkit.org/show_bug.cgi?id=181426

Reviewed by Zalan Bujtas.

Source/WebCore:

  • css/StyleBuilderCustom.h:

(WebCore::StyleBuilderCustom::applyInheritCounter): Use auto.
(WebCore::StyleBuilderCustom::applyValueCounter): Use auto, removed unneeded
null checks for things that can never be null, moved the saturated addition
here and got rid of the addIncrementValue function from CounterDirectives.
Use the saturatedAddition function from SaturatedArithmetic.h instead of the
much less efficient one that did the same thing, CounterDirectives::addClamped.

  • rendering/RenderCounter.cpp:

(WebCore::listItemCounterDirectives): Use aggregate syntax for the return
statements.
(WebCore::planCounter): Changed to use a struct return value instead of two
out arguments. Use the saturatedAddition function from SaturatedArithmetic.h
instead of the much less efficient one that did the same thing,
CounterDirectives::addClamped.
(WebCore::findPlaceForCounter): Changed to use a struct return value instead
of two out arguments.
(WebCore::makeCounterNode): Updated for the above changes. Changed code to
use add instead of both get and set. Updated to keep the counter maps inside
the values of the "map of maps" instead of using a unique_ptr and allocating
each one on the heap.
(WebCore::destroyCounterNodeWithoutMapRemoval): Changed argument to a reference
instead of a pointer. Updated for changes to the map. Use RefPtr more
consistently.
(WebCore::RenderCounter::destroyCounterNodes): Use iterators less.
(WebCore::RenderCounter::destroyCounterNode): Ditto.
(WebCore::RenderCounter::rendererRemovedFromTree): Add a check of
hasCounterNodeMap here before calling destroyCounterNodes, so that function
can assume the flag is true (both other callers already check it).
(WebCore::updateCounters): Use auto and update for changes above.
(WebCore::RenderCounter::rendererStyleChanged): Use modern for loops instead
of iterators.
(showCounterRendererTree): Use auto and udpate for changes above.

  • rendering/RenderListItem.cpp:

(WebCore::enclosingList): Stop referring to elements as "nodes". Changed
the local variable names for clarity.
(WebCore::nextListItemHelper): Renamed from nextListItem since it's not
intended to be called directly and we want to use a function pointer to
nextListItem. Fixed the algorithm to correctly handle ad hoc "lists" that
are not actually HTML list elements, using the definition in the enclosingList
function as the previousListItem function already did.
(WebCore::nextListItem): Updated for name changes.
(WebCore::firstListItem): Renamed from nextListItem for clarity.
(WebCore::previousListItem): Rewrote loop so it doesn't have to do things
so strangely when we find another list.
(WebCore::RenderListItem::updateItemValuesForOrderedList): Use auto and
update local variable names.
(WebCore::RenderListItem::itemCountForOrderedList): Ditto.
(WebCore::RenderListItem::updateValueNow const): Rewrote to use an iterative
algorithm instead of a recursive one. Fixes the FIXME here.
(WebCore::RenderListItem::updateValue): Use m_valueWasSetExplicitly
instead of m_explicitValue.
(WebCore::RenderListItem::explicitValueChanged): Use auto and simplified
the loop a bit.
(WebCore::RenderListItem::setExplicitValue): Set m_valueWasSetExplicitly
instead of m_explicitValue.
(WebCore::previousOrNextItem): Deleted.
(WebCore::RenderListItem::updateListMarkerNumbers): Streamlined the loop
a bit and used a fucntion pointer to handle the two different directions.
(WebCore::RenderListItem::isInReversedOrderedList const): Simplified by
getting rid of an unneeded use of pointers and local variables.

  • rendering/RenderListItem.h: Use a boolean, m_valueWasSetExplicitly,

instead of a separate optional m_explicitValue.

  • rendering/style/CounterDirectives.h: Since all the code in this file was

rewritten, removed old copyrights. Deleted the addIncrementValue function,
since it is clear enough in the one call site in the style builder.
Deleted the addClamped function because it was just a much slower
version of the saturatedAddition function. Made == and != into constexpr
functions since they are simple enough to be.

  • rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::getCounterDirectives const): Deleted. Caller can
handle this just fine without a helper function.

  • rendering/style/RenderStyle.h: Ditto.

LayoutTests:

  • fast/css/counters/counter-list-item.html: Removed an extra newline at the end of

the file.

7:17 PM Changeset in webkit [226674] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

REGRESSION(r201855): Web Inspector: Should see "length" autocompletion suggestion on a string literal
https://bugs.webkit.org/show_bug.cgi?id=181462
<rdar://problem/36390699>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2018-01-09
Reviewed by Matt Baker.

  • UserInterface/Controllers/JavaScriptRuntimeCompletionProvider.js:

(WI.JavaScriptRuntimeCompletionProvider.prototype.completionControllerCompletionsNeeded.inspectedPage_evalResult_getCompletions):
This is code that runs on the inspected target, which may have an old version of
WebKit/JavaScriptCore, so don't use new syntax like this.

(WI.JavaScriptRuntimeCompletionProvider.prototype.completionControllerCompletionsNeeded):
We intended to return the result by as a JSON value instead of a RemoteObject.

7:04 PM Changeset in webkit [226673] by ddkilzer@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

REGRESSION (r226667): CodeBlocks should be in IsoSubspaces
<https://bugs.webkit.org/show_bug.cgi?id=180884>

Fixes the following build error:

heap/Heap.cpp:2708:10: error: lambda capture 'this' is not used [-Werror,-Wunused-lambda-capture]

  • heap/Heap.cpp:

(JSC::Heap::addCoreConstraints): Remove 'this' from lambda to
fix the build.

7:00 PM Changeset in webkit [226672] by keith_miller@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

and32 with an Address source on ARM64 did not invalidate dataTempRegister
https://bugs.webkit.org/show_bug.cgi?id=181467

Reviewed by Michael Saboff.

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::and32):

6:43 PM Changeset in webkit [226671] by Ross Kirsling
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Layers sidebar shows popover on selection even when collapsed
https://bugs.webkit.org/show_bug.cgi?id=181465

Reviewed by Matt Baker.

  • UserInterface/Views/LayerDetailsSidebarPanel.js:

(WI.LayerDetailsSidebarPanel.prototype.selectNodeByLayerId):
Have sidebar show itself if necessary before displaying popover.

6:37 PM Changeset in webkit [226670] by aestes@apple.com
  • 2 edits in trunk/Tools

[Xcode] Use the Apple Internal SDK if available when building ImageDiff
https://bugs.webkit.org/show_bug.cgi?id=181459

Reviewed by Dan Bernstein.

  • ImageDiff/cg/Configurations/Base.xcconfig:
5:34 PM Changeset in webkit [226669] by wilander@apple.com
  • 2 edits in trunk/Source/WebKit

Storage Access API: Turn feature on by default in WebPreferences.yaml
https://bugs.webkit.org/show_bug.cgi?id=181458

Reviewed by Brent Fulgham.

  • Shared/WebPreferences.yaml:
4:44 PM Changeset in webkit [226668] by mmaxfield@apple.com
  • 9 edits
    12 moves
    2 adds in trunk

font-display:fallback can cause a visual flash (which is supposed to be impossible)
https://bugs.webkit.org/show_bug.cgi?id=181374

Reviewed by Simon Fraser.

Source/WebCore:

A FontCascade represents an entire font-family fallback list, but sometimes we need to pull out a single
representative font from the list to calculate things like line height. Previously, if the first item in
the font-family list was in the middle of being downloaded, this representative font was hardcoded to be
Times. However, when actually laying out and drawing the glyphs, we have logic to skip the interstitial
Times if there are any installed fonts present in the font-family list (so you wouldn't ever actually
see Times). This means that line height (among other things) was being calculated as if Times was used,
but in reality, some other font from the font-family list was being used.

Alone, this isn't a huge problem, but font-display:fallback makes a font transition between "timed out"
and "failed," and when the font hits the failed state, the representative font skips over the cancelled
item and hits the next item in the fallback list. This means that line heights will change, which causes
a visual flash, even when font-display:fallback is specified.

The solution is simply to educate the logic which identifies this representative font so that it
understands what to do for currently-loading fonts.

Tests: fast/text/font-display/swap-flash.html

  • platform/graphics/FontCascadeFonts.h:

(WebCore::FontCascadeFonts::primaryFont):

  • rendering/line/BreakingContext.h:

(WebCore::textWidth):

Tools:

The test requires Palatino.

  • DumpRenderTree/mac/DumpRenderTree.mm:

(allowedFontFamilySet):

  • WebKitTestRunner/mac/TestControllerMac.mm:

(WTR::allowedFontFamilySet):

LayoutTests:

Move font-display tests into their common subfolder.

  • fast/text/font-display/block-finish-expected.html: Renamed from LayoutTests/fast/text/loading-block-finish-expected.html.
  • fast/text/font-display/block-finish.html: Renamed from LayoutTests/fast/text/loading-block-finish.html.
  • fast/text/font-display/block-nofinish-expected.html: Renamed from LayoutTests/fast/text/loading-block-nofinish-expected.html.
  • fast/text/font-display/block-nofinish.html: Renamed from LayoutTests/fast/text/loading-block-nofinish.html.
  • fast/text/font-display/failure-finish-expected.html: Renamed from LayoutTests/fast/text/loading-failure-finish-expected.html.
  • fast/text/font-display/failure-finish.html: Renamed from LayoutTests/fast/text/loading-failure-finish.html.
  • fast/text/font-display/failure-nofinish-expected.html: Renamed from LayoutTests/fast/text/loading-failure-nofinish-expected.html.
  • fast/text/font-display/failure-nofinish.html: Renamed from LayoutTests/fast/text/loading-failure-nofinish.html.
  • fast/text/font-display/swap-finish-expected.html: Renamed from LayoutTests/fast/text/loading-swap-finish-expected.html.
  • fast/text/font-display/swap-finish.html: Renamed from LayoutTests/fast/text/loading-swap-finish.html.
  • fast/text/font-display/swap-nofinish-expected.html: Renamed from LayoutTests/fast/text/loading-swap-nofinish-expected.html.
  • fast/text/font-display/swap-nofinish.html: Renamed from LayoutTests/fast/text/loading-swap-nofinish.html.
  • fast/text/font-display/swap-flash-expected.html: Added.
  • fast/text/font-display/swap-flash.html: Added.
  • platform/win/TestExpectations:
4:30 PM Changeset in webkit [226667] by fpizlo@apple.com
  • 66 edits
    2 adds in trunk

CodeBlocks should be in IsoSubspaces
https://bugs.webkit.org/show_bug.cgi?id=180884

Reviewed by Saam Barati.
Source/JavaScriptCore:


This moves CodeBlocks into IsoSubspaces. Doing so means that we no longer need to have the
special CodeBlockSet HashSets of new and old CodeBlocks. We also no longer use
WeakReferenceHarvester or UnconditionalFinalizer. Instead:

  • Code block sweeping is now just eager sweeping. This means that it automatically takes advantage of our unswept set, which roughly corresponds to what CodeBlockSet used to use its eden set for.


  • Those idea of Executable "weakly visiting" the CodeBlock is replaced by Executable marking a ExecutableToCodeBlockEdge object. That object being marked corresponds to what we used to call CodeBlock "having been weakly visited". This means that CodeBlockSet no longer has to clear the set of weakly visited code blocks. This also means that determining CodeBlock liveness, propagating CodeBlock transitions, and jettisoning CodeBlocks during GC are now the edge's job. The edge is also in an IsoSubspace and it has IsoCellSets to tell us which edges have output constraints (what we used to call CodeBlock's weak reference harvester) and which have unconditional finalizers.


  • CodeBlock now uses an IsoCellSet to tell if it has an unconditional finalizer.


  • CodeBlockSet still exists! It has one unified HashSet of CodeBlocks that we use to handle requests from the sampler, debugger, and other facilities. They may want to ask if some pointer corresponds to a CodeBlock during stages of execution during which the GC is unable to answer isLive() queries. The trickiest is the sampling profiler thread. There is no way that the GC's isLive could tell us of a CodeBlock that had already been allocated has now been full constructed.


  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::finishCreationCommon):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::visitChildren):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::determineLiveness):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::stronglyVisitStrongReferences):
(JSC::CodeBlock::hasInstalledVMTrapBreakpoints const):
(JSC::CodeBlock::installVMTrapBreakpoints):
(JSC::CodeBlock::dumpMathICStats):
(JSC::CodeBlock::visitWeakly): Deleted.
(JSC::CodeBlock::WeakReferenceHarvester::visitWeakReferences): Deleted.
(JSC::CodeBlock::UnconditionalFinalizer::finalizeUnconditionally): Deleted.

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::subspaceFor):
(JSC::CodeBlock::ownerEdge const):
(JSC::CodeBlock::clearVisitWeaklyHasBeenCalled): Deleted.

  • bytecode/EvalCodeBlock.h:

(JSC::EvalCodeBlock::create): Deleted.
(JSC::EvalCodeBlock::createStructure): Deleted.
(JSC::EvalCodeBlock::variable): Deleted.
(JSC::EvalCodeBlock::numVariables): Deleted.
(JSC::EvalCodeBlock::functionHoistingCandidate): Deleted.
(JSC::EvalCodeBlock::numFunctionHoistingCandidates): Deleted.
(JSC::EvalCodeBlock::EvalCodeBlock): Deleted.
(JSC::EvalCodeBlock::unlinkedEvalCodeBlock const): Deleted.

  • bytecode/ExecutableToCodeBlockEdge.cpp: Added.

(JSC::ExecutableToCodeBlockEdge::createStructure):
(JSC::ExecutableToCodeBlockEdge::create):
(JSC::ExecutableToCodeBlockEdge::visitChildren):
(JSC::ExecutableToCodeBlockEdge::visitOutputConstraints):
(JSC::ExecutableToCodeBlockEdge::finalizeUnconditionally):
(JSC::ExecutableToCodeBlockEdge::activate):
(JSC::ExecutableToCodeBlockEdge::deactivate):
(JSC::ExecutableToCodeBlockEdge::deactivateAndUnwrap):
(JSC::ExecutableToCodeBlockEdge::wrap):
(JSC::ExecutableToCodeBlockEdge::wrapAndActivate):
(JSC::ExecutableToCodeBlockEdge::ExecutableToCodeBlockEdge):
(JSC::ExecutableToCodeBlockEdge::runConstraint):

  • bytecode/ExecutableToCodeBlockEdge.h: Added.

(JSC::ExecutableToCodeBlockEdge::subspaceFor):
(JSC::ExecutableToCodeBlockEdge::codeBlock const):
(JSC::ExecutableToCodeBlockEdge::unwrap):

  • bytecode/FunctionCodeBlock.h:

(JSC::FunctionCodeBlock::subspaceFor):
(JSC::FunctionCodeBlock::createStructure):

  • bytecode/ModuleProgramCodeBlock.h:

(JSC::ModuleProgramCodeBlock::create): Deleted.
(JSC::ModuleProgramCodeBlock::createStructure): Deleted.
(JSC::ModuleProgramCodeBlock::ModuleProgramCodeBlock): Deleted.

  • bytecode/ProgramCodeBlock.h:

(JSC::ProgramCodeBlock::create): Deleted.
(JSC::ProgramCodeBlock::createStructure): Deleted.
(JSC::ProgramCodeBlock::ProgramCodeBlock): Deleted.

  • debugger/Debugger.cpp:

(JSC::Debugger::SetSteppingModeFunctor::operator() const):
(JSC::Debugger::ToggleBreakpointFunctor::operator() const):
(JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::operator() const):
(JSC::Debugger::ClearDebuggerRequestsFunctor::operator() const):

  • heap/CodeBlockSet.cpp:

(JSC::CodeBlockSet::contains):
(JSC::CodeBlockSet::dump const):
(JSC::CodeBlockSet::add):
(JSC::CodeBlockSet::remove):
(JSC::CodeBlockSet::promoteYoungCodeBlocks): Deleted.
(JSC::CodeBlockSet::clearMarksForFullCollection): Deleted.
(JSC::CodeBlockSet::lastChanceToFinalize): Deleted.
(JSC::CodeBlockSet::deleteUnmarkedAndUnreferenced): Deleted.

  • heap/CodeBlockSet.h:
  • heap/CodeBlockSetInlines.h:

(JSC::CodeBlockSet::iterate):
(JSC::CodeBlockSet::iterateViaSubspaces):

  • heap/ConservativeRoots.cpp:

(JSC::ConservativeRoots::genericAddPointer):
(JSC::DummyMarkHook::markKnownJSCell):
(JSC::CompositeMarkHook::mark):
(JSC::CompositeMarkHook::markKnownJSCell):

  • heap/ConservativeRoots.h:
  • heap/Heap.cpp:

(JSC::Heap::lastChanceToFinalize):
(JSC::Heap::finalizeMarkedUnconditionalFinalizers):
(JSC::Heap::finalizeUnconditionalFinalizers):
(JSC::Heap::beginMarking):
(JSC::Heap::deleteUnmarkedCompiledCode):
(JSC::Heap::sweepInFinalize):
(JSC::Heap::forEachCodeBlockImpl):
(JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
(JSC::Heap::addCoreConstraints):
(JSC::Heap::finalizeUnconditionalFinalizersInIsoSubspace): Deleted.

  • heap/Heap.h:
  • heap/HeapCell.h:
  • heap/HeapCellInlines.h:

(JSC::HeapCell::subspace const):

  • heap/HeapInlines.h:

(JSC::Heap::forEachCodeBlock):
(JSC::Heap::forEachCodeBlockIgnoringJITPlans):

  • heap/HeapUtil.h:

(JSC::HeapUtil::findGCObjectPointersForMarking):

  • heap/IsoCellSet.cpp:

(JSC::IsoCellSet::parallelNotEmptyMarkedBlockSource):

  • heap/IsoCellSet.h:
  • heap/IsoCellSetInlines.h:

(JSC::IsoCellSet::forEachMarkedCellInParallel):
(JSC::IsoCellSet::forEachLiveCell):

  • heap/LargeAllocation.h:

(JSC::LargeAllocation::subspace const):

  • heap/MarkStackMergingConstraint.cpp:

(JSC::MarkStackMergingConstraint::executeImpl):

  • heap/MarkStackMergingConstraint.h:
  • heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::parallelNotEmptyBlockSource):

  • heap/MarkedBlock.cpp:

(JSC::MarkedBlock::Handle::didAddToAllocator):
(JSC::MarkedBlock::Handle::didRemoveFromAllocator):

  • heap/MarkedBlock.h:

(JSC::MarkedBlock::subspace const):

  • heap/MarkedBlockInlines.h:

(JSC::MarkedBlock::Handle::forEachLiveCell):

  • heap/MarkedSpaceInlines.h:

(JSC::MarkedSpace::forEachLiveCell):

  • heap/MarkingConstraint.cpp:

(JSC::MarkingConstraint::execute):
(JSC::MarkingConstraint::doParallelWork):
(JSC::MarkingConstraint::finishParallelWork): Deleted.
(JSC::MarkingConstraint::doParallelWorkImpl): Deleted.
(JSC::MarkingConstraint::finishParallelWorkImpl): Deleted.

  • heap/MarkingConstraint.h:
  • heap/MarkingConstraintSet.cpp:

(JSC::MarkingConstraintSet::add):

  • heap/MarkingConstraintSet.h:

(JSC::MarkingConstraintSet::add):

  • heap/MarkingConstraintSolver.cpp:

(JSC::MarkingConstraintSolver::execute):
(JSC::MarkingConstraintSolver::addParallelTask):
(JSC::MarkingConstraintSolver::runExecutionThread):
(JSC::MarkingConstraintSolver::didExecute): Deleted.

  • heap/MarkingConstraintSolver.h:

(JSC::MarkingConstraintSolver::TaskWithConstraint::TaskWithConstraint):
(JSC::MarkingConstraintSolver::TaskWithConstraint::operator== const):

  • heap/SimpleMarkingConstraint.cpp:

(JSC::SimpleMarkingConstraint::SimpleMarkingConstraint):
(JSC::SimpleMarkingConstraint::executeImpl):

  • heap/SimpleMarkingConstraint.h:

(JSC::SimpleMarkingConstraint::SimpleMarkingConstraint):

  • heap/SlotVisitor.cpp:

(JSC::SlotVisitor::addParallelConstraintTask):

  • heap/SlotVisitor.h:
  • heap/Subspace.cpp:

(JSC::Subspace::sweep):

  • heap/Subspace.h:
  • heap/SubspaceInlines.h:

(JSC::Subspace::forEachLiveCell):

  • llint/LowLevelInterpreter.asm:
  • runtime/EvalExecutable.cpp:

(JSC::EvalExecutable::visitChildren):

  • runtime/EvalExecutable.h:

(JSC::EvalExecutable::codeBlock):

  • runtime/FunctionExecutable.cpp:

(JSC::FunctionExecutable::baselineCodeBlockFor):
(JSC::FunctionExecutable::visitChildren):

  • runtime/FunctionExecutable.h:
  • runtime/JSType.h:
  • runtime/ModuleProgramExecutable.cpp:

(JSC::ModuleProgramExecutable::visitChildren):

  • runtime/ModuleProgramExecutable.h:
  • runtime/ProgramExecutable.cpp:

(JSC::ProgramExecutable::visitChildren):

  • runtime/ProgramExecutable.h:
  • runtime/ScriptExecutable.cpp:

(JSC::ScriptExecutable::installCode):
(JSC::ScriptExecutable::newReplacementCodeBlockFor):

  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:

(JSC::VM::SpaceAndFinalizerSet::SpaceAndFinalizerSet):
(JSC::VM::SpaceAndFinalizerSet::finalizerSetFor):
(JSC::VM::forEachCodeBlockSpace):

  • runtime/VMTraps.cpp:

(JSC::VMTraps::handleTraps):

  • tools/VMInspector.cpp:

(JSC::VMInspector::codeBlockForMachinePC):
(JSC::VMInspector::isValidCodeBlock):

Source/WebCore:

No new tests because no new behavior.

Adopting new parallel constraint API, so that more of the logic of doing parallel
constraint solving is shared between the DOM's output constraints and JSC's output
constraints.

  • bindings/js/DOMGCOutputConstraint.cpp:

(WebCore::DOMGCOutputConstraint::executeImpl):
(WebCore::DOMGCOutputConstraint::doParallelWorkImpl): Deleted.
(WebCore::DOMGCOutputConstraint::finishParallelWorkImpl): Deleted.

  • bindings/js/DOMGCOutputConstraint.h:

Source/WTF:


Deque<>::contains() is helpful for a debug ASSERT.

  • wtf/Deque.h:

(WTF::inlineCapacity>::contains):

4:05 PM Changeset in webkit [226666] by Simon Fraser
  • 11 edits in trunk/Source/WebCore

Clean up Marquee-related enums
https://bugs.webkit.org/show_bug.cgi?id=181347

Reviewed by Anders Carlsson.

Modernize EMarqueeBehavior and EMarqueeDirection enums. Stop using the weird negative
values in the MarqueeDirection and do manual reverse direction mapping.

Make some member functions of RenderMarquee private.

Stop using bitfields in RenderMarquee because the memory saving is not worth it, and doing so
allows us to use modern initialization.

No behavior change.

  • css/CSSPrimitiveValueMappings.h:

(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::operator MarqueeBehavior const):
(WebCore::CSSPrimitiveValue::operator MarqueeDirection const):
(WebCore::CSSPrimitiveValue::operator EMarqueeBehavior const): Deleted.
(WebCore::CSSPrimitiveValue::operator EMarqueeDirection const): Deleted.

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::adjustRenderStyle):

  • rendering/RenderBox.cpp:

(WebCore::RenderBox::sizesLogicalWidthToFitContent const):

  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects const):

  • rendering/RenderMarquee.cpp:

(WebCore::RenderMarquee::RenderMarquee):
(WebCore::reverseDirection):
(WebCore::RenderMarquee::direction const):
(WebCore::RenderMarquee::isHorizontal const):
(WebCore::RenderMarquee::computePosition):
(WebCore::RenderMarquee::start):
(WebCore::RenderMarquee::updateMarqueePosition):
(WebCore::RenderMarquee::updateMarqueeStyle):
(WebCore::RenderMarquee::timerFired):

  • rendering/RenderMarquee.h:
  • rendering/style/RenderStyle.h:

(WebCore::RenderStyle::marqueeBehavior const):
(WebCore::RenderStyle::marqueeDirection const):
(WebCore::RenderStyle::setMarqueeDirection):
(WebCore::RenderStyle::setMarqueeBehavior):
(WebCore::RenderStyle::initialMarqueeBehavior):
(WebCore::RenderStyle::initialMarqueeDirection):

  • rendering/style/RenderStyleConstants.h:
  • rendering/style/StyleMarqueeData.cpp:

(WebCore::StyleMarqueeData::StyleMarqueeData):

  • rendering/style/StyleMarqueeData.h:
3:54 PM Changeset in webkit [226665] by achristensen@apple.com
  • 2 edits in trunk/Source/WebKit

WKOpenPanelParameters SPI should return autoreleased objects
https://bugs.webkit.org/show_bug.cgi?id=181457
<rdar://problem/35884960>

Reviewed by Tim Horton.

In r226607 I made a mistake by returning an object that has been released.
I instead follow a pattern of leaking and autoreleasing that we use elsewhere in the ObjC API.

  • UIProcess/API/Cocoa/WKOpenPanelParameters.mm:

(-[WKOpenPanelParameters _acceptedMIMETypes]):
(-[WKOpenPanelParameters _acceptedFileExtensions]):

3:47 PM Changeset in webkit [226664] by jer.noble@apple.com
  • 5 edits in trunk/Source/WebCore

Many CVDisplayLink threads created and destroyed while watching a YouTube video
https://bugs.webkit.org/show_bug.cgi?id=181396

Reviewed by Simon Fraser.

When watching some YouTube videos (or any video with default controls), event handlers for
the "timeupdate" event which use rAF will cause the underlying platform objects to be
destroyed in between "timeupdate" events being fired, since they occur every 250ms, and rAF
objects are destroyed every 166ms (or 10/60hz). Update this constant to destroy the
underlying objects every 333ms (or 20/60hz) so that this common pattern doesn't lead to
excessive rAF platform object turnover.

  • platform/Logging.h:
  • platform/graphics/DisplayRefreshMonitor.h:

(WebCore::DisplayRefreshMonitor::shouldBeTerminated const):

  • platform/graphics/DisplayRefreshMonitor.cpp:

(WebCore::DisplayRefreshMonitor::displayDidRefresh):

  • platform/graphics/DisplayRefreshMonitorManager.cpp:

(WebCore::DisplayRefreshMonitorManager::createMonitorForClient):
(WebCore::DisplayRefreshMonitorManager::displayDidRefresh):

3:46 PM Changeset in webkit [226663] by Matt Lewis
  • 2 edits in trunk/LayoutTests

Fixed test expectaions.

Unreviewed test gardening.

  • platform/ios-wk2/TestExpectations:
3:46 PM Changeset in webkit [226662] by jmarcell@apple.com
  • 1 copy in branches/safari-605-branch

New Branch.

3:43 PM Changeset in webkit [226661] by sbarati@apple.com
  • 2 edits in trunk/Tools

Give some slack in display-profiler-outputs computation of the terminal window's number of columns
https://bugs.webkit.org/show_bug.cgi?id=181449

Reviewed by JF Bastien.

This allows me to Cmd+f in my terminal to search for things without
having the results become misaligned.

  • Scripts/display-profiler-output:
3:31 PM Changeset in webkit [226660] by Alan Bujtas
  • 9 edits in trunk/Source/WebCore

[RenderTreeBuilder] Move RenderElement addChild mutation logic to RenderTreeBuilder
https://bugs.webkit.org/show_bug.cgi?id=181451
<rdar://problem/36385562>

Reviewed by Antti Koivisto.

This is about moving code, no cleanup and/or normalization (unfortunately it also means
some temporary changes).

No change in functionality.

  • rendering/RenderElement.cpp:

(WebCore::RenderElement::addChild):
(WebCore::RenderElement::childRequiresTable const): Deleted.

  • rendering/RenderElement.h:
  • rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::insertChildToRenderElement):
(WebCore::RenderTreeBuilder::childRequiresTable):

  • rendering/updating/RenderTreeBuilder.h:
  • rendering/updating/RenderTreeBuilderInline.cpp:

(WebCore::RenderTreeBuilder::Inline::insertChildToContinuation):
(WebCore::RenderTreeBuilder::Inline::insertChildIgnoringContinuation):
(WebCore::RenderTreeBuilder::Inline::newChildIsInline):
(WebCore::newChildIsInline): Deleted.

  • rendering/updating/RenderTreeBuilderInline.h:
3:00 PM Changeset in webkit [226659] by Matt Lewis
  • 6 edits in trunk

Unreviewed, rolling out r226531.

This caused test failures on macOS WK2.

Reverted changeset:

"Use no-cache fetch mode when loading main documents with
location.reload()"
https://bugs.webkit.org/show_bug.cgi?id=181285
https://trac.webkit.org/changeset/226531

1:47 PM Changeset in webkit [226658] by msaboff@apple.com
  • 8 edits in trunk/Source

Unreviewed, rolling out r226600 and r226603
https://bugs.webkit.org/show_bug.cgi?id=181351

Add a DOM gadget for Spectre testing

  • runtime/Options.h:
  • dom/Comment.cpp:

(WebCore::Comment::Comment):
(WebCore::Comment::setReadLength): Deleted.
(WebCore::Comment::charCodeAt): Deleted.
(WebCore::Comment::clflushReadLength): Deleted.

  • dom/Comment.h:
  • dom/Comment.idl:
  • page/RuntimeEnabledFeatures.cpp:

(WebCore::RuntimeEnabledFeatures::spectreGadgetsEnabled const): Deleted.

  • page/RuntimeEnabledFeatures.h:
1:17 PM Changeset in webkit [226657] by don.olmstead@sony.com
  • 35 edits in trunk/Source/WebCore

Add additional WEBCORE_EXPORTs
https://bugs.webkit.org/show_bug.cgi?id=181414

Reviewed by Alex Christensen.

No new tests. No change in behavior.

  • dom/Document.h:
  • dom/ViewportArguments.h:
  • page/DOMWindow.h:
  • page/FrameView.h:
  • page/PageOverlayController.h:
  • platform/ContextMenuItem.h:
  • platform/Pasteboard.h:
  • platform/SharedBuffer.h:
  • platform/UserAgent.h:
  • platform/graphics/GLContext.h:
  • platform/graphics/GraphicsContext.h:
  • platform/graphics/GraphicsLayerTransform.h:
  • platform/graphics/PlatformDisplay.h:
  • platform/graphics/cairo/BackingStoreBackendCairoImpl.h:
  • platform/graphics/cairo/PlatformContextCairo.h:
  • platform/graphics/cairo/RefPtrCairo.h:
  • platform/graphics/nicosia/NicosiaBuffer.h:
  • platform/graphics/nicosia/NicosiaPaintingEngine.h:
  • platform/graphics/texmap/TextureMapper.h:
  • platform/graphics/texmap/TextureMapperAnimation.h:
  • platform/graphics/texmap/TextureMapperBackingStore.h:
  • platform/graphics/texmap/TextureMapperFPSCounter.h:
  • platform/graphics/texmap/TextureMapperLayer.h:

(WebCore::TextureMapperLayer::TextureMapperLayer): Deleted.
(WebCore::TextureMapperLayer::setID): Deleted.
(WebCore::TextureMapperLayer::id): Deleted.
(WebCore::TextureMapperLayer:: const): Deleted.
(WebCore::TextureMapperLayer::setScrollClient): Deleted.
(WebCore::TextureMapperLayer::setIsScrollable): Deleted.
(WebCore::TextureMapperLayer::isScrollable const): Deleted.
(WebCore::TextureMapperLayer::textureMapper const): Deleted.
(WebCore::TextureMapperLayer::setTextureMapper): Deleted.
(WebCore::TextureMapperLayer::drawsContent const): Deleted.
(WebCore::TextureMapperLayer::contentsAreVisible const): Deleted.
(WebCore::TextureMapperLayer::size const): Deleted.
(WebCore::TextureMapperLayer::opacity const): Deleted.
(WebCore::TextureMapperLayer::transform const): Deleted.
(WebCore::TextureMapperLayer::hasFilters const): Deleted.
(WebCore::TextureMapperLayer::isShowingRepaintCounter const): Deleted.
(WebCore::TextureMapperLayer::fixedToViewport const): Deleted.
(WebCore::TextureMapperLayer::rootLayer const): Deleted.
(WebCore::TextureMapperLayer::texture): Deleted.
(WebCore::TextureMapperLayer::adjustedPosition const): Deleted.
(WebCore::TextureMapperLayer::layerRect const): Deleted.
(WebCore::TextureMapperLayer::State::State): Deleted.

  • platform/graphics/texmap/TextureMapperPlatformLayerProxy.h:
  • platform/graphics/texmap/TextureMapperTile.h:
  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:

(WebCore::CoordinatedGraphicsLayer::isScrollable const): Deleted.
(WebCore::CoordinatedGraphicsLayer::id const): Deleted.
(WebCore::CoordinatedGraphicsLayer::coverRect const): Deleted.
(WebCore::CoordinatedGraphicsLayer::fixedToViewport const): Deleted.

  • platform/graphics/texmap/coordinated/CoordinatedImageBacking.h:

(WebCore::CoordinatedImageBacking::id const): Deleted.

  • platform/graphics/texmap/coordinated/TiledBackingStore.h:
  • platform/graphics/texmap/coordinated/UpdateAtlas.h:
  • platform/network/AuthenticationChallengeBase.h:
  • platform/network/CredentialBase.h:
  • platform/network/ProtectionSpaceBase.h:
  • platform/network/curl/SocketStreamHandleImpl.h:
  • replay/UserInputBridge.h:
1:15 PM Changeset in webkit [226656] by commit-queue@webkit.org
  • 4 edits
    1 move
    1 add
    1 delete in trunk/Source/WebCore

[Curl] Move FormData related tasks into new CurlFormDataStream class.
https://bugs.webkit.org/show_bug.cgi?id=181106

Patch by Basuke Suzuki <Basuke Suzuki> on 2018-01-09
Reviewed by Alex Christensen.

No new tests because no behavior change.

  • platform/Curl.cmake:
  • platform/network/curl/CurlFormDataStream.cpp: Added.

(WebCore::CurlFormDataStream::CurlFormDataStream):
(WebCore::CurlFormDataStream::~CurlFormDataStream):
(WebCore::CurlFormDataStream::clean):
(WebCore::CurlFormDataStream::shouldUseChunkTransfer):
(WebCore::CurlFormDataStream::totalSize):
(WebCore::CurlFormDataStream::computeContentLength):
(WebCore::CurlFormDataStream::read):
(WebCore::CurlFormDataStream::readFromFile):
(WebCore::CurlFormDataStream::readFromData):

  • platform/network/curl/CurlFormDataStream.h: Renamed from Source/WebCore/platform/network/curl/FormDataStreamCurl.h.

(WebCore::CurlFormDataStream::elementSize):
(WebCore::CurlFormDataStream::totalReadSize):

  • platform/network/curl/CurlRequest.cpp:

(WebCore::CurlRequest::CurlRequest):
(WebCore::CurlRequest::willSendData):
(WebCore::CurlRequest::finalizeTransfer):
(WebCore::CurlRequest::setupPUT):
(WebCore::CurlRequest::setupPOST):
(WebCore::CurlRequest::setupSendData):
(WebCore::CurlRequest::resolveBlobReferences): Deleted.
(WebCore::CurlRequest::setupFormData): Deleted.

  • platform/network/curl/CurlRequest.h:
  • platform/network/curl/FormDataStreamCurl.cpp: Removed.
1:13 PM Changeset in webkit [226655] by sbarati@apple.com
  • 2 edits in trunk/Source/JavaScriptCore

Reduce graph size by replacing terminal nodes in blocks that have a ForceOSRExit with Unreachable
https://bugs.webkit.org/show_bug.cgi?id=181409

Reviewed by Keith Miller.

When I was looking at profiler data for Speedometer, I noticed that one of
the hottest functions in Speedometer is around 1100 bytecode operations long.
Only about 100 of those bytecode ops ever execute. However, we ended up
spending a lot of time compiling basic blocks that never executed. We often
plant ForceOSRExit nodes when we parse bytecodes that have a null value profile.
This is the case when such a node never executes.

This patch makes it so that anytime a block has a ForceOSRExit, we replace its
terminal node with an Unreachable node (and remove all nodes after the
ForceOSRExit). This will cut down on graph size when such a block dominates
other blocks in the CFG. This allows us to get rid of huge chunks of the CFG
in certain programs. When doing this transformation, we also insert
Flushes/PhantomLocals to ensure we can recover values that are bytecode
live-in to the ForceOSRExit.

Using ForceOSRExit as the signal for this is a bit of a hack. It definitely
does not get rid of all the CFG that it could. If we decide it's worth
it, we could use additional inputs into this mechanism. For example, we could
profile if a basic block ever executes inside the LLInt/Baseline, and
remove parts of the CFG based on that.

When running Speedometer with the concurrent JIT turned off, this patch
improves DFG/FTL compile times by around 5%.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::addToGraph):
(JSC::DFG::ByteCodeParser::parse):

12:15 PM Changeset in webkit [226654] by Alan Bujtas
  • 7 edits
    2 adds in trunk/Source/WebCore

[RenderTreeBuilder] Move MathML addChild logic to RenderTreeBuilder
https://bugs.webkit.org/show_bug.cgi?id=181443
<rdar://problem/36380228>

Reviewed by Antti Koivisto.

This is about moving code, no cleanup and/or normalization (unfortunately it also means
some temporary changes).

No change in functionality.

  • Sources.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • rendering/mathml/RenderMathMLFenced.cpp:

(WebCore::RenderMathMLFenced::addChild):
(WebCore::RenderMathMLFenced::createMathMLOperator): Deleted.
(WebCore::RenderMathMLFenced::makeFences): Deleted.

  • rendering/mathml/RenderMathMLFenced.h:
  • rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::RenderTreeBuilder):
(WebCore::RenderTreeBuilder::insertChildToRenderMathMLFenced):

  • rendering/updating/RenderTreeBuilder.h:

(WebCore::RenderTreeBuilder::mathMLBuilder):

11:27 AM Changeset in webkit [226653] by Antti Koivisto
  • 3 edits
    3 adds in trunk

Blank page except for inner iframes because pending stylesheets cause style.isNotFinal() to be true
https://bugs.webkit.org/show_bug.cgi?id=180940
<rdar://problem/36116507>

Reviewed by Darin Adler.

Source/WebCore:

Test: http/tests/local/loading-stylesheet-import-remove.html

If a <link> referencing a stylesheet containing an @import that was still loading was removed
from the document, the loading state was never cleared. For head stylesheets this blocked
rendering permanently.

Test reduction by Justin Ridgewell.

  • html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::removedFromAncestor):

Test if the stylesheet it loading before clearing the pointer.

LayoutTests:

  • http/tests/local/loading-stylesheet-import-remove.html: Added.
  • http/tests/local/loading-stylesheet-import-remove-expected.html: Added.
  • http/tests/local/resources/slow-import.css: Added.
11:14 AM Changeset in webkit [226652] by ddkilzer@apple.com
  • 4 edits in trunk/Tools

[webkitpy] PlatformInfo should have default argument for casual use
https://bugs.webkit.org/show_bug.cgi?id=180827

Patch by Basuke Suzuki <Basuke Suzuki> on 2018-01-09
Reviewed by David Kilzer.

PlatformInfo should be the only way to check platform specific thing instead
of sys.platform or other various checks. If there is something you want to check,
it should be placed in PlatformInfo.

Currently to instantiate PlatformInfo, it requires arguments, which is usually
sys, platform and Executive(). They are straight forward and should be handled
by default arguments. Then we can instantiate PlatformInfo more casual.

  • Scripts/webkitpy/common/system/platforminfo.py:

(PlatformInfo): Use relative module path import
(PlatformInfo.init):
(PlatformInfo.executive): Lazy instantiation of Executive()
(PlatformInfo.total_bytes_memory): Accessing via above property
(PlatformInfo.xcode_sdk_version): Ditto
(PlatformInfo.xcode_simctl_list): Ditto
(PlatformInfo.xcode_version): Ditto
(PlatformInfo._win_version_str): Ditto

  • Scripts/webkitpy/common/system/systemhost.py:

(SystemHost.init):

  • Scripts/webkitpy/common/system/user.py:

(User.init):

11:10 AM Changeset in webkit [226651] by commit-queue@webkit.org
  • 9 edits in trunk/LayoutTests

Make imported/w3c/web-platform-tests/service-workers/service-worker/fetch-canvas-tainting-cache.https.html robust to quota error
https://bugs.webkit.org/show_bug.cgi?id=181404

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-09
Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

Ensure fetch event promise is resolved in case cache is used.
Ensure each cache entry is deleted to not hit any cache quota error.
Test was previously deleting the whole cache, but in WebKit, the quota
in such a case will only be updated when the cache is garbaged collected, which is not deterministic.
Make tests output more results to improve debugability.

  • web-platform-tests/service-workers/service-worker/fetch-canvas-tainting-cache.https.html:
  • web-platform-tests/service-workers/service-worker/fetch-canvas-tainting.https-expected.txt:
  • web-platform-tests/service-workers/service-worker/fetch-canvas-tainting.https.html:
  • web-platform-tests/service-workers/service-worker/resources/fetch-canvas-tainting-iframe.html:

LayoutTests:

10:49 AM Changeset in webkit [226650] by mark.lam@apple.com
  • 5 edits
    1 add in trunk

ASSERTION FAILED: pair.second->m_type & PropertyNode::Getter
https://bugs.webkit.org/show_bug.cgi?id=181388
<rdar://problem/36349351>

Reviewed by Saam Barati.

JSTests:

  • stress/regress-181388.js: Added.

Source/JavaScriptCore:

When there are duplicate setters or getters, we may end up overwriting a getter
with a setter, or vice versa. This patch adds tracking for getters/setters that
have been overwritten with duplicates and ignore them.

  • bytecompiler/NodesCodegen.cpp:

(JSC::PropertyListNode::emitBytecode):

  • parser/NodeConstructors.h:

(JSC::PropertyNode::PropertyNode):

  • parser/Nodes.h:

(JSC::PropertyNode::isOverriddenByDuplicate const):
(JSC::PropertyNode::setIsOverriddenByDuplicate):

10:35 AM Changeset in webkit [226649] by mitz@apple.com
  • 8 copies
    1 add in releases/Apple/iOS 11.2.2

Added a tag for iOS 11.2.2.

10:32 AM Changeset in webkit [226648] by mitz@apple.com
  • 9 copies
    1 add in releases/Apple/Safari 11.0.2 (v. 11604.4.7.1.6 & 12604.4.7.1.6)

Added a tag for Safari 11.0.2 (v. 11604.4.7.1.6 & 12604.4.7.1.6)

10:29 AM Changeset in webkit [226647] by mitz@apple.com
  • 3 edits
    8 deletes in trunk/Source

Removed some empty directories that were left behind

Source/ThirdParty/ANGLE:

  • src/third_party/murmurhash: Removed.
  • third_party: Removed.
  • third_party/deqp: Removed.

Source/WebCore:

  • Modules/indieui: Removed.
  • Modules/vibration: Removed.
  • platform/graphics/ca/mac: Removed.
  • platform/mediastream/gstreamer: Removed.

Source/WebKit:

  • WebProcess/Cookies/cf: Removed.
  • WebProcess/ios: Removed.
10:24 AM Changeset in webkit [226646] by commit-queue@webkit.org
  • 5 edits in trunk/LayoutTests

[iOS Debug WK2] Layout Test imported/w3c/web-platform-tests/service-workers/service-worker/register-closed-window.https.html is flaky
https://bugs.webkit.org/show_bug.cgi?id=181087
<rdar://problem/36188109>

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-09
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

Updated test to get a more deterministic output.

  • web-platform-tests/service-workers/service-worker/register-closed-window.https-expected.txt:
  • web-platform-tests/service-workers/service-worker/resources/register-closed-window-iframe.html:

LayoutTests:

  • platform/ios-wk2/TestExpectations: Removed flaky expectation.
9:55 AM Changeset in webkit [226645] by graouts@webkit.org
  • 5 edits in trunk/Source/WebCore

Refactor timing function solving code
https://bugs.webkit.org/show_bug.cgi?id=181428

Reviewed by Dean Jackson.

We have duplicated code to solve "cubic" and "steps" timing functions in AnimationBase and TextureMapperAnimation,
and we will soon need similar code to deal with timing functions in Web Animations. We move this code into TimingFunction
with a single transformTime() function that can be called directly on the timing function rather than having callers
figure out what type timing functions are to solve them.

No test as there shouldn't be any behavior change.

  • page/animation/AnimationBase.cpp:

(WebCore::AnimationBase::progress const):
(WebCore::solveEpsilon): Deleted.
(WebCore::solveCubicBezierFunction): Deleted.
(WebCore::solveStepsFunction): Deleted.
(WebCore::solveSpringFunction): Deleted.

  • platform/animation/TimingFunction.cpp:

(WebCore::TimingFunction::transformTime const):

  • platform/animation/TimingFunction.h:
  • platform/graphics/texmap/TextureMapperAnimation.cpp:

(WebCore::TextureMapperAnimation::apply):
(WebCore::solveEpsilon): Deleted.
(WebCore::solveCubicBezierFunction): Deleted.
(WebCore::solveStepsFunction): Deleted.
(WebCore::applyTimingFunction): Deleted.

9:54 AM Changeset in webkit [226644] by timothy_horton@apple.com
  • 4 edits in trunk/Source/WebKit

Don't record dynamic spelling corrections while in an ephemeral browsing session
https://bugs.webkit.org/show_bug.cgi?id=181417
<rdar://problem/33309104>

Dynamic spelling correction responses are kept on disk. Avoid recording
these responses when in an ephemeral session.

Reviewed by Tim Horton and Wenson Hsieh.

  • UIProcess/mac/CorrectionPanel.h:
  • UIProcess/mac/CorrectionPanel.mm:

(WebKit::CorrectionPanel::recordAutocorrectionResponse):

Add a WebViewImpl parameter so we can query the current session.
Return early before recording the response if the session is
ephemeral.

(WebKit::CorrectionPanel::handleAcceptedReplacement):

Update a caller to include the new parameter.

  • UIProcess/mac/PageClientImplMac.mm:

(WebKit::PageClientImpl::recordAutocorrectionResponse):

Ditto.

9:20 AM Changeset in webkit [226643] by jmarcell@apple.com
  • 42 edits in tags/Safari-605.1.20

Revert r226432. rdar://problem/10353542

9:20 AM Changeset in webkit [226642] by jmarcell@apple.com
  • 2 edits in tags/Safari-605.1.20/Tools

Revert r226441. rdar://problem/10353542

9:20 AM Changeset in webkit [226641] by jmarcell@apple.com
  • 2 edits in tags/Safari-605.1.20/Tools

Revert r226450. rdar://problem/10353542

9:13 AM Changeset in webkit [226640] by Michael Catanzaro
  • 2 edits in trunk/Source/WebCore

Unreviewed, silence -Wunused-parameter warning

  • testing/js/WebCoreTestSupport.cpp:

(WebCoreTestSupport::setupNewlyCreatedServiceWorker):

8:50 AM Changeset in webkit [226639] by commit-queue@webkit.org
  • 5 edits
    5 adds in trunk/LayoutTests

[EME] Add layout test for clearKey CENC message event
https://bugs.webkit.org/show_bug.cgi?id=180928

Patch by Yacine Bandou <yacine.bandou_ext@softathome.com> on 2018-01-09
Reviewed by Xabier Rodriguez-Calvar.

Tests the reception of clearKey message event after the encrypted event and checks its KeyID.
There are two tests: one with MSE playback and another with regular playback.

  • media/encrypted-media/clearKey/clearKey-message-cenc-event-expected.txt: Added.
  • media/encrypted-media/clearKey/clearKey-message-cenc-event-mse-expected.txt: Added.
  • media/encrypted-media/clearKey/clearKey-message-cenc-event-mse.html: Added.

Test with MSE playback.

  • media/encrypted-media/clearKey/clearKey-message-cenc-event.html: Added.

Test with regular playback.

  • media/encrypted-media/clearKey/encrypted-media-clearKey-handler.js: Added.

This JavaScript file provides a simple clearKey EME implementation, checks the EME support, handles the "encrypted", "message" and
"keystatuseschange" events, and updates the CDM session with the right keys.
This implementation allows to play an encrypted media (video or audio or both), it is used in this test by overloading the "onMessage" callback
by an other function that checks the 'message' event and stops the test.

  • media/encrypted-media/medias-enc.js:

I take this opportunity to introduce some fixes:
Rename "mimetype" field to "mimeType", this field is only used in "clearKey-encrypted-cenc-event-mse.html",
thus it is easy to change it now.
Change the KeyID of the encrypted video with the right value, it is used for first time in this test.

  • media/media-source/media-source-loader-simple.js:

Use "mimeType" instead of "mimetype" as it is modified in "medias-enc.js".

  • platform/gtk/TestExpectations:
  • platform/mac/TestExpectations:
  • platform/wpe/TestExpectations:
8:45 AM WebKitGTK/2.18.x edited by Michael Catanzaro
(diff)
8:44 AM Changeset in webkit [226638] by commit-queue@webkit.org
  • 5 edits in trunk

Check Image::m_image is not null in ImageLoader::decode()
https://bugs.webkit.org/show_bug.cgi?id=180386
<rdar://problem/34634483>

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2018-01-09
Reviewed by Tim Horton.

Source/WebCore:

Ensure ImageLoader::m_image is not null before referencing it.

  • loader/ImageLoader.cpp:

(WebCore::ImageLoader::decode):

LayoutTests:

Add a new rejected case for decoding an image with an invalid URL.

  • fast/images/decode-static-image-reject-expected.txt:
  • fast/images/decode-static-image-reject.html:
8:44 AM WebKitGTK/2.18.x edited by Michael Catanzaro
(diff)
8:30 AM Changeset in webkit [226637] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.19.5

WebKitGTK+ 2.19.5

8:29 AM Changeset in webkit [226636] by Carlos Garcia Campos
  • 4 edits in trunk

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.19.5 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit:

  • gtk/NEWS: Add release notes for 2.19.5.
8:23 AM Changeset in webkit [226635] by Yusuke Suzuki
  • 2 edits in trunk/Source/WebCore

[FreeType] Use FastMalloc for FreeType
https://bugs.webkit.org/show_bug.cgi?id=181387

Reviewed by Michael Catanzaro.

Add custom memory allocator for FreeType to use FastMalloc.

  • platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:

(WebCore::initializeFreeTypeLibrary):
(WebCore::createFontCustomPlatformData):

8:15 AM Changeset in webkit [226634] by Alan Bujtas
  • 8 edits in trunk/Source/WebCore

[RenderTreeBuilder] Move RenderTable* addChild mutation logic to RenderTreeBuilder
https://bugs.webkit.org/show_bug.cgi?id=181424
<rdar://problem/36368628>

Reviewed by Antti Koivisto.

This is about moving code, no cleanup and/or normalization (unfortunately it also means
some temporary changes).

Covered by existing tests.

  • rendering/RenderTable.cpp:

(WebCore::RenderTable::addChild):

  • rendering/RenderTableRow.cpp:

(WebCore::RenderTableRow::addChild):

  • rendering/RenderTableSection.cpp:

(WebCore::RenderTableSection::addChild):

  • rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::insertChildToRenderTable):
(WebCore::RenderTreeBuilder::insertChildToRenderTableSection):
(WebCore::RenderTreeBuilder::insertChildToRenderTableRow):

  • rendering/updating/RenderTreeBuilder.h:
  • rendering/updating/RenderTreeBuilderTable.cpp:

(WebCore::RenderTreeBuilder::Table::insertChild):

  • rendering/updating/RenderTreeBuilderTable.h:
7:53 AM Changeset in webkit [226633] by Carlos Garcia Campos
  • 3 edits in trunk/Source/WebKit

[GTK] Missing symbols exported in 2.19.4
https://bugs.webkit.org/show_bug.cgi?id=181433

Reviewed by Michael Catanzaro.

Add missing WEBKIT_API to webkit_dom_dom_window_webkit_message_handlers_post_message().

  • WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindow.h:
  • webkitglib-symbols.map: Remove webkit_media_player_debug from local.
7:22 AM Changeset in webkit [226632] by Alan Bujtas
  • 7 edits in trunk/Source/WebCore

[RenderTreeBuilder] Transition Render*::addChild() calls to RenderTreeBuilder::insertChildToRender*()
https://bugs.webkit.org/show_bug.cgi?id=181407
<rdar://problem/36361176>

Reviewed by Antti Koivisto.

Eventually all mutation will be going through the RenderTreeBuilder.

No change in functionality.

  • rendering/RenderGrid.cpp:

(WebCore::RenderGrid::addChild):

  • rendering/RenderMultiColumnFlow.cpp:

(WebCore::RenderMultiColumnFlow::processPossibleSpannerDescendant):

  • rendering/RenderRubyRun.cpp:

(WebCore::RenderRubyRun::rubyBaseSafe):

  • rendering/updating/RenderTreeBuilderBlockFlow.cpp:

(WebCore::RenderTreeBuilder::BlockFlow::insertChild):

  • rendering/updating/RenderTreeBuilderMultiColumn.cpp:

(WebCore::RenderTreeBuilder::MultiColumn::createFragmentedFlow):

  • rendering/updating/RenderTreeBuilderRuby.cpp:

(WebCore::RenderTreeBuilder::Ruby::findOrCreateParentForChild):

7:05 AM Changeset in webkit [226631] by commit-queue@webkit.org
  • 2 edits in trunk/LayoutTests

Mark imported/w3c/web-platform-tests/viewport/viewport-resize-event-on-load-overflowing-page.html as flaky
https://bugs.webkit.org/show_bug.cgi?id=181436

Patch by Ali Juma <ajuma@chromium.org> on 2018-01-09
Reviewed by Frédéric Wang.

Test gardening.

Mark test that seems to have timing issues as flaky.

6:43 AM Changeset in webkit [226630] by Philippe Normand
  • 2 edits in trunk/Source/WebCore

[GStreamer] Ensure SleepDisabler is not held by pages in page cache
https://bugs.webkit.org/show_bug.cgi?id=180197

Reviewed by Eric Carlson.

The sleep disabler is now checked again whenever the media player
playback state or other characteristic has changed in the media
engine.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaPlayerPlaybackStateChanged):
Check if the sleep disabler state needs to be updated or not.
(WebCore::HTMLMediaElement::mediaPlayerCharacteristicChanged): Ditto.
(WebCore::HTMLMediaElement::shouldDisableSleep const): Enable
sleep disabler for GTK and WPE ports.

5:59 AM Changeset in webkit [226629] by Philippe Normand
  • 3 edits in trunk/Source/WebCore

[GStreamer] Missing notifications to player client
https://bugs.webkit.org/show_bug.cgi?id=181432

Reviewed by Carlos Garcia Campos.

We now properly emit playback state changes and characteristic
updates to the client when the pipeline state changes and when
audio/video tracks changes are detected.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::playbackPosition const):
This debug message appears too often in logs. Demote.
(WebCore::MediaPlayerPrivateGStreamer::durationMediaTime const): Ditto.
(WebCore::MediaPlayerPrivateGStreamer::notifyPlayerOfVideo): Emit
charasteristicChanged notification.
(WebCore::MediaPlayerPrivateGStreamer::notifyPlayerOfAudio): Ditto.
(WebCore::MediaPlayerPrivateGStreamer::updateStates): Keep track
of old and current pipeline state.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
5:57 AM Changeset in webkit [226628] by commit-queue@webkit.org
  • 24 edits in trunk

Add CSP support to service workers
https://bugs.webkit.org/show_bug.cgi?id=181385

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-09
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

  • web-platform-tests/service-workers/service-worker/service-worker-csp-connect.https-expected.txt:
  • web-platform-tests/service-workers/service-worker/service-worker-csp-default.https-expected.txt:
  • web-platform-tests/service-workers/service-worker/service-worker-csp-script.https-expected.txt:

Source/WebCore:

Covered by rebased tests.

Added recovery of CSP information from WorkerScriptLoader.
Added plumbing to pass the CSP information to Service Workers.
Did not add persistency support for the CSP information as this requires changing the SQL database schema.
This will be done in a follow-up.

  • workers/WorkerScriptLoader.cpp:

(WebCore::WorkerScriptLoader::loadAsynchronously):
(WebCore::WorkerScriptLoader::didReceiveResponse):

  • workers/WorkerScriptLoader.h:

(WebCore::WorkerScriptLoader::contentSecurityPolicy const):

  • workers/service/SWClientConnection.cpp:

(WebCore::SWClientConnection::finishedFetchingScript):
(WebCore::SWClientConnection::failedFetchingScript):

  • workers/service/SWClientConnection.h:
  • workers/service/ServiceWorkerContainer.cpp:

(WebCore::ServiceWorkerContainer::addRegistration):
(WebCore::ServiceWorkerContainer::jobFailedWithException):
(WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
(WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):

  • workers/service/ServiceWorkerContainer.h:
  • workers/service/ServiceWorkerContextData.cpp:

(WebCore::ServiceWorkerContextData::isolatedCopy const):

  • workers/service/ServiceWorkerContextData.h:

(WebCore::ServiceWorkerContextData::encode const):
(WebCore::ServiceWorkerContextData::decode):

  • workers/service/ServiceWorkerFetchResult.h:

(WebCore::ServiceWorkerFetchResult::encode const):
(WebCore::ServiceWorkerFetchResult::decode):

  • workers/service/ServiceWorkerGlobalScope.cpp:

(WebCore::ServiceWorkerGlobalScope::create):

  • workers/service/ServiceWorkerGlobalScope.h:
  • workers/service/ServiceWorkerJob.cpp:

(WebCore::ServiceWorkerJob::notifyFinished):

  • workers/service/ServiceWorkerJobClient.h:
  • workers/service/context/ServiceWorkerThread.cpp:

(WebCore::ServiceWorkerThread::ServiceWorkerThread):
(WebCore::ServiceWorkerThread::createWorkerGlobalScope):

  • workers/service/server/RegistrationDatabase.cpp:

(WebCore::v1RecordsTableSchema):
(WebCore::RegistrationDatabase::importRecords):

  • workers/service/server/SWServer.cpp:

(WebCore::SWServer::updateWorker):
(WebCore::SWServer::installContextData):

  • workers/service/server/SWServer.h:
  • workers/service/server/SWServerJobQueue.cpp:

(WebCore::SWServerJobQueue::scriptFetchFinished):

  • workers/service/server/SWServerWorker.cpp:

(WebCore::SWServerWorker::SWServerWorker):
(WebCore::m_contentSecurityPolicy):
(WebCore::SWServerWorker::contextData const):

  • workers/service/server/SWServerWorker.h:
5:11 AM Changeset in webkit [226627] by commit-queue@webkit.org
  • 3 edits in trunk/Source/WebCore

Provide a method to obtain a CSS value from a RenderStyle by CSSPropertyID
https://bugs.webkit.org/show_bug.cgi?id=181429

Patch by Antoine Quint <Antoine Quint> on 2018-01-09
Reviewed by Antti Koivisto.

The KeyframeEffect.getKeyframes() method from Web Animations requires that we return all styles applied at a given
animation effect keyframe. When we parse keyframes, we create RenderStyle objects that are stored in a KeyframeList,
as well as a list of CSSPropertyIDs that are animated. In order to provide the list of animated properties and their
values when calling getKeyframes(), we need to be able to read back from the RenderStyle we create. As a first step
towards this goal, we factor some code in ComputedStyleExtractor::propertyValue() out into a new method
ComputedStyleExtractor::valueForPropertyinStyle() which takes in an explicit RenderStyle.

No test as this is simply refactoring that doesn't change or add behavior.

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::propertyValue):
(WebCore::ComputedStyleExtractor::valueForPropertyinStyle):

  • css/CSSComputedStyleDeclaration.h:
4:48 AM Changeset in webkit [226626] by commit-queue@webkit.org
  • 12 edits in trunk/Source

SWClientConnection should not keep references to service worker jobs
https://bugs.webkit.org/show_bug.cgi?id=181381

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-09
Reviewed by Chris Dumez.

Source/WebCore:

Difficult to test determiniscally but corresponding crash log should no longer happen in debug builds.

Stopped passing ServiceWorkerJob references from ServiceWorkerContainer (potentially in service worker thread) to SWClientConnection (main thread).
Instead pass job identifiers and related data to the main thread.

Minor refactoring to use ServiceWorkerJobIdentifier instead of ServiceWorkerJobDataIdentifier which contains more data than needed.

  • workers/service/SWClientConnection.cpp:

(WebCore::SWClientConnection::scheduleJob):
(WebCore::SWClientConnection::failedFetchingScript):
(WebCore::SWClientConnection::postTaskForJob):
(WebCore::SWClientConnection::jobRejectedInServer):
(WebCore::SWClientConnection::registrationJobResolvedInServer):
(WebCore::SWClientConnection::unregistrationJobResolvedInServer):
(WebCore::SWClientConnection::startScriptFetchForServer):
(WebCore::SWClientConnection::clearPendingJobs):
(WebCore::SWClientConnection::finishedFetchingScript): Deleted.

  • workers/service/SWClientConnection.h:
  • workers/service/ServiceWorkerContainer.cpp:

(WebCore::ServiceWorkerContainer::scheduleJob):
(WebCore::ServiceWorkerContainer::startScriptFetchForJob):
(WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
(WebCore::ServiceWorkerContainer::jobFailedLoadingScript):

  • workers/service/ServiceWorkerContainer.h:
  • workers/service/server/SWServer.cpp:

(WebCore::SWServer::rejectJob):
(WebCore::SWServer::resolveRegistrationJob):
(WebCore::SWServer::resolveUnregistrationJob):
(WebCore::SWServer::startScriptFetch):

  • workers/service/server/SWServer.h:

Source/WebKit:

Updated IPC handling based on WebCore refactoring.

  • Scripts/webkit/messages.py:

(forward_declarations_and_headers):
(headers_for_type):

  • StorageProcess/ServiceWorker/WebSWServerConnection.cpp:

(WebKit::WebSWServerConnection::rejectJobInClient):
(WebKit::WebSWServerConnection::resolveRegistrationJobInClient):
(WebKit::WebSWServerConnection::resolveUnregistrationJobInClient):
(WebKit::WebSWServerConnection::startScriptFetchInClient):

  • StorageProcess/ServiceWorker/WebSWServerConnection.h:
  • WebProcess/Storage/WebSWClientConnection.messages.in:
3:56 AM Changeset in webkit [226625] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.19.4

WebKitGTK+ 2.19.4

3:55 AM Changeset in webkit [226624] by Carlos Garcia Campos
  • 4 edits in trunk

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.19.4 release.

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit:

  • gtk/NEWS: Add release notes for 2.19.4.
2:57 AM Changeset in webkit [226623] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebCore

REGRESSION(r224460): Text fields sometimes get "messed up"
https://bugs.webkit.org/show_bug.cgi?id=181115

Reviewed by Zalan Bujtas.

Add the scroll position to paint offset before computing the clip rectangle. Before r224460, scroll position was
substracted after the clip rectangle was computed.

  • rendering/LayoutState.cpp:

(WebCore::LayoutState::computeClipRect):

2:53 AM Changeset in webkit [226622] by commit-queue@webkit.org
  • 16 edits
    6 adds in trunk

Implement VisualViewport API events
https://bugs.webkit.org/show_bug.cgi?id=179386

Patch by Ali Juma <ajuma@chromium.org> on 2018-01-09
Reviewed by Frédéric Wang.

LayoutTests/imported/w3c:

Update expectation for a viewport WPT that now passes.

  • web-platform-tests/viewport/viewport-resize-event-on-load-overflowing-page-expected.txt:

Source/WebCore:

Implement the events (resize and scroll) defined by the Visual Viewport API
(https://wicg.github.io/visual-viewport/#events).

This is behind the VisualViewportAPI experimental feature flag.

In order to detect when events need to be fired, change the computation of
Visual Viewport attributes to happen whenever the layout viewport is updated
rather than only on-demand.

Tests: fast/visual-viewport/resize-event-fired-window-resized.html

fast/visual-viewport/resize-event-fired.html
fast/visual-viewport/scroll-event-fired.html

  • dom/Document.cpp:

(WebCore::Document::addListenerTypeIfNeeded):
Add support for tracking resize event listeners.

  • dom/Document.h:
  • dom/DocumentEventQueue.cpp:

(WebCore::DocumentEventQueue::enqueueOrDispatchScrollEvent):
(WebCore::DocumentEventQueue::enqueueScrollEvent):
Factored out of enqueueOrDispatchScrollEvent so that this logic can be reused
for Visual Viewport scroll events.
(WebCore::DocumentEventQueue::enqueueResizeEvent):
(WebCore::DocumentEventQueue::pendingEventTimerFired):

  • dom/DocumentEventQueue.h:
  • page/FrameView.cpp:

(WebCore::FrameView::updateLayoutViewport):

  • page/VisualViewport.cpp:

(WebCore::VisualViewport::addEventListener):
(WebCore::layoutIfNonNull):
(WebCore::VisualViewport::offsetLeft const):
Remove attribute computation logic since this now happens during update().
(WebCore::VisualViewport::offsetTop const): Ditto.
(WebCore::VisualViewport::pageLeft const): Ditto.
(WebCore::VisualViewport::pageTop const): Ditto.
(WebCore::VisualViewport::width const): Ditto.
(WebCore::VisualViewport::height const): Ditto.
(WebCore::VisualViewport::scale const):
(WebCore::VisualViewport::update):
Added. Computes all of the Visual Viewport attributes and determines
whether events need to be fired.
(WebCore::VisualViewport::enqueueResizeEvent):
(WebCore::VisualViewport::enqueueScrollEvent):
(WebCore::getFrameViewAndLayoutIfNonNull): Deleted.

  • page/VisualViewport.h:

Source/WebKit:

Change the default value of the VisualViewportAPI experimental feature flag to
DEFAULT_EXPERIMENTAL_FEATURES_ENABLED. This patch completes the implementation
of this feature as specified by https://wicg.github.io/visual-viewport/, so this
feature is now ready for wider testing.

  • Shared/WebPreferences.yaml:

LayoutTests:

Add tests for Visual Viewport API events. Test that a resize event is fired after
pinch zoom and after window resize, and test that a scroll event is fired when the
visual viewport is scrolled.

  • fast/visual-viewport/resize-event-fired-expected.txt: Added.
  • fast/visual-viewport/resize-event-fired-window-resized-expected.txt: Added.
  • fast/visual-viewport/resize-event-fired-window-resized.html: Added.
  • fast/visual-viewport/resize-event-fired.html: Added.
  • fast/visual-viewport/scroll-event-fired-expected.txt: Added.
  • fast/visual-viewport/scroll-event-fired.html: Added.
  • platform/gtk/TestExpectations:

Skipped tests that use UIScriptController::zoomToScale, since this isn't implemented on GTK.

  • platform/ios/TestExpectations:

Skipped test that resizes a window, since this isn't supported on iOS.

  • platform/win/TestExpectations:

Skipped tests that use UIScriptController::zoomToScale, since this isn't implemented on Windows.

2:02 AM Changeset in webkit [226621] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

[EME] Add the CENC initData support in ClearKey CDM
https://bugs.webkit.org/show_bug.cgi?id=180081

Patch by Yacine Bandou <yacine.bandou_ext@softathome.com> on 2018-01-09
Reviewed by Xabier Rodriguez-Calvar.

Add the "cenc" initDataType support in ClearKey CDM.
Parse the CENC initData and extract the KIDs by following the W3C spec
https://www.w3.org/TR/eme-initdata-cenc/#common-system

Tests: media/encrypted-media/clearKey/clearKey-message-cenc-event.html

media/encrypted-media/clearKey/clearKey-message-cenc-event-mse.html

  • platform/encryptedmedia/clearkey/CDMClearKey.cpp:

(WebCore::extractKeyidsLocationFromCencInitData):
(WebCore::isCencInitData):
(WebCore::extractKeyidsFromCencInitData):
(WebCore::CDMPrivateClearKey::supportsInitDataType const):
(WebCore::CDMPrivateClearKey::supportsInitData const):
(WebCore::CDMInstanceClearKey::requestLicense):

1:52 AM Changeset in webkit [226620] by zandobersek@gmail.com
  • 5 edits in trunk/Source/WebCore

[Cairo] Pass state values directly to Cairo operations
https://bugs.webkit.org/show_bug.cgi?id=181389

Reviewed by Carlos Garcia Campos.

Instead of passing reference to the GraphicsContextState object to
various Cairo operations, only pass the required state values. This
makes it explicit what state values are used in these operations, at the
expense of some long parameter lists, but this will be better addressed
by future refactoring of this code into more concise functions.

No new tests -- no change in functionality.

  • platform/graphics/cairo/CairoOperations.cpp:

(WebCore::Cairo::drawGlyphsShadow):
(WebCore::Cairo::dashedLineCornerWidthForStrokeWidth):
(WebCore::Cairo::dashedLinePatternWidthForStrokeWidth):
(WebCore::Cairo::drawGlyphs):
(WebCore::Cairo::drawRect):
(WebCore::Cairo::drawLine):
(WebCore::Cairo::drawEllipse):

  • platform/graphics/cairo/CairoOperations.h:
  • platform/graphics/cairo/FontCairo.cpp:

(WebCore::FontCascade::drawGlyphs):

  • platform/graphics/cairo/GraphicsContextCairo.cpp:

(WebCore::GraphicsContext::drawRect):
(WebCore::GraphicsContext::drawLine):
(WebCore::GraphicsContext::drawEllipse):

1:29 AM Changeset in webkit [226619] by commit-queue@webkit.org
  • 2 edits in trunk/Tools

[Win] Remove workaround for Bug 176442 after stopping MSVC 2015 support
https://bugs.webkit.org/show_bug.cgi?id=176443

Patch by Yoshiaki Jitsukawa <Yoshiaki.Jitsukawa@sony.com> on 2018-01-09
Reviewed by Darin Adler.

  • TestWebKitAPI/Tests/WTF/PriorityQueue.cpp:

(TEST):

1:05 AM Changeset in webkit [226618] by fred.wang@free.fr
  • 3 edits in trunk/Tools

check-webkit-style: Verify syntax for WK_API_AVAILABLE
https://bugs.webkit.org/show_bug.cgi?id=181394

Patch by Frederic Wang <fwang@igalia.com.fr> on 2018-01-09
Reviewed by Darin Adler.

A common syntax error for WK_API_AVAILABLE is to write ios(WK_MAC_TBA)
as the second parameter instead of ios(WK_IOS_TBA). This generally
builds for iOS on EWS but not when using the public SDK. See r224057,
r223207 and r226211 for example. This patch adds a basic style check
for that macro to prevent this kind of mistake.

  • Scripts/webkitpy/style/checkers/cpp.py:

(check_min_versions_of_wk_api_available): New function to verify the parameters of WX_API_AVAILABLE.
(check_style): Run new style check.
(CppChecker): Add build type for the new style check.

  • Scripts/webkitpy/style/checkers/cpp_unittest.py:

(WebKitStyleTest.test_min_versions_of_wk_api_available): Add tests for the new style check.

12:34 AM Changeset in webkit [226617] by rniwa@webkit.org
  • 5 edits
    2 adds in trunk

Release assert in addResourceTiming when a cache resource is requested during style recalc
https://bugs.webkit.org/show_bug.cgi?id=181137
<rdar://problem/35666574>

Reviewed by Simon Fraser.

Source/WebCore:

Make the dispatching of resourcetimingbufferfull event asynchronous to avoid dispatching it
synchronously during a style resolution when CachedResourceLoader::requestImage requests
a previously loaded image.

We now schedule a timer when the resource timing buffer becomes full, and dispatch the event
when the timer fires. Meanwhile, we have a backup buffer to which additional resource timing
entries would be added. Once the event is dispatched, we refill the buffer exposed to author
scripts. When refilling the buffer results in it becoming full again, we keep repeating the
process of firing resourcetimingbufferfull and re-filling the buffer until either we stop
making progress (i.e. the script didn't increase the number of empty entires in the buffer)
or the backup buffer (at the time we started this process) becomes empty.

Also fixed a bug that we were firing resourcetimingbufferfull event when the last entry that
fits within the buffer size was added instead of when an entry is being added to an already
full buffer. To make this work, the patch introduces m_resourceTimingBufferFullFlag,
representing the concept "resource timing buffer full" flag in the resource timing specification.

Test: http/tests/performance/performance-resource-timing-resourcetimingbufferfull-crash.html

  • page/Performance.cpp:

(WebCore::Performance::Performance):
(WebCore::Performance::clearResourceTimings):
(WebCore::Performance::setResourceTimingBufferSize):
(WebCore::Performance::addResourceTiming):
(WebCore::Performance::resourceTimingBufferFullTimerFired):

  • page/Performance.h:

LayoutTests:

Added a regression test for the crash.

Also fixed test cases in rt-performance-extensions.js which were incorrectly asserting and assuming that
resourcetimingbufferfull event will be fired when there are exactly the same number of entries as the buffer size.

  • http/tests/performance/performance-resource-timing-resourcetimingbufferfull -crash-expected.txt: Added.
  • http/tests/performance/performance-resource-timing-resourcetimingbufferfull-crash.html: Added.
  • http/wpt/resource-timing/rt-performance-extensions.js: Fixed the test cases.

Jan 8, 2018:

11:17 PM Changeset in webkit [226616] by zandobersek@gmail.com
  • 2 edits in trunk/Source/JavaScriptCore

REGRESSION(r225913): about 30 JSC test failures on ARMv7
https://bugs.webkit.org/show_bug.cgi?id=181162
<rdar://problem/36261349>

Unreviewed follow-up to r226298. Enable the fast case in
DFG::SpeculativeJIT::compileArraySlice() for any 64-bit platform,
assuming in good faith that enough GP registers are available on any
such configuration. The accompanying comment is adjusted to describe
this assumption.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArraySlice):

11:10 PM Changeset in webkit [226615] by jfbastien@apple.com
  • 15 edits in trunk

WebAssembly: mask indexed accesses to Table
https://bugs.webkit.org/show_bug.cgi?id=181412
<rdar://problem/36363236>

Reviewed by Saam Barati.

JSTests:

Update error messages.

  • wasm/js-api/table.js:

(assert.throws.WebAssembly.Table.prototype.grow):

Source/JavaScriptCore:

WebAssembly Table indexed accesses are user-controlled and
bounds-checked. Force allocations of Table data to be a
power-of-two, and explicitly mask accesses after bounds-check
branches.

Rename misleading usage of "size" when "length" of a Table was
intended.

Rename the Spectre option from "disable" to "enable".

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::SpeculativeJIT):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::LowerDFGToB3):

  • jit/JIT.cpp:

(JSC::JIT::JIT):

  • runtime/Options.h:
  • wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer):
(JSC::Wasm::B3IRGenerator::addCallIndirect):

  • wasm/WasmTable.cpp:

(JSC::Wasm::Table::allocatedLength):
(JSC::Wasm::Table::setLength):
(JSC::Wasm::Table::create):
(JSC::Wasm::Table::Table):
(JSC::Wasm::Table::grow):
(JSC::Wasm::Table::clearFunction):
(JSC::Wasm::Table::setFunction):

  • wasm/WasmTable.h:

(JSC::Wasm::Table::length const):
(JSC::Wasm::Table::offsetOfLength):
(JSC::Wasm::Table::offsetOfMask):
(JSC::Wasm::Table::mask const):
(JSC::Wasm::Table::isValidLength):

  • wasm/js/JSWebAssemblyInstance.cpp:

(JSC::JSWebAssemblyInstance::create):

  • wasm/js/JSWebAssemblyTable.cpp:

(JSC::JSWebAssemblyTable::JSWebAssemblyTable):
(JSC::JSWebAssemblyTable::visitChildren):
(JSC::JSWebAssemblyTable::grow):
(JSC::JSWebAssemblyTable::getFunction):
(JSC::JSWebAssemblyTable::clearFunction):
(JSC::JSWebAssemblyTable::setFunction):

  • wasm/js/JSWebAssemblyTable.h:

(JSC::JSWebAssemblyTable::isValidLength):
(JSC::JSWebAssemblyTable::length const):
(JSC::JSWebAssemblyTable::allocatedLength const):

  • wasm/js/WebAssemblyModuleRecord.cpp:

(JSC::WebAssemblyModuleRecord::evaluate):

  • wasm/js/WebAssemblyTablePrototype.cpp:

(JSC::webAssemblyTableProtoFuncLength):
(JSC::webAssemblyTableProtoFuncGrow):
(JSC::webAssemblyTableProtoFuncGet):
(JSC::webAssemblyTableProtoFuncSet):

10:41 PM Changeset in webkit [226614] by commit-queue@webkit.org
  • 9 edits
    3 adds
    6 deletes in trunk

::first-letter incorrectly selects grapheme pairs
https://bugs.webkit.org/show_bug.cgi?id=181315

Patch by Chris Nardi <csnardi1@gmail.com> on 2018-01-08
Reviewed by Darin Adler.

LayoutTests/imported/w3c:

Updated css-pseudo-4 to latest WPT revision and added first-letter-004.html.

  • web-platform-tests/css/css-pseudo-4/first-letter-004-expected.html: Added.
  • web-platform-tests/css/css-pseudo-4/first-letter-004.html: Added.
  • web-platform-tests/css/css-pseudo-4/marker-color-expected.html:
  • web-platform-tests/css/css-pseudo-4/marker-color.html:
  • web-platform-tests/css/css-pseudo-4/marker-font-properties.html:
  • web-platform-tests/css/css-pseudo-4/w3c-import.log:

Source/WebCore:

Grapheme pairs were incorrectly selected by ::first-letter. This
change fixes their selection.

Tests: Updated fast/css/first-letter-punctuation.html and imported
LayoutTests/imported/w3c/web-platform-tests/css/css-pseudo-4/first-letter-004.html

  • rendering/updating/RenderTreeBuilderFirstLetter.cpp:

(WebCore::isPunctuationForFirstLetter):
(WebCore::shouldSkipForFirstLetter):
(WebCore::RenderTreeBuilder::FirstLetter::createRenderers):

LayoutTests:

  • fast/css/first-letter-punctuation-expected.html: Added.
  • fast/css/first-letter-punctuation.html:
  • platform/gtk/fast/css/first-letter-punctuation-expected.png: Removed.
  • platform/gtk/fast/css/first-letter-punctuation-expected.txt: Removed.
  • platform/ios/fast/css/first-letter-punctuation-expected.txt: Removed.
  • platform/mac/fast/css/first-letter-punctuation-expected.png: Removed.
  • platform/mac/fast/css/first-letter-punctuation-expected.txt: Removed.
  • platform/win/fast/css/first-letter-punctuation-expected.txt: Removed.
10:19 PM Changeset in webkit [226613] by Darin Adler
  • 13 edits
    2 adds
    1 delete in trunk

Special list-item counter starts from an incorrect number for ::before and ::after
https://bugs.webkit.org/show_bug.cgi?id=181084

Reviewed by Zalan Bujtas.

Source/WebCore:

Test: fast/css/counters/counter-list-item.html

  • Sources.txt: Removed CounterDirectives.cpp.
  • WebCore.xcodeproj/project.pbxproj: Ditto.
  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::counterToCSSValue): Updated for changes to the CounterDirectives struct.

  • css/StyleBuilderCustom.h:

(WebCore::StyleBuilderCustom::applyInheritCounter): Ditto.
(WebCore::StyleBuilderCustom::applyValueCounter): Ditto.

  • html/HTMLLIElement.cpp:

(WebCore::HTMLLIElement::parseValue): Call setExplicitValue(std::nullopt) instead
of clearExplicitValue since we are using std::optional now.

  • rendering/RenderCounter.cpp:

(WebCore::listItemCounterDirectives): Added. Computes the counter directives that
express the effects on the list-item counter from list item and list elements.
Used something as close to what the CSS 3 draft says as possible. This uses a
negative increment when creating a list to counteract the positive increment done
by a list element, except in the case of an unordered list. This is where the bug
fix actually lies. Also fixed handling of reversed ordered lists at the same time.
(WebCore::planCounter): Refactored to use the function above. Also changed the
code to pay attention to both the counter directives and the implicit ones from
list item and list elements, getting as close as possible to what the specification
seems to call for.

  • rendering/RenderListItem.cpp:

(WebCore::RenderListItem::RenderListItem): Since we are using std::optional and no
longer using bit fields, simplified the constructor for each list item.
(WebCore::RenderListItem::calcValue const): Deleted.
(WebCore::RenderListItem::updateValueNow const): Merged in all the code from the
old calcValue function, but it is also simpler now since m_value is std::optional.
(WebCore::RenderListItem::updateValue): Updated to use std::optional.
(WebCore::RenderListItem::setExplicitValue): Ditto.
(WebCore::RenderListItem::clearExplicitValue): Deleted.
(WebCore::RenderListItem::updateListMarkerNumbers): Updated to use std::optional.
(WebCore::RenderListItem::isInReversedOrderedList const): Added. This is used by
the counter code so it can decrement instead of incrementing.

  • rendering/RenderListItem.h: Updated to use std::optional. Also marked functions

final instead of override and initialized m_notInList after making it not be a
bitfield any more.

  • rendering/style/CounterDirectives.cpp: Removed.
  • rendering/style/CounterDirectives.h: Removed most of the CounterDirectives

class and replaced it with a struct with two std::optional. Added an addClamped
function so the counter code can share it with the addIncrementValue function.
If we want to make a faster version that doesn't use double, we can come back
and do that. Also moved the == function to the header since the implementation
is so trivial.

  • rendering/style/StyleAllInOne.cpp: Removed CounterDirectives.cpp.
  • rendering/style/StyleRareNonInheritedData.cpp:

(WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData): Updated to
use std::make_unique directly instead of using a clone function.

LayoutTests:

  • fast/css/counters/counter-list-item-expected.html: Added.
  • fast/css/counters/counter-list-item.html: Added.
8:08 PM Changeset in webkit [226612] by wenson_hsieh@apple.com
  • 4 edits in trunk

[Attachment Support] Expose HTMLAttachmentElement.uniqueIdentifier to bindings
https://bugs.webkit.org/show_bug.cgi?id=181420
<rdar://problem/36365827>

Reviewed by Alex Christensen.

Source/WebCore:

Add a new IDL definition for uniqueIdentifier on HTMLAttachmentElement. This allows clients to relate attachment
elements in the DOM to _WKAttachments delivered via Objective-C SPI.

Adjusted existing tests in WKAttachmentTests.

  • html/HTMLAttachmentElement.idl:

Tools:

Adjusts some existing API tests to verify that attachment elements' uniqueIdentifiers match the uniqueIdentifier
of corresponding _WKAttachments.

  • TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:

(TestWebKitAPI::TEST):

7:52 PM Changeset in webkit [226611] by jmarcell@apple.com
  • 7 edits in trunk/Source

Versioning.

7:27 PM Changeset in webkit [226610] by achristensen@apple.com
  • 6 edits in trunk

Add WKNavigationDelegate SPI exposing WebProcess crash reason
https://bugs.webkit.org/show_bug.cgi?id=181410
<rdar://problem/36167199>

Reviewed by Wenson Hsieh.

Source/WebKit:

We exposed it in the C SPI.

  • UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
  • UIProcess/Cocoa/NavigationState.h:
  • UIProcess/Cocoa/NavigationState.mm:

(WebKit::NavigationState::setNavigationDelegate):
(WebKit::toWKProcessTerminationReason):
(WebKit::NavigationState::NavigationClient::processDidTerminate):

Tools:

  • TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm:

(-[CrashReasonDelegate _webView:webContentProcessDidTerminateWithReason:]):
(TEST):

7:26 PM Changeset in webkit [226609] by achristensen@apple.com
  • 8 edits in trunk/Source/WebKit

Make ObjC SPI equivalent to WKPageNavigationClient.decidePolicyForPluginLoad
https://bugs.webkit.org/show_bug.cgi?id=181413
<rdar://problem/36169005>

Reviewed by Wenson Hsieh.

  • UIProcess/API/APINavigationClient.h:

(API::NavigationClient::decidePolicyForPluginLoad):

  • UIProcess/API/C/WKPage.cpp:

(WKPageSetPageNavigationClient):

  • UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
  • UIProcess/Cocoa/NavigationState.h:
  • UIProcess/Cocoa/NavigationState.mm:

(WebKit::NavigationState::setNavigationDelegate):
(WebKit::toPluginModuleLoadPolicy):
(WebKit::toWKPluginModuleLoadPolicy):
(WebKit::NavigationState::NavigationClient::decidePolicyForPluginLoad):

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::findPlugin):

7:08 PM Changeset in webkit [226608] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebKit

iOS build fix attempt after r226602.

  • UIProcess/API/C/WKContextMenuListener.cpp:

(WKContextMenuListenerUseContextMenuItems):

6:56 PM Changeset in webkit [226607] by achristensen@apple.com
  • 6 edits
    1 add in trunk

Add SPI for WKOpenPanelParameters._acceptedMIMETypes and _acceptedFileExtensions
https://bugs.webkit.org/show_bug.cgi?id=181408
<rdar://problem/35884960>

Reviewed by Tim Horton.

Source/WebKit:

  • UIProcess/API/Cocoa/WKOpenPanelParameters.mm:

(-[WKOpenPanelParameters _acceptedMIMETypes]):
(-[WKOpenPanelParameters _acceptedFileExtensions]):

  • UIProcess/API/Cocoa/WKOpenPanelParametersInternal.h:
  • UIProcess/API/Cocoa/WKOpenPanelParametersPrivate.h: Added.
  • WebKit.xcodeproj/project.pbxproj:

Tools:

  • TestWebKitAPI/Tests/WebKitCocoa/RunOpenPanel.mm:

(-[RunOpenPanelUIDelegate webView:runOpenPanelWithParameters:initiatedByFrame:completionHandler:]):

6:16 PM Changeset in webkit [226606] by don.olmstead@sony.com
  • 2 edits in trunk/Source/WebCore

AccessibilityARIAGrid does not compile when accessibility is disabled
https://bugs.webkit.org/show_bug.cgi?id=181418
<rdar://problem/36365398>

Reviewed by Chris Fleizach.

No new tests. No change in behavior.

  • accessibility/AccessibilityARIAGrid.cpp:
6:07 PM Changeset in webkit [226605] by commit-queue@webkit.org
  • 30 edits in trunk

Unreviewed, rolling out r226532 and r226540.
https://bugs.webkit.org/show_bug.cgi?id=181422

jessie says basic browsing does not seem to work (Requested by
alexchristensen on #webkit).

Reverted changesets:

"Add CSP support to service workers"
https://bugs.webkit.org/show_bug.cgi?id=181385
https://trac.webkit.org/changeset/226532

"SWClientConnection should not keep references to service
worker jobs"
https://bugs.webkit.org/show_bug.cgi?id=181381
https://trac.webkit.org/changeset/226540

6:05 PM Changeset in webkit [226604] by wenson_hsieh@apple.com
  • 21 edits in trunk

[Attachment Support] Expose file name and content type of WKAttachment
https://bugs.webkit.org/show_bug.cgi?id=181390
<rdar://problem/36336837>

Reviewed by Tim Horton.

Source/WebCore:

Add new structs in AttachmentTypes.h and refactor HTMLAttachmentElement::requestData to requestInfo. See below
for more details. Augmented existing API tests in WKAttachmentTests.

  • html/AttachmentTypes.h:

Add a struct to represent a snapshot of information about an attachment element.

  • html/HTMLAttachmentElement.cpp:

(WebCore::HTMLAttachmentElement::requestInfo):
(WebCore::HTMLAttachmentElement::requestData): Deleted.

  • html/HTMLAttachmentElement.h:

Change requestData to requestInfo. Instead of fetching and delivering data via callback, requestInfo returns an
AttachmentInfo.

  • rendering/RenderThemeIOS.mm:

(WebCore::RenderAttachmentInfo::addLine):
(WebCore::RenderAttachmentInfo::buildWrappedLines):
(WebCore::RenderAttachmentInfo::buildSingleLine):
(WebCore::RenderAttachmentInfo::RenderAttachmentInfo):
(WebCore::RenderThemeIOS::attachmentBaseline const):
(WebCore::paintAttachmentIcon):
(WebCore::paintAttachmentText):
(WebCore::paintAttachmentProgress):
(WebCore::attachmentBorderPath):
(WebCore::RenderThemeIOS::paintAttachment):
(WebCore::AttachmentInfo::addLine): Deleted.
(WebCore::AttachmentInfo::buildWrappedLines): Deleted.
(WebCore::AttachmentInfo::buildSingleLine): Deleted.
(WebCore::AttachmentInfo::AttachmentInfo): Deleted.

Rename AttachmentInfo to RenderAttachmentInfo to resolve a name conflict with the new AttachmentInfo struct.

Source/WebKit:

Add support for -[_WKAttachment requestInfo:], which fetches a snapshot of the attachment's state. This API is
meant to be a replacement for -requestData: that provides additional metadata about the attachment.

  • Scripts/webkit/messages.py:

(headers_for_type):

  • Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<AttachmentInfo>::encode):
(IPC::ArgumentCoder<AttachmentInfo>::decode):

  • Shared/WebCoreArgumentCoders.h:

Add IPC support for AttachmentInfo. Note that instead of using (encode|decode)SharedBuffer, we send and receive
data references to the shared buffer.

  • UIProcess/API/APIAttachment.cpp:

(API::Attachment::requestInfo):
(API::Attachment::requestData): Deleted.

  • UIProcess/API/APIAttachment.h:

Change requestData to requestInfo.

  • UIProcess/API/Cocoa/_WKAttachment.h:
  • UIProcess/API/Cocoa/_WKAttachment.mm:

(-[_WKAttachmentInfo initWithInfo:]):
(-[_WKAttachmentInfo data]):
(-[_WKAttachmentInfo name]):
(-[_WKAttachmentInfo filePath]):
(-[_WKAttachmentInfo contentType]):
(-[_WKAttachment requestInfo:]):
(-[_WKAttachment requestData:]):

Implement -requestInfo: by calling into APIAttachment, and reimplement -requestData: in terms of -requestInfo:.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::attachmentInfoCallback):
(WebKit::WebPageProxy::requestAttachmentInfo):
(WebKit::WebPageProxy::sharedBufferCallback): Deleted.
(WebKit::WebPageProxy::requestAttachmentData): Deleted.

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebPageProxy.messages.in:

Rename the SharedBufferCallback IPC message to AttachmentInfoCallback, and make it conditional on
ATTACHMENT_ELEMENT. Rename requestAttachmentData to requestAttachmentInfo.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::requestAttachmentInfo):
(WebKit::WebPage::invokeSharedBufferCallback): Deleted.
(WebKit::WebPage::requestAttachmentData): Deleted.

Rename requestAttachmentData to requestAttachmentInfo and adopt HTMLAttachmentElement::requestInfo.

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:

Tools:

Adjusts some existing tests in WKAttachmentTests to exercise -requestInfo:.

  • TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:

(-[_WKAttachment synchronouslyRequestInfo:]):
(-[_WKAttachment synchronouslyRequestData:]):

Reimplement this in terms of -synchronouslyRequestInfo:.

(-[_WKAttachment expectRequestedDataToBe:]):
(TestWebKitAPI::TEST):

5:55 PM Changeset in webkit [226603] by sbarati@apple.com
  • 2 edits in trunk/Source/WebCore

Speculative build fix after r226600. We only use clflush on x86 and the asm volatile syntax is not available in the Windows build.

No new tests because this is a build fix.

  • dom/Comment.cpp:

(WebCore::Comment::clflushReadLength):

5:53 PM Changeset in webkit [226602] by achristensen@apple.com
  • 10 edits in trunk/Source/WebKit

Pass around Vector<Ref<WebContextMenuItem>> instead of WKArrayRef or Vector<WebContextMenuItemData>
https://bugs.webkit.org/show_bug.cgi?id=181419

Reviewed by Tim Horton.

Passing a WKArrayRef to an API object is messy and was preventing me from moving things around and making ObjC SPI.
No change in behavior. Just using different layering abstractions for the same data.

  • UIProcess/API/C/WKContextMenuListener.cpp:

(WKContextMenuListenerUseContextMenuItems):

  • UIProcess/WebContextMenuListenerProxy.cpp:

(WebKit::WebContextMenuListenerProxy::useContextMenuItems):

  • UIProcess/WebContextMenuListenerProxy.h:
  • UIProcess/WebContextMenuProxy.h:
  • UIProcess/mac/WebContextMenuProxyMac.h:
  • UIProcess/mac/WebContextMenuProxyMac.mm:

(WebKit::WebContextMenuProxyMac::showContextMenuWithItems):
(WebKit::WebContextMenuProxyMac::showContextMenu):

5:21 PM Changeset in webkit [226601] by don.olmstead@sony.com
  • 2 edits in trunk/Source/WTF

Add WTF_EXPORTs to UniStdExtras
https://bugs.webkit.org/show_bug.cgi?id=181415

Reviewed by Alex Christensen.

  • wtf/UniStdExtras.h:
5:07 PM Changeset in webkit [226600] by msaboff@apple.com
  • 8 edits in trunk/Source

Add a DOM gadget for Spectre testing
https://bugs.webkit.org/show_bug.cgi?id=181351

Source/JavaScriptCore:

Reviewed by Michael Saboff.

Added a new JSC::Option named enableSpectreGadgets to enable any gadgets added to test
Spectre mitigations.

  • runtime/Options.h:

Source/WebCore:

Reviewed by Saam Barati.

This change is used to test Spectre mitigations.

Added a side data array to the Comment DOM node to test for Spectre issues in
the DOM layer. This additional functionality is disabled by default and must
be enabled through the JSC option "enableSpectreGadgets".

  • dom/Comment.cpp:

(WebCore::Comment::Comment):
(WebCore::Comment::setReadLength):
(WebCore::Comment::charCodeAt):
(WebCore::Comment::clflushReadLength):

  • dom/Comment.h:
  • dom/Comment.idl:
  • page/RuntimeEnabledFeatures.cpp:

(WebCore::RuntimeEnabledFeatures::spectreGadgetsEnabled const):

  • page/RuntimeEnabledFeatures.h:
4:35 PM Changeset in webkit [226599] by commit-queue@webkit.org
  • 4 edits
    6 adds in trunk

A canvas should not be tainted if it draws a data URL SVGImage with a <foreignObject>
https://bugs.webkit.org/show_bug.cgi?id=180301

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2018-01-08
Reviewed by Dean Jackson.

Source/WebCore:

Don't taint the canvas if it draws a data URL SVGImage with a <foreignObject>.
There should not be a cross-origin data leak in this case.

Tests: svg/as-image/svg-canvas-data-url-svg-with-feimage-not-tainted.html

svg/as-image/svg-canvas-data-url-svg-with-foreign-object-not-tainted.html
svg/as-image/svg-canvas-data-url-svg-with-image-not-tainted.html

  • html/ImageBitmap.cpp:

(WebCore::taintsOrigin):

  • html/canvas/CanvasRenderingContext.cpp:

(WebCore::CanvasRenderingContext::wouldTaintOrigin):

LayoutTests:

  • svg/as-image/svg-canvas-data-url-svg-with-feimage-not-tainted-expected.txt: Added.
  • svg/as-image/svg-canvas-data-url-svg-with-feimage-not-tainted.html: Added.
  • svg/as-image/svg-canvas-data-url-svg-with-foreign-object-not-tainted-expected.txt: Added.
  • svg/as-image/svg-canvas-data-url-svg-with-foreign-object-not-tainted.html: Added.
  • svg/as-image/svg-canvas-data-url-svg-with-image-not-tainted-expected.txt: Added.
  • svg/as-image/svg-canvas-data-url-svg-with-image-not-tainted.html: Added.
4:16 PM Changeset in webkit [226598] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.5.5

Tag Safari-604.5.5.

4:16 PM Changeset in webkit [226597] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.5.4

Tag Safari-604.5.4.

4:12 PM Changeset in webkit [226596] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.5.100.5

Tag Safari-604.5.100.5.

4:12 PM Changeset in webkit [226595] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.5.100.4

Tag Safari-604.5.100.4.

4:07 PM Changeset in webkit [226594] by jmarcell@apple.com
  • 3 edits in branches/safari-604.5.100-branch/Source/WebCore

Cherry-pick r226457. rdar://problem/36324013

4:07 PM Changeset in webkit [226593] by jmarcell@apple.com
  • 7 edits in branches/safari-604.5.100-branch/Source

Versioning.

4:07 PM Changeset in webkit [226592] by jmarcell@apple.com
  • 1 edit in branches/safari-604.5.100-branch/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp

Apply patch. rdar://problem/36276168

fix indexing mask

4:07 PM Changeset in webkit [226591] by jmarcell@apple.com
  • 7 edits in branches/safari-604.5.100-branch/Source

Versioning.

4:07 PM Changeset in webkit [226590] by jmarcell@apple.com
  • 5 edits in branches/safari-604.5.100-branch

Apply patch. rdar://problem/36257610

Reduce the precision of "high" resolution time to 1ms
https://bugs.webkit.org/show_bug.cgi?id=180910
<rdar://problem/36085943>

Reviewed by Saam Barati.

Add a flaky test expectation to imported/w3c/web-platform-tests/workers/worker-performance.worker.html
due to a test bug. The test fix is tracked in https://github.com/w3c/web-platform-tests/pull/8711

4:07 PM Changeset in webkit [226589] by jmarcell@apple.com
  • 3 edits in branches/safari-604.5.100-branch/Source/JavaScriptCore

Apply patch. rdar://problem/36257696

Disable/remove SharedArrayBuffers from Web API
rdar://problem/36077849

Removed SharedArrayBuffer prototype and structure to disable.

  • runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::init): (JSC::JSGlobalObject::visitChildren):
  • runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype const): (JSC::JSGlobalObject::arrayBufferStructure const):
3:51 PM Changeset in webkit [226588] by jmarcell@apple.com
  • 3 edits in branches/safari-604-branch/Source/WebCore

Cherry-pick r226457. rdar://problem/36323985

3:50 PM Changeset in webkit [226587] by jmarcell@apple.com
  • 7 edits in branches/safari-604-branch/Source

Versioning.

3:50 PM Changeset in webkit [226586] by jmarcell@apple.com
  • 1 edit in branches/safari-604-branch/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp

Apply patch. rdar://problem/36276141

fix indexing mask

3:50 PM Changeset in webkit [226585] by jmarcell@apple.com
  • 7 edits in branches/safari-604-branch/Source

Versioning.

3:50 PM Changeset in webkit [226584] by jmarcell@apple.com
  • 5 edits in branches/safari-604-branch

Apply patch. rdar://problem/36257607

Reduce the precision of "high" resolution time to 1ms
https://bugs.webkit.org/show_bug.cgi?id=180910
<rdar://problem/36085943>

Reviewed by Saam Barati.

Add a flaky test expectation to imported/w3c/web-platform-tests/workers/worker-performance.worker.html
due to a test bug. The test fix is tracked in https://github.com/w3c/web-platform-tests/pull/8711

3:50 PM Changeset in webkit [226583] by jmarcell@apple.com
  • 3 edits in branches/safari-604-branch/Source/JavaScriptCore

Apply patch. rdar://problem/36257695

Disable/remove SharedArrayBuffers from Web API
rdar://problem/36077849

Removed SharedArrayBuffer prototype and structure to disable.

  • runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::init): (JSC::JSGlobalObject::visitChildren):
  • runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype const): (JSC::JSGlobalObject::arrayBufferStructure const):
3:32 PM Changeset in webkit [226582] by jmarcell@apple.com
  • 7 edits in tags/Safari-605.1.20/Source

Versioning.

3:27 PM Changeset in webkit [226581] by don.olmstead@sony.com
  • 6 edits in trunk/Source/WebCore

Simplify platform checks in Graphics Context
https://bugs.webkit.org/show_bug.cgi?id=181344

Reviewed by Alex Christensen.

No new tests. No change in behavior.

  • platform/graphics/ANGLEWebKitBridge.h:
  • platform/graphics/GLContext.h:
  • platform/graphics/GraphicsContext3D.h:
  • platform/graphics/OpenGLESShims.h:
  • platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:

(WebCore::GraphicsContext3D::checkVaryingsPacking const):

3:23 PM Changeset in webkit [226580] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.4.7.10.6

Tag Safari-604.4.7.10.6.

3:19 PM Changeset in webkit [226579] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.4.7.10.5

Tag Safari-604.4.7.10.5.

3:16 PM Changeset in webkit [226578] by Matt Lewis
  • 2 edits in trunk/LayoutTests

Marked imported/w3c/web-platform-tests/service-workers/service-worker/register-closed-window.https.html as flaky.
https://bugs.webkit.org/show_bug.cgi?id=181087

Unreviewed test gardening.

  • platform/ios-wk2/TestExpectations:
3:15 PM Changeset in webkit [226577] by jmarcell@apple.com
  • 7 edits in branches/safari-604.4.7.10-branch/Source

Versioning.

3:15 PM Changeset in webkit [226576] by jmarcell@apple.com
  • 1 edit in branches/safari-604.4.7.10-branch/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp

Apply patch. rdar://problem/36267662

fix indexing mask

3:15 PM Changeset in webkit [226575] by jmarcell@apple.com
  • 7 edits in branches/safari-604.4.7.10-branch/Source

Versioning.

3:15 PM Changeset in webkit [226574] by jmarcell@apple.com
  • 2 edits in branches/safari-604.4.7.10-branch/Source/JavaScriptCore

Apply patch. rdar://problem/36116826

32-bit fix.

3:15 PM Changeset in webkit [226573] by jmarcell@apple.com
  • 62 edits
    4 copies
    3 adds in branches/safari-604.4.7.10-branch

Apply patch. rdar://problem/36116820

Cherry-pick r225363, r225437, r225632, r225659, r225697, r225857. rdar://problem/36085975

Also merged offlineasm parts of r220184 and r222549. These changes are required
to support the code in cherry-picked revisions above.

2017-11-30 Mark Lam <mark.lam@apple.com>

Let's scramble MacroAssemblerCodePtr values.
https://bugs.webkit.org/show_bug.cgi?id=180169
<rdar://problem/35758340>

Reviewed by Filip Pizlo, Saam Barati, and JF Bastien.

  1. MacroAssemblerCodePtr now stores a ScrambledPtr instead of a void*.
  1. MacroAssemblerCodePtr's executableAddress() and dataLocation() now take a template argument type that will be used to cast the result. This makes the client code that uses these functions a little less verbose.
  1. Change the code base in general to minimize passing void* code pointers around. We now pass MacroAssemblerCodePtr as much as possible, and descramble it only at the last moment when we need the underlying code pointer.
  1. Added some MasmScrambledPtr paranoid asserts that are disabled (not built) by default. I'm leaving them in because they are instrumental in finding bugs where not all MacroAssemblerCodePtr values were not scrambled as expected. I expect them to be useful in the near future as we add more scrambling.
  1. Also disable the casting operator on MacroAssemblerCodePtr (except for explicit casts to a boolean). This ensures that clients will always explicitly use scrambledBits() or executableAddress() to get a value based on which value they actually need.
  1. Added currentThread() id to the logging in LLIntSlowPath trace functions. This was helpful when debugging tests that ran multiple VMs concurrently on different threads.

MacroAssemblerCodePtr is currently supported on 64-bit builds (including the
CLoop). It is not yet supported in 32-bit and Windows because we don't
currently have a way to read a global variable from their LLInt code.

  • assembler/AbstractMacroAssembler.h: (JSC::AbstractMacroAssembler::differenceBetweenCodePtr): (JSC::AbstractMacroAssembler::linkPointer):
  • assembler/CodeLocation.h: (JSC::CodeLocationCommon::instructionAtOffset): (JSC::CodeLocationCommon::labelAtOffset): (JSC::CodeLocationCommon::jumpAtOffset): (JSC::CodeLocationCommon::callAtOffset): (JSC::CodeLocationCommon::nearCallAtOffset): (JSC::CodeLocationCommon::dataLabelPtrAtOffset): (JSC::CodeLocationCommon::dataLabel32AtOffset): (JSC::CodeLocationCommon::dataLabelCompactAtOffset): (JSC::CodeLocationCommon::convertibleLoadAtOffset):
  • assembler/LinkBuffer.cpp: (JSC::LinkBuffer::finalizeCodeWithDisassembly):
  • assembler/LinkBuffer.h: (JSC::LinkBuffer::link): (JSC::LinkBuffer::patch):
  • assembler/MacroAssemblerCodeRef.cpp: (JSC::MacroAssemblerCodePtr::initialize):
  • assembler/MacroAssemblerCodeRef.h: (JSC::FunctionPtr::FunctionPtr): (JSC::FunctionPtr::value const): (JSC::FunctionPtr::executableAddress const): (JSC::ReturnAddressPtr::ReturnAddressPtr): (JSC::ReturnAddressPtr::value const): (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr): (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): (JSC::MacroAssemblerCodePtr::scrambledPtr const): (JSC::MacroAssemblerCodePtr:: const): (JSC::MacroAssemblerCodePtr::operator! const): (JSC::MacroAssemblerCodePtr::operator bool const): (JSC::MacroAssemblerCodePtr::operator== const): (JSC::MacroAssemblerCodePtr::hash const): (JSC::MacroAssemblerCodePtr::emptyValue): (JSC::MacroAssemblerCodePtr::deletedValue): (JSC::MacroAssemblerCodePtr::executableAddress const): Deleted. (JSC::MacroAssemblerCodePtr::dataLocation const): Deleted.
  • b3/B3LowerMacros.cpp:
  • b3/testb3.cpp: (JSC::B3::testInterpreter):
  • dfg/DFGDisassembler.cpp: (JSC::DFG::Disassembler::dumpDisassembly):
  • dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::link): (JSC::DFG::JITCompiler::compileFunction):
  • dfg/DFGOperations.cpp:
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::emitSwitchIntJump): (JSC::DFG::SpeculativeJIT::emitSwitchImm): (JSC::DFG::SpeculativeJIT::emitSwitchCharStringJump): (JSC::DFG::SpeculativeJIT::emitSwitchChar):
  • dfg/DFGSpeculativeJIT.h:
  • disassembler/Disassembler.cpp: (JSC::disassemble):
  • disassembler/UDis86Disassembler.cpp: (JSC::tryToDisassembleWithUDis86):
  • ftl/FTLCompile.cpp: (JSC::FTL::compile):
  • ftl/FTLJITCode.cpp: (JSC::FTL::JITCode::executableAddressAtOffset):
  • ftl/FTLLink.cpp: (JSC::FTL::link):
  • ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileMathIC): (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct): (JSC::FTL::DFG::LowerDFGToB3::compileTailCall): (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread): (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
  • interpreter/InterpreterInlines.h: (JSC::Interpreter::getOpcodeID):
  • jit/JITArithmetic.cpp: (JSC::JIT::emitMathICFast): (JSC::JIT::emitMathICSlow):
  • jit/JITCode.cpp: (JSC::JITCodeWithCodeRef::executableAddressAtOffset): (JSC::JITCodeWithCodeRef::dataAddressAtOffset): (JSC::JITCodeWithCodeRef::offsetOf):
  • jit/JITDisassembler.cpp: (JSC::JITDisassembler::dumpDisassembly):
  • jit/PCToCodeOriginMap.cpp: (JSC::PCToCodeOriginMap::PCToCodeOriginMap):
  • jit/Repatch.cpp: (JSC::ftlThunkAwareRepatchCall):
  • jit/ThunkGenerators.cpp: (JSC::virtualThunkFor): (JSC::boundThisNoArgsFunctionCallGenerator):
  • llint/LLIntSlowPaths.cpp: (JSC::LLInt::llint_trace_operand): (JSC::LLInt::llint_trace_value): (JSC::LLInt::handleHostCall): (JSC::LLInt::setUpCall):
  • llint/LowLevelInterpreter64.asm:
  • offlineasm/cloop.rb:
  • runtime/InitializeThreading.cpp: (JSC::initializeThreading):
  • wasm/WasmBBQPlan.cpp: (JSC::Wasm::BBQPlan::complete):
  • wasm/WasmCallee.h: (JSC::Wasm::Callee::entrypoint const):
  • wasm/WasmCodeBlock.cpp: (JSC::Wasm::CodeBlock::CodeBlock):
  • wasm/WasmOMGPlan.cpp: (JSC::Wasm::OMGPlan::work):
  • wasm/js/WasmToJS.cpp: (JSC::Wasm::wasmToJS):
  • wasm/js/WebAssemblyFunction.cpp: (JSC::callWebAssemblyFunction):
  • wasm/js/WebAssemblyFunction.h:
  • wasm/js/WebAssemblyWrapperFunction.cpp: (JSC::WebAssemblyWrapperFunction::create):

2017-12-01 Mark Lam <mark.lam@apple.com>

Let's scramble ClassInfo pointers in cells.
https://bugs.webkit.org/show_bug.cgi?id=180291
<rdar://problem/35807620>

Reviewed by JF Bastien.

  • API/JSCallbackObject.h:
  • API/JSObjectRef.cpp: (classInfoPrivate):
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • assembler/MacroAssemblerCodeRef.cpp: (JSC::MacroAssemblerCodePtr::initialize): Deleted.
  • assembler/MacroAssemblerCodeRef.h: (JSC::MacroAssemblerCodePtr:: const): (JSC::MacroAssemblerCodePtr::hash const):
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileCheckSubClass): (JSC::DFG::SpeculativeJIT::compileNewStringObject):
  • ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject): (JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
  • jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
  • jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
  • runtime/InitializeThreading.cpp: (JSC::initializeThreading):
  • runtime/JSCScrambledPtr.cpp: Added. (JSC::initializeScrambledPtrKeys):
  • runtime/JSCScrambledPtr.h: Added.
  • runtime/JSDestructibleObject.h: (JSC::JSDestructibleObject::classInfo const):
  • runtime/JSSegmentedVariableObject.h: (JSC::JSSegmentedVariableObject::classInfo const):
  • runtime/Structure.h:
  • runtime/VM.h:

2017-12-07 Mark Lam <mark.lam@apple.com>

[Re-landing r225620] Refactoring: Rename ScrambledPtr to Poisoned.
https://bugs.webkit.org/show_bug.cgi?id=180514

Reviewed by Saam Barati and JF Bastien.

Re-landing r225620 with speculative build fix for GCC 7.

  • API/JSCallbackObject.h:
  • API/JSObjectRef.cpp: (classInfoPrivate):
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • assembler/MacroAssemblerCodeRef.h: (JSC::FunctionPtr::FunctionPtr): (JSC::FunctionPtr::value const): (JSC::FunctionPtr::executableAddress const): (JSC::ReturnAddressPtr::ReturnAddressPtr): (JSC::ReturnAddressPtr::value const): (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr): (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): (JSC::MacroAssemblerCodePtr::poisonedPtr const): (JSC::MacroAssemblerCodePtr:: const): (JSC::MacroAssemblerCodePtr::operator! const): (JSC::MacroAssemblerCodePtr::operator== const): (JSC::MacroAssemblerCodePtr::emptyValue): (JSC::MacroAssemblerCodePtr::deletedValue): (JSC::MacroAssemblerCodePtr::scrambledPtr const): Deleted.
  • b3/B3LowerMacros.cpp:
  • b3/testb3.cpp: (JSC::B3::testInterpreter):
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileCheckSubClass): (JSC::DFG::SpeculativeJIT::compileNewStringObject): (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
  • ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject): (JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
  • jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
  • jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
  • jit/ThunkGenerators.cpp: (JSC::virtualThunkFor): (JSC::boundThisNoArgsFunctionCallGenerator):
  • llint/LLIntSlowPaths.cpp: (JSC::LLInt::handleHostCall): (JSC::LLInt::setUpCall):
  • llint/LowLevelInterpreter64.asm:
  • runtime/InitializeThreading.cpp: (JSC::initializeThreading):
  • runtime/JSCPoisonedPtr.cpp: Copied from Source/JavaScriptCore/runtime/JSCScrambledPtr.cpp. (JSC::initializePoison): (JSC::initializeScrambledPtrKeys): Deleted.
  • runtime/JSCPoisonedPtr.h: Copied from Source/JavaScriptCore/runtime/JSCScrambledPtr.h.
  • runtime/JSCScrambledPtr.cpp: Removed.
  • runtime/JSCScrambledPtr.h: Removed.
  • runtime/JSDestructibleObject.h: (JSC::JSDestructibleObject::classInfo const):
  • runtime/JSSegmentedVariableObject.h: (JSC::JSSegmentedVariableObject::classInfo const):
  • runtime/Structure.h:
  • runtime/VM.h:

2017-12-07 Mark Lam <mark.lam@apple.com>

Apply poisoning to some native code pointers.
https://bugs.webkit.org/show_bug.cgi?id=180541
<rdar://problem/35916875>

Reviewed by Filip Pizlo.

Renamed g_classInfoPoison to g_globalDataPoison.
Renamed g_masmPoison to g_jitCodePoison.
Introduced g_nativeCodePoison.
Applied g_nativeCodePoison to poisoning some native code pointers.

Introduced non-random Int32 poison values (in JSCPoison.h) for use with pointers
to malloc allocated data structures (where needed).

  • API/JSCallbackFunction.h: (JSC::JSCallbackFunction::functionCallback):
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • jit/ThunkGenerators.cpp: (JSC::nativeForGenerator):
  • llint/LowLevelInterpreter64.asm:
  • runtime/CustomGetterSetter.h: (JSC::CustomGetterSetter::getter const): (JSC::CustomGetterSetter::setter const):
  • runtime/InternalFunction.cpp: (JSC::InternalFunction::getCallData): (JSC::InternalFunction::getConstructData):
  • runtime/InternalFunction.h: (JSC::InternalFunction::nativeFunctionFor):
  • runtime/JSCPoison.h: Added.
  • runtime/JSCPoisonedPtr.cpp: (JSC::initializePoison):
  • runtime/JSCPoisonedPtr.h:
  • runtime/Lookup.h:
  • runtime/NativeExecutable.cpp: (JSC::NativeExecutable::hashFor const):
  • runtime/NativeExecutable.h:
  • runtime/Structure.cpp: (JSC::StructureTransitionTable::setSingleTransition):
  • runtime/StructureTransitionTable.h: (JSC::StructureTransitionTable::StructureTransitionTable): (JSC::StructureTransitionTable::isUsingSingleSlot const): (JSC::StructureTransitionTable::map const): (JSC::StructureTransitionTable::weakImpl const): (JSC::StructureTransitionTable::setMap):

2017-12-08 Mark Lam <mark.lam@apple.com>

Need to unpoison native function pointers for CLoop.
https://bugs.webkit.org/show_bug.cgi?id=180601
<rdar://problem/35942028>

Reviewed by JF Bastien.

  • llint/LowLevelInterpreter64.asm:

2017-12-13 Mark Lam <mark.lam@apple.com>

Fill out some Poisoned APIs, fix some bugs, and add some tests.
https://bugs.webkit.org/show_bug.cgi?id=180724
<rdar://problem/36006884>

Reviewed by JF Bastien.

  • runtime/StructureTransitionTable.h:

2017-12-18 Jason Marcell <jmarcell@apple.com>

Apply patch. rdar://problem/36113365

Cherry-pick r225363, r225437, r225632, r225659, r225697, r225857. rdar://problem/36085975

2017-11-30 Mark Lam <mark.lam@apple.com>

Let's scramble MacroAssemblerCodePtr values.
https://bugs.webkit.org/show_bug.cgi?id=180169
<rdar://problem/35758340>

Reviewed by Filip Pizlo, Saam Barati, and JF Bastien.

Introduce a ScrambledPtr class to facilitate scrambling.

  • WTF.xcodeproj/project.pbxproj:
  • wtf/CMakeLists.txt:
  • wtf/ScrambledPtr.cpp: Added. (WTF::makeScrambledPtrKey):
  • wtf/ScrambledPtr.h: Added. (WTF::ScrambledPtr::ScrambledPtr): (WTF::ScrambledPtr::paranoidAssertIsScrambled const): (WTF::ScrambledPtr::paranoidAssertIsNotScrambled const): (WTF::ScrambledPtr:: const): (WTF::ScrambledPtr::operator-> const): (WTF::ScrambledPtr::scrambledBits const): (WTF::ScrambledPtr::operator! const): (WTF::ScrambledPtr::operator bool const): (WTF::ScrambledPtr::operator== const): (WTF::ScrambledPtr::operator==): (WTF::ScrambledPtr::scramble): (WTF::ScrambledPtr::descramble):

2017-12-01 Mark Lam <mark.lam@apple.com>

Let's scramble ClassInfo pointers in cells.
https://bugs.webkit.org/show_bug.cgi?id=180291
<rdar://problem/35807620>

Reviewed by JF Bastien.

  • wtf/ScrambledPtr.h: (WTF::ScrambledPtr::descrambled const): (WTF::ScrambledPtr::bits const): (WTF::ScrambledPtr::operator==): (WTF::ScrambledPtr::operator=): (WTF::ScrambledPtr::scramble): (WTF::ScrambledPtr::descramble): (WTF::ScrambledPtr:: const): Deleted. (WTF::ScrambledPtr::scrambledBits const): Deleted.

2017-12-07 Mark Lam <mark.lam@apple.com>

[Re-landing r225620] Refactoring: Rename ScrambledPtr to Poisoned.
https://bugs.webkit.org/show_bug.cgi?id=180514

Reviewed by Saam Barati and JF Bastien.

Re-landing r225620 with speculative build fix for GCC 7.

  • WTF.xcodeproj/project.pbxproj:
  • wtf/CMakeLists.txt:
  • wtf/Poisoned.cpp: Copied from Source/WTF/wtf/ScrambledPtr.cpp. (WTF::makePoison): (WTF::makeScrambledPtrKey): Deleted.
  • wtf/Poisoned.h: Copied from Source/WTF/wtf/ScrambledPtr.h. (WTF::PoisonedImpl::PoisonedImpl): (WTF::PoisonedImpl::assertIsPoisoned const): (WTF::PoisonedImpl::assertIsNotPoisoned const): (WTF::PoisonedImpl::unpoisoned const): (WTF::PoisonedImpl::operator-> const): (WTF::PoisonedImpl::bits const): (WTF::PoisonedImpl::operator! const): (WTF::PoisonedImpl::operator bool const): (WTF::PoisonedImpl::operator== const): (WTF::PoisonedImpl::operator==): (WTF::PoisonedImpl::operator=): (WTF::PoisonedImpl::poison): (WTF::PoisonedImpl::unpoison): (WTF::ScrambledPtr::ScrambledPtr): Deleted. (WTF::ScrambledPtr::assertIsScrambled const): Deleted. (WTF::ScrambledPtr::assertIsNotScrambled const): Deleted. (WTF::ScrambledPtr::descrambled const): Deleted. (WTF::ScrambledPtr::operator-> const): Deleted. (WTF::ScrambledPtr::bits const): Deleted. (WTF::ScrambledPtr::operator! const): Deleted. (WTF::ScrambledPtr::operator bool const): Deleted. (WTF::ScrambledPtr::operator== const): Deleted. (WTF::ScrambledPtr::operator==): Deleted. (WTF::ScrambledPtr::operator=): Deleted. (WTF::ScrambledPtr::scramble): Deleted. (WTF::ScrambledPtr::descramble): Deleted.
  • wtf/ScrambledPtr.cpp: Removed.
  • wtf/ScrambledPtr.h: Removed.

2017-12-07 Mark Lam <mark.lam@apple.com>

Apply poisoning to some native code pointers.
https://bugs.webkit.org/show_bug.cgi?id=180541
<rdar://problem/35916875>

Reviewed by Filip Pizlo.

Ensure that the resultant poisoned bits still looks like a pointer in that its
bottom bits are 0, just like the alignment bits of a pointer. This allows the
client to use the bottom bits of the poisoned bits as flag bits just like the
client was previously able to do with pointer values.

Note: we only ensure that the bottom alignment bits of the generated poison
value is 0. We're not masking out the poisoned bits. This means that the bottom
bits of the poisoned bits will only be null if the original pointer is aligned.
Hence, if the client applies the poison to an unaligned pointer, we do not lose
any information on the low bits.

Also removed 2 wrong assertions in PoisonedImpl's constructors. We were
asserting that Poisoned will never be used with a null value, but that's invalid.
We do want to allow a null value so that we don't have to constantly do null
checks in the clients. This was uncovered by some layout tests.

  • wtf/Poisoned.cpp: (WTF::makePoison):
  • wtf/Poisoned.h: (WTF::PoisonedImpl::PoisonedImpl):

2017-12-13 Mark Lam <mark.lam@apple.com>

Fill out some Poisoned APIs, fix some bugs, and add some tests.
https://bugs.webkit.org/show_bug.cgi?id=180724
<rdar://problem/36006884>

Reviewed by JF Bastien.

Also rename Int32Poisoned to ConstExprPoisoned. The key it takes is actually a
uint32_t. So, Int32 is really a misnomer. In addition, the key needs to be a
constexpr. So, ConstExprPoisoned is a better name for it.

  • wtf/Poisoned.cpp: (WTF::makePoison):
  • wtf/Poisoned.h: (WTF::PoisonedImplHelper::asReference): (WTF::PoisonedImpl::PoisonedImpl): (WTF::PoisonedImpl::clear): (WTF::PoisonedImpl::operator* const): (WTF::PoisonedImpl::operator-> const): (WTF::PoisonedImpl::operator== const): (WTF::PoisonedImpl::operator!= const): (WTF::PoisonedImpl::operator< const): (WTF::PoisonedImpl::operator<= const): (WTF::PoisonedImpl::operator> const): (WTF::PoisonedImpl::operator>= const): (WTF::PoisonedImpl::operator=): (WTF::PoisonedImpl::swap): (WTF::PoisonedImpl::exchange): (WTF::swap): (WTF::makePoison): (WTF::PoisonedImpl::operator==): Deleted.
3:15 PM Changeset in webkit [226572] by jmarcell@apple.com
  • 27 edits in branches/safari-604.4.7.10-branch/Source

Apply patch. rdar://problem/36116826

Use index masking for TypedArrays and and Wasm.
https://bugs.webkit.org/show_bug.cgi?id=180920

Reviewed by Filip Pizlo.

We should have index masking for our TypedArray code in the
DFG/FTL and for Wasm when doing bounds checking. Index masking for
Wasm is added to the WasmBoundsCheckValue. Since we don't CSE any
WasmBoundsCheckValues we don't need to worry about combining a
bounds check for a load and a store. I went with fusing the
pointer masking in the WasmBoundsCheckValue since it should reduce
additional compiler overhead.

  • b3/B3LowerToAir.cpp:
  • b3/B3Validate.cpp:
  • b3/B3WasmBoundsCheckValue.cpp: (JSC::B3::WasmBoundsCheckValue::WasmBoundsCheckValue): (JSC::B3::WasmBoundsCheckValue::dumpMeta const):
  • b3/B3WasmBoundsCheckValue.h: (JSC::B3::WasmBoundsCheckValue::pinnedIndexingMask const):
  • b3/air/AirCustom.h: (JSC::B3::Air::WasmBoundsCheckCustom::generate):
  • b3/testb3.cpp: (JSC::B3::testWasmBoundsCheck):
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::loadFromIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile):
  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileAtomicsReadModifyWrite): (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal): (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray): (JSC::FTL::DFG::LowerDFGToB3::pointerIntoTypedArray):
  • jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::emitComputeButterflyIndexingMask):
  • runtime/Butterfly.h:
  • runtime/JSArrayBufferView.cpp: (JSC::JSArrayBufferView::JSArrayBufferView):
  • runtime/JSArrayBufferView.h: (JSC::JSArrayBufferView::offsetOfIndexingMask):
  • wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::B3IRGenerator): (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState): (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer): (JSC::Wasm::B3IRGenerator::load): (JSC::Wasm::B3IRGenerator::store): (JSC::Wasm::B3IRGenerator::addCallIndirect):
  • wasm/WasmBinding.cpp: (JSC::Wasm::wasmToWasm):
  • wasm/WasmMemory.cpp: (JSC::Wasm::Memory::Memory):
  • wasm/WasmMemory.h: (JSC::Wasm::Memory::offsetOfIndexingMask):
  • wasm/WasmMemoryInformation.cpp: (JSC::Wasm::PinnedRegisterInfo::get): (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):
  • wasm/WasmMemoryInformation.h: (JSC::Wasm::PinnedRegisterInfo::toSave const):
  • wasm/js/JSToWasm.cpp: (JSC::Wasm::createJSToWasmWrapper):

Use index masking for TypedArrays and and Wasm.
https://bugs.webkit.org/show_bug.cgi?id=180920

Reviewed by Filip Pizlo.

Copy things from ToT that we will need for a branch.

  • wtf/MathExtras.h: (WTF::computeIndexingMask):
  • wtf/StdLibExtras.h: (std::clz):
3:15 PM Changeset in webkit [226571] by jmarcell@apple.com
  • 5 edits in branches/safari-604.4.7.10-branch

Apply patch. rdar://problem/36116741

Reduce the precision of "high" resolution time to 1ms
https://bugs.webkit.org/show_bug.cgi?id=180910
<rdar://problem/36085943>

Reviewed by Saam Barati.

Add a flaky test expectation to imported/w3c/web-platform-tests/workers/worker-performance.worker.html
due to a test bug. The test fix is tracked in https://github.com/w3c/web-platform-tests/pull/8711

3:15 PM Changeset in webkit [226570] by jmarcell@apple.com
  • 13 edits in branches/safari-604.4.7.10-branch/Source

Cherry-pick r226068. rdar://problem/36116830

3:14 PM Changeset in webkit [226569] by jmarcell@apple.com
  • 3 edits in branches/safari-604.4.7.10-branch/Source/JavaScriptCore

Apply patch. rdar://problem/36116696

Disable/remove SharedArrayBuffers from Web API
rdar://problem/36077849

Removed SharedArrayBuffer prototype and structure to disable.

  • runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::init): (JSC::JSGlobalObject::visitChildren):
  • runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype const): (JSC::JSGlobalObject::arrayBufferStructure const):
3:14 PM Changeset in webkit [226568] by Alan Bujtas
  • 9 edits
    2 adds in trunk/Source/WebCore

[RenderTreeBuilder] Move SVG addChild logic to RenderTreeBuilder
https://bugs.webkit.org/show_bug.cgi?id=181405
<rdar://problem/36360476>

Reviewed by Antti Koivisto.

This is about moving the code, no cleanup and/or normalization (unfortunately it also means
some temporary changes).

No change in functionality.

  • Sources.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • rendering/svg/RenderSVGContainer.cpp:

(WebCore::RenderSVGContainer::addChild):

  • rendering/svg/RenderSVGInline.cpp:

(WebCore::RenderSVGInline::addChild):

  • rendering/svg/RenderSVGRoot.cpp:

(WebCore::RenderSVGRoot::addChild):

  • rendering/svg/RenderSVGText.cpp:

(WebCore::RenderSVGText::addChild):

  • rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::RenderTreeBuilder):
(WebCore::RenderTreeBuilder::insertChildToSVGContainer):
(WebCore::RenderTreeBuilder::insertChildToSVGInline):
(WebCore::RenderTreeBuilder::insertChildToSVGRoot):
(WebCore::RenderTreeBuilder::insertChildToSVGText):

  • rendering/updating/RenderTreeBuilder.h:

(WebCore::RenderTreeBuilder::SVGBuilder):

  • rendering/updating/RenderTreeBuilderSVG.cpp: Added.

(WebCore::RenderTreeBuilder::SVG::SVG):
(WebCore::RenderTreeBuilder::SVG::insertChild):

  • rendering/updating/RenderTreeBuilderSVG.h: Added.
3:11 PM Changeset in webkit [226567] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.4.7.1.6

Tag Safari-604.4.7.1.6.

3:10 PM Changeset in webkit [226566] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.4.7.1.5

Tag Safari-604.4.7.1.5.

3:09 PM Changeset in webkit [226565] by jmarcell@apple.com
  • 7 edits in branches/safari-604.4.7.1-branch/Source

Versioning.

3:09 PM Changeset in webkit [226564] by jmarcell@apple.com
  • 1 edit in branches/safari-604.4.7.1-branch/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp

Apply patch. rdar://problem/36267626

fix indexing mask

3:09 PM Changeset in webkit [226563] by jmarcell@apple.com
  • 7 edits in branches/safari-604.4.7.1-branch/Source

Versioning.

3:09 PM Changeset in webkit [226562] by jmarcell@apple.com
  • 2 edits in branches/safari-604.4.7.1-branch/Source/JavaScriptCore

Apply patch. rdar://problem/36116390

32-bit fix.

3:09 PM Changeset in webkit [226561] by jmarcell@apple.com
  • 62 edits
    4 copies
    3 adds in branches/safari-604.4.7.1-branch

Apply patch. rdar://problem/36116388

Cherry-pick r225363, r225437, r225632, r225659, r225697, r225857. rdar://problem/36085975

Also merged offlineasm parts of r220184 and r222549. These changes are required
to support the code in cherry-picked revisions above.

2017-11-30 Mark Lam <mark.lam@apple.com>

Let's scramble MacroAssemblerCodePtr values.
https://bugs.webkit.org/show_bug.cgi?id=180169
<rdar://problem/35758340>

Reviewed by Filip Pizlo, Saam Barati, and JF Bastien.

  1. MacroAssemblerCodePtr now stores a ScrambledPtr instead of a void*.
  1. MacroAssemblerCodePtr's executableAddress() and dataLocation() now take a template argument type that will be used to cast the result. This makes the client code that uses these functions a little less verbose.
  1. Change the code base in general to minimize passing void* code pointers around. We now pass MacroAssemblerCodePtr as much as possible, and descramble it only at the last moment when we need the underlying code pointer.
  1. Added some MasmScrambledPtr paranoid asserts that are disabled (not built) by default. I'm leaving them in because they are instrumental in finding bugs where not all MacroAssemblerCodePtr values were not scrambled as expected. I expect them to be useful in the near future as we add more scrambling.
  1. Also disable the casting operator on MacroAssemblerCodePtr (except for explicit casts to a boolean). This ensures that clients will always explicitly use scrambledBits() or executableAddress() to get a value based on which value they actually need.
  1. Added currentThread() id to the logging in LLIntSlowPath trace functions. This was helpful when debugging tests that ran multiple VMs concurrently on different threads.

MacroAssemblerCodePtr is currently supported on 64-bit builds (including the
CLoop). It is not yet supported in 32-bit and Windows because we don't
currently have a way to read a global variable from their LLInt code.

  • assembler/AbstractMacroAssembler.h: (JSC::AbstractMacroAssembler::differenceBetweenCodePtr): (JSC::AbstractMacroAssembler::linkPointer):
  • assembler/CodeLocation.h: (JSC::CodeLocationCommon::instructionAtOffset): (JSC::CodeLocationCommon::labelAtOffset): (JSC::CodeLocationCommon::jumpAtOffset): (JSC::CodeLocationCommon::callAtOffset): (JSC::CodeLocationCommon::nearCallAtOffset): (JSC::CodeLocationCommon::dataLabelPtrAtOffset): (JSC::CodeLocationCommon::dataLabel32AtOffset): (JSC::CodeLocationCommon::dataLabelCompactAtOffset): (JSC::CodeLocationCommon::convertibleLoadAtOffset):
  • assembler/LinkBuffer.cpp: (JSC::LinkBuffer::finalizeCodeWithDisassembly):
  • assembler/LinkBuffer.h: (JSC::LinkBuffer::link): (JSC::LinkBuffer::patch):
  • assembler/MacroAssemblerCodeRef.cpp: (JSC::MacroAssemblerCodePtr::initialize):
  • assembler/MacroAssemblerCodeRef.h: (JSC::FunctionPtr::FunctionPtr): (JSC::FunctionPtr::value const): (JSC::FunctionPtr::executableAddress const): (JSC::ReturnAddressPtr::ReturnAddressPtr): (JSC::ReturnAddressPtr::value const): (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr): (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): (JSC::MacroAssemblerCodePtr::scrambledPtr const): (JSC::MacroAssemblerCodePtr:: const): (JSC::MacroAssemblerCodePtr::operator! const): (JSC::MacroAssemblerCodePtr::operator bool const): (JSC::MacroAssemblerCodePtr::operator== const): (JSC::MacroAssemblerCodePtr::hash const): (JSC::MacroAssemblerCodePtr::emptyValue): (JSC::MacroAssemblerCodePtr::deletedValue): (JSC::MacroAssemblerCodePtr::executableAddress const): Deleted. (JSC::MacroAssemblerCodePtr::dataLocation const): Deleted.
  • b3/B3LowerMacros.cpp:
  • b3/testb3.cpp: (JSC::B3::testInterpreter):
  • dfg/DFGDisassembler.cpp: (JSC::DFG::Disassembler::dumpDisassembly):
  • dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::link): (JSC::DFG::JITCompiler::compileFunction):
  • dfg/DFGOperations.cpp:
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::emitSwitchIntJump): (JSC::DFG::SpeculativeJIT::emitSwitchImm): (JSC::DFG::SpeculativeJIT::emitSwitchCharStringJump): (JSC::DFG::SpeculativeJIT::emitSwitchChar):
  • dfg/DFGSpeculativeJIT.h:
  • disassembler/Disassembler.cpp: (JSC::disassemble):
  • disassembler/UDis86Disassembler.cpp: (JSC::tryToDisassembleWithUDis86):
  • ftl/FTLCompile.cpp: (JSC::FTL::compile):
  • ftl/FTLJITCode.cpp: (JSC::FTL::JITCode::executableAddressAtOffset):
  • ftl/FTLLink.cpp: (JSC::FTL::link):
  • ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileMathIC): (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct): (JSC::FTL::DFG::LowerDFGToB3::compileTailCall): (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread): (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
  • interpreter/InterpreterInlines.h: (JSC::Interpreter::getOpcodeID):
  • jit/JITArithmetic.cpp: (JSC::JIT::emitMathICFast): (JSC::JIT::emitMathICSlow):
  • jit/JITCode.cpp: (JSC::JITCodeWithCodeRef::executableAddressAtOffset): (JSC::JITCodeWithCodeRef::dataAddressAtOffset): (JSC::JITCodeWithCodeRef::offsetOf):
  • jit/JITDisassembler.cpp: (JSC::JITDisassembler::dumpDisassembly):
  • jit/PCToCodeOriginMap.cpp: (JSC::PCToCodeOriginMap::PCToCodeOriginMap):
  • jit/Repatch.cpp: (JSC::ftlThunkAwareRepatchCall):
  • jit/ThunkGenerators.cpp: (JSC::virtualThunkFor): (JSC::boundThisNoArgsFunctionCallGenerator):
  • llint/LLIntSlowPaths.cpp: (JSC::LLInt::llint_trace_operand): (JSC::LLInt::llint_trace_value): (JSC::LLInt::handleHostCall): (JSC::LLInt::setUpCall):
  • llint/LowLevelInterpreter64.asm:
  • offlineasm/cloop.rb:
  • runtime/InitializeThreading.cpp: (JSC::initializeThreading):
  • wasm/WasmBBQPlan.cpp: (JSC::Wasm::BBQPlan::complete):
  • wasm/WasmCallee.h: (JSC::Wasm::Callee::entrypoint const):
  • wasm/WasmCodeBlock.cpp: (JSC::Wasm::CodeBlock::CodeBlock):
  • wasm/WasmOMGPlan.cpp: (JSC::Wasm::OMGPlan::work):
  • wasm/js/WasmToJS.cpp: (JSC::Wasm::wasmToJS):
  • wasm/js/WebAssemblyFunction.cpp: (JSC::callWebAssemblyFunction):
  • wasm/js/WebAssemblyFunction.h:
  • wasm/js/WebAssemblyWrapperFunction.cpp: (JSC::WebAssemblyWrapperFunction::create):

2017-12-01 Mark Lam <mark.lam@apple.com>

Let's scramble ClassInfo pointers in cells.
https://bugs.webkit.org/show_bug.cgi?id=180291
<rdar://problem/35807620>

Reviewed by JF Bastien.

  • API/JSCallbackObject.h:
  • API/JSObjectRef.cpp: (classInfoPrivate):
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • assembler/MacroAssemblerCodeRef.cpp: (JSC::MacroAssemblerCodePtr::initialize): Deleted.
  • assembler/MacroAssemblerCodeRef.h: (JSC::MacroAssemblerCodePtr:: const): (JSC::MacroAssemblerCodePtr::hash const):
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileCheckSubClass): (JSC::DFG::SpeculativeJIT::compileNewStringObject):
  • ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject): (JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
  • jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
  • jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
  • runtime/InitializeThreading.cpp: (JSC::initializeThreading):
  • runtime/JSCScrambledPtr.cpp: Added. (JSC::initializeScrambledPtrKeys):
  • runtime/JSCScrambledPtr.h: Added.
  • runtime/JSDestructibleObject.h: (JSC::JSDestructibleObject::classInfo const):
  • runtime/JSSegmentedVariableObject.h: (JSC::JSSegmentedVariableObject::classInfo const):
  • runtime/Structure.h:
  • runtime/VM.h:

2017-12-07 Mark Lam <mark.lam@apple.com>

[Re-landing r225620] Refactoring: Rename ScrambledPtr to Poisoned.
https://bugs.webkit.org/show_bug.cgi?id=180514

Reviewed by Saam Barati and JF Bastien.

Re-landing r225620 with speculative build fix for GCC 7.

  • API/JSCallbackObject.h:
  • API/JSObjectRef.cpp: (classInfoPrivate):
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • assembler/MacroAssemblerCodeRef.h: (JSC::FunctionPtr::FunctionPtr): (JSC::FunctionPtr::value const): (JSC::FunctionPtr::executableAddress const): (JSC::ReturnAddressPtr::ReturnAddressPtr): (JSC::ReturnAddressPtr::value const): (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr): (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): (JSC::MacroAssemblerCodePtr::poisonedPtr const): (JSC::MacroAssemblerCodePtr:: const): (JSC::MacroAssemblerCodePtr::operator! const): (JSC::MacroAssemblerCodePtr::operator== const): (JSC::MacroAssemblerCodePtr::emptyValue): (JSC::MacroAssemblerCodePtr::deletedValue): (JSC::MacroAssemblerCodePtr::scrambledPtr const): Deleted.
  • b3/B3LowerMacros.cpp:
  • b3/testb3.cpp: (JSC::B3::testInterpreter):
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileCheckSubClass): (JSC::DFG::SpeculativeJIT::compileNewStringObject): (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
  • ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject): (JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
  • jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
  • jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
  • jit/ThunkGenerators.cpp: (JSC::virtualThunkFor): (JSC::boundThisNoArgsFunctionCallGenerator):
  • llint/LLIntSlowPaths.cpp: (JSC::LLInt::handleHostCall): (JSC::LLInt::setUpCall):
  • llint/LowLevelInterpreter64.asm:
  • runtime/InitializeThreading.cpp: (JSC::initializeThreading):
  • runtime/JSCPoisonedPtr.cpp: Copied from Source/JavaScriptCore/runtime/JSCScrambledPtr.cpp. (JSC::initializePoison): (JSC::initializeScrambledPtrKeys): Deleted.
  • runtime/JSCPoisonedPtr.h: Copied from Source/JavaScriptCore/runtime/JSCScrambledPtr.h.
  • runtime/JSCScrambledPtr.cpp: Removed.
  • runtime/JSCScrambledPtr.h: Removed.
  • runtime/JSDestructibleObject.h: (JSC::JSDestructibleObject::classInfo const):
  • runtime/JSSegmentedVariableObject.h: (JSC::JSSegmentedVariableObject::classInfo const):
  • runtime/Structure.h:
  • runtime/VM.h:

2017-12-07 Mark Lam <mark.lam@apple.com>

Apply poisoning to some native code pointers.
https://bugs.webkit.org/show_bug.cgi?id=180541
<rdar://problem/35916875>

Reviewed by Filip Pizlo.

Renamed g_classInfoPoison to g_globalDataPoison.
Renamed g_masmPoison to g_jitCodePoison.
Introduced g_nativeCodePoison.
Applied g_nativeCodePoison to poisoning some native code pointers.

Introduced non-random Int32 poison values (in JSCPoison.h) for use with pointers
to malloc allocated data structures (where needed).

  • API/JSCallbackFunction.h: (JSC::JSCallbackFunction::functionCallback):
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • jit/ThunkGenerators.cpp: (JSC::nativeForGenerator):
  • llint/LowLevelInterpreter64.asm:
  • runtime/CustomGetterSetter.h: (JSC::CustomGetterSetter::getter const): (JSC::CustomGetterSetter::setter const):
  • runtime/InternalFunction.cpp: (JSC::InternalFunction::getCallData): (JSC::InternalFunction::getConstructData):
  • runtime/InternalFunction.h: (JSC::InternalFunction::nativeFunctionFor):
  • runtime/JSCPoison.h: Added.
  • runtime/JSCPoisonedPtr.cpp: (JSC::initializePoison):
  • runtime/JSCPoisonedPtr.h:
  • runtime/Lookup.h:
  • runtime/NativeExecutable.cpp: (JSC::NativeExecutable::hashFor const):
  • runtime/NativeExecutable.h:
  • runtime/Structure.cpp: (JSC::StructureTransitionTable::setSingleTransition):
  • runtime/StructureTransitionTable.h: (JSC::StructureTransitionTable::StructureTransitionTable): (JSC::StructureTransitionTable::isUsingSingleSlot const): (JSC::StructureTransitionTable::map const): (JSC::StructureTransitionTable::weakImpl const): (JSC::StructureTransitionTable::setMap):

2017-12-08 Mark Lam <mark.lam@apple.com>

Need to unpoison native function pointers for CLoop.
https://bugs.webkit.org/show_bug.cgi?id=180601
<rdar://problem/35942028>

Reviewed by JF Bastien.

  • llint/LowLevelInterpreter64.asm:

2017-12-13 Mark Lam <mark.lam@apple.com>

Fill out some Poisoned APIs, fix some bugs, and add some tests.
https://bugs.webkit.org/show_bug.cgi?id=180724
<rdar://problem/36006884>

Reviewed by JF Bastien.

  • runtime/StructureTransitionTable.h:

2017-12-18 Jason Marcell <jmarcell@apple.com>

Apply patch. rdar://problem/36113365

Cherry-pick r225363, r225437, r225632, r225659, r225697, r225857. rdar://problem/36085975

2017-11-30 Mark Lam <mark.lam@apple.com>

Let's scramble MacroAssemblerCodePtr values.
https://bugs.webkit.org/show_bug.cgi?id=180169
<rdar://problem/35758340>

Reviewed by Filip Pizlo, Saam Barati, and JF Bastien.

Introduce a ScrambledPtr class to facilitate scrambling.

  • WTF.xcodeproj/project.pbxproj:
  • wtf/CMakeLists.txt:
  • wtf/ScrambledPtr.cpp: Added. (WTF::makeScrambledPtrKey):
  • wtf/ScrambledPtr.h: Added. (WTF::ScrambledPtr::ScrambledPtr): (WTF::ScrambledPtr::paranoidAssertIsScrambled const): (WTF::ScrambledPtr::paranoidAssertIsNotScrambled const): (WTF::ScrambledPtr:: const): (WTF::ScrambledPtr::operator-> const): (WTF::ScrambledPtr::scrambledBits const): (WTF::ScrambledPtr::operator! const): (WTF::ScrambledPtr::operator bool const): (WTF::ScrambledPtr::operator== const): (WTF::ScrambledPtr::operator==): (WTF::ScrambledPtr::scramble): (WTF::ScrambledPtr::descramble):

2017-12-01 Mark Lam <mark.lam@apple.com>

Let's scramble ClassInfo pointers in cells.
https://bugs.webkit.org/show_bug.cgi?id=180291
<rdar://problem/35807620>

Reviewed by JF Bastien.

  • wtf/ScrambledPtr.h: (WTF::ScrambledPtr::descrambled const): (WTF::ScrambledPtr::bits const): (WTF::ScrambledPtr::operator==): (WTF::ScrambledPtr::operator=): (WTF::ScrambledPtr::scramble): (WTF::ScrambledPtr::descramble): (WTF::ScrambledPtr:: const): Deleted. (WTF::ScrambledPtr::scrambledBits const): Deleted.

2017-12-07 Mark Lam <mark.lam@apple.com>

[Re-landing r225620] Refactoring: Rename ScrambledPtr to Poisoned.
https://bugs.webkit.org/show_bug.cgi?id=180514

Reviewed by Saam Barati and JF Bastien.

Re-landing r225620 with speculative build fix for GCC 7.

  • WTF.xcodeproj/project.pbxproj:
  • wtf/CMakeLists.txt:
  • wtf/Poisoned.cpp: Copied from Source/WTF/wtf/ScrambledPtr.cpp. (WTF::makePoison): (WTF::makeScrambledPtrKey): Deleted.
  • wtf/Poisoned.h: Copied from Source/WTF/wtf/ScrambledPtr.h. (WTF::PoisonedImpl::PoisonedImpl): (WTF::PoisonedImpl::assertIsPoisoned const): (WTF::PoisonedImpl::assertIsNotPoisoned const): (WTF::PoisonedImpl::unpoisoned const): (WTF::PoisonedImpl::operator-> const): (WTF::PoisonedImpl::bits const): (WTF::PoisonedImpl::operator! const): (WTF::PoisonedImpl::operator bool const): (WTF::PoisonedImpl::operator== const): (WTF::PoisonedImpl::operator==): (WTF::PoisonedImpl::operator=): (WTF::PoisonedImpl::poison): (WTF::PoisonedImpl::unpoison): (WTF::ScrambledPtr::ScrambledPtr): Deleted. (WTF::ScrambledPtr::assertIsScrambled const): Deleted. (WTF::ScrambledPtr::assertIsNotScrambled const): Deleted. (WTF::ScrambledPtr::descrambled const): Deleted. (WTF::ScrambledPtr::operator-> const): Deleted. (WTF::ScrambledPtr::bits const): Deleted. (WTF::ScrambledPtr::operator! const): Deleted. (WTF::ScrambledPtr::operator bool const): Deleted. (WTF::ScrambledPtr::operator== const): Deleted. (WTF::ScrambledPtr::operator==): Deleted. (WTF::ScrambledPtr::operator=): Deleted. (WTF::ScrambledPtr::scramble): Deleted. (WTF::ScrambledPtr::descramble): Deleted.
  • wtf/ScrambledPtr.cpp: Removed.
  • wtf/ScrambledPtr.h: Removed.

2017-12-07 Mark Lam <mark.lam@apple.com>

Apply poisoning to some native code pointers.
https://bugs.webkit.org/show_bug.cgi?id=180541
<rdar://problem/35916875>

Reviewed by Filip Pizlo.

Ensure that the resultant poisoned bits still looks like a pointer in that its
bottom bits are 0, just like the alignment bits of a pointer. This allows the
client to use the bottom bits of the poisoned bits as flag bits just like the
client was previously able to do with pointer values.

Note: we only ensure that the bottom alignment bits of the generated poison
value is 0. We're not masking out the poisoned bits. This means that the bottom
bits of the poisoned bits will only be null if the original pointer is aligned.
Hence, if the client applies the poison to an unaligned pointer, we do not lose
any information on the low bits.

Also removed 2 wrong assertions in PoisonedImpl's constructors. We were
asserting that Poisoned will never be used with a null value, but that's invalid.
We do want to allow a null value so that we don't have to constantly do null
checks in the clients. This was uncovered by some layout tests.

  • wtf/Poisoned.cpp: (WTF::makePoison):
  • wtf/Poisoned.h: (WTF::PoisonedImpl::PoisonedImpl):

2017-12-13 Mark Lam <mark.lam@apple.com>

Fill out some Poisoned APIs, fix some bugs, and add some tests.
https://bugs.webkit.org/show_bug.cgi?id=180724
<rdar://problem/36006884>

Reviewed by JF Bastien.

Also rename Int32Poisoned to ConstExprPoisoned. The key it takes is actually a
uint32_t. So, Int32 is really a misnomer. In addition, the key needs to be a
constexpr. So, ConstExprPoisoned is a better name for it.

  • wtf/Poisoned.cpp: (WTF::makePoison):
  • wtf/Poisoned.h: (WTF::PoisonedImplHelper::asReference): (WTF::PoisonedImpl::PoisonedImpl): (WTF::PoisonedImpl::clear): (WTF::PoisonedImpl::operator* const): (WTF::PoisonedImpl::operator-> const): (WTF::PoisonedImpl::operator== const): (WTF::PoisonedImpl::operator!= const): (WTF::PoisonedImpl::operator< const): (WTF::PoisonedImpl::operator<= const): (WTF::PoisonedImpl::operator> const): (WTF::PoisonedImpl::operator>= const): (WTF::PoisonedImpl::operator=): (WTF::PoisonedImpl::swap): (WTF::PoisonedImpl::exchange): (WTF::swap): (WTF::makePoison): (WTF::PoisonedImpl::operator==): Deleted.
3:09 PM Changeset in webkit [226560] by jmarcell@apple.com
  • 27 edits in branches/safari-604.4.7.1-branch/Source

Apply patch. rdar://problem/36116390

Use index masking for TypedArrays and and Wasm.
https://bugs.webkit.org/show_bug.cgi?id=180920

Reviewed by Filip Pizlo.

We should have index masking for our TypedArray code in the
DFG/FTL and for Wasm when doing bounds checking. Index masking for
Wasm is added to the WasmBoundsCheckValue. Since we don't CSE any
WasmBoundsCheckValues we don't need to worry about combining a
bounds check for a load and a store. I went with fusing the
pointer masking in the WasmBoundsCheckValue since it should reduce
additional compiler overhead.

  • b3/B3LowerToAir.cpp:
  • b3/B3Validate.cpp:
  • b3/B3WasmBoundsCheckValue.cpp: (JSC::B3::WasmBoundsCheckValue::WasmBoundsCheckValue): (JSC::B3::WasmBoundsCheckValue::dumpMeta const):
  • b3/B3WasmBoundsCheckValue.h: (JSC::B3::WasmBoundsCheckValue::pinnedIndexingMask const):
  • b3/air/AirCustom.h: (JSC::B3::Air::WasmBoundsCheckCustom::generate):
  • b3/testb3.cpp: (JSC::B3::testWasmBoundsCheck):
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::loadFromIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile):
  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileAtomicsReadModifyWrite): (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal): (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray): (JSC::FTL::DFG::LowerDFGToB3::pointerIntoTypedArray):
  • jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::emitComputeButterflyIndexingMask):
  • runtime/Butterfly.h:
  • runtime/JSArrayBufferView.cpp: (JSC::JSArrayBufferView::JSArrayBufferView):
  • runtime/JSArrayBufferView.h: (JSC::JSArrayBufferView::offsetOfIndexingMask):
  • wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::B3IRGenerator): (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState): (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer): (JSC::Wasm::B3IRGenerator::load): (JSC::Wasm::B3IRGenerator::store): (JSC::Wasm::B3IRGenerator::addCallIndirect):
  • wasm/WasmBinding.cpp: (JSC::Wasm::wasmToWasm):
  • wasm/WasmMemory.cpp: (JSC::Wasm::Memory::Memory):
  • wasm/WasmMemory.h: (JSC::Wasm::Memory::offsetOfIndexingMask):
  • wasm/WasmMemoryInformation.cpp: (JSC::Wasm::PinnedRegisterInfo::get): (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):
  • wasm/WasmMemoryInformation.h: (JSC::Wasm::PinnedRegisterInfo::toSave const):
  • wasm/js/JSToWasm.cpp: (JSC::Wasm::createJSToWasmWrapper):

Use index masking for TypedArrays and and Wasm.
https://bugs.webkit.org/show_bug.cgi?id=180920

Reviewed by Filip Pizlo.

Copy things from ToT that we will need for a branch.

  • wtf/MathExtras.h: (WTF::computeIndexingMask):
  • wtf/StdLibExtras.h: (std::clz):
3:08 PM Changeset in webkit [226559] by jmarcell@apple.com
  • 5 edits in branches/safari-604.4.7.1-branch

Apply patch. rdar://problem/36116546

Reduce the precision of "high" resolution time to 1ms
https://bugs.webkit.org/show_bug.cgi?id=180910
<rdar://problem/36085943>

Reviewed by Saam Barati.

Add a flaky test expectation to imported/w3c/web-platform-tests/workers/worker-performance.worker.html
due to a test bug. The test fix is tracked in https://github.com/w3c/web-platform-tests/pull/8711

3:08 PM Changeset in webkit [226558] by jmarcell@apple.com
  • 13 edits in branches/safari-604.4.7.1-branch/Source

Cherry-pick r226068. rdar://problem/36116392

3:08 PM Changeset in webkit [226557] by jmarcell@apple.com
  • 3 edits in branches/safari-604.4.7.1-branch/Source/JavaScriptCore

Apply patch. rdar://problem/36116362

Disable/remove SharedArrayBuffers from Web API
rdar://problem/36077849

Removed SharedArrayBuffer prototype and structure to disable.

  • runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::init): (JSC::JSGlobalObject::visitChildren):
  • runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype const): (JSC::JSGlobalObject::arrayBufferStructure const):
2:59 PM Changeset in webkit [226556] by mark.lam@apple.com
  • 6 edits in trunk/Source/JavaScriptCore

Rename CodeBlock::m_vm to CodeBlock::m_poisonedVM.
https://bugs.webkit.org/show_bug.cgi?id=181403
<rdar://problem/36359789>

Rubber-stamped by JF Bastien.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::finalizeLLIntInlineCaches):
(JSC::CodeBlock::jettison):
(JSC::CodeBlock::predictedMachineCodeSize):

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::vm const):
(JSC::CodeBlock::addConstant):
(JSC::CodeBlock::heap const):
(JSC::CodeBlock::replaceConstant):

  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
2:51 PM Changeset in webkit [226555] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.4.7.0.5

Tag Safari-604.4.7.0.5.

2:50 PM Changeset in webkit [226554] by jmarcell@apple.com
  • 1 copy in tags/Safari-604.4.7.0.4

Tag Safari-604.4.7.0.4.

2:45 PM Changeset in webkit [226553] by jmarcell@apple.com
  • 1 copy in tags/Safari-605.1.20

Tag Safari-605.1.20.

2:42 PM Changeset in webkit [226552] by jmarcell@apple.com
  • 7 edits in branches/safari-604.4.7.0-branch/Source

Versioning.

2:42 PM Changeset in webkit [226551] by jmarcell@apple.com
  • 1 edit in branches/safari-604.4.7.0-branch/Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp

Apply patch. rdar://problem/36267602

fix indexing mask

2:42 PM Changeset in webkit [226550] by jmarcell@apple.com
  • 7 edits in branches/safari-604.4.7.0-branch/Source

Versioning.

2:42 PM Changeset in webkit [226549] by jmarcell@apple.com
  • 3 edits in branches/safari-604.4.7.0-branch/Source/JavaScriptCore/offlineasm

Apply patch. rdar://problem/36113365

Fix build failure for iOS. Partial cherry-pick r223239 (offlineasm portion of that change).

2:42 PM Changeset in webkit [226548] by jmarcell@apple.com
  • 2 edits in branches/safari-604.4.7.0-branch/Source/JavaScriptCore

Apply patch. rdar://problem/36113365

32-bit fix.

2:42 PM Changeset in webkit [226547] by jmarcell@apple.com
  • 62 edits
    4 copies
    3 adds in branches/safari-604.4.7.0-branch

Apply patch. rdar://problem/36113352

Cherry-pick r225363, r225437, r225632, r225659, r225697, r225857. rdar://problem/36085975

Also merged offlineasm parts of r220184 and r222549. These changes are required
to support the code in cherry-picked revisions above.

2017-11-30 Mark Lam <mark.lam@apple.com>

Let's scramble MacroAssemblerCodePtr values.
https://bugs.webkit.org/show_bug.cgi?id=180169
<rdar://problem/35758340>

Reviewed by Filip Pizlo, Saam Barati, and JF Bastien.

  1. MacroAssemblerCodePtr now stores a ScrambledPtr instead of a void*.
  1. MacroAssemblerCodePtr's executableAddress() and dataLocation() now take a template argument type that will be used to cast the result. This makes the client code that uses these functions a little less verbose.
  1. Change the code base in general to minimize passing void* code pointers around. We now pass MacroAssemblerCodePtr as much as possible, and descramble it only at the last moment when we need the underlying code pointer.
  1. Added some MasmScrambledPtr paranoid asserts that are disabled (not built) by default. I'm leaving them in because they are instrumental in finding bugs where not all MacroAssemblerCodePtr values were not scrambled as expected. I expect them to be useful in the near future as we add more scrambling.
  1. Also disable the casting operator on MacroAssemblerCodePtr (except for explicit casts to a boolean). This ensures that clients will always explicitly use scrambledBits() or executableAddress() to get a value based on which value they actually need.
  1. Added currentThread() id to the logging in LLIntSlowPath trace functions. This was helpful when debugging tests that ran multiple VMs concurrently on different threads.

MacroAssemblerCodePtr is currently supported on 64-bit builds (including the
CLoop). It is not yet supported in 32-bit and Windows because we don't
currently have a way to read a global variable from their LLInt code.

  • assembler/AbstractMacroAssembler.h: (JSC::AbstractMacroAssembler::differenceBetweenCodePtr): (JSC::AbstractMacroAssembler::linkPointer):
  • assembler/CodeLocation.h: (JSC::CodeLocationCommon::instructionAtOffset): (JSC::CodeLocationCommon::labelAtOffset): (JSC::CodeLocationCommon::jumpAtOffset): (JSC::CodeLocationCommon::callAtOffset): (JSC::CodeLocationCommon::nearCallAtOffset): (JSC::CodeLocationCommon::dataLabelPtrAtOffset): (JSC::CodeLocationCommon::dataLabel32AtOffset): (JSC::CodeLocationCommon::dataLabelCompactAtOffset): (JSC::CodeLocationCommon::convertibleLoadAtOffset):
  • assembler/LinkBuffer.cpp: (JSC::LinkBuffer::finalizeCodeWithDisassembly):
  • assembler/LinkBuffer.h: (JSC::LinkBuffer::link): (JSC::LinkBuffer::patch):
  • assembler/MacroAssemblerCodeRef.cpp: (JSC::MacroAssemblerCodePtr::initialize):
  • assembler/MacroAssemblerCodeRef.h: (JSC::FunctionPtr::FunctionPtr): (JSC::FunctionPtr::value const): (JSC::FunctionPtr::executableAddress const): (JSC::ReturnAddressPtr::ReturnAddressPtr): (JSC::ReturnAddressPtr::value const): (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr): (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): (JSC::MacroAssemblerCodePtr::scrambledPtr const): (JSC::MacroAssemblerCodePtr:: const): (JSC::MacroAssemblerCodePtr::operator! const): (JSC::MacroAssemblerCodePtr::operator bool const): (JSC::MacroAssemblerCodePtr::operator== const): (JSC::MacroAssemblerCodePtr::hash const): (JSC::MacroAssemblerCodePtr::emptyValue): (JSC::MacroAssemblerCodePtr::deletedValue): (JSC::MacroAssemblerCodePtr::executableAddress const): Deleted. (JSC::MacroAssemblerCodePtr::dataLocation const): Deleted.
  • b3/B3LowerMacros.cpp:
  • b3/testb3.cpp: (JSC::B3::testInterpreter):
  • dfg/DFGDisassembler.cpp: (JSC::DFG::Disassembler::dumpDisassembly):
  • dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::link): (JSC::DFG::JITCompiler::compileFunction):
  • dfg/DFGOperations.cpp:
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::emitSwitchIntJump): (JSC::DFG::SpeculativeJIT::emitSwitchImm): (JSC::DFG::SpeculativeJIT::emitSwitchCharStringJump): (JSC::DFG::SpeculativeJIT::emitSwitchChar):
  • dfg/DFGSpeculativeJIT.h:
  • disassembler/Disassembler.cpp: (JSC::disassemble):
  • disassembler/UDis86Disassembler.cpp: (JSC::tryToDisassembleWithUDis86):
  • ftl/FTLCompile.cpp: (JSC::FTL::compile):
  • ftl/FTLJITCode.cpp: (JSC::FTL::JITCode::executableAddressAtOffset):
  • ftl/FTLLink.cpp: (JSC::FTL::link):
  • ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileMathIC): (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct): (JSC::FTL::DFG::LowerDFGToB3::compileTailCall): (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread): (JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
  • interpreter/InterpreterInlines.h: (JSC::Interpreter::getOpcodeID):
  • jit/JITArithmetic.cpp: (JSC::JIT::emitMathICFast): (JSC::JIT::emitMathICSlow):
  • jit/JITCode.cpp: (JSC::JITCodeWithCodeRef::executableAddressAtOffset): (JSC::JITCodeWithCodeRef::dataAddressAtOffset): (JSC::JITCodeWithCodeRef::offsetOf):
  • jit/JITDisassembler.cpp: (JSC::JITDisassembler::dumpDisassembly):
  • jit/PCToCodeOriginMap.cpp: (JSC::PCToCodeOriginMap::PCToCodeOriginMap):
  • jit/Repatch.cpp: (JSC::ftlThunkAwareRepatchCall):
  • jit/ThunkGenerators.cpp: (JSC::virtualThunkFor): (JSC::boundThisNoArgsFunctionCallGenerator):
  • llint/LLIntSlowPaths.cpp: (JSC::LLInt::llint_trace_operand): (JSC::LLInt::llint_trace_value): (JSC::LLInt::handleHostCall): (JSC::LLInt::setUpCall):
  • llint/LowLevelInterpreter64.asm:
  • offlineasm/cloop.rb:
  • runtime/InitializeThreading.cpp: (JSC::initializeThreading):
  • wasm/WasmBBQPlan.cpp: (JSC::Wasm::BBQPlan::complete):
  • wasm/WasmCallee.h: (JSC::Wasm::Callee::entrypoint const):
  • wasm/WasmCodeBlock.cpp: (JSC::Wasm::CodeBlock::CodeBlock):
  • wasm/WasmOMGPlan.cpp: (JSC::Wasm::OMGPlan::work):
  • wasm/js/WasmToJS.cpp: (JSC::Wasm::wasmToJS):
  • wasm/js/WebAssemblyFunction.cpp: (JSC::callWebAssemblyFunction):
  • wasm/js/WebAssemblyFunction.h:
  • wasm/js/WebAssemblyWrapperFunction.cpp: (JSC::WebAssemblyWrapperFunction::create):

2017-12-01 Mark Lam <mark.lam@apple.com>

Let's scramble ClassInfo pointers in cells.
https://bugs.webkit.org/show_bug.cgi?id=180291
<rdar://problem/35807620>

Reviewed by JF Bastien.

  • API/JSCallbackObject.h:
  • API/JSObjectRef.cpp: (classInfoPrivate):
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • assembler/MacroAssemblerCodeRef.cpp: (JSC::MacroAssemblerCodePtr::initialize): Deleted.
  • assembler/MacroAssemblerCodeRef.h: (JSC::MacroAssemblerCodePtr:: const): (JSC::MacroAssemblerCodePtr::hash const):
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileCheckSubClass): (JSC::DFG::SpeculativeJIT::compileNewStringObject):
  • ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject): (JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
  • jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
  • jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
  • runtime/InitializeThreading.cpp: (JSC::initializeThreading):
  • runtime/JSCScrambledPtr.cpp: Added. (JSC::initializeScrambledPtrKeys):
  • runtime/JSCScrambledPtr.h: Added.
  • runtime/JSDestructibleObject.h: (JSC::JSDestructibleObject::classInfo const):
  • runtime/JSSegmentedVariableObject.h: (JSC::JSSegmentedVariableObject::classInfo const):
  • runtime/Structure.h:
  • runtime/VM.h:

2017-12-07 Mark Lam <mark.lam@apple.com>

[Re-landing r225620] Refactoring: Rename ScrambledPtr to Poisoned.
https://bugs.webkit.org/show_bug.cgi?id=180514

Reviewed by Saam Barati and JF Bastien.

Re-landing r225620 with speculative build fix for GCC 7.

  • API/JSCallbackObject.h:
  • API/JSObjectRef.cpp: (classInfoPrivate):
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • assembler/MacroAssemblerCodeRef.h: (JSC::FunctionPtr::FunctionPtr): (JSC::FunctionPtr::value const): (JSC::FunctionPtr::executableAddress const): (JSC::ReturnAddressPtr::ReturnAddressPtr): (JSC::ReturnAddressPtr::value const): (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr): (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): (JSC::MacroAssemblerCodePtr::poisonedPtr const): (JSC::MacroAssemblerCodePtr:: const): (JSC::MacroAssemblerCodePtr::operator! const): (JSC::MacroAssemblerCodePtr::operator== const): (JSC::MacroAssemblerCodePtr::emptyValue): (JSC::MacroAssemblerCodePtr::deletedValue): (JSC::MacroAssemblerCodePtr::scrambledPtr const): Deleted.
  • b3/B3LowerMacros.cpp:
  • b3/testb3.cpp: (JSC::B3::testInterpreter):
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::checkArray): (JSC::DFG::SpeculativeJIT::compileCheckSubClass): (JSC::DFG::SpeculativeJIT::compileNewStringObject): (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
  • ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject): (JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
  • jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
  • jit/SpecializedThunkJIT.h: (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
  • jit/ThunkGenerators.cpp: (JSC::virtualThunkFor): (JSC::boundThisNoArgsFunctionCallGenerator):
  • llint/LLIntSlowPaths.cpp: (JSC::LLInt::handleHostCall): (JSC::LLInt::setUpCall):
  • llint/LowLevelInterpreter64.asm:
  • runtime/InitializeThreading.cpp: (JSC::initializeThreading):
  • runtime/JSCPoisonedPtr.cpp: Copied from Source/JavaScriptCore/runtime/JSCScrambledPtr.cpp. (JSC::initializePoison): (JSC::initializeScrambledPtrKeys): Deleted.
  • runtime/JSCPoisonedPtr.h: Copied from Source/JavaScriptCore/runtime/JSCScrambledPtr.h.
  • runtime/JSCScrambledPtr.cpp: Removed.
  • runtime/JSCScrambledPtr.h: Removed.
  • runtime/JSDestructibleObject.h: (JSC::JSDestructibleObject::classInfo const):
  • runtime/JSSegmentedVariableObject.h: (JSC::JSSegmentedVariableObject::classInfo const):
  • runtime/Structure.h:
  • runtime/VM.h:

2017-12-07 Mark Lam <mark.lam@apple.com>

Apply poisoning to some native code pointers.
https://bugs.webkit.org/show_bug.cgi?id=180541
<rdar://problem/35916875>

Reviewed by Filip Pizlo.

Renamed g_classInfoPoison to g_globalDataPoison.
Renamed g_masmPoison to g_jitCodePoison.
Introduced g_nativeCodePoison.
Applied g_nativeCodePoison to poisoning some native code pointers.

Introduced non-random Int32 poison values (in JSCPoison.h) for use with pointers
to malloc allocated data structures (where needed).

  • API/JSCallbackFunction.h: (JSC::JSCallbackFunction::functionCallback):
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • jit/ThunkGenerators.cpp: (JSC::nativeForGenerator):
  • llint/LowLevelInterpreter64.asm:
  • runtime/CustomGetterSetter.h: (JSC::CustomGetterSetter::getter const): (JSC::CustomGetterSetter::setter const):
  • runtime/InternalFunction.cpp: (JSC::InternalFunction::getCallData): (JSC::InternalFunction::getConstructData):
  • runtime/InternalFunction.h: (JSC::InternalFunction::nativeFunctionFor):
  • runtime/JSCPoison.h: Added.
  • runtime/JSCPoisonedPtr.cpp: (JSC::initializePoison):
  • runtime/JSCPoisonedPtr.h:
  • runtime/Lookup.h:
  • runtime/NativeExecutable.cpp: (JSC::NativeExecutable::hashFor const):
  • runtime/NativeExecutable.h:
  • runtime/Structure.cpp: (JSC::StructureTransitionTable::setSingleTransition):
  • runtime/StructureTransitionTable.h: (JSC::StructureTransitionTable::StructureTransitionTable): (JSC::StructureTransitionTable::isUsingSingleSlot const): (JSC::StructureTransitionTable::map const): (JSC::StructureTransitionTable::weakImpl const): (JSC::StructureTransitionTable::setMap):

2017-12-08 Mark Lam <mark.lam@apple.com>

Need to unpoison native function pointers for CLoop.
https://bugs.webkit.org/show_bug.cgi?id=180601
<rdar://problem/35942028>

Reviewed by JF Bastien.

  • llint/LowLevelInterpreter64.asm:

2017-12-13 Mark Lam <mark.lam@apple.com>

Fill out some Poisoned APIs, fix some bugs, and add some tests.
https://bugs.webkit.org/show_bug.cgi?id=180724
<rdar://problem/36006884>

Reviewed by JF Bastien.

  • runtime/StructureTransitionTable.h:

2017-12-18 Jason Marcell <jmarcell@apple.com>

Apply patch. rdar://problem/36113365

Cherry-pick r225363, r225437, r225632, r225659, r225697, r225857. rdar://problem/36085975

2017-11-30 Mark Lam <mark.lam@apple.com>

Let's scramble MacroAssemblerCodePtr values.
https://bugs.webkit.org/show_bug.cgi?id=180169
<rdar://problem/35758340>

Reviewed by Filip Pizlo, Saam Barati, and JF Bastien.

Introduce a ScrambledPtr class to facilitate scrambling.

  • WTF.xcodeproj/project.pbxproj:
  • wtf/CMakeLists.txt:
  • wtf/ScrambledPtr.cpp: Added. (WTF::makeScrambledPtrKey):
  • wtf/ScrambledPtr.h: Added. (WTF::ScrambledPtr::ScrambledPtr): (WTF::ScrambledPtr::paranoidAssertIsScrambled const): (WTF::ScrambledPtr::paranoidAssertIsNotScrambled const): (WTF::ScrambledPtr:: const): (WTF::ScrambledPtr::operator-> const): (WTF::ScrambledPtr::scrambledBits const): (WTF::ScrambledPtr::operator! const): (WTF::ScrambledPtr::operator bool const): (WTF::ScrambledPtr::operator== const): (WTF::ScrambledPtr::operator==): (WTF::ScrambledPtr::scramble): (WTF::ScrambledPtr::descramble):

2017-12-01 Mark Lam <mark.lam@apple.com>

Let's scramble ClassInfo pointers in cells.
https://bugs.webkit.org/show_bug.cgi?id=180291
<rdar://problem/35807620>

Reviewed by JF Bastien.

  • wtf/ScrambledPtr.h: (WTF::ScrambledPtr::descrambled const): (WTF::ScrambledPtr::bits const): (WTF::ScrambledPtr::operator==): (WTF::ScrambledPtr::operator=): (WTF::ScrambledPtr::scramble): (WTF::ScrambledPtr::descramble): (WTF::ScrambledPtr:: const): Deleted. (WTF::ScrambledPtr::scrambledBits const): Deleted.

2017-12-07 Mark Lam <mark.lam@apple.com>

[Re-landing r225620] Refactoring: Rename ScrambledPtr to Poisoned.
https://bugs.webkit.org/show_bug.cgi?id=180514

Reviewed by Saam Barati and JF Bastien.

Re-landing r225620 with speculative build fix for GCC 7.

  • WTF.xcodeproj/project.pbxproj:
  • wtf/CMakeLists.txt:
  • wtf/Poisoned.cpp: Copied from Source/WTF/wtf/ScrambledPtr.cpp. (WTF::makePoison): (WTF::makeScrambledPtrKey): Deleted.
  • wtf/Poisoned.h: Copied from Source/WTF/wtf/ScrambledPtr.h. (WTF::PoisonedImpl::PoisonedImpl): (WTF::PoisonedImpl::assertIsPoisoned const): (WTF::PoisonedImpl::assertIsNotPoisoned const): (WTF::PoisonedImpl::unpoisoned const): (WTF::PoisonedImpl::operator-> const): (WTF::PoisonedImpl::bits const): (WTF::PoisonedImpl::operator! const): (WTF::PoisonedImpl::operator bool const): (WTF::PoisonedImpl::operator== const): (WTF::PoisonedImpl::operator==): (WTF::PoisonedImpl::operator=): (WTF::PoisonedImpl::poison): (WTF::PoisonedImpl::unpoison): (WTF::ScrambledPtr::ScrambledPtr): Deleted. (WTF::ScrambledPtr::assertIsScrambled const): Deleted. (WTF::ScrambledPtr::assertIsNotScrambled const): Deleted. (WTF::ScrambledPtr::descrambled const): Deleted. (WTF::ScrambledPtr::operator-> const): Deleted. (WTF::ScrambledPtr::bits const): Deleted. (WTF::ScrambledPtr::operator! const): Deleted. (WTF::ScrambledPtr::operator bool const): Deleted. (WTF::ScrambledPtr::operator== const): Deleted. (WTF::ScrambledPtr::operator==): Deleted. (WTF::ScrambledPtr::operator=): Deleted. (WTF::ScrambledPtr::scramble): Deleted. (WTF::ScrambledPtr::descramble): Deleted.
  • wtf/ScrambledPtr.cpp: Removed.
  • wtf/ScrambledPtr.h: Removed.

2017-12-07 Mark Lam <mark.lam@apple.com>

Apply poisoning to some native code pointers.
https://bugs.webkit.org/show_bug.cgi?id=180541
<rdar://problem/35916875>

Reviewed by Filip Pizlo.

Ensure that the resultant poisoned bits still looks like a pointer in that its
bottom bits are 0, just like the alignment bits of a pointer. This allows the
client to use the bottom bits of the poisoned bits as flag bits just like the
client was previously able to do with pointer values.

Note: we only ensure that the bottom alignment bits of the generated poison
value is 0. We're not masking out the poisoned bits. This means that the bottom
bits of the poisoned bits will only be null if the original pointer is aligned.
Hence, if the client applies the poison to an unaligned pointer, we do not lose
any information on the low bits.

Also removed 2 wrong assertions in PoisonedImpl's constructors. We were
asserting that Poisoned will never be used with a null value, but that's invalid.
We do want to allow a null value so that we don't have to constantly do null
checks in the clients. This was uncovered by some layout tests.

  • wtf/Poisoned.cpp: (WTF::makePoison):
  • wtf/Poisoned.h: (WTF::PoisonedImpl::PoisonedImpl):

2017-12-13 Mark Lam <mark.lam@apple.com>

Fill out some Poisoned APIs, fix some bugs, and add some tests.
https://bugs.webkit.org/show_bug.cgi?id=180724
<rdar://problem/36006884>

Reviewed by JF Bastien.

Also rename Int32Poisoned to ConstExprPoisoned. The key it takes is actually a
uint32_t. So, Int32 is really a misnomer. In addition, the key needs to be a
constexpr. So, ConstExprPoisoned is a better name for it.

  • wtf/Poisoned.cpp: (WTF::makePoison):
  • wtf/Poisoned.h: (WTF::PoisonedImplHelper::asReference): (WTF::PoisonedImpl::PoisonedImpl): (WTF::PoisonedImpl::clear): (WTF::PoisonedImpl::operator* const): (WTF::PoisonedImpl::operator-> const): (WTF::PoisonedImpl::operator== const): (WTF::PoisonedImpl::operator!= const): (WTF::PoisonedImpl::operator< const): (WTF::PoisonedImpl::operator<= const): (WTF::PoisonedImpl::operator> const): (WTF::PoisonedImpl::operator>= const): (WTF::PoisonedImpl::operator=): (WTF::PoisonedImpl::swap): (WTF::PoisonedImpl::exchange): (WTF::swap): (WTF::makePoison): (WTF::PoisonedImpl::operator==): Deleted.
2:41 PM Changeset in webkit [226546] by jmarcell@apple.com
  • 27 edits in branches/safari-604.4.7.0-branch/Source

Apply patch. rdar://problem/36113365

Use index masking for TypedArrays and and Wasm.
https://bugs.webkit.org/show_bug.cgi?id=180920

Reviewed by Filip Pizlo.

We should have index masking for our TypedArray code in the
DFG/FTL and for Wasm when doing bounds checking. Index masking for
Wasm is added to the WasmBoundsCheckValue. Since we don't CSE any
WasmBoundsCheckValues we don't need to worry about combining a
bounds check for a load and a store. I went with fusing the
pointer masking in the WasmBoundsCheckValue since it should reduce
additional compiler overhead.

  • b3/B3LowerToAir.cpp:
  • b3/B3Validate.cpp:
  • b3/B3WasmBoundsCheckValue.cpp: (JSC::B3::WasmBoundsCheckValue::WasmBoundsCheckValue): (JSC::B3::WasmBoundsCheckValue::dumpMeta const):
  • b3/B3WasmBoundsCheckValue.h: (JSC::B3::WasmBoundsCheckValue::pinnedIndexingMask const):
  • b3/air/AirCustom.h: (JSC::B3::Air::WasmBoundsCheckCustom::generate):
  • b3/testb3.cpp: (JSC::B3::testWasmBoundsCheck):
  • dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::loadFromIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile):
  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileAtomicsReadModifyWrite): (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal): (JSC::FTL::DFG::LowerDFGToB3::compileNewTypedArray): (JSC::FTL::DFG::LowerDFGToB3::pointerIntoTypedArray):
  • jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::emitComputeButterflyIndexingMask):
  • runtime/Butterfly.h:
  • runtime/JSArrayBufferView.cpp: (JSC::JSArrayBufferView::JSArrayBufferView):
  • runtime/JSArrayBufferView.h: (JSC::JSArrayBufferView::offsetOfIndexingMask):
  • wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::B3IRGenerator): (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState): (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer): (JSC::Wasm::B3IRGenerator::load): (JSC::Wasm::B3IRGenerator::store): (JSC::Wasm::B3IRGenerator::addCallIndirect):
  • wasm/WasmBinding.cpp: (JSC::Wasm::wasmToWasm):
  • wasm/WasmMemory.cpp: (JSC::Wasm::Memory::Memory):
  • wasm/WasmMemory.h: (JSC::Wasm::Memory::offsetOfIndexingMask):
  • wasm/WasmMemoryInformation.cpp: (JSC::Wasm::PinnedRegisterInfo::get): (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo):
  • wasm/WasmMemoryInformation.h: (JSC::Wasm::PinnedRegisterInfo::toSave const):
  • wasm/js/JSToWasm.cpp: (JSC::Wasm::createJSToWasmWrapper):

Use index masking for TypedArrays and and Wasm.
https://bugs.webkit.org/show_bug.cgi?id=180920

Reviewed by Filip Pizlo.

Copy things from ToT that we will need for a branch.

  • wtf/MathExtras.h: (WTF::computeIndexingMask):
  • wtf/StdLibExtras.h: (std::clz):
2:41 PM Changeset in webkit [226545] by jmarcell@apple.com
  • 5 edits in branches/safari-604.4.7.0-branch

Apply patch. rdar://problem/36113340

Reduce the precision of "high" resolution time to 1ms
https://bugs.webkit.org/show_bug.cgi?id=180910
<rdar://problem/36085943>

Reviewed by Saam Barati.

Add a flaky test expectation to imported/w3c/web-platform-tests/workers/worker-performance.worker.html
due to a test bug. The test fix is tracked in https://github.com/w3c/web-platform-tests/pull/8711

2:41 PM Changeset in webkit [226544] by jmarcell@apple.com
  • 13 edits in branches/safari-604.4.7.0-branch/Source

Cherry-pick r226068. rdar://problem/36113378

2:41 PM Changeset in webkit [226543] by jmarcell@apple.com
  • 3 edits in branches/safari-604.4.7.0-branch/Source/JavaScriptCore

Apply patch. rdar://problem/36113314

Disable/remove SharedArrayBuffers from Web API
rdar://problem/36077849

Removed SharedArrayBuffer prototype and structure to disable.

  • runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::init): (JSC::JSGlobalObject::visitChildren):
  • runtime/JSGlobalObject.h: (JSC::JSGlobalObject::arrayBufferPrototype const): (JSC::JSGlobalObject::arrayBufferStructure const):
2:41 PM Changeset in webkit [226542] by wilander@apple.com
  • 8 edits in trunk/Source

Storage Access API: Remove access for all frames under a page when the page is closed
https://bugs.webkit.org/show_bug.cgi?id=181398
<rdar://problem/36357879>

Reviewed by Alex Christensen.

Source/WebCore:

No new tests. Discussed with Alex Christensen and we concluded that
both a layout test and an API test would require a lot of work and
we have existing tests for clearing out storage access for frames.

  • platform/network/NetworkStorageSession.h:
  • platform/network/cf/NetworkStorageSessionCFNet.cpp:

(WebCore::NetworkStorageSession::removeStorageAccessForAllFramesOnPage):

Source/WebKit:

  • NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::removeStorageAccessForAllFramesOnPage):

  • NetworkProcess/NetworkConnectionToWebProcess.h:
  • NetworkProcess/NetworkConnectionToWebProcess.messages.in:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::close):

2:35 PM Changeset in webkit [226541] by Matt Lewis
  • 7 edits
    4 deletes in trunk

Unreviewed, rolling out r226385.

The test introduced with this was a flaky since being added.

Reverted changeset:

"AX: when invert colors is on, double-invert certain media
elements in UserAgentStyleSheet"
https://bugs.webkit.org/show_bug.cgi?id=168447
https://trac.webkit.org/changeset/226385

2:33 PM Changeset in webkit [226540] by commit-queue@webkit.org
  • 12 edits in trunk/Source

SWClientConnection should not keep references to service worker jobs
https://bugs.webkit.org/show_bug.cgi?id=181381

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-08
Reviewed by Chris Dumez.

Source/WebCore:

Difficult to test determiniscally but corresponding crash log should no longer happen in debug builds.

Stopped passing ServiceWorkerJob references from ServiceWorkerContainer (potentially in service worker thread) to SWClientConnection (main thread).
Instead pass job identifiers and related data to the main thread.

Minor refactoring to use ServiceWorkerJobIdentifier instead of ServiceWorkerJobDataIdentifier which contains more data than needed.

  • workers/service/SWClientConnection.cpp:

(WebCore::SWClientConnection::scheduleJob):
(WebCore::SWClientConnection::failedFetchingScript):
(WebCore::SWClientConnection::postTaskForJob):
(WebCore::SWClientConnection::jobRejectedInServer):
(WebCore::SWClientConnection::registrationJobResolvedInServer):
(WebCore::SWClientConnection::unregistrationJobResolvedInServer):
(WebCore::SWClientConnection::startScriptFetchForServer):
(WebCore::SWClientConnection::clearPendingJobs):
(WebCore::SWClientConnection::finishedFetchingScript): Deleted.

  • workers/service/SWClientConnection.h:
  • workers/service/ServiceWorkerContainer.cpp:

(WebCore::ServiceWorkerContainer::scheduleJob):
(WebCore::ServiceWorkerContainer::startScriptFetchForJob):
(WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
(WebCore::ServiceWorkerContainer::jobFailedLoadingScript):

  • workers/service/ServiceWorkerContainer.h:
  • workers/service/server/SWServer.cpp:

(WebCore::SWServer::rejectJob):
(WebCore::SWServer::resolveRegistrationJob):
(WebCore::SWServer::resolveUnregistrationJob):
(WebCore::SWServer::startScriptFetch):

  • workers/service/server/SWServer.h:

Source/WebKit:

Updated IPC handling based on WebCore refactoring.

  • Scripts/webkit/messages.py:

(forward_declarations_and_headers):
(headers_for_type):

  • StorageProcess/ServiceWorker/WebSWServerConnection.cpp:

(WebKit::WebSWServerConnection::rejectJobInClient):
(WebKit::WebSWServerConnection::resolveRegistrationJobInClient):
(WebKit::WebSWServerConnection::resolveUnregistrationJobInClient):
(WebKit::WebSWServerConnection::startScriptFetchInClient):

  • StorageProcess/ServiceWorker/WebSWServerConnection.h:
  • WebProcess/Storage/WebSWClientConnection.messages.in:
2:19 PM Changeset in webkit [226539] by wenson_hsieh@apple.com
  • 8 edits in trunk

Copying, pasting, and then deleting an attachment element breaks attachment data requests
https://bugs.webkit.org/show_bug.cgi?id=181365
<rdar://problem/36340647>

Reviewed by Tim Horton.

Source/WebCore:

Currently, copying and pasting an attachment element within the same document and then deleting backwards to
remove the pasted attachment element causes the original attachment element to be inaccessible via SPI. This is
because there are now two different attachment elements with the same unique identifier, such that Document,
which keeps a map of all unique attachment identifiers to attachment elements, will lose track of the original
attachment element.

To fix this, we ensure that attachment elements should always have unique identifiers when they are inserted
into the document. We make several small adjustments to accomplish this:

  1. First, refactor HTMLAttachmentElement's unique identifier so that it no longer depends on the value of the

"webkitattachmentid" attribute, and is instead just a member of HTMLAttachmentElement that is not exposed to
DOM bindings. This means setting and querying an attachment element's uniqueIdentifier can be done without
triggering any side effects, such as layout or mutation events.

  1. Next, make "webkitattachmentid" a temporary attribute similar to "webkitattachmentpath" and

"webkitattachmentbloburl", so that it is added only when generating a markup fragment for editing, and
removed upon deserialization.

  1. Lastly, shift the responsibility of assigning a unique identifier to an attachment away from places where we

create attachment elements, and instead have Document enforce this when an attachment element is inserted.

Tests: WKAttachmentTests.InsertAndRemoveDuplicateAttachment

WKAttachmentTests.InsertDuplicateAttachmentAndUpdateData

  • dom/Document.cpp:

(WebCore::Document::didInsertAttachmentElement):

Assign the unique identifier of an attachment element that has been inserted. If the identifier already tracks
an existing attachment element in the document or is missing, reassign the identifier to a new value.

  • editing/cocoa/WebContentReaderCocoa.mm:

(WebCore::createFragmentForImageAttachment):
(WebCore::replaceRichContentWithAttachments):
(WebCore::WebContentReader::readFilePaths):

Remove calls to setUniqueIdentifier here, since Document will assign a unique identifier upon insertion.

  • editing/markup.cpp:

(WebCore::StyledMarkupAccumulator::appendCustomAttributes):
(WebCore::createFragmentFromMarkup):

Set the attachment's unique identifier to the value of the "webkitattachmentid" attribute. When moving existing
attachments around in the DOM without duplication, this ensures that the attachment will be removed and
reinserted in the document without triggering removal and insertion client delegate methods.

When pasting an attachment element that has the same identifier as an existing attachment, we let Document
realize that the attachment identifier already exists, and reassign it to a unique value.

  • html/HTMLAttachmentElement.cpp:

(WebCore::HTMLAttachmentElement::uniqueIdentifier const): Deleted.
(WebCore::HTMLAttachmentElement::setUniqueIdentifier): Deleted.

  • html/HTMLAttachmentElement.h:

Tools:

Adds two new attachment API tests to verify that copying and pasting an existing attachment inserts an
attachment element that may be edited independently of the original attachment. See WebCore/ChangeLog for more
detail.

  • TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:

(TestWebKitAPI::TEST):

2:13 PM Changeset in webkit [226538] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Skip http/tests/resourceLoadStatistics/clear-in-memory-and-persistent-store.html
https://bugs.webkit.org/show_bug.cgi?id=181223

Unreviewed test gardening.

  • platform/wk2/TestExpectations:
2:04 PM Changeset in webkit [226537] by Alan Bujtas
  • 7 edits
    2 adds in trunk/Source/WebCore

[RenderTreeBuilder] Move RenderBlockFlow addChild logic to RenderTreeBuilder
https://bugs.webkit.org/show_bug.cgi?id=181348
<rdar://problem/36328117>

Reviewed by Antti Koivisto.

This is about moving the code, no cleanup and/or normalization (unfortunately it also means
some temporary changes).

No change in functionality.

  • Sources.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • rendering/RenderBlockFlow.cpp:

(WebCore::RenderBlockFlow::addChild):

  • rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::RenderTreeBuilder):
(WebCore::RenderTreeBuilder::insertChildToRenderBlockFlow):

  • rendering/updating/RenderTreeBuilder.h:

(WebCore::RenderTreeBuilder::blockFlowBuilder):

  • rendering/updating/RenderTreeBuilderBlockFlow.cpp: Added.

(WebCore::RenderTreeBuilder::BlockFlow::BlockFlow):
(WebCore::RenderTreeBuilder::BlockFlow::insertChild):

  • rendering/updating/RenderTreeBuilderBlockFlow.h: Added.
2:01 PM Changeset in webkit [226536] by commit-queue@webkit.org
  • 3 edits
    4 adds in trunk/Source/WebKit

[Cocoa] Web Inspector: Provide a way for clients to check if an NSWindow is a Web Inspector window
https://bugs.webkit.org/show_bug.cgi?id=181361
<rdar://problem/36332865>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2018-01-08
Reviewed by Darin Adler.

  • WebKit.xcodeproj/project.pbxproj:

New files.

  • Shared/API/Cocoa/_WKNSWindowExtras.h: Added.
  • Shared/API/Cocoa/_WKNSWindowExtras.mm: Added.

(-[NSWindow _web_isWebInspectorWindow]):
Method to determing if a window is being used for Web Inspector content.

  • UIProcess/mac/WKInspectorWindow.h: Added.
  • UIProcess/mac/WKInspectorWindow.mm: Added.

Named subclass so we can use isKindOfClass.

  • UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::WebInspectorProxy::createFrontendWindow):
Use the named subclass.

1:54 PM Changeset in webkit [226535] by Ryan Haddad
  • 2 edits in trunk/JSTests

Disable SharedArrayBuffer tests missed in r226386.
https://bugs.webkit.org/show_bug.cgi?id=181266

Unreviewed test gardening.

  • test262.yaml:
1:53 PM Changeset in webkit [226534] by Matt Lewis
  • 2 edits in trunk/LayoutTests

Marked http/wpt/cache-storage/cache-put-stream.https.any.html as flaky on macOS WK2.
https://bugs.webkit.org/show_bug.cgi?id=181107

Unreviewed test gardening.

  • platform/mac-wk2/TestExpectations:
1:48 PM Changeset in webkit [226533] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit

Build fix for WKPDFView
https://bugs.webkit.org/show_bug.cgi?id=181399
<rdar://problem/36311915>

Reviewed by Simon Fraser.

  • UIProcess/ios/WKPDFView.mm:

Disable deprecation warnings in this whole file.

1:19 PM Changeset in webkit [226532] by commit-queue@webkit.org
  • 25 edits in trunk

Add CSP support to service workers
https://bugs.webkit.org/show_bug.cgi?id=181385

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-08
Reviewed by Chris Dumez.

LayoutTests/imported/w3c:

  • web-platform-tests/service-workers/service-worker/service-worker-csp-connect.https-expected.txt:
  • web-platform-tests/service-workers/service-worker/service-worker-csp-default.https-expected.txt:
  • web-platform-tests/service-workers/service-worker/service-worker-csp-script.https-expected.txt:

Source/WebCore:

Covered by rebased tests.

Added recovery of CSP information from WorkerScriptLoader.
Added plumbing to pass the CSP information to Service Workers.
Added persistency support for the CSP information.

  • workers/WorkerScriptLoader.cpp:

(WebCore::WorkerScriptLoader::loadAsynchronously):
(WebCore::WorkerScriptLoader::didReceiveResponse):

  • workers/WorkerScriptLoader.h:

(WebCore::WorkerScriptLoader::contentSecurityPolicy const):

  • workers/service/SWClientConnection.cpp:

(WebCore::SWClientConnection::finishedFetchingScript):
(WebCore::SWClientConnection::failedFetchingScript):

  • workers/service/SWClientConnection.h:
  • workers/service/ServiceWorkerContainer.cpp:

(WebCore::ServiceWorkerContainer::addRegistration):
(WebCore::ServiceWorkerContainer::jobFailedWithException):
(WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
(WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):

  • workers/service/ServiceWorkerContainer.h:
  • workers/service/ServiceWorkerContextData.cpp:

(WebCore::ServiceWorkerContextData::isolatedCopy const):

  • workers/service/ServiceWorkerContextData.h:

(WebCore::ServiceWorkerContextData::encode const):
(WebCore::ServiceWorkerContextData::decode):

  • workers/service/ServiceWorkerFetchResult.h:

(WebCore::ServiceWorkerFetchResult::encode const):
(WebCore::ServiceWorkerFetchResult::decode):

  • workers/service/ServiceWorkerGlobalScope.cpp:

(WebCore::ServiceWorkerGlobalScope::create):

  • workers/service/ServiceWorkerGlobalScope.h:
  • workers/service/ServiceWorkerJob.cpp:

(WebCore::ServiceWorkerJob::notifyFinished):

  • workers/service/ServiceWorkerJobClient.h:
  • workers/service/context/ServiceWorkerThread.cpp:

(WebCore::ServiceWorkerThread::ServiceWorkerThread):
(WebCore::ServiceWorkerThread::createWorkerGlobalScope):

  • workers/service/server/RegistrationDatabase.cpp:

(WebCore::v1RecordsTableSchema):
(WebCore::RegistrationDatabase::openSQLiteDatabase):
(WebCore::RegistrationDatabase::doPushChanges):
(WebCore::RegistrationDatabase::importRecords):

  • workers/service/server/SWServer.cpp:

(WebCore::SWServer::updateWorker):
(WebCore::SWServer::installContextData):

  • workers/service/server/SWServer.h:
  • workers/service/server/SWServerJobQueue.cpp:

(WebCore::SWServerJobQueue::scriptFetchFinished):

  • workers/service/server/SWServerWorker.cpp:

(WebCore::SWServerWorker::SWServerWorker):
(WebCore::m_contentSecurityPolicy):
(WebCore::SWServerWorker::contextData const):

  • workers/service/server/SWServerWorker.h:
1:06 PM Changeset in webkit [226531] by commit-queue@webkit.org
  • 6 edits in trunk

Use no-cache fetch mode when loading main documents with location.reload()
https://bugs.webkit.org/show_bug.cgi?id=181285

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-08
Reviewed by Alex Christensen.

LayoutTests/imported/w3c:

  • web-platform-tests/service-workers/service-worker/fetch-event.https-expected.txt:

Source/WebCore:

Covered by rebased tests.

Start to translate cache policy used for navigation as FetchOptions::Cache.
This allows ensuring service workers receive the right cache mode when intercepting navigation loads.
To not change current navigation behavior, ReturnCacheDataElseLoad and ReturnCacheDataDontLoad still trigger default fetch cache mode.

For Reload and ReloadExpiredOnly frame load types, using no-cache mode is more efficient than reload mode,
as a conditional request will be sent if possible. This applies to location.reload which is consistent with other browsers.
Keep reload mode for ReloadFromOrigin.

  • loader/DocumentLoader.cpp:

(WebCore::toFetchOptionsCache):
(WebCore::DocumentLoader::loadMainResource):

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadFrameRequest):
(WebCore::FrameLoader::loadURL):
(WebCore::FrameLoader::load):
(WebCore::FrameLoader::reload):
(WebCore::FrameLoader::defaultRequestCachingPolicy):
(WebCore::FrameLoader::loadDifferentDocumentItem):

  • loader/NavigationScheduler.cpp:
1:05 PM Changeset in webkit [226530] by mark.lam@apple.com
  • 26 edits in trunk/Source

Apply poisoning to more pointers in JSC.
https://bugs.webkit.org/show_bug.cgi?id=181096
<rdar://problem/36182970>

Reviewed by JF Bastien.

Source/JavaScriptCore:

  • assembler/MacroAssembler.h:

(JSC::MacroAssembler::xorPtr):

  • assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::xor64):

  • assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::xor64):

  • Add xorPtr implementation.
  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::inferredName const):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::visitWeakly):
(JSC::CodeBlock::visitChildren):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::WeakReferenceHarvester::visitWeakReferences):
(JSC::CodeBlock::finalizeLLIntInlineCaches):
(JSC::CodeBlock::finalizeBaselineJITInlineCaches):
(JSC::CodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
(JSC::CodeBlock::jettison):
(JSC::CodeBlock::predictedMachineCodeSize):
(JSC::CodeBlock::findPC):

  • bytecode/CodeBlock.h:

(JSC::CodeBlock::UnconditionalFinalizer::UnconditionalFinalizer):
(JSC::CodeBlock::WeakReferenceHarvester::WeakReferenceHarvester):
(JSC::CodeBlock::stubInfoBegin):
(JSC::CodeBlock::stubInfoEnd):
(JSC::CodeBlock::callLinkInfosBegin):
(JSC::CodeBlock::callLinkInfosEnd):
(JSC::CodeBlock::instructions):
(JSC::CodeBlock::instructions const):
(JSC::CodeBlock::vm const):

  • dfg/DFGOSRExitCompilerCommon.h:

(JSC::DFG::adjustFrameAndStackInOSRExitCompilerThunk):

  • jit/JIT.h:
  • llint/LLIntOfflineAsmConfig.h:
  • llint/LowLevelInterpreter.asm:
  • llint/LowLevelInterpreter64.asm:
  • parser/UnlinkedSourceCode.h:
  • runtime/JSCPoison.h:
  • runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::init):

  • runtime/JSGlobalObject.h:
  • runtime/JSScriptFetchParameters.h:
  • runtime/JSScriptFetcher.h:
  • runtime/StructureTransitionTable.h:
  • wasm/js/JSWebAssemblyCodeBlock.cpp:

(JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
(JSC::JSWebAssemblyCodeBlock::visitChildren):
(JSC::JSWebAssemblyCodeBlock::UnconditionalFinalizer::finalizeUnconditionally):

  • wasm/js/JSWebAssemblyCodeBlock.h:

Source/WTF:

Added support for PoisonedBag and PoisonedRefCountedArray.

  • wtf/Bag.h:

(WTF::Private::BagNode::BagNode):
(WTF::Bag::Bag):
(WTF::Bag::operator=):
(WTF::Bag::clear):
(WTF::Bag::add):
(WTF::Bag::begin):
(WTF::Bag::unwrappedHead):
(WTF::Bag::Node::Node): Deleted.

  • wtf/BagToHashMap.h:

(WTF::toHashMap):

  • wtf/Poisoned.h:

(WTF::constExprPoisonRandom):
(WTF::makeConstExprPoison):

  • wtf/RefCountedArray.h:

(WTF::RefCountedArray::RefCountedArray):
(WTF::RefCountedArray::clone const):
(WTF::RefCountedArray::operator=):
(WTF::RefCountedArray::~RefCountedArray):
(WTF::RefCountedArray::refCount const):
(WTF::RefCountedArray::size const):
(WTF::RefCountedArray::data):
(WTF::RefCountedArray::begin):
(WTF::RefCountedArray::end):
(WTF::RefCountedArray::data const):
(WTF::RefCountedArray::begin const):
(WTF::RefCountedArray::operator== const):
(WTF::RefCountedArray::Header::fromPayload):

  • wtf/WTFAssertions.cpp:
1:02 PM Changeset in webkit [226529] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebKitLegacy/mac

Fix check-webkit-style issues with WebNSDataExtras.mm
<https://webkit.org/b/181369>

Reviewed by Alex Christensen.

  • Misc/WebNSDataExtras.mm:

(-[NSString _web_capitalizeRFC822HeaderFieldName]):
(-[NSData _webkit_guessedMIMETypeForXML]):
(-[NSData _webkit_guessedMIMEType]):
(-[NSData _web_isCaseInsensitiveEqualToCString:]):
(_findEOL):
(-[NSData _webkit_parseRFC822HeaderFields]):
(-[NSData _web_locationAfterFirstBlankLine]):

  • Fix all the check-webkit-style warnings.
12:47 PM Changeset in webkit [226528] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit

Caches::writeCachesToDisk should assert that it is initialized
https://bugs.webkit.org/show_bug.cgi?id=181383

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-08
Reviewed by Alex Christensen.

Add assertion to ensure caches is initialized

  • NetworkProcess/cache/CacheStorageEngineCaches.cpp:

(WebKit::CacheStorage::Caches::writeCachesToDisk):

12:45 PM Changeset in webkit [226527] by commit-queue@webkit.org
  • 1 edit
    2 adds in trunk/LayoutTests

[WinCairo] Add default port TestExpectations for wincairo
https://bugs.webkit.org/show_bug.cgi?id=179221

Patch by Basuke Suzuki <Basuke Suzuki> on 2018-01-08
Reviewed by Alex Christensen.

  • platform/wincairo-win10/TestExpectations: Added.
10:58 AM Changeset in webkit [226526] by commit-queue@webkit.org
  • 14 edits
    2 adds in trunk

Stop exposing fetch and extendable events to window
https://bugs.webkit.org/show_bug.cgi?id=181325

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-08
Reviewed by Chris Dumez.

Source/WebCore:

Covered by updated tests.

Marked FetchEvent and ExtendableEvent as visible in ServiceWorker environments only.
Moved related Internals testing routines to ServiceWorkerInternals.

  • testing/Internals.cpp:

(WebCore::Internals::waitForFetchEventToFinish): Deleted.
(WebCore::Internals::createBeingDispatchedFetchEvent): Deleted.

  • testing/Internals.h:
  • testing/Internals.idl:
  • testing/ServiceWorkerInternals.cpp:

(WebCore::ServiceWorkerInternals::waitForFetchEventToFinish):
(WebCore::ServiceWorkerInternals::createBeingDispatchedFetchEvent):

  • testing/ServiceWorkerInternals.h:
  • testing/ServiceWorkerInternals.idl:
  • workers/service/ExtendableEvent.idl:
  • workers/service/FetchEvent.idl:

LayoutTests:

  • http/wpt/service-workers/extendableEvent.https-expected.txt:
  • http/wpt/service-workers/extendableEvent.https.html:
  • http/wpt/service-workers/fetchEvent.https-expected.txt:
  • http/wpt/service-workers/fetchEvent.https.html:
10:55 AM Changeset in webkit [226525] by jmarcell@apple.com
  • 5 edits in tags/Safari-605.1.19.1

Cherry-pick r226495. rdar://problem/36085943

10:55 AM Changeset in webkit [226524] by jmarcell@apple.com
  • 24 edits in tags/Safari-605.1.19.1/Source

Cherry-pick r226461. rdar://problem/36085949

10:55 AM Changeset in webkit [226523] by jmarcell@apple.com
  • 20 edits in tags/Safari-605.1.19.1

Cherry-pick r226386. rdar://problem/36077849

10:54 AM Changeset in webkit [226522] by jmarcell@apple.com
  • 4 edits in tags/Safari-605.1.19.1

Cherry-pick r226371. rdar://problem/36146670

10:47 AM Changeset in webkit [226521] by Antti Koivisto
  • 5 edits
    2 adds in trunk

REGRESSION (r219145): Toggling layer borders on a static document no longer works immediately
https://bugs.webkit.org/show_bug.cgi?id=176260
<rdar://problem/34219966>

Reviewed by Simon Fraser.

Source/WebCore:

Optimization reveled bugs in debug indicator painting.

Test: compositing/debug-borders-dynamic.html

  • platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):
(WebCore::GraphicsLayerCA::updateDebugIndicators):
(WebCore::GraphicsLayerCA::updateDebugBorder): Deleted.

  • Rename to indicate this is not just about debug borders.
  • Trigger display so repaint counters get painted. This helper is only called when the indicators change.
  • platform/graphics/ca/GraphicsLayerCA.h:
  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::cacheAcceleratedCompositingFlags):

Ensure we do compositing update on debug border change even when there is no layout.

LayoutTests:

  • compositing/debug-borders-dynamic-expected.html: Added.
  • compositing/debug-borders-dynamic.html: Added.
10:38 AM Changeset in webkit [226520] by Alan Bujtas
  • 8 edits
    1 copy
    1 add in trunk/Source/WebCore

[RenderTreeBuilder] Move RenderInline addChild logic to RenderTreeBuilder
https://bugs.webkit.org/show_bug.cgi?id=181336
<rdar://problem/36324693>

Reviewed by Antti Koivisto.

This is about moving the code, no cleanup and/or normalization (unfortunately it also means
some temporary changes).

No change in functionality.

  • Sources.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • rendering/RenderInline.cpp:

(WebCore::RenderInline::addChild):
(WebCore::RenderInline::addChildIgnoringContinuation):
(WebCore::RenderInline::childBecameNonInline):
(WebCore::nextContinuation): Deleted.
(WebCore::RenderInline::continuationBefore): Deleted.
(WebCore::newChildIsInline): Deleted.
(WebCore::RenderInline::cloneAsContinuation const): Deleted.
(WebCore::RenderInline::splitInlines): Deleted.
(WebCore::RenderInline::splitFlow): Deleted.
(WebCore::canUseAsParentForContinuation): Deleted.
(WebCore::RenderInline::addChildToContinuation): Deleted.

  • rendering/RenderInline.h:
  • rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::RenderTreeBuilder):
(WebCore::RenderTreeBuilder::insertChildToRenderInline):
(WebCore::RenderTreeBuilder::insertChildToRenderInlineIgnoringContinuation):
(WebCore::RenderTreeBuilder::splitFlow):

  • rendering/updating/RenderTreeBuilder.h:

(WebCore::RenderTreeBuilder::inlineBuilder):

  • rendering/updating/RenderTreeBuilderInline.cpp: Added.

(WebCore::canUseAsParentForContinuation):
(WebCore::nextContinuation):
(WebCore::continuationBefore):
(WebCore::cloneAsContinuation):
(WebCore::newChildIsInline):
(WebCore::inFlowPositionedInlineAncestor):
(WebCore::RenderTreeBuilder::Inline::Inline):
(WebCore::RenderTreeBuilder::Inline::insertChild):
(WebCore::RenderTreeBuilder::Inline::insertChildToContinuation):
(WebCore::RenderTreeBuilder::Inline::insertChildIgnoringContinuation):
(WebCore::RenderTreeBuilder::Inline::splitFlow):
(WebCore::RenderTreeBuilder::Inline::splitInlines):

  • rendering/updating/RenderTreeBuilderInline.h: Added.
10:37 AM Changeset in webkit [226519] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit

WebProcessPool::terminateServiceWorkerProcess should protect itself in debug builds
https://bugs.webkit.org/show_bug.cgi?id=181384

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-08
Reviewed by Chris Dumez.

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::terminateServiceWorkerProcess):

10:33 AM Changeset in webkit [226518] by commit-queue@webkit.org
  • 3 edits
    11 adds in trunk/LayoutTests

[EME] Add layout test for InitData and InitDataType in CENC encrypted event
https://bugs.webkit.org/show_bug.cgi?id=180430

Patch by Yacine Bandou <yacine.bandou_ext@softathome.com> on 2018-01-08
Reviewed by Xabier Rodriguez-Calvar.

This is a simple encrypted video file used for regular playback.
It has been encrypted with BENTO4. https://www.bento4.com/

  • media/content/encrypted/segments/VideoClearKeyCenc-seg-0.mp4: Added.

This is a simple encrypted video fragment used in MSE playback.
It has been fragmented and encrypted with BENTO4. https://www.bento4.com/

  • media/encrypted-media/clearKey/clearKey-encrypted-cenc-event-expected.txt: Added.
  • media/encrypted-media/clearKey/clearKey-encrypted-cenc-event-mse-expected.txt: Added.
  • media/encrypted-media/clearKey/clearKey-encrypted-cenc-event-mse.html: Added.

This is a test with MSE.

  • media/encrypted-media/clearKey/clearKey-encrypted-cenc-event.html: Added.

This is a test with a regular playback.

  • media/encrypted-media/medias-enc.js: Added.

This JavaScrit file lists the encrypted media wich will be used in encrypted-media tests.
It gives all necessary informations about the encrypted media: path of the file or
the path of the segments in MSE case, mimeType, initDataType and the encryption keys.

  • media/media-source/media-source-loader-simple.js: Added.

This JavaScript file provides a simple MSE implementation, reads the segments of the media and appends them
in the appropriate SourceBuffer.

  • platform/wpe/TestExpectations:
9:42 AM Changeset in webkit [226517] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebInspectorUI

Web Inspector: Find next / previous within a resource content view does not have bouncy highlight when editor scrolls
https://bugs.webkit.org/show_bug.cgi?id=181279
<rdar://problem/36291097>

Patch by Joseph Pecoraro <Joseph Pecoraro> on 2018-01-08
Reviewed by Brian Burg.

  • UserInterface/Views/TextEditor.js:

(WI.TextEditor.prototype._revealSearchResult):
Reposition the bouncy highlight on scroll based on the CodeMirror
line/ch position of the search result.

(WI.TextEditor.prototype._removeBouncyHighlightElementIfNeeded):
Track the bouncy highlight scroll handler in a member variable so that
we always remember to remove it and don't leak scroll handlers.

9:40 AM Changeset in webkit [226516] by Alan Bujtas
  • 13 edits
    2 adds in trunk/Source/WebCore

[RenderTreeBuilder] Move RenderBlock addChild logic to RenderTreeBuilder
https://bugs.webkit.org/show_bug.cgi?id=181319
<rdar://problem/36313464>

Reviewed by Antti Koivisto.

This is about moving the code, no cleanup and/or normalization (unfortunately it also means
some temporary changes).

No change in functionality.

  • Sources.txt:
  • WebCore.xcodeproj/project.pbxproj:
  • rendering/RenderBlock.cpp:

(WebCore::RenderBlock::addChild):
(WebCore::RenderBlock::addChildIgnoringContinuation):
(WebCore::RenderBlock::childBecameNonInline):
(WebCore::RenderBlock::continuationBefore): Deleted.
(WebCore::RenderBlock::addChildToContinuation): Deleted.
(WebCore::getInlineRun): Deleted.
(WebCore::RenderBlock::makeChildrenNonInline): Deleted.

  • rendering/RenderBlock.h:
  • rendering/RenderBox.cpp:

(WebCore::markBoxForRelayoutAfterSplit): Deleted.
(WebCore::RenderBox::splitAnonymousBoxesAroundChild): Deleted.

  • rendering/RenderBox.h:
  • rendering/RenderRubyBase.cpp:

(WebCore::RenderRubyBase::moveChildren):
(WebCore::RenderRubyBase::moveBlockChildren):

  • rendering/RenderTable.cpp:

(WebCore::RenderTable::addChild):

  • rendering/RenderTableRow.cpp:

(WebCore::RenderTableRow::addChild):

  • rendering/RenderTableSection.cpp:

(WebCore::RenderTableSection::addChild):

  • rendering/updating/RenderTreeBuilder.cpp:

(WebCore::markBoxForRelayoutAfterSplit):
(WebCore::getInlineRun):
(WebCore::RenderTreeBuilder::RenderTreeBuilder):
(WebCore::RenderTreeBuilder::insertChildToRenderBlock):
(WebCore::RenderTreeBuilder::insertChildToRenderBlockIgnoringContinuation):
(WebCore::RenderTreeBuilder::makeChildrenNonInline):
(WebCore::RenderTreeBuilder::splitAnonymousBoxesAroundChild):

  • rendering/updating/RenderTreeBuilder.h:

(WebCore::RenderTreeBuilder::blockBuilder):

  • rendering/updating/RenderTreeBuilderBlock.cpp: Added.

(WebCore::continuationBefore):
(WebCore::RenderTreeBuilder::Block::Block):
(WebCore::RenderTreeBuilder::Block::insertChild):
(WebCore::RenderTreeBuilder::Block::insertChildToContinuation):
(WebCore::RenderTreeBuilder::Block::insertChildIgnoringContinuation):

  • rendering/updating/RenderTreeBuilderBlock.h: Added.
9:02 AM Changeset in webkit [226515] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Standard controls sometimes say video is in pip when it isnt.
https://bugs.webkit.org/show_bug.cgi?id=181095
rdar://problem/36182687

Patch by Jeremy Jones <jeremyj@apple.com> on 2018-01-08
Reviewed by Eric Carlson.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::exitFullscreen):

8:46 AM Changeset in webkit [226514] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

REGRESSION: [iOS] ASSERTION FAILED: !node.isConnected() in WebCore::notifyNodeInsertedIntoDocument
https://bugs.webkit.org/show_bug.cgi?id=181091

Reviewed by Darin Adler.

Move the work previously performed in insertedIntoAncestor() into didFinishInsertingNode().

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::prepareForLoad):

8:14 AM Changeset in webkit [226513] by fred.wang@free.fr
  • 2 edits in trunk/Source/WebKit

Unreviewed build fix after r226211.

Patch by Frederic Wang <fwang@igalia.com> on 2018-01-08

  • UIProcess/API/Cocoa/WKPreferencesPrivate.h: Use WK_IOS_TBA for iOS.
7:55 AM Changeset in webkit [226512] by Ms2ger@igalia.com
  • 11 edits in trunk/LayoutTests

Update imagebitmap tests.
https://bugs.webkit.org/show_bug.cgi?id=181379

Unreviewed test gardening.

LayoutTests/imported/w3c:

  • web-platform-tests/2dcontext/imagebitmap/common.js:
  • web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage-expected.txt:
  • web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage.html:
  • web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args-expected.txt:
  • web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args.html:

LayoutTests:

  • platform/gtk/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage-expected.txt:
  • platform/gtk/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args-expected.txt:
  • platform/wpe/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage-expected.txt:
  • platform/wpe/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args-expected.txt:
7:00 AM Changeset in webkit [226511] by zandobersek@gmail.com
  • 7 edits in trunk/Source/WebCore

[Cairo] Use isolated fill and stroke source containers
https://bugs.webkit.org/show_bug.cgi?id=181386

Reviewed by Carlos Garcia Campos.

Generate fill and stroke source objects upon invocation of various Cairo
operations, initializing necessary data from the GraphicsContextState
object.

Cairo::FillSource and Cairo::StrokeSource structs are introduced, both
being default-constructible as well as providing a constructor that
accepts a GraphicsContextState object from which the appropriate
resources are created.

The FillSource and StrokeSource objects are then passed to
PlatformContextCairo's prepareForFilling() and prepareForStroking()
methods. Here the helper prepareCairoContextSource() function is now
invoked with cairo_pattern_t objects as pattern or gradient sources, or
the source color if neither cairo_pattern_t object is specified.

The FillSource and StrokeSource constructors mimic the previous behavior
of prepareCairoContextSource(). In case the source is a Pattern object,
a cairo_pattern_t object is created from that. In case of FillSource,
we also retrieve pattern size, transform and repetition information. In
case the source os a Gradient object, we create a 'base' cairo_pattern_t
object for a completely opaque alpha channel. Additionally, if the alpha
value on the state is not 1, we create an alpha-adjusted cairo_pattern_t
that is potentially used for any filling or stroking operation that has
to preserve transparency. If neither Pattern or Gradient objects are set
on the GraphicsContextState, we default to the current fill or stroke
color.

Overall, there's no change in behavior, this is simply a refactoring
that enables us to construct Cairo objects for filling and stroking
sources at the time of Cairo operation dispatch, instead of pulling down
GraphicsContextState deeper into the Cairo-specific code.

No new tests -- no change in functionality.

  • platform/graphics/cairo/CairoOperations.cpp:

(WebCore::Cairo::drawPathShadow):
(WebCore::Cairo::fillCurrentCairoPath):
(WebCore::Cairo::FillSource::FillSource):
(WebCore::Cairo::StrokeSource::StrokeSource):
(WebCore::Cairo::fillRect):
(WebCore::Cairo::fillRectWithRoundedHole):
(WebCore::Cairo::fillPath):
(WebCore::Cairo::strokeRect):
(WebCore::Cairo::strokePath):
(WebCore::Cairo::drawGlyphs):

  • platform/graphics/cairo/CairoOperations.h:
  • platform/graphics/cairo/FontCairo.cpp:

(WebCore::FontCascade::drawGlyphs):

  • platform/graphics/cairo/GraphicsContextCairo.cpp:

(WebCore::GraphicsContext::fillPath):
(WebCore::GraphicsContext::strokePath):
(WebCore::GraphicsContext::fillRect):
(WebCore::GraphicsContext::strokeRect):
(WebCore::GraphicsContext::fillRectWithRoundedHole):

  • platform/graphics/cairo/PlatformContextCairo.cpp:

(WebCore::prepareCairoContextSource):
(WebCore::PlatformContextCairo::prepareForFilling):
(WebCore::PlatformContextCairo::prepareForStroking):
(WebCore::PlatformContextCairo::clipForPatternFilling):

  • platform/graphics/cairo/PlatformContextCairo.h:
6:43 AM Changeset in webkit [226510] by commit-queue@webkit.org
  • 21 edits
    6 adds in trunk

navigator.onLine does not work inside service workers
https://bugs.webkit.org/show_bug.cgi?id=181079
<rdar://problem/36178606>

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-08
Reviewed by Darin Adler.

Source/WebCore:

Test: http/wpt/service-workers/online.https.html

Added support for onLine by reusing a similar implementation as regular workers.
Added ServiceWorkerInternals as an interface for an object exposed as self.internals in WTR.
This object has currently one method to trigger change in the online/offline status.
This allows writing a test for the onLine feature.

Note that self.internals is inserted asynchronously after the script was evaluated.
When writing a worker script using self.internals, one must make sure to use self.internals when initialized.
online-worker.js for instance makes use of self.internals in a postMessage callback.

  • CMakeLists.txt:
  • DerivedSources.make:
  • WebCore.xcodeproj/project.pbxproj:
  • bindings/js/WorkerScriptController.h:
  • dom/ScriptExecutionContext.h:
  • testing/ServiceWorkerInternals.cpp: Added.

(WebCore::ServiceWorkerInternals::ServiceWorkerInternals):
(WebCore::ServiceWorkerInternals::setOnline):

  • testing/ServiceWorkerInternals.h: Added.
  • testing/ServiceWorkerInternals.idl: Added.
  • testing/js/WebCoreTestSupport.cpp:

(WebCoreTestSupport::setupNewlyCreateServiceWorker):

  • testing/js/WebCoreTestSupport.h:
  • workers/service/context/SWContextManager.cpp:

(WebCore::SWContextManager::registerServiceWorkerThreadForInstall):
(WebCore::SWContextManager::startedServiceWorker):

  • workers/service/context/SWContextManager.h:

(WebCore::SWContextManager::setServiceWorkerCreationCallback):
(WebCore::SWContextManager::workerByID):

  • workers/service/context/ServiceWorkerThread.cpp:

(WebCore::ServiceWorkerThread::ServiceWorkerThread):

  • workers/service/context/ServiceWorkerThreadProxy.cpp:

(WebCore::ServiceWorkerThreadProxy::ServiceWorkerThreadProxy):
(WebCore::ServiceWorkerThreadProxy::~ServiceWorkerThreadProxy):
(WebCore::ServiceWorkerThreadProxy::networkStateChanged):
(WebCore::ServiceWorkerThreadProxy::notifyNetworkStateChange):

  • workers/service/context/ServiceWorkerThreadProxy.h:

Source/WebKit:

Added support for a callback called for each service worker proxy creation.
Callback is used by WTR to inject a self.internals object used for testing.

  • WebProcess/InjectedBundle/API/c/WKBundle.cpp:

(WKBundleSetServiceWorkerProxyCreationCallback):

  • WebProcess/InjectedBundle/API/c/WKBundle.h:
  • WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::setServiceWorkerProxyCreationCallback):

  • WebProcess/InjectedBundle/InjectedBundle.h:

Tools:

  • WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::initialize): Setting service worker creation callback to inject ServiceWorkerInternals object.

LayoutTests:

  • http/wpt/service-workers/online-worker.js: Added.

(async.waitForOnlineEvent):
(async.doTest):

  • http/wpt/service-workers/online.https-expected.txt: Added.
  • http/wpt/service-workers/online.https.html: Added.
6:38 AM Changeset in webkit [226509] by zandobersek@gmail.com
  • 5 edits in trunk/Source/WebCore

[Cairo] Contain shadow blur requirement state in a separate object
https://bugs.webkit.org/show_bug.cgi?id=181380

Reviewed by Carlos Garcia Campos.

Instead of picking up the necessary state parameters from a
GraphicsContextState object, store the necessary parameters in a helper
ShadowBlurUsage struct. Mimicking the mustUseShadowBlur() function that
is being removed, values of the shadow color, shadow blur, and shadow
transform ignorance are stored there. Additionally, the required()
method accepts a PlatformContextCairo object through which it can
retrieve the current CTM and determine whether it's an identity, finally
deciding whether shadow blur can or cannot be ignored.

Goal of this change is to limit usage of GraphicsContextState directly
in operations implemented inside the Cairo namespace. Instead, the
state parameters should be passed directly, or an equivalent but limited
state object should be constructed for invocation of such operations.

This is likely only an intermediate solution. It's possible it will be
replaced by a more complete shadow state struct that would be used for
any operation that is required to draw shadows, if necessary.

No new tests -- no change in functionality.

  • platform/graphics/cairo/CairoOperations.cpp:

(WebCore::Cairo::drawGlyphsShadow):
(WebCore::Cairo::ShadowBlurUsage::ShadowBlurUsage):
(WebCore::Cairo::ShadowBlurUsage::required const):
(WebCore::Cairo::fillRectWithRoundedHole):
(WebCore::Cairo::drawGlyphs):
(WebCore::Cairo::mustUseShadowBlur): Deleted.

  • platform/graphics/cairo/CairoOperations.h:
  • platform/graphics/cairo/FontCairo.cpp:

(WebCore::FontCascade::drawGlyphs):

  • platform/graphics/cairo/GraphicsContextCairo.cpp:

(WebCore::GraphicsContext::fillRectWithRoundedHole):

5:53 AM Changeset in webkit [226508] by Philippe Normand
  • 13 edits
    2 deletes in trunk/Source/WebCore

[GStreamer][Soup] Remove dead getCreateOrReadBuffer code path
https://bugs.webkit.org/show_bug.cgi?id=181376

Reviewed by Carlos Garcia Campos.

This code path is no longer used now that the GStreamer HTTP
source element uses data coming directly from the network process.

  • SourcesGTK.txt:
  • SourcesWPE.txt:
  • loader/MediaResourceLoader.cpp:

(WebCore::MediaResource::getOrCreateReadBuffer): Deleted.

  • loader/MediaResourceLoader.h:
  • loader/SubresourceLoader.h:
  • loader/cache/CachedRawResource.h:
  • loader/cache/CachedRawResourceClient.h:

(WebCore::CachedRawResourceClient::finishedTimingForWorkerLoad):
(WebCore::CachedRawResourceClient::getOrCreateReadBuffer): Deleted.

  • loader/cache/CachedResource.h:

(WebCore::CachedResource::getOrCreateReadBuffer): Deleted.

  • loader/soup/CachedRawResourceSoup.cpp: Removed.
  • loader/soup/SubresourceLoaderSoup.cpp: Removed.
  • platform/graphics/PlatformMediaResourceLoader.h:

(WebCore::PlatformMediaResourceClient::loadFinished):
(WebCore::PlatformMediaResourceClient::getOrCreateReadBuffer): Deleted.

  • platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(CachedResourceStreamingClient::getOrCreateReadBuffer): Deleted.

  • platform/network/ResourceHandleClient.h:

(WebCore::ResourceHandleClient::getOrCreateReadBuffer): Deleted.

  • platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::ResourceHandle::ensureReadBuffer):

4:32 AM Changeset in webkit [226507] by commit-queue@webkit.org
  • 2 edits in trunk/LayoutTests

imported/w3c/web-platform-tests/service-workers/service-worker/interfaces-sw.https.html is slow in Debug
https://bugs.webkit.org/show_bug.cgi?id=181382

Unreviewed.

Patch by Youenn Fablet <youenn@apple.com> on 2018-01-08

3:33 AM Changeset in webkit [226506] by ddkilzer@apple.com
  • 4 edits in trunk/Source/ThirdParty/libwebrtc

libwebrtc: Fix 'ld: warning: cannot export hidden symbol' messages
<https://webkit.org/b/181378>

Reviewed by Youenn Fablet.

  • Configurations/libwebrtc.iOS.exp:
  • Configurations/libwebrtc.iOSsim.exp:
  • Configurations/libwebrtc.mac.exp:
  • Remove 117 symbols that are not currently exported. These warnings only appear in Release and Production builds.
1:38 AM Changeset in webkit [226505] by Carlos Garcia Campos
  • 2 edits in trunk/LayoutTests

Unreviewed GTK gardening. Rebaseline test again after r226500.

  • platform/gtk/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args-expected.txt:
1:34 AM Changeset in webkit [226504] by Carlos Garcia Campos
  • 3 edits
    2 adds in trunk/Source/WebCore

[GStreamer] use FastMalloc-based GstAllocator
https://bugs.webkit.org/show_bug.cgi?id=165793

Reviewed by Philippe Normand.

Add GstAllocatorFastMalloc, a GstAllocator implementation using fast malloc. It's only used when fast malloc is
enabled and can be disabled using an environment variable for debugging purposes.

  • platform/GStreamer.cmake:
  • platform/graphics/gstreamer/GStreamerUtilities.cpp:

(WebCore::initializeGStreamer):

  • platform/graphics/gstreamer/GstAllocatorFastMalloc.cpp: Added.

(gstMemoryFastMallocNew):
(gstAllocatorFastMallocAlloc):
(gstAllocatorFastMallocFree):
(gstAllocatorFastMallocMemMap):
(gstAllocatorFastMallocMemUnmap):
(gstAllocatorFastMallocMemCopy):
(gstAllocatorFastMallocMemShare):
(gstAllocatorFastMallocMemIsSpan):
(gst_allocator_fast_malloc_class_init):
(gst_allocator_fast_malloc_init):

  • platform/graphics/gstreamer/GstAllocatorFastMalloc.h: Added.
1:22 AM Changeset in webkit [226503] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebKitLegacy/mac

Build fix #2: Enable -Wcast-qual for WebInspectorUI, WebKitLegacy, WebKit projects
<https://webkit.org/b/181256>
<rdar://problem/36281730>

  • Plugins/WebNetscapePluginEventHandlerCocoa.mm:

(WebNetscapePluginEventHandlerCocoa::handleTSMEvent):

  • Use reinterpret_cast<NPNSString*>(const_cast<CFMutableStringRef>()) to avoid warnings from casting CFStringRef to NPNSString*. Note that CFMutableStringRef is the same as CFStringRef without the const modifier, hence its use in the const_cast<> above.
1:16 AM Changeset in webkit [226502] by Carlos Garcia Campos
  • 3 edits in trunk/LayoutTests

Unreviewed GTK gardening. Partially revert r224460.

Two tests were incorrectly rebaselined in r224460.

  • platform/gtk/fast/forms/auto-fill-button/input-strong-confirmation-password-auto-fill-button-expected.txt:
  • platform/gtk/fast/forms/auto-fill-button/input-strong-password-auto-fill-button-expected.txt:
1:08 AM Changeset in webkit [226501] by ddkilzer@apple.com
  • 2 edits in trunk/Source/WebKitLegacy/mac

Build fix: Enable -Wcast-qual for WebInspectorUI, WebKitLegacy, WebKit projects
<https://webkit.org/b/181256>
<rdar://problem/36281730>

  • Carbon/HIWebView.mm:

(StartUpdateObserver): Include TypeCastsCF.h from WTF, and use
checked_cf_cast<CFRunLoopRef>() to fix warning.

Jan 7, 2018:

11:23 PM Changeset in webkit [226500] by Ms2ger@igalia.com
  • 9 edits in trunk

Implement createImageBitmap(ImageBitmap)
https://bugs.webkit.org/show_bug.cgi?id=181287

Reviewed by Darin Adler.

LayoutTests/imported/w3c:

  • web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage-expected.txt: rebaseline.

Source/WebCore:

Tests: imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage.html

imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args.html

  • html/ImageBitmap.cpp:

(WebCore::ImageBitmap::createPromise):

LayoutTests:

  • platform/gtk/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage-expected.txt: rebaseline.
  • platform/gtk/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args-expected.txt: rebaseline.
  • platform/wpe/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage-expected.txt: rebaseline.
  • platform/wpe/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args-expected.txt: rebaseline.
10:00 PM Changeset in webkit [226499] by ddkilzer@apple.com
  • 28 edits
    1 move in trunk/Source

Enable -Wcast-qual for WebInspectorUI, WebKitLegacy, WebKit projects
<https://webkit.org/b/181256>
<rdar://problem/36281730>

Reviewed by Darin Adler.

Source/WebInspectorUI:

  • Configurations/Base.xcconfig:

(WARNING_CFLAGS): Add -Wcast-qual.

Source/WebKit:

  • Configurations/Base.xcconfig:

(WARNING_CFLAGS): Add -Wcast-qual.

  • NetworkProcess/cache/NetworkCacheCodersCocoa.cpp:

(WTF::Persistence::encodeCertificateChain): Include
TypeCastsCF.h from WTF, and use
checked_cf_cast<SecCertificateRef>() to fix warning.

  • Platform/cocoa/WKCrashReporter.mm:

(WebKit::setCrashReportApplicationSpecificInformation):

  • Move oldMessage check above nullptr check to fix a leak when passing in nullptr after previously setting the crash string.
  • Change C-style cast to const_cast<char*>() to fix warning.
  • PluginProcess/mac/PluginProcessShim.mm:

(WebKit::shim_shmat): Change C-style cast to
const_cast<void*>() to fix warning.

  • Shared/Authentication/mac/AuthenticationManager.mac.mm:

(WebKit::leafCertificate): Include TypeCastsCF.h from
WTF, and use checked_cf_cast<SecCertificateRef>() to fix
warning.

  • Shared/cf/ArgumentCodersCF.cpp:

(IPC::encode): Use static_cast<>(const_cast<void*>() to
fix warnings since the CFTypeID has already been
checked.

  • Shared/mac/WebCoreArgumentCodersMac.mm:

(IPC::decodeNSError): Use an auto variable to hold the
CFMutableDictionaryRef, then WTFMove() to assign it back to
userInfo.

  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::takeWindowSnapshot): Include TypeCastsCF.h from
WTF, and use checked_cf_cast<CGImageRef>() to fix
warning.

Source/WebKitLegacy:

  • PlatformMac.cmake:
  • WebKitLegacy.xcodeproj/project.pbxproj:
  • Rename WebNSDataExtras.m to WebNSDataExtras.mm and change file type to Objective-C++.

Source/WebKitLegacy/mac:

  • Carbon/CarbonUtils.m:

(PoolCleaner):

  • Use #pragmas to ignore -Wcast-qual warnings when using a C-style cast from CFTypeRef to CFRunloopRef.
  • Carbon/CarbonWindowFrame.m:

(-[CarbonWindowFrame title]):

  • Use #pragmas to ignore -Wcast-qual warnings when using a C-style cast from CFStringRef to NSString *.
  • Carbon/HIViewAdapter.m:

(+[HIViewAdapter getHIViewForNSView:]):

  • Use #pragmas to ignore -Wcast-qual warnings when using a C-style cast from CFTypeRef to HIViewRef.
  • Configurations/Base.xcconfig:

(WARNING_CFLAGS): Add -Wcast-qual.

  • Misc/WebElementDictionary.mm:

(-[WebElementDictionary objectForKey:]):

  • Use static_cast<SEL>(const_cast<void*>()) to fix warning.
  • Misc/WebNSDataExtras.mm: Renamed from Source/WebKitLegacy/mac/Misc/WebNSDataExtras.m.

(-[NSString _web_capitalizeRFC822HeaderFieldName]):
(-[NSData _webkit_guessedMIMETypeForXML]):
(-[NSData _webkit_guessedMIMEType]):
(-[NSData _web_isCaseInsensitiveEqualToCString:]):
(_findEOL):
(-[NSData _webkit_parseRFC822HeaderFields]):
(-[NSData _web_startsWithBlankLine]):
(-[NSData _web_locationAfterFirstBlankLine]):

  • Rename WebNSDataExtras.m to WebNSDataExtras.mm and change file type to Objective-C++. This fixes the warnings about discarding the const modifier when casing from CFStringRef to NSString * because in older clang versions, -Wcast-qual was completely broken when compiling C++ and Objective-C++ source files. In newer clang versions, discarding the const modifier for toll-free bridged types is ignored when compiling Objective-C++ source.
  • Update copyright and license header.
  • Use reinterpret_cast<> and static_cast<> to fix warnings unrelated to (NSString *) C-style casts.
  • Replace use of MIN() macro with std::min<> template functions.
  • Fix location of * for local variables modified above.
  • Plugins/Hosted/NetscapePluginHostManager.mm:

(WebKit::NetscapePluginHostManager::spawnPluginHost):
(WebKit::NetscapePluginHostManager::initializeVendorPort):
(WebKit::NetscapePluginHostManager::instantiatePlugin):

  • Use static_cast<uint8_t*>(const_cast<void*>()) to fix warnings.
  • Plugins/Hosted/NetscapePluginHostProxy.mm:

(WebKit::NetscapePluginHostProxy::NetscapePluginHostProxy):

  • Use reinterpret_cast<mig_subsystem_t>(const_cast<struct WKWebKitPluginClient_subsystem*>()) to fix warning.
  • Plugins/Hosted/ProxyInstance.mm:

(WebKit::ProxyInstance::invoke):

  • Use static_cast<char*>(const_cast<void*>()) to fix warning when using -[NSData bytes].

(WebKit::ProxyInstance::fieldValue const):

  • Use reinterpret_cast<char*>(const_cast<unsigned char*>()) to fix warning when using CFDataGetBytePtr().
  • Plugins/Hosted/WebTextInputWindowController.m:

(-[WebTextInputPanel _interpretKeyEvent:string:]):

  • Use #pragma to ignore -Wcast-qual warning since there is not a good way to avoid this warning in Objective-C.
  • Plugins/WebNetscapePluginStream.mm:

(WebNetscapePluginStream::deliverData):

  • Use const_cast<void*>() to fix warning when using -[NSData bytes].
  • Plugins/WebNetscapePluginView.mm:

(-[WebNetscapePluginView _createPlugin]):

  • Change C-style cast to const_cast<char*>() to fix warning.
  • WebCoreSupport/WebChromeClient.mm:

(WebChromeClient::wrapCryptoKey const):
(WebChromeClient::unwrapCryptoKey const):

  • Change C-style cast to static_cast<uint8_t*>(const_cast<void*>() to fix warning.
  • WebView/WebPDFView.mm:

(_applicationInfoForMIMEType):

  • Change local variable type from 'NSURL *' to 'CFURLRef' to fix warning. Cast back to 'NSURL *' when calling -[NSURL path].
9:33 PM Changeset in webkit [226498] by jmarcell@apple.com
  • 4 edits in tags/Safari-605.1.19.1

Cherry-pick r226359. rdar://problem/36146670

9:32 PM Changeset in webkit [226497] by jmarcell@apple.com
  • 7 edits in tags/Safari-605.1.19.1/Source

Versioning.

9:24 PM Changeset in webkit [226496] by jmarcell@apple.com
  • 1 copy in tags/Safari-605.1.19.1

New tag.

5:22 PM Changeset in webkit [226495] by rniwa@webkit.org
  • 5 edits in trunk

Reduce the precision of "high" resolution time to 1ms
https://bugs.webkit.org/show_bug.cgi?id=180910
<rdar://problem/36085943>

Reviewed by Saam Barati.

Source/WebCore:

Reduced the high prevision time's resolution to 1ms, the same precision as Date.now().

Also fixed the bug in fillRTCStats that we weren't reducing the time resolution in RTCStats dictionaries.

  • Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:

(WebCore::fillRTCStats):

  • page/Performance.cpp:

(WebCore::Performance::reduceTimeResolution):

LayoutTests:

Add a flaky test expectation to imported/w3c/web-platform-tests/workers/worker-performance.worker.html
due to a test bug. The test fix is tracked in https://github.com/w3c/web-platform-tests/pull/8711

2:50 PM Changeset in webkit [226494] by Konstantin Tokarev
  • 2 edits in trunk/Source/WebKit

[cmake] Unset CMAKE_REQUIRED_LIBRARIES after check_function_exists test
https://bugs.webkit.org/show_bug.cgi?id=181371

Reviewed by Michael Catanzaro.

This variable is used by check_function_exists internally, its value
should be never used for anything else.

  • CMakeLists.txt:
2:22 PM Changeset in webkit [226493] by sbarati@apple.com
  • 2 edits in trunk/Tools

Add total exits and total compilations sorting mode to the "full" command in display-profiler-output
https://bugs.webkit.org/show_bug.cgi?id=181372

Reviewed by Filip Pizlo.

Adding these sorting modes makes it easier to analyze functions
that recompile a lot and exit a lot.

  • Scripts/display-profiler-output:

Jan 6, 2018:

10:31 PM Changeset in webkit [226492] by Simon Fraser
  • 6 edits
    2 adds in trunk

Possible crash computing event regions
https://bugs.webkit.org/show_bug.cgi?id=181368
rdar://problem/34847081

Reviewed by Zalan Bujtas.

Source/WebCore:

Don't trigger layout in Element::absoluteEventHandlerBounds(), since this can run arbirary script
which might delete elements or re-enter Document::absoluteRegionForEventTargets().

It's OK to not trigger layout, because if layout is dirty, the next layout will update event regions again.

Add a LayoutDisallowedScope to check that Document::absoluteRegionForEventTargets() doesn't
trigger layout, and move the check for LayoutDisallowedScope::isLayoutAllowed() from Document::updateLayout()
to LayoutContext::layout(), since some layouts don't happen via the former (e.g. the one being removed here).

The test checks that the assertion does not fire. I was not able to get a reliable test for any crash.

Test: fast/events/event-handler-regions-layout.html

  • dom/Document.cpp:

(WebCore::Document::updateLayout):
(WebCore::Document::absoluteRegionForEventTargets):

  • dom/Element.cpp:

(WebCore::Element::absoluteEventHandlerBounds):

  • page/LayoutContext.cpp:

(WebCore::LayoutContext::layout):

  • rendering/LayoutDisallowedScope.h: Move the #ifdefs around to avoid defining the enum twice.

(WebCore::LayoutDisallowedScope::LayoutDisallowedScope):
(WebCore::LayoutDisallowedScope::isLayoutAllowed):

LayoutTests:

  • fast/events/event-handler-regions-layout-expected.txt: Added.
  • fast/events/event-handler-regions-layout.html: Added.
9:48 PM Changeset in webkit [226491] by Simon Fraser
  • 5 edits
    2 adds in trunk

Crash under RenderLayer::scrollTo() with marquee
https://bugs.webkit.org/show_bug.cgi?id=181349
rdar://problem/36190168

Reviewed by Zalan Bujtas.

Source/WebCore:

Don't call updateWidgetPositions() synchonously during RenderLayer scrolling, because it
can run arbitrary script which may trigger destruction of this RenderLayer.

Instead, queue up updateWidgetPositions() on a zero-delay timer.

Under some circumstances this may allow a paint to occur before the widgets have been
updated (which could be fixed with a more invasive change), but in practice I saw no
painting issues with plug-ins or iframes inside overflow scroll, in WebKit or LegacyWebKit.

Test: fast/scrolling/marquee-scroll-crash.html

  • page/FrameView.cpp:

(WebCore::FrameView::FrameView):
(WebCore::FrameView::updateWidgetPositions):
(WebCore::FrameView::scheduleUpdateWidgetPositions):
(WebCore::FrameView::updateWidgetPositionsTimerFired):

  • page/FrameView.h:
  • rendering/RenderLayer.cpp:

(WebCore::RenderLayer::scrollTo):

LayoutTests:

  • fast/scrolling/marquee-scroll-crash-expected.txt: Added.
  • fast/scrolling/marquee-scroll-crash.html: Added.
9:18 PM Changeset in webkit [226490] by dino@apple.com
  • 4 edits
    4 adds in trunk

Accurately clip copyTexImage2D and copyTexSubImage2D
https://bugs.webkit.org/show_bug.cgi?id=181356
<rdar://problem/35083877>

Reviewed by Eric Carlson.

Source/WebCore:

The code to make sure copyTexSubImage2D and copyTexImage2D will not try to read
out of bounds had a bad bug introduced here:
https://bugs.webkit.org/show_bug.cgi?id=51421

With appropriate parameters, it would produce a rectangle with
negative dimensions. Most GL drivers just ignored this, but some
are not happy.

Test: fast/canvas/webgl/copy-tex-image-and-sub-image-2d-bad-input.html

  • html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::clip2D): Reimplement this in a more sane manner, and use
checked arithmetic while here.

  • html/canvas/WebGLRenderingContextBase.h:

(WebCore::clip1D): Deleted.
(WebCore::clip2D): Deleted.

LayoutTests:

  • fast/canvas/webgl/copy-tex-image-and-sub-image-2d-bad-input-expected.txt: Added.
  • fast/canvas/webgl/copy-tex-image-and-sub-image-2d-bad-input.html: Added.
4:15 PM Changeset in webkit [226489] by Yusuke Suzuki
  • 9 edits
    1 add in trunk

Object.getOwnPropertyNames includes "arguments" and "caller" for bound functions
https://bugs.webkit.org/show_bug.cgi?id=181321

Reviewed by Saam Barati.

JSTests:

  • stress/bound-function-does-not-have-caller-and-arguments.js: Added.

(shouldBe):
(testFunction):

  • test262.yaml:

Source/JavaScriptCore:

According to ECMA262 16.2[1], functions created using the bind method must not have
"caller" and "arguments" own properties.

[1]: https://tc39.github.io/ecma262/#sec-forbidden-extensions

  • runtime/JSBoundFunction.cpp:

(JSC::JSBoundFunction::finishCreation):

LayoutTests:

  • inspector/model/remote-object-get-properties-expected.txt:
  • inspector/runtime/getProperties-expected.txt:
  • js/script-tests/strict-throw-type-error.js:
  • js/strict-throw-type-error-expected.txt:
1:01 PM Changeset in webkit [226488] by Antti Koivisto
  • 3 edits in trunk/Source/WebCore

Use WeakPtr for RenderTreePosition::m_nextSibling
https://bugs.webkit.org/show_bug.cgi?id=181363

Reviewed by Zalan Bujtas.

For safety. In most cases it is null and won't cause us to instantiate WeakReferences for
many new objects.

  • rendering/updating/RenderTreePosition.cpp:

(WebCore::RenderTreePosition::computeNextSibling):

  • rendering/updating/RenderTreePosition.h:

(WebCore::RenderTreePosition::RenderTreePosition):
(WebCore::RenderTreePosition::nextSibling const):

8:52 AM Changeset in webkit [226487] by mitz@apple.com
  • 5 edits
    2 moves
    2 adds in trunk/Source/WebKit

REGRESSION (r226218): iOS-only assets are installed on macOS
https://bugs.webkit.org/show_bug.cgi?id=181362

Reviewed by Anders Carlsson.

  • Configurations/WebKit.xcconfig: Exclude everything under Resources/ios when not targeting iOS.
  • Resources/mac: Added.
  • Resources/mac/mediaIcon.pdf: Moved here…
  • Resources/mediaIcon.pdf: …from here.
  • WebKit.xcassets: Moved under Resources/ios.
  • WebKit.xcodeproj/project.pbxproj: Created an ios group under the Resources group, and cleaned up the mac group. Removed the Recovered References group.
12:56 AM Changeset in webkit [226486] by Julien Brianceau
  • 2 edits in trunk/Tools

Unreviewed, remove my Cisco email from contributors.json

  • Scripts/webkitpy/common/config/contributors.json:
Note: See TracTimeline for information about the timeline view.