Timeline



Jul 4, 2019:

10:44 PM Changeset in webkit [247147] by Alan Bujtas
  • 4 edits
    2 adds in trunk

[ContentChangeObserver] didFinishTransition triggers a nested style recalc via isConsideredClickable
https://bugs.webkit.org/show_bug.cgi?id=199506
<rdar://problem/52656221>

Reviewed by Ryosuke Niwa.

Source/WebCore:

isConsideredClickable() may trigger style update through Node::computeEditability. Let's adjust the observer state in the next runloop.

Test: fast/events/touch/ios/content-observation/animation-end-with-visiblity-change-and-recursive-update-style.html

  • page/ios/ContentChangeObserver.cpp:

(WebCore::ContentChangeObserver::didFinishTransition):

  • page/ios/ContentChangeObserver.h:

LayoutTests:

  • fast/events/touch/ios/content-observation/animation-end-with-visiblity-change-and-recursive-update-style-expected.txt: Added.
  • fast/events/touch/ios/content-observation/animation-end-with-visiblity-change-and-recursive-update-style.html: Added.
4:53 PM Changeset in webkit [247146] by Chris Dumez
  • 12 edits
    4 deletes in trunk/Source/WebKit

Simplify logic that handles registering WebProcessProxy objects with their WebsiteDataStore
https://bugs.webkit.org/show_bug.cgi?id=199412
<rdar://problem/51899751>

Reviewed by Ryosuke Niwa.

Simplify logic that handles registering WebProcessProxy objects with their WebsiteDataStore to make
it more maintainable and less error-prone (avoid bugs like <rdar://problem/51899751>).

The following changes were made:

  1. The WebProcess now registers / unregisters itself directly with its WebsiteDataStore when needed, instead of having the WebPageProxy/ProvisionalPageProxy be in charge of calling the right WebProcessLifetimeTracker / WebProcessLifetimeObserver abstractions.
  2. The WebProcessLifetimeTracker / WebProcessLifetimeObserver abstractions were dropped. The WebsiteDataStore was the only observer.
  3. The WebProcessProxy is now registered with its WebsiteDataStore as soon as it has a page (provisional or not) instead of waiting until the process has finished launching. This simplifies the logic a lot and waiting until the process has launched is not needed by the WebsiteDataStore.
  • Sources.txt:
  • UIProcess/ProvisionalPageProxy.cpp:

(WebKit::ProvisionalPageProxy::ProvisionalPageProxy):
(WebKit::ProvisionalPageProxy::~ProvisionalPageProxy):

  • UIProcess/ProvisionalPageProxy.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::m_resetRecentCrashCountTimer):
(WebKit::WebPageProxy::finishAttachingToWebProcess):
(WebKit::WebPageProxy::close):
(WebKit::WebPageProxy::processDidTerminate):

  • UIProcess/WebPageProxy.h:
  • UIProcess/WebProcessCache.cpp:

(WebKit::WebProcessCache::CachedProcess::CachedProcess):

  • UIProcess/WebProcessLifetimeObserver.cpp: Removed.
  • UIProcess/WebProcessLifetimeObserver.h: Removed.
  • UIProcess/WebProcessLifetimeTracker.cpp: Removed.
  • UIProcess/WebProcessLifetimeTracker.h: Removed.
  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::setWebsiteDataStore):
(WebKit::WebProcessProxy::updateRegistrationWithDataStore):
(WebKit::WebProcessProxy::addProvisionalPageProxy):
(WebKit::WebProcessProxy::removeProvisionalPageProxy):
(WebKit::WebProcessProxy::connectionWillOpen):
(WebKit::WebProcessProxy::processWillShutDown):
(WebKit::WebProcessProxy::addExistingWebPage):
(WebKit::WebProcessProxy::removeWebPage):

  • UIProcess/WebProcessProxy.h:
  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::registerProcess):
(WebKit::WebsiteDataStore::unregisterProcess):

(WebKit::WebsiteDataStore::processPoolForCookieStorageOperations):
Drop change that was added in r246097 to work around the fact that WebProcessProxy objects
were only registering themselves with their data store after their process had finished
launching.

(WebKit::WebsiteDataStore::fetchDataAndApply):
(WebKit::WebsiteDataStore::removeData):
(WebKit::WebsiteDataStore::processPools const):

  • UIProcess/WebsiteData/WebsiteDataStore.h:

(WebKit::WebsiteDataStore::processes const):

  • WebKit.xcodeproj/project.pbxproj:
3:32 PM Changeset in webkit [247145] by Alan Bujtas
  • 11 edits
    1 copy
    1 add in trunk

[ContentChangeObserver] Limit mouseOut dispatching after synthetic click to YouTube.com
https://bugs.webkit.org/show_bug.cgi?id=199497
<rdar://problem/52361019>

Reviewed by Wenson Hsieh.

Source/WebCore:

r242798 introduced synthetic mouseOut dispatching soon after sythentic click to dismiss certain type of content (e.g. video control bar on YouTube).
However on many sites, it resulted in dismissing useful content, like menu panes and other, non-clickable but informative content.
This patch limits the mouseOut dispatching to YouTube.com.

Test: fast/events/touch/ios/content-observation/mouse-out-event-should-not-fire-on-click.html

  • page/Quirks.cpp:

(WebCore::Quirks::needsYouTubeMouseOutQuirk const):

  • page/Quirks.h:
  • page/Settings.yaml:
  • testing/InternalSettings.cpp:

(WebCore::InternalSettings::Backup::Backup):
(WebCore::InternalSettings::Backup::restoreTo):
(WebCore::InternalSettings::setShouldDispatchSyntheticMouseOutAfterSyntheticClick):

  • testing/InternalSettings.h:
  • testing/InternalSettings.idl:

Source/WebKit:

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::completeSyntheticClick):

LayoutTests:

  • fast/events/touch/ios/content-observation/mouse-out-event-should-fire-on-click.html:
  • fast/events/touch/ios/content-observation/mouse-out-event-should-not-fire-on-click-expected.txt: Added.
  • fast/events/touch/ios/content-observation/mouse-out-event-should-not-fire-on-click.html: Copied from LayoutTests/fast/events/touch/ios/content-observation/mouse-out-event-should-fire-on-click.html.
11:53 AM Changeset in webkit [247144] by Ryan Haddad
  • 8 edits in trunk/Source/WebCore

Unreviewed, rolling out r247127.

Broke the watchOS build.

Reverted changeset:

"[WHLSL] Remove the phase resolveCallsInFunctions"
https://bugs.webkit.org/show_bug.cgi?id=199474
https://trac.webkit.org/changeset/247127

10:30 AM Changeset in webkit [247143] by aakash_jain@apple.com
  • 3 edits in trunk/Tools

[ews-build] Remove GTK and WPE queue from old EWS and dashboard
https://bugs.webkit.org/show_bug.cgi?id=199458

Reviewed by Michael Catanzaro.

  • BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BubbleQueueServer.js:
  • QueueStatusServer/config/queues.py:
9:30 AM WebKitGTK/GCCRequirement edited by Michael Catanzaro
(diff)
9:30 AM WebKitGTK/GCCRequirement edited by Michael Catanzaro
(diff)
9:16 AM WebKitGTK/GCCRequirement edited by Michael Catanzaro
(diff)
9:12 AM WebKitGTK/GCCRequirement edited by Michael Catanzaro
(diff)
9:10 AM WebKitGTK/GCCRequirement edited by Michael Catanzaro
(diff)
9:10 AM WebKitGTK/GCCRequirement edited by Michael Catanzaro
(diff)
8:39 AM WebKitGTK/GCCRequirement edited by Michael Catanzaro
(diff)
7:53 AM Changeset in webkit [247142] by Simon Fraser
  • 3 edits
    2 adds in trunk

Some layers inside overflow:scroll don't move back to correct positions when the contents are shrunk
https://bugs.webkit.org/show_bug.cgi?id=199464
rdar://problem/52613285

Reviewed by Sam Weinig.
Source/WebCore:

When an overflow scroller's content shrink and it becomes non-scrollable, the 'boundsOrigin' in
the ancestor clipping stacks of related layers wouldn't get reset to zero, leaving layers in
the wrong place, so always set boundsOrigin to zero on the clipping layers of non-overflow entries
in the ancestor clipping stack.

Test: compositing/scrolling/async-overflow-scrolling/become-non-scrollable-with-child.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateGeometry):

LayoutTests:

  • compositing/scrolling/async-overflow-scrolling/become-non-scrollable-with-child-expected.html: Added.
  • compositing/scrolling/async-overflow-scrolling/become-non-scrollable-with-child.html: Added.
6:54 AM Changeset in webkit [247141] by Konstantin Tokarev
  • 2 edits in trunk/Source/WebCore

HyphenationLibHyphen: Include GLib-related headers only for PLATFORM(GTK)
https://bugs.webkit.org/show_bug.cgi?id=199469

Reviewed by Michael Catanzaro.

Also added compile guard for a couple of functions used only in GTK port.

  • platform/text/hyphen/HyphenationLibHyphen.cpp:
6:53 AM Changeset in webkit [247140] by clopez@igalia.com
  • 2 edits in trunk/Tools

[GTK] Fix browserperfdash script after r239522
https://bugs.webkit.org/show_bug.cgi?id=199496

Reviewed by Michael Catanzaro.

  • Scripts/webkitpy/browserperfdash/browserperfdash_runner.py:

(BrowserPerfDashRunner.run): Pass None for the new required BenchmarkRunner constructor.

6:28 AM Changeset in webkit [247139] by clopez@igalia.com
  • 2 edits in trunk/Tools

[webkitpy] test-webkitpy is broken on Linux since r246662
https://bugs.webkit.org/show_bug.cgi?id=199493

Reviewed by Michael Catanzaro.

  • Scripts/webkitpy/test/main.py:

(_supports_building_and_running_lldb_tests): Add a check for None before calling startswith().

3:52 AM Changeset in webkit [247138] by clopez@igalia.com
  • 5 edits in trunk/Tools

[GTK][WPE] Not longer needed to build woff2 on the JHBuild
https://bugs.webkit.org/show_bug.cgi?id=199406

Reviewed by Michael Catanzaro.

Install the Woff2 libraries and headers from the system package
and stop building them on the JHBuild.

  • gtk/install-dependencies:
  • gtk/jhbuild.modules:
  • wpe/install-dependencies:
  • wpe/jhbuild.modules:
3:50 AM Changeset in webkit [247137] by clopez@igalia.com
  • 2 edits in trunk/Tools

[GTK][WPE][CMake] The CMake cache should be clean when the JHBuild is rebuilt
https://bugs.webkit.org/show_bug.cgi?id=199449

Reviewed by Michael Catanzaro.

  • Scripts/webkitdirs.pm:

(shouldRemoveCMakeCache): Clean the CMake cache if we detect that the JHBuild has been rebuilt.

3:41 AM Changeset in webkit [247136] by clopez@igalia.com
  • 1 edit in trunk/Tools/Scripts/webkitpy/common/config/contributors.json

Update my status in contributors.json

Due to inactivity I lost my previous status as reviewer in r244705
but I still have svn access, so update my status temporally to
reflect the reality (checked with Alexey)

12:30 AM Changeset in webkit [247135] by Carlos Garcia Campos
  • 2 edits in trunk/Tools

Unreviewed, GTK a11y tests fix after r247071

Patch by Philippe Normand <pnormand@igalia.com> on 2019-07-01

  • WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:

(WTR::AccessibilityUIElement::popupValue const):

Jul 3, 2019:

8:39 PM Changeset in webkit [247134] by rniwa@webkit.org
  • 2 edits in trunk/Source/WebKit

Crash in WebDragClient::startDrag because GraphicsContext is nullptr
https://bugs.webkit.org/show_bug.cgi?id=199491

Reviewed by Wenson Hsieh.

Added a nullptr check.

Unfortunately no new tests since we don't have a reproducible test case.

  • WebProcess/WebCoreSupport/mac/WebDragClientMac.mm:

(WebKit::convertImageToBitmap):

8:23 PM Changeset in webkit [247133] by eric.carlson@apple.com
  • 4 edits in trunk/Source/WebCore

[MSE] Add more debug and error logging
https://bugs.webkit.org/show_bug.cgi?id=199473
<rdar://problem/52615882>

Reviewed by Jer Noble.

  • Modules/mediasource/SourceBuffer.cpp:

(WebCore::SourceBuffer::provideMediaData): Log if we don't enqueue every buffer.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::playInternal): Log if we return
without starting playback.

  • platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

(WebCore::SourceBufferPrivateAVFObjC::enqueueSample): Log if
prerollDecodeWithCompletionHandler fails.

7:35 PM Changeset in webkit [247132] by timothy_horton@apple.com
  • 2 edits in trunk/Source/WebKit

Data Detectors are not working for context menus in clients that use the legacy preview API
https://bugs.webkit.org/show_bug.cgi?id=199486
<rdar://problem/52117322>

Reviewed by Dean Jackson.

  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView assignLegacyDataForContextMenuInteraction]):
The Data Detectors code in the legacy preview path is guarded by a
#define that did not survive upstreaming. Remove it.

6:45 PM Changeset in webkit [247131] by aakash_jain@apple.com
  • 6 edits in trunk/Tools

[ews-build] Enable WPE and GTK queues on new EWS
https://bugs.webkit.org/show_bug.cgi?id=199234

Reviewed by Jonathan Bedard.

  • BuildSlaveSupport/ews-build/config.json: Enabled the triggers for GTK and WPE builders.
  • BuildSlaveSupport/ews-build/factories.py: Added required build steps for GTKFactory and WPEFactory.
  • BuildSlaveSupport/ews-build/steps.py:

(CompileWebKit.evaluateCommand): Added InstallGtkDependencies/InstallWpeDependencies step before Compiling WebKit without patch.

  • BuildSlaveSupport/ews-build/steps_unittest.py: Added unit-tests.
  • BuildSlaveSupport/ews-app/ews/views/statusbubble.py:

(StatusBubble): Enable gtk and wpe status-bubbles.

6:30 PM Changeset in webkit [247130] by Justin Fan
  • 4 edits in trunk/LayoutTests

[WHLSL] Support float4x4 in test harness
https://bugs.webkit.org/show_bug.cgi?id=199484

Reviewed by Myles C. Maxfield.

Support WHLSL float4x4 parameters in the WHLSL test harness.

  • webgpu/js/whlsl-test-harness.js:

(isScalar):
(convertTypeToArrayType):
(convertTypeToWHLSLType):
(Data):
(makeFloat4):
(makeFloat4x4):
(processArrays):
(async.callFloat4x4Function):
(isVectorType): Deleted. Replaced with isScalar.

Add some float4x4 sanity checks:

  • webgpu/whlsl-test-harness-test-expected.txt:
  • webgpu/whlsl-test-harness-test.html:
6:29 PM Changeset in webkit [247129] by Simon Fraser
  • 4 edits
    2 adds in trunk

RELEASE_ASSERT in WebCore: WebCore::ScrollingStateTree::insertNode()
https://bugs.webkit.org/show_bug.cgi?id=199479
rdar://problem/52392556

Reviewed by Zalan Bujtas.
Source/WebCore:

Certain compositing tree updates could leave a layer with a ScrollingProxy role, but having an
AncestorClippingStack with no overflow scrolling layers - for example, a related scroller could become
scrollable, but we failed to mark the layer with the ancestor clippings stack as needing a geometry update.

When this happened updateScrollingNodeForScrollingProxyRole() would return 0, causing the next child to be
inserted with a parent of 0 (which should only happen for the root), and triggering a release assert in
ScrollingStateTree::insertNode().

Fix by ensuring that updateScrollingNodeForScrollingProxyRole() always returns the existing parentNodeID if we
don't have a new node to insert.

Test: scrollingcoordinator/scrolling-tree/scrolling-proxy-with-no-scrolling-layer.html

  • rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateAncestorClippingStack):

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::updateScrollingNodeForScrollingProxyRole):

LayoutTests:

  • scrollingcoordinator/scrolling-tree/scrolling-proxy-with-no-scrolling-layer-expected.txt: Added.
  • scrollingcoordinator/scrolling-tree/scrolling-proxy-with-no-scrolling-layer.html: Added.
6:18 PM Changeset in webkit [247128] by Konstantin Tokarev
  • 2 edits in trunk/Source/WebCore

RenderLayerCompositor.cpp should include RenderImage.h
https://bugs.webkit.org/show_bug.cgi?id=199478

Reviewed by Michael Catanzaro.

  • rendering/RenderLayerCompositor.cpp:
6:15 PM Changeset in webkit [247127] by rmorisset@apple.com
  • 8 edits in trunk/Source/WebCore

[WHLSL] Remove the phase resolveCallsInFunctions
https://bugs.webkit.org/show_bug.cgi?id=199474

Reviewed by Myles C. Maxfield.

This pass only stores into each property access and call expression vectors of all the functions it might be calling, for use by the Checker afterwards.
But the checker is perfectly able to compute a pointer to these vectors by itself.
So by removing this pass, we gain the following:

  • One less pass over the AST
  • No need to copy these vectors (which can be large for heavily overloaded functions, of which there are quite a few in the stdlib)
  • No need to have these vectors in the expressions, saving 24 bytes per CallExpression and 72 bytes per PropertyAccessExpression
  • No need to allocate and then destroy these vectors.

No new tests as there is no intended functional change.

  • Modules/webgpu/WHLSL/AST/WHLSLCallExpression.h:

(WebCore::WHLSL::AST::CallExpression::castReturnType):

  • Modules/webgpu/WHLSL/AST/WHLSLPropertyAccessExpression.h:
  • Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.cpp:

(WebCore::WHLSL::AutoInitialize::visit):

  • Modules/webgpu/WHLSL/WHLSLChecker.cpp:

(WebCore::WHLSL::resolveFunction):
(WebCore::WHLSL::Checker::finishVisiting):
(WebCore::WHLSL::Checker::visit):

  • Modules/webgpu/WHLSL/WHLSLNameResolver.cpp:

(WebCore::WHLSL::NameResolver::NameResolver):
(WebCore::WHLSL::NameResolver::visit):

  • Modules/webgpu/WHLSL/WHLSLNameResolver.h:
  • Modules/webgpu/WHLSL/WHLSLPrepare.cpp:

(WebCore::WHLSL::prepareShared):

6:13 PM Changeset in webkit [247126] by Chris Dumez
  • 2 edits in trunk/Source/WebKit

StorageManager::suspend() sometimes fails to call its completion handler
https://bugs.webkit.org/show_bug.cgi?id=199482

Reviewed by Youenn Fablet.

Make sure the completion handler gets called in the early return cases.

  • NetworkProcess/WebStorage/StorageManager.cpp:

(WebKit::StorageManager::suspend):

6:10 PM Changeset in webkit [247125] by youenn@apple.com
  • 3 edits in trunk/Source/WebKit

Make CacheStorage::Engine directory listing operations in a background thread
https://bugs.webkit.org/show_bug.cgi?id=199470

Reviewed by Chris Dumez.

Use the io work queue to get the list of directories.
Then go back to main thread and trigger clear/fetch operation as currently done.

  • NetworkProcess/cache/CacheStorageEngine.cpp:

(WebKit::CacheStorage::ReadOriginsTaskCounter::create):
(WebKit::CacheStorage::ReadOriginsTaskCounter::ReadOriginsTaskCounter):
(WebKit::CacheStorage::Engine::getDirectories):
(WebKit::CacheStorage::Engine::fetchEntries):
(WebKit::CacheStorage::Engine::fetchDirectoryEntries):
(WebKit::CacheStorage::Engine::clearCachesForOriginFromDisk):
(WebKit::CacheStorage::Engine::clearCachesForOriginFromDirectories):

  • NetworkProcess/cache/CacheStorageEngine.h:
6:06 PM Changeset in webkit [247124] by rmorisset@apple.com
  • 7 edits
    1 delete in trunk/Source/WebCore

[WHLSL] Make the destructor of VariableDeclaration non-virtual
https://bugs.webkit.org/show_bug.cgi?id=199460

Reviewed by Myles C. Maxfield.

Three steps:

  • Remove WHLSL::AST::Value, inlining it into its children (it is trivial, it just has one field m_origin with a getter and nothing else)
  • Mark WHLSL::AST::VariableDeclaration final
  • Now that it inherits from nothing and nothing can inherit from it, there is no reason for it to have any virtual method, including its destructor.

This not only saves 8 bytes from every variable declaration (for the virtual table pointer), it also should make destructing the AST at the end of compilation a bit faster by removing the virtual destructor call.

No new tests as there is no intended functional change.

  • Modules/webgpu/WHLSL/AST/WHLSLAST.h:
  • Modules/webgpu/WHLSL/AST/WHLSLExpression.h:

(WebCore::WHLSL::AST::Expression::Expression):
(WebCore::WHLSL::AST::Expression::origin const):

  • Modules/webgpu/WHLSL/AST/WHLSLStatement.h:

(WebCore::WHLSL::AST::Statement::Statement):
(WebCore::WHLSL::AST::Statement::origin const):

  • Modules/webgpu/WHLSL/AST/WHLSLValue.h: Removed.
  • Modules/webgpu/WHLSL/AST/WHLSLVariableDeclaration.h:
  • Modules/webgpu/WHLSL/WHLSLParser.h:
  • WebCore.xcodeproj/project.pbxproj:
5:58 PM Changeset in webkit [247123] by sihui_liu@apple.com
  • 12 edits in trunk

Only allow fetching and removing session credentials from WebsiteDataStore
https://bugs.webkit.org/show_bug.cgi?id=199385

Reviewed by Alex Christensen.

Source/WebCore:

Fetch and remove only session credentials from NSURLCredentialStorage.

Modified existing API tests: WKWebsiteDataStore.FetchPersistentCredentials

  • platform/network/CredentialStorage.cpp:

(WebCore::CredentialStorage::originsWithCredentials const):
(WebCore::CredentialStorage::originsWithSessionCredentials):
(WebCore::CredentialStorage::removeSessionCredentialsWithOrigins):
(WebCore::CredentialStorage::clearSessionCredentials):

  • platform/network/CredentialStorage.h:
  • platform/network/mac/CredentialStorageMac.mm:

(WebCore::CredentialStorage::originsWithSessionCredentials):
(WebCore::CredentialStorage::removeSessionCredentialsWithOrigins):
(WebCore::CredentialStorage::clearSessionCredentials):
(WebCore::CredentialStorage::originsWithPersistentCredentials): Deleted.

Source/WebKit:

Stop sending an extra message to network process for fetching or removing persistent credentials.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::fetchWebsiteData):
(WebKit::NetworkProcess::deleteWebsiteData):
(WebKit::NetworkProcess::deleteWebsiteDataForOrigins):
(WebKit::NetworkProcess::deleteWebsiteDataForRegistrableDomains):
(WebKit::NetworkProcess::originsWithPersistentCredentials): Deleted.
(WebKit::NetworkProcess::removeCredentialsWithOrigins): Deleted.

  • NetworkProcess/NetworkProcess.h:
  • NetworkProcess/NetworkProcess.messages.in:
  • NetworkProcess/cocoa/NetworkProcessCocoa.mm:

(WebKit::NetworkProcess::originsWithPersistentCredentials): Deleted.
(WebKit::NetworkProcess::removeCredentialsWithOrigins): Deleted.

  • UIProcess/WebsiteData/WebsiteDataStore.cpp:

(WebKit::WebsiteDataStore::fetchDataAndApply):
(WebKit::computeWebProcessAccessTypeForDataRemoval):
(WebKit::WebsiteDataStore::removeData):

Tools:

  • TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm:

(TestWebKitAPI::TEST):

5:57 PM Changeset in webkit [247122] by aakash_jain@apple.com
  • 2 edits in trunk/Websites/webkit.org

Added a domain check for validation URLs in Apple Pay demo.
https://bugs.webkit.org/show_bug.cgi?id=199433

Patch by Jon Davis <Jon Davis> on 2019-07-03
Reviewed by David Kilzer.

  • demos/payment-request/merchant-validation.php:
5:49 PM Changeset in webkit [247121] by Said Abou-Hallawa
  • 2 edits in trunk/Source/WebCore

The destructor of CSSAnimationControllerPrivate must explicitly clear the composite animations
https://bugs.webkit.org/show_bug.cgi?id=199415

Reviewed by Simon Fraser.

After the destructor of CSSAnimationControllerPrivate exists, the non
static members are deleted. When the HashMap m_compositeAnimations is
deleted, its entries are deleted. The destructor of CompositeAnimation
calls the method CSSAnimationControllerPrivate::animationWillBeRemoved()
back through its back reference m_animationController. The non static
members of CSSAnimationControllerPrivate are being deleted and it is
incorrect to try to use any of these members after exiting the destructor.

We need to explicitly clear the composite animations before exiting the
destructor of CSSAnimationControllerPrivate.

  • page/animation/CSSAnimationController.cpp:

(WebCore::CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate):

5:42 PM Changeset in webkit [247120] by timothy_horton@apple.com
  • 5 edits in trunk

UI process exception when dragging an <attachment> with no content type
https://bugs.webkit.org/show_bug.cgi?id=199480
<rdar://problem/44351353>

Reviewed by Wenson Hsieh.

Source/WebKit:

  • UIProcess/API/Cocoa/APIAttachmentCocoa.mm:

(API::Attachment::mimeType const):
(API::Attachment::utiType const):

  • UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::startDrag):
Make null or empty contentType fail the drag, instead of crashing.

Tools:

  • TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:

(TestWebKitAPI::TEST):
Add a test; before the change, it crashes.

5:23 PM Changeset in webkit [247119] by Chris Dumez
  • 9 edits in trunk/Source/WebKit

Clarify threading model for WebResourceLoadStatisticsStore::dumpResourceLoadStatistics()
https://bugs.webkit.org/show_bug.cgi?id=199468

Reviewed by Youenn Fablet.

Our convention is that the WebResourceLoadStatisticsStore is always created, used and
destroyed on the main thread, while the ResourceLoadStatisticsStore is always created,
used and destroyed on the background queue.

r245517 broke this convention by introducing a tryDumpResourceLoadStatistics() method
to WebResourceLoadStatisticsStore which gets called on the background queue. This patch
fixes this since this has been a huge source of thread-safety bugs in the past.

  • NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:

(WebKit::ResourceLoadStatisticsDatabaseStore::dumpResourceLoadStatistics):

  • NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.h:
  • NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.cpp:

(WebKit::ResourceLoadStatisticsMemoryStore::dumpResourceLoadStatistics):

  • NetworkProcess/Classifier/ResourceLoadStatisticsMemoryStore.h:
  • NetworkProcess/Classifier/ResourceLoadStatisticsStore.cpp:

(WebKit::ResourceLoadStatisticsStore::removeDataRecords):

  • NetworkProcess/Classifier/ResourceLoadStatisticsStore.h:

(WebKit::ResourceLoadStatisticsStore::dataRecordsBeingRemoved const):

  • NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::dumpResourceLoadStatistics):

  • NetworkProcess/Classifier/WebResourceLoadStatisticsStore.h:
5:08 PM Changeset in webkit [247118] by jer.noble@apple.com
  • 6 edits in trunk/Source/WebCore

HTMLMediaElement can hold onto display sleep assertion while process is suspended.
https://bugs.webkit.org/show_bug.cgi?id=199471
<rdar://problem/52124320>

If the WebContent process is suspended before HTMLMediaElement gets a callback telling it
that the MediaPlayer has stopped playing, the SleepDisabler may stay set (and hold a display
or system sleep assertion) for the entire duration the process is suspended, causing excess
power drain.

Add a PlatformMediaSessionClient method (and an implementation in HTMLMediaElement) which will
be called during the preperation for process suspension, and in this callback, clear the
SleepDisabler token.

Reviewed by Eric Carlson.

  • html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::shouldDisableSleep const):
(WebCore::HTMLMediaElement::processIsSuspendedChanged):

  • html/HTMLMediaElement.h:
  • platform/audio/PlatformMediaSession.h:

(WebCore::PlatformMediaSessionClient::processIsSuspendedChanged):

  • platform/audio/PlatformMediaSessionManager.cpp:

(WebCore::PlatformMediaSessionManager::processWillSuspend):
(WebCore::PlatformMediaSessionManager::processDidResume):

  • platform/audio/PlatformMediaSessionManager.h:

(WebCore::PlatformMediaSessionManager::processIsSuspended const):

4:26 PM Changeset in webkit [247117] by Jonathan Bedard
  • 18 edits
    4 adds in trunk

[Catalina] Enable WebKit build
https://bugs.webkit.org/show_bug.cgi?id=199209

Reviewed by Darin Adler.

Source/WebCore:

No new tests, Catalina test expectations will be migrated in the near future.

  • WebCorePrefix.h: Exclude the header which declares SecTrustedApplicationCreateFromPath unavailable on Mac.
  • crypto/mac/SerializedCryptoKeyWrapMac.mm: Ensure that we define SecTrustedApplicationCreateFromPath

before other headers declare it unavailable on Mac.

Source/WebCore/PAL:

  • pal/spi/cf/CFNetworkSPI.h: Add new NSURLSessionConfiguration SPI.
  • pal/spi/mac/AVFoundationSPI.h: resourceConservationLevelWhilePaused should

be defined after AVPlayerResourceConservationLevel.

  • pal/spi/mac/NSViewSPI.h: Add subviewsIvar.

Source/WebKit:

  • UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.h: AppSSO is SPI.
  • WebKit2Prefix.h: SecTask.h declares SecTaskGetCodeSignStatus(...) unavailable

on Mac, exclude this header.

Source/WebKitLegacy:

  • mac/WebView/WebHTMLView.mm: Move NSView declaration to SPI header.
  • mac/WebView/WebView.mm: Use _subviewsIvar instead of _subviews.

Source/WTF:

  • wtf/spi/cocoa/SecuritySPI.h: Declare SecTrustedApplicationCreateFromPath(...).

Tools:

  • TestWebKitAPI/Configurations/TestWebKitAPI.xcconfig: Add Mac framework stubs.

WebKitLibraries:

  • WebKitPrivateFrameworkStubs/Mac: Added.
  • WebKitPrivateFrameworkStubs/Mac/101500: Added.
  • WebKitPrivateFrameworkStubs/Mac/101500/AuthKit.framework: Added.
  • WebKitPrivateFrameworkStubs/Mac/101500/AuthKit.framework/AuthKit.tbd: Added.
4:22 PM Changeset in webkit [247116] by dbates@webkit.org
  • 2 edits in trunk/Source/WebKit

REGRESSION (r246817): fast/events/ios/key-events-comprehensive/key-events-{control, control-shift}.html are failing
https://bugs.webkit.org/show_bug.cgi?id=199465
<rdar://problem/52613496>

Reviewed by Wenson Hsieh.

Don't advertise that WebKit can perform cursor movements when there isn't some kind of selection.

  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView canPerformAction:withSender:]):

3:52 PM Changeset in webkit [247115] by mmaxfield@apple.com
  • 24 edits
    3 copies
    3 adds in trunk

[WHLSL] Standard library is too big to directly include in WebCore
https://bugs.webkit.org/show_bug.cgi?id=198186
<rdar://problem/51288898>

Reviewed by Saam Barati.

Source/WebCore:

This patch adds almost the entire remainder of the standard library. There are a few
pieces missing:

There were two problems with adding so many standard library functions:

  • We didn't want to increase the WebCore binary size that much
  • Compiling all the functions at runtime took 7 seconds, which is much too long

This patch addresses the first problem by gzipping the standard library before including it in the binary.
At runtime, we use libcompression to unzip it.

To address the second problem, we did some analysis and found that 14% of that 7 seconds was simply
destroying all the AST nodes. Even if we eliminated all processing of the AST, simply having the AST
of the entire standard library built and destroyed would still be too slow. Therefore, this patch limits
which parts of the standard library get parsed in the first place. All the functions in the standard library
file are sorted by name, and each group of functions with the same name are preceeded by a comment of the
form /* Functions named xyz */. At build time, a Python script looks for all these comments, and builds a
map from function name to character offset inside the file where those functions begin. At run time, we
parse the user program first, look for all function calls within it, and look up those function call names
in the map to see which part of the standard library holds those functions. We then parse just that part.
Because the standard library can call other functions in the standard library, we do this in a loop until
we have exhausted all the functions.

Covered by existing tests.

  • DerivedSources-input.xcfilelist:
  • DerivedSources-output.xcfilelist:
  • DerivedSources.make: gzip the standard library, and add a build step to generate the offset map.
  • Modules/webgpu/WHLSL/AST/WHLSLCallExpression.h:

(WebCore::WHLSL::AST::CallExpression::setOverloads):
(WebCore::WHLSL::AST::CallExpression::function): Every caller of this ASSERT()s the result. Might as well
move the ASSERT() into the function.
(WebCore::WHLSL::AST::CallExpression::setFunction):

  • Modules/webgpu/WHLSL/Cocoa/WHLSLStandardLibraryUtilities.cpp: Added.

(WebCore::WHLSL::decompressStandardLibrary): Use libcompression. This is why this file is in a Cocoa/
subfolder, and is listed in SourcesCocoa.txt instead of Sources.txt.
(WebCore::WHLSL::decompressAndDecodeStandardLibrary):
(WebCore::WHLSL::NameFinder::takeFunctionNames):
(WebCore::WHLSL::includeStandardLibrary): Include only the bits of the standard library which are relevant,
as described above.

  • Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp: Only emit MSL code for functions which are actually

reached. The MSL compiler is a significant amount of our compile time, so reducing the size of the emitted
program can significantly improve compile times.
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit):
(WebCore::WHLSL::Metal::sharedMetalFunctions):
(WebCore::WHLSL::Metal::metalFunctions):

  • Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp:

(WebCore::WHLSL::Metal::writeNativeFunction):

  • Change how load() and store() are written. We need explicit functions because we have explicit atomic types, which HLSL doesn't have. load() and store() aren't present in HLSL.
  • Delete f16tof32 because they're probably not important and are not obvious how to implement. We can re-add them again later if necessary.
  • Various fixes to make us generate the correct MSL code for each standard library function.
  • Modules/webgpu/WHLSL/WHLSLBuildStandardLibraryFunctionMap.py: Added. Build the function map as described

above.

  • Modules/webgpu/WHLSL/WHLSLChecker.cpp:

(WebCore::WHLSL::resolveByInstantiation): Previously, the standard library included an operator== for two
pointers. However, that function should be generated by the compiler instead. This fixes the bug in the
compiler which allows the compiler to correctly generate the right function. This also prompted me to file
https://bugs.webkit.org/show_bug.cgi?id=199335
(WebCore::WHLSL::checkOperatorOverload):
(WebCore::WHLSL::Checker::visit):

  • Modules/webgpu/WHLSL/WHLSLFunctionStageChecker.cpp: Update to the new function() signature.
  • Modules/webgpu/WHLSL/WHLSLLexer.h: Add a new position() method to the lexer. This isn't actually used

in this patch, but it's useful when doing some analysis during parsing.
(WebCore::WHLSL::Lexer::Lexer):
(WebCore::WHLSL::Lexer::consumeToken):
(WebCore::WHLSL::Lexer::peek const):
(WebCore::WHLSL::Lexer::peekFurther const):
(WebCore::WHLSL::Lexer::position const):
(WebCore::WHLSL::Lexer::state const):
(WebCore::WHLSL::Lexer::setState):
(WebCore::WHLSL::Lexer::isFullyConsumed const): Fixes a bug where isFullyConsumed() might return true even
when there is a token in the ring buffer.
(WebCore::WHLSL::Lexer::peek): Deleted.
(WebCore::WHLSL::Lexer::peekFurther): Deleted.

  • Modules/webgpu/WHLSL/WHLSLNameResolver.cpp:

(WebCore::WHLSL::NameResolver::visit): Drive-by partial fix of https://bugs.webkit.org/show_bug.cgi?id=199347

  • Modules/webgpu/WHLSL/WHLSLPrepare.cpp: Call includeStandardLibrary().

(WebCore::WHLSL::prepareShared):

  • Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp:
  • Modules/webgpu/WHLSL/WHLSLRecursionChecker.cpp:
  • Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt:
  • Modules/webgpu/WHLSL/WHLSLStandardLibraryFunctionMap.h: Copied from Source/WebCore/Modules/webgpu/WHLSL/WHLSLRecursionChecker.cpp.
  • Modules/webgpu/WHLSL/WHLSLStandardLibraryUtilities.h: Copied from Source/WebCore/Modules/webgpu/WHLSL/WHLSLRecursionChecker.cpp.
  • SourcesCocoa.txt:
  • WebCore.xcodeproj/project.pbxproj:

LayoutTests:

The standard library doesn't include any matrix constructors that broadcast a single value
to every field in a matrix. https://bugs.webkit.org/show_bug.cgi?id=199333

  • webgpu/whlsl-matrix.html:
3:42 PM Changeset in webkit [247114] by dbates@webkit.org
  • 2 edits in trunk/LayoutTests

Skip the test added in r246810 as it requires the simulator to be preconfigured with a Pinyin keyboard
<rdar://problem/52608620>

We will remove this prerequisite in <https://bugs.webkit.org/show_bug.cgi?id=199472>.

  • platform/ios/TestExpectations:
3:16 PM Changeset in webkit [247113] by jer.noble@apple.com
  • 2 edits in trunk/Source/WebCore

Exception thrown from -[AVSampleBufferRenderSynchronizer addRenderer:], not a valid renderer.
https://bugs.webkit.org/show_bug.cgi?id=199419
<rdar://problem/52141139>

Reviewed by Eric Carlson.

Sometimes, -[AVSampleBufferDisplayLayer init] will return nil. When that happens, passing a nil
pointer to -addRenderer: will throw an exception.

  • platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:

(WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer):

3:16 PM Changeset in webkit [247112] by Chris Dumez
  • 2 edits in trunk/Source/WebKit

Fix a couple of thread safety issues in ResourceLoadStatisticsStore
https://bugs.webkit.org/show_bug.cgi?id=199463

Reviewed by Alex Christensen.

The ResourceLoadStatisticsStore object is constructed / used / destroyed on a background queue.
It is therefore not safe to use a WeakPtr to the ResourceLoadStatisticsStore on the main thread.

The safe pattern is to have the ResourceLoadStatisticsStore capture a Ref<> of its m_store before
dispatching to the main thread and use this store on the main thread instead of weakThis->m_store.
ResourceLoadStatisticsStore's m_store is constructed / used / destroyed on the main thread.

  • NetworkProcess/Classifier/ResourceLoadStatisticsStore.cpp:

(WebKit::ResourceLoadStatisticsStore::removeDataRecords):
(WebKit::ResourceLoadStatisticsStore::processStatisticsAndDataRecords):

3:14 PM Changeset in webkit [247111] by youenn@apple.com
  • 2 edits in trunk/Source/WebKit

Isolate CacheStorage::Engine path when hopping to a background thread
https://bugs.webkit.org/show_bug.cgi?id=199461

Reviewed by Chris Dumez.

  • NetworkProcess/cache/CacheStorageEngine.cpp:

(WebKit::CacheStorage::Engine::initialize):

3:11 PM Changeset in webkit [247110] by rmorisset@apple.com
  • 15 edits in trunk/Source/WebCore

[WHLSL] "Semantic" should be held by a unique_ptr, not an Optional
https://bugs.webkit.org/show_bug.cgi?id=199462

Reviewed by Myles C. Maxfield.

Most StructureElement, FunctionDeclaration and (especially) VariableDeclaration don't have a 'Semantic' field.
Using an Optional<Semantic> to represent this is a major memory waste, as Semantic is 56 bytes, so Optional<Semantic> is 64 bytes!
Putting one level of indirection through a unique_ptr thus saves 56 bytes for each VariableDeclaration (and FunctionDeclaration and StructureElement) that does not have a Semantic,
at the low cost of one pointer dereference when accessing the field for those that have one.

This patch also reorders the fields of FunctionDefinition to save another 8 bytes.

No new tests as there is no intended functional change.

  • Modules/webgpu/WHLSL/AST/WHLSLFunctionDeclaration.h:

(WebCore::WHLSL::AST::FunctionDeclaration::FunctionDeclaration):
(WebCore::WHLSL::AST::FunctionDeclaration::semantic):

  • Modules/webgpu/WHLSL/AST/WHLSLReadModifyWriteExpression.h:

(WebCore::WHLSL::AST::ReadModifyWriteExpression::ReadModifyWriteExpression):

  • Modules/webgpu/WHLSL/AST/WHLSLStructureElement.h:

(WebCore::WHLSL::AST::StructureElement::StructureElement):
(WebCore::WHLSL::AST::StructureElement::semantic):

  • Modules/webgpu/WHLSL/AST/WHLSLVariableDeclaration.h:

(WebCore::WHLSL::AST::VariableDeclaration::VariableDeclaration):
(WebCore::WHLSL::AST::VariableDeclaration::semantic):

  • Modules/webgpu/WHLSL/WHLSLChecker.cpp:

(WebCore::WHLSL::resolveWithOperatorAnderIndexer):
(WebCore::WHLSL::resolveWithOperatorLength):
(WebCore::WHLSL::resolveWithReferenceComparator):

  • Modules/webgpu/WHLSL/WHLSLGatherEntryPointItems.cpp:

(WebCore::WHLSL::Gatherer::visit):
(WebCore::WHLSL::gatherEntryPointItems):

  • Modules/webgpu/WHLSL/WHLSLParser.cpp:

(WebCore::WHLSL::Parser::parseSemantic):

  • Modules/webgpu/WHLSL/WHLSLParser.h:
  • Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp:

(WebCore::WHLSL::preserveVariableLifetimes):

  • Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp:

(WebCore::WHLSL::wrapAnderCallArgument):
(WebCore::WHLSL::modify):
(WebCore::WHLSL::PropertyResolver::visit):

  • Modules/webgpu/WHLSL/WHLSLSynthesizeArrayOperatorLength.cpp:

(WebCore::WHLSL::synthesizeArrayOperatorLength):

  • Modules/webgpu/WHLSL/WHLSLSynthesizeConstructors.cpp:

(WebCore::WHLSL::synthesizeConstructors):

  • Modules/webgpu/WHLSL/WHLSLSynthesizeEnumerationFunctions.cpp:

(WebCore::WHLSL::synthesizeEnumerationFunctions):

  • Modules/webgpu/WHLSL/WHLSLSynthesizeStructureAccessors.cpp:

(WebCore::WHLSL::synthesizeStructureAccessors):

2:59 PM Changeset in webkit [247109] by jer.noble@apple.com
  • 3 edits in trunk/Source/WebKit

Unreviewed, rolling out r246053.

This changeset caused media playback to break when the hosting app was backgrounded.

  • UIProcess/ApplicationStateTracker.mm:
  • UIProcess/ios/ProcessAssertionIOS.mm:

(-[WKProcessAssertionBackgroundTaskManager init]):
(-[WKProcessAssertionBackgroundTaskManager _scheduleReleaseTask]):
(-[WKProcessAssertionBackgroundTaskManager _cancelPendingReleaseTask]):
(-[WKProcessAssertionBackgroundTaskManager _updateBackgroundTask]):
(-[WKProcessAssertionBackgroundTaskManager _releaseBackgroundTask]):

2:43 PM Changeset in webkit [247108] by Alan Coon
  • 1 edit in tags/Safari-608.1.33.1/Source/WTF/wtf/Platform.h

Apply patch. rdar://problem/52001635

2:38 PM Changeset in webkit [247107] by Alan Coon
  • 7 edits in tags/Safari-608.1.33.1/Source

Versioning.

2:36 PM Changeset in webkit [247106] by Alan Coon
  • 1 copy in tags/Safari-608.1.33.1

New tag.

2:20 PM Changeset in webkit [247105] by rmorisset@apple.com
  • 17 edits
    1 move in trunk/Source/WebCore

[WHLSL] WHLSL::AST::Node is useless
https://bugs.webkit.org/show_bug.cgi?id=199391

Reviewed by Dean Jackson.

It has no member, no non-trivial method, and we never access an AST node completely generically.
So WHLSL::AST::Node can be removed, as a first step towards removing the virtual table pointer from most AST nodes (and avoiding a virtual destructor call at the end of the compiler).

No new test because there is no functional change.

  • Modules/webgpu/WHLSL/AST/WHLSLAST.h:
  • Modules/webgpu/WHLSL/AST/WHLSLBaseFunctionAttribute.h:
  • Modules/webgpu/WHLSL/AST/WHLSLBaseSemantic.h:
  • Modules/webgpu/WHLSL/AST/WHLSLEnumerationMember.h:
  • Modules/webgpu/WHLSL/AST/WHLSLFunctionDeclaration.h:
  • Modules/webgpu/WHLSL/AST/WHLSLNamedType.h:
  • Modules/webgpu/WHLSL/AST/WHLSLReplaceWith.h: Renamed from Source/WebCore/Modules/webgpu/WHLSL/AST/WHLSLNode.h.

(WebCore::WHLSL::AST::replaceWith):

  • Modules/webgpu/WHLSL/AST/WHLSLStructureElement.h:
  • Modules/webgpu/WHLSL/AST/WHLSLType.h:
  • Modules/webgpu/WHLSL/AST/WHLSLTypeDefinition.h:
  • Modules/webgpu/WHLSL/AST/WHLSLUnnamedType.h:
  • Modules/webgpu/WHLSL/AST/WHLSLValue.h:
  • Modules/webgpu/WHLSL/WHLSLNameResolver.cpp:
  • Modules/webgpu/WHLSL/WHLSLParser.h:
  • Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp:
  • Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp:
  • WebCore.xcodeproj/project.pbxproj:
2:16 PM Changeset in webkit [247104] by youenn@apple.com
  • 8 edits in trunk/Source/WebCore

Strengthen updating/removing of registrations from the database
https://bugs.webkit.org/show_bug.cgi?id=199450
rdar://problem/51891395

Reviewed by Chris Dumez.

SWServerWorker is ref counted and has a ref to its SWServer.
There is thus a possibility for SWServerWorker to live longer than its SWServer.
To mitigate this, have SWServerWorker use a WeakPtr<SWServer> and
check whether SWServer is null when receiving messages from WebProcess.
Make also sure that RegistrationStore updated registration map does not get corrupted by checking
the registration keys explicitly.

Covered by existing tests.

  • workers/service/ServiceWorkerRegistrationKey.h:

(WebCore::ServiceWorkerRegistrationKey::operator!= const):
(WebCore::ServiceWorkerRegistrationKey::isEmpty const):

  • workers/service/server/RegistrationStore.cpp:

(WebCore::RegistrationStore::updateRegistration):
(WebCore::RegistrationStore::removeRegistration):
(WebCore::RegistrationStore::addRegistrationFromDatabase):

  • workers/service/server/RegistrationStore.h:
  • workers/service/server/SWServer.cpp:

(WebCore::SWServer::workerByID const):
(WebCore::SWServer::removeRegistration):

  • workers/service/server/SWServer.h:
  • workers/service/server/SWServerWorker.cpp:

(WebCore::SWServerWorker::SWServerWorker):
(WebCore::m_scriptResourceMap):
(WebCore::SWServerWorker::contextData const):
(WebCore::SWServerWorker::terminate):
(WebCore::SWServerWorker::scriptContextFailedToStart):
(WebCore::SWServerWorker::scriptContextStarted):
(WebCore::SWServerWorker::didFinishInstall):
(WebCore::SWServerWorker::didFinishActivation):
(WebCore::SWServerWorker::contextTerminated):
(WebCore::SWServerWorker::findClientByIdentifier const):
(WebCore::SWServerWorker::matchAll):
(WebCore::SWServerWorker::userAgent const):
(WebCore::SWServerWorker::claim):
(WebCore::SWServerWorker::skipWaiting):
(WebCore::SWServerWorker::setHasPendingEvents):
(WebCore::SWServerWorker::setState):

  • workers/service/server/SWServerWorker.h:

(WebCore::SWServerWorker::server):

2:01 PM Changeset in webkit [247103] by commit-queue@webkit.org
  • 5 edits in trunk/Source/WebKit

Use smarter pointers in WKDownloadProgress
https://bugs.webkit.org/show_bug.cgi?id=199456
<rdar://problem/51392926>

Patch by Alex Christensen <achristensen@webkit.org> on 2019-07-03
Reviewed by Chris Dumez.

There's still a problem related to our use of raw pointers. Let's just not use raw pointers.

  • NetworkProcess/Downloads/Download.h:
  • NetworkProcess/Downloads/cocoa/DownloadCocoa.mm:

(WebKit::Download::publishProgress):

  • NetworkProcess/Downloads/cocoa/WKDownloadProgress.h:
  • NetworkProcess/Downloads/cocoa/WKDownloadProgress.mm:

(-[WKDownloadProgress performCancel]):
(-[WKDownloadProgress initWithDownloadTask:download:URL:sandboxExtension:]):
(-[WKDownloadProgress progressCancelled]): Deleted.

1:46 PM Changeset in webkit [247102] by weinig@apple.com
  • 33 edits in trunk

Adopt simple structured bindings in more places
https://bugs.webkit.org/show_bug.cgi?id=199247

Reviewed by Alex Christensen.

Replaces simple uses of std::tie() with structured bindings. Does not touch
uses of std::tie() that are not initial declarations, use std::ignore or in
case where the binding is captured by a lambda, as structured bindings don't
work for those cases yet.

Source/JavaScriptCore:

  • runtime/PromiseDeferredTimer.cpp:

(JSC::PromiseDeferredTimer::doWork):

  • wasm/WasmFaultSignalHandler.cpp:

(JSC::Wasm::trapHandler):

  • wasm/js/JSWebAssemblyHelpers.h:

(JSC::createSourceBufferFromValue):

  • wasm/js/WebAssemblyPrototype.cpp:

(JSC::webAssemblyValidateFunc):

Source/WebCore:

  • css/StyleResolver.cpp:

(WebCore::checkForOrientationChange):

  • page/csp/ContentSecurityPolicy.cpp:

(WebCore::ContentSecurityPolicy::allowInlineScript const):
(WebCore::ContentSecurityPolicy::allowInlineStyle const):

  • platform/graphics/ComplexTextController.cpp:

(WebCore::ComplexTextController::adjustGlyphsAndAdvances):

  • platform/graphics/PathUtilities.cpp:

(WebCore::PathUtilities::pathWithShrinkWrappedRectsForOutline):

  • platform/graphics/WidthIterator.cpp:

(WebCore::WidthIterator::advanceInternal):

  • platform/graphics/cocoa/FontCacheCoreText.cpp:

(WebCore::FontCache::createFontPlatformData):
(WebCore::FontCache::systemFallbackForCharacters):
(WebCore::FontCache::lastResortFallbackFont):

  • platform/graphics/cocoa/FontFamilySpecificationCoreText.cpp:

(WebCore::FontFamilySpecificationCoreText::fontRanges const):

  • platform/network/SocketStreamHandleImpl.cpp:

(WebCore::cookieDataForHandshake):

  • rendering/InlineTextBox.cpp:

(WebCore::InlineTextBox::selectionState):
(WebCore::createMarkedTextFromSelectionInBox):

  • rendering/svg/SVGInlineTextBox.cpp:

(WebCore::SVGInlineTextBox::paintSelectionBackground):

  • style/StyleResolveForDocument.cpp:

(WebCore::Style::resolveForDocument):

  • svg/animation/SVGSMILElement.cpp:

(WebCore::SVGSMILElement::constructAttributeName const):

Source/WebKit:

  • NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:

(WebKit::NetworkCache::printSpeculativeLoadingDiagnosticMessageCounts):

  • NetworkProcess/cache/PrefetchCache.cpp:

(WebKit::PrefetchCache::clearExpiredEntries):

  • Platform/IPC/MessageReceiverMap.cpp:

(IPC::MessageReceiverMap::removeMessageReceiver):

  • UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:

(WebKit::PlaybackSessionManagerProxy::invalidate):

  • UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:

(WebKit::VideoFullscreenManagerProxy::invalidate):
(WebKit::VideoFullscreenManagerProxy::requestHideAndExitFullscreen):
(WebKit::VideoFullscreenManagerProxy::hasMode const):
(WebKit::VideoFullscreenManagerProxy::mayAutomaticallyShowVideoPictureInPicture const):
(WebKit::VideoFullscreenManagerProxy::isPlayingVideoInEnhancedFullscreen const):
(WebKit::VideoFullscreenManagerProxy::applicationDidBecomeActive):
(WebKit::VideoFullscreenManagerProxy::setupFullscreenWithID):
(WebKit::VideoFullscreenManagerProxy::didCleanupFullscreen):

  • UIProcess/ios/SmartMagnificationController.mm:

(WebKit::SmartMagnificationController::zoomFactorForTargetRect):
(WebKit::SmartMagnificationController::didCollectGeometryForSmartMagnificationGesture):
(WebKit::SmartMagnificationController::magnify):

  • WebProcess/Plugins/PDF/PDFPlugin.mm:

(WebKit:: const):

  • WebProcess/WebPage/Cocoa/WebPageCocoa.mm:

(WebKit::WebPage::performDictionaryLookupAtLocation):
(WebKit::WebPage::performDictionaryLookupForSelection):

  • WebProcess/cocoa/PlaybackSessionManager.mm:

(WebKit::PlaybackSessionManager::~PlaybackSessionManager):
(WebKit::PlaybackSessionManager::removeContext):

  • WebProcess/cocoa/VideoFullscreenManager.mm:

(WebKit::VideoFullscreenManager::~VideoFullscreenManager):
(WebKit::VideoFullscreenManager::removeContext):
(WebKit::VideoFullscreenManager::enterVideoFullscreenForVideoElement):
(WebKit::VideoFullscreenManager::requestVideoContentLayer):
(WebKit::VideoFullscreenManager::didSetupFullscreen):
(WebKit::VideoFullscreenManager::willExitFullscreen):
(WebKit::VideoFullscreenManager::didEnterFullscreen):
(WebKit::VideoFullscreenManager::didCleanupFullscreen):
(WebKit::VideoFullscreenManager::setVideoLayerFrameFenced):

Source/WebKitLegacy/mac:

  • WebView/WebImmediateActionController.mm:

(-[WebImmediateActionController _animationControllerForText]):

Tools:

  • TestWebKitAPI/ios/PreferredContentMode.mm:

(TestWebKitAPI::TEST):

1:25 PM Changeset in webkit [247101] by keith_miller@apple.com
  • 10 edits in trunk/Source

PACCage should first cage leaving PAC bits intact then authenticate
https://bugs.webkit.org/show_bug.cgi?id=199372

Reviewed by Saam Barati.

Source/bmalloc:

  • bmalloc/ProcessCheck.mm:

(bmalloc::shouldProcessUnconditionallyUseBmalloc):

Source/JavaScriptCore:

This ordering prevents someone from taking a signed pointer from
outside the gigacage and using it in a struct that expects a caged
pointer. Previously, the PACCaging just double checked that the PAC
bits were valid for the original pointer.

+---------------------------+
| | | |
| "PAC" | "base" | "offset" +----+
| | | | |
+---------------------------+ | Caging

| |
| |
| v
| +---------------------------+
| | | | |
| Bit Merge | 00000 | base | "offset" |
| | | | |
| +---------------------------+
| |
| |
v | Bit Merge

+---------------------------+ |
| | | | |
| "PAC" | base | "offset" +<--------+
| | | |
+---------------------------+

|
|
| Authenticate
|
v

+---------------------------+
| | | |
| Auth | base | "offset" |
| | | |
+---------------------------+

The above ascii art graph shows how the PACCage system works. The
key take away is that even if someone passes in a valid, signed
pointer outside the cage it will still fail to authenticate as the
"base" bits will change before authentication.

  • assembler/MacroAssemblerARM64E.h:
  • assembler/testmasm.cpp:

(JSC::testCagePreservesPACFailureBit):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::caged):

  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::cageConditionally):

  • llint/LowLevelInterpreter64.asm:

Source/WTF:

  • wtf/CagedPtr.h:

(WTF::CagedPtr::get const):
(WTF::CagedPtr::getMayBeNull const):
(WTF::CagedPtr::mergePointers):

12:59 PM Changeset in webkit [247100] by Wenson Hsieh
  • 3 edits
    2 moves
    2 adds in trunk

REGRESSION (iOS 13): Tapping an element with a click event handler no longer clears the selection
https://bugs.webkit.org/show_bug.cgi?id=199430

Reviewed by Tim Horton.

Source/WebCore:

After <trac.webkit.org/r245067>, we no longer immediately clear the text selection when recognizing a single tap
in WKContentView, and instead only clear it out in the case where the single tap didn't result in a click event
in the web process. This fixed an issue wherein the text selection would be prematurely cleared when tapping,
but also made it such that tapping on an element with a click event handler would not cause the selection to
change, even if preventDefault() is not called on mousedown. On web pages that add a click event listener to
document.body, it's nearly impossible to dismiss text selections by tapping elsewhere in the body.

On macOS, this works because EventHandler::handleMousePressEventSingleClick contains logic to modify the
selection when handling a mousedown, as a part of default behavior. However, there is platform-specific logic
added in <trac.webkit.org/r233311> that avoids changing the selection when handling a synthetic mousedown on
iOS; this is because we defer to the single tap text interaction gesture on iOS, which (among other things)
provides additional support for moving the selection to word boundaries, instead of the editing position
directly under the click.

However, no such platform-specific text interaction single tap gesture exists for non-editable text, so there's
no reason we need to bail in the case where the root editable element is null. We can fix this bug without
breaking the fix in r233311 by matching macOS behavior and not bailing via early return in the case where the
single tap would move selection into non-editable text.

Tests: editing/selection/ios/clear-selection-after-tapping-on-element-with-click-handler.html

editing/selection/ios/persist-selection-after-tapping-on-element-with-mousedown-handler.html

  • page/EventHandler.cpp:

(WebCore::EventHandler::handleMousePressEventSingleClick):

LayoutTests:

Add and adjust layout tests to verify that calling preventDefault() on mousedown on iOS causes an existing
selection to not be cleared, and that tapping in an element with a click handler clears out the selection.

  • editing/selection/ios/clear-selection-after-tapping-on-element-with-click-handler-expected.txt: Added.
  • editing/selection/ios/clear-selection-after-tapping-on-element-with-click-handler.html: Added.
  • editing/selection/ios/persist-selection-after-tapping-on-element-with-mousedown-handler-expected.txt: Renamed.
  • editing/selection/ios/persist-selection-after-tapping-on-element-with-mousedown-handler.html:

Renamed from LayoutTests/editing/selection/ios/persist-selection-after-tapping-on-element-with-click-handler.html,
and adjusted to call preventDefault() on mousedown events instead of click events. Also, remove a bit of
trailing whitespace.

12:53 PM Changeset in webkit [247099] by Ryan Haddad
  • 2 edits in trunk/LayoutTests

Rebaseline fast/events/ios/keydown-keyup-special-keys-in-non-editable-element.html
https://bugs.webkit.org/show_bug.cgi?id=199459

Unreviewed Test Gardening.

Patch by Russell Epstein <russell_e@apple.com> on 2019-07-03

  • fast/events/ios/keydown-keyup-special-keys-in-non-editable-element-expected.txt:
12:53 PM Changeset in webkit [247098] by Alan Bujtas
  • 6 edits
    2 copies
    2 adds in trunk

Source/WebKit:
[ContentChangeObserver] REGRESSION (r244356): Drop down menus collapse without user input - Ebay.com
https://bugs.webkit.org/show_bug.cgi?id=199457
<rdar://problem/52386563>

Reviewed by Simon Fraser.

There's a fixed, 32ms window for observing content changes after the tap is committed. r244356 introduced the fast-click behavior on form elements by omitting this fixed window and
dispatch the synthetic click on the target node.
This patch preserves the fast-click behavior, but now we stay at hover if the mouseMove event triggers a synchronous actionable visiblity change (as opposed to always proceed with click).

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::handleSyntheticClick):

LayoutTests:
REGRESSION (r244356): Drop down menus collapse without user input - Ebay.com
https://bugs.webkit.org/show_bug.cgi?id=199457
<rdar://problem/52386563>

Reviewed by Simon Fraser.

  • fast/events/touch/ios/content-observation/tap-on-input-type-button-element-with-async-clickable-change-expected.txt: Added.
  • fast/events/touch/ios/content-observation/tap-on-input-type-button-element-with-async-clickable-change.html: Copied from LayoutTests/fast/events/touch/ios/content-observation/tap-on-input-type-button-element.html.
  • fast/events/touch/ios/content-observation/tap-on-input-type-button-element-with-clickable-change-expected.txt: Added.
  • fast/events/touch/ios/content-observation/tap-on-input-type-button-element-with-clickable-change.html: Copied from LayoutTests/fast/events/touch/ios/content-observation/tap-on-input-type-button-element.html.
  • fast/events/touch/ios/content-observation/tap-on-input-type-button-element.html:
12:52 PM Changeset in webkit [247097] by commit-queue@webkit.org
  • 9 edits
    6 adds in trunk/Source/JavaScriptCore

Refactoring of architectural Register Information
https://bugs.webkit.org/show_bug.cgi?id=198604

Patch by Paulo Matos <Paulo Matos> on 2019-07-03
Reviewed by Keith Miller.

The goal of this patch is to centralize the register information per platform
but access it in a platform independent way. The patch as been implemented for all
known platforms: ARM64, ARMv7, MIPS, X86 and X86_64. Register information has
been centralized in an architecture per-file: each file is called assembler/<arch>Registers.h.

RegisterInfo.h is used as a forwarding header to choose which register information to load.
assembler/<arch>Assembler.h and jit/RegisterSet.cpp use this information in a platform
independent way.

  • CMakeLists.txt:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::gprName): Use register names from register info file.
(JSC::ARM64Assembler::sprName): likewise.
(JSC::ARM64Assembler::fprName): likewise.

  • assembler/ARM64Registers.h: Added.
  • assembler/ARMv7Assembler.h:

(JSC::ARMv7Assembler::gprName): Use register names from register info file.
(JSC::ARMv7Assembler::sprName): likewise.
(JSC::ARMv7Assembler::fprName): likewise.

  • assembler/ARMv7Registers.h: Added.
  • assembler/MIPSAssembler.h:

(JSC::MIPSAssembler::gprName): Use register names from register info file.
(JSC::MIPSAssembler::sprName): likewise.
(JSC::MIPSAssembler::fprName): likewise.

  • assembler/MIPSRegisters.h: Added.
  • assembler/RegisterInfo.h: Added.
  • assembler/X86Assembler.h:

(JSC::X86Assembler::gprName): Use register names from register info file.
(JSC::X86Assembler::sprName): likewise.
(JSC::X86Assembler::fprName): likewise.

  • assembler/X86Registers.h: Added.
  • assembler/X86_64Registers.h: Added.
  • jit/GPRInfo.h: Fix typo in comment (s/basline/baseline).
  • jit/RegisterSet.cpp:

(JSC::RegisterSet::reservedHardwareRegisters): Use register properties from register info file.
(JSC::RegisterSet::calleeSaveRegisters): likewise.

12:50 PM Changeset in webkit [247096] by commit-queue@webkit.org
  • 4 edits
    2 deletes in trunk/Source/WebKit

[GTK][WPE] Remove Flatpak sandbox
https://bugs.webkit.org/show_bug.cgi?id=199416

Patch by Patrick Griffis <Patrick Griffis> on 2019-07-03
Reviewed by Michael Catanzaro.

The flatpak-spawn based sandbox was only a proof of concept and
lacks flexibility for our needs so we ended up using it with very
permissive permissions and it still imposed limitations that our main
bubblewrap sandbox didn't have.

So in order to get as many applications using the sandbox as possible we
will just remove this for now and focus on bubblewrap. At some point
it may be possible to improve flatpak-spawn to fit our needs.

  • SourcesGTK.txt:
  • SourcesWPE.txt:
  • UIProcess/Launcher/glib/FlatpakLauncher.cpp: Removed.
  • UIProcess/Launcher/glib/FlatpakLauncher.h: Removed.
  • UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:

(WebKit::ProcessLauncher::launchProcess):

11:11 AM Changeset in webkit [247095] by Ryan Haddad
  • 8 edits in trunk/Source

Unreviewed, rolling out r246616.

Caused http/tests/inspector/network/har/har-page.html to fail
on Catalina.

Reverted changeset:

"Web Inspector: Network: replace CFNetwork SPI with new API
where able"
https://bugs.webkit.org/show_bug.cgi?id=198762
https://trac.webkit.org/changeset/246616

10:48 AM Changeset in webkit [247094] by Chris Dumez
  • 3 edits in trunk/Source/WebKit

Crash under WTF::RefCounted<WebKit::TaskCounter>::deref()
https://bugs.webkit.org/show_bug.cgi?id=199453
<rdar://problem/51991477>

Reviewed by Youenn Fablet.

The crash was caused by StorageManager::suspend() getting called on the main thread but calling
its completion handler on a background queue. The completion handler was capturing a TaskCounter
object which is RefCounted (not ThreadSafeRefCounted).

Address the issue by making sure StorageManager::suspend() calls its completion handler on the
main thread. Also get rid of TaskCounter and use a WTF::CallbackAggregator instead.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::actualPrepareToSuspend):
(WebKit::TaskCounter::TaskCounter): Deleted.
(WebKit::TaskCounter::~TaskCounter): Deleted.

  • NetworkProcess/WebStorage/StorageManager.cpp:

(WebKit::StorageManager::suspend):

10:40 AM Changeset in webkit [247093] by commit-queue@webkit.org
  • 5 edits in trunk

Safari hanging while loading pages - WebCore::AccessibilityRenderObject::visiblePositionRangeForLine.
https://bugs.webkit.org/show_bug.cgi?id=199434
<rdar://problem/52475140>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-07-03
Reviewed by Chris Fleizach.

Source/WebCore:

Tests were disabled until underlying bug is fixed.

Rolling out a workaround for CharacterIterator::advance bug because it
seems to be causing a hang in Safari.

  • editing/Editing.cpp:

(WebCore::visiblePositionForIndexUsingCharacterIterator):

LayoutTests:

Disabled the tests that were passing for workaround. The workaround had
to be roll out cause it is hanging Safari.

10:28 AM Changeset in webkit [247092] by youenn@apple.com
  • 3 edits in trunk/Source/WebKit

Make sure to cross-thread copy in StorageManager when hopping back to the main thread
https://bugs.webkit.org/show_bug.cgi?id=199423

Reviewed by Chris Dumez.

Make sure to isolate copy some strings that may not be isolated in case of ephemeral sessions.
Small refactoring to use crossThreadCopy instead of doing vector copy ourselves.

  • NetworkProcess/WebStorage/LocalStorageDatabaseTracker.h:

(WebKit::LocalStorageDatabaseTracker::OriginDetails::isolatedCopy const):

  • NetworkProcess/WebStorage/StorageManager.cpp:

(WebKit::StorageManager::deleteSessionStorageEntriesForOrigins):
(WebKit::StorageManager::getLocalStorageOrigins):
(WebKit::StorageManager::getLocalStorageOriginDetails):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):

5:26 AM Changeset in webkit [247091] by aakash_jain@apple.com
  • 2 edits in trunk/Tools

Unreviewed follow-up fix to r247049, default the platform to '*' when platform property is not set.

  • BuildSlaveSupport/ews-build/steps.py:

(PrintConfiguration.run):

1:04 AM BuildingCairoOnWindows edited by Fujii Hironori
(diff)
12:00 AM Changeset in webkit [247090] by jh718.park@samsung.com
  • 2 edits in trunk/Source/WebKit

Unreviewed. Fix build break introduced in r247058.

Patch by Joonghun Park <jh718.park@samsung.com> on 2019-07-02

  • UIProcess/API/gtk/WebKitRemoteInspectorProtocolHandler.cpp:

Jul 2, 2019:

11:13 PM Changeset in webkit [247089] by Simon Fraser
  • 2 edits in trunk/Source/WebCore

REGRESSION (r246723): ScrollingTreeOverflowScrollProxyNode::m_overflowScrollingNodeID is uninitialized sometimes
https://bugs.webkit.org/show_bug.cgi?id=199432

Reviewed by Antti Koivisto.

I noticed while debugging rdar://problem/52291642 that m_overflowScrollingNodeID was uninitialized in
ScrollingTreeOverflowScrollProxyNode. This could lead to the wrong node being found by m_scrollingTree->nodeForID(),
which could result in type confusion bugs.

This can happen with negative z-order layers when we fail to find their related scrolling tree node
on the first pass.

  • page/scrolling/cocoa/ScrollingTreeOverflowScrollProxyNode.h:
11:01 PM Changeset in webkit [247088] by msaboff@apple.com
  • 3 edits
    1 add in trunk

JSTests:
Exception from For..of loop assignment eliminates TDZ checks in subsequent code
https://bugs.webkit.org/show_bug.cgi?id=199395

Reviewed by Filip Pizlo.

New regession test.

  • stress/for-of-tdz-with-try-catch.js: Added.

(test):
(i.catch):

Source/JavaScriptCore:
Exception from For..of loop destructured assignment eliminates TDZ checks in subsequent code
https://bugs.webkit.org/show_bug.cgi?id=199395

Reviewed by Filip Pizlo.

For destructuring assignmests, the assignment might throw a reference error if
the RHS cannot be coerced. The current bytecode generated for such assignments
optimizes out the TDZ check after the coercible check.

By saving the current state of the TDZ stack before processing the setting of
target destructured values and then restoring afterwards, we won't optimize out
later TDZ check(s).

A similar change of saving / restoring the TDZ stack where exceptions might
happen was done for for..in loops in change set r232219.

  • bytecompiler/NodesCodegen.cpp:

(JSC::ObjectPatternNode::bindValue const):

10:43 PM Changeset in webkit [247087] by zandobersek@gmail.com
  • 3 edits in trunk/Source/WebCore

FetchResponse::BodyLoader should not be movable
https://bugs.webkit.org/show_bug.cgi?id=199380

Reviewed by Youenn Fablet.

The FetchResponse::BodyLoader class has a FetchLoader member that is
initialized in the start() method with the reference of the owning
FetchResponse::BodyLoader object. This reference doesn't change when
the FetchResponse::BodyLoader object is moved into a different object
and the FetchLoader unique_ptr along with it, leading to problems when
that FetchLoader tries to invoke the FetchLoaderClient methods on the
FetchResponse::BodyLoader object that's been moved from and is possibly
already destroyed.

To avoid this, the FetchResponse::BodyLoader has the move constructor
removed and is now managed through std::unique_ptr instead of Optional,
ensuring the FetchResponse::BodyLoader object itself isn't moved around.

  • Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::fetch):
(WebCore::FetchResponse::BodyLoader::didSucceed):
(WebCore::FetchResponse::BodyLoader::didFail):

  • Modules/fetch/FetchResponse.h:
8:42 PM Changeset in webkit [247086] by Fujii Hironori
  • 4 edits
    4 deletes in trunk/LayoutTests

imported/blink/animations/display-inline-style-adjust.html isn't a valid ref test
https://bugs.webkit.org/show_bug.cgi?id=199311

Reviewed by Simon Fraser.

These tests are depending on platform font metrics. They were
created for a Blink bug, doesn't seem useful for WebKit. Just
removed them.

  • imported/blink/animations/display-inline-style-adjust.html: Deleted.
  • legacy-animation-engine/imported/blink/animations/display-inline-style-adjust.html: Deleted.
  • platform/gtk/TestExpectations: Unmarked them.
  • platform/ios/TestExpectations: Ditto.
  • platform/wpe/TestExpectations: Ditto.
6:41 PM Changeset in webkit [247085] by commit-queue@webkit.org
  • 7 edits
    7 adds in trunk

Assertion fires when animating the 'class' attribute of an SVG element
https://bugs.webkit.org/show_bug.cgi?id=197372

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2019-07-02
Reviewed by Ryosuke Niwa.

Source/WebCore:

All instances of SVG animated properties have to share a single animVal
such that once its value is progressed, all the instances will see the
change. This was not happening for SVGAnimatedPrimitiveProperty. To do
that we need to:

-- Introduce the new template class SVGSharedPrimitiveProperty which is

derived from SVGProperty. This class manages a single primitive value.

-- Change the type of SVGAnimatedPrimitiveProperty::m_animVal to

RefPtr<SVGSharedPrimitiveProperty<PropertyType>>. The master property
creates it and all the instances hold references to the same pointer.

-- Change the type of SVGAnimatedPrimitiveProperty::m_baseVal to

Ref<SVGSharedPrimitiveProperty<PropertyType>> for simplicity and get
rid of SVGAnimatedPrimitiveProperty::m_state.

-- Override the virtual methods instanceStartAnimation() and

instanceStopAnimation() of SVGAnimatedPrimitiveProperty.

-- SVGAnimatedStringAnimator should invalidate the style of the target

element if attribute name is 'class' and when its animVal changes.

  • WebCore.xcodeproj/project.pbxproj:
  • svg/properties/SVGAnimatedPrimitiveProperty.h:

(WebCore::SVGAnimatedPrimitiveProperty::setBaseVal):
(WebCore::SVGAnimatedPrimitiveProperty::setBaseValInternal):
(WebCore::SVGAnimatedPrimitiveProperty::baseVal const):
(WebCore::SVGAnimatedPrimitiveProperty::setAnimVal):
(WebCore::SVGAnimatedPrimitiveProperty::animVal const):
(WebCore::SVGAnimatedPrimitiveProperty::animVal):
(WebCore::SVGAnimatedPrimitiveProperty::currentValue const):
(WebCore::SVGAnimatedPrimitiveProperty::SVGAnimatedPrimitiveProperty):
(WebCore::SVGAnimatedPrimitiveProperty::ensureAnimVal):

  • svg/properties/SVGAnimatedPropertyAnimatorImpl.h:
  • svg/properties/SVGAttributeAnimator.cpp:

(WebCore::SVGAttributeAnimator::invalidateStyle):
(WebCore::SVGAttributeAnimator::applyAnimatedStylePropertyChange):
(WebCore::SVGAttributeAnimator::removeAnimatedStyleProperty):

  • svg/properties/SVGAttributeAnimator.h:
  • svg/properties/SVGSharedPrimitiveProperty.h: Added.

(WebCore::SVGSharedPrimitiveProperty::create):
(WebCore::SVGSharedPrimitiveProperty::value const):
(WebCore::SVGSharedPrimitiveProperty::value):
(WebCore::SVGSharedPrimitiveProperty::setValue):
(WebCore::SVGSharedPrimitiveProperty::SVGSharedPrimitiveProperty):

LayoutTests:

  • svg/animations/animated-bool-externalResourcesRequired-instances-expected.svg: Added.
  • svg/animations/animated-bool-externalResourcesRequired-instances.svg: Added.
  • svg/animations/animated-string-class-instances-expected.svg: Added.
  • svg/animations/animated-string-class-instances.svg: Added.
  • svg/animations/animated-string-href-expected.svg: Added.
  • svg/animations/animated-string-href.svg: Added.
6:10 PM Changeset in webkit [247084] by Alan Coon
  • 1 copy in tags/Safari-607.3.8

Tag Safari-607.3.8.

5:15 PM Changeset in webkit [247083] by Ryan Haddad
  • 3 edits in trunk/LayoutTests

[macOS WK2] REGRESSION (r242313): Layout Test scrollingcoordinator/mac/multiple-fixed.html is a flaky time out and image diff
https://bugs.webkit.org/show_bug.cgi?id=195635

Unreviewed test gardening.

Move test expectation entry to a more specific file.

  • platform/mac-wk2/TestExpectations:
  • platform/mac/TestExpectations:
4:58 PM Changeset in webkit [247082] by youenn@apple.com
  • 2 edits in trunk/Source/WebKit

StorageManager does not need to be a WorkQueueMessageReceiver anymore
https://bugs.webkit.org/show_bug.cgi?id=199421

Reviewed by Chris Dumez.

  • NetworkProcess/WebStorage/StorageManager.h:
4:53 PM Changeset in webkit [247081] by sbarati@apple.com
  • 2 edits in trunk/LayoutTests

[WHLSL] Change whlsl-two-dimensional-array.html to not be flaky on AMD Radeon Pro GPUs
https://bugs.webkit.org/show_bug.cgi?id=199424

Reviewed by Myles C. Maxfield.

  • webgpu/whlsl-two-dimensional-array.html:
4:44 PM Changeset in webkit [247080] by aakash_jain@apple.com
  • 3 edits in trunk/Tools

[ews-build] Add build steps to Install Wpe and Gtk dependencies
https://bugs.webkit.org/show_bug.cgi?id=199408

Reviewed by Michael Catanzaro.

  • BuildSlaveSupport/ews-build/steps.py:

(InstallGtkDependencies): Build step to install dependencies for GTK. Set haltOnFailure=False so that in case of failure, build isn't
marked as failed (which would indicated patch failed EWS), instead subsequent steps would be run and the build would be marked as RETRY.
(InstallWpeDependencies): Ditto for WPE.

  • BuildSlaveSupport/ews-build/steps_unittest.py: Added unit-tests.
4:29 PM Changeset in webkit [247079] by commit-queue@webkit.org
  • 10 edits in trunk/Source

Unreviewed, rolling out r247041.
https://bugs.webkit.org/show_bug.cgi?id=199425

broke some iOS arm64e tests (Requested by keith_miller on
#webkit).

Reverted changeset:

"PACCage should first cage leaving PAC bits intact then
authenticate"
https://bugs.webkit.org/show_bug.cgi?id=199372
https://trac.webkit.org/changeset/247041

4:07 PM Changeset in webkit [247078] by Chris Dumez
  • 7 edits in trunk/Source

ThreadSafeRefCounted<DestructionThread::Main> is not safe to use in the UIProcess
https://bugs.webkit.org/show_bug.cgi?id=199420
<rdar://problem/52289717>

Reviewed by Ryosuke Niwa.

Source/WebKit:

Update IPC::Connection and DeviceIdHashSaltStorage to use DestructionThread::MainRunLoop
instead of DestructionThread::Main, since both classes are used in the UIProcess.

Using DestructionThread::Main is not safe in the UIProcess because its implementation relies
on isMainThread() / callOnMainThread(). Those get confused about which thread is the main
thread when an application uses both WK1 and WK2.

  • Platform/IPC/Connection.h:
  • UIProcess/DeviceIdHashSaltStorage.h:

Source/WTF:

  • wtf/MainThread.cpp:

(WTF::isMainRunLoop):
(WTF::callOnMainRunLoop):

  • wtf/MainThread.h:

Add some function to MainThread.h to be used by ThreadSafeRefCounted to interact with the
main RunLoop. This is used to avoid a circular dependency between RunLoop (which is
ThreadSafeRefCounted) and ThreadSafeReCounted.

  • wtf/ThreadSafeRefCounted.h:

(WTF::ThreadSafeRefCounted::deref const):
Add a new DestructionThread::MainRunLoop enum value to be used by classes that need to
be destroyed on the main RunLoop rather than the main thread (which may be different
when WK1 is invoved)

4:05 PM Changeset in webkit [247077] by Alan Coon
  • 7 edits
    2 deletes in tags/Safari-608.1.33

Revert r247015. rdar://problem/52552864

4:05 PM Changeset in webkit [247076] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit

[GTK][WPE] Explicitly blacklist problematic directories for sandbox
https://bugs.webkit.org/show_bug.cgi?id=199367

Patch by Patrick Griffis <Patrick Griffis> on 2019-07-02
Reviewed by Michael Catanzaro.

There are some directories that simply do not make sense to bind into the sandbox
and will only cause issues such as /proc so lets just block them.

  • UIProcess/API/glib/WebKitWebContext.cpp:

(path_is_not_blacklisted):
(webkit_web_context_add_path_to_sandbox):

4:03 PM Changeset in webkit [247075] by aakash_jain@apple.com
  • 2 edits in trunk/Tools

[ews-build] Allow skipping uploading built product for few builders
https://bugs.webkit.org/show_bug.cgi?id=199422

Reviewed by Michael Catanzaro.

  • BuildSlaveSupport/ews-build/steps.py:

(CompileWebKit.init): Added optional skipUpload parameter.
(CompileWebKit.evaluateCommand): Allow to skip upload if there are no triggers and skipUpload is True.

3:43 PM Changeset in webkit [247074] by Alan Coon
  • 1 edit in branches/safari-607-branch/Source/WebCore/loader/DocumentWriter.cpp

Unreviewed build fix. rdar://problem/52054321

3:04 PM Changeset in webkit [247073] by timothy_horton@apple.com
  • 4 edits in trunk

REGRESSION (r243240): Unable to swipe back in Safari
https://bugs.webkit.org/show_bug.cgi?id=199394
<rdar://problem/51137447>

Reviewed by Wenson Hsieh.

Source/WebKit:

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _processDidExit]):
r243240 started nilling out the ViewGestureController, but we don't actually
expect that; the only time WKWebView's ViewGestureController goes away
is if the client turns off the gestures... and so nothing ever puts it back.
Instead, just always disconnect, don't nil it out.

Tools:

  • TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:

Make sure that we actually end up with swipe gesture recognizers installed
after process swap and crash.

1:52 PM Changeset in webkit [247072] by Chris Dumez
  • 6 edits in trunk/Source/WebKit

Protect NetworkProcess::m_networkSessions against corruption
https://bugs.webkit.org/show_bug.cgi?id=199418
<rdar://problem/50614019>

Reviewed by Youenn Fablet.

I believe the most likely reason for the crash at <rdar://problem/50614019> is that NetworkProcess::m_networkSessions
is getting corrupted and is returning us a bad pointer.

To harden our code, I added debug assertions to make sure that this HashMap is only used on the main thread and
to make sure that the sessionID used as key is always valid. I have also added if checks to avoid crashing in
release whenever possible.

Note that we came to a similar conclusion for NetworkProcess::m_swServers when investigating rdar://problem/51859081,
so the two radars are potentially related. Both HashMaps are owned by the NetworkProcess and use a SessionID
as key.

  • NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::cookiesForDOM):
(WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM):
(WebKit::NetworkConnectionToWebProcess::logUserInteraction):
(WebKit::NetworkConnectionToWebProcess::logWebSocketLoading):
(WebKit::NetworkConnectionToWebProcess::logSubresourceLoading):
(WebKit::NetworkConnectionToWebProcess::logSubresourceRedirect):
(WebKit::NetworkConnectionToWebProcess::hasStorageAccess):
(WebKit::NetworkConnectionToWebProcess::requestStorageAccess):
(WebKit::NetworkConnectionToWebProcess::requestStorageAccessUnderOpener):

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::networkSession const):
(WebKit::NetworkProcess::setSession):
(WebKit::NetworkProcess::destroySession):
(WebKit::NetworkProcess::addKeptAliveLoad):
(WebKit::NetworkProcess::removeKeptAliveLoad):
(WebKit::NetworkProcess::webProcessWasDisconnected):

  • NetworkProcess/NetworkProcess.h:
  • NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::NetworkResourceLoader::retrieveCacheEntry):
(WebKit::NetworkResourceLoader::didFinishWithRedirectResponse):
(WebKit::NetworkResourceLoader::tryStoreAsCacheEntry):
(WebKit::NetworkResourceLoader::shouldLogCookieInformation):

  • NetworkProcess/ios/NetworkConnectionToWebProcessIOS.mm:

(WebKit::NetworkConnectionToWebProcess::paymentCoordinatorBoundInterfaceIdentifier):
(WebKit::NetworkConnectionToWebProcess::paymentCoordinatorCTDataConnectionServiceType):
(WebKit::NetworkConnectionToWebProcess::paymentCoordinatorSourceApplicationBundleIdentifier):
(WebKit::NetworkConnectionToWebProcess::paymentCoordinatorSourceApplicationSecondaryIdentifier):

1:24 PM Changeset in webkit [247071] by commit-queue@webkit.org
  • 23 edits in trunk

Enhance support of aria-haspopup per ARIA 1.1 specification.
https://bugs.webkit.org/show_bug.cgi?id=199216
<rdar://problem/46221342>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-07-02
Reviewed by Chris Fleizach.

Source/WebCore:

Test button-with-aria-haspopup-role.html was expanded to cover testing
of new functionality.

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::popupValue const): replaces hasPopupValue.
(WebCore::AccessibilityObject::hasPopupValue const): Deleted.

  • accessibility/AccessibilityObject.h:
  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::hasPopup const): method rename.

  • accessibility/atk/WebKitAccessible.cpp:

(webkitAccessibleGetAttributes): method rename.

  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper accessibilityPopupValue]):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

Tools:

  • DumpRenderTree/AccessibilityUIElement.cpp:

(getPopupValueCallback):
(AccessibilityUIElement::getJSClass):

  • DumpRenderTree/AccessibilityUIElement.h:
  • DumpRenderTree/mac/AccessibilityUIElementMac.mm:

(AccessibilityUIElement::popupValue const):

  • WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h:
  • WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl:
  • WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::popupValue const):

  • WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:

(WTR::AccessibilityUIElement::popupValue const):

LayoutTests:

  • accessibility/button-with-aria-haspopup-role-expected.txt:
  • accessibility/button-with-aria-haspopup-role.html:
  • accessibility/ios-simulator/button-with-aria-haspopup-role-expected.txt:
  • accessibility/ios-simulator/button-with-aria-haspopup-role.html:
1:02 PM Changeset in webkit [247070] by Kocsen Chung
  • 5 edits in branches/safari-607.3.1.2-branch/Source/JavaScriptCore

Revert r246801. rdar://problem/52505032

12:51 PM Changeset in webkit [247069] by aakash_jain@apple.com
  • 3 edits in trunk/Tools

[ews-build] Do not print worker environment variables in each build step [part 2]
https://bugs.webkit.org/show_bug.cgi?id=199405

Reviewed by Jonathan Bedard.

  • BuildSlaveSupport/ews-build/steps.py:

(CheckOutSpecificRevision.init): Disabled logging of environment variables.
(CleanWorkingDirectory.init): Ditto.
(RunBindingsTests.init): Ditto.
(RunWebKitPerlTests.init): Ditto.
(RunWebKitPyTests.init): Ditto.
(CompileWebKit.init): Ditto.
(ArchiveTestResults.init): Ditto.

  • BuildSlaveSupport/ews-build/steps_unittest.py: Updated unit-tests.
12:51 PM Changeset in webkit [247068] by Kocsen Chung
  • 5 edits in branches/safari-607-branch/Source/JavaScriptCore

Revert r246801. rdar://problem/52505041

12:06 PM Changeset in webkit [247067] by sbarati@apple.com
  • 6 edits
    2 adds in trunk

[WHLSL] Import bitwise bool tests
https://bugs.webkit.org/show_bug.cgi?id=199093

Reviewed by Myles C. Maxfield.

Source/WebCore:

Add standard library functions for:

  • bool bit ops
  • converting from bool to number
  • converting from number to bool

Test: webgpu/whlsl-bitwise-bool-ops.html

  • Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt:

LayoutTests:

This patch makes it so that we can mark bools as input and output types in the
WHLSL harness. Since bool is not something WHLSL itself allows as an entrypoint
input/output type (because we don't specify its bit pattern), we convert between
bool and int in the input and output of the function. For now, we don't support
a buffer of bools for the input type as a simplification, so we don't have to worry
about dynamically converting an int buffer to a bool buffer. We could add this
in the future if we found it helpful, but we don't have a strong reason for supporting
it right now.

This patch also starts the process of importing the WHLSL test suite by importing bool
bit op tests.

  • webgpu/js/whlsl-test-harness.js:

(convertTypeToArrayType):
(whlslArgumentType):
(convertToWHLSLOutputType):
(convertToWHLSLInputType):
(Data):
(Harness.prototype.get isWHLSL):
(Harness.prototype.async.callTypedFunction):
(Harness.prototype._setUpArguments):
(callVoidFunction):

  • webgpu/whlsl-bitwise-bool-ops-expected.txt: Added.
  • webgpu/whlsl-bitwise-bool-ops.html: Added.
  • webgpu/whlsl-test-harness-test-expected.txt:
  • webgpu/whlsl-test-harness-test.html:
11:55 AM Changeset in webkit [247066] by Alan Coon
  • 6 edits in branches/safari-607-branch/Source/WebCore

Cherry-pick r247017. rdar://problem/52054321

More judiciously handle clearing/creation of DOMWindows for new Documents.
<rdar://problem/51665406> and https://bugs.webkit.org/show_bug.cgi?id=198786

Reviewed by Chris Dumez.

  • bindings/js/ScriptController.cpp: (WebCore::ScriptController::executeIfJavaScriptURL):
  • loader/DocumentWriter.cpp: (WebCore::DocumentWriter::replaceDocumentWithResultOfExecutingJavascriptURL): Rename for clarity. (WebCore::DocumentWriter::begin): Handle DOMWindow taking/creation inside FrameLoader::clear via a lambda. (WebCore::DocumentWriter::replaceDocument): Deleted.
  • loader/DocumentWriter.h:
  • loader/FrameLoader.cpp: (WebCore::FrameLoader::clear): Take a "handleDOMWindowCreation" lambda to run after clearing the previous document.
  • loader/FrameLoader.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247017 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:46 AM Changeset in webkit [247065] by keith_miller@apple.com
  • 3 edits
    1 add in trunk

Frozen Arrays length assignment should throw in strict mode
https://bugs.webkit.org/show_bug.cgi?id=199365

Reviewed by Yusuke Suzuki.

JSTests:

  • stress/frozen-array-length-should-throw-strict.js: Added.

(test):

Source/JavaScriptCore:

  • runtime/JSArray.cpp:

(JSC::JSArray::put):

11:28 AM Changeset in webkit [247064] by commit-queue@webkit.org
  • 5 edits
    3 adds in trunk

[Curl] Fix CookieJarCurl::getRawCookie.
https://bugs.webkit.org/show_bug.cgi?id=199300

Patch by Takashi Komori <Takashi.Komori@sony.com> on 2019-07-02
Reviewed by Fujii Hironori.

Source/WebCore:

On wincairo some cookie information was not displayed in WebInspector's storage tab as
CookieJarCurl::getRawCookies was calling CookieJarDB::searchCookies with wrong arguments.
This patch fixes it.

Test: http/tests/inspector/page/get-cookies.html

  • platform/network/curl/CookieJarCurl.cpp:

(WebCore::CookieJarCurl::getRawCookies const):

LayoutTests:

  • http/tests/inspector/page/get-cookies-expected.txt: Added.
  • http/tests/inspector/page/get-cookies.html: Added.
  • http/tests/inspector/page/resources/set-cookie.php: Added.
  • platform/wincairo-wk1/TestExpectations:
  • platform/wincairo/TestExpectations:
11:20 AM Changeset in webkit [247063] by Alan Coon
  • 7 edits in trunk/Source

Versioning.

11:13 AM Changeset in webkit [247062] by rmorisset@apple.com
  • 14 edits in trunk/Source

[WHLSL] the initializer in VariableDeclaration should be a std::unique_ptr, not Optional<UniqueRef<..>>
https://bugs.webkit.org/show_bug.cgi?id=199389

Reviewed by Sam Weinig.

Source/WebCore:

Optional<UniqueRef<..>> is not only semantically weird (UniqueRef is basically a unique_ptr that promises not to be null), but also inefficient, wasting 8 bytes for the boolean in Optional.
It is a pattern that appears throughout the AST. In this patch I start by removing it in a fairly simple spot: the initializer for VariableDeclaration.

No test because there is no intended functional change.

  • Modules/webgpu/WHLSL/AST/WHLSLReadModifyWriteExpression.h:

(WebCore::WHLSL::AST::ReadModifyWriteExpression::ReadModifyWriteExpression):

  • Modules/webgpu/WHLSL/AST/WHLSLVariableDeclaration.h:

(WebCore::WHLSL::AST::VariableDeclaration::VariableDeclaration):
(WebCore::WHLSL::AST::VariableDeclaration::initializer):
(WebCore::WHLSL::AST::VariableDeclaration::takeInitializer):
(WebCore::WHLSL::AST::VariableDeclaration::setInitializer):

  • Modules/webgpu/WHLSL/WHLSLAutoInitializeVariables.cpp:

(WebCore::WHLSL::AutoInitialize::visit):

  • Modules/webgpu/WHLSL/WHLSLChecker.cpp:

(WebCore::WHLSL::resolveWithOperatorAnderIndexer):
(WebCore::WHLSL::resolveWithOperatorLength):
(WebCore::WHLSL::resolveWithReferenceComparator):

  • Modules/webgpu/WHLSL/WHLSLParser.cpp:

(WebCore::WHLSL::Parser::parseParameter):
(WebCore::WHLSL::Parser::parseVariableDeclaration):

  • Modules/webgpu/WHLSL/WHLSLPreserveVariableLifetimes.cpp:
  • Modules/webgpu/WHLSL/WHLSLPropertyResolver.cpp:

(WebCore::WHLSL::wrapAnderCallArgument):
(WebCore::WHLSL::modify):
(WebCore::WHLSL::PropertyResolver::visit):

  • Modules/webgpu/WHLSL/WHLSLSynthesizeArrayOperatorLength.cpp:

(WebCore::WHLSL::synthesizeArrayOperatorLength):

  • Modules/webgpu/WHLSL/WHLSLSynthesizeConstructors.cpp:

(WebCore::WHLSL::synthesizeConstructors):

  • Modules/webgpu/WHLSL/WHLSLSynthesizeEnumerationFunctions.cpp:

(WebCore::WHLSL::synthesizeEnumerationFunctions):

  • Modules/webgpu/WHLSL/WHLSLSynthesizeStructureAccessors.cpp:

(WebCore::WHLSL::synthesizeStructureAccessors):

Source/WTF:

  • wtf/UniqueRef.h:

(WTF::UniqueRef::moveToUniquePtr): Added.

11:12 AM Changeset in webkit [247061] by Alan Coon
  • 7 edits in tags/Safari-608.1.33/Source

Versioning.

11:08 AM Changeset in webkit [247060] by Alan Coon
  • 1 copy in tags/Safari-608.1.33

Tag Safari-608.1.33.

11:00 AM Changeset in webkit [247059] by jer.noble@apple.com
  • 11 edits in trunk

Pipe suport for 'cenc' init data type into CDMFairPlayStreaming
https://bugs.webkit.org/show_bug.cgi?id=199381
Source/WebCore:

Reviewed by Eric Carlson.

Expose the parsing of 'cenc' init data from InitDataRegistry, so it can be used in the
evaluation steps inside CDMFairPlayStreaming.

+ Add a new method, extractPsshBoxesFromCenc() which returns an optional array of

unique_ptrs to different types of ISOPSSHBoxes.

+ Add a peekScheme() method to ISOPSSHBox so that we can create the correct subclass

of ISOPSSHBox from the above method.

+ Remove an extra definition of fairPlaySystemID() from CDMFairPlayStreaming.
+ Add 'cenc' to the list of supported types in CDMPrivateFairPlayStreaming::vaildInitDataTypes().
+ Add support for 'cenc' in CDMPrivateFairPlayStreaming::supportsInitData().
+ Format the 'cenc' init data as an encodec-JSON structure for AVContentKeySession.
+ Update the ISOFairPlayStreamingKeyRequestInfoBox to be a ISOFullBox.
+ Update the box name of ISOFairPlayStreamingInitDataBox.

  • Modules/encryptedmedia/InitDataRegistry.cpp:

(WebCore::InitDataRegistry::extractPsshBoxesFromCenc):
(WebCore::InitDataRegistry::extractKeyIDsCenc):
(WebCore::InitDataRegistry::sanitizeCenc):
(WebCore::InitDataRegistry::cencName):
(WebCore::InitDataRegistry::keyidsName):
(WebCore::InitDataRegistry::webmName):
(WebCore::extractKeyIDsCenc): Deleted.
(WebCore::sanitizeCenc): Deleted.

  • Modules/encryptedmedia/InitDataRegistry.h:

(WebCore::SourceBuffer::changeType):

  • platform/graphics/avfoundation/CDMFairPlayStreaming.cpp:

(WebCore::validInitDataTypes):
(WebCore::CDMPrivateFairPlayStreaming::supportsInitData const):
(WebCore::CDMPrivateFairPlayStreaming::fairPlaySystemID): Deleted.

  • platform/graphics/avfoundation/CDMFairPlayStreaming.h:
  • platform/graphics/avfoundation/ISOFairPlayStreamingPsshBox.h:

(isType):

  • platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:

(WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::requestLicense):

  • platform/graphics/iso/ISOProtectionSystemSpecificHeaderBox.cpp:

(WebCore::ISOProtectionSystemSpecificHeaderBox::peekSystemID):

  • platform/graphics/iso/ISOProtectionSystemSpecificHeaderBox.h:

Tools:

<rdar://problem/52483103>

Reviewed by Eric Carlson.

  • TestWebKitAPI/Tests/WebCore/ISOBox.cpp:
10:47 AM Changeset in webkit [247058] by Chris Dumez
  • 9 edits in trunk/Source/WebKit

VisitedLinkStore does not need to subclass WebProcessLifetimeObserver
https://bugs.webkit.org/show_bug.cgi?id=199407

Reviewed by Sam Weinig.

VisitedLinkStore does not need to subclass WebProcessLifetimeObserver, it overrides
only 2 of WebProcessLifetimeObserver's functions and the implementation of those
overrides is empty. It also does not use WebProcessLifetimeObserver::processes()
since the VisitedLinkStore maintains its own list of processes.

  • UIProcess/API/mac/WKView.mm:
  • UIProcess/Automation/WebAutomationSession.cpp:
  • UIProcess/VisitedLinkStore.cpp:
  • UIProcess/VisitedLinkStore.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::m_resetRecentCrashCountTimer):

  • UIProcess/WebProcessPool.h:
  • UIProcess/WebsiteData/WebsiteDataStore.cpp:
10:37 AM Changeset in webkit [247057] by Chris Dumez
  • 2 edits in trunk/Source/WebKit

Null dereference under StorageManager::destroySessionStorageNamespace()
https://bugs.webkit.org/show_bug.cgi?id=199388
<rdar://problem/52030641>

Reviewed by Youenn Fablet.

  • NetworkProcess/WebStorage/StorageManager.cpp:

(WebKit::StorageManager::createSessionStorageNamespace):
Call HashMap::ensure() instead of contains() + set() to avoid double hash lookup.

(WebKit::StorageManager::destroySessionStorageNamespace):
Add null check to address top crasher, similarly to what was done in r246552.
I am keeping the debug assertion since this is not supposed to happen.

10:23 AM Changeset in webkit [247056] by dbates@webkit.org
  • 5 edits
    4 adds in trunk

[iOS] Cannot tab cycle through credit card fields on antonsvpatisserie.com checkout page
https://bugs.webkit.org/show_bug.cgi?id=196053
<rdar://problem/49093034>

Reviewed by Wenson Hsieh.

Source/WebCore:

Remove the iOS override for isKeyboardFocusable() so that the focus controller allows
iframes to be keyboard focusable.

Tests: fast/events/ios/tab-cycle.html

fast/events/ios/tab-into-text-field-inside-iframe.html

  • html/HTMLIFrameElement.h:

Source/WebKit:

Allow iframes to be keyboard focusable when pressing the Tab key on the keyboard. This
also allow the that the focus controller to search their content document for other
editable elements. This makes iOS match the behavior on Mac.

Although iframes can be focused by pressing the Tab key we maintain the current UI
restriction on iOS of not allowing iframes themselves to be focusable via the next and
previous accessory bar buttons. We do this because it's unclear what value supporting
such focusing brings, but it's clear that doing so makes tab cycling more confusing
since the default focus appearance for an iframe is indistinguishable from its non-
focused appearance.

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::isAssistableElement): Do not consider an iframe as assistable.

LayoutTests:

Add some tests.

  • fast/events/ios/tab-cycle-expected.txt: Added.
  • fast/events/ios/tab-cycle.html: Added.
  • fast/events/ios/tab-into-text-field-inside-iframe-expected.txt: Added.
  • fast/events/ios/tab-into-text-field-inside-iframe.html: Added.
10:04 AM Changeset in webkit [247055] by dbates@webkit.org
  • 7 edits in trunk

Left and right option key has Unidentified key identifier
https://bugs.webkit.org/show_bug.cgi?id=199392
<rdar://problem/52497604>

Reviewed by Wenson Hsieh.

Source/WebCore:

Fix up switch case for left Option key and add a case statement for the right Option key.

  • platform/ios/PlatformEventFactoryIOS.mm:

(WebCore::codeForKeyEvent):

LayoutTests:

Update test results.

  • fast/events/ios/key-events-comprehensive/key-events-control-option-expected.txt:
  • fast/events/ios/key-events-comprehensive/key-events-meta-option-expected.txt:
  • fast/events/ios/key-events-comprehensive/key-events-option-expected.txt:
  • fast/events/ios/key-events-comprehensive/key-events-option-shift-expected.txt:
9:18 AM Changeset in webkit [247054] by Devin Rousso
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Elements: allow nodes to be copied and pasted
https://bugs.webkit.org/show_bug.cgi?id=199182

Reviewed by Matt Baker.

Copy is already supported, so there's nothing that needs to be done there.

Pasting is as simple as calling insertAdjacentHTML("afterend", ...) on the selected node.

  • UserInterface/Base/Main.js:

(WI.contentLoaded):
(WI._paste): Added.

  • UserInterface/Views/DOMTreeContentView.js:

(WI.DOMTreeContentView.prototype.handlePasteEvent): Added.

9:15 AM Changeset in webkit [247053] by Devin Rousso
  • 12 edits in trunk/Source/WebInspectorUI

Web Inspector: DOM Debugger: descendant breakpoints should be able to be enabled/disabled/deleted from a collapsed parent
https://bugs.webkit.org/show_bug.cgi?id=199332

Reviewed by Matt Baker.

  • UserInterface/Controllers/DOMDebuggerManager.js:

(WI.DOMDebuggerManager.prototype.get domBreakpoints):
(WI.DOMDebuggerManager.prototype.domBreakpointsForNode):
(WI.DOMDebuggerManager.prototype.domBreakpointsInSubtree): Added.
(WI.DOMDebuggerManager.prototype.removeDOMBreakpoint):
(WI.DOMDebuggerManager.prototype._detachDOMBreakpoint):
(WI.DOMDebuggerManager.prototype._detachBreakpointsForFrame):
(WI.DOMDebuggerManager.prototype._speculativelyResolveDOMBreakpointsForURL):
(WI.DOMDebuggerManager.prototype._resolveDOMBreakpoint):
Provide a way of getting a "summary" array of DOMBreakpoints for all descendant nodes.
Rework the data structure for holding DOMBreakpoints to use a Multimap so no duplicates
can be added (it uses a Set instead of an Array).

  • UserInterface/Views/DOMTreeElement.js:

(WI.DOMTreeElement):
(WI.DOMTreeElement.prototype.get hasBreakpoint):
(WI.DOMTreeElement.prototype.set breakpointStatus):
(WI.DOMTreeElement.prototype.bindRevealDescendantBreakpointsMenuItemHandler): Added.
(WI.DOMTreeElement.prototype._subtreeBreakpointChanged): Added.
(WI.DOMTreeElement.prototype._updateBreakpointStatus):
(WI.DOMTreeElement.prototype._statusImageContextmenu):
(WI.DOMTreeElement.prototype.subtreeBreakpointCountDidChange): Deleted.

  • UserInterface/Views/DOMTreeOutline.js:

(WI.DOMTreeOutline.prototype.populateContextMenu):

  • UserInterface/Views/ContextMenuUtilities.js:

(WI.appendContextMenuItemsForDOMNode):
(WI.appendContextMenuItemsForDOMNodeBreakpoints):
Keep track of the actual descendant DOMNodeTreeElement that have breakpoints, rather than
just a count, so that the "Reveal Descendant Breakpoints" action is able to access them.
Change "Reveal Descendant Breakpoints" to reveal and select all descendant breakpoints
instead of just the first one.
Drive-by: don't remove specific (event) listener breakpoints when invoking the

"Delete Descendant Breakpoints" action, as that's not obvious from the UI.

  • UserInterface/Controllers/BreakpointPopoverController.js:

(WI.BreakpointPopoverController.prototype.appendContextMenuItems):

  • UserInterface/Views/DOMBreakpointTreeElement.js:

(WI.DOMBreakpointTreeElement.prototype.populateContextMenu):

  • UserInterface/Views/DOMNodeTreeElement.js:

(WI.DOMNodeTreeElement.prototype.populateContextMenu):

  • UserInterface/Views/EventBreakpointTreeElement.js:

(WI.EventBreakpointTreeElement.prototype.populateContextMenu):

  • UserInterface/Views/URLBreakpointTreeElement.js:

(WI.URLBreakpointTreeElement.prototype.populateContextMenu):
Remove the separator before "Delete Breakpoint" so all breakpoint actions are in the same section.

  • Localizations/en.lproj/localizedStrings.js:
  • UserInterface/Base/Multimap.js:

(Multimap.prototype.get size): Added.

9:14 AM Changeset in webkit [247052] by Matt Baker
  • 2 edits in trunk/Source/WebInspectorUI

REGRESSION (r238563): Web Inspector: Selection is erratic when holding Up/Down on Network Table
https://bugs.webkit.org/show_bug.cgi?id=193841
<rdar://problem/47559124>

Reviewed by Devin Rousso.

Selecting and revealing a row after reloading Table data, but before the
layout that populates visible rows, could cause the Table to always be
scrolled so that the revealed row is first.

This patch fixes revealRow by calculating the position of the row being
revealed in the absence of its DOM element, so that the Table is only
scrolled when necessary.

  • UserInterface/Views/Table.js:

(WI.Table.prototype.revealRow):
(WI.Table.prototype._resizeColumnsAndFiller):
Drive-by fix: use realOffsetWidth for consistency.
(WI.Table.prototype._updateVisibleRows):
(WI.Table.prototype._calculateOffsetHeight):
(WI.Table.prototype._calculateScrollTop):

9:00 AM Changeset in webkit [247051] by aakash_jain@apple.com
  • 2 edits in trunk/Tools

[ews-build] Update bot configuration for WPE and GTK
https://bugs.webkit.org/show_bug.cgi?id=199238

Reviewed by Michael Catanzaro.

  • BuildSlaveSupport/ews-build/config.json:
7:54 AM Changeset in webkit [247050] by Antti Koivisto
  • 3 edits
    2 adds in trunk

Crash when adding inline stylesheet to shadow tree in document with null base URL
https://bugs.webkit.org/show_bug.cgi?id=199400

Reviewed by Zalan Bujtas.

Source/WebCore:

We compute CSSParserContextHash for the inline stylesheet cache but that hits a nullptr crash
if the document happens to have null base URL (which is uncommon but possible).

Test: fast/shadow-dom/stylesheet-in-shadow-without-base-url-crash.html

  • css/parser/CSSParserContext.h:

(WebCore::CSSParserContextHash::hash):

Null check the base URL (like other strings), it is a valid case.

LayoutTests:

  • fast/shadow-dom/stylesheet-in-shadow-without-base-url-crash-expected.txt: Added.
  • fast/shadow-dom/stylesheet-in-shadow-without-base-url-crash.html: Added.
7:42 AM Changeset in webkit [247049] by aakash_jain@apple.com
  • 3 edits in trunk/Tools

[ews-build] Make PrintConfiguration platform aware
https://bugs.webkit.org/show_bug.cgi?id=196657

Reviewed by Lucas Forschler.

  • BuildSlaveSupport/ews-build/steps.py:

(PrintConfiguration): Specified platform-specific command lists.
(PrintConfiguration.run): Override run method and specify platform specific commands.

  • BuildSlaveSupport/ews-build/steps_unittest.py: Added unit-tests.
6:54 AM Changeset in webkit [247048] by commit-queue@webkit.org
  • 6 edits in trunk/Source/WebKit

[GTK] Support cancelling touchscreen back/forward gesture
https://bugs.webkit.org/show_bug.cgi?id=199401

Patch by Alexander Mikhaylenko <exalm7659@gmail.com> on 2019-07-02
Reviewed by Michael Catanzaro.

It should be possible to cancel the gesture when performing it on
touchscreen, for example, by moving pen too far from the screen.
Handle this case properly.

Only DragGesture in GestureController needs to handle this,
SwipeGesture simply won't emit the relevant event in this case.

  • UIProcess/API/gtk/WebKitWebViewBase.cpp:
  • UIProcess/ViewGestureController.h:
  • UIProcess/gtk/GestureController.cpp:

(WebKit::GestureController::DragGesture::cancelDrag):
(WebKit::GestureController::DragGesture::cancel):
(WebKit::GestureController::DragGesture::DragGesture):

  • UIProcess/gtk/GestureController.h:
  • UIProcess/gtk/ViewGestureControllerGtk.cpp:

(WebKit::ViewGestureController::platformTeardown):
(WebKit::ViewGestureController::cancelSwipe):

5:40 AM Changeset in webkit [247047] by commit-queue@webkit.org
  • 2 edits in trunk/Source/JavaScriptCore

Fix typo in if/else block and remove dead assignment
https://bugs.webkit.org/show_bug.cgi?id=199352

Patch by Paulo Matos <pmatos@linki.tools> on 2019-07-02
Reviewed by Alexey Proskuryakov.

  • yarr/YarrPattern.cpp:

(JSC::Yarr::YarrPattern::dumpPattern): Fix typo in if/else block and remove dead assignment

2:17 AM Changeset in webkit [247046] by Carlos Garcia Campos
  • 1 copy in releases/WebKitGTK/webkit-2.24.3

WebKitGTK 2.24.3

2:16 AM Changeset in webkit [247045] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.24

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.24.3 release

.:

  • Source/cmake/OptionsGTK.cmake: Bump version numbers.

Source/WebKit:

  • gtk/NEWS: Add release notes for 2.24.3.
2:16 AM Changeset in webkit [247044] by Carlos Garcia Campos
  • 8 edits in releases/WebKitGTK/webkit-2.24/Source

[GStreamer] Cannot play Bert's Bytes radio stream from http://radio.dos.nl/
https://bugs.webkit.org/show_bug.cgi?id=198376

Reviewed by Xabier Rodriguez-Calvar.

Source/WebCore:

The delayed startup was due to a mix of buffering feedback
messages not handled correctly by the player. We were handling
download and streaming buffering metrics without distinction.
Range requests (used for seeking) were also triggering on-disk
buffering in some cases. The buffering percentage estimation based
on network read position was not working either because uint64_t
division doesn't return a floating point value.

No new tests, existing media tests cover this patch.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::commitLoad):
(WebCore::MediaPlayerPrivateGStreamer::play):
(WebCore::MediaPlayerPrivateGStreamer::handleMessage):
(WebCore::MediaPlayerPrivateGStreamer::processBufferingStats):
(WebCore::MediaPlayerPrivateGStreamer::updateBufferingStatus):
(WebCore::MediaPlayerPrivateGStreamer::fillTimerFired):
(WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded const):
(WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress const):
(WebCore::MediaPlayerPrivateGStreamer::updateStates):
(WebCore::MediaPlayerPrivateGStreamer::updateDownloadBufferingFlag):
(WebCore::MediaPlayerPrivateGStreamer::setPreload):

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
  • platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webkitWebSrcReset):

  • platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.h:

Source/WTF:

  • wtf/glib/GLibUtilities.h:

(enumToString): Utility function to get a string representation of of a GLib enum.

12:47 AM Changeset in webkit [247043] by Devin Rousso
  • 46 edits in trunk/Source

Web Inspector: Debug: "Reset Web Inspector" should also clear the saved window size and attachment side
https://bugs.webkit.org/show_bug.cgi?id=198956

Reviewed by Matt Baker.

Source/WebCore:

  • inspector/InspectorFrontendClient.h:
  • inspector/InspectorFrontendClientLocal.h:
  • inspector/InspectorFrontendClientLocal.cpp:

(WebCore::InspectorFrontendClientLocal::Settings::deleteProperty): Added.
(WebCore::InspectorFrontendClientLocal::resetWindowState): Added.

  • inspector/InspectorFrontendHost.idl:
  • inspector/InspectorFrontendHost.h:
  • inspector/InspectorFrontendHost.cpp:

(WebCore::InspectorFrontendHost::reset): Added.

Source/WebInspectorUI:

  • UserInterface/Base/Main.js:

(WI.reset): Added.

  • UserInterface/Views/SettingsTabContentView.js:

(WI.SettingsTabContentView.prototype._createDebugSettingsView):

Source/WebKit:

  • UIProcess/WebPreferences.h:
  • UIProcess/WebPreferences.cpp:

(WebKit::WebPreferences::deleteKey): Added.

  • UIProcess/gtk/WebPreferencesGtk.cpp:

(WebKit::WebPreferences::platformDeleteKey): Added.

  • UIProcess/mac/WebPreferencesMac.mm:

(WebKit::WebPreferences::platformDeleteKey): Added.

  • UIProcess/wpe/WebPreferencesWPE.cpp:

(WebKit::WebPreferences::platformDeleteKey): Added.

  • UIProcess/win/WebPreferencesWin.cpp:

(WebKit::WebPreferences::platformDeleteKey): Added.

  • Shared/WebPreferencesStore.h:
  • Shared/WebPreferencesStore.cpp:

(WebKit::WebPreferencesStore::deleteKey): Added.

  • UIProcess/WebInspectorProxy.messages.in:
  • UIProcess/WebInspectorProxy.h:
  • UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::resetWindowState): Added.
(WebKit::WebInspectorProxy::platformResetWindowState): Added.

  • UIProcess/gtk/WebInspectorProxyGtk.cpp:

(WebKit::WebInspectorProxy::platformResetWindowState): Added.

  • UIProcess/mac/WebInspectorProxyMac.mm:

(WebKit::WebInspectorProxy::platformResetWindowState): Added.

  • UIProcess/wpe/WebInspectorProxyWPE.cpp:

(WebKit::WebInspectorProxy::platformResetWindowState): Added.

  • UIProcess/win/WebInspectorProxyWin.cpp:

(WebKit::WebInspectorProxy::platformResetWindowState): Added.

  • WebProcess/WebPage/WebInspectorUI.h:
  • WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::resetWindowState): Added.

  • UIProcess/RemoteWebInspectorProxy.messages.in:
  • UIProcess/RemoteWebInspectorProxy.h:
  • UIProcess/RemoteWebInspectorProxy.cpp:

(WebKit::RemoteWebInspectorProxy::resetWindowState): Added.
(WebKit::RemoteWebInspectorProxy::platformResetWindowState): Added.

  • UIProcess/gtk/RemoteWebInspectorProxyGtk.cpp:

(WebKit::RemoteWebInspectorProxy::platformResetWindowState): Added.

  • UIProcess/mac/RemoteWebInspectorProxyMac.mm:

(WebKit::RemoteWebInspectorProxy::platformResetWindowState): Added.

  • UIProcess/win/RemoteWebInspectorProxyWin.cpp:

(WebKit::RemoteWebInspectorProxy::platformResetWindowState): Added.

  • WebProcess/WebPage/RemoteWebInspectorUI.h:
  • WebProcess/WebPage/RemoteWebInspectorUI.cpp:

(WebKit::RemoteWebInspectorUI::resetWindowState): Added.

Source/WebKitLegacy/cf:

  • WebCoreSupport/WebInspectorClientCF.cpp:

(deleteSetting): Added.
(WebInspectorClient::deleteInspectorStartsAttached): Added.
(WebInspectorClient::deleteInspectorAttachDisabled): Added.
(WebInspectorClient::createFrontendSettings):

Source/WebKitLegacy/ios:

  • WebCoreSupport/WebInspectorClientIOS.mm:

(WebInspectorFrontendClient::resetWindowState): Added.

Source/WebKitLegacy/mac:

  • WebCoreSupport/WebInspectorClient.h:
  • WebCoreSupport/WebInspectorClient.mm:

(WebInspectorFrontendClient::resetWindowState): Added.

Source/WebKitLegacy/win:

  • WebCoreSupport/WebInspectorClient.h:
  • WebCoreSupport/WebInspectorClient.cpp:

(WebInspectorFrontendClient::resetWindowState): Added.

12:09 AM Changeset in webkit [247042] by Devin Rousso
  • 3 edits in trunk/Source/WebInspectorUI

Web Inspector: Audit: missing demo audits for WebInspectorAudit functions
https://bugs.webkit.org/show_bug.cgi?id=198719

Reviewed by Matt Baker.

Other than the LayoutTests, there's no way to see an example of the functionality of many of
the exposed WebInspectorAudit functions. There should be a demo audit for every exposed
function so they're more discoverable.

  • UserInterface/Controllers/AuditManager.js:

(WI.AuditManager.prototype._addDefaultTests):
(WI.AuditManager.prototype._addDefaultTests.removeWhitespace): Added.
Move all demo audit test functions to be actual JavaScript functions, which are then
stringified and stripped of unnecessary white-space.

  • Localizations/en.lproj/localizedStrings.js:
12:00 AM Changeset in webkit [247041] by keith_miller@apple.com
  • 10 edits in trunk/Source

PACCage should first cage leaving PAC bits intact then authenticate
https://bugs.webkit.org/show_bug.cgi?id=199372

Reviewed by Saam Barati.

Source/bmalloc:

  • bmalloc/ProcessCheck.mm:

(bmalloc::shouldProcessUnconditionallyUseBmalloc):

Source/JavaScriptCore:

This ordering prevents someone from taking a signed pointer from
outside the gigacage and using it in a struct that expects a caged
pointer. Previously, the PACCaging just double checked that the PAC
bits were valid for the original pointer.

+---------------------------+
| | | |
| "PAC" | "base" | "offset" +----+
| | | | |
+---------------------------+ | Caging

| |
| |
| v
| +---------------------------+
| | | | |
| Bit Merge | 00000 | base | "offset" |
| | | | |
| +---------------------------+
| |
| |
v | Bit Merge

+---------------------------+ |
| | | | |
| "PAC" | base | "offset" +<--------+
| | | |
+---------------------------+

|
|
| Authenticate
|
v

+---------------------------+
| | | |
| Auth | base | "offset" |
| | | |
+---------------------------+

The above ascii art graph shows how the PACCage system works. The
key take away is that even if someone passes in a valid, signed
pointer outside the cage it will still fail to authenticate as the
"base" bits will change before authentication.

  • assembler/MacroAssemblerARM64E.h:
  • assembler/testmasm.cpp:

(JSC::testCagePreservesPACFailureBit):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::caged):

  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::cageConditionally):

  • llint/LowLevelInterpreter64.asm:

Source/WTF:

  • wtf/CagedPtr.h:

(WTF::CagedPtr::get const):
(WTF::CagedPtr::getMayBeNull const):
(WTF::CagedPtr::mergePointers):

Jul 1, 2019:

11:42 PM Changeset in webkit [247040] by bshafiei@apple.com
  • 5 edits in branches/safari-607.3.1.2-branch/Source/JavaScriptCore

Cherry-pick r246801. rdar://problem/52505032

Structure::create should call didBecomePrototype()
https://bugs.webkit.org/show_bug.cgi?id=196315

Reviewed by Filip Pizlo.

Structure::create should also assert that the indexing type makes sense
for the prototype being used.

  • runtime/JSObject.h:
  • runtime/Structure.cpp: (JSC::Structure::isValidPrototype): (JSC::Structure::changePrototypeTransition):
  • runtime/Structure.h: (JSC::Structure::create): Deleted.
  • runtime/StructureInlines.h: (JSC::Structure::create): (JSC::Structure::setPrototypeWithoutTransition):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@246801 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:35 PM Changeset in webkit [247039] by bshafiei@apple.com
  • 7 edits in branches/safari-607.3.1.2-branch/Source

Versioning.

11:30 PM Changeset in webkit [247038] by bshafiei@apple.com
  • 5 edits in branches/safari-607-branch/Source/JavaScriptCore

Cherry-pick r246801. rdar://problem/52505041

Structure::create should call didBecomePrototype()
https://bugs.webkit.org/show_bug.cgi?id=196315

Reviewed by Filip Pizlo.

Structure::create should also assert that the indexing type makes sense
for the prototype being used.

  • runtime/JSObject.h:
  • runtime/Structure.cpp: (JSC::Structure::isValidPrototype): (JSC::Structure::changePrototypeTransition):
  • runtime/Structure.h: (JSC::Structure::create): Deleted.
  • runtime/StructureInlines.h: (JSC::Structure::create): (JSC::Structure::setPrototypeWithoutTransition):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@246801 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10:55 PM Changeset in webkit [247037] by bshafiei@apple.com
  • 7 edits in branches/safari-607-branch/Source

Versioning.

10:14 PM Changeset in webkit [247036] by Justin Michaud
  • 19 edits in trunk

[Wasm-References] Disable references by default
https://bugs.webkit.org/show_bug.cgi?id=199390

Reviewed by Saam Barati.

JSTests:

  • wasm/references-spec-tests/ref_is_null.js:
  • wasm/references-spec-tests/ref_null.js:
  • wasm/references/anyref_globals.js:
  • wasm/references/anyref_modules.js:
  • wasm/references/anyref_table.js:
  • wasm/references/anyref_table_import.js:
  • wasm/references/element_parsing.js:
  • wasm/references/func_ref.js:
  • wasm/references/is_null.js:
  • wasm/references/multitable.js:
  • wasm/references/table_misc.js:
  • wasm/references/validation.js:

Source/JavaScriptCore:

  • runtime/Options.h:

Tools:

  • Scripts/run-jsc-stress-tests:

LayoutTests:

  • workers/wasm-references.html:
10:10 PM Changeset in webkit [247035] by Alan Bujtas
  • 2 edits in trunk/Source/WebCore

[Text autosizing] [iPadOS] AutosizeStatus::idempotentTextSize returns the computed font size in certain cases.
https://bugs.webkit.org/show_bug.cgi?id=199382
<rdar://problem/52483097>

Reviewed by Wenson Hsieh.

Adjust the font size on the style only when the autosized value is different from the computed value.

  • css/StyleResolver.cpp:

(WebCore::StyleResolver::adjustRenderStyleForTextAutosizing):

9:34 PM Changeset in webkit [247034] by jh718.park@samsung.com
  • 2 edits in trunk/Tools

Unreviewed. Revert r246965 to fix build break
since r247019 reverted its related changes.

  • WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:

(WTR::AccessibilityUIElement::popupValue const): Deleted.

6:17 PM Changeset in webkit [247033] by Devin Rousso
  • 17 edits in trunk

Web Inspector: REGRESSION(r245498): Timelines: CPU: discontinuities are filled in by the next record
https://bugs.webkit.org/show_bug.cgi?id=198927

Reviewed by Matt Baker.

Source/WebInspectorUI:

  • UserInterface/Controllers/TimelineManager.js:

(WI.TimelineManager.prototype.capturingStarted):
(WI.TimelineManager.prototype.capturingStopped):

  • UserInterface/Models/TimelineRecording.js:

(WI.TimelineRecording):
(WI.TimelineRecording.prototype.start):
(WI.TimelineRecording.prototype.capturingStarted): Added.
(WI.TimelineRecording.prototype.capturingStopped): Added.
(WI.TimelineRecording.prototype.reset):
(WI.TimelineRecording.prototype.addRecord):
(WI.TimelineRecording.prototype.discontinuitiesInTimeRange):
(WI.TimelineRecording.prototype.addDiscontinuity): Deleted.
Notify the TimelineRecording when capturing has started/stopped.
Adjust the first record after a discontinuity to have it's startTime match the endTime
of the most recent discontinuity.

  • UserInterface/Models/Timeline.js:

(WI.Timeline.prototype.addRecord):

  • UserInterface/Models/CPUTimeline.js:

(WI.CPUTimeline.prototype.addRecord):

  • UserInterface/Models/CPUTimelineRecord.js:

(WI.CPUTimelineRecord.prototype.adjustStartTime): Added.
(WI.CPUTimelineRecord.prototype.adjustStartTimeToLastRecord): Deleted.

  • UserInterface/Models/MemoryTimeline.js:

(WI.MemoryTimeline.prototype.addRecord):

  • UserInterface/Models/MemoryTimelineRecord.js:

(WI.MemoryTimelineRecord.prototype.adjustStartTime): Added.
(WI.MemoryTimelineRecord.prototype.adjustStartTimeToLastRecord): Deleted.

  • UserInterface/Models/NetworkTimeline.js:

(WI.NetworkTimeline.prototype.addRecord):

  • UserInterface/Views/CPUTimelineView.js:

(WI.CPUTimelineView.prototype.layout):

  • UserInterface/Views/MemoryTimelineOverviewGraph.js:

(WI.MemoryTimelineOverviewGraph.prototype.layout):

  • UserInterface/Views/MemoryTimelineView.js:

(WI.MemoryTimelineView.prototype.layout):
Include discontinuities that exactly match the start/end time of the record immediately
before/after the discontinuity.

  • UserInterface/Views/TimelineRecordingContentView.js:

(WI.TimelineRecordingContentView):
(WI.TimelineRecordingContentView.prototype._handleTimelineCapturingStateChanged):
(WI.TimelineRecordingContentView.prototype._recordingReset):
Move the logic for handling discontinuity start/end times to the TimelineRecording.

  • UserInterface/Base/Utilities.js:

LayoutTests:

  • inspector/unit-tests/set-utilities.html:
  • inspector/unit-tests/set-utilities-expected.txt:
5:23 PM Changeset in webkit [247032] by Alan Coon
  • 30 edits
    4 adds
    4 deletes in branches/safari-607-branch

Cherry-pick r244621. rdar://problem/52492610

PeatyG: Re-land fixes for 3 PeatyF Security Critical that accidentally got reverted in G.

git-svn-id: https://svn.webkit.org/repository/webkit/branches/safari-607-branch@244621 268f45cc-cd09-0410-ab3c-d52691b4dbfc

4:45 PM Changeset in webkit [247031] by Truitt Savell
  • 2 edits in trunk/LayoutTests

Layout Test imported/blink/fast/multicol/span/overflow-on-viewport.html is flaky.
https://bugs.webkit.org/show_bug.cgi?id=199387

Unreviewed Test Gardening.

Patch by Russell Epstein <russell_e@apple.com> on 2019-07-01

  • platform/ios-wk2/TestExpectations:
3:32 PM Changeset in webkit [247030] by Wenson Hsieh
  • 2 edits in trunk/LayoutTests

[iOS 13] editing/selection/ios/dispatch-mouse-events-when-modifying-selection-quirk.html fails on trunk
https://bugs.webkit.org/show_bug.cgi?id=199384

Reviewed by Tim Horton.

Adjust this test to show the callout menu by tapping on the caret rect, rather than the center of the editable
area. Currently, tapping the center of the editable area twice results in a double tap, which fails to trigger
the callout bar.

  • editing/selection/ios/dispatch-mouse-events-when-modifying-selection-quirk.html:
3:27 PM Changeset in webkit [247029] by Chris Dumez
  • 3 edits in trunk/Source/WebKit

Remove virtual functions on WebProcessLifetimeObserver that are unused after r245540
https://bugs.webkit.org/show_bug.cgi?id=199383

Reviewed by Alex Christensen.

  • UIProcess/WebProcessLifetimeObserver.h:

(WebKit::WebProcessLifetimeObserver::webProcessDidCloseConnection):

  • UIProcess/WebProcessLifetimeTracker.cpp:

(WebKit::WebProcessLifetimeTracker::addObserver):
(WebKit::WebProcessLifetimeTracker::pageWasInvalidated):

3:16 PM Changeset in webkit [247028] by Chris Dumez
  • 2 edits in trunk/Source/WebKit

StorageManager::SessionStorageNamespace::allowedConnections() should not copy the HashSet
https://bugs.webkit.org/show_bug.cgi?id=199379

Reviewed by Alex Christensen.

This was pretty inefficient.

  • NetworkProcess/WebStorage/StorageManager.cpp:

(WebKit::StorageManager::SessionStorageNamespace::allowedConnections const):

3:10 PM Changeset in webkit [247027] by Wenson Hsieh
  • 3 edits in trunk/Source/WebKit

[iOS] REGRESSION (r246757): Unable to select non-editable text in subframes
https://bugs.webkit.org/show_bug.cgi?id=199366
<rdar://problem/52460509>

Reviewed by Tim Horton.

r246757 removed logic in selectionPositionInformation responsible for setting the focused frame when handling a
position information request. As the FIXME formerly in InteractionInformationRequest.h alluded to, text
selection gestures on iOS were dependent on this behavior when selecting text in subframes, since text selection
helpers in WebPageIOS.mm assume that the focused frame already contains the selection being set.

Rather than calling setFocusedFrame when requesting position information, we can fix this by making
WebPage::selectWithGesture and WebPage::selectTextWithGranularityAtPoint both set the focused frame if needed
before extending or moving text selections.

Covered by layout tests that began to fail after r246757:

  • editing/selection/ios/selection-handles-in-iframe.html
  • editing/selection/ios/selection-handle-clamping-in-iframe.html
  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::selectWithGesture):

Only call the new helper method, setFocusedFrameBeforeSelectingTextAtLocation, at the start of the gesture.

(WebKit::WebPage::setFocusedFrameBeforeSelectingTextAtLocation):
(WebKit::WebPage::selectTextWithGranularityAtPoint):

3:07 PM Changeset in webkit [247026] by commit-queue@webkit.org
  • 7 edits in trunk

Add new decidePolicyForNavigationAction SPI with preferences and userInfo
https://bugs.webkit.org/show_bug.cgi?id=199371
<rdar://problem/52352905>

Patch by Alex Christensen <achristensen@webkit.org> on 2019-07-01
Reviewed by Tim Horton.

Source/WebKit:

Also deprecate some older SPI so we may someday clean up this mess.

  • UIProcess/API/Cocoa/WKNavigationDelegatePrivate.h:
  • UIProcess/Cocoa/NavigationState.h:
  • UIProcess/Cocoa/NavigationState.mm:

(WebKit::NavigationState::setNavigationDelegate):
(WebKit::NavigationState::NavigationClient::decidePolicyForNavigationAction):
(WebKit::NavigationState::NavigationClient::shouldBypassContentModeSafeguards const):

Tools:

  • TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm:

(-[NavigationActionSPIDelegate webView:didFinishNavigation:]):
(-[NavigationActionSPIDelegate _webView:decidePolicyForNavigationAction:preferences:userInfo:decisionHandler:]):
(-[NavigationActionSPIDelegate spiCalled]):
(TEST):

2:55 PM Changeset in webkit [247025] by Chris Dumez
  • 4 edits
    4 adds in trunk

It should not be possible to trigger a load while in the middle of restoring a page in PageCache
https://bugs.webkit.org/show_bug.cgi?id=199190
<rdar://problem/52114552>

Reviewed by Brady Eidson.

Source/WebCore:

Test: http/tests/security/navigate-when-restoring-cached-page.html

  • history/CachedFrame.cpp:

(WebCore::CachedFrame::open):
Stop attaching the cached document before calling FrameLoader::open() given that the previous document
is still attached to the frame at this point. This avoids having 2 documents attached to the same frame
during a short period of time.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::open):
We now attach the cached document to the frame *after* calling FrameLoader::clear(), which means that
the previous document now has been detached from this frame.

(WebCore::FrameLoader::detachChildren):
As per the HTML specification [1], an attempt to navigate should fail if the prompt to unload algorithm
is being run for the active document of browsingContext. Note that the "prompt to unload" algorithm [2]
includes firing the 'unload' event in the current document and in all the documents in the subframes.
As a result, FrameLoader::detachChildren() is the right prevent such navigations. We were actually trying
to do this via the SubframeLoadingDisabler stack variable inside detachChildren(). The issue is that this
only prevents navigation in the subframes (i.e. <iframe> elements), not the main frame. As a result,
script would be able to navigate the top-frame even though detachChildren() is being called on the top
frame. To address the issue, I now create a NavigationDisabler variable in the scope of detachChildren()
when detachChildren() is called on the top frame. NavigationDisabler prevents all navigations within the
page, including navigations on the main/top frame.

[1] https://html.spec.whatwg.org/multipage/browsing-the-web.html#navigate
[2] https://html.spec.whatwg.org/multipage/browsing-the-web.html#prompt-to-unload-a-document

LayoutTests:

Add layout test coverage.

  • http/tests/security/navigate-when-restoring-cached-page-expected.txt: Added.
  • http/tests/security/navigate-when-restoring-cached-page.html: Added.
  • http/tests/security/resources/navigate-when-restoring-cached-page-frame.html: Added.
  • http/tests/security/resources/navigate-when-restoring-cached-page-victim.html: Added.
2:25 PM Changeset in webkit [247024] by Truitt Savell
  • 15 edits in trunk

Unreviewed, rolling out r246844.

Broke 12 tests in imported/w3c/web-platform-
tests/pointerevents/

Reverted changeset:

"[Pointer Events] Respect pointer capture when dispatching
mouse boundary events and updating :hover"
https://bugs.webkit.org/show_bug.cgi?id=198999
https://trac.webkit.org/changeset/246844

2:23 PM Changeset in webkit [247023] by Truitt Savell
  • 2 edits in trunk/Source/WebCore

Unreviewed, rolling out r246849.

12 tests broken in r246844 require this to be rolled out.

Reverted changeset:

"[Pointer Events] Respect pointer capture when dispatching
mouse boundary events and updating :hover"
https://bugs.webkit.org/show_bug.cgi?id=198999
https://trac.webkit.org/changeset/246849

2:17 PM Changeset in webkit [247022] by commit-queue@webkit.org
  • 5 edits in trunk

Source/WebKit:
Deprecate but still call _webView:showCustomSheetForElement: after transition to UIContextMenuInteraction
https://bugs.webkit.org/show_bug.cgi?id=199296
<rdar://problem/51041960>

Patch by Alex Christensen <achristensen@webkit.org> on 2019-07-01
Reviewed by Darin Adler.

  • UIProcess/API/Cocoa/WKUIDelegatePrivate.h:
  • UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _showAttachmentSheet]):
(-[WKContentView actionSheetAssistant:showCustomSheetForElement:]):
(-[WKContentView continueContextMenuInteraction:]):

Tools:
Deprecate _webView:showCustomSheetForElement: after transition to UIContextMenuInteraction
https://bugs.webkit.org/show_bug.cgi?id=199296
<rdar://problem/51041960>

Patch by Alex Christensen <achristensen@webkit.org> on 2019-07-01
Reviewed by Darin Adler.

  • TestWebKitAPI/ios/DragAndDropSimulatorIOS.mm:

(-[DragAndDropSimulator _webView:showCustomSheetForElement:]):

2:11 PM Changeset in webkit [247021] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebCore

Null check provisionalItem in FrameLoader::continueLoadAfterNavigationPolicy
https://bugs.webkit.org/show_bug.cgi?id=199327
<rdar://problem/48262384>

Patch by Alex Christensen <achristensen@webkit.org> on 2019-07-01
Reviewed by Darin Adler.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::continueLoadAfterNavigationPolicy):
Sometimes provisionalItem is null. Let's not crash.

2:11 PM Changeset in webkit [247020] by commit-queue@webkit.org
  • 2 edits in trunk/Source/WebKit

Add main thread assertions in sendWithAsyncReply code
https://bugs.webkit.org/show_bug.cgi?id=199324

Patch by Alex Christensen <achristensen@webkit.org> on 2019-07-01
Reviewed by Sam Weinig.

sendWithAsyncReply can only be used on the main thread because
the CompletionHandler will be called on the main thread, and if it's
called from a background thread, then HashMap corruption will likely happen.
Add assertions to alert developers that they should only call sendWithAsyncReply
from the main thread.

This is responding to good feedback from r237294

  • Platform/IPC/Connection.cpp:

(IPC::asyncReplyHandlerMap):
(IPC::nextAsyncReplyHandlerID):
(IPC::addAsyncReplyHandler):
(IPC::clearAsyncReplyHandlers):
(IPC::CompletionHandler<void):

2:07 PM Changeset in webkit [247019] by Truitt Savell
  • 23 edits in trunk

Unreviewed, rolling out r246958.

Broke inspector/dom/getAccessibilityPropertiesForNode.html

Reverted changeset:

"Enhance support of aria-haspopup per ARIA 1.1 specification."
https://bugs.webkit.org/show_bug.cgi?id=199216
https://trac.webkit.org/changeset/246958

1:52 PM Changeset in webkit [247018] by eric.carlson@apple.com
  • 3 edits
    2 adds in trunk

[iOS] Exiting from fullscreen scrolls to top of page
https://bugs.webkit.org/show_bug.cgi?id=199338
<rdar://problem/51273017>

Reviewed by Jer Noble.

Source/WebKit:

  • UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm:

(-[WKFullScreenWindowController _completedExitFullScreen]): Restore scroll position.
Hide window after restoring scroll position.
(-[WKFullScreenWindowController _exitFullscreenImmediately]): Drive-by fix: remove code
already also done in _completedExitFullScreen.

LayoutTests:

  • fullscreen/fullscreen-restore-scroll-position-expected.txt: Added.
  • fullscreen/fullscreen-restore-scroll-position.html: Added.
1:29 PM Changeset in webkit [247017] by beidson@apple.com
  • 6 edits in trunk/Source/WebCore

More judiciously handle clearing/creation of DOMWindows for new Documents.
<rdar://problem/51665406> and https://bugs.webkit.org/show_bug.cgi?id=198786

Reviewed by Chris Dumez.

  • bindings/js/ScriptController.cpp:

(WebCore::ScriptController::executeIfJavaScriptURL):

  • loader/DocumentWriter.cpp:

(WebCore::DocumentWriter::replaceDocumentWithResultOfExecutingJavascriptURL): Rename for clarity.
(WebCore::DocumentWriter::begin): Handle DOMWindow taking/creation inside FrameLoader::clear via a lambda.
(WebCore::DocumentWriter::replaceDocument): Deleted.

  • loader/DocumentWriter.h:
  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::clear): Take a "handleDOMWindowCreation" lambda to run after clearing the previous document.

  • loader/FrameLoader.h:
1:14 PM Changeset in webkit [247016] by Truitt Savell
  • 2 edits in trunk/LayoutTests

Layout Test imported/mozilla/svg/text/selectSubString.svg is flaky.
https://bugs.webkit.org/show_bug.cgi?id=199370

Unreviewed Test Gardening.

Patch by Russell Epstein <russell_e@apple.com> on 2019-07-01

  • platform/ios-wk2/TestExpectations:
12:57 PM Changeset in webkit [247015] by Alan Bujtas
  • 7 edits
    2 adds in trunk

Source/WebCore:
[iPadOS] Tapping on the bottom part of youtube video behaves as if controls were visible
https://bugs.webkit.org/show_bug.cgi?id=199349
<rdar://problem/51955744>

Reviewed by Simon Fraser.

Synthetic click event should not be dispatched to a node that is initially hidden (by opacity: 0) and becomes visible by the touchStart event.
While this behaves different from macOS where opacity: 0; content is "clickable", it impoves usability on certain sites like YouTube.com.

Test: fast/events/touch/ios/content-observation/opacity-change-happens-on-touchstart-with-transition2.html

  • dom/Node.cpp:

(WebCore::Node::defaultEventHandler):

  • page/ios/ContentChangeObserver.cpp:

(WebCore::ContentChangeObserver::isConsideredHidden):
(WebCore::ContentChangeObserver::reset):
(WebCore::isConsideredHidden): Deleted.

  • page/ios/ContentChangeObserver.h:

(WebCore::ContentChangeObserver::setHiddenTouchTarget):
(WebCore::ContentChangeObserver::resetHiddenTouchTarget):
(WebCore::ContentChangeObserver::hiddenTouchTarget const):

Source/WebKit:
Tapping on the bottom part of youtube video behaves as if controls were visible
https://bugs.webkit.org/show_bug.cgi?id=199349
<rdar://problem/51955744>

Reviewed by Simon Fraser.

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::handleTouchEvent):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::handleSyntheticClick):
(WebKit::WebPage::completePendingSyntheticClickForContentChangeObserver):
(WebKit::WebPage::completeSyntheticClick):
(WebKit::WebPage::potentialTapAtPosition):

LayoutTests:
Tapping on the bottom part of youtube video behaves as if controls were visible
https://bugs.webkit.org/show_bug.cgi?id=199349
<rdar://problem/51955744>

Reviewed by Simon Fraser.

  • fast/events/touch/ios/content-observation/opacity-change-happens-on-touchstart-with-transition2-expected.txt: Added.
  • fast/events/touch/ios/content-observation/opacity-change-happens-on-touchstart-with-transition2.html: Added.
12:32 PM Changeset in webkit [247014] by Brent Fulgham
  • 11 edits
    2 adds in trunk

[FTW] Build WebCore
https://bugs.webkit.org/show_bug.cgi?id=199199

Reviewed by Don Olmstead.

.:

Establish a set of build options for the FTW port, based on the current WinCairo
feature set. I also note which features should be turned on, but aren't yet, as
well as which features are disabled due to lack of WebGL and Media support in
the current build.

  • Source/cmake/OptionsFTW.cmake:

Source/WebCore:

Make some minor corrections needed to get FTW WebCore to build and link.

  • PlatformFTW.cmake: Added.
  • platform/graphics/win/GlyphPageTreeNodeDirect2D.cpp:

(WebCore::GlyphPage::fill):

  • platform/graphics/win/GraphicsContextDirect2D.cpp:

(WebCore::GraphicsContext::setURLForRect):

  • platform/graphics/win/PatternDirect2D.cpp:
  • platform/graphics/win/SimpleFontDataDirect2D.cpp:
  • platform/image-decoders/ScalableImageDecoder.cpp:

(WebCore::ScalableImageDecoder::setTargetContext): Added stub.

  • platform/image-decoders/ScalableImageDecoder.h:
  • platform/network/curl/CookieJarDB.cpp:

(WebCore::CookieJarDB::hasCookies):
(WebCore::CookieJarDB::canAcceptCookie):

Source/WebCore/PAL:

  • pal/PlatformFTW.cmake: Added.
11:14 AM Changeset in webkit [247013] by Wenson Hsieh
  • 6 edits
    2 adds in trunk

iOS: REGRESSION(async scroll): Caret doesn't scroll when scrolling textarea
https://bugs.webkit.org/show_bug.cgi?id=198217
<rdar://problem/51097296>

Reviewed by Simon Fraser.

Source/WebCore:

Add a ScrollingLayerPositionAction argument to ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling, and
avoid bailing early in the case where ScrollingLayerPositionAction::Set is used. See the WebKit ChangeLog for
more detail.

Test: editing/selection/ios/update-selection-after-overflow-scroll.html

  • page/scrolling/ScrollingTreeScrollingNode.cpp:

(WebCore::ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling):

  • page/scrolling/ScrollingTreeScrollingNode.h:

Source/WebKit:

In iOS 12, when scrolling a text selection in an fast-scrolling container, editor state updates are scheduled
under AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll after the end of the scrolling gesture,
when the scrolling layer action is ScrollingLayerPositionAction::Set. This is no longer the case in iOS 13,
because we now bail in ScrollingTreeScrollingNode::wasScrolledByDelegatedScrolling after scroll deceleration
finishes since the scroll position didn't end up changing. Additionally, we no longer use
ScrollingLayerPositionAction::Set in the case where scrolling finished decelerating, since
ScrollingTreeScrollingNodeDelegateIOS::scrollViewDidScroll no longer uses to value of inUserInteraction to
determine whether to Set or Sync scrolling layer positions.

To restore iOS 12 behavior, ensure that we send a scrolling tree update using ScrollingLayerPositionAction::Set
after scrolling ends.

  • UIProcess/RemoteLayerTree/ios/ScrollingTreeScrollingNodeDelegateIOS.mm:

(WebKit::ScrollingTreeScrollingNodeDelegateIOS::scrollViewDidScroll):

LayoutTests:

Add a new layout test to check that the text selection views are updated after scrolling in a fast overflow
scrolling container.

  • editing/selection/ios/update-selection-after-overflow-scroll-expected.txt: Added.
  • editing/selection/ios/update-selection-after-overflow-scroll.html: Added.
11:09 AM Changeset in webkit [247012] by Antti Koivisto
  • 3 edits in trunk/Source/WebCore

REGRESSION(r240047): Overflow scrollers on WK1 fail to update their content size when it changes
https://bugs.webkit.org/show_bug.cgi?id=199360
<rdar://problem/51643386>

Reviewed by Simon Fraser.

r240047 replaced didCommitChangesForLayer() mechanism by a more narrow didChangePlatformLayerForLayer.
Unfortunately on WK1 we relied on scroll layers being invalidated after every size (and scrollbar) change.
Without this invalidation we don't call WebChromeClientIOS::addOrUpdateScrollingLayer and the UIKit delegate
that resizes the UIScrollView content.

Fix by removing the scroll layer invalidation mechanism from LegacyWebKitScrollingLayerCoordinator completely and instead
simply update all scroll layers after commit. The UIKit delegate doesn't do any significant work if nothing changes,
this was not a very meaninful optimization.

  • rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::updateScrollCoordinatedLayersAfterFlush):

Update all scroll layers after flush (similar to viewport constrained layers).

(WebCore::RenderLayerCompositor::didChangePlatformLayerForLayer):
(WebCore::LegacyWebKitScrollingLayerCoordinator::updateScrollingLayer):
(WebCore::LegacyWebKitScrollingLayerCoordinator::addScrollingLayer):
(WebCore::LegacyWebKitScrollingLayerCoordinator::removeScrollingLayer):
(WebCore::LegacyWebKitScrollingLayerCoordinator::registerScrollingLayersNeedingUpdate): Deleted.
(WebCore::LegacyWebKitScrollingLayerCoordinator::didChangePlatformLayerForLayer): Deleted.

  • rendering/RenderLayerCompositor.h:
9:59 AM Changeset in webkit [247011] by Ryan Haddad
  • 8 edits
    3 deletes in trunk

Unreviewed, rolling out r246946.

Caused JSC test crashes on arm64

Reverted changeset:

"Add b3 macro lowering for CheckMul on arm64"
https://bugs.webkit.org/show_bug.cgi?id=199251
https://trac.webkit.org/changeset/246946

9:57 AM Changeset in webkit [247010] by Philippe Normand
  • 8 edits in trunk/Source

[GStreamer] Cannot play Bert's Bytes radio stream from http://radio.dos.nl/
https://bugs.webkit.org/show_bug.cgi?id=198376

Reviewed by Xabier Rodriguez-Calvar.

Source/WebCore:

The delayed startup was due to a mix of buffering feedback
messages not handled correctly by the player. We were handling
download and streaming buffering metrics without distinction.
Range requests (used for seeking) were also triggering on-disk
buffering in some cases. The buffering percentage estimation based
on network read position was not working either because uint64_t
division doesn't return a floating point value.

No new tests, existing media tests cover this patch.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::commitLoad):
(WebCore::MediaPlayerPrivateGStreamer::play):
(WebCore::MediaPlayerPrivateGStreamer::handleMessage):
(WebCore::MediaPlayerPrivateGStreamer::processBufferingStats):
(WebCore::MediaPlayerPrivateGStreamer::updateBufferingStatus):
(WebCore::MediaPlayerPrivateGStreamer::fillTimerFired):
(WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded const):
(WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress const):
(WebCore::MediaPlayerPrivateGStreamer::updateStates):
(WebCore::MediaPlayerPrivateGStreamer::updateDownloadBufferingFlag):
(WebCore::MediaPlayerPrivateGStreamer::setPreload):

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
  • platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webkitWebSrcReset):

  • platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.h:

Source/WTF:

  • wtf/glib/GLibUtilities.h:

(enumToString): Utility function to get a string representation of of a GLib enum.

8:34 AM Changeset in webkit [247009] by pvollan@apple.com
  • 2 edits in trunk/Source/WebKit

Perform less work when a pre-warmed WebProcess is suspended or resumed.
https://bugs.webkit.org/show_bug.cgi?id=199195

Reviewed by Darin Adler.

Return early from WebProcess::actualPrepareToSuspend and WebProcess::processDidResume
if this is a pre-warmed process. This is a confirmed improvement in page load time.

  • WebProcess/WebProcess.cpp:

(WebKit::WebProcess::actualPrepareToSuspend):
(WebKit::WebProcess::cancelPrepareToSuspend):
(WebKit::WebProcess::processDidResume):

6:45 AM Changeset in webkit [247008] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247007 - REGRESSION(r246963) GTK's debug build is broken
https://bugs.webkit.org/show_bug.cgi?id=199358

Reviewed by Michael Catanzaro.

Add traits to be able to downcast AnimatedBackingStoreClient.

  • platform/graphics/nicosia/NicosiaAnimatedBackingStoreClient.h:

(Nicosia::AnimatedBackingStoreClient::AnimatedBackingStoreClient):
(Nicosia::AnimatedBackingStoreClient::type const):

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::updateContentBuffers):

6:42 AM Changeset in webkit [247007] by magomez@igalia.com
  • 3 edits in trunk/Source/WebCore

REGRESSION(r246963) GTK's debug build is broken
https://bugs.webkit.org/show_bug.cgi?id=199358

Reviewed by Michael Catanzaro.

Add traits to be able to downcast AnimatedBackingStoreClient.

  • platform/graphics/nicosia/NicosiaAnimatedBackingStoreClient.h:

(Nicosia::AnimatedBackingStoreClient::AnimatedBackingStoreClient):
(Nicosia::AnimatedBackingStoreClient::type const):

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::updateContentBuffers):

6:04 AM Changeset in webkit [247006] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247005 - Unreviewed. Fix GTK build with GSTREAMER_GL disabled after r246710

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
5:10 AM Changeset in webkit [247005] by Carlos Garcia Campos
  • 2 edits in trunk/Source/WebCore

Unreviewed. Fix GTK build with GSTREAMER_GL disabled after r246710

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
4:04 AM Changeset in webkit [247004] by Carlos Garcia Campos
  • 5 edits
    1 add in releases/WebKitGTK/webkit-2.24

Merge r246740 - ArraySlice needs to keep the source array alive.
https://bugs.webkit.org/show_bug.cgi?id=197374
<rdar://problem/50304429>

Reviewed by Michael Saboff and Filip Pizlo.

JSTests:

  • stress/array-slice-must-keep-source-array-alive.js: Added.

Source/JavaScriptCore:

The implementation of the FTL ArraySlice intrinsics may GC while allocating the
result array and its butterfly. Previously, ArraySlice already keeps the source
butterfly alive in order to copy from it to the new butterfly after the allocation.
Unfortunately, this is not enough. We also need to keep the source array alive
so that GC will scan the values in the butterfly as well. Note: the butterfly
does not have a visitChildren() method to do this scan. It's the parent object's
responsibility to do the scanning.

This patch fixes this by introducing a keepAlive() utility method, and we use it
to keep the source array alive while allocating the result array and butterfly.

keepAlive() works by using a patchpoint to communicate to B3 that a value (the
source array in this case) is still in use. It also uses a fence to keep B3 from
relocating the patchpoint, which may defeat the fix.

For the DFG's SpeculativeJIT::compileArraySlice(), we may have lucked out and the
source array cell is kept alive. This patch makes it explicit that we should
keep its cell alive till after the result array has been allocated.

For the Baseline JIT and LLInt, we use the arrayProtoFuncSlice() runtime function
and there is no issue because the source array (in "thisObj") is in the element
copying loop that follows the allocation of the result array. However, for
documentation purposes, this patch adds a call to HeapCell::use() to indicate that
the source array need to kept alive at least until after the allocation of the
result array.

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileArraySlice):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileArraySlice):
(JSC::FTL::DFG::LowerDFGToB3::allocateJSArray):
(JSC::FTL::DFG::LowerDFGToB3::keepAlive):

  • runtime/ArrayPrototype.cpp:

(JSC::arrayProtoFuncSlice):

4:04 AM Changeset in webkit [247003] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.24

Merge r246708 - [JSC] ClassExpr should not store result in the middle of evaluation
https://bugs.webkit.org/show_bug.cgi?id=199106

Reviewed by Tadeu Zagallo.

JSTests:

  • stress/class-expression-should-store-result-at-last.js: Added.

(shouldThrow):
(shouldThrow.let.a):

Source/JavaScriptCore:

Let's consider the case,

let a = class A {

static get[a=0x12345678]() {
}

};

When evaluating class A expression, we should not use the local register for let a
until we finally store it to that register. Otherwise, a=0x12345678 will override it.
Out BytecodeGenerator does that this by using tempDestination and finalDestination, but
we did not do that in ClassExprNode.

This patch leverages tempDestination and finalDestination to store class A result finally,
while we attempt to reduce mov.

  • bytecompiler/NodesCodegen.cpp:

(JSC::ClassExprNode::emitBytecode):

4:04 AM Changeset in webkit [247002] by Carlos Garcia Campos
  • 12 edits
    2 adds in releases/WebKitGTK/webkit-2.24

Merge r246505 - [JSC] Introduce DisposableCallSiteIndex to enforce type-safety
https://bugs.webkit.org/show_bug.cgi?id=197378

Reviewed by Saam Barati.

JSTests:

  • stress/disposable-call-site-index-with-call-and-this.js: Added.

(foo):
(bar):

  • stress/disposable-call-site-index.js: Added.

(foo):
(bar):

Source/JavaScriptCore:

Some of CallSiteIndex are disposable. This is because some of CallSiteIndex are allocated and freed at runtime (not DFG/FTL compile time).
The example is CallSiteIndex for exception handler in GCAwareJITStubRoutineWithExceptionHandler. If we do not allocate and free CallSiteIndex,
we will create a new CallSiteIndex continuously and leak memory.

The other CallSiteIndex are not simply disposable because the ownership model is not unique one. They can be shared between multiple clients.
But not disposing them is OK because they are static one: they are allocated when compiling DFG/FTL, and we do not allocate such CallSiteIndex
at runtime.

To make this difference explicit and avoid disposing non-disposable CallSiteIndex accidentally, we introduce DisposableCallSiteIndex type, and
enforce type-safety to some degree.

We also correctly update the DisposableCallSiteIndex => CodeOrigin table when we are reusing the previously used DisposableCallSiteIndex.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::newExceptionHandlingCallSiteIndex):
(JSC::CodeBlock::removeExceptionHandlerForCallSite):

  • bytecode/CodeBlock.h:
  • bytecode/PolymorphicAccess.cpp:

(JSC::AccessGenerationState::callSiteIndexForExceptionHandling):
(JSC::PolymorphicAccess::regenerate):

  • bytecode/PolymorphicAccess.h:

(JSC::AccessGenerationState::callSiteIndexForExceptionHandling): Deleted.

  • dfg/DFGCommonData.cpp:

(JSC::DFG::CommonData::addUniqueCallSiteIndex):
(JSC::DFG::CommonData::addDisposableCallSiteIndex):
(JSC::DFG::CommonData::removeDisposableCallSiteIndex):
(JSC::DFG::CommonData::removeCallSiteIndex): Deleted.

  • dfg/DFGCommonData.h:
  • interpreter/CallFrame.h:

(JSC::DisposableCallSiteIndex::DisposableCallSiteIndex):
(JSC::DisposableCallSiteIndex::fromCallSiteIndex):

  • jit/GCAwareJITStubRoutine.cpp:

(JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
(JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
(JSC::createJITStubRoutine):

  • jit/GCAwareJITStubRoutine.h:
  • jit/JITInlineCacheGenerator.h:
4:04 AM Changeset in webkit [247001] by Carlos Garcia Campos
  • 8 edits
    1 add in releases/WebKitGTK/webkit-2.24

Merge r246408 - Yarr bytecode compilation failure should be gracefully handled
https://bugs.webkit.org/show_bug.cgi?id=198700

Reviewed by Michael Saboff.

JSTests:

  • stress/regexp-bytecode-compilation-fail.js: Added.

(shouldThrow):

Source/JavaScriptCore:

Currently, we assume that Yarr bytecode compilation does not fail. But in fact it can fail.
We should gracefully handle this failure as a runtime error, as we did for parse errors in [1].
We also harden Yarr's consumed character calculation by using Checked.

[1]: https://bugs.webkit.org/show_bug.cgi?id=185755

  • inspector/ContentSearchUtilities.cpp:

(Inspector::ContentSearchUtilities::findMagicComment):

  • runtime/RegExp.cpp:

(JSC::RegExp::byteCodeCompileIfNecessary):
(JSC::RegExp::compile):
(JSC::RegExp::compileMatchOnly):

  • runtime/RegExpInlines.h:

(JSC::RegExp::matchInline):

  • yarr/YarrErrorCode.cpp:

(JSC::Yarr::errorMessage):
(JSC::Yarr::errorToThrow):

  • yarr/YarrErrorCode.h:
  • yarr/YarrInterpreter.cpp:

(JSC::Yarr::ByteCompiler::ByteCompiler):
(JSC::Yarr::ByteCompiler::compile):
(JSC::Yarr::ByteCompiler::atomCharacterClass):
(JSC::Yarr::ByteCompiler::atomBackReference):
(JSC::Yarr::ByteCompiler::atomParenthesesOnceBegin):
(JSC::Yarr::ByteCompiler::atomParenthesesTerminalBegin):
(JSC::Yarr::ByteCompiler::atomParenthesesSubpatternBegin):
(JSC::Yarr::ByteCompiler::atomParentheticalAssertionBegin):
(JSC::Yarr::ByteCompiler::popParenthesesStack):
(JSC::Yarr::ByteCompiler::closeAlternative):
(JSC::Yarr::ByteCompiler::closeBodyAlternative):
(JSC::Yarr::ByteCompiler::alternativeBodyDisjunction):
(JSC::Yarr::ByteCompiler::alternativeDisjunction):
(JSC::Yarr::ByteCompiler::emitDisjunction):

4:04 AM Changeset in webkit [247000] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24

Merge r242114 - wasmToJS() should purify incoming NaNs.
https://bugs.webkit.org/show_bug.cgi?id=194807
<rdar://problem/48189132>

Reviewed by Saam Barati.

JSTests:

  • wasm/regress/wasmToJS-should-purify-NaNs.js: Added.

Source/JavaScriptCore:

  • runtime/JSCJSValue.h:

(JSC::jsNumber):

  • runtime/TypedArrayAdaptors.h:

(JSC::IntegralTypedArrayAdaptor::toJSValue):

  • wasm/js/WasmToJS.cpp:

(JSC::Wasm::wasmToJS):

4:04 AM Changeset in webkit [246999] by Carlos Garcia Campos
  • 4 edits
    1 add in releases/WebKitGTK/webkit-2.24

Merge r246071 - Argument elimination should check for negative indices in GetByVal
https://bugs.webkit.org/show_bug.cgi?id=198302
<rdar://problem/51188095>

Reviewed by Filip Pizlo.

JSTests:

  • stress/eliminate-arguments-negative-rest-access.js: Added.

(inlinee):
(opt):

Source/JavaScriptCore:

In DFG::ArgumentEliminationPhase, the index is treated as unsigned, but there's no check
for overflow in the addition. In compileGetMyArgumentByVal, there's a check for overflow,
but the index is treated as signed, resulting in an index lower than numberOfArgumentsToSkip.

  • dfg/DFGArgumentsEliminationPhase.cpp:
  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileGetMyArgumentByVal):

4:04 AM Changeset in webkit [246998] by Carlos Garcia Campos
  • 3 edits
    1 add in releases/WebKitGTK/webkit-2.24

Merge r246332 - AI BitURShift's result should not be unsigned
https://bugs.webkit.org/show_bug.cgi?id=198689
<rdar://problem/51550063>

Reviewed by Saam Barati.

JSTests:

  • stress/urshift-int32-overflow.js: Added.

(foo.):
(foo):

Source/JavaScriptCore:

Treating BitURShift's result as unsigned in the abstract interpreter incorrectly overflows it.
This breaks the DFG and FTL, since they assume that BitURShift's result is an int32 value, but
get a double constant from AI. Since the result will be converted to unsigned by UInt32ToNumber,
all we have to do is store the result as a signed int32.

  • dfg/DFGAbstractInterpreterInlines.h:
4:04 AM Changeset in webkit [246997] by Carlos Garcia Campos
  • 1 edit
    4 adds in releases/WebKitGTK/webkit-2.24/LayoutTests

Merge r246287 - [CSP] Blob URLs should inherit their CSP policy
https://bugs.webkit.org/show_bug.cgi?id=198579
<rdar://problem/51366878>

Reviewed by Brent Fulgham.

Actually add the tests that I inadvertently omitted from r246277.

  • http/tests/security/contentSecurityPolicy/navigate-self-to-blob-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/navigate-self-to-blob.html: Added.
  • http/tests/security/contentSecurityPolicy/navigate-self-to-data-url-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/navigate-self-to-data-url.html: Added.
4:03 AM Changeset in webkit [246996] by Carlos Garcia Campos
  • 7 edits in releases/WebKitGTK/webkit-2.24

Merge r246277 - [CSP] Blob URLs should inherit their CSP policy
https://bugs.webkit.org/show_bug.cgi?id=198579
<rdar://problem/51366878>

Reviewed by Brent Fulgham.

Source/WebCore:

As per <https://w3c.github.io/webappsec-csp/#security-inherit-csp> (Editor's Draft, 28 February 2019) blob
URLs should inherit their CSP policy from their parent (if they have one).

Test: http/tests/security/contentSecurityPolicy/navigate-self-to-blob.html

http/tests/security/contentSecurityPolicy/navigate-self-to-data-url.html

  • dom/Document.cpp:

(WebCore::Document::shouldInheritContentSecurityPolicyFromOwner const): Return true if the document's URL
is a Blob URL.
(WebCore::Document::initContentSecurityPolicy): Take a pointer to a ContentSecurityPolicy object that
represents the previous document's CSP. We only make us of this if the current URL is a Blob URL or a data
URL. Otherwise, do what we do now and take the policy from the owner frame.

  • dom/Document.h:
  • loader/DocumentWriter.cpp:

(WebCore::DocumentWriter::begin): Extend the lifetime of the previous document temporarily so that we can
pass its CSP to FrameLoader::didBeginDocument(). We need to do this extension because this function calls
FrameLoader::clear(), which can destroy the previous document and its ContentSecurityPolicy object. This
extension is also no different than if this function was called with a non-null ownerDocument except that
in that case it is the caller that extends the previous document's lifetime. Although it is tempting to
make use of ownerDocument to fix this bug by having the caller of begin() pass the previous document as
the ownerDocument when the new document's url (the one we are begin()ing) is a Blob URL. The ownerDocument
concept would privilege the Blob URL more than necessary; we only need to inherit the CSP policy from the
previous document for a Blob URL, not inherit the cookie URL or strict mixed content checking bit, etc.
We could make ContentSecurityPolicy ref-counted or even steal the ContentSecurityPolicy object from the
previous document. The latter is not of the question as a future enhancement, but the former seemed excessive
as a way to avoid extending the lifetime of the previous document because this would be the *only* call site
that actaully takes out a second ref of a ContentSecurityPolicy object. In general, shared ownership of
a ContentSecurityPolicy object does not make sense.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::didBeginDocument): Pass the specified content security policy through to
Document::initContentSecurityPolicy().

  • loader/FrameLoader.h:

LayoutTests:

Add tests to ensure that a self navigation to a Blob or Data URL inherits its CSP policy from
its parent document.

  • http/tests/security/contentSecurityPolicy/navigate-self-to-blob-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/navigate-self-to-blob.html: Added.
  • http/tests/security/contentSecurityPolicy/navigate-self-to-data-url-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/navigate-self-to-data-url.html: Added.
4:03 AM Changeset in webkit [246995] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r246182 - Avoid generating new XSLT-based document when already changing the document.
https://bugs.webkit.org/show_bug.cgi?id=198525
<rdar://problem/51393787>

Reviewed by Ryosuke Niwa.

We should not allow a pending XSLT transform to change the current document when
that current document is int he process of being replaced.

  • dom/Document.cpp:

(WebCore::Document::applyPendingXSLTransformsTimerFired):

4:03 AM Changeset in webkit [246994] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.24

Merge r246129 - [CSP] Data URLs should inherit their CSP policy
https://bugs.webkit.org/show_bug.cgi?id=198572
<rdar://problem/50660927>

Reviewed by Brent Fulgham.

Source/WebCore:

As per <https://w3c.github.io/webappsec-csp/#security-inherit-csp> (Editor's Draft, 28 February 2019) data
URLs should inherit their CSP policy from their parent (if they have one).

Test: http/tests/security/contentSecurityPolicy/subframe-with-data-url-inheritance.html

  • dom/Document.cpp:

(WebCore::Document::shouldInheritContentSecurityPolicyFromOwner const):

LayoutTests:

Add a test to ensure that a framed data URL inherits its CSP policy from its parent document.

  • http/tests/security/contentSecurityPolicy/subframe-with-data-url-inheritance-expected.txt: Added.
  • http/tests/security/contentSecurityPolicy/subframe-with-data-url-inheritance.html: Added.
4:03 AM Changeset in webkit [246993] by Carlos Garcia Campos
  • 17 edits in releases/WebKitGTK/webkit-2.24/Source

Merge r245823 - Protect frames during style and layout changes
https://bugs.webkit.org/show_bug.cgi?id=198047
<rdar://problem/50954082>

Reviewed by Zalan Bujtas.

Be more careful about the scope and lifetime of objects that participate in layout or
style updates. If a method decides a layout or style update is needed, it needs to
confirm that the elements it was operating on are still valid and needed in the
current operation.

Source/WebCore:

  • accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::getOrCreate):

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::accessibilityHitTest const):

  • css/CSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::valueForPropertyinStyle):

  • css/CSSComputedStyleDeclaration.h:
  • css/SVGCSSComputedStyleDeclaration.cpp:

(WebCore::ComputedStyleExtractor::svgPropertyValue):

  • dom/Document.cpp:

(WebCore::Document::setFocusedElement):

  • editing/TypingCommand.cpp:

(WebCore::TypingCommand::insertTextRunWithoutNewlines):
(WebCore::TypingCommand::insertLineBreak):
(WebCore::TypingCommand::insertParagraphSeparator):
(WebCore::TypingCommand::insertParagraphSeparatorInQuotedContent):

  • editing/ios/EditorIOS.mm:

(WebCore::Editor::setDictationPhrasesAsChildOfElement):

  • html/HTMLLabelElement.cpp:

(WebCore::HTMLLabelElement::focus):

  • html/HTMLTextAreaElement.cpp:

(WebCore::HTMLTextAreaElement::appendFormData):

  • html/ImageDocument.cpp:

(WebCore::ImageDocument::imageClicked):

  • html/ValidationMessage.cpp:

(WebCore::ValidationMessage::buildBubbleTree):

  • page/FrameView.cpp:

(WebCore::FrameView::autoSizeIfEnabled):
(WebCore::FrameView::trackedRepaintRectsAsText const):

  • page/PrintContext.cpp:

(WebCore::PrintContext::pageProperty):
(WebCore::PrintContext::numberOfPages):
(WebCore::PrintContext::spoolAllPagesWithBoundaries):

Source/WebKitLegacy/mac:

  • DOM/DOM.mm:

(-[DOMRange renderedImageForcingBlackText:renderedImageForcingBlackText:]):

  • WebView/WebHTMLView.mm:

(-[WebHTMLView _selectionDraggingImage]):
(-[WebHTMLView selectionImageForcingBlackText:selectionImageForcingBlackText:]):

4:03 AM Changeset in webkit [246992] by Carlos Garcia Campos
  • 20 edits in releases/WebKitGTK/webkit-2.24/Source

Merge r245716 - [Hittest] Move hittesting from RenderView to Document
https://bugs.webkit.org/show_bug.cgi?id=198192
<rdar://problem/51077762>

Reviewed by Antti Koivisto.

Source/WebCore:

RenderView is not refcounted and may be destroyed in updateLayout(), so enter hit-testing from Document.

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::press):

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::visiblePositionForPoint const):

  • dom/Document.cpp:

(WebCore::FrameFlatteningLayoutDisallower::FrameFlatteningLayoutDisallower):
(WebCore::FrameFlatteningLayoutDisallower::~FrameFlatteningLayoutDisallower):
(WebCore::Document::scheduleStyleRecalc):
(WebCore::Document::prepareMouseEvent):
(WebCore::Document::hitTest):

  • dom/Document.h:

(WebCore::Document::inHitTesting const):

  • dom/TreeScope.cpp:

(WebCore::TreeScope::nodeFromPoint):
(WebCore::TreeScope::elementsFromPoint):

  • editing/FrameSelection.cpp:

(WebCore::FrameSelection::contains const):

  • html/HTMLPlugInElement.cpp:

(WebCore::HTMLPlugInElement::isReplacementObscured):

  • html/MediaElementSession.cpp:

(WebCore::isElementMainContentForPurposesOfAutoplay):

  • page/DragController.cpp:

(WebCore::elementUnderMouse):

  • page/EventHandler.cpp:

(WebCore::EventHandler::handleMouseDraggedEvent):
(WebCore::EventHandler::eventMayStartDrag const):
(WebCore::EventHandler::updateSelectionForMouseDrag):
(WebCore::EventHandler::hitTestResultAtPoint const):
(WebCore::EventHandler::updateCursor):
(WebCore::EventHandler::isInsideScrollbar const):
(WebCore::EventHandler::handleWheelEvent):
(WebCore::EventHandler::hoverTimerFired):
(WebCore::EventHandler::handleDrag):
(WebCore::hitTestResultInFrame):

  • page/FrameViewLayoutContext.cpp:

(WebCore::FrameViewLayoutContext::setNeedsLayoutAfterViewConfigurationChange):

  • rendering/RenderView.cpp:

(WebCore::FrameFlatteningLayoutDisallower::FrameFlatteningLayoutDisallower): Deleted.
(WebCore::FrameFlatteningLayoutDisallower::~FrameFlatteningLayoutDisallower): Deleted.
(): Deleted.
(WebCore::RenderView::hitTest): Deleted.

  • rendering/RenderView.h:
  • rendering/RenderWidget.cpp:

(WebCore::RenderWidget::nodeAtPoint):

  • testing/Internals.cpp:

(WebCore::Internals::nodesFromRect const):

Source/WebKit:

  • WebProcess/WebPage/ViewGestureGeometryCollector.cpp:

(WebKit::ViewGestureGeometryCollector::collectGeometryForSmartMagnificationGesture):

  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::determinePrimarySnapshottedPlugIn):

  • WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::dynamicViewportSizeUpdate):

4:03 AM Changeset in webkit [246991] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.24

Merge r245664 - Subselectors not searched when determining property whitelist for selector
https://bugs.webkit.org/show_bug.cgi?id=198147
<rdar://problem/50405208>

Reviewed by Zalan Bujtas.

Source/WebCore:

This can cause marker elements get style they shouldn't.

Test: fast/lists/marker-style-subselector-whitelist.html

  • css/RuleSet.cpp:

(WebCore::determinePropertyWhitelistType):

Check subselectors too.

LayoutTests:

  • fast/lists/marker-style-subselector-whitelist-expected.txt: Added.
  • fast/lists/marker-style-subselector-whitelist.html: Added.
4:03 AM Changeset in webkit [246990] by Carlos Garcia Campos
  • 3 edits
    2 adds in releases/WebKitGTK/webkit-2.24

Merge r245509 - Wait to get frame until after layout has been run
https://bugs.webkit.org/show_bug.cgi?id=197999
<rdar://problem/50800345>

Reviewed by Alex Christensen.

Source/WebCore:

The current frame can change when layout runs, so don't bother retrieving
the frame until the final layout pass is complete.

Test: fast/dom/window-inner-width-crash.html

  • page/DOMWindow.cpp:

(WebCore::DOMWindow::innerHeight const): Move frame access past the
layout operation.
(WebCore::DOMWindow::innerWidth const): Ditto.
(WebCore::DOMWindow::scrollX const): Ditto.
(WebCore::DOMWindow::scrollY const): Ditto.

LayoutTests:

  • fast/dom/window-inner-width-crash-expected.txt: Added.
  • fast/dom/window-inner-width-crash.html: Added.
4:03 AM Changeset in webkit [246989] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r245464 - Hardening: Prevent FrameLoader crash due to SetForScope
https://bugs.webkit.org/show_bug.cgi?id=197458
<rdar://problem/50368338>

Reviewed by Chris Dumez.

Since SetForScope takes action during a function returns, it might cause
a crash if its scope is broader than the value it is resetting.

  • loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadDifferentDocumentItem):

3:25 AM EarlyWarningSystem edited by aakash_jain@apple.com
(diff)
2:22 AM Changeset in webkit [246988] by Carlos Garcia Campos
  • 10 edits
    1 add in releases/WebKitGTK/webkit-2.24/Source

Merge r246963 - [WPE][GTK] Content disappearing when using CSS transforms
https://bugs.webkit.org/show_bug.cgi?id=181757

Reviewed by Žan Doberšek.

Source/WebCore:

During each layer flush, create an AnimatedBackingStoreClient instance for each layer that
has a backingStore and is to be animated, and send that client to the appropriate
TextureMapperLayer on the compositor thread. During each frame rendering, the client will
use the future layer position (currently 50ms in the future) to check whether new tiles are
required to keep the animation ongoing, and notify the appropriate CoordinatedGraphicsLayer so
it can perform a layer flush and provide new tiles.

  • platform/TextureMapper.cmake:
  • platform/graphics/nicosia/NicosiaAnimatedBackingStoreClient.h: Added.
  • platform/graphics/nicosia/NicosiaPlatformLayer.h:

(Nicosia::CompositionLayer::flushState):

  • platform/graphics/texmap/TextureMapperAnimation.cpp:

(WebCore::TextureMapperAnimation::applyKeepingInternalState):
(WebCore::TextureMapperAnimations::applyKeepingInternalState):

  • platform/graphics/texmap/TextureMapperAnimation.h:
  • platform/graphics/texmap/TextureMapperLayer.cpp:

(WebCore::TextureMapperLayer::computeTransformsRecursive):
(WebCore::TextureMapperLayer::setAnimatedBackingStoreClient):
(WebCore::TextureMapperLayer::syncAnimations):

  • platform/graphics/texmap/TextureMapperLayer.h:
  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::~CoordinatedGraphicsLayer):
(WebCore::clampToContentsRectIfRectIsInfinite):
(WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly):
(WebCore::CoordinatedGraphicsLayer::requestBackingStoreUpdate):
(WebCore::CoordinatedGraphicsLayer::updateContentBuffers):

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:

Source/WebKit:

Set the appropriate AnimatedBackingStoreClient to the TextureMapperLayers when required.

  • Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:

(WebKit::CoordinatedGraphicsScene::updateSceneState):

2:22 AM Changeset in webkit [246987] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore/platform/gtk/po

Merge r245770 - [l10n] [pt_BR] Updated Brazilian Portuguese translation
https://bugs.webkit.org/show_bug.cgi?id=198245

Patch by Rafael Fontenelle <rafaelff@gnome.org> on 2019-05-25
Rubber-stamped by Michael Catanzaro.

  • pt_BR.po:
2:22 AM Changeset in webkit [246986] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/WTF

Merge r245512 - [GLIB] Repeating timer is not stopped when stop is called from the callback
https://bugs.webkit.org/show_bug.cgi?id=197986

Reviewed by Michael Catanzaro.

Source/WTF:

In case of repeating timers we always update the ready time to fire interval after the user callback is called.

  • wtf/glib/RunLoopGLib.cpp:

(WTF::RunLoop::TimerBase::stop): Reset m_fireInterval and m_isRepeating.

2:22 AM Changeset in webkit [246985] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r246192 - [GStreamer] videorate issues with v4l2src
https://bugs.webkit.org/show_bug.cgi?id=198614

Reviewed by Xabier Rodriguez-Calvar.

Configure videorate to cope with the live stream provided by the
source element. Not doing so might lead to errors in the v4l2
buffer allocator.

  • platform/mediastream/gstreamer/GStreamerVideoCapturer.cpp:

(WebCore::GStreamerVideoCapturer::createConverter):

2:21 AM Changeset in webkit [246984] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24

Merge r245848 - [MSE][GStreamer] update the readyState correctly in MediaPlayerPrivateGStreamerMSE
https://bugs.webkit.org/show_bug.cgi?id=197834

Patch by Yacine Bandou <yacine.bandou@softathome.com> on 2019-05-28
Reviewed by Xabier Rodriguez-Calvar.

Source/WebCore:

The buffering state and the m_downloadFinished boolean aren't supported in the MSE case.
When the readyState is already "HaveEnoughData", we don't want to revert it to "HaveFutureData",
or else the MediaPlayer would send a "canplay" event instead of a "canplaythrough".

Test: media/media-source/media-source-canplaythrough-event.html

  • platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:

(WebCore::MediaPlayerPrivateGStreamerMSE::updateStates):

LayoutTests:

Add a new test that checks if the MediaElement receives the "canplaythrough"
event when the media content is entirely injected to MSE sourceBuffer.

  • media/media-source/media-source-canplaythrough-event-expected.txt: Added.
  • media/media-source/media-source-canplaythrough-event.html: Added.
2:21 AM Changeset in webkit [246983] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r246635 - [GTK] The Previous/Next gesture should handle RTL
https://bugs.webkit.org/show_bug.cgi?id=198707

Patch by Alexander Mikhaylenko <exalm7659@gmail.com> on 2019-06-20
Reviewed by Michael Catanzaro.

The gesture uses PageClientImpl::userInterfaceLayoutDirection() to determine the text
direction. Implement that method, then adjust drawing so that the pages move from/to
the left instead of right side for RTL locales.

  • UIProcess/API/gtk/PageClientImpl.cpp:

(WebKit::): Implemented.

  • UIProcess/API/gtk/PageClientImpl.h:
  • UIProcess/gtk/ViewGestureControllerGtk.cpp:

(WebKit::ViewGestureController::draw):

2:21 AM Changeset in webkit [246982] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r246638 - [GTK] Make startup pause available in DEVELOPER_MODE rather than DEBUG.
https://bugs.webkit.org/show_bug.cgi?id=199069

Reviewed by Michael Catanzaro.

  • WebProcess/gtk/WebProcessMainGtk.cpp: Allow developers to pause

the web process in DEVELOPER_MODE rather than only DEBUG, matching
the WPE behaviour and also the purpose of DEVELOPER_MODE.

2:21 AM Changeset in webkit [246981] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r246431 - [cairo] Entering text into forms on github.com creates a trapezoid artifact
https://bugs.webkit.org/show_bug.cgi?id=126124

Reviewed by Michael Catanzaro.

Mixing antialiasing modes in the same clip is not actually supported by cairo. In the case of rectangle clips we
are already ignoring the current antialiasing to not do any antialiasing. We could do the opposite for clips
receiving a path, we want to enforce antialiasing in that case since the paths might contain curves. Doing that
we ensure all calls to clip with a path use the same antialiasing, which is the case of the github bug.

  • platform/graphics/cairo/CairoOperations.cpp:

(WebCore::Cairo::doClipWithAntialias): Helper to call cairo_clip() with the given antialising mode.
(WebCore::Cairo::clip): Use doClipWithAntialias().
(WebCore::Cairo::clipOut): Ditto.
(WebCore::Cairo::clipPath): Ditto.

2:21 AM Changeset in webkit [246980] by Carlos Garcia Campos
  • 3 edits
    4 adds in releases/WebKitGTK/webkit-2.24

Merge r246350 - [cairo][SVG] Putting multiple path elements in clippath causes rendering artifacts
https://bugs.webkit.org/show_bug.cgi?id=198701
<rdar://problem/51620347>

Reviewed by Don Olmstead.

Source/WebCore:

We need to save the current transformation matrix at the moment the image mask is set and set it again on
restore right before applying the mask. This patch also creates a pattern for the image mask surface and set its
transformation matrix according to the mask position, so that we don't need to save the mask rectangle too.

Tests: svg/clip-path/clip-hidpi-expected.svg

svg/clip-path/clip-hidpi.svg
svg/clip-path/clip-opacity-translate-expected.svg
svg/clip-path/clip-opacity-translate.svg

  • platform/graphics/cairo/PlatformContextCairo.cpp:

(WebCore::PlatformContextCairo::restore):
(WebCore::PlatformContextCairo::pushImageMask):

LayoutTests:

  • svg/clip-path/clip-hidpi-expected.svg: Added.
  • svg/clip-path/clip-hidpi.svg: Added.
  • svg/clip-path/clip-opacity-translate-expected.svg: Added.
  • svg/clip-path/clip-opacity-translate.svg: Added.
2:21 AM Changeset in webkit [246979] by Carlos Garcia Campos
  • 5 edits
    4 adds in releases/WebKitGTK/webkit-2.24

Merge r246309 - [cairo][SVG] Putting multiple path elements in clippath causes rendering artifacts
https://bugs.webkit.org/show_bug.cgi?id=198701

Source/WebCore:

PlatformContextCairo::pushImageMask blits wrong position of the
surface to the background of masking objects. And, I don't know
the reason why this blitting is needed. Removed the blitting.

Reviewed by Carlos Garcia Campos.

Tests: svg/clip-path/clip-opacity.html

svg/clip-path/svg-in-html.html

  • platform/graphics/cairo/PlatformContextCairo.cpp:

(WebCore::PlatformContextCairo::pushImageMask): Don't blit the
surface to the background.

LayoutTests:

Reviewed by Carlos Garcia Campos.

  • platform/gtk/TestExpectations:
  • platform/wpe/TestExpectations:

Unskipped svg/gradients/spreadMethodDiagonal3.svg and svg/gradients/spreadMethodDiagonal4.svg.

  • svg/clip-path/clip-opacity-expected.html: Added.
  • svg/clip-path/clip-opacity.html: Added.
  • svg/clip-path/svg-in-html-expected.html: Added.
  • svg/clip-path/svg-in-html.html: Added.
1:53 AM Changeset in webkit [246978] by Carlos Garcia Campos
  • 5 edits in releases/WebKitGTK/webkit-2.24

Merge r246536 - [WebGL] Extensions3DOpenGLES::bindVertexArrayOES() should allow zero array object
https://bugs.webkit.org/show_bug.cgi?id=198929

Reviewed by Carlos Garcia Campos.

Source/WebCore:

A 0 object parameter for the glBindVertexArrayOES() call is a valid
value since it binds the default vertex array object for any updates and
draws. As such the Extensions3DOpenGLES implementation shouldn't return
early if the object value is 0.

No new tests -- covered by existing tests.

  • platform/graphics/opengl/Extensions3DOpenGLES.cpp:

(WebCore::Extensions3DOpenGLES::bindVertexArrayOES):

LayoutTests:

Enable the passing tests and update one baseline.

  • platform/wpe/TestExpectations:
  • platform/wpe/webgl/2.0.0/conformance/extensions/oes-vertex-array-object-expected.txt:
1:53 AM WebKitGTK/2.24.x edited by Carlos Garcia Campos
(diff)
1:53 AM Changeset in webkit [246977] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r244372 - ScalableImageDecoder: don't forcefully decode image data when querying frame completeness, duration
https://bugs.webkit.org/show_bug.cgi?id=191354
<rdar://problem/46123406>

Reviewed by Michael Catanzaro.

ScalableImageDecoder::frameIsCompleteAtIndex() should only check the
index validity and, if the index is valid, check for completeness of the
corresponding frame. ScalableImageDecoder::frameDurationAtIndex() should
also only retrieve duration for already-complete frames, or expand the
default 0-second value according to the flashing-protection rule when
the target frame is not yet complete.

Both methods avoid calling ScalableImageDecoder::frameBufferAtIndex()
as that method goes on and decodes image data to determine specific
information. The ImageSource class that's querying this information
doesn't anticipate this, and doesn't handle the increased memory
consumption of the decoded data, leaving MemoryCache in the blind about
the image resource's actual amount of consumed memory. ImageSource can
instead gracefully handle any incomplete frame by marking the decoding
status for this frame as only partial.

  • platform/image-decoders/ScalableImageDecoder.cpp:

(WebCore::ScalableImageDecoder::frameIsCompleteAtIndex const):
(WebCore::ScalableImageDecoder::frameHasAlphaAtIndex const):
(WebCore::ScalableImageDecoder::frameDurationAtIndex const):

1:53 AM Changeset in webkit [246976] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.24/Source/WTF

[WTF] Generic memoryFootprint() implementation should use bmalloc on Linux
https://bugs.webkit.org/show_bug.cgi?id=196963

Reviewed by Don Olmstead.

Have the generic memoryFootprint() implementation use bmalloc's
memoryFootprint() API on Linux, whenever the system malloc option is
not enabled. Limitation to Linux platforms is due to the bmalloc
implementation being limited to those configurations (excluding iOS
which doesn't use MemoryFootprintGeneric.cpp).

  • wtf/PlatformWPE.cmake: Switch to building MemoryFootprintGeneric.cpp.
  • wtf/generic/MemoryFootprintGeneric.cpp:

(WTF::memoryFootprint):

1:53 AM Changeset in webkit [246975] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/bmalloc

Merge r244316 - Unreviewed. Build fix after r244244.

  • Source/bmalloc/bmalloc/AvailableMemory.cpp
1:53 AM Changeset in webkit [246974] by Carlos Garcia Campos
  • 4 edits in releases/WebKitGTK/webkit-2.24/Source/bmalloc

Merge r244244 - [bmalloc][Linux] Add support for memory status calculation
https://bugs.webkit.org/show_bug.cgi?id=195938

Reviewed by Carlos Garcia Campos.

Memory status and under-memory-pressure capabilities in bmalloc can be
implemented on Linux by reading and parsing the statm file under the
proc filesystem.

We retrieve the resident set size from the statm file and multiply it
with the page size. This gives an upper-bound estimate of the memory
that's being consumed by the process.

The statm-based estimate seems preferable to other alternatives. One
such alternative would be reading and parsing more-detailed smaps file,
also exposed under the proc filesystem. This is at the moment being done
in WTF's MemoryFootprint implementation for Linux systems, but on Linux
ports this operation is being throttled to only execute once per second
because of the big computing expense required to read and parse out the
data. A future MemoryFootprint implementation could simply retrieve the
memory footprint value from bmalloc.

Another alternative is the Linux taskstats interface. This one would
require utilizing a netlink socket to retrieve the necessary statistics,
but it requires the process to have elevated privileges, which is a
blocker.

  • bmalloc/AvailableMemory.cpp:

(bmalloc::LinuxMemory::singleton):
(bmalloc::LinuxMemory::footprint const):
(bmalloc::computeAvailableMemory):
(bmalloc::memoryStatus):

  • bmalloc/AvailableMemory.h:

(bmalloc::isUnderMemoryPressure):

  • bmalloc/bmalloc.h:
1:53 AM Changeset in webkit [246973] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r246653 - REGRESSION(r245912): Crash in TextIterator::range via visiblePositionForIndexUsingCharacterIterator
https://bugs.webkit.org/show_bug.cgi?id=199061

Reviewed by Wenson Hsieh.

Avoid calling CharacterIterator::range when it's at the end. Otherwise, we'd crash with null pointer dereferencing.

Unfortunately no new tests since we don't have any reproducible test case.

  • editing/Editing.cpp:

(WebCore::visiblePositionForIndexUsingCharacterIterator):

1:53 AM Changeset in webkit [246972] by Carlos Garcia Campos
  • 10 edits
    4 adds in releases/WebKitGTK/webkit-2.24

Merge r245912 - Inserting a newline in contenteditable causes two characters to be added instead of one
https://bugs.webkit.org/show_bug.cgi?id=197894
<rdar://problem/49700998>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-05-30
Reviewed by Wenson Hsieh and Chris Fleizach.

Source/WebCore:

There were two issues with inserting a newline character at the end of
a line that caused problems for accessibility:

  • the first '\n' inserted after text would result in two line breaks

inserted instead of one. createFragmentFromText in markup.cpp was
splitting the string "\n" into two empty strings and creating a <div>
and a <br> respectively. Then the emission code would emit a '\n' for
the empty div and another for the <br>.

  • the second problem is a consequence of <rdar://problem/5192593> and

the workaround is the change in editing.cpp in the function
visiblePositionForIndexUsingCharacterIterator, similar to what is done
in VisibleUnits.cpp for nextBoundary.
The rest of the changes in this patch are accessibility changes to
execute the layout tests.

Tests: accessibility/ios-simulator/set-selected-text-range-after-newline.html

accessibility/set-selected-text-range-after-newline.html

  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::setSelectedTextRange):

  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper stringForRange:]):
(-[WebAccessibilityObjectWrapper _accessibilitySelectedTextRange]):
(-[WebAccessibilityObjectWrapper accessibilityReplaceRange:withText:]):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

  • editing/Editing.cpp:

(WebCore::visiblePositionForIndexUsingCharacterIterator):

  • editing/markup.cpp:

(WebCore::createFragmentFromText):

Tools:

iOS implementation of several AccessibilityUIElement methods to execute
LayoutTests.

  • WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::selectedTextRange):
(WTR::AccessibilityUIElement::setSelectedTextRange):
(WTR::AccessibilityUIElement::replaceTextInRange):

LayoutTests:

  • accessibility/ios-simulator/set-selected-text-range-after-newline-expected.txt: Added.
  • accessibility/ios-simulator/set-selected-text-range-after-newline.html: Added.
  • accessibility/ios-simulator/text-marker-list-item-expected.txt:
  • accessibility/set-selected-text-range-after-newline-expected.txt: Added.
  • accessibility/set-selected-text-range-after-newline.html: Added.
  • platform/win/TestExpectations:
1:53 AM Changeset in webkit [246971] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r246731 - [GStreamer][MSE] Pausing video sometimes causes skip to finish
https://bugs.webkit.org/show_bug.cgi?id=197355

Reviewed by Philippe Normand.

Covered by existing tests.

  • platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:

(WebCore::MediaPlayerPrivateGStreamerMSE::currentMediaTime const):
Assuming that when m_eosPending is on and we're paused() that the
network resource is fully loaded and the end is reached is clearly
wrong. Whether this is now correct is unclear...

1:53 AM Changeset in webkit [246970] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r246730 - [GStreamer] Volume level sometimes changes inappropriately
https://bugs.webkit.org/show_bug.cgi?id=197358

Reviewed by Xabier Rodriguez-Calvar.

Be consistent with our application of volume scaling. We were
setting volumes using cubic interpolation in setVolume() and using
the inverse in volume(); however setting initial volumes was done
linearly in setStreamVolumeElement, which was causing strange
jumps in the volume level at non-deterministic times. The fix
looks to be that we should use linear interpolation consistently,
since PulseAudio already applies cubic scaling to software
volumes.

Covered by existing tests.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::paused const): Bump the
logging here to LOG level, it's very spammy at DEBUG.

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::MediaPlayerPrivateGStreamerBase::setVolume): Switch to
linear interpolation.
(WebCore::MediaPlayerPrivateGStreamerBase::volume const): Ditto.
(WebCore::MediaPlayerPrivateGStreamerBase::notifyPlayerOfVolumeChange):
Ditto.
(WebCore::MediaPlayerPrivateGStreamerBase::setStreamVolumeElement):
Ditto, and be consistent here with the API, do not set the raw
volume managed by MediaElement.

1:53 AM Changeset in webkit [246969] by Carlos Garcia Campos
  • 3 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r246710 - webkitgtk 2.24.2 fails to build w/gstreamer 1.12.5
https://bugs.webkit.org/show_bug.cgi?id=198080

Patch by Mike Gorse <mgorse@suse.com> on 2019-06-22
Reviewed by Philippe Normand.

No new tests (build fix only).

  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
  • platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:

Move includes of gst/gl/gl.h and epoxy/gl.h into
MediaPlayerPrivateGStreamerBase.h.

1:53 AM Changeset in webkit [246968] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r246399 - [GStreamer] HLS stream slow start
https://bugs.webkit.org/show_bug.cgi?id=198377

Reviewed by Xabier Rodriguez-Calvar.

  • platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcCreate): Cut down the adapter condition to 200 ms to
improve start-up times for HLS playback.

1:52 AM Changeset in webkit [246967] by Carlos Garcia Campos
  • 11 edits in releases/WebKitGTK/webkit-2.24

Merge r246353 - [WPE][GTK] Deprecate WebSQL APIs
https://bugs.webkit.org/show_bug.cgi?id=195011

Reviewed by Carlos Garcia Campos.

Source/WebKit:

  • UIProcess/API/glib/WebKitSettings.cpp:

(webkit_settings_class_init):

  • UIProcess/API/glib/WebKitWebContext.cpp:

(webkitWebContextConstructed):

  • UIProcess/API/glib/WebKitWebsiteDataManager.cpp:

(webkitWebsiteDataManagerGetProperty):
(webkit_website_data_manager_class_init):

  • UIProcess/API/gtk/WebKitWebsiteData.h:
  • UIProcess/API/gtk/WebKitWebsiteDataManager.h:
  • UIProcess/API/wpe/WebKitWebsiteData.h:
  • UIProcess/API/wpe/WebKitWebsiteDataManager.h:

Tools:

  • MiniBrowser/gtk/main.c:

(gotWebsiteDataCallback):

  • TestWebKitAPI/Tests/WebKitGLib/TestWebsiteData.cpp:

(testWebsiteDataConfiguration):
(testWebsiteDataEphemeral):
(testWebsiteDataDatabases):

1:52 AM Changeset in webkit [246966] by Carlos Garcia Campos
  • 2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246151 - aarch64: ‘JSC::ARM64Assembler::LinkRecord::<unnamed union>::RealTypes::m_compareRegister’ is too small to hold all values of ‘JSC::ARM64Assembler::RegisterID’ {aka ‘enum JSC::ARM64Registers::RegisterID’}
https://bugs.webkit.org/show_bug.cgi?id=198014

Reviewed by Yusuke Suzuki.

When building for aarch64, there is a huge warning spam here. It's impossible to see any
other warnings. This has been ongoing for so long I've begun to suspect that nobody works
on this architecture.

Anyway, the problem is because we need eight bits to store all possible RegisterID values,
but the bitfield is only six bits wide. Fix it. The COMPILE_ASSERT checking the size of this
struct is still happy, so I presume the change is OK.

  • assembler/ARM64Assembler.h:
1:29 AM WebKitGTK/2.24.x edited by zandobersek@gmail.com
(diff)
1:27 AM Changeset in webkit [246965] by Philippe Normand
  • 2 edits in trunk/Tools

Unreviewed, GTK a11y tests fix after r246958

  • WebKitTestRunner/InjectedBundle/atk/AccessibilityUIElementAtk.cpp:

(WTR::AccessibilityUIElement::popupValue const):

1:09 AM Changeset in webkit [246964] by Carlos Garcia Campos
  • 7 edits in trunk/Source

WebSockets: add support for sending blob messages when using web sockets platform APIs
https://bugs.webkit.org/show_bug.cgi?id=199189

Reviewed by Youenn Fablet.

Source/WebCore:

  • Headers.cmake: Add missing headers.

Source/WebKit:

Add helper private class BlobLoader that uses FileReaderLoader to load the blobs. Since blob loads are
asynchronous, the messages are queued using another helper internal class PendingMessage.

  • WebProcess/Network/WebSocketChannel.cpp:

(WebKit::WebSocketChannel::increaseBufferedAmount): Increase the buffered amount checking we don't overlofw.
(WebKit::WebSocketChannel::decreaseBufferedAmount): Decrease the buffered amount.
(WebKit::WebSocketChannel::sendMessage): Helper class to send message to the network process and decrease the
buffered amount when done.
(WebKit::WebSocketChannel::send): Queue the message in pending queue if there are pending messages in the queue
for text and binary messages. For blobs, always queue the message unless it's an empty blob that we can handle
as empty binary data directly.
(WebKit::PendingMessage::PendingMessage): Helper class to queue message requests.
(WebKit::PendingMessage::type const): Type of message: Text, Binary, Blob.
(WebKit::PendingMessage::textMessage const): The text message.
(WebKit::PendingMessage::binaryData const): The binary data.
(WebKit::PendingMessage::blobLoader const): The blob loader.
(WebKit::WebSocketChannel::fail): Notify the client about the error to ensure onclose is emitted.
(WebKit::WebSocketChannel::disconnect): Clear the pending messages queue.

  • WebProcess/Network/WebSocketChannel.h:
1:01 AM Changeset in webkit [246963] by magomez@igalia.com
  • 11 edits
    1 add in trunk/Source

[WPE][GTK] Content disappearing when using CSS transforms
https://bugs.webkit.org/show_bug.cgi?id=181757

Reviewed by Žan Doberšek.

Source/WebCore:

During each layer flush, create an AnimatedBackingStoreClient instance for each layer that
has a backingStore and is to be animated, and send that client to the appropriate
TextureMapperLayer on the compositor thread. During each frame rendering, the client will
use the future layer position (currently 50ms in the future) to check whether new tiles are
required to keep the animation ongoing, and notify the appropriate CoordinatedGraphicsLayer so
it can perform a layer flush and provide new tiles.

  • platform/TextureMapper.cmake:
  • platform/graphics/nicosia/NicosiaAnimatedBackingStoreClient.h: Added.
  • platform/graphics/nicosia/NicosiaPlatformLayer.h:

(Nicosia::CompositionLayer::flushState):

  • platform/graphics/texmap/TextureMapperAnimation.cpp:

(WebCore::TextureMapperAnimation::applyKeepingInternalState):
(WebCore::TextureMapperAnimations::applyKeepingInternalState):

  • platform/graphics/texmap/TextureMapperAnimation.h:
  • platform/graphics/texmap/TextureMapperLayer.cpp:

(WebCore::TextureMapperLayer::computeTransformsRecursive):
(WebCore::TextureMapperLayer::setAnimatedBackingStoreClient):
(WebCore::TextureMapperLayer::syncAnimations):

  • platform/graphics/texmap/TextureMapperLayer.h:
  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:

(WebCore::CoordinatedGraphicsLayer::~CoordinatedGraphicsLayer):
(WebCore::clampToContentsRectIfRectIsInfinite):
(WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly):
(WebCore::CoordinatedGraphicsLayer::requestBackingStoreUpdate):
(WebCore::CoordinatedGraphicsLayer::updateContentBuffers):

  • platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:

Source/WebKit:

Set the appropriate AnimatedBackingStoreClient to the TextureMapperLayers when required.

  • Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:

(WebKit::CoordinatedGraphicsScene::updateSceneState):

Jun 30, 2019:

10:52 PM Changeset in webkit [246962] by Antti Koivisto
  • 11 edits in trunk/Source

Use separate variables for moving and stationary scrolling relationships in RemoteLayerTreeNode
https://bugs.webkit.org/show_bug.cgi?id=199348

Reviewed by Darin Adler.

Source/WebCore:

  • page/scrolling/ScrollingStateStickyNode.cpp:
  • page/scrolling/ScrollingTree.cpp:

(WebCore::ScrollingTree::commitTreeState):

  • page/scrolling/ScrollingTree.h:

(WebCore::ScrollingTree::activeOverflowScrollProxyNodes):
(WebCore::ScrollingTree::activePositionedNodes):
(WebCore::ScrollingTree::nodesWithRelatedOverflow): Deleted.

Use separate sets for overflow proxies and positioned nodes.
Use Refs to nodes instead of ids to simplify client code. This doesn't affect lifetimes, these sets are cleared
at the beginning of each commit.

  • page/scrolling/cocoa/ScrollingTreeOverflowScrollProxyNode.mm:

(WebCore::ScrollingTreeOverflowScrollProxyNode::commitStateBeforeChildren):

  • page/scrolling/cocoa/ScrollingTreePositionedNode.mm:

(WebCore::ScrollingTreePositionedNode::commitStateBeforeChildren):

Source/WebKit:

A layer can have only one acting scroll parent. Not using a vector for that case makes the code clearer.

  • UIProcess/RemoteLayerTree/RemoteLayerTreeNode.h:

(WebKit::RemoteLayerTreeNode::actingScrollContainerID const):
(WebKit::RemoteLayerTreeNode::stationaryScrollContainerIDs const):

Separate fields for the acting container and stationary containers.

(WebKit::RemoteLayerTreeNode::setActingScrollContainerID):
(WebKit::RemoteLayerTreeNode::setStationaryScrollContainerIDs):
(WebKit::RemoteLayerTreeNode::relatedScrollContainerIDs const): Deleted.
(WebKit::RemoteLayerTreeNode::relatedScrollContainerPositioningBehavior const): Deleted.

  • UIProcess/RemoteLayerTree/RemoteLayerTreeNode.mm:

(WebKit::RemoteLayerTreeNode::setRelatedScrollContainerBehaviorAndIDs): Deleted.

  • UIProcess/RemoteLayerTree/ios/RemoteLayerTreeViews.mm:

(WebKit::isScrolledBy):
(WebKit::findActingScrollParent):

  • UIProcess/RemoteLayerTree/ios/RemoteScrollingCoordinatorProxyIOS.mm:

(WebKit::RemoteScrollingCoordinatorProxy::establishLayerTreeScrollingRelations):

9:03 PM Changeset in webkit [246961] by Fujii Hironori
  • 3 edits in trunk/LayoutTests

Unreviewed, rolling out r246959.

svg/clip-path/clip-hidpi.svg is flaky on mac-wk2-ews

Reverted changeset:

"LayoutTests svg/clip-path/clip-hidpi.svg isn't working as
expected due to a syntax error"
https://bugs.webkit.org/show_bug.cgi?id=199313
https://trac.webkit.org/changeset/246959

7:32 PM Changeset in webkit [246960] by Fujii Hironori
  • 4 edits in trunk/Source

[Win] Multiline mode of tooltip control does word-wrapping very slowly
https://bugs.webkit.org/show_bug.cgi?id=198989

Reviewed by Ross Kirsling.

Source/WebKit:

  • UIProcess/win/WebView.cpp:

(WebKit::truncatedString): Added.
(WebKit::WebView::setToolTip): Use truncatedString.

Source/WebKitLegacy/win:

  • WebView.cpp:

(truncatedString): Added.
(WebView::setToolTip): Use truncatedString.

7:30 PM Changeset in webkit [246959] by Fujii Hironori
  • 3 edits in trunk/LayoutTests

LayoutTests svg/clip-path/clip-hidpi.svg isn't working as expected due to a syntax error
https://bugs.webkit.org/show_bug.cgi?id=199313

Reviewed by Carlos Garcia Campos.

  • svg/clip-path/clip-hidpi.svg: Fix the syntax error by replacing '->' with '=>'.

Call testRunner.waitUntilDone() before testRunner.notifyDone().

  • svg/clip-path/clip-hidpi-expected.svg: Call testRunner.setBackingScaleFactor().
6:21 PM Changeset in webkit [246958] by commit-queue@webkit.org
  • 23 edits in trunk

Enhance support of aria-haspopup per ARIA 1.1 specification.
https://bugs.webkit.org/show_bug.cgi?id=199216
<rdar://problem/46221342>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-06-30
Reviewed by Chris Fleizach.

Source/WebCore:

Test button-with-aria-haspopup-role.html was expanded to cover testing
of new functionality.

  • accessibility/AccessibilityObject.cpp:

(WebCore::AccessibilityObject::popupValue const): replaces hasPopupValue.
(WebCore::AccessibilityObject::hasPopupValue const): Deleted.

  • accessibility/AccessibilityObject.h:
  • accessibility/AccessibilityRenderObject.cpp:

(WebCore::AccessibilityRenderObject::hasPopup const): method rename.

  • accessibility/atk/WebKitAccessible.cpp:

(webkitAccessibleGetAttributes): method rename.

  • accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper accessibilityPopupValue]):

  • accessibility/mac/WebAccessibilityObjectWrapperMac.mm:

(-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):

Tools:

  • DumpRenderTree/AccessibilityUIElement.cpp:

(getPopupValueCallback):
(AccessibilityUIElement::getJSClass):

  • DumpRenderTree/AccessibilityUIElement.h:
  • DumpRenderTree/mac/AccessibilityUIElementMac.mm:

(AccessibilityUIElement::popupValue const):

  • WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h:
  • WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl:
  • WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::popupValue const):

  • WebKitTestRunner/InjectedBundle/mac/AccessibilityUIElementMac.mm:

(WTR::AccessibilityUIElement::popupValue const):

LayoutTests:

  • accessibility/button-with-aria-haspopup-role-expected.txt:
  • accessibility/button-with-aria-haspopup-role.html:
  • accessibility/ios-simulator/button-with-aria-haspopup-role-expected.txt:
  • accessibility/ios-simulator/button-with-aria-haspopup-role.html:
3:16 PM Changeset in webkit [246957] by bshafiei@apple.com
  • 7 edits in tags/Safari-608.1.32.2/Source

Versioning.

3:12 PM Changeset in webkit [246956] by bshafiei@apple.com
  • 1 copy in tags/Safari-608.1.32.2

Tag Safari-608.1.32.2.

2:59 PM Changeset in webkit [246955] by Basuke Suzuki
  • 8 edits in trunk/Source/WebKit

Pass WebProcess information to platformInitializeWebProcess().
https://bugs.webkit.org/show_bug.cgi?id=199345

Reviewed by Darin Adler.

Add const reference to WebProcessProxy for first argument of
WebProcessPool::platformInitializeWebProcess().

  • UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::platformInitializeWebProcess):

  • UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::initializeNewWebProcess):

  • UIProcess/WebProcessPool.h:
  • UIProcess/glib/WebProcessPoolGLib.cpp:

(WebKit::WebProcessPool::platformInitializeWebProcess):

  • UIProcess/win/WebProcessPoolWin.cpp:

(WebKit::WebProcessPool::platformInitializeWebProcess):

7:02 AM Changeset in webkit [246954] by Alan Bujtas
  • 2 edits in trunk/Source/WebCore

[LFC] Implement Layout::printLayoutTreeForLiveDocuments
https://bugs.webkit.org/show_bug.cgi?id=199343
<rdar://problem/52393047>

Reviewed by Antti Koivisto.

  • layout/layouttree/LayoutTreeBuilder.cpp:

(WebCore::Layout::printLayoutTreeForLiveDocuments):

  • page/FrameViewLayoutContext.cpp:

(WebCore::layoutUsingFormattingContext):

Note: See TracTimeline for information about the timeline view.