Context Navigation

← Previous Period
Next Period →

Timeline

Aug 3, 2019:

8:24 PM Changeset in webkit [248261] by Michael Catanzaro

3 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r248173 - Harden NodeRareData::m_connectedFrameCount
https://bugs.webkit.org/show_bug.cgi?id=200300

Reviewed by Geoffrey Garen.

Use unsinged integer type in NodeRareData::m_connectedFrameCount since it's padded anyway.

dom/Node.cpp:

(WebCore::Node::decrementConnectedSubframeCount): Check that hasRareNode() is true in release builds.

dom/NodeRareData.h:

8:24 PM Changeset in webkit [248260] by Michael Catanzaro

4 edits
2 adds in releases/WebKitGTK/webkit-2.24

Merge r248172 - Document::resume should delay resetting of form control elements.
https://bugs.webkit.org/show_bug.cgi?id=200376

Reviewed by Geoffrey Garen.

Source/WebCore:

Delay the execution of form control element resets until the next task
to avoid synchronously mutating DOM during page cache restoration.

Test: fast/frames/restoring-page-cache-should-not-run-scripts.html

html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::resumeFromDocumentSuspension):

html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::resumeFromDocumentSuspension):

LayoutTests:

Added a regression test.

fast/frames/restoring-page-cache-should-not-run-scripts-expected.txt: Added.
fast/frames/restoring-page-cache-should-not-run-scripts.html: Added.
platform/win/TestExpectations: Skip this test on Windows since navigating to blob fails on Windows.

8:24 PM Changeset in webkit [248259] by Michael Catanzaro

5 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r248149 - GetterSetter type confusion during DFG compilation
https://bugs.webkit.org/show_bug.cgi?id=199903

Reviewed by Mark Lam.

JSTests:

stress/cse-propagated-constant-may-not-follow-structure-restrictions.js: Added.

Source/JavaScriptCore:

In AI, we are strongly assuming that GetGetter's child constant value should be GetterSetter if it exists.
However, this can be wrong since nobody ensures that. AI assumed so because the control-flow and preceding
CheckStructure ensures that. But this preceding check can be eliminated if the node becomes (at runtime) unreachable.

Let's consider the following graph.

129:<!0:-> PutByOffset(KnownCell:@115, KnownCell:@115, Check:Untyped:@124, MustGen, id5{length}, 0, W:NamedProperties(5), ClobbersExit, bc#154, ExitValid)
130:<!0:-> PutStructure(KnownCell:@115, MustGen, %C8:Object -> %C3:Object, ID:7726, R:JSObject_butterfly, W:JSCell_indexingType,JSCell_structureID,JSCell_typeInfoFlags,JSCell_typeInfoType, ClobbersExit, bc#154, ExitInvalid)
...
158:<!0:-> GetLocal(Check:Untyped:@197, JS|MustGen|UseAsOther, Final, loc7(R<Final>/FlushedCell), R:Stack(-8), bc#187, ExitValid) predicting Final
210:< 1:-> DoubleRep(Check:NotCell:@158, Double|PureInt, BytecodeDouble, Exits, bc#187, ExitValid)
...
162:<!0:-> CheckStructure(Cell:@158, MustGen, [%Ad:Object], R:JSCell_structureID, Exits, bc#192, ExitValid)
163:< 1:-> GetGetterSetterByOffset(KnownCell:@158, KnownCell:@158, JS|UseAsOther, OtherCell, id5{length}, 0, R:NamedProperties(5), Exits, bc#192, ExitValid)
164:< 1:-> GetGetter(KnownCell:@163, JS|UseAsOther, Function, R:GetterSetter_getter, Exits, bc#192, ExitValid)

At @163 and @164, AI proves that @158's AbstractValue is None because @210's edge filters out Cells @158 is a cell. But we do not invalidate graph status as "Invalid" even if edge filters out all possible value.
This is because the result of edge can be None in a valid program. For example, we can put a dependency edge between a consuming node and a producing node, where the producing node is just like a check and it
does not produce a value actually. So, @163 and @164 are not invalidated. This is totally fine in our compiler pipeline right now.

But after that, global CSE phase found that @115 and @158 are same and @129 dominates @158. As a result, we can replace GetGetter child's @163 with @124. Since CheckStructure is already removed (and now, at runtime,
@163 and @164 are never executed), we do not have any structure guarantee on @158 and the result of @163. This means that @163's CSE result can be non-GetterSetter value.

124:< 2:-> JSConstant(JS|UseAsOther, Final, Weak:Object: 0x1199e82a0 with butterfly 0x0 (Structure %B4:Object), StructureID: 49116, bc#0, ExitValid)
...
126:< 2:-> GetGetter(KnownCell:Kill:@124, JS|UseAsOther, Function, R:GetterSetter_getter, Exits, bc#192, ExitValid)

AI filters out @124's non-cell values. But @126 can get non-GetterSetter cell at AI phase. But our AI code is like the following.

JSValue base = forNode(node->child1()).m_value;
if (base) {

GetterSetter* getterSetter = jsCast<GetterSetter*>(base);
...

Then, jsCast casts the above object with GetterSetter accidentally.

In general, DFG AI can get a proven constant value, which could not be shown at runtime. This happens if the processing node is unreachable at runtime while the graph is not invalid yet, because preceding edge
filters already filter out all the possible execution. DFG AI already considered about this possibility, and it attempts to fold a node into a constant only when the constant input matches against the expected one.
But several DFG nodes are not handling this correctly: GetGetter, GetSetter, and SkipScope.

In this patch, we use jsDynamicCast to ensure that the constant input matches against the expected (foldable) one, and fold it only when the expectation is met.
We also remove DFG::Node::castConstant and its use. We should not rely on the constant folded value based on graph's control-flow.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGNode.h:

(JSC::DFG::Node::castConstant): Deleted.

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):

8:24 PM Changeset in webkit [248258] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r248009 - [GTK] Compilation errors when GL is disabled
https://bugs.webkit.org/show_bug.cgi?id=200223

Unreviewed, fix build with -DENABLE_OPENGL=OFF.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):

8:24 PM Changeset in webkit [248257] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247903 - REGRESSION(r243058): [GStreamer] WebKitWebSrc's internal queue can exhaust the WebProcess memory
https://bugs.webkit.org/show_bug.cgi?id=199998

Reviewed by Xabier Rodriguez-Calvar.

With the webkitwebsrc rewrite the element lost its ability to tell
the resource loader when to pause and resume downloading because
we don't use appsrc and its enough-data/need-data signals anymore.
So new heuristics are introduced with this patch. Downloading of
resources bigger than 2MiB might pause when the internal adapter
has enough data (2% of the full resource) and resume when the
adapter size goes below 20% of those 2%.

No new tests, the media element spec doesn't clearly mandate how
the resource loading should behave when the element is paused or
how aggressively the resource should be downloaded during
playback.

This patch was functionally tested with a 1.3GiB resource loaded
over the local network, the resource was downloaded in ~30MiB
chunks, stopping and resuming every 20 seconds, approximately.

platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webkit_web_src_class_init):
(webKitWebSrcCreate):
(CachedResourceStreamingClient::responseReceived):
(CachedResourceStreamingClient::dataReceived):

8:24 PM Changeset in webkit [248256] by Michael Catanzaro

3 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r247778 - [GStreamer] Don't crash with empty video src
https://bugs.webkit.org/show_bug.cgi?id=200081

LayoutTests/imported/w3c:

Reviewed by Philippe Normand.

web-platform-tests/html/semantics/embedded-content/the-video-element/video_crash_empty_src.html: Added.

Source/WebCore:

When a <video> element is set to load empty or about:blank, a player is still
created, but no pipeline is loaded. This patch fixes some assertion errors that
manifested in that case.

Reviewed by Philippe Normand.

Test: imported/w3c/web-platform-tests/html/semantics/embedded-content/the-video-element/video_crash_empty_src.html

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::loadFull):
(WebCore::MediaPlayerPrivateGStreamer::platformDuration const):
(WebCore::MediaPlayerPrivateGStreamer::paused const):

8:24 PM Changeset in webkit [248255] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247643 - [GStreamer] Flush get_range calls during PAUSED->READY in WebKitWebSource
https://bugs.webkit.org/show_bug.cgi?id=199934

Reviewed by Xabier Rodriguez-Calvar.

Unit testing not applicable.

platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcChangeState): A well-behaved element should unblock streaming threads
during a PAUSED->READY transition, so do that here.

8:24 PM Changeset in webkit [248254] by Michael Catanzaro

5 edits in releases/WebKitGTK/webkit-2.24

Merge r247533 - Web Inspector: application/xml content not shown
https://bugs.webkit.org/show_bug.cgi?id=199861

Patch by Olivier Blin <Olivier Blin> on 2019-07-17
Reviewed by Devin Rousso.

Source/WebInspectorUI:

application/xml content from XHR requests was not shown in the
inspector, an error message was displayed instead.

application/xml content should be treated as text, since
application/xml is the standard mimetype for XML content.
Apache serves XML content with the application/xml mimetype by
default.

UserInterface/Base/MIMETypeUtilities.js:

(WI.fileExtensionForMIMEType):
Report "xml" extension for "application/xml" mimetype.
(WI.shouldTreatMIMETypeAsText):
Treat XML files as text.

LayoutTests:

inspector/unit-tests/mimetype-utilities-expected.txt:
inspector/unit-tests/mimetype-utilities.html:

Test for shouldTreatMIMETypeAsText.

8:24 PM Changeset in webkit [248253] by Michael Catanzaro

6 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r247508 - [WPE][GTK] UI process crash due to NULL dereference in webkitWebViewResourceLoadStarted()
https://bugs.webkit.org/show_bug.cgi?id=199621

Reviewed by Michael Catanzaro.

Null-check frame received in injected bundle message to ensure the frame hasn't been destroyed.

UIProcess/API/glib/WebKitInjectedBundleClient.cpp:
UIProcess/API/glib/WebKitWebResource.cpp:

(webkitWebResourceCreate): Receive a reference to the frame instead of a pointer.

UIProcess/API/glib/WebKitWebResourcePrivate.h:
UIProcess/API/glib/WebKitWebView.cpp:

(webkitWebViewResourceLoadStarted): Ditto.

UIProcess/API/glib/WebKitWebViewPrivate.h:

8:24 PM Changeset in webkit [248252] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r247507 - [GTK][WPE] Do not assert when receiving invalid data in injected bundle messages
https://bugs.webkit.org/show_bug.cgi?id=199830

Reviewed by Michael Catanzaro.

Just silently ignore them to avoid UI process crashes.

UIProcess/API/glib/WebKitInjectedBundleClient.cpp:

8:24 PM Changeset in webkit [248251] by Michael Catanzaro

3 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247427 - [GTK] GitHub breaks on FreeBSD because of "unsupported browser"
https://bugs.webkit.org/show_bug.cgi?id=199745

Reviewed by Carlos Garcia Campos.

It's been a while since I last updated the fake version numbers in our user agent, both for
the user agent quirks for naughty websites and also the Safari version in our standard user
agent. Update them. This should fix github.com on FreeBSD at least. I also noticed some
wonkiness on Google Docs recently that I thought required this update, but I didn't do
anything about it at the time because I wasn't able to reproduce the issue when I tried
again later.

This could absolutely break websites, because the web is awful, but that's calculated risk.

platform/UserAgentQuirks.cpp:

(WebCore::UserAgentQuirks::stringForQuirk):

platform/glib/UserAgentGLib.cpp:

(WebCore::buildUserAgentString):

8:23 PM Changeset in webkit [248250] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247298 - [GStreamer] Protect against null samples and samples with null buffers
https://bugs.webkit.org/show_bug.cgi?id=199619

Reviewed by Philippe Normand.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::GstVideoFrameHolder::GstVideoFrameHolder): Assert to enforce non-null samples.
(WebCore::GstVideoFrameHolder::updateTexture): Protect against null m_buffer and improperly mapped video frame.

8:23 PM Changeset in webkit [248249] by Michael Catanzaro

3 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r247215 - REGRESSION(r243197): [GStreamer] Web process hangs when scrolling twitter timeline which contains HLS videos
https://bugs.webkit.org/show_bug.cgi?id=197558

Reviewed by Xabier Rodriguez-Calvar.

Source/WebCore:

Not covered, I have a test locally that would probably trigger the
deadlock if the network requests took a realistic amount of time,
but from a local webserver the window of time to hit this deadlock
is too narrow.

platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webkit_web_src_init): Make the websrc start asynchronously, this
allows the main thread to be free to complete resource loader
setup.
(webKitWebSrcCreate): Calling start() from the create() vfunc is a
recipe for deadlock, since BaseSrc holds the streaming lock during
seeks, and then calls create(). In these cases, we do not want to
notify async-completion, since we've already completed from the
necessarily preceeding start() vfunc, and calling it again would
require the stream-lock and deadlock us.
(webKitWebSrcStart): Refactor to use webKitWebSrcMakeRequest, but
ensuring that we do perform an async-complete notification.
(webKitWebSrcMakeRequest): What Start() used to be, but now can be
toggled when to notify of async-completion. Start() no longer
blocks, since the return value of initiating a resource loader is
of no interest to the callers.
(webKitWebSrcCloseSession): Similarly to Start(), we do not need
to wait for the completion of cancelled net requests.

Tools:

On shutdown we can easily deadlock the web process if we don't
ensure all network operations are completed before comitting state
changes. In HLS, make sure the network operations are cancelled,
and also prevent hlsdemux's retry logic from scuppering our
efforts.

gstreamer/jhbuild.modules: Include the patch.
gstreamer/patches/gst-plugins-bad-do-not-retry-downloads-during-shutdown.patch: Added.

8:23 PM Changeset in webkit [248248] by Michael Catanzaro

3 edits in releases/WebKitGTK/webkit-2.24/LayoutTests

Merge r247207 - [GStreamer] media/video-volume.html broken after switching from cubic to linear scaling
https://bugs.webkit.org/show_bug.cgi?id=199505

Reviewed by Xabier Rodriguez-Calvar.

PulseAudio has a conversion process from volume's in
double-precision to uint32_t volumes. Depending on the environment
can introduce rounding errors. Be more lenient in our comparison
code.

media/video-volume-expected.txt: Update baseline
media/video-volume.html: Compare volume values within a

reasonable tolerance.

8:23 PM Changeset in webkit [248247] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247204 - [GStreamer] The CREATE_TRACK macro is messed up
https://bugs.webkit.org/show_bug.cgi?id=199356

Reviewed by Xabier Rodriguez-Calvar.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::updateTracks): Fix the
CREATE_TRACK macro for !VIDEO_TRACK builds.

8:23 PM Changeset in webkit [248246] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247121 - The destructor of CSSAnimationControllerPrivate must explicitly clear the composite animations
https://bugs.webkit.org/show_bug.cgi?id=199415

Reviewed by Simon Fraser.

After the destructor of CSSAnimationControllerPrivate exists, the non
static members are deleted. When the HashMap m_compositeAnimations is
deleted, its entries are deleted. The destructor of CompositeAnimation
calls the method CSSAnimationControllerPrivate::animationWillBeRemoved()
back through its back reference m_animationController. The non static
members of CSSAnimationControllerPrivate are being deleted and it is
incorrect to try to use any of these members after exiting the destructor.

We need to explicitly clear the composite animations before exiting the
destructor of CSSAnimationControllerPrivate.

page/animation/CSSAnimationController.cpp:

(WebCore::CSSAnimationControllerPrivate::~CSSAnimationControllerPrivate):

8:23 PM Changeset in webkit [248245] by Michael Catanzaro

4 edits
4 adds in releases/WebKitGTK/webkit-2.24

Merge r247025 - It should not be possible to trigger a load while in the middle of restoring a page in PageCache
https://bugs.webkit.org/show_bug.cgi?id=199190
<rdar://problem/52114552>

Reviewed by Brady Eidson.

Source/WebCore:

Test: http/tests/security/navigate-when-restoring-cached-page.html

history/CachedFrame.cpp:

(WebCore::CachedFrame::open):
Stop attaching the cached document before calling FrameLoader::open() given that the previous document
is still attached to the frame at this point. This avoids having 2 documents attached to the same frame
during a short period of time.

loader/FrameLoader.cpp:

(WebCore::FrameLoader::open):
We now attach the cached document to the frame *after* calling FrameLoader::clear(), which means that
the previous document now has been detached from this frame.

(WebCore::FrameLoader::detachChildren):
As per the HTML specification [1], an attempt to navigate should fail if the prompt to unload algorithm
is being run for the active document of browsingContext. Note that the "prompt to unload" algorithm [2]
includes firing the 'unload' event in the current document and in all the documents in the subframes.
As a result, FrameLoader::detachChildren() is the right prevent such navigations. We were actually trying
to do this via the SubframeLoadingDisabler stack variable inside detachChildren(). The issue is that this
only prevents navigation in the subframes (i.e. <iframe> elements), not the main frame. As a result,
script would be able to navigate the top-frame even though detachChildren() is being called on the top
frame. To address the issue, I now create a NavigationDisabler variable in the scope of detachChildren()
when detachChildren() is called on the top frame. NavigationDisabler prevents all navigations within the
page, including navigations on the main/top frame.

[1] https://html.spec.whatwg.org/multipage/browsing-the-web.html#navigate
[2] https://html.spec.whatwg.org/multipage/browsing-the-web.html#prompt-to-unload-a-document

LayoutTests:

Add layout test coverage.

http/tests/security/navigate-when-restoring-cached-page-expected.txt: Added.
http/tests/security/navigate-when-restoring-cached-page.html: Added.
http/tests/security/resources/navigate-when-restoring-cached-page-frame.html: Added.
http/tests/security/resources/navigate-when-restoring-cached-page-victim.html: Added.

8:23 PM Changeset in webkit [248244] by Michael Catanzaro

6 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r247017 - More judiciously handle clearing/creation of DOMWindows for new Documents.
<rdar://problem/51665406> and https://bugs.webkit.org/show_bug.cgi?id=198786

Reviewed by Chris Dumez.

bindings/js/ScriptController.cpp:

(WebCore::ScriptController::executeIfJavaScriptURL):

loader/DocumentWriter.cpp:

(WebCore::DocumentWriter::replaceDocumentWithResultOfExecutingJavascriptURL): Rename for clarity.
(WebCore::DocumentWriter::begin): Handle DOMWindow taking/creation inside FrameLoader::clear via a lambda.
(WebCore::DocumentWriter::replaceDocument): Deleted.

loader/DocumentWriter.h:

loader/FrameLoader.cpp:

(WebCore::FrameLoader::clear): Take a "handleDOMWindowCreation" lambda to run after clearing the previous document.

loader/FrameLoader.h:

8:23 PM Changeset in webkit [248243] by Michael Catanzaro

3 edits
2 adds in releases/WebKitGTK/webkit-2.24

Merge r246868 - ReplacementFragment should not have script observable side effects
https://bugs.webkit.org/show_bug.cgi?id=199147

Reviewed by Wenson Hsieh.

Source/WebCore:

Fixed the bug that ReplacementFragment has script observable side effects.

Use a brand new document for sanitization where the script is disabled for test rendering,
and remove style and script elements as well as event handlers before the test rendering
and the actual pasting.

Test: editing/pasteboard/paste-contents-with-side-effects.html

editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplacementFragment::document): Deleted.
(WebCore::ReplacementFragment::ReplacementFragment): Use createPageForSanitizingWebContent
to create our own document for test rendering. We need to copy over the computed style
from the root editable element (editing host) to respect whitespace treatment, etc...
(WebCore::ReplacementFragment::removeContentsWithSideEffects): Moved from removeHeadContents.
Now removes event handlers and JavaScript URLs.
(WebCore::ReplacementFragment::insertFragmentForTestRendering): Renamed variable names.
(WebCore::ReplaceSelectionCommand::willApplyCommand): Create the plain text and HTML markup
for beforeinput and input events before ReplacementFragment removes contents with side effects.
(WebCore::ReplaceSelectionCommand::ensureReplacementFragment): The removal of head elements
is now done in ReplacementFragment's constructor.

LayoutTests:

Added regression tests.

editing/pasteboard/paste-contents-with-side-effects-expected.txt: Added.
editing/pasteboard/paste-contents-with-side-effects.html: Added.

8:23 PM Changeset in webkit [248242] by Michael Catanzaro

1 edit in releases/WebKitGTK/webkit-2.24/Source/WebCore/ChangeLog

Merge r246808 - Add didBecomePrototype() calls to global context prototypes
https://bugs.webkit.org/show_bug.cgi?id=199202

Reviewed by Mark Lam.

This fixes some crashes related to asserting that all prototypes
have been marked as such in JSC from
https://trac.webkit.org/changeset/246801. It's ok to call
didBecomePrototype here as we setting up the world state right now
so we won't be having a bad time.

We don't automatically call didBecomePrototype() for
setPrototypeWithoutTransition because existing objects may already
have this structure so it seems more reasonable to be explicit
there.

bindings/js/JSWindowProxy.cpp:

(WebCore::JSWindowProxy::setWindow):

bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::initScript):

worklets/WorkletScriptController.cpp:

(WebCore::WorkletScriptController::initScriptWithSubclass):

8:23 PM Changeset in webkit [248241] by Michael Catanzaro

4 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r246801 - Add didBecomePrototype() calls to global context prototypes
https://bugs.webkit.org/show_bug.cgi?id=199202

Reviewed by Mark Lam.

We don't automatically call didBecomePrototype() for
setPrototypeWithoutTransition because existing objects may already
have this structure so it seems more reasonable to be explicit
there.

bindings/js/JSWindowProxy.cpp:

(WebCore::JSWindowProxy::setWindow):

bindings/js/WorkerScriptController.cpp:

(WebCore::WorkerScriptController::initScript):

worklets/WorkletScriptController.cpp:

(WebCore::WorkletScriptController::initScriptWithSubclass):

8:23 PM Changeset in webkit [248240] by Michael Catanzaro

5 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246801 - Structure::create should call didBecomePrototype()
https://bugs.webkit.org/show_bug.cgi?id=196315

Reviewed by Filip Pizlo.

Structure::create should also assert that the indexing type makes sense
for the prototype being used.

runtime/JSObject.h:
runtime/Structure.cpp:

(JSC::Structure::isValidPrototype):
(JSC::Structure::changePrototypeTransition):

runtime/Structure.h:

(JSC::Structure::create): Deleted.

runtime/StructureInlines.h:

(JSC::Structure::create):
(JSC::Structure::setPrototypeWithoutTransition):

8:23 PM Changeset in webkit [248239] by Michael Catanzaro

3 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r247426 - Concurrent GC should not rely on current phase to determine if it's safe to steal conn
https://bugs.webkit.org/show_bug.cgi?id=199786
<rdar://problem/52505197>

Reviewed by Saam Barati.

In r246507, we fixed a race condition in the concurrent GC where the mutator might steal
the conn from the collector thread while it transitions from the End phase to NotRunning.
However, that fix was not sufficient. In the case that the mutator steals the conn, and the
execution interleaves long enough for the mutator to progress to a different collection phase,
the collector will resume in a phase other than NotRunning, and hence the check added to
NotRunning will not suffice. To fix that, we add a new variable to track whether the collector
thread is running (m_collectorThreadIsRunning) and use it to determine whether it's safe to
steal the conn, rather than relying on m_currentPhase.

heap/Heap.cpp:

(JSC::Heap::runNotRunningPhase):
(JSC::Heap::requestCollection):

heap/Heap.h:

8:23 PM Changeset in webkit [248238] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246507 - Concurrent GC should check the conn before starting a new collection cycle
https://bugs.webkit.org/show_bug.cgi?id=198913
<rdar://problem/49515149>

Reviewed by Filip Pizlo.

Heap::requestCollection tries to steal the conn as an optimization to avoid waking up the collector
thread if it's idle. We determine if the collector is idle by ensuring that there are no pending collections
and that the current GC phase is NotRunning. However, that's not safe immediately after the concurrent
GC has finished processing the last pending request. The collector thread will runEndPhase and immediately
start runNotRunningPhase, without checking if it still has the conn. If the mutator has stolen the conn in
the mean time, this will lead to both threads collecting concurrently, and eventually we'll crash in checkConn,
since the collector is running but doesn't have the conn anymore.

To solve this, we check if we still have the conn after holding the lock in runNotRunningPhase, in case the mutator
has stolen the conn. Ideally, we wouldn't let the mutator steal the conn in the first place, but that doesn't seem
trivial to determine.

heap/Heap.cpp:

(JSC::Heap::runNotRunningPhase):

8:23 PM Changeset in webkit [248237] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24

Merge r246505 - [JSC] Introduce DisposableCallSiteIndex to enforce type-safety
https://bugs.webkit.org/show_bug.cgi?id=197378

Reviewed by Saam Barati.

JSTests:

stress/disposable-call-site-index-with-call-and-this.js: Added.

(foo):
(bar):

stress/disposable-call-site-index.js: Added.

(foo):
(bar):

Source/JavaScriptCore:

Some of CallSiteIndex are disposable. This is because some of CallSiteIndex are allocated and freed at runtime (not DFG/FTL compile time).
The example is CallSiteIndex for exception handler in GCAwareJITStubRoutineWithExceptionHandler. If we do not allocate and free CallSiteIndex,
we will create a new CallSiteIndex continuously and leak memory.

The other CallSiteIndex are not simply disposable because the ownership model is not unique one. They can be shared between multiple clients.
But not disposing them is OK because they are static one: they are allocated when compiling DFG/FTL, and we do not allocate such CallSiteIndex
at runtime.

To make this difference explicit and avoid disposing non-disposable CallSiteIndex accidentally, we introduce DisposableCallSiteIndex type, and
enforce type-safety to some degree.

We also correctly update the DisposableCallSiteIndex => CodeOrigin table when we are reusing the previously used DisposableCallSiteIndex.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::newExceptionHandlingCallSiteIndex):
(JSC::CodeBlock::removeExceptionHandlerForCallSite):

bytecode/CodeBlock.h:
bytecode/PolymorphicAccess.cpp:

(JSC::AccessGenerationState::callSiteIndexForExceptionHandling):
(JSC::PolymorphicAccess::regenerate):

bytecode/PolymorphicAccess.h:

(JSC::AccessGenerationState::callSiteIndexForExceptionHandling): Deleted.

dfg/DFGCommonData.cpp:

(JSC::DFG::CommonData::addUniqueCallSiteIndex):
(JSC::DFG::CommonData::addDisposableCallSiteIndex):
(JSC::DFG::CommonData::removeDisposableCallSiteIndex):
(JSC::DFG::CommonData::removeCallSiteIndex): Deleted.

dfg/DFGCommonData.h:
interpreter/CallFrame.h:

(JSC::DisposableCallSiteIndex::DisposableCallSiteIndex):
(JSC::DisposableCallSiteIndex::fromCallSiteIndex):

jit/GCAwareJITStubRoutine.cpp:

(JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
(JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
(JSC::createJITStubRoutine):

jit/GCAwareJITStubRoutine.h:
jit/JITInlineCacheGenerator.h:

8:23 PM Changeset in webkit [248236] by Michael Catanzaro

7 edits
4 adds in releases/WebKitGTK/webkit-2.24

Merge r246372 - [JSC] Polymorphic call stub's slow path should restore callee saves before performing tail call
https://bugs.webkit.org/show_bug.cgi?id=198770

Reviewed by Saam Barati.

JSTests:

stress/poly-call-stub-slow-path-should-restore-callee-saves-when-doing-tail-call.js: Added.

(test):

Source/JavaScriptCore:

Polymorphic call stub is a bit specially patched in JS call site. Typical JS call site for tail calls
are the following.

if (callee == patchableCallee) {

restore callee saves for tail call
prepare for tail call
jump to the target function

}
restore callee saves for slow path
call the slow path function

And linking patches patchableCallee, target function, and slow path function. But polymorphic call stub
patches the above if statement with the jump to the stub.

jump to the polymorphic call stub

This is because polymorphic call stub wants to use CallFrameShuffler to get scratch registers. As a result,
"restore callee saves for tail call" thing needs to be done in the polymorphic call stubs. While it is
correctly done for the major cases, we have slowPath skips, and that path missed restoring callee saves.
This skip happens if the callee is non JSCell or non JS function, so typically, InternalFunction is handled
in that path.

This patch does that skips after restoring callee saves.

bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::CallLinkInfo):

bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::setUpCall):
(JSC::CallLinkInfo::calleeGPR):
(JSC::CallLinkInfo::setCalleeGPR): Deleted.

jit/Repatch.cpp:

(JSC::revertCall):
(JSC::linkVirtualFor):
(JSC::linkPolymorphicCall):

jit/Repatch.h:
jit/ThunkGenerators.cpp:

(JSC::virtualThunkFor):

8:23 PM Changeset in webkit [248235] by Michael Catanzaro

3 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r246420 - Argument elimination should check transitive dependents for interference
https://bugs.webkit.org/show_bug.cgi?id=198520
<rdar://problem/50863343>

Reviewed by Filip Pizlo.

JSTests:

stress/argument-elimination-inline-rest-past-kill.js: Added.

(f2):
(f3):

Source/JavaScriptCore:

Consider the following program:

a: CreateRest
-->

b: CreateRest

<--
c: Spread(@a)
d: Spread(@b)
e: NewArrayWithSpread(@a, @b)
f: KillStack(locX)
g: LoadVarargs(@e)

Suppose @b reads locX, then we cannot transform @e to PhantomNewArraySpread, since that would
move the stack access from @b into @g, and that stack location is no longer valid at that point.

We fix that by computing a set of all inline call frames that any argument elimination candidate
depends on and checking each of them for interference in eliminateCandidatesThatInterfere.

dfg/DFGArgumentsEliminationPhase.cpp:

8:23 PM Changeset in webkit [248234] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24

Merge r246071 - Argument elimination should check for negative indices in GetByVal
https://bugs.webkit.org/show_bug.cgi?id=198302
<rdar://problem/51188095>

Reviewed by Filip Pizlo.

JSTests:

stress/eliminate-arguments-negative-rest-access.js: Added.

(inlinee):
(opt):

Source/JavaScriptCore:

In DFG::ArgumentEliminationPhase, the index is treated as unsigned, but there's no check
for overflow in the addition. In compileGetMyArgumentByVal, there's a check for overflow,
but the index is treated as signed, resulting in an index lower than numberOfArgumentsToSkip.

dfg/DFGArgumentsEliminationPhase.cpp:
ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileGetMyArgumentByVal):

8:23 PM Changeset in webkit [248233] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246084 - Unreviewed, update exception scope for putByIndexBeyondVectorLength
https://bugs.webkit.org/show_bug.cgi?id=198477

runtime/JSObject.cpp:

(JSC::JSObject::putByIndexBeyondVectorLength):

8:23 PM Changeset in webkit [248232] by Michael Catanzaro

4 edits
3 adds in releases/WebKitGTK/webkit-2.24

Merge r246040 - [JSC] JSObject::attemptToInterceptPutByIndexOnHole should use getPrototype instead of getPrototypeDirect
https://bugs.webkit.org/show_bug.cgi?id=198477
<rdar://problem/51299504>

Reviewed by Saam Barati.

Source/JavaScriptCore:

JSObject::attemptToInterceptPutByIndexOnHole uses getPrototypeDirect, but it should use getPrototype to
handle getPrototype methods in derived JSObject classes correctly.

runtime/JSArrayInlines.h:

(JSC::JSArray::pushInline):

runtime/JSObject.cpp:

(JSC::JSObject::putByIndex):
(JSC::JSObject::attemptToInterceptPutByIndexOnHoleForPrototype):
(JSC::JSObject::attemptToInterceptPutByIndexOnHole):
(JSC::JSObject::putByIndexBeyondVectorLength):

LayoutTests:

Ensure that JSWindow::getPrototype is used.

http/tests/security/cross-frame-access-object-getPrototypeOf-in-put-expected.txt: Added.
http/tests/security/cross-frame-access-object-getPrototypeOf-in-put.html: Added.
http/tests/security/resources/cross-frame-iframe-for-object-getPrototypeOf-in-put-test.html: Added.

8:23 PM Changeset in webkit [248231] by Michael Catanzaro

8 edits
1 move
1 add in releases/WebKitGTK/webkit-2.24

Merge r245908 - IsoHeaps don't notice uncommitted VA becoming the first eligible.
https://bugs.webkit.org/show_bug.cgi?id=198301

Reviewed by Yusuke Suzuki.

Source/bmalloc:

IsoDirectory has a firstEligible member that is used as an
optimization to help find the first fit. However if the scavenger
decommitted a page before firstEligible then we wouldn't move
firstEligible. Thus, if no space is ever freed below firstEligible
we will never reused the decommitted memory (e.g. if the VA page
is decommitted). The fix is to make IsoDirectory::didDecommit move
the firstEligible page back if the decommitted page is smaller
than the current firstEligible. As such, this patch renames
firstEligible to firstEligibleOrDecommitted.

Also, this patch changes gigacageEnabledForProcess to check if the
process starts with Test rather than just test as TestWTF does.

Lastly, unbeknownst to me IsoHeaps are dependent on gigacage, so
by removing gigacage from arm64 I accidentally disabled
IsoHeaps...

bmalloc.xcodeproj/project.pbxproj:
bmalloc/IsoDirectory.h:
bmalloc/IsoDirectoryInlines.h:

(bmalloc::passedNumPages>::takeFirstEligible):
(bmalloc::passedNumPages>::didBecome):
(bmalloc::passedNumPages>::didDecommit):

bmalloc/IsoHeapImpl.h:
bmalloc/IsoHeapImplInlines.h:

(bmalloc::IsoHeapImpl<Config>::takeFirstEligible):
(bmalloc::IsoHeapImpl<Config>::didBecomeEligibleOrDecommited):
(bmalloc::IsoHeapImpl<Config>::didCommit):
(bmalloc::IsoHeapImpl<Config>::didBecomeEligible): Deleted.

bmalloc/IsoTLS.cpp:

(bmalloc::IsoTLS::determineMallocFallbackState):

bmalloc/ProcessCheck.mm:

(bmalloc::gigacageEnabledForProcess):

Tools:

Move testbmalloc.cpp to TestWTF so it runs in automation.

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp: Renamed from Source/bmalloc/test/testbmalloc.cpp.

(TEST):

8:23 PM Changeset in webkit [248230] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r246792 - REGRESSION(r245586): static assertion failed: Match result and EncodedMatchResult should be the same size
https://bugs.webkit.org/show_bug.cgi?id=198518

Reviewed by Keith Miller.

r245586 made some bad assumptions about the size of size_t, which we can solve using the
CPU(ADDRESS32) guard that I didn't know about.

This solution was developed by Mark Lam and Keith Miller. I'm just preparing the patch.

runtime/MatchResult.h:

8:23 PM Changeset in webkit [248229] by Michael Catanzaro

3 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r245815 - [YARR] Properly handle RegExp's that require large ParenContext space
https://bugs.webkit.org/show_bug.cgi?id=198065

Reviewed by Keith Miller.

JSTests:

New test.

stress/regexp-large-paren-context.js: Added.

(testLargeRegExp):

Source/JavaScriptCore:

Changed what happens when we exceed VM::patternContextBufferSize when compiling a RegExp
that needs ParenCOntextSpace to fail the RegExp JIT compilation and fall back to the YARR
interpreter. This can save large amounts of JIT memory for a
JIT'ed function that cannot ever succeed.

yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::initParenContextFreeList):
(JSC::Yarr::YarrGenerator::compile):

8:23 PM Changeset in webkit [248228] by Michael Catanzaro

7 edits
2 adds in releases/WebKitGTK/webkit-2.24

Merge r245926 - Cleanup Yarr regexp code around paren contexts.
https://bugs.webkit.org/show_bug.cgi?id=198063

Reviewed by Yusuke Suzuki.

JSTests:

stress/regexp-many-named-sequential-capture-groups.js: Added.

(i.s):

stress/regexp-many-unnamed-sequential-capture-groups.js: Added.

Source/JavaScriptCore:

There are three refactoring changes around paren contexts:

Make EncodedMatchResult the same type as MatchResult on X86_64 and arm64 and uint64_t elsewhere.
All function pointer types for Yarr JIT generated code reserve space for paren contexts.
initParenContextFreeList should bail based on VM::patternContextBufferSize as that's the buffer size anyway.

runtime/MatchResult.h:

(JSC::MatchResult::MatchResult):

runtime/RegExpInlines.h:

(JSC::PatternContextBufferHolder::PatternContextBufferHolder):
(JSC::PatternContextBufferHolder::~PatternContextBufferHolder):
(JSC::PatternContextBufferHolder::size):
(JSC::RegExp::matchInline):

runtime/VM.h:
yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::initParenContextFreeList):

yarr/YarrJIT.h:

(JSC::Yarr::YarrCodeBlock::execute):

8:22 PM Changeset in webkit [248227] by Michael Catanzaro

5 edits
2 adds in releases/WebKitGTK/webkit-2.24

Merge r245538 - Fix security check in ScriptController::canAccessFromCurrentOrigin()
https://bugs.webkit.org/show_bug.cgi?id=196730
<rdar://problem/49731231>

Reviewed by Ryosuke Niwa.

Source/WebCore:

Fix security check in ScriptController::canAccessFromCurrentOrigin() when there is no
current JS exec state. Instead of returning true unconditionally, we now fall back to
using the accessing document's origin for the security check. The new behavior is
aligned with Blink:
https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/html/html_frame_element_base.cc?rcl=d3f22423d512b45466f1694020e20da9e0c6ee6a&l=62

This fix is based on a patch from Sergei Glazunov <glazunov@google.com>.

Test: http/tests/security/showModalDialog-sync-cross-origin-page-load2.html

bindings/js/ScriptController.cpp:

(WebCore::ScriptController::canAccessFromCurrentOrigin):

bindings/js/ScriptController.h:
html/HTMLFrameElementBase.cpp:

(WebCore::HTMLFrameElementBase::isURLAllowed const):

LayoutTests:

Add layout test coverage.

http/tests/security/showModalDialog-sync-cross-origin-page-load2-expected.txt: Added.
http/tests/security/showModalDialog-sync-cross-origin-page-load2.html: Added.

8:22 PM Changeset in webkit [248226] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r244970 - Null check m_mainFrame in WebPageProxy.cpp
https://bugs.webkit.org/show_bug.cgi?id=197618
<rdar://problem/47463054>

Patch by Alex Christensen <achristensen@webkit.org> on 2019-05-06
Reviewed by Geoffrey Garen.

It's already null checked in some places, and the places where it isn't are causing crashes.
Let's fix all of them.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::decidePolicyForNavigationAction):
(WebKit::WebPageProxy::decidePolicyForNewWindowAction):
(WebKit::WebPageProxy::createNewPage):

8:22 PM Changeset in webkit [248225] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r245298 - Crash under WebKit::WebProcessProxy::didBecomeUnresponsive()
https://bugs.webkit.org/show_bug.cgi?id=197883
<rdar://problem/50665984>

Reviewed by Alex Christensen.

Protect |this| in didBecomeUnresponsive() and didExceedCPULimit() since we call client
delegates and those may cause |this| to get destroyed.

UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::didBecomeUnresponsive):
(WebKit::WebProcessProxy::didExceedCPULimit):

8:22 PM Changeset in webkit [248224] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WebCore

Merge r245190 - Gracefully handle inaccessible font face data
https://bugs.webkit.org/show_bug.cgi?id=197762
<rdar://problem/50433861>

Reviewed by Per Arne Vollan.

Make sure CSS Font Face handling gracefully recovers from
missing font data.

Test: fast/text/missing-font-crash.html

css/CSSFontFace.cpp:

(WebCore::CSSFontFace::fontLoadEventOccurred):
(WebCore::CSSFontFace::timeoutFired):
(WebCore::CSSFontFace::fontLoaded):
(WebCore::CSSFontFace::font):

8:22 PM Changeset in webkit [248223] by Michael Catanzaro

4 edits
2 adds in releases/WebKitGTK/webkit-2.24

Merge r245158 - Do not mix inline and block level boxes.
https://bugs.webkit.org/show_bug.cgi?id=197462
<rdar://problem/50369362>

Reviewed by Antti Koivisto.

Source/WebCore:

This patch tightens the remove-anonymous-wrappers logic by checking if the removal would
produce an inline-block sibling mix.
When a block level box is removed from the tree, we check if after the removal the anonymous sibling block
boxes are still needed or whether we can removed them as well (and have only inline level child boxes).
In addition to checking if the container is anonymous and is part of a continuation, we also need to check
if collapsing it (and by that moving its children one level up) would cause a inline-block box mix.

Test: fast/ruby/continuation-and-column-spanner-crash.html

rendering/updating/RenderTreeBuilder.cpp:

(WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded):

rendering/updating/RenderTreeBuilderContinuation.cpp:

(WebCore::RenderTreeBuilder::Continuation::cleanupOnDestroy):

LayoutTests:

fast/ruby/continuation-and-column-spanner-crash-expected.txt: Added.
fast/ruby/continuation-and-column-spanner-crash.html: Added.

8:22 PM Changeset in webkit [248222] by Michael Catanzaro

3 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r245071 - Invalid DFG JIT genereation in high CPU usage state
https://bugs.webkit.org/show_bug.cgi?id=197453

Reviewed by Saam Barati.

JSTests:

stress/string-ident-use-clears-abstract-value-if-rope-string-constant-is-held.js: Added.

(trigger):
(main):

Source/JavaScriptCore:

We have a DFG graph like this.

a: JSConstant(rope JSString)
b: CheckStringIdent(Check:StringUse:@a)
... AI think this is unreachable ...

When executing StringUse edge filter onto @a, AbstractValue::filterValueByType clears AbstractValue and makes it None.
This is because @a constant produces SpecString (SpecStringVar | SpecStringIdent) while StringUse edge filter requires
SpecStringIdent. AbstractValue::filterValueByType has an assumption that the JS constant always produces the same
SpeculatedType. So it clears AbstractValue completely.
But this assumption is wrong. JSString can produce SpecStringIdent later if the string is resolved to AtomicStringImpl.
AI think that we always fail. But once the string is resolved to AtomicStringImpl, we pass this check. So we execute
the breakpoint emitted by DFG since DFG think this is unreachable.

In this patch, we just clear the m_value if AbstractValue type filter fails with the held constant, since the constant
may produce a narrower type which can meet the type filter later.

dfg/DFGAbstractValue.cpp:

(JSC::DFG::AbstractValue::filterValueByType):

8:22 PM Changeset in webkit [248221] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/bytecompiler

Merge r245403 from safari-607-branch

This fixes the build after the r245047 merge.

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitEqualityOpImpl):
(JSC::BytecodeGenerator::emitEqualityOp): Deleted.

bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::emitEqualityOp):

8:22 PM Changeset in webkit [248220] by Michael Catanzaro

4 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r245047 - JSC: A bug in BytecodeGenerator::emitEqualityOpImpl
https://bugs.webkit.org/show_bug.cgi?id=197479

Patch by Yusuke Suzuki <ysuzuki@apple.com> on 2019-05-07
Reviewed by Saam Barati.

JSTests:

stress/do-not-perform-bytecode-peephole-optimization-in-jump-target.js: Added.

(shouldBe):

Source/JavaScriptCore:

Our peephole optimization in BytecodeGenerator is (1) rewinding the previous instruction and (2) emit optimized instruction instead.
If we have jump target between the previous instruction and the subsequent instruction, this peephole optimization breaks the jump target.
To prevent it, we had a mechanism disabling peephole optimization, setting m_lastOpcodeID = op_end and checking m_lastOpcodeID when performing
peephole optimization. However, BytecodeGenerator::emitEqualityOpImpl checks m_lastInstruction->is<OpTypeof> instead of m_lastOpcodeID == op_typeof,
and miss op_end case.

This patch makes the following changes.

Add canDoPeepholeOptimization method to clarify the intent of m_lastInstruction = op_end.
Check canDoPeepholeOptimization status before performing peephole optimization in emitJumpIfTrue, emitJumpIfFalse, and emitEqualityOpImpl.
Add ASSERT(canDoPeepholeOptimization()) in fuseCompareAndJump and fuseTestAndJmp to ensure that peephole optimization is allowed.

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::fuseCompareAndJump):
(JSC::BytecodeGenerator::fuseTestAndJmp):
(JSC::BytecodeGenerator::emitJumpIfTrue):
(JSC::BytecodeGenerator::emitJumpIfFalse):
(JSC::BytecodeGenerator::emitEqualityOpImpl):

bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::canDoPeepholeOptimization const):

8:22 PM Changeset in webkit [248219] by Michael Catanzaro

3 edits
6 adds in releases/WebKitGTK/webkit-2.24

Merge r245018 - tryCachePutByID should not crash if target offset changes
https://bugs.webkit.org/show_bug.cgi?id=197311
<rdar://problem/48033612>

Reviewed by Filip Pizlo.

JSTests:

Add a series of tests related tryCachePutByID. Two of these tests used to crash and were fixed
by this patch: cache-put-by-id-different-attributes.js and cache-put-by-id-different-offset.js

stress/cache-put-by-id-delete-prototype.js: Added.

(A.prototype.set y):
(A):
(B.prototype.set y):
(B):
(C):

stress/cache-put-by-id-different-proto.js: Added.

(A.prototype.set y):
(A):
(B1):
(B2.prototype.set y):
(B2):
(C):
(D):

stress/cache-put-by-id-different-attributes.js: Added.

(Foo):
(set x):

stress/cache-put-by-id-different-offset.js: Added.

(Foo):
(set x):

stress/cache-put-by-id-insert-prototype.js: Added.

(A.prototype.set y):
(A):
(C):

stress/cache-put-by-id-poly-proto.js: Added.

(Foo):
(set _):
(createBar.Bar):
(createBar):

Source/JavaScriptCore:

When tryCachePutID is called with a cacheable setter, if the target object where the setter was
found is still in the prototype chain and there's no poly protos in the chain, we use
generateConditionsForPrototypePropertyHit to validate that the target object remains the same.
It checks for the absence of the property in every object in the prototype chain from the base
down to the target object and checks that the property is still present in the target object. It
also bails if there are any uncacheable objects, proxies or dictionary objects in the prototype
chain. However, it does not consider two edge cases:

It asserts that the property should still be at the same offset in the target object, but this

assertion does not hold if the setter deletes properties of the object and causes the structure
to be flattened after the deletion. Instead of asserting, we just use the updated offset.

It does not check whether the new slot is also a setter, which leads to a crash in case it's not.

jit/Repatch.cpp:

(JSC::tryCachePutByID):

8:22 PM Changeset in webkit [248218] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24

Merge r244996 - [JSC] We should check OOM for description string of Symbol
https://bugs.webkit.org/show_bug.cgi?id=197634

Reviewed by Keith Miller.

JSTests:

stress/check-symbol-description-oom.js: Added.

(shouldThrow):

Source/JavaScriptCore:

When resoling JSString for description of Symbol, we should check OOM error.
We also change JSValueMakeSymbol(..., nullptr) to returning a symbol value
without description, (1) to simplify the code and (2) give a way for JSC API
to create a symbol value without description.

API/JSValueRef.cpp:

(JSValueMakeSymbol):

API/tests/testapi.cpp:

(TestAPI::symbolsTypeof):
(TestAPI::symbolsDescription):
(testCAPIViaCpp):

dfg/DFGOperations.cpp:
runtime/Symbol.cpp:

(JSC::Symbol::createWithDescription):

runtime/Symbol.h:
runtime/SymbolConstructor.cpp:

(JSC::callSymbol):

8:22 PM Changeset in webkit [248217] by Michael Catanzaro

3 edits in releases/WebKitGTK/webkit-2.24

Merge r244950 - TypedArrays should not store properties that are canonical numeric indices
https://bugs.webkit.org/show_bug.cgi?id=197228
<rdar://problem/49557381>

Patch by Tadeu Zagallo <Tadeu Zagallo> on 2019-05-04
Reviewed by Saam Barati.

JSTests:

stress/array-species-config-array-constructor.js:

(test):

stress/put-direct-index-broken-2.js:
stress/typed-array-canonical-numeric-index-string.js: Added.

(makeTest.assert):
(makeTest):
(const.testInvalidIndices.makeTest.set assert):
(const.testInvalidIndices.makeTest):
(const.makeTestValidIndex.configurable.set assert):
(const.makeTestValidIndex.configurable):

stress/typedarray-access-monomorphic-neutered.js:

(checkNoException):
(testNoException):
(testFTLNoException):

stress/typedarray-access-neutered.js:

(testNoException):

stress/typedarray-getownproperty-not-configurable.js:

(foo):

test262/expectations.yaml:

Source/JavaScriptCore:

According to the spec[1]:

TypedArrays should not perform an ordinary GetOwnProperty/SetOwnProperty if the index is a

CanonicalNumericIndexString, but invalid according to IntegerIndexedElementGet and similar
functions. I.e., there are a few properties that should not be set in a TypedArray, like NaN,
Infinity and -0.

On DefineOwnProperty, the out-of-bounds check should be performed before validating the property

descriptor.

On GetOwnProperty, the returned descriptor for numeric properties should have writable set to true.

[1]: https://www.ecma-international.org/ecma-262/9.0/index.html#sec-integer-indexed-exotic-objects-defineownproperty-p-desc

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
runtime/JSGenericTypedArrayViewInlines.h:

(JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
(JSC::JSGenericTypedArrayView<Adaptor>::put):
(JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
(JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlotByIndex):
(JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):

runtime/PropertyName.h:

(JSC::isCanonicalNumericIndexString):

LayoutTests:

fast/canvas/canvas-ImageData-behaviour-expected.txt:
fast/canvas/canvas-ImageData-behaviour.js:

8:22 PM Changeset in webkit [248216] by Michael Catanzaro

4 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r243966 - [JSC] CallLinkInfo should clear Callee or CodeBlock even if it is unlinked by jettison
https://bugs.webkit.org/show_bug.cgi?id=196683

Reviewed by Saam Barati.

JSTests:

stress/clear-callee-or-codeblock-in-calllinkinfo-even-cleared-by-jettison.js: Added.

(foo):

Source/JavaScriptCore:

In r243626, we stop repatching CallLinkInfo when the CallLinkInfo is held by jettisoned CodeBlock.
But we still need to clear the Callee or CodeBlock since they are now dead. Otherwise, CodeBlock's
visitWeak eventually accesses this dead cells and crashes because the owner CodeBlock of CallLinkInfo
can be still live.

We also move all repatching operations from CallLinkInfo.cpp to Repatch.cpp for consistency because the
other repatching operations in CallLinkInfo are implemented in Repatch.cpp side.

bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::setCallee):
(JSC::CallLinkInfo::clearCallee):

jit/Repatch.cpp:

(JSC::linkFor):
(JSC::revertCall):

8:22 PM Changeset in webkit [248215] by Michael Catanzaro

6 edits
1 add in releases/WebKitGTK/webkit-2.24

Merge r243626 - CodeBlock::jettison() should disallow repatching its own calls
https://bugs.webkit.org/show_bug.cgi?id=196359
<rdar://problem/48973663>

Reviewed by Saam Barati.

JSTests:

stress/call-link-info-osrexit-repatch.js: Added.

(foo):

Source/JavaScriptCore:

CodeBlock::jettison() calls CommonData::invalidate, which replaces the hlt
instruction with the jump to OSR exit. However, if the hlt was immediately
followed by a call to the CodeBlock being jettisoned, we would write over the
OSR exit address while unlinking all the incoming CallLinkInfos later in
CodeBlock::jettison().

Change it so that we set a flag, clearedByJettison, in all the CallLinkInfos
owned by the CodeBlock being jettisoned. If the flag is set, we will avoid
repatching the call during unlinking. This is safe because this call will never
be reachable again after the CodeBlock is jettisoned.

bytecode/CallLinkInfo.cpp:

(JSC::CallLinkInfo::CallLinkInfo):
(JSC::CallLinkInfo::setCallee):
(JSC::CallLinkInfo::clearCallee):
(JSC::CallLinkInfo::setCodeBlock):
(JSC::CallLinkInfo::clearCodeBlock):

bytecode/CallLinkInfo.h:

(JSC::CallLinkInfo::clearedByJettison):
(JSC::CallLinkInfo::setClearedByJettison):

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::jettison):

jit/Repatch.cpp:

(JSC::revertCall):

8:22 PM Changeset in webkit [248214] by Michael Catanzaro

4 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r243237 - JSC test crash: stress/dont-strength-reduce-regexp-with-compile-error.js.default
https://bugs.webkit.org/show_bug.cgi?id=195906

Reviewed by Mark Lam.

The problem here as that we may successfully parsed a RegExp without running out of stack,
but later run out of stack when trying to JIT compile the same expression.

Added a check for available stack space when we call into one of the parenthesis compilation
functions that recurse. When we don't have enough stack space to recurse, we fail the JIT
compilation and let the interpreter handle the expression.

From code inspection of the YARR interpreter it has the same issue, but I couldn't cause a failure.
Filed a new bug and added a FIXME comment for the Interpreter to have similar checks.
Given that we can reproduce a failure, this is sufficient for now.

This change is covered by the previously added failing test,
JSTests/stress/dont-strength-reduce-regexp-with-compile-error.js.

yarr/YarrInterpreter.cpp:

(JSC::Yarr::Interpreter::interpret):

yarr/YarrJIT.cpp:

(JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
(JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
(JSC::Yarr::YarrGenerator::opCompileBody):
(JSC::Yarr::dumpCompileFailure):

yarr/YarrJIT.h:

8:22 PM Changeset in webkit [248213] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r242215 - cloop.rb shift mask should depend on the word size being shifted.
https://bugs.webkit.org/show_bug.cgi?id=195181
<rdar://problem/48484164>

Reviewed by Yusuke Suzuki.

Previously, we're always masking the shift amount with 0x1f. This is only correct
for 32-bit words. For 64-bit words, the mask should be 0x3f. For pointer sized
shifts, the mask depends on sizeof(uintptr_t).

offlineasm/cloop.rb:

8:22 PM Changeset in webkit [248212] by Michael Catanzaro

1 edit in releases/WebKitGTK/webkit-2.24/Source/WebKit/Shared/WebCoreArgumentCoders.cpp

Unreviewed, fix build warning in WebCoreArgumentCoders

Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<Region::Span>::decode):

8:22 PM Changeset in webkit [248211] by Michael Catanzaro

1 edit in releases/WebKitGTK/webkit-2.24/Source/WebCore/inspector/InspectorOverlay.cpp

Unreviewed, fix build warnings in InspectorOverlay.cpp

inspector/InspectorOverlay.cpp:

(WebCore::buildArrayForRendererFragments):
(WebCore::buildObjectForShapeOutside):
(WebCore::buildObjectForElementData):
(WebCore::InspectorOverlay::buildHighlightObjectForNode const):

8:22 PM Changeset in webkit [248210] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore

Merge r241995 - Unreviewed, fix -Wunused-param warning

jsc.cpp:

8:22 PM Changeset in webkit [248209] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WTF

Merge r245234 - Unreviewed, fix unused variable warnings in release builds

Source/WebKit:

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::clearWebProcessHasUploads):

Source/WTF:

wtf/URLHelpers.cpp:

(WTF::URLHelpers::escapeUnsafeCharacters):

8:22 PM Changeset in webkit [248208] by Michael Catanzaro

2 edits in releases/WebKitGTK/webkit-2.24/Source/WTF

Merge r243115 - [WTF] Remove redundant std::move in StringConcatenate
https://bugs.webkit.org/show_bug.cgi?id=195798

Patch by Xan Lopez <Xan Lopez> on 2019-03-18
Reviewed by Darin Adler.

Remove redundant calls to WTFMove in return values for this
method. C++ will already do an implicit move here since we are
returning a local value where copy/move elision is not applicable.

wtf/text/StringConcatenate.h:

(WTF::tryMakeStringFromAdapters):

8:22 PM Changeset in webkit [248207] by Michael Catanzaro

4 edits in releases/WebKitGTK/webkit-2.24/Source

Merge r243204 - Remove copyRef() calls added in r243163
https://bugs.webkit.org/show_bug.cgi?id=195962

Patch by Michael Catanzaro <Michael Catanzaro> on 2019-03-20
Reviewed by Chris Dumez.

Source/JavaScriptCore:

As best I can tell, may be a GCC 9 bug. It shouldn't warn about this case because the return
value is noncopyable and the WTFMove() is absolutely required. We can avoid the warning
without refcount churn by introducing an intermediate variable.

inspector/scripts/codegen/cpp_generator_templates.py:

Source/WebCore:

The first two cases here can just directly return the RefPtr.

In the third case, we have to work around a GCC 6 bug because GCC 6 is unable to pick the
right constructor to use, unlike modern compilers.

Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::bodyAsFormData const):
(WebCore::FetchBody::take):

8:22 PM Changeset in webkit [248206] by Michael Catanzaro

3 edits in releases/WebKitGTK/webkit-2.24/Source/WebKit

Merge r243203 - Unreviewed, drop invalid assertions landed in r243163.

Those assertions were causing some API tests to crash.
Also include some post-review suggestions from Darin.

Shared/CallbackID.h:

(WebKit::CallbackID::operator=):

Shared/OptionalCallbackID.h:

(WebKit::OptionalCallbackID::operator=):

8:22 PM Changeset in webkit [248205] by Michael Catanzaro

203 edits in releases/WebKitGTK/webkit-2.24/Source

Merge r243163 - Build cleanly with GCC 9
https://bugs.webkit.org/show_bug.cgi?id=195920

Reviewed by Chris Dumez.

WebKit triggers three new GCC 9 warnings:

"""
-Wdeprecated-copy, implied by -Wextra, warns about the C++11 deprecation of implicitly
declared copy constructor and assignment operator if one of them is user-provided.
"""

Solution is to either add a copy constructor or copy assignment operator, if required, or
else remove one if it is redundant.

"""
-Wredundant-move, implied by -Wextra, warns about redundant calls to std::move.
-Wpessimizing-move, implied by -Wall, warns when a call to std::move prevents copy elision.
"""

These account for most of this patch. Solution is to just remove the bad WTFMove().

Additionally, -Wclass-memaccess has been enhanced to catch a few cases that GCC 8 didn't.
These are solved by casting nontrivial types to void* before using memcpy. (Of course, it
would be safer to not use memcpy on nontrivial types, but that's too complex for this
patch. Searching for memcpy used with static_cast<void*> will reveal other cases to fix.)

Source/JavaScriptCore:

b3/B3ValueRep.h:
bindings/ScriptValue.cpp:

(Inspector::jsToInspectorValue):

bytecode/GetterSetterAccessCase.cpp:

(JSC::GetterSetterAccessCase::create):
(JSC::GetterSetterAccessCase::clone const):

bytecode/InstanceOfAccessCase.cpp:

(JSC::InstanceOfAccessCase::clone const):

bytecode/IntrinsicGetterAccessCase.cpp:

(JSC::IntrinsicGetterAccessCase::clone const):

bytecode/ModuleNamespaceAccessCase.cpp:

(JSC::ModuleNamespaceAccessCase::clone const):

bytecode/ProxyableAccessCase.cpp:

(JSC::ProxyableAccessCase::clone const):

bytecode/StructureSet.h:
debugger/Breakpoint.h:
dfg/DFGRegisteredStructureSet.h:
inspector/agents/InspectorDebuggerAgent.cpp:

(Inspector::buildDebuggerLocation):

inspector/scripts/codegen/cpp_generator_templates.py:
parser/UnlinkedSourceCode.h:
wasm/WasmAirIRGenerator.cpp:

(JSC::Wasm::parseAndCompileAir):

wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::parseAndCompile):

wasm/WasmNameSectionParser.cpp:

(JSC::Wasm::NameSectionParser::parse):

wasm/WasmStreamingParser.cpp:

(JSC::Wasm::StreamingParser::consume):

Source/WebCore:

Modules/encryptedmedia/CDM.cpp:

(WebCore::CDM::getSupportedConfiguration):

Modules/encryptedmedia/MediaKeys.cpp:

(WebCore::MediaKeys::createSession):

Modules/entriesapi/DOMFileSystem.cpp:

(WebCore::listDirectoryWithMetadata):
(WebCore::toFileSystemEntries):

Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::fromFormData):
(WebCore::FetchBody::bodyAsFormData const):
(WebCore::FetchBody::take):

Modules/fetch/FetchRequest.cpp:

(WebCore::FetchRequest::create):
(WebCore::FetchRequest::clone):

Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::create):
(WebCore::FetchResponse::redirect):
(WebCore::FetchResponse::clone):

Modules/indexeddb/IDBCursor.cpp:

(WebCore::IDBCursor::update):
(WebCore::IDBCursor::deleteFunction):

Modules/indexeddb/IDBDatabase.cpp:

(WebCore::IDBDatabase::transaction):

Modules/indexeddb/IDBDatabaseIdentifier.h:

(WebCore::IDBDatabaseIdentifier::decode):

Modules/indexeddb/IDBKeyData.h:

(WebCore::IDBKeyData::decode):

Modules/indexeddb/IDBObjectStore.cpp:

(WebCore::IDBObjectStore::createIndex):
(WebCore::IDBObjectStore::index):

Modules/indexeddb/IDBValue.h:

(WebCore::IDBValue::decode):

Modules/indexeddb/shared/IDBError.cpp:

(WebCore::IDBError::operator=): Deleted.

Modules/indexeddb/shared/IDBError.h:
Modules/indexeddb/shared/IDBResultData.h:

(WebCore::IDBResultData::decode):

Modules/mediarecorder/MediaRecorder.cpp:

(WebCore::MediaRecorder::create):

Modules/mediasource/MediaSource.cpp:

(WebCore::MediaSource::addSourceBuffer):

Modules/mediastream/RTCPeerConnection.cpp:

(WebCore::iceServersFromConfiguration):
(WebCore::RTCPeerConnection::certificatesFromConfiguration):
(WebCore::certificateTypeFromAlgorithmIdentifier):

Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:

(WebCore::LibWebRTCMediaEndpoint::getStats):

Modules/mediastream/libwebrtc/LibWebRTCPeerConnectionBackend.cpp:

(WebCore::LibWebRTCPeerConnectionBackend::addTrack):
(WebCore::LibWebRTCPeerConnectionBackend::addUnifiedPlanTransceiver):

Modules/webaudio/AudioBuffer.cpp:

(WebCore::AudioBuffer::create):

Modules/webaudio/AudioContext.cpp:

(WebCore::AudioContext::createMediaElementSource):
(WebCore::AudioContext::createMediaStreamSource):
(WebCore::AudioContext::createScriptProcessor):

Modules/webaudio/OfflineAudioContext.cpp:

(WebCore::OfflineAudioContext::create):

Modules/webdatabase/DatabaseManager.cpp:

(WebCore::DatabaseManager::tryToOpenDatabaseBackend):

Modules/webdatabase/DatabaseTracker.cpp:

(WebCore::DatabaseTracker::canEstablishDatabase):
(WebCore::DatabaseTracker::retryCanEstablishDatabase):

Modules/webdatabase/SQLResultSetRowList.cpp:

(WebCore::SQLResultSetRowList::item const):

Modules/websockets/WebSocket.cpp:

(WebCore::WebSocket::create):

accessibility/AXObjectCache.cpp:

(WebCore::AXObjectCache::rangeForNodeContents):
(WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):

animation/KeyframeEffect.cpp:

(WebCore::KeyframeEffect::create):
(WebCore::KeyframeEffect::backingAnimationForCompositedRenderer const):

bindings/js/JSCustomElementInterface.cpp:

(WebCore::JSCustomElementInterface::constructElementWithFallback):

bindings/js/JSDOMConvertVariadic.h:

(WebCore::VariadicConverter::convert):
(WebCore::convertVariadicArguments):

bindings/js/SerializedScriptValue.cpp:

(WebCore::CloneDeserializer::readDOMPointInit):
(WebCore::transferArrayBuffers):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateCallbackImplementationContent):

bindings/scripts/test/JS/JSTestCallbackFunction.cpp:

(WebCore::JSTestCallbackFunction::handleEvent):

bindings/scripts/test/JS/JSTestCallbackFunctionRethrow.cpp:

(WebCore::JSTestCallbackFunctionRethrow::handleEvent):

bindings/scripts/test/JS/JSTestCallbackInterface.cpp:

(WebCore::JSTestCallbackInterface::callbackWithAReturnValue):
(WebCore::JSTestCallbackInterface::callbackThatRethrowsExceptions):
(WebCore::JSTestCallbackInterface::callbackThatSkipsInvokeCheck):
(WebCore::JSTestCallbackInterface::callbackWithThisObject):

contentextensions/ContentExtensionParser.cpp:

(WebCore::ContentExtensions::getStringList):
(WebCore::ContentExtensions::loadTrigger):
(WebCore::ContentExtensions::loadEncodedRules):
(WebCore::ContentExtensions::parseRuleList):

crypto/SubtleCrypto.cpp:

(WebCore::normalizeCryptoAlgorithmParameters):

crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp:

(WebCore::calculateSignature):

crypto/keys/CryptoKeyEC.cpp:

(WebCore::CryptoKeyEC::exportJwk const):

css/CSSComputedStyleDeclaration.cpp:

(WebCore::computedTransform):
(WebCore::ComputedStyleExtractor::valueForShadow):
(WebCore::ComputedStyleExtractor::valueForFilter):
(WebCore::specifiedValueForGridTrackSize):
(WebCore::valueForGridTrackList):
(WebCore::valueForGridPosition):
(WebCore::willChangePropertyValue):
(WebCore::fontVariantLigaturesPropertyValue):
(WebCore::fontVariantNumericPropertyValue):
(WebCore::fontVariantEastAsianPropertyValue):
(WebCore::touchActionFlagsToCSSValue):
(WebCore::renderTextDecorationFlagsToCSSValue):
(WebCore::renderEmphasisPositionFlagsToCSSValue):
(WebCore::speakAsToCSSValue):
(WebCore::hangingPunctuationToCSSValue):
(WebCore::fillRepeatToCSSValue):
(WebCore::fillSizeToCSSValue):
(WebCore::counterToCSSValue):
(WebCore::fontVariantFromStyle):
(WebCore::fontSynthesisFromStyle):
(WebCore::shapePropertyValue):
(WebCore::paintOrder):
(WebCore::ComputedStyleExtractor::valueForPropertyinStyle):
(WebCore::ComputedStyleExtractor::getCSSPropertyValuesFor2SidesShorthand):
(WebCore::ComputedStyleExtractor::getCSSPropertyValuesFor4SidesShorthand):

css/CSSFontFaceSet.cpp:

(WebCore::CSSFontFaceSet::matchingFacesExcludingPreinstalledFonts):

css/CSSGradientValue.cpp:

(WebCore::CSSGradientValue::image):

css/CSSStyleSheet.cpp:

(WebCore::CSSStyleSheet::rules):

css/DOMMatrixReadOnly.cpp:

(WebCore::DOMMatrixReadOnly::parseStringIntoAbstractMatrix):

css/FontFace.cpp:

(WebCore::FontFace::create):

css/FontVariantBuilder.cpp:

(WebCore::computeFontVariant):

css/PropertySetCSSStyleDeclaration.cpp:

(WebCore::PropertySetCSSStyleDeclaration::removeProperty):

css/SVGCSSComputedStyleDeclaration.cpp:

(WebCore::strokeDashArrayToCSSValueList):
(WebCore::ComputedStyleExtractor::adjustSVGPaintForCurrentColor const):

css/StyleBuilderConverter.h:

(WebCore::StyleBuilderConverter::convertReflection):

css/WebKitCSSMatrix.cpp:

(WebCore::WebKitCSSMatrix::create):
(WebCore::WebKitCSSMatrix::multiply const):

css/parser/CSSPropertyParser.cpp:

(WebCore::consumeFontVariationSettings):
(WebCore::consumeBasicShapePath):
(WebCore::consumeImplicitGridAutoFlow):

cssjit/StackAllocator.h:
dom/DOMImplementation.cpp:

(WebCore::DOMImplementation::createDocument):

dom/Document.cpp:

(WebCore::Document::cloneNodeInternal):

dom/DocumentFragment.cpp:

(WebCore::DocumentFragment::cloneNodeInternal):

dom/Element.cpp:

(WebCore::Element::setAttributeNode):
(WebCore::Element::setAttributeNodeNS):
(WebCore::Element::removeAttributeNode):
(WebCore::Element::parseAttributeName):
(WebCore::Element::animate):

dom/MessagePort.cpp:

(WebCore::MessagePort::disentanglePorts):

dom/NodeIterator.cpp:

(WebCore::NodeIterator::nextNode):
(WebCore::NodeIterator::previousNode):

dom/Range.cpp:

(WebCore::Range::processContents):
(WebCore::processContentsBetweenOffsets):
(WebCore::processAncestorsAndTheirSiblings):

dom/RangeBoundaryPoint.h:
dom/ScriptDisallowedScope.h:

(WebCore::ScriptDisallowedScope::operator=):

dom/Text.cpp:

(WebCore::Text::splitText):

dom/TextDecoder.cpp:

(WebCore::TextDecoder::create):
(WebCore::TextDecoder::decode):

editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::insertBlockPlaceholder):
(WebCore::CompositeEditCommand::moveParagraphContentsToNewBlockIfNecessary):

editing/Editing.cpp:

(WebCore::createTabSpanElement):

editing/EditingStyle.cpp:

(WebCore::EditingStyle::styleAtSelectionStart):

editing/TextIterator.cpp:

(WebCore::TextIterator::rangeFromLocationAndLength):

editing/VisibleSelection.cpp:

(WebCore::makeSearchRange):

editing/markup.cpp:

(WebCore::styleFromMatchedRulesAndInlineDecl):
(WebCore::createFragmentForInnerOuterHTML):
(WebCore::createContextualFragment):

html/FormController.cpp:

(WebCore::deserializeFormControlState):

html/HTMLCanvasElement.cpp:

(WebCore::HTMLCanvasElement::captureStream):

html/HTMLMediaElement.cpp:

(WebCore::HTMLMediaElement::mediaPlayerCreateResourceLoader):

html/HTMLOptionElement.cpp:

(WebCore::HTMLOptionElement::createForJSConstructor):

html/HTMLPlugInImageElement.cpp:

(WebCore::HTMLPlugInImageElement::createElementRenderer):

html/HTMLTableElement.cpp:

(WebCore::HTMLTableElement::createSharedCellStyle):

html/HTMLTableRowElement.cpp:

(WebCore::HTMLTableRowElement::insertCell):

html/ImageData.cpp:

(WebCore::ImageData::create):

html/OffscreenCanvas.cpp:

(WebCore::OffscreenCanvas::transferToImageBitmap):

html/canvas/CanvasRenderingContext2DBase.cpp:

(WebCore::CanvasRenderingContext2DBase::createLinearGradient):
(WebCore::CanvasRenderingContext2DBase::createRadialGradient):

html/canvas/OESVertexArrayObject.cpp:

(WebCore::OESVertexArrayObject::createVertexArrayOES):

html/canvas/WebGLRenderingContextBase.cpp:

(WebCore::WebGLRenderingContextBase::createBuffer):
(WebCore::WebGLRenderingContextBase::createFramebuffer):
(WebCore::WebGLRenderingContextBase::createTexture):
(WebCore::WebGLRenderingContextBase::createProgram):
(WebCore::WebGLRenderingContextBase::createRenderbuffer):
(WebCore::WebGLRenderingContextBase::createShader):
(WebCore::WebGLRenderingContextBase::getContextAttributes):
(WebCore::WebGLRenderingContextBase::getUniform):

html/shadow/TextControlInnerElements.cpp:

(WebCore::TextControlInnerContainer::resolveCustomStyle):
(WebCore::TextControlPlaceholderElement::resolveCustomStyle):

html/track/BufferedLineReader.cpp:

(WebCore::BufferedLineReader::nextLine):

html/track/VTTCue.cpp:

(WebCore::VTTCue::getCueAsHTML):
(WebCore::VTTCue::createCueRenderingTree):

html/track/WebVTTElement.cpp:

(WebCore::WebVTTElement::cloneElementWithoutAttributesAndChildren):

inspector/InspectorStyleSheet.cpp:

(WebCore::asCSSRuleList):
(WebCore::InspectorStyle::buildObjectForStyle const):
(WebCore::InspectorStyleSheet::buildObjectForStyleSheet):
(WebCore::InspectorStyleSheet::buildObjectForRule):

inspector/agents/InspectorCSSAgent.cpp:

(WebCore::InspectorCSSAgent::buildArrayForMatchedRuleList):

inspector/agents/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::buildArrayForPseudoElements):
(WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):

inspector/agents/InspectorNetworkAgent.cpp:

(WebCore::InspectorNetworkAgent::buildObjectForResourceResponse):

loader/FetchOptions.h:

(WebCore::FetchOptions::decode):

loader/MediaResourceLoader.cpp:

(WebCore::MediaResourceLoader::requestResource):

loader/appcache/ApplicationCacheStorage.cpp:

(WebCore::ApplicationCacheStorage::loadCache):
(WebCore::ApplicationCacheStorage::manifestURLs):

loader/archive/mhtml/MHTMLParser.cpp:

(WebCore::MHTMLParser::parseArchiveWithHeader):

loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):

page/DOMWindow.cpp:

(WebCore::DOMWindow::getMatchedCSSRules const):

page/DragController.cpp:

(WebCore::documentFragmentFromDragData):

page/EventSource.cpp:

(WebCore::EventSource::create):

page/PerformanceUserTiming.cpp:

(WebCore::UserTiming::mark):
(WebCore::UserTiming::measure):

page/SecurityOrigin.h:

(WebCore::SecurityOrigin::decode):

page/scrolling/ScrollingConstraints.h:

(WebCore::FixedPositionViewportConstraints::FixedPositionViewportConstraints):
(WebCore::LayoutConstraints::LayoutConstraints): Deleted.

platform/Length.h:

(WebCore::Length::Length):

platform/animation/TimingFunction.cpp:

(WebCore::TimingFunction::createFromCSSText):

platform/encryptedmedia/clearkey/CDMClearKey.cpp:

(WebCore::parseLicenseFormat):

platform/graphics/FloatPoint3D.h:
platform/graphics/Font.cpp:

(WebCore::createAndFillGlyphPage):

platform/graphics/GLContext.cpp:

(WebCore::GLContext::createContextForWindow):
(WebCore::GLContext::createSharingContext):

platform/graphics/GraphicsContext.cpp:
platform/graphics/HEVCUtilities.cpp:

(WebCore::parseHEVCCodecParameters):

platform/graphics/gtk/ImageGtk.cpp:

(WebCore::loadImageFromGResource):
(WebCore::loadMissingImageIconFromTheme):

platform/graphics/wayland/PlatformDisplayWayland.cpp:

(WebCore::PlatformDisplayWayland::create):

platform/mediastream/MediaConstraints.h:

(WebCore::MediaTrackConstraintSetMap::decode):

platform/mediastream/MediaStreamRequest.h:

(WebCore::MediaStreamRequest::decode):

platform/mediastream/gstreamer/GStreamerVideoFrameLibWebRTC.cpp:

(WebCore::GStreamerSampleFromLibWebRTCVideoFrame):

platform/mediastream/gstreamer/RealtimeIncomingAudioSourceLibWebRTC.cpp:

(WebCore::RealtimeIncomingAudioSource::create):

platform/mediastream/gstreamer/RealtimeIncomingVideoSourceLibWebRTC.cpp:

(WebCore::RealtimeIncomingVideoSource::create):

platform/mock/MockRealtimeMediaSourceCenter.cpp:

(WebCore::MockRealtimeMediaSourceCenter::captureDeviceWithPersistentID):

platform/mock/mediasource/MockSourceBufferPrivate.cpp:

(WebCore::MockMediaSample::createNonDisplayingCopy const):

platform/network/BlobRegistryImpl.cpp:

(WebCore::BlobRegistryImpl::createResourceHandle):

platform/network/CookieRequestHeaderFieldProxy.h:

(WebCore::CookieRequestHeaderFieldProxy::decode):

platform/network/FormData.h:

(WebCore::FormData::decode):

platform/network/MIMEHeader.cpp:

(WebCore::MIMEHeader::parseHeader):

platform/network/ResourceHandle.cpp:

(WebCore::ResourceHandle::create):

platform/network/soup/DNSResolveQueueSoup.cpp:

(WebCore::DNSResolveQueueSoup::takeCompletionAndCancelHandlers):

rendering/RenderElement.cpp:

(WebCore::RenderElement::createFor):

rendering/shapes/Shape.cpp:

(WebCore::Shape::createRasterShape):
(WebCore::Shape::createBoxShape):

rendering/style/BasicShapes.cpp:

(WebCore::BasicShapeCircle::blend const):
(WebCore::BasicShapeEllipse::blend const):
(WebCore::BasicShapePolygon::blend const):
(WebCore::BasicShapePath::blend const):
(WebCore::BasicShapeInset::blend const):

rendering/style/BasicShapes.h:

(WebCore::BasicShapeRadius::BasicShapeRadius):

rendering/style/ContentData.cpp:

(WebCore::ImageContentData::createContentRenderer const):
(WebCore::TextContentData::createContentRenderer const):
(WebCore::QuoteContentData::createContentRenderer const):

rendering/style/ContentData.h:
rendering/svg/RenderSVGInline.cpp:

(WebCore::RenderSVGInline::createInlineFlowBox):

rendering/svg/RenderSVGInlineText.cpp:

(WebCore::RenderSVGInlineText::createTextBox):

rendering/svg/RenderSVGText.cpp:

(WebCore::RenderSVGText::createRootInlineBox):

svg/SVGFEBlendElement.cpp:

(WebCore::SVGFEBlendElement::build):

svg/SVGFEColorMatrixElement.cpp:

(WebCore::SVGFEColorMatrixElement::build):

svg/SVGFEComponentTransferElement.cpp:

(WebCore::SVGFEComponentTransferElement::build):

svg/SVGFECompositeElement.cpp:

(WebCore::SVGFECompositeElement::build):

svg/SVGFEConvolveMatrixElement.cpp:

(WebCore::SVGFEConvolveMatrixElement::build):

svg/SVGFEDiffuseLightingElement.cpp:

(WebCore::SVGFEDiffuseLightingElement::build):

svg/SVGFEDisplacementMapElement.cpp:

(WebCore::SVGFEDisplacementMapElement::build):

svg/SVGFEDropShadowElement.cpp:

(WebCore::SVGFEDropShadowElement::build):

svg/SVGFEGaussianBlurElement.cpp:

(WebCore::SVGFEGaussianBlurElement::build):

svg/SVGFEMergeElement.cpp:

(WebCore::SVGFEMergeElement::build):

svg/SVGFEMorphologyElement.cpp:

(WebCore::SVGFEMorphologyElement::build):

svg/SVGFEOffsetElement.cpp:

(WebCore::SVGFEOffsetElement::build):

svg/SVGFESpecularLightingElement.cpp:

(WebCore::SVGFESpecularLightingElement::build):

svg/SVGFETileElement.cpp:

(WebCore::SVGFETileElement::build):

svg/SVGTransformList.h:
svg/properties/SVGList.h:

(WebCore::SVGList::initialize):
(WebCore::SVGList::insertItemBefore):
(WebCore::SVGList::replaceItem):
(WebCore::SVGList::removeItem):
(WebCore::SVGList::appendItem):

svg/properties/SVGListProperty.h:

(WebCore::SVGListProperty::initializeValuesAndWrappers):
(WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers):
(WebCore::SVGListProperty::replaceItemValuesAndWrappers):
(WebCore::SVGListProperty::removeItemValues):
(WebCore::SVGListProperty::appendItemValuesAndWrappers):

svg/properties/SVGPrimitiveList.h:
testing/Internals.cpp:

(WebCore::Internals::elementRenderTreeAsText):
(WebCore::parseFindOptions):

workers/AbstractWorker.cpp:

(WebCore::AbstractWorker::resolveURL):

workers/Worker.cpp:

(WebCore::Worker::create):

workers/service/ServiceWorkerJobData.h:

(WebCore::ServiceWorkerJobData::decode):

xml/DOMParser.cpp:

(WebCore::DOMParser::parseFromString):

xml/XPathExpression.cpp:

(WebCore::XPathExpression::evaluate):

Source/WebKit:

NetworkProcess/cache/CacheStorageEngineCache.cpp:

(WebKit::CacheStorage::Cache::decode):

Platform/IPC/ArgumentCoders.h:
Shared/CallbackID.h:

(WebKit::CallbackID::operator=):

Shared/OptionalCallbackID.h:

(WebKit::OptionalCallbackID::operator=):

Shared/Plugins/NPIdentifierData.cpp:

(WebKit::NPIdentifierData::decode):

Shared/Plugins/NPVariantData.cpp:

(WebKit::NPVariantData::decode):

Shared/Plugins/Netscape/NetscapePluginModule.cpp:

(WebKit::NetscapePluginModule::getOrCreate):

Shared/RTCNetwork.cpp:

(WebKit::RTCNetwork::IPAddress::decode):

Shared/SessionState.cpp:

(WebKit::HTTPBody::Element::decode):
(WebKit::FrameState::decode):
(WebKit::BackForwardListItemState::decode):

Shared/WebCompiledContentRuleListData.cpp:

(WebKit::WebCompiledContentRuleListData::decode):

Shared/WebCoreArgumentCoders.cpp:

(IPC::ArgumentCoder<FloatPoint>::decode):
(IPC::ArgumentCoder<FloatRect>::decode):
(IPC::ArgumentCoder<FloatQuad>::decode):
(IPC::ArgumentCoder<ViewportArguments>::decode):
(IPC::ArgumentCoder<IntPoint>::decode):
(IPC::ArgumentCoder<IntRect>::decode):
(IPC::ArgumentCoder<IntSize>::decode):
(IPC::ArgumentCoder<MimeClassInfo>::decode):
(IPC::ArgumentCoder<PluginInfo>::decode):
(IPC::ArgumentCoder<SelectionRect>::decode):
(IPC::ArgumentCoder<CompositionUnderline>::decode):
(IPC::ArgumentCoder<BlobPart>::decode):
(IPC::ArgumentCoder<TextIndicatorData>::decode):
(IPC::ArgumentCoder<ResourceLoadStatistics>::decode):
(IPC::ArgumentCoder<ScrollOffsetRange<float>>::decode):

Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::decode):

Shared/WebPlatformTouchPoint.cpp:

(WebKit::WebPlatformTouchPoint::decode):

Shared/WebsiteData/WebsiteData.cpp:

(WebKit::WebsiteData::Entry::decode):

Shared/WebsiteDataStoreParameters.cpp:

(WebKit::WebsiteDataStoreParameters::decode):

UIProcess/API/APIContentRuleListStore.cpp:

(API::decodeContentRuleListMetaData):

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::launchProcessForReload):
(WebKit::WebPageProxy::launchProcessWithItem):
(WebKit::WebPageProxy::loadRequest):
(WebKit::WebPageProxy::loadFile):
(WebKit::WebPageProxy::loadData):
(WebKit::WebPageProxy::reload):

UIProcess/WebProcessCache.cpp:

(WebKit::WebProcessCache::takeProcess):

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::findReusableSuspendedPageProcess):

WebProcess/InjectedBundle/DOM/InjectedBundleCSSStyleDeclarationHandle.cpp:

(WebKit::InjectedBundleCSSStyleDeclarationHandle::getOrCreate):

WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp:

(WebKit::InjectedBundleRangeHandle::getOrCreate):

WebProcess/InjectedBundle/InjectedBundle.cpp:

(WebKit::InjectedBundle::create):

WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::tryLoadingSynchronouslyUsingURLSchemeHandler):

WebProcess/WebPage/CoordinatedGraphics/CompositingCoordinator.cpp:

(WebKit::CompositingCoordinator::createGraphicsLayer):

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::pdfSnapshotAtSize):
(WebKit::WebPage::createDocumentLoader):

WebProcess/WebStorage/StorageNamespaceImpl.cpp:

(WebKit::StorageNamespaceImpl::copy):

Source/WTF:

wtf/CheckedArithmetic.h:

(WTF::Checked::Checked):

wtf/MetaAllocator.cpp:

(WTF::MetaAllocator::allocate):

wtf/URLParser.cpp:

(WTF::CodePointIterator::operator!= const):
(WTF::CodePointIterator::operator=): Deleted.

wtf/text/StringView.h:

(WTF::StringView::CodePoints::Iterator::operator=): Deleted.

7:02 PM WebKitGTK/2.24.x edited by Michael Catanzaro

(diff)

4:14 PM Changeset in webkit [248204] by Devin Rousso

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Elements: Styles: move psuedo-selector rules before inherited rules
https://bugs.webkit.org/show_bug.cgi?id=199950

Reviewed by Joseph Pecoraro.

Since pseudo-selector rules (usually) affect the selected element, or are related to its
content, it's more useful to have them near that element's rules instead of after all of
it's inherited rules.

UserInterface/Views/SpreadsheetRulesStyleDetailsPanel.js:

(WI.SpreadsheetRulesStyleDetailsPanel.prototype.layout):

1:32 PM Changeset in webkit [248203] by Konstantin Tokarev

2 edits in trunk/Source/WebKit

Fix compilation with disabled WebGL
https://bugs.webkit.org/show_bug.cgi?id=200421

Reviewed by Wenson Hsieh.

After r247452 webGLStateTracker is guarded with #if ENABLE(WEBGL)

WebProcess/WebPage/WebPage.cpp:

(WebKit::m_textAutoSizingAdjustmentTimer):

12:36 PM Changeset in webkit [248202] by Devin Rousso

14 edits
1 copy
5 adds in trunk

Web Inspector: Elements: Styles: add icons for various CSS rule types
https://bugs.webkit.org/show_bug.cgi?id=199946

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

UserInterface/Controllers/CSSManager.js:

(WI.CSSManager.displayNameForPseudoId):
Add hardcoded pseudo-selector identifiers for older backends.

UserInterface/Models/CSSSelector.js:

(WI.CSSSelector.prototype.isPseudoSelector): Added.
(WI.CSSSelector.prototype.isPseudoElementSelector): Deleted.
There are more types of pseudo-selectors than just :{before|after}.

UserInterface/Models/CSSStyleDeclaration.js:

(WI.CSSStyleDeclaration.prototype.generateCSSRuleString): Added.

UserInterface/Views/SpreadsheetRulesStyleDetailsPanel.js:

(WI.SpreadsheetRulesStyleDetailsPanel.prototype.spreadsheetCSSStyleDeclarationSectionAddNewRule): Added.
(WI.SpreadsheetRulesStyleDetailsPanel.prototype.layout):
Provide a delegate method for adding a new rule, so the WI.SpreadsheetRulesStyleDetailsPanel
can know what selector to focus once the new rule gets added.

UserInterface/Views/SpreadsheetCSSStyleDeclarationSection.js:

(WI.SpreadsheetCSSStyleDeclarationSection.prototype.initialLayout):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype._renderSelector):
(WI.SpreadsheetCSSStyleDeclarationSection.prototype._populateIconElementContextMenu): Added.

UserInterface/Views/SpreadsheetCSSStyleDeclarationSection.css:

(.spreadsheet-css-declaration .header.editing-selector .selector): Added.
(.spreadsheet-css-declaration .selector > .icon): Added.
(.spreadsheet-css-declaration .selector > .icon + *): Added.
(.spreadsheet-css-declaration .selector.style-attribute > span): Added.
When "mousedown" (or "contextmenu") on the icon, show a context menu with helpful actions:

Copy Rule
{Disable|Enable} Rule
Duplicate Selector
Add :{active|focus|hover|visited} Rule
Create ::{before|after} Rule
Reveal in {Resources Tab|Sources Tab|Stylesheet}

Drive-by: add an extra 0.5px of initial margin before the Style Attribute selector (which is
sans-serif) so it properly aligns with the other selectors (which are monospaced).

UserInterface/Views/SpreadsheetCSSStyleDeclarationEditor.js:

(WI.SpreadsheetCSSStyleDeclarationEditor.prototype.layout):

UserInterface/Views/SpreadsheetCSSStyleDeclarationEditor.css:

(.spreadsheet-style-declaration-editor:empty): Added.
(.spreadsheet-style-declaration-editor.no-properties): Deleted.
Add some extra space when there's no inline style so it looks a bit less cramped.

UserInterface/Main.html:
UserInterface/Views/StyleRuleIcons.css: Added.

(.author-style-rule-icon .icon):
(.author-style-rule-icon.pseudo-selector .icon):
(.user-style-rule-icon .icon):
(.user-style-rule-icon.pseudo-selector .icon):
(.user-agent-style-rule-icon .icon):
(.user-agent-style-rule-icon.pseudo-selector .icon):
(.inspector-style-rule-icon .icon):
(.inspector-style-rule-icon.pseudo-selector .icon):
(.inherited-style-rule-icon .icon):
(.inherited-element-style-rule-icon .icon):

UserInterface/Images/StyleRule.svg: Added.
UserInterface/Images/StyleRuleInheritedElement.svg: Added.
UserInterface/Images/StyleRulePseudo.svg: Added.

Add generic icon classes for style rule icons.

UserInterface/Base/Setting.js:
UserInterface/Views/SettingsTabContentView.js:

(WI.SettingsTabContentView.prototype._createExperimentalSettingsView):
Add experimental setting.

Localizations/en.lproj/localizedStrings.js:

LayoutTests:

inspector/css/generateCSSRuleString.html: Added.
inspector/css/generateCSSRuleString-expected.txt: Added.

12:00 PM Changeset in webkit [248201] by Devin Rousso

28 edits
1 move
5 adds
2 deletes in trunk

Web Inspector: DOM: add a special breakpoint for "All Events"
https://bugs.webkit.org/show_bug.cgi?id=200285

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

Similar to the existing "All Requests" breakpoint, there should be a way to set a breakpoint
that would pause for any DOM event, regardless of the event's name. This is useful for
situations where the event name isn't known, or where one simply wants to pause on the next
entry to the event loop.

Along these lines, make the "requestAnimationFrame", "setTimeout", and "setInterval"
event breakpoints into special breakpoints that can be added/removed via the create
breakpoint context menu. This simplifies the process for setting these breakpoints, and also
makes them more discoverable (most people wouldn't consider them to be "events").

inspector/protocol/Debugger.json:
- Rename the EventListener pause reason to Listener.
- Split the Timer pause reason into Interval and Timeout.

inspector/protocol/DOMDebugger.json:
- Split the timer type into interval and timeout.
- Make eventName optional for addEventBreakpoint/removeEventBreakpoint. When omitted, the corresponding breakpoint that is added/removed is treated as a global breakpoint that applies to all events of that type (e.g. a global listener breakpoint would pause for any event that is fired).

Source/WebCore:

Tests: inspector/dom/breakpoint-for-event-listener.html

inspector/dom-debugger/event-animation-frame-breakpoints.html
inspector/dom-debugger/event-breakpoint-with-navigation.html
inspector/dom-debugger/event-interval-breakpoints.html
inspector/dom-debugger/event-listener-breakpoints.html
inspector/dom-debugger/event-timeout-breakpoints.html

inspector/agents/InspectorDOMDebuggerAgent.h:
inspector/agents/InspectorDOMDebuggerAgent.cpp:

(WebCore::InspectorDOMDebuggerAgent::disable):
(WebCore::InspectorDOMDebuggerAgent::frameDocumentUpdated):
(WebCore::InspectorDOMDebuggerAgent::setEventBreakpoint):
(WebCore::InspectorDOMDebuggerAgent::removeEventBreakpoint):
(WebCore::InspectorDOMDebuggerAgent::willHandleEvent):
(WebCore::InspectorDOMDebuggerAgent::willFireTimer):
(WebCore::InspectorDOMDebuggerAgent::willFireAnimationFrame):
(WebCore::InspectorDOMDebuggerAgent::discardBindings): Deleted.
Make eventName optional for addEventBreakpoint/removeEventBreakpoint. When omitted,
the corresponding breakpoint that is added/removed is treated as a global breakpoint that
applies to all events of that type (e.g. a global listener breakpoint would pause for any
event that is fired).

Source/WebInspectorUI:

UserInterface/Models/EventBreakpoint.js:

(WI.EventBreakpoint):
(WI.EventBreakpoint.deserialize):
(WI.EventBreakpoint.prototype.saveIdentityToCookie):
(WI.EventBreakpoint.prototype.toJSON):

UserInterface/Controllers/DebuggerManager.js:

(WI.DebuggerManager.prototype._pauseReasonFromPayload):

UserInterface/Controllers/DOMDebuggerManager.js:

(WI.DOMDebuggerManager):
(WI.DOMDebuggerManager.prototype.initializeTarget):
(WI.DOMDebuggerManager.supportsDOMBreakpoints): Added.
(WI.DOMDebuggerManager.supportsEventBreakpoints):
(WI.DOMDebuggerManager.supportsEventListenerBreakpoints): Added.
(WI.DOMDebuggerManager.supportsURLBreakpoints):
(WI.DOMDebuggerManager.supportsXHRBreakpoints): Added.
(WI.DOMDebuggerManager.supportsAllListenersBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get allAnimationFramesBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get allIntervalsBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get allListenersBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get allTimeoutsBreakpoint): Added.
(WI.DOMDebuggerManager.prototype.get listenerBreakpoints): Added.
(WI.DOMDebuggerManager.prototype.isBreakpointSpecial):
(WI.DOMDebuggerManager.prototype.listenerBreakpointForEventName): Added.
(WI.DOMDebuggerManager.prototype.addEventBreakpoint):
(WI.DOMDebuggerManager.prototype.removeEventBreakpoint):
(WI.DOMDebuggerManager.prototype.addURLBreakpoint):
(WI.DOMDebuggerManager.prototype._resolveDOMBreakpoint):
(WI.DOMDebuggerManager.prototype._updateDOMBreakpoint):
(WI.DOMDebuggerManager.prototype._updateEventBreakpoint):
(WI.DOMDebuggerManager.prototype._updateURLBreakpoint):
(WI.DOMDebuggerManager.prototype._handleDOMBreakpointDisabledStateChanged):
(WI.DOMDebuggerManager.prototype._handleEventBreakpointDisabledStateChanged):
(WI.DOMDebuggerManager.prototype._handleURLBreakpointDisabledStateChanged):
(WI.DOMDebuggerManager.prototype.get eventBreakpoints): Deleted.
(WI.DOMDebuggerManager.prototype.eventBreakpointForTypeAndEventName): Deleted.
Add additional target compatibility checks.

UserInterface/Views/EventBreakpointPopover.js:

(WI.EventBreakpointPopover.prototype.show):
(WI.EventBreakpointPopover.prototype.dismiss):
(WI.EventBreakpointPopover.prototype._handleTypeSelectChange): Deleted.

UserInterface/Views/EventBreakpointPopover.css:

(.popover .event-breakpoint-content > input): Added.
(.popover .event-breakpoint-content > input::placeholder): Added.
(.popover .event-breakpoint-content > .event-type): Deleted.
(.popover .event-breakpoint-content > .event-type > input): Deleted.
(.popover .event-breakpoint-content > .event-type > input::placeholder): Deleted.

UserInterface/Views/EventBreakpointTreeElement.css:

(.breakpoint.event.breakpoint-for-interval:not(.breakpoint-paused-icon) .icon): Added.
(.breakpoint.event.breakpoint-for-timeout:not(.breakpoint-paused-icon) .icon): Added.
(.breakpoint.event.breakpoint-for-timer:not(.breakpoint-paused-icon) .icon): Deleted.

UserInterface/Views/DebuggerSidebarPanel.js:

(WI.DebuggerSidebarPanel):
(WI.DebuggerSidebarPanel.prototype.saveStateToCookie):
(WI.DebuggerSidebarPanel.prototype.restoreStateFromCookie):
(WI.DebuggerSidebarPanel.prototype._addBreakpoint):
(WI.DebuggerSidebarPanel.prototype._addTreeElement):
(WI.DebuggerSidebarPanel.prototype._updatePauseReasonSection):
(WI.DebuggerSidebarPanel.prototype._handleBreakpointElementAddedOrRemoved):
(WI.DebuggerSidebarPanel.prototype._populateCreateBreakpointContextMenu.addToggleForSpecialEventBreakpoint): Added.
(WI.DebuggerSidebarPanel.prototype._populateCreateBreakpointContextMenu):

UserInterface/Views/SourcesNavigationSidebarPanel.js:

(WI.SourcesNavigationSidebarPanel):
(WI.SourcesNavigationSidebarPanel.prototype._insertDebuggerTreeElement):
(WI.SourcesNavigationSidebarPanel.prototype._addBreakpoint):
(WI.SourcesNavigationSidebarPanel.prototype._updatePauseReasonSection):
(WI.SourcesNavigationSidebarPanel.prototype._handleBreakpointElementAddedOrRemoved):
(WI.SourcesNavigationSidebarPanel.prototype._populateCreateBreakpointContextMenu.addToggleForSpecialEventBreakpoint): Added.
(WI.SourcesNavigationSidebarPanel.prototype._populateCreateBreakpointContextMenu):
Add create breakpoint context menu items (also sort the breakpoints in this order):

"All Animation Frames" => [A] All Animation Frames
"All Timeouts" => [T] All Timeouts
"All Intervals" => [I] All Intervals
"All Events" => [E] All Events

UserInterface/Controllers/JavaScriptRuntimeCompletionProvider.js:

(WI.JavaScriptRuntimeCompletionProvider.completionControllerCompletionsNeeded.receivedPropertyNames):

UserInterface/Base/Setting.js:
UserInterface/Images/EventBreakpointInterval.svg: Added.
UserInterface/Images/EventBreakpointTimeout.svg: Renamed from Source/WebInspectorUI/UserInterface/Images/EventBreakpointTimer.svg.
Localizations/en.lproj/localizedStrings.js:

LayoutTests:

inspector/dom/breakpoint-for-event-listener.html:
inspector/dom/breakpoint-for-event-listener-expected.txt:

inspector/dom-debugger/event-animation-frame-breakpoints.html:
inspector/dom-debugger/event-animation-frame-breakpoints-expected.txt:
inspector/dom-debugger/event-breakpoint-with-navigation.html:
inspector/dom-debugger/event-breakpoint-with-navigation-expected.txt:
inspector/dom-debugger/event-interval-breakpoints.html: Added.
inspector/dom-debugger/event-interval-breakpoints-expected.txt: Added.
inspector/dom-debugger/event-listener-breakpoints.html:
inspector/dom-debugger/event-listener-breakpoints-expected.txt:
inspector/dom-debugger/event-timeout-breakpoints.html: Added.
inspector/dom-debugger/event-timeout-breakpoints-expected.txt: Added.

inspector/dom-debugger/resources/event-breakpoint-utilities.js:

(TestPage.registerInitializer.InspectorTest.EventBreakpoint.teardown):
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.failOnPause):
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.createBreakpoint): Added.
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.addBreakpoint):
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.removeBreakpoint):
(TestPage.registerInitializer.InspectorTest.EventBreakpoint.disableBreakpoint):

inspector/dom-debugger/event-timer-breakpoints.html: Removed.
inspector/dom-debugger/event-timer-breakpoints-expected.txt: Removed.

9:09 AM Changeset in webkit [248200] by Alan Bujtas

19 edits
4 deletes in trunk

[LFC] Remove formatting context type leaf classes
https://bugs.webkit.org/show_bug.cgi?id=200224
<rdar://problem/53661907>

Reviewed by Antti Koivisto.

Let's keep the layout tree formatting context type independent.

Sources.txt:
WebCore.xcodeproj/project.pbxproj:
layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::layout const):
(WebCore::Layout::InlineFormattingContext::computeIntrinsicWidthConstraints const):
(WebCore::Layout::InlineFormattingContext::initializeMarginBorderAndPaddingForGenericInlineBox const):
(WebCore::Layout::InlineFormattingContext::collectInlineContent const):

layout/inlineformatting/InlineFormattingContext.h:
layout/inlineformatting/InlineFormattingContextLineLayout.cpp:

(WebCore::Layout::inlineItemWidth):
(WebCore::Layout::LineLayout::placeInlineItem):

layout/inlineformatting/InlineItem.h:
layout/inlineformatting/InlineTextItem.cpp:

(WebCore::Layout::InlineTextItem::createAndAppendTextItems):
(WebCore::Layout::InlineTextItem::InlineTextItem):
(WebCore::Layout::InlineTextItem::split const):

layout/inlineformatting/InlineTextItem.h:

(WebCore::Layout::InlineTextItem::inlineBox const): Deleted.

layout/inlineformatting/text/TextUtil.cpp:

(WebCore::Layout::TextUtil::width):
(WebCore::Layout::TextUtil::split):

layout/inlineformatting/text/TextUtil.h:
layout/layouttree/LayoutBox.cpp:

(WebCore::Layout::Box::Box):
(WebCore::Layout::Box::~Box):
(WebCore::Layout::Box::formattingContextRoot const):
(WebCore::Layout::Box::setTextContent):
(WebCore::Layout::Box::hasTextContent const):
(WebCore::Layout::Box::textContent const):
(WebCore::Layout::Box::replaced const):
(WebCore::Layout::Box::replaced):
(WebCore::Layout::Box::rareDataMap):
(WebCore::Layout::Box::rareData const):
(WebCore::Layout::Box::ensureRareData):
(WebCore::Layout::Box::removeRareData):

layout/layouttree/LayoutBox.h:

(WebCore::Layout::Box::isLineBreakBox const):
(WebCore::Layout::Box::hasRareData const):
(WebCore::Layout::Box::setHasRareData):
(WebCore::Layout::Box::isInlineBox const): Deleted.
(WebCore::Layout::Box::replaced const): Deleted.
(WebCore::Layout::Box::replaced): Deleted.

layout/layouttree/LayoutContainer.h:

(WebCore::Layout::Container::firstChild const): Deleted.
(WebCore::Layout::Container::lastChild const): Deleted.
(WebCore::Layout::Container::hasChild const): Deleted.
(WebCore::Layout::Container::hasInFlowChild const): Deleted.
(WebCore::Layout::Container::hasInFlowOrFloatingChild const): Deleted.
(WebCore::Layout::Container::outOfFlowDescendants const): Deleted.

layout/layouttree/LayoutInlineBox.cpp: Removed.
layout/layouttree/LayoutInlineBox.h: Removed.
layout/layouttree/LayoutLineBreakBox.cpp: Removed.
layout/layouttree/LayoutLineBreakBox.h: Removed.
layout/layouttree/LayoutTreeBuilder.cpp:

(WebCore::Layout::TreeBuilder::createLayoutBox):
(WebCore::Layout::outputLayoutBox):

7:01 AM Changeset in webkit [248199] by Alan Bujtas

13 edits
4 deletes in trunk/Source/WebCore

[LFC] Remove formatting context type container classes.
https://bugs.webkit.org/show_bug.cgi?id=200202

Reviewed by Antti Koivisto.

These are formatting context specific classes. Let's try to have a layout tree without such types.

Sources.txt:
WebCore.xcodeproj/project.pbxproj:
layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::computeIntrinsicWidthConstraints const):

layout/inlineformatting/InlineFormattingContext.cpp:

(WebCore::Layout::InlineFormattingContext::layout const):
(WebCore::Layout::InlineFormattingContext::computeMarginBorderAndPaddingForInlineContainer const):

layout/inlineformatting/InlineFormattingContext.h:
layout/inlineformatting/InlineFormattingContextLineLayout.cpp:

(WebCore::Layout::InlineFormattingContext::InlineLayout::layout const):

layout/inlineformatting/InlineLine.cpp:

(WebCore::Layout::Line::appendTextContent):

layout/layouttree/LayoutBlockContainer.cpp: Removed.
layout/layouttree/LayoutBlockContainer.h: Removed.
layout/layouttree/LayoutBox.cpp:

(WebCore::Layout::Box::establishesInlineFormattingContext const):
(WebCore::Layout::Box::establishesInlineFormattingContextOnly const):
(WebCore::Layout::Box::formattingContextRoot const):

layout/layouttree/LayoutBox.h:

(WebCore::Layout::Box::isBlockContainer const):
(WebCore::Layout::Box::isInlineContainer const):
(WebCore::Layout::Box::isInlineBox const):
(WebCore::Layout::Box::establishesInlineFormattingContext const): Deleted.
(WebCore::Layout::Box::establishesInlineFormattingContextOnly const): Deleted.

layout/layouttree/LayoutInlineContainer.cpp: Removed.
layout/layouttree/LayoutInlineContainer.h: Removed.
layout/layouttree/LayoutIterator.h:

(WebCore::Layout::LayoutBoxTraversal::firstChild):

layout/layouttree/LayoutTreeBuilder.cpp:

(WebCore::Layout::TreeBuilder::createLayoutTree):
(WebCore::Layout::TreeBuilder::createLayoutBox):
(WebCore::Layout::TreeBuilder::createTableStructure):
(WebCore::Layout::outputLayoutBox):

layout/layouttree/LayoutTreeBuilder.h:
page/FrameViewLayoutContext.cpp:

(WebCore::layoutUsingFormattingContext):

1:56 AM Changeset in webkit [248198] by Devin Rousso

9 edits in trunk/Source/WebInspectorUI

Web Inspector: Heap Snapshot Views should be searchable
https://bugs.webkit.org/show_bug.cgi?id=157582
<rdar://problem/26228629>

Reviewed by Joseph Pecoraro.

Without the ability to filter/search, it's far more difficult to find objects of interest.
Rather than spending time scrolling through the entire heap snapshot or sorting by "Name",
a simple filter/search (which also uses the global search settings) is almost instant.

UserInterface/Views/HeapAllocationsTimelineView.js:

(WI.HeapAllocationsTimelineView.prototype.updateFilter): Addded.
(WI.HeapAllocationsTimelineView.prototype.get showsFilterBar): Deleted.

UserInterface/Views/HeapSnapshotClusterContentView.js:

(WI.HeapSnapshotClusterContentView.prototype.updateFilter): Added.

UserInterface/Views/HeapSnapshotContentView.js:

(WI.HeapSnapshotContentView):
(WI.HeapSnapshotContentView.prototype.updateFilter): Added.
(WI.HeapSnapshotContentView.prototype.dataGridMatchNodeAgainstCustomFilters): Added.
(WI.HeapSnapshotContentView.prototype.dataGridMatchShouldPopulateWhenFilteringNode): Added.

UserInterface/Views/DataGrid.js:

(WI.DataGrid.prototype._updateFilter.createIteratorForNodesToBeFiltered):
Don't attempt to populate each heap snapshot WI.DataGridNode when filtering, as that can
quickly exhaust memory due to the sheer size of a heap snapshot.

UserInterface/Base/Main.js:

(WI._find):

UserInterface/Views/TimelineTabContentView.js:

(WI.TimelineTabContentView.prototype.get canHandleFindEvent): Added.
(WI.TimelineTabContentView.prototype.handleFindEvent): Added.

UserInterface/Views/TimelineRecordingContentView.js:

(WI.TimelineRecordingContentView.prototype.get canFocusFilterBar): Added.
(WI.TimelineRecordingContentView.prototype.focusFilterBar): Added.

UserInterface/Views/FilterBar.js:

(WI.FilterBar.prototype.focus): Added.
Allow the current tab to intercept the find shortcut and do something custom. In the case
of a WI.TimelineTabContentView, declare that it can handle the find event if the displayed
content view (WI.TimelineRecordingContentView) can focus it's filter bar. If so, when the
find shortcut is triggered, focus the filter bar.

1:52 AM Changeset in webkit [248197] by Devin Rousso

6 edits
2 adds in trunk

Web Inspector: CSS Formatter: comments with an escape character aren't formatted
https://bugs.webkit.org/show_bug.cgi?id=200168

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

Don't allow escaping of the "*" in CSS comments (e.g. \*/).

Add additional pretty printing rules for comments so that there's always some space between
them and the surrounding text. This ensures that they don't interfere with readability.

UserInterface/Workers/Formatter/CSSFormatter.js:

(CSSFormatter.prototype._format):

UserInterface/Workers/Formatter/FormatterContentBuilder.js:

(FormatterContentBuilder.prototype.get indented): Added.

LayoutTests:

inspector/formatting/formatting-css.html:
inspector/formatting/formatting-css-expected.txt:
inspector/formatting/resources/css-tests/comment.css: Added.
inspector/formatting/resources/css-tests/comment-expected.css: Added.

12:37 AM Changeset in webkit [248196] by Devin Rousso

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Console: execution context picker doesn't update when switching to the inferred context from auto
https://bugs.webkit.org/show_bug.cgi?id=200279

Reviewed by Joseph Pecoraro.

The representedObject of the "auto" execution context path component is shared with that
execution context's actual path component, meaning that if the user switches from "auto" to
that execution context's path component, the underlying representedObject wouldn't change,
and therfore the RuntimeManager.Event.ActiveExecutionContextChanged wouldn't fire. In this
case, update the visible ("selected") execution context path component manually.

UserInterface/Views/QuickConsole.js:

(WI.QuickConsole.prototype._selectExecutionContext):
(WI.QuickConsole.prototype._pathComponentSelected):

Aug 2, 2019:

9:01 PM Changeset in webkit [248195] by keith_miller@apple.com

5 edits in trunk/Source/JavaScriptCore

Address comments on r248178
https://bugs.webkit.org/show_bug.cgi?id=200411

Reviewed by Saam Barati.

b3/B3Opcode.h:
b3/B3Procedure.h:

(JSC::B3::Procedure::tuples const):

b3/B3Validate.cpp:
b3/testb3_1.cpp:

(main):

6:10 PM Changeset in webkit [248194] by rmorisset@apple.com

2 edits in trunk/Source/WebCore

[WHLSL] Avoid visiting the full AST in computeDimensions
https://bugs.webkit.org/show_bug.cgi?id=200410

Reviewed by Myles C. Maxfield.

Avoid visiting the full AST in computeDimensions
This cuts the time spent in computeDimensions on compute_boids.html from about 2ms to about 0.002ms.

No new tests as there is no functional change intended.

Modules/webgpu/WHLSL/WHLSLComputeDimensions.cpp:

(WebCore::WHLSL::computeDimensions):

Modules/webgpu/WHLSL/WHLSLPrepare.cpp:

5:49 PM Changeset in webkit [248193] by rniwa@webkit.org

2 edits in trunk/Source/WebCore

Ref Frame in DOMWindow::screen* functions
https://bugs.webkit.org/show_bug.cgi?id=200409

Reviewed by Simon Fraser.

Ref Frame in the following functions.

page/DOMWindow.cpp:

(WebCore::DOMWindow::innerHeight const):
(WebCore::DOMWindow::innerWidth const):
(WebCore::DOMWindow::screenX const):
(WebCore::DOMWindow::screenY const):
(WebCore::DOMWindow::scrollX const):
(WebCore::DOMWindow::scrollY const):

5:31 PM Changeset in webkit [248192] by mark.lam@apple.com

13 edits in trunk/Source

[ARM64E] Harden the diversity of the DOMJIT::Signature::unsafeFunction pointer.
https://bugs.webkit.org/show_bug.cgi?id=200292
<rdar://problem/53706881>

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Previously, DOMJIT::Signature::functionWithoutTypeCheck was signed as a C function
pointer. We can do better by signing it like a vtbl function pointer.

No new tests needed. The DOMJIT mechanism is covered by existing tests.

I also manually confirmed that DOMJIT::Signature::functionWithoutTypeCheck is signed
exactly as expected by reading its bits out of memory (not letting Clang have a
chance to resign it into a C function pointer) and comparing it against manually
signed bits with the expected diversifier.

assembler/MacroAssemblerCodeRef.h:

(JSC::CFunctionPtr::CFunctionPtr):
(JSC::CFunctionPtr::get const):
(JSC::CFunctionPtr::address const):
(JSC::CFunctionPtr::operator bool const):
(JSC::CFunctionPtr::operator! const):
(JSC::CFunctionPtr::operator== const):
(JSC::CFunctionPtr::operator!= const):

Introduce a CFunctionPtr abstraction that is used to hold pointers to C functions. It can instantiated in 4 ways:

The default constructor.
A constructor that takes a nullptr_t.

These 2 forms will instantiate a CFunctionPtr with a nullptr.

A constructor that takes the name of a function.
A constructor that takes a function pointer.

Form 3 already knows that we're initializing with a real function, and
that Clang will give it to use signed as a C function pointer. So, it
doesn't do any assertions. This form is useful for initializing CFunctionPtrs
embedded in const data structures.

Form 4 is an explicit constructor that takes an arbitrary function
pointer, but does not know if that pointer is already signed as a C function
pointer. Hence, this form will do a RELEASE_ASSERT that the given function
pointer is actually signed as a C function pointer.

Once instantiated, we are guaranteed that a C function pointer is either null
or contains a signed C function pointer.

domjit/DOMJITSignature.h:

(JSC::DOMJIT::Signature::Signature):

Sign functionWithoutTypeCheck as WTF_VTBL_FUNCPTR_PTRAUTH(DOMJITFunctionPtrTag).

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCallDOM):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCallDOM):

Use the new CFunctionPtr to document that the retrieved signature->functionWithoutTypeCheck is signed as a C function pointer.

runtime/ClassInfo.h:
Update MethodTable to sign its function pointers using the new WTF_VTBL_FUNCPTR_PTRAUTH_STR to be consistent. No longer need to roll its own PTRAUTH macro.

runtime/JSCPtrTag.h:
Add DOMJITFunctionPtrTag.

tools/JSDollarVM.cpp:
Update to work with the new DOMJIT::Signature constructor.

Source/WebCore:

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

Update to work with the new DOMJIT::Signature constructor.

bindings/scripts/test/JS/JSTestDOMJIT.cpp:
Re-base test results.

Source/WTF:

wtf/PtrTag.h:
Introducing WTF_VTBL_FUNCPTR_PTRAUTH and WTF_VTBL_FUNCPTR_PTRAUTH_STR macros for defining vtbl function pointer style pointer signing modifier.

5:09 PM Changeset in webkit [248191] by Alan Coon

1 copy in tags/Safari-608.1.42

Tag Safari-608.1.42.

4:44 PM Changeset in webkit [248190] by Keith Rollin

24 edits in trunk

Consistently use Obj-C boolean literals
https://bugs.webkit.org/show_bug.cgi?id=200405
<rdar://problem/53880043>

Reviewed by Simon Fraser, Joseph Pecoraro.

There are places where we use equivalent but different expressions for
Obj-C boolean objects. For example, we use both [NSNumber
numberWithBool:YES] and @YES. There are places where both are used in
the same function, such as -[WebPreferences initialize]. The boolean
literal is in greater use and is more succinct, so standardize on
that. Also, change @(YES/NO) to @YES/NO.

Examples:

NetscapeCoreAnimationMoviePlugin/main.m:

(NPP_GetValue):

Source/WebCore:

No new tests -- no new or changed functionality.

platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:

(WebCore::SourceBufferPrivateAVFObjC::enqueueSample):

platform/graphics/cv/ImageTransferSessionVT.mm:

(WebCore::ImageTransferSessionVT::ImageTransferSessionVT):
(WebCore::ImageTransferSessionVT::setSize):
(WebCore::ImageTransferSessionVT::ioSurfacePixelBufferCreationOptions):

platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.mm:

(WebCore::RealtimeIncomingVideoSourceCocoa::pixelBufferPool):

platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm:

(WebCore::ScreenDisplayCaptureSourceMac::createDisplayStream):

platform/network/mac/ResourceHandleMac.mm:

(WebCore::ResourceHandle::applySniffingPoliciesIfNeeded):

Source/WebKit:

NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:

(WebKit::NetworkDataTaskCocoa::applySniffingPoliciesAndBindRequestToInferfaceIfNeeded):

NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(WebKit::NetworkSessionCocoa::NetworkSessionCocoa):

UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:

(WebKit::LocalConnection::getAttestation const):

Source/WebKitLegacy/mac:

History/WebHistoryItem.mm:
WebView/WebFrame.mm:

(-[WebFrame _cacheabilityDictionary]):

WebView/WebPreferences.mm:

(+[WebPreferences initialize]):

Tools:

DumpRenderTree/mac/ObjCController.m:

(-[ObjCController objectOfClass:]):

TestWebKitAPI/Tests/WebKitCocoa/BundleEditingDelegate.mm:

(TEST):

TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:

(overrideAddObserverForName):

TestWebKitAPI/ios/mainIOS.mm:

(main):

TestWebKitAPI/mac/InjectedBundleControllerMac.mm:

(TestWebKitAPI::InjectedBundleController::platformInitialize):

TestWebKitAPI/mac/mainMac.mm:

(main):

WebKitLauncher/WebKitNightlyEnabler.m:

(enableWebKitNightlyBehaviour):

4:20 PM Changeset in webkit [248189] by commit-queue@webkit.org

2 edits in trunk/LayoutTests

[ Mac ] Layout Test accessibility/mac/press-not-work-for-disabled-menu-list.html is a flaky failure
https://bugs.webkit.org/show_bug.cgi?id=196505
<rdar://problem/49532620>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-08-02
Reviewed by Chris Fleizach.

Re-wrote test in a timing independent way. This should fix the intermittent failures.

accessibility/mac/press-not-work-for-disabled-menu-list.html:

4:03 PM Changeset in webkit [248188] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

Add accessibility object method to determine whether an element is inside a table cell. Needed for iOS accessibility client.
https://bugs.webkit.org/show_bug.cgi?id=200394
<rdar://problem/52914964>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-08-02
Reviewed by Chris Fleizach.

Explicitly returning BOOL to avoid error in some compiler configurations.

accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper _accessibilityIsInTableCell]):

3:58 PM Changeset in webkit [248187] by ysuzuki@apple.com

18 edits
4 copies
5 adds in trunk

[JSC] Support WebAssembly in SamplingProfiler
https://bugs.webkit.org/show_bug.cgi?id=200329

Reviewed by Saam Barati.

JSTests:

stress/sampling-profiler-wasm-name-section.js: Added.

(const.compile):
(platformSupportsSamplingProfiler.vm.isWasmSupported.wasmEntry):
(platformSupportsSamplingProfiler.vm.isWasmSupported):

stress/sampling-profiler-wasm.js: Added.

(platformSupportsSamplingProfiler.vm.isWasmSupported.wasmEntry):
(platformSupportsSamplingProfiler.vm.isWasmSupported):

stress/sampling-profiler/loop.wasm: Added.
stress/sampling-profiler/loop.wast: Added.
stress/sampling-profiler/nameSection.wasm: Added.

Source/JavaScriptCore:

The sampling profiler support is critical to investigate what is actually time-consuming. This patch adds the sampling profiler support for Wasm functions
to list up hot Wasm functions with compilation mode (BBQ or OMG). This allows us to investigate the hot functions in JetStream2 wasm tests.

In order to retrieve wasm function information from the sampling profiler safely, we need to know whether the given Wasm CalleeBits is valid in the call frame.
To achieve this, we start collecting valid Wasm::Callee pointers in a global hash set. Previously, each Wasm::Callee registered its code region to a hash set
for wasm fault signal handler to know whether the faulted program-counter is in wasm region. We reuse and change this mechanism. Instead of registering code region,
we register Wasm::Callee* to a hash set. The sampling profiler reuses this hash set to determine whether the given bits is a valid Wasm::Callee.

The sampling profiler retrieves the information safely from valid Wasm::Callee* pointer. It is possible that this Wasm::Callee is about to be dead: ref-count is 0,
now in the middle of the destructor of Wasm::Callee. Even in that case, fields of Wasm::Callee are still valid and can be accessed since destroying these fields happens
after we unregister Wasm::Callee from the global hash set.

We retrieve Wasm::IndexOrName and Wasm::CompilationMode. Copying them does not involve any allocations, locking etc. So we can safely copy them while some of threads are suspended.

This patch also fixes the issue that we never called unregisterCode while every Wasm::Calllee registers its code region through registerCode.

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
Sources.txt:
runtime/InitializeThreading.cpp:

(JSC::initializeThreading):

runtime/SamplingProfiler.cpp:

(JSC::FrameWalker::FrameWalker):
(JSC::FrameWalker::recordJSFrame):
(JSC::CFrameWalker::CFrameWalker):
(JSC::SamplingProfiler::takeSample):
(JSC::SamplingProfiler::processUnverifiedStackTraces):
(JSC::SamplingProfiler::StackFrame::displayName):
(JSC::SamplingProfiler::StackFrame::displayNameForJSONTests):
(JSC::SamplingProfiler::StackFrame::functionStartLine):
(JSC::SamplingProfiler::StackFrame::functionStartColumn):
(JSC::SamplingProfiler::StackFrame::sourceID):
(JSC::SamplingProfiler::StackFrame::url):
(JSC::SamplingProfiler::reportTopBytecodes):
(WTF::printInternal):

runtime/SamplingProfiler.h:
tools/JSDollarVM.cpp:

(JSC::functionIsWasmSupported):
(JSC::JSDollarVM::finishCreation):

wasm/WasmB3IRGenerator.h:
wasm/WasmBBQPlan.cpp:

(JSC::Wasm::BBQPlan::complete):

wasm/WasmBBQPlanInlines.h:

(JSC::Wasm::BBQPlan::initializeCallees):

wasm/WasmCallee.cpp:

(JSC::Wasm::Callee::Callee):
(JSC::Wasm::Callee::~Callee):

wasm/WasmCallee.h:

(JSC::Wasm::Callee::create): Deleted.
(JSC::Wasm::Callee::entrypoint const): Deleted.
(JSC::Wasm::Callee::calleeSaveRegisters): Deleted.
(JSC::Wasm::Callee::indexOrName const): Deleted.

wasm/WasmCalleeRegistry.cpp: Copied from Source/JavaScriptCore/wasm/WasmFaultSignalHandler.h.

(JSC::Wasm::CalleeRegistry::initialize):
(JSC::Wasm::CalleeRegistry::singleton):

wasm/WasmCalleeRegistry.h: Copied from Source/JavaScriptCore/wasm/WasmCallee.cpp.

(JSC::Wasm::CalleeRegistry::getLock):
(JSC::Wasm::CalleeRegistry::registerCallee):
(JSC::Wasm::CalleeRegistry::unregisterCallee):
(JSC::Wasm::CalleeRegistry::isValidCallee):

wasm/WasmCompilationMode.cpp: Copied from Source/JavaScriptCore/wasm/WasmFaultSignalHandler.h.

(JSC::Wasm::makeString):

wasm/WasmCompilationMode.h: Copied from Source/JavaScriptCore/wasm/WasmFaultSignalHandler.h.
wasm/WasmFaultSignalHandler.cpp:

(JSC::Wasm::trapHandler):
(JSC::Wasm::enableFastMemory):
(JSC::Wasm::registerCode): Deleted.
(JSC::Wasm::unregisterCode): Deleted.

wasm/WasmFaultSignalHandler.h:
wasm/WasmIndexOrName.h:
wasm/WasmOMGPlan.cpp:

(JSC::Wasm::OMGPlan::work):

3:57 PM Changeset in webkit [248186] by Wenson Hsieh

3 edits in trunk/Tools

TextAutosizingBoost.ChangeAutosizingBoostAtRuntime fails on iPad Simulator
https://bugs.webkit.org/show_bug.cgi?id=200402
<rdar://problem/53823368>

Reviewed by Tim Horton.

Make it possible to run this test using the iPad simulator.

TestWebKitAPI/Tests/ios/TextAutosizingBoost.mm:

Two adjustments: (1) override the screen size to be 320 by 568 (so that the legacy text autosizing heuristic
doesn't avoid boosting this text), and (2) force text autosizing on, but disable idempotent text autosizing,
since this would result in differently sized text.

(mainScreenReferenceBoundsOverride):

TestWebKitAPI/ios/UIKitSPI.h:

3:20 PM Changeset in webkit [248185] by ysuzuki@apple.com

3 edits
1 add in trunk

[JSC] LazyJSValue should be robust for empty JSValue
https://bugs.webkit.org/show_bug.cgi?id=200388

Reviewed by Saam Barati.

JSTests:

stress/switch-constant-child-becomes-empty.js: Added.

(foo):

Source/JavaScriptCore:

If the Switch DFG node is preceded by ForceOSRExit or something that invalidates the basic block,
it can take a FrozenValue as a child which includes empty value instead of string, number etc.
If this Switch node is kept and we reached to DFGCFGSimplificationPhase, it will use this FrozenValue.
However, LazyJSValue using this FrozenValue strongly assumes that FrozenValue is never holding empty value.
But this assumption is wrong. This patch makes LazyJSValue robust for empty value.

dfg/DFGLazyJSValue.cpp:

(JSC::DFG::LazyJSValue::tryGetStringImpl const):
(JSC::DFG::LazyJSValue::tryGetString const):
(JSC::DFG::LazyJSValue::strictEqual const):
(JSC::DFG::LazyJSValue::switchLookupValue const):

3:14 PM Changeset in webkit [248184] by Devin Rousso

2 edits in trunk/Source/WebCore

Web Inspector: fix inverted check in InspectorDOMStorageAgent::enable
Followup to r248179.

Rubber-stamped by Joseph Pecoraro.

inspector/agents/InspectorDOMStorageAgent.cpp:

(WebCore::InspectorDOMStorageAgent::enable):

3:02 PM WebKitGTK/2.24.x edited by Michael Catanzaro

Reviewed safari-607-branch backports through r247496 and resolved … (diff)

2:54 PM Changeset in webkit [248183] by eric.carlson@apple.com

2 edits in trunk/Source/WTF

uniqueLogIdentifier() should generate a 64-bit identifier
https://bugs.webkit.org/show_bug.cgi?id=200403
<rdar://problem/53878447>

Reviewed by Youenn Fablet.

wtf/LoggerHelper.h:

(WTF::LoggerHelper::childLogIdentifier const): Use uint64_t masks.
(WTF::LoggerHelper::uniqueLogIdentifier): cryptographicallyRandomNumber returns a
uint32_t so use two to generate a 64-bit identifier.

2:32 PM Changeset in webkit [248182] by Fujii Hironori

3 edits in trunk/Source/WebCore

[Curl] Crash while destructing a URL in ~SocketStreamHandle due to data race
https://bugs.webkit.org/show_bug.cgi?id=200378

Reviewed by Ross Kirsling.

URL::isolatedCopy() is called in the worker thread. URL is using a
thread-unsafe ref-counter. It should be called in the main thread.

Covered by existing tests.

platform/network/curl/SocketStreamHandleImpl.h:
platform/network/curl/SocketStreamHandleImplCurl.cpp:

(WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl): Call URL::isolatedCopy() in the main thread.
(WebCore::SocketStreamHandleImpl::threadEntryPoint): Added a URL argument.

2:19 PM Changeset in webkit [248181] by sihui_liu@apple.com

16 edits in trunk

API tests using permanent credentials should clear credentials left by previous tests
https://bugs.webkit.org/show_bug.cgi?id=199729

Reviewed by Alex Christensen.

Source/WebCore:

Update existing API tests.

platform/network/CredentialStorage.cpp:

(WebCore::CredentialStorage::clearSessionCredentials):
(WebCore::CredentialStorage::clearPermanentCredentialsForProtectionSpace): Deleted.

platform/network/CredentialStorage.h:
platform/network/mac/CredentialStorageMac.mm:

(WebCore::CredentialStorage::clearPermanentCredentialsForProtectionSpace): Deleted.

Source/WebKit:

Permanent password credentials currently are shared across processes, so we don't need to clear them from
network process.

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::clearPermanentCredentialsForProtectionSpace): Deleted.

NetworkProcess/NetworkProcess.h:
NetworkProcess/NetworkProcess.messages.in:
UIProcess/API/Cocoa/WKProcessPool.mm:

(-[WKProcessPool _clearPermanentCredentialsForProtectionSpace:]):
(-[WKProcessPool _clearPermanentCredentialsForProtectionSpace:completionHandler:]): Deleted.

UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::clearPermanentCredentialsForProtectionSpace):

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::clearPermanentCredentialsForProtectionSpace): Deleted.

UIProcess/WebProcessPool.h:

Tools:

We used to clear the permanent credentials created by API tests at the end of the API tests, to ensure those
credentials will not affect tests running after. There is a case where permanent credentials were left on the
system, so those API tests were timing out themselves before reaching to the cleanup, which caused cascading
failure. To prevent this from happening again, add cleanup at the begining of the tests.

TestWebKitAPI/Tests/WebKitCocoa/Challenge.mm:

(TEST):

TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm:

(TestWebKitAPI::TEST):

2:07 PM Changeset in webkit [248180] by Devin Rousso

4 edits in trunk/Source/WebInspectorUI

Web Inspector: Console: all navigation items should be shown in the split console
https://bugs.webkit.org/show_bug.cgi?id=200280

Reviewed by Joseph Pecoraro.

UserInterface/Views/LogContentView.js:

(WI.LogContentView):
(WI.LogContentView.prototype.get navigationItems):
Adjust the visibilityPriority of each navigationItems so that the filter/scope bars are
kept visible for longer than the "Preserve Log"/"Emulate User Gesture" toggles.

UserInterface/Views/FindBanner.js:

(WI.FindBanner):

UserInterface/Views/FindBanner.css:

(.find-banner.console-find-banner > input[type="search"]):
(.find-banner.console-find-banner > :matches(input[type="search"], button)):
(.find-banner.console-find-banner > input[type="search"]:focus, .find-banner.console-find-banner > input[type="search"]:focus ~ button, .find-banner.console-find-banner > input[type="search"]:not(:placeholder-shown), .find-banner.console-find-banner > input[type="search"]:not(:placeholder-shown) ~ button ): Added.
(.find-banner.console-find-banner > input[type="search"]::placeholder): Deleted.
(.find-banner.console-find-banner > input[type="search"]:focus): Deleted.
(.find-banner.console-find-banner > input[type="search"]:not(:placeholder-shown)): Deleted.
(@media (prefers-color-scheme: dark) .find-banner.console-find-banner > input[type=search]:not(:placeholder-shown)): Deleted.
Make the WI.FindBanner blend in with the surrounding content when it's not focused or has
no content.

2:05 PM Changeset in webkit [248179] by Devin Rousso

17 edits in trunk/Source

Web Inspector: Storage: disable related agents when the tab is closed
https://bugs.webkit.org/show_bug.cgi?id=200117

Reviewed by Joseph Pecoraro.

Rework how enable/disable is used for storage-related agents so that events are not sent
and data isn't kept alive when the Storage tab isn't enabled.

Source/JavaScriptCore:

inspector/protocol/ApplicationCache.json:

Add disable command.

Source/WebCore:

Covered by existing tests.

inspector/agents/InspectorApplicationCacheAgent.h:
inspector/agents/InspectorApplicationCacheAgent.cpp:

(WebCore::InspectorApplicationCacheAgent::willDestroyFrontendAndBackend):
(WebCore::InspectorApplicationCacheAgent::enable):
(WebCore::InspectorApplicationCacheAgent::disable): Added.

inspector/agents/InspectorDOMStorageAgent.cpp:

(WebCore::InspectorDOMStorageAgent::enable):
(WebCore::InspectorDOMStorageAgent::disable):

inspector/agents/InspectorDatabaseAgent.cpp:

(WebCore::InspectorDatabaseAgent::enable):
(WebCore::InspectorDatabaseAgent::disable):

Source/WebInspectorUI:

UserInterface/Controllers/ApplicationCacheManager.js:

(WI.ApplicationCacheManager):
(WI.ApplicationCacheManage.prototype.get domains): Added.
(WI.ApplicationCacheManage.prototype.activateExtraDomain): Added.
(WI.ApplicationCacheManager.prototype.initializeTarget):
(WI.ApplicationCacheManager.prototype.enable): Added.
(WI.ApplicationCacheManager.prototype.disable): Added.
(WI.ApplicationCacheManager.prototype.networkStateUpdated):
(WI.ApplicationCacheManager.prototype.applicationCacheStatusUpdated):
(WI.ApplicationCacheManager.prototype._reset): Added.
(WI.ApplicationCacheManager.prototype._mainResourceDidChange):
(WI.ApplicationCacheManager.prototype._manifestForFrameLoaded):
(WI.ApplicationCacheManager.prototype._framesWithManifestsLoaded):
(WI.ApplicationCacheManager.prototype.initialize): Deleted.

UserInterface/Controllers/DOMStorageManager.js:

(WI.DOMStorageManager):
(WI.DOMStorageManager.prototype.get domains): Added.
(WI.DOMStorageManager.prototype.activateExtraDomain): Added.
(WI.DOMStorageManager.prototype.initializeTarget):
(WI.DOMStorageManager.prototype.enable): Added.
(WI.DOMStorageManager.prototype.disable): Added.
(WI.DOMStorageManager.prototype.itemsCleared):
(WI.DOMStorageManager.prototype.itemRemoved):
(WI.DOMStorageManager.prototype.itemAdded):
(WI.DOMStorageManager.prototype.itemUpdated):
(WI.DOMStorageManager.prototype.inspectDOMStorage):
(WI.DOMStorageManager.prototype._reset): Added.
(WI.DOMStorageManager.prototype._addDOMStorageIfNeeded):
(WI.DOMStorageManager.prototype._addCookieStorageIfNeeded):
(WI.DOMStorageManager.prototype._mainResourceDidChange):
(WI.DOMStorageManager.prototype.initialize): Deleted.
(WI.DOMStorageManager.prototype.domStorageWasAdded): Deleted.

UserInterface/Controllers/DatabaseManager.js:

(WI.DatabaseManager):
(WI.DatabaseManager.prototype.get domains): Added.
(WI.DatabaseManager.prototype.activateExtraDomain): Added.
(WI.DatabaseManager.prototype.initializeTarget):
(WI.DatabaseManager.prototype.enable): Added.
(WI.DatabaseManager.prototype.disable): Added.
(WI.DatabaseManager.prototype.databaseWasAdded):
(WI.DatabaseManager.prototype.inspectDatabase):
(WI.DatabaseManager.prototype._reset): Added.
(WI.DatabaseManager.prototype._mainResourceDidChange):
(WI.DatabaseManager.prototype.initialize): Deleted.

UserInterface/Controllers/IndexedDBManager.js:

(WI.IndexedDBManager):
(WI.IndexedDBManager.prototype.get domains): Added.
(WI.IndexedDBManager.prototype.activateExtraDomain): Added.
(WI.IndexedDBManager.prototype.initializeTarget):
(WI.IndexedDBManager.prototype.enable): Added.
(WI.IndexedDBManager.prototype.disable): Added.
(WI.IndexedDBManager.prototype.clearObjectStore):
(WI.IndexedDBManager.prototype._reset): Added.
(WI.IndexedDBManager.prototype._mainResourceDidChange):
(WI.IndexedDBManager.prototype.initialize): Deleted.

UserInterface/Controllers/AppController.js:

(WI.AppController.prototype.activateExtraDomains):

UserInterface/Controllers/CanvasManager.js:

(WI.CanvasManager.prototype.get domains): Added.
(WI.CanvasManager.prototype.activateExtraDomain): Added.
Only call enable on any extra agents if the domain is not controlled by a manager.

UserInterface/Views/StorageTabContentView.js:

(WI.StorageTabContentView):
(WI.StorageTabContentView.static isTabAllowed):
(WI.StorageTabContentView.prototype.canShowRepresentedObject):
(WI.StorageTabContentView.prototype.closed): Added.

UserInterface/Test.html:
UserInterface/Test/Test.js:

(WI.loaded):
(WI.contentLoaded):

2:02 PM Changeset in webkit [248178] by keith_miller@apple.com

49 edits
2 copies in trunk/Source/JavaScriptCore

B3 should support tuple types
https://bugs.webkit.org/show_bug.cgi?id=200327

Reviewed by Filip Pizlo.

As part of the Wasm multi-value proposal, we need to teach B3 that
patchpoints can return more than one value. This is done by
adding a new B3::Type called Tuple. Unlike, other B3 types Tuple
is actually an encoded index into a numeric B3::Type vector on the
procedure. This lets us distinguish any two tuples from each
other, moreover, it's possible to get the vector of types with
just the B3::Tuple type and the procedure.

Since most B3 operations only expect to see a single numeric child
there is a new Opcode, Extract, that takes yields the some, fixed,
entry from a tuple value. Extract would be the only other change
needed to make tuples work in B3 except that some optimizations
expect to be able to take any non-Void value and stick it into a
Variable of the same type. This means both Get/Set from a variable
have to support Tuples as well. For simplicity and consistency,
the ability to accept tuples is also applied to Phi and Upsilon.

In order to lower a Tuple, B3Lowering needs to have a Tmp for each
nested type in a Tuple. While we could reuse the existing
IndexedTables to hold the extra information we need to lower
Tuples, we instead use a two new HashTables for Value->Tmp(s) and
Phi->Tmp(s). It's expected that Tuples will be sufficiently
uncommon the overhead of tracking everything together would be
prohibitive. On the other hand, we don't worry about this for
Variables because we don't expect those to make it to lowering.

JavaScriptCore.xcodeproj/project.pbxproj:
Sources.txt:
b3/B3Bank.h:

(JSC::B3::bankForType):

b3/B3CheckValue.cpp:

(JSC::B3::CheckValue::CheckValue):

b3/B3ExtractValue.cpp: Copied from Source/JavaScriptCore/b3/B3ProcedureInlines.h.

(JSC::B3::ExtractValue::~ExtractValue):
(JSC::B3::ExtractValue::dumpMeta const):

b3/B3ExtractValue.h: Copied from Source/JavaScriptCore/b3/B3FixSSA.h.
b3/B3FixSSA.h:
b3/B3LowerMacros.cpp:
b3/B3LowerMacrosAfterOptimizations.cpp:
b3/B3LowerToAir.cpp:
b3/B3NativeTraits.h:
b3/B3Opcode.cpp:

(JSC::B3::invertedCompare):
(WTF::printInternal):

b3/B3Opcode.h:

(JSC::B3::opcodeForConstant):

b3/B3PatchpointSpecial.cpp:

(JSC::B3::PatchpointSpecial::forEachArg):
(JSC::B3::PatchpointSpecial::isValid):
(JSC::B3::PatchpointSpecial::admitsStack):
(JSC::B3::PatchpointSpecial::generate):

b3/B3PatchpointValue.cpp:

(JSC::B3::PatchpointValue::dumpMeta const):
(JSC::B3::PatchpointValue::PatchpointValue):

b3/B3PatchpointValue.h:
b3/B3Procedure.cpp:

(JSC::B3::Procedure::addTuple):
(JSC::B3::Procedure::isValidTuple const):
(JSC::B3::Procedure::tupleForType const):
(JSC::B3::Procedure::addIntConstant):
(JSC::B3::Procedure::addConstant):

b3/B3Procedure.h:

(JSC::B3::Procedure::returnCount const):

b3/B3ProcedureInlines.h:

(JSC::B3::Procedure::extractFromTuple const):

b3/B3ReduceStrength.cpp:
b3/B3StackmapSpecial.cpp:

(JSC::B3::StackmapSpecial::isValidImpl):
(JSC::B3::StackmapSpecial::isArgValidForType):
(JSC::B3::StackmapSpecial::isArgValidForRep):
(JSC::B3::StackmapSpecial::isArgValidForValue): Deleted.

b3/B3StackmapSpecial.h:
b3/B3StackmapValue.h:
b3/B3Type.cpp:

(WTF::printInternal):

b3/B3Type.h:

(JSC::B3::Type::Type):
(JSC::B3::Type::tupleFromIndex):
(JSC::B3::Type::kind const):
(JSC::B3::Type::tupleIndex const):
(JSC::B3::Type::hash const):
(JSC::B3::Type::operator== const):
(JSC::B3::Type::operator!= const):
(JSC::B3::Type::isInt const):
(JSC::B3::Type::isFloat const):
(JSC::B3::Type::isNumeric const):
(JSC::B3::Type::isTuple const):
(JSC::B3::sizeofType):
(JSC::B3::isInt): Deleted.
(JSC::B3::isFloat): Deleted.

b3/B3TypeMap.h:

(JSC::B3::TypeMap::at):

b3/B3Validate.cpp:
b3/B3Value.cpp:

(JSC::B3::Value::isRounded const):
(JSC::B3::Value::effects const):
(JSC::B3::Value::typeFor):

b3/B3Value.h:
b3/B3ValueInlines.h:
b3/B3ValueKey.cpp:

(JSC::B3::ValueKey::intConstant):

b3/B3ValueKey.h:

(JSC::B3::ValueKey::hash const):

b3/B3ValueRep.h:
b3/B3Width.h:

(JSC::B3::widthForType):

b3/air/AirArg.cpp:

(JSC::B3::Air::Arg::canRepresent const):

b3/air/AirArg.h:
b3/air/AirCCallingConvention.cpp:

(JSC::B3::Air::cCallResult):

b3/air/AirLowerMacros.cpp:

(JSC::B3::Air::lowerMacros):

b3/testb3.h:

(populateWithInterestingValues):

b3/testb3_1.cpp:

(run):

b3/testb3_3.cpp:

(testStorePartial8BitRegisterOnX86):

b3/testb3_5.cpp:

(testPatchpointWithRegisterResult):
(testPatchpointWithStackArgumentResult):
(testPatchpointWithAnyResult):

b3/testb3_6.cpp:

(testPatchpointDoubleRegs):
(testSomeEarlyRegister):

b3/testb3_7.cpp:

(testShuffleDoesntTrashCalleeSaves):
(testReportUsedRegistersLateUseFollowedByEarlyDefDoesNotMarkUseAsDead):
(testSimpleTuplePair):
(testSimpleTuplePairUnused):
(testSimpleTuplePairStack):
(tailDupedTuplePair):
(tuplePairVariableLoop):
(tupleNestedLoop):
(addTupleTests):

b3/testb3_8.cpp:

(testLoad):
(addLoadTests):

ftl/FTLAbbreviatedTypes.h:
ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstruct):
(JSC::FTL::DFG::LowerDFGToB3::compileDirectCallOrConstruct):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargsSpread):
(JSC::FTL::DFG::LowerDFGToB3::compileCallOrConstructVarargs):
(JSC::FTL::DFG::LowerDFGToB3::compileCallEval):
(JSC::FTL::DFG::LowerDFGToB3::compileCPUIntrinsic):
(JSC::FTL::DFG::LowerDFGToB3::compileInstanceOf):
(JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):
(JSC::FTL::DFG::LowerDFGToB3::emitBinarySnippet):
(JSC::FTL::DFG::LowerDFGToB3::emitBinaryBitOpSnippet):
(JSC::FTL::DFG::LowerDFGToB3::emitRightShiftSnippet):
(JSC::FTL::DFG::LowerDFGToB3::allocateHeapCell):

wasm/WasmAirIRGenerator.cpp:

(JSC::Wasm::AirIRGenerator::emitPatchpoint):

wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::B3IRGenerator::B3IRGenerator):

wasm/WasmCallingConvention.h:

(JSC::Wasm::CallingConvention::marshallArgument const):
(JSC::Wasm::CallingConvention::setupFrameInPrologue const):
(JSC::Wasm::CallingConvention::setupCall const):
(JSC::Wasm::CallingConventionAir::setupCall const):

1:39 PM Changeset in webkit [248177] by Devin Rousso

22 edits in trunk/Source

Web Inspector: Timelines: Develop > Start Timeline Recording doesn't work when focused on a detached inspector window
https://bugs.webkit.org/show_bug.cgi?id=200125
<rdar://problem/53543008>

Reviewed by Brian Burg.

Always show the Timelines tab in Web Inspector whenever timeline recording starts/stops.
Notify the UIProcess whenever the timeline recording state changes.

Source/WebCore:

inspector/InspectorClient.h:

(WebCore::InspectorClient::timelineRecordingChanged): Added.

inspector/agents/InspectorTimelineAgent.h:
inspector/agents/InspectorTimelineAgent.cpp:

(WebCore::InspectorTimelineAgent::InspectorTimelineAgent):
(WebCore::InspectorTimelineAgent::internalStart):
(WebCore::InspectorTimelineAgent::internalStop):

Source/WebInspectorUI:

UserInterface/Protocol/InspectorFrontendAPI.js:

(InspectorFrontendAPI.setTimelineProfilingEnabled):

Source/WebKit:

WebProcess/WebPage/WebInspector.messages.in:
WebProcess/WebPage/WebInspector.h:
WebProcess/WebPage/WebInspector.cpp:

(WebKit::WebInspector::startPageProfiling):
(WebKit::WebInspector::stopPageProfiling):
(WebKit::WebInspector::timelineRecordingChanged): Added.
(WebKit::WebInspector::showTimelines): Deleted.

WebProcess/WebPage/WebInspectorUI.messages.in:
WebProcess/WebPage/WebInspectorUI.h:
WebProcess/WebPage/WebInspectorUI.cpp:

(WebKit::WebInspectorUI::showTimelines): Deleted.

WebProcess/WebCoreSupport/WebInspectorClient.h:
WebProcess/WebCoreSupport/WebInspectorClient.cpp:

(WebKit::WebInspectorClient::timelineRecordingChanged): Added.

UIProcess/WebInspectorProxy.messages.in:
UIProcess/WebInspectorProxy.h:
UIProcess/WebInspectorProxy.cpp:

(WebKit::WebInspectorProxy::togglePageProfiling):
(WebKit::WebInspectorProxy::timelineRecordingChanged): Added.
(WebKit::WebInspectorProxy::showTimelines): Deleted.

UIProcess/API/C/WKInspector.cpp:

(WKInspectorTogglePageProfiling):

UIProcess/API/Cocoa/_WKInspector.h:
UIProcess/API/Cocoa/_WKInspector.mm:

(-[_WKInspector showTimelines]): Deleted.

WebProcess/InjectedBundle/API/c/WKBundleInspector.cpp:

(WKBundleInspectorSetPageProfilingEnabled):

1:25 PM Changeset in webkit [248176] by Devin Rousso

4 edits in trunk/Source/WebInspectorUI

Web Inspector: "Inspector.initialized" happens before breakpoints are set
https://bugs.webkit.org/show_bug.cgi?id=200364

Reviewed by Joseph Pecoraro.

Allow managers to register a promise that will delay Inspector.initialized. This is needed
when restoring breakpoints so that "Automatically Show Web Inspector for JSContexts" can set
them before any scripts have evaluated, ensuring that no breakpoints are "skipped".

UserInterface/Protocol/Target.js:

(WI.Target.prototype.initialize):
(WI.Target.registerInitializationPromise): Added.

UserInterface/Controllers/DOMDebuggerManager.js:

(WI.DOMDebuggerManager):

UserInterface/Controllers/DebuggerManager.js:

(WI.DebuggerManager):

1:22 PM Changeset in webkit [248175] by commit-queue@webkit.org

4 edits
2 adds in trunk

Web Inspector: Crash when interacting with Template Content in Console
https://bugs.webkit.org/show_bug.cgi?id=196280

Patch by Yury Semikhatsky <yurys@chromium.org> on 2019-08-02
Reviewed by Joseph Pecoraro.

Source/WebCore:

Test: inspector/dom/inspect-template-node.html

bindings/js/JSDOMBindingSecurity.cpp:

(WebCore::canAccessDocument): if target element is from a
<template> use its host document to check the access. Elements
from the host document always have access to its template elements content.

inspector/agents/InspectorDOMAgent.cpp:

(WebCore::InspectorDOMAgent::resolveNode): templates are created in
special template document which doesn't have a frame, in such case get
the frame from the host document.

LayoutTests:

inspector/dom/inspect-template-node-expected.txt: Added.
inspector/dom/inspect-template-node.html: Added.

1:09 PM Changeset in webkit [248174] by jer.noble@apple.com

2 edits in trunk/Source/WebKit

[iPadOS] slides.google.com: Full Screen API warning is presented when swiping through slides
https://bugs.webkit.org/show_bug.cgi?id=200313
<rdar://problem/53777001>

Reviewed by Eric Carlson.

Only run the secheuristic scoring during UIGestureRecognizerStateEnded, rather than both
UIGestureRecognizerStateEnded and UIGestureRecognizerStateBegan. The goal of the heuristic is
to detect fake on-screen keyboards by detecting gestures that look like "typing". Using only
UIGestureRecognizerStateEnded still allows us to do this (as typing will usually have identical
geometries for both Ended and Began) without generating false-positives during swipe gestures.

UIProcess/ios/fullscreen/WKFullScreenViewController.mm:

(-[WKFullScreenViewController _touchDetected:]):

1:07 PM Changeset in webkit [248173] by rniwa@webkit.org

3 edits in trunk/Source/WebCore

Harden NodeRareData::m_connectedFrameCount
https://bugs.webkit.org/show_bug.cgi?id=200300

Reviewed by Geoffrey Garen.

Use unsinged integer type in NodeRareData::m_connectedFrameCount since it's padded anyway.

dom/Node.cpp:

(WebCore::Node::decrementConnectedSubframeCount): Check that hasRareNode() is true in release builds.

dom/NodeRareData.h:

12:58 PM Changeset in webkit [248172] by rniwa@webkit.org

5 edits
2 adds in trunk

Document::resume should delay resetting of form control elements.
https://bugs.webkit.org/show_bug.cgi?id=200376

Reviewed by Geoffrey Garen.

Source/WebCore:

Delay the execution of form control element resets until the next task
to avoid synchronously mutating DOM during page cache restoration.

Test: fast/frames/restoring-page-cache-should-not-run-scripts.html

html/HTMLFormElement.cpp:

(WebCore::HTMLFormElement::resumeFromDocumentSuspension):

html/HTMLInputElement.cpp:

(WebCore::HTMLInputElement::resumeFromDocumentSuspension):

LayoutTests:

Added a regression test.

fast/frames/restoring-page-cache-should-not-run-scripts-expected.txt: Added.
fast/frames/restoring-page-cache-should-not-run-scripts.html: Added.
platform/win/TestExpectations: Skip this test on Windows since navigating to blob fails on Windows.

12:46 PM Changeset in webkit [248171] by ysuzuki@apple.com

3 edits in trunk/Source/JavaScriptCore

[JSC] Use "destroy" function directly for JSWebAssemblyCodeBlock and WebAssemblyFunction
https://bugs.webkit.org/show_bug.cgi?id=200385

Reviewed by Mark Lam.

These CellTypes are not using classInfo stored in the cells, so we can just call JSWebAssemblyCodeBlock::destroy
and WebAssemblyFunction::destroy directly.

wasm/js/JSWebAssemblyCodeBlockHeapCellType.cpp:

(JSC::JSWebAssemblyCodeBlockDestroyFunc::operator() const):

wasm/js/WebAssemblyFunctionHeapCellType.cpp:

(JSC::WebAssemblyFunctionDestroyFunc::operator() const):

12:17 PM Changeset in webkit [248170] by youenn@apple.com

2 edits in trunk/Source/WebCore

[iOS] Directly use RealtimeMediaSourceCenter to compute the media capture state
https://bugs.webkit.org/show_bug.cgi?id=200368
<rdar://problem/53191450>

Unreviewed.
Build fix by guarding with MEDIA_STREAM in addition to IOS.

dom/Document.cpp:

(WebCore::Document::updateIsPlayingMedia):
(WebCore::Document::pageMutedStateDidChange):

12:10 PM Changeset in webkit [248169] by commit-queue@webkit.org

8 edits
2 adds in trunk

Add accessibility object method to determine whether an element is inside a table cell. Needed for iOS accessibility client.
https://bugs.webkit.org/show_bug.cgi?id=200394
<rdar://problem/52914964>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-08-02
Reviewed by Chris Fleizach.

Source/WebCore:

Test: accessibility/ios-simulator/element-in-table-cell.html

Added _accessibilityIsInTableCell needed for iOS accessibility client.

accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:

(-[WebAccessibilityObjectWrapper _accessibilityIsInTableCell]):

Tools:

Glue code to exercise new method [WebAccessibilityObjectWrapper _accessibilityIsInTableCell].

WebKitTestRunner/InjectedBundle/AccessibilityUIElement.cpp:

(WTR::AccessibilityUIElement::isInTableCell const):

WebKitTestRunner/InjectedBundle/AccessibilityUIElement.h:
WebKitTestRunner/InjectedBundle/Bindings/AccessibilityUIElement.idl:
WebKitTestRunner/InjectedBundle/ios/AccessibilityUIElementIOS.mm:

(WTR::AccessibilityUIElement::isInTableCell const):

LayoutTests:

New test that exercises [WebAccessibilityObjectWrapper _accessibilityIsInTableCell].

accessibility/ios-simulator/element-in-table-cell-expected.txt: Added.
accessibility/ios-simulator/element-in-table-cell.html: Added.

12:03 PM Changeset in webkit [248168] by commit-queue@webkit.org

2 edits in trunk/Tools

[results.webkit.org Timeline] Using transform matrix to calculate the tag rotation position
https://bugs.webkit.org/show_bug.cgi?id=200397

Patch by Zhifei Fang <zhifei_fang@apple.com> on 2019-08-02
Reviewed by Jonathan Bedard.

resultsdbpy/resultsdbpy/view/static/library/js/components/TimelineComponents.js:

11:58 AM Changeset in webkit [248167] by eric.carlson@apple.com

2 edits in trunk/Source/WebCore

[macOS, iOS] webaudio/silent-audio-interrupted-in-background.html sometimes crashes
https://bugs.webkit.org/show_bug.cgi?id=200396
<rdar://problem/53819720>

Reviewed by Youenn Fablet.

No new test, this fixes an existing test.

platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:

(WebCore::AudioSourceProviderAVFObjC::~AudioSourceProviderAVFObjC): Drop the
lock before clearing m_tapStorage.

11:49 AM Changeset in webkit [248166] by Wenson Hsieh

6 edits in trunk

[macOS 10.15] Image dragged from Safari does not appear in Notes
https://bugs.webkit.org/show_bug.cgi?id=188490
<rdar://problem/39462717>

Reviewed by Andy Estes.

Source/WebKit:

Removes some logic that clears out the cached promised drag image in the UI process when WebKit is asked to
provide TIFF image data. This prevents the drop destination from asking for promised image data, if anything
else (e.g. the system) also asks the web view to provide the same data. Additionally, this logic didn't
previously guarantee that the promised image would be cleared anyways, since it is dependent on the drop target
actually requesting the promised image in order to perform the cleanup.

In lieu of clearing the promised drag image when it's requested, we instead clear it out upon mainframe
navigation, in PageClientImpl::didCommitLoadForMainFrame.

Test: DragAndDropTests.MultiplePromisedImageDataRequests

UIProcess/Cocoa/WebViewImpl.h:
UIProcess/Cocoa/WebViewImpl.mm:

(WebKit::WebViewImpl::clearPromisedDragImage):
(WebKit::WebViewImpl::pasteboardChangedOwner):
(WebKit::WebViewImpl::provideDataForPasteboard):

Fix the bug by not immediately clearing out the promised drag image.

UIProcess/mac/PageClientImplMac.mm:

(WebKit::PageClientImpl::didCommitLoadForMainFrame):

Tools:

Add a test to verify that promised image data can be delivered to multiple pasteboards when performing a drop.

TestWebKitAPI/Tests/mac/DragAndDropTestsMac.mm:

11:47 AM Changeset in webkit [248165] by youenn@apple.com

2 edits in trunk/Source/ThirdParty/libwebrtc

Add build check for libwebrtc ObjectiveC names
https://bugs.webkit.org/show_bug.cgi?id=200365

Reviewed by Eric Carlson.

Only allow ObjectiveC names starting with WK_RTC.

libwebrtc.xcodeproj/project.pbxproj:

11:39 AM Changeset in webkit [248164] by Keith Rollin

9 edits
5 deletes in trunk/Source/WebKit

macCatalyst build fails the first attempt, requires a second build
https://bugs.webkit.org/show_bug.cgi?id=200242
<rdar://problem/53678481>

macCatalyst builds fail the first time with an error like:

Code Signing Error: The file
"/Users/tim_cook/Build/Debug-maccatalyst/DerivedSources/WebKit2/WebContent-macCatalyst-no-sandbox.entitlements"
could not be opened. Verify the value of the
CODE_SIGN_ENTITLEMENTS build setting for target "WebContent" is
correct and that the file exists on disk.

This problem is caused by the file referenced by
CODE_SIGN_ENTITLEMENTS changing during the build process. For
macCatalyst builds, we start with the iOS entitlements files and then
tweak them for macCatalyst. When this occurs during a clean build,
Xcode sees the entitlements file being generated and complains about
it. Restarting the build does so with the file already existing, and
so Xcode does not complain about it.

The approach of generating or tweaking entitlement files may have
worked in the past, but the fact is that Xcode doesn't support it.

We had a similar problem with macOS builds. The entitlements files
used to be generated on the fly with scripts like
WebKit/Scripts/process-network-sandbox-entitlements.sh. That process
was reworked to avoid the issue with Xcode not allowing the files to
be generated (see r241135). In short:

o The various process-*-entitlements.sh scripts were consolidated into

a single process-entitlements file

o CODE_SIGN_ENTITLEMENTS, which contains the name of the entitlements

file to use, was de-initialized so that Xcode would not try to
access our generated entitlements file

o CODE_SIGN_INJECT_BASE_ENTITLEMENTS (which injects some base

entitlements) was set to NO. If it were left set to YES, Xcode would
create its own entitlements file and use it as if it were specified
in CODE_SIGN_ENTITLEMENTS

o WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS was updated with an

"--entitlements <generated_file>" option.
WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS was then used to initialize
OTHER_CODE_SIGN_FLAGS. By specifying the entitlements file this way,
we avoid Xcode complaining about it.

This approach works well for macOS, and so we now also use it to
address the issue with macCatalyst. While we're at it, convert the
rest of the platforms to use the same approach and also generate their
entitlements from the process-entitlements script.

The new process was validated by performing a build with the old
process and the new process, and then comparing the entitlements of
the resulting XPC services to make sure they were the same. Builds
were performed for all platforms, and for Engineering and Production
builds.

Reviewed by Brent Fulgham.

Configurations/BaseXPCService.xcconfig:
Configurations/Network-iOS.entitlements: Removed.
Configurations/Network-macCatalyst.entitlements: Removed.
Configurations/NetworkService.xcconfig:
Configurations/PluginService.64.xcconfig:
Configurations/PluginService.entitlements: Removed.
Configurations/WebContent-iOS.entitlements: Removed.
Configurations/WebContent-macCatalyst.entitlements: Removed.
Configurations/WebContentService.Development.xcconfig:
Configurations/WebContentService.xcconfig:
Scripts/copy-webcontent-resources-to-private-headers.sh:
Scripts/process-entitlements.sh:
WebKit.xcodeproj/project.pbxproj:

11:27 AM Changeset in webkit [248163] by achristensen@apple.com

2 edits in trunk/Tools

Fix API test after r248139
https://bugs.webkit.org/show_bug.cgi?id=200102

TestWebKitAPI/Tests/WebKitCocoa/AdditionalReadAccessAllowedURLsPlugin.mm:

(-[AdditionalReadAccessAllowedURLsPlugIn webProcessPlugIn:didCreateBrowserContextController:]):
This was supposed to be removed as part of reverting r245322.

11:16 AM Changeset in webkit [248162] by mark.lam@apple.com

2 edits in trunk/Source/JavaScriptCore

Gardening: build fix.
https://bugs.webkit.org/show_bug.cgi?id=200149
<rdar://problem/53570112>

Not reviewed.

assembler/CPU.cpp:

(JSC::hwPhysicalCPUMax):

10:34 AM Changeset in webkit [248161] by youenn@apple.com

4 edits in trunk/Source/WebCore

[iOS] Directly use RealtimeMediaSourceCenter to compute the media capture state
https://bugs.webkit.org/show_bug.cgi?id=200368
<rdar://problem/53191450>

Reviewed by Eric Carlson.

Instead of registering a MediaStreamTrack as a media producer to compute capture state,
go directly to the sources from the RealtimeMediaSourceCenter.
Do the same when requested to mute capture tracks.

No observable change of behavior.
Covered by manual test on iOS and existing tests.

Modules/mediastream/MediaStreamTrack.cpp:

(WebCore::MediaStreamTrack::MediaStreamTrack):
(WebCore::MediaStreamTrack::~MediaStreamTrack):
(WebCore::MediaStreamTrack::mediaState const):
(WebCore::sourceCaptureState):
(WebCore::MediaStreamTrack::captureState):
(WebCore::MediaStreamTrack::muteCapture):

Modules/mediastream/MediaStreamTrack.h:
dom/Document.cpp:

(WebCore::Document::updateIsPlayingMedia):
(WebCore::Document::pageMutedStateDidChange):

10:33 AM Changeset in webkit [248160] by commit-queue@webkit.org

2 edits in trunk/Source/ThirdParty/libwebrtc

Unreviewed, rolling out r248156.
https://bugs.webkit.org/show_bug.cgi?id=200393

It broke internal bots (Requested by youenn on #webkit).

Reverted changeset:

"Add build check for libwebrtc ObjectiveC names"
https://bugs.webkit.org/show_bug.cgi?id=200365
https://trac.webkit.org/changeset/248156

10:30 AM Changeset in webkit [248159] by achristensen@apple.com

2 edits in trunk/Source/WTF

Fix an internal build after r248139
https://bugs.webkit.org/show_bug.cgi?id=200102

wtf/cocoa/FileSystemCocoa.mm:

Some internal builds couldn't find BOM framework headers.
No problem. They're not needed. Just remove references to them.

10:09 AM Changeset in webkit [248158] by Alan Coon

2 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r247875. rdar://problem/53841460

[iOS] REGRESSION: Keyboard dismisses and reappears when typing 2FA pin on appleid.apple.com
https://bugs.webkit.org/show_bug.cgi?id=200171
<rdar://problem/50245251>

Reviewed by Wenson Hsieh.

Take out an InputViewUpdateDeferrer token (if we don't already have one) to temporarily defer
tearing down the input view (keyboard) before bluring the previously focused element as part
of switching between focused elements. This avoid a noticeable flash caused by UIKit animating
out and animating in the keyboard should the newly focused element require the keyboard. We
only take out the InputViewUpdateDeferrer until we fall off the end of _elementDidFocus: (or
bail early). Once we fall of the end UIKit will update input view UI.

UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView _elementDidFocus:userIsInteracting:blurPreviousNode:activityStateChanges:userObject:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247875 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10:06 AM Changeset in webkit [248157] by Alan Coon

7 edits in branches/safari-608.1-branch/Source

Versioning.

10:04 AM Changeset in webkit [248156] by youenn@apple.com

2 edits in trunk/Source/ThirdParty/libwebrtc

Add build check for libwebrtc ObjectiveC names
https://bugs.webkit.org/show_bug.cgi?id=200365

Reviewed by Eric Carlson.

Only allow ObjectiveC names starting with WK_RTC.

libwebrtc.xcodeproj/project.pbxproj:

9:43 AM Changeset in webkit [248155] by Chris Dumez

17 edits
2 adds in trunk

DOMWindow properties may get GC'd before their Window object
https://bugs.webkit.org/show_bug.cgi?id=200359

Reviewed by Ryosuke Niwa.

Source/WebCore:

DOMWindow properties may get GC'd before their Window object once their frame is detached. This
is unexpected behavior given that these properties persist on the Window after the frame is
detached. This patch thus updates their bindings so that they live as long as their window, not
their frame.

Note that this also fixes a thread-safety issue since DOMWindowProperty::frame() would get called
from GC threads, although its implementation looks like:
"""

return m_window ? m_window->frame() : nullptr;

"""

Because m_window is a WeakPtr<DOMWindow> and because windows get destroyed on the main thread,
we could in theory crash when dereferencing m_window->frame() from the GC thread.

Test: fast/dom/dom-window-property-gc-after-frame-detach.html

bindings/js/JSDOMWindowCustom.cpp:

(WebCore::JSDOMWindow::visitAdditionalChildren):

bindings/scripts/CodeGeneratorJS.pm:

(GenerateImplementation):

bindings/scripts/IDLAttributes.json:
css/StyleMedia.idl:
loader/appcache/DOMApplicationCache.idl:
page/BarProp.idl:
page/DOMSelection.idl:
page/History.idl:
page/Location.idl:
page/Navigator.idl:
page/Screen.idl:
page/VisualViewport.idl:
plugins/DOMMimeTypeArray.idl:
plugins/DOMPluginArray.idl:
storage/Storage.idl:

LayoutTests:

Add layout test coverage.

fast/dom/dom-window-property-gc-after-frame-detach-expected.txt: Added.
fast/dom/dom-window-property-gc-after-frame-detach.html: Added.

6:23 AM Changeset in webkit [248154] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.25.4

WebKitGTK 2.25.4

6:22 AM Changeset in webkit [248153] by Carlos Garcia Campos

4 edits in trunk

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.25.4 release

Source/cmake/OptionsGTK.cmake: Bump version numbers

Source/WebKit:

gtk/NEWS: Add release notes for 2.25.4.

3:20 AM Changeset in webkit [248152] by Konstantin Tokarev

3 edits in trunk/Source/WebCore

Remove constructors and operators of FontPlatformData defined only for Freetype
https://bugs.webkit.org/show_bug.cgi?id=200379

Reviewed by Carlos Garcia Campos.

These methods only make maintenance harder, as all data fields are
trivially copyable. Constructors generated by compiler should be used
instead.

platform/graphics/FontPlatformData.h:
platform/graphics/freetype/FontPlatformDataFreeType.cpp:

1:58 AM Changeset in webkit [248151] by Konstantin Tokarev

2 edits in trunk/Source/WebCore

Remove unused constructor declaration from FontPlatformData
https://bugs.webkit.org/show_bug.cgi?id=200371

Reviewed by Carlos Garcia Campos.

It is not implemented by any port.

platform/graphics/FontPlatformData.h:

1:56 AM Changeset in webkit [248150] by commit-queue@webkit.org

5 edits in trunk

[SOUP] WebSockets: use SOUP_WEBSOCKET_CLOSE_NO_STATUS when closing with no status
https://bugs.webkit.org/show_bug.cgi?id=200338

Patch by Carlos Garcia Campos <cgarcia@igalia.com> on 2019-08-02
Reviewed by Alex Christensen.

Source/WebKit:

NetworkProcess/soup/WebSocketTaskSoup.cpp:

(WebKit::WebSocketTask::close):

LayoutTests:

Remove failure expectation for http/tests/websocket/tests/hybi/client-close.html

platform/gtk/TestExpectations:
platform/wpe/TestExpectations:

Aug 1, 2019:

10:58 PM Changeset in webkit [248149] by ysuzuki@apple.com

5 edits
1 add in trunk

GetterSetter type confusion during DFG compilation
https://bugs.webkit.org/show_bug.cgi?id=199903

Reviewed by Mark Lam.

JSTests:

stress/cse-propagated-constant-may-not-follow-structure-restrictions.js: Added.

Source/JavaScriptCore:

Let's consider the following graph.

129:<!0:-> PutByOffset(KnownCell:@115, KnownCell:@115, Check:Untyped:@124, MustGen, id5{length}, 0, W:NamedProperties(5), ClobbersExit, bc#154, ExitValid)
130:<!0:-> PutStructure(KnownCell:@115, MustGen, %C8:Object -> %C3:Object, ID:7726, R:JSObject_butterfly, W:JSCell_indexingType,JSCell_structureID,JSCell_typeInfoFlags,JSCell_typeInfoType, ClobbersExit, bc#154, ExitInvalid)
...
158:<!0:-> GetLocal(Check:Untyped:@197, JS|MustGen|UseAsOther, Final, loc7(R<Final>/FlushedCell), R:Stack(-8), bc#187, ExitValid) predicting Final
210:< 1:-> DoubleRep(Check:NotCell:@158, Double|PureInt, BytecodeDouble, Exits, bc#187, ExitValid)
...
162:<!0:-> CheckStructure(Cell:@158, MustGen, [%Ad:Object], R:JSCell_structureID, Exits, bc#192, ExitValid)
163:< 1:-> GetGetterSetterByOffset(KnownCell:@158, KnownCell:@158, JS|UseAsOther, OtherCell, id5{length}, 0, R:NamedProperties(5), Exits, bc#192, ExitValid)
164:< 1:-> GetGetter(KnownCell:@163, JS|UseAsOther, Function, R:GetterSetter_getter, Exits, bc#192, ExitValid)

124:< 2:-> JSConstant(JS|UseAsOther, Final, Weak:Object: 0x1199e82a0 with butterfly 0x0 (Structure %B4:Object), StructureID: 49116, bc#0, ExitValid)
...
126:< 2:-> GetGetter(KnownCell:Kill:@124, JS|UseAsOther, Function, R:GetterSetter_getter, Exits, bc#192, ExitValid)

AI filters out @124's non-cell values. But @126 can get non-GetterSetter cell at AI phase. But our AI code is like the following.

JSValue base = forNode(node->child1()).m_value;
if (base) {

GetterSetter* getterSetter = jsCast<GetterSetter*>(base);
...

Then, jsCast casts the above object with GetterSetter accidentally.

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGNode.h:

(JSC::DFG::Node::castConstant): Deleted.

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileMaterializeCreateActivation):

10:46 PM Changeset in webkit [248148] by Chris Dumez

5 edits
2 adds in trunk

Pages using MessagePorts should be PageCacheable
https://bugs.webkit.org/show_bug.cgi?id=200366
<rdar://problem/53837882>

Reviewed by Geoffrey Garen.

Source/WebCore:

Allow a page to enter PageCache, even if it has MessagePorts (potentially with
pending messages). If there are pending messages on the MessagePorts when
entering PageCache, those will get dispatched upon restoring from PageCache.

Test: fast/history/page-cache-MessagePort-pending-message.html

dom/MessagePort.cpp:

(WebCore::MessagePort::messageAvailable):
(WebCore::MessagePort::dispatchMessages):
Do not dispatch messages while in PageCache.

(WebCore::MessagePort::canSuspendForDocumentSuspension const):
Allow pages with MessagePort objects to enter PageCache.

dom/ScriptExecutionContext.cpp:

(WebCore::ScriptExecutionContext::resumeActiveDOMObjects):
Make sure pending messages on MessagePorts get dispatched asynchronously after restoring
from PageCache.

loader/DocumentLoader.cpp:

(WebCore::areAllLoadersPageCacheAcceptable):
Make sure only CachedResources that are still loading upon load cancelation prevent
entering PageCache.

LayoutTests:

Add layout test coverage.

fast/history/page-cache-MessagePort-pending-message-expected.txt: Added.
fast/history/page-cache-MessagePort-pending-message.html: Added.

9:30 PM Changeset in webkit [248147] by Konstantin Tokarev

2 edits in trunk/Source/WebCore

Fix compilation of PageConsoleClient with !ENABLE(VIDEO)
https://bugs.webkit.org/show_bug.cgi?id=200380

Reviewed by Joseph Pecoraro.

page/PageConsoleClient.cpp:

(WebCore::PageConsoleClient::screenshot):

8:50 PM Changeset in webkit [248146] by commit-queue@webkit.org

2 edits in trunk/Tools

results.webkit.org: Force update cache when timeline updated
https://bugs.webkit.org/show_bug.cgi?id=200363

Patch by Zhifei Fang <zhifei_fang@apple.com> on 2019-08-01
Reviewed by Jonathan Bedard.

resultsdbpy/resultsdbpy/view/static/library/js/components/TimelineComponents.js:

(offscreenCachedRenderFactory): Add ability to force the redraw.
(Timeline.CanvasSeriesComponent): Force redraw when scales or dots are updated.
(Timeline.CanvasXAxisComponent): Force redraw when scales are updated. Add missing exporter for export scales update API

8:45 PM Changeset in webkit [248145] by Chris Dumez

2 edits in trunk/LayoutTests

fast/forms/ios/file-upload-panel.html is flaky on iOS 13
https://bugs.webkit.org/show_bug.cgi?id=200357
<rdar://problem/53028551>

Reviewed by Zalan Bujtas.

Use UIHelper.activateElementAtHumanSpeed() instead of UIHelper.activateElement()
to address flakiness. If the button taps are issued to quickly, some of them
get swallowed.

fast/forms/ios/file-upload-panel.html:

6:59 PM Changeset in webkit [248144] by commit-queue@webkit.org

16 edits in trunk

Do not send NetworkProcessProxy::LogTestingEvent message if we are not testing
https://bugs.webkit.org/show_bug.cgi?id=200360

Patch by Alex Christensen <achristensen@webkit.org> on 2019-08-01
Reviewed by Tim Horton.

Source/WebKit:

Sending this message causes instantiation of the default WebsiteDataStore in the UIProcess,
which causes more memory to be used than is needed if we are browsing without the default WebsiteDataStore.

Covered by an API test.

NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::logTestingEvent):

NetworkProcess/NetworkSession.cpp:

(WebKit::NetworkSession::NetworkSession):

NetworkProcess/NetworkSession.h:

(WebKit::NetworkSession::enableResourceLoadStatisticsLogTestingEvent const):

NetworkProcess/NetworkSessionCreationParameters.cpp:

(WebKit::NetworkSessionCreationParameters::encode const):
(WebKit::NetworkSessionCreationParameters::decode):

NetworkProcess/NetworkSessionCreationParameters.h:
UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::ensureNetworkProcess):

UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:

(WebKit::WebsiteDataStore::parameters):

UIProcess/WebsiteData/WebsiteDataStore.h:

(WebKit::WebsiteDataStore::hasStatisticsTestingCallback const):

Tools:

TestWebKitAPI/Tests/WebKitCocoa/ResourceLoadStatistics.mm:

(cleanupITPDatabase):
(TEST):

6:58 PM Changeset in webkit [248143] by mark.lam@apple.com

20 edits in trunk/Source

Add crash diagnostics for debugging unexpected zapped cells.
https://bugs.webkit.org/show_bug.cgi?id=200149
<rdar://problem/53570112>

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

Add a check for zapped cells in SlotVisitor::appendToMarkStack() and
SlotVisitor::visitChildren(). If a zapped cell is detected, we will crash with
some diagnostic info.

To facilitate this, we've made the following changes:

Changed FreeCell to preserve the 1st 8 bytes. This is fine to do because all cells are at least 16 bytes long.
Changed HeapCell::zap() to only zap the structureID. Leave the rest of the cell header info intact (including the cell JSType).
Changed HeapCell::zap() to record the reason for zapping the cell. We stash the reason immediately after the first 8 bytes. This is the same location as FreeCell::scrambledNext. However, since a cell is not expected to be zapped and on the free list at the same time, it is also fine to do this.
Added a few utility functions to MarkedBlock for checking if a cell points into the block.
Added VMInspector and JSDollarVM utilities to dump in-use subspace hashes.
Added some comments to document the hashes of known subspaces.
Added Options::dumpZappedCellCrashData() to make this check conditional. We use this option to disable this check for slower machines so that their PLT5 performance is not impacted.

assembler/CPU.cpp:

(JSC::hwL3CacheSize):
(JSC::hwPhysicalCPUMax):

assembler/CPU.h:

(JSC::hwL3CacheSize):
(JSC::hwPhysicalCPUMax):

heap/FreeList.h:

(JSC::FreeCell::offsetOfScrambledNext):

heap/HeapCell.h:

(JSC::HeapCell::zap):
(JSC::HeapCell::isZapped const):

heap/MarkedBlock.cpp:

(JSC::MarkedBlock::Handle::stopAllocating):

heap/MarkedBlock.h:

(JSC::MarkedBlock::Handle::start const):
(JSC::MarkedBlock::Handle::end const):
(JSC::MarkedBlock::Handle::contains const):

heap/MarkedBlockInlines.h:

(JSC::MarkedBlock::Handle::specializedSweep):

heap/MarkedSpace.h:

(JSC::MarkedSpace::forEachSubspace):

heap/SlotVisitor.cpp:

(JSC::SlotVisitor::appendToMarkStack):
(JSC::SlotVisitor::visitChildren):
(JSC::SlotVisitor::reportZappedCellAndCrash):

heap/SlotVisitor.h:
jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):

runtime/Options.cpp:

(JSC::Options::initialize):

runtime/Options.h:
runtime/VM.cpp:

(JSC::VM::VM):

tools/JSDollarVM.cpp:

(JSC::functionDumpSubspaceHashes):
(JSC::JSDollarVM::finishCreation):

tools/VMInspector.cpp:

(JSC::VMInspector::dumpSubspaceHashes):

tools/VMInspector.h:

Source/WebCore:

No new tests because this is a feature for debugging crashes. It has been tested
manually by modifying the code to force a crash at the point of interest.

Added some comments to document the hashes of known subspaces.

bindings/js/WebCoreJSClientData.cpp:

(WebCore::JSVMClientData::JSVMClientData):

5:03 PM Changeset in webkit [248142] by Devin Rousso

3 edits in trunk/Source/WebInspectorUI

Unreviewed, remove emulateUserGesture parameter from Debugger.evaluateOnCallFrame for iOS 13

Rubber-stamped by Joseph Pecoraro.

UserInterface/Protocol/Legacy/13.0/InspectorBackendCommands.js:
Versions/Inspector-iOS-13.0.json:

The iOS 13 protocol has already been decided, so these shouldn't have been added unless they
were cherry-picked in.

4:13 PM Changeset in webkit [248141] by sbarati@apple.com

2 edits in trunk/Source/WebCore

[WHLSL] Do simple nullptr check elimination using basic data flow analysis when generating metal code
https://bugs.webkit.org/show_bug.cgi?id=200352

Reviewed by Myles C. Maxfield.

When doing metal code generation, we frequently know whether something
is null or not. This patch does a basic propagation of this information
to avoid emitting excessive null checks in the generated Metal code.
This is a 6% speedup (with a p value of 0.0001) in Metal compile times
on compute_boids.

An example of a null check we now eliminate is:
`
int x;
thread int* ptr = &x; We know that the lvalue for "x" is non-null, so we produce a non-null rvalue here.
*ptr = 42; We know that the "ptr" rvalue is non-null, so we omit the null check.
`

Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp:

(WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendRightValueWithNullability):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendRightValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::appendLeftValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::takeLastValueAndNullability):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::takeLastLeftValue):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit):

4:10 PM Changeset in webkit [248140] by Alan Coon

1 copy in tags/Safari-608.1.41

Tag Safari-608.1.41.

3:29 PM Changeset in webkit [248139] by commit-queue@webkit.org

35 edits
1 add in trunk

Move FormData zip file generation to NetworkProcess and enable it for all WebKit clients for uploading directories
https://bugs.webkit.org/show_bug.cgi?id=200102
<rdar://problem/53275114>

Patch by Alex Christensen <achristensen@webkit.org> on 2019-08-01
Reviewed by Darin Adler.

Source/WebCore:

To enable directory uploading in WebKit2, we extended WebKit1's model of asking the application to generate a file for uploading.
This means the WebProcess needed access to everything necessary to zip a whole directory, and clients that have not implemented
the strange WKBundlePageUIClient callbacks won't be able to upload directories. Safari's implementation had already been copied
to BlobDataFileReference::generateReplacementFile, so I reused that code to do the zipping. Instead of a complicated model of
keeping track of a filename, possibly a generated filename, and whether we think we own the file or not and having nobody clean up,
we now do the generation, use, and cleaning up in the network process starting with a new function generateFilesForUpload.
This removes unimplemented SPI in WebUIDelegatePrivate in WebKitLegacy and stops calling the WKBundlePageUIClient related to upload
file generation and replaces them with automatic behavior equivalent to Safari's implementation of the WKBundlePageUIClient calls.
Since we no longer need to do these file operations in the WebProcess, I am also reverting r245322 and r246077 which tightens the sandbox.

Covered by an API test.

Modules/fetch/FetchBody.cpp:

(WebCore::FetchBody::extract):
(WebCore::FetchBody::bodyAsFormData const):

loader/FormSubmission.cpp:

(WebCore::FormSubmission::create):

loader/FrameLoader.cpp:

(WebCore::FrameLoader::submitForm):
(WebCore::FrameLoader::loadDifferentDocumentItem):

loader/ResourceLoader.cpp:

(WebCore::ResourceLoader::didReceiveResponse):
(WebCore::ResourceLoader::cleanupForError):

page/Chrome.cpp:

(WebCore::ChromeClient::shouldReplaceWithGeneratedFileForUpload): Deleted.
(WebCore::ChromeClient::generateReplacementFile): Deleted.

page/ChromeClient.h:
platform/network/FormData.cpp:

(WebCore::FormData::FormData):
(WebCore::FormData::~FormData):
(WebCore::FormData::createMultiPart):
(WebCore::FormDataElement::lengthInBytes const):
(WebCore::FormData::appendFile):
(WebCore::FormData::appendFileRange):
(WebCore::FormData::appendMultiPartFileValue):
(WebCore::FormData::appendMultiPartKeyValuePairItems):
(WebCore::FormData::resolveBlobReferences):
(WebCore::generateFileForUpload):
(WebCore::FormData::generateFilesForUpload):
(WebCore::FormData::generateFiles): Deleted.
(WebCore::FormData::hasGeneratedFiles const): Deleted.
(WebCore::FormData::hasOwnedGeneratedFiles const): Deleted.
(WebCore::FormData::removeGeneratedFilesIfNeeded): Deleted.

platform/network/FormData.h:

(WebCore::FormDataElement::FormDataElement):
(WebCore::FormDataElement::EncodedFileData::isolatedCopy const):
(WebCore::FormDataElement::EncodedFileData::operator== const):
(WebCore::FormDataElement::EncodedFileData::encode const):
(WebCore::FormDataElement::EncodedFileData::decode):

platform/network/cf/FormDataStreamCFNet.cpp:

(WebCore::advanceCurrentStream):
(WebCore::formCreate):
(WebCore::formFinalize):
(WebCore::createHTTPBodyCFReadStream):

platform/network/mac/BlobDataFileReferenceMac.mm:

(WebCore::generateFileForUpload):
(WebCore::BlobDataFileReference::generateReplacementFile):

xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::send):

Source/WebKit:

NetworkProcess/NetworkResourceLoadParameters.cpp:

(WebKit::NetworkResourceLoadParameters::encode const):

Platform/IPC/FormDataReference.h:

(IPC::FormDataReference::encode const):

Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
WebProcess/InjectedBundle/API/APIInjectedBundlePageUIClient.h:

(API::InjectedBundle::PageUIClient::shouldGenerateFileForUpload): Deleted.
(API::InjectedBundle::PageUIClient::generateFileForUpload): Deleted.

WebProcess/InjectedBundle/InjectedBundlePageUIClient.cpp:

(WebKit::InjectedBundlePageUIClient::shouldGenerateFileForUpload): Deleted.
(WebKit::InjectedBundlePageUIClient::generateFileForUpload): Deleted.

WebProcess/InjectedBundle/InjectedBundlePageUIClient.h:
WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::shouldReplaceWithGeneratedFileForUpload): Deleted.
(WebKit::WebChromeClient::generateReplacementFile): Deleted.

WebProcess/WebCoreSupport/WebChromeClient.h:
WebProcess/com.apple.WebProcess.sb.in:

Source/WebKitLegacy/mac:

DefaultDelegates/WebDefaultUIDelegate.mm:

(-[WebDefaultUIDelegate webView:shouldReplaceUploadFile:usingGeneratedFilename:]): Deleted.
(-[WebDefaultUIDelegate webView:generateReplacementFile:]): Deleted.

WebCoreSupport/WebChromeClient.h:
WebCoreSupport/WebChromeClient.mm:

(WebChromeClient::shouldReplaceWithGeneratedFileForUpload): Deleted.
(WebChromeClient::generateReplacementFile): Deleted.

WebView/WebUIDelegatePrivate.h:

Source/WTF:

Move code from BlobDataFileReference::generateReplacementFile to FileSystem::createZipArchive.

wtf/FileSystem.cpp:

(WTF::FileSystemImpl::createZipArchive):

wtf/FileSystem.h:
wtf/cocoa/FileSystemCocoa.mm:

(WTF::FileSystemImpl::createZipArchive):

Tools:

Add an API test that is Mac-only right now because runOpenPanelWithParameters is only supported on Mac for some reason
and because clicking on a TestWKWebView only works on Mac.

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKitCocoa/UploadDirectory.mm: Added.

(-[UploadDelegate initWithDirectory:]):
(-[UploadDelegate webView:runOpenPanelWithParameters:initiatedByFrame:completionHandler:]):
(-[UploadDelegate sentDirectory]):
(TEST):

TestWebKitAPI/cocoa/TestWKWebView.h:
TestWebKitAPI/cocoa/TestWKWebView.mm:

(-[TestWKWebView sendClickAtPoint:]):

3:27 PM Changeset in webkit [248138] by Alan Coon

1 copy in tags/Safari-608.2.2

Tag Safari-608.2.2.

3:26 PM Changeset in webkit [248137] by Alan Coon

1 delete in tags/Safari-608.2.2

Delete tag.

3:18 PM Changeset in webkit [248136] by Alan Coon

7 edits in branches/safari-608-branch

Apply patch. rdar://problem/53764238

3:10 PM Changeset in webkit [248135] by Alan Coon

1 copy in tags/Safari-608.2.2

Tag Safari-608.2.2.

2:45 PM Changeset in webkit [248134] by commit-queue@webkit.org

2 edits in trunk/Tools

[results.webkit.org] Timeline.CanvasXAxisComponent height should be defined by option
https://bugs.webkit.org/show_bug.cgi?id=200321

Patch by Zhifei Fang <zhifei_fang@apple.com> on 2019-08-01
Reviewed by Jonathan Bedard.

*resultsdbpy/resultsdbpy/view/static/library/js/components/TimelineComponents.js:
Let the axis' height be defined in the option. Timeine component will use this value as
padding-top for headers which allows headers start in the right position, even with multiple
top axises.
(Timeline.CanvasSeriesComponent):
(prototype.Timeline.CanvasContainer):

2:30 PM Changeset in webkit [248133] by keith_miller@apple.com

3 edits in trunk/Source/JavaScriptCore

Fix bug in testMulImm32SignExtend
https://bugs.webkit.org/show_bug.cgi?id=200358

Reviewed by Mark Lam.

Also, have it run in more configurations.

b3/testb3_2.cpp:

(testMulImm32SignExtend):

b3/testb3_3.cpp:

(addArgTests):

1:35 PM Changeset in webkit [248132] by Ryan Haddad

3 edits in branches/safari-608-branch/LayoutTests

Cherry-pick r248111. rdar://problem/53829560

Removing expectations for tests that are now consistently passing

Unreviewed test gardening.

platform/mac-wk1/TestExpectations:
platform/mac/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248111 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:27 PM Changeset in webkit [248131] by Ryan Haddad

3 edits in branches/safari-608.1-branch/LayoutTests

Cherry-pick r247919. rdar://problem/48616298

Unreviewed test gardening, update expectations for rdar://problem/48616298.

platform/ios-wk2/TestExpectations: The fast/viewport/ios directory is marked as passing in this file, which was overriding the entries in the 'ios' file.
platform/ios/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:26 PM Changeset in webkit [248130] by Ryan Haddad

3 edits in branches/safari-608-branch/LayoutTests

Cherry-pick r247919. rdar://problem/48616298

Unreviewed test gardening, update expectations for rdar://problem/48616298.

platform/ios-wk2/TestExpectations: The fast/viewport/ios directory is marked as passing in this file, which was overriding the entries in the 'ios' file.
platform/ios/TestExpectations:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247919 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:23 PM Changeset in webkit [248129] by timothy_horton@apple.com

2 edits in trunk/Source/WebKit

REGRESSION: HSBC Personal Banking download/print dialog is usually positioned off screen on iPad
https://bugs.webkit.org/show_bug.cgi?id=200356
<rdar://problem/51885199>

Reviewed by Beth Dakin.

UIProcess/ios/WebPageProxyIOS.mm:

(WebKit::desktopClassBrowsingRecommendedForRequest):
Add HSBC domains to the list of sites that recommend mobile mode by default.

1:23 PM Changeset in webkit [248128] by Ryan Haddad

2 edits in branches/safari-608-branch/Tools

Cherry-pick r248116. rdar://problem/53829168

Improve flakiness of SOAuthorizationRedirect tests
https://bugs.webkit.org/show_bug.cgi?id=200320
<rdar://problem/53767057>

Reviewed by Alex Christensen.

This patch replaces Util::sleep(0.5) in tests that expect a SOAuthorization session to wait when the corresponding WKWebView
is out of the window with a more precise boolean indicator: navigationPolicyDecided. The new boolean indicator is working and
better because the authorizationPerformed should be set in the same runloop when NavigationState::decidePolicyForNavigationAction
is executed.

TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm: (-[TestSOAuthorizationDelegate webView:decidePolicyForNavigationAction:decisionHandler:]): (resetState): (TestWebKitAPI::TEST):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248116 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:17 PM Changeset in webkit [248127] by Ryan Haddad

2 edits in branches/safari-608.1-branch/Tools

Cherry-pick r248072. rdar://problem/52355829

Unreviewed test gardening, disable failing test for rdar://52355829.

TestWebKitAPI/Tests/WebKitCocoa/ContextMenus.mm: (TEST):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248072 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:17 PM Changeset in webkit [248126] by Ryan Haddad

2 edits in branches/safari-608.1-branch/Tools

Cherry-pick r248082. rdar://problem/51752593

Unreviewed test gardening, disable failing test for rdar://51752593.

TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248082 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:15 PM Changeset in webkit [248125] by Ryan Haddad

2 edits in branches/safari-608-branch/Tools

Cherry-pick r248072. rdar://problem/52355829

Unreviewed test gardening, disable failing test for rdar://52355829.

TestWebKitAPI/Tests/WebKitCocoa/ContextMenus.mm: (TEST):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248072 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:14 PM Changeset in webkit [248124] by Ryan Haddad

2 edits in branches/safari-608-branch/Tools

Cherry-pick r248082. rdar://problem/51752593

Unreviewed test gardening, disable failing test for rdar://51752593.

TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248082 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:12 PM Changeset in webkit [248123] by Ryan Haddad

8 edits
7 copies
53 adds in branches/safari-608.1-branch/LayoutTests

Cherry-pick r248017. rdar://problem/52956165

Add test expectations and baselines for iPad
https://bugs.webkit.org/show_bug.cgi?id=199711

Unreviewed test gardening.

platform/ipad-12/TestExpectations: Added.
platform/ipad-12/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt.
platform/ipad-12/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt.
platform/ipad-12/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt.
platform/ipad-12/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt: Copied from LayoutTests/platform/ipad/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt.
platform/ipad-12/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt: Copied from LayoutTests/platform/ipad/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt.
platform/ipad-12/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt: Copied from LayoutTests/platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt.
platform/ipad/compositing/overflow/scrolling-content-clip-to-viewport-expected.txt: Added.
platform/ipad/compositing/rtl/rtl-scrolling-with-transformed-descendants-expected.txt: Added.
platform/ipad/editing/caret/ios/fixed-caret-position-after-scroll-expected.txt: Added.
platform/ipad/editing/selection/ios/do-not-hide-selection-in-visible-container-expected.txt: Added.
platform/ipad/fast/dom/navigator-iOS-userAgent-expected.txt: Added.
platform/ipad/fast/scrolling/ios/change-scrollability-on-content-resize-nested-expected.txt: Added.
platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt:
platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt:
platform/ipad/fast/scrolling/ios/reconcile-layer-position-recursive-expected.txt: Added.
platform/ipad/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt:
platform/ipad/fast/viewport/ios/shrink-to-fit-for-page-without-viewport-meta-expected.txt: Added.
platform/ipad/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt:
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-height-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-innerheight-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-innerwidth-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-width-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-tokenization-innerheight-innerwidth-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-tokenization-width-height-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/workers/WorkerNavigator_platform-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/workers/interfaces/WorkerUtils/navigator/004-expected.txt: Added.
platform/ipad/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt:
platform/ipad/scrollingcoordinator/ios/fixed-in-frame-layer-reconcile-layer-position-expected.txt: Added.
platform/ipad/scrollingcoordinator/ios/fixed-in-overflow-scroll-scrolling-tree-expected.txt: Added.
platform/ipad/scrollingcoordinator/ios/fixed-scrolling-with-keyboard-expected.txt: Copied from LayoutTests/platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt.
platform/ipad/scrollingcoordinator/ios/non-stable-viewport-scroll-expected.txt: Added.
platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248017 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:09 PM Changeset in webkit [248122] by Ryan Haddad

8 edits
7 copies
53 adds in branches/safari-608-branch/LayoutTests

Cherry-pick r248017. rdar://problem/52956165

Add test expectations and baselines for iPad
https://bugs.webkit.org/show_bug.cgi?id=199711

Unreviewed test gardening.

platform/ipad-12/TestExpectations: Added.
platform/ipad-12/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt.
platform/ipad-12/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt.
platform/ipad-12/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt.
platform/ipad-12/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt: Copied from LayoutTests/platform/ipad/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt.
platform/ipad-12/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt: Copied from LayoutTests/platform/ipad/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt.
platform/ipad-12/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt: Copied from LayoutTests/platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt.
platform/ipad/compositing/overflow/scrolling-content-clip-to-viewport-expected.txt: Added.
platform/ipad/compositing/rtl/rtl-scrolling-with-transformed-descendants-expected.txt: Added.
platform/ipad/editing/caret/ios/fixed-caret-position-after-scroll-expected.txt: Added.
platform/ipad/editing/selection/ios/do-not-hide-selection-in-visible-container-expected.txt: Added.
platform/ipad/fast/dom/navigator-iOS-userAgent-expected.txt: Added.
platform/ipad/fast/scrolling/ios/change-scrollability-on-content-resize-nested-expected.txt: Added.
platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt:
platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt:
platform/ipad/fast/scrolling/ios/reconcile-layer-position-recursive-expected.txt: Added.
platform/ipad/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt:
platform/ipad/fast/viewport/ios/shrink-to-fit-for-page-without-viewport-meta-expected.txt: Added.
platform/ipad/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt:
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-height-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-innerheight-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-innerwidth-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-width-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-tokenization-innerheight-innerwidth-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-tokenization-width-height-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/workers/WorkerNavigator_platform-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/workers/interfaces/WorkerUtils/navigator/004-expected.txt: Added.
platform/ipad/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt:
platform/ipad/scrollingcoordinator/ios/fixed-in-frame-layer-reconcile-layer-position-expected.txt: Added.
platform/ipad/scrollingcoordinator/ios/fixed-in-overflow-scroll-scrolling-tree-expected.txt: Added.
platform/ipad/scrollingcoordinator/ios/fixed-scrolling-with-keyboard-expected.txt: Copied from LayoutTests/platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt.
platform/ipad/scrollingcoordinator/ios/non-stable-viewport-scroll-expected.txt: Added.
platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@248017 268f45cc-cd09-0410-ab3c-d52691b4dbfc

12:53 PM Changeset in webkit [248121] by Chris Dumez

5 edits in trunk/Source/WebKit

Crash under WebProcessProxy::didBecomeUnresponsive()
https://bugs.webkit.org/show_bug.cgi?id=200346
<rdar://problem/53795984>

Reviewed by Geoffrey Garen.

Make sure the BackgroundProcessResponsivenessTimer / ResponsivenessTimer ref their client
while they call mayBecomeUnresponsive() / willChangeIsResponsive() / didChangeIsResponsive()
/ didBecomeUnresponsive() on their client, in case calling one of these ends up destroying
the client.

UIProcess/BackgroundProcessResponsivenessTimer.cpp:

(WebKit::BackgroundProcessResponsivenessTimer::setResponsive):

UIProcess/ResponsivenessTimer.cpp:

(WebKit::ResponsivenessTimer::timerFired):

UIProcess/ResponsivenessTimer.h:
UIProcess/WebProcessProxy.h:

12:52 PM Changeset in webkit [248120] by Ryan Haddad

6 edits in branches/safari-608.1-branch/LayoutTests

Cherry-pick layout test changes for r247866. rdar://problem/53648067

Unable to tap/double tap to open files/folders in Google Drive in Safari
https://bugs.webkit.org/show_bug.cgi?id=200096
<rdar://problem/52748552>

Reviewed by Wenson Hsieh.

Rebaseline (progression).
Payment request tests activate elements by tapping on them at a high speed, triggering double clicks instead. Let's slow them down a bit.

fast/events/touch/ios/double-tap-for-double-click3-expected.txt:
http/tests/adClickAttribution/anchor-tag-attributes-validation.html:
http/tests/resources/payment-request.js: (activateThen):
resources/ui-helper.js: (window.UIHelper.activateElementAtHumanSpeed.return.new.Promise): (window.UIHelper.activateElementAtHumanSpeed):
tests-options.json:

12:50 PM Changeset in webkit [248119] by Ryan Haddad

6 edits in branches/safari-608-branch/LayoutTests

Cherry-pick layout test changes for r247866. rdar://problem/53648067

Unable to tap/double tap to open files/folders in Google Drive in Safari
https://bugs.webkit.org/show_bug.cgi?id=200096
<rdar://problem/52748552>

Reviewed by Wenson Hsieh.

Rebaseline (progression).
Payment request tests activate elements by tapping on them at a high speed, triggering double clicks instead. Let's slow them down a bit.

fast/events/touch/ios/double-tap-for-double-click3-expected.txt:
http/tests/adClickAttribution/anchor-tag-attributes-validation.html:
http/tests/resources/payment-request.js: (activateThen):
resources/ui-helper.js: (window.UIHelper.activateElementAtHumanSpeed.return.new.Promise): (window.UIHelper.activateElementAtHumanSpeed):
tests-options.json:

12:43 PM Changeset in webkit [248118] by pvollan@apple.com

2 edits in trunk/Source/WTF

Initialize memory pressure flag in MemoryPressureHandler
https://bugs.webkit.org/show_bug.cgi?id=200353

Reviewed by Geoffrey Garen.

The flag 'm_underMemoryPressure' in MemoryPressureHandler should be initialized to 'false'.

wtf/MemoryPressureHandler.h:

12:43 PM Changeset in webkit [248117] by commit-queue@webkit.org

2 edits in trunk/Tools

results.webkit.org: Collision detection for dots is off by 2 * dotMargin
https://bugs.webkit.org/show_bug.cgi?id=200347

Patch by Zhifei Fang <zhifei_fang@apple.com> on 2019-08-01
Reviewed by Jonathan Bedard.

resultsdbpy/resultsdbpy/view/static/library/js/components/TimelineComponents.js:

(Timeline.CanvasSeriesComponent): Need to change it to dotMargin + radius other than use a fixed 3 * radius, which is for the old wide timeline

12:32 PM Changeset in webkit [248116] by jiewen_tan@apple.com

2 edits in trunk/Tools

Improve flakiness of SOAuthorizationRedirect tests
https://bugs.webkit.org/show_bug.cgi?id=200320
<rdar://problem/53767057>

Reviewed by Alex Christensen.

This patch replaces Util::sleep(0.5) in tests that expect a SOAuthorization session to wait when the corresponding WKWebView
is out of the window with a more precise boolean indicator: navigationPolicyDecided. The new boolean indicator is working and
better because the authorizationPerformed should be set in the same runloop when NavigationState::decidePolicyForNavigationAction
is executed.

TestWebKitAPI/Tests/WebKitCocoa/TestSOAuthorization.mm:

(-[TestSOAuthorizationDelegate webView:decidePolicyForNavigationAction:decisionHandler:]):
(resetState):
(TestWebKitAPI::TEST):

12:12 PM Changeset in webkit [248115] by Ross Kirsling

39 edits
31 copies
58 moves
234 adds in trunk/JSTests

Update Test262 (2019.08.01)
https://bugs.webkit.org/show_bug.cgi?id=200351

Reviewed by Keith Miller.

test262/expectations.yaml:
test262/harness/testIntl.js:
test262/latest-changes-summary.txt:
test262/test/:
test262/test262-Revision.txt:

12:03 PM Changeset in webkit [248114] by Alan Coon

2 edits in branches/safari-608-branch/Source/WebKit

Cherry-pick r248085. rdar://problem/53825741

WKImagePreviewViewController not being autoreleased
https://bugs.webkit.org/show_bug.cgi?id=200325
<rdar://problem/53788214>

Reviewed by Wenson Hsieh.

Wenson noticed I wasn't autoreleasing the WKImagePreviewViewController.

UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView continueContextMenuInteraction:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248085 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:38 AM Changeset in webkit [248113] by Chris Dumez

2 edits in trunk/Source/WTF

Add threading assertion to WeakPtr's operator->()
https://bugs.webkit.org/show_bug.cgi?id=199922

Reviewed by Ryosuke Niwa.

Add threading assertion to WeakPtr's operator->() to make sure that the WeakPtr
always gets dereferenced on the same thread it was constructed on.

wtf/WeakPtr.h:

(WTF::WeakPtrImpl::get):
(WTF::WeakPtrImpl::WeakPtrImpl):

11:32 AM Changeset in webkit [248112] by Wenson Hsieh

8 edits
2 adds in trunk

[Text autosizing] [iPadOS] Add targeted hacks to address some remaining text autosizing issues
https://bugs.webkit.org/show_bug.cgi?id=200271
<rdar://problem/51734741>

Reviewed by Zalan Bujtas.

Source/WebCore:

Makes some targeted adjustments to the text autosizing heuristic, to ensure compatibility with several high-
profile websites. See changes below for more detail.

Tests: fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidate-special-cases.html

fast/text-autosizing/ios/idempotentmode/line-height-boosting.html

css/StyleResolver.cpp:

(WebCore::StyleResolver::adjustRenderStyleForTextAutosizing):

Avoid clipped sidebar links on sohu.com by not performing line-height boosting in the case where the element
probably has a small, fixed number of lines. See below for more detail. Additionally, don't attempt to adjust
the line height using the boosted font size, in the case where the element is not a candidate for idempotent
text autosizing.

rendering/style/RenderStyle.cpp:

(WebCore::RenderStyle::isIdempotentTextAutosizingCandidate const):

Make various targeted hacks to fix a few websites:

Add a special case for top navigation bar links on yandex.ru, where line height greatly exceeds the

specified font size.

Avoid boosting some related video links on v.youku.com by considering the line-clamp CSS property when

determining the maximum number of lines of text an element is expected to contain.

Avoid boosting some front page links on asahi.com, which have non-repeating background images.

Add several other adjustments to more aggressively boost pieces of text on Google search results, such as

taking the word-break CSS property into account.

The bottom few pixels of sidebar links on naver.com are also no longer clipped after these changes.

rendering/style/TextSizeAdjustment.cpp:

(WebCore::AutosizeStatus::probablyContainsASmallFixedNumberOfLines):

Pulls out a piece of the heuristic added to fix sephora.com in r247467 out into a separate helper method. To
recap, this heuristic identifies elements with both a fixed height and fixed line height, for which the fixed
height is close to an integer multiple of the line height.

Also makes several small tweaks in the process: (1) change the max difference between fixed line height and
font size from 6 to 5 to ensure that some multiline caption text on Google search results is boosted, and (2)
replace usages of lineHeight() with specifiedLineHeight(), which current prevents this function from being
truly idempotent.

(WebCore::AutosizeStatus::updateStatus):

rendering/style/TextSizeAdjustment.h:

LayoutTests:

Add tests to cover some changes to line height boosting and the idempotent text autosizing candidate heuristic.

fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidate-special-cases-expected.txt: Added.
fast/text-autosizing/ios/idempotentmode/idempotent-autosizing-candidate-special-cases.html: Added.
fast/text-autosizing/ios/idempotentmode/line-height-boosting-expected.txt:
fast/text-autosizing/ios/idempotentmode/line-height-boosting.html:

11:29 AM Changeset in webkit [248111] by Truitt Savell

3 edits in trunk/LayoutTests

Removing expectations for tests that are now consistently passing

Unreviewed test gardening.

platform/mac-wk1/TestExpectations:
platform/mac/TestExpectations:

11:02 AM Changeset in webkit [248110] by Dewei Zhu

2 edits in trunk/Websites/perf.webkit.org

Dashboard should defaults to first dashboard page when summary page is not available.
https://bugs.webkit.org/show_bug.cgi?id=200180

Reviewed by Ryosuke Niwa.

Fix a bug that charts page will become the default when there is no summary page but there
is at least one dashboard page.

public/v3/main.js: Charts page and analysis category page should not be considered as summay pages.

(main):

10:55 AM Changeset in webkit [248109] by Alan Coon

6 edits
1 move in branches/safari-608.1-branch

Cherry-pick r248095. rdar://problem/53820663

REGRESSION (r240942): first visually non-empty layout milestone is not reached in media documents until after the video finishes loading
https://bugs.webkit.org/show_bug.cgi?id=200293
<rdar://problem/52937749>

Reviewed by Alex Christensen.

Source/WebCore:

r240942 changed FrameView::qualifiesAsVisuallyNonEmpty() to consider only documents in the
Interactive or Complete ready states as "finished parsing". Documents considered finished
parsing can qualify as visually non-empty even without exceeding the visual character or
pixel thresholds, but documents considered not finished must first exceed one of these
thresholds in order to qualify as visually non-empty.

HTMLDocuments are placed in the Interactive ready state by their HTMLDocumentParsers.
However, HTMLDocument subclasses like ImageDocument and MediaDocument use their own custom
parsers that never set the Interactive ready state on their documents; these documents go
from Loading directly to Complete.

In order for these HTMLDocument subclasses to be considered visually non-empty before they
finish loading they must render something that exceeds the visual character or pixel
thresholds. For image documents, rendering the image is usually enough to cross the
threshold, but for media documents the visual pixel threshold was never crossed because
videos did not contribute to the visually non-empty pixel count.

As a result, media documents are not considered visually non-empty until the main resource
finishes loading. On iOS this means that the layer tree remains frozen until this point,
even though the media might have started autoplaying with audio long before it finished
loading.

Fix this by teaching RenderVideo to contribute the video player's size to FrameView's
visually non-empty pixel count once the video player has loaded enough data to determine its
intrinsic size. Videos that render more than 1024 pixels will qualify a media document as
visually non-empty even when it is still loading its main resource.

Added a new API test.

rendering/RenderImage.cpp: (WebCore::RenderImage::imageChanged): (WebCore::RenderImage::incrementVisuallyNonEmptyPixelCountIfNeeded):
rendering/RenderImage.h:
rendering/RenderVideo.cpp: (WebCore::RenderVideo::updateIntrinsicSize):

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKitCocoa/FirstVisuallyNonEmptyMilestone.mm: Renamed from Tools/TestWebKitAPI/Tests/WebKit/FirstVisuallyNonEmptyMilestoneWithDeferredScript.mm. (-[FirstPaintMessageHandler userContentController:didReceiveScriptMessage:]): (-[RenderingProgressNavigationDelegate _webView:renderingProgressDidChange:]): (-[RenderingProgressNavigationDelegate webView:didFinishNavigation:]): (TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248095 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10:55 AM Changeset in webkit [248108] by Alan Coon

2 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r247905. rdar://problem/53820893

Possible use-after-move under NetworkConnectionToWebProcess::resourceLoadStatisticsUpdated()
https://bugs.webkit.org/show_bug.cgi?id=200225

Reviewed by Brent Fulgham.

The code was WTFMove()-ing the method parameter inside of a loop, which means that it could
move it several times. Instead of copying the parameters, I opted into sending the statistics
only to the network session that matches this WebProcess connection.

NetworkProcess/NetworkConnectionToWebProcess.cpp: (WebKit::NetworkConnectionToWebProcess::resourceLoadStatisticsUpdated):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247905 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10:55 AM Changeset in webkit [248107] by Alan Coon

5 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r247784. rdar://problem/53820819

Crash under WebKit:WTF::Detail::CallableWrapper<WebKit::ResourceLoadStatisticsMemoryStore::updateCookieBlocking(WTF::CompletionHandler<void ()>&&)::$_32::operator()()::'lambda'(), void>::call
https://bugs.webkit.org/show_bug.cgi?id=200071
<rdar://problem/53335583>

Reviewed by Brent Fulgham and Youenn Fablet.

The WebResourceLoadStatisticsStore is a main thread object. In its destructor, it was dispatching
to the background queue to destroy the m_statisticsStore / m_persistentStorage data members, which
live on the background queue. It would then synchronously wait for the background queue to finish
destroying them. The idea was to guarantee that the ResourceLoadStatisticsMemoryStore and the
ResourceLoadStatisticsPersistentStorage would never outlive the WebResourceLoadStatisticsStore,
given that they keep a raw pointer back to the WebResourceLoadStatisticsStore (via m_store data
member).

The issue is that *while* the WebResourceLoadStatisticsStore destructor is running on the main
thread, the background queue may be running code in ResourceLoadStatisticsMemoryStore or
ResourceLoadStatisticsPersistentStorage which refs the WebResourceLoadStatisticsStore, even
though its ref count has already reached 0. It is actually a common pattern in
ResourceLoadStatisticsMemoryStore to call RunLoop::main().dispatch() and ref their m_store in
the lambda, so that they can interact with the WebResourceLoadStatisticsStore.

To address the issue, we now destroy m_statisticsStore / m_persistentStorage *before* the
WebResourceLoadStatisticsStore destructor runs. The NetworkSession destructor now calls
WebResourceLoadStatisticsStore::didDestroyNetworkSession() which takes care of destroying
m_statisticsStore / m_persistentStorage on the background queue, synchronously. The
WebResourceLoadStatisticsStore destructor will only run later, once all remaining references
to it are gone.

NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp: (WebKit::WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore): (WebKit::WebResourceLoadStatisticsStore::didDestroyNetworkSession):
NetworkProcess/Classifier/WebResourceLoadStatisticsStore.h:
NetworkProcess/NetworkSession.cpp: (WebKit::NetworkSession::~NetworkSession):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247784 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10:52 AM Changeset in webkit [248106] by Keith Rollin

4 edits
2 adds in trunk/Tools

Update TestWebKitAPI for XCBuild
https://bugs.webkit.org/show_bug.cgi?id=200311
<rdar://problem/53773804>

Reviewed by Alex Christensen.

Bug 199728 (svn 247402) updated TestWebKitAPI to use the unified-build
technique. Now update WebKitLegacy to build under XCBuild after those
changes. This work involves adding an "Apply Configuration to
XCFileLists" build target, adding a check-xcfilelists.sh script,
adding a "Check xcfilelists" build phase that calls that script,
adding knowledge of the project to the generate-xcfilelists script,
creating new .xcfilelist files, and adding those to the project.

Scripts/webkitpy/generate_xcfilelists_lib/application.py:

(Application.init):

Scripts/webkitpy/generate_xcfilelists_lib/generators.py:

(WebKitTestRunnerGenerator._get_generate_derived_sources_script):
(TestWebKitAPIGenerator):
(TestWebKitAPIGenerator._get_project_file_path):
(TestWebKitAPIGenerator._get_generate_unified_sources_script):

TestWebKitAPI/Scripts/check-xcfilelists.sh: Added.
TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/UnifiedSources-output.xcfilelist: Added.

10:13 AM Changeset in webkit [248105] by mark.lam@apple.com

8 edits in trunk/Source

Rename DOMJIT safe/unsafeFunction to functionWithTypeChecks and functionWithoutTypeChecks.
https://bugs.webkit.org/show_bug.cgi?id=200323

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

The DOMJIT has a notion of a safeFunction and an unsafeFunction. The safeFunction
is effectively the same as the unsafeFunction with added type check. The DFG/FTL
will emit code to call the unsafeFunction if it has already emitted the needed
type check or proven that it isn't needed. Otherwise, the DFG/FTL will emit
code to call the safeFunction (which does its own type check) instead.

This patch renames these functions to better describe their difference.

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCallDOM):

domjit/DOMJITSignature.h:

(JSC::DOMJIT::Signature::Signature):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCallDOM):

tools/JSDollarVM.cpp:

(JSC::DOMJITFunctionObject::functionWithTypeCheck):
(JSC::DOMJITFunctionObject::functionWithoutTypeCheck):
(JSC::DOMJITFunctionObject::finishCreation):
(JSC::DOMJITCheckSubClassObject::functionWithTypeCheck):
(JSC::DOMJITCheckSubClassObject::functionWithoutTypeCheck):
(JSC::DOMJITCheckSubClassObject::finishCreation):
(JSC::DOMJITFunctionObject::safeFunction): Deleted.
(JSC::DOMJITFunctionObject::unsafeFunction): Deleted.
(JSC::DOMJITCheckSubClassObject::safeFunction): Deleted.
(JSC::DOMJITCheckSubClassObject::unsafeFunction): Deleted.

Source/WebCore:

No new tests. This is just a refactoring exercise.

bindings/scripts/CodeGeneratorJS.pm:

(GetArgumentTypeForFunctionWithoutTypeCheck):
(GenerateImplementation):
(GenerateOperationDefinition):
(ToNativeForFunctionWithoutTypeCheck):
(GetUnsafeArgumentType): Deleted.
(UnsafeToNative): Deleted.

bindings/scripts/test/JS/JSTestDOMJIT.cpp:

(WebCore::jsTestDOMJITPrototypeFunctionGetAttributeWithoutTypeCheck):
(WebCore::jsTestDOMJITPrototypeFunctionItemWithoutTypeCheck):
(WebCore::jsTestDOMJITPrototypeFunctionHasAttributeWithoutTypeCheck):
(WebCore::jsTestDOMJITPrototypeFunctionGetElementByIdWithoutTypeCheck):
(WebCore::jsTestDOMJITPrototypeFunctionGetElementsByNameWithoutTypeCheck):
(WebCore::unsafeJsTestDOMJITPrototypeFunctionGetAttribute): Deleted.
(WebCore::unsafeJsTestDOMJITPrototypeFunctionItem): Deleted.
(WebCore::unsafeJsTestDOMJITPrototypeFunctionHasAttribute): Deleted.
(WebCore::unsafeJsTestDOMJITPrototypeFunctionGetElementById): Deleted.
(WebCore::unsafeJsTestDOMJITPrototypeFunctionGetElementsByName): Deleted.

9:17 AM Changeset in webkit [248104] by youenn@apple.com

8 edits
3 adds in trunk

UserMediaPermissionRequestManagerProxy should not use audio+video denied requests to deny audio-only or video-only requests
https://bugs.webkit.org/show_bug.cgi?id=200317

Reviewed by Eric Carlson.

Source/WebKit:

Only match audio+video denied requests with new audio+video requests.
That will ensure that audio can still be captured if user denied access to the camera through preferences
and website started with a getUserMedia({audio: true, video: true}) call.
Covered by added API test.

UIProcess/UserMediaPermissionRequestManagerProxy.cpp:

(WebKit::UserMediaPermissionRequestManagerProxy::wasRequestDenied):

Tools:

TestWebKitAPI/Tests/WebKit/getUserMediaAudioVideoCapture.html: Added
TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit/GetUserMediaReprompt.mm:

(-[GetUserMediaOnlyAudioUIDelegate _webView:requestMediaCaptureAuthorization:decisionHandler:]):
(-[GetUserMediaOnlyAudioUIDelegate _webView:checkUserMediaPermissionForURL:mainFrameURL:frameIdentifier:decisionHandler:]):
(TestWebKitAPI::TEST):

LayoutTests:

Update existing test with new behavior.
Added new test for the case where video is blocked but not audio.

fast/mediastream/getUserMedia-deny-persistency3-expected.txt:
fast/mediastream/getUserMedia-deny-persistency3.html:
fast/mediastream/getUserMedia-deny-persistency4-expected.txt: Added.
fast/mediastream/getUserMedia-deny-persistency4.html: Added.

8:14 AM Changeset in webkit [248103] by aakash_jain@apple.com

2 edits in trunk/Tools

New EWS: Cannot see build status page when patch is waiting for tester
https://bugs.webkit.org/show_bug.cgi?id=200333

Reviewed by Jonathan Bedard.

BuildSlaveSupport/ews-app/ews/views/statusbubble.py:

(StatusBubble): While patch hasn't started processing on tester queue, display build information from builder queue.

7:21 AM Changeset in webkit [248102] by Carlos Garcia Campos

15 edits
38 adds in trunk

[SOUP] WebSockets: add support for extensions when using web sockets libsoup API
https://bugs.webkit.org/show_bug.cgi?id=199943

Reviewed by Alex Christensen.

Source/WebCore:

Add SOUP_TYPE_WEBSOCKET_EXTENSION_MANAGER feature to the soup session to enable WebSocket extensions.

Tests: http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-comp-bit-onoff.html

http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-invalid-parameter.html
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-parameter.html
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-set-bfinal.html
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-split-frames.html
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-unsolicited-negotiation-response.html
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-window-bits.html

platform/network/soup/SoupNetworkSession.cpp:

(WebCore::SoupNetworkSession::SoupNetworkSession):

Source/WebKit:

NetworkProcess/NetworkSocketChannel.cpp:

(WebKit::NetworkSocketChannel::didConnect): Add extensions parameter and pass it to the IPC message.

NetworkProcess/NetworkSocketChannel.h:
NetworkProcess/cocoa/WebSocketTaskCocoa.mm:

(WebKit::WebSocketTask::didConnect): Pass empty extensions string.

NetworkProcess/soup/WebSocketTaskSoup.cpp:

(WebKit::WebSocketTask::acceptedExtensions const): Build the accepted extensions string.
(WebKit::WebSocketTask::didConnect): Pass accepted extensions to NetworkSocketChannel::didConnect().

NetworkProcess/soup/WebSocketTaskSoup.h:
WebProcess/Network/WebSocketChannel.cpp:

(WebKit::WebSocketChannel::extensions): Return the extensions string received from the network process.
(WebKit::WebSocketChannel::didConnect): Save the extensions string.

WebProcess/Network/WebSocketChannel.h:
WebProcess/Network/WebSocketChannel.messages.in:

LayoutTests:

Add new tests for permessage-deflate imported from blink and rebaseline existing tests.

TestExpectations: Skip permessage-deflate tests by default.
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-comp-bit-onoff.html: Added.
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-invalid-parameter.html: Added.
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-invalid-parameter_wsh.py: Added.
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-manual_wsh.py: Added.
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-parameter.html: Added.
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-set-bfinal.html: Added.
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-split-frames.html: Added.
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-split-frames_wsh.py: Added.
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-unsolicited-negotiation-response.html: Added.
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-unsolicited-negotiation-response_wsh.py: Added.
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-window-bits.html: Added.
http/tests/websocket/tests/hybi/imported/blink/permessage-deflate_wsh.py: Added.
platform/gtk/TestExpectations: Enable permessage-deflate tests.
platform/gtk/http/tests/websocket/tests/hybi/deflate-frame-invalid-parameter-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/deflate-frame-parameter-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/extensions-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-comp-bit-onoff-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-invalid-parameter-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-parameter-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-set-bfinal-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-split-frames-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-unsolicited-negotiation-response-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-window-bits-expected.txt: Added.
platform/wpe/TestExpectations: Enable permessage-deflate tests.
platform/wpe/http/tests/websocket/tests/hybi/deflate-frame-invalid-parameter-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/deflate-frame-parameter-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/extensions-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-comp-bit-onoff-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-invalid-parameter-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-parameter-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-set-bfinal-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-split-frames-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-unsolicited-negotiation-response-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/imported/blink/permessage-deflate-window-bits-expected.txt: Added.

7:05 AM Changeset in webkit [248101] by Chris Dumez

2 edits in trunk/Source/WebCore

[iOS][WK1] Unsafe unsafe of WeakPtr<Document> from UIThread under PlaybackSessionInterfaceAVKit::PlaybackSessionInterfaceAVKit()
https://bugs.webkit.org/show_bug.cgi?id=200324

Reviewed by Ryosuke Niwa.

The Document is a WebThread object, but a WeakPtr<Document> was dereferenced from the
UIThread in HTMLMediaElement::supportsSeeking(), from the PlaybackSessionInterfaceAVKit
constructor. To address the issue we now grab the WebThread lock before constructing
the PlaybackSessionInterfaceAVKit.

platform/ios/WebVideoFullscreenControllerAVKit.mm:

(VideoFullscreenControllerContext::setUpFullscreen):

6:36 AM Changeset in webkit [248100] by commit-queue@webkit.org

2 edits in trunk/Source/ThirdParty/libwebrtc

Fix libwebrtc build with Linux 5.2 headers
https://bugs.webkit.org/show_bug.cgi?id=200342

Patch by Loïc Yhuel <loic.yhuel@softathome.com> on 2019-08-01
Reviewed by Eric Carlson.

We need to include linux/sockios.h for SIOCGSTAMP.
Take upstream fix from https://bugs.chromium.org/p/webrtc/issues/detail?id=10677.

Source/webrtc/rtc_base/physicalsocketserver.cc:

4:46 AM Changeset in webkit [248099] by Carlos Garcia Campos

14 edits
176 adds
4 deletes in trunk

[SOUP] Switch to use libsoup WebSockets API
https://bugs.webkit.org/show_bug.cgi?id=200162

Reviewed by Michael Catanzaro.

Source/WebCore:

Use the libsoup WebSockets API unconditionally for libsoup based ports.

Modules/websockets/ThreadableWebSocketChannel.cpp:

(WebCore::ThreadableWebSocketChannel::create): Do not check the env var anymore.

platform/SourcesSoup.txt:
platform/network/SocketStreamHandleImpl.cpp:
platform/network/StorageSessionProvider.h:
platform/network/soup/SocketStreamHandleImpl.h:
platform/network/soup/SocketStreamHandleImplSoup.cpp: Removed.

Source/WebKit:

Remove temporary method added for old WebSockets implementation.

NetworkProcess/NetworkStorageSessionProvider.h:

Tools:

Update libsoup version to 2.67.90.

gtk/jhbuild.modules:
wpe/jhbuild.modules:

LayoutTests:

platform/gtk/TestExpectations:
platform/gtk/http/tests/websocket/tests/hybi/broken-utf8-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/close-before-open-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/close-code-and-reason-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/close-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/closed-when-entering-page-cache-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/compressed-control-frame-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/fragmented-control-frame-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-error-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-maxlength-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-more-extensions-header-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-more-protocol-header-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-no-connection-header-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-no-cr-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-no-upgrade-header-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/interleaved-fragments-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/invalid-continuation-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/invalid-encode-length-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/invalid-masked-frames-from-server-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/long-control-frame-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/long-invalid-header-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/network-process-crash-error-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/reserved-bits-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/reserved-opcodes-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/secure-cookie-secure-connection-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/send-object-tostring-check-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/simple-wss-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/stop-on-resume-in-error-handler-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/too-long-payload-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/websocket-allowed-setting-cookie-as-third-party-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/websocket-event-target-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/workers/close-code-and-reason-expected.txt: Added.
platform/gtk/http/tests/websocket/tests/hybi/workers/close-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args-expected.txt: Removed.
platform/gtk/imported/w3c/web-platform-tests/pointerevents/pointerevent_touch-action-illegal-expected.txt: Removed.
platform/gtk/imported/w3c/web-platform-tests/websockets/Create-valid-url-protocol-empty.any-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/Create-valid-url-protocol-empty.any.worker-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/Send-65K-data.any-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/Send-binary-65K-arraybuffer.any-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/Send-binary-arraybuffer.any-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/Send-data.any-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/Send-paired-surrogates.any-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/basic-auth.any-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/basic-auth.any.worker-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/closing-handshake/003-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/cookies/004-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-arraybuffer-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-blob-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-deleting-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-large-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-unicode-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/close/close-multiple-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/close/close-nested-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/close/close-return-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/017-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/018-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/019-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/readyState/003-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/opening-handshake/001-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/opening-handshake/003-sets-origin.worker-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/opening-handshake/005-expected.txt: Added.
platform/gtk/imported/w3c/web-platform-tests/websockets/security/001-expected.txt: Added.
platform/gtk/js/intl-datetimeformat-expected.txt: Removed.
platform/wpe/TestExpectations:
platform/wpe/http/tests/websocket/tests/hybi/broken-utf8-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/close-before-open-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/close-code-and-reason-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/close-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/closed-when-entering-page-cache-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/compressed-control-frame-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/fragmented-control-frame-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-error-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-maxlength-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-mismatch-protocol-header-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-more-accept-header-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-more-extensions-header-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-more-protocol-header-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-no-connection-header-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-no-cr-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-no-upgrade-header-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/interleaved-fragments-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/invalid-continuation-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/invalid-encode-length-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/invalid-masked-frames-from-server-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/long-control-frame-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/long-invalid-header-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/network-process-crash-error-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/reserved-bits-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/reserved-opcodes-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/secure-cookie-secure-connection-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/send-object-tostring-check-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/simple-wss-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/stop-on-resume-in-error-handler-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/too-long-payload-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/websocket-allowed-setting-cookie-as-third-party-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/websocket-cookie-overwrite-behavior-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/websocket-event-target-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/workers/close-code-and-reason-expected.txt: Added.
platform/wpe/http/tests/websocket/tests/hybi/workers/close-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/Create-valid-url-protocol-empty.any-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/Create-valid-url-protocol-empty.any.worker-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/Send-65K-data.any-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/Send-binary-65K-arraybuffer.any-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/Send-binary-arraybuffer.any-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/Send-data.any-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/Send-paired-surrogates.any-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/basic-auth.any-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/basic-auth.any.worker-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/closing-handshake/003-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/cookies/004-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-arraybuffer-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-blob-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-deleting-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-large-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/bufferedAmount/bufferedAmount-unicode-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/close/close-multiple-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/close/close-nested-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/close/close-return-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/017-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/018-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/events/019-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/interfaces/WebSocket/readyState/003-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/opening-handshake/001-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/opening-handshake/003-sets-origin.worker-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/opening-handshake/005-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/security/001-expected.txt: Added.

Jul 31, 2019:

10:58 PM Changeset in webkit [248098] by commit-queue@webkit.org

7 edits in trunk/Source/JavaScriptCore

Begin organizing b3 tests
https://bugs.webkit.org/show_bug.cgi?id=200330

Patch by Alex Christensen <achristensen@webkit.org> on 2019-07-31
Reviewed by Keith Miller.

b3/testb3.h:
b3/testb3_1.cpp:

(run):
(zero): Deleted.
(negativeZero): Deleted.

b3/testb3_2.cpp:

(testBitXorTreeArgs):
(testBitXorTreeArgsEven):
(testBitXorTreeArgImm):
(testBitAndTreeArg32):
(testBitOrTreeArg32):
(testBitAndArgs):
(testBitAndSameArg):
(testBitAndNotNot):
(testBitAndNotImm):
(testBitAndImms):
(testBitAndArgImm):
(testBitAndImmArg):
(testBitAndBitAndArgImmImm):
(testBitAndImmBitAndArgImm):
(testBitAndArgs32):
(testBitAndSameArg32):
(testBitAndImms32):
(testBitAndArgImm32):
(testBitAndImmArg32):
(testBitAndBitAndArgImmImm32):
(testBitAndImmBitAndArgImm32):
(testBitAndWithMaskReturnsBooleans):
(testBitAndArgDouble):
(testBitAndArgsDouble):
(testBitAndArgImmDouble):
(testBitAndImmsDouble):
(testBitAndArgFloat):
(testBitAndArgsFloat):
(testBitAndArgImmFloat):
(testBitAndImmsFloat):
(testBitAndArgsFloatWithUselessDoubleConversion):
(testBitOrArgs):
(testBitOrSameArg):
(testBitOrAndAndArgs):
(testBitOrAndSameArgs):
(testBitOrNotNot):
(testBitOrNotImm):
(testBitOrImms):
(testBitOrArgImm):
(testBitOrImmArg):
(testBitOrBitOrArgImmImm):
(testBitOrImmBitOrArgImm):
(testBitOrArgs32):
(testBitOrSameArg32):
(testBitOrImms32):
(testBitOrArgImm32):
(testBitOrImmArg32):
(addBitTests):

b3/testb3_3.cpp:

(testSShrArgs):
(testSShrImms):
(testSShrArgImm):
(testSShrArg32):
(testSShrArgs32):
(testSShrImms32):
(testSShrArgImm32):
(testZShrArgs):
(testZShrImms):
(testZShrArgImm):
(testZShrArg32):
(testZShrArgs32):
(testZShrImms32):
(testZShrArgImm32):
(zero):
(negativeZero):
(addArgTests):
(addCallTests):
(addShrTests):

b3/testb3_4.cpp:

(addSExtTests):

b3/testb3_6.cpp:

(testSShrShl32):
(testSShrShl64):
(addSShrShTests):

10:19 PM Changeset in webkit [248097] by Devin Rousso

14 edits
4 moves
4 adds in trunk

Web Inspector: Debugger: support emulateUserGesture parameter in Debugger.evaluateOnCallFrame
https://bugs.webkit.org/show_bug.cgi?id=200272

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

When paused, evaluating in the console should still respect the "Emulate User Gesture" checkbox.

inspector/protocol/Debugger.json:
inspector/agents/InspectorDebuggerAgent.h:
inspector/agents/InspectorDebuggerAgent.cpp:

(Inspector::InspectorDebuggerAgent::evaluateOnCallFrame):

Source/WebCore:

When paused, evaluating in the console should still respect the "Emulate User Gesture" checkbox.

Tests: inspector/debugger/evaluateOnCallFrame-emulateUserGesture.html

inspector/debugger/evaluateOnCallFrame-emulateUserGesture-userIsInteracting.html

inspector/agents/page/PageDebuggerAgent.h:
inspector/agents/page/PageDebuggerAgent.cpp:

(WebCore::PageDebuggerAgent::evaluateOnCallFrame): Added.

Source/WebInspectorUI:

When paused, evaluating in the console should still respect the "Emulate User Gesture" checkbox.

UserInterface/Controllers/RuntimeManager.js:

(WI.RuntimeManager.prototype.evaluateInInspectedWindow):

UserInterface/Protocol/Legacy/13.0/InspectorBackendCommands.js:
Versions/Inspector-iOS-13.0.json:

LayoutTests:

inspector/debugger/evaluateOnCallFrame-emulateUserGesture.html: Added.
inspector/debugger/evaluateOnCallFrame-emulateUserGesture-expected.txt: Added.
inspector/debugger/evaluateOnCallFrame-emulateUserGesture-userIsInteracting.html: Added.
inspector/debugger/evaluateOnCallFrame-emulateUserGesture-userIsInteracting-expected.txt: Added.
TestExpectations:
platform/wk2/TestExpectations:

inspector/runtime/evaluate-emulateUserGesture.html: Added.
inspector/runtime/evaluate-emulateUserGesture-expected.txt: Added.
inspector/runtime/evaluate-emulateUserGesture-userIsInteracting.html: Added.
inspector/runtime/evaluate-emulateUserGesture-userIsInteracting-expected.txt: Added.
inspector/runtime/evaluate-userGestureEmulation.html: Deleted.
inspector/runtime/evaluate-userGestureEmulation-expected.txt: Deleted.
inspector/runtime/evaluate-userGestureEmulation-userIsInteracting.html: Deleted.
inspector/runtime/evaluate-userGestureEmulation-userIsInteracting-expected.txt: Deleted.

Rename tests from "userGestureEmulation" to "emulateUserGesture" to match the parameter.

10:17 PM Changeset in webkit [248096] by sbarati@apple.com

4 edits in trunk/Source/WebCore

[WHLSL] Replace memsetZero function with inline "= { }" code
https://bugs.webkit.org/show_bug.cgi?id=200328

Reviewed by Robin Morisset.

This is a ~20ms metal compile time improvement on compute_boids.

Modules/webgpu/WHLSL/Metal/WHLSLFunctionWriter.cpp:

(WebCore::WHLSL::Metal::FunctionDefinitionWriter::FunctionDefinitionWriter):
(WebCore::WHLSL::Metal::FunctionDefinitionWriter::visit):

Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp:

(WebCore::WHLSL::Metal::writeNativeFunction):

Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.h:

9:24 PM Changeset in webkit [248095] by aestes@apple.com

6 edits
1 move in trunk

REGRESSION (r240942): first visually non-empty layout milestone is not reached in media documents until after the video finishes loading
https://bugs.webkit.org/show_bug.cgi?id=200293
<rdar://problem/52937749>

Reviewed by Alex Christensen.

Source/WebCore:

r240942 changed FrameView::qualifiesAsVisuallyNonEmpty() to consider only documents in the
Interactive or Complete ready states as "finished parsing". Documents considered finished
parsing can qualify as visually non-empty even without exceeding the visual character or
pixel thresholds, but documents considered not finished must first exceed one of these
thresholds in order to qualify as visually non-empty.

HTMLDocuments are placed in the Interactive ready state by their HTMLDocumentParsers.
However, HTMLDocument subclasses like ImageDocument and MediaDocument use their own custom
parsers that never set the Interactive ready state on their documents; these documents go
from Loading directly to Complete.

In order for these HTMLDocument subclasses to be considered visually non-empty before they
finish loading they must render something that exceeds the visual character or pixel
thresholds. For image documents, rendering the image is usually enough to cross the
threshold, but for media documents the visual pixel threshold was never crossed because
videos did not contribute to the visually non-empty pixel count.

As a result, media documents are not considered visually non-empty until the main resource
finishes loading. On iOS this means that the layer tree remains frozen until this point,
even though the media might have started autoplaying with audio long before it finished
loading.

Fix this by teaching RenderVideo to contribute the video player's size to FrameView's
visually non-empty pixel count once the video player has loaded enough data to determine its
intrinsic size. Videos that render more than 1024 pixels will qualify a media document as
visually non-empty even when it is still loading its main resource.

Added a new API test.

rendering/RenderImage.cpp:

(WebCore::RenderImage::imageChanged):
(WebCore::RenderImage::incrementVisuallyNonEmptyPixelCountIfNeeded):

rendering/RenderImage.h:
rendering/RenderVideo.cpp:

(WebCore::RenderVideo::updateIntrinsicSize):

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKitCocoa/FirstVisuallyNonEmptyMilestone.mm: Renamed from Tools/TestWebKitAPI/Tests/WebKit/FirstVisuallyNonEmptyMilestoneWithDeferredScript.mm.

(-[FirstPaintMessageHandler userContentController:didReceiveScriptMessage:]):
(-[RenderingProgressNavigationDelegate _webView:renderingProgressDidChange:]):
(-[RenderingProgressNavigationDelegate webView:didFinishNavigation:]):
(TEST):

9:24 PM Changeset in webkit [248094] by Devin Rousso

3 edits in trunk/Source/WebInspectorUI

Web Inspector: Uncaught Exception: TypeError: null is not an object (evaluating 'issueMessage.sourceCodeLocation.sourceCode')
https://bugs.webkit.org/show_bug.cgi?id=200296

Reviewed by Joseph Pecoraro.

When fetching all WI.IssueMessages for a given WI.SourceCode, the WI.IssueMessage may
be associated in a different way (e.g. by url, instead of WI.SourceCodeLocation). As such,
we should pass the WI.SourceCode along, and use it when adding the WI.IssueTreeElement.

UserInterface/Views/DebuggerSidebarPanel.js:

(WI.DebuggerSidebarPanel.prototype._addIssuesForSourceCode):
(WI.DebuggerSidebarPanel.prototype._addIssue):

UserInterface/Views/SourcesNavigationSidebarPanel.js:

(WI.SourcesNavigationSidebarPanel.prototype._addIssue):
(WI.SourcesNavigationSidebarPanel.prototype._addIssuesForSourceCode):

6:23 PM Changeset in webkit [248093] by Alan Coon

4 edits
2 adds in branches/safari-608-branch

Cherry-pick r248080. rdar://problem/53788956

[ContentChangeObserver] twitch.tv video controls do not always respond to taps in fullscreen
https://bugs.webkit.org/show_bug.cgi?id=200309
<rdar://problem/52964977>

Reviewed by Simon Fraser.

Source/WebCore:

Do not consider an element visible if it is not a descendant of the active fullscreen element.

This patch fixes the cases when the user taps on a button in fullscreen mode while the non-fullscreen content is being mutated and
the ContentChangeObserver mistakenly registers it as a valid, actionable change and as a result we don't fire the click event (stay at hover).

Test: fast/events/touch/ios/content-observation/non-visible-content-change-in-fullscreen-mode.html

page/ios/ContentChangeObserver.cpp: (WebCore::fullscreenElement): (WebCore::ContentChangeObserver::isVisuallyHidden):

LayoutTests:

fast/events/touch/ios/content-observation/non-visible-content-change-in-fullscreen-mode-expected.txt: Added.
fast/events/touch/ios/content-observation/non-visible-content-change-in-fullscreen-mode.html: Added.
platform/ios/TestExpectations: Fullscreen API is not yet enabled on iOS.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248080 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:23 PM Changeset in webkit [248092] by Alan Coon

2 edits in branches/safari-608-branch/Source/WebCore

Cherry-pick r248079. rdar://problem/53788988

[iPadOS] Enable simulated mouse events on iqiyi.com to fix the video controls
https://bugs.webkit.org/show_bug.cgi?id=200322
rdar://problem/53235709

Reviewed by Wenson Hsieh.

iqiyi.com needs to get mouseMove events for dragging the video scrubber to work.

page/Quirks.cpp: (WebCore::Quirks::shouldDispatchSimulatedMouseEvents const):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248079 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:23 PM Changeset in webkit [248091] by Alan Coon

9 edits in branches/safari-608-branch

Cherry-pick r248071. rdar://problem/53789003

Use CTFontCreateForCharactersWithLanguageAndOption if available instead of CTFontCreateForCharactersWithLanguage
https://bugs.webkit.org/show_bug.cgi?id=200241

Source/WebCore:

Reviewed by Myles C. Maxfield.

We can use CTFontCreateForCharactersWithLanguageAndOption instead of CTFontCreateForCharactersWithLanguage
as it allows setting more easily the fallback option.
This allows us to never fallback to user installed fonts.
In such a case, we no longer need to wrap the fonts to change the fallback option.
We also prewarm the fonts with the same SPI and use system fallback as the default value.

Covered by existing tests.

platform/graphics/cocoa/FontCacheCoreText.cpp: (WebCore::preparePlatformFont): (WebCore::lookupFallbackFont): (WebCore::FontCache::systemFallbackForCharacters): (WebCore::FontCache::prewarm): (WebCore::fontFamiliesForPrewarming):

Source/WebCore/PAL:

Reviewed by Myles C. Maxfield.

Add new SPI.

pal/spi/cocoa/CoreTextSPI.h:

Source/WTF:

Reviewed by Myles C. Maxfield.

wtf/Platform.h: Add macro to enable/disable new SPI.

LayoutTests:

We update the tests to flush font caches as otherwise some debug asserts would be hit.
This is due to changing the user installed font runtime flag while browsing which is not a typical situation.

Reviewed by Myles C. Maxfield.

fast/text/user-installed-fonts/extended-character-with-user-font.html:
fast/text/user-installed-fonts/extended-character.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248071 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:23 PM Changeset in webkit [248090] by Alan Coon

15 edits in branches/safari-608-branch

Cherry-pick r248046. rdar://problem/53788952

Owners of MultiChannelResampler should make sure that the output bus given to it has the same number of channels
https://bugs.webkit.org/show_bug.cgi?id=200248
<rdar://problem/53411051>

Reviewed by Eric Carlson.

Source/WebCore:

When a track's number of channels changes, MediaStreamAudioSourceNode is expected
to update its MultiChannelResampler and its output number of channels.
MultiChannelResampler expects to have the same number of channels as the output
but it is not always the case since the channel numbers are changed in different threads
and locks do not help there.

Instead, whenever detecting that the number of channels do not match, render silence
and wait for the next rendering where the number of channels should again match.

Add internals API to change the number of channels from 2 to 1 or 1 to 2
to allow testing that code path (iOS only as MacOS audio capture is in UIProcess).
Covered by updated test.

Modules/webaudio/MediaElementAudioSourceNode.cpp: (WebCore::MediaElementAudioSourceNode::process):
Modules/webaudio/MediaStreamAudioSourceNode.cpp: (WebCore::MediaStreamAudioSourceNode::process):
platform/audio/MultiChannelResampler.cpp: (WebCore::MultiChannelResampler::process):
platform/mediastream/RealtimeMediaSource.h:
platform/mediastream/mac/MockRealtimeAudioSourceMac.mm: (WebCore::MockRealtimeAudioSourceMac::reconfigure):
platform/mock/MockRealtimeAudioSource.cpp: (WebCore::MockRealtimeAudioSource::setChannelCount):
platform/mock/MockRealtimeAudioSource.h: (isType):
platform/mock/MockRealtimeVideoSource.h:
testing/Internals.cpp: (WebCore::Internals::setMockAudioTrackChannelNumber):
testing/Internals.h:
testing/Internals.idl:

LayoutTests:

fast/mediastream/getUserMedia-webaudio-expected.txt:
fast/mediastream/getUserMedia-webaudio.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248046 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:22 PM Changeset in webkit [248089] by Alan Coon

5 edits in branches/safari-608-branch

Cherry-pick r248039. rdar://problem/53788996

[iOS 13] Safari crashes when closing a tab with a focused element if the unified field has focus
https://bugs.webkit.org/show_bug.cgi?id=200291
<rdar://problem/53717946>

Reviewed by Megan Gardner.

Source/WebKit:

Makes -requestAutocorrectionContextWithCompletionHandler: robust in the case where the web page has been closed,
and there is no Connection object to use when waiting for a sync IPC response.

Test: AutocorrectionTests.RequestAutocorrectionContextAfterClosingPage

UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView requestAutocorrectionContextWithCompletionHandler:]):

Tools:

Add an API test to exercise the scenario of synchronously requesting the autocorrection context immediately
after closing the web view, while the web view's content view isn't the first responder.

TestWebKitAPI/Tests/ios/AutocorrectionTestsIOS.mm:
TestWebKitAPI/ios/UIKitSPI.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248039 268f45cc-cd09-0410-ab3c-d52691b4dbfc

6:17 PM Changeset in webkit [248088] by aakash_jain@apple.com

5 edits in trunk/Tools

[ews-build] Enable all macOS queues on new EWS
https://bugs.webkit.org/show_bug.cgi?id=199944

Reviewed by Jonathan Bedard.

BuildSlaveSupport/ews-build/config.json: Enabled the triggers for macOS queues.
BuildSlaveSupport/ews-app/ews/views/statusbubble.py:

(StatusBubble): Enabled status-bubbles for mac queues, separated builders and testers bubbles in separate lines. Also
removed mac-32bit and mac-32bit-wk2 bubbles, these queues were removed from Buildbot configuration previously.

BuildSlaveSupport/build.webkit.org-config/public_html/dashboard/Scripts/BubbleQueueServer.js: Removed mac queues from bot-watcher's dashboard.
QueueStatusServer/config/queues.py: Removed mac queues from old EWS.

6:01 PM Changeset in webkit [248087] by achristensen@apple.com

3 edits
9 adds
1 delete in trunk/Source/JavaScriptCore

Split testb3 into multiple files
https://bugs.webkit.org/show_bug.cgi?id=200326

Reviewed by Keith Miller.

JavaScriptCore.xcodeproj/project.pbxproj:
b3/testb3.cpp: Removed.
b3/testb3.h: Added.

(hiddenTruthBecauseNoReturnIsStupid):
(usage):
(shouldBeVerbose):
(compileProc):
(invoke):
(compileAndRun):
(lowerToAirForTesting):
(checkDisassembly):
(checkUsesInstruction):
(checkDoesNotUseInstruction):
(populateWithInterestingValues):
(floatingPointOperands):
(int64Operands):
(int32Operands):
(add32):
(modelLoad):
(float>):
(double>):

b3/testb3_1.cpp: Added.

(zero):
(negativeZero):
(shouldRun):
(testRotR):
(testRotL):
(testRotRWithImmShift):
(testRotLWithImmShift):
(testComputeDivisionMagic):
(run):
(main):
(dllLauncherEntryPoint):

b3/testb3_2.cpp: Added.

(test42):
(testLoad42):
(testLoadAcq42):
(testLoadWithOffsetImpl):
(testLoadOffsetImm9Max):
(testLoadOffsetImm9MaxPlusOne):
(testLoadOffsetImm9MaxPlusTwo):
(testLoadOffsetImm9Min):
(testLoadOffsetImm9MinMinusOne):
(testLoadOffsetScaledUnsignedImm12Max):
(testLoadOffsetScaledUnsignedOverImm12Max):
(testBitXorTreeArgs):
(testBitXorTreeArgsEven):
(testBitXorTreeArgImm):
(testAddTreeArg32):
(testMulTreeArg32):
(testBitAndTreeArg32):
(testBitOrTreeArg32):
(testArg):
(testReturnConst64):
(testReturnVoid):
(testAddArg):
(testAddArgs):
(testAddArgImm):
(testAddImmArg):
(testAddArgMem):
(testAddMemArg):
(testAddImmMem):
(testAddArg32):
(testAddArgs32):
(testAddArgMem32):
(testAddMemArg32):
(testAddImmMem32):
(testAddNeg1):
(testAddNeg2):
(testAddArgZeroImmZDef):
(testAddLoadTwice):
(testAddArgDouble):
(testAddArgsDouble):
(testAddArgImmDouble):
(testAddImmArgDouble):
(testAddImmsDouble):
(testAddArgFloat):
(testAddArgsFloat):
(testAddFPRArgsFloat):
(testAddArgImmFloat):
(testAddImmArgFloat):
(testAddImmsFloat):
(testAddArgFloatWithUselessDoubleConversion):
(testAddArgsFloatWithUselessDoubleConversion):
(testAddArgsFloatWithEffectfulDoubleConversion):
(testAddMulMulArgs):
(testMulArg):
(testMulArgStore):
(testMulAddArg):
(testMulArgs):
(testMulArgNegArg):
(testMulNegArgArg):
(testMulArgImm):
(testMulImmArg):
(testMulArgs32):
(testMulArgs32SignExtend):
(testMulImm32SignExtend):
(testMulLoadTwice):
(testMulAddArgsLeft):
(testMulAddArgsRight):
(testMulAddArgsLeft32):
(testMulAddArgsRight32):
(testMulSubArgsLeft):
(testMulSubArgsRight):
(testMulSubArgsLeft32):
(testMulSubArgsRight32):
(testMulNegArgs):
(testMulNegArgs32):
(testMulArgDouble):
(testMulArgsDouble):
(testMulArgImmDouble):
(testMulImmArgDouble):
(testMulImmsDouble):
(testMulArgFloat):
(testMulArgsFloat):
(testMulArgImmFloat):
(testMulImmArgFloat):
(testMulImmsFloat):
(testMulArgFloatWithUselessDoubleConversion):
(testMulArgsFloatWithUselessDoubleConversion):
(testMulArgsFloatWithEffectfulDoubleConversion):
(testDivArgDouble):
(testDivArgsDouble):
(testDivArgImmDouble):
(testDivImmArgDouble):
(testDivImmsDouble):
(testDivArgFloat):
(testDivArgsFloat):
(testDivArgImmFloat):
(testDivImmArgFloat):
(testDivImmsFloat):
(testModArgDouble):
(testModArgsDouble):
(testModArgImmDouble):
(testModImmArgDouble):
(testModImmsDouble):
(testModArgFloat):
(testModArgsFloat):
(testModArgImmFloat):
(testModImmArgFloat):
(testModImmsFloat):
(testDivArgFloatWithUselessDoubleConversion):
(testDivArgsFloatWithUselessDoubleConversion):
(testDivArgsFloatWithEffectfulDoubleConversion):
(testUDivArgsInt32):
(testUDivArgsInt64):
(testUModArgsInt32):
(testUModArgsInt64):
(testSubArg):
(testSubArgs):
(testSubArgImm):
(testSubNeg):
(testNegSub):
(testNegValueSubOne):
(testSubSub):
(testSubSub2):
(testSubAdd):
(testSubFirstNeg):
(testSubImmArg):
(testSubArgMem):
(testSubMemArg):
(testSubImmMem):
(testSubMemImm):
(testSubArgs32):
(testSubArgImm32):
(testSubImmArg32):
(testSubMemArg32):
(testSubArgMem32):
(testSubImmMem32):
(testSubMemImm32):
(testNegValueSubOne32):
(testNegMulArgImm):
(testSubMulMulArgs):
(testSubArgDouble):
(testSubArgsDouble):
(testSubArgImmDouble):
(testSubImmArgDouble):
(testSubImmsDouble):
(testSubArgFloat):
(testSubArgsFloat):
(testSubArgImmFloat):
(testSubImmArgFloat):
(testSubImmsFloat):
(testSubArgFloatWithUselessDoubleConversion):
(testSubArgsFloatWithUselessDoubleConversion):
(testSubArgsFloatWithEffectfulDoubleConversion):
(testTernarySubInstructionSelection):
(testNegDouble):
(testNegFloat):
(testNegFloatWithUselessDoubleConversion):
(testBitAndArgs):
(testBitAndSameArg):
(testBitAndNotNot):
(testBitAndNotImm):
(testBitAndImms):
(testBitAndArgImm):
(testBitAndImmArg):
(testBitAndBitAndArgImmImm):
(testBitAndImmBitAndArgImm):
(testBitAndArgs32):
(testBitAndSameArg32):
(testBitAndImms32):
(testBitAndArgImm32):
(testBitAndImmArg32):
(testBitAndBitAndArgImmImm32):
(testBitAndImmBitAndArgImm32):
(testBitAndWithMaskReturnsBooleans):
(bitAndDouble):
(testBitAndArgDouble):
(testBitAndArgsDouble):
(testBitAndArgImmDouble):
(testBitAndImmsDouble):
(bitAndFloat):
(testBitAndArgFloat):
(testBitAndArgsFloat):
(testBitAndArgImmFloat):
(testBitAndImmsFloat):
(testBitAndArgsFloatWithUselessDoubleConversion):
(testBitOrArgs):
(testBitOrSameArg):
(testBitOrAndAndArgs):
(testBitOrAndSameArgs):
(testBitOrNotNot):
(testBitOrNotImm):
(testBitOrImms):
(testBitOrArgImm):
(testBitOrImmArg):
(testBitOrBitOrArgImmImm):
(testBitOrImmBitOrArgImm):
(testBitOrArgs32):
(testBitOrSameArg32):
(testBitOrImms32):
(testBitOrArgImm32):
(testBitOrImmArg32):

b3/testb3_3.cpp: Added.

(testBitOrBitOrArgImmImm32):
(testBitOrImmBitOrArgImm32):
(bitOrDouble):
(testBitOrArgDouble):
(testBitOrArgsDouble):
(testBitOrArgImmDouble):
(testBitOrImmsDouble):
(bitOrFloat):
(testBitOrArgFloat):
(testBitOrArgsFloat):
(testBitOrArgImmFloat):
(testBitOrImmsFloat):
(testBitOrArgsFloatWithUselessDoubleConversion):
(testBitXorArgs):
(testBitXorSameArg):
(testBitXorAndAndArgs):
(testBitXorAndSameArgs):
(testBitXorImms):
(testBitXorArgImm):
(testBitXorImmArg):
(testBitXorBitXorArgImmImm):
(testBitXorImmBitXorArgImm):
(testBitXorArgs32):
(testBitXorSameArg32):
(testBitXorImms32):
(testBitXorArgImm32):
(testBitXorImmArg32):
(testBitXorBitXorArgImmImm32):
(testBitXorImmBitXorArgImm32):
(testBitNotArg):
(testBitNotImm):
(testBitNotMem):
(testBitNotArg32):
(testBitNotImm32):
(testBitNotMem32):
(testNotOnBooleanAndBranch32):
(testBitNotOnBooleanAndBranch32):
(testShlArgs):
(testShlImms):
(testShlArgImm):
(testShlSShrArgImm):
(testShlArg32):
(testShlArgs32):
(testShlImms32):
(testShlArgImm32):
(testShlZShrArgImm32):
(testSShrArgs):
(testSShrImms):
(testSShrArgImm):
(testSShrArg32):
(testSShrArgs32):
(testSShrImms32):
(testSShrArgImm32):
(testZShrArgs):
(testZShrImms):
(testZShrArgImm):
(testZShrArg32):
(testZShrArgs32):
(testZShrImms32):
(testZShrArgImm32):
(countLeadingZero):
(testClzArg64):
(testClzMem64):
(testClzArg32):
(testClzMem32):
(testAbsArg):
(testAbsImm):
(testAbsMem):
(testAbsAbsArg):
(testAbsNegArg):
(testAbsBitwiseCastArg):
(testBitwiseCastAbsBitwiseCastArg):
(testAbsArgWithUselessDoubleConversion):
(testAbsArgWithEffectfulDoubleConversion):
(testCeilArg):
(testCeilImm):
(testCeilMem):
(testCeilCeilArg):
(testFloorCeilArg):
(testCeilIToD64):
(testCeilIToD32):
(testCeilArgWithUselessDoubleConversion):
(testCeilArgWithEffectfulDoubleConversion):
(testFloorArg):
(testFloorImm):
(testFloorMem):
(testFloorFloorArg):
(testCeilFloorArg):
(testFloorIToD64):
(testFloorIToD32):
(testFloorArgWithUselessDoubleConversion):
(testFloorArgWithEffectfulDoubleConversion):
(correctSqrt):
(testSqrtArg):
(testSqrtImm):
(testSqrtMem):
(testSqrtArgWithUselessDoubleConversion):
(testSqrtArgWithEffectfulDoubleConversion):
(testCompareTwoFloatToDouble):
(testCompareOneFloatToDouble):
(testCompareFloatToDoubleThroughPhi):
(testDoubleToFloatThroughPhi):
(testReduceFloatToDoubleValidates):
(testDoubleProducerPhiToFloatConversion):
(testDoubleProducerPhiToFloatConversionWithDoubleConsumer):
(testDoubleProducerPhiWithNonFloatConst):
(testDoubleArgToInt64BitwiseCast):
(testDoubleImmToInt64BitwiseCast):
(testTwoBitwiseCastOnDouble):
(testBitwiseCastOnDoubleInMemory):
(testBitwiseCastOnDoubleInMemoryIndexed):
(testInt64BArgToDoubleBitwiseCast):
(testInt64BImmToDoubleBitwiseCast):
(testTwoBitwiseCastOnInt64):
(testBitwiseCastOnInt64InMemory):
(testBitwiseCastOnInt64InMemoryIndexed):
(testFloatImmToInt32BitwiseCast):
(testBitwiseCastOnFloatInMemory):
(testInt32BArgToFloatBitwiseCast):
(testInt32BImmToFloatBitwiseCast):
(testTwoBitwiseCastOnInt32):
(testBitwiseCastOnInt32InMemory):
(testConvertDoubleToFloatArg):
(testConvertDoubleToFloatImm):
(testConvertDoubleToFloatMem):
(testConvertFloatToDoubleArg):
(testConvertFloatToDoubleImm):
(testConvertFloatToDoubleMem):
(testConvertDoubleToFloatToDoubleToFloat):
(testLoadFloatConvertDoubleConvertFloatStoreFloat):
(testFroundArg):
(testFroundMem):
(testIToD64Arg):
(testIToF64Arg):
(testIToD32Arg):
(testIToF32Arg):
(testIToD64Mem):
(testIToF64Mem):
(testIToD32Mem):
(testIToF32Mem):
(testIToD64Imm):
(testIToF64Imm):
(testIToD32Imm):
(testIToF32Imm):
(testIToDReducedToIToF64Arg):
(testIToDReducedToIToF32Arg):
(testStore32):
(testStoreConstant):
(testStoreConstantPtr):
(testStore8Arg):
(testStore8Imm):
(testStorePartial8BitRegisterOnX86):
(testStore16Arg):
(testStore16Imm):
(testTrunc):
(testAdd1):
(testAdd1Ptr):
(testNeg32):
(testNegPtr):
(testStoreAddLoad32):

b3/testb3_4.cpp: Added.

(testStoreRelAddLoadAcq32):
(testStoreAddLoadImm32):
(testStoreAddLoad8):
(testStoreRelAddLoadAcq8):
(testStoreRelAddFenceLoadAcq8):
(testStoreAddLoadImm8):
(testStoreAddLoad16):
(testStoreRelAddLoadAcq16):
(testStoreAddLoadImm16):
(testStoreAddLoad64):
(testStoreRelAddLoadAcq64):
(testStoreAddLoadImm64):
(testStoreAddLoad32Index):
(testStoreAddLoadImm32Index):
(testStoreAddLoad8Index):
(testStoreAddLoadImm8Index):
(testStoreAddLoad16Index):
(testStoreAddLoadImm16Index):
(testStoreAddLoad64Index):
(testStoreAddLoadImm64Index):
(testStoreSubLoad):
(testStoreAddLoadInterference):
(testStoreAddAndLoad):
(testStoreNegLoad32):
(testStoreNegLoadPtr):
(testAdd1Uncommuted):
(testLoadOffset):
(testLoadOffsetNotConstant):
(testLoadOffsetUsingAdd):
(testLoadOffsetUsingAddInterference):
(testLoadOffsetUsingAddNotConstant):
(testLoadAddrShift):
(testFramePointer):
(testOverrideFramePointer):
(testStackSlot):
(testLoadFromFramePointer):
(testStoreLoadStackSlot):
(testStoreFloat):
(testStoreDoubleConstantAsFloat):
(testSpillGP):
(testSpillFP):
(testInt32ToDoublePartialRegisterStall):
(testInt32ToDoublePartialRegisterWithoutStall):
(testBranch):
(testBranchPtr):
(testDiamond):
(testBranchNotEqual):
(testBranchNotEqualCommute):
(testBranchNotEqualNotEqual):
(testBranchEqual):
(testBranchEqualEqual):
(testBranchEqualCommute):
(testBranchEqualEqual1):
(testBranchEqualOrUnorderedArgs):
(testBranchNotEqualAndOrderedArgs):
(testBranchEqualOrUnorderedDoubleArgImm):
(testBranchEqualOrUnorderedFloatArgImm):
(testBranchEqualOrUnorderedDoubleImms):
(testBranchEqualOrUnorderedFloatImms):
(testBranchEqualOrUnorderedFloatWithUselessDoubleConversion):
(testBranchFold):
(testDiamondFold):
(testBranchNotEqualFoldPtr):
(testBranchEqualFoldPtr):
(testBranchLoadPtr):
(testBranchLoad32):
(testBranchLoad8S):
(testBranchLoad8Z):
(testBranchLoad16S):
(testBranchLoad16Z):
(testBranch8WithLoad8ZIndex):
(testComplex):
(testBranchBitTest32TmpImm):
(testBranchBitTest32AddrImm):
(testBranchBitTest32TmpTmp):
(testBranchBitTest64TmpTmp):
(testBranchBitTest64AddrTmp):
(testBranchBitTestNegation):
(testBranchBitTestNegation2):
(testSimplePatchpoint):
(testSimplePatchpointWithoutOuputClobbersGPArgs):
(testSimplePatchpointWithOuputClobbersGPArgs):
(testSimplePatchpointWithoutOuputClobbersFPArgs):
(testSimplePatchpointWithOuputClobbersFPArgs):
(testPatchpointWithEarlyClobber):
(testPatchpointCallArg):
(testPatchpointFixedRegister):
(testPatchpointAny):
(testPatchpointGPScratch):
(testPatchpointFPScratch):
(testPatchpointLotsOfLateAnys):
(testPatchpointAnyImm):

b3/testb3_5.cpp: Added.

(testPatchpointManyImms):
(testPatchpointWithRegisterResult):
(testPatchpointWithStackArgumentResult):
(testPatchpointWithAnyResult):
(testSimpleCheck):
(testCheckFalse):
(testCheckTrue):
(testCheckLessThan):
(testCheckMegaCombo):
(testCheckTrickyMegaCombo):
(testCheckTwoMegaCombos):
(testCheckTwoNonRedundantMegaCombos):
(testCheckAddImm):
(testCheckAddImmCommute):
(testCheckAddImmSomeRegister):
(testCheckAdd):
(testCheckAdd64):
(testCheckAddFold):
(testCheckAddFoldFail):
(testCheckAddArgumentAliasing64):
(testCheckAddArgumentAliasing32):
(testCheckAddSelfOverflow64):
(testCheckAddSelfOverflow32):
(testCheckSubImm):
(testCheckSubBadImm):
(testCheckSub):
(doubleSub):
(testCheckSub64):
(testCheckSubFold):
(testCheckSubFoldFail):
(testCheckNeg):
(testCheckNeg64):
(testCheckMul):
(testCheckMulMemory):
(testCheckMul2):
(testCheckMul64):
(testCheckMulFold):
(testCheckMulFoldFail):
(testCheckMulArgumentAliasing64):
(testCheckMulArgumentAliasing32):
(testCheckMul64SShr):
(genericTestCompare):
(modelCompare):
(testCompareLoad):
(testCompareImpl):
(testCompare):
(testEqualDouble):
(simpleFunction):
(testCallSimple):
(testCallRare):
(testCallRareLive):
(testCallSimplePure):
(functionWithHellaArguments):
(testCallFunctionWithHellaArguments):
(functionWithHellaArguments2):
(testCallFunctionWithHellaArguments2):
(functionWithHellaArguments3):
(testCallFunctionWithHellaArguments3):
(testReturnDouble):
(testReturnFloat):
(simpleFunctionDouble):
(testCallSimpleDouble):
(simpleFunctionFloat):
(testCallSimpleFloat):
(functionWithHellaDoubleArguments):
(testCallFunctionWithHellaDoubleArguments):
(functionWithHellaFloatArguments):
(testCallFunctionWithHellaFloatArguments):
(testLinearScanWithCalleeOnStack):
(testChillDiv):
(testChillDivTwice):
(testChillDiv64):
(testModArg):
(testModArgs):
(testModImms):
(testModArg32):
(testModArgs32):
(testModImms32):
(testChillModArg):
(testChillModArgs):
(testChillModImms):
(testChillModArg32):
(testChillModArgs32):
(testChillModImms32):
(testLoopWithMultipleHeaderEdges):
(testSwitch):
(testSwitchSameCaseAsDefault):
(testSwitchChillDiv):
(testSwitchTargettingSameBlock):
(testSwitchTargettingSameBlockFoldPathConstant):
(testTruncFold):
(testZExt32):
(testZExt32Fold):
(testSExt32):
(testSExt32Fold):
(testTruncZExt32):
(testTruncSExt32):
(testSExt8):
(testSExt8Fold):
(testSExt8SExt8):
(testSExt8SExt16):
(testSExt8BitAnd):
(testBitAndSExt8):
(testSExt16):
(testSExt16Fold):
(testSExt16SExt16):
(testSExt16SExt8):
(testSExt16BitAnd):
(testBitAndSExt16):
(testSExt32BitAnd):

b3/testb3_6.cpp: Added.

(testBitAndSExt32):
(testBasicSelect):
(testSelectTest):
(testSelectCompareDouble):
(testSelectCompareFloat):
(testSelectCompareFloatToDouble):
(testSelectDouble):
(testSelectDoubleTest):
(testSelectDoubleCompareDouble):
(testSelectDoubleCompareFloat):
(testSelectFloatCompareFloat):
(testSelectDoubleCompareDoubleWithAliasing):
(testSelectFloatCompareFloatWithAliasing):
(testSelectFold):
(testSelectInvert):
(testCheckSelect):
(testCheckSelectCheckSelect):
(testCheckSelectAndCSE):
(b3Pow):
(testPowDoubleByIntegerLoop):
(testTruncOrHigh):
(testTruncOrLow):
(testBitAndOrHigh):
(testBitAndOrLow):
(testBranch64Equal):
(testBranch64EqualImm):
(testBranch64EqualMem):
(testBranch64EqualMemImm):
(testStore8Load8Z):
(testStore16Load16Z):
(testSShrShl32):
(testSShrShl64):
(testTrivialInfiniteLoop):
(testFoldPathEqual):
(testLShiftSelf32):
(testRShiftSelf32):
(testURShiftSelf32):
(testLShiftSelf64):
(testRShiftSelf64):
(testURShiftSelf64):
(testPatchpointDoubleRegs):
(testSpillDefSmallerThanUse):
(testSpillUseLargerThanDef):
(testLateRegister):
(interpreterPrint):
(testInterpreter):
(testReduceStrengthCheckBottomUseInAnotherBlock):
(testResetReachabilityDanglingReference):
(testEntrySwitchSimple):
(testEntrySwitchNoEntrySwitch):
(testEntrySwitchWithCommonPaths):
(testEntrySwitchWithCommonPathsAndNonTrivialEntrypoint):
(testEntrySwitchLoop):
(testSomeEarlyRegister):
(testBranchBitAndImmFusion):
(testTerminalPatchpointThatNeedsToBeSpilled):
(testTerminalPatchpointThatNeedsToBeSpilled2):
(testPatchpointTerminalReturnValue):
(testMemoryFence):
(testStoreFence):
(testLoadFence):
(testTrappingLoad):
(testTrappingStore):
(testTrappingLoadAddStore):
(testTrappingLoadDCE):
(testTrappingStoreElimination):
(testMoveConstants):
(testPCOriginMapDoesntInsertNops):

b3/testb3_7.cpp: Added.

(testPinRegisters):
(testX86LeaAddAddShlLeft):
(testX86LeaAddAddShlRight):
(testX86LeaAddAdd):
(testX86LeaAddShlRight):
(testX86LeaAddShlLeftScale1):
(testX86LeaAddShlLeftScale2):
(testX86LeaAddShlLeftScale4):
(testX86LeaAddShlLeftScale8):
(testAddShl32):
(testAddShl64):
(testAddShl65):
(testReduceStrengthReassociation):
(testLoadBaseIndexShift2):
(testLoadBaseIndexShift32):
(testOptimizeMaterialization):
(generateLoop):
(makeArrayForLoops):
(generateLoopNotBackwardsDominant):
(oneFunction):
(noOpFunction):
(testLICMPure):
(testLICMPureSideExits):
(testLICMPureWritesPinned):
(testLICMPureWrites):
(testLICMReadsLocalState):
(testLICMReadsPinned):
(testLICMReads):
(testLICMPureNotBackwardsDominant):
(testLICMPureFoiledByChild):
(testLICMPureNotBackwardsDominantFoiledByChild):
(testLICMExitsSideways):
(testLICMWritesLocalState):
(testLICMWrites):
(testLICMFence):
(testLICMWritesPinned):
(testLICMControlDependent):
(testLICMControlDependentNotBackwardsDominant):
(testLICMControlDependentSideExits):
(testLICMReadsPinnedWritesPinned):
(testLICMReadsWritesDifferentHeaps):
(testLICMReadsWritesOverlappingHeaps):
(testLICMDefaultCall):
(testDepend32):
(testDepend64):
(testWasmBoundsCheck):
(testWasmAddress):
(testFastTLSLoad):
(testFastTLSStore):
(doubleEq):
(doubleNeq):
(doubleGt):
(doubleGte):
(doubleLt):
(doubleLte):
(testDoubleLiteralComparison):
(testFloatEqualOrUnorderedFolding):
(testFloatEqualOrUnorderedFoldingNaN):
(testFloatEqualOrUnorderedDontFold):
(functionNineArgs):
(testShuffleDoesntTrashCalleeSaves):
(testDemotePatchpointTerminal):
(testReportUsedRegistersLateUseFollowedByEarlyDefDoesNotMarkUseAsDead):
(testInfiniteLoopDoesntCauseBadHoisting):

b3/testb3_8.cpp: Added.

(testAtomicWeakCAS):
(testAtomicStrongCAS):
(testAtomicXchg):
(addAtomicTests):
(testLoad):
(addLoadTests):

5:18 PM Changeset in webkit [248086] by Alan Coon

2 edits in branches/safari-608-branch/Source/WebKit

Cherry-pick r247700. rdar://problem/53456055

WebKit SPI fix for [ClickyOrb] Audio continues playing after dismissing a video preview in Safari
https://bugs.webkit.org/show_bug.cgi?id=200011
<rdar://problem/53409457>

Reviewed by Tim Horton.

Don't check for the SPI @selector(_webView:contextMenuDidEndForElement:)
on the WKUIDelegate so that clients that got caught implementing the
SPI before moving to the real API can still clean-up state. In other words,
don't force a client that only implements that method to move completely
to the new API.

UIProcess/ios/WKContentViewInteraction.mm: (needsDeprecatedPreviewAPI):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247700 268f45cc-cd09-0410-ab3c-d52691b4dbfc

5:12 PM Changeset in webkit [248085] by dino@apple.com

2 edits in trunk/Source/WebKit

WKImagePreviewViewController not being autoreleased
https://bugs.webkit.org/show_bug.cgi?id=200325
<rdar://problem/53788214>

Reviewed by Wenson Hsieh.

Wenson noticed I wasn't autoreleasing the WKImagePreviewViewController.

UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView continueContextMenuInteraction:]):

5:11 PM Changeset in webkit [248084] by Alan Coon

7 edits in trunk/Source

Versioning.

5:04 PM Changeset in webkit [248083] by sbarati@apple.com

7 edits in trunk/Source/WebCore

[WHLSL] Remove UnnamedType copy/move constructors and mark classes as final
https://bugs.webkit.org/show_bug.cgi?id=200188
<rdar://problem/53628171>

Unreviewed followup.

As Darin pointed out in the bugzilla comments, when defining a copy
constructor in C++ (either deleted or an implementation), the move
constructor is implicitly deleted. This match removes the excessive
use of WTF_MAKE_NONMOVABLE when we're already using WTF_MAKE_NONCOPYABLE.

Modules/webgpu/WHLSL/AST/WHLSLArrayReferenceType.h:
Modules/webgpu/WHLSL/AST/WHLSLArrayType.h:
Modules/webgpu/WHLSL/AST/WHLSLPointerType.h:
Modules/webgpu/WHLSL/AST/WHLSLReferenceType.h:
Modules/webgpu/WHLSL/AST/WHLSLTypeReference.h:
Modules/webgpu/WHLSL/AST/WHLSLUnnamedType.h:

4:34 PM Changeset in webkit [248082] by Ryan Haddad

2 edits in trunk/Tools

Unreviewed test gardening, disable failing test for rdar://51752593.

TestWebKitAPI/Tests/WebKitCocoa/WKAttachmentTests.mm:

4:24 PM Changeset in webkit [248081] by youenn@apple.com

2 edits in trunk/Source/WebCore/PAL

Use CTFontCreateForCharactersWithLanguageAndOption if available instead of CTFontCreateForCharactersWithLanguage
https://bugs.webkit.org/show_bug.cgi?id=200241
<rdar://problem/53495386>

Build fix for older MacOS for which CTFontFallbackOption is not defined.
Unreviewed.

pal/spi/cocoa/CoreTextSPI.h:

4:01 PM Changeset in webkit [248080] by Alan Bujtas

4 edits
2 adds in trunk

[ContentChangeObserver] twitch.tv video controls do not always respond to taps in fullscreen
https://bugs.webkit.org/show_bug.cgi?id=200309
<rdar://problem/52964977>

Reviewed by Simon Fraser.

Source/WebCore:

Do not consider an element visible if it is not a descendant of the active fullscreen element.

This patch fixes the cases when the user taps on a button in fullscreen mode while the non-fullscreen content is being mutated and
the ContentChangeObserver mistakenly registers it as a valid, actionable change and as a result we don't fire the click event (stay at hover).

Test: fast/events/touch/ios/content-observation/non-visible-content-change-in-fullscreen-mode.html

page/ios/ContentChangeObserver.cpp:

(WebCore::fullscreenElement):
(WebCore::ContentChangeObserver::isVisuallyHidden):

LayoutTests:

fast/events/touch/ios/content-observation/non-visible-content-change-in-fullscreen-mode-expected.txt: Added.
fast/events/touch/ios/content-observation/non-visible-content-change-in-fullscreen-mode.html: Added.
platform/ios/TestExpectations: Fullscreen API is not yet enabled on iOS.

3:58 PM Changeset in webkit [248079] by Simon Fraser

2 edits in trunk/Source/WebCore

[iPadOS] Enable simulated mouse events on iqiyi.com to fix the video controls
https://bugs.webkit.org/show_bug.cgi?id=200322
rdar://problem/53235709

Reviewed by Wenson Hsieh.

iqiyi.com needs to get mouseMove events for dragging the video scrubber to work.

page/Quirks.cpp:

(WebCore::Quirks::shouldDispatchSimulatedMouseEvents const):

3:37 PM Changeset in webkit [248078] by sbarati@apple.com

11 edits
2 adds in trunk

[WHLSL Remove char/short/half types
https://bugs.webkit.org/show_bug.cgi?id=200312

Reviewed by Myles C. Maxfield.

Source/WebCore:

This patch removes the char/short/half types from WHLSL. Since it's not
supported by all HW, WebGPU is leaving these types out for now. This is
also a huge speedup, since it halves the size of the standard library.

In the compute_boids demo, WHLSL::prepare goes from running in ~140ms to
running in ~60ms.

Test: webgpu/whlsl/smaller-than-32-bit-types.html

Modules/webgpu/WHLSL/Metal/WHLSLNativeTypeWriter.cpp:

(WebCore::WHLSL::Metal::writeNativeType):

Modules/webgpu/WHLSL/WHLSLIntrinsics.cpp:

(WebCore::WHLSL::Intrinsics::addPrimitive):
(WebCore::WHLSL::Intrinsics::addVector):
(WebCore::WHLSL::Intrinsics::addMatrix):

Modules/webgpu/WHLSL/WHLSLIntrinsics.h:

(WebCore::WHLSL::Intrinsics::WTF_ARRAY_LENGTH):
(WebCore::WHLSL::Intrinsics::ucharType const): Deleted.
(WebCore::WHLSL::Intrinsics::ushortType const): Deleted.
(WebCore::WHLSL::Intrinsics::charType const): Deleted.
(WebCore::WHLSL::Intrinsics::shortType const): Deleted.
(WebCore::WHLSL::Intrinsics::uchar2Type const): Deleted.
(WebCore::WHLSL::Intrinsics::uchar4Type const): Deleted.
(WebCore::WHLSL::Intrinsics::ushort2Type const): Deleted.
(WebCore::WHLSL::Intrinsics::ushort4Type const): Deleted.
(WebCore::WHLSL::Intrinsics::char2Type const): Deleted.
(WebCore::WHLSL::Intrinsics::char4Type const): Deleted.
(WebCore::WHLSL::Intrinsics::short2Type const): Deleted.
(WebCore::WHLSL::Intrinsics::short4Type const): Deleted.

Modules/webgpu/WHLSL/WHLSLPipelineDescriptor.h:
Modules/webgpu/WHLSL/WHLSLSemanticMatcher.cpp:

(WebCore::WHLSL::isAcceptableFormat):

Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt:
platform/graphics/gpu/cocoa/GPURenderPipelineMetal.mm:

(WebCore::convertTextureFormat):

LayoutTests:

webgpu/whlsl/bools.html:
webgpu/whlsl/smaller-than-32-bit-types-expected.txt: Added.
webgpu/whlsl/smaller-than-32-bit-types.html: Added.
webgpu/whlsl/test-harness-test.html:

3:26 PM Changeset in webkit [248077] by youenn@apple.com

2 edits in trunk/Source/ThirdParty/libwebrtc

ObjC RTCCVPixelBuffer should be prefixed to not conflict with other apps
https://bugs.webkit.org/show_bug.cgi?id=200289
<rdar://problem/49554670>

Reviewed by Darin Adler.

Source/webrtc/sdk/objc/components/video_frame_buffer/RTCCVPixelBuffer.h:

3:21 PM Changeset in webkit [248076] by Jonathan Bedard

2 edits in trunk/Tools

results.webkit.og: Timeline in canvas painting with wrong colors, cannot customize scale
https://bugs.webkit.org/show_bug.cgi?id=200318

Reviewed by Aakash Jain.

resultsdbpy/resultsdbpy/view/static/library/js/components/TimelineComponents.js:

(Timeline.CanvasSeriesComponent): Reset draw context between dots.
(Timeline.CanvasXAxisComponent): Use getLabel function.

2:36 PM Changeset in webkit [248075] by commit-queue@webkit.org

2 edits in trunk/Tools

[GTK][WPE] Fix gtkdoc build with "build-webkit --32-bit" on 64-bit hosts
https://bugs.webkit.org/show_bug.cgi?id=200306

Patch by Loïc Yhuel <loic.yhuel@softathome.com> on 2019-07-31
Reviewed by Michael Catanzaro.

gtkdoc-scangobj calls scangobj.py, which only uses LDFLAGS on link (when producing
jsc-glib-4.0-scan for example).

Scripts/webkitdirs.pm:

(generateBuildSystemFromCMakeProject):

2:34 PM Changeset in webkit [248074] by Truitt Savell

2 edits in trunk/LayoutTests

Update test expectations for imported/blink/storage/indexeddb/blob-basics-metadata.html
https://bugs.webkit.org/show_bug.cgi?id=199117

Unreviewed test gardening.

platform/mac-wk1/TestExpectations:

2:25 PM Changeset in webkit [248073] by Alan Coon

1 copy in tags/Safari-609.1.1

Tag Safari-609.1.1.

2:02 PM Changeset in webkit [248072] by Ryan Haddad

2 edits in trunk/Tools

Unreviewed test gardening, disable failing test for rdar://52355829.

TestWebKitAPI/Tests/WebKitCocoa/ContextMenus.mm:

(TEST):

1:59 PM Changeset in webkit [248071] by youenn@apple.com

9 edits in trunk

Use CTFontCreateForCharactersWithLanguageAndOption if available instead of CTFontCreateForCharactersWithLanguage
https://bugs.webkit.org/show_bug.cgi?id=200241

Source/WebCore:

Reviewed by Myles C. Maxfield.

We can use CTFontCreateForCharactersWithLanguageAndOption instead of CTFontCreateForCharactersWithLanguage
as it allows setting more easily the fallback option.
This allows us to never fallback to user installed fonts.
In such a case, we no longer need to wrap the fonts to change the fallback option.
We also prewarm the fonts with the same SPI and use system fallback as the default value.

Covered by existing tests.

platform/graphics/cocoa/FontCacheCoreText.cpp:

(WebCore::preparePlatformFont):
(WebCore::lookupFallbackFont):
(WebCore::FontCache::systemFallbackForCharacters):
(WebCore::FontCache::prewarm):
(WebCore::fontFamiliesForPrewarming):

Source/WebCore/PAL:

Reviewed by Myles C. Maxfield.

Add new SPI.

pal/spi/cocoa/CoreTextSPI.h:

Source/WTF:

Reviewed by Myles C. Maxfield.

wtf/Platform.h: Add macro to enable/disable new SPI.

LayoutTests:

We update the tests to flush font caches as otherwise some debug asserts would be hit.
This is due to changing the user installed font runtime flag while browsing which is not a typical situation.

Reviewed by Myles C. Maxfield.

fast/text/user-installed-fonts/extended-character-with-user-font.html:
fast/text/user-installed-fonts/extended-character.html:

1:56 PM Changeset in webkit [248070] by Alan Coon

2 edits in branches/safari-608-branch/Source/WebKit

Cherry-pick r248038. rdar://problem/53764075

AX: com.apple.WebKit.WebContent at com.apple.WebKit: -[WKAccessibilityWebPageObject accessibilityParameterizedAttributeNames]
https://bugs.webkit.org/show_bug.cgi?id=200277
<rdar://problem/49475009>

Reviewed by Per Arne Vollan.

Verify Page is available before calling into it.

WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm: (-[WKAccessibilityWebPageObject ALLOW_DEPRECATED_IMPLEMENTATIONS_END]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248038 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248069] by Alan Coon

5 edits
1 delete in branches/safari-608-branch

Cherry-pick r248037. rdar://problem/53764079

AX: Re-enable accessibility/set-selected-text-range-after-newline.html test.
https://bugs.webkit.org/show_bug.cgi?id=199431
<rdar://problem/52563340>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-07-31
Reviewed by Chris Fleizach.

Source/WebCore:

Re-enabled LayoutTests/accessibility/set-selected-text-range-after-newline.html.
Put back workaround in visiblePositionForIndexUsingCharacterIterator that is needed for several accessibility issues.
This workaround was rolled back because it was thought the cause of: https://bugs.webkit.org/show_bug.cgi?id=199434 It turned out that the actual cause of that hang was unrelated and was fixed in: https://bugs.webkit.org/show_bug.cgi?id=199845

editing/Editing.cpp: (WebCore::visiblePositionForIndexUsingCharacterIterator):

LayoutTests:

TestExpectations:
accessibility/ios-simulator/set-selected-text-range-after-newline.html: Removed because it was the same as the one in the parent accessibility directory, so enabling it for iOS in ios-wk2/TestExpectations.
platform/ios-wk2/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248037 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248068] by Alan Coon

2 edits in branches/safari-608-branch/Source/WebCore

Cherry-pick r248024. rdar://problem/53764047

WorkerGlobalScope::wrapCryptoKey/unwrapCryptoKey should use local heap objects for replies
https://bugs.webkit.org/show_bug.cgi?id=200179
<rdar://problem/52334658>

Reviewed by Brent Fulgham.

Based on the patch by Jiewen Tan.

WorkerGlobalScope::wrapCryptoKey and WorkerGlobalScope::unwrapCryptoKey had a bug that they could exit
the function before the main thread had finished writing to the result vector passed in to these functions
when the worker's runloop receives MessageQueueTerminated before the main thread finishes writing.

Fixed the bug by creating a new temporary Vector inside a ThreadSafeRefCounted object shared between
the main thread and the worker thread, which extends the lifetime of the Vector until when the worker thread
receives the result or when the main thread finishes writing to the Vector, whichever happens last.

Unfortunately no new tests since there is no reproducible test case, and this crash is highly racy.

workers/WorkerGlobalScope.cpp: (WebCore::CryptoBufferContainer): Added. (WebCore::CryptoBufferContainer::create): Added. (WebCore::CryptoBufferContainer::buffer): Added. (WebCore::WorkerGlobalScope::wrapCryptoKey): (WebCore::WorkerGlobalScope::unwrapCryptoKey):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248024 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248067] by Alan Coon

6 edits in branches/safari-608-branch/Source

Cherry-pick r248018. rdar://problem/53764057

REGRESSION(r241288): Text on Yahoo Japan mobile looks too bold
https://bugs.webkit.org/show_bug.cgi?id=200065
<rdar://problem/50912757>

Reviewed by Simon Fraser.

Source/WebCore:

Before r241288, we were mapping Japanese sans-serif to Hiragino Kaku Gothic ProN, which
has a 300 weight and a 600 weight. However, we can't use that font because it's user-installed,
so in r241288 we switched to using Hiragino Sans, which has a 300 weight, a 600 weight, and an
800 weight. According to the CSS font selection algorithm, sites that request a weight of 700
would get the 800 weight instead of the 600 weight, which caused the text to look too heavy.
Therefore, the apparent visual change is from a weight change from 600 to 800.

In general, this is working as intended. However, text on Yahoo Japan looks too heavy in weight

Instead, this patch adds a quirk specific to Yahoo Japan that overwrites any font requests to give them a weight of 600 instead of 700. This way, the lighter font will be used.

No new tests because quirks cannot be tested.

css/CSSFontSelector.cpp: (WebCore::resolveGenericFamily): (WebCore::CSSFontSelector::fontRangesForFamily):
page/Quirks.cpp: (WebCore::Quirks::shouldLightenJapaneseBoldSansSerif const):
page/Quirks.h:

Source/WTF:

wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248018 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248066] by Alan Coon

3 edits
2 adds in branches/safari-608-branch

Cherry-pick r248015. rdar://problem/53764191

Can't scroll on yummly.co.uk recipe (scale(0) div covers the content and hit-tests)
https://bugs.webkit.org/show_bug.cgi?id=200263
rdar://problem/53679408

Reviewed by Antti Koivisto.

Source/WebKit:

The content on this page had a scale(0) div overlaying an overflow:scroll element,
and our UI-side hit-testing code would find this scale(0) element, because apparently
-[UIView convertPoint:fromView:] will happily work with non-invertible matrices, and
-[UIView pointInside:withEvent:] just compares the point with the view bounds.

Since the view frame takes the transform into account, we can look for an empty frame
to detect these non-invertible transforms.

UIProcess/RemoteLayerTree/ios/RemoteLayerTreeViews.mm: (WebKit::collectDescendantViewsAtPoint):

LayoutTests:

fast/scrolling/ios/non-invertible-transformed-over-scroller-expected.txt: Added.
fast/scrolling/ios/non-invertible-transformed-over-scroller.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248015 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248065] by Alan Coon

3 edits
2 moves
2 adds in branches/safari-608-branch

Cherry-pick r247936. rdar://problem/53764217

YouTube search field shows RTL text outside its border on iPadOS
https://bugs.webkit.org/show_bug.cgi?id=200253
<rdar://problem/53680603>

Reviewed by Beth Dakin.

Source/WebKit:

Limits code added in r238939 to respect the current keyboard's writing mode to only editable web views. This
behavior was only intended for Mail, and isn't generally compatible with web content.

While the call to -setInitialDirection is correctly gated on an web view editability check, it appears that
other changes in iOS 13 now cause -setBaseWritingDirection:forRange: to be invoked directly from keyboards code.
This means that -setBaseWritingDirection:forRange: should additionally be guarded with the same check.

UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView setBaseWritingDirection:forRange:]):

LayoutTests:

editing/input/ios/rtl-keyboard-input-on-focus-in-editable-page-expected.txt: Renamed from LayoutTests/editing/input/ios/rtl-keyboard-input-on-focus-expected.txt.
editing/input/ios/rtl-keyboard-input-on-focus-in-editable-page.html: Renamed from LayoutTests/editing/input/ios/rtl-keyboard-input-on-focus.html.

Rename an existing test, rtl-keyboard-input-on-focus.html, to rtl-keyboard-input-on-focus-in-editable-page.html
to emphasize the fact that it requires an editable web view.

editing/input/ios/rtl-keyboard-input-on-focus-in-non-editable-page-expected.txt: Added.
editing/input/ios/rtl-keyboard-input-on-focus-in-non-editable-page.html: Added.

Add a new layout test to ensure that we don't automatically apply an RTL attribute when focusing fields in a
non-editable web view.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247936 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248064] by Alan Coon

3 edits in branches/safari-608-branch/Source/WebCore

Cherry-pick r247934. rdar://problem/53764085

MediaSource.isTypeSupported claims FLAC-in-MP4 support on iOS and macOS, but plays silence
https://bugs.webkit.org/show_bug.cgi?id=198583
<rdar://problem/51487853>

Reviewed by Maciej Stachowiak.

platform/graphics/avfoundation/objc/AVStreamDataParserMIMETypeCache.h: (WebCore::AVStreamDataParserMIMETypeCache::canDecodeType): Use anParseExtendedMIMEType: when it is available.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247934 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248063] by Alan Coon

2 edits in branches/safari-608-branch/Source/WebKit

Cherry-pick r247933. rdar://problem/53764069

Try fixing crash at com.apple.WebKit.Networking: NetworkProcess::setSharedHTTPCookieStorage
https://bugs.webkit.org/show_bug.cgi?id=200189
<rdar://problem/41325767>

Reviewed by Chris Dumez.

The crash indicates that sharedCookieStorage is accessed before being set in network process.
sharedCookieStorage is set during the processing of InitializeNetworkProcess message, and access to
sharedCookieStorage is supposed to happen after that. Therefore, it is likely some message is received and
handled before InitializeNetworkProcess.

One possible explanation is WebKit APIs get called on different threads. Because of the race in checking and
setting m_networkProcess, some message is sent between network process gets launched (m_networkProcess is set)
and InitializeNetworkProcess message is sent. To mitigate this issue, we make sure m_networkProcess is set only
in the main runloop and only after InitializeNetworkProcess is sent.

UIProcess/WebProcessPool.cpp: (WebKit::WebProcessPool::ensureNetworkProcess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247933 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248062] by Alan Coon

4 edits in branches/safari-608-branch

Cherry-pick r247923. rdar://problem/53764209

REGRESSION: WebSockets no longer work in Service Workers
https://bugs.webkit.org/show_bug.cgi?id=199906
<rdar://problem/53516732>

Reviewed by Geoffrey Garen.

Source/WebKit:

Use WebSocketProvider so that network calls are done in the network process.

WebProcess/Storage/WebSWContextManagerConnection.cpp: (WebKit::WebSWContextManagerConnection::installServiceWorker):

LayoutTests:

Fix test and make sure messages are exchanged for the test to succeed.

http/tests/workers/service/resources/serviceworker-websocket-worker.js: (async.doTest):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247923 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248061] by Alan Coon

2 edits in branches/safari-608-branch/Source/WebKit

Cherry-pick r247920. rdar://problem/53764045

Contextual menu does not present when holding an embedded photo but works with link and attachments
https://bugs.webkit.org/show_bug.cgi?id=200239
<rdar://problem/53318733>

Reviewed by Tim Horton.

If the user long-pressed on an image, and the client implemented the new API but did
not provide a configuration, we were not falling back to the default behaviour of
giving a menu allowing the user to copy/share/save the image.

UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView continueContextMenuInteraction:]): If we get through the delegates, and the element is an image, return the default configuration.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247920 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248060] by Alan Coon

3 edits in branches/safari-608-branch/LayoutTests

Cherry-pick r247916. rdar://problem/53764235

REGRESSION (r247891): Layout Test accessibility/ios-simulator/video-elements-ios.html is failing
https://bugs.webkit.org/show_bug.cgi?id=200231
<rdar://problem/53666599>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-07-29
Reviewed by Chris Fleizach.

We now expose <video> elements when they have controls.

accessibility/ios-simulator/video-elements-ios-expected.txt:
accessibility/ios-simulator/video-elements-ios.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247916 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248059] by Alan Coon

2 edits in branches/safari-608-branch/Source/WebCore

Cherry-pick r247915. rdar://problem/53764061

Force Reveal to always lookup from menu
https://bugs.webkit.org/show_bug.cgi?id=200186
<rdar://problem/52967940>

Reviewed by Tim Horton.

We currently only have the 'lookup' menu item, so we should always force the 'lookup' action from it.

Reveal is not currently testable.

editing/cocoa/DictionaryLookup.mm: (WebCore::showPopupOrCreateAnimationController):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247915 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248058] by Alan Coon

5 edits
2 adds in branches/safari-608-branch

Cherry-pick r247912. rdar://problem/53764200

REGRESSION (r246899): Subtitles show twice when controls show/hide on hulu.com
https://bugs.webkit.org/show_bug.cgi?id=200187
rdar://problem/53511121

Reviewed by Zalan Bujtas.

Source/WebCore:

When a layer that painted into shared backing moved, we'd fail to repaint its old position
because the RenderLayer's repaint rects are cleared via BackingSharingState::updateBeforeDescendantTraversal().

Recomputing repaint rects is expensive, so we only want to do it when necessary, which is for
layers that start and stop sharing (going into and out of compositing already recomputes them).
So add logic to RenderLayerBacking::setBackingSharingLayers() that recomputes repaint rects
on layers that will no longer use shared backing, and those that are newly using shared
backing.

Test: compositing/shared-backing/backing-sharing-repaint.html

rendering/RenderLayer.cpp: (WebCore::RenderLayer::setBackingProviderLayer):
rendering/RenderLayerBacking.cpp: (WebCore::RenderLayerBacking::setBackingSharingLayers):
rendering/RenderLayerCompositor.cpp: (WebCore::RenderLayerCompositor::BackingSharingState::appendSharingLayer): (WebCore::RenderLayerCompositor::updateBacking):

LayoutTests:

compositing/shared-backing/backing-sharing-repaint-expected.html: Added.
compositing/shared-backing/backing-sharing-repaint.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247912 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248057] by Alan Coon

3 edits
2 adds in branches/safari-608-branch

Cherry-pick r247909. rdar://problem/53764231

The touch-action property was ignored on replaced elements (canvas, img etc)
https://bugs.webkit.org/show_bug.cgi?id=200205
rdar://problem/53331224

Reviewed by Antti Koivisto.

Source/WebCore:

The event region painting code didn't handle replaced elements correctly,
causing touch-action to get ignored for <canvas>, <img> etc. Fix by handling
region painting in RenderReplaced.

This still doesn't fix <iframe> but I'm not sure what the correct behavior is there
(webkit.org/b/200204).

Test: pointerevents/ios/touch-action-region-replaced-elements.html

rendering/RenderReplaced.cpp: (WebCore::RenderReplaced::paint): (WebCore::RenderReplaced::shouldPaint):

LayoutTests:

pointerevents/ios/touch-action-region-replaced-elements-expected.txt: Added.
pointerevents/ios/touch-action-region-replaced-elements.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247909 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248056] by Alan Coon

2 edits in branches/safari-608-branch/Source/WebKit

Cherry-pick r247905. rdar://problem/53764224

Possible use-after-move under NetworkConnectionToWebProcess::resourceLoadStatisticsUpdated()
https://bugs.webkit.org/show_bug.cgi?id=200225

Reviewed by Brent Fulgham.

The code was WTFMove()-ing the method parameter inside of a loop, which means that it could
move it several times. Instead of copying the parameters, I opted into sending the statistics
only to the network session that matches this WebProcess connection.

NetworkProcess/NetworkConnectionToWebProcess.cpp: (WebKit::NetworkConnectionToWebProcess::resourceLoadStatisticsUpdated):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247905 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248055] by Alan Coon

4 edits
4 adds in branches/safari-608-branch

Cherry-pick r247891. rdar://problem/53764053

Expose the aria-label attribute for <video> elements.
https://bugs.webkit.org/show_bug.cgi?id=200169
<rdar://problem/51754558>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-07-27
Reviewed by Chris Fleizach.

Source/WebCore:

Tests: accessibility/ios-simulator/media-with-aria-label.html

accessibility/media-with-aria-label.html

We now expose the <video> element to accessibility clients as long as auto-play is not enabled.

accessibility/ios/WebAccessibilityObjectWrapperIOS.mm: (-[WebAccessibilityObjectWrapper accessibilityIsWebInteractiveVideo]):

LayoutTests:

accessibility/ios-simulator/media-with-aria-label-expected.txt: Added.
accessibility/ios-simulator/media-with-aria-label.html: Added.
accessibility/media-with-aria-label-expected.txt: Added.
accessibility/media-with-aria-label.html: Added.
platform/win/TestExpectations:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247891 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:56 PM Changeset in webkit [248054] by Alan Coon

3 edits in branches/safari-608-branch/Source/WebKit

Apply patch. rdar://problem/53764240

1:54 PM Changeset in webkit [248053] by Devin Rousso

3 edits in trunk/Source/WebCore

Web Inspector: Overlay: add page width/height display
https://bugs.webkit.org/show_bug.cgi?id=199369

Reviewed by Joseph Pecoraro.

Show ${width}px x ${height}px in the corner where the horizontal and vertical rulers meet.
This way, if the rulers shift due to the highlighted content, the page width/height does too.

inspector/InspectorOverlay.h:
inspector/InspectorOverlay.cpp:

(WebCore::truncateWithEllipsis):
(WebCore::InspectorOverlay::drawNodeHighlight):
(WebCore::InspectorOverlay::drawQuadHighlight):
(WebCore::InspectorOverlay::drawRulers):
(WebCore::InspectorOverlay::drawElementTitle):

1:43 PM Changeset in webkit [248052] by Devin Rousso

6 edits in trunk/Source/WebInspectorUI

Web Inspector: DOM: provide a way to disable/breakpoint all event listeners for a given DOM node or event type
https://bugs.webkit.org/show_bug.cgi?id=200233

Reviewed by Joseph Pecoraro.

Often, when trying to debug issues with DOM events, it's extremely tedious to have to go
through event listeners one by one and disable them (or set a breakpoint). This patch adds
a way of performing these "state modifications" in batch operations, based on the current
grouping method of the Event Listeners section.

UserInterface/Controllers/DOMManager.js:

(WI.DOMManager.supportsDisablingEventListeners): Added.
(WI.DOMManager.supportsEventListenerBreakpoints): Added.
Common convenience functions for checking for protocol support.

UserInterface/Views/DOMNodeDetailsSidebarPanel.js:

(WI.DOMNodeDetailsSidebarPanel.prototype._refreshEventListeners.createEventListenerSection):

UserInterface/Views/DOMNodeDetailsSidebarPanel.css:

(.sidebar > .panel.dom-node-details .details-section.dom-node-event-listeners .details-section.event-listener-section > .header > .event-listener-options): Added.
(.sidebar > .panel.dom-node-details .details-section.dom-node-event-listeners .details-section.event-listener-section:hover > .header > .event-listener-options): Added.
Add an options element that shows a context menu:

"Disable Event Listeners"/"Enable Event Listeners"
"Add Breakpoints"/"Delete Breakpoints"

Each action applies the corresponding state to all event listeners in that section.

UserInterface/Views/EventListenerSectionGroup.js:

(WI.EventListenerSectionGroup):
(WI.EventListenerSectionGroup.prototype.get supportsStateModification): Added.
(WI.EventListenerSectionGroup.prototype.get isEventListenerDisabled): Added.
(WI.EventListenerSectionGroup.prototype.set isEventListenerDisabled): Added.
(WI.EventListenerSectionGroup.prototype.get hasEventListenerBreakpoint): Added.
(WI.EventListenerSectionGroup.prototype.set hasEventListenerBreakpoint): Added.
(WI.EventListenerSectionGroup.prototype._updateDisabledToggle): Added.
(WI.EventListenerSectionGroup.prototype._updateBreakpointToggle): Added.
(WI.EventListenerSectionGroup.prototype._createDisabledToggleRow): Deleted.
(WI.EventListenerSectionGroup.prototype._createBreakpointToggleRow): Deleted.
Expose a way to modify the event listener's state so that the UI (e.g. checkbox and title)
also get's updated.

Localizations/en.lproj/localizedStrings.js:

1:34 PM Changeset in webkit [248051] by Keith Rollin

5 edits
2 adds in trunk

Update WebKitLegacy for XCBuild
https://bugs.webkit.org/show_bug.cgi?id=200310
<rdar://problem/53773708>

Reviewed by Alex Christensen.

Bug 199771 (svn r247570) updated WebKitLegacy to use the unified-build
technique. Now update WebKitLegacy to build under XCBuild after those
changes. This work involves adding an "Apply Configuration to
XCFileLists" build target, adding a check-xcfilelists.sh script,
adding a "Check xcfilelists" build phase that calls that script,
adding knowledge of the project to the generate-xcfilelists script,
creating new .xcfilelist files, and adding those to the project.

Source/WebKitLegacy:

UnifiedSources-output.xcfilelist: Added.
WebKitLegacy.xcodeproj/project.pbxproj:
scripts/check-xcfilelists.sh: Added.

Tools:

Scripts/webkitpy/generate_xcfilelists_lib/application.py:

(Application.init):

Scripts/webkitpy/generate_xcfilelists_lib/generators.py:

(JavaScriptCoreGenerator):
(WebCoreGenerator):
(WebKitGenerator):
(WebKitGenerator._get_generate_unified_sources_script):
(WebKitLegacyGenerator):
(WebKitLegacyGenerator._get_project_file_path):
(WebKitLegacyGenerator._get_generate_unified_sources_script):

12:01 PM Changeset in webkit [248050] by Alan Coon

7 edits in branches/safari-608-branch/Source

Versioning.

11:09 AM Changeset in webkit [248049] by Alan Coon

7 edits in branches/safari-608.1-branch/Source

Versioning.

11:05 AM Changeset in webkit [248048] by Alan Coon

2 edits in branches/safari-608.1-branch/Source/WebKit

Cherry-pick r247914. rdar://problem/53762620

UI process occasionally hangs in -[UIKeyboardTaskQueue lockWhenReadyForMainThread]
https://bugs.webkit.org/show_bug.cgi?id=200215
<rdar://problem/52976965>

Reviewed by Tim Horton.

To implement autocorrection on iOS, UIKit sometimes needs to request contextual information from WebKit. This is
handled as a sync IPC message in WebKit, since UIKit would otherwise proceed to block the main thread after
sending the request, preventing WebKit from handling any IPC responses in the UI process (potentially resulting
in deadlock if any other sync IPC messages were to arrive in the UI process during this time).

The synchronous nature of this autocorrection request means that if any sync IPC message were to be
simultaneously dispatched in the opposite direction (i.e. web to UI process), we need to immediately handle the
incoming sync message in the UI process (otherwise, we'd end up deadlocking for 1 second until the
autocorrection context request hits a 1-second IPC timeout).

One such synchronous message from the web process to the UI process is WebPageProxy::CreateNewPage, triggered as
a result of synchronously opening a new window. Due to Safari changes in iOS 13 (<rdar://problem/51755088>),
this message now calls into code which then causes UIKit to call *back into* -[WKContentView
requestAutocorrectionContextWithCompletionHandler:] for the newly opened web view, under the scope of the call
to -requestAutocorrectionContextWithCompletionHandler: in the original web view.

This caused a crash, which was tracked in <rdar://problem/52590170>. There was an attempt to fix this in r247345
by invoking the existing handler well before storing the new one; while this avoided the crash, it didn't solve
the root problem, which was that keyboard task queues would get into a bad state after this scenario; this would
manifest in a UI process hang under -[UIKeyboardTaskQueue lockWhenReadyForMainThread] during the next user
gesture, which is tracked by this bug (<rdar://problem/52976965>).

As it turns out, the keyboard task queue gets into a bad state because it is architected in such a way that
tasks added to the queue under the scope of parent task must be finished executing before their parents;
otherwise, the call to -[UIKeyboardTaskExecutionContext returnExecutionToParentWithInfo:] never happens when
handling the child task. This has the effect of causing the keyboard task queue to end up with a
UIKeyboardTaskExecutionContext that can never return execution to its parent context, such that if the task
queue is then told to wait until any future task is finished executing, it will hang forever, waiting for these
stuck tasks to finish executing (which never happens, because they're all waiting to return execution to their
parents which are already done executing!)

To fix this hang and avoid ever getting into this bad state, we need to invoke the autocorrection request
handlers in this order:

(1) Receive outer autocorrection context request.
(2) Receive inner autocorrection context request.
(3) Invoke inner autocorrection context request completion handler.
(4) Invoke outer autocorrection context request completion handler.

...instead of swapping (3) and (4), like we do currently.

UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView resignFirstResponderForWebView]):

Remove the hack added in r247345 to try and avoid reentrant autocorrection context requests; we don't need this
anymore, since we should now be able to handle these reentrant requests in the way UIKit expects.

(-[WKContentView requestAutocorrectionContextWithCompletionHandler:]):

Add an early return in the case where the request is synchronous and there's already a pending autocorrection
context to ensure that the completion handler for the nested request is invoked before the outer request is
finished.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247914 268f45cc-cd09-0410-ab3c-d52691b4dbfc

10:37 AM Changeset in webkit [248047] by Chris Dumez

11 edits in trunk

REGRESSION (r247486?): Flaky API Test TestWebKitAPI.WKWebView.LocalStorageProcessSuspends
https://bugs.webkit.org/show_bug.cgi?id=200086
<rdar://problem/53501721>

Reviewed by Alex Christensen.

Source/WebKit:

The test would first send a ProcessWillSuspendImminently IPC to the NetworkProcess and then
run JS in the WebContent process, which would in turn send IPC to the NetworkProcess. The
test was flaky because it expected the network process to receive the IPC from the UIProcess
*before* the one from the WebContent process. However, there is no guarantee about ordering
from IPC messages coming from different connections.

To address the flakiness, this patch introduces a new ProcessWillSuspendImminentlyForTesting
synchronous IPC and uses this instead. As a result, it is now guaranteed that the network
process processes this IPC *before* receiving any IPC from the WebContent process that is
the result of IPC from the UIProcess.

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::processWillSuspendImminentlyForTestingSync):

NetworkProcess/NetworkProcess.h:
NetworkProcess/NetworkProcess.messages.in:
UIProcess/API/Cocoa/WKProcessPool.mm:

(-[WKProcessPool _sendNetworkProcessWillSuspendImminently]):

UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::sendProcessWillSuspendImminentlyForTesting):

UIProcess/Network/NetworkProcessProxy.h:
UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::sendNetworkProcessWillSuspendImminentlyForTesting):
(WebKit::WebProcessPool::sendNetworkProcessWillSuspendImminently): Deleted.

UIProcess/WebProcessPool.h:

Tools:

re-enable the API test.

TestWebKitAPI/Tests/WebKitCocoa/LocalStoragePersistence.mm:

(TEST):

10:31 AM Changeset in webkit [248046] by youenn@apple.com

15 edits in trunk

Owners of MultiChannelResampler should make sure that the output bus given to it has the same number of channels
https://bugs.webkit.org/show_bug.cgi?id=200248
<rdar://problem/53411051>

Reviewed by Eric Carlson.

Source/WebCore:

When a track's number of channels changes, MediaStreamAudioSourceNode is expected
to update its MultiChannelResampler and its output number of channels.
MultiChannelResampler expects to have the same number of channels as the output
but it is not always the case since the channel numbers are changed in different threads
and locks do not help there.

Instead, whenever detecting that the number of channels do not match, render silence
and wait for the next rendering where the number of channels should again match.

Add internals API to change the number of channels from 2 to 1 or 1 to 2
to allow testing that code path (iOS only as MacOS audio capture is in UIProcess).
Covered by updated test.

Modules/webaudio/MediaElementAudioSourceNode.cpp:

(WebCore::MediaElementAudioSourceNode::process):

Modules/webaudio/MediaStreamAudioSourceNode.cpp:

(WebCore::MediaStreamAudioSourceNode::process):

platform/audio/MultiChannelResampler.cpp:

(WebCore::MultiChannelResampler::process):

platform/mediastream/RealtimeMediaSource.h:
platform/mediastream/mac/MockRealtimeAudioSourceMac.mm:

(WebCore::MockRealtimeAudioSourceMac::reconfigure):

platform/mock/MockRealtimeAudioSource.cpp:

(WebCore::MockRealtimeAudioSource::setChannelCount):

platform/mock/MockRealtimeAudioSource.h:

(isType):

platform/mock/MockRealtimeVideoSource.h:
testing/Internals.cpp:

(WebCore::Internals::setMockAudioTrackChannelNumber):

testing/Internals.h:
testing/Internals.idl:

LayoutTests:

fast/mediastream/getUserMedia-webaudio-expected.txt:
fast/mediastream/getUserMedia-webaudio.html:

9:28 AM Changeset in webkit [248045] by Dewei Zhu

2 edits in trunk/Websites/perf.webkit.org

Analysis task page should show build request author and creation time.
https://bugs.webkit.org/show_bug.cgi?id=200274

Reviewed by Ryosuke Niwa.

Author and creation time of a build request should be visible in analysis task page.

public/v3/pages/analysis-task-page.js: Added UI to show build request creation time and author.

(AnalysisTaskTestGroupPane.prototype._renderCurrentTestGroup):

9:26 AM Changeset in webkit [248044] by Keith Rollin

2 edits in trunk/Source/WTF

Fix 64-bit vs 32-bit mismatch in PersistentCoders.h
https://bugs.webkit.org/show_bug.cgi?id=200288
<rdar://problem/53734203>

Reviewed by Chris Dumez.

hashMapSize is declared as a uint64_t. It is passed to
HashMapType::reserveInitialCapacity, which takes an unsigned int. This
is a 32-bit value on 32-bit platforms, leading to a compile time
error. Fix his by casting hashMapSize to the expected type.

wtf/persistence/PersistentCoders.h:

9:13 AM Changeset in webkit [248043] by Keith Rollin

2 edits in trunk/Source/WTF

Fix 64-bit vs 32-bit mismatch in LogArgument
https://bugs.webkit.org/show_bug.cgi?id=200286
<rdar://problem/53733671>

Reviewed by Darin Adler.

LogArgument is a utility for converting scalars into strings. It has a
number of versions of a toString() method that is specialized for each
type and converts the value to a string in a manner appropriate for
that type. However, the versions of toString() for "long long" and
"unsigned long long" are actually declared to take an "long" or
"unsigned long" as a parameter. This difference leads to a 64-bit vs
32-bit build error on 32-bit systems. Fix this by specifying
correct/matching types.

wtf/Logger.h:

(WTF::LogArgument::toString):

8:12 AM Changeset in webkit [248042] by Chris Dumez

5 edits
2 adds in trunk

Element.outerHTML is missing attribute prefixes in some cases in HTML documents
https://bugs.webkit.org/show_bug.cgi?id=200283

Reviewed by Ryosuke Niwa.

Source/WebCore:

When HTML serializing a prefixed element attribute, we should always serialize the
prefix as per [1]. However, our code was only serializing the well-known ones (xml,
xmlns & xlink).

[1] https://html.spec.whatwg.org/#attribute's-serialised-name

Test: fast/dom/Element/outerHTML-prefixed-attribute.html

editing/MarkupAccumulator.cpp:

(WebCore::htmlAttributeSerialization):
(WebCore::MarkupAccumulator::xmlAttributeSerialization):
(WebCore::MarkupAccumulator::appendAttribute):

editing/MarkupAccumulator.h:

LayoutTests:

Add layout test coverage.

fast/dom/Element/outerHTML-prefixed-attribute-expected.txt: Added.
fast/dom/Element/outerHTML-prefixed-attribute.html: Added.

7:54 AM Changeset in webkit [248041] by zandobersek@gmail.com

5 edits
5 adds in trunk/LayoutTests

Unreviewed WPE and GTK gardening. Adding some failure expectations as
well as updating baselines for WPT tests where the behavior improved or
has just changed in the type of error(s) reported.

platform/gtk/TestExpectations:
platform/wpe/TestExpectations:
platform/wpe/imported/w3c/web-platform-tests/html/semantics/interactive-elements/the-dialog-element/dialog-showModal-expected.txt:
platform/wpe/imported/w3c/web-platform-tests/resource-timing/resource-timing-level1.sub-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/service-workers/service-worker/ready.https-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/service-workers/service-worker/windowclient-navigate.https-expected.txt: Added.
platform/wpe/imported/w3c/web-platform-tests/web-animations/animation-model/animation-types/addition-per-property-expected.txt:
platform/wpe/imported/w3c/web-platform-tests/websockets: Added.
platform/wpe/imported/w3c/web-platform-tests/websockets/bufferedAmount-unchanged-by-sync-xhr.any.worker-expected.txt: Added.

7:47 AM Changeset in webkit [248040] by commit-queue@webkit.org

5 edits in trunk/Source/WebCore

[GStreamer] Fix printf format warnings for 32-bit build in GST traces
https://bugs.webkit.org/show_bug.cgi?id=200299

Patch by Loïc Yhuel <loic.yhuel@softathome.com> on 2019-07-31
Reviewed by Xabier Rodriguez-Calvar.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::MediaPlayerPrivateGStreamerBase::handleSyncMessage): %zu for size_t
(WebCore::MediaPlayerPrivateGStreamerBase::initializationDataEncountered): Ditto

platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:

(webKitWebSrcCreate): G_GUINT64_FORMAT for uint64_t

platform/mediastream/libwebrtc/GStreamerVideoDecoderFactory.cpp: G_GINT64_FORMAT for int64_t
platform/mediastream/libwebrtc/GStreamerVideoEncoderFactory.cpp: Ditto

7:41 AM Changeset in webkit [248039] by Wenson Hsieh

5 edits in trunk

[iOS 13] Safari crashes when closing a tab with a focused element if the unified field has focus
https://bugs.webkit.org/show_bug.cgi?id=200291
<rdar://problem/53717946>

Reviewed by Megan Gardner.

Source/WebKit:

Makes -requestAutocorrectionContextWithCompletionHandler: robust in the case where the web page has been closed,
and there is no Connection object to use when waiting for a sync IPC response.

Test: AutocorrectionTests.RequestAutocorrectionContextAfterClosingPage

UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView requestAutocorrectionContextWithCompletionHandler:]):

Tools:

Add an API test to exercise the scenario of synchronously requesting the autocorrection context immediately
after closing the web view, while the web view's content view isn't the first responder.

TestWebKitAPI/Tests/ios/AutocorrectionTestsIOS.mm:
TestWebKitAPI/ios/UIKitSPI.h:

7:38 AM Changeset in webkit [248038] by Chris Fleizach

2 edits in trunk/Source/WebKit

AX: com.apple.WebKit.WebContent at com.apple.WebKit: -[WKAccessibilityWebPageObject accessibilityParameterizedAttributeNames]
https://bugs.webkit.org/show_bug.cgi?id=200277
<rdar://problem/49475009>

Reviewed by Per Arne Vollan.

Verify Page is available before calling into it.

WebProcess/WebPage/mac/WKAccessibilityWebPageObjectMac.mm:

(-[WKAccessibilityWebPageObject ALLOW_DEPRECATED_IMPLEMENTATIONS_END]):

7:36 AM Changeset in webkit [248037] by commit-queue@webkit.org

5 edits
1 delete in trunk

AX: Re-enable accessibility/set-selected-text-range-after-newline.html test.
https://bugs.webkit.org/show_bug.cgi?id=199431
<rdar://problem/52563340>

Patch by Andres Gonzalez <Andres Gonzalez> on 2019-07-31
Reviewed by Chris Fleizach.

Source/WebCore:

Re-enabled LayoutTests/accessibility/set-selected-text-range-after-newline.html.
Put back workaround in visiblePositionForIndexUsingCharacterIterator

that is needed for several accessibility issues.

This workaround was rolled back because it was thought the cause of:

https://bugs.webkit.org/show_bug.cgi?id=199434
It turned out that the actual cause of that hang was unrelated and was
fixed in:
https://bugs.webkit.org/show_bug.cgi?id=199845

editing/Editing.cpp:

(WebCore::visiblePositionForIndexUsingCharacterIterator):

LayoutTests:

TestExpectations:
accessibility/ios-simulator/set-selected-text-range-after-newline.html: Removed because it was the same as the one in the parent accessibility directory, so enabling it for iOS in ios-wk2/TestExpectations.
platform/ios-wk2/TestExpectations:

6:22 AM Changeset in webkit [248036] by Carlos Garcia Campos

2 edits
5 adds in trunk/LayoutTests

Unreviewed GTK gardening. Update expectations after r248033.

platform/gtk/TestExpectations:
platform/gtk/fast/forms/datalist/datalist-searchinput-appearance-expected.png: Added.
platform/gtk/fast/forms/datalist/datalist-searchinput-appearance-expected.txt: Added.
platform/gtk/fast/forms/datalist/datalist-textinput-appearance-expected.png: Added.
platform/gtk/fast/forms/datalist/datalist-textinput-appearance-expected.txt: Added.

6:08 AM Changeset in webkit [248035] by zandobersek@gmail.com

10 edits in trunk/LayoutTests

Unreviewed WPE gardening. Rebaselining the straightforward cases.

platform/wpe/css3/flexbox/flexbox-baseline-margins-expected.txt:
platform/wpe/fast/dom/Window/window-properties-geolocation-expected.txt:
platform/wpe/fast/xsl/sort-locale-expected.txt:
platform/wpe/http/tests/dom/same-origin-detached-window-properties-expected.txt:
platform/wpe/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args-expected.txt:
platform/wpe/imported/w3c/web-platform-tests/fetch/api/basic/request-headers-case.any-expected.txt:
platform/wpe/imported/w3c/web-platform-tests/fetch/api/basic/request-headers-case.any.worker-expected.txt:
platform/wpe/imported/w3c/web-platform-tests/service-workers/service-worker/websocket-in-service-worker.https-expected.txt:
platform/wpe/js/dom/dom-static-property-for-in-iteration-expected.txt:

1:53 AM Changeset in webkit [248034] by Devin Rousso

3 edits
2 adds in trunk

Web Inspector: Second call to setAttributeNS creates non-prefixed attribute
https://bugs.webkit.org/show_bug.cgi?id=200230
<rdar://problem/53712672>

Reviewed by Joseph Pecoraro.

Source/WebCore:

Original patch by Chris Dumez <Chris Dumez>.

Test: inspector/dom/attributeModified.html

dom/Element.cpp:

(WebCore::Element::didAddAttribute):
(WebCore::Element::didModifyAttribute):
(WebCore::Element::didRemoveAttribute):
Use the fully qualified name, not just the local name, when notifying the inspector frontend
about changes to attributes.

LayoutTests:

inspector/dom/attributeModified.html: Added.
inspector/dom/attributeModified-expected.txt: Added.

1:02 AM Changeset in webkit [248033] by Carlos Garcia Campos

16 edits
1 copy
1 add in trunk

[GTK] Datalist element support for TextFieldInputType
https://bugs.webkit.org/show_bug.cgi?id=98934

Reviewed by Michael Catanzaro.

Enable DATALIST_ELEMENT.

Source/cmake/OptionsGTK.cmake:

Source/WebCore:

Add support for rendering the arrow indicator of text fields having data list.

rendering/RenderThemeGtk.cpp:

(WebCore::RenderThemeGtk::paintTextField):
(WebCore::RenderThemeGtk::adjustListButtonStyle const):
(WebCore::RenderThemeGtk::paintListButtonForInput):
(WebCore::RenderThemeGtk::adjustSearchFieldStyle const):

rendering/RenderThemeGtk.h:

Source/WebKit:

Add a WebDataListSuggestionsDropdown implementation for the GTK port using a popup window with a tree view list.

Sources.txt:
SourcesGTK.txt:
UIProcess/API/gtk/PageClientImpl.cpp:

(WebKit::PageClientImpl::createDataListSuggestionsDropdown):

UIProcess/API/gtk/PageClientImpl.h:
UIProcess/gtk/WebDataListSuggestionsDropdownGtk.cpp: Added.

(WebKit::firstTimeItemSelectedCallback):
(WebKit::WebDataListSuggestionsDropdownGtk::WebDataListSuggestionsDropdownGtk):
(WebKit::WebDataListSuggestionsDropdownGtk::~WebDataListSuggestionsDropdownGtk):
(WebKit::WebDataListSuggestionsDropdownGtk::treeViewRowActivatedCallback):
(WebKit::WebDataListSuggestionsDropdownGtk::didSelectOption):
(WebKit::WebDataListSuggestionsDropdownGtk::show):
(WebKit::WebDataListSuggestionsDropdownGtk::handleKeydownWithIdentifier):
(WebKit::WebDataListSuggestionsDropdownGtk::close):

UIProcess/gtk/WebDataListSuggestionsDropdownGtk.h: Copied from Tools/WebKitTestRunner/gtk/UIScriptControllerGtk.h.

Tools:

Implement UIScriptControllerGtk::isShowingDataListSuggestions.

WebKitTestRunner/gtk/UIScriptControllerGtk.cpp:

(WTR::UIScriptControllerGtk::isShowingDataListSuggestions const):

WebKitTestRunner/gtk/UIScriptControllerGtk.h:

LayoutTests:

Unskip datalist tests for GTK port.

platform/gtk/TestExpectations:

12:37 AM Changeset in webkit [248032] by timothy_horton@apple.com

2 edits in trunk/Source/WebKit

Remove WebKit2 Makefile guards for pre-Snow Leopard macOS
https://bugs.webkit.org/show_bug.cgi?id=200294

Reviewed by Dan Bernstein.

Makefile:

It seems ... unlikely ... that anyone is trying to build
trunk WebKit for Leopard or prior.

12:07 AM Changeset in webkit [248031] by zandobersek@gmail.com

2 edits in trunk/LayoutTests

Unreviewed WPE gardening.

platform/wpe/TestExpectations:

Skip tests invoking the UIScriptController interface for which WPE
doesn't yet provide an implementation, resulting in crashes.

Jul 30, 2019:

10:18 PM Changeset in webkit [248030] by timothy_horton@apple.com

2 edits in trunk/Tools

Remove some needless comments that snuck into the tree

TestRunnerShared/UIScriptContext/UIScriptController.h:

(WTR::UIScriptController::setHardwareKeyboardAttached):
(WTR::UIScriptController::playBackEventStream):

10:13 PM Changeset in webkit [248029] by Fujii Hironori

12 edits
2 adds in trunk

[WebKit] Add PageLoadState::Observer C API
https://bugs.webkit.org/show_bug.cgi?id=199848

Reviewed by Alex Christensen.

Source/WebKit:

There is no WebKit C API to get the timing of title changed since
WKPageLoaderClientV0::didReceiveTitleForFrame has been removed in
r235398. Cocoa and glib WebKit API exist.

PlatformWin.cmake:
UIProcess/API/C/WKPage.cpp:

(WKPageSetPageStateClient):

UIProcess/API/C/WKPage.h: Added WKPageSetPageStateClient.
UIProcess/API/C/WKPageStateClient.h: Added.
UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::setPageLoadStateObserver):

UIProcess/WebPageProxy.h:
WebKit.xcodeproj/project.pbxproj:

Tools:

MiniBrowser/win/WebKitBrowserWindow.cpp:

(WebKitBrowserWindow::WebKitBrowserWindow):
(WebKitBrowserWindow::didChangeTitle):
(WebKitBrowserWindow::didFinishNavigation): Deleted.

MiniBrowser/win/WebKitBrowserWindow.h:
TestWebKitAPI/CMakeLists.txt:
TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit/PageLoadState.cpp: Added.

(TestWebKitAPI::PageLoadTestState::PageLoadTestState):
(TestWebKitAPI::didChangeActiveURL):
(TestWebKitAPI::didChangeCanGoBack):
(TestWebKitAPI::didChangeCanGoForward):
(TestWebKitAPI::didChangeCertificateInfo):
(TestWebKitAPI::didChangeEstimatedProgress):
(TestWebKitAPI::didChangeHasOnlySecureContent):
(TestWebKitAPI::didChangeIsLoading):
(TestWebKitAPI::didChangeNetworkRequestsInProgress):
(TestWebKitAPI::didChangeTitle):
(TestWebKitAPI::didChangeWebProcessIsResponsive):
(TestWebKitAPI::didSwapWebProcesses):
(TestWebKitAPI::willChangeActiveURL):
(TestWebKitAPI::willChangeCanGoBack):
(TestWebKitAPI::willChangeCanGoForward):
(TestWebKitAPI::willChangeCertificateInfo):
(TestWebKitAPI::willChangeEstimatedProgress):
(TestWebKitAPI::willChangeHasOnlySecureContent):
(TestWebKitAPI::willChangeIsLoading):
(TestWebKitAPI::willChangeNetworkRequestsInProgress):
(TestWebKitAPI::willChangeTitle):
(TestWebKitAPI::willChangeWebProcessIsResponsive):
(TestWebKitAPI::didFinishNavigation):
(TestWebKitAPI::TEST):

10:01 PM Changeset in webkit [248028] by timothy_horton@apple.com

2 edits in trunk/Source/WebCore

ASSERTion failure under takeSnapshot after r247846

page/TextIndicator.cpp:

(WebCore::takeSnapshots):
We now sometimes inflate the scale factor; allow this.

6:35 PM Changeset in webkit [248027] by ysuzuki@apple.com

11 edits in trunk/Source/JavaScriptCore

[JSC] Emit write barrier after storing instead of before storing
https://bugs.webkit.org/show_bug.cgi?id=200193

Reviewed by Saam Barati.

I reviewed tricky GC-related code including visitChildren and manual writeBarrier, and I found that we have several problems with write-barriers.

Some write-barriers are emitted before stores happen

Some code like LazyProperty emits write-barrier before we store the value. This is wrong since JSC has concurrent collector. Let's consider the situation like this.

Cell "A" is not marked yet
Write-barrier is emitted onto "A"
Concurrent collector scans "A"
Store to "A"'s field happens
(4)'s field is not rescaned

We should emit write-barrier after stores. This patch places write-barriers after stores happen.

Should emit write-barrier after the stored fields are reachable from the owner.

We have code that is logically the same to the following.

`
auto data = std::make_unique<XXX>();
data->m_field.set(vm, owner, value);

storeStoreBarrier();
owner->m_data = WTFMove(data);
`

This is not correct. When write-barrier is emitted, the owner cannot reach to the field that is stored.
The actual example is AccessCase. We are emitting write-barriers with owner when creating AccessCase, but this is not
effective until this AccessCase is chained to StructureStubInfo, which is reachable from CodeBlock.

I don't think this is actually an issue because currently AccessCase generation is guarded by CodeBlock->m_lock. And CodeBlock::visitChildren takes this lock.
But emitting a write-barrier at the right place is still better. This patch places write-barriers when StructureStubInfo::addAccessCase is called.

Speculative GC fix, it was hard to reproduce the crash since we need to control concurrent collector and main thread's scheduling in an instruction-level.

bytecode/BytecodeList.rb:
bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):

bytecode/StructureStubInfo.cpp:

(JSC::StructureStubInfo::addAccessCase):

bytecode/StructureStubInfo.h:

(JSC::StructureStubInfo::considerCaching):

dfg/DFGPlan.cpp:

(JSC::DFG::Plan::finalizeWithoutNotifyingCallback):

jit/JITOperations.cpp:
llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::setupGetByIdPrototypeCache):

runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

runtime/LazyPropertyInlines.h:

(JSC::ElementType>::setMayBeNull):

runtime/RegExpCachedResult.h:

(JSC::RegExpCachedResult::record):

6:22 PM Changeset in webkit [248026] by ysuzuki@apple.com

4 edits
1 add in trunk

[JSC] Make StructureChain less-tricky by using Auxiliary Buffer
https://bugs.webkit.org/show_bug.cgi?id=200192

Reviewed by Saam Barati.

JSTests:

stress/structure-chain-stress.js: Added.

(keys):

Source/JavaScriptCore:

StructureChain has a bit tricky write barrier / mutator fence to use UniqueArray for its underlying storage.
But, since the size of StructureChain is fixed at initialization, we should allocate an underlying storage from auxiliary memory and
set it in its constructor instead of finishCreation. We can store values in the finishCreation so that we do not need to have
a hacky write-barrier and mutator fence. Furthermore, we can make StructureChain non-destructible.

This patch leverages auxiliary buffer for the implementation of StructureChain. And it also adds a test that stresses StructureChain creation.

runtime/StructureChain.cpp:

(JSC::StructureChain::StructureChain):
(JSC::StructureChain::create):
(JSC::StructureChain::finishCreation):
(JSC::StructureChain::visitChildren):
(JSC::StructureChain::destroy): Deleted.

runtime/StructureChain.h:

5:31 PM Changeset in webkit [248025] by sbarati@apple.com

2 edits in trunk/Source/WebCore

[WHLSL] Add a fast path for TypeNamer::insert where we've already seen the type
https://bugs.webkit.org/show_bug.cgi?id=200284

Reviewed by Myles C. Maxfield.

This is a ~27% speedup in the WHLSL::prepare for the compute_boids test.
This optimization makes sense since my previous patch to make UnnamedType
ref counted was also a huge speedup. So the TypeNamer is seeing many
UnnamedTypes which are the same pointer value. On compute_boids, this
makes generateMetalCode ~40ms faster.

Modules/webgpu/WHLSL/Metal/WHLSLTypeNamer.cpp:

(WebCore::WHLSL::Metal::TypeNamer::insert):

4:52 PM Changeset in webkit [248024] by rniwa@webkit.org

2 edits in trunk/Source/WebCore

WorkerGlobalScope::wrapCryptoKey/unwrapCryptoKey should use local heap objects for replies
https://bugs.webkit.org/show_bug.cgi?id=200179
<rdar://problem/52334658>

Reviewed by Brent Fulgham.

Based on the patch by Jiewen Tan.

WorkerGlobalScope::wrapCryptoKey and WorkerGlobalScope::unwrapCryptoKey had a bug that they could exit
the function before the main thread had finished writing to the result vector passed in to these functions
when the worker's runloop receives MessageQueueTerminated before the main thread finishes writing.

Fixed the bug by creating a new temporary Vector inside a ThreadSafeRefCounted object shared between
the main thread and the worker thread, which extends the lifetime of the Vector until when the worker thread
receives the result or when the main thread finishes writing to the Vector, whichever happens last.

Unfortunately no new tests since there is no reproducible test case, and this crash is highly racy.

workers/WorkerGlobalScope.cpp:

(WebCore::CryptoBufferContainer): Added.
(WebCore::CryptoBufferContainer::create): Added.
(WebCore::CryptoBufferContainer::buffer): Added.
(WebCore::WorkerGlobalScope::wrapCryptoKey):
(WebCore::WorkerGlobalScope::unwrapCryptoKey):

4:46 PM Changeset in webkit [248023] by Alan Coon

1 copy in tags/Safari-608.2.1

Tag Safari-608.2.1.

4:42 PM Changeset in webkit [248022] by sbarati@apple.com

3 edits
2 adds in trunk

[WHLSL] Checker sets wrong type for property access instruction with an ander
https://bugs.webkit.org/show_bug.cgi?id=200282

Reviewed by Myles C. Maxfield.

Source/WebCore:

We were assigning resulting type based on the base value instead of the ander
of the base value. For example, consider:
`
struct Point { float x; float y; }
compute main(device Point[] buffer) { buffer[0]; }
`

The local variable "buffer" is in the "thread" address space. So we would end up
trying to use the thread address space for "buffer[0]". This caused us to
generate invalid Metal code because we would call a "thread" ander with a
"device" pointer. The fix is to use the "device" address space, which is
the type of the ander we were already setting on this property access instruction.

Test: webgpu/whlsl/device-proper-type-checker.html

Modules/webgpu/WHLSL/WHLSLChecker.cpp:

(WebCore::WHLSL::Checker::finishVisiting):

LayoutTests:

webgpu/whlsl/device-proper-type-checker-expected.txt: Added.
webgpu/whlsl/device-proper-type-checker.html: Added.

4:41 PM Changeset in webkit [248021] by sbarati@apple.com

8 edits in trunk/Source/WebCore

[WHLSL] Make ASTDumper dump types and address spaces
https://bugs.webkit.org/show_bug.cgi?id=200281

Reviewed by Robin Morisset.

This makes it much easier to gain insight into what type resolution
the checker does. I used this logging to debug https://bugs.webkit.org/show_bug.cgi?id=200282

Modules/webgpu/WHLSL/AST/WHLSLAddressSpace.h:

(WebCore::WHLSL::AST::TypeAnnotation::isAbstractLeftValue const):

Modules/webgpu/WHLSL/AST/WHLSLArrayReferenceType.h:
Modules/webgpu/WHLSL/AST/WHLSLArrayType.h:
Modules/webgpu/WHLSL/AST/WHLSLPointerType.h:
Modules/webgpu/WHLSL/AST/WHLSLTypeReference.h:
Modules/webgpu/WHLSL/AST/WHLSLUnnamedType.h:
Modules/webgpu/WHLSL/WHLSLASTDumper.cpp:

(WebCore::WHLSL::ASTDumper::visit):

3:36 PM Changeset in webkit [248020] by Brent Fulgham

22 edits
3 copies
8 adds in trunk/Source/WebCore

[FTW] Refactor Direct2D code to follow Cairo's model to support modern WebKit
https://bugs.webkit.org/show_bug.cgi?id=200270

Reviewed by Dean Jackson.

Refactor the Direct2D code in WebCore so that the core routines can be shared
between GraphicsContext and GraphicsContextImpl. Implement PlatformContext,
BackingStoreBackend, and GraphicsContextImpl for the Direct2D engine.

This patch effectively just moves code around.

PlatformFTW.cmake:
platform/graphics/GraphicsContext.h:
platform/graphics/GraphicsContextImpl.h:
platform/graphics/ImageSource.cpp:
platform/graphics/Pattern.h:
platform/graphics/displaylists/DisplayListRecorder.cpp:
platform/graphics/displaylists/DisplayListRecorder.h:
platform/graphics/win/BackingStoreBackendDirect2D.h: Added.
platform/graphics/win/BackingStoreBackendDirect2DImpl.cpp: Added.
platform/graphics/win/BackingStoreBackendDirect2DImpl.h: Added.
platform/graphics/win/Direct2DOperations.cpp: Added.
platform/graphics/win/Direct2DOperations.h: Added.
platform/graphics/win/Direct2DUtilities.cpp: Added.
platform/graphics/win/Direct2DUtilities.h: Added.
platform/graphics/win/FontCascadeDirect2D.cpp:
platform/graphics/win/GradientDirect2D.cpp:
platform/graphics/win/GraphicsContextDirect2D.cpp:
platform/graphics/win/GraphicsContextImplDirect2D.cpp: Added.
platform/graphics/win/GraphicsContextImplDirect2D.h: Added.
platform/graphics/win/GraphicsContextPlatformPrivateDirect2D.h:
platform/graphics/win/ImageBufferDataDirect2D.h:
platform/graphics/win/ImageBufferDirect2D.cpp:
platform/graphics/win/NativeImageDirect2D.cpp:
platform/graphics/win/PathDirect2D.cpp:
platform/graphics/win/PatternDirect2D.cpp:
platform/graphics/win/PlatformContextDirect2D.cpp: Added.
platform/graphics/win/PlatformContextDirect2D.h: Added.
platform/win/DragImageWin.cpp:
svg/graphics/SVGImage.cpp:

3:25 PM Changeset in webkit [248019] by Nikita Vasilyev

2 edits in trunk/Source/WebInspectorUI

Web Inspector: Resources: Display outline around images when viewing image collections
https://bugs.webkit.org/show_bug.cgi?id=200212

Reviewed by Devin Rousso.

UserInterface/Views/CollectionContentView.css:

(.content-view.collection .resource.image img):
(.content-view.collection .resource.image img:hover):

2:48 PM Changeset in webkit [248018] by mmaxfield@apple.com

6 edits in trunk/Source

REGRESSION(r241288): Text on Yahoo Japan mobile looks too bold
https://bugs.webkit.org/show_bug.cgi?id=200065
<rdar://problem/50912757>

Reviewed by Simon Fraser.

Source/WebCore:

Before r241288, we were mapping Japanese sans-serif to Hiragino Kaku Gothic ProN, which
has a 300 weight and a 600 weight. However, we can't use that font because it's user-installed,
so in r241288 we switched to using Hiragino Sans, which has a 300 weight, a 600 weight, and an
800 weight. According to the CSS font selection algorithm, sites that request a weight of 700
would get the 800 weight instead of the 600 weight, which caused the text to look too heavy.
Therefore, the apparent visual change is from a weight change from 600 to 800.

In general, this is working as intended. However, text on Yahoo Japan looks too heavy in weight

Instead, this patch adds a quirk specific to Yahoo Japan that overwrites any font requests

to give them a weight of 600 instead of 700. This way, the lighter font will be used.

No new tests because quirks cannot be tested.

css/CSSFontSelector.cpp:

(WebCore::resolveGenericFamily):
(WebCore::CSSFontSelector::fontRangesForFamily):

page/Quirks.cpp:

(WebCore::Quirks::shouldLightenJapaneseBoldSansSerif const):

page/Quirks.h:

Source/WTF:

wtf/Platform.h:

2:09 PM BuildingGtk edited by Michael Catanzaro

Tweak language, "CMake module" has a specific meaning, and it's not … (diff)

2:04 PM Changeset in webkit [248017] by Ryan Haddad

8 edits
7 copies
53 adds in trunk/LayoutTests

Add test expectations and baselines for iPad
https://bugs.webkit.org/show_bug.cgi?id=199711

Unreviewed test gardening.

platform/ipad-12/TestExpectations: Added.
platform/ipad-12/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt.
platform/ipad-12/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt.
platform/ipad-12/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt: Copied from LayoutTests/platform/ipad/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt.
platform/ipad-12/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt: Copied from LayoutTests/platform/ipad/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt.
platform/ipad-12/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt: Copied from LayoutTests/platform/ipad/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt.
platform/ipad-12/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt: Copied from LayoutTests/platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt.
platform/ipad/compositing/overflow/scrolling-content-clip-to-viewport-expected.txt: Added.
platform/ipad/compositing/rtl/rtl-scrolling-with-transformed-descendants-expected.txt: Added.
platform/ipad/editing/caret/ios/fixed-caret-position-after-scroll-expected.txt: Added.
platform/ipad/editing/selection/ios/do-not-hide-selection-in-visible-container-expected.txt: Added.
platform/ipad/fast/dom/navigator-iOS-userAgent-expected.txt: Added.
platform/ipad/fast/scrolling/ios/change-scrollability-on-content-resize-nested-expected.txt: Added.
platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-expected.txt:
platform/ipad/fast/scrolling/ios/overflow-scrolling-ancestor-clip-size-expected.txt:
platform/ipad/fast/scrolling/ios/reconcile-layer-position-recursive-expected.txt: Added.
platform/ipad/fast/scrolling/ios/subpixel-overflow-scrolling-with-ancestor-expected.txt:
platform/ipad/fast/viewport/ios/shrink-to-fit-for-page-without-viewport-meta-expected.txt: Added.
platform/ipad/fast/viewport/ios/width-is-device-width-overflowing-body-overflow-hidden-tall-expected.txt:
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-height-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-innerheight-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-innerwidth-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-width-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-tokenization-innerheight-innerwidth-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-tokenization-width-height-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/workers/WorkerNavigator_platform-expected.txt: Added.
platform/ipad/imported/w3c/web-platform-tests/workers/interfaces/WorkerUtils/navigator/004-expected.txt: Added.
platform/ipad/platform/ios/ios/fast/text/opticalFontWithTextStyle-expected.txt:
platform/ipad/scrollingcoordinator/ios/fixed-in-frame-layer-reconcile-layer-position-expected.txt: Added.
platform/ipad/scrollingcoordinator/ios/fixed-in-overflow-scroll-scrolling-tree-expected.txt: Added.
platform/ipad/scrollingcoordinator/ios/fixed-scrolling-with-keyboard-expected.txt: Copied from LayoutTests/platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt.
platform/ipad/scrollingcoordinator/ios/non-stable-viewport-scroll-expected.txt: Added.
platform/ipad/scrollingcoordinator/ios/ui-scrolling-tree-expected.txt:

2:01 PM Changeset in webkit [248016] by Jonathan Bedard

2 edits in trunk/Tools

DumpRenderTree.app: Add CFBundleShortVersionString
https://bugs.webkit.org/show_bug.cgi?id=200269
<rdar://problem/53412596>

Rubber-stamped by Aakash Jain.

DumpRenderTree/ios/Info.plist:

1:21 PM Changeset in webkit [248015] by Simon Fraser

3 edits
2 adds in trunk

Can't scroll on yummly.co.uk recipe (scale(0) div covers the content and hit-tests)
https://bugs.webkit.org/show_bug.cgi?id=200263
rdar://problem/53679408

Reviewed by Antti Koivisto.

Source/WebKit:

The content on this page had a scale(0) div overlaying an overflow:scroll element,
and our UI-side hit-testing code would find this scale(0) element, because apparently
-[UIView convertPoint:fromView:] will happily work with non-invertible matrices, and
-[UIView pointInside:withEvent:] just compares the point with the view bounds.

Since the view frame takes the transform into account, we can look for an empty frame
to detect these non-invertible transforms.

UIProcess/RemoteLayerTree/ios/RemoteLayerTreeViews.mm:

(WebKit::collectDescendantViewsAtPoint):

LayoutTests:

fast/scrolling/ios/non-invertible-transformed-over-scroller-expected.txt: Added.
fast/scrolling/ios/non-invertible-transformed-over-scroller.html: Added.

12:54 PM Changeset in webkit [248014] by Chris Dumez

5 edits in trunk/Source/WebKit

Fix non-thread safe use of WeakPtr under sendSecItemRequest()
https://bugs.webkit.org/show_bug.cgi?id=200249

Reviewed by Alex Christensen.

The function was calling globalNetworkProcess() from a background thread. This is not safe because
globalNetworkProcess() deferences a WeakPtr<NetworkProcess> internally and the NetworkProcess object
gets destroyed on the main thread.

Shared/mac/SecItemShim.cpp:

(WebKit::sendSecItemRequest):

11:41 AM Changeset in webkit [248013] by Michael Catanzaro

2 edits in trunk/Source/WebCore

Unreviewed, fix GTK build after SoupNetworkSession ownership rework.

platform/network/soup/SocketStreamHandleImplSoup.cpp:

10:28 AM Changeset in webkit [248012] by Michael Catanzaro

3 edits in trunk/Source/WebCore

[GTK] Compilation errors when GL is disabled
https://bugs.webkit.org/show_bug.cgi?id=200223

Unreviewed, keep trying to fix build with -DENABLE_OPENGL=OFF.

The previous commit was sufficient for the 2.24 branch, but on trunk there are more
problems. This doesn't solve all of them, but it gets us closer.

SourcesGTK.txt:
platform/graphics/GLContext.h:

10:23 AM Changeset in webkit [248011] by dbates@webkit.org

2 edits in trunk/LayoutTests

picture-in-picture.html fails because webkitpresentationmodechanged sometimes dispatched multiple times
using Apple Internal build
<rdar://problem/36455352>

Workaround by only listening for the first webkitpresentationmodechanged event dispatched. This test
is the canary in the coal mine that revealed that multiple webkitpresentationmodechanged events are
dispatched when one is expected. However this was not the primary purpose of the test and in absence
of a timeframe for a fix for <rdar://problem/36455352> work around this bug to avoid losing test coverage
when using an Apple Internal build.

platform/ipad/media/controls/resources/picture-in-picture.html:

9:31 AM Changeset in webkit [248010] by Carlos Garcia Campos

21 edits in trunk/Source

[SOUP] Move SoupNetworkSession ownership from NetworkStorageSession to NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=200076

Reviewed by Michael Catanzaro.

Source/WebCore:

Remove the SoupNetworkSession from NetworkStorageSession.

platform/network/NetworkStorageSession.h:

(WebCore::NetworkStorageSession::cookieStorage const): Return the cookie jar.

platform/network/StorageSessionProvider.h:

(WebCore::StorageSessionProvider::soupSession const): Temporary add this virtual method that is required by
SocketStreamHandleImplSoup. It will be removed once we switch to libsoup WebSockets API soon.

platform/network/soup/DNSResolveQueueSoup.cpp:

(WebCore::globalDefaultSoupSessionAccessor): Rework the accessor to return the SoupSession directly since
that's what we really want.
(WebCore::DNSResolveQueueSoup::setGlobalDefaultSoupSessionAccessor):
(WebCore::DNSResolveQueueSoup::updateIsUsingProxy):
(WebCore::DNSResolveQueueSoup::platformResolve):
(WebCore::DNSResolveQueueSoup::resolve):

platform/network/soup/DNSResolveQueueSoup.h:
platform/network/soup/NetworkStorageSessionSoup.cpp:

(WebCore::NetworkStorageSession::NetworkStorageSession): Create and setup the default cookie jar.
(WebCore::NetworkStorageSession::~NetworkStorageSession): Only disconnect the cookie jar signals.
(WebCore::NetworkStorageSession::setCookieStorage): Update the cookie jar, now we know it's always a new one.

platform/network/soup/SocketStreamHandleImplSoup.cpp:

(WebCore::SocketStreamHandleImpl::create): Use the new virtual method from StorageSessionProvider to get the SoupSession.

platform/network/soup/SoupNetworkSession.cpp:

(WebCore::SoupNetworkSession::SoupNetworkSession): Remove the SoupCookieJar parameter.

platform/network/soup/SoupNetworkSession.h:

Source/WebKit:

NetworkStorageSession should only own the cookie jar, since it's the only thing it handles from the session.

NetworkProcess/Cookies/soup/WebCookieManagerSoup.cpp:

(WebKit::WebCookieManager::setCookiePersistentStorage): Use the network session instead of the storage session
to set the peristent cookie storage.

NetworkProcess/CustomProtocols/soup/LegacyCustomProtocolManagerSoup.cpp:

(WebKit::LegacyCustomProtocolManager::registerScheme): Iterate network sessions instead of storage sessions to
access the SoupNetworkSession.

NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::resourceLoadStatisticsUpdated): Use
NetworkProcess::forEachNetworkSession() to iterate network sessions.

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::lowMemoryHandler): Ditto.
(WebKit::NetworkProcess::forEachNetworkSession): Added to iterate network sessions intead of exposing the map
that is always used to iterate the sessions.
(WebKit::NetworkProcess::switchToNewTestingSession): Use the new NetworkStorageSession constructor API.
(WebKit::NetworkProcess::ensureSession): Ditto.
(WebKit::NetworkProcess::destroySession): Allow to destroy the default session for soup based ports. This is
only called right before process exit to ensure we don't leak network resources like the cookies database.
(WebKit::NetworkProcess::setResourceLoadStatisticsEnabled): Use NetworkProcess::forEachNetworkSession() to
iterate network sessions.
(WebKit::NetworkProcess::fetchWebsiteData): Ditto.
(WebKit::NetworkProcess::deleteWebsiteDataForOrigins): Ditto.
(WebKit::NetworkProcess::deleteWebsiteDataForRegistrableDomains): Ditto.
(WebKit::NetworkProcess::registrableDomainsWithWebsiteData): Ditto.
(WebKit::NetworkProcess::setCacheModel): Ditto.
(WebKit::NetworkProcess::actualPrepareToSuspend): Ditto.
(WebKit::NetworkProcess::resume): Ditto.

NetworkProcess/NetworkProcess.h:
NetworkProcess/NetworkStorageSessionProvider.h:
NetworkProcess/cocoa/NetworkProcessCocoa.mm:

(WebKit::NetworkProcess::clearDiskCache): Ditto.

NetworkProcess/ios/NetworkProcessIOS.mm:

(WebKit::NetworkProcess::clearCacheForAllOrigins): Ditto.

NetworkProcess/soup/NetworkProcessMainSoup.cpp: Destroy the default session before process exists.
NetworkProcess/soup/NetworkProcessSoup.cpp:

(WebKit::NetworkProcess::userPreferredLanguagesChanged): Iterate network sessions instead of storage sessions to
access the SoupNetworkSession.
(WebKit::NetworkProcess::platformCreateDefaultStorageSession const): Use the new NetworkStorageSession constructor API.
(WebKit::NetworkProcess::clearDiskCache): Use NetworkProcess::forEachNetworkSession() to iterate network sessions.
(WebKit::NetworkProcess::setNetworkProxySettings): Iterate network sessions instead of storage sessions to
access the SoupNetworkSession.

NetworkProcess/soup/NetworkSessionSoup.cpp:

(WebKit::NetworkSessionSoup::NetworkSessionSoup): Create the SoupNetworkSession and setup cookies.
(WebKit::NetworkSessionSoup::soupSession const): Return the SoupSession of SoupNetworkSession.
(WebKit::NetworkSessionSoup::setCookiePersistentStorage): Setup a new cookie jar.

NetworkProcess/soup/NetworkSessionSoup.h:

9:18 AM WebKitGTK/2.24.x edited by Michael Catanzaro

(diff)

9:17 AM Changeset in webkit [248009] by Michael Catanzaro

2 edits in trunk/Source/WebCore

[GTK] Compilation errors when GL is disabled
https://bugs.webkit.org/show_bug.cgi?id=200223

Unreviewed, fix build with -DENABLE_OPENGL=OFF.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:

(WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):

9:04 AM Changeset in webkit [248008] by Michael Catanzaro

2 edits in trunk/Source/WTF

Fix CRASH_WITH_INFO() so that it doesn't complain about unused parameters on non Clang / MSVC compilers.
https://bugs.webkit.org/show_bug.cgi?id=200243

Reviewed by Mark Lam.

For GCC, we'll implement WTFCrashWithInfo as a function rather than a macro. To use
##VA_ARGS we would need to enable GNU extensions, and don't want to do that. The proper
solution, format VA_OPT(,) VA_ARGS, requires C++20. So just use an inline function
for now as a workaround.

wtf/Assertions.h:

(CRASH_WITH_INFO):
(CRASH_WITH_SECURITY_IMPLICATION_AND_INFO):

9:04 AM Changeset in webkit [248007] by Dewei Zhu

2 edits in trunk/Websites/perf.webkit.org

Should not render latest build information if there is no data points for a config.
https://bugs.webkit.org/show_bug.cgi?id=200250

Reviewed by Ryosuke Niwa.

Fix a bug test freshness page that tooltip cannot be rendered when a cell does not have
a data point.

public/v3/pages/test-freshness-page.js: Added a null check on commit set before rendering

latest build informaiton.
(TestFreshnessPage.prototype._renderTooltip):

8:40 AM Changeset in webkit [248006] by Truitt Savell

5 edits in trunk/Source/WebKit

Unreviewed, rolling out r247932.

Broke 8 API tests across all platforms.

Reverted changeset:

"Fix non-thread safe use of WeakPtr under
sendSecItemRequest()"
https://bugs.webkit.org/show_bug.cgi?id=200249
https://trac.webkit.org/changeset/247932

8:24 AM Changeset in webkit [248005] by Truitt Savell

2 edits in trunk/LayoutTests

(r247440) imported/w3c/web-platform-tests/wasm/jsapi/interface.any.worker.html is a flakey failure
https://bugs.webkit.org/show_bug.cgi?id=200258

Context Navigation

Timeline

Aug 3, 2019:

Aug 2, 2019:

Aug 1, 2019:

Jul 31, 2019:

Jul 30, 2019:

Download in other formats: