Context Navigation

← Previous Period
Next Period →

Timeline

Sep 4, 2019:

11:02 PM Changeset in webkit [249524] by Fujii Hironori

2 edits in trunk/Source/WebCore

[Win][Clang] InspectorNetworkAgent.cpp(1122,20): error: cannot decompose this type; 'std::tuple_size<const WTF::KeyValuePair<WTF::String, WTF::RefPtr<WTF::JSONImpl::Value, WTF::DumbPtrTraits<WTF::JSONImpl::Value> > >>::value' is not a valid integral const
https://bugs.webkit.org/show_bug.cgi?id=201489

Unreviewed build fix for clang-cl.

clang-cl 8 can't use a structured binding for a const struct.

No behavior change.

inspector/agents/InspectorNetworkAgent.cpp:

(WebCore::InspectorNetworkAgent::interceptWithResponse): Not to use a structured binding for a const struct.

10:51 PM Changeset in webkit [249523] by ysuzuki@apple.com

16 edits in trunk/Source/JavaScriptCore

Unreviewed, partial roll out r249372 due to JetStream2/Basic ~10% regression
https://bugs.webkit.org/show_bug.cgi?id=201373

bytecode/BytecodeList.rb:
bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitLoopHint):
(JSC::BytecodeGenerator::emitCheckTraps):

bytecompiler/BytecodeGenerator.h:
dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

jit/JIT.cpp:

(JSC::JIT::emitEnterOptimizationCheck):
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

jit/JIT.h:
jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_enter):
(JSC::JIT::emit_op_loop_hint):
(JSC::JIT::emitSlow_op_loop_hint):
(JSC::JIT::emit_op_check_traps):
(JSC::JIT::emitSlow_op_check_traps):
(JSC::JIT::emitSlow_op_enter): Deleted.

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_enter):

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

runtime/CommonSlowPaths.h:

10:24 PM Changeset in webkit [249522] by Fujii Hironori

2 edits in trunk/LayoutTests

[AppleWin] fast/block/float/float-with-anonymous-previous-sibling.html is failing as flaky ImageOnlyFailure
https://bugs.webkit.org/show_bug.cgi?id=201491

Unreviewed test gardening.

platform/win/TestExpectations: Marked it.

9:12 PM Changeset in webkit [249521] by mitz@apple.com

9 copies
1 add in releases/Apple/Safari Technology Preview/Safari Technology Preview 91

Added a tag for Safari Technology Preview release 91.

9:01 PM Changeset in webkit [249520] by ysuzuki@apple.com

14 edits in trunk/Source/JavaScriptCore

Unreviewed, rebaseline builtin generator test results
https://bugs.webkit.org/show_bug.cgi?id=200898

Rebaseline the result files.

Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Combined.js-result:
Scripts/tests/builtins/expected/JavaScriptCore-Builtin.Promise-Separate.js-result:
Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Combined.js-result:
Scripts/tests/builtins/expected/JavaScriptCore-Builtin.prototype-Separate.js-result:
Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Combined.js-result:
Scripts/tests/builtins/expected/JavaScriptCore-BuiltinConstructor-Separate.js-result:
Scripts/tests/builtins/expected/JavaScriptCore-InternalClashingNames-Combined.js-result:
Scripts/tests/builtins/expected/WebCore-AnotherGuardedInternalBuiltin-Separate.js-result:
Scripts/tests/builtins/expected/WebCore-ArbitraryConditionalGuard-Separate.js-result:
Scripts/tests/builtins/expected/WebCore-GuardedBuiltin-Separate.js-result:
Scripts/tests/builtins/expected/WebCore-GuardedInternalBuiltin-Separate.js-result:
Scripts/tests/builtins/expected/WebCore-UnguardedBuiltin-Separate.js-result:
Scripts/tests/builtins/expected/WebCore-xmlCasingTest-Separate.js-result:

8:00 PM Changeset in webkit [249519] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed, another build fix after r249501.

loader/EmptyFrameLoaderClient.h:

7:52 PM Changeset in webkit [249518] by ysuzuki@apple.com

3 edits in trunk/Source/JavaScriptCore

[JSC] FunctionOverrides should have a lock to ensure concurrent access to hash table does not happen
https://bugs.webkit.org/show_bug.cgi?id=201485

Reviewed by Tadeu Zagallo.

FunctionOverrides is a per-process singleton for registering overrides information. But we are accessing
it without taking a lock. If multiple threads with multiple VMs are accessing this concurrently, we have
a race issue like,

While one thread is adding overrides information,
Another thread is accessing this hash table.

This patch adds a lock to make sure that only one thread can access this registry.

tools/FunctionOverrides.cpp:

(JSC::FunctionOverrides::FunctionOverrides):
(JSC::FunctionOverrides::reinstallOverrides):
(JSC::FunctionOverrides::initializeOverrideFor):
(JSC::FunctionOverrides::parseOverridesInFile):

tools/FunctionOverrides.h:

(JSC::FunctionOverrides::clear):

7:52 PM Changeset in webkit [249517] by timothy@apple.com

15 edits
3 adds in trunk

Mail appears to be double inverting code copied from Notes, Xcode, or Terminal.
https://bugs.webkit.org/show_bug.cgi?id=201368
rdar://problem/40529867

Reviewed by Ryosuke Niwa.

Source/WebCore:

Dark mode content that is pasted should have the inline styles inverse color
transformed by the color filter to match the color filtered document contents.

Layout Test: editing/pasteboard/paste-dark-mode-color-filtered.html
API Tests: PasteHTML.TransformColorsOfDarkContent, PasteHTML.DoesNotTransformColorsOfLightContent,

PasteRTFD.TransformColorsOfDarkContent, PasteRTFD.DoesNotTransformColorsOfLightContent

editing/EditingStyle.cpp:

(WebCore::EditingStyle::inverseTransformColorIfNeeded): Added caret-color to the transformed properties.

editing/ReplaceSelectionCommand.cpp:

(WebCore::fragmentNeedsColorTransformed): Added.
(WebCore::ReplaceSelectionCommand::inverseTransformColor): Added.
(WebCore::ReplaceSelectionCommand::doApply): Call fragmentNeedsColorTransformed() and inverseTransformColor().

editing/ReplaceSelectionCommand.h:

Tools:

Added Tests: PasteHTML.TransformColorsOfDarkContent, PasteHTML.DoesNotTransformColorsOfLightContent,

PasteRTFD.TransformColorsOfDarkContent, PasteRTFD.DoesNotTransformColorsOfLightContent

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKitCocoa/PasteHTML.mm:

(createWebViewWithCustomPasteboardDataSetting): Added argument to enable color filter.

TestWebKitAPI/Tests/WebKitCocoa/PasteRTFD.mm:

(createWebViewWithCustomPasteboardDataEnabled): Added argument to enable color filter.

TestWebKitAPI/Tests/WebKitCocoa/rich-color-filtered.html: Added.
TestWebKitAPI/cocoa/TestWKWebView.h:
TestWebKitAPI/cocoa/TestWKWebView.mm:

(-[TestWKWebView forceDarkMode]):

LayoutTests:

TestExpectations:
editing/pasteboard/paste-dark-mode-color-filtered-expected.txt: Added.
editing/pasteboard/paste-dark-mode-color-filtered.html: Added.
platform/ios-12/TestExpectations:
platform/ios/TestExpectations:
platform/mac/TestExpectations:

7:38 PM Changeset in webkit [249516] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed, drop extra whitespace added in r249515.

loader/EmptyFrameLoaderClient.h:

7:36 PM Changeset in webkit [249515] by Chris Dumez

2 edits in trunk/Source/WebCore

Unreviewed build fix after r249501.

r249501 seems to have exposed the fact that EmptyFrameLoaderClient.h is missing a #pragma once.

loader/EmptyFrameLoaderClient.h:

7:36 PM Changeset in webkit [249514] by Wenson Hsieh

5 edits in trunk

MobileSafari may crash when invoking the C++ lambda in -[WKContentView _shareForWebView:]
https://bugs.webkit.org/show_bug.cgi?id=201479
<rdar://problem/51511834>

Reviewed by Tim Horton.

Source/WebKit:

Fix the crash by making -_shareForWebView: robust in the case where there are no selection rects
known in the UI process when -[WKContentView _share:] is invoked.

UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _shareForWebView:]):

Tools:

Add a test to verify that the UI process doesn't crash when invoking _share: while there's no selection.

TestWebKitAPI/Tests/WebKitCocoa/WKContentViewEditingActions.mm:
TestWebKitAPI/ios/UIKitSPI.h:

7:20 PM WebKitGTK/2.26.x edited by Patrick Griffis

(diff)

7:15 PM Changeset in webkit [249513] by Devin Rousso

6 edits in trunk/Source/WebInspectorUI

Web Inspector: unify the interaction of show/hide status icons in Sources and Canvas
https://bugs.webkit.org/show_bug.cgi?id=201470

Reviewed by Joseph Pecoraro.

Rather than "fading" the tree element's text when the underlying represented object is
disabled/blackboxed, we should just "fade" the icon. The "fade" shouldn't change when the
tree element is selected. The image of the status eye also shouldn't change depending on
whether the underlying represented object is disabled/blackboxed, as it being visible (even
if it's "faded") is already enough of an indicator.

It should also be possible to toggle the disabled/blackboxed state via the context menu.

UserInterface/Views/ContextMenuUtilities.js:

(WI.appendContextMenuItemsForSourceCode):

UserInterface/Views/SourceCodeTreeElement.css:

(.tree-outline:not(.navigation-sidebar-panel-content-tree-outline) .item .status > .toggle-script-blackboxed, .tree-outline .item:not(:hover) .status > .toggle-script-blackboxed:not(.blackboxed)): Added.
(.tree-outline:not(.navigation-sidebar-panel-content-tree-outline) .item .status > .toggle-script-blackboxed, .tree-outline .item:not(:hover, .selected) .status > .toggle-script-blackboxed:not(.blackboxed)): Deleted.

UserInterface/Models/ShaderProgram.js:

(WI.ShaderProgram):
(WI.ShaderProgram.prototype.get disabled): Added.
(WI.ShaderProgram.prototype.set disabled): Added.
(WI.ShaderProgram.prototype.toggleDisabled): Deleted.

UserInterface/Views/ShaderProgramTreeElement.js:

(WI.ShaderProgramTreeElement.prototype.onattach):
(WI.ShaderProgramTreeElement.prototype.ondetach): Added.
(WI.ShaderProgramTreeElement.prototype.canSelectOnMouseDown):
(WI.ShaderProgramTreeElement.prototype.populateContextMenu): Added.
(WI.ShaderProgramTreeElement.prototype._disabledImageElementClicked):
(WI.ShaderProgramTreeElement.prototype._handleShaderProgramDisabledChanged): Added.

UserInterface/Views/ShaderProgramTreeElement.css:

(.tree-outline .item.shader-program .status > img): Added.
(.tree-outline .item.shader-program:not(:hover, .selected, .disabled) .status > img): Added.
(.tree-outline .item.shader-program.disabled .status > img): Added.
(@media (prefers-color-scheme: dark) .tree-outline .item.shader-program .status > img): Added.
(.item.shader-program .status > img): Deleted.
(.item.shader-program.disabled:hover .status > img): Deleted.
(.item.shader-program:not(:hover, .selected, .disabled) .status > img): Deleted.
(.item.shader-program.disabled > :not(.status)): Deleted.
(@media (prefers-color-scheme: dark) .item.shader-program .status > img): Deleted.

7:11 PM Changeset in webkit [249512] by rniwa@webkit.org

4 edits in trunk/Source/WebKit

Replace defaultCustomPasteboardDataEnabled by an equivalent macro
https://bugs.webkit.org/show_bug.cgi?id=201477

Reviewed by Wenson Hsieh.

r227282 introduced defaultCustomPasteboardDataEnabled() to disable the custom pasteboard data on
apps linked against old SDKs. However, this had a bug that the check inside WebContent process
would always return true because WebContent process is always linked against the latest SDKs.
Because WebPreferences values aren't propagated from UI process to WebContent process unless
there is a value change, it meant that custom pasteboard data is always enabled.

This patch replaces this function with a simple macro which always enables the custom pasteboard
data on iOS family and macOS as it has always been the case before and after r227282.

Shared/WebPreferences.yaml:
Shared/WebPreferencesDefaultValues.cpp:

(WebKit::defaultCustomPasteboardDataEnabled): Deleted.

Shared/WebPreferencesDefaultValues.h:

6:39 PM Changeset in webkit [249511] by Simon Fraser

7 edits
2 adds in trunk

Cancelled transitions on Google image search leave content with opacity 0 sometimes
https://bugs.webkit.org/show_bug.cgi?id=201482
rdar://problem/54921036

Reviewed by Tim Horton.
Source/WebCore:

If, in a single rendering update, we started an accelerated opacity transition, and then removed
it, we'd still push the transition onto the CALayer with fillForwards and never remove it, so its
effects would last forever.

Fix by making GraphicsLayerCA::removeAnimation() remove animations from the uncomittedAnimations
list as well.

Also fix layer names in debug; if a layer's primaryLayerID changed, we'd fail to rename the
CALayer, causing confusion when logging at layer dumps. Fix by adding the layer ID just
before pushing the name to the platform layer.

Some drive-by logging cleanup.

Test: legacy-animation-engine/compositing/transitions/add-remove-transition.html

platform/graphics/GraphicsLayer.cpp:

(WebCore::GraphicsLayer::debugName const):

platform/graphics/GraphicsLayer.h:
platform/graphics/ca/GraphicsLayerCA.cpp:

(WebCore::GraphicsLayerCA::setName):
(WebCore::GraphicsLayerCA::debugName const):
(WebCore::GraphicsLayerCA::addAnimation):
(WebCore::GraphicsLayerCA::pauseAnimation):
(WebCore::GraphicsLayerCA::seekAnimation):
(WebCore::GraphicsLayerCA::removeAnimation):
(WebCore::GraphicsLayerCA::platformCALayerAnimationStarted):
(WebCore::GraphicsLayerCA::platformCALayerAnimationEnded):
(WebCore::GraphicsLayerCA::updateNames):
(WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes):

platform/graphics/ca/GraphicsLayerCA.h:
rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::logLayerInfo):

LayoutTests:

legacy-animation-engine/compositing/transitions/add-remove-transition-expected.html: Added.
legacy-animation-engine/compositing/transitions/add-remove-transition.html: Added.

6:33 PM Changeset in webkit [249510] by Kocsen Chung

1 copy in tags/Safari-608.3.1

Tag Safari-608.3.1.

6:23 PM Changeset in webkit [249509] by ysuzuki@apple.com

117 edits
1 copy
21 adds in trunk

[JSC] Make Promise implementation faster
https://bugs.webkit.org/show_bug.cgi?id=200898

Reviewed by Saam Barati.

JSTests:

ChakraCore/test/UnitTestFramework/UnitTestFramework.js:

(assert.assert.return.throws):

modules/breaking-builtin-promise-then-does-not-break-internal-promise.js: Added.
modules/breaking-builtin-promise-then-does-not-break-internal-promise/test.js: Added.
stress/constructor-kind-naked-should-not-be-applied-to-inner-functions.js: Added.

(shouldThrow):
(new.Promise):
(shouldThrow.Promise):

stress/create-promise-should-respect-promise-realm.js: Added.

(shouldBe):
(other.new.OtherPromise):
(DerivedOtherPromise):
(i.promise.new.DerivedOtherPromise):
(createPromise):

stress/derived-promise-constructor-class-syntax-prototype-replace-attempt.js: Added.

(shouldBe):
(DerivedPromise):
(i.array.push.new.DerivedPromise):
(promise.new.DerivedPromise):

stress/derived-promise-constructor-inlined.js: Added.

(shouldBe):
(DerivedPromise):
(i.array.push.new.DerivedPromise):
(DerivedPromise.all.array.then):

stress/derived-promise-prototype-replaced.js: Added.

(shouldBe):
(DerivedPromise):
(i.array.push.new.DerivedPromise):
(promise.new.DerivedPromise):

stress/internal-promise-constructor-not-confusing.js: Added.

(shouldBe):
(InternalPromise.vm.createBuiltin):
(DerivedPromise):

stress/internal-promise-is-not-exposed.js: Added.

(shouldBe):

stress/new-promise-should-respect-promise-realm.js: Added.

(shouldBe):
(other.new.OtherPromise):
(createPromise):

stress/promise-cannot-be-called.js:

(shouldThrow):

stress/promise-capability-fast-path.js: Added.

(shouldBe):
(i.array.push.new.Promise):
(i.array.i.then):

stress/promise-capability-slow-path.js: Added.

(shouldBe):
(Promise.prototype.then):
(i.array.push.new.Promise):
(i.array.i.then):

stress/promise-capability-then-slow-path.js: Added.

(shouldBe):
(DerivedPromise):
(DerivedPromise.prototype.then):
(i.array.push.new.DerivedPromise):
(i.array.i.then):

stress/promise-constructor-inlined.js: Added.

(shouldBe):
(i.array.push.new.Promise):
(Promise.all.array.then):

stress/promise-constructor-transition-from-new-promise-to-create-promise.js: Added.

(shouldBe):
(DerivedPromise):
(DerivedPromise2):
(i.array.push.new.DerivedPromise):
(i.array2.push.new.DerivedPromise2):

stress/without-promise-functions.js: Added.

(shouldBe):
(async):

LayoutTests/imported/w3c:

web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects-expected.txt:

Source/JavaScriptCore:

This is the major change of the Promise implementation and it improves JetStream2/async-fs by 62%.

Make JSPromise C++ friendly

Instead of using objects with private properties (properties with private symbols), we put internal fields in JSPromise.
This avoids allocating unnecessary butterflies for these private fields, and makes allocating JSPromise and accessing these
fields from C++ easy. Moreover, this patch reduces # of fields of JSPromise from 4 to 2 to make JSPromise compact. To access these internal
fields efficiently from JS, we add op_get_promise_internal_field and op_put_promise_internal_field bytecodes, and corresponding DFG/FTL
supports. They are similar to GetClosureVar / PutClosureVar implementation. These two bytecodes are intentionally generic to later expand
this support to generator and async-generator by renaming them to op_get_internal_field and op_put_internal_field. It is filed in [1].

We also add JSPromiseType as JSType. And structures for JSPromise should have that. So that now @isPromise is efficiently implemented.
This also requires adding SpecPromiseObject and PromiseObjectUse to DFG.

Further, by introducing another bit flag representing alreadyResolved to JSPromise's flags, we can remove JSPromiseDeferred. This extension
is filed in [2].

Make JSPromise constructor JS friendly

The old JSPromise constructor was very inefficient: JSPromise constructor is InternalFunction in C++, and in it, it
calls initializePromise JS function. And this initializePromise function invokes executor function passed by user program.
If we can implement JSPromise constructor fully in JS, we can recognize executor and we have a chance to fully inline them.
Unfortunately, we cannot inline JSPromise constructor for now since it takes 120 bytecode cost while our inlining threshold for
construct is 100. We might want to investigate getting it inlined in the future[3].

We can avoid C++ <-> JS dance in such an important operation, allocating JSPromise. This patch introduces @nakedConstructor
annotation to builtin JS. And this is propagated as ConstructorKind::Naked. If this kind is attached, the bytecode generator
do not emit op_create_this implicitly and the constructor does not return this object implicitly. The naked constructor allows
us to emit bare-metal bytecode, specifically necessary to allocate non-final JSObject from JS constructor. We introduce op_create_promise,
which is similar to op_create_this, but it allocates JSPromise. And by using @createPromise bytecode intrinsic, we implement
JSPromise constructor fully in JS.
With this, we can start introducing object-allocation-sinking for JSPromise too. It is filed in [4].

DFG supports for JSPromise operations

This patch adds four DFG nodes, CreatePromise, NewPromise, GetPromiseInternalField, and PutPromiseInternalField. CreatePromise mimics CreateThis,
and NewPromise mimics NewObject. CreatePromise can be converted to NewPromise with some condition checks and NewPromise can efficiently allocate
promises. CreatePromise and NewPromise have isInternalPromise flag so that InternalPromise is also correctly handled in DFG.
When converting CreatePromise to NewPromise, we need to get the correct structure with a specified callee.prototype. We mimic the mechanism
used in CreateThis, but we use InternalFunctionAllocationProfile instead of ObjectAllocationProfile because (1) InternalFunctionAllocationProfile
can handle non-final JSObjects and (2) we do not need to handle inline-capacity for promises. To make InternalFunctionAllocationProfile usable
in DFG, we connect watchpoint to InternalFunctionAllocationProfile's invalidation so that DFG code can notice when InternalFunctionAllocationProfile's
structure is invalidated: callee.prototype is replaced.

Avoid creating unnecessary promises

Some promises are never shown to users, and they are never rejected. One example is await's promise. And some of promise creation can be avoided.
For example, when resolving a value with Promise.resolve, if a value is promise and if it's then method is the builtin then, we can avoid creating
intermediate promise. To handle these things well, we introduce @resolveWithoutPromise, @rejectWithoutPromise, and @fulfillWithoutPromise. They
take onFulfilled and onRejected handlers and they do not need an intermediate promise for resolving. This removes internal promise allocations
in major cases and makes promise / async-functions efficient. And we also expose builtin then function as @then, and insert @isPromise(xxx) && then === @then
check to take a fast path. We introduced four types of promise reactions to avoid some of object allocations. And microtask reaction is handling these four types.

Avoid creating resolving-functions and promise capabilities

Resolving functions have alreadyResolved flag to prevent calling resolve and reject multiple times. For the first resolving function creation, this
patch embeds one bit flag to JSPromise itself which indicates alreadyResolved in the first created resolving functions (resolving functions can be later
created again for the same promise. In that case, we just create a usual resolving functions). By doing so, we avoid unnecessary resolving functions
and promise capability allocations. We introduce a wrapper function @resolvePromiseWithFirstResolvingFunctionCallCheck and @rejectPromiseWithFirstResolvingFunctionCallCheck.
The resolving functions which are first created with @newPromiseCapability can be mechanically replaced with the calls to these functions, e.g. replacing
promiseCapability.@resolve.@call(@undefined, value) with @resolvePromiseWithFirstResolvingFunctionCallCheck(promise, value).
This mechanism will be used to drop JSPromiseDeferred in a separate patch.

JetStream2/async-fs results.

ToT:

Running async-fs:

Startup: 116.279
Worst Case: 151.515
Average: 176.630
Score: 145.996
Wall time: 0:01.149

Patched:

Running async-fs:

Startup: 166.667
Worst Case: 267.857
Average: 299.080
Score: 237.235
Wall time: 0:00.683

[1]: https://bugs.webkit.org/show_bug.cgi?id=201159
[2]: https://bugs.webkit.org/show_bug.cgi?id=201160
[3]: https://bugs.webkit.org/show_bug.cgi?id=201452
[4]: https://bugs.webkit.org/show_bug.cgi?id=201158

CMakeLists.txt:
JavaScriptCore.xcodeproj/project.pbxproj:
Scripts/wkbuiltins/builtins_generate_combined_header.py:

(ConstructAbility):
(ConstructorKind):

Scripts/wkbuiltins/builtins_generate_separate_header.py:
Scripts/wkbuiltins/builtins_generator.py:

(BuiltinsGenerator.generate_embedded_code_data_for_function):
(BuiltinsGenerator.generate_embedded_code_string_section_for_data):

Scripts/wkbuiltins/builtins_model.py:

(BuiltinFunction.init):
(BuiltinFunction.fromString):

Scripts/wkbuiltins/builtins_templates.py:
builtins/AsyncFromSyncIteratorPrototype.js:

(next.try):
(next):
(return.try):
(return):
(throw.try):
(throw):

builtins/AsyncFunctionPrototype.js:

(globalPrivate.asyncFunctionResume):

builtins/AsyncGeneratorPrototype.js:

(globalPrivate.asyncGeneratorQueueIsEmpty):
(globalPrivate.asyncGeneratorQueueEnqueue):
(globalPrivate.asyncGeneratorQueueDequeue):
(globalPrivate.asyncGeneratorReject):
(globalPrivate.asyncGeneratorResolve):
(globalPrivate.asyncGeneratorYield):
(onRejected):
(globalPrivate.awaitValue):
(onFulfilled):
(globalPrivate.doAsyncGeneratorBodyCall):
(globalPrivate.asyncGeneratorResumeNext):
(globalPrivate.asyncGeneratorEnqueue):
(globalPrivate.asyncGeneratorDequeue): Deleted.
(const.onRejected): Deleted.
(const.onFulfilled): Deleted.
(globalPrivate.asyncGeneratorResumeNext.): Deleted.

builtins/BuiltinExecutableCreator.h:
builtins/BuiltinExecutables.cpp:

(JSC::BuiltinExecutables::defaultConstructorSourceCode):
(JSC::BuiltinExecutables::createDefaultConstructor):
(JSC::BuiltinExecutables::createBuiltinExecutable):
(JSC::BuiltinExecutables::createExecutable):
(JSC::createBuiltinExecutable): Deleted.

builtins/BuiltinExecutables.h:
builtins/BuiltinNames.h:
builtins/BuiltinUtils.h:
builtins/ModuleLoader.js:

(forceFulfillPromise):

builtins/PromiseConstructor.js:

(nakedConstructor.Promise.resolve):
(nakedConstructor.Promise.reject):
(nakedConstructor.Promise):
(nakedConstructor.InternalPromise.resolve):
(nakedConstructor.InternalPromise.reject):
(nakedConstructor.InternalPromise):

builtins/PromiseOperations.js:

(globalPrivate.newPromiseReaction):
(globalPrivate.newPromiseCapability):
(globalPrivate.newHandledRejectedPromise):
(globalPrivate.triggerPromiseReactions):
(globalPrivate.resolvePromise):
(globalPrivate.rejectPromise):
(globalPrivate.fulfillPromise):
(globalPrivate.resolvePromiseWithFirstResolvingFunctionCallCheck):
(globalPrivate.rejectPromiseWithFirstResolvingFunctionCallCheck):
(globalPrivate.createResolvingFunctions.resolve):
(globalPrivate.createResolvingFunctions.reject):
(globalPrivate.createResolvingFunctions):
(globalPrivate.promiseReactionJobWithoutPromise):
(globalPrivate.resolveWithoutPromise):
(globalPrivate.rejectWithoutPromise):
(globalPrivate.fulfillWithoutPromise):
(resolve):
(reject):
(globalPrivate.createResolvingFunctionsWithoutPromise):
(globalPrivate.promiseReactionJob):
(globalPrivate.promiseResolveThenableJobFast):
(globalPrivate.promiseResolveThenableJobWithoutPromiseFast):
(globalPrivate.promiseResolveThenableJob):
(globalPrivate.isPromise): Deleted.
(globalPrivate.newPromiseCapability.executor): Deleted.
(globalPrivate.initializePromise): Deleted.

builtins/PromisePrototype.js:

(then):

bytecode/BytecodeIntrinsicRegistry.cpp:

(JSC::BytecodeIntrinsicRegistry::BytecodeIntrinsicRegistry):

bytecode/BytecodeIntrinsicRegistry.h:
bytecode/BytecodeList.rb:
bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::finalizeLLIntInlineCaches):

bytecode/Opcode.h:
bytecode/SpeculatedType.cpp:

(JSC::dumpSpeculation):
(JSC::speculationFromClassInfo):
(JSC::speculationFromJSType):
(JSC::speculationFromString):

bytecode/SpeculatedType.h:
bytecode/UnlinkedFunctionExecutable.h:
bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitGetPromiseInternalField):
(JSC::BytecodeGenerator::emitPutPromiseInternalField):
(JSC::BytecodeGenerator::emitCreatePromise):
(JSC::BytecodeGenerator::emitNewPromise):
(JSC::BytecodeGenerator::emitReturn):

bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::promiseRegister):
(JSC::BytecodeGenerator::emitIsPromise):
(JSC::BytecodeGenerator::promiseCapabilityRegister): Deleted.

bytecompiler/NodesCodegen.cpp:

(JSC::promiseInternalFieldIndex):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_getPromiseInternalField):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_putPromiseInternalField):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_isPromise):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_createPromise):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_newPromise):
(JSC::FunctionNode::emitBytecode):

dfg/DFGAbstractHeap.h:
dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

dfg/DFGClobbersExitState.cpp:

(JSC::DFG::clobbersExitState):

dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):

dfg/DFGHeapLocation.cpp:

(WTF::printInternal):

dfg/DFGHeapLocation.h:
dfg/DFGMayExit.cpp:
dfg/DFGNode.h:

(JSC::DFG::Node::convertToNewPromise):
(JSC::DFG::Node::hasIsInternalPromise):
(JSC::DFG::Node::isInternalPromise):
(JSC::DFG::Node::hasInternalFieldIndex):
(JSC::DFG::Node::internalFieldIndex):
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::hasStructure):

dfg/DFGNodeType.h:
dfg/DFGOperations.cpp:
dfg/DFGOperations.h:
dfg/DFGPredictionPropagationPhase.cpp:
dfg/DFGPromotedHeapLocation.cpp:

(WTF::printInternal):

dfg/DFGPromotedHeapLocation.h:
dfg/DFGSafeToExecute.h:

(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::safeToExecute):

dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
(JSC::DFG::SpeculativeJIT::speculatePromiseObject):
(JSC::DFG::SpeculativeJIT::speculate):
(JSC::DFG::SpeculativeJIT::compileGetPromiseInternalField):
(JSC::DFG::SpeculativeJIT::compilePutPromiseInternalField):
(JSC::DFG::SpeculativeJIT::compileCreatePromise):
(JSC::DFG::SpeculativeJIT::compileNewPromise):

dfg/DFGSpeculativeJIT.h:
dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

dfg/DFGStoreBarrierInsertionPhase.cpp:
dfg/DFGUseKind.cpp:

(WTF::printInternal):

dfg/DFGUseKind.h:

(JSC::DFG::typeFilterFor):
(JSC::DFG::isCell):

ftl/FTLAbstractHeapRepository.h:
ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileNewPromise):
(JSC::FTL::DFG::LowerDFGToB3::compileCreatePromise):
(JSC::FTL::DFG::LowerDFGToB3::compileGetPromiseInternalField):
(JSC::FTL::DFG::LowerDFGToB3::compilePutPromiseInternalField):
(JSC::FTL::DFG::LowerDFGToB3::speculate):
(JSC::FTL::DFG::LowerDFGToB3::speculatePromiseObject):

jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

jit/JIT.h:
jit/JITOperations.cpp:
jit/JITOperations.h:
jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_get_promise_internal_field):
(JSC::JIT::emit_op_put_promise_internal_field):

jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_get_promise_internal_field):
(JSC::JIT::emit_op_put_promise_internal_field):

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
parser/Parser.cpp:

(JSC::Parser<LexerType>::Parser):
(JSC::Parser<LexerType>::parseFunctionInfo):

parser/Parser.h:

(JSC::parse):

parser/ParserModes.h:
runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

runtime/CommonSlowPaths.h:
runtime/ConstructAbility.h:
runtime/ConstructorKind.h: Copied from Source/JavaScriptCore/runtime/ConstructAbility.h.
runtime/FunctionRareData.cpp:

(JSC::FunctionRareData::FunctionRareData):
(JSC::FunctionRareData::initializeObjectAllocationProfile):
(JSC::FunctionRareData::clear):

runtime/FunctionRareData.h:
runtime/InternalFunction.cpp:

(JSC::InternalFunction::createSubclassStructureSlow):

runtime/InternalFunction.h:

(JSC::InternalFunction::createSubclassStructure):

runtime/JSCast.h:
runtime/JSGlobalObject.cpp:

(JSC::enqueueJob):
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):

runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::arrayProtoValuesFunction const):
(JSC::JSGlobalObject::promiseProtoThenFunction const):
(JSC::JSGlobalObject::initializePromiseFunction const): Deleted.

runtime/JSInternalPromise.cpp:

(JSC::JSInternalPromise::createStructure):

runtime/JSInternalPromiseConstructor.cpp:

(JSC::JSInternalPromiseConstructor::create):
(JSC::JSInternalPromiseConstructor::createStructure):
(JSC::JSInternalPromiseConstructor::JSInternalPromiseConstructor):
(JSC::constructPromise): Deleted.

runtime/JSInternalPromiseConstructor.h:
runtime/JSInternalPromisePrototype.cpp:

(JSC::JSInternalPromisePrototype::create):

runtime/JSMicrotask.cpp:

(JSC::createJSMicrotask):
(JSC::JSMicrotask::run):

runtime/JSMicrotask.h:
runtime/JSPromise.cpp:

(JSC::JSPromise::createStructure):
(JSC::JSPromise::finishCreation):
(JSC::JSPromise::visitChildren):
(JSC::JSPromise::status const):
(JSC::JSPromise::result const):
(JSC::JSPromise::isHandled const):
(JSC::JSPromise::initialize): Deleted.

runtime/JSPromise.h:

(JSC::JSPromise::allocationSize):
(JSC::JSPromise::offsetOfInternalFields):
(JSC::JSPromise::offsetOfInternalField):

runtime/JSPromiseConstructor.cpp:

(JSC::JSPromiseConstructor::create):
(JSC::JSPromiseConstructor::createStructure):
(JSC::JSPromiseConstructor::JSPromiseConstructor):
(JSC::JSPromiseConstructor::finishCreation):
(JSC::constructPromise): Deleted.
(JSC::callPromise): Deleted.

runtime/JSPromiseConstructor.h:
runtime/JSPromisePrototype.cpp:

(JSC::JSPromisePrototype::create):
(JSC::JSPromisePrototype::finishCreation):
(JSC::JSPromisePrototype::addOwnInternalSlots):

runtime/JSPromisePrototype.h:
runtime/JSType.cpp:

(WTF::printInternal):

runtime/JSType.h:

Source/WebCore:

Modules/streams/ReadableStream.js:

(pipeThrough):

Modules/streams/ReadableStreamInternals.js:

(readableStreamError):
(readableStreamReaderGenericRelease):

LayoutTests:

inspector/canvas/recording-bitmaprenderer-frameCount-expected.txt:
inspector/canvas/recording-bitmaprenderer-full-expected.txt:
inspector/canvas/recording-bitmaprenderer-memoryLimit-expected.txt:
inspector/console/message-stack-trace-expected.txt:
inspector/console/queryHolders-expected.txt:
js/Promise-types-expected.txt:
js/dom/Promise-resolve-with-itself-expected.txt:
js/dom/Promise-resolve-with-itself.html:
js/script-tests/Promise-types.js:

6:17 PM Changeset in webkit [249508] by Wenson Hsieh

5 edits in trunk

-[WKContentView selectedText] returns an empty string when selecting more than 200 characters
https://bugs.webkit.org/show_bug.cgi?id=201471
<rdar://problem/55039227>

Reviewed by Tim Horton.

Source/WebKit:

The fix for <rdar://problem/54308019> is contingent on -[WKContentView selectedText] returning a non-empty
result in the case where text is selected. However, in WebKit, if more than 200 characters are selected,
-selectedText ends up returning nothing.

This is due to logic added in trac.webkit.org/r167624 that was intended to return the selected text in
PostLayoutData's wordAtSelection, up to a maximum of 200 characters, likely for performance and/or security
reasons. However, instead of truncating at 200 characters, the change simply drops wordAtSelection altogether.
This patch fixes this issue by taking the first 200 characters of the selected text.

Test: EditorStateTests.SelectedText

WebProcess/WebPage/ios/WebPageIOS.mm:

(WebKit::WebPage::platformEditorState const):

Tools:

Add an API test to ensure that -selectedText is non-empty in the case where more than 200 characters are
selected.

TestWebKitAPI/Tests/WebKitCocoa/EditorStateTests.mm:

(TestWebKitAPI::TEST):

TestWebKitAPI/ios/UIKitSPI.h:

6:02 PM Changeset in webkit [249507] by timothy_horton@apple.com

3 edits
2 adds in trunk

Line artifacts in note body after viewing note with <attachment>s
https://bugs.webkit.org/show_bug.cgi?id=201474
<rdar://problem/51306108>

Reviewed by Simon Fraser.

Source/WebCore:

Test: fast/attachment/attachment-border-should-stay-inside-attachment.html

rendering/RenderThemeIOS.mm:

(WebCore::attachmentBorderPath):
(WebCore::paintAttachmentBorder):
Inset the border rect by half the width, so that <attachment> doesn't
paint out-of-bounds.

LayoutTests:

fast/attachment/attachment-border-should-stay-inside-attachment-expected.html: Added.
fast/attachment/attachment-border-should-stay-inside-attachment.html: Added.

Add a test that ensures that <attachment> stays inside its bounds.

5:47 PM Changeset in webkit [249506] by Jonathan Bedard

2 edits in trunk/Tools

results.webkit.org: Fix mobile vs desktop mode
https://bugs.webkit.org/show_bug.cgi?id=201441

Rubber-stamped by Aakash Jain.

We should unconditionally use desktop mode if the device screen-width
is large enough.

resultsdbpy/resultsdbpy/view/static/library/css/webkit.css:

5:45 PM Changeset in webkit [249505] by Kocsen Chung

7 edits in branches/safari-608.2.11.1-branch/Source

Versioning.

4:35 PM Changeset in webkit [249504] by Joseph Pecoraro

77 edits
11 copies
23 adds in trunk

Web Inspector: Local Overrides - Provide substitution content for resource loads (URL based)
https://bugs.webkit.org/show_bug.cgi?id=201262
<rdar://problem/13108764>

Reviewed by Devin Rousso.

Source/JavaScriptCore:

When interception is enabled, Network requests that match any of the configured
interception patterns will be paused on the backend and allowed to be modified
by the frontend.

Currently the only time a network request can be intercepted is during the
HTTP response. However, this intercepting interface is mean to extend to
HTTP requests as well.

When a response is to be intercepted a new event is sent to the frontend:

Network.responseIntercepted event

With a requestId to identify that network request. The frontend
must respond with one of the following commands to continue:

Network.interceptContinue - proceed with the response unmodified
Network.interceptWithResponse - provide a response

The response is paused in the meantime.

inspector/protocol/Network.json:

New interfaces for intercepting network responses and suppling override content.

Scripts/generate-combined-inspector-json.py:
inspector/scripts/generate-inspector-protocol-bindings.py:

(generate_from_specification.load_specification):
Complete allowing comments in JSON protocol files.

inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:

(ObjCBackendDispatcherImplementationGenerator._generate_invocation_for_command):

inspector/scripts/tests/generic/expected/commands-with-optional-call-return-parameters.json-result:

Allow optional enums in ObjC interfaces.

Source/WebCore:

Tests: http/tests/inspector/network/local-resource-override-basic.html

http/tests/inspector/network/local-resource-override-main-resource.html
http/tests/inspector/network/local-resource-override-script-tag.html
http/tests/inspector/network/resource-response-inspector-override.html

Sources.txt:
WebCore.xcodeproj/project.pbxproj:
Headers.cmake:

New files.

inspector/InspectorInstrumentation.cpp:

(WebCore::InspectorInstrumentation::willInterceptRequestImpl):
(WebCore::InspectorInstrumentation::shouldInterceptResponseImpl):
(WebCore::InspectorInstrumentation::interceptResponseImpl):

inspector/InspectorInstrumentation.h:

(WebCore::InspectorInstrumentation::hasFrontends):
(WebCore::InspectorInstrumentation::willInterceptRequest):
(WebCore::InspectorInstrumentation::shouldInterceptResponse):
(WebCore::InspectorInstrumentation::interceptResponse):
(WebCore::InspectorInstrumentation::frontendCreated):
(WebCore::InspectorInstrumentation::frontendDeleted):

inspector/InspectorInstrumentationPublic.cpp:
inspector/InspectorInstrumentationPublic.h:
inspector/InspectorInstrumentationWebKit.cpp:

(WebCore::InspectorInstrumentationWebKit::shouldInterceptResponseInternal):
(WebCore::InspectorInstrumentationWebKit::interceptResponseInternal):

inspector/InspectorInstrumentationWebKit.h: Added.

(WebCore::InspectorInstrumentationWebKit::shouldInterceptResponse):
(WebCore::InspectorInstrumentationWebKit::interceptResponse):
Provide a slim InspectorInstrumentation API that can be used in the WebKit
layer without a ton of includes.

inspector/agents/InspectorNetworkAgent.cpp:

(WebCore::responseSource):
(WebCore::InspectorNetworkAgent::disable):
(WebCore::InspectorNetworkAgent::continuePendingResponses):
(WebCore::InspectorNetworkAgent::setInterceptionEnabled):
(WebCore::InspectorNetworkAgent::addInterception):
(WebCore::InspectorNetworkAgent::removeInterception):
(WebCore::InspectorNetworkAgent::willInterceptRequest):
(WebCore::InspectorNetworkAgent::shouldInterceptResponse):
(WebCore::InspectorNetworkAgent::interceptResponse):
(WebCore::InspectorNetworkAgent::interceptContinue):
(WebCore::InspectorNetworkAgent::interceptWithResponse):
Manage a list of URLs that will be intercepted and send
intercepts to an active frontend for response content.

inspector/agents/InspectorNetworkAgent.h:

(WebCore::InspectorNetworkAgent::PendingInterceptResponse::PendingInterceptResponse):
(WebCore::InspectorNetworkAgent::PendingInterceptResponse::~PendingInterceptResponse):
(WebCore::InspectorNetworkAgent::PendingInterceptResponse::originalResponse):
(WebCore::InspectorNetworkAgent::PendingInterceptResponse::respondWithOriginalResponse):
(WebCore::InspectorNetworkAgent::PendingInterceptResponse::respond):
Callback for an eventual intercept response.

platform/network/ResourceResponseBase.h:

New ResponseSource - Inspector Override.

loader/DocumentLoader.cpp:

(WebCore::logResourceResponseSource):

testing/Internals.cpp:

(WebCore::responseSourceToString):
Handle new response sources.

loader/cache/CachedResourceLoader.cpp:

(WebCore::CachedResourceLoader::requestResource):
(WebCore::CachedResourceLoader::preload):
Avoid preloading or using the cache for URLs that would be intercepted
by an active Inspector frontend.

loader/cache/MemoryCache.cpp:

(WebCore::MemoryCache::remove):
Assertion to help detect if we ever get override content into the MemoryCache.

loader/ResourceLoader.h:

(WebCore::DocumentLoader::responseReceived):

loader/ResourceLoader.cpp:

Fix typos.

Source/WebInspectorUI:

This adds a new "Local Overrides" section to the Sources tab sidebar
which will allow users to provide their own resource content for text
resources. Users can clone a resource, and provide their own content
(by editing in Web Inspector) and new requests for those particular
URLs will get the substitute content.

Overrides are based on a particular URL (ignoring fragment). They
can override: status code, status text, response headers, content,
and MIME Type (Content-Type).

Tools/CodeMirrorModes/index.html: Added.
Tools/CodeMirrorModes/styles.css: Added.

Debug tool for CodeMirror editors and our custom CodeMirror modes.

UserInterface/Main.html:
UserInterface/Test.html:
Localizations/en.lproj/localizedStrings.js:

New files and strings.

UserInterface/Base/HTTPUtilities.js: Added.

(WI.httpStatusTextForStatusCode):
Translate between typical status codes and status text.

UserInterface/Base/ObjectStore.js:

(WI.ObjectStore._open):
New persistent store for local resource overrides.

UserInterface/Base/Main.js:

(WI.showLocalResourceOverride):
Convenience for showing an override file.

UserInterface/Base/URLUtilities.js:

(parseURL):
Avoid uncaught exceptions with the URL constructor for common WebKit internal sourceURL strings.

(WI.urlWithoutFragment):
Strip a fragment from a URL.

UserInterface/Controllers/HARBuilder.js:

(WI.HARBuilder.fetchType):
(WI.HARBuilder.responseSourceFromHARFetchType):
Handle new custom response types.

UserInterface/Protocol/NetworkObserver.js:

(WI.NetworkObserver.prototype.responseIntercepted):
(WI.NetworkObserver):
New events.

UserInterface/Controllers/NetworkManager.js:

(WI.NetworkManager):
(WI.NetworkManager.supportsLocalResourceOverrides):
(WI.NetworkManager.prototype.initializeTarget):
(WI.NetworkManager.prototype.get localResourceOverrides):
(WI.NetworkManager.prototype.get interceptionEnabled):
(WI.NetworkManager.prototype.set interceptionEnabled):
(WI.NetworkManager.prototype.addLocalResourceOverride):
(WI.NetworkManager.prototype.removeLocalResourceOverride):
(WI.NetworkManager.prototype.localResourceOverrideForURL):
(WI.NetworkManager.prototype.canBeOverridden):
(WI.NetworkManager.prototype.responseIntercepted):
(WI.NetworkManager.prototype._handleResourceContentDidChange):
(WI.NetworkManager.prototype._persistLocalResourceOverrideSoonAfterContentChange):
(WI.NetworkManager.prototype._saveLocalResourceOverrides):
(WI.NetworkManager.prototype._extraDomainsActivated):
(WI.NetworkManager.prototype.localResourceForURL): Deleted.
Handle saving and restoring local resource overrides.
Handle responding to a responseIntercepted Network protocol event.

UserInterface/Models/LocalResource.js:

(WI.LocalResource.fromJSON):
(WI.LocalResource.prototype.toJSON):
(WI.LocalResource.prototype.get localContent):
(WI.LocalResource.prototype.get localContentIsBase64Encoded):
(WI.LocalResource.prototype.isLocalResourceOverride):
(WI.LocalResource.prototype.updateOverrideContent):
Allow a LocalResource to identify itself as an "override".

UserInterface/Models/LocalResourceOverride.js: Added.

(WI.LocalResourceOverride.prototype.create):
(WI.LocalResourceOverride.fromJSON):
(WI.LocalResourceOverride.prototype.toJSON):
(WI.LocalResourceOverride.prototype.get url):
(WI.LocalResourceOverride.prototype.get localResource):
(WI.LocalResourceOverride.prototype.get disabled):
(WI.LocalResourceOverride.prototype.set disabled):
(WI.LocalResourceOverride.prototype.saveIdentityToCookie):
(WI.LocalResourceOverride):
Model object for a LocalResourceOverride. This has LocalResource content
and an enabled/disabled state.

UserInterface/Models/Resource.js:

(WI.Resource.classNamesForResource):
(WI.Resource.responseSourceFromPayload):
(WI.Resource.prototype.isLocalResourceOverride):
(WI.Resource.prototype.async.createLocalResourceOverride):
(WI.Resource.classNameForResource): Deleted.
Convenience functions and icon updates.

UserInterface/Views/SourcesTabContentView.js:

(WI.SourcesTabContentView.prototype.canShowRepresentedObject):

UserInterface/Views/ContentView.js:

(WI.ContentView.createFromRepresentedObject):
(WI.ContentView.resolvedRepresentedObjectForRepresentedObject):
(WI.ContentView.isViewable):
Handle new represented object type.

UserInterface/Views/SourcesNavigationSidebarPanel.js:

(WI.SourcesNavigationSidebarPanel):
(WI.SourcesNavigationSidebarPanel.prototype.createContentTreeOutline):
(WI.SourcesNavigationSidebarPanel.prototype.willDismissPopover):
(WI.SourcesNavigationSidebarPanel.prototype._willDismissLocalOverridePopover):
(WI.SourcesNavigationSidebarPanel.prototype._willDismissEventBreakpointPopover):
(WI.SourcesNavigationSidebarPanel.prototype._willDismissURLBreakpointPopover):
(WI.SourcesNavigationSidebarPanel.prototype._addLocalResourceOverride):
(WI.SourcesNavigationSidebarPanel.prototype._removeLocalResourceOverride):
(WI.SourcesNavigationSidebarPanel.prototype._handleTreeSelectionDidChange):
(WI.SourcesNavigationSidebarPanel.prototype._populateCreateBreakpointContextMenu):
(WI.SourcesNavigationSidebarPanel.prototype._handleLocalResourceOverrideAdded):
(WI.SourcesNavigationSidebarPanel.prototype._handleLocalResourceOverrideRemoved):

UserInterface/Views/SourcesNavigationSidebarPanel.css:

(.sidebar > .panel.navigation.sources > .content > .warning-banner):
(.sidebar > .panel.navigation.sources > .content > :matches(.pause-reason-container, .call-stack-container, .breakpoints-container, .local-overrides)):
(.sidebar > .panel.navigation.sources > .content > .local-overrides):
(.sidebar > .panel.navigation.sources > .content > :matches(.pause-reason-container, .call-stack-container, .breakpoints-container)): Deleted.
Hide and show Local Overrides section.

UserInterface/Views/LocalResourceOverrideTreeElement.css:

(.item.resource.override .status > div):

UserInterface/Views/LocalResourceOverrideTreeElement.js: Added.

(WI.LocalResourceOverrideTreeElement):
(WI.LocalResourceOverrideTreeElement.prototype.canSelectOnMouseDown):
(WI.LocalResourceOverrideTreeElement.prototype.populateContextMenu):
(WI.LocalResourceOverrideTreeElement.prototype.willDismissPopover):
TreeElement for a Local Resource Override.

UserInterface/Views/CodeMirrorLocalOverrideURLMode.css:

(.cm-s-default .cm-local-override-url-bad-scheme):
(.cm-s-default .cm-local-override-url-fragment):

UserInterface/Views/CodeMirrorLocalOverrideURLMode.js: Added.

(tokenBase):
(return.startState):
(return.token):

UserInterface/Views/ContentBrowserTabContentView.js:

(WI.ContentBrowserTabContentView.prototype._revealAndSelectRepresentedObject):

UserInterface/Views/ContextMenu.js:

(WI.ContextMenu.prototype._itemSelected):
(WI.ContextMenu):
Better debugging for exceptions in context menu handlers.

UserInterface/Views/ContextMenuUtilities.js:

(WI.appendContextMenuItemsForSourceCode):
(WI.appendContextMenuItemsForURL):
Context menu items for Local Resource Overrides.

UserInterface/Views/DataGrid.js:

(WI.DataGrid.prototype.startEditingNode):
(WI.DataGrid.prototype._startEditingNodeAtColumnIndex):
(WI.DataGrid.prototype._startEditing):
(WI.DataGrid.prototype._contextMenuInDataTable):

UserInterface/Views/DataGridNode.js:

(WI.DataGridNode):
(WI.DataGridNode.prototype.get editable):
(WI.DataGridNode.prototype.set editable):
Improve DataGrid editing functionality.
Allow a node to not be editable.
Allow adding a new node and starting to edit in one action.

UserInterface/Views/DebuggerSidebarPanel.js:

(WI.DebuggerSidebarPanel.prototype.treeElementForRepresentedObject):
Do not provide overrides in the Debugger tab.

UserInterface/Views/LocalResourceOverrideLabelView.css:

(.local-resource-override-label-view):
(.local-resource-override-label-view > div):
(.local-resource-override-label-view > div > .label):
(.local-resource-override-label-view > div > .url):
(@media (prefers-color-scheme: dark)):

UserInterface/Views/LocalResourceOverrideLabelView.js:

(WI.LocalResourceOverrideLabelView):
(WI.LocalResourceOverrideLabelView.prototype.initialLayout):

UserInterface/Views/LocalResourceOverridePopover.css: Added.

(.popover .local-resource-override-popover-content):
(.popover .local-resource-override-popover-content > label.toggle):
(.popover .local-resource-override-popover-content > table):
(.popover .local-resource-override-popover-content > table > tr > th):
(.popover .local-resource-override-popover-content > table > tr > td):
(.popover .local-resource-override-popover-content .editor):
(.popover .local-resource-override-popover-content .editor > .CodeMirror):
(.popover .local-resource-override-popover-content .editor.url):
(.popover .local-resource-override-popover-content .editor.mime):
(.popover .local-resource-override-popover-content .editor.status):
(.popover .local-resource-override-popover-content .editor.status-text):
(.popover .local-resource-override-popover-content .add-header):
(@media (prefers-color-scheme: dark)):
New banner view for a local resource override itself.
Shows the URL being overriden.

UserInterface/Views/LocalResourceOverrideWarningView.css:

(.local-resource-override-warning-view):
(.local-resource-override-warning-view[hidden]):
(.local-resource-override-warning-view > div):
(.local-resource-override-warning-view > div > button):
(@media (prefers-color-scheme: dark)):

UserInterface/Views/LocalResourceOverrideWarningView.js: Added.

(WI.LocalResourceOverrideWarningView):
(WI.LocalResourceOverrideWarningView.prototype.attached):
(WI.LocalResourceOverrideWarningView.prototype.detached):
(WI.LocalResourceOverrideWarningView.prototype._updateContent):
(WI.LocalResourceOverrideWarningView.prototype._handleLocalResourceOverrideChanged):

UserInterface/Views/NavigationSidebarPanel.js:

(WI.NavigationSidebarPanel.prototype.pruneStaleResourceTreeElements):
New banner view for a resource that has been overridden.
Allows jumping to the override itself.

UserInterface/Views/LocalResourceOverridePopover.js: Added.

(WI.LocalResourceOverridePopover):
(WI.LocalResourceOverridePopover.prototype.get serializedData):
(WI.LocalResourceOverridePopover.prototype.show.addDataGridNodeForHeader):
(WI.LocalResourceOverridePopover.prototype.show):
(WI.LocalResourceOverridePopover.prototype._createEditor):
(WI.LocalResourceOverridePopover.prototype._defaultURL):
(WI.LocalResourceOverridePopover.prototype._presentOverTargetElement):
New popover for creating or editing a Local Resource Override.

UserInterface/Views/SearchSidebarPanel.js:

(WI.SearchSidebarPanel.prototype.performSearch):
Consider searching overrides.

UserInterface/Views/Variables.css:

(:root):

UserInterface/Views/SearchSidebarPanel.css:

(.sidebar > .panel.navigation.search.changed > .banner):

UserInterface/Views/DebuggerSidebarPanel.css:

(.sidebar > .panel.navigation.debugger .warning-banner):

UserInterface/Views/ConsoleMessageView.css:

(.console-warning-level):
Use a new variable for a common warning color.

UserInterface/Images/NavigationItemNetworkOverride.svg: Added.
UserInterface/Views/SourceCodeTextEditor.js:

(WI.SourceCodeTextEditor.prototype.canBeFormatted):
(WI.SourceCodeTextEditor.prototype.get _supportsDebugging):

UserInterface/Views/SourcesNavigationSidebarPanel.css:

UserInterface/Views/TextEditor.css:

(.text-editor):

UserInterface/Views/TextResourceContentView.css:

(.content-view.resource.text):
(.content-view.resource.text > .text-editor):

UserInterface/Views/TextResourceContentView.js:

(WI.TextResourceContentView):
(WI.TextResourceContentView.prototype.get navigationItems):
(WI.TextResourceContentView.prototype.closed):
(WI.TextResourceContentView.prototype._contentWillPopulate):
(WI.TextResourceContentView.prototype._contentDidPopulate):
(WI.TextResourceContentView.prototype.async._handleCreateLocalResourceOverride):
(WI.TextResourceContentView.prototype._handleRemoveLocalResourceOverride):
(WI.TextResourceContentView.prototype._handleLocalResourceOverrideChanged):
(WI.TextResourceContentView.prototype._textEditorContentDidChange):
(WI.TextResourceContentView.prototype._shouldBeEditable):
Allow Text resources to create a local resource override.
Support for Image resources will come separately.

UserInterface/Views/ResourceHeadersContentView.js:

(WI.ResourceHeadersContentView.prototype._responseSourceDisplayString):
Handle new response type.

UserInterface/Controllers/CSSManager.js:

Avoid extra handling for Local Resource Overrides.

UserInterface/Views/ResourceIcons.css:

(.resource-icon.override .icon):

UserInterface/Views/ResourceSizesContentView.js:

(WI.ResourceSizesContentView.prototype.initialLayout):

UserInterface/Views/ResourceTimelineDataGridNode.js:

(WI.ResourceTimelineDataGridNode.prototype.iconClassNames):

UserInterface/Views/ResourceTreeElement.js:

(WI.ResourceTreeElement.prototype._updateResource):
(WI.ResourceTreeElement.prototype._updateIcon):
(WI.ResourceTreeElement.prototype._responseReceived):
(WI.ResourceTreeElement):

UserInterface/Views/TimelineDataGridNode.js:

(WI.TimelineDataGridNode.prototype.createCellContent):

UserInterface/Views/NetworkTableContentView.js:

(WI.NetworkTableContentView.prototype._populateNameCell):
(WI.NetworkTableContentView.prototype._populateTransferSizeCell):
(WI.NetworkTableContentView.prototype._generateSortComparator):
Better Resource icons all over for overrides.

UserInterface/Views/URLBreakpointPopover.js:

(WI.URLBreakpointPopover.prototype._createEditor):
Code cleanup.

Source/WebKit:

Sources.txt:
WebKit.xcodeproj/project.pbxproj:

New sources.

WebProcess/Network/WebResourceLoader.h:
WebProcess/Network/WebResourceLoader.cpp:

(WebKit::WebResourceLoader::didReceiveResponse):
(WebKit::WebResourceLoader::didReceiveData):
(WebKit::WebResourceLoader::didFinishResourceLoad):
(WebKit::WebResourceLoader::didFailResourceLoad):
On receiving a response, check with the inspector if an active
frontend will override the response content.

WebProcess/Network/WebResourceInterceptController.h:
WebProcess/Network/WebResourceInterceptController.cpp:

(WebKit::WebResourceInterceptController::isIntercepting const):
(WebKit::WebResourceInterceptController::beginInterceptingResponse):
(WebKit::WebResourceInterceptController::continueResponse):
(WebKit::WebResourceInterceptController::interceptedResponse):
(WebKit::WebResourceInterceptController::defer):
Buffer networking callbacks for an ongoing intercept.

WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::havePerformedSecurityChecks const):
Handle new response source.

LayoutTests:

http/tests/inspector/network/local-resource-override-basic-expected.txt: Added.
http/tests/inspector/network/local-resource-override-basic.html: Added.
http/tests/inspector/network/local-resource-override-main-resource-expected.txt: Added.
http/tests/inspector/network/local-resource-override-main-resource.html: Added.
http/tests/inspector/network/local-resource-override-script-tag-expected.txt: Added.
http/tests/inspector/network/local-resource-override-script-tag.html: Added.
http/tests/inspector/network/resource-response-inspector-override-expected.txt: Added.
http/tests/inspector/network/resource-response-inspector-override.html: Added.
http/tests/inspector/network/resources/override.js: Added.
http/tests/inspector/network/resources/override.txt: Added.
inspector/network/local-resource-override-continue-response-expected.txt: Added.
inspector/network/local-resource-override-continue-response.html: Added.

Tests for overrides.

inspector/unit-tests/url-utilities-expected.txt:
inspector/unit-tests/url-utilities.html:

Test WI.urlWithoutFragment.

platform/mac-wk1/TestExpectations:

WebKitLegacy does not support overrides.

4:20 PM Changeset in webkit [249503] by Kocsen Chung

1 copy in tags/Safari-608.2.11.1.2

Tag Safari-608.2.11.1.2.

4:13 PM Changeset in webkit [249502] by Chris Dumez

2 edits in trunk/Source/WebKit

Unreviewed minor follow-up fix after r249501 to address crashes in debug.

NetworkProcess/cache/NetworkCache.h:

(WTF::HashTraits<WebKit::NetworkCache::GlobalFrameID>::constructDeletedValue):
(WTF::HashTraits<WebKit::NetworkCache::GlobalFrameID>::isDeletedValue):

3:57 PM Changeset in webkit [249501] by Chris Dumez

52 edits in trunk/Source

Expose WebPageProxy identifier to the Network Process
https://bugs.webkit.org/show_bug.cgi?id=201467

Reviewed by Geoffrey Garen.

Source/WebCore:

loader/EmptyFrameLoaderClient.h:

(isType):

loader/FrameLoaderClient.h:

Source/WebKit:

Expose WebPageProxy identifier to the Network Process (similarly to WebPage / WebFrame identifiers)
so that it can use it whenever it IPCs the UIProcess. The IPCs from the network process were the
last one requiring the UIProcess to lookup a WebPageProxy object from a WebPageIdentifier (rather
than a WebPageProxyIdentifier).

NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:

(WebKit::WebResourceLoadStatisticsStore::requestStorageAccess):

NetworkProcess/Classifier/WebResourceLoadStatisticsStore.h:
NetworkProcess/NetworkCORSPreflightChecker.cpp:

(WebKit::NetworkCORSPreflightChecker::didReceiveChallenge):

NetworkProcess/NetworkCORSPreflightChecker.h:
NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::testProcessIncomingSyncMessagesWhenWaitingForSyncReply):
(WebKit::NetworkConnectionToWebProcess::requestStorageAccess):

NetworkProcess/NetworkConnectionToWebProcess.h:
NetworkProcess/NetworkConnectionToWebProcess.messages.in:
NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::didReceiveChallenge):

NetworkProcess/NetworkLoadChecker.cpp:

(WebKit::NetworkLoadChecker::NetworkLoadChecker):
(WebKit::NetworkLoadChecker::checkCORSRequestWithPreflight):

NetworkProcess/NetworkLoadChecker.h:
NetworkProcess/NetworkLoadParameters.h:
NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::didCommitCrossSiteLoadWithDataTransfer):
(WebKit::NetworkProcess::logDiagnosticMessage):
(WebKit::NetworkProcess::logDiagnosticMessageWithResult):
(WebKit::NetworkProcess::logDiagnosticMessageWithValue):

NetworkProcess/NetworkProcess.h:
NetworkProcess/NetworkProcess.messages.in:
NetworkProcess/NetworkResourceLoadParameters.cpp:

(WebKit::NetworkResourceLoadParameters::encode const):
(WebKit::NetworkResourceLoadParameters::decode):

NetworkProcess/NetworkResourceLoader.cpp:

(WebKit::m_shouldCaptureExtraNetworkLoadMetrics):
(WebKit::NetworkResourceLoader::retrieveCacheEntry):
(WebKit::NetworkResourceLoader::startNetworkLoad):
(WebKit::NetworkResourceLoader::didReceiveResponse):

NetworkProcess/NetworkResourceLoader.h:
NetworkProcess/PingLoad.cpp:

(WebKit::PingLoad::PingLoad):
(WebKit::PingLoad::didReceiveChallenge):

NetworkProcess/cache/NetworkCache.h:

(WebKit::NetworkCache::GlobalFrameID::hash const):
(WebKit::NetworkCache::operator==):
(WTF::GlobalFrameIDHash::hash):
(WTF::GlobalFrameIDHash::equal):
(WTF::HashTraits<WebKit::NetworkCache::GlobalFrameID>::emptyValue):
(WTF::HashTraits<WebKit::NetworkCache::GlobalFrameID>::constructDeletedValue):
(WTF::HashTraits<WebKit::NetworkCache::GlobalFrameID>::isDeletedValue):

NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:

(WebKit::NetworkCache::SpeculativeLoad::SpeculativeLoad):

NetworkProcess/cache/NetworkCacheSpeculativeLoadManager.cpp:

(WebKit::NetworkCache::logSpeculativeLoadingDiagnosticMessage):

Shared/Authentication/AuthenticationManager.cpp:

(WebKit::AuthenticationManager::shouldCoalesceChallenge const):
(WebKit::AuthenticationManager::didReceiveAuthenticationChallenge):

Shared/Authentication/AuthenticationManager.h:
UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::didReceiveAuthenticationChallenge):
(WebKit::NetworkProcessProxy::logDiagnosticMessage):
(WebKit::NetworkProcessProxy::logDiagnosticMessageWithResult):
(WebKit::NetworkProcessProxy::logDiagnosticMessageWithValue):
(WebKit::NetworkProcessProxy::requestStorageAccessConfirm):
(WebKit::NetworkProcessProxy::didCommitCrossSiteLoadWithDataTransfer):
(WebKit::NetworkProcessProxy::didCommitCrossSiteLoadWithDataTransferFromPrevalentResource):
(WebKit::NetworkProcessProxy::testProcessIncomingSyncMessagesWhenWaitingForSyncReply):

UIProcess/Network/NetworkProcessProxy.h:
UIProcess/Network/NetworkProcessProxy.messages.in:
UIProcess/ServiceWorkerProcessProxy.cpp:

(WebKit::ServiceWorkerProcessProxy::start):

UIProcess/ServiceWorkerProcessProxy.h:
UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didCommitLoadForFrame):

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::isServiceWorkerPageID const):
(WebKit::WebProcessPool::didCommitCrossSiteLoadWithDataTransfer):

UIProcess/WebProcessPool.h:
UIProcess/WebProcessProxy.cpp:
UIProcess/WebProcessProxy.h:
WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::scheduleLoad):
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
(WebKit::WebLoaderStrategy::loadResourceSynchronously):
(WebKit::WebLoaderStrategy::preconnectTo):

WebProcess/Network/WebResourceLoader.h:
WebProcess/Storage/WebSWContextManagerConnection.cpp:

(WebKit::ServiceWorkerFrameLoaderClient::ServiceWorkerFrameLoaderClient):
(WebKit::ServiceWorkerFrameLoaderClient::createDocumentLoader):
(WebKit::WebSWContextManagerConnection::WebSWContextManagerConnection):
(WebKit::WebSWContextManagerConnection::installServiceWorker):

WebProcess/Storage/WebSWContextManagerConnection.h:

(isType):

WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::testProcessIncomingSyncMessagesWhenWaitingForSyncReply):

WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::webPageProxyID const):

WebProcess/WebCoreSupport/WebFrameLoaderClient.h:
WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::requestStorageAccess):

WebProcess/WebProcess.cpp:

(WebKit::WebProcess::establishWorkerContextConnectionToNetworkProcess):

WebProcess/WebProcess.h:
WebProcess/WebProcess.messages.in:

2:25 PM Changeset in webkit [249500] by Jonathan Bedard

3 edits in trunk/Tools

run-api-tests: Add support for specifying additional environment variables
https://bugs.webkit.org/show_bug.cgi?id=201311
<rdar://problem/54852698>

Reviewed by Daniel Bates.

Scripts/webkitpy/api_tests/run_api_tests.py:

(parse_args): Add --additional-env-var flag.

Scripts/webkitpy/port/base.py:

(Port._append_value_colon_separated): Use os.pathsep instead of ':'.
(Port.environment_for_api_tests): Add the values from --additional-env-var to the
environment.

2:12 PM Changeset in webkit [249499] by mark.lam@apple.com

2 edits in trunk/Source/JavaScriptCore

Structure::storedPrototype() and storedPrototypeObject() should assert with isCompilationThread(), not !isMainThread().
https://bugs.webkit.org/show_bug.cgi?id=201449

Reviewed by Yusuke Suzuki.

Using !isMainThread() in the assertion also disables the assertion for the mutator
of worker threads. This is not what we intended.

runtime/StructureInlines.h:

(JSC::Structure::storedPrototype const):
(JSC::Structure::storedPrototypeObject const):

2:11 PM Changeset in webkit [249498] by achristensen@apple.com

6 edits in trunk/Source

Remove unused SPI that accesses MemoryCache directly
https://bugs.webkit.org/show_bug.cgi?id=201468

Reviewed by Tim Horton.

Source/WebCore:

loader/cache/MemoryCache.cpp:

(WebCore::dummyCachedImageClient): Deleted.
(WebCore::MemoryCache::addImageToCache): Deleted.
(WebCore::MemoryCache::removeImageFromCache): Deleted.

loader/cache/MemoryCache.h:

Source/WebKitLegacy/mac:

Misc/WebCache.h:
Misc/WebCache.mm:

(+[WebCache addImageToCache:forURL:]): Deleted.
(+[WebCache addImageToCache:forURL:forFrame:]): Deleted.
(+[WebCache removeImageFromCacheForURL:]): Deleted.
(+[WebCache removeImageFromCacheForURL:forFrame:]): Deleted.

1:42 PM Changeset in webkit [249497] by Alan Bujtas

6 edits in trunk/Source/WebCore

[LFC] Assert on FormattingContext escaping
https://bugs.webkit.org/show_bug.cgi?id=201464
<rdar://problem/55029574>

Reviewed by Antti Koivisto.

This patch asserts on accidental formatting context escaping. This is only a correctness issue at the moment,
since we don't support multithreaded subtree layout yet.
Normally we should not need to access display boxes in different formatting contexts during layout, but there are a few, justified cases when it is required.

layout/FormattingContext.cpp:

(WebCore::Layout::FormattingContext::displayBoxForLayoutBox const):

layout/FormattingContext.h:

(WebCore::Layout::FormattingContext::displayBoxForLayoutBox const): Deleted.

layout/FormattingContextGeometry.cpp:

(WebCore::Layout::FormattingContext::Geometry::contentHeightForFormattingContextRoot const):
(WebCore::Layout::FormattingContext::Geometry::staticVerticalPositionForOutOfFlowPositioned const):
(WebCore::Layout::FormattingContext::Geometry::staticHorizontalPositionForOutOfFlowPositioned const):

layout/FormattingContextQuirks.cpp:

(WebCore::Layout::FormattingContext::Quirks::heightValueOfNearestContainingBlockWithFixedHeight):

layout/floats/FloatingContext.cpp:

(WebCore::Layout::FloatingContext::absoluteDisplayBoxCoordinates const):
(WebCore::Layout::FloatingContext::mapToFloatingStateRoot const):
(WebCore::Layout::FloatingContext::mapTopToFloatingStateRoot const):
(WebCore::Layout::FloatingContext::mapPointFromFormattingContextRootToFloatingStateRoot const):

page/FrameViewLayoutContext.cpp:

(WebCore::layoutUsingFormattingContext):

1:09 PM Changeset in webkit [249496] by Kocsen Chung

2 edits in branches/safari-608-branch/Source/WebKit

Cherry-pick r249430. rdar://problem/55027550

[macOS] Correct sandbox violation in Flash plugin
https://bugs.webkit.org/show_bug.cgi?id=201228
<rdar://problem/54347503>

Reviewed by Alex Christensen.

PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249430 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:08 PM Changeset in webkit [249495] by mark.lam@apple.com

2 edits in trunk/Source/JavaScriptCore

Disambiguate a symbol used in JSDollarVM.
https://bugs.webkit.org/show_bug.cgi?id=201466
<rdar://problem/51826672>

Reviewed by Tadeu Zagallo.

This was causing a build issue on some internal build.

tools/JSDollarVM.cpp:

12:53 PM Changeset in webkit [249494] by Alan Bujtas

6 edits in trunk/Source/WebCore

[LFC] FormattingContext::map* functions are too generic.
https://bugs.webkit.org/show_bug.cgi?id=201447
<rdar://problem/55005733>

Reviewed by Antti Koivisto.

We don't need such generic mapping functions yet. This patch is also in preparation for
asserting on formatting context escaping.

layout/FormattingContext.cpp:

(WebCore::Layout::FormattingContext::mapTopToFormattingContextRoot const):
(WebCore::Layout::FormattingContext::mapLeftToFormattingContextRoot const):
(WebCore::Layout::FormattingContext::mapRightToFormattingContextRoot const):
(WebCore::Layout::FormattingContext::mapLeftToAncestor const): Deleted.
(WebCore::Layout::FormattingContext::mapRightToAncestor const): Deleted.
(WebCore::Layout::FormattingContext::mapBoxToAncestor const): Deleted.
(WebCore::Layout::FormattingContext::mapTopToAncestor const): Deleted.
(WebCore::Layout::FormattingContext::mapPointToAncestor const): Deleted.
(WebCore::Layout::FormattingContext::mapPointToDescendent const): Deleted.

layout/FormattingContext.h:
layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::usedAvailableWidthForFloatAvoider const):

layout/floats/FloatingContext.cpp:

(WebCore::Layout::FloatingContext::positionForFloat const):
(WebCore::Layout::FloatingContext::positionForFormattingContextRoot const):
(WebCore::Layout::FloatingContext::verticalPositionWithClearance const):
(WebCore::Layout::FloatingContext::constraints const):
(WebCore::Layout::FloatingContext::append):
(WebCore::Layout::FloatingContext::absoluteDisplayBoxCoordinates const):
(WebCore::Layout::FloatingContext::mapToFloatingStateRoot const):
(WebCore::Layout::FloatingContext::mapTopToFloatingStateRoot const):
(WebCore::Layout::FloatingContext::mapPointFromFormattingContextRootToFloatingStateRoot const):
(WebCore::Layout::mapToFormattingContextRoot): Deleted.

layout/floats/FloatingContext.h:
page/FrameViewLayoutContext.cpp:

(WebCore::layoutUsingFormattingContext):

12:38 PM Changeset in webkit [249493] by commit-queue@webkit.org

2 edits in trunk/Source/WebCore

[iPadOS] Unable to change sheets on Airtable.com
https://bugs.webkit.org/show_bug.cgi?id=201456
<rdar://problem/51557377>

Patch by Antoine Quint <Antoine Quint> on 2019-09-04
Reviewed by Dean Jackson.

Simulated mouse events are required to be able to manipulate cells and and columns on Airtable.com. However, dispatching a "mousedown" event on
tabs allowing to pick a different sheet ends up calling preventDefault() and prevent "click" events from being dispatched, which makes it
impossible to change sheet. We now limit the dispatch of simulated mouse events to the grid.

page/Quirks.cpp:

(WebCore::Quirks::simulatedMouseEventTypeForTarget const):

12:37 PM Changeset in webkit [249492] by timothy_horton@apple.com

6 edits in trunk/Source/WebKit

macCatalyst: Re-enable iOS WKWebView printing API
https://bugs.webkit.org/show_bug.cgi?id=201392
<rdar://problem/54690252>

Reviewed by Wenson Hsieh.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _webViewPrintFormatter]):

UIProcess/API/Cocoa/WKWebViewInternal.h:
UIProcess/_WKWebViewPrintFormatter.mm:
UIProcess/_WKWebViewPrintFormatterInternal.h:
UIProcess/ios/WKContentView.mm:

_WKWwebViewPrintFormatter was disabled during bringup because requisite
UIKit bits were missing, but they are not anymore (and have not been for
quite some time), so remove these unnecessary platform ifdefs.

12:23 PM Changeset in webkit [249491] by Kocsen Chung

1 edit in branches/safari-608-branch/Tools/WebKitTestRunner/TestOptions.h

Unreviewed build fix.

12:19 PM Changeset in webkit [249490] by Kocsen Chung

2 edits in branches/safari-608.2.11.1-branch/Source/WebKit

Cherry-pick r249430. rdar://problem/55031098

[macOS] Correct sandbox violation in Flash plugin
https://bugs.webkit.org/show_bug.cgi?id=201228
<rdar://problem/54347503>

Reviewed by Alex Christensen.

PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249430 268f45cc-cd09-0410-ab3c-d52691b4dbfc

11:28 AM Changeset in webkit [249489] by commit-queue@webkit.org

17 edits in trunk/LayoutTests

Address review comments after r249364
https://bugs.webkit.org/show_bug.cgi?id=201432

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2019-09-04
Reviewed by Simon Fraser.

Fix the <img> CSS width properties by adding the "px" units.

fast/images/exif-orientation-background-expected.html:
fast/images/exif-orientation-canvas-expected.html:
fast/images/exif-orientation-canvas.html:
fast/images/exif-orientation-composited-expected.html:
fast/images/exif-orientation-composited.html:

Remove the CSS border to enable the composited image code path.

fast/images/exif-orientation-content-expected.html:
fast/images/exif-orientation-element-expected.html:
fast/images/exif-orientation-element.html:
fast/images/exif-orientation-image-document-expected.html:
fast/images/exif-orientation-image-document.html:
fast/images/exif-orientation-image-object-expected.html:
fast/images/exif-orientation-image-object.html:
fast/images/exif-orientation-svg-feimage-expected.html:
fast/images/exif-orientation-svg-feimage.html:
fast/images/exif-orientation-svg-image-expected.html:
fast/images/exif-orientation-svg-image.html:

11:15 AM Changeset in webkit [249488] by mark.lam@apple.com

2 edits in branches/safari-608-branch/Source/JavaScriptCore

Cherry-pick 249345. rdar://problem/55000994

2019-08-30 Mark Lam <mark.lam@apple.com>

Fix a bug in SlotVisitor::reportZappedCellAndCrash() and also capture more information.
https://bugs.webkit.org/show_bug.cgi?id=201345

Reviewed by Yusuke Suzuki.

This patch fixes a bug where SlotVisitor::reportZappedCellAndCrash() was using
the wrong pointer for capture the cell headerWord and zapReason. As a result,
we get junk for those 2 values.

Previously, we were only capturing the upper 32-bits of the cell header slot,
and the lower 32-bit of the next slot in the zapped cell. We now capture the
full 64-bits of both slots. If the second slot did not contain a zapReason as we
expect, the upper 32-bits might give us a clue as to what type of value the slot
contains.

This patch also adds capturing of the found MarkedBlock address for the zapped
cell, as well as some state bit values.

heap/SlotVisitor.cpp: (JSC::SlotVisitor::reportZappedCellAndCrash):

11:13 AM Changeset in webkit [249487] by Patrick Griffis

2 edits in trunk/Source/WebKit

[WPE][GTK] Fix sandbox parsing DISPLAY on X11
https://bugs.webkit.org/show_bug.cgi?id=201462

Reviewed by Michael Catanzaro.

On some setups the DISPLAY env var was incorrectly parsed.

UIProcess/Launcher/glib/BubblewrapLauncher.cpp:

(WebKit::bindX11):

11:08 AM Changeset in webkit [249486] by BJ Burg

2 edits in trunk/Source/WebKit

Selenium test 'interactions_tests.py::testContextClick' is hanging
https://bugs.webkit.org/show_bug.cgi?id=201161
<rdar://problem/54728541>

Reviewed by Chris Dumez.

A web page should not show native context menus if user interactions are being simulated for WebDriver.
Showing a native context menu spawns a nested run loop. Since there's no way to interact
with native UI via WebDriver, the test will hang until the context menu is manually dismissed.

To fix this, pretend to show the context menu in UIProcess and dismiss it immediately.
This is necessary to trigger oncontextmenu events appropriately and resume handling mouse events.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::showContextMenu): Hook into isControlledByAutomation here.
We could short circuit this on the WebProcess side, but the check would be more crude
and suppress context menus even if user interaction isn't being simulated. This would be
problematic for a user who wants to interrupt their test session and interact with it.
The main use case for this is right clicking on the test page and choose "Inspect".

11:06 AM Changeset in webkit [249485] by Kocsen Chung

7 edits in branches/safari-608.2.11.1-branch/Source

Versioning.

11:01 AM Changeset in webkit [249484] by mark.lam@apple.com

22 edits in branches/safari-608-branch

Source/JavaScriptCore:
Cherry-pick 248143, 248162. rdar://problem/55000992

Also deleted an unused function. This is needed to resolve a merge conflict for
this patch.

heap/MarkedBlock.cpp:

(JSC::MarkedBlock::Handle::zap): Deleted.

heap/MarkedBlock.h:

(JSC::MarkedBlock::Handle::zap): Deleted.

2019-08-02 Mark Lam <mark.lam@apple.com>

Gardening: build fix.
https://bugs.webkit.org/show_bug.cgi?id=200149
<rdar://problem/53570112>

Not reviewed.

assembler/CPU.cpp: (JSC::hwPhysicalCPUMax):

2019-08-01 Mark Lam <mark.lam@apple.com>

Add crash diagnostics for debugging unexpected zapped cells.
https://bugs.webkit.org/show_bug.cgi?id=200149
<rdar://problem/53570112>

Reviewed by Yusuke Suzuki.

Add a check for zapped cells in SlotVisitor::appendToMarkStack() and
SlotVisitor::visitChildren(). If a zapped cell is detected, we will crash with
some diagnostic info.

To facilitate this, we've made the following changes:

Changed FreeCell to preserve the 1st 8 bytes. This is fine to do because all cells are at least 16 bytes long.
Changed HeapCell::zap() to only zap the structureID. Leave the rest of the cell header info intact (including the cell JSType).
Changed HeapCell::zap() to record the reason for zapping the cell. We stash the reason immediately after the first 8 bytes. This is the same location as FreeCell::scrambledNext. However, since a cell is not expected to be zapped and on the free list at the same time, it is also fine to do this.
Added a few utility functions to MarkedBlock for checking if a cell points into the block.
Added VMInspector and JSDollarVM utilities to dump in-use subspace hashes.
Added some comments to document the hashes of known subspaces.
Added Options::dumpZappedCellCrashData() to make this check conditional. We use this option to disable this check for slower machines so that their PLT5 performance is not impacted.

assembler/CPU.cpp: (JSC::hwL3CacheSize): (JSC::hwPhysicalCPUMax):
assembler/CPU.h: (JSC::hwL3CacheSize): (JSC::hwPhysicalCPUMax):
heap/FreeList.h: (JSC::FreeCell::offsetOfScrambledNext):
heap/HeapCell.h: (JSC::HeapCell::zap): (JSC::HeapCell::isZapped const):
heap/MarkedBlock.cpp: (JSC::MarkedBlock::Handle::stopAllocating):
heap/MarkedBlock.h: (JSC::MarkedBlock::Handle::start const): (JSC::MarkedBlock::Handle::end const): (JSC::MarkedBlock::Handle::contains const):
heap/MarkedBlockInlines.h: (JSC::MarkedBlock::Handle::specializedSweep):
heap/MarkedSpace.h: (JSC::MarkedSpace::forEachSubspace):
heap/SlotVisitor.cpp: (JSC::SlotVisitor::appendToMarkStack): (JSC::SlotVisitor::visitChildren): (JSC::SlotVisitor::reportZappedCellAndCrash):
heap/SlotVisitor.h:
jit/AssemblyHelpers.cpp: (JSC::AssemblyHelpers::emitAllocateWithNonNullAllocator):
runtime/Options.cpp: (JSC::Options::initialize):
runtime/Options.h:
runtime/VM.cpp: (JSC::VM::VM):
tools/JSDollarVM.cpp: (JSC::functionDumpSubspaceHashes): (JSC::JSDollarVM::finishCreation):
tools/VMInspector.cpp: (JSC::VMInspector::dumpSubspaceHashes):
tools/VMInspector.h:

Source/WebCore:
Cherry-pick 248143. rdar://problem/55000992

2019-08-01 Mark Lam <mark.lam@apple.com>

Add crash diagnostics for debugging unexpected zapped cells.
https://bugs.webkit.org/show_bug.cgi?id=200149
<rdar://problem/53570112>

Reviewed by Yusuke Suzuki.

No new tests because this is a feature for debugging crashes. It has been tested
manually by modifying the code to force a crash at the point of interest.

Added some comments to document the hashes of known subspaces.

bindings/js/WebCoreJSClientData.cpp: (WebCore::JSVMClientData::JSVMClientData):

10:27 AM Changeset in webkit [249483] by aakash_jain@apple.com

11 edits in trunk

EWS bubbles should indicate builder vs tester
https://bugs.webkit.org/show_bug.cgi?id=201253

Reviewed by Jonathan Bedard.

Tools:

BuildSlaveSupport/ews-app/ews/views/statusbubble.py:

(StatusBubble._build_bubble): Add icons to the bubbles appropriately.
(StatusBubble._is_tester_queue): Method to determine if the queue is tester queue.
(StatusBubble._is_builder_queue): Method to determine if the queue is builder queue.
(StatusBubble.get):

BuildSlaveSupport/ews-app/ews/common/buildbot.py:

(Buildbot.fetch_config): Method to fetch the config from Buildbot server.
(Buildbot.update_icons_for_queues_mapping): Method to update the icons for queues mapping.

BuildSlaveSupport/ews-app/ews/fetcher.py:

(FetchLoop.run): Update the icons for queues mapping.

BuildSlaveSupport/ews-build/config.json: Add icon information for the queues.
BuildSlaveSupport/ews-build/loadConfig.py: Remove 'icon' key from builder before passing it to Buildbot.
BuildSlaveSupport/ews-build/loadConfig_unittest.py: .

(test_builder_keys): Update unit-test accordingly. Also minor drive-by fix to improve failure string formatting.

Websites/bugs.webkit.org:

code-review.js: Do not display the icons in status-bubbles on this page.
template/en/default/attachment/edit.html.tmpl: Ditto.
template/en/default/attachment/reviewform.html.tmpl: Ditto.

10:05 AM Changeset in webkit [249482] by Kocsen Chung

1 edit in branches/safari-608-branch/Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm

Unreviewed build fix.

9:46 AM Changeset in webkit [249481] by youenn@apple.com

7 edits
3 adds in trunk/Source

Abstract out WebSocketChannel message queue
https://bugs.webkit.org/show_bug.cgi?id=201359

Reviewed by Alex Christensen.

Source/WebCore:

Move BlobLoader in its own file.
Introduce NetworkSendQueue class to handle the sending of messages, some of them being blobs.
This class ensures that messages will be sent in order, even though blob data is resolved asynchronously.

Covered by existing tests.

Headers.cmake:
Sources.txt:
WebCore.xcodeproj/project.pbxproj:
fileapi/BlobLoader.h: Added.

(WebCore::BlobLoader::BlobLoader):
(WebCore::BlobLoader::~BlobLoader):
(WebCore::BlobLoader::didFinishLoading):
(WebCore::BlobLoader::didFail):
(WebCore::BlobLoader::complete):

fileapi/NetworkSendQueue.cpp: Added.

(WebCore::NetworkSendQueue::NetworkSendQueue):
(WebCore::NetworkSendQueue::enqueue):
(WebCore::NetworkSendQueue::clear):
(WebCore::NetworkSendQueue::processMessages):

fileapi/NetworkSendQueue.h: Added.

Source/WebKit:

Make use of newly added NetworkSendQueue.

WebProcess/Network/WebSocketChannel.cpp:

(WebKit::WebSocketChannel::createMessageQueue):
(WebKit::WebSocketChannel::WebSocketChannel):
(WebKit::WebSocketChannel::send):
(WebKit::WebSocketChannel::disconnect):

WebProcess/Network/WebSocketChannel.h:

8:19 AM Changeset in webkit [249480] by commit-queue@webkit.org

4 edits in trunk/Source/WebCore

Allow checking whether image was created from JavaScript
https://bugs.webkit.org/show_bug.cgi?id=200662

Patch by Rob Buis <rbuis@igalia.com> on 2019-09-04
Reviewed by Darin Adler.

No behavior change.

html/HTMLImageElement.cpp:

(WebCore::HTMLImageElement::HTMLImageElement):
(WebCore::HTMLImageElement::create):

html/HTMLImageElement.h:

(WebCore::HTMLImageElement::createdByParser const):

html/HTMLTagNames.in:

5:46 AM Changeset in webkit [249479] by youenn@apple.com

29 edits
2 moves in trunk/Source

Move MessageRegistry to NetworkProcess
https://bugs.webkit.org/show_bug.cgi?id=201299

Reviewed by Alex Christensen.

Move message registry to NetworkProcess.
Take benefit of this move to use async reply IPC as much as possible.
This also allows to remove the IPC message to UIProcess when doing postMessage with service workers.

NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::createNewMessagePortChannel):
(WebKit::NetworkConnectionToWebProcess::entangleLocalPortInThisProcessToRemote):
(WebKit::NetworkConnectionToWebProcess::messagePortDisentangled):
(WebKit::NetworkConnectionToWebProcess::messagePortClosed):
(WebKit::NetworkConnectionToWebProcess::nextMessageBatchIdentifier):
(WebKit::NetworkConnectionToWebProcess::takeAllMessagesForPort):
(WebKit::NetworkConnectionToWebProcess::didDeliverMessagePortMessages):
(WebKit::NetworkConnectionToWebProcess::postMessageToRemote):
(WebKit::NetworkConnectionToWebProcess::checkRemotePortForActivity):
(WebKit::NetworkConnectionToWebProcess::checkProcessLocalPortForActivity):

NetworkProcess/NetworkConnectionToWebProcess.h:
NetworkProcess/NetworkConnectionToWebProcess.messages.in:
NetworkProcess/NetworkMessagePortChannelProvider.cpp: Added.

(WebKit::NetworkMessagePortChannelProvider::NetworkMessagePortChannelProvider):
(WebKit::NetworkMessagePortChannelProvider::createNewMessagePortChannel):
(WebKit::NetworkMessagePortChannelProvider::entangleLocalPortInThisProcessToRemote):
(WebKit::NetworkMessagePortChannelProvider::messagePortDisentangled):
(WebKit::NetworkMessagePortChannelProvider::messagePortClosed):
(WebKit::NetworkMessagePortChannelProvider::takeAllMessagesForPort):
(WebKit::NetworkMessagePortChannelProvider::postMessageToRemote):
(WebKit::NetworkMessagePortChannelProvider::checkRemotePortForActivity):
(WebKit::NetworkMessagePortChannelProvider::checkProcessLocalPortForActivity):

NetworkProcess/NetworkMessagePortChannelProvider.h: Added.
NetworkProcess/NetworkProcess.cpp:

(WebKit::m_messagePortChannelProvider):
(WebKit::NetworkProcess::webProcessConnection const):

NetworkProcess/NetworkProcess.h:

(WebKit::NetworkProcess::messagePortChannelRegistry):

Sources.txt:
UIProcess/Downloads/DownloadProxyMap.cpp:
UIProcess/WebPageProxy.cpp:
UIProcess/WebProcessPool.cpp:
UIProcess/WebProcessPool.h:
UIProcess/WebProcessPool.messages.in:
UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::~WebProcessProxy):
(WebKit::WebProcessProxy::shutDown):

UIProcess/WebProcessProxy.h:
UIProcess/WebProcessProxy.messages.in:
WebKit.xcodeproj/project.pbxproj:
WebProcess/Network/NetworkProcessConnection.cpp:

(WebKit::NetworkProcessConnection::initializeSWClientConnection):
(WebKit::NetworkProcessConnection::messagesAvailableForPort):
(WebKit::NetworkProcessConnection::checkProcessLocalPortForActivity):

WebProcess/Network/NetworkProcessConnection.h:
WebProcess/Network/NetworkProcessConnection.messages.in:
WebProcess/Storage/WebSWClientConnection.cpp:

(WebKit::WebSWClientConnection::postMessageToServiceWorker):

WebProcess/Storage/WebSWContextManagerConnection.cpp:

(WebKit::WebSWContextManagerConnection::postMessageToServiceWorkerClient):

WebProcess/WebCoreSupport/WebMessagePortChannelProvider.cpp:

(WebKit::networkProcessConnection):
(WebKit::WebMessagePortChannelProvider::createNewMessagePortChannel):
(WebKit::WebMessagePortChannelProvider::entangleLocalPortInThisProcessToRemote):
(WebKit::WebMessagePortChannelProvider::messagePortDisentangled):
(WebKit::WebMessagePortChannelProvider::messagePortClosed):
(WebKit::WebMessagePortChannelProvider::takeAllMessagesForPort):
(WebKit::WebMessagePortChannelProvider::postMessageToRemote):
(WebKit::WebMessagePortChannelProvider::checkRemotePortForActivity):

WebProcess/WebCoreSupport/WebMessagePortChannelProvider.h:
WebProcess/WebProcess.cpp:
WebProcess/WebProcess.h:
WebProcess/WebProcess.messages.in:

5:27 AM Changeset in webkit [249478] by zandobersek@gmail.com

1 edit
2 deletes in trunk/Source/WebCore

Remove unused ScrollingTreeOverflowScrollProxyNode implementation
https://bugs.webkit.org/show_bug.cgi?id=201376

Reviewed by Simon Fraser.

Remove the unused ScrollingTreeOverflowScrollProxyNode implementation
and header files that were added in r246723 but are not included in any
build. Cocoa-specific implementation remains untouched, and other
scrolling systems should be providing their own (as is the case with
other types of nodes).

page/scrolling/ScrollingTreeOverflowScrollProxyNode.cpp: Removed.
page/scrolling/ScrollingTreeOverflowScrollProxyNode.h: Removed.

2:10 AM WebKitGTK/2.24.x edited by berto@igalia.com

(diff)

2:09 AM WebKitGTK/2.24.x edited by berto@igalia.com

(diff)

2:04 AM Changeset in webkit [249477] by Philippe Normand

2 edits in trunk/Source/WebCore

[GStreamer] Sound is down-pitched when playing video from YLE Areena
https://bugs.webkit.org/show_bug.cgi?id=201399

Reviewed by Xabier Rodriguez-Calvar.

If the FDK-AAC decoder is available, promote it and downrank the
libav AAC decoders, due to their broken LC support, as reported in:
https://ffmpeg.org/pipermail/ffmpeg-devel/2019-July/247063.html

platform/graphics/gstreamer/GStreamerCommon.cpp:

(WebCore::initializeGStreamer):

1:37 AM Changeset in webkit [249476] by Kocsen Chung

7 edits in branches/safari-608-branch/Source

Versioning.

1:35 AM Changeset in webkit [249475] by Kocsen Chung

11 edits
6 adds in branches/safari-608-branch

Cherry-pick r249368. rdar://problem/55001166

Long presses that interrupt accelerated scrolling dispatch clicks on apps linked against iOS 12 or earlier
https://bugs.webkit.org/show_bug.cgi?id=201346
<rdar://problem/54885784>

Reviewed by Dean Jackson.

Source/WebKit:

For apps that are linked on or after iOS 13, we add a context menu interaction to the content view, which
requires us to disable (or avoid adding) the highlight long press gesture recognizer. However, for apps that are
linked on the iOS 12 SDK or prior, this gesture is still present, and fires when long pressing for (roughly) up
to 0.75 seconds if a tap gesture was not recognized instead. Firing this gesture sends a click event to the
page; this brings back some form of <rdar://problem/53889373>, but only when holding for slightly longer than a
normal tap, and also only in apps linked on iOS 12 or earlier. To fix this, we apply a similar solution as in
r248433 and detect whether a long press gesture interrupted scroll view deceleration in
-gestureRecognizerShouldBegin:. If so, we return NO to avoid clicking. See per-method comments below for more
details.

Testing this bug as-is was tricky, since there's no way in layout tests to simulate being linked on or before a
given SDK version. Luckily, recall that:

This bug occurs when the highlight gesture recognizer is enabled and added to the content view.
The highlight gesture recognizer only needs to be disabled or removed when context menu interaction is added. As such, we should be able to restore the highlight gesture recognizer by suppressing the context menu interaction in an app linked-on-or-after iOS 13, by setting allowsLinkPreview to NO. Unfortunately, this doesn't quite work, since we currently always avoid adding the highlight gesture recognizer if the app is linked on iOS 13 or later.

However, this means that the highlight gesture recognizer is absent from the content view in apps linked against
iOS 13 that disable link previews, even though its absence is not required. This means that long pressing a
clickable element in a web view that disables link previews does not show a tap highlight on iOS 13, whereas it
would on iOS 12; this is a regression, albeit a very subtle one. To fix this subtle issue and make it possible
to write a test for this bug, we refactor some logic for creating and configuring the highlight long press
gesture, such that we now unconditionally add the highlight gesture, but only enable it in apps linked on or
after iOS 13 if link previews (i.e. context menu interaction) are not allowed.

Test: fast/scrolling/ios/click-events-after-long-press-during-momentum-scroll-in-overflow.html

SourcesCocoa.txt:
UIProcess/API/Cocoa/WKWebView.mm: (-[WKWebView setAllowsLinkPreview:]):
UIProcess/ios/WKContentViewInteraction.h:
UIProcess/ios/WKContentViewInteraction.mm: (-[WKContentView setupInteraction]):

Refactor our gesture setup logic to always create and add the long press and highlight long press gestures, but
conditionally disable them based on whether or not (1) the context menu is available, and (2) WKWebView's
allowsLinkPreview property.

(-[WKContentView _didChangeLinkPreviewAvailability]):
(-[WKContentView _updateLongPressAndHighlightLongPressGestures]):

Add a new helper to update the enabled state of the long press and highlight long press gestures, by consulting
-_shouldUseContextMenu and -allowsLinkPreview. This is called when setting up the gestures, as well as whenever
-allowsLinkPreview changes.

(-[WKContentView gestureRecognizerShouldBegin:]):

Factor out logic to ascend the view hierarchy in search of a UIScrollView that was interrupted while
decelerating into a local lambda function; use this for both the highlight gesture and the single tap gesture,
to determine whether they should begin.

UIProcess/ios/WKHighlightLongPressGestureRecognizer.h: Added.
UIProcess/ios/WKHighlightLongPressGestureRecognizer.mm: Added.

In order to remember the UIScrollView (if any) tracked by the highlight long press gesture, we subclass
_UIWebHighlightLongPressGestureRecognizer. While UILongPressGestureRecognizer does have SPI to ask for a list of
UITouches, by the time the gesture has been recognized and the gesture delegates are invoked, these UITouches
no longer correspond to UIViews. As such, the only time we have access to the list of UITouches with their
UIViews is during the touches* subclass hooks.

(-[WKHighlightLongPressGestureRecognizer reset]):

Clear out the tracked UIScrollView here, when the gesture is reset (i.e. after ending, or being canceled).

(-[WKHighlightLongPressGestureRecognizer touchesBegan:withEvent:]):

Remember the last touched UIScrollView here.

(-[WKHighlightLongPressGestureRecognizer lastTouchedScrollView]):

WebKit.xcodeproj/project.pbxproj:

Tools:

Add a new test option to allow tests to disable link previews.

WebKitTestRunner/TestController.cpp: (WTR::updateTestOptionsFromTestHeader):
WebKitTestRunner/TestOptions.h:

Drive-by fix: also check enableLazyImageLoading when determining whether two TestOptions are the same.

(WTR::TestOptions::hasSameInitializationOptions const):

WebKitTestRunner/cocoa/TestControllerCocoa.mm: (WTR::TestController::platformCreateWebView):

LayoutTests:

Add a couple of new layout tests to verify that using a long press gesture to interrupt momentum scrolling in a
web view that uses API to disable link previews does not result in a click.

fast/scrolling/ios/click-events-after-long-press-during-momentum-scroll-in-main-frame-expected.txt: Added.
fast/scrolling/ios/click-events-after-long-press-during-momentum-scroll-in-main-frame.html: Added.
fast/scrolling/ios/click-events-after-long-press-during-momentum-scroll-in-overflow-expected.txt: Added.
fast/scrolling/ios/click-events-after-long-press-during-momentum-scroll-in-overflow.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249368 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:29 AM Changeset in webkit [249474] by Pablo Saavedra

4 edits in trunk/Source/WebCore

[GTK] Build failure in Debian Stable and Ubuntu LTS bots after r249427
https://bugs.webkit.org/show_bug.cgi?id=201434

Reviewed by Xabier Rodriguez-Calvar.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::GstVideoFrameHolder::waitForCPUSync):

1:20 AM Changeset in webkit [249473] by Kocsen Chung

8 edits
2 adds in branches/safari-608-branch

Cherry-pick r249147. rdar://problem/55001178

Removing fullscreen element in rAF() callback after requestFullscreen() can leave fullscreen in inconsistent state.
https://bugs.webkit.org/show_bug.cgi?id=201101
<rdar://problem/54164587>

Reviewed by Eric Carlson.

Source/WebCore:

Test: fullscreen/full-screen-request-removed-with-raf.html

Add a new state variable, m_pendingFullscreenElement, to track which element is about to
become the fullscreen element, so that when elements are removed or cancelFullscreen() is
called, the state machine inside the fullscreen algorithm can cancel effectively.

dom/FullscreenManager.cpp: (WebCore::FullscreenManager::requestFullscreenForElement): (WebCore::FullscreenManager::cancelFullscreen): (WebCore::FullscreenManager::exitFullscreen): (WebCore::FullscreenManager::willEnterFullscreen): (WebCore::FullscreenManager::willExitFullscreen): (WebCore::FullscreenManager::didExitFullscreen): (WebCore::FullscreenManager::adjustFullscreenElementOnNodeRemoval): (WebCore::FullscreenManager::clear): (WebCore::FullscreenManager::fullscreenElementRemoved): Deleted.
dom/FullscreenManager.h:

Source/WebKit:

Add more state to track in which direction the animation is flowing to allow in-process
animations to be cancelled more gracefully.

UIProcess/ios/fullscreen/WKFullScreenWindowControllerIOS.mm: (-[WKFullScreenWindowController enterFullScreen]): (-[WKFullScreenWindowController beganEnterFullScreenWithInitialFrame:finalFrame:]): (-[WKFullScreenWindowController requestExitFullScreen]): (-[WKFullScreenWindowController exitFullScreen]):
WebProcess/cocoa/VideoFullscreenManager.h: (WebKit::VideoFullscreenInterfaceContext::animationState const): (WebKit::VideoFullscreenInterfaceContext::setAnimationState): (WebKit::VideoFullscreenInterfaceContext::isAnimating const): Deleted. (WebKit::VideoFullscreenInterfaceContext::setIsAnimating): Deleted.
WebProcess/cocoa/VideoFullscreenManager.mm: (WebKit::VideoFullscreenManager::enterVideoFullscreenForVideoElement): (WebKit::VideoFullscreenManager::exitVideoFullscreenForVideoElement): (WebKit::VideoFullscreenManager::didEnterFullscreen): (WebKit::VideoFullscreenManager::didCleanupFullscreen):

LayoutTests:

fullscreen/full-screen-request-removed-with-raf-expected.txt: Added.
fullscreen/full-screen-request-removed-with-raf.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249147 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:20 AM Changeset in webkit [249472] by Kocsen Chung

4 edits in branches/safari-608-branch/Source/WebCore

Cherry-pick r249140. rdar://problem/55001152

Image pasted from screenshot into Mail compose window via share sheet has the wrong aspect ratio
https://bugs.webkit.org/show_bug.cgi?id=201171
<rdar://problem/54671275>

Reviewed by Tim Horton.

Augments an existing app-specific hack to include the Mail composition service, in addition to Mail.

platform/RuntimeApplicationChecks.h:
platform/cocoa/RuntimeApplicationChecksCocoa.mm: (WebCore::IOSApplication::isMailCompositionService):

Add a new bundle checking method for the Mail composition service (com.apple.MailCompositionService).

platform/ios/PlatformPasteboardIOS.mm: (WebCore::PlatformPasteboard::informationForItemAtIndex):

Only plumb the preferred presentation height through to the web process if the application is neither Mail nor
the Mail composition service. In the future, we should consider putting this hack behind SPI, or maybe only
expose the preferred presentation width in all apps (it isn't difficult to imagine a use case where a "Mail-
compose-like" web app has img { max-width: 100%; } in their stylesheet).

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249140 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:20 AM Changeset in webkit [249471] by Kocsen Chung

8 edits
2 adds in branches/safari-608-branch

Cherry-pick r249339. rdar://problem/55001170

Caret does not appear in text field inside a transformed, overflow: hidden container
https://bugs.webkit.org/show_bug.cgi?id=201317
<rdar://problem/54859264>

Reviewed by Simon Fraser.

Source/WebCore:

This patch refactors the heuristic for determining whether to suppress selection gestures and UI in a way that
fixes the corner case encountered in this bug. To understand why this test case fails with our existing
heuristic, consider the below test case.

Let's say we have an input field inside an "overflow: hidden;" container, which is positioned in such a way that
it is completely clipped by its enclosing container which is also "overflow: hidden". Our existing logic would
appropriately identify this as a hidden editable element.

However, let's now apply a transform to the input field's closest "overflow: hidden" ancestor, such that the
field is now visible. Since RenderLayer::offsetFromAncestor doesn't take transforms into account when we try to
find the offset of the "overflow: hidden" layer relative to the root view, we end up passing an offsetFromRoot
of (0, 100vw) to RenderLayer::calculateClipRects, which computes a background clip rect of (0, 0, 100vw, 100vh).

This means that at the end of RenderLayer::calculateClipRects, we end up intersecting the background clip rect
(0, 0, 100vw, 100vh) against (100vw, 0, 100vw, 100vh), which results in the empty rect, and subsequently makes
us believe we're editing a hidden editable element.

Instead of tacking on more logic to isTransparentOrFullyClippedRespectingParentFrames, we can fix this by using
RenderObject::computeVisibleRectInContainer instead, performing a similar walk up the render tree to compute the
visible rect of each focused element or subframe relative to its root. This is capable of taking transforms into
account. See comments below for more details.

Test: editing/selection/ios/show-selection-in-transformed-container-2.html

rendering/RenderLayer.cpp: (WebCore::RenderLayer::isTransparentRespectingParentFrames const):

Split out isTransparentOrFullyClippedRespectingParentFrames into two methods: RenderLayer's
isTransparentRespectingParentFrames, and RenderObject's hasNonEmptyVisibleRectRespectingParentFrames. The
transparency check starts at the enclosing layer and walks up the layer tree, while the non-empty visible rect
check looks for renderers that are completely empty relative to their root views.

rendering/RenderLayer.h:
rendering/RenderObject.cpp: (WebCore::RenderObject::hasNonEmptyVisibleRectRespectingParentFrames const):

Rewrite logic for detecting completely clipped editable areas (that formerly lived in
isTransparentOrFullyClippedRespectingParentFrames) to use computeVisibleRectInContainer instead.

rendering/RenderObject.h:

Source/WebKit:

Adjust isTransparentOrFullyClipped to use the new methods in RenderLayer and RenderObject. See WebCore ChangeLog
for more details.

WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::isTransparentOrFullyClipped const):

LayoutTests:

Add a new layout test that covers this scenario. See WebCore ChangeLog for additional detail.

editing/selection/ios/show-selection-in-transformed-container-2-expected.txt: Added.
editing/selection/ios/show-selection-in-transformed-container-2.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249339 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:19 AM Changeset in webkit [249470] by Kocsen Chung

3 edits
2 adds in branches/safari-608-branch

Cherry-pick r249296. rdar://problem/55001174

[iOS 13] Caret does not appear in text field if the body element is translated completely out of the viewport
https://bugs.webkit.org/show_bug.cgi?id=201287
<rdar://problem/54780864>

Reviewed by Tim Horton.

Source/WebKit:

During EditorState computation, we use the hidden editable element heuristic to determine whether we should
begin suppressing selection gestures and UI. Currently, we use the editable root of the selection range to
determine where in the layer tree we should start our ascent, in search of a completely transparent or
completely clipped container.

However, in the case where the selection is inside a focused text field, this causes us to walk up the layer
tree starting at the RenderLayer corresponding to the text field's inner contenteditable div, which is different
than the text field's enclosing RenderLayer in the case where the containing block is transformed, such that no
part of it is within the visible viewport. This scenario is exercised by the below test case, in which the caret
after transforming the body horizontally by -100vw is hidden due to a false positive in the hidden editable area
heuristic.

Fix this by starting the layer tree ascent from the enclosing layer of the text form control if applicable,
instead of the inner editable area under the shadow root of the form control.

Test: editing/selection/ios/show-selection-in-transformed-container.html

WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::platformEditorState const):

LayoutTests:

Add a new layout test that covers this scenario. See WebKit ChangeLog for additional detail.

editing/selection/ios/show-selection-in-transformed-container-expected.txt: Added.
editing/selection/ios/show-selection-in-transformed-container.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249296 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:19 AM Changeset in webkit [249469] by Kocsen Chung

4 edits
2 adds in branches/safari-608-branch

Cherry-pick r249230. rdar://problem/55001168

Reloading a web view with a fixed-width viewport and variable content width restores the previous page scale, shouldn't
https://bugs.webkit.org/show_bug.cgi?id=201256
<rdar://problem/54809509>

Reviewed by Simon Fraser.

Source/WebKit:

WebProcess/WebPage/ios/WebPageIOS.mm: (WebKit::WebPage::restorePageState): When restoring page state from a history item, if the saved scale was equal to the initial scale at the time it was saved, ignore the saved scale and use the current initial scale instead.

Normally this doesn't matter because a given page's initial scale doesn't usually change
between loads, but it totally can! See the test for one example of a way an API client
might cause this; you could also imagine something similar happening if the actual
page content changed.

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
TestWebKitAPI/Tests/WebKit/long-email-viewport.html: Added.
TestWebKitAPI/Tests/WebKitCocoa/ReloadWithDifferingInitialScale.mm: Added. (TestWebKitAPI::TEST): Add a test. I left many comments because I had a great deal of trouble writing this test and wanted to document my findings.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249230 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:19 AM Changeset in webkit [249468] by Kocsen Chung

4 edits
1 add in branches/safari-608-branch

Cherry-pick r249115. rdar://problem/55001212

Don't compute upconverted characters twice in buildQuery() in DataDetection.mm
<https://webkit.org/b/201144>
<rdar://problem/54689399>

Reviewed by Brent Fulgham.

Source/WebCore:

editing/cocoa/DataDetection.mm: (WebCore::buildQuery): Extract common variables to prevent double conversion for 8-bit strings.

Tools:

TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Add DataDetectorsTestIOS.mm to the project.
TestWebKitAPI/Tests/ios/DataDetectorsTestIOS.mm: Add a new test for Data Detectors for phone numbers.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249115 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:19 AM Changeset in webkit [249467] by Kocsen Chung

3 edits
2 adds in branches/safari-608-branch

Cherry-pick r249026. rdar://problem/55001375

Crash may happen when an SVG <feImage> element references the root <svg> element
https://bugs.webkit.org/show_bug.cgi?id=201014

Reviewed by Ryosuke Niwa.

Source/WebCore:

When an <feImage> references an <svg> element as its target image but
this <svg> element is also one of the ancestors of the <feImage>, the
parent <filter> should not be applied.

Test: svg/filters/filter-image-ref-root.html

svg/SVGFEImageElement.cpp: (WebCore::SVGFEImageElement::build const):

LayoutTests:

Ensure the cyclic reference between the <feImage> renderer and its
ancestor <svg> root renderer is broken.

svg/filters/filter-image-ref-root-expected.txt: Added.
svg/filters/filter-image-ref-root.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@249026 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:19 AM Changeset in webkit [249466] by Kocsen Chung

8 edits in branches/safari-608-branch/Source/JavaScriptCore

Cherry-pick r248824. rdar://problem/55001142

[JSC] WebAssembly BBQ should switch compile mode for size of modules
https://bugs.webkit.org/show_bug.cgi?id=200807

Reviewed by Mark Lam.

Some webpages use very large Wasm module, and it exhausts all executable memory in ARM64 devices since the size of executable memory region is 128MB.
The long term solution should be introducing Wasm interpreter. But as a short term solution, we introduce heuristics switching back to BBQ B3 at
the sacrifice of start-up time, since BBQ Air bloats such lengthy code, and thereby consumes a large amount of executable memory.

Currently, I picked 10MB since the reported website is using 11MB wasm module.

runtime/Options.h:
wasm/WasmAirIRGenerator.cpp: (JSC::Wasm::parseAndCompileAir):
wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::parseAndCompile):
wasm/WasmBBQPlan.cpp: (JSC::Wasm::BBQPlan::compileFunctions):
wasm/WasmModuleInformation.h:
wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseCode):
wasm/WasmStreamingParser.cpp: (JSC::Wasm::StreamingParser::parseCodeSectionSize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248824 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:19 AM Changeset in webkit [249465] by Kocsen Chung

3 edits
1 add in branches/safari-608-branch

Cherry-pick r248793. rdar://problem/55001191

[JSC] Promise.prototype.finally should accept non-promise objects
https://bugs.webkit.org/show_bug.cgi?id=200829

Reviewed by Mark Lam.

JSTests:

stress/promise-finally-should-accept-non-promise-objects.js: Added. (shouldBe): (Thenable): (Thenable.prototype.then):

Source/JavaScriptCore:

According to the Promise.prototype.finally spec step 2[1], we should check @isObject instead of @isPromise,
since Promise.prototype.finally should accept thenable objects that are defined by user libraries (like, bluebird for example).
This patch changes this check to the specified one.

[1]: https://tc39.es/proposal-promise-finally/

builtins/PromisePrototype.js: (finally):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248793 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:19 AM Changeset in webkit [249464] by Kocsen Chung

2 edits in branches/safari-608-branch/Source/WebKit

Cherry-pick r248698. rdar://problem/55001378

Fix the build when ENABLE(APPLE_PAY) is false.

Shared/Cocoa/WebCoreArgumentCodersCocoa.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248698 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:19 AM Changeset in webkit [249463] by Kocsen Chung

13 edits in branches/safari-608-branch/Source

Cherry-pick r248692. rdar://problem/55001378

[Cocoa] Add some WKA extension points
https://bugs.webkit.org/show_bug.cgi?id=200506
<rdar://problem/51682474>

Reviewed by Tim Horton.

Source/WebCore:

Modules/applepay/ApplePayPayment.h:
Modules/applepay/ApplePayPaymentMethod.h:
Modules/applepay/ApplePayRequestBase.cpp: (WebCore::finishConverting): (WebCore::convertAndValidate):
Modules/applepay/ApplePayRequestBase.h:
Modules/applepay/ApplePaySessionPaymentRequest.h:
Modules/applepay/PaymentCoordinatorClient.cpp: (WebCore::PaymentCoordinatorClient::supportsVersion):
Modules/applepay/cocoa/PaymentCocoa.mm: (WebCore::convert):
Modules/applepay/cocoa/PaymentMethodCocoa.mm: (WebCore::finishConverting): (WebCore::convert):

Source/WebKit:

Shared/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.mm: (WebKit::finishCreating): (WebKit::WebPaymentCoordinatorProxy::platformPaymentRequest):
Shared/Cocoa/WebCoreArgumentCodersCocoa.mm: (IPC::finishDecoding): (IPC::finishEncoding): (IPC::ArgumentCoder<ApplePaySessionPaymentRequest>::encode): (IPC::ArgumentCoder<ApplePaySessionPaymentRequest>::decode):
Shared/WebCoreArgumentCoders.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248692 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:19 AM Changeset in webkit [249462] by Kocsen Chung

10 edits in branches/safari-608-branch/Source/WebCore

Cherry-pick r248275. rdar://problem/55001373

[WebIDL] Support partial dictionaries and conditional dictionary members
https://bugs.webkit.org/show_bug.cgi?id=200441

Reviewed by Alex Christensen.

Added new bindings tests.

bindings/scripts/CodeGeneratorJS.pm: (GenerateDictionaryImplementationContent):
bindings/scripts/IDLParser.pm: (parsePartialDefinition): (parsePartialInterface): Deleted. (parsePartialDictionary): Deleted.
bindings/scripts/generate-bindings.pl: (generateBindings):
bindings/scripts/preprocess-idls.pl: (getPartialNamesFromIDL): (getPartialInterfaceNameFromIDL): Deleted.
bindings/scripts/test/JS/JSTestEventConstructor.cpp: (WebCore::convertDictionary<TestEventConstructor::Init>):
bindings/scripts/test/JS/JSTestStandaloneDictionary.cpp: (WebCore::convertDictionary<DictionaryImplName>): (WebCore::convertDictionaryToJS):
bindings/scripts/test/JS/JSTestStandaloneDictionary.h:
bindings/scripts/test/TestStandaloneDictionary.idl:
bindings/scripts/test/TestSupplemental.idl:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248275 268f45cc-cd09-0410-ab3c-d52691b4dbfc

1:16 AM Changeset in webkit [249461] by ysuzuki@apple.com

13 edits in trunk

[bmalloc] IsoTLSLayout and AllIsoHeaps registration is racy with derived class initialization with virtual functions
https://bugs.webkit.org/show_bug.cgi?id=201448

Reviewed by Mark Lam.

Source/bmalloc:

In the base class of IsoTLSEntry and IsoHeapImplBase, we register each instance with the per-process linked-list singleton to
offer a way to iterate all these instances. But since derived classes of IsoTLSEntry and IsoHeapImplBase have virtual functions,
the instance is not fully instantiated yet when executing the base constructor! In particular, the register instance needs vtable pointer
initialization in the derived constructor.

So, there is a race condition,

IsoTLSEntry adds itself to the global linked-list.
IsoTLSEntry's derived class is initializing the instance including vtable pointer, this happens because base and derived classes have virtual functions.
While doing (2), other thread iterates instances through (1)'s linked-list and call virtual functions

Then, crash happens because the instance vtable pointer hasn't been set to the derived class' vtable yet. IsoHeapImpl has the same problem.
This issue causes some crashes in bmalloc::Scavenger::scavenge / bmalloc::IsoTLS::ensureEntries.

In this patch,

We introduce IsoTLSEntryHolder, which initialize the TLS entry. And after fully initializing it, the holder registers the entry with the IsoTLSLayout singleton.
We call IsoHeapImplBase::addToAllIsoHeaps after IsoHeapImpl is fully initialized.
We put memory barrier in IsoTLSLayout since IsoTLSLayout::head does not take a lock.
We add unit-test that reliably reproduces IsoHeapImpl crash if we run this test ~10 times!

bmalloc/AllIsoHeaps.h:
bmalloc/IsoHeapImpl.h:
bmalloc/IsoHeapImplInlines.h:

(bmalloc::IsoHeapImpl<Config>::IsoHeapImpl):
(bmalloc::IsoHeapImpl<Config>::allocatorOffset):
(bmalloc::IsoHeapImpl<Config>::deallocatorOffset):

bmalloc/IsoHeapInlines.h:

(bmalloc::api::IsoHeap<Type>::initialize):

bmalloc/IsoTLSAllocatorEntry.h:
bmalloc/IsoTLSDeallocatorEntry.h:
bmalloc/IsoTLSEntry.cpp:

(bmalloc::IsoTLSEntry::IsoTLSEntry):

bmalloc/IsoTLSEntry.h:

(bmalloc::IsoTLSEntryHolder::IsoTLSEntryHolder):
(bmalloc::IsoTLSEntryHolder::operator* const):
(bmalloc::IsoTLSEntryHolder::operator*):
(bmalloc::IsoTLSEntryHolder::operator-> const):
(bmalloc::IsoTLSEntryHolder::operator->):

bmalloc/IsoTLSLayout.cpp:

(bmalloc::IsoTLSLayout::add):

bmalloc/IsoTLSLayout.h:

Tools:

TestWebKitAPI/Tests/WTF/bmalloc/IsoHeap.cpp:

(TEST):

1:14 AM Changeset in webkit [249460] by commit-queue@webkit.org

2 edits in trunk/LayoutTests

REGRESSION (r249364): Layout Test webgpu/texture-triangle-strip.html is Failing
https://bugs.webkit.org/show_bug.cgi?id=201425

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2019-09-04
Reviewed by Myles C. Maxfield.

The orientation of webgpu/resources/blue-checkered.png is OriginRightTop.
Because r249364 made the image orientation respected everywhere including
the canvas drawImage(), the expected result does not match the output of
the test anymore.

The fix is to change the the expected result to match the image drawing
when the image orientation is respected.

webgpu/js/webgpu-functions.js:

(drawGreenAndBlueCheckerboardInSoftware):

Sep 3, 2019:

11:31 PM Changeset in webkit [249459] by Kocsen Chung

7 edits in tags/Safari-609.1.3.1/Source

Versioning.

11:13 PM Changeset in webkit [249458] by mark.lam@apple.com

5 edits
1 add in trunk

Assertions in JSArrayBufferView::byteOffset() are only valid for the mutator thread.
https://bugs.webkit.org/show_bug.cgi?id=201309
<rdar://problem/54832121>

Reviewed by Yusuke Suzuki.

JSTests:

stress/JSArrayBufferView-byteOffset-is-racy-from-compiler-thread.js: Added.

Source/JavaScriptCore:

dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

runtime/JSArrayBufferView.h:
runtime/JSArrayBufferViewInlines.h:

(JSC::JSArrayBufferView::possiblySharedBufferImpl):
(JSC::JSArrayBufferView::possiblySharedBuffer):
(JSC::JSArrayBufferView::byteOffsetImpl):
(JSC::JSArrayBufferView::byteOffset):
(JSC::JSArrayBufferView::byteOffsetConcurrently):

11:13 PM Changeset in webkit [249457] by Kocsen Chung

1 copy in tags/Safari-609.1.3.1

New tag.

10:15 PM Changeset in webkit [249456] by Wenson Hsieh

2 edits in trunk/Source/WebCore

[macCatalyst] Unable to upload non-image files using drag and drop
https://bugs.webkit.org/show_bug.cgi?id=201438

Reviewed by Tim Horton.

On recent builds of macOS 10.15, NSItemProviders that are produced when dropping files from Finder into a
macCatalyst app no longer contain kUTTypeFileURL as a registered type identifier. This means that the current
heuristic for figuring out whether or not an item provider can be represented as a file upload is broken, since
it thinks all dropped content is inline data.

On iOS, we treat an NSItemProvider as an "uploaded" file as long as it hasn't been explicitly marked as inline
data, such as a dragged selection from a native text field. However, on macCatalyst, all item providers return
preferredPresentationStyle of UIPreferredPresentationStyleUnspecified, regardless of the source, so this check
is useless on macCatalyst since it would consider all dropped content as a file upload (text selections, plain
URLs, etc.).

Luckily, NSItemProvider's -suggestedName is now populated in recent macOS builds, which means we have a much
stronger (and more robust) hint that a dropped item provider is actually a file. For the time being, use this
instead of always returning NO.

platform/ios/WebItemProviderPasteboard.mm:

(-[WebItemProviderLoadResult canBeRepresentedAsFileUpload]):

Make a minor tweak to move the UIPreferredPresentationStyleInline check to shared code, such that when
<rdar://55002929> is fixed, our code will automatically correctly treat inline item providers that have been
explicitly marked as such.

9:54 PM Changeset in webkit [249455] by Antti Koivisto

17 edits in trunk/Source

Remove redundant painting phase arguments from GraphicsLayerClient functions
https://bugs.webkit.org/show_bug.cgi?id=201443

Reviewed by Simon Fraser.

Source/WebCore:

It is available from the GraphicsLayer.

page/PageOverlayController.cpp:

(WebCore::PageOverlayController::paintContents):

page/PageOverlayController.h:
page/mac/ServicesOverlayController.h:
page/mac/ServicesOverlayController.mm:

(WebCore::ServicesOverlayController::Highlight::paintContents):

platform/graphics/GraphicsLayer.cpp:

(WebCore::GraphicsLayer::paintGraphicsLayerContents):

platform/graphics/GraphicsLayerClient.h:

(WebCore::GraphicsLayerClient::paintContents):

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::paintIntoLayer):
(WebCore::RenderLayerBacking::paintFlagsForLayer const):

Factor into a function.

(WebCore::RenderLayerBacking::paintContents):

rendering/RenderLayerBacking.h:
rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::paintContents):

rendering/RenderLayerCompositor.h:

Source/WebKitLegacy/win:

WebView.cpp:

(WebView::paintContents):

WebView.h:

9:11 PM Changeset in webkit [249454] by pvollan@apple.com

2 edits in trunk/Source/WebKit

[macOS] Unable to open local file from favorites bar
https://bugs.webkit.org/show_bug.cgi?id=201444

Reviewed by Brent Fulgham.

The sandbox extension handle should be created providing the pid of the receiving process.

UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):

8:30 PM Changeset in webkit [249453] by mmaxfield@apple.com

6 edits
6 adds in trunk

[WHLSL] Implement SampleLevel(), SampleBias(), and SampleGrad()
https://bugs.webkit.org/show_bug.cgi?id=201385

Reviewed by Dean Jackson.

Source/WebCore:

These are used in the Babylon.js demo.

Tests: webgpu/whlsl/textures-sample-bias.html

webgpu/whlsl/textures-sample-grad.html
webgpu/whlsl/textures-sample-level.html

Modules/webgpu/WHLSL/AST/WHLSLNativeTypeDeclaration.h:
Modules/webgpu/WHLSL/Metal/WHLSLNativeFunctionWriter.cpp:

(WebCore::WHLSL::Metal::sampleType):
(WebCore::WHLSL::Metal::inlineNativeFunction):

Modules/webgpu/WHLSL/WHLSLIntrinsics.cpp:

(WebCore::WHLSL::Intrinsics::addFullTexture):
(WebCore::WHLSL::Intrinsics::addDepthTexture):

Modules/webgpu/WHLSL/WHLSLStandardLibrary.txt:

LayoutTests:

webgpu/whlsl/textures-sample-bias-expected.html: Added.
webgpu/whlsl/textures-sample-bias.html: Added.
webgpu/whlsl/textures-sample-grad-expected.html: Added.
webgpu/whlsl/textures-sample-grad.html: Added.
webgpu/whlsl/textures-sample-level-expected.html: Added.
webgpu/whlsl/textures-sample-level.html: Added.

8:13 PM Changeset in webkit [249452] by Chris Dumez

9 edits in trunk/Source

FrameLoader::FrameProgressTracker::progressCompleted() does not need a pageID
https://bugs.webkit.org/show_bug.cgi?id=201431

Reviewed by Antti Koivisto.

Source/WebCore:

FrameLoader::FrameProgressTracker::progressCompleted() does not need to request a pageID
from the client. It can merely pass the Page object and the upper layers can very easily
get the identifier of that page.

loader/FrameLoader.cpp:

(WebCore::FrameLoader::FrameProgressTracker::progressCompleted):

loader/LoaderStrategy.h:

Source/WebKit:

WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::pageLoadCompleted):

WebProcess/Network/WebLoaderStrategy.h:

Source/WebKitLegacy:

WebCoreSupport/WebResourceLoadScheduler.cpp:

(WebResourceLoadScheduler::pageLoadCompleted):

WebCoreSupport/WebResourceLoadScheduler.h:

7:57 PM Changeset in webkit [249451] by Devin Rousso

10 edits
2 copies
2 moves
1 add
1 delete in trunk/Source/WebInspectorUI

Web Inspector: provide a way to view XML/HTML/SVG resource responses as a DOM tree
https://bugs.webkit.org/show_bug.cgi?id=201046
<rdar://problem/54446087>

Reviewed by Joseph Pecoraro.

UserInterface/Views/ResourceClusterContentView.js:

(WI.ResourceClusterContentView):
(WI.ResourceClusterContentView.prototype.showRequest):
(WI.ResourceClusterContentView.prototype.showResponse):
(WI.ResourceClusterContentView.prototype.get customRequestDOMContentView): Added.
(WI.ResourceClusterContentView.prototype.get customRequestJSONContentView): Added.
(WI.ResourceClusterContentView.prototype.get customResponseDOMContentView): Added.
(WI.ResourceClusterContentView.prototype.get customResponseJSONContentView): Added.
(WI.ResourceClusterContentView.prototype.get customResponseTextContentView): Added.
(WI.ResourceClusterContentView.prototype._createPathComponent): Added.
(WI.ResourceClusterContentView.prototype._canShowCustomRequestContentView):
(WI.ResourceClusterContentView.prototype._canShowCustomResponseContentView):
(WI.ResourceClusterContentView.prototype._contentViewForResourceType):
(WI.ResourceClusterContentView.prototype._pathComponentForContentView):
(WI.ResourceClusterContentView.prototype._identifierForContentView):
(WI.ResourceClusterContentView.prototype._showContentViewForIdentifier):
(WI.ResourceClusterContentView.prototype._resourceLoadingDidFinish):
(WI.ResourceClusterContentView.prototype._canUseDOMContentViewForContent): Added.
(WI.ResourceClusterContentView.prototype._normalizeMIMETypeForDOM): Added.
(WI.ResourceClusterContentView.prototype._tryEnableCustomRequestContentViews): Added.
(WI.ResourceClusterContentView.prototype._tryEnableCustomResponseContentViews): Added.
(WI.ResourceClusterContentView.createPathComponent): Deleted.
(WI.ResourceClusterContentView.prototype._tryEnableCustomRequestContentView): Deleted.
(WI.ResourceClusterContentView.prototype._tryEnableCustomResponseContentView): Deleted.

UserInterface/Base/Main.js:

(WI.showResourceRequest):

UserInterface/Views/PathComponentIcons.css:

(.object-icon .icon): Added.

UserInterface/Main.html:
UserInterface/Views/SVGImageResourceClusterContentView.js: Removed.

Reworked to allow more than one custom request/response content view at the same time. As
such, merge the WI.SVGImageResourceClusterContentView into this class.

UserInterface/Views/LocalRemoteObjectContentView.js: Added.

(WI.LocalRemoteObjectContentView):
(WI.LocalRemoteObjectContentView.prototype.get expression):
(WI.LocalRemoteObjectContentView.prototype.renderRemoteObject):
(WI.LocalRemoteObjectContentView.prototype.initialLayout):
(WI.LocalRemoteObjectContentView.prototype.attached):
(WI.LocalRemoteObjectContentView.prototype.closed):

UserInterface/Views/LocalRemoteObjectContentView.css: Added.

(.content-view.local-remote-object):

UserInterface/Views/LocalDOMContentView.js: Added.

(WI.LocalDOMContentView):
(WI.LocalDOMContentView.prototype.get expression):
(WI.LocalDOMContentView.prototype.renderRemoteObject):

UserInterface/Views/LocalJSONContentView.js: Added.

(WI.LocalJSONContentView):
(WI.LocalJSONContentView.prototype.get expression):
(WI.LocalJSONContentView.prototype.renderRemoteObject):

UserInterface/Views/JSONContentView.js: Removed.
UserInterface/Views/JSONContentView.css: Removed.

Rework WI.JSONContentView into a more generic set of classes that render an object we send
to the inspected page for instrumentation.

UserInterface/Views/DOMTreeOutline.js:

(WI.DOMTreeOutline.prototype.populateContextMenu):
(WI.DOMTreeOutline.prototype._onmousemove):
(WI.DOMTreeOutline.prototype._onmouseout):
(WI.DOMTreeOutline.prototype._ondragstart):
(WI.DOMTreeOutline.prototype._ondragover):
(WI.DOMTreeOutline.prototype._ondragleave):
(WI.DOMTreeOutline.prototype._ondragend):
(WI.DOMTreeOutline.prototype._hideElements):

UserInterface/Views/DOMTreeElement.js:

(WI.DOMTreeElement.prototype.populateDOMNodeContextMenu):

UserInterface/Views/ContextMenuUtilities.js:

(WI.appendContextMenuItemsForDOMNode):
Ensure that interactions that would modify the DOM tree only happen when editable. If the
WI.DOMTreeOutline represents a "local" WI.DOMNode (one that's been sent to the inspected
page for instrumentation, and shouldn't be part of the main #document), don't allow any
editing actions to be performed.

UserInterface/Views/TextContentView.js:

(WI.TextContentView):
Allow a representedObject object to be provided and used instead of the given string.

Localizations/en.lproj/localizedStrings.js:
UserInterface/Images/Object.svg: Added.

7:26 PM Changeset in webkit [249450] by Devin Rousso

21 edits
3 adds in trunk

Web Inspector: implement blackboxing of script resources
https://bugs.webkit.org/show_bug.cgi?id=17240
<rdar://problem/5732847>

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

When a script is blackboxed and the debugger attempts to pause in that script, the pause
reason/data will be saved and execution will continue until it has left the blackboxed
script. Once outside, execution is paused with the saved reason/data.

This is especially useful when debugging issues using libraries/frameworks, as it allows the
developer to "skip" the internal logic of the library/framework and instead focus only on
how they're using it.

inspector/protocol/Debugger.json:

Add setShouldBlackboxURL command.

inspector/agents/InspectorDebuggerAgent.h:
inspector/agents/InspectorDebuggerAgent.cpp:

(Inspector::InspectorDebuggerAgent):
(Inspector::InspectorDebuggerAgent::enable):
(Inspector::InspectorDebuggerAgent::updatePauseReasonAndData): Added.
(Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
(Inspector::InspectorDebuggerAgent::cancelPauseOnNextStatement):
(Inspector::InspectorDebuggerAgent::setShouldBlackboxURL): Added.
(Inspector::InspectorDebuggerAgent::setPauseForInternalScripts):
(Inspector::InspectorDebuggerAgent::didParseSource):
(Inspector::InspectorDebuggerAgent::didPause):
(Inspector::InspectorDebuggerAgent::didContinue):
(Inspector::InspectorDebuggerAgent::breakProgram):
(Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
(Inspector::InspectorDebuggerAgent::clearPauseDetails): Added.
(Inspector::InspectorDebuggerAgent::clearBreakDetails): Deleted.
Renamed "break" to "pause" to match Debugger naming.

debugger/Debugger.h:
debugger/Debugger.cpp:

(JSC::Debugger::pauseIfNeeded):
(JSC::Debugger::setBlackboxType): Added.
(JSC::Debugger::clearBlackbox): Added.
(JSC::Debugger::isBlacklisted const): Deleted.
(JSC::Debugger::addToBlacklist): Deleted.
(JSC::Debugger::clearBlacklist): Deleted.

Source/WebInspectorUI:

UserInterface/Controllers/DebuggerManager.js:

(WI.DebuggerManager):
(WI.DebuggerManager.prototype.initializeTarget):
(WI.DebuggerManager.supportsBlackboxingScripts): Added.
(WI.DebuggerManager.pauseReasonFromPayload): Added.
(WI.DebuggerManager.prototype.isScriptBlackboxed): Added.
(WI.DebuggerManager.prototype.setShouldBlackboxScript): Added.
(WI.DebuggerManager.prototype._pauseReasonFromPayload):
(WI.DebuggerManager.prototype._pauseReasonFromPayload): Deleted.

UserInterface/Models/SourceCode.js:

(WI.SourceCode.prototype.get isScript): Added.
(WI.SourceCode.prototype.get supportsScriptBlackboxing): Added.

UserInterface/Models/Script.js:

(WI.Script.prototype.get isScript): Added.

UserInterface/Models/Resource.js:

(WI.Resource.prototype.get isScript): Added.
Provide a more straightforward way of determining if a WI.SourceCode is a script.

UserInterface/Views/DebuggerSidebarPanel.js:

(WI.DebuggerSidebarPanel.prototype._updatePauseReason):
(WI.DebuggerSidebarPanel.prototype._updatePauseReasonSection):

UserInterface/Views/SourcesNavigationSidebarPanel.js:

(WI.SourcesNavigationSidebarPanel.prototype._updatePauseReason):
(WI.SourcesNavigationSidebarPanel.prototype._updatePauseReasonSection):
Display the original pause reason and breakpoint (if applicable) when pausing after leaving
a blackboxed script.

UserInterface/Views/SourceCodeTreeElement.js:

(WI.SourceCodeTreeElement.prototype.canSelectOnMouseDown): Added.
(WI.SourceCodeTreeElement.prototype.updateStatus): Added.
(WI.SourceCodeTreeElement.prototype._updateSourceCode):
(WI.SourceCodeTreeElement.prototype._updateToggleBlackboxImageElementState): Added.
(WI.SourceCodeTreeElement.prototype._handleToggleBlackboxedImageElementClick): Added.

UserInterface/Views/SourceCodeTreeElement.css: Added.

(.tree-outline .item .status > .toggle-script-blackboxed):
(.tree-outline:not(.navigation-sidebar-panel-content-tree-outline) .item .status > .toggle-script-blackboxed,):
(.tree-outline:focus .item.selected .status > .toggle-script-blackboxed):
(.tree-outline .item .status > .toggle-script-blackboxed.blackboxed):
(@media (prefers-color-scheme: dark) .tree-outline .item .status > .toggle-script-blackboxed):

UserInterface/Views/ResourceTreeElement.js:

(WI.ResourceTreeElement.prototype._updateResource):
(WI.ResourceTreeElement.prototype.updateStatus): Added.
(WI.ResourceTreeElement.prototype._updateStatus): Deleted.
Make sure that the loading indicator doesn't override the blackbox toggle.

UserInterface/Base/Setting.js:

(WI.Setting.prototype.set value):
(WI.Setting.prototype.save): Added.
When modifying an array value, that doesn't go through WI.Setting.prototype.set value, so
we need a more "manual" way of saving the new value.

UserInterface/Main.html:
Localizations/en.lproj/localizedStrings.js:

UserInterface/Test/TestHarness.js:

(TestHarness.prototype.newline): Added.
(TestHarness.prototype.expectException):
Add a special case for logging error message objects when running protocol tests.

LayoutTests:

inspector/debugger/setShouldBlackboxURL.html: Added.
inspector/debugger/setShouldBlackboxURL-expected.txt: Added.

inspector/model/remote-object-api-expected.txt:

Update output since WI.TestHarness.prototype.expectException now logs the .constructor.name.

6:47 PM Changeset in webkit [249449] by mark.lam@apple.com

11 edits in trunk/Source/JavaScriptCore

Remove the need to pass performJITMemcpy as a pointer.
https://bugs.webkit.org/show_bug.cgi?id=201413

Reviewed by Michael Saboff.

We want performJITMemcpy to always be inlined. In this patch, we also clean up
some template parameters to use enums instead of booleans to better document the
intent of the code.

assembler/ARM64Assembler.h:

(JSC::ARM64Assembler::fillNops):
(JSC::ARM64Assembler::linkJump):
(JSC::ARM64Assembler::linkCall):
(JSC::ARM64Assembler::relinkJump):
(JSC::ARM64Assembler::relinkCall):
(JSC::ARM64Assembler::link):
(JSC::ARM64Assembler::linkJumpOrCall):
(JSC::ARM64Assembler::linkCompareAndBranch):
(JSC::ARM64Assembler::linkConditionalBranch):
(JSC::ARM64Assembler::linkTestAndBranch):
(JSC::ARM64Assembler::relinkJumpOrCall):
(JSC::ARM64Assembler::CopyFunction::CopyFunction): Deleted.
(JSC::ARM64Assembler::CopyFunction::operator()): Deleted.

assembler/ARMv7Assembler.h:

(JSC::ARMv7Assembler::fillNops):
(JSC::ARMv7Assembler::link):
(JSC::ARMv7Assembler::linkJumpT1):
(JSC::ARMv7Assembler::linkJumpT2):
(JSC::ARMv7Assembler::linkJumpT3):
(JSC::ARMv7Assembler::linkJumpT4):
(JSC::ARMv7Assembler::linkConditionalJumpT4):
(JSC::ARMv7Assembler::linkBX):
(JSC::ARMv7Assembler::linkConditionalBX):

assembler/AbstractMacroAssembler.h:

(JSC::AbstractMacroAssembler::emitNops):

assembler/LinkBuffer.cpp:

(JSC::LinkBuffer::copyCompactAndLinkCode):

assembler/MIPSAssembler.h:

(JSC::MIPSAssembler::fillNops):

assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::link):

assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::link):

assembler/X86Assembler.h:

(JSC::X86Assembler::fillNops):

jit/ExecutableAllocator.h:

(JSC::performJITMemcpy):

runtime/JSCPtrTag.h:

5:39 PM Changeset in webkit [249448] by dino@apple.com

2 edits in trunk/Tools

Test for ContextMenus with images
https://bugs.webkit.org/show_bug.cgi?id=201437

Reviewed by Wenson Hsieh.

Add a test for ContextMenus that trigger on images, and make
sure that they ask for alternate URLs (added in r249171).

TestWebKitAPI/Tests/WebKitCocoa/ContextMenus.mm:

(contextMenuWebViewDriver):
(-[TestContextMenuImageUIDelegate _webView:contextMenuConfigurationForElement:completionHandler:]):
(-[TestContextMenuImageUIDelegate _webView:alternateURLFromImage:userInfo:]):
(-[TestContextMenuImageUIDelegate webView:contextMenuWillPresentForElement:]):
(-[TestContextMenuImageUIDelegate webView:contextMenuForElement:willCommitWithAnimator:]):
(-[TestContextMenuImageUIDelegate webView:contextMenuDidEndForElement:]):
(TEST):

5:35 PM Changeset in webkit [249447] by Devin Rousso

2 edits in trunk/LayoutTests

REGRESSION (r249132): [macOS WK2] Layout Test inspector/layers/layerTreeDidChange.html is a flaky failure
https://bugs.webkit.org/show_bug.cgi?id=201435

Reviewed by Joseph Pecoraro.

r249132 changed the InspectorLayerTreeAgent to reset the flag that controls whether the
frontend should be notified about layer changes when disable is called, which happens when
Web Inspector disconnects.

Sometimes, a layer change event can be "in flight" when this happens, meaning that the Web
Inspector frontend can receive a layer change event before it requests the new layer data.

This is normally handled by the Web Inspector UI, as the associated DOM node would no longer
exist, so the UI paths would early return.

inspector/layers/layerTreeDidChange.html:

Only listen for layer change events once we've triggered a guaranteed layer update, as any
"in flight" events from previous tests could be incorrectly logged as part of this test.

5:20 PM Changeset in webkit [249446] by Justin Fan

2 edits
2 adds in trunk/Websites/webkit.org

[WebGPU] Add compute-boids to WebGPU demo page
https://bugs.webkit.org/show_bug.cgi?id=201416

Reviewed by Dean Jackson.

Add the compute-boids demo for use with STP 91.

demos/webgpu/compute-boids.html: Added.
demos/webgpu/index.html:
demos/webgpu/resources/compute-boids.png: Added.

4:37 PM Changeset in webkit [249445] by Devin Rousso

10 edits in trunk

REGRESSION (r249078): Flaky crash in com.apple.JavaScriptCore: Inspector::InjectedScriptModule::ensureInjected
https://bugs.webkit.org/show_bug.cgi?id=201201
<rdar://problem/54771560>

Reviewed by Joseph Pecoraro.

Source/JavaScriptCore:

inspector/InjectedScriptSource.js:

(let.InjectedScript.prototype.injectModule):
(let.InjectedScript.prototype._evaluateOn):
(CommandLineAPI):
(let.InjectedScript.prototype.setInspectObject): Deleted.
(let.InjectedScript.prototype.addCommandLineAPIGetter): Deleted.
(let.InjectedScript.prototype.addCommandLineAPIMethod.func.toString): Deleted.
(let.InjectedScript.prototype.addCommandLineAPIMethod): Deleted.
(InjectedScript.CommandLineAPI): Deleted.
Allow injected script "extensions" (e.g. CommandLineAPIModuleSource.js) to modify objects
directly, instead of having them call functions.

inspector/InjectedScriptModule.cpp:

(Inspector::InjectedScriptModule::ensureInjected):
Make sure to reset hadException to false before making another call.

Source/WebCore:

Tests: inspector/debugger/tail-deleted-frames-this-value.html

inspector/heap/getRemoteObject.html

inspector/CommandLineAPIModuleSource.js:

Avoid executing functions when injecting. Instead, modify the CommandLineAPI directly.

LayoutTests:

inspector/debugger/tail-deleted-frames-this-value.html:
inspector/debugger/tail-deleted-frames-this-value-expected.txt:
inspector/debugger/resources/tail-deleted-frames-this-value.js:
inspector/timeline/line-column-expected.txt:

4:21 PM Changeset in webkit [249444] by timothy_horton@apple.com

2 edits in trunk/Source/WebKit

Null deref under -[WKWebView _addUpdateVisibleContentRectPreCommitHandler]'s handler block
https://bugs.webkit.org/show_bug.cgi?id=201436
<rdar://problem/40640475>

Reviewed by Simon Fraser.

UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView dealloc]):
(-[WKWebView _addUpdateVisibleContentRectPreCommitHandler]):
We crash sending a message to a deallocated WKWebView inside the handler block
passed to +[CATransaction addCommitHandler:]. This seems impossible, because
we carefully retain it, but it's possible that it could be the result of
the handler block being installed under -dealloc (in which case retaining
the WKWebView wouldn't actually extend its lifetime). -[WKWebView dealloc]
is fairly sizable, and it's hard to follow all paths from it, so instead
add a RELEASE_LOG_FAULT, so we'll get simulated crash logs, and bail,
so we'll stop actually crashing (if this is the cause).

This is just a speculative fix, but a hopeful one, since intentionally calling
-_addUpdateVisibleContentRectPreCommitHandler: from dealloc yields a similar-looking
crash under the handler block.

2:52 PM Changeset in webkit [249443] by Jonathan Bedard

9 edits in trunk/Tools

results.webkit.org: Move legend into sidebar
https://bugs.webkit.org/show_bug.cgi?id=201258

Rubber-stamped by Aakash Jain.

resultsdbpy/resultsdbpy/view/static/js/timeline.js:

(Legend): Make the legend vertical instead of horizontal, add ToolTip to dots in the legend.

resultsdbpy/resultsdbpy/view/static/js/tooltip.css: Add left and right tooltip arrows.
resultsdbpy/resultsdbpy/view/static/js/tooltip.js:

(isPointInElement): Make bound check include borders.
(_ToolTip.toString): Add left/right cases.
(_ToolTip.prototype.setByElement): Set the tooltip location given an element.

resultsdbpy/resultsdbpy/view/templates/search.html: Put the legend into the sidebar.
resultsdbpy/resultsdbpy/view/templates/suite_results.html: Ditto.

1:35 PM Changeset in webkit [249442] by Alan Bujtas

2 edits in trunk/Source/WebCore

[LFC][TFC] Initialize <thead><tbody><tfoot> display boxes.
https://bugs.webkit.org/show_bug.cgi?id=201235
<rdar://problem/54807060>

Reviewed by Antti Koivisto.

Set them as blank for now.

layout/tableformatting/TableFormattingContext.cpp:

(WebCore::Layout::TableFormattingContext::layout const):

1:05 PM Changeset in webkit [249441] by Alan Bujtas

7 edits in trunk/Source/WebCore

[LFC][Floating] Replace all LayoutState::displayBoxForLayoutBox() calls with FormattingContext::displayBoxForLayoutBox()
https://bugs.webkit.org/show_bug.cgi?id=201414
<rdar://problem/54963302>

Reviewed by Antti Koivisto.

Fix the final LayoutState::displayBoxForLayoutBox() callsites. Now all displayBoxForLayoutBox() calls are directed to the
established FormattingContext.

layout/FormattingContext.cpp:

(WebCore::Layout::mapHorizontalPositionToAncestor):
(WebCore::Layout::FormattingContext::mapLeftToAncestor const):
(WebCore::Layout::FormattingContext::mapRightToAncestor const):
(WebCore::Layout::FormattingContext::mapBoxToAncestor const):
(WebCore::Layout::FormattingContext::mapTopToAncestor const):
(WebCore::Layout::FormattingContext::mapPointToAncestor const):
(WebCore::Layout::FormattingContext::mapPointToDescendent const):
(WebCore::Layout::FormattingContext::mapLeftToAncestor): Deleted.
(WebCore::Layout::FormattingContext::mapRightToAncestor): Deleted.
(WebCore::Layout::FormattingContext::mapBoxToAncestor): Deleted.
(WebCore::Layout::FormattingContext::mapTopToAncestor): Deleted.
(WebCore::Layout::FormattingContext::mapPointToAncestor): Deleted.
(WebCore::Layout::FormattingContext::mapPointToDescendent): Deleted.

layout/FormattingContext.h:

(WebCore::Layout::FormattingContext::root const):
(WebCore::Layout::FormattingContext::formattingState const):

layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::layout):
(WebCore::Layout::BlockFormattingContext::usedAvailableWidthForFloatAvoider const):

layout/floats/FloatingContext.cpp:

(WebCore::Layout::mapToFormattingContextRoot):
(WebCore::Layout::FloatingContext::FloatingContext):
(WebCore::Layout::FloatingContext::positionForFloat const):
(WebCore::Layout::FloatingContext::positionForFormattingContextRoot const):
(WebCore::Layout::FloatingContext::verticalPositionWithClearance const):
(WebCore::Layout::FloatingContext::constraints const):
(WebCore::Layout::FloatingContext::append):

layout/floats/FloatingContext.h:

(WebCore::Layout::FloatingContext::formattingContext const):
(WebCore::Layout::FloatingContext::root const):

layout/inlineformatting/InlineFormattingContextLineLayout.cpp:

(WebCore::Layout::InlineFormattingContext::InlineLayout::layout const):
(WebCore::Layout::InlineFormattingContext::InlineLayout::createDisplayRuns const):

12:55 PM Changeset in webkit [249440] by Simon Fraser

5 edits in trunk/Source/WebCore

Cache "compositingAncestor" during the compositing updateBackingAndHierarchy() tree walk
https://bugs.webkit.org/show_bug.cgi?id=201403

Reviewed by Antti Koivisto.

Finding a layer's compositingAncestor requires an ancestor tree walk. We can avoid this during
compositing updates, since we're already in the middle of a paint-order tree walk, and can just
keep track of the current compositingAncestor on the way down.

Shaves a few % off time in updateCompositingLayers().

rendering/RenderLayerBacking.cpp:

(WebCore::RenderLayerBacking::updateConfiguration):
(WebCore::ComputedOffsets::ComputedOffsets):
(WebCore::ComputedOffsets::fromAncestorGraphicsLayer):
(WebCore::RenderLayerBacking::computePrimaryGraphicsLayerRect const):
(WebCore::RenderLayerBacking::updateGeometry):

rendering/RenderLayerBacking.h:
rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::UpdateBackingTraversalState::UpdateBackingTraversalState):
(WebCore::RenderLayerCompositor::UpdateBackingTraversalState::stateForDescendants const):
(WebCore::RenderLayerCompositor::updateCompositingLayers):
(WebCore::RenderLayerCompositor::computeCompositingRequirements):
(WebCore::RenderLayerCompositor::updateBackingAndHierarchy):
(WebCore::RenderLayerCompositor::updateLayerCompositingState):
(WebCore::RenderLayerCompositor::computeCoordinatedPositioningForLayer const):
(WebCore::RenderLayerCompositor::coordinatedScrollingRolesForLayer const):
(WebCore::RenderLayerCompositor::updateScrollCoordinationForLayer):
(WebCore::RenderLayerCompositor::updateScrollingNodeForPositioningRole):

rendering/RenderLayerCompositor.h:

12:53 PM Changeset in webkit [249439] by Alan Bujtas

7 edits in trunk/Source/WebCore

[LFC] FloatingState should not need to query for display boxes.
https://bugs.webkit.org/show_bug.cgi?id=201408
<rdar://problem/54958348>

Reviewed by Antti Koivisto.

This is in preparation for transitioning the floating codebase to use the formatting context for
retrieving display boxes.
FloatingContext should be responsible for adding/removing the new/existing float boxes to the state.

layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::layoutFormattingContextRoot):

layout/floats/FloatingContext.cpp:

(WebCore::Layout::FloatingContext::append):
(WebCore::Layout::FloatingContext::remove):

layout/floats/FloatingContext.h:
layout/floats/FloatingState.cpp:

(WebCore::Layout::FloatingState::append):
(WebCore::Layout::belongsToThisFloatingContext): Deleted.

layout/floats/FloatingState.h:

(WebCore::Layout::FloatingState::FloatItem::horizontalMargin const):

layout/inlineformatting/InlineFormattingContextLineLayout.cpp:

(WebCore::Layout::InlineFormattingContext::InlineLayout::createDisplayRuns const):

12:48 PM Changeset in webkit [249438] by Alan Bujtas

3 edits in trunk/Source/WebCore

[LFC][Floats] Do not pass FloatingState to FloatItem
https://bugs.webkit.org/show_bug.cgi?id=201406
<rdar://problem/54957097>

Reviewed by Antti Koivisto.

This is in preparation for transitioning the floating codebase to use the formatting context for
retrieving display boxes. Now FloatItems don't need the FloatingState to compute absolute display boxes.

layout/floats/FloatingState.cpp:

(WebCore::Layout::FloatingState::FloatItem::FloatItem):
(WebCore::Layout::FloatingState::append):

layout/floats/FloatingState.h:

12:21 PM Changeset in webkit [249437] by Alan Bujtas

7 edits in trunk/Source/WebCore

[LFC][Floats] Do not pass FloatingState to FloatAvoider/FloatBox
https://bugs.webkit.org/show_bug.cgi?id=201405
<rdar://problem/54956381>

Reviewed by Antti Koivisto.

This is in preparation for transitioning the floating codebase to use the formatting context for
retrieving display boxes. Now FloatAvoiders/FloatBoxes don't need the FloatingState to compute absolute display boxes.

layout/floats/FloatAvoider.cpp:

(WebCore::Layout::FloatAvoider::FloatAvoider):
(WebCore::Layout::FloatAvoider::setHorizontalConstraints):
(WebCore::Layout::FloatAvoider::initialHorizontalPosition const):
(WebCore::Layout::FloatAvoider::overflowsContainingBlock const):
(WebCore::Layout::FloatAvoider::rectInContainingBlock const):

layout/floats/FloatAvoider.h:

(WebCore::Layout::FloatAvoider::floatingState const): Deleted.

layout/floats/FloatBox.cpp:

(WebCore::Layout::FloatBox::FloatBox):
(WebCore::Layout::FloatBox::initialVerticalPosition const):

layout/floats/FloatBox.h:
layout/floats/FloatingContext.cpp:

(WebCore::Layout::mapToFormattingContextRoot):
(WebCore::Layout::FloatingContext::positionForFloat const):
(WebCore::Layout::FloatingContext::positionForFormattingContextRoot const):

platform/graphics/LayoutPoint.h:

(WebCore::LayoutPoint::isZero const):

11:56 AM Changeset in webkit [249436] by jiewen_tan@apple.com

9 edits in trunk

[WebAuthn] Enable WebAuthn by default for MobileSafari and SafariViewService
https://bugs.webkit.org/show_bug.cgi?id=201369
<rdar://problem/54903724>

Reviewed by Brent Fulgham.

Source/WebCore:

platform/RuntimeApplicationChecks.h:
platform/cocoa/RuntimeApplicationChecksCocoa.mm:

(WebCore::IOSApplication::isSafariViewService):
Adds a way to detect SafariViewService.

Source/WebKit:

Communications to security keys require entitlements, which are not guaranteed to be present in third party
WKWebView clients. Therefore, only enable WebAuthn by default for MobileSafari and SafariViewService.

Shared/WebPreferences.yaml:
Shared/WebPreferencesDefaultValues.cpp:

(WebKit::defaultWebAuthenticationEnabled):

Shared/WebPreferencesDefaultValues.h:

LayoutTests:

http/wpt/webauthn/public-key-credential-get-success-nfc.https.html:

Imporves the test a bit.

11:37 AM Changeset in webkit [249435] by Chris Dumez

39 edits in trunk/Source/WebKit

Rename WebPage::pageID() to WebPage::identifier()
https://bugs.webkit.org/show_bug.cgi?id=201428

Reviewed by Antti Koivisto.

Shared/API/Cocoa/WKBrowsingContextHandle.mm:

(-[WKBrowsingContextHandle _initWithPage:]):

WebProcess/ApplePay/WebPaymentCoordinator.cpp:

(WebKit::WebPaymentCoordinator::WebPaymentCoordinator):
(WebKit::WebPaymentCoordinator::showPaymentUI):
(WebKit::WebPaymentCoordinator::messageSenderDestinationID const):

WebProcess/Network/WebLoaderStrategy.cpp:

(WebKit::WebLoaderStrategy::loadResourceSynchronously):
(WebKit::WebLoaderStrategy::preconnectTo):

WebProcess/Notifications/WebNotificationManager.cpp:

(WebKit::WebNotificationManager::show):
(WebKit::WebNotificationManager::cancel):
(WebKit::WebNotificationManager::clearNotifications):
(WebKit::WebNotificationManager::didDestroyNotification):

WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp:

(WebKit::WebAuthenticatorCoordinator::WebAuthenticatorCoordinator):

WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::windowRect):
(WebKit::WebChromeClient::focusedFrameChanged):
(WebKit::WebChromeClient::createWindow):
(WebKit::WebChromeClient::testProcessIncomingSyncMessagesWhenWaitingForSyncReply):
(WebKit::WebChromeClient::toolbarsVisible):
(WebKit::WebChromeClient::statusbarVisible):
(WebKit::WebChromeClient::menubarVisible):
(WebKit::WebChromeClient::wrapCryptoKey const):
(WebKit::WebChromeClient::unwrapCryptoKey const):
(WebKit::WebChromeClient::signedPublicKeyAndChallengeString const):

WebProcess/WebCoreSupport/WebColorChooser.cpp:

(WebKit::WebColorChooser::WebColorChooser):
(WebKit::WebColorChooser::reattachColorChooser):
(WebKit::WebColorChooser::setSelectedColor):
(WebKit::WebColorChooser::endChooser):

WebProcess/WebCoreSupport/WebDataListSuggestionPicker.cpp:

(WebKit::WebDataListSuggestionPicker::handleKeydownWithIdentifier):
(WebKit::WebDataListSuggestionPicker::close):
(WebKit::WebDataListSuggestionPicker::displayWithActivationType):

WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:

(WebKit::WebFrameLoaderClient::pageID const):
(WebKit::WebFrameLoaderClient::dispatchDidFailProvisionalLoad):
(WebKit::WebFrameLoaderClient::dispatchDidFailLoad):

WebProcess/WebCoreSupport/WebPopupMenu.cpp:

(WebKit::WebPopupMenu::show):
(WebKit::WebPopupMenu::hide):

WebProcess/WebCoreSupport/WebSearchPopupMenu.cpp:

(WebKit::WebSearchPopupMenu::saveRecentSearches):
(WebKit::WebSearchPopupMenu::loadRecentSearches):

WebProcess/WebCoreSupport/ios/WebFrameLoaderClientIOS.mm:

(WebKit::WebFrameLoaderClient::createPreviewLoaderClient):

WebProcess/WebPage/Cocoa/TextCheckingControllerProxy.mm:

(WebKit::TextCheckingControllerProxy::TextCheckingControllerProxy):
(WebKit::TextCheckingControllerProxy::~TextCheckingControllerProxy):

WebProcess/WebPage/Cocoa/WebRemoteObjectRegistry.cpp:

(WebKit::WebRemoteObjectRegistry::WebRemoteObjectRegistry):
(WebKit::WebRemoteObjectRegistry::close):

WebProcess/WebPage/EventDispatcher.cpp:

(WebKit::EventDispatcher::addScrollingTreeForPage):
(WebKit::EventDispatcher::removeScrollingTreeForPage):
(WebKit::EventDispatcher::clearQueuedTouchEventsForPage):
(WebKit::EventDispatcher::getQueuedTouchEventsForPage):

WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm:

(WebKit::RemoteLayerTreeDrawingArea::RemoteLayerTreeDrawingArea):
(WebKit::RemoteLayerTreeDrawingArea::flushLayers):

WebProcess/WebPage/RemoteLayerTree/RemoteScrollingCoordinator.mm:

(WebKit::RemoteScrollingCoordinator::RemoteScrollingCoordinator):
(WebKit::RemoteScrollingCoordinator::~RemoteScrollingCoordinator):

WebProcess/WebPage/RemoteWebInspectorUI.cpp:

(WebKit::RemoteWebInspectorUI::sendMessageToBackend):
(WebKit::RemoteWebInspectorUI::changeSheetRect):
(WebKit::RemoteWebInspectorUI::startWindowDrag):
(WebKit::RemoteWebInspectorUI::bringToFront):
(WebKit::RemoteWebInspectorUI::closeWindow):
(WebKit::RemoteWebInspectorUI::reopen):
(WebKit::RemoteWebInspectorUI::resetState):
(WebKit::RemoteWebInspectorUI::openInNewTab):
(WebKit::RemoteWebInspectorUI::save):
(WebKit::RemoteWebInspectorUI::append):
(WebKit::RemoteWebInspectorUI::showCertificate):

WebProcess/WebPage/ViewGestureGeometryCollector.cpp:

(WebKit::ViewGestureGeometryCollector::ViewGestureGeometryCollector):
(WebKit::ViewGestureGeometryCollector::~ViewGestureGeometryCollector):

WebProcess/WebPage/WebBackForwardListProxy.cpp:

(WebKit::WebBackForwardListProxy::itemAtIndex):
(WebKit::WebBackForwardListProxy::backListCount const):
(WebKit::WebBackForwardListProxy::forwardListCount const):

WebProcess/WebPage/WebInspector.cpp:

(WebKit::WebInspector::openLocalInspectorFrontend):
(WebKit::WebInspector::closeFrontendConnection):
(WebKit::WebInspector::bringToFront):
(WebKit::WebInspector::elementSelectionChanged):
(WebKit::WebInspector::timelineRecordingChanged):
(WebKit::WebInspector::setMockCaptureDevicesEnabledOverride):
(WebKit::WebInspector::updateDockingAvailability):

WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::WebPage):
(WebKit::m_textAutoSizingAdjustmentTimer):
(WebKit::WebPage::messageSenderDestinationID const):
(WebKit::WebPage::close):
(WebKit::WebPage::goToBackForwardItem):
(WebKit::WebPage::setFixedLayoutSize):
(WebKit::WebPage::freezeLayerTree):
(WebKit::WebPage::unfreezeLayerTree):
(WebKit::WebPage::restoreSessionInternal):
(WebKit::WebPage::setCurrentHistoryItemForReattach):
(WebKit::WebPage::updateIsInWindow):
(WebKit::WebPage::setActivityState):
(WebKit::WebPage::mainFrameDidLayout):
(WebKit::WebPage::didCommitLoad):
(WebKit::WebPage::hasStorageAccess):
(WebKit::WebPage::requestStorageAccess):
(WebKit::WebPage::textInputContextsInRect):
(WebKit::WebPage::elementForTextInputContext):

WebProcess/WebPage/WebPage.h:

(WebKit::WebPage::identifier const):
(WebKit::WebPage::pageID const): Deleted.

WebProcess/WebPage/WebPageInspectorTarget.cpp:

(WebKit::WebPageInspectorTarget::identifier const):

WebProcess/WebPage/mac/WKAccessibilityWebPageObjectBase.mm:

(-[WKAccessibilityWebPageObjectBase setWebPage:]):

WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::executeKeypressCommandsInternal):

WebProcess/WebProcess.cpp:

(WebKit::WebProcess::transformObjectsToHandles):

WebProcess/WebStorage/StorageNamespaceImpl.cpp:

(WebKit::StorageNamespaceImpl::copy):

WebProcess/WebStorage/WebStorageNamespaceProvider.cpp:

(WebKit::WebStorageNamespaceProvider::createSessionStorageNamespace):

WebProcess/cocoa/PlaybackSessionManager.mm:

(WebKit::PlaybackSessionManager::PlaybackSessionManager):
(WebKit::PlaybackSessionManager::~PlaybackSessionManager):
(WebKit::PlaybackSessionManager::invalidate):

WebProcess/cocoa/VideoFullscreenManager.mm:

(WebKit::VideoFullscreenManager::VideoFullscreenManager):
(WebKit::VideoFullscreenManager::~VideoFullscreenManager):
(WebKit::VideoFullscreenManager::invalidate):

11:25 AM Changeset in webkit [249434] by Simon Fraser

5 edits in trunk/Source/WebCore

Make "clips compositing descendants" an indirect compositing reason
https://bugs.webkit.org/show_bug.cgi?id=201381

Reviewed by Antti Koivisto.

Whether a layer has to composite to clip composited descendants is an "indirect" reason,
just like having to composite for filters if there's a composited descendant. So add
IndirectCompositingReason::Clipping, and have computeIndirectCompositingReason() compute this,
replacing the code that ran in computeCompositingRequirements().

This is some preparatory cleanup for webkit.org/b/201330.

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects const):

rendering/RenderLayer.h:
rendering/RenderLayerCompositor.cpp:

(WebCore::RenderLayerCompositor::computeCompositingRequirements):
(WebCore::RenderLayerCompositor::requiresCompositingLayer const):
(WebCore::RenderLayerCompositor::reasonsForCompositing const):
(WebCore::RenderLayerCompositor::computeIndirectCompositingReason const):
(WebCore::RenderLayerCompositor::requiresCompositingForIndirectReason const): Deleted.

rendering/RenderLayerCompositor.h:

11:21 AM Changeset in webkit [249433] by Alan Bujtas

7 edits in trunk/Source/WebCore

[LFC][Floats] Move FloatingState::constraints to FloatingContext
https://bugs.webkit.org/show_bug.cgi?id=201393
<rdar://problem/54939361>

Reviewed by Antti Koivisto.

This is in preparation for transitioning the floating codebase to use the formatting context for
retrieving display boxes. Now FloatingContext (just like any other formatting context) holds on to the formatting
context root.

layout/blockformatting/BlockFormattingContext.cpp:

(WebCore::Layout::BlockFormattingContext::layout):
(WebCore::Layout::BlockFormattingContext::usedAvailableWidthForFloatAvoider const):
(WebCore::Layout::BlockFormattingContext::computeEstimatedVerticalPositionForFloatClear):
(WebCore::Layout::BlockFormattingContext::computePositionToAvoidFloats):

layout/floats/FloatingContext.cpp:

(WebCore::Layout::FloatingContext::FloatingContext):
(WebCore::Layout::FloatingContext::positionForFloat const):
(WebCore::Layout::FloatingContext::positionForFormattingContextRoot const):
(WebCore::Layout::FloatingContext::verticalPositionWithClearance const):
(WebCore::Layout::FloatingContext::constraints const):

layout/floats/FloatingContext.h:

(WebCore::Layout::FloatingContext::isEmpty const):
(WebCore::Layout::FloatingContext::root const):

layout/floats/FloatingState.cpp:

(WebCore::Layout::FloatingState::constraints const): Deleted.

layout/floats/FloatingState.h:

(WebCore::Layout::FloatingState::last const):
(WebCore::Layout::FloatingState::isEmpty const): Deleted.

layout/inlineformatting/InlineFormattingContextLineLayout.cpp:

(WebCore::Layout::InlineFormattingContext::InlineLayout::layout const):
(WebCore::Layout::InlineFormattingContext::InlineLayout::createDisplayRuns const):

11:06 AM Changeset in webkit [249432] by Jonathan Bedard

2 edits in trunk/Tools

results.webkit.org: Increase default limit for LimitSlider
https://bugs.webkit.org/show_bug.cgi?id=201424

Reviewed by Aakash Jain.

resultsdbpy/resultsdbpy/view/static/js/drawer.js:

(LimitSlider): Increase the default limit, make limit slider linear instead of logarithmic.

9:38 AM Changeset in webkit [249431] by commit-queue@webkit.org

8 edits
2 adds in trunk

[iOS] Treat a two-finger single tap as if the user tapped with the Cmd key pressed
https://bugs.webkit.org/show_bug.cgi?id=201420
<rdar://problem/53207786>

Patch by Antoine Quint <Antoine Quint> on 2019-09-03
Reviewed by Simon Fraser.

Source/WebKit:

Set the metaKey modifier to true when generating a click event based on a two-finger single tap. This is important so that sites like Google and DuckDuckGo
correctly open links in their search results page in a new tab in Safari on iOS. This currently doesn't work because those sites will call preventDefault()
if the metaKey flag isn't set on a "click" event, and if it is set, they let the browser handle the navigation themselves.

UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView _twoFingerSingleTapGestureRecognized:]):

Tools:

Add a new twoFingerSingleTapAtPoint() method to UIScriptController, which just calls into the existing (but unused)
-[HIDEventGenerator twoFingerTap:completionBlock:].

TestRunnerShared/UIScriptContext/Bindings/UIScriptController.idl:
TestRunnerShared/UIScriptContext/UIScriptController.h:

(WTR::UIScriptController::twoFingerSingleTapAtPoint):

WebKitTestRunner/ios/UIScriptControllerIOS.h:
WebKitTestRunner/ios/UIScriptControllerIOS.mm:

(WTR::UIScriptControllerIOS::twoFingerSingleTapAtPoint):

LayoutTests:

Add a new event that checks that a two-finger single tap on a clickable element yields a "click" event with the metaKey flag set to true.

fast/events/ios/click-event-two-finger-single-tap-meta-key-expected.txt: Added.
fast/events/ios/click-event-two-finger-single-tap-meta-key.html: Added.

9:08 AM Changeset in webkit [249430] by Brent Fulgham

2 edits in trunk/Source/WebKit

[macOS] Correct sandbox violation in Flash plugin
https://bugs.webkit.org/show_bug.cgi?id=201228
<rdar://problem/54347503>

Reviewed by Alex Christensen.

PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:

7:58 AM Changeset in webkit [249429] by commit-queue@webkit.org

3 edits in trunk/Source/WebCore

[GStreamer] Add support to copy YUV video textures into images
https://bugs.webkit.org/show_bug.cgi?id=200922

Patch by Chris Lord <Chris Lord> on 2019-09-03
Reviewed by Philippe Normand and Xabier Rodriguez-Calvar.

Use gst_gl_color_convert to convert to RGB before using ImageGStreamer
with gstreamer-gl.

No new tests, not changing behavior.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::MediaPlayerPrivateGStreamerBase::paint):

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:

7:14 AM Changeset in webkit [249428] by commit-queue@webkit.org

5 edits in trunk/Source/WebCore

[GStreamer] Add support to copy YUV video textures into platform textures
https://bugs.webkit.org/show_bug.cgi?id=200914

Patch by Chris Lord <Chris Lord> on 2019-09-03
Reviewed by Xabier Rodriguez-Calvar and Miguel Gomez.

Enable YUV (including planar and semi-planar) video texture to platform
texture copy in VideoTextureCopierGStreamer.

No new tests, not changing behavior.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::GstVideoFrameHolder::platformLayerBuffer):
(WebCore::MediaPlayerPrivateGStreamerBase::pushTextureToCompositor):
(WebCore::MediaPlayerPrivateGStreamerBase::copyVideoTextureToPlatformTexture):
(WebCore::MediaPlayerPrivateGStreamerBase::nativeImageForCurrentTime):

platform/graphics/gstreamer/VideoTextureCopierGStreamer.cpp:

(WebCore::VideoTextureCopierGStreamer::VideoTextureCopierGStreamer):
(WebCore::VideoTextureCopierGStreamer::copyVideoTextureToPlatformTexture):

platform/graphics/gstreamer/VideoTextureCopierGStreamer.h:
platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h:

(WebCore::TextureMapperPlatformLayerBuffer::textureVariant):

7:00 AM Changeset in webkit [249427] by commit-queue@webkit.org

9 edits in trunk/Source/WebCore

[Texmap][GStreamer] Add support to upload more color formats into the texture
https://bugs.webkit.org/show_bug.cgi?id=132869

Patch by Zan Dobersek <zdobersek@igalia.com> and Chris Lord <Chris Lord> on 2019-09-03
Reviewed by Xabier Rodriguez-Calvar.

Support non-interleaved YUV color for gstreamer-gl

This adds direct support for rendering I420, I444, YV12, YV21, Y42B,
NV12, NV21 and VUYA color formats using GLGL shaders when using
gstreamer-gl for video rendering. This avoids a surface copy on the GPU
in those cases.

No new tests, not changing behavior.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::GstVideoFrameHolder::GstVideoFrameHolder):
(WebCore::GstVideoFrameHolder::waitForCPUSync):
(WebCore::GstVideoFrameHolder::hasMappedTextures const):
(WebCore::GstVideoFrameHolder::videoFrame const):
(WebCore::MediaPlayerPrivateGStreamerBase::pushTextureToCompositor):
(WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):

platform/graphics/gstreamer/VideoTextureCopierGStreamer.cpp:

(WebCore::VideoTextureCopierGStreamer::VideoTextureCopierGStreamer):

platform/graphics/texmap/TextureMapperGL.cpp:

(WebCore::optionsForFilterType):
(WebCore::TextureMapperGL::drawTexture):
(WebCore::prepareTransformationMatrixWithFlags):
(WebCore::TextureMapperGL::drawTexturePlanarYUV):
(WebCore::TextureMapperGL::drawTextureSemiPlanarYUV):
(WebCore::TextureMapperGL::drawTexturePackedYUV):
(WebCore::TextureMapperGL::drawTexturedQuadWithProgram):

platform/graphics/texmap/TextureMapperGL.h:
platform/graphics/texmap/TextureMapperPlatformLayerBuffer.cpp:

(WebCore::TextureMapperPlatformLayerBuffer::TextureMapperPlatformLayerBuffer):
(WebCore::TextureMapperPlatformLayerBuffer::~TextureMapperPlatformLayerBuffer):
(WebCore::TextureMapperPlatformLayerBuffer::clone):
(WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper):

platform/graphics/texmap/TextureMapperPlatformLayerBuffer.h:
platform/graphics/texmap/TextureMapperShaderProgram.cpp:

(WebCore::TextureMapperShaderProgram::create):

platform/graphics/texmap/TextureMapperShaderProgram.h:

4:48 AM Changeset in webkit [249426] by commit-queue@webkit.org

11 edits
1 move
3 adds
3 deletes in trunk

Remove support for load/error on link=prefetch
https://bugs.webkit.org/show_bug.cgi?id=201348

Patch by Rob Buis <rbuis@igalia.com> on 2019-09-03
Reviewed by Youenn Fablet.

Source/WebCore:

Remove support for firing load/error on link=prefetch
to address tracking concerns.

Tests: http/wpt/prefetch/load-events-dynamic.html

http/wpt/prefetch/load-events.html

html/HTMLLinkElement.cpp:

(WebCore::HTMLLinkElement::linkLoaded):
(WebCore::HTMLLinkElement::linkLoadingErrored):

html/HTMLLinkElement.h:
testing/Internals.cpp:

(WebCore::Internals::addPrefetchLoadEventListener):

LayoutTests:

Adjust beforeload tests to also test load/error events.

http/tests/cache/link-prefetch-main-resource-iframe.html:
http/tests/cache/link-prefetch-main-resource.html:
http/wpt/prefetch/beforeload-dynamic-expected.txt: Removed.
http/wpt/prefetch/beforeload-expected.txt: Removed.
http/wpt/prefetch/load-events-dynamic-expected.txt: Added.
http/wpt/prefetch/load-events-dynamic.html: Renamed from LayoutTests/http/wpt/prefetch/beforeload-dynamic.html.
http/wpt/prefetch/load-events-expected.txt: Added.
http/wpt/prefetch/load-events.html: Renamed from LayoutTests/http/wpt/prefetch/beforeload.html.
http/wpt/prefetch/resources/navigate-skip-disk-cache.html:
http/wpt/prefetch/resources/navigate.html:
platform/mac-wk1/TestExpectations:
platform/win/TestExpectations:

3:46 AM Changeset in webkit [249425] by zandobersek@gmail.com

2 edits in trunk/Tools

[WPE] MiniBrowser should handle the WebKitWebView::create signal
https://bugs.webkit.org/show_bug.cgi?id=201417

Reviewed by Carlos Garcia Campos.

WPE's MiniBrowser should connect to and handle the
WebKitWebView::create signal, constructing a new bit related
WebKitWebView object upon invocation.

MiniBrowser/wpe/main.cpp:

(webViewClose):
(createWebView):
(main):

3:45 AM Changeset in webkit [249424] by zandobersek@gmail.com

5 edits in trunk/Tools

[WPE] Make view backends multi-view-friendly
https://bugs.webkit.org/show_bug.cgi?id=201415

Reviewed by Carlos Garcia Campos.

Have the Wayland EGL connection for WindowViewBackend instances managed
through a per-process singleton, allowing multiple backend objects
use it for different views. HeadlessViewBackend already does this, but
the code there is refurbished into a singleton structure.

The ViewBackend classes are adjusted to work with the backend-specific
EGLDisplay objects (as constructed through the backend-specific EGL
connection approach).

wpe/backends/HeadlessViewBackend.cpp:

(WPEToolingBackends::HeadlessEGLConnection::singleton):
(WPEToolingBackends::HeadlessViewBackend::HeadlessViewBackend):
(WPEToolingBackends::HeadlessViewBackend::~HeadlessViewBackend):
(WPEToolingBackends::HeadlessViewBackend::createSnapshot):
(WPEToolingBackends::getEGLDisplay): Deleted.

wpe/backends/ViewBackend.cpp:

(WPEToolingBackends::ViewBackend::initialize):
(WPEToolingBackends::ViewBackend::deinitialize):
(WPEToolingBackends::ViewBackend::~ViewBackend): Deleted.

wpe/backends/ViewBackend.h:
wpe/backends/WindowViewBackend.cpp:

(WPEToolingBackends::WaylandEGLConnection::singleton):
(WPEToolingBackends::WindowViewBackend::WindowViewBackend):
(WPEToolingBackends::WindowViewBackend::~WindowViewBackend):
(WPEToolingBackends::WindowViewBackend::displayBuffer):

3:34 AM Changeset in webkit [249423] by Carlos Garcia Campos

1 copy in releases/WebKitGTK/webkit-2.25.92

WebKitGTK 2.25.92

3:33 AM Changeset in webkit [249422] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.26

Unreviewed. Update OptionsGTK.cmake and NEWS for 2.25.92 release

Source/cmake/OptionsGTK.cmake: Bump version numbers

Source/WebKit:

gtk/NEWS: Add release notes for 2.25.92.

3:33 AM Changeset in webkit [249421] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/WebKit

Unreviewed. Add an env var to force single process model

WEBKIT_USE_SINGLE_WEB_PROCESS=1 can now be used to force the single process model. This is a temporary solution
for applications still depending on the single process mode behavior. It will be only available in 2.26 series.

UIProcess/API/glib/WebKitWebContext.cpp:

(webkitWebContextConstructed):

3:33 AM Changeset in webkit [249420] by Carlos Garcia Campos

7 edits in releases/WebKitGTK/webkit-2.26

Merge r249419 - [WPE][GTK] Deprecate nonfunctional process limit APIs
https://bugs.webkit.org/show_bug.cgi?id=193749

Reviewed by Žan Doberšek.

Source/WebKit:

UIProcess/API/glib/WebKitWebContext.cpp:

(webkitWebContextConstructed):
(webkit_web_context_set_process_model):
(webkit_web_context_get_process_model):
(webkit_web_context_set_web_process_count_limit):
(webkit_web_context_get_web_process_count_limit):

UIProcess/API/gtk/WebKitWebContext.h:
UIProcess/API/wpe/WebKitWebContext.h:

Tools:

MiniBrowser/gtk/main.c:

(main):

TestWebKitAPI/Tests/WebKitGLib/TestMultiprocess.cpp:

(beforeAll):
(testWebProcessLimit): Deleted.

2:57 AM Changeset in webkit [249419] by Carlos Garcia Campos

7 edits in trunk

[WPE][GTK] Deprecate nonfunctional process limit APIs
https://bugs.webkit.org/show_bug.cgi?id=193749

Reviewed by Žan Doberšek.

Source/WebKit:

UIProcess/API/glib/WebKitWebContext.cpp:

UIProcess/API/gtk/WebKitWebContext.h:
UIProcess/API/wpe/WebKitWebContext.h:

Tools:

MiniBrowser/gtk/main.c:

(main):

TestWebKitAPI/Tests/WebKitGLib/TestMultiprocess.cpp:

(beforeAll):
(testWebProcessLimit): Deleted.

12:26 AM Changeset in webkit [249418] by ysuzuki@apple.com

3 edits in trunk/Source/JavaScriptCore

[JSC] Remove BytecodeGenerator::emitPopScope
https://bugs.webkit.org/show_bug.cgi?id=201395

Reviewed by Saam Barati.

Use emitGetParentScope. And this patch also removes several unnecessary mov bytecode emissions.

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::popLexicalScopeInternal):
(JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
(JSC::BytecodeGenerator::emitPopWithScope):
(JSC::BytecodeGenerator::emitPopScope): Deleted.

bytecompiler/BytecodeGenerator.h:

Sep 2, 2019:

10:59 PM Changeset in webkit [249417] by ysuzuki@apple.com

2 edits in trunk/Source/WebCore

[WebCore] Resource usage accounting should accept non KERN_SUCCESS
https://bugs.webkit.org/show_bug.cgi?id=201409

Reviewed by Andreas Kling.

While iterating threads, we are not suspending these threads. Underlying threads can have gone
at any time and we will get non KERN_SUCCESS error code when a thread has gone. We should ignore
these threads.

page/cocoa/ResourceUsageThreadCocoa.mm:

(WebCore::threadInfos):

6:55 PM Changeset in webkit [249416] by Fujii Hironori

5 edits
31 adds
2 deletes in trunk

[SVG] fragment-only url 'url(#fragment)' should be resolved against the current document with regardless to HTML <base> element
https://bugs.webkit.org/show_bug.cgi?id=189499
<rdar://problem/44466206>

Reviewed by Said Abou-Hallawa.

Source/WebCore:

Fragment-only URL 'url(#fragment)' should be resolved against the
current document even if HTML <base> element is specified.
Spec: <https://drafts.csswg.org/css-values/#local-urls>

Tests: css3/filters/effect-reference-local-url-with-base.html

css3/masking/clip-path-reference-local-url-with-base.html
http/tests/svg/local-url-with-valid-base-and-resource.html
svg/animations/local-url-target-reference.html
svg/custom/local-url-reference-clip-path.html
svg/custom/local-url-reference-fill.html
svg/custom/local-url-reference-filter.html
svg/custom/local-url-reference-marker.html
svg/custom/local-url-reference-mask.html
svg/custom/local-url-reference-pattern.html
svg/custom/local-url-reference-radial-gradient.html
svg/custom/local-url-reference-srcdoc.html
svg/custom/local-url-reference-stroke.html
svg/custom/local-url-reference-use.html
svg/text/textpath-local-url-reference.html

svg/SVGURIReference.cpp:

(WebCore::SVGURIReference::fragmentIdentifierFromIRIString): Return the fragment if the URL starts with '#'.

LayoutTests:

These test cases are imported from Blink's commit, and modified for WebKit.
<https://chromium.googlesource.com/chromium/src/+/e7d7225c33aa7fc42ee390125b01df9167fad106%5E%21/>

TestExpectations:
css3/filters/effect-reference-local-url-with-base-expected.html: Added.
css3/filters/effect-reference-local-url-with-base.html: Added.
css3/filters/effect-reference.html:
css3/masking/clip-path-reference-local-url-with-base-expected.html: Added.
css3/masking/clip-path-reference-local-url-with-base.html: Added.
http/tests/svg/local-url-with-valid-base-and-resource-expected.html: Added.
http/tests/svg/local-url-with-valid-base-and-resource.html: Added.
http/tests/svg/resources/red100x100.svg: Added.
platform/gtk/TestExpectations: Marked svg/custom/local-url-reference-marker.html as ImageOnlyFailure for Bug 113849.
platform/wpe/TestExpectations: Ditto.
svg/animations/local-url-target-reference-expected.html: Added.
svg/animations/local-url-target-reference.html: Added.
svg/custom/linking-base-external-reference-expected.txt: Removed. This was a test for old spec.
svg/custom/linking-base-external-reference.xhtml: Ditto.
svg/custom/local-url-reference-clip-path-expected.html: Added.
svg/custom/local-url-reference-clip-path.html: Added.
svg/custom/local-url-reference-fill-expected.html: Added.
svg/custom/local-url-reference-fill.html: Added.
svg/custom/local-url-reference-filter-expected.html: Added.
svg/custom/local-url-reference-filter.html: Added.
svg/custom/local-url-reference-marker-expected.html: Added.
svg/custom/local-url-reference-marker.html: Added.
svg/custom/local-url-reference-mask-expected.html: Added.
svg/custom/local-url-reference-mask.html: Added.
svg/custom/local-url-reference-pattern-expected.html: Added.
svg/custom/local-url-reference-pattern.html: Added.
svg/custom/local-url-reference-radial-gradient-expected.html: Added.
svg/custom/local-url-reference-radial-gradient.html: Added.
svg/custom/local-url-reference-srcdoc-expected.html: Added.
svg/custom/local-url-reference-srcdoc.html: Added.
svg/custom/local-url-reference-stroke-expected.html: Added.
svg/custom/local-url-reference-stroke.html: Added.
svg/custom/local-url-reference-use-expected.html: Added.
svg/custom/local-url-reference-use.html: Added.
svg/text/textpath-local-url-reference-expected.html: Added.
svg/text/textpath-local-url-reference.html: Added.

6:53 PM Changeset in webkit [249415] by Fujii Hironori

3 edits in trunk/Source/WebCore

[Win] Remove a unused PlatformWheelEvent constructor
https://bugs.webkit.org/show_bug.cgi?id=201398

Reviewed by Don Olmstead.

No behavior change.

platform/PlatformWheelEvent.h:
platform/win/WheelEventWin.cpp:

Removed a unused PlatformWheelEvent constructor.

2:37 PM Changeset in webkit [249414] by Brent Fulgham

5 edits in trunk/Source/WebCore

[FTW] NativeImagePtr is drawn with invalid scaling
https://bugs.webkit.org/show_bug.cgi?id=201391

Reviewed by Don Olmstead.

The current implementation of FTW improperly applies scaling factors to native images,
resulting in blocky images (in some cases).

This patch corrects the handling of native images, corrects a bug in bitmap render
context scaling, and retrieves more data from the ImageDecoder's metadata system.

platform/graphics/win/Direct2DUtilities.cpp:

(WebCore::Direct2D::createBitmapRenderTargetOfSize): Supply an appropriately sized
pixel dimension for non-unity scale factors.

platform/graphics/win/ImageBufferDirect2D.cpp:

(WebCore::ImageBuffer::ImageBuffer): Include the scale factor when creating a
bitmap render target.

platform/graphics/win/ImageDecoderDirect2D.cpp:

(WebCore::ImageDecoderDirect2D::frameOrientationAtIndex const): Read the orientation
data form the image metadata.
(WebCore::ImageDecoderDirect2D::frameAllowSubsamplingAtIndex const): Always return
true, to match the CG implementation.
(WebCore::ImageDecoderDirect2D::frameHasAlphaAtIndex const): Correct to match the
behavior of CG.

platform/graphics/win/NativeImageDirect2D.cpp:

(WebCore::drawNativeImage): Pass through the Direct2DOperations helper method, which
handles scaling and subsampling properly.

3:54 AM Changeset in webkit [249413] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/WebKit

Merge r249375 - [Cairo] out-of-bounds read in ShareableBitmap::paint if a fractional device scale factor is used
https://bugs.webkit.org/show_bug.cgi?id=196340

Reviewed by Brent Fulgham.

In ShareableBitmap::paint, srcRectScaled can be out-of-bounds of
the surface if a fractional device scale factor is used.

Shared/cairo/ShareableBitmapCairo.cpp:

(WebKit::ShareableBitmap::paint): Use cairoSurfaceSetDeviceScale
to set a device scale factor to the surface instead of multiplying
srcRect with a device scale factor.

3:54 AM Changeset in webkit [249412] by Carlos Garcia Campos

16 edits in releases/WebKitGTK/webkit-2.26/Source/JavaScriptCore

Merge r249372 - [JSC] Merge op_check_traps into op_enter and op_loop_hint
https://bugs.webkit.org/show_bug.cgi?id=201373

Reviewed by Mark Lam.

This patch removes op_check_traps. Previously we were conditionally emitting op_check_traps based on Options and Platform configurations.
But now we are always emitting op_check_traps. So it is not necessary to have separate bytecode as op_check_traps. We can do checking in
op_enter and op_loop_hint.

While this patch moves check_traps implementation to op_enter and op_loop_hint, we keep separate DFG nodes (CheckTraps or InvalidationPoint),
since inserted nodes are different based on configurations and options. And emitting multiple DFG nodes from one bytecode is easy.

We also inline op_enter's slow path's write-barrier emission in LLInt.

bytecode/BytecodeList.rb:
bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitLoopHint):
(JSC::BytecodeGenerator::emitCheckTraps): Deleted.

bytecompiler/BytecodeGenerator.h:
dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::emitEnterOptimizationCheck): Deleted.

jit/JIT.h:
jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_loop_hint):
(JSC::JIT::emitSlow_op_loop_hint):
(JSC::JIT::emit_op_enter):
(JSC::JIT::emitSlow_op_enter):
(JSC::JIT::emit_op_check_traps): Deleted.
(JSC::JIT::emitSlow_op_check_traps): Deleted.

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_enter): Deleted.

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
runtime/CommonSlowPaths.cpp:
runtime/CommonSlowPaths.h:

3:54 AM Changeset in webkit [249411] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/JavaScriptCore

Merge r249370 - [JSC] Fix testb3 debug failures
https://bugs.webkit.org/show_bug.cgi?id=201382

Reviewed by Mark Lam.

Fix testb3 debug failures due to incorrect types of operations like pointer + int32.

b3/testb3_8.cpp:

(testByteCopyLoop):
(testByteCopyLoopStartIsLoopDependent):
(testByteCopyLoopBoundIsLoopDependent):

3:54 AM Changeset in webkit [249410] by Carlos Garcia Campos

6 edits
3 adds in releases/WebKitGTK/webkit-2.26

Merge r249367 - HTMLImageElement::decode() should return a resolved promise for decoding non bitmap images
https://bugs.webkit.org/show_bug.cgi?id=201243

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2019-09-01
Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

web-platform-tests/html/semantics/embedded-content/the-img-element/decode/image-decode-picture-expected.txt:

Source/WebCore:

The specs: https://html.spec.whatwg.org/multipage/embedded-content.html#dom-img-decode
states that, decode() should resolve the pending promise if the decoding
was requested for a non bitmap image.

Test: fast/images/decode-non-bitmap-image-resolve.html

loader/ImageLoader.cpp:

(WebCore::resolveDecodePromises):
(WebCore::rejectDecodePromises):
(WebCore::ImageLoader::notifyFinished):
(WebCore::ImageLoader::decode):
(WebCore::ImageLoader::decodeError): Deleted.

loader/ImageLoader.h:

(WebCore::ImageLoader::hasPendingDecodePromises const):

LayoutTests:

fast/images/decode-non-bitmap-image-resolve-expected.txt: Added.
fast/images/decode-non-bitmap-image-resolve.html: Added.
fast/images/resources/green-100x100.svg: Added.

3:54 AM Changeset in webkit [249409] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/JavaScriptCore

Merge r249365 - Speculative build fix for ARMv7 and MIPS.
https://bugs.webkit.org/show_bug.cgi?id=201389

Not reviewed.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::jettison):

3:54 AM Changeset in webkit [249408] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/JavaScriptCore

Merge r249362 - [JSC] LLInt op should not emit the same code three times
https://bugs.webkit.org/show_bug.cgi?id=201370

Reviewed by Mark Lam.

LLInt op macro (not llintOp macro) is used to generate some stub code like llint_program_prologue.
But now it generates the same code three times for narrow, wide16, and wide32. We should emit code only once.

llint/LowLevelInterpreter.asm:

3:54 AM Changeset in webkit [249407] by Carlos Garcia Campos

7 edits in releases/WebKitGTK/webkit-2.26

Merge r249361 - XMLHttpRequest: responseXML returns null if the Content-Type is valid (end in +xml) in some cases
https://bugs.webkit.org/show_bug.cgi?id=46146

Patch by Rob Buis <rbuis@igalia.com> on 2019-08-31
Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

Updated expected result.

web-platform-tests/xhr/responsexml-media-type-expected.txt:

Source/WebCore:

Make response MIME type fallback to text/xml in case mimeType could
not be extracted [1] and use the stricter ParsedContentType for that.

Behavior matches Firefox.

Test: web-platform-tests/xhr/responsexml-media-type.htm

[1] https://xhr.spec.whatwg.org/#response-mime-type

xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::responseMIMEType const):

LayoutTests:

Adjust test to match the specification: make response MIME type fallback to
text/xml in case mimeType could not be extracted.

Behavior matches Firefox.

http/tests/xmlhttprequest/supported-xml-content-types-expected.txt:
http/tests/xmlhttprequest/supported-xml-content-types.html:

3:54 AM Changeset in webkit [249406] by Carlos Garcia Campos

10 edits
10 adds in releases/WebKitGTK/webkit-2.26

Merge r249360 - Fix interpretation of fraction shifts
https://bugs.webkit.org/show_bug.cgi?id=201242

Patch by Frederic Wang <fwang@igalia.com> on 2019-08-31
Reviewed by Rob Buis.

LayoutTests/imported/w3c:

Update tests and support files for fractions/stacks parameters.

web-platform-tests/mathml/presentation-markup/fractions/frac-parameters-2-expected.txt:

Update expectation now that AxisHeight is no longer involved in stacks.

web-platform-tests/fonts/math/fraction-denominatordisplaystyleshiftdown6000-axisheight1000-rulethickness1000.woff: Added.
web-platform-tests/fonts/math/fraction-denominatorshiftdown3000-axisheight1000-rulethickness1000.woff: Added.
web-platform-tests/fonts/math/fraction-numeratordisplaystyleshiftup2000-axisheight1000-rulethickness1000.woff: Added.
web-platform-tests/fonts/math/fraction-numeratorshiftup11000-axisheight1000-rulethickness1000.woff: Added.
web-platform-tests/fonts/math/stack-bottomdisplaystyleshiftdown5000-axisheight1000.woff: Added.
web-platform-tests/fonts/math/stack-bottomshiftdown6000-axisheight1000.woff: Added.
web-platform-tests/fonts/math/stack-topdisplaystyleshiftup3000-axisheight1000.woff: Added.
web-platform-tests/fonts/math/stack-topshiftup9000-axisheight1000.woff: Added.
web-platform-tests/mathml/presentation-markup/fractions/frac-parameters-1.html:
web-platform-tests/mathml/presentation-markup/fractions/frac-parameters-2.html:
web-platform-tests/mathml/support/feature-detection.js: Added.

(MathMLFeatureDetection.has_mspace):
(MathMLFeatureDetection.has_operator_spacing):
(MathMLFeatureDetection.has_mfrac):
(MathMLFeatureDetection.has_msqrt):
(MathMLFeatureDetection.has_menclose):
(MathMLFeatureDetection.has_dir):
(MathMLFeatureDetection.ensure_for_match_reftest):

Source/WebCore:

In fractions, numerator/denominator shifts are currently interpreted relative to the math
axis while they should be relative to the baseline [1]. This patch refactors the
RenderMathMLFraction to do that and aligns more on MathML Core [2] [3]. This fixes serious
rendering bugs in fractions.

[1] https://github.com/mathml-refresh/mathml/issues/123
[2] https://mathml-refresh.github.io/mathml-core/#fraction-with-nonzero-line-thickness
[3] https://mathml-refresh.github.io/mathml-core/#fraction-with-zero-line-thickness

No new tests, existing tests updated.

rendering/mathml/RenderMathMLFraction.h: ascentOverHorizontalAxis() is replaced with

fractionAscent() which gives the actual baseline position rather than the math axis position.
fractionParameters() and stackParameters() are modified so that they only return the shifts,
now stored in a shared FractionParameters struct.

rendering/mathml/RenderMathMLFraction.cpp:

(WebCore::RenderMathMLFraction::fractionParameters const): Store existing parameters in local
variables and perform adjustments to the shift values so that the minimal gap constraints
are satisfied. Return them as a FractionParameters.
(WebCore::RenderMathMLFraction::stackParameters const): Ditto.
(WebCore::RenderMathMLFraction::fractionAscent const): This calculates the ascent above
the baseline as described in [2] [3] and replaces ascentOverHorizontalAxis. To minimize
changeset, this continues to ignore contribution of denominator size and not to distinguish
ink or non-ink metrics.
(WebCore::RenderMathMLFraction::layoutBlock): The position of the denominator is now just
calculated as a shift from the baseline. The height is given by the bottom of the
denominator. The old "ascent + mathAxisHeight() + denominatorDescent" does not make any
sense.
(WebCore::RenderMathMLFraction::paint): Use fractionAscent() instead of
ascentOverHorizontalAxis().
(WebCore::RenderMathMLFraction::firstLineBaseline const): Ditto.

LayoutTests:

TestExpectations: Skip mathml/presentation/stretchy-depth-height-symmetric.html since it

cannot work in a reliable way and should be rewritten. Equivalent checks seem essentially
covered by WPT test mathml/presentation-markup/operators/mo-axis-height-1.html.
See bug 201356.

platform/win/mathml/presentation/roots-expected.txt: Update windows expectation.

3:54 AM Changeset in webkit [249405] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/WebCore

Merge r249352 - Minor optimization in determineNonLayerDescendantsPaintedContent()
https://bugs.webkit.org/show_bug.cgi?id=201352

Reviewed by Antti Koivisto.

It's cheaper to call renderText.hasRenderedText() than renderText.linesBoundingBox(), because
the latter has to traverse all the InlineTextBoxes. This code path is fairly hot when
scrolling twitter feeds, since it's called from RenderLayer::updateLayerPositionsAfterScroll()
which calls RenderLayer::isVisuallyNonEmpty().

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::calculateClipRects const):

3:53 AM Changeset in webkit [249404] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/JavaScriptCore

Merge r249345 - Fix a bug in SlotVisitor::reportZappedCellAndCrash() and also capture more information.
https://bugs.webkit.org/show_bug.cgi?id=201345

Reviewed by Yusuke Suzuki.

This patch fixes a bug where SlotVisitor::reportZappedCellAndCrash() was using
the wrong pointer for capture the cell headerWord and zapReason. As a result,
we get junk for those 2 values.

Previously, we were only capturing the upper 32-bits of the cell header slot,
and the lower 32-bit of the next slot in the zapped cell. We now capture the
full 64-bits of both slots. If the second slot did not contain a zapReason as we
expect, the upper 32-bits might give us a clue as to what type of value the slot
contains.

This patch also adds capturing of the found MarkedBlock address for the zapped
cell, as well as some state bit values.

heap/SlotVisitor.cpp:

(JSC::SlotVisitor::reportZappedCellAndCrash):

3:53 AM Changeset in webkit [249403] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.26/Source/WebKit

Merge r249341 - Allow process cache to cache processes when using a non-default persistent WebsiteDataStore
https://bugs.webkit.org/show_bug.cgi?id=201329

Reviewed by Chris Dumez.

Treat all persistent sessions the same when deciding whether to clear all cached web processes using a particular website data store.
This removes a huge performance regression on warm plt when switching to using a non-default persistent session.
I also removed a call to removeSession which is redundant with the one in the WebsiteDataStore destructor, which is where it should be.

UIProcess/WebProcessCache.cpp:

(WebKit::WebProcessCache::canCacheProcess const):

UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::pageBeginUsingWebsiteDataStore):
(WebKit::WebProcessPool::pageEndUsingWebsiteDataStore):

3:53 AM Changeset in webkit [249402] by Carlos Garcia Campos

5 edits
1 add in releases/WebKitGTK/webkit-2.26

Merge r249337 - [JSC] Generate new.target register only when it is used
https://bugs.webkit.org/show_bug.cgi?id=201335

Reviewed by Mark Lam.

JSTests:

stress/ensure-new-register-allocated.js: Added.

(shouldBe):
(basic):
(arrow):
(Base):
(Derived):
(evaluate):

Source/JavaScriptCore:

Since bytecode generator knows whether new.target register can be used, we should emit and use new.target register
only when it is actually required.

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):

bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::newTarget):

parser/Nodes.h:

(JSC::ScopeNode::needsNewTargetRegisterForThisScope const):

3:53 AM Changeset in webkit [249401] by Carlos Garcia Campos

10 edits in releases/WebKitGTK/webkit-2.26/Source/WebCore

Merge r249333 - IndexedDB: update size of database when database operation is completed
https://bugs.webkit.org/show_bug.cgi?id=201057

Reviewed by Youenn Fablet.

Currently when a database operation was completed, we re-computed the disk usage of the origin. This computation
listed all databases in the origin directory and read the size of each database file, which was very inefficient
because the completed operation should only affect one database.

This patch makes UniqueIDBDatabase keep track of database size and reports size change to QuotaUser.

Tested PerformanceTests/IndexedDB/basic/objectstore-add.html on release build minibrowser. This change makes
the test over 50% faster.

Modules/indexeddb/server/IDBBackingStore.h:
Modules/indexeddb/server/IDBServer.cpp:

(WebCore::IDBServer::IDBServer::QuotaUser::increaseSpaceUsed):
(WebCore::IDBServer::IDBServer::QuotaUser::decreaseSpaceUsed):
(WebCore::IDBServer::IDBServer::computeSpaceUsedForOrigin):
(WebCore::IDBServer::IDBServer::increaseSpaceUsed):
(WebCore::IDBServer::IDBServer::decreaseSpaceUsed):
(WebCore::IDBServer::IDBServer::setSpaceUsed): Deleted.

Modules/indexeddb/server/IDBServer.h:
Modules/indexeddb/server/MemoryIDBBackingStore.cpp:

(WebCore::IDBServer::MemoryIDBBackingStore::databaseSize const):
(WebCore::IDBServer::MemoryIDBBackingStore::close):
(WebCore::IDBServer::MemoryIDBBackingStore::databasesSizeForOrigin const): Deleted.

Modules/indexeddb/server/MemoryIDBBackingStore.h:
Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::databasesSizeForDirectory):
(WebCore::IDBServer::SQLiteIDBBackingStore::databaseSize const):
(WebCore::IDBServer::SQLiteIDBBackingStore::close):
(WebCore::IDBServer::SQLiteIDBBackingStore::databasesSizeForFolder): Deleted.
(WebCore::IDBServer::SQLiteIDBBackingStore::databasesSizeForOrigin const): Deleted.

Modules/indexeddb/server/SQLiteIDBBackingStore.h:
Modules/indexeddb/server/UniqueIDBDatabase.cpp:

(WebCore::IDBServer::UniqueIDBDatabase::deleteBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::shutdownForClose):
(WebCore::IDBServer::UniqueIDBDatabase::didShutdownForClose):
(WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::openBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::didOpenBackingStore):
(WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTaskReply):
(WebCore::IDBServer::UniqueIDBDatabase::updateSpaceUsedIfNeeded):

Modules/indexeddb/server/UniqueIDBDatabase.h:

3:53 AM Changeset in webkit [249400] by Carlos Garcia Campos

3 edits
2 adds in releases/WebKitGTK/webkit-2.26

Merge r249332 - [MSE][GStreamer] Replaying the video should update currentTime
https://bugs.webkit.org/show_bug.cgi?id=201307

Reviewed by Xabier Rodriguez-Calvar.

LayoutTests/imported/w3c:

web-platform-tests/media-source/mediasource-replay-expected.txt: Added.
web-platform-tests/media-source/mediasource-replay.html: Added.

Source/WebCore:

While writing a test to confirm that https://bugs.webkit.org/show_bug.cgi?id=190050
has indeed been fixed I noticed a non-conformity: when the video has
ended, right after calling .play() for a second playback currentTime
did not return zero, but the video duration.

This turned to be due to the m_isEndReached flag not being reseted on
seeks (replaying a video incurs in a seek done from multi-platform
code).

Test: imported/w3c/web-platform-tests/media-source/mediasource-replay.html

platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:

(WebCore::MediaPlayerPrivateGStreamerMSE::seek):

3:53 AM Changeset in webkit [249399] by Carlos Garcia Campos

6 edits in releases/WebKitGTK/webkit-2.26

Merge r249325 - [MSE][GStreamer] Gracefully fail on invalid non-first initialization segment
https://bugs.webkit.org/show_bug.cgi?id=201322

Reviewed by Xabier Rodriguez-Calvar.

Source/WebCore:

In normal operation of AppendPipeline, except during tear down,
qtdemux never removes a pad. Even if a new initialization segment is
appended, the pad is reused.

There is an exception though: when the new initialization segment has
an incompatible set of tracks. This is invalid under the MSE spec and
should produce an error, but in this case this was making an assertion
fail -- in particular by sending an EOS to the to-be-removed pad, which
AppendPipeline doesn't expect.

This patch changes the assertion with graceful error handling for that
error.

Fixes media/media-source/media-source-seek-detach-crash.html

platform/graphics/gstreamer/mse/AppendPipeline.cpp:

(WebCore::AppendPipeline::AppendPipeline):
(WebCore::AppendPipeline::handleErrorConditionFromStreamingThread):
(WebCore::AppendPipeline::handleErrorSyncMessage):

platform/graphics/gstreamer/mse/AppendPipeline.h:

LayoutTests:

platform/gtk/TestExpectations:
platform/wpe/TestExpectations:

3:53 AM Changeset in webkit [249398] by Carlos Garcia Campos

8 edits in releases/WebKitGTK/webkit-2.26

Merge r249324 - [WPE][GTK] New API to remove a filter from an user content manager given its identifier
https://bugs.webkit.org/show_bug.cgi?id=200479

Reviewed by Carlos Garcia Campos.

Source/WebKit:

UIProcess/API/glib/WebKitUserContentManager.cpp:

(webkit_user_content_manager_remove_filter_by_id): Add new public API function.

UIProcess/API/gtk/WebKitUserContentManager.h: Add declaration for

webkit_user_content_manager_remove_filter_by_id().

UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt: List new function.
UIProcess/API/wpe/WebKitUserContentManager.h: Add declaration for

webkit_user_content_manager_remove_filter_by_id().

UIProcess/API/wpe/docs/wpe-1.0-sections.txt: List new function.

Tools:

TestWebKitAPI/Tests/WebKitGLib/TestWebKitUserContentManager.cpp:

(testUserContentManagerContentFilter): Test also the new
webkit_user_content_manager_remove_filter_by_id() public API function.

3:53 AM Changeset in webkit [249397] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.26/Source/WebCore

Merge r249321 - [GStreamer] Do not ref the player count from background threads.
https://bugs.webkit.org/show_bug.cgi?id=201222

Reviewed by Xabier Rodriguez-Calvar.

Test: imported/w3c/web-platform-tests/encrypted-media/clearkey-mp4-playback-retrieve-persistent-license.https.html

In the sync-message handler, a ref() was being taken waiting for a
CDM instance to be attached. This hits asserts since you are not
allowed to ref() an object created on the main thread
(BasePlayer) on a background thread.

The protection condition was overly scoped, tidied up the locking
and made it more granular. To avoid needing to hold a ref() in the
background thread, use instead a semaphore to signal when a CDM
instance is attached, or the player has been destroyed.

Also remove an erroneous safe-guard, the operator= in
isCDMInstanceAvailable will ref() the CDMInstance for us. This use
of holding a reference to CDMInstance in the decryptors is not
thread-safe, and now we have a problem since there's no clean way
to communicate with CDMInstance from background threads without
being thread unsafe. For ClearKey and Widevine, a thread safe
ProxyCDM needs to be designed and passed to background
threads (upcoming patch).

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

(WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
(WebCore::MediaPlayerPrivateGStreamerBase::handleSyncMessage):
(WebCore::MediaPlayerPrivateGStreamerBase::cdmInstanceAttached):
(WebCore::MediaPlayerPrivateGStreamerBase::cdmInstanceDetached):
(WebCore::MediaPlayerPrivateGStreamerBase::handleProtectionEvent):

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:

(isCDMInstanceAvailable):

3:53 AM Changeset in webkit [249396] by Carlos Garcia Campos

5 edits
1 add in releases/WebKitGTK/webkit-2.26

Merge r249319 - [JSC] DFG ByteCodeParser should not copy JIT-related part of SimpleJumpTable
https://bugs.webkit.org/show_bug.cgi?id=201331

Reviewed by Mark Lam.

JSTests:

stress/simple-jump-table-copy.js: Added.

(let.code):
(g2):

Source/JavaScriptCore:

SimpleJumpTable's non-JIT part is not changed after CodeBlock is finalized well. On the other hand, JIT related part is allocated on-demand.
For example, ctiOffsets can be grown by Baseline JIT compiler. There is race condition as follows.

DFG ByteCodeParser is inlining and copying SimpleJumpTable
Baseline JIT compiler is expanding JIT-related part of SimpleJumpTable

Then, (1) reads the broken Vector, and crashes. Since JIT-related part is unnecessary in (1), we should not clone that.
This patch adds CodeBlock::addSwitchJumpTableFromProfiledCodeBlock, which only copies non JIT-related part of the given SimpleJumpTable offered
by profiled CodeBlock.

bytecode/CodeBlock.h:

(JSC::CodeBlock::addSwitchJumpTableFromProfiledCodeBlock):

bytecode/JumpTable.h:

(JSC::SimpleJumpTable::cloneNonJITPart const):
(JSC::SimpleJumpTable::clear):

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):

3:53 AM Changeset in webkit [249395] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.26

Merge r249318 - [WPE][Qt] loadingChanged signal parameter is unusable
https://bugs.webkit.org/show_bug.cgi?id=201301

Reviewed by Carlos Garcia Campos.

Source/WebKit:

UIProcess/API/wpe/qt/WPEQtView.h: Explicitely name signal

parameter. It is a runtime requirement for QML.

Tools:

MiniBrowser/wpe/qt/main.qml: Add a basic loadingChange signal handler.
Scripts/webkitpy/style/checker.py: White-list WPEQtView.h for

readablity/parameter_name code styl checker rule.

3:53 AM Changeset in webkit [249394] by Carlos Garcia Campos

3 edits
1 add in releases/WebKitGTK/webkit-2.26

Merge r249317 - [JSC] DFG inlining CheckBadCell slow path does not assume result VirtualRegister can be invalid
https://bugs.webkit.org/show_bug.cgi?id=201332

Reviewed by Mark Lam.

JSTests:

This test is very flaky, it is hard to reproduce.

stress/setter-inlining-resulting-bad-cell-result-virtual-register-should-be-invalid.js: Added.

(code):

Source/JavaScriptCore:

When inlining setter calls in DFG, result VirtualRegister becomes invalid one. While other call-related DFG code correctly assumes
that result may be invalid, only CheckBadCell slow path missed this case. Since this is OSR exit path and VirtualRegister result
does not exist, set BottomValue only when "result" is valid as the other DFG code is doing.

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleInlining):

3:53 AM Changeset in webkit [249393] by Carlos Garcia Campos

6 edits in releases/WebKitGTK/webkit-2.26

Merge r249316 - [wk2] LayoutTest imported/w3c/web-platform-tests/IndexedDB/fire-error-event-exception.html is a flaky failure
https://bugs.webkit.org/show_bug.cgi?id=169621

Reviewed by Alex Christensen.

Source/WebCore:

Event handlers of IDB objects were called in unexpected order because of race, which made the console messages
in the tests come out of order.
Usually, an operation/request result is handled as follows:

IDBServer sends IDBResultData to IDBClient.
IDBClient receives IDBResultData and finishes a IDBTransaction operation with that result.
IDBTransaction schedules operation completed timer.
(Some time later) Timer fires, and IDBTransaction completes a request with the result and dispatches event.
(Some time later) IDBTransaction is notified that event is dispatched. If there are other results received,

IDBTransaction schedules operation completed timer.

In previous implementation, if the IDBClient received a second IDBResultData for the same IDBTransaction between
step 3 and step 4, it would not schedule timer because timer was still active; if it received the result between
step 4 and step 5, it would schedule timer again.

Consider a flow like this:
result1 of transaction1 received, timer of transaction1 scheduled
result2 of transaction2 received, timer of transaction2 scheduled
result3 of transaction1 is received, timer of transaction1 active so no scheduling
timer of transaction1 fired, event1 to be dispatched to request1
timer of transaction2 fired, event2 to be dispatched to request2
result4 of transaction2 received, timer of transaction2 scheduled
event1 dispatched, timer of transaction1 scheduled (for handling result3)
event2 dispatched, timer of transaction2 active so no scheduling
timer of transaction2 fired, event3 to dispatch to request4
timer of transaction1 fired, event4 to dispatch to request3

request4 would get event before request3, though result3 was received before result4. We should stop scheduling
event if an IDBTransaction is in between step 4 and 5, which means its m_currentlyCompletingRequest is not null.

Modules/indexeddb/IDBTransaction.cpp:

(WebCore::IDBTransaction::operationCompletedOnServer):

LayoutTests:

Update test expectations to PASS.

platform/gtk/TestExpectations:
platform/ios-wk2/TestExpectations:
platform/mac-wk2/TestExpectations:

3:53 AM Changeset in webkit [249392] by Carlos Garcia Campos

23 edits in releases/WebKitGTK/webkit-2.26/Source

Merge r249313 - Add "IsolatedCopy" in the name of String getters that call isolatedCopy() on the string
https://bugs.webkit.org/show_bug.cgi?id=201318

Reviewed by Alex Christensen.

Add "IsolatedCopy" in the name of String getters that call isolatedCopy() on the string, for clarity.

Source/WebCore:

Modules/indexeddb/server/IDBServer.cpp:

(WebCore::IDBServer::IDBServer::createBackingStore):
(WebCore::IDBServer::IDBServer::performGetAllDatabaseNames):
(WebCore::IDBServer::IDBServer::removeDatabasesModifiedSinceForVersion):
(WebCore::IDBServer::IDBServer::performCloseAndDeleteDatabasesModifiedSince):
(WebCore::IDBServer::IDBServer::removeDatabasesWithOriginsForVersion):
(WebCore::IDBServer::IDBServer::performCloseAndDeleteDatabasesForOrigins):
(WebCore::IDBServer::IDBServer::computeSpaceUsedForOrigin):
(WebCore::IDBServer::IDBServer::upgradeFilesIfNecessary):

Modules/indexeddb/server/IDBServer.h:

(WebCore::IDBServer::IDBServer::databaseDirectoryPathIsolatedCopy const):

Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:

(WebCore::IDBServer::SQLiteIDBBackingStore::fullDatabaseDirectoryWithUpgrade):
(WebCore::IDBServer::SQLiteIDBBackingStore::databasesSizeForOrigin const):
(WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore):

Modules/indexeddb/server/SQLiteIDBBackingStore.h:

(WebCore::IDBServer::SQLiteIDBBackingStore::databaseRootDirectoryIsolatedCopy const):

Modules/webdatabase/Database.cpp:

(WebCore::Database::markAsDeletedAndClose):
(WebCore::Database::stringIdentifierIsolatedCopy const):
(WebCore::Database::displayNameIsolatedCopy const):
(WebCore::Database::expectedVersionIsolatedCopy const):
(WebCore::Database::fileNameIsolatedCopy const):
(WebCore::Database::details const):
(WebCore::Database::didCommitWriteTransaction):
(WebCore::Database::didExceedQuota):

Modules/webdatabase/Database.h:
Modules/webdatabase/DatabaseTracker.cpp:

(WebCore::DatabaseTracker::maximumSize):
(WebCore::DatabaseTracker::doneCreatingDatabase):
(WebCore::DatabaseTracker::addOpenDatabase):
(WebCore::DatabaseTracker::removeOpenDatabase):

Modules/webdatabase/SQLError.h:

(WebCore::SQLError::messageIsolatedCopy const):

Modules/webdatabase/SQLError.idl:
Modules/webdatabase/SQLTransaction.cpp:

(WebCore::SQLTransaction::openTransactionAndPreflight):

workers/service/server/RegistrationDatabase.cpp:

(WebCore::RegistrationDatabase::openSQLiteDatabase):
(WebCore::RegistrationDatabase::clearAll):

workers/service/server/RegistrationDatabase.h:

(WebCore::RegistrationDatabase::databaseDirectoryIsolatedCopy const):

Source/WebKit:

NetworkProcess/Classifier/ResourceLoadStatisticsPersistentStorage.cpp:

(WebKit::ResourceLoadStatisticsPersistentStorage::storageDirectoryPathIsolatedCopy const):
(WebKit::ResourceLoadStatisticsPersistentStorage::resourceLogFilePath const):
(WebKit::ResourceLoadStatisticsPersistentStorage::monitorDirectoryForNewStatistics):

NetworkProcess/Classifier/ResourceLoadStatisticsPersistentStorage.h:
NetworkProcess/cache/NetworkCacheBlobStorage.cpp:

(WebKit::NetworkCache::BlobStorage::blobDirectoryPathIsolatedCopy const):
(WebKit::NetworkCache::BlobStorage::synchronize):
(WebKit::NetworkCache::BlobStorage::blobPathForHash const):

NetworkProcess/cache/NetworkCacheBlobStorage.h:
NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::Storage::basePathIsolatedCopy const):
(WebKit::NetworkCache::Storage::versionPath const):
(WebKit::NetworkCache::Storage::recordsPathIsolatedCopy const):
(WebKit::NetworkCache::Storage::synchronize):
(WebKit::NetworkCache::Storage::recordDirectoryPathForKey const):
(WebKit::NetworkCache::Storage::traverse):
(WebKit::NetworkCache::Storage::clear):
(WebKit::NetworkCache::Storage::shrink):
(WebKit::NetworkCache::Storage::deleteOldVersions):

NetworkProcess/cache/NetworkCacheStorage.h:

3:52 AM Changeset in webkit [249391] by Carlos Garcia Campos

3 edits
1 add in releases/WebKitGTK/webkit-2.26

Merge r249310 - [JSC] Repatch should construct CallCases and CasesValue at the same time
https://bugs.webkit.org/show_bug.cgi?id=201325

Reviewed by Saam Barati.

JSTests:

stress/repatch-switch.js: Added.

(main.f2.f0):
(main.f2.f3):
(main.f2.f1):
(main.f2):
(main):

Source/JavaScriptCore:

In linkPolymorphicCall, we should create callCases and casesValue at the same time to assert callCases.size() == casesValue.size().
If the call variant is isClosureCall and InternalFunction, we skip adding it to casesValue. So we should not add this variant to callCases too.

jit/Repatch.cpp:

(JSC::linkPolymorphicCall):

3:52 AM Changeset in webkit [249390] by Carlos Garcia Campos

4 edits in releases/WebKitGTK/webkit-2.26/Source/WebCore

Merge r249309 - Avoid running the outline painting phase if no renderers have outlines
https://bugs.webkit.org/show_bug.cgi?id=201284

Reviewed by Said Abou-Hallawa.

The outline painting phase (paintOutlineForFragments()) can take up to 20% of the painting time
even when there are no outlines. Keep track of which renderers have outlines, and only run the phase
when printing (for hasOutlineAnnotation()) or if there are any renderers with outlines.

rendering/RenderElement.cpp:

(WebCore::RenderElement::styleWillChange):
(WebCore::RenderElement::styleDidChange):
(WebCore::RenderElement::willBeDestroyed):

rendering/RenderLayer.cpp:

(WebCore::RenderLayer::paintLayerContents):

rendering/RenderView.h:

3:52 AM Changeset in webkit [249389] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.26

Merge r249307 - Copying and pasting two paragraphs with a newline between them results in stray paragraph with newline inside.
https://bugs.webkit.org/show_bug.cgi?id=201306

Reviewed by Wenson Hsieh.

Source/WebCore:

Test: editing/pasteboard/paste-without-nesting.html

editing/ReplaceSelectionCommand.cpp:

(WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor): Consider the ancestor node safe to remove
if there is no rendered text inside, not just if there are any child nodes.

LayoutTests:

editing/pasteboard/paste-without-nesting-expected.txt: Updated results.
editing/pasteboard/paste-without-nesting.html: Added new test case.

3:52 AM Changeset in webkit [249388] by Carlos Garcia Campos

3 edits
1 add in releases/WebKitGTK/webkit-2.26

Merge r249306 - [JSC] ObjectAllocationSinkingPhase wrongly deals with always-taken branches during interpretation
https://bugs.webkit.org/show_bug.cgi?id=198650

Reviewed by Saam Barati.

JSTests:

stress/object-allocation-sinking-interpretation-can-interpret-edges-that-can-be-proven-unreachable-in-ai.js:

(main.v0):
(main):

Source/JavaScriptCore:

Object Allocation Sinking phase has a lightweight abstract interpreter which interprets DFG nodes related to allocations and properties.
This interpreter is lightweight since it does not track abstract values and conditions as deeply as AI does. It can happen that this
interpreter interpret the control-flow edge that AI proved that is never taken.
AI already knows some control-flow edges are never taken, and based on this information, AI can remove CheckStructure nodes. But
ObjectAllocationSinking phase can trace this never-taken edges and propagate structure information that contradicts to the analysis
done in ObjectAllocationSinking.

Let's see the example.

BB#0

35: NewObject([%AM:Object])
...
47: Branch(ConstantTrue, T:#1, F:#2)

BB#1 This basic block is never taken due to @47's jump.

...
71: PutByOffset(@35, @66, id2{a}, 0, W:NamedProperties(2))
72: PutStructure(@35, %AM:Object -> %Dx:Object, ID:60066)
...
XX: Jump(#2)

BB#2

...
92: CheckStructure(@35, [%Dx:Object])
93: PutByOffset(@35, @35, id2{a}, 0, W:NamedProperties(2))
...

AI removes @92 because AI knows BB#0 only takes BB#1 branch. @35's Structure is always %Dx so @92 is redundant.
AI proved that @71 and @72 are always executed while BB#0 -> BB#2 edge is never taken so that @35 object's structure is proven at @92.
After AI removes @92, ObjectAllocationSinking starts looking into this graph.

BB#0

35: NewObject([%AM:Object])
...
47: Branch(ConstantTrue, T:#1, F:#2)

BB#1 This basic block is never taken due to @47's jump.

...
71: PutByOffset(@35, @66, id2{a}, 0, W:NamedProperties(2))
72: PutStructure(@35, %AM:Object -> %Dx:Object, ID:60066)
...
XX: Jump(#2)

BB#2

...
93: PutByOffset(@35, @35, id2{a}, 0, W:NamedProperties(2))
...
YY: Jump(#3)

BB#3

...
ZZ: <HERE> want to materialize @35's sunk object.

Since AI does not change the @47 Branch to Jump (it is OK anyway), BB#0 -> BB#2 edge remains and ObjectAllocationSinking phase propagates information in
BB#0's %AM structure information to BB#2. ObjectAllocationSinking phase converts @35 to PhantomNewObject, removes PutByOffset and PutStructure, and
insert MaterializeNewObject in @ZZ. At this point, ObjectAllocationSinking lightweight interpreter gets two structures while AI gets one: @35's original
one (%AM) and @72's replaced one (%Dx). Since AI already proved @ZZ only gets %Dx, AI removed @92 CheckStructure. But this is not known to ObjectAllocationSinking
phase's interpretation. So when creating recovery data, MultiPutByOffset includes two structures, %AM and %Dx. This is OK since MultiPutByOffset takes
conservative set of structures and performs switching. But the problem here is that %AM's id2{a} offset is -1 since %AM does not have such a property.
So when creating MultiPutByOffset in ObjectAllocationSinking, we accidentally create MultiPutByOffset with -1 offset data, and lowering phase hits the debug
assertion.

187: MultiPutByOffset(@138, @138, id2{a}, <Replace: [%AM:Object], offset = -1, >, <Replace: [%Dx:Object], offset = 0, >)

This bug is harmless since %AM structure comparison never meets at runtime. But we are not considering the case including -1 offset property in MultiPutByOffset data.
In this patch, we just filter out apparently wrong structures when creating MultiPutByOffset in ObjectAllocationSinking. This is OK since it never comes at runtime.

dfg/DFGObjectAllocationSinkingPhase.cpp:

3:52 AM Changeset in webkit [249387] by Carlos Garcia Campos

5 edits in releases/WebKitGTK/webkit-2.26/Source/WebKit

Merge r249303 - Speculative loads should use the NetworkSession owning their Cache
https://bugs.webkit.org/show_bug.cgi?id=201314

Patch by Alex Christensen <achristensen@webkit.org> on 2019-08-29
Reviewed by Chris Dumez.

This provides a performance improvement when using non-default persistent WKWebsiteDataStores.

NetworkProcess/NetworkSession.cpp:

(WebKit::NetworkSession::NetworkSession):

NetworkProcess/cache/NetworkCache.cpp:

(WebKit::NetworkCache::Cache::open):
(WebKit::NetworkCache::Cache::Cache):

NetworkProcess/cache/NetworkCache.h:

(WebKit::NetworkCache::Cache::sessionID const):

NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:

(WebKit::NetworkCache::SpeculativeLoad::SpeculativeLoad):

3:52 AM Changeset in webkit [249386] by Carlos Garcia Campos

31 edits in releases/WebKitGTK/webkit-2.26

Merge r249301 - Web Inspector: replace uses of Array.prototype.concat with Array.prototype.push
https://bugs.webkit.org/show_bug.cgi?id=201082

Reviewed by Joseph Pecoraro.

Source/WebInspectorUI:

x = x.concat(y) is very slow, as x has to be fully copied in order to add y to it.
Introduce Array.prototype.pushIterable, which iterates the given iterable and adds each
item to the this array.

UserInterface/Controllers/DOMDebuggerManager.js:

(WI.DOMDebuggerManager.prototype.get domBreakpoints):
(WI.DOMDebuggerManager.prototype.domBreakpointsInSubtree):

UserInterface/Controllers/JavaScriptRuntimeCompletionProvider.js:

(WI.JavaScriptRuntimeCompletionProvider.completionControllerCompletionsNeeded.receivedPropertyNames):

UserInterface/Models/CSSCompletions.js:

(WI.CSSCompletions):

UserInterface/Models/CSSKeywordCompletions.js:

(WI.CSSKeywordCompletions.forProperty):
(WI.CSSKeywordCompletions.forProperty.addKeywordsForName):
(WI.CSSKeywordCompletions.forFunction):

UserInterface/Models/Canvas.js:

(WI.Canvas.prototype.recordingProgress):

UserInterface/Models/DOMNodeStyles.js:

(WI.DOMNodeStyles.prototype._updateStyleCascade):
(WI.DOMNodeStyles.prototype._collectStylesInCascadeOrder):

UserInterface/Models/TimelineRecording.js:

(WI.TimelineRecording.prototype.get sourceCodeTimelines):
(WI.TimelineRecording.prototype.initializeCallingContextTrees):

UserInterface/Protocol/RemoteObject.js:

(WI.RemoteObject.prototype._getPropertyDescriptorsResolver):

UserInterface/Views/ConsoleMessageView.js:

(WI.ConsoleMessageView.prototype._appendMessageTextAndArguments):

UserInterface/Views/ContentBrowser.js:

(WI.ContentBrowser.prototype.get currentRepresentedObjects):

UserInterface/Views/DOMTreeElement.js:

(WI.DOMTreeElement.prototype._visibleChildren):

UserInterface/Views/DataGridNode.js:

(WI.DataGridNode.prototype.get filterableData):

UserInterface/Views/HeapAllocationsTimelineView.js:

(WI.HeapAllocationsTimelineView.prototype.get selectionPathComponents):

UserInterface/Views/IndexedDatabaseObjectStoreContentView.js:

(WI.IndexedDatabaseObjectStoreContentView.prototype._fetchMoreData.processEntries):

UserInterface/Views/NavigationItem.js:

(WI.NavigationItem.prototype.get _classNames):

UserInterface/Views/ObjectTreeView.js:

(WI.ObjectTreeView.prototype._updateProperties):

UserInterface/Views/OpenResourceDialog.js:

(WI.OpenResourceDialog.prototype._addResourcesForFrame):

UserInterface/Views/OverviewTimelineView.js:

(WI.OverviewTimelineView.prototype._loadExistingRecords):

UserInterface/Views/ResourceCollectionContentView.js:

(WI.ResourceCollectionContentView.prototype.get navigationItems):

UserInterface/Views/ResourceHeadersContentView.js:

(WI.ResourceHeadersContentView.prototype._perfomSearchOnKeyValuePairs):

UserInterface/Views/ResourceSecurityContentView.js:

(WI.ResourceSecurityContentView.prototype._perfomSearchOnKeyValuePairs):

UserInterface/Views/ScriptClusterTimelineView.js:

(WI.ScriptClusterTimelineView.prototype.get selectionPathComponents):

UserInterface/Views/ScrubberNavigationItem.js:

(WI.ScrubberNavigationItem.prototype.get additionalClassNames):

UserInterface/Views/SpreadsheetStyleProperty.js:

(WI.SpreadsheetStyleProperty.prototype._addGradientTokens):
(WI.SpreadsheetStyleProperty.prototype._addColorTokens.pushPossibleColorToken):
(WI.SpreadsheetStyleProperty.prototype._addTimingFunctionTokens):
(WI.SpreadsheetStyleProperty.prototype._addVariableTokens):

UserInterface/Views/TreeOutline.js:

(WI.TreeOutline.prototype.selfOrDescendant):

UserInterface/Views/View.js:

(WI.View._visitViewTreeForLayout):

LayoutTests:

inspector/unit-tests/array-utilities.html:
inspector/unit-tests/array-utilities-expected.txt:

Add tests for added utility Array.prototype.pushIterable.

3:52 AM Changeset in webkit [249385] by Carlos Garcia Campos

7 edits
3 adds in releases/WebKitGTK/webkit-2.26

Merge r249295 - document.fonts.ready is resolved too quickly
https://bugs.webkit.org/show_bug.cgi?id=174030
<rdar://problem/33083550>

Reviewed by Frédéric Wang.

LayoutTests/imported/w3c:

Test from https://github.com/web-platform-tests/wpt/pull/18489.

web-platform-tests/fonts/ahem.css: Added.

(@font-face):

web-platform-tests/infrastructure/assumptions/document-fonts-ready-expected.txt: Added.
web-platform-tests/infrastructure/assumptions/document-fonts-ready.html: Added.

Source/WebCore:

As described in https://drafts.csswg.org/css-font-loading/#font-face-set-ready, the ready promise
is only fulfilled after layout operations complete and no additional font loads are necessary.

This patch implements this by notifying the FontFaceSet created for the document when the document
is finished loading. At that time, the promise will be resolved as soon as fonts are finished loading if any.

Test: imported/w3c/web-platform-tests/infrastructure/assumptions/document-fonts-ready.html

css/CSSFontSelector.cpp:

(WebCore::CSSFontSelector::optionalFontFaceSet):

css/CSSFontSelector.h:
css/FontFaceSet.cpp:

(WebCore::FontFaceSet::FontFaceSet):
(WebCore::FontFaceSet::startedLoading):
(WebCore::FontFaceSet::didFirstLayout):
(WebCore::FontFaceSet::completedLoading):

css/FontFaceSet.h:
dom/Document.cpp:

(WebCore::Document::implicitClose):

3:52 AM Changeset in webkit [249384] by Carlos Garcia Campos

8 edits in releases/WebKitGTK/webkit-2.26/Source/WebInspectorUI

Merge r249291 - Web Inspector: REGRESSION (r248873): Debugger: pressing delete on a breakpoint will also delete any resource/element parent immediately before it in the list
https://bugs.webkit.org/show_bug.cgi?id=200939

Reviewed by Joseph Pecoraro.

UserInterface/Views/DebuggerSidebarPanel.js:

(WI.DebuggerSidebarPanel.prototype._breakpointTreeOutlineDeleteTreeElement):
(WI.DebuggerSidebarPanel.prototype._handleBreakpointElementAddedOrRemoved):
(WI.DebuggerSidebarPanel.prototype._breakpointTreeOutlineDeleteTreeElement.checkIfSelectionAdjustmentNeeded): Deleted.

UserInterface/Views/SourcesNavigationSidebarPanel.js:

(WI.SourcesNavigationSidebarPanel):
(WI.SourcesNavigationSidebarPanel.prototype._handleBreakpointElementAddedOrRemoved):
(WI.SourcesNavigationSidebarPanel.this._breakpointsTreeOutline.ondelete.checkIfSelectionAdjustmentNeeded): Deleted.
When the WI.TreeOutline's own ondelete is called, that means we must be handling a
delete that was _not_ handled by a WI.TreeElement. This means that the selectedTreeElement
has to be a resource/script, the window object, or one of the non-deletable breakpoints.

In the case of a non-deletable breakpoint, since they're never removed from their parent
WI.TreeOutline, we just shift the selection to the next selectable WI.TreeElement.

Otherwise, wait for the WI.TreeOutline.Event.ElementRemoved event to be fired, and adjust
the selection then based on whether the new selectedTreeElement is one of the "top" items,
namely the "All Exceptions", "Uncaught Exceptions", and "Assertion Failures" breakpoints.

UserInterface/Views/BreakpointTreeElement.js:

(WI.BreakpointTreeElement.prototype.ondelete):

UserInterface/Views/DOMBreakpointTreeElement.js:

(WI.DOMBreakpointTreeElement.prototype.ondelete):

UserInterface/Views/DOMNodeTreeElement.js:

(WI.DOMNodeTreeElement.prototype.ondelete):

UserInterface/Views/EventBreakpointTreeElement.js:

(WI.EventBreakpointTreeElement.prototype.ondelete):

UserInterface/Views/URLBreakpointTreeElement.js:

(WI.URLBreakpointTreeElement.prototype.ondelete):
Add return true; to let the parent WI.TreeOutline know that the delete event was handled.
This prevents the parent WI.TreeOutline's own ondelete from being called, which would
cause a double-delete as there would be a different selectedTreeElement.

3:52 AM Changeset in webkit [249383] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/WTF

Merge r249280 - CompletionHandler default constructor does not initialize m_wasConstructedOnMainThread
https://bugs.webkit.org/show_bug.cgi?id=201249

Reviewed by Joseph Pecoraro and Alex Christensen.

wtf/CompletionHandler.h:

(WTF::CompletionHandler<Out):

3:52 AM Changeset in webkit [249382] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/JavaScriptCore

Merge r249279 - Remove a bad assertion in ByteCodeParser::inlineCall().
https://bugs.webkit.org/show_bug.cgi?id=201292
<rdar://problem/54121659>

Reviewed by Michael Saboff.

In the DFG bytecode parser, we've already computed the inlining cost of a candidate
inlining target, and determine that it is worth inlining before invoking
ByteCodeParser::inlineCall(). However, in ByteCodeParser::inlineCall(), it
recomputes the inlining cost again only for the purpose of asserting that it isn't
too high.

Not consider a badly written test that does the following:

function bar() {

...
foo(); Call in a hot loop here.
...

}

bar(); <===== foo is inlineable into bar here.
noInline(foo); <===== Change mind, and make foo not inlineable.
bar();

With this bad test, the following racy scenario can occur:

the first invocation of bar() gets hot, and a concurrent compile is kicked off.
the compiler thread computes foo()'s inliningCost() and determines that it is worthy to be inlined, and will imminently call inlineCall().
the mutator calls the noInline() test utility on foo(), thereby making it NOT inlineable.
the compiler thread calls inlineCall(). In inlineCall(), it re-computes the inliningCost for foo() and now finds that it is not inlineable. An assertion failure follows.

Technically, the test is in error because noInline() shouldn't be used that way.
However, fuzzers that are not clued into noInline()'s proper usage may generate
code like this.

On the other hand, ByteCodeParser::inlineCall() should not be recomputing that the
inlining cost and asserting on it. The only reason inlineCall() is invoked is
because it was already previously determined that a target function is inlineable
based on its inlining cost. Today, in practice, I don't think we have any real
world condition where the mutator can affect the inlining cost of a target
function midway through execution. So, this assertion isn't a problem if no one
writes a test that abuses noInline(). However, should things change such that the
mutator is able to affect the inlining cost of a target function, then it is
incorrect for the compiler to assume that the inlining cost is immutable. Once
the compiler decides to inline a function, it should just follow through.

This patch removes this assertion in ByteCodeParser::inlineCall(). It is an
annoyance at best (for fuzzers), and at worst, incorrect if the mutator gains the
ability to affect the inlining cost of a target function.

dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::inlineCall):

3:52 AM Changeset in webkit [249381] by Carlos Garcia Campos

2 edits in releases/WebKitGTK/webkit-2.26/Source/WebCore

Merge r249276 - [GStreamer] Do not use makeWeakPtr from streaming thread.
https://bugs.webkit.org/show_bug.cgi?id=201220

Reviewed by Xabier Rodriguez-Calvar.

Test: imported/w3c/web-platform-tests/encrypted-media/clearkey-mp4-playback-retrieve-persistent-license.https.html

Recently some asserts were added that you can't create WeakPtr's
from streaming threads when the factory is created on the
main-thread. The fix is to eagerly create the WeakPtr at player
initialization time, rather than lazily when the streaming thread
first asks for it.

platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:

3:51 AM Changeset in webkit [249380] by Carlos Garcia Campos

3 edits in releases/WebKitGTK/webkit-2.26/Source/WebKit

Merge r249274 - Use inline data member initialization in ProcessLauncher
https://bugs.webkit.org/show_bug.cgi?id=201247

Reviewed by Ryosuke Niwa.

UIProcess/Launcher/ProcessLauncher.cpp:

(WebKit::ProcessLauncher::ProcessLauncher):

UIProcess/Launcher/ProcessLauncher.h:

2:31 AM Changeset in webkit [249379] by youenn@apple.com

11 edits in trunk/Source

Make NetworkConnectionToWebProcess keyed by their WebProcess identifier
https://bugs.webkit.org/show_bug.cgi?id=201300

Reviewed by Alex Christensen.

Make sure to create each NetworkConnectionToWebProcess for a given WebProcess.
Pass the process identifier at creation time.
This will allow to have the message registry be moved to NetworkProcess
so as to check port activity between processes.
This identifier might also be used in the future for other connections like
service worker context/client/server identifiers.

No observable change of behavior.

NetworkProcess/NetworkConnectionToWebProcess.cpp:

(WebKit::NetworkConnectionToWebProcess::create):
(WebKit::NetworkConnectionToWebProcess::NetworkConnectionToWebProcess):

NetworkProcess/NetworkConnectionToWebProcess.h:

(WebKit::NetworkConnectionToWebProcess::webProcessIdentifier const):

NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::removeNetworkConnectionToWebProcess):
(WebKit::NetworkProcess::createNetworkConnectionToWebProcess):
(WebKit::NetworkProcess::actualPrepareToSuspend):
(WebKit::NetworkProcess::resume):

NetworkProcess/NetworkProcess.h:
NetworkProcess/NetworkProcess.messages.in:
Platform/IPC/Connection.h:

(IPC::Connection::sendWithAsyncReply):
Allow to pass send options.

UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::NetworkProcessProxy):
(WebKit::NetworkProcessProxy::getNetworkProcessConnection):
Make use of async reply to simplify the handling of lambdas.
(WebKit::NetworkProcessProxy::openNetworkProcessConnection):
(WebKit::NetworkProcessProxy::didFinishLaunching):

UIProcess/Network/NetworkProcessProxy.h:
UIProcess/Network/NetworkProcessProxy.messages.in:

2:31 AM Changeset in webkit [249378] by youenn@apple.com

22 edits
1 copy
1 add in trunk/Source

Introduce WorkerMessagePortChannelRegistry
https://bugs.webkit.org/show_bug.cgi?id=201333

Reviewed by Alex Christensen.

Source/WebCore:

This patch introduces a dedicated registry for workers.
This registry will hop to the main thread and use the
regular main thread registry to do the actual processing.

Covered by existing tests.

Sources.txt:
WebCore.xcodeproj/project.pbxproj:
dom/Document.cpp:

(WebCore::Document::messagePortChannelProvider):

dom/Document.h:
dom/MessageChannel.cpp:

(WebCore::MessageChannel::MessageChannel):

dom/MessagePort.cpp:

(WebCore::MessagePort::entangle):
(WebCore::MessagePort::postMessage):
(WebCore::MessagePort::disentangle):
(WebCore::MessagePort::close):
(WebCore::MessagePort::dispatchMessages):
(WebCore::MessagePort::hasPendingActivity const):

dom/messageports/MessagePortChannel.cpp:

(WebCore::MessagePortChannel::takeAllMessagesForPort):
(WebCore::MessagePortChannel::checkRemotePortForActivity):

dom/messageports/MessagePortChannel.h:
dom/messageports/MessagePortChannelProvider.cpp:

(WebCore::MessagePortChannelProvider::singleton):
(WebCore::MessagePortChannelProvider::fromContext):

dom/messageports/MessagePortChannelProvider.h:
dom/messageports/MessagePortChannelProviderImpl.cpp:

(WebCore::MessagePortChannelProviderImpl::takeAllMessagesForPort):
(WebCore::MessagePortChannelProviderImpl::checkRemotePortForActivity):

dom/messageports/MessagePortChannelProviderImpl.h:
dom/messageports/MessagePortChannelRegistry.cpp:

(WebCore::MessagePortChannelRegistry::takeAllMessagesForPort):
(WebCore::MessagePortChannelRegistry::checkRemotePortForActivity):

dom/messageports/MessagePortChannelRegistry.h:
dom/messageports/WorkerMessagePortChannelProvider.cpp: Added.

(WebCore::WorkerMessagePortChannelProvider::WorkerMessagePortChannelProvider):
(WebCore::WorkerMessagePortChannelProvider::~WorkerMessagePortChannelProvider):
(WebCore::WorkerMessagePortChannelProvider::createNewMessagePortChannel):
(WebCore::WorkerMessagePortChannelProvider::entangleLocalPortInThisProcessToRemote):
(WebCore::WorkerMessagePortChannelProvider::messagePortDisentangled):
(WebCore::WorkerMessagePortChannelProvider::messagePortClosed):
(WebCore::WorkerMessagePortChannelProvider::postMessageToRemote):
(WebCore::WorkerMessagePortChannelProvider::takeAllMessagesForPort):
(WebCore::WorkerMessagePortChannelProvider::checkRemotePortForActivity):
(WebCore::WorkerMessagePortChannelProvider::checkProcessLocalPortForActivity):

dom/messageports/WorkerMessagePortChannelProvider.h: Added.
workers/WorkerGlobalScope.cpp:

(WebCore::WorkerGlobalScope::messagePortChannelProvider):

workers/WorkerGlobalScope.h:

Source/WebKit:

By introducing WorkerMessagePortChannelRegistry, we are making
sure UIMessagePortChannelProvider is only called from the main thread.
This will help when moving the registry to network process.

UIProcess/UIMessagePortChannelProvider.cpp:

(WebKit::UIMessagePortChannelProvider::takeAllMessagesForPort):
(WebKit::UIMessagePortChannelProvider::checkRemotePortForActivity):

UIProcess/UIMessagePortChannelProvider.h:
WebProcess/WebCoreSupport/WebMessagePortChannelProvider.cpp:

(WebKit::WebMessagePortChannelProvider::takeAllMessagesForPort):
(WebKit::WebMessagePortChannelProvider::didTakeAllMessagesForPort):
(WebKit::WebMessagePortChannelProvider::didCheckRemotePortForActivity):
(WebKit::WebMessagePortChannelProvider::checkRemotePortForActivity):

WebProcess/WebCoreSupport/WebMessagePortChannelProvider.h:

1:52 AM Changeset in webkit [249377] by zandobersek@gmail.com

3 edits in trunk/Tools

[WPE] WindowBackend should do resizing properly
https://bugs.webkit.org/show_bug.cgi?id=201386

Reviewed by Carlos Garcia Campos.

The WindowBackend implementation is resized via the XDG protocol. The
initial size is stored for the object's lifetime and fallen back to when
the XDG protocol reports (0,0) configuration size.

Upon each resize, we have to recreate the texture. We also have to size
the GL viewport accordingly.

wpe/backends/WindowViewBackend.cpp:

(WPEToolingBackends::WindowViewBackend::WindowViewBackend):
(WPEToolingBackends::WindowViewBackend::createViewTexture):
(WPEToolingBackends::WindowViewBackend::resize):
(WPEToolingBackends::WindowViewBackend::displayBuffer):

wpe/backends/WindowViewBackend.h:

Sep 1, 2019:

11:20 PM Changeset in webkit [249376] by youenn@apple.com

5 edits in trunk/Source/WebKit

Abstract out LibWebRTCSocketClient so that rtc sockets can be implemented without libwebrtc sockets
https://bugs.webkit.org/show_bug.cgi?id=201302

Reviewed by Alex Christensen.

Introduce NetworkRTCProvider::Socket to be able to implement RTC socket support with non libwebrtc API

NetworkProcess/webrtc/LibWebRTCSocketClient.h:
NetworkProcess/webrtc/NetworkRTCProvider.cpp:

(WebKit::NetworkRTCProvider::createSocket):
(WebKit::NetworkRTCProvider::createUDPSocket):
(WebKit::NetworkRTCProvider::createServerTCPSocket):
(WebKit::NetworkRTCProvider::proxyInfoFromSession):
(WebKit::NetworkRTCProvider::createClientTCPSocket):
(WebKit::NetworkRTCProvider::wrapNewTCPConnection):
(WebKit::NetworkRTCProvider::addSocket):
(WebKit::NetworkRTCProvider::takeSocket):
(WebKit::NetworkRTCProvider::newConnection):
(WebKit::NetworkRTCProvider::closeListeningSockets):
(WebKit::NetworkRTCProvider::callSocket):

NetworkProcess/webrtc/NetworkRTCProvider.h:
NetworkProcess/webrtc/NetworkRTCProvider.mm:

(WebKit::NetworkRTCProvider::createClientTCPSocket):

NetworkProcess/webrtc/NetworkRTCSocket.cpp:

(WebKit::NetworkRTCSocket::sendTo):
(WebKit::NetworkRTCSocket::close):
(WebKit::NetworkRTCSocket::setOption):

11:03 PM Changeset in webkit [249375] by Fujii Hironori

2 edits in trunk/Source/WebKit

[Cairo] out-of-bounds read in ShareableBitmap::paint if a fractional device scale factor is used
https://bugs.webkit.org/show_bug.cgi?id=196340

Reviewed by Brent Fulgham.

In ShareableBitmap::paint, srcRectScaled can be out-of-bounds of
the surface if a fractional device scale factor is used.

Shared/cairo/ShareableBitmapCairo.cpp:

(WebKit::ShareableBitmap::paint): Use cairoSurfaceSetDeviceScale
to set a device scale factor to the surface instead of multiplying
srcRect with a device scale factor.

10:23 PM Changeset in webkit [249374] by mmaxfield@apple.com

7 edits
6 adds in trunk

[WHLSL] Resources don't work when only a subset of a bind group is referenced by a shader
https://bugs.webkit.org/show_bug.cgi?id=201383

Reviewed by Dean Jackson.

Source/WebCore:

Bind groups correspond to argument buffers in Metal. Both the Metal API and Metal Shading Language
have to agree on the layout of exactly which resources lie at which byte offsets within an argument
buffer.

Before this patch, we only emitted code for the items in the argument buffer that were actually
referenced by the shader source code. However, because these items are held inside a struct, if
we omit one item from the middle of the struct, the byte offets of all the successive items would
be wrong. This means that the Metal API and the shader would disagree about how to access these
resources, making the resources inaccessible (and causing security problems).

Tests: webgpu/whlsl/sparse-bind-group-2.html

webgpu/whlsl/sparse-bind-group-3.html
webgpu/whlsl/sparse-bind-group.html

Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp:

(WebCore::WHLSL::Metal::EntryPointScaffolding::emitResourceHelperTypes):
(WebCore::WHLSL::Metal::VertexEntryPointScaffolding::emitHelperTypes):
(WebCore::WHLSL::Metal::FragmentEntryPointScaffolding::emitHelperTypes):
(WebCore::WHLSL::Metal::ComputeEntryPointScaffolding::emitHelperTypes):

Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.h:
Modules/webgpu/WHLSL/WHLSLSemanticMatcher.cpp:

(WebCore::WHLSL::matchResources):
(WebCore::WHLSL::matchVertexAttributes):
(WebCore::WHLSL::matchColorAttachments):

LayoutTests:

webgpu/whlsl/compute.html:
webgpu/whlsl/sparse-bind-group-2-expected.txt: Added.
webgpu/whlsl/sparse-bind-group-2.html: Added.
webgpu/whlsl/sparse-bind-group-3-expected.txt: Added.
webgpu/whlsl/sparse-bind-group-3.html: Added.
webgpu/whlsl/sparse-bind-group-expected.txt: Added.
webgpu/whlsl/sparse-bind-group.html: Added.

9:38 PM Changeset in webkit [249373] by commit-queue@webkit.org

7 edits
6 deletes in trunk

Unreviewed, rolling out r249369.
https://bugs.webkit.org/show_bug.cgi?id=201394

broke WHLSL tests (Requested by litherum on #webkit).

Reverted changeset:

"[WHLSL] Resources don't work when only a subset of a bind
group is referenced by a shader"
https://bugs.webkit.org/show_bug.cgi?id=201383
https://trac.webkit.org/changeset/249369

8:44 PM Changeset in webkit [249372] by ysuzuki@apple.com

16 edits in trunk/Source/JavaScriptCore

[JSC] Merge op_check_traps into op_enter and op_loop_hint
https://bugs.webkit.org/show_bug.cgi?id=201373

Reviewed by Mark Lam.

We also inline op_enter's slow path's write-barrier emission in LLInt.

bytecode/BytecodeList.rb:
bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::emitLoopHint):
(JSC::BytecodeGenerator::emitCheckTraps): Deleted.

bytecompiler/BytecodeGenerator.h:
dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleRecursiveTailCall):
(JSC::DFG::ByteCodeParser::parseBlock):

dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
(JSC::JIT::emitEnterOptimizationCheck): Deleted.

jit/JIT.h:
jit/JITOpcodes.cpp:

jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_enter): Deleted.

llint/LowLevelInterpreter.asm:
llint/LowLevelInterpreter32_64.asm:
llint/LowLevelInterpreter64.asm:
runtime/CommonSlowPaths.cpp:
runtime/CommonSlowPaths.h:

7:11 PM Changeset in webkit [249371] by Fujii Hironori

9 edits in trunk

Unreviewed, rolling out r249366.

WinCairo WebKit2 crashes in some websites and the device scale
factor is not correct in high DPI.

Reverted changeset:

"[WinCairo, FTW] Properly handle device scale factor"
https://bugs.webkit.org/show_bug.cgi?id=201361
https://trac.webkit.org/changeset/249366

4:35 PM Changeset in webkit [249370] by ysuzuki@apple.com

2 edits in trunk/Source/JavaScriptCore

[JSC] Fix testb3 debug failures
https://bugs.webkit.org/show_bug.cgi?id=201382

Reviewed by Mark Lam.

Fix testb3 debug failures due to incorrect types of operations like pointer + int32.

b3/testb3_8.cpp:

(testByteCopyLoop):
(testByteCopyLoopStartIsLoopDependent):
(testByteCopyLoopBoundIsLoopDependent):

4:08 PM Changeset in webkit [249369] by mmaxfield@apple.com

7 edits
6 adds in trunk

[WHLSL] Resources don't work when only a subset of a bind group is referenced by a shader
https://bugs.webkit.org/show_bug.cgi?id=201383

Reviewed by Dean Jackson.

Source/WebCore:

Tests: webgpu/whlsl/sparse-bind-group-2.html

webgpu/whlsl/sparse-bind-group-3.html
webgpu/whlsl/sparse-bind-group.html

Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.cpp:

Modules/webgpu/WHLSL/Metal/WHLSLEntryPointScaffolding.h:
Modules/webgpu/WHLSL/WHLSLSemanticMatcher.cpp:

(WebCore::WHLSL::matchResources):
(WebCore::WHLSL::matchVertexAttributes):
(WebCore::WHLSL::matchColorAttachments):

LayoutTests:

webgpu/whlsl/compute.html:
webgpu/whlsl/sparse-bind-group-2-expected.txt: Added.
webgpu/whlsl/sparse-bind-group-2.html: Added.
webgpu/whlsl/sparse-bind-group-3-expected.txt: Added.
webgpu/whlsl/sparse-bind-group-3.html: Added.
webgpu/whlsl/sparse-bind-group-expected.txt: Added.
webgpu/whlsl/sparse-bind-group.html: Added.

1:42 PM Changeset in webkit [249368] by Wenson Hsieh

11 edits
6 adds in trunk

Long presses that interrupt accelerated scrolling dispatch clicks on apps linked against iOS 12 or earlier
https://bugs.webkit.org/show_bug.cgi?id=201346
<rdar://problem/54885784>

Reviewed by Dean Jackson.

Source/WebKit:

For apps that are linked on or after iOS 13, we add a context menu interaction to the content view, which
requires us to disable (or avoid adding) the highlight long press gesture recognizer. However, for apps that are
linked on the iOS 12 SDK or prior, this gesture is still present, and fires when long pressing for (roughly) up
to 0.75 seconds if a tap gesture was not recognized instead. Firing this gesture sends a click event to the
page; this brings back some form of <rdar://problem/53889373>, but only when holding for slightly longer than a
normal tap, and also only in apps linked on iOS 12 or earlier. To fix this, we apply a similar solution as in
r248433 and detect whether a long press gesture interrupted scroll view deceleration in
-gestureRecognizerShouldBegin:. If so, we return NO to avoid clicking. See per-method comments below for more
details.

Testing this bug as-is was tricky, since there's no way in layout tests to simulate being linked on or before a
given SDK version. Luckily, recall that:

This bug occurs when the highlight gesture recognizer is enabled and added to the content view.
The highlight gesture recognizer only needs to be disabled or removed when context menu interaction is added.

As such, we should be able to restore the highlight gesture recognizer by suppressing the context menu
interaction in an app linked-on-or-after iOS 13, by setting allowsLinkPreview to NO. Unfortunately, this doesn't
quite work, since we currently always avoid adding the highlight gesture recognizer if the app is linked on
iOS 13 or later.

However, this means that the highlight gesture recognizer is absent from the content view in apps linked against
iOS 13 that disable link previews, even though its absence is not required. This means that long pressing a
clickable element in a web view that disables link previews does not show a tap highlight on iOS 13, whereas it
would on iOS 12; this is a regression, albeit a very subtle one. To fix this subtle issue and make it possible
to write a test for this bug, we refactor some logic for creating and configuring the highlight long press
gesture, such that we now unconditionally add the highlight gesture, but only enable it in apps linked on or
after iOS 13 if link previews (i.e. context menu interaction) are not allowed.

Test: fast/scrolling/ios/click-events-after-long-press-during-momentum-scroll-in-overflow.html

SourcesCocoa.txt:
UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView setAllowsLinkPreview:]):

UIProcess/ios/WKContentViewInteraction.h:
UIProcess/ios/WKContentViewInteraction.mm:

(-[WKContentView setupInteraction]):

Refactor our gesture setup logic to always create and add the long press and highlight long press gestures, but
conditionally disable them based on whether or not (1) the context menu is available, and (2) WKWebView's
allowsLinkPreview property.

(-[WKContentView _didChangeLinkPreviewAvailability]):
(-[WKContentView _updateLongPressAndHighlightLongPressGestures]):

Add a new helper to update the enabled state of the long press and highlight long press gestures, by consulting
-_shouldUseContextMenu and -allowsLinkPreview. This is called when setting up the gestures, as well as whenever
-allowsLinkPreview changes.

(-[WKContentView gestureRecognizerShouldBegin:]):

Factor out logic to ascend the view hierarchy in search of a UIScrollView that was interrupted while
decelerating into a local lambda function; use this for both the highlight gesture and the single tap gesture,
to determine whether they should begin.

UIProcess/ios/WKHighlightLongPressGestureRecognizer.h: Added.
UIProcess/ios/WKHighlightLongPressGestureRecognizer.mm: Added.

In order to remember the UIScrollView (if any) tracked by the highlight long press gesture, we subclass
_UIWebHighlightLongPressGestureRecognizer. While UILongPressGestureRecognizer does have SPI to ask for a list of
UITouches, by the time the gesture has been recognized and the gesture delegates are invoked, these UITouches
no longer correspond to UIViews. As such, the only time we have access to the list of UITouches with their
UIViews is during the touches* subclass hooks.

(-[WKHighlightLongPressGestureRecognizer reset]):

Clear out the tracked UIScrollView here, when the gesture is reset (i.e. after ending, or being canceled).

(-[WKHighlightLongPressGestureRecognizer touchesBegan:withEvent:]):

Remember the last touched UIScrollView here.

(-[WKHighlightLongPressGestureRecognizer lastTouchedScrollView]):

WebKit.xcodeproj/project.pbxproj:

Tools:

Add a new test option to allow tests to disable link previews.

WebKitTestRunner/TestController.cpp:

(WTR::updateTestOptionsFromTestHeader):

WebKitTestRunner/TestOptions.h:

Drive-by fix: also check enableLazyImageLoading when determining whether two TestOptions are the same.

(WTR::TestOptions::hasSameInitializationOptions const):

WebKitTestRunner/cocoa/TestControllerCocoa.mm:

(WTR::TestController::platformCreateWebView):

LayoutTests:

Add a couple of new layout tests to verify that using a long press gesture to interrupt momentum scrolling in a
web view that uses API to disable link previews does not result in a click.

fast/scrolling/ios/click-events-after-long-press-during-momentum-scroll-in-main-frame-expected.txt: Added.
fast/scrolling/ios/click-events-after-long-press-during-momentum-scroll-in-main-frame.html: Added.
fast/scrolling/ios/click-events-after-long-press-during-momentum-scroll-in-overflow-expected.txt: Added.
fast/scrolling/ios/click-events-after-long-press-during-momentum-scroll-in-overflow.html: Added.

11:28 AM Changeset in webkit [249367] by commit-queue@webkit.org

6 edits
3 adds in trunk

HTMLImageElement::decode() should return a resolved promise for decoding non bitmap images
https://bugs.webkit.org/show_bug.cgi?id=201243

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2019-09-01
Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

web-platform-tests/html/semantics/embedded-content/the-img-element/decode/image-decode-picture-expected.txt:

Source/WebCore:

The specs: https://html.spec.whatwg.org/multipage/embedded-content.html#dom-img-decode
states that, decode() should resolve the pending promise if the decoding
was requested for a non bitmap image.

Test: fast/images/decode-non-bitmap-image-resolve.html

loader/ImageLoader.cpp:

(WebCore::resolveDecodePromises):
(WebCore::rejectDecodePromises):
(WebCore::ImageLoader::notifyFinished):
(WebCore::ImageLoader::decode):
(WebCore::ImageLoader::decodeError): Deleted.

loader/ImageLoader.h:

(WebCore::ImageLoader::hasPendingDecodePromises const):

LayoutTests:

fast/images/decode-non-bitmap-image-resolve-expected.txt: Added.
fast/images/decode-non-bitmap-image-resolve.html: Added.
fast/images/resources/green-100x100.svg: Added.

11:13 AM Changeset in webkit [249366] by Brent Fulgham

9 edits in trunk

[WinCairo, FTW] Properly handle device scale factor
https://bugs.webkit.org/show_bug.cgi?id=201361

Reviewed by Don Olmstead.

Source/WebCore:

Update the Direct2D ImageBuffer/ImageBufferData classes to correctly handle
the device scale factor.

platform/graphics/win/ImageBufferDataDirect2D.cpp:

(WebCore::ImageBufferData::putData):

platform/graphics/win/ImageBufferDirect2D.cpp:

(WebCore::ImageBuffer::putByteArray):

Source/WebKit:

Update the WebView and WebProcess to correctly handle
the device scale factor.

UIProcess/win/WebView.cpp:

(WebKit::WebView::WebView): Tell the page the current device scale factor.

WebProcess/win/WebProcessMainWin.cpp:

(WebKit::WebProcessMainWin): Tell the process to be aware of device scale.

Tools:

Reset zoom to 1.0; device scale is handled elsewhere.

MiniBrowser/win/WebKitBrowserWindow.cpp:

(WebKitBrowserWindow::resetZoom):

9:31 AM Changeset in webkit [249365] by mark.lam@apple.com

2 edits in trunk/Source/JavaScriptCore

Speculative build fix for ARMv7 and MIPS.
https://bugs.webkit.org/show_bug.cgi?id=201389

Not reviewed.

bytecode/CodeBlock.cpp:

(JSC::CodeBlock::jettison):

Aug 31, 2019:

5:47 PM Changeset in webkit [249364] by commit-queue@webkit.org

25 edits
18 adds
7 deletes in trunk

Source/WebCore:
EXIF orientation should be respected when rendering images
https://bugs.webkit.org/show_bug.cgi?id=201123

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2019-08-31
Reviewed by Simon Fraser.

-- Image::size() will return the rendered size based on the image

orientation. If image orientation is FromImage, ImageSource will query
the actual image orientation from the ImageDecoder. The low level APIs
might transpose the size just before calling the system API to draw
the image.

-- RenderElement::imageOrientation() will return ImageOrientation::FromImage

for all images and for all ports till the CSS image-orientation specs
is finalized.

-- The default of ImagePaintingOptions argument of GraphicsContext::drawImage()

will be changed to { ImageOrientation::FromImage }.

-- Image element: RenderImage::paintIntoRect() will pass imageOrientation()

which returns ImageOrientation::FromImage to GraphicsContext::drawImage().

-- CSS background image: RenderBoxModelObject::paintFillLayerExtended will

pass ImageOrientation::FromImage by default to GraphicsContext::drawTiledImage().

-- Images on canvas: CanvasRenderingContext2DBase::drawImage() will pass

ImageOrientation::FromImage by default to GraphicsContext::drawImage().

-- SVG images: RenderSVGImage::paintForeground() calls GraphicsContext::drawImage()

with the default ImagePaintingOptions which is now { ImageOrientation::FromImage }.

-- SVG feImage filters: FEImage::platformApplySoftware() calls

GraphicsContext::drawImage() with the default ImagePaintingOptions
which is now { ImageOrientation::FromImage }.

-- ImageDocument: RenderElement::imageOrientation() returns FromImage

always and for all ports.

Tests: fast/images/exif-orientation-background.html

fast/images/exif-orientation-canvas.html
fast/images/exif-orientation-content.html
fast/images/exif-orientation-element-object-fit.html
fast/images/exif-orientation-element.html
fast/images/exif-orientation-image-object.html
fast/images/exif-orientation-svg-feimage.html
fast/images/exif-orientation-svg-image.html

html/canvas/CanvasRenderingContext2DBase.cpp:

(WebCore::CanvasRenderingContext2DBase::drawImage):

loader/cache/CachedImage.cpp:

(WebCore::CachedImage::imageSizeForRenderer const):

platform/graphics/BitmapImage.h:
platform/graphics/CrossfadeGeneratedImage.h:
platform/graphics/GeneratedImage.h:
platform/graphics/GraphicsContext.h:

(WebCore::GraphicsContext::drawImage):

platform/graphics/Image.h:
platform/graphics/ImageFrame.h:

(WebCore::ImageFrame::sizeRespectingOrientation const): Deleted.

platform/graphics/ImageSource.cpp:

(WebCore::ImageSource::ImageSource):
(WebCore::ImageSource::orientation):
(WebCore::ImageSource::size):
(WebCore::ImageSource::sizeRespectingOrientation): Deleted.

platform/graphics/ImageSource.h:
platform/graphics/cg/PDFDocumentImage.cpp:

(WebCore::PDFDocumentImage::size const):

platform/graphics/cg/PDFDocumentImage.h:
platform/mac/DragImageMac.mm:

(WebCore::createDragImageFromImage):

rendering/RenderBoxModelObject.cpp:

(WebCore::RenderBoxModelObject::paintFillLayerExtended):

rendering/RenderElement.cpp:

(WebCore::RenderElement::imageOrientation const):

rendering/RenderImage.cpp:

(WebCore::RenderImage::paintIntoRect):

svg/graphics/SVGImage.h:
svg/graphics/SVGImageForContainer.cpp:

(WebCore::SVGImageForContainer::size const):

svg/graphics/SVGImageForContainer.h:

LayoutTests:
EXIF orientation should be respected when rendering images
https://bugs.webkit.org/show_bug.cgi?id=201123

Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2019-08-31
Reviewed by Simon Fraser.

Existing tests are made ref-tests. New tests were added to cover more
cases for drawing images.

fast/images/exif-orientation-background-expected.html: Added.
fast/images/exif-orientation-background.html: Added.
fast/images/exif-orientation-canvas-expected.html: Added.
fast/images/exif-orientation-canvas.html: Added.
fast/images/exif-orientation-composited-expected.html: Added.
fast/images/exif-orientation-composited-expected.txt: Removed.
fast/images/exif-orientation-composited.html:
fast/images/exif-orientation-content-expected.html: Added.
fast/images/exif-orientation-content.html: Added.
fast/images/exif-orientation-css-expected.txt: Removed.
fast/images/exif-orientation-css.html: Removed.
fast/images/exif-orientation-element-expected.html: Added.
fast/images/exif-orientation-element-object-fit-expected.html: Added.
fast/images/exif-orientation-element-object-fit.html: Added.
fast/images/exif-orientation-element.html: Added.
fast/images/exif-orientation-expected.txt: Removed.
fast/images/exif-orientation-image-document-expected.html: Added.
fast/images/exif-orientation-image-document-expected.txt: Removed.
fast/images/exif-orientation-image-document.html:
fast/images/exif-orientation-image-object-expected.html: Added.
fast/images/exif-orientation-image-object.html: Added.
fast/images/exif-orientation-svg-feimage-expected.html: Added.
fast/images/exif-orientation-svg-feimage.html: Added.
fast/images/exif-orientation-svg-image-expected.html: Added.
fast/images/exif-orientation-svg-image.html: Added.
fast/images/exif-orientation.html: Removed.
platform/gtk/TestExpectations:
platform/mac/fast/images/exif-orientation-composited-expected.png: Removed.
platform/win/TestExpectations:

4:02 PM Changeset in webkit [249363] by Wenson Hsieh

1 edit
2 adds in trunk/LayoutTests

[iOS] Add a test to ensure that a tap in editable content shows the callout bar if the selection did not change
https://bugs.webkit.org/show_bug.cgi?id=200082

Reviewed by Dean Jackson.

Adds a layout test to cover the UIKit change in <rdar://problem/53106460>.

editing/selection/ios/show-callout-bar-after-tap-expected.txt: Added.
editing/selection/ios/show-callout-bar-after-tap.html: Added.

4:31 AM Changeset in webkit [249362] by ysuzuki@apple.com

2 edits in trunk/Source/JavaScriptCore

[JSC] LLInt op should not emit the same code three times
https://bugs.webkit.org/show_bug.cgi?id=201370

Reviewed by Mark Lam.

llint/LowLevelInterpreter.asm:

3:16 AM Changeset in webkit [249361] by commit-queue@webkit.org

7 edits in trunk

XMLHttpRequest: responseXML returns null if the Content-Type is valid (end in +xml) in some cases
https://bugs.webkit.org/show_bug.cgi?id=46146

Patch by Rob Buis <rbuis@igalia.com> on 2019-08-31
Reviewed by Youenn Fablet.

LayoutTests/imported/w3c:

Updated expected result.

web-platform-tests/xhr/responsexml-media-type-expected.txt:

Source/WebCore:

Make response MIME type fallback to text/xml in case mimeType could
not be extracted [1] and use the stricter ParsedContentType for that.

Behavior matches Firefox.

Test: web-platform-tests/xhr/responsexml-media-type.htm

[1] https://xhr.spec.whatwg.org/#response-mime-type

xml/XMLHttpRequest.cpp:

(WebCore::XMLHttpRequest::responseMIMEType const):

LayoutTests:

Adjust test to match the specification: make response MIME type fallback to
text/xml in case mimeType could not be extracted.

Behavior matches Firefox.

http/tests/xmlhttprequest/supported-xml-content-types-expected.txt:
http/tests/xmlhttprequest/supported-xml-content-types.html:

2:05 AM Changeset in webkit [249360] by commit-queue@webkit.org

10 edits
10 adds in trunk

Fix interpretation of fraction shifts
https://bugs.webkit.org/show_bug.cgi?id=201242

Patch by Frederic Wang <fwang@igalia.com> on 2019-08-31
Reviewed by Rob Buis.

LayoutTests/imported/w3c:

Update tests and support files for fractions/stacks parameters.

web-platform-tests/mathml/presentation-markup/fractions/frac-parameters-2-expected.txt:

Update expectation now that AxisHeight is no longer involved in stacks.

web-platform-tests/fonts/math/fraction-denominatordisplaystyleshiftdown6000-axisheight1000-rulethickness1000.woff: Added.
web-platform-tests/fonts/math/fraction-denominatorshiftdown3000-axisheight1000-rulethickness1000.woff: Added.
web-platform-tests/fonts/math/fraction-numeratordisplaystyleshiftup2000-axisheight1000-rulethickness1000.woff: Added.
web-platform-tests/fonts/math/fraction-numeratorshiftup11000-axisheight1000-rulethickness1000.woff: Added.
web-platform-tests/fonts/math/stack-bottomdisplaystyleshiftdown5000-axisheight1000.woff: Added.
web-platform-tests/fonts/math/stack-bottomshiftdown6000-axisheight1000.woff: Added.
web-platform-tests/fonts/math/stack-topdisplaystyleshiftup3000-axisheight1000.woff: Added.
web-platform-tests/fonts/math/stack-topshiftup9000-axisheight1000.woff: Added.
web-platform-tests/mathml/presentation-markup/fractions/frac-parameters-1.html:
web-platform-tests/mathml/presentation-markup/fractions/frac-parameters-2.html:
web-platform-tests/mathml/support/feature-detection.js: Added.

Source/WebCore:

No new tests, existing tests updated.

rendering/mathml/RenderMathMLFraction.h: ascentOverHorizontalAxis() is replaced with

rendering/mathml/RenderMathMLFraction.cpp:

LayoutTests:

TestExpectations: Skip mathml/presentation/stretchy-depth-height-symmetric.html since it

cannot work in a reliable way and should be rewritten. Equivalent checks seem essentially
covered by WPT test mathml/presentation-markup/operators/mo-axis-height-1.html.
See bug 201356.

platform/win/mathml/presentation/roots-expected.txt: Update windows expectation.

12:52 AM Changeset in webkit [249359] by Chris Dumez

8 edits in trunk/Source

DocumentStorageAccess::hasStorageAccess() / requestStorageAccess() don't need to know about pageID / frameID
https://bugs.webkit.org/show_bug.cgi?id=201364

Reviewed by John Wilander.

Source/WebCore:

DocumentStorageAccess::hasStorageAccess() / requestStorageAccess() don't need to know about pageID / frameID. pageID is
redundant since it is being ignored by the callee. For the frame, simply pass the frame object in.

dom/DocumentStorageAccess.cpp:

(WebCore::DocumentStorageAccess::hasStorageAccess):
(WebCore::DocumentStorageAccess::requestStorageAccess):

page/ChromeClient.h:

(WebCore::ChromeClient::hasStorageAccess):
(WebCore::ChromeClient::requestStorageAccess):

Source/WebKit:

WebProcess/WebCoreSupport/WebChromeClient.cpp:

(WebKit::WebChromeClient::hasStorageAccess):
(WebKit::WebChromeClient::requestStorageAccess):

WebProcess/WebCoreSupport/WebChromeClient.h:
WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::hasStorageAccess):
(WebKit::WebPage::requestStorageAccess):

WebProcess/WebPage/WebPage.h:

Note: See TracTimeline for information about the timeline view.

Download in other formats:

RSS Feed